/** * Establecer las variables necesarias para las plantillas */ private function setVars() { $this->view->assign('isAdmin', \SP\Session::getUserIsAdminApp() || \SP\Session::getUserIsAdminAcc()); $this->view->assign('showGlobalSearch', \SP\Config::getValue('globalsearch', false)); // Comprobar si está creado el objeto de búsqueda en la sesión if (!is_object(\SP\Session::getSearchFilters())) { \SP\Session::setSearchFilters(new \SP\AccountSearch()); } // Obtener el filtro de búsqueda desde la sesión $filters = \SP\Session::getSearchFilters(); // Valores POST $this->view->assign('searchKey', \SP\Request::analyze('skey', $filters->getSortKey())); $this->view->assign('searchOrder', \SP\Request::analyze('sorder', $filters->getSortOrder())); $this->view->assign('searchCustomer', \SP\Request::analyze('customer', $filters->getCustomerId())); $this->view->assign('searchCategory', \SP\Request::analyze('category', $filters->getCategoryId())); $this->view->assign('searchTxt', \SP\Request::analyze('search', $filters->getTxtSearch())); $this->view->assign('searchGlobal', \SP\Request::analyze('gsearch', $filters->getGlobalSearch())); $this->view->assign('limitStart', \SP\Request::analyze('start', $filters->getLimitStart())); $this->view->assign('limitCount', \SP\Request::analyze('rpp', $filters->getLimitCount())); }
*/ use SP\Auth; use SP\CryptMasterPass; use SP\Request; use SP\SessionUtil; use SP\UserLdap; use SP\UserPass; use SP\UserPassRecover; use SP\UserUtil; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('POST'); if (!SP\Request::analyze('login', false)) { return; } $userLogin = SP\Request::analyze('user'); $userPass = SP\Request::analyzeEncrypted('pass'); $masterPass = SP\Request::analyzeEncrypted('mpass'); if (!$userLogin || !$userPass) { SP\Response::printJSON(_('Usuario/Clave no introducidos')); } $User = new SP\User(); $User->setUserLogin($userLogin); $User->setUserPass($userPass); if ($resLdap = SP\Auth::authUserLDAP($userLogin, $userPass)) { $User->setUserName(SP\Auth::$userName); $User->setUserEmail(SP\Auth::$userEmail); } $Log = new \SP\Log(_('Inicio sesión')); // Autentificamos por LDAP if ($resLdap === true) {
/** * Obtener los datos para la vista de archivos de una cuenta */ public function getFiles() { $this->setAction(self::ACTION_ACC_FILES); $this->view->assign('accountId', \SP\Request::analyze('id', 0)); $this->view->assign('deleteEnabled', \SP\Request::analyze('del', 0)); $this->view->assign('files', \SP\Files::getFileList($this->view->accountId)); if (!is_array($this->view->files) || count($this->view->files) === 0) { return; } $this->view->addTemplate('files'); $this->view->assign('sk', SessionUtil::getSessionKey()); }
*/ use SP\Request; use SP\Themes; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Util::logout(); } SP\Util::checkReload(); if (!SP\Request::analyze('actionId', 0, true)) { die('<div class="error">' . _('Parámetros incorrectos') . '</DIV>'); } $actionId = SP\Request::analyze('actionId'); $itemId = SP\Request::analyze('itemId', 0); $lastAction = SP\Request::analyze('lastAction', \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH); $tpl = new SP\Template(); $tpl->assign('actionId', $actionId); $tpl->assign('id', $itemId); $tpl->assign('activeTabId', $itemId); $tpl->assign('lastAccountId', \SP\Session::getLastAcountId()); $tpl->assign('queryTimeStart', microtime()); $tpl->assign('userId', SP\Session::getUserId()); $tpl->assign('userGroupId', SP\Session::getUserGroupId()); $tpl->assign('userIsAdminApp', SP\Session::getUserIsAdminApp()); $tpl->assign('userIsAdminAcc', SP\Session::getUserIsAdminAcc()); $tpl->assign('themeUri', Themes::$themeUri); // Control de ruta de acciones if ($actionId != \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH) { $actionsPath =& $_SESSION['actionsPath']; $actionsPath[] = $actionId;
