/** * Default method for user login, can be overwritten with 'try_log_user' trigger. * @see try_log_user() * * @param string $username * @param string $password * @param bool $remember_me * @return bool */ function pwg_login($success, $username, $password, $remember_me) { if ($success === true) { return true; } // we force the session table to be clean pwg_session_gc(); global $conf; // retrieving the encrypted password of the login submitted $query = ' SELECT ' . $conf['user_fields']['id'] . ' AS id, ' . $conf['user_fields']['password'] . ' AS password FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\' ;'; $row = pwg_db_fetch_assoc(pwg_query($query)); if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id'])) { log_user($row['id'], $remember_me); trigger_notify('login_success', stripslashes($username)); return true; } trigger_notify('login_failure', stripslashes($username)); return false; }
public function Report() { // Logging log_user($this->Session['username'], 'Heeft een bug gemeld.'); // Send error $this->email->from('*****@*****.**', 'Tim Joosten'); $this->email->to('*****@*****.**'); $this->email->subject($this->input->post('Title')); $this->email->message($this->input->post('Body')); $this->email->send(); // For debugging proposes // echo $this->email->print_debugger(); }
require "../../php_includes/cmaster.inc"; $cTheme = get_theme_info(); std_theme_styles(1); std_theme_body(); $iid = (int) $_GET["id"]; $ccrc = $_GET["crc"]; $r1 = pg_safe_exec("SELECT * FROM pending_passwordchanges WHERE cookie='" . post2db($ccrc) . "' AND user_id='" . $iid . "'"); if ($o1 = @pg_fetch_object($r1, 0)) { if ($ccrc == md5($iid . "modFP" . CRC_SALT_0015 . $o1->new_crypt)) { // confirmation of password change $rez = @pg_safe_exec("UPDATE users SET password='******',last_updated=now()::abstime::int4,last_updated_by='forgotten password (" . cl_ip() . ")' WHERE id='" . $iid . "'"); if ($rez) { $ru = pg_safe_exec("SELECT * FROM users WHERE id='" . $iid . "'"); $user = pg_fetch_object($ru, 0); mail($user->email, $mail_subject_pass . $user->user_name, "Your Cservice password is: " . $o1->new_clrpass . "\nRemember it!", "From: " . $mail_from_pass . "\nReply-To: " . $mail_from_pass . "\nX-Mailer: " . NETWORK_NAME . " Channel Service"); log_user($user->id, 9, " [manual confirmation]"); pg_safe_exec("DELETE FROM pending_passwordchanges WHERE user_id='" . $user->id . "'"); echo "<h1>Success !<br><br>\n"; echo "Password change has been approved successfully for user '" . $user->user_name . "'</h1>\n"; echo "</body></html>\n\n"; die; } else { echo "<h1>Error<br><br>\n"; echo "Unknown SQL Error !</h1>\n"; echo "</body></html>\n\n"; die; } } else { echo "<h1>Error<br><br>\n"; echo "Invalid credentials !</h1>\n"; echo "</body></html>\n\n";
$mm .= "\n"; $mm .= "CANCEL_URL = " . $a_URL . "\n"; $mm .= "\n"; $mm .= "-------------------------\n\n"; $doconf = 1; mail(CONFIRM_STAR_PWRESET_MAIL, $ss, $mm, "From: Channel Service <*****@*****.**>\nX-Mailer: CSC-1.1\n\n"); } } } } if (!$doconf || LOCK_ON_PWCHG) { $res = pg_safe_exec("update users set password='******', " . " last_updated = now()::abstime::int4, " . " last_updated_by = 'forgotten password (" . cl_ip() . ")' " . " where " . " id='" . $user->id . "'"); } if ($res && !$doconf) { mail($user->email, $mail_subject_pass . $user->user_name, "Your Cservice password is: " . $password . "\nRemember it!", "From: " . $mail_from_pass . "\nReply-To: " . $mail_from_pass . "\nX-Mailer: " . NETWORK_NAME . " Channel Service"); log_user($user->id, 9, " "); } pg_safe_exec("delete from lastrequests where ip='" . cl_ip() . "'"); pg_safe_exec("insert into lastrequests (ip,last_request_ts) values ('" . cl_ip() . "',now()::abstime::int4)"); ?> <html> <head><title>Request Successful</title></head> <?php std_theme_body(); if ($doconf) { echo "Your new password is pending CService's approval, You will be notified.<br>\n"; if (LOCK_ON_PWCHG) { echo "Your account is locked out until the new password is approved (or not).<br>\n"; } else { echo "Your old password remains active until the new one has been approved.<br>\n"; }
