SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10); } $sk = SP\Request::analyze('sk', false); if (!$sk || !SessionUtil::checkSessionKey($sk)) { SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } // Variables POST del formulario //$frmSaveType = SP_Request::analyze('savetyp', 0); $actionId = SP\Request::analyze('actionId', 0); $accountId = SP\Request::analyze('accountid', 0); $customerId = SP\Request::analyze('customerId', 0); $newCustomer = SP\Request::analyze('customer_new'); $accountName = SP\Request::analyze('name'); $accountLogin = SP\Request::analyze('login'); $accountPassword = SP\Request::analyzeEncrypted('pass'); $accountPasswordR = SP\Request::analyzeEncrypted('passR'); $categoryId = SP\Request::analyze('categoryId', 0); $accountOtherGroups = SP\Request::analyze('othergroups'); $accountOtherUsers = SP\Request::analyze('otherusers'); $accountNotes = SP\Request::analyze('notes'); $accountUrl = SP\Request::analyze('url'); $accountGroupEditEnabled = SP\Request::analyze('geditenabled', 0, false, 1); $accountUserEditEnabled = SP\Request::analyze('ueditenabled', 0, false, 1); $accountMainGroupId = SP\Request::analyze('mainGroupId', 0); $accountChangesHash = SP\Request::analyze('hash'); $customFields = SP\Request::analyze('customfield'); // Datos del Usuario $currentUserId = SP\Session::getUserId(); if ($accountMainGroupId === 0) { $accountMainGroupId = SP\Session::getUserGroupId(); }
use SP\CryptMasterPass; use SP\Request; use SP\SessionUtil; use SP\UserLdap; use SP\UserPass; use SP\UserPassRecover; use SP\UserUtil; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('POST'); if (!SP\Request::analyze('login', false)) { return; } $userLogin = SP\Request::analyze('user'); $userPass = SP\Request::analyzeEncrypted('pass'); $masterPass = SP\Request::analyzeEncrypted('mpass'); if (!$userLogin || !$userPass) { SP\Response::printJSON(_('Usuario/Clave no introducidos')); } $User = new SP\User(); $User->setUserLogin($userLogin); $User->setUserPass($userPass); if ($resLdap = SP\Auth::authUserLDAP($userLogin, $userPass)) { $User->setUserName(SP\Auth::$userName); $User->setUserEmail(SP\Auth::$userEmail); } $Log = new \SP\Log(_('Inicio sesión')); // Autentificamos por LDAP if ($resLdap === true) { $Log->addDescription('(LDAP)'); $Log->addDescription(sprintf('%s: %s', _('Servidor Login'), \SP\Ldap::getLdapServer()));
*/ use SP\Request; use SP\SessionUtil; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10); } if (SP\Util::demoIsEnabled()) { SP\Response::printJSON(_('Ey, esto es una DEMO!!')); } $sk = SP\Request::analyze('sk', false); $defaultUser = SP\Request::analyze('defUser', 0); $defaultGroup = SP\Request::analyze('defGroup', 0); $importPwd = SP\Request::analyzeEncrypted('importPwd'); $csvDelimiter = SP\Request::analyze('csvDelimiter'); if (!$sk || !SessionUtil::checkSessionKey($sk)) { SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } SP\Import::setDefUser($defaultUser); SP\Import::setDefGroup($defaultGroup); SP\Import::setImportPwd($importPwd); SP\Import::setCsvDelimiter($csvDelimiter); $res = SP\Import::doImport($_FILES["inFile"]); if (isset($res['error']) && is_array($res['error'])) { error_log($res['error']['hint']); $out = implode('\\n\\n', $res['error']); SP\Response::printJSON($out); } else { if (is_array($res['ok'])) {
/** * Obtener los datos para el interface del instalador */ public function getInstaller() { $this->view->addTemplate('install'); $this->view->addTemplate('footer'); $this->view->addTemplate('body-end'); $this->view->assign('modulesErrors', Util::checkModules()); $this->view->assign('versionErrors', Util::checkPhpVersion()); $this->view->assign('securityErrors', array()); $this->view->assign('resInstall', array()); $this->view->assign('isCompleted', false); $this->view->assign('adminlogin', Request::analyze('adminlogin', 'admin')); $this->view->assign('adminpass', Request::analyzeEncrypted('adminpass')); $this->view->assign('masterpassword', Request::analyzeEncrypted('masterpassword')); $this->view->assign('dbuser', Request::analyze('dbuser', 'root')); $this->view->assign('dbpass', Request::analyzeEncrypted('dbpass')); $this->view->assign('dbname', Request::analyze('dbname', 'syspass')); $this->view->assign('dbhost', Request::analyze('dbhost', 