define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Util::logout(); } $sk = SP\Request::analyze('sk', false); if (!$sk || !SessionUtil::checkSessionKey($sk)) { die(_('CONSULTA INVÁLIDA')); } if (!SP\Util::fileIsEnabled()) { exit(_('Gestión de archivos deshabilitada')); } $action = SP\Request::analyze('action'); $accountId = SP\Request::analyze('accountId', 0); $fileId = SP\Request::analyze('fileId', 0); $log = new \SP\Log(); if ($action == 'upload') { if (!is_array($_FILES["inFile"]) || $accountId === 0) { \SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } $log->setAction(_('Subir Archivo')); $allowedExts = strtoupper(SP\Config::getValue('files_allowed_exts')); $allowedSize = SP\Config::getValue('files_allowed_size'); if ($allowedExts) { // Extensiones aceptadas $extsOk = explode(",", $allowedExts); } else { $log->addDescription(_('No hay extensiones permitidas')); $log->writeLog(); \SP\Response::printJSON($log->getDescription());
* */ use SP\Request; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Util::logout(); } if (!SP\Request::analyze('itemId', false, true) || !SP\Request::analyze('actionId', false, true)) { exit; } $actionId = SP\Request::analyze('actionId', 0); $tpl = new SP\Template(); $tpl->assign('itemId', SP\Request::analyze('itemId', 0)); $tpl->assign('activeTab', SP\Request::analyze('activeTab', 0)); $tpl->assign('actionId', $actionId); $tpl->assign('isView', false); switch ($actionId) { case \SP\Controller\ActionsInterface::ACTION_USR_USERS_VIEW: $tpl->assign('header', _('Ver Usuario')); $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); $tpl->assign('isView', true); $controller = new SP\Controller\UsersMgmtC($tpl); $controller->getUser(); break; case \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT: $tpl->assign('header', _('Editar Usuario')); $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR); $controller = new SP\Controller\UsersMgmtC($tpl); $controller->getUser();
* sysPass is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * sysPass is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with sysPass. If not, see <http://www.gnu.org/licenses/>. * */ use SP\Request; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('GET'); if (!SP\Init::isLoggedIn()) { SP\Util::logout(); } $userId = SP\Request::analyze('userId', false); if (!$userId) { return; } $tpl = new SP\Template(); $tpl->assign('userId', $userId); $controller = new SP\Controller\UsersMgmtC($tpl); $controller->getUserPass(); $tpl->addTemplate('js-common'); $controller->view();
* * You should have received a copy of the GNU General Public License * along with sysPass. If not, see <http://www.gnu.org/licenses/>. * */ use SP\Request; use SP\UserPass; use SP\UserUtil; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10); } $accountId = SP\Request::analyze('accountid', false); $isHistory = SP\Request::analyze('isHistory', false); if (!$accountId) { return; } $account = !$isHistory ? new SP\Account() : new SP\AccountHistory(); $account->setAccountParentId(\SP\Session::getAccountParentId()); $account->setAccountId($accountId); $accountData = $account->getAccountPassData(); if ($isHistory && !$account->checkAccountMPass()) { SP\Response::printJSON(_('La clave maestra no coincide')); } if (!SP\Acl::checkAccountAccess(SP\Acl::ACTION_ACC_VIEW_PASS, $account->getAccountDataForACL()) || !SP\Acl::checkUserAccess(SP\Acl::ACTION_ACC_VIEW_PASS)) { SP\Response::printJSON(_('No tiene permisos para acceder a esta cuenta')); } elseif (!UserPass::checkUserUpdateMPass()) { SP\Response::printJSON(_('Clave maestra actualizada') . '<br>' . _('Reinicie la sesión para cambiarla')); }
