function flattr_button_show($uid, $url, $title, $description, $button, $language)
{
$script_id = password_generate(32);
// echo "<script>
// echo "<script id='fbwxhy2'>
echo "<script id='{$script_id}'>\r\n\t(function(i){var f,s=document.getElementById(i);f=document.createElement('iframe');f.src='//api.flattr.com/button/view/?uid=" . $uid . "&title=" . $title . "&button=" . $button . "&description=" . $description . "&url='+encodeURIComponent('" . $url . "');f.title='Flattr';f.height=20;f.width=110;f.style.borderWidth=0;s.parentNode.insertBefore(f,s);})('{$script_id}');</script>";
}
function login_create_reset_code($email)
{
//Skaffa sig id.
$sql = "SELECT id, email FROM " . PREFIX . "user WHERE email='" . sql_safe($email) . "';";
if ($ee = mysql_query($sql)) {
if ($e = mysql_fetch_array($ee)) {
//generera en kod
$password = password_generate(16);
$sql = "INSERT INTO " . PREFIX . "user_reset_code SET \n\t\t\t\tuser='******'id'] . "',\n\t\t\t\tcode='" . md5($password) . "';";
if (mysql_query($sql)) {
return $password;
}
add_error("Reset was impossible " . mysql_error());
} else {
add_error("The email address was not found in the system.");
}
} else {
add_error("DB error: " . mysql_error());
}
return NULL;
}
function EvaluateDefault(&$ldapserver, $value, $container, $counter = '', $default = null)
{
if (DEBUG_ENABLED) {
debug_log('%s::EvaluateDefault(): Entered with (%s,%s,%s,%s)', 5, get_class($this), $ldapserver->server_id, $value, $container, $counter);
}
global $ldapservers;
if (preg_match('/^=php\\.(\\w+)\\((.*)\\)$/', $value, $matches)) {
$args = preg_split('/,/', $matches[2]);
switch ($matches[1]) {
case 'GetNextNumber':
if ($args[0] == '$') {
$args[0] = $ldapservers->GetValue($ldapserver->server_id, 'auto_number', 'search_base');
}
$container = $ldapserver->getContainerParent($container, $args[0]);
$detail['value'] = get_next_number($ldapserver, $container, $args[1]);
break;
case 'PickList':
$container = $ldapserver->getContainerParent($container, $args[0]);
preg_match_all('/%(\\w+)(\\|.+)?(\\/[lU])?%/U', $args[3], $matchall);
//print_r($matchall); // -1 = highlevel match, 1 = attr, 2 = subst, 3 = mod
$ldap_attrs = $matchall[1];
array_push($ldap_attrs, $args[2]);
$picklistvalues = return_ldap_hash($ldapserver, $container, $args[1], $args[2], $ldap_attrs);
$detail['value'] = sprintf('<select name="form[%s]" id="%%s" %%s %%s>', isset($args[4]) ? $args[4] : $args[2]);
$counter = 0;
foreach ($picklistvalues as $key => $values) {
$display = $args[3];
foreach ($matchall[1] as $arg) {
$display = preg_replace('/%(' . $arg . ')(\\|.+)?(\\/[lU])?%/U', $values[$arg], $display);
}
if (!isset($picklist[$display])) {
$detail['value'] .= sprintf('<option id="%s%s" value="%s" %s>%s</option>', isset($args[4]) ? $args[4] : $args[2], ++$counter, $values[$args[2]], $default == $display ? 'selected' : '', $display);
$picklist[$display] = true;
}
}
$detail['value'] .= '</select>';
break;
case 'RandomPassword':
$detail['value'] = password_generate();
printf('<script type="text/javascript" language="javascript">alert(\'%s:\\n%s\')</script>', _('A random password was generated for you'), $detail['value']);
break;
case 'DrawChooserLink':
$detail['value'] = draw_chooser_link(sprintf('template_form.%s%s', $args[0], $counter), $args[1]);
break;
case 'Function':
# Capture the function name and remove function name from $args
$function_name = array_shift($args);
$function_args = array();
foreach ($args as $arg) {
if (preg_match('/^%(\\w+)(\\|.+)?(\\/[lU])?%/U', $arg, $matches)) {
$varname = $matches[1];
if (isset($_POST['form'][$varname])) {
$function_args[] = $_POST['form'][$varname];
} else {
