/**
* Establecer las variables necesarias para las plantillas
*/
private function setVars()
{
$this->view->assign('isAdmin', \SP\Session::getUserIsAdminApp() || \SP\Session::getUserIsAdminAcc());
$this->view->assign('showGlobalSearch', \SP\Config::getValue('globalsearch', false));
// Comprobar si está creado el objeto de búsqueda en la sesión
if (!is_object(\SP\Session::getSearchFilters())) {
\SP\Session::setSearchFilters(new \SP\AccountSearch());
}
// Obtener el filtro de búsqueda desde la sesión
$filters = \SP\Session::getSearchFilters();
// Valores POST
$this->view->assign('searchKey', \SP\Request::analyze('skey', $filters->getSortKey()));
$this->view->assign('searchOrder', \SP\Request::analyze('sorder', $filters->getSortOrder()));
$this->view->assign('searchCustomer', \SP\Request::analyze('customer', $filters->getCustomerId()));
$this->view->assign('searchCategory', \SP\Request::analyze('category', $filters->getCategoryId()));
$this->view->assign('searchTxt', \SP\Request::analyze('search', $filters->getTxtSearch()));
$this->view->assign('searchGlobal', \SP\Request::analyze('gsearch', $filters->getGlobalSearch()));
$this->view->assign('limitStart', \SP\Request::analyze('start', $filters->getLimitStart()));
$this->view->assign('limitCount', \SP\Request::analyze('rpp', $filters->getLimitCount()));
}
*/
use SP\Auth;
use SP\CryptMasterPass;
use SP\Request;
use SP\SessionUtil;
use SP\UserLdap;
use SP\UserPass;
use SP\UserPassRecover;
use SP\UserUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Request::analyze('login', false)) {
return;
}
$userLogin = SP\Request::analyze('user');
$userPass = SP\Request::analyzeEncrypted('pass');
$masterPass = SP\Request::analyzeEncrypted('mpass');
if (!$userLogin || !$userPass) {
SP\Response::printJSON(_('Usuario/Clave no introducidos'));
}
$User = new SP\User();
$User->setUserLogin($userLogin);
$User->setUserPass($userPass);
if ($resLdap = SP\Auth::authUserLDAP($userLogin, $userPass)) {
$User->setUserName(SP\Auth::$userName);
$User->setUserEmail(SP\Auth::$userEmail);
}
$Log = new \SP\Log(_('Inicio sesión'));
// Autentificamos por LDAP
if ($resLdap === true) {
/**
* Obtener los datos para la vista de archivos de una cuenta
*/
public function getFiles()
{
$this->setAction(self::ACTION_ACC_FILES);
$this->view->assign('accountId', \SP\Request::analyze('id', 0));
$this->view->assign('deleteEnabled', \SP\Request::analyze('del', 0));
$this->view->assign('files', \SP\Files::getFileList($this->view->accountId));
if (!is_array($this->view->files) || count($this->view->files) === 0) {
return;
}
$this->view->addTemplate('files');
$this->view->assign('sk', SessionUtil::getSessionKey());
}
*/
use SP\Request;
use SP\Themes;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Util::logout();
}
SP\Util::checkReload();
if (!SP\Request::analyze('actionId', 0, true)) {
die('<div class="error">' . _('Parámetros incorrectos') . '</DIV>');
}
$actionId = SP\Request::analyze('actionId');
$itemId = SP\Request::analyze('itemId', 0);
$lastAction = SP\Request::analyze('lastAction', \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH);
$tpl = new SP\Template();
$tpl->assign('actionId', $actionId);
$tpl->assign('id', $itemId);
$tpl->assign('activeTabId', $itemId);
$tpl->assign('lastAccountId', \SP\Session::getLastAcountId());
$tpl->assign('queryTimeStart', microtime());
$tpl->assign('userId', SP\Session::getUserId());
$tpl->assign('userGroupId', SP\Session::getUserGroupId());
$tpl->assign('userIsAdminApp', SP\Session::getUserIsAdminApp());
$tpl->assign('userIsAdminAcc', SP\Session::getUserIsAdminAcc());
$tpl->assign('themeUri', Themes::$themeUri);
// Control de ruta de acciones
if ($actionId != \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH) {
$actionsPath =& $_SESSION['actionsPath'];
$actionsPath[] = $actionId;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Util::logout();
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
die(_('CONSULTA INVÁLIDA'));
}
if (!SP\Util::fileIsEnabled()) {
exit(_('Gestión de archivos deshabilitada'));
}
$action = SP\Request::analyze('action');
$accountId = SP\Request::analyze('accountId', 0);
$fileId = SP\Request::analyze('fileId', 0);
$log = new \SP\Log();
if ($action == 'upload') {
