/**
* Default method for user login, can be overwritten with 'try_log_user' trigger.
* @see try_log_user()
*
* @param string $username
* @param string $password
* @param bool $remember_me
* @return bool
*/
function pwg_login($success, $username, $password, $remember_me)
{
if ($success === true) {
return true;
}
// we force the session table to be clean
pwg_session_gc();
global $conf;
// retrieving the encrypted password of the login submitted
$query = '
SELECT ' . $conf['user_fields']['id'] . ' AS id,
' . $conf['user_fields']['password'] . ' AS password
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\'
;';
$row = pwg_db_fetch_assoc(pwg_query($query));
if (isset($row['id']) and $conf['password_verify']($password, $row['password'], $row['id'])) {
log_user($row['id'], $remember_me);
trigger_notify('login_success', stripslashes($username));
return true;
}
trigger_notify('login_failure', stripslashes($username));
return false;
}
public function Report()
{
// Logging
log_user($this->Session['username'], 'Heeft een bug gemeld.');
// Send error
$this->email->from('*****@*****.**', 'Tim Joosten');
$this->email->to('*****@*****.**');
$this->email->subject($this->input->post('Title'));
$this->email->message($this->input->post('Body'));
$this->email->send();
// For debugging proposes
// echo $this->email->print_debugger();
}
require "../../php_includes/cmaster.inc";
$cTheme = get_theme_info();
std_theme_styles(1);
std_theme_body();
$iid = (int) $_GET["id"];
$ccrc = $_GET["crc"];
$r1 = pg_safe_exec("SELECT * FROM pending_passwordchanges WHERE cookie='" . post2db($ccrc) . "' AND user_id='" . $iid . "'");
if ($o1 = @pg_fetch_object($r1, 0)) {
if ($ccrc == md5($iid . "modFP" . CRC_SALT_0015 . $o1->new_crypt)) {
// confirmation of password change
$rez = @pg_safe_exec("UPDATE users SET password='******',last_updated=now()::abstime::int4,last_updated_by='forgotten password (" . cl_ip() . ")' WHERE id='" . $iid . "'");
if ($rez) {
$ru = pg_safe_exec("SELECT * FROM users WHERE id='" . $iid . "'");
$user = pg_fetch_object($ru, 0);
mail($user->email, $mail_subject_pass . $user->user_name, "Your Cservice password is: " . $o1->new_clrpass . "\nRemember it!", "From: " . $mail_from_pass . "\nReply-To: " . $mail_from_pass . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
log_user($user->id, 9, " [manual confirmation]");
pg_safe_exec("DELETE FROM pending_passwordchanges WHERE user_id='" . $user->id . "'");
echo "<h1>Success !<br><br>\n";
echo "Password change has been approved successfully for user '" . $user->user_name . "'</h1>\n";
echo "</body></html>\n\n";
die;
} else {
echo "<h1>Error<br><br>\n";
echo "Unknown SQL Error !</h1>\n";
echo "</body></html>\n\n";
die;
}
} else {
echo "<h1>Error<br><br>\n";
echo "Invalid credentials !</h1>\n";
echo "</body></html>\n\n";
$mm .= "\n";
$mm .= "CANCEL_URL = " . $a_URL . "\n";
$mm .= "\n";
$mm .= "-------------------------\n\n";
$doconf = 1;
mail(CONFIRM_STAR_PWRESET_MAIL, $ss, $mm, "From: Channel Service <*****@*****.**>\nX-Mailer: CSC-1.1\n\n");
}
}
}
}
if (!$doconf || LOCK_ON_PWCHG) {
$res = pg_safe_exec("update users set password='******', " . " last_updated = now()::abstime::int4, " . " last_updated_by = 'forgotten password (" . cl_ip() . ")' " . " where " . " id='" . $user->id . "'");
}
if ($res && !$doconf) {
mail($user->email, $mail_subject_pass . $user->user_name, "Your Cservice password is: " . $password . "\nRemember it!", "From: " . $mail_from_pass . "\nReply-To: " . $mail_from_pass . "\nX-Mailer: " . NETWORK_NAME . " Channel Service");
log_user($user->id, 9, " ");
}
pg_safe_exec("delete from lastrequests where ip='" . cl_ip() . "'");
pg_safe_exec("insert into lastrequests (ip,last_request_ts) values ('" . cl_ip() . "',now()::abstime::int4)");
?>
<html>
<head><title>Request Successful</title></head>
<?php
std_theme_body();
if ($doconf) {
echo "Your new password is pending CService's approval, You will be notified.<br>\n";
if (LOCK_ON_PWCHG) {
echo "Your account is locked out until the new password is approved (or not).<br>\n";
} else {
echo "Your old password remains active until the new one has been approved.<br>\n";
}
$page['errors'][] = l10n('Password confirmation is missing. Please confirm the chosen password.');
} else {
if ($_POST['password'] != $_POST['password_conf']) {
$page['errors'][] = l10n('The passwords do not match');
}
}
}