$page['errors'][] = l10n('Password confirmation is missing. Please confirm the chosen password.'); } else { if ($_POST['password'] != $_POST['password_conf']) { $page['errors'][] = l10n('The passwords do not match'); } } } register_user($_POST['login'], $_POST['password'], $_POST['mail_address'], true, $page['errors'], isset($_POST['send_password_by_mail'])); if (count($page['errors']) == 0) { // email notification if (isset($_POST['send_password_by_mail']) and email_check_format($_POST['mail_address'])) { $_SESSION['page_infos'][] = l10n('Successfully registered, you will soon receive an email with your connection settings. Welcome!'); } // log user and redirect $user_id = get_userid($_POST['login']); log_user($user_id, false); redirect(make_index_url()); } $registration_post_key = get_ephemeral_key(2); } else { $registration_post_key = get_ephemeral_key(6); } $login = !empty($_POST['login']) ? htmlspecialchars(stripslashes($_POST['login'])) : ''; $email = !empty($_POST['mail_address']) ? htmlspecialchars(stripslashes($_POST['mail_address'])) : ''; //----------------------------------------------------- template initialization // // Start output of page // $title = l10n('Registration'); $page['body_id'] = 'theRegisterPage'; $template->set_filenames(array('register' => 'register.tpl'));
echo "<a href=\"admin.php\">Back to Complaint Admin</a><br><br>\n"; } break; case 'delete': $q = "UPDATE complaints SET status=99,created_crc='',crc_expiration=(now()::abstime::int4+(86400*15)) WHERE id='" . (int) $da_id . "' AND ticket_number='" . $_GET["ID"] . "'"; $q2 = "INSERT INTO complaints_threads (complaint_ref,reply_by,reply_ts,reply_text,actions_text,in_reply_to) VALUES ('" . (int) $da_id . "'," . (int) $user_id . ",now()::abstime::int4,'** TICKET REMOVED/DELETED **','',0)"; $q3 = "DELETE FROM complaints_reference WHERE complaints_ref='" . (int) $da_id . "'"; $r = pg_safe_exec($q); $updated = 0; if ($r) { $r2 = pg_safe_exec($q2); if ($r2) { $updated = 1; pg_safe_exec($q3); if ($daobj->from_id > 0) { log_user($daobj->from_id, 12, "Ticket-number: " . $_GET["ID"] . " (removed by admin)"); } } } if ($updated) { echo "<br><br><b>This complaint ticket has been removed. The user is NOT being notified of this fact.</b><br><br>"; echo "<a href=\"admin.php\">Back to Complaint Admin</a><br><br>\n"; } else { echo "<br><br><b>For some strange reason, we couldn't remove this ticket, please contact a Site Administrator.</b><br><br>"; echo "<a href=\"admin.php\">Back to Complaint Admin</a><br><br>\n"; } break; } } else { echo "<br><br>This message has already been replied to."; }
print_r(htmlentities($wh_result)); echo "[WH_RESULT_END]<BR>"; echo "[WH_RESULT_INFO=]"; print_r(curl_getinfo($wh_curl)); echo "[WH_RESULT_INFO_END]"; } // DEBUG // webhook set? if ($wh_info['http_code'] != '201' && $wh_info['http_code'] != '204') { $WARNINGS .= '[webhook not set]'; log_error("3.2 webhook not set. result=[" . print_r($wh_result, TRUE) . "]"); } } // ** 4. log what happened // date/time user orcid statuscode warnings log_user(); if ($status == 0) { add_to_IDM(); } // looks good. add to queue to update campus IDM system ?> </pre> <!-- header --> <table width="700px;"><tr> <td><h2><A HREF='../'>ORCID-webapp</A><BR> ORCID ID Created</h2></td> <td style="width:200px;"><img src="../images/Corp-comp-OP-logo16-0.jpg" width="80%"></td> <td style="width:200px;"></td> </tr> </table>
$omail = $email->old_email; $res = pg_safe_exec("select id from users where id!={$userid} AND lower(email)='" . strtolower($nmail) . "'"); if (pg_numrows($res) > 0) { std_theme_styles(1); std_theme_body("../"); echo "<h1>Error</h1>"; echo "An account with that e-mail is already known. Please choose another."; echo "</body></html>"; pg_safe_exec("delete from pending_emailchange where cookie='{$ID}'"); exit; } } // change email $res = pg_safe_exec("UPDATE users SET email='{$nmail}',last_updated=now()::abstime::int4,last_updated_by='Email-in-record Modification' WHERE id='{$userid}'"); $user_id = $userid; log_user($userid, 7, "Changed email-in-record from: {$omail} (old) to: {$nmail} (new) - cookie was: {$ID}"); $user_id = 0; if ($res) { $res = pg_safe_exec("delete from pending_emailchanges where cookie='{$ID}'"); echo "<html><head><title>Successful E-Mail Change</title>"; std_theme_styles(); echo "</head>"; std_theme_body("../"); echo "<h1>Success!</h1>"; echo "Your account has a new email-in-record :<br>\n"; echo "<center><table><tr><td><h1>" . $nmail . "</h1></td></tr></table></center>"; echo "You may now proceed to the <a href=\"../index.php\" target=_top>Main page</a>.<br>"; echo "</body></html>"; exit; } else { // First check to see if somebody got there first.
