/** * Install controller. * * @return void */ function install(Core $core) { define('_ZINSTALLVER', Core::VERSION_NUM); $serviceManager = $core->getContainer(); $eventManager = $core->getDispatcher(); // Lazy load DB connection to avoid testing DSNs that are not yet valid (e.g. no DB created yet) $dbEvent = new GenericEvent(null, array('lazy' => true)); $eventManager->dispatch('doctrine.init_connection', $dbEvent); $core->init(Core::STAGE_ALL & ~Core::STAGE_THEME & ~Core::STAGE_MODS & ~Core::STAGE_LANGS & ~Core::STAGE_DECODEURLS & ~Core::STAGE_SESSIONS); // Power users might have moved the temp folder out of the root and changed the config.php // accordingly. Make sure we respect this security related settings $tempDir = isset($GLOBALS['ZConfig']['System']['temp']) ? $GLOBALS['ZConfig']['System']['temp'] : 'ztemp'; // define our smarty object $smarty = new Smarty(); $smarty->caching = false; $smarty->compile_check = true; $smarty->left_delimiter = '{'; $smarty->right_delimiter = '}'; $smarty->compile_dir = $tempDir . '/view_compiled'; $smarty->template_dir = 'install/templates'; $smarty->plugins_dir = array('plugins', 'install/templates/plugins'); $smarty->clear_compiled_tpl(); file_put_contents("{$tempDir}/view_compiled/index.html", ''); $lang = FormUtil::getPassedValue('lang', '', 'GETPOST'); $dbhost = FormUtil::getPassedValue('dbhost', '', 'GETPOST'); $dbusername = FormUtil::getPassedValue('dbusername', '', 'GETPOST'); $dbpassword = FormUtil::getPassedValue('dbpassword', '', 'GETPOST'); $dbname = FormUtil::getPassedValue('dbname', '', 'GETPOST'); $dbprefix = ''; $dbdriver = FormUtil::getPassedValue('dbdriver', '', 'GETPOST'); $dbtabletype = FormUtil::getPassedValue('dbtabletype', '', 'GETPOST'); $username = FormUtil::getPassedValue('username', '', 'POST'); $password = FormUtil::getPassedValue('password', '', 'POST'); $repeatpassword = FormUtil::getPassedValue('repeatpassword', '', 'POST'); $email = FormUtil::getPassedValue('email', '', 'GETPOST'); $action = FormUtil::getPassedValue('action', '', 'GETPOST'); $notinstalled = isset($_GET['notinstalled']); $installedState = isset($GLOBALS['ZConfig']['System']['installed']) ? $GLOBALS['ZConfig']['System']['installed'] : 0; // If somehow we are browsing the not installed page but installed, redirect back to homepage if ($installedState && $notinstalled) { $response = new RedirectResponse(System::getHomepageUrl()); return $response->send(); } // see if the language was already selected $languageAlreadySelected = $lang ? true : false; if (!$notinstalled && $languageAlreadySelected && empty($action)) { $response = new RedirectResponse(System::getBaseUri() . "/install.php?action=requirements&lang={$lang}"); return $response->send(); } // see if the language was already selected $languageAlreadySelected = $lang ? true : false; if (!$notinstalled && $languageAlreadySelected && empty($action)) { $response = new RedirectResponse(System::getBaseUri() . "/install.php?action=requirements&lang={$lang}"); return $response->send(); } // load the installer language files if (empty($lang)) { if (is_readable('config/installer.ini')) { $test = parse_ini_file('config/installer.ini'); $lang = isset($test['language']) ? $test['language'] : 'en'; } else { $available = ZLanguage::getInstalledLanguages(); $detector = new ZLanguageBrowser($available); $lang = $detector->discover(); } $lang = DataUtil::formatForDisplay($lang); } // setup multilingual $GLOBALS['ZConfig']['System']['language_i18n'] = $lang; $GLOBALS['ZConfig']['System']['multilingual'] = true; $GLOBALS['ZConfig']['System']['languageurl'] = true; $GLOBALS['ZConfig']['System']['language_detect'] = false; $serviceManager->loadArguments($GLOBALS['ZConfig']['System']); $_lang = ZLanguage::getInstance(); $_lang->setup(); $lang = ZLanguage::getLanguageCode(); $installbySQL = file_exists("install/sql/custom-{$lang}.sql") ? "install/sql/custom-{$lang}.sql" : false; $smarty->assign('lang', $lang); $smarty->assign('installbySQL', $installbySQL); $smarty->assign('langdirection', ZLanguage::getDirection()); $smarty->assign('charset', ZLanguage::getEncoding()); // show not installed case if ($notinstalled) { header('HTTP/1.1 503 Service Unavailable'); $smarty->display('notinstalled.tpl'); $smarty->clear_compiled_tpl(); file_put_contents("{$tempDir}/view_compiled/index.html", ''); exit; } // assign the values from config.php $smarty->assign($GLOBALS['ZConfig']['System']); // if the system is already installed, halt. if ($GLOBALS['ZConfig']['System']['installed']) { _installer_alreadyinstalled($smarty); } // check for an empty action - if so then show the first installer page if (empty($action)) { $action = 'lang'; } // perform tasks based on our action switch ($action) { case 'processBDInfo': $dbname = trim($dbname); $dbusername = trim($dbusername); if (empty($dbname) || empty($dbusername)) { $action = 'dbinformation'; $smarty->assign('dbconnectmissing', true); } elseif (!preg_match('/^[\\w-]*$/', $dbname) || strlen($dbname) > 64) { $action = 'dbinformation'; $smarty->assign('dbinvalidname', true); } else { update_config_php($dbhost, $dbusername, $dbpassword, $dbname, $dbdriver, $dbtabletype); update_installed_status(0); try { $dbh = new PDO("{$dbdriver}:host={$dbhost};dbname={$dbname}", $dbusername, $dbpassword); } catch (PDOException $e) { $action = 'dbinformation'; $smarty->assign('reason', $e->getMessage()); $smarty->assign('dbconnectfailed', true); } } if ($action != 'dbinformation') { $action = 'createadmin'; } break; case 'finish': if (!$username || preg_match('/[^\\p{L}\\p{N}_\\.\\-]/u', $username)) { $action = 'createadmin'; $smarty->assign('uservalidatefailed', true); $smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email)); } elseif (mb_strlen($password) < 7) { $action = 'createadmin'; $smarty->assign('badpassword', true); $smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email)); } elseif ($password !== $repeatpassword) { $action = 'createadmin'; $smarty->assign('passwordcomparefailed', true); $smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email)); } elseif (!validateMail($email)) { $action = 'createadmin'; $smarty->assign('emailvalidatefailed', true); $smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email)); } else { $installedOk = false; // if it is the distribution and the process have not failed in a previous step if ($installbySQL) { // checks if exists a previous installation with the same prefix $proceed = true; $dbnameConfig = $GLOBALS['ZConfig']['DBInfo']['databases']['default']['dbname']; $exec = $dbdriver == 'mysql' || $dbdriver == 'mysqli' ? "SHOW TABLES FROM `{$dbnameConfig}` LIKE '%'" : "SHOW TABLES FROM {$dbnameConfig} LIKE '%'"; $tables = DBUtil::executeSQL($exec); if ($tables->rowCount() > 0) { $proceed = false; $action = 'dbinformation'; $smarty->assign('dbexists', true); } if ($proceed) { // checks if file exists if (!file_exists($installbySQL)) { $action = 'dbinformation'; $smarty->assign('dbdumpfailed', true); } else { // execute the SQL dump $lines = file($installbySQL); $exec = ''; foreach ($lines as $line_num => $line) { $line = trim($line); if (empty($line) || strpos($line, '--') === 0) { continue; } $exec .= $line; if (strrpos($line, ';') === strlen($line) - 1) { if (!DBUtil::executeSQL($exec)) { $action = 'dbinformation'; $smarty->assign('dbdumpfailed', true); break; } $exec = ''; } } ModUtil::dbInfoLoad('Users', 'Users'); ModUtil::dbInfoLoad('Extensions', 'Extensions'); ModUtil::initCoreVars(true); createuser($username, $password, $email); $installedOk = true; } } } else { installmodules($lang); createuser($username, $password, $email); $installedOk = true; } if ($installedOk) { // create our new site admin // TODO: Email username/password to administrator email address. Cannot use ModUtil::apiFunc for this. $serviceManager->get('session')->start(); $authenticationInfo = array('login_id' => $username, 'pass' => $password); $authenticationMethod = array('modname' => 'Users', 'method' => 'uname'); UserUtil::loginUsing($authenticationMethod, $authenticationInfo); // add admin email as site email System::setVar('adminmail', $email); if (!$installbySQL) { Theme_Util::regenerate(); } // set site status as installed and protect config.php file update_installed_status(1); @chmod('config/config.php', 0400); if (!is_readable('config/config.php')) { @chmod('config/config.php', 0440); if (!is_readable('config/config.php')) { @chmod('config/config.php', 0444); } } // install all plugins $systemPlugins = PluginUtil::loadAllSystemPlugins(); foreach ($systemPlugins as $plugin) { PluginUtil::install($plugin); } LogUtil::registerStatus(__('Congratulations! Zikula has been successfullly installed.')); $response = new RedirectResponse(ModUtil::url('Admin', 'admin', 'adminpanel')); $response->send(); exit; } } break; case 'requirements': $checks = _check_requirements(); $ok = true; foreach ($checks as $check) { if (!$check) { $ok = false; break; } } foreach ($checks['files'] as $check) { if (!$check['writable']) { $ok = false; break; } } if ($ok) { $response = new RedirectResponse(System::getBaseUri() . "/install.php?action=dbinformation&lang={$lang}"); $response->send(); exit; } $smarty->assign('checks', $checks); break; } // check our action template exists $action = DataUtil::formatForOS($action); if ($smarty->template_exists("installer_{$action}.tpl")) { $smarty->assign('action', $action); $templateName = "installer_{$action}.tpl"; } else { $smarty->assign('action', 'error'); $templateName = 'installer_error.tpl'; } $smarty->assign('maincontent', $smarty->fetch($templateName)); $smarty->display('installer_page.tpl'); $smarty->clear_compiled_tpl(); file_put_contents("{$tempDir}/view_compiled/index.html", ''); }