/** * Comprobar si hay que ejecutar acciones de URL después del login. * * @return bool */ public static function checkPostLoginActions() { if (!Request::analyze('a', '', true)) { return false; } $action = Request::analyze('a'); $controller = new Controller\MainC(null, 'main'); switch ($action) { case 'accView': $itemId = Request::analyze('i'); $onLoad = 'doAction(' . ActionsInterface::ACTION_ACC_VIEW . ',' . ActionsInterface::ACTION_ACC_SEARCH . ',' . $itemId . ')'; $controller->getMain($onLoad); $controller->view(); break; default: return false; } return true; }
/** * Obtener los datos para el interface de autentificación en 2 pasos */ public function get2FA() { if (Request::analyze('f', 0) === 1) { $this->view->addTemplate('2fa'); $this->view->assign('action', Request::analyze('a')); $this->view->assign('userId', Request::analyze('i')); $this->view->assign('time', Request::analyze('t')); } else { $this->view->assign('showLogo', true); $this->showError(self::ERR_UNAVAILABLE, false); } $this->view->addTemplate('footer'); $this->view->addTemplate('body-end'); }
* the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * sysPass is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with sysPass. If not, see <http://www.gnu.org/licenses/>. * */ use SP\Request; use SP\SessionUtil; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('GET'); if (!SP\Init::isLoggedIn()) { return; } if (!SP\Util::fileIsEnabled()) { echo _('Gestión de archivos deshabilitada'); return false; } $sk = SP\Request::analyze('sk', false); if (!$sk || !SessionUtil::checkSessionKey($sk)) { SP\Response::printXML(_('CONSULTA INVÁLIDA')); } $controller = new SP\Controller\AccountsMgmtC(); $controller->getFiles(); $controller->view();
} } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_DELETE) { try { $ApiTokens->deleteToken(); } catch (\SP\SPException $e) { SP\Response::printJSON($e->getMessage(), 2); } SP\Response::printJSON(_('Autorización eliminada'), 0, $doActionOnClose); } } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_DELETE) { // Variables POST del formulario $frmFieldName = SP\Request::analyze('name'); $frmFieldType = SP\Request::analyze('type', 0); $frmFieldModule = SP\Request::analyze('module', 0); $frmFieldHelp = SP\Request::analyze('help'); $frmFieldRequired = SP\Request::analyze('required', false, false, true); if ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_EDIT) { if (!$frmFieldName) { SP\Response::printJSON(_('Nombre del campo no indicado'), 2); } elseif ($frmFieldType === 0) { SP\Response::printJSON(_('Tipo del campo no indicado'), 2); } elseif ($frmFieldModule === 0) { SP\Response::printJSON(_('Módulo del campo no indicado'), 2); } $CustomFieldDef = new \SP\CustomFieldDef($frmFieldName, $frmFieldType, $frmFieldModule); $CustomFieldDef->setHelp($frmFieldHelp); $CustomFieldDef->setRequired($frmFieldRequired); if ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_NEW) { try { $CustomFieldDef->addCustomField(); } catch (\SP\SPException $e) {