<?php /* $Id: admin_user_comment.php,v 1.2 2003/03/31 06:59:36 nighty Exp $ */ include "../../php_includes/cmaster.inc"; std_init(); if ($admin < 600) { echo "You don't have access."; die; } if ($spcmode == "remove" && $admin < 800) { echo "You don't have access."; die; } if ($spcmode == "remove") { $rr = pg_safe_exec("SELECT COUNT(*) AS count FROM userlog WHERE user_id='" . $uid . "' AND ts='" . $ts . "' AND event=5"); if ($rr) { $oo = pg_fetch_object($rr); if ($oo->count == 1) { pg_safe_exec("DELETE FROM userlog WHERE user_id='" . $uid . "' AND ts='" . $ts . "' AND event=5"); } } } else { log_user($uid, 5, $admcmt); } header("Location: users.php?id={$uid}"); die;
<?php header('Access-Control-Allow-Origin: *'); require_once "log_func.php"; $username = null; $text = null; try { if (isset($_REQUEST['username'])) { $username = $_REQUEST['username']; } else { throw new Exception('ERROR NO USERNAME SPECIFIED.'); } if (isset($_REQUEST['text'])) { $text = $_REQUEST['text']; } else { throw new Exception('ERROR NO TEXT SPECIFIED.'); } log_user($username, $text); } catch (Exception $e) { echo $e->getMessage(); }
function ajax_content_page() { global $user; $statuses = statuses_retrieve(); // Display graph print_graph(); // FB API placeholder echo "<div id='fb-root'></div>"; // Display karma index print_karma($statuses); print <<<EOS <div id="nav-buttons"> <input type="button" value="Your most popular statuses" class="uibutton tab-main confirm" id="tab-pop" /> <input type="button" value="Your oldest statuses" class="uibutton tab-main" id="tab-oldest" /> <input type="button" value="All your statuses" class="uibutton tab-main" id="tab-allstatus" /> <input type="button" value="Most popular friends" class="uibutton tab-main" id="tab-topuser" /> </div> EOS; print '<div class="main-tab-member" id="tab-pop-content">'; // Display the most popular status print_most_popular($statuses); print '</div><div class="main-tab-member" id="tab-oldest-content">'; // Display the oldest status print_oldest($statuses); print '</div><div class="main-tab-member" id="tab-allstatus-content">'; // Display all statuses print_statuses($statuses); print '</div><div class="main-tab-member" id="tab-topuser-content">'; // I know this is ugly, but data for new users needs to be inserted to the cache before printing out the leaderboard... if (!empty($user)) { log_user($user); } print_leaderboard(TRUE, 5); print_leaderboard(FALSE, 10); print '</div>'; print theme_links(); //$pics = pics_retrieve(); //print_pics($pics); }
} // ------------------------------------------------------------------ // ------------------------------------------------------------------ // user tries to login // ------------------------------------------------------------------ if (isset($_POST['login']) && isset($_POST['pass'])) { log_user($_POST['login'], $_POST['pass']); if (isset($_POST['cookie'])) { set_cookie(); } } // ------------------------------------------------------------------ // user wants to logout (?logout $_GET var) // ------------------------------------------------------------------ if (isset($_GET['deconnexion']) || isset($_GET['logout'])) { log_user('dis', 'connect'); } // ------------------------------------------------------------------ // ------------------------------------------------------------------ // if here, there's no login/logout process. // Check referrer, ip // session duration... // on problem, out ! // ------------------------------------------------------------------ if (!is_ok()) { session_destroy(); if (!$auto_restrict['just_die_if_not_logged']) { include 'login_form.php'; } else { echo $auto_restrict['error_msg']; }
###################################################################### # admin login/deco ###################################################################### if (isset($_POST['login']) && isset($_POST['pass'])) { cache_clear(); log_user($_POST['login'], $_POST['pass']); } else { if (isset($_POST['pass'])) { log_user($config['login'], $_POST['pass']); } } // logme with the bookmarklet form $admin = is_ok(); if (isset($_POST['exit'])) { inlog('User disconnected'); log_user("", ""); } # config change ###################################################################### if ($admin && isset($_POST['app_name'])) { inlog('Configuration changed'); if ($config['data_file'] != $_POST['data_file'] && !is_file($_POST['data_file'])) { backup_datafile(); rename($config['data_file'], $_POST['data_file']); } // rename if .dat filename has changed if ($config['log_filename'] != $_POST['log_filename'] && !is_file($_POST['log_filename'])) { rename($config['log_filename'], $_POST['log_filename']); file_put_contents('.htaccess', "<Files " . $_POST['log_filename'] . ">\n\tOrder deny,allow\n\tDeny from all\n</Files>"); } // renaming log file