if (!is_array($_FILES["inFile"]) || $accountId === 0) {
\SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$log->setAction(_('Subir Archivo'));
$allowedExts = strtoupper(SP\Config::getValue('files_allowed_exts'));
$allowedSize = SP\Config::getValue('files_allowed_size');
if ($allowedExts) {
// Extensiones aceptadas
$extsOk = explode(",", $allowedExts);
} else {
$log->addDescription(_('No hay extensiones permitidas'));
$log->writeLog();
\SP\Response::printJSON($log->getDescription());
*
*/
use SP\Request;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Util::logout();
}
if (!SP\Request::analyze('itemId', false, true) || !SP\Request::analyze('actionId', false, true)) {
exit;
}
$actionId = SP\Request::analyze('actionId', 0);
$tpl = new SP\Template();
$tpl->assign('itemId', SP\Request::analyze('itemId', 0));
$tpl->assign('activeTab', SP\Request::analyze('activeTab', 0));
$tpl->assign('actionId', $actionId);
$tpl->assign('isView', false);
switch ($actionId) {
case \SP\Controller\ActionsInterface::ACTION_USR_USERS_VIEW:
$tpl->assign('header', _('Ver Usuario'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$tpl->assign('isView', true);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getUser();
break;
case \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT:
$tpl->assign('header', _('Editar Usuario'));
$tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getUser();
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
use SP\Request;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('GET');
if (!SP\Init::isLoggedIn()) {
SP\Util::logout();
}
$userId = SP\Request::analyze('userId', false);
if (!$userId) {
return;
}
$tpl = new SP\Template();
$tpl->assign('userId', $userId);
$controller = new SP\Controller\UsersMgmtC($tpl);
$controller->getUserPass();
$tpl->addTemplate('js-common');
$controller->view();
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
use SP\Request;
use SP\UserPass;
use SP\UserUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
$accountId = SP\Request::analyze('accountid', false);
$isHistory = SP\Request::analyze('isHistory', false);
if (!$accountId) {
return;
}
$account = !$isHistory ? new SP\Account() : new SP\AccountHistory();
$account->setAccountParentId(\SP\Session::getAccountParentId());
$account->setAccountId($accountId);
$accountData = $account->getAccountPassData();
if ($isHistory && !$account->checkAccountMPass()) {
SP\Response::printJSON(_('La clave maestra no coincide'));
}
if (!SP\Acl::checkAccountAccess(SP\Acl::ACTION_ACC_VIEW_PASS, $account->getAccountDataForACL()) || !SP\Acl::checkUserAccess(SP\Acl::ACTION_ACC_VIEW_PASS)) {
SP\Response::printJSON(_('No tiene permisos para acceder a esta cuenta'));
} elseif (!UserPass::checkUserUpdateMPass()) {
SP\Response::printJSON(_('Clave maestra actualizada') . '<br>' . _('Reinicie la sesión para cambiarla'));
}
/**
* Comprobar si hay que ejecutar acciones de URL después del login.
*
* @return bool
*/
public static function checkPostLoginActions()
{
if (!Request::analyze('a', '', true)) {
return false;
}
$action = Request::analyze('a');
$controller = new Controller\MainC(null, 'main');
switch ($action) {
case 'accView':
$itemId = Request::analyze('i');
$onLoad = 'doAction(' . ActionsInterface::ACTION_ACC_VIEW . ',' . ActionsInterface::ACTION_ACC_SEARCH . ',' . $itemId . ')';
$controller->getMain($onLoad);
$controller->view();
break;
default:
return false;
}
return true;
}
/**
* Obtener los datos para el interface de autentificación en 2 pasos
*/
public function get2FA()
{
if (Request::analyze('f', 0) === 1) {
$this->view->addTemplate('2fa');
$this->view->assign('action', Request::analyze('a'));
$this->view->assign('userId', Request::analyze('i'));
$this->view->assign('time', Request::analyze('t'));
} else {
$this->view->assign('showLogo', true);
$this->showError(self::ERR_UNAVAILABLE, false);
}
$this->view->addTemplate('footer');
$this->view->addTemplate('body-end');
}
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
use SP\Request;
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('GET');
if (!SP\Init::isLoggedIn()) {
return;
}
if (!SP\Util::fileIsEnabled()) {
echo _('Gestión de archivos deshabilitada');
return false;
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printXML(_('CONSULTA INVÁLIDA'));
