SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
// Variables POST del formulario
//$frmSaveType = SP_Request::analyze('savetyp', 0);
$actionId = SP\Request::analyze('actionId', 0);
$accountId = SP\Request::analyze('accountid', 0);
$customerId = SP\Request::analyze('customerId', 0);
$newCustomer = SP\Request::analyze('customer_new');
$accountName = SP\Request::analyze('name');
$accountLogin = SP\Request::analyze('login');
$accountPassword = SP\Request::analyzeEncrypted('pass');
$accountPasswordR = SP\Request::analyzeEncrypted('passR');
$categoryId = SP\Request::analyze('categoryId', 0);
$accountOtherGroups = SP\Request::analyze('othergroups');
$accountOtherUsers = SP\Request::analyze('otherusers');
$accountNotes = SP\Request::analyze('notes');
$accountUrl = SP\Request::analyze('url');
$accountGroupEditEnabled = SP\Request::analyze('geditenabled', 0, false, 1);
$accountUserEditEnabled = SP\Request::analyze('ueditenabled', 0, false, 1);
$accountMainGroupId = SP\Request::analyze('mainGroupId', 0);
$accountChangesHash = SP\Request::analyze('hash');
$customFields = SP\Request::analyze('customfield');
// Datos del Usuario
$currentUserId = SP\Session::getUserId();
if ($accountMainGroupId === 0) {
$accountMainGroupId = SP\Session::getUserGroupId();
}
use SP\CryptMasterPass;
use SP\Request;
use SP\SessionUtil;
use SP\UserLdap;
use SP\UserPass;
use SP\UserPassRecover;
use SP\UserUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Request::analyze('login', false)) {
return;
}
$userLogin = SP\Request::analyze('user');
$userPass = SP\Request::analyzeEncrypted('pass');
$masterPass = SP\Request::analyzeEncrypted('mpass');
if (!$userLogin || !$userPass) {
SP\Response::printJSON(_('Usuario/Clave no introducidos'));
}
$User = new SP\User();
$User->setUserLogin($userLogin);
$User->setUserPass($userPass);
if ($resLdap = SP\Auth::authUserLDAP($userLogin, $userPass)) {
$User->setUserName(SP\Auth::$userName);
$User->setUserEmail(SP\Auth::$userEmail);
}
$Log = new \SP\Log(_('Inicio sesión'));
// Autentificamos por LDAP
if ($resLdap === true) {
$Log->addDescription('(LDAP)');
$Log->addDescription(sprintf('%s: %s', _('Servidor Login'), \SP\Ldap::getLdapServer()));
*/
use SP\Request;
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
if (SP\Util::demoIsEnabled()) {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
$sk = SP\Request::analyze('sk', false);
$defaultUser = SP\Request::analyze('defUser', 0);
$defaultGroup = SP\Request::analyze('defGroup', 0);
$importPwd = SP\Request::analyzeEncrypted('importPwd');
$csvDelimiter = SP\Request::analyze('csvDelimiter');
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
SP\Import::setDefUser($defaultUser);
SP\Import::setDefGroup($defaultGroup);
SP\Import::setImportPwd($importPwd);
SP\Import::setCsvDelimiter($csvDelimiter);
$res = SP\Import::doImport($_FILES["inFile"]);
if (isset($res['error']) && is_array($res['error'])) {
error_log($res['error']['hint']);
$out = implode('\\n\\n', $res['error']);
SP\Response::printJSON($out);
} else {
if (is_array($res['ok'])) {
/**
* Obtener los datos para el interface del instalador
*/
public function getInstaller()
{
$this->view->addTemplate('install');
$this->view->addTemplate('footer');
$this->view->addTemplate('body-end');
$this->view->assign('modulesErrors', Util::checkModules());
$this->view->assign('versionErrors', Util::checkPhpVersion());
$this->view->assign('securityErrors', array());
$this->view->assign('resInstall', array());
$this->view->assign('isCompleted', false);
$this->view->assign('adminlogin', Request::analyze('adminlogin', 'admin'));
$this->view->assign('adminpass', Request::analyzeEncrypted('adminpass'));
$this->view->assign('masterpassword', Request::analyzeEncrypted('masterpassword'));
$this->view->assign('dbuser', Request::analyze('dbuser', 'root'));
$this->view->assign('dbpass', Request::analyzeEncrypted('dbpass'));
$this->view->assign('dbname', Request::analyze('dbname', 'syspass'));
$this->view->assign('dbhost', Request::analyze('dbhost', 'localhost'));
