check_mail_address($_POST['localpart'], $_SESSION['domain_id'], 'adminalias.php');
# check_user_exists() will die if a user account already exists with the same localpart and domain id
check_user_exists($dbh, $_POST['localpart'], $_SESSION['domain_id'], 'adminalias.php');
if (preg_match("/['@%!\\/\\|\" ']/", $_POST['localpart']) || preg_match("/^\\s*\$/", $_POST['realname'])) {
header("Location: adminalias.php?badname={$_POST['localpart']}");
die;
}
$forwardto = explode(",", $_POST['smtp']);
for ($i = 0; $i < count($forwardto); $i++) {
$forwardto[$i] = trim($forwardto[$i]);
if (!filter_var($forwardto[$i], FILTER_VALIDATE_EMAIL)) {
header("Location: adminalias.php?invalidforward=" . htmlentities($forwardto[$i]));
die;
}
}
$aliasto = implode(",", $forwardto);
if (validate_password($_POST['clear'], $_POST['vclear'])) {
$query = "INSERT INTO users\n (localpart, username, domain_id, crypt, smtp, pop, uid, gid, realname, type, admin, on_avscan, \n on_spamassassin, sa_tag, sa_refuse, spam_drop, enabled)\n SELECT :localpart, :username, :domain_id, :crypt, :smtp, :pop, uid, gid, :realname, 'alias', :admin,\n :on_avscan, :on_spamassassin, :sa_tag, :sa_refuse, :spam_drop, :enabled\n FROM domains\n WHERE domains.domain_id=:domain_id";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':localpart' => $_POST['localpart'], ':username' => $_POST['localpart'] . '@' . $_SESSION['domain'], ':domain_id' => $_SESSION['domain_id'], ':crypt' => crypt_password($_POST['clear']), ':smtp' => $aliasto, ':pop' => $aliasto, ':realname' => $_POST['realname'], ':admin' => $_POST['admin'], ':on_avscan' => $_POST['on_avscan'], ':on_spamassassin' => $_POST['on_spamassassin'], ':sa_tag' => $_POST['sa_tag'], ':sa_refuse' => $_POST['sa_refuse'], ':spam_drop' => $_POST['spam_drop'], ':enabled' => $_POST['enabled']));
if ($success) {
header("Location: adminalias.php?added={$_POST['localpart']}");
} else {
header("Location: adminalias.php?failadded={$_POST['localpart']}");
}
} else {
header("Location: adminalias.php?badaliaspass={$_POST['localpart']}");
}
?>
<!-- Layout and CSS tricks obtained from http://www.bluerobot.com/web/layouts/ -->
$sth = $dbh->prepare($query);
$sth->execute(array(':domain_id' => $_SESSION['domain_id']));
$row = $sth->fetch();
if ($_POST['on_piped'] == 1 && $_POST['smtp'] != "") {
$smtphomepath = $_POST['smtp'];
$pophomepath = "{$row['maildir']}/{$_POST['localpart']}";
$_POST['type'] = "piped";
} else {
$smtphomepath = "{$row['maildir']}/{$_POST['localpart']}/Maildir";
$pophomepath = "{$row['maildir']}/{$_POST['localpart']}";
$_POST['type'] = "local";
}
# Update the password, if the password was given
if (isset($_POST['clear']) && $_POST['clear'] !== '') {
if (validate_password($_POST['clear'], $_POST['vclear'])) {
$cryptedpassword = crypt_password($_POST['clear']);
$query = "UPDATE users\n SET crypt=:crypt WHERE localpart=:localpart\n AND domain_id=:domain_id";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':crypt' => $cryptedpassword, ':localpart' => $_POST['localpart'], ':domain_id' => $_SESSION['domain_id']));
if ($success) {
if ($_POST['localpart'] == $_SESSION['localpart']) {
$_SESSION['crypt'] = $cryptedpassword;
}
} else {
header("Location: adminuser.php?failupdated={$_POST['localpart']}");
die;
}
} else {
header("Location: adminuser.php?badpass={$_POST['localpart']}");
die;
}
$_POST['username'] .= '@' . preg_replace("/^mail\\./", "", $_SERVER["SERVER_NAME"]);
}
# sql statement based on username
$query = "SELECT users.crypt,users.username,users.user_id,users.localpart,domains.domain,domains.domain_id,users.admin,users.type,\n domains.enabled AS domainenabled, users.enabled AS userenabled\n FROM users,domains\n WHERE username=:username\n AND users.domain_id = domains.domain_id";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':username' => $_POST['username']));
if (!$success) {
print_r($sth->errorInfo());
die;
}
if ($sth->rowCount() != 1) {
header('Location: index.php?login=failed');
die;
}
$row = $sth->fetch();
$cryptedpass = crypt_password($_POST['crypt'], $row['crypt']);
// Some debugging prints. They help when you don't know why auth is failing.