$txt .= $add; //print($txt); exit; //} $result = gdLineByLineToAssoc($txt); $journal_notes_ommitted = strpos($txt, 'journal_notes') !== false && !isset($result['journal_notes']); $week_db = (int) $rs_gameload_json->fields("week"); $playernum_db = (int) $rs_gameload_json->fields("class") - 2; $playernum_db = max($playernum_db, 1); $week_isset = isset($result["week"]); $week_data = $result["week"]; $week_not_equal = $week_data != $week_db; // Catch if 'journal_notes' got deleted. if ($journal_notes_ommitted) { log_user($username, "BX_ERROR: GAME DATA LOAD DECTECTED ISSUE: 'journal_notes' field was ommited when the data blob was decoded."); log_user($username, "DATA_BLOB:\n{$txt}"); log_user($username, "ARRAY_DATA:\n" . var_export($result, true)); } // BChance: Ensure that the game load has the correct week. if (!$week_isset || $week_not_equal) { $result["week"] = $week_db; $result["week_changed"] = true; } $result["playernum"] = $playernum_db; $result["php_week_isset"] = $week_isset; $result["php_week_not_equal"] = $week_not_equal; $result["php_week_data"] = $week_data; $result["php_week_db"] = $week_db; $result["php_data_length"] = $game_data_length; $result["journal_notes_ommitted"] = $journal_notes_ommitted; echo json_encode($result); } else {
echo "and make sure it is correct</h1><a href=\"confirm_pwreset.php\">Try again.</a>"; echo "</body></html>"; exit; } else { pg_safe_exec("delete from pending_pwreset where expiration<now()::abstime::int4"); $pwreset = pg_fetch_object($res, 0); $userid = $pwreset->user_id; $qid = $pwreset->question_id; $vdata = $pwreset->verificationdata; } // change verifdata $gor = pg_safe_exec("SELECT verificationdata FROM users WHERE id='" . (int) $userid . "'"); $goro = pg_fetch_object($gor); $res = pg_safe_exec("UPDATE users SET question_id='" . (int) $qid . "',verificationdata='" . post2db($vdata) . "',post_forms=(now()::abstime::int4+86400*10),last_updated=now()::abstime::int4,last_updated_by='Verif Q/A Reset' WHERE id='" . (int) $userid . "'"); $user_id = $userid; log_user($userid, 8, "Cookie was: " . $ID . ", Old V/A was: " . $goro->verificationdata); $user_id = 0; if ($res) { $res = pg_safe_exec("delete from pending_pwreset where cookie='" . $ID . "'"); echo "<html><head><title>Successful Verificiation Question/Answer Reset</title>"; std_theme_styles(); echo "</head>"; std_theme_body("../"); echo "<h1>Success!</h1>"; echo "Your account verification question/answer has been changed !<br>\n"; echo "<br><br>"; echo "You may now proceed to the <a href=\"../index.php\" target=_top>Main page</a>.<br>"; echo "</body></html>"; exit; } else { echo "<html><head><title>An Error Occured</title>";
} else { safe_redirect('index.php?p=admin&msg=' . e('Error saving new password for ', false) . $_SESSION['login'] . '&token=' . returnToken()); } } # ------------------------------------------------------------------ # load banned ip # ------------------------------------------------------------------ if (is_file($auto_restrict['path_to_files'] . '/' . $auto_restrict["banned_ip_filename"])) { include $auto_restrict['path_to_files'] . '/' . $auto_restrict["banned_ip_filename"]; } # ------------------------------------------------------------------ # ------------------------------------------------------------------ # user tries to login # ------------------------------------------------------------------ if (isset($_POST['login']) && isset($_POST['pass']) && empty($_POST['confirm']) && empty($_POST['creation'])) { $ok = log_user($_POST['login'], $_POST['pass']); if (!$ok) { safe_redirect('index.php?p=login&error=2'); } elseif (isset($_POST['cookie'])) { set_cookie(); } # ------------------------------------------------------------------ # redirect if needed # ------------------------------------------------------------------ if (!empty($auto_restrict['redirect_success'])) { if (strpos($auto_restrict['redirect_success'], '&token=') !== false) { safe_redirect($auto_restrict['redirect_success'] . '&token=' . returnToken()); } else { safe_redirect($auto_restrict['redirect_success']); } }
