Example #1
0
defined('_SECURE_') or die('Forbidden');
use Gregwar\Captcha\CaptchaBuilder;
if (_OP_ == 'forgot') {
    $username = trim($_REQUEST['username']);
    $email = trim($_REQUEST['email']);
    $ok = FALSE;
    if (!auth_isvalid()) {
        if ($_REQUEST['captcha'] == $_SESSION['tmp']['captcha']) {
            if ($core_config['main']['enable_forgot']) {
                if ($username && $email) {
                    $db_query = "SELECT password FROM " . _DB_PREF_ . "_tblUser WHERE flag_deleted='0' AND username='******' AND email='{$email}'";
                    $db_result = dba_query($db_query);
                    if ($db_row = dba_fetch_array($db_result)) {
                        if ($password = $db_row['password']) {
                            $tmp_password = core_get_random_string();
                            $tmp_password_coded = md5($tmp_password);
                            if (registry_update(1, 'auth', 'tmp_password', array($username => $tmp_password_coded))) {
                                $subject = _('Password recovery');
                                $body = $core_config['main']['web_title'] . "\n\n";
                                $body .= _('You or someone else have requested a password recovery') . "\n\n";
                                $body .= _('This temporary password will be removed once you have logged in successfully') . "\n\n";
                                $body .= _('Username') . "\t: " . $username . "\n";
                                $body .= _('Password') . "\t: " . $tmp_password . "\n\n--\n";
                                $body .= $core_config['main']['email_footer'] . "\n\n";
                                $data = array('mail_from_name' => $core_config['main']['web_title'], 'mail_from' => $core_config['main']['email_service'], 'mail_to' => $email, 'mail_subject' => $subject, 'mail_body' => $body);
                                if (sendmail($data)) {
                                    $error_string = _('Password has been emailed') . " (" . _('Username') . ": " . $username . ")";
                                    $_SESSION['dialog']['info'][] = $error_string;
                                    $ok = TRUE;
                                } else {
Example #2
0
/**
 * Add new user
 *
 * @param array $data
 *        User data
 * @param boolean $forced
 *        Forced addition
 * @param boolean $send_email
 *        Send email after successful user addition
 * @return array $ret['error_string', 'status', 'uid', 'data']
 */
function user_add($data = array(), $forced = FALSE, $send_email = TRUE)
{
    global $core_config, $user_config;
    // default return values
    $ret['error_string'] = _('Unknown error has occurred');
    $ret['status'] = FALSE;
    $ret['uid'] = 0;
    $ret['data'] = array();
    $data = trim($data['username']) ? $data : $_REQUEST;
    if ($forced || auth_isadmin() || $user_config['status'] == 3 || !auth_isvalid() && $core_config['main']['enable_register']) {
        foreach ($data as $key => $val) {
            $data[$key] = trim($val);
        }
        // set valid status
        $data['status'] = (int) $data['status'];
        if (!($data['status'] == 2 || $data['status'] == 3)) {
            $data['status'] = 4;
        }
        // ACL exception for admins
        $data['acl_id'] = (int) $data['acl_id'] ? (int) $data['acl_id'] : $core_config['main']['default_acl'];
        if ($data['status'] == 2) {
            $data['acl_id'] = 0;
        }
        // default parent_id
        $data['parent_uid'] = (int) $data['parent_uid'] ? (int) $data['parent_uid'] : $core_config['main']['default_parent'];
        if ($parent_status = user_getfieldbyuid($data['parent_uid'], 'status')) {
            // logic for parent_uid, parent uid by default is 0
            if ($data['status'] == 4) {
                if (!($parent_status == 2 || $parent_status == 3)) {
                    $data['parent_uid'] = $core_config['main']['default_parent'];
                }
            } else {
                $data['parent_uid'] = $core_config['main']['default_parent'];
            }
        } else {
            $data['parent_uid'] = $core_config['main']['default_parent'];
        }
        $data['username'] = core_sanitize_username($data['username']);
        $data['password'] = trim($data['password']) ? trim($data['password']) : core_get_random_string(10);
        $register_password = $data['password'];