* You should have received a copy of the GNU General Public License * along with sysPass. If not, see <http://www.gnu.org/licenses/>. * */ define('APP_ROOT', '.'); require APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; try { $ApiRequest = new \SP\ApiRequest(); switch ($ApiRequest->getAction()) { case \SP\Controller\ActionsInterface::ACTION_ACC_VIEW: $itemId = \SP\Request::analyze(\SP\ApiRequest::ITEM, 0); $out = $ApiRequest->getApi()->getAccountData($itemId); break; case \SP\Controller\ActionsInterface::ACTION_ACC_VIEW_PASS: $ApiRequest->addVar('userPass', \SP\ApiRequest::analyze(\SP\ApiRequest::USER_PASS)); $itemId = \SP\Request::analyze(\SP\ApiRequest::ITEM, 0); $out = $ApiRequest->getApi()->getAccountPassword($itemId); break; case \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH: $search = \SP\Request::analyze(\SP\ApiRequest::SEARCH); $count = \SP\Request::analyze(\SP\ApiRequest::SEARCH_COUNT, 10); $out = $ApiRequest->getApi()->getAccountSearch($search, $count); break; default: throw new Exception(_('Acción Inválida')); } } catch (Exception $e) { \SP\Response::printJSON(array($e->getMessage(), _('Ayuda Parámetros') => \SP\ApiRequest::getHelp())); } header('Content-type: application/json'); echo $out;
} // Forzar la detección del lenguaje tras actualizar SP\Language::setLanguage(true); SP\Themes::setTheme(true); // Actualizar las preferencias en la sesión y recargar la página SP\Session::setUserPreferences($UserPrefs); SP\Util::reload(); SP\Response::printJSON(_('Preferencias actualizadas'), 0, $doActionOnClose); } else { if ($actionId === SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_SECURITY) { if (SP\Util::demoIsEnabled() && \SP\Session::getUserLogin() === 'demo') { SP\Response::printJSON(_('Ey, esto es una DEMO!!')); } // Variables POST del formulario $twoFaEnabled = SP\Request::analyze('security_2faenabled', 0, false, 1); $pin = SP\Request::analyze('security_pin', 0); $userLogin = UserUtil::getUserLoginById($itemId); $twoFa = new \SP\Auth\Auth2FA($itemId, $userLogin); if (!$twoFa->verifyKey($pin)) { SP\Response::printJSON(_('Código incorrecto')); } // No se instancia la clase ya que es necesario guardar los atributos ya guardados $UserPrefs = \SP\UserPreferences::getPreferences($itemId); $UserPrefs->setId($itemId); $UserPrefs->setUse2Fa(\SP\Util::boolval($twoFaEnabled)); if (!$UserPrefs->updatePreferences()) { SP\Response::printJSON(_('Error al actualizar preferencias')); } SP\Response::printJSON(_('Preferencias actualizadas'), 0, $doActionOnClose); } else { SP\Response::printJSON(_('Acción Inválida'));
use SP\Minify; define('APP_ROOT', '..'); require APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; $file = \SP\Request::analyze('f'); $base = \SP\Request::analyze('b'); if (!$file) { $Minify = new Minify(); $Minify->setType(Minify::FILETYPE_JS); $Minify->setBase(__DIR__); $Minify->addFile('jquery-1.11.2.min.js'); $Minify->addFile('jquery-ui.min.js'); $Minify->addFile('jquery.fancybox.pack.js'); $Minify->addFile('jquery.powertip.min.js'); $Minify->addFile('chosen.jquery.min.js'); $Minify->addFile('alertify.min.js'); $Minify->addFile('jquery.fileDownload.min.js'); $Minify->addFile('jquery.filedrop.min.js'); $Minify->addFile('jquery.tagsinput.min.js'); $Minify->addFile('clipboard.min.js'); $Minify->addFile('zxcvbn-async.min.js'); $Minify->addFile('jsencrypt.min.js'); $Minify->addFile('functions.min.js'); $Minify->getMinified(); } elseif ($file && $base) { $base = \SP\Request::analyze('b'); $Minify = new Minify(); $Minify->setType(Minify::FILETYPE_JS); $Minify->setBase(\SP\Init::$SERVERROOT . urldecode($base)); $Minify->addFile(urldecode($file)); $Minify->getMinified(); }