function setUserMaxlogins($dest_username, $new_maxlogins, $admin_user, $admin_pass) { global $user_id; unset($rVal); $cUser = validateUser($admin_user, $admin_pass, 1); if ($cUser->id == 0) { return -1; } if ($cUser->admlvl < MOD_MAXLOGINS_LEVEL) { return -2; } // minimum level to set the maxlogins value for someone. (see cmaster.inc) if ($new_maxlogins < 1) { $new_maxlogins = 1; } if ($new_maxlogins > MAX_MAXLOGINS) { $new_maxlogins = MAX_MAXLOGINS; } if (strtolower($dest_username) == strtolower($admin_user)) { $log_line = 0; } else { $log_line = 1; } $dQuery = "SELECT id FROM users WHERE lower(user_name)='" . strtolower(trim($dest_username)) . "'"; $dRes = pg_safe_exec($dQuery); if (pg_numrows($dRes) == 0) { return -3; } $dUser = pg_fetch_object($dRes); $sQuery = "UPDATE users SET maxlogins='" . $new_maxlogins . "',last_updated=now()::abstime::int4,last_updated_by='SOAP Interface (" . $admin_user . ")' WHERE id='" . $dUser->id . "'"; if ($log_line) { $user_id = $cUser->id; log_user($dUser->id, 3, "- Maxlogins (SOAP)"); } $sRes = pg_safe_exec($sQuery); if (!$sRes) { return 0; } else { return 1; } }
include 'login_form.php'; exit; } } // ------------------------------------------------------------------ // load banned ip // ------------------------------------------------------------------ if (is_file($auto_restrict['path_to_files'] . '/' . $auto_restrict["banned_ip_filename"])) { include $auto_restrict['path_to_files'] . '/' . $auto_restrict["banned_ip_filename"]; } // ------------------------------------------------------------------ // ------------------------------------------------------------------ // user tries to login // ------------------------------------------------------------------ if (isset($_POST['login']) && isset($_POST['pass'])) { if (log_user($_POST['login'], $_POST['pass']) && isset($_POST['cookie'])) { set_cookie(); } // ------------------------------------------------------------------ // redirect if needed // ------------------------------------------------------------------ if (!empty($auto_restrict['redirect_success'])) { redirect_to($auto_restrict['redirect_success']); } } // ------------------------------------------------------------------ // user wants to logout (?logout $_GET var) // ------------------------------------------------------------------ if (isset($_GET['deconnexion']) || isset($_GET['logout'])) { @session_destroy(); delete_cookie();
if ($enrchg == 1) { $add_reason .= "- E-Mail NeverReg Status\n"; } if (htmlspecialchars($public_key) != $row->public_key) { $add_reason .= "- Public Key\n"; } if ($chg_formpost > 0) { $add_reason .= "- Form Post\n"; } if ($admin >= MOD_MAXLOGINS_LEVEL && $maxlogins != $row->maxlogins) { $add_reason .= "- Maxlogins\n"; } if ($add_reason != "") { $add_reason = "Fields modified:\n" . $add_reason; } else { $add_reason = "No fields modified"; } $result = log_user($id, 3, $add_reason); } } if ($result) { pg_safe_exec("COMMIT WORK"); ignore_user_abort(false); header("Location: users.php?id={$id}&update=1"); exit; } } pg_safe_exec("ROLLBACK WORK"); ignore_user_abort(false); header("Location: users.php?id={$id}&update=2"); die;
/** * register page */ function oauth_begin_register() { global $conf, $template, $hybridauth_conf, $page, $user; if ($hybridauth_conf['enabled'] == 0) { return; } // coming from identification page if (pwg_get_session_var('oauth_new_user') != null) { list($provider, $user_identifier) = pwg_get_session_var('oauth_new_user'); try { if ($provider == 'Persona') { $template->assign('OAUTH_USER', array('provider' => 'Persona', 'username' => $user_identifier, 'u_profile' => null, 'avatar' => null)); oauth_assign_template_vars(); $template->append('OAUTH', array('persona_email' => $user_identifier), true); $conf['oauth']['include_common_template'] = true; } else { require_once OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php'; $hybridauth = new Hybrid_Auth($hybridauth_conf); $adapter = $hybridauth->authenticate($provider); $remote_user = $adapter->getUserProfile(); // security, check