'localhost')); $this->view->assign('hostingmode', Request::analyze('hostingmode', false)); if (@file_exists(__FILE__ . "Nullbyte")) { $this->view->append('securityErrors', array('type' => SPException::SP_WARNING, 'description' => _('La version de PHP es vulnerable al ataque NULL Byte (CVE-2006-7243)'), 'hint' => _('Actualice la versión de PHP para usar sysPass de forma segura'))); } if (!Util::secureRNG_available()) { $this->view->append('securityErrors', array('type' => SPException::SP_WARNING, 'description' => _('No se encuentra el generador de números aleatorios.'), 'hint' => _('Sin esta función un atacante puede utilizar su cuenta al resetear la clave'))); } if (Request::analyze('install', false)) { Installer::setUsername($this->view->adminlogin); Installer::setPassword($this->view->adminpass); Installer::setMasterPassword($this->view->masterpassword); Installer::setDbuser($this->view->dbuser); Installer::setDbpass($this->view->dbpass); Installer::setDbname($this->view->dbname); Installer::setDbhost($this->view->dbhost); Installer::setIsHostingMode($this->view->hostingmode); $this->view->assign('resInstall', Installer::install()); if (count($this->view->resInstall) == 0) { $this->view->append('errors', array('type' => SPException::SP_OK, 'description' => _('Instalación finalizada'), 'hint' => _('Pulse <a href="index.php" title="Acceder">aquí</a> para acceder'))); $this->view->assign('isCompleted', true); return true; } } $this->view->assign('errors', array_merge($this->view->modulesErrors, $this->view->securityErrors, $this->view->resInstall)); }
if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDITPASS || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_DELETE) { $isLdap = SP\Request::analyze('isLdap', 0); $userPassR = SP\Request::analyzeEncrypted('passR'); $User = new SP\User(); $User->setUserId($itemId); $User->setUserName(SP\Request::analyze('name')); $User->setUserLogin(SP\Request::analyze('login')); $User->setUserEmail(SP\Request::analyze('email')); $User->setUserNotes(SP\Request::analyze('notes')); $User->setUserGroupId(SP\Request::analyze('groupid', 0)); $User->setUserProfileId(SP\Request::analyze('profileid', 0)); $User->setUserIsAdminApp(SP\Request::analyze('adminapp', 0, false, 1)); $User->setUserIsAdminAcc(SP\Request::analyze('adminacc', 0, false, 1)); $User->setUserIsDisabled(SP\Request::analyze('disabled', 0, false, 1)); $User->setUserChangePass(SP\Request::analyze('changepass', 0, false, 1)); $User->setUserPass(SP\Request::analyzeEncrypted('pass')); // Nuevo usuario o editar if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDIT) { if (!$User->getUserName() && !$isLdap) { SP\Response::printJSON(_('Es necesario un nombre de usuario'), 2); } elseif (!$User->getUserLogin() && !$isLdap) { SP\Response::printJSON(_('Es necesario un login'), 2); } elseif (!$User->getUserProfileId()) { SP\Response::printJSON(_('Es necesario un perfil'), 2); } elseif (!$User->getUserGroupId()) { SP\Response::printJSON(_('Es necesario un grupo'), 2); } elseif (!$User->getUserEmail() && !$isLdap) { SP\Response::printJSON(_('Es necesario un email'), 2); } elseif (SP\Util::demoIsEnabled() && !\SP\Session::getUserIsAdminApp() && $User->getUserLogin() == 'demo') { SP\Response::printJSON(_('Ey, esto es una DEMO!!')); }
use SP\SessionUtil; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10); } if (SP\Util::demoIsEnabled()) { SP\Response::printJSON(_('Ey, esto es una DEMO!!')); } $sk = SP\Request::analyze('sk', false); if (!$sk || !SessionUtil::checkSessionKey($sk)) { SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } $frmDBUser = SP\Request::analyze('dbuser'); $frmDBPass = SP\Request::analyzeEncrypted('dbpass'); $frmDBName = SP\Request::analyze('dbname'); $frmDBHost = SP\Request::analyze('dbhost'); $frmMigrateEnabled = SP\Request::analyze('chkmigrate', 0, false, 1); if (!$frmMigrateEnabled) { SP\Response::printJSON(_('Confirmar la importación de cuentas')); } elseif (!$frmDBUser) { SP\Response::printJSON(_('Es necesario un usuario de conexión')); } elseif (!$frmDBPass) { SP\Response::printJSON(_('Es necesaria una clave de conexión')); } elseif (!$frmDBName) { SP\Response::printJSON(_('Es necesario el nombre de la BBDD')); } elseif (!$frmDBHost) { SP\Response::printJSON(_('Es necesario un nombre de host')); } $options['dbhost'] = $frmDBHost;