function getLoginState($get, $default = false)
{
    global $login_url;
    $conf = $get['hash'];
    $s = $get['secret'];
    $id = $get['dblink'];
    $u = new UserFunctions();
    $userDetail = $u->validateUser($id, $conf, $s, true);
    $loginStatus = $userDetail['status'];
    try {
        unset($userDetail['userdata']['password']);
        unset($userDetail['userdata']['secret']);
        unset($userDetail['userdata']['pass_meta']);
        unset($userDetail['userdata']['secdata']);
        unset($userDetail['userdata']['emergency_code']);
        unset($userDetail['userdata']['auth_key']);
        unset($userDetail['userdata']['data']);
        unset($userDetail['userdata']['private_key']);
        unset($userDetail['userdata']['random_seed']);
        unset($userDetail['userdata']['special_1']);
        unset($userDetail['userdata']['special_2']);
        unset($userDetail['userdata']['app_key']);
        unset($userDetail['userdata']['phone_verified']);
        unset($userDetail['userdata']['last_ip']);
        unset($userDetail['source']);
        unset($userDetail['salt']);
        unset($userDetail['calc_conf']);
        unset($userDetail['basis_conf']);
        unset($userDetail['iv']);
    } catch (Exception $e) {
        # Do nothing, that unset just failed
        $userDetail = $e->getMessage();
    }
    $response = array('status' => $loginStatus, 'defaulted' => $default, 'login_url' => $login_url, 'detail' => $userDetail, "unrestricted" => $u->meetsRestrictionCriteria(), "has_alternate" => $u->hasAlternateEmail(), "email_allowed" => $u->emailIsAllowed(), "alternate_allowed" => $u->alternateIsAllowed(), "restriction_criteria" => $u->getRestrictionCriteria());
    if ($default) {
        $response["provided_arguments"] = $_REQUEST;
    }
    return $response;
}
} else {
    if ($captive_login) {
        header("Refresh: 0; url={$baseurl}");
        $deferredJS .= "\nwindow.location.href=\"{$baseurl}\";";
    }
}
// $random = "<li><a href='#' id='totp_help'>Help with Two-Factor Authentication</a></li>";
try {
    $has2fa = strbool($user->has2FA());
} catch (Exception $e) {
    $has2fa = false;
}
try {
    $emailHtml = "<p class='primary-email' data-alternate='false' data-user='******'>" . $user->getUsername();
    $emailVerifiedBadge = $user->isVerified() ? " <span class='glyphicon glyphicon-check text-success' data-toggle='tooltip' title='Verified Email'></span>" : " <button class='btn btn-xs btn-success verify-email'>Verify Now</button>";
    $unrestricted = $user->meetsRestrictionCriteria() ? " <span class='glyphicon glyphicon-star' data-toggle='tooltip' title='Unrestricted User'></span>" : "";
    $emailHtml .= $emailVerifiedBadge . $unrestricted . "</p>";
    if ($user->hasAlternateEmail()) {
        $alternateEmailHtml = "<p class='text-muted alternate-email' data-alternate='true' data-user='******'>" . $user->getAlternateEmail();
        $emailVerifiedBadge = $user->isVerified(true) ? "  <span class='glyphicon glyphicon-check text-success' data-toggle='tooltip' title='Verified Email'></span>" : " <button class='btn btn-xs btn-success verify-email'>Verify Now</button>";
        $alternateEmailHtml .= $emailVerifiedBadge . " <button class='btn btn-xs btn-info' id='add-alternate'>Change</button></p>";
    } else {
        $alternateEmailHtml = "<p class='text-muted alternate-email' data-alternate='true' data-user='******'>No alternate email set <button class='btn btn-xs btn-info' id='add-alternate'>Add One</button></p>";
    }
} catch (Exception $e) {
    $emailHtml = "";
    $alternateEmailHtml = "";
}
$settings_blob = "<section id='account_settings' class='panel panel-default clearfix'><div class='panel-heading'><h2 class='panel-title'>Settings</h2></div><div class='panel-body'>" . $emailHtml . $alternateEmailHtml . "<ul id='settings_list'><li><a href='#' id='showAdvancedOptions' data-domain='{$domain}' data-user-tfa='" . $has2fa . "' role='button' class='btn btn-default'>More Options</a></li>" . $verifyphone_link . $random . "</ul></div></section>";
$login_output .= "<div id='login_block'>";
$alt_forms = "<div id='alt_logins'>\n<!-- OpenID, Google, Twitter, Facebook -->\n</div>";
Ejemplo n.º 3
0
function searchUsers($get)
{
    /***
     *
     ***/
    global $udb, $login_status;
    $q = $udb->sanitize($get['q']);
    $response = array('search' => $q);
    $search = array('username' => $q, 'name' => $q, 'dblink' => $q);
    $cols = array('username', 'name', 'dblink', "email_verified", "alternate_email_verified", "admin_flag", "alternate_email");
    if (!empty($get['cols'])) {
        if (checkUserColumnExists($get['cols'], false)) {
            # Replace the defaults
            $colList = explode(',', $get['cols']);
            $search = array();
            foreach ($colList as $col) {
                $col = trim($col);
                # If the column exists, we don't have to sanitize it
                # $col = $db->sanitize($col);
                $search[$col] = $q;
                $cols[] = $col;
            }
        } else {
            $response['notice'] = 'Invalid columns; defaults used';
            $response["detail"] = checkUserColumnExists($get["cols"], false, true);
        }
    }
    $response['status'] = true;
    $result = $udb->getQueryResults($search, $cols, 'OR', true, true);
    $suFlag = $login_status['detail']['userdata']['su_flag'];
    $isSu = boolstr($suFlag);
    $adminFlag = $login_status['detail']['userdata']['admin_flag'];
    $isAdmin = boolstr($adminFlag);
    foreach ($result as $k => $entry) {
        $clean = array('email' => $entry['username'], 'uid' => $entry['dblink'], "has_verified_email" => boolstr($entry["email_verified"]) || boolstr($entry["alternate_email_verified"]));
        if ($isAdmin) {
            $clean["is_admin"] = boolstr($entry["admin_flag"]);
            $clean["alternate_email"] = $entry["alternate_email"];
            $tmpUser = new UserFunctions($clean["email"]);
            $clean["unrestricted"] = $tmpUser->meetsRestrictionCriteria();
        }
        $nameXml = $entry['name'];
        $xml = new Xml();
        $xml->setXml($nameXml);
        $clean['first_name'] = htmlspecialchars_decode($xml->getTagContents('fname'));
        $clean['last_name'] = htmlspecialchars_decode($xml->getTagContents('lname'));
        $clean['full_name'] = htmlspecialchars_decode($xml->getTagContents('name'));
        $clean['handle'] = $xml->getTagContents('dname');
        $result[$k] = $clean;
    }
    $response['result'] = $result;
    $response['count'] = sizeof($result);
    returnAjax($response);
}