        $data['password'] = md5($register_password);
        $data['token'] = md5(uniqid($data['username'] . $data['password'], true));
        // default credit
        $supplied_credit = (double) $data['credit'];
        $data['credit'] = 0;
        // sender set to empty by default
        // $data['sender'] = ($data['sender'] ? core_sanitize_sender($data['sender']) : '');
        $data['sender'] = '';
        $dt = core_get_datetime();
        $data['register_datetime'] = $dt;
        $data['lastupdate_datetime'] = $dt;
        // fixme anton - these should be configurable on main config
        $data['footer'] = '@' . $data['username'];
        $data['enable_webservices'] = 1;
        // $data['webservices_ip'] = (trim($data['webservices_ip']) ? trim($data['webservices_ip']) : '127.0.0.1, 192.168.*.*');
        $data['webservices_ip'] = '*.*.*.*';
        $v = user_add_validate($data);
        if ($v['status']) {
            _log('attempt to register status:' . $data['status'] . ' u:' . $data['username'] . ' email:' . $data['email'], 3, 'user_add');
            if ($data['username'] && $data['email'] && $data['name']) {
                if ($new_uid = dba_add(_DB_PREF_ . '_tblUser', $data)) {
                    $ret['status'] = TRUE;
                    $ret['uid'] = $new_uid;
                    // set credit upon registration
                    $default_credit = $supplied_credit ? $supplied_credit : (double) $core_config['main']['default_credit'];
                    rate_addusercredit($ret['uid'], $default_credit);
                } else {
                    $ret['error_string'] = _('Fail to register an account');
                }
                if ($ret['status']) {
                    $data['credit'] = user_getfieldbyuid($new_uid, 'credit');
                    $data['register_password'] = $register_password;
                    _log('registered status:' . $data['status'] . ' u:' . $data['username'] . ' uid:' . $ret['uid'] . ' email:' . $data['email'] . ' ip:' . $_SERVER['REMOTE_ADDR'] . ' mobile:' . $data['mobile'] . ' credit:' . $data['credit'], 2, 'user_add');
                    // save $data on returns
                    $ret['data'] = $data;
                    // default is TRUE, always send email from this function
                    if ($send_email) {
                        // injected variables must be global, need to work on this later
                        global $reg_data;
                        $reg_data = $ret['data'];
                        // send email
                        $tpl = array('name' => 'user_add_email', 'vars' => array('Name' => _('Name'), 'Username' => _('Username'), 'Password' => _('Password'), 'Mobile' => _('Mobile'), 'Credit' => _('Credit'), 'Email' => _('Email')), 'injects' => array('core_config', 'reg_data'));
                        $email_body = tpl_apply($tpl);
                        $email_subject = _('New account registration');
                        $mail_data = array('mail_from_name' => $core_config['main']['web_title'], 'mail_from' => $core_config['main']['email_service'], 'mail_to' => $data['email'], 'mail_subject' => $email_subject, 'mail_body' => $email_body);
                        if (sendmail($mail_data)) {
                            $ret['error_string'] = _('Account has been added and password has been emailed') . " (" . _('username') . ": " . $data['username'] . ")";
                        } else {
                            $ret['error_string'] = _('Account has been added but failed to send email') . " (" . _('username') . ": " . $data['username'] . ")";
                        }
                    }
                }
            } else {
                $ret['error_string'] = _('You must fill all required fields');
            }
        } else {
            $ret['error_string'] = $v['error_string'];
        }
    } else {
        $ret['error_string'] = _('Account registration is not available');
    }
    return $ret;
}
Example #3
0
function webservices_login_key_set($username)
{
    $uid = user_username2uid($username);
    $login_key = md5(core_get_random_string(32));
    if (registry_update($uid, 'core', 'webservices', array('login_key' => $login_key))) {
        $json['status'] = 'OK';
        $json['error'] = '0';
        $json['login_key'] = $login_key;
    } else {
        $json['status'] = 'ERR';
        $json['error'] = '626';
    }
    return $json;
}
Example #4
0
/**
 * Add new user
 *
 * @param array $data