/*
print $query. "<br>\n";;
print $row['username']. "<br>\n";
print $_POST['username'] . "<br>\n";
print "Posted crypt: " .$_POST['crypt'] . "<br>\n";
print $row['crypt'] . "<br>\n";
print $cryptscheme . "<br>\n";
print $cryptedpass . "<br>\n";
*/
# if they have the wrong password bail out
if ($cryptedpass !== $row['crypt']) {
header('Location: index.php?login=failed');
die;
}
<label>Passwort wiederholen: <input type="password" id="p2" name="passwordconfirm"></label><br />
<input type="hidden" name="step2" value="2">
<button type="submit">Weiter</button>
</form>
<?php
}
} else {
if (isset($_POST['step2'])) {
// step2: create user
if ($_POST['password'] !== $_POST['passwordconfirm']) {
echo "<p>The passwords did not match</p>";
goto hell;
// the goto keyword was introduced in PHP 5.3... so why don't use it?
}
$sql_str = "INSERT INTO `config` (`key`, `value`) VALUES ('sitename', '" . $sql->real_escape_string($_POST['sitename']) . "'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('username', '" . $sql->real_escape_string($_POST['username']) . "'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('password', '" . $sql->real_escape_string(crypt_password($_POST['password'], gen_salt(22))) . "'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('recent_public', 'false'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('recent_count', '5');";
if (!$sql->multi_query($sql_str)) {
?>
<h2>Ein Fehler ist aufgetreten</h2>
<pre><?php
echo $sql->error;
?>
</pre>
<form method="POST">
<label>Seiten Name: <input type="text" name="sitename" value="<?php
echo htmlspecialchars($_POST['sitename']);
?>
"></label><br />
<label>User Name: <input type="text" name="username" value="<?php
echo htmlspecialchars($_POST['username']);
?>
$sth->execute(array(':domain_id' => $_SESSION['domain_id']));
$row = $sth->fetch();
if (isset($_POST['on_avscan']) && $row['avscan'] == 1) {
$_POST['on_avscan'] = 1;
} else {
$_POST['on_avscan'] = 0;
}
if (isset($_POST['on_spamassassin']) && $row['spamassassin'] == 1) {
$_POST['on_spamassassin'] = 1;
} else {
$_POST['on_spamassassin'] = 0;
}
# Update the password, if the password was given
if (isset($_POST['password']) && $_POST['password'] !== '') {
if (validate_password($_POST['password'], $_POST['vpassword'])) {
$cryptedpassword = crypt_password($_POST['password']);
$query = "UPDATE users SET crypt=:crypt WHERE user_id=:user_id AND domain_id=:domain_id AND type='alias'";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':crypt' => $cryptedpassword, ':user_id' => $_POST['user_id'], ':domain_id' => $_SESSION['domain_id']));
if ($success) {
if ($_POST['localpart'] == $_SESSION['localpart']) {
$_SESSION['crypt'] = $cryptedpassword;
}
} else {
header('Location: adminalias.php?failedupdated=' . $_POST['localpart']);
die;
}
} else {
header('Location: adminalias.php?badaliaspass');
die;
}
$pophomepath = $domainpath . "/" . $_POST['localpart'];
}
//Gah. Transactions!! -- GCBirzan
if (validate_password($_POST['clear'], $_POST['vclear']) && $_POST['type'] != "alias") {
if (!password_strengthcheck($_POST['clear'])) {
header("Location: site.php?weakpass={$_POST['domain']}");
die;
}