register_user($_POST['login'], $_POST['password'], $_POST['mail_address'], true, $page['errors'], isset($_POST['send_password_by_mail']));
if (count($page['errors']) == 0) {
// email notification
if (isset($_POST['send_password_by_mail']) and email_check_format($_POST['mail_address'])) {
$_SESSION['page_infos'][] = l10n('Successfully registered, you will soon receive an email with your connection settings. Welcome!');
}
// log user and redirect
$user_id = get_userid($_POST['login']);
log_user($user_id, false);
redirect(make_index_url());
}
$registration_post_key = get_ephemeral_key(2);
} else {
$registration_post_key = get_ephemeral_key(6);
}
$login = !empty($_POST['login']) ? htmlspecialchars(stripslashes($_POST['login'])) : '';
$email = !empty($_POST['mail_address']) ? htmlspecialchars(stripslashes($_POST['mail_address'])) : '';
//----------------------------------------------------- template initialization
//
// Start output of page
//
$title = l10n('Registration');
$page['body_id'] = 'theRegisterPage';
$template->set_filenames(array('register' => 'register.tpl'));
echo "<a href=\"admin.php\">Back to Complaint Admin</a><br><br>\n";
}
break;
case 'delete':
$q = "UPDATE complaints SET status=99,created_crc='',crc_expiration=(now()::abstime::int4+(86400*15)) WHERE id='" . (int) $da_id . "' AND ticket_number='" . $_GET["ID"] . "'";
$q2 = "INSERT INTO complaints_threads (complaint_ref,reply_by,reply_ts,reply_text,actions_text,in_reply_to) VALUES ('" . (int) $da_id . "'," . (int) $user_id . ",now()::abstime::int4,'** TICKET REMOVED/DELETED **','',0)";
$q3 = "DELETE FROM complaints_reference WHERE complaints_ref='" . (int) $da_id . "'";
$r = pg_safe_exec($q);
$updated = 0;
if ($r) {
$r2 = pg_safe_exec($q2);
if ($r2) {
$updated = 1;
pg_safe_exec($q3);
if ($daobj->from_id > 0) {
log_user($daobj->from_id, 12, "Ticket-number: " . $_GET["ID"] . " (removed by admin)");
}
}
}
if ($updated) {
echo "<br><br><b>This complaint ticket has been removed. The user is NOT being notified of this fact.</b><br><br>";
echo "<a href=\"admin.php\">Back to Complaint Admin</a><br><br>\n";
} else {
echo "<br><br><b>For some strange reason, we couldn't remove this ticket, please contact a Site Administrator.</b><br><br>";
echo "<a href=\"admin.php\">Back to Complaint Admin</a><br><br>\n";
}
break;
}
} else {
echo "<br><br>This message has already been replied to.";
}
print_r(htmlentities($wh_result));
echo "[WH_RESULT_END]<BR>";
echo "[WH_RESULT_INFO=]";
print_r(curl_getinfo($wh_curl));
echo "[WH_RESULT_INFO_END]";
}
// DEBUG
// webhook set?
if ($wh_info['http_code'] != '201' && $wh_info['http_code'] != '204') {
$WARNINGS .= '[webhook not set]';
log_error("3.2 webhook not set. result=[" . print_r($wh_result, TRUE) . "]");
}
}
// ** 4. log what happened
// date/time user orcid statuscode warnings
log_user();
if ($status == 0) {
add_to_IDM();
}
// looks good. add to queue to update campus IDM system
?>
</pre>
<!-- header -->
<table width="700px;"><tr>
<td><h2><A HREF='../'>ORCID-webapp</A><BR> ORCID ID Created</h2></td>
<td style="width:200px;"><img src="../images/Corp-comp-OP-logo16-0.jpg" width="80%"></td>
<td style="width:200px;"></td>
</tr>
</table>
$omail = $email->old_email;
$res = pg_safe_exec("select id from users where id!={$userid} AND lower(email)='" . strtolower($nmail) . "'");
if (pg_numrows($res) > 0) {
std_theme_styles(1);
std_theme_body("../");
echo "<h1>Error</h1>";
echo "An account with that e-mail is already known. Please choose another.";
echo "</body></html>";
pg_safe_exec("delete from pending_emailchange where cookie='{$ID}'");
exit;
}
}
// change email
$res = pg_safe_exec("UPDATE users SET email='{$nmail}',last_updated=now()::abstime::int4,last_updated_by='Email-in-record Modification' WHERE id='{$userid}'");
$user_id = $userid;
log_user($userid, 7, "Changed email-in-record from: {$omail} (old) to: {$nmail} (new) - cookie was: {$ID}");
$user_id = 0;
if ($res) {
$res = pg_safe_exec("delete from pending_emailchanges where cookie='{$ID}'");
echo "<html><head><title>Successful E-Mail Change</title>";
std_theme_styles();
echo "</head>";
std_theme_body("../");
echo "<h1>Success!</h1>";
echo "Your account has a new email-in-record :<br>\n";
echo "<center><table><tr><td><h1>" . $nmail . "</h1></td></tr></table></center>";
echo "You may now proceed to the <a href=\"../index.php\" target=_top>Main page</a>.<br>";
echo "</body></html>";
exit;
} else {
// First check to see if somebody got there first.