use SP\Request; use SP\SessionUtil; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10); } if (SP\Util::demoIsEnabled()) { SP\Response::printJSON(_('Ey, esto es una DEMO!!')); } $sk = SP\Request::analyze('sk', false); $defaultUser = SP\Request::analyze('defUser', 0); $defaultGroup = SP\Request::analyze('defGroup', 0); $importPwd = SP\Request::analyzeEncrypted('importPwd'); $csvDelimiter = SP\Request::analyze('csvDelimiter'); if (!$sk || !SessionUtil::checkSessionKey($sk)) { SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } SP\Import::setDefUser($defaultUser); SP\Import::setDefGroup($defaultGroup); SP\Import::setImportPwd($importPwd); SP\Import::setCsvDelimiter($csvDelimiter); $res = SP\Import::doImport($_FILES["inFile"]); if (isset($res['error']) && is_array($res['error'])) { error_log($res['error']['hint']); $out = implode('\\n\\n', $res['error']); SP\Response::printJSON($out); } else { if (is_array($res['ok'])) { $out = implode('\\n\\n', $res['ok']);
$customerId = SP\Request::analyze('customerId', 0); $newCustomer = SP\Request::analyze('customer_new'); $accountName = SP\Request::analyze('name'); $accountLogin = SP\Request::analyze('login'); $accountPassword = SP\Request::analyzeEncrypted('pass'); $accountPasswordR = SP\Request::analyzeEncrypted('passR'); $categoryId = SP\Request::analyze('categoryId', 0); $accountOtherGroups = SP\Request::analyze('othergroups'); $accountOtherUsers = SP\Request::analyze('otherusers'); $accountNotes = SP\Request::analyze('notes'); $accountUrl = SP\Request::analyze('url'); $accountGroupEditEnabled = SP\Request::analyze('geditenabled', 0, false, 1); $accountUserEditEnabled = SP\Request::analyze('ueditenabled', 0, false, 1); $accountMainGroupId = SP\Request::analyze('mainGroupId', 0); $accountChangesHash = SP\Request::analyze('hash'); $customFields = SP\Request::analyze('customfield'); // Datos del Usuario $currentUserId = SP\Session::getUserId(); if ($accountMainGroupId === 0) { $accountMainGroupId = SP\Session::getUserGroupId(); } if ($actionId === \SP\Controller\ActionsInterface::ACTION_ACC_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_ACC_COPY) { // Comprobaciones para nueva cuenta if (!$accountName) { SP\Response::printJSON(_('Es necesario un nombre de cuenta')); } elseif (!$customerId && !$newCustomer) { SP\Response::printJSON(_('Es necesario un nombre de cliente')); } elseif (!$accountLogin) { SP\Response::printJSON(_('Es necesario un usuario')); } elseif (!$accountPassword || !$accountPasswordR) { SP\Response::printJSON(_('Es necesaria una clave'));
Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10); } if (SP\Util::demoIsEnabled()) { SP\Response::printJSON(_('Ey, esto es una DEMO!!')); } $sk = SP\Request::analyze('sk', false); if (!$sk || !SessionUtil::checkSessionKey($sk)) { SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } $frmDBUser = SP\Request::analyze('dbuser'); $frmDBPass = SP\Request::analyzeEncrypted('dbpass'); $frmDBName = SP\Request::analyze('dbname'); $frmDBHost = SP\Request::analyze('dbhost'); $frmMigrateEnabled = SP\Request::analyze('chkmigrate', 0, false, 1); if (!$frmMigrateEnabled) { SP\Response::printJSON(_('Confirmar la importación de cuentas')); } elseif (!$frmDBUser) { SP\Response::printJSON(_('Es necesario un usuario de conexión')); } elseif (!$frmDBPass) { SP\Response::printJSON(_('Es necesaria una clave de conexión')); } elseif (!$frmDBName) { SP\Response::printJSON(_('Es necesario el nombre de la BBDD')); } elseif (!$frmDBHost) { SP\Response::printJSON(_('Es necesario un nombre de host')); } $options['dbhost'] = $frmDBHost; $options['dbname'] = $frmDBName; $options['dbuser'] = $frmDBUser; $options['dbpass'] = $frmDBPass;