remote identifier if ($remote_user->identifier != $user_identifier) { pwg_unset_session_var('oauth_new_user'); throw new Exception('Hacking attempt!', 403); } $template->assign('OAUTH_USER', array('provider' => $hybridauth_conf['providers'][$provider]['name'], 'username' => $remote_user->displayName, 'u_profile' => $remote_user->profileURL, 'avatar' => $remote_user->photoURL)); } $oauth_id = pwg_db_real_escape_string($provider . '---' . $user_identifier); $page['infos'][] = l10n('Your registration is almost done, please complete the registration form.'); // register form submited if (isset($_POST['submit'])) { $user_id = register_user($_POST['login'], hash('sha1', $oauth_id . $conf['secret_key']), $_POST['mail_address'], true, $page['errors'], false); if ($user_id !== false) { pwg_unset_session_var('oauth_new_user'); // update oauth field single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user_id)); // log_user and redirect log_user($user_id, false); redirect('profile.php'); } unset($_POST['submit']); } else { if (isset($_POST['login']) && $conf['oauth']['allow_merge_accounts']) { if ($conf['insensitive_case_logon'] == true) { $_POST['username'] = search_case_username($_POST['username']); } $user_id = get_userid($_POST['username']); if ($user_id === false) { $page['errors'][] = l10n('Invalid username or email'); } else { if ($user_id == $conf['webmaster_id']) { $page['errors'][] = l10n('For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.'); } else { if (pwg_login(false, $_POST['username'], $_POST['password'], false)) { // update oauth field single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user['id'])); pwg_unset_session_var('oauth_new_user'); redirect('profile.php'); } else { $page['errors'][] = l10n('Invalid password!'); } } } } } // overwrite fields with remote datas if ($provider == 'Persona') { $_POST['login'] = ''; $_POST['mail_address'] = $user_identifier; } else { $_POST['login'] = $remote_user->displayName; $_POST['mail_address'] = $remote_user->email; } // template $template->assign('OAUTH_PATH', OAUTH_PATH); if ($conf['oauth']['allow_merge_accounts']) { $template->assign('OAUTH_LOGIN_IN_REGISTER', true); $template->set_prefilter('register', 'oauth_add_login_in_register'); } else { $template->set_prefilter('register', 'oauth_add_profile_prefilter'); $template->set_prefilter('register', 'oauth_remove_password_fields_prefilter'); } } catch (Exception $e) { $page['errors'][] = l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', $e->getCode()); } } else { if ($conf['oauth']['display_register']) { oauth_assign_template_vars(get_gallery_home_url()); $template->set_prefilter('register', 'oauth_add_buttons_prefilter'); } } }
$valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $password = ""; srand((double) microtime() * 1000000); for ($i = 0; $i < 8; $i++) { $salt = $salt . $valid[rand(0, strlen($valid) - 1)]; } $crypt = $salt . md5($salt . $pass1); $query = "UPDATE users SET last_updated=now()::abstime::int4,last_updated_by='** Password Change **',password='******' WHERE id=" . ($user_id + 0); pg_safe_exec($query); // send email $mailm = ""; $mailm .= "\nHello,\n\nThis is the confirmation of your NEW password,\n"; $mailm .= "remember it, and remember to NEVER EVER give out your password to ANYONE, even people claiming to be CService representatives.\n\n"; $mailm .= "The new password you set is\t:\t\t" . $pass1 . "\t(" . strlen($pass1) . " chars)\n\n"; $mailm .= "\n\nThe " . NETWORK_NAME . " Channel Service.\n\n"; log_user($user_id, 10, ""); $ENABLE_COOKIE_TABLE = 1; // logout the user. pg_safe_exec("delete from webcookies where user_id='" . $user_id . "'"); $ENABLE_COOKIE_TABLE = 0; if (trim($dauser->email) != "") { mail($dauser->email, "Your New CService Password", $mailm, "From: " . NETWORK_NAME . " Channel Service <" . FROM_NEWUSER . ">\nReply-to: " . OBJECT_EMAIL . "\nX-Mailer: " . NETWORK_NAME . " Channel Service\n\n"); // back to normal echo "<html>\n"; echo "<head>\n"; echo "<title>CService New Password Confirmation</title>\n"; std_theme_styles(); echo "</head>\n"; std_theme_body(); echo "<font size=+1>"; echo "You new password has been updated into our database,<br>\n";