<?php
/* $Id: admin_user_comment.php,v 1.2 2003/03/31 06:59:36 nighty Exp $ */
include "../../php_includes/cmaster.inc";
std_init();
if ($admin < 600) {
echo "You don't have access.";
die;
}
if ($spcmode == "remove" && $admin < 800) {
echo "You don't have access.";
die;
}
if ($spcmode == "remove") {
$rr = pg_safe_exec("SELECT COUNT(*) AS count FROM userlog WHERE user_id='" . $uid . "' AND ts='" . $ts . "' AND event=5");
if ($rr) {
$oo = pg_fetch_object($rr);
if ($oo->count == 1) {
pg_safe_exec("DELETE FROM userlog WHERE user_id='" . $uid . "' AND ts='" . $ts . "' AND event=5");
}
}
} else {
log_user($uid, 5, $admcmt);
}
header("Location: users.php?id={$uid}");
die;
<?php
header('Access-Control-Allow-Origin: *');
require_once "log_func.php";
$username = null;
$text = null;
try {
if (isset($_REQUEST['username'])) {
$username = $_REQUEST['username'];
} else {
throw new Exception('ERROR NO USERNAME SPECIFIED.');
}
if (isset($_REQUEST['text'])) {
$text = $_REQUEST['text'];
} else {
throw new Exception('ERROR NO TEXT SPECIFIED.');
}
log_user($username, $text);
} catch (Exception $e) {
echo $e->getMessage();
}
function ajax_content_page() {
global $user;
$statuses = statuses_retrieve();
// Display graph
print_graph();
// FB API placeholder
echo "<div id='fb-root'></div>";
// Display karma index
print_karma($statuses);
print <<<EOS
<div id="nav-buttons">
<input type="button" value="Your most popular statuses" class="uibutton tab-main confirm" id="tab-pop" />
<input type="button" value="Your oldest statuses" class="uibutton tab-main" id="tab-oldest" />
<input type="button" value="All your statuses" class="uibutton tab-main" id="tab-allstatus" />
<input type="button" value="Most popular friends" class="uibutton tab-main" id="tab-topuser" />
</div>
EOS;
print '<div class="main-tab-member" id="tab-pop-content">';
// Display the most popular status
print_most_popular($statuses);
print '</div><div class="main-tab-member" id="tab-oldest-content">';
// Display the oldest status
print_oldest($statuses);
print '</div><div class="main-tab-member" id="tab-allstatus-content">';
// Display all statuses
print_statuses($statuses);
print '</div><div class="main-tab-member" id="tab-topuser-content">';
// I know this is ugly, but data for new users needs to be inserted to the cache before printing out the leaderboard...
if (!empty($user)) {
log_user($user);
}
print_leaderboard(TRUE, 5);
print_leaderboard(FALSE, 10);
print '</div>';
print theme_links();
//$pics = pics_retrieve();
//print_pics($pics);
}
}
// ------------------------------------------------------------------
// ------------------------------------------------------------------
// user tries to login
// ------------------------------------------------------------------
if (isset($_POST['login']) && isset($_POST['pass'])) {
log_user($_POST['login'], $_POST['pass']);
if (isset($_POST['cookie'])) {
set_cookie();
}
}
// ------------------------------------------------------------------
// user wants to logout (?logout $_GET var)
// ------------------------------------------------------------------
if (isset($_GET['deconnexion']) || isset($_GET['logout'])) {
log_user('dis', 'connect');
}
// ------------------------------------------------------------------
// ------------------------------------------------------------------
// if here, there's no login/logout process.
// Check referrer, ip
// session duration...
// on problem, out !