$this->view->assign('hostingmode', Request::analyze('hostingmode', false));
if (@file_exists(__FILE__ . "Nullbyte")) {
$this->view->append('securityErrors', array('type' => SPException::SP_WARNING, 'description' => _('La version de PHP es vulnerable al ataque NULL Byte (CVE-2006-7243)'), 'hint' => _('Actualice la versión de PHP para usar sysPass de forma segura')));
}
if (!Util::secureRNG_available()) {
$this->view->append('securityErrors', array('type' => SPException::SP_WARNING, 'description' => _('No se encuentra el generador de números aleatorios.'), 'hint' => _('Sin esta función un atacante puede utilizar su cuenta al resetear la clave')));
}
if (Request::analyze('install', false)) {
Installer::setUsername($this->view->adminlogin);
Installer::setPassword($this->view->adminpass);
Installer::setMasterPassword($this->view->masterpassword);
Installer::setDbuser($this->view->dbuser);
Installer::setDbpass($this->view->dbpass);
Installer::setDbname($this->view->dbname);
Installer::setDbhost($this->view->dbhost);
Installer::setIsHostingMode($this->view->hostingmode);
$this->view->assign('resInstall', Installer::install());
if (count($this->view->resInstall) == 0) {
$this->view->append('errors', array('type' => SPException::SP_OK, 'description' => _('Instalación finalizada'), 'hint' => _('Pulse <a href="index.php" title="Acceder">aquí</a> para acceder')));
$this->view->assign('isCompleted', true);
return true;
}
}
$this->view->assign('errors', array_merge($this->view->modulesErrors, $this->view->securityErrors, $this->view->resInstall));
}
if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDITPASS || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_DELETE) {
$isLdap = SP\Request::analyze('isLdap', 0);
$userPassR = SP\Request::analyzeEncrypted('passR');
$User = new SP\User();
$User->setUserId($itemId);
$User->setUserName(SP\Request::analyze('name'));
$User->setUserLogin(SP\Request::analyze('login'));
$User->setUserEmail(SP\Request::analyze('email'));
$User->setUserNotes(SP\Request::analyze('notes'));
$User->setUserGroupId(SP\Request::analyze('groupid', 0));
$User->setUserProfileId(SP\Request::analyze('profileid', 0));
$User->setUserIsAdminApp(SP\Request::analyze('adminapp', 0, false, 1));
$User->setUserIsAdminAcc(SP\Request::analyze('adminacc', 0, false, 1));
$User->setUserIsDisabled(SP\Request::analyze('disabled', 0, false, 1));
$User->setUserChangePass(SP\Request::analyze('changepass', 0, false, 1));
$User->setUserPass(SP\Request::analyzeEncrypted('pass'));
// Nuevo usuario o editar
if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT) {
if (!$User->getUserName() && !$isLdap) {
SP\Response::printJSON(_('Es necesario un nombre de usuario'), 2);
} elseif (!$User->getUserLogin() && !$isLdap) {
SP\Response::printJSON(_('Es necesario un login'), 2);
} elseif (!$User->getUserProfileId()) {
SP\Response::printJSON(_('Es necesario un perfil'), 2);
} elseif (!$User->getUserGroupId()) {
SP\Response::printJSON(_('Es necesario un grupo'), 2);
} elseif (!$User->getUserEmail() && !$isLdap) {
SP\Response::printJSON(_('Es necesario un email'), 2);
} elseif (SP\Util::demoIsEnabled() && !\SP\Session::getUserIsAdminApp() && $User->getUserLogin() == 'demo') {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
if (SP\Util::demoIsEnabled()) {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$frmDBUser = SP\Request::analyze('dbuser');
$frmDBPass = SP\Request::analyzeEncrypted('dbpass');
$frmDBName = SP\Request::analyze('dbname');
$frmDBHost = SP\Request::analyze('dbhost');
$frmMigrateEnabled = SP\Request::analyze('chkmigrate', 0, false, 1);
if (!$frmMigrateEnabled) {
SP\Response::printJSON(_('Confirmar la importación de cuentas'));
} elseif (!$frmDBUser) {
SP\Response::printJSON(_('Es necesario un usuario de conexión'));
} elseif (!$frmDBPass) {
SP\Response::printJSON(_('Es necesaria una clave de conexión'));
} elseif (!$frmDBName) {
SP\Response::printJSON(_('Es necesario el nombre de la BBDD'));
} elseif (!$frmDBHost) {
SP\Response::printJSON(_('Es necesario un nombre de host'));
}
$options['dbhost'] = $frmDBHost;
