$userPass = SP\Request::analyzeEncrypted('pass'); $masterPass = SP\Request::analyzeEncrypted('mpass'); if (!$userLogin || !$userPass) { SP\Response::printJSON(_('Usuario/Clave no introducidos')); } $User = new SP\User(); $User->setUserLogin($userLogin); $User->setUserPass($userPass); if ($resLdap = SP\Auth::authUserLDAP($userLogin, $userPass)) { $User->setUserName(SP\Auth::$userName); $User->setUserEmail(SP\Auth::$userEmail); } $Log = new \SP\Log(_('Inicio sesión')); // Autentificamos por LDAP if ($resLdap === true) { $Log->addDescription('(LDAP)'); $Log->addDescription(sprintf('%s: %s', _('Servidor Login'), \SP\Ldap::getLdapServer())); // Verificamos si el usuario existe en la BBDD if (!UserLdap::checkLDAPUserInDB($userLogin)) { // Creamos el usuario de LDAP en MySQL if (!\SP\UserLdap::newUserLDAP($User)) { $Log->addDescription(_('Error al guardar los datos de LDAP')); $Log->writeLog(); SP\Response::printJSON(_('Error interno')); } } else { // Actualizamos la clave del usuario en MySQL if (!UserLdap::updateLDAPUserInDB($User)) { $Log->addDescription(_('Error al actualizar la clave del usuario en la BBDD')); $Log->writeLog(); SP\Response::printJSON(_('Error interno'));
$action = SP\Request::analyze('action'); $accountId = SP\Request::analyze('accountId', 0); $fileId = SP\Request::analyze('fileId', 0); $log = new \SP\Log(); if ($action == 'upload') { if (!is_array($_FILES["inFile"]) || $accountId === 0) { \SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } $log->setAction(_('Subir Archivo')); $allowedExts = strtoupper(SP\Config::getValue('files_allowed_exts')); $allowedSize = SP\Config::getValue('files_allowed_size'); if ($allowedExts) { // Extensiones aceptadas $extsOk = explode(",", $allowedExts); } else { $log->addDescription(_('No hay extensiones permitidas')); $log->writeLog(); \SP\Response::printJSON($log->getDescription()); } if (is_array($_FILES) && $_FILES['inFile']['name']) { // Comprobamos la extensión del archivo $fileData['extension'] = strtoupper(pathinfo($_FILES['inFile']['name'], PATHINFO_EXTENSION)); if (!in_array($fileData['extension'], $extsOk)) { $log->addDescription(_('Tipo de archivo no soportado') . " '" . $fileData['extension'] . "' "); $log->writeLog(); \SP\Response::printJSON($log->getDescription()); } } else { $log->addDescription(_('Archivo inválido') . ":<br>" . $_FILES['inFile']['name']); $log->writeLog(); \SP\Response::printJSON($log->getDescription());
SP\Request::checkReferer('POST'); $sk = SP\Request::analyze('sk', false); if (!$sk || !SessionUtil::checkSessionKey($sk)) { SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } $userLogin = SP\Request::analyze('login'); $userEmail = SP\Request::analyze('email'); $userPass = SP\Request::analyzeEncrypted('pass'); $userPassR = SP\Request::analyzeEncrypted('passR'); $hash = SP\Request::analyze('hash'); $time = SP\Request::analyze('time'); $message['action'] = _('Recuperación de Clave'); if ($userLogin && $userEmail) { $log = new \SP\Log(_('Recuperación de Clave')); if (SP\Auth::mailPassRecover($userLogin, $userEmail)) { $log->addDescription(SP\Html::strongText(_('Solicitado para') . ': ') . ' ' . $userLogin . ' (' . $userEmail . ')'); SP\Response::printJSON(_('Solicitud enviada') . ';;' . _('En breve recibirá un correo para completar la solicitud.'), 0, 'goLogin();'); } else { $log->addDescription('ERROR'); $log->addDescription(SP\Html::strongText(_('Solicitado para') . ': ') . ' ' . $userLogin . ' (' . $userEmail . ')'); SP\Response::printJSON(_('No se ha podido realizar la solicitud. Consulte con el administrador.')); } $log->writeLog(); SP\Email::sendEmail($log); } elseif ($userPass && $userPassR && $userPass === $userPassR) { $userId = UserPassRecover::checkHashPassRecover($hash); if ($userId) { if (UserPass::updateUserPass($userId, $userPass) && UserPassRecover::updateHashPassRecover($hash)) { \SP\Log::writeNewLogAndEmail(_('Modificar Clave Usuario'), SP\Html::strongText(_('Login') . ': ') . UserUtil::getUserLoginById($userId)); SP\Response::printJSON(_('Clave actualizada'), 0, 'goLogin();'); }