// ------------------------------------------------------------------
if (!is_ok()) {
session_destroy();
if (!$auto_restrict['just_die_if_not_logged']) {
include 'login_form.php';
} else {
echo $auto_restrict['error_msg'];
}
######################################################################
# admin login/deco
######################################################################
if (isset($_POST['login']) && isset($_POST['pass'])) {
cache_clear();
log_user($_POST['login'], $_POST['pass']);
} else {
if (isset($_POST['pass'])) {
log_user($config['login'], $_POST['pass']);
}
}
// logme with the bookmarklet form
$admin = is_ok();
if (isset($_POST['exit'])) {
inlog('User disconnected');
log_user("", "");
}
# config change
######################################################################
if ($admin && isset($_POST['app_name'])) {
inlog('Configuration changed');
if ($config['data_file'] != $_POST['data_file'] && !is_file($_POST['data_file'])) {
backup_datafile();
rename($config['data_file'], $_POST['data_file']);
}
// rename if .dat filename has changed
if ($config['log_filename'] != $_POST['log_filename'] && !is_file($_POST['log_filename'])) {
rename($config['log_filename'], $_POST['log_filename']);
file_put_contents('.htaccess', "<Files " . $_POST['log_filename'] . ">\n\tOrder deny,allow\n\tDeny from all\n</Files>");
}
// renaming log file
$txt .= $add;
//print($txt); exit;
//}
$result = gdLineByLineToAssoc($txt);
$journal_notes_ommitted = strpos($txt, 'journal_notes') !== false && !isset($result['journal_notes']);
$week_db = (int) $rs_gameload_json->fields("week");
$playernum_db = (int) $rs_gameload_json->fields("class") - 2;
$playernum_db = max($playernum_db, 1);
$week_isset = isset($result["week"]);
$week_data = $result["week"];
$week_not_equal = $week_data != $week_db;
// Catch if 'journal_notes' got deleted.
if ($journal_notes_ommitted) {
log_user($username, "BX_ERROR: GAME DATA LOAD DECTECTED ISSUE: 'journal_notes' field was ommited when the data blob was decoded.");
log_user($username, "DATA_BLOB:\n{$txt}");
log_user($username, "ARRAY_DATA:\n" . var_export($result, true));
}
// BChance: Ensure that the game load has the correct week.
if (!$week_isset || $week_not_equal) {
$result["week"] = $week_db;
$result["week_changed"] = true;
}
$result["playernum"] = $playernum_db;
$result["php_week_isset"] = $week_isset;
$result["php_week_not_equal"] = $week_not_equal;
$result["php_week_data"] = $week_data;
$result["php_week_db"] = $week_db;
$result["php_data_length"] = $game_data_length;
$result["journal_notes_ommitted"] = $journal_notes_ommitted;
echo json_encode($result);
} else {
echo "and make sure it is correct</h1><a href=\"confirm_pwreset.php\">Try again.</a>";
echo "</body></html>";
exit;
} else {
pg_safe_exec("delete from pending_pwreset where expiration<now()::abstime::int4");
$pwreset = pg_fetch_object($res, 0);
$userid = $pwreset->user_id;
$qid = $pwreset->question_id;
$vdata = $pwreset->verificationdata;
}
// change verifdata
$gor = pg_safe_exec("SELECT verificationdata FROM users WHERE id='" . (int) $userid . "'");
$goro = pg_fetch_object($gor);
$res = pg_safe_exec("UPDATE users SET question_id='" . (int) $qid . "',verificationdata='" . post2db($vdata) . "',post_forms=(now()::abstime::int4+86400*10),last_updated=now()::abstime::int4,last_updated_by='Verif Q/A Reset' WHERE id='" . (int) $userid . "'");
$user_id = $userid;
log_user($userid, 8, "Cookie was: " . $ID . ", Old V/A was: " . $goro->verificationdata);
$user_id = 0;
if ($res) {
$res = pg_safe_exec("delete from pending_pwreset where cookie='" . $ID . "'");
echo "<html><head><title>Successful Verificiation Question/Answer Reset</title>";
std_theme_styles();
echo "</head>";
std_theme_body("../");
echo "<h1>Success!</h1>";
echo "Your account verification question/answer has been changed !<br>\n";
echo "<br><br>";
echo "You may now proceed to the <a href=\"../index.php\" target=_top>Main page</a>.<br>";
echo "</body></html>";
exit;
} else {
echo "<html><head><title>An Error Occured</title>";
} else {
safe_redirect('index.php?p=admin&msg=' . e('Error saving new password for ', false) . $_SESSION['login'] . '&token=' . returnToken());
}
}
# ------------------------------------------------------------------
# load banned ip
# ------------------------------------------------------------------
if (is_file($auto_restrict['path_to_files'] . '/' . $auto_restrict["banned_ip_filename"])) {
include $auto_restrict['path_to_files'] . '/' . $auto_restrict["banned_ip_filename"];
}
# ------------------------------------------------------------------
# ------------------------------------------------------------------
# user tries to login
# ------------------------------------------------------------------
if (isset($_POST['login']) && isset($_POST['pass']) && empty($_POST['confirm']) && empty($_POST['creation'])) {
$ok = log_user($_POST['login'], $_POST['pass']);