}
$controller = new SP\Controller\AccountsMgmtC();
$controller->getFiles();
$controller->view();
}
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_APITOKENS_DELETE) {
try {
$ApiTokens->deleteToken();
} catch (\SP\SPException $e) {
SP\Response::printJSON($e->getMessage(), 2);
}
SP\Response::printJSON(_('Autorización eliminada'), 0, $doActionOnClose);
}
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_DELETE) {
// Variables POST del formulario
$frmFieldName = SP\Request::analyze('name');
$frmFieldType = SP\Request::analyze('type', 0);
$frmFieldModule = SP\Request::analyze('module', 0);
$frmFieldHelp = SP\Request::analyze('help');
$frmFieldRequired = SP\Request::analyze('required', false, false, true);
if ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_EDIT) {
if (!$frmFieldName) {
SP\Response::printJSON(_('Nombre del campo no indicado'), 2);
} elseif ($frmFieldType === 0) {
SP\Response::printJSON(_('Tipo del campo no indicado'), 2);
} elseif ($frmFieldModule === 0) {
SP\Response::printJSON(_('Módulo del campo no indicado'), 2);
}
$CustomFieldDef = new \SP\CustomFieldDef($frmFieldName, $frmFieldType, $frmFieldModule);
$CustomFieldDef->setHelp($frmFieldHelp);
$CustomFieldDef->setRequired($frmFieldRequired);
if ($actionId === \SP\Controller\ActionsInterface::ACTION_MGM_CUSTOMFIELDS_NEW) {
try {
$CustomFieldDef->addCustomField();
} catch (\SP\SPException $e) {
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
define('APP_ROOT', '.');
require APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
try {
$ApiRequest = new \SP\ApiRequest();
switch ($ApiRequest->getAction()) {
case \SP\Controller\ActionsInterface::ACTION_ACC_VIEW:
$itemId = \SP\Request::analyze(\SP\ApiRequest::ITEM, 0);
$out = $ApiRequest->getApi()->getAccountData($itemId);
break;
case \SP\Controller\ActionsInterface::ACTION_ACC_VIEW_PASS:
$ApiRequest->addVar('userPass', \SP\ApiRequest::analyze(\SP\ApiRequest::USER_PASS));
$itemId = \SP\Request::analyze(\SP\ApiRequest::ITEM, 0);
$out = $ApiRequest->getApi()->getAccountPassword($itemId);
break;
case \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH:
$search = \SP\Request::analyze(\SP\ApiRequest::SEARCH);
$count = \SP\Request::analyze(\SP\ApiRequest::SEARCH_COUNT, 10);
$out = $ApiRequest->getApi()->getAccountSearch($search, $count);
break;
default:
throw new Exception(_('Acción Inválida'));
}
} catch (Exception $e) {
\SP\Response::printJSON(array($e->getMessage(), _('Ayuda Parámetros') => \SP\ApiRequest::getHelp()));
}
header('Content-type: application/json');
echo $out;
}
// Forzar la detección del lenguaje tras actualizar
SP\Language::setLanguage(true);
SP\Themes::setTheme(true);
// Actualizar las preferencias en la sesión y recargar la página
SP\Session::setUserPreferences($UserPrefs);
SP\Util::reload();
SP\Response::printJSON(_('Preferencias actualizadas'), 0, $doActionOnClose);
} else {
if ($actionId === SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_SECURITY) {
if (SP\Util::demoIsEnabled() && \SP\Session::getUserLogin() === 'demo') {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
// Variables POST del formulario
$twoFaEnabled = SP\Request::analyze('security_2faenabled', 0, false, 1);
$pin = SP\Request::analyze('security_pin', 0);
$userLogin = UserUtil::getUserLoginById($itemId);
$twoFa = new \SP\Auth\Auth2FA($itemId, $userLogin);
if (!$twoFa->verifyKey($pin)) {
SP\Response::printJSON(_('Código incorrecto'));
}
// No se instancia la clase ya que es necesario guardar los atributos ya guardados
$UserPrefs = \SP\UserPreferences::getPreferences($itemId);
$UserPrefs->setId($itemId);
$UserPrefs->setUse2Fa(\SP\Util::boolval($twoFaEnabled));
if (!$UserPrefs->updatePreferences()) {
SP\Response::printJSON(_('Error al actualizar preferencias'));
}
SP\Response::printJSON(_('Preferencias actualizadas'), 0, $doActionOnClose);
} else {
SP\Response::printJSON(_('Acción Inválida'));
use SP\Minify;
define('APP_ROOT', '..');
require APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
$file = \SP\Request::analyze('f');
$base = \SP\Request::analyze('b');
if (!$file) {
$Minify = new Minify();
$Minify->setType(Minify::FILETYPE_JS);
$Minify->setBase(__DIR__);
$Minify->addFile('jquery-1.11.2.min.js');