 *        	User data
 * @param boolean $forced
 *        	Forced addition
 * @return array $ret('error_string', 'status', 'uid')
 */
function user_add($data = array(), $forced = FALSE)
{
    global $core_config, $user_config;
    $ret['error_string'] = _('Unknown error has occurred');
    $ret['status'] = FALSE;
    $ret['uid'] = 0;
    $data = trim($data['username']) ? $data : $_REQUEST;
    if ($forced || auth_isadmin() || $user_config['status'] == 3 || !auth_isvalid() && $core_config['main']['enable_register']) {
        foreach ($data as $key => $val) {
            $data[$key] = trim($val);
        }
        // set valid status
        $data['status'] = (int) $data['status'];
        if (!($data['status'] == 2 || $data['status'] == 3)) {
            $data['status'] = 4;
        }
        // logic for parent_uid, parent uid by default is 0
        if ($data['status'] == 4) {
            $parent_status = user_getfieldbyuid($data['parent_uid'], 'status');
            if (!($parent_status == 2 || $parent_status == 3)) {
                $data['parent_uid'] = 0;
            }
        } else {
            $data['parent_uid'] = 0;
        }
        $data['username'] = core_sanitize_username($data['username']);
        $data['password'] = $data['password'] ? $data['password'] : core_get_random_string(10);
        $new_password = $data['password'];
        $data['password'] = md5($new_password);
        $data['token'] = md5(uniqid($data['username'] . $data['password'], true));
        // credit set to 0 by default
        // $data['credit'] = ( $data['credit'] ? $data['credit'] : $core_config['main']['default_credit'] );
        $data['credit'] = 0;
        // sender set to empty by default
        // $data['sender'] = ($data['sender'] ? core_sanitize_sender($data['sender']) : '');
        $data['sender'] = '';
        $dt = core_get_datetime();
        $data['register_datetime'] = $dt;
        $data['lastupdate_datetime'] = $dt;
        $data['webservices_ip'] = trim($data['webservices_ip']) ? trim($data['webservices_ip']) : '127.0.0.1, 192.168.*.*';
        $v = user_add_validate($data);
        if ($v['status']) {
            _log('attempt to register status:' . $data['status'] . ' u:' . $data['username'] . ' email:' . $data['email'], 3, 'user_add');
            if ($data['username'] && $data['email'] && $data['name']) {
                if ($new_uid = dba_add(_DB_PREF_ . '_tblUser', $data)) {
                    $ret['status'] = TRUE;
                    $ret['uid'] = $new_uid;
                } else {
                    $ret['error_string'] = _('Fail to register an account');
                }
                if ($ret['status']) {
                    _log('registered status:' . $data['status'] . ' u:' . $data['username'] . ' uid:' . $ret['uid'] . ' email:' . $data['email'] . ' ip:' . $_SERVER['REMOTE_ADDR'] . ' mobile:' . $data['mobile'] . ' credit:' . $data['credit'], 2, 'user_add');
                    $subject = _('New account registration');
                    $body = $core_config['main']['web_title'] . "\n";
                    $body .= $core_config['http_path']['base'] . "\n\n";
                    $body .= _('Username') . ": " . $data['username'] . "\n";
                    $body .= _('Password') . ": " . $new_password . "\n";
                    $body .= _('Mobile') . ": " . $data['mobile'] . "\n";
                    $body .= _('Credit') . ": " . $data['credit'] . "\n\n";
                    $body .= $core_config['main']['email_footer'] . "\n\n";
                    $ret['error_string'] = _('Account has been added and password has been emailed') . " (" . _('username') . ": " . $data['username'] . ")";
                    $mail_data = array('mail_from_name' => $core_config['main']['web_title'], 'mail_from' => $core_config['main']['email_service'], 'mail_to' => $data['email'], 'mail_subject' => $subject, 'mail_body' => $body);
                    if (!sendmail($mail_data)) {
                        $ret['error_string'] = _('Account has been added but failed to send email') . " (" . _('username') . ": " . $data['username'] . ")";
                    }
                }
            } else {
                $ret['error_string'] = _('You must fill all required fields');
            }
        } else {
            $ret['error_string'] = $v['error_string'];
        }
    } else {
        $ret['error_string'] = _('Account registration is not available');
    }
    return $ret;
}