if (!$ok) {
safe_redirect('index.php?p=login&error=2');
} elseif (isset($_POST['cookie'])) {
set_cookie();
}
# ------------------------------------------------------------------
# redirect if needed
# ------------------------------------------------------------------
if (!empty($auto_restrict['redirect_success'])) {
if (strpos($auto_restrict['redirect_success'], '&token=') !== false) {
safe_redirect($auto_restrict['redirect_success'] . '&token=' . returnToken());
} else {
safe_redirect($auto_restrict['redirect_success']);
}
}
function setUserMaxlogins($dest_username, $new_maxlogins, $admin_user, $admin_pass)
{
global $user_id;
unset($rVal);
$cUser = validateUser($admin_user, $admin_pass, 1);
if ($cUser->id == 0) {
return -1;
}
if ($cUser->admlvl < MOD_MAXLOGINS_LEVEL) {
return -2;
}
// minimum level to set the maxlogins value for someone. (see cmaster.inc)
if ($new_maxlogins < 1) {
$new_maxlogins = 1;
}
if ($new_maxlogins > MAX_MAXLOGINS) {
$new_maxlogins = MAX_MAXLOGINS;
}
if (strtolower($dest_username) == strtolower($admin_user)) {
$log_line = 0;
} else {
$log_line = 1;
}
$dQuery = "SELECT id FROM users WHERE lower(user_name)='" . strtolower(trim($dest_username)) . "'";
$dRes = pg_safe_exec($dQuery);
if (pg_numrows($dRes) == 0) {
return -3;
}
$dUser = pg_fetch_object($dRes);
$sQuery = "UPDATE users SET maxlogins='" . $new_maxlogins . "',last_updated=now()::abstime::int4,last_updated_by='SOAP Interface (" . $admin_user . ")' WHERE id='" . $dUser->id . "'";
if ($log_line) {
$user_id = $cUser->id;
log_user($dUser->id, 3, "- Maxlogins (SOAP)");
}
$sRes = pg_safe_exec($sQuery);
if (!$sRes) {
return 0;
} else {
return 1;
}
}
include 'login_form.php';
exit;
}
}
// ------------------------------------------------------------------
// load banned ip
// ------------------------------------------------------------------
if (is_file($auto_restrict['path_to_files'] . '/' . $auto_restrict["banned_ip_filename"])) {
include $auto_restrict['path_to_files'] . '/' . $auto_restrict["banned_ip_filename"];
}
// ------------------------------------------------------------------
// ------------------------------------------------------------------
// user tries to login
// ------------------------------------------------------------------
if (isset($_POST['login']) && isset($_POST['pass'])) {
if (log_user($_POST['login'], $_POST['pass']) && isset($_POST['cookie'])) {
set_cookie();
}
// ------------------------------------------------------------------
// redirect if needed
// ------------------------------------------------------------------
if (!empty($auto_restrict['redirect_success'])) {
redirect_to($auto_restrict['redirect_success']);
}
}
// ------------------------------------------------------------------
// user wants to logout (?logout $_GET var)
// ------------------------------------------------------------------
if (isset($_GET['deconnexion']) || isset($_GET['logout'])) {
@session_destroy();
delete_cookie();
if ($enrchg == 1) {
$add_reason .= "- E-Mail NeverReg Status\n";
}
if (htmlspecialchars($public_key) != $row->public_key) {
$add_reason .= "- Public Key\n";
}
if ($chg_formpost > 0) {
$add_reason .= "- Form Post\n";
}
if ($admin >= MOD_MAXLOGINS_LEVEL && $maxlogins != $row->maxlogins) {
$add_reason .= "- Maxlogins\n";
}
if ($add_reason != "") {
$add_reason = "Fields modified:\n" . $add_reason;
} else {
$add_reason = "No fields modified";
}
$result = log_user($id, 3, $add_reason);
}
}
if ($result) {
pg_safe_exec("COMMIT WORK");
ignore_user_abort(false);
header("Location: users.php?id={$id}&update=1");
exit;
}
}
pg_safe_exec("ROLLBACK WORK");
ignore_user_abort(false);
header("Location: users.php?id={$id}&update=2");
die;
/**
* register page
*/
function oauth_begin_register()
{
global $conf, $template, $hybridauth_conf, $page, $user;
if ($hybridauth_conf['enabled'] == 0) {
return;
}
// coming from identification page
if (pwg_get_session_var('oauth_new_user') != null) {
list($provider, $user_identifier) = pwg_get_session_var('oauth_new_user');
try {
if ($provider == 'Persona') {
$template->assign('OAUTH_USER', array('provider' => 'Persona', 'username' => $user_identifier, 'u_profile' => null, 'avatar' => null));
oauth_assign_template_vars();
$template->append('OAUTH', array('persona_email' => $user_identifier), true);
$conf['oauth']['include_common_template'] = true;
} else {
require_once OAUTH_PATH . 'include/hybridauth/Hybrid/Auth.php';
$hybridauth = new Hybrid_Auth($hybridauth_conf);
$adapter = $hybridauth->authenticate($provider);
$remote_user = $adapter->getUserProfile();
// security, check remote identifier
if ($remote_user->identifier != $user_identifier) {
pwg_unset_session_var('oauth_new_user');
throw new Exception('Hacking attempt!', 403);
}
$template->assign('OAUTH_USER', array('provider' => $hybridauth_conf['providers'][$provider]['name'], 'username' => $remote_user->displayName, 'u_profile' => $remote_user->profileURL, 'avatar' => $remote_user->photoURL));