$Minify->addFile('jquery-ui.min.js');
$Minify->addFile('jquery.fancybox.pack.js');
$Minify->addFile('jquery.powertip.min.js');
$Minify->addFile('chosen.jquery.min.js');
$Minify->addFile('alertify.min.js');
$Minify->addFile('jquery.fileDownload.min.js');
$Minify->addFile('jquery.filedrop.min.js');
$Minify->addFile('jquery.tagsinput.min.js');
$Minify->addFile('clipboard.min.js');
$Minify->addFile('zxcvbn-async.min.js');
$Minify->addFile('jsencrypt.min.js');
$Minify->addFile('functions.min.js');
$Minify->getMinified();
} elseif ($file && $base) {
$base = \SP\Request::analyze('b');
$Minify = new Minify();
$Minify->setType(Minify::FILETYPE_JS);
$Minify->setBase(\SP\Init::$SERVERROOT . urldecode($base));
$Minify->addFile(urldecode($file));
$Minify->getMinified();
}
use SP\Request;
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
if (SP\Util::demoIsEnabled()) {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
$sk = SP\Request::analyze('sk', false);
$defaultUser = SP\Request::analyze('defUser', 0);
$defaultGroup = SP\Request::analyze('defGroup', 0);
$importPwd = SP\Request::analyzeEncrypted('importPwd');
$csvDelimiter = SP\Request::analyze('csvDelimiter');
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
SP\Import::setDefUser($defaultUser);
SP\Import::setDefGroup($defaultGroup);
SP\Import::setImportPwd($importPwd);
SP\Import::setCsvDelimiter($csvDelimiter);
$res = SP\Import::doImport($_FILES["inFile"]);
if (isset($res['error']) && is_array($res['error'])) {
error_log($res['error']['hint']);
$out = implode('\\n\\n', $res['error']);
SP\Response::printJSON($out);
} else {
if (is_array($res['ok'])) {
$out = implode('\\n\\n', $res['ok']);
$customerId = SP\Request::analyze('customerId', 0);
$newCustomer = SP\Request::analyze('customer_new');
$accountName = SP\Request::analyze('name');
$accountLogin = SP\Request::analyze('login');
$accountPassword = SP\Request::analyzeEncrypted('pass');
$accountPasswordR = SP\Request::analyzeEncrypted('passR');
$categoryId = SP\Request::analyze('categoryId', 0);
$accountOtherGroups = SP\Request::analyze('othergroups');
$accountOtherUsers = SP\Request::analyze('otherusers');
$accountNotes = SP\Request::analyze('notes');
$accountUrl = SP\Request::analyze('url');
$accountGroupEditEnabled = SP\Request::analyze('geditenabled', 0, false, 1);
$accountUserEditEnabled = SP\Request::analyze('ueditenabled', 0, false, 1);
$accountMainGroupId = SP\Request::analyze('mainGroupId', 0);
$accountChangesHash = SP\Request::analyze('hash');
$customFields = SP\Request::analyze('customfield');
// Datos del Usuario
$currentUserId = SP\Session::getUserId();
if ($accountMainGroupId === 0) {
$accountMainGroupId = SP\Session::getUserGroupId();
}
if ($actionId === \SP\Controller\ActionsInterface::ACTION_ACC_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_ACC_COPY) {
// Comprobaciones para nueva cuenta
if (!$accountName) {
SP\Response::printJSON(_('Es necesario un nombre de cuenta'));
} elseif (!$customerId && !$newCustomer) {
SP\Response::printJSON(_('Es necesario un nombre de cliente'));
} elseif (!$accountLogin) {
SP\Response::printJSON(_('Es necesario un usuario'));
} elseif (!$accountPassword || !$accountPasswordR) {
SP\Response::printJSON(_('Es necesaria una clave'));
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
if (SP\Util::demoIsEnabled()) {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$frmDBUser = SP\Request::analyze('dbuser');
$frmDBPass = SP\Request::analyzeEncrypted('dbpass');
$frmDBName = SP\Request::analyze('dbname');
$frmDBHost = SP\Request::analyze('dbhost');
$frmMigrateEnabled = SP\Request::analyze('chkmigrate', 0, false, 1);
if (!$frmMigrateEnabled) {
SP\Response::printJSON(_('Confirmar la importación de cuentas'));
} elseif (!$frmDBUser) {
SP\Response::printJSON(_('Es necesario un usuario de conexión'));
} elseif (!$frmDBPass) {
SP\Response::printJSON(_('Es necesaria una clave de conexión'));
} elseif (!$frmDBName) {
SP\Response::printJSON(_('Es necesario el nombre de la BBDD'));
} elseif (!$frmDBHost) {
SP\Response::printJSON(_('Es necesario un nombre de host'));
}
$options['dbhost'] = $frmDBHost;
$options['dbname'] = $frmDBName;
$options['dbuser'] = $frmDBUser;
$options['dbpass'] = $frmDBPass;