} else { if (${$suspend} == 1) { if ($debug_me) { echo "1"; } if ($send_mail) { $mmsg .= $t_mmsg; } $new_u_flags = (int) $ols->flags | 0x1; // global Suspension tag $query = "UPDATE users SET last_updated=now()::abstime::int4,last_updated_by='Suspended by Toaster',flags='" . $new_u_flags . "' WHERE id='" . $id[$x] . "'"; if (!$debug_me) { // take action unset($raction); $raction = pg_safe_exec($query); log_user($id[$x], 1, "global suspend for %U (%I) [toaster: " . $sreason . "]"); } else { $query2 = "\n\t<i>" . $query; $query2 .= "</i>"; } } else { if ($debug_me) { echo "0"; } } } if (${$flagList} != "") { $checkFL = pg_safe_exec("SELECT id FROM fraud_lists WHERE lower(name)='" . strtolower(${$flagList}) . "'"); if (pg_numrows($checkFL) > 0) { // already an existing list ... check the user $FLobj = pg_fetch_object($checkFL);
/** * Performs auto-connection if authentication key is valid. * * @since 2.8 * * @return bool */ function auth_key_login($auth_key) { global $conf, $user, $page; if (!preg_match('/^[a-z0-9]{30}$/i', $auth_key)) { return false; } $query = ' SELECT *, ' . $conf['user_fields']['username'] . ' AS username, NOW() AS dbnow FROM ' . USER_AUTH_KEYS_TABLE . ' AS uak JOIN ' . USER_INFOS_TABLE . ' AS ui ON uak.user_id = ui.user_id JOIN ' . USERS_TABLE . ' AS u ON u.' . $conf['user_fields']['id'] . ' = ui.user_id WHERE auth_key = \'' . $auth_key . '\' ;'; $keys = query2array($query); if (count($keys) == 0) { return false; } $key = $keys[0]; // is the key still valid? if (strtotime($key['expired_on']) < strtotime($key['dbnow'])) { $page['auth_key_invalid'] = true; return false; } // admin/webmaster/guest can't get connected with authentication keys if (!in_array($key['status'], array('normal', 'generic'))) { return false; } $user['id'] = $key['user_id']; log_user($user['id'], false); trigger_notify('login_success', $key['username']); // to be registered in history table by pwg_log function $page['auth_key_id'] = $key['auth_key_id']; return true; }
$item['HAS_SUBFORUMS']++; $item['TOTAL_UNREAD'] += intval($subforums_list[$i]['unread_topics']); // Change folder image $images = unserialize($item['FORUM_FOLDERS']); $item['FORUM_FOLDER_IMG'] = $item['TOTAL_UNREAD'] ? $images['subnew'] : $images['sub']; $item['L_FORUM_FOLDER_ALT'] = $item['TOTAL_UNREAD'] ? $images['subaltnew'] : $images['subalt']; // Check last post if ($item['LAST_POST_TIME'] < $subforums_list[$i]['last_post_time']) { $item['LAST_POST'] = $subforums_list[$i]['last_post']; $item['LAST_POST_TIME'] = $subforums_list[$i]['last_post_time']; } if (!$item['LAST_POST_TIME_FORUM']) { $item['LAST_POST_FORUM'] = $item['LAST_POST']; } // Add topics/posts $item['TOTAL_POSTS'] += $forum_data['forum_posts']; $item['TOTAL_TOPICS'] += $forum_data['forum_topics']; } unset($item); unset($data); unset($cat_item); unset($row_item); } // End Simple Subforums MOD include $phpbb_root_path . "/includes/logip.php"; log_user($userdata['user_id'], $userdata['username'], $_SERVER['REMOTE_ADDR']); // // Generate the page // $template->pparse('body'); include $phpbb_root_path . 'includes/page_tail.' . $phpEx;
function login($success, $username, $password, $remember_me) { global $conf; $allow_auth = False; $obj = new Ldap(); $obj->load_config(); $obj->ldap_conn() or error_log("Unable to connect LDAP server : " . $obj->getErrorString()); // if there's a users group... if ($obj->config['users_group']) { // and the user is in if ($obj->user_membership($username, $obj->ldap_group($obj->config['users_group']))) { // it can continue $allow_auth = True; } else { // otherwise it means the user is not allowed to enter ! fail($username); } } else { // if there's no user group, we can continue. $allow_auth = True; } if ($allow_auth) { if ($obj->ldap_bind_as($username, $password)) { // bind with userdn // search user in piwigo database $query = ' SELECT ' . $conf['user_fields']['id'] . ' AS id FROM ' . USERS_TABLE . ' WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\';'; $row = pwg_db_fetch_assoc(pwg_query($query)); // if query is not empty, it means everything is ok and we can continue, auth is done ! if (!empty($row['id'])) { update_user($username, $row['id']); log_user($row['id'], $remember_me); trigger_action('login_success', stripslashes($username)); return True; } else { // this is where we check we are allowed to create new users upon that. if ($obj->config['allow_newusers']) { // we got the email address if ($obj->ldap_mail($username)) { $mail = $obj->ldap_mail($username); } else { $mail = NULL; } // we actually register the new user $new_id = register_user($username, random_password(8), $mail); update_user($username, $new_id); // now we fetch again his id in the piwigo db, and we get them, as we just created him ! log_user($new_id, False); trigger_action('login_success', stripslashes($username)); redirect('profile.php'); return true; } else { fail($username); } } } else { fail($username); } } else { fail($username); } }