} $display = ''; $pageBody = ''; if (isset($_POST['cancel'])) { echo COM_refresh($_CONF['site_url'] . '/index.php'); } switch ($mode) { case 'logout': $pageBody = userLogout(); break; case 'profile': case 'user': $pageBody .= userprofile(); break; case 'create': $pageBody .= createuser(); break; case 'getpassword': $pageBody .= _userGetpassword(); break; case 'newpwd': $pageBody .= _userNewpwd(); break; case 'setnewpwd': $pageBody .= _userSetnewpwd(); break; case 'emailpasswd': $pageBody .= _userEmailpassword(); break; case 'new': $pageBody .= newuserform();
$display .= USER_showProfile($uid); } else { COM_redirect($_CONF['site_url'] . '/index.php'); } } else { COM_redirect($_CONF['site_url'] . '/index.php'); } break; case 'create': if ($_CONF['disable_new_user_registration']) { $display .= COM_showMessageText($LANG04[122], $LANG04[22]); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[22])); } else { $email = COM_applyFilter($_POST['email']); $email_conf = COM_applyFilter($_POST['email_conf']); $display .= createuser(COM_applyFilter($_POST['username']), $email, $email_conf); } break; case 'getpassword': if ($_CONF['passwordspeedlimit'] == 0) { $_CONF['passwordspeedlimit'] = 300; // 5 minutes } COM_clearSpeedlimit($_CONF['passwordspeedlimit'], 'password'); $last = COM_checkSpeedlimit('password'); if ($last > 0) { $display .= COM_showMessageText(sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), $LANG12[26]); } else { $display .= getpasswordform(); } $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[25]));
<?php include 'functions.php'; if ($_POST["type"] == "create") { $passhash = password_hash($_POST['password'], PASSWORD_DEFAULT); try { createuser($_POST['username'], $passhash, $_POST['email'], $_POST['firstname'], $_POST['lastname'], $_POST['middlename']); } catch (Exception $e) { echo $e->getCode(); } } else { if ($_POST["type"] == "login") { try { $result = loginuser($_POST['username'], $_POST['password']); echo $result["message"]; if ($result["message"] == "SUCCESS") { session_start(); $_SESSION['username'] = $result['username']; $_SESSION['firstname'] = $result['firstname']; $_SESSION['lastname'] = $result['lastname']; $_SESSION['middlename'] = $result['middlename']; $_SESSION['email'] = $result['email']; } } catch (Exception $e) { // echo $e -> getMessage(); } } else { if ($_POST["type"] == "logout") { logout(); } else { if ($_POST["type"] == "newgrant") {
public function testAddUser() { createuser("KOUKOU", "KIKOU", "2"); $array = list_all_user(__DIR__ . "/../src/files/roles.json"); $this->assertArrayHasKey('KOUKOU', $array); }
<?php ob_start(); if (isset($_POST["usr"]) && isset($_POST["pwd"]) && isset($_POST["roles"])) { createuser($_POST["usr"], $_POST["pwd"], $_POST["roles"]); } function createuser($usr, $pwd, $role) { // Creates new users $error = ""; if ($usr != null && $pwd != null && $role != null) { $pwd = htmlentities($pwd); $pwd = hash('sha512', "zztask" . $pwd . "bcrypt"); $usr = htmlentities(strtolower($usr)); $file = fopen(__DIR__ . "/files/login.json", "r"); // Gets current list of users $line = fgets($file); $arr = json_decode($line, true); fclose($file); if (!isset($arr[$usr])) { // to look if this user already exist $array = array($usr => $pwd); // If not, then we add the new user if (isset($arr)) { $log = array_merge($arr, $array); // By merging the 2 vars } else { $log = $array; } $file = fopen(__DIR__ . "/files/login.json", "w"); // Writes down the new user list
// User Creates an account by entering in their EMAIL and Creating a Password $email = filter_input(INPUT_POST, 'email'); $password = filter_input(INPUT_POST, 'password'); // Error Validating the Email and Password Entered $errors = array(); if (!isValidEmail($email)) { $errors[] = 'Email is not Valid'; } if (!isValidPassword($password)) { $errors[] = 'Password is not Valid'; } /* As long as their is no Errors the Email and Password * for that user are added to the database and Granted access */ if (count($errors) == 0) { if (createuser($email, $password)) { $results = 'User Added'; } else { $results = 'User was not Added'; } } } ?> <!-- Provides the Results of the Account Creation & the Login Form --> <?php include '../Includes/errors.html.php'; ?> <?php