}
$oauth_id = pwg_db_real_escape_string($provider . '---' . $user_identifier);
$page['infos'][] = l10n('Your registration is almost done, please complete the registration form.');
// register form submited
if (isset($_POST['submit'])) {
$user_id = register_user($_POST['login'], hash('sha1', $oauth_id . $conf['secret_key']), $_POST['mail_address'], true, $page['errors'], false);
if ($user_id !== false) {
pwg_unset_session_var('oauth_new_user');
// update oauth field
single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user_id));
// log_user and redirect
log_user($user_id, false);
redirect('profile.php');
}
unset($_POST['submit']);
} else {
if (isset($_POST['login']) && $conf['oauth']['allow_merge_accounts']) {
if ($conf['insensitive_case_logon'] == true) {
$_POST['username'] = search_case_username($_POST['username']);
}
$user_id = get_userid($_POST['username']);
if ($user_id === false) {
$page['errors'][] = l10n('Invalid username or email');
} else {
if ($user_id == $conf['webmaster_id']) {
$page['errors'][] = l10n('For security reason, the main webmaster account can\'t be merged with a remote account, but you can use another webmaster account.');
} else {
if (pwg_login(false, $_POST['username'], $_POST['password'], false)) {
// update oauth field
single_update(USER_INFOS_TABLE, array('oauth_id' => $oauth_id), array('user_id' => $user['id']));
pwg_unset_session_var('oauth_new_user');
redirect('profile.php');
} else {
$page['errors'][] = l10n('Invalid password!');
}
}
}
}
}
// overwrite fields with remote datas
if ($provider == 'Persona') {
$_POST['login'] = '';
$_POST['mail_address'] = $user_identifier;
} else {
$_POST['login'] = $remote_user->displayName;
$_POST['mail_address'] = $remote_user->email;
}
// template
$template->assign('OAUTH_PATH', OAUTH_PATH);
if ($conf['oauth']['allow_merge_accounts']) {
$template->assign('OAUTH_LOGIN_IN_REGISTER', true);
$template->set_prefilter('register', 'oauth_add_login_in_register');
} else {
$template->set_prefilter('register', 'oauth_add_profile_prefilter');
$template->set_prefilter('register', 'oauth_remove_password_fields_prefilter');
}
} catch (Exception $e) {
$page['errors'][] = l10n('An error occured, please contact the gallery owner. <i>Error code : %s</i>', $e->getCode());
}
} else {
if ($conf['oauth']['display_register']) {
oauth_assign_template_vars(get_gallery_home_url());
$template->set_prefilter('register', 'oauth_add_buttons_prefilter');
}
}
}
$valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = "";
srand((double) microtime() * 1000000);
for ($i = 0; $i < 8; $i++) {
$salt = $salt . $valid[rand(0, strlen($valid) - 1)];
}
$crypt = $salt . md5($salt . $pass1);
$query = "UPDATE users SET last_updated=now()::abstime::int4,last_updated_by='** Password Change **',password='******' WHERE id=" . ($user_id + 0);
pg_safe_exec($query);
// send email
$mailm = "";
$mailm .= "\nHello,\n\nThis is the confirmation of your NEW password,\n";
$mailm .= "remember it, and remember to NEVER EVER give out your password to ANYONE, even people claiming to be CService representatives.\n\n";
$mailm .= "The new password you set is\t:\t\t" . $pass1 . "\t(" . strlen($pass1) . " chars)\n\n";
$mailm .= "\n\nThe " . NETWORK_NAME . " Channel Service.\n\n";
log_user($user_id, 10, "");
$ENABLE_COOKIE_TABLE = 1;
// logout the user.
pg_safe_exec("delete from webcookies where user_id='" . $user_id . "'");
$ENABLE_COOKIE_TABLE = 0;
if (trim($dauser->email) != "") {
mail($dauser->email, "Your New CService Password", $mailm, "From: " . NETWORK_NAME . " Channel Service <" . FROM_NEWUSER . ">\nReply-to: " . OBJECT_EMAIL . "\nX-Mailer: " . NETWORK_NAME . " Channel Service\n\n");
// back to normal
echo "<html>\n";
echo "<head>\n";
echo "<title>CService New Password Confirmation</title>\n";
std_theme_styles();
echo "</head>\n";
std_theme_body();
echo "<font size=+1>";
echo "You new password has been updated into our database,<br>\n";
} else {
if (${$suspend} == 1) {
if ($debug_me) {
echo "1";
}
if ($send_mail) {
$mmsg .= $t_mmsg;
}
$new_u_flags = (int) $ols->flags | 0x1;
// global Suspension tag
$query = "UPDATE users SET last_updated=now()::abstime::int4,last_updated_by='Suspended by Toaster',flags='" . $new_u_flags . "' WHERE id='" . $id[$x] . "'";
if (!$debug_me) {
// take action
unset($raction);
$raction = pg_safe_exec($query);
log_user($id[$x], 1, "global suspend for %U (%I) [toaster: " . $sreason . "]");
} else {
$query2 = "\n\t<i>" . $query;
$query2 .= "</i>";
}
} else {
if ($debug_me) {
echo "0";
}
}
}
if (${$flagList} != "") {
$checkFL = pg_safe_exec("SELECT id FROM fraud_lists WHERE lower(name)='" . strtolower(${$flagList}) . "'");
if (pg_numrows($checkFL) > 0) {
// already an existing list ... check the user
$FLobj = pg_fetch_object($checkFL);
/**
* Performs auto-connection if authentication key is valid.