$query = "INSERT INTO domains \n (domain, spamassassin, sa_tag, sa_refuse, avscan,\n max_accounts, quotas, maildir, pipe, enabled, uid, gid,\n type, maxmsgsize)\n VALUES (:domain, :spamassassin, :sa_tag, :sa_refuse,\n :avscan, :max_accounts, :quotas, :maildir, :pipe, :enabled,\n :uid, :gid, :type, :maxmsgsize)";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':domain' => $_POST['domain'], ':spamassassin' => $_POST['spamassassin'], ':sa_tag' => isset($_POST['sa_tag']) ? $_POST['sa_tag'] : $sa_tag, ':sa_refuse' => isset($_POST['sa_refuse']) ? $_POST['sa_refuse'] : $sa_refuse, ':avscan' => $_POST['avscan'], ':max_accounts' => $_POST['max_accounts'], ':quotas' => isset($_POST['quotas']) ? $_POST['quotas'] : 0, ':maildir' => isset($_POST['maildir']) ? $domainpath : '', ':pipe' => $_POST['pipe'], ':enabled' => $_POST['enabled'], ':uid' => $uid, ':gid' => $gid, ':type' => $_POST['type'], ':maxmsgsize' => isset($_POST['maxmsgsize']) ? $_POST['maxmsgsize'] : 0));
if ($success) {
if ($_POST['type'] == "local") {
$query = "INSERT INTO users\n (domain_id, localpart, username, crypt, uid, gid, smtp, pop, realname, type, admin)\n SELECT domain_id, :localpart, :username, :crypt, :uid, :gid, :smtp, :pop, 'Domain Admin', 'local', 1\n FROM domains\n WHERE domains.domain=:domain";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':localpart' => $_POST['localpart'], ':username' => $_POST['localpart'] . '@' . $_POST['domain'], ':crypt' => crypt_password($_POST['clear']), ':uid' => $uid, ':gid' => $gid, ':smtp' => $smtphomepath, ':pop' => $pophomepath, ':domain' => $_POST['domain']));
// Is using indexes worth setting the domain_id by hand? -- GCBirzan
if (!$success) {
header("Location: site.php?failaddedusrerr={$_POST['domain']}");
die;
} else {
header("Location: site.php?added={$_POST['domain']}" . "&type={$_POST['type']}");
mail("{$_POST['localpart']}@{$_POST['domain']}", vexim_encode_header(_("Welcome Domain Admin!")), "{$welcome_newdomain}", "From: {$_POST['localpart']}@{$_POST['domain']}\r\nMIME-Version: 1.0\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Transfer-Encoding: 8bit\r\n");
die;
}
} else {
header("Location: site.php?added={$_POST['domain']}" . "&type={$_POST['type']}");
die;
}
} else {
header("Location: site.php?failaddeddomerr={$_POST['domain']}");
if ($sth->rowCount()) {
$row = $sth->fetch();
}
if ($_POST['on_piped'] == 1 && $_POST['smtp'] != '') {
$smtphomepath = $_POST['smtp'];
$pophomepath = "{$row['maildir']}/{$_POST['localpart']}";
$_POST['type'] = 'piped';
} else {
$smtphomepath = "{$row['maildir']}/{$_POST['localpart']}/Maildir";
$pophomepath = "{$row['maildir']}/{$_POST['localpart']}";
$_POST['type'] = 'local';
}
if (validate_password($_POST['clear'], $_POST['vclear'])) {
$query = "INSERT INTO users (localpart, username, domain_id, crypt,\n smtp, pop, uid, gid, realname, type, admin, on_avscan, on_piped,\n on_spamassassin, sa_tag, sa_refuse, maxmsgsize, enabled, quota)\n VALUES (:localpart, :username, :domain_id, :crypt, :smtp, :pop, :uid, :gid,\n :realname, :type, :admin, :on_avscan, :on_piped, :on_spamassassin,\n :sa_tag, :sa_refuse, :maxmsgsize, :enabled, :quota)";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':localpart' => $_POST['localpart'], ':localpart' => $_POST['localpart'], ':username' => $_POST['localpart'] . '@' . $_SESSION['domain'], ':domain_id' => $_SESSION['domain_id'], ':crypt' => crypt_password($_POST['clear'], $salt), ':smtp' => $smtphomepath, ':pop' => $pophomepath, ':uid' => $_POST['uid'], ':gid' => $_POST['gid'], ':realname' => $_POST['realname'], ':type' => $_POST['type'], ':admin' => $_POST['admin'], ':on_avscan' => $_POST['on_avscan'], ':on_piped' => $_POST['on_piped'], ':on_spamassassin' => $_POST['on_spamassassin'], ':sa_tag' => isset($_POST['sa_tag']) ? $_POST['sa_tag'] : 0, ':sa_refuse' => isset($_POST['sa_refuse']) ? $_POST['sa_refuse'] : 0, ':maxmsgsize' => $_POST['maxmsgsize'], ':enabled' => $_POST['enabled'], ':quota' => $_POST['quota']));
if ($success) {
header("Location: adminuser.php?added={$_POST['localpart']}");
mail("{$_POST['localpart']}@{$_SESSION['domain']}", vexim_encode_header(sprintf(_("Welcome %s!"), $_POST['realname'])), "{$welcome_message}", "From: {$_SESSION['localpart']}@{$_SESSION['domain']}\r\nMIME-Version: 1.0\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Transfer-Encoding: 8bit\r\n");
die;
} else {
header("Location: adminuser.php?failadded={$_POST['localpart']}");
die;
}
} else {
header("Location: adminuser.php?badpass={$_POST['localpart']}");
die;
}
?>
<!-- Layout and CSS tricks obtained from http://www.bluerobot.com/web/layouts/ -->
$accountactive = get_user_data($inputedusername, "active");
if (getenv('HTTP_X_FORWARDED_FOR')) {
$pipaddress = getenv('HTTP_X_FORWARDED_FOR');
$ipaddress = getenv('REMOTE_ADDR');
} else {
$ipaddress = getenv('REMOTE_ADDR');
}
if ($accountactive == 1) {
$userdbpassword = get_user_data($inputedusername, "password_sha512");
if (strpos(strtolower($userdbpassword), "fail") !== false) {
echo "<center>failed, unable to locate users password</center>";
logfailedattempt($inputedusername, "unknown user,(" . $pipaddress . "->" . $ipaddress . ")");
exit;
}
$userssalt = trim(substr($userdbpassword, 0, 16));
$inputedpasswordhash = crypt_password($inputedpassword, $userssalt);
if (empty($inputedpasswordhash)) {
echo "<center>failed, unable to decrypt user password</center>";
exit;
}
if (trim($userdbpassword) != trim($inputedpasswordhash)) {
echo "<center>incorrect password, please try again</center>";
logfailedattempt($inputedusername, "bad password,(" . $pipaddress . "->" . $ipaddress . ")");
exit;
}
$useradminlevel = get_user_data($inputedusername, "admin");
session_start();
$_SESSION['username'] = $inputedusername;
$_SESSION['timeout'] = 300;
$_SESSION['start'] = time();
$_SESSION['admin'] = $useradminlevel;
echo "<font class=\"tdmain\">Password contains bad characters</font><p>\n";
} elseif (is_valid_string($passwordv)) {
echo "<font class=\"tdmain\">Password (Verify) contains bad characters</font><p>\n";
} elseif ($password != $passwordv) {
echo "<font class=\"tdmain\">Passwords don't match</font><p>\n";
} elseif (is_valid_realname($realname)) {
echo "<font class=\"tdmain\">Realname contains bad characters</font><p>\n";
$realname = '';
} elseif (is_valid_email($email)) {
echo "<font class=\"tdmain\">E-Mail contains bad characters</font><p>\n";
$email = '';
} else {
echo "<font class=\"tdmain\">User \"{$username}\" addedd successfuly<p>\n";
$userid = count($htpUser);
$htpUser[$userid]['username'] = $username;
$htpUser[$userid]['password'] = crypt_password($username, $password);