use SP\UserUtil; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; SP\Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10); } $sk = SP\Request::analyze('sk', false); if (!$sk || !SessionUtil::checkSessionKey($sk)) { SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } $frmAccountId = SP\Request::analyze('accountid', 0); $frmDescription = SP\Request::analyze('description'); if (!$frmDescription) { SP\Response::printJSON(_('Es necesaria una descripción')); } $accountRequestData = SP\Account::getAccountRequestData($frmAccountId); $recipients = array(UserUtil::getUserEmail($accountRequestData->account_userId), UserUtil::getUserEmail($accountRequestData->account_userEditId)); $requestUsername = SP\Session::getUserName(); $requestLogin = SP\Session::getUserLogin(); $log = new \SP\Log(_('Solicitud de Modificación de Cuenta')); $log->addDescription(SP\Html::strongText(_('Solicitante') . ': ') . $requestUsername . ' (' . $requestLogin . ')'); $log->addDescription(SP\Html::strongText(_('Cuenta') . ': ') . $accountRequestData->account_name); $log->addDescription(SP\Html::strongText(_('Cliente') . ': ') . $accountRequestData->customer_name); $log->addDescription(SP\Html::strongText(_('Descripción') . ': ') . $frmDescription); $mailto = implode(',', $recipients); if (strlen($mailto) > 1 && SP\Util::mailrequestIsEnabled() && SP\Email::sendEmail($log, $mailto)) { $log->writeLog(); SP\Response::printJSON(_('Solicitud enviada'), 0, "doAction('" . \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH . "');"); } SP\Response::printJSON(_('Error al enviar la solicitud'));
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10); } $accountId = SP\Request::analyze('accountid', false); $isHistory = SP\Request::analyze('isHistory', false); if (!$accountId) { return; } $account = !$isHistory ? new SP\Account() : new SP\AccountHistory(); $account->setAccountParentId(\SP\Session::getAccountParentId()); $account->setAccountId($accountId); $accountData = $account->getAccountPassData(); if ($isHistory && !$account->checkAccountMPass()) { SP\Response::printJSON(_('La clave maestra no coincide')); } if (!SP\Acl::checkAccountAccess(SP\Acl::ACTION_ACC_VIEW_PASS, $account->getAccountDataForACL()) || !SP\Acl::checkUserAccess(SP\Acl::ACTION_ACC_VIEW_PASS)) { SP\Response::printJSON(_('No tiene permisos para acceder a esta cuenta')); } elseif (!UserPass::checkUserUpdateMPass()) { SP\Response::printJSON(_('Clave maestra actualizada') . '<br>' . _('Reinicie la sesión para cambiarla')); } $accountClearPass = SP\Crypt::getDecrypt($accountData->pass, $accountData->iv); if (!$isHistory) { $account->incrementDecryptCounter(); $log = new \SP\Log(_('Ver Clave')); $log->addDescription(_('ID') . ': ' . $accountId); $log->addDescription(_('Cuenta') . ': ' . $accountData->customer_name . " / " . $accountData->name); $log->writeLog(); } //$accountPass = htmlspecialchars(trim($accountClearPass)); $useImage = intval(\SP\Util::accountPassToImageIsEnabled()); $data = array('title' => _('Clave de Cuenta'), 'acclogin' => $accountData->login, 'accpass' => !$useImage ? trim($accountClearPass) : \SP\ImageUtil::convertText($accountClearPass), 'useimage' => $useImage); SP\Response::printJSON($data, 0);