*
* @since 2.8
*
* @return bool
*/
function auth_key_login($auth_key)
{
global $conf, $user, $page;
if (!preg_match('/^[a-z0-9]{30}$/i', $auth_key)) {
return false;
}
$query = '
SELECT
*,
' . $conf['user_fields']['username'] . ' AS username,
NOW() AS dbnow
FROM ' . USER_AUTH_KEYS_TABLE . ' AS uak
JOIN ' . USER_INFOS_TABLE . ' AS ui ON uak.user_id = ui.user_id
JOIN ' . USERS_TABLE . ' AS u ON u.' . $conf['user_fields']['id'] . ' = ui.user_id
WHERE auth_key = \'' . $auth_key . '\'
;';
$keys = query2array($query);
if (count($keys) == 0) {
return false;
}
$key = $keys[0];
// is the key still valid?
if (strtotime($key['expired_on']) < strtotime($key['dbnow'])) {
$page['auth_key_invalid'] = true;
return false;
}
// admin/webmaster/guest can't get connected with authentication keys
if (!in_array($key['status'], array('normal', 'generic'))) {
return false;
}
$user['id'] = $key['user_id'];
log_user($user['id'], false);
trigger_notify('login_success', $key['username']);
// to be registered in history table by pwg_log function
$page['auth_key_id'] = $key['auth_key_id'];
return true;
}
$item['HAS_SUBFORUMS']++;
$item['TOTAL_UNREAD'] += intval($subforums_list[$i]['unread_topics']);
// Change folder image
$images = unserialize($item['FORUM_FOLDERS']);
$item['FORUM_FOLDER_IMG'] = $item['TOTAL_UNREAD'] ? $images['subnew'] : $images['sub'];
$item['L_FORUM_FOLDER_ALT'] = $item['TOTAL_UNREAD'] ? $images['subaltnew'] : $images['subalt'];
// Check last post
if ($item['LAST_POST_TIME'] < $subforums_list[$i]['last_post_time']) {
$item['LAST_POST'] = $subforums_list[$i]['last_post'];
$item['LAST_POST_TIME'] = $subforums_list[$i]['last_post_time'];
}
if (!$item['LAST_POST_TIME_FORUM']) {
$item['LAST_POST_FORUM'] = $item['LAST_POST'];
}
// Add topics/posts
$item['TOTAL_POSTS'] += $forum_data['forum_posts'];
$item['TOTAL_TOPICS'] += $forum_data['forum_topics'];
}
unset($item);
unset($data);
unset($cat_item);
unset($row_item);
}
// End Simple Subforums MOD
include $phpbb_root_path . "/includes/logip.php";
log_user($userdata['user_id'], $userdata['username'], $_SERVER['REMOTE_ADDR']);
//
// Generate the page
//
$template->pparse('body');
include $phpbb_root_path . 'includes/page_tail.' . $phpEx;
function login($success, $username, $password, $remember_me)
{
global $conf;
$allow_auth = False;
$obj = new Ldap();
$obj->load_config();
$obj->ldap_conn() or error_log("Unable to connect LDAP server : " . $obj->getErrorString());
// if there's a users group...
if ($obj->config['users_group']) {
// and the user is in
if ($obj->user_membership($username, $obj->ldap_group($obj->config['users_group']))) {
// it can continue
$allow_auth = True;
} else {
// otherwise it means the user is not allowed to enter !
fail($username);
}
} else {
// if there's no user group, we can continue.
$allow_auth = True;
}
if ($allow_auth) {
if ($obj->ldap_bind_as($username, $password)) {
// bind with userdn
// search user in piwigo database
$query = '
SELECT ' . $conf['user_fields']['id'] . ' AS id
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\';';
$row = pwg_db_fetch_assoc(pwg_query($query));
// if query is not empty, it means everything is ok and we can continue, auth is done !
if (!empty($row['id'])) {
update_user($username, $row['id']);
log_user($row['id'], $remember_me);
trigger_action('login_success', stripslashes($username));
return True;
} else {
// this is where we check we are allowed to create new users upon that.