$infos[] = l10n('Congratulations, Piwigo installation is completed'); if (isset($error_copy)) { $errors[] = $error_copy; } else { session_set_save_handler('pwg_session_open', 'pwg_session_close', 'pwg_session_read', 'pwg_session_write', 'pwg_session_destroy', 'pwg_session_gc'); if (function_exists('ini_set')) { ini_set('session.use_cookies', $conf['session_use_cookies']); ini_set('session.use_only_cookies', $conf['session_use_only_cookies']); ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid'])); ini_set('session.cookie_httponly', 1); } session_name($conf['session_name']); session_set_cookie_params(0, cookie_path()); register_shutdown_function('session_write_close'); $user = build_user(1, true); log_user($user['id'], false); // email notification if (isset($_POST['send_password_by_mail'])) { include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php'; $keyargs_content = array(get_l10n_args('Hello %s,', $admin_name), get_l10n_args('Welcome to your new installation of Piwigo!', ''), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', $admin_name), get_l10n_args('Password: %s', $admin_pass1), get_l10n_args('Email: %s', $admin_mail), get_l10n_args('', ''), get_l10n_args('Don\'t hesitate to consult our forums for any help: %s', PHPWG_URL)); pwg_mail($admin_mail, array('subject' => l10n('Just another Piwigo gallery'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain')); } } } if (count($errors) != 0) { $template->assign('errors', $errors); } if (count($infos) != 0) { $template->assign('infos', $infos); } //----------------------------------------------------------- html code display
// this ID needs to be a permanently valid user !!!!! (see config.inc) $da_cmt = ""; $da_cmt .= "**** AUTOMATIC ****<br><br>"; $da_cmt .= "<b>An anonymous objection has been posted through the Complaints System.</b><br>"; $da_cmt .= "<a href=\"complaints/admin.php?view=" . $ticket_number . "\">click here</a> to go to that complaint.<br><br>"; $notif_q = "INSERT INTO objections (channel_id,user_id,comment,created_ts,admin_only) VALUES ('" . (int) $da_channel1_id . "','" . (int) $issuer_id . "','" . post2db($da_cmt) . "',now()::abstime::int4,'Y')"; pg_safe_exec($notif_q); } } else { $ticket_number = "N/A"; } if (!$res) { die($back_lnk . "<b>SQL ERROR</b><br><br></td></tr></table></body></html>"); } else { if ($da_users_id > 0) { log_user($da_users_id, 11, "Type: " . $cpt_name[$_POST["ct"]] . ", Ticket-Number: " . $ticket_number); } $mmsg = ""; $mmsg .= "\n\n"; $mmsg .= "We recently received a complaint to CService using this e-mail address (" . $_POST["from_mail"] . ") for the reply.\n"; $mmsg .= "If you haven't sent any complaint and don't know what this is all about, then just delete this message and DO NOT CLICK below.\n\n"; $mmsg .= "If you are the person that sent that complaint, please confirm it by clicking the link below within 48 hours :\n\n"; $confirm_url = gen_server_url() . substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")) . "/confirm.php"; $mmsg .= "\t\t" . $confirm_url . "?ID=" . $da_crc . "\n\n"; $mmsg .= "\nThe " . NETWORK_NAME . " Channel Service.\n\n"; mail($_POST["from_mail"], "[" . NETWORK_NAME . " CService Complaints] Confirmation request", $mmsg, "From: " . NETWORK_NAME . " Channel Service <" . OBJECT_EMAIL . ">\nReply-to: DO.NOT@REPLY.THANKS\nX-Mailer: " . NETWORK_NAME . " CService Complaint Module\n\n"); } $dq = pg_safe_exec("SELECT id FROM complaints WHERE (status=0 OR status=99) AND crc_expiration<now()::abstime::int4"); while ($do = pg_fetch_object($dq)) { pg_safe_exec("DELETE FROM complaints_reference WHERE complaints_ref='" . (int) $do->id . "'"); pg_safe_exec("DELETE FROM complaints_threads WHERE complaint_ref='" . (int) $do->id . "'");