pla_error(sprintf(_('Your template calls php.Function for a default value, however (%s) is NOT available in the POST FORM variables. The following variables are available [%s].'), $varname, isset($_POST['form']) ? implode('|', array_keys($_POST['form'])) : 'NONE'));
}
} else {
$function_args[] = $arg;
}
}
# Call the PHP function if exists (PHP 4 >= 4.0.4, PHP 5)
if (function_exists($function_name)) {
$detail['value'] = call_user_func_array($function_name, $function_args);
}
break;
default:
$detail['value'] = 'UNKNOWN';
}
$return = $detail['value'];
} else {
$return = $value;
}
if (DEBUG_ENABLED) {
debug_log('%s::EvaluateDefault(): Returning (%s)', 5, get_class($this), $return);
}
return $return;
}
foreach (array('md5', 'md5crypt', 'sha', 'ssha', 'smd5', 'crypt', 'clear') as $enc_type) {
$crypted_password = password_hash($password, $enc_type);
print "[" . $enc_type . "] " . $crypted_password . "<br />";
print " Test: " . (password_check($crypted_password, $password) ? "passed" : "failed");
print "\n";
//unset($crypted_password);
flush();
}
}
if (true) {
$secret = "foobar";
$passwords = array('fun!244A', 'asdf', 'dc=stuff,ou=things', 'y()ikes');
$passwords_encrypted = array();
foreach ($passwords as $password) {
$passwords_encrypted[] = pla_blowfish_encrypt($password, $secret);
}
$passwords_decrypted = array();
foreach ($passwords_encrypted as $password) {
$passwords_decrypted[] = pla_blowfish_decrypt($password, $secret);
}
foreach ($passwords_decrypted as $i => $password) {
echo $passwords[$i] . ': ' . $passwords_encrypted[$i] . '<br /> ';
if ($passwords[$i] == $passwords_decrypted[$i]) {
echo "passed<br />";
} else {
echo "<b>failed!</b></br />";
}
}
}
print password_generate();
}
/**
* Änderung des Passwortes mit Versenden von EMails als Info für die Änderung
*
* Tabellen: tbl1_adminusers
**/
if ($_GET['action'] == "pw") {
if ($adminsession->session_user_data['admin_can_use_customer_users_change'] != 1) {
$adminsession->NoEntryForUser();
}
$result = $db->query("SELECT * FROM rhs_customer WHERE customer_id=" . $_GET['userid']);
$user = $db->fetch_array($result);
$smarty->assign($user);
if (isset($_POST['send'])) {
if ($_POST['mode'] == 1) {
$newpassword = password_generate();
$_POST['sendmail'] = 1;
} else {
$newpassword = $_POST['newpassword'];
}
$db->query("UPDATE rhs_customer SET customer_admin_password='******' WHERE customer_id='" . $_GET['userid'] . "'");
if ($_POST['sendmail'] == 1) {
eval("\$mail_html = \"" . $shopconfig['shopconfig_mailnewpw_html'] . "\";");
eval("\$mail_text = \"" . $shopconfig['shopconfig_mailnewpw_text'] . "\";");
$mail = new phpmailer();
$mail->From = $adminsession->session_mandant_data['mandant_email'];
$mail->FromName = $adminsession->session_mandant_data['mandant_vorname'] . " " . $adminsession->session_mandant_data['mandant_nachname'];
$mail->Mailer = "smtp";
$mail->Host = $smtp_mailhost;
$mail->SMTPAuth = true;
$mail->Username = $smtp_user;
/**
* Confirmation of password restoring process
*
* @param string $key
*
* @return array|bool array('id' => <i>id</i>, 'password' => <i>password</i>) or <b>false</b> on failure
*/
function restore_password_confirmation($key)
{
if (!is_md5($key)) {
return false;
}
$id = $this->db_prime()->qfs(["SELECT `id`\n\t\t\tFROM `[prefix]users`\n\t\t\tWHERE\n\t\t\t\t`reg_key`\t= '%s' AND\n\t\t\t\t`status`\t= '%s'\n\t\t\tLIMIT 1", $key, self::STATUS_ACTIVE]);
if (!$id) {
return false;
}
$data = $this->get('data', $id);
if (!isset($data['restore_until'])) {
return false;
} elseif ($data['restore_until'] < TIME) {
unset($data['restore_until']);
$this->set('data', $data, $id);
return false;
}
unset($data['restore_until']);
$Config = Config::instance();
$password = password_generate($Config->core['password_min_length'], $Config->core['password_min_strength']);
$this->set(['password_hash' => hash('sha512', hash('sha512', $password) . Core::instance()->public_key), 'data' => $data], null, $id);
$this->add_session($id);
return ['id' => $id, 'password' => $password];
}
/**
* This will draw the javascript that displays to the user the random password generated
*
* @todo This function doesnt work well if there are more than 1 RandomPasswordAttributes on the form for the same attribute (unlikely situation)
*/
protected function drawJavascriptRandomPasswordAttribute($attribute)
{
if (DEBUGTMP) {
printf('<font size=-2>%s</font><br />', __METHOD__);
}
printf("\n<!-- START: %s -->\n", __METHOD__);
$this->drawJavascriptPasswordAttribute($attribute);
$pwd = password_generate();
$pwd = str_replace("\\", "\\\\", $pwd);
$pwd = str_replace("'", "\\'", $pwd);
printf("\n<!-- %s -->\n", __METHOD__);
echo '<script type="text/javascript">' . "\n";
echo 'var i = 0;' . "\n";
printf('var component = document.getElementById(\'new_values_%s_\'+i);', $attribute->getName());
echo "\n";
echo 'while (component) {' . "\n";
echo ' if (!component.value) {' . "\n";
printf(' component.value = \'%s\';', $pwd);
echo "\n";
printf(' alert(\'%s:\\n%s\');', _('A random password was generated for you'), $pwd);
echo "\n";
echo ' };' . "\n";
echo ' i++;' . "\n";
printf(' component = document.getElementById(\'new_values_%s_\'+i);', $attribute->getName());
echo "\n";
# It seems that JS gets stuck in a loop if there isnt a command here? - normally this alert isnt shown.
printf('alert("It seems another element was found, PLA hasnt been configured for this situation Component: "+component.value+" I:"+i);', $attribute->getName());
echo "\n";
echo '}' . "\n";
echo '</script>';
printf("\n<!-- END: %s -->\n", __METHOD__);
}
function user_register()
{
if ($_POST['name'] != "" && $_POST['email'] != "") {
//Försök registrera denna användare.
//Kolla så att användarnamnet inte innehåller konstiga tecken eller är SITE_NAME
//Kolla så att strängen är alfanumerisk
if (eregi_replace('[a-z0-9]', '', $_POST['name']) == '') {
if (user_email_exists($_POST['email'])) {
add_error("Email address is already registered");
} else {
if (user_name_exists($_POST['name']) || !strcasecmp($_POST['name'], SITE_NAME)) {
add_error("User name is already registered");
} else {
//generera ett lösenord
$password = password_generate(32);
//Skriv in info i databasen
$sql = "INSERT INTO " . PREFIX . "user\n\t\t\t\t(username, email, password)\n\t\t\t\tVALUES ('" . $_POST['name'] . "','" . $_POST['email'] . "','" . md5($password) . "');";
$went_fine = mysql_query($sql);
if ($went_fine) {
add_message("Registration went fine. You will soon recieve an email with further instructions!");
$password = login_create_reset_code($_POST['email']);
//Skicka ett email
$to = $_POST['email'];
$subject = "[" . SITE_NAME . "] - Welcome!";
$body = "Hi,\n\nYour new account at " . SITE_NAME . " has been created. Please visit the following link to set your password.\n\n" . SITE_URL . "/?lostpassword&password_reset={$password}\n\nRegards,\nThe " . SITE_NAME . " Team";
$headers = 'From: ' . CONTACT_EMAIL . "\r\n" . 'Reply-To: ' . CONTACT_EMAIL . "\r\n" . 'X-Mailer: PHP/' . phpversion();
//Skicka mail! Det funkar inte i WAMP, men jag tror det beror på inställningar... kanske.
if (mail($to, $subject, $body, $headers)) {
add_message("Message successfully sent!");
} else {
add_error("Message delivery failed.");
}
define('REGISTRATION_DONE', 1);
} else {
add_error("There was a problem. Try again.\n\t\t\t\t\t<pre>" . mysql_error() . "</pre>");
}
}
}
} else {
add_error("Only alphanumeric usernames are allowed!");
}
}
}