if ($obj->config['allow_newusers']) {
// we got the email address
if ($obj->ldap_mail($username)) {
$mail = $obj->ldap_mail($username);
} else {
$mail = NULL;
}
// we actually register the new user
$new_id = register_user($username, random_password(8), $mail);
update_user($username, $new_id);
// now we fetch again his id in the piwigo db, and we get them, as we just created him !
log_user($new_id, False);
trigger_action('login_success', stripslashes($username));
redirect('profile.php');
return true;
} else {
fail($username);
}
}
} else {
fail($username);
}
} else {
fail($username);
}
}
$infos[] = l10n('Congratulations, Piwigo installation is completed');
if (isset($error_copy)) {
$errors[] = $error_copy;
} else {
session_set_save_handler('pwg_session_open', 'pwg_session_close', 'pwg_session_read', 'pwg_session_write', 'pwg_session_destroy', 'pwg_session_gc');
if (function_exists('ini_set')) {
ini_set('session.use_cookies', $conf['session_use_cookies']);
ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
ini_set('session.cookie_httponly', 1);
}
session_name($conf['session_name']);
session_set_cookie_params(0, cookie_path());
register_shutdown_function('session_write_close');
$user = build_user(1, true);
log_user($user['id'], false);
// email notification
if (isset($_POST['send_password_by_mail'])) {
include_once PHPWG_ROOT_PATH . 'include/functions_mail.inc.php';
$keyargs_content = array(get_l10n_args('Hello %s,', $admin_name), get_l10n_args('Welcome to your new installation of Piwigo!', ''), get_l10n_args('', ''), get_l10n_args('Here are your connection settings', ''), get_l10n_args('', ''), get_l10n_args('Link: %s', get_absolute_root_url()), get_l10n_args('Username: %s', $admin_name), get_l10n_args('Password: %s', $admin_pass1), get_l10n_args('Email: %s', $admin_mail), get_l10n_args('', ''), get_l10n_args('Don\'t hesitate to consult our forums for any help: %s', PHPWG_URL));
pwg_mail($admin_mail, array('subject' => l10n('Just another Piwigo gallery'), 'content' => l10n_args($keyargs_content), 'content_format' => 'text/plain'));
}
}
}
if (count($errors) != 0) {
$template->assign('errors', $errors);
}
if (count($infos) != 0) {
$template->assign('infos', $infos);
}
//----------------------------------------------------------- html code display
// this ID needs to be a permanently valid user !!!!! (see config.inc)
$da_cmt = "";
$da_cmt .= "**** AUTOMATIC ****<br><br>";
$da_cmt .= "<b>An anonymous objection has been posted through the Complaints System.</b><br>";
$da_cmt .= "<a href=\"complaints/admin.php?view=" . $ticket_number . "\">click here</a> to go to that complaint.<br><br>";
$notif_q = "INSERT INTO objections (channel_id,user_id,comment,created_ts,admin_only) VALUES ('" . (int) $da_channel1_id . "','" . (int) $issuer_id . "','" . post2db($da_cmt) . "',now()::abstime::int4,'Y')";
pg_safe_exec($notif_q);
}
} else {
$ticket_number = "N/A";
}
if (!$res) {
die($back_lnk . "<b>SQL ERROR</b><br><br></td></tr></table></body></html>");
} else {
if ($da_users_id > 0) {
log_user($da_users_id, 11, "Type: " . $cpt_name[$_POST["ct"]] . ", Ticket-Number: " . $ticket_number);
}
$mmsg = "";
$mmsg .= "\n\n";
$mmsg .= "We recently received a complaint to CService using this e-mail address (" . $_POST["from_mail"] . ") for the reply.\n";
$mmsg .= "If you haven't sent any complaint and don't know what this is all about, then just delete this message and DO NOT CLICK below.\n\n";
$mmsg .= "If you are the person that sent that complaint, please confirm it by clicking the link below within 48 hours :\n\n";
$confirm_url = gen_server_url() . substr($REQUEST_URI, 0, strrpos($REQUEST_URI, "/")) . "/confirm.php";
$mmsg .= "\t\t" . $confirm_url . "?ID=" . $da_crc . "\n\n";
$mmsg .= "\nThe " . NETWORK_NAME . " Channel Service.\n\n";
mail($_POST["from_mail"], "[" . NETWORK_NAME . " CService Complaints] Confirmation request", $mmsg, "From: " . NETWORK_NAME . " Channel Service <" . OBJECT_EMAIL . ">\nReply-to: DO.NOT@REPLY.THANKS\nX-Mailer: " . NETWORK_NAME . " CService Complaint Module\n\n");
}
$dq = pg_safe_exec("SELECT id FROM complaints WHERE (status=0 OR status=99) AND crc_expiration<now()::abstime::int4");
while ($do = pg_fetch_object($dq)) {
pg_safe_exec("DELETE FROM complaints_reference WHERE complaints_ref='" . (int) $do->id . "'");
pg_safe_exec("DELETE FROM complaints_threads WHERE complaint_ref='" . (int) $do->id . "'");