$htpUser[$userid]['realname'] = $realname;
$htpUser[$userid]['email'] = $email;
write_passwd_file($id);
read_passwd_file($id);
# clean form
$username = '';
$realname = '';
$email = '';
}
} else {
$username = '';
$realname = '';
$email = '';
}
?>
function reset_password($username, $email)
{
global $db_link;
$result = wrap_db_query("SELECT email FROM " . BOOKING_USER_TABLE . " WHERE username='******'");
if (!$result) {
return false;
// no result
} else {
if (wrap_db_num_rows($result) == 0) {
return false;
// username not in db
} else {
$fields = wrap_db_fetch_array($result);
if ($email != $fields['email']) {
return false;
// emails do not match
}
}
}
$new_passwd = random_password(6);
// crypt user password entry
$crypted_new_passwd = crypt_password($new_passwd);
// set user's password to this in database or return false
$result = wrap_db_query("UPDATE " . BOOKING_USER_TABLE . " SET passwd = '" . wrap_db_escape_string($crypted_new_passwd) . "' " . "WHERE username = '******' AND email = '" . wrap_db_escape_string($email) . "'");
if (!$result) {
return false;
// not changed
} else {
return $new_passwd;
// changed successfully
}
}
<?php
$currentpass = $_GET['password'];
$cryptpass = crypt_password($currentpass, '');
echo $currentpass . '<br />';
echo $cryptpass . '<br />';
function crypt_password($password, $salt = '')
{
if ($salt == '') {
$saltChars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
for ($i = 0; $i < 16; ++$i) {
$salt .= $saltChars[rand(0, strlen($saltChars) - 1)];
}
}
$key = $salt . $password;
for ($i = 0; $i < 1000; ++$i) {
$key = hash('sha512', $key, true);
}
return $salt . base64_encode($key);
}
//Gah. Transactions!! -- GCBirzan
if (validate_password($_POST['clear'], $_POST['vclear']) && $_POST['type'] != "alias") {
if ($multi_ip == "yes") {
$query = "INSERT INTO domains \n (domain, spamassassin, sa_tag, sa_refuse,\n max_accounts, quotas, maildir, pipe, enabled,\n uid, gid, type, maxmsgsize, relay_address, outgoing_ip)\n VALUES (:domain, :spamassassin, :sa_tag, :sa_refuse,\n :max_accounts, :quotas, :maildir, :pipe, :enabled,\n :uid, :gid, :type, :maxmsgsize, :relay_address, :outgoing_ip)";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':domain' => $_POST['domain'], ':spamassassin' => $_POST['spamassassin'], ':sa_tag' => isset($_POST['sa_tag']) ? $_POST['sa_tag'] : 0, ':sa_refuse' => isset($_POST['sa_refuse']) ? $_POST['sa_refuse'] : 0, ':max_accounts' => $_POST['max_accounts'], ':quotas' => isset($_POST['quotas']) ? $_POST['quotas'] : 0, ':maildir' => $domainpath, ':pipe' => $_POST['pipe'], ':enabled' => $_POST['enabled'], ':uid' => $uid, ':gid' => $gid, ':type' => $_POST['type'], ':maxmsgsize' => isset($_POST['maxmsgsize']) ? $_POST['maxmsgsize'] : 0, ':relay_address' => $_POST['relay_address'], ':outgoing_ip' => $_POST['outgoing_ip']));
} else {
$query = "INSERT INTO domains \n (domain, spamassassin, sa_tag, sa_refuse,\n max_accounts, quotas, maildir, pipe, enabled,\n uid, gid, type, maxmsgsize, relay_address)\n VALUES (:domain, :spamassassin, :sa_tag, :sa_refuse,\n :max_accounts, :quotas, :maildir, :pipe, :enabled,\n :uid, :gid, :type, :maxmsgsize, :relay_address)";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':domain' => $_POST['domain'], ':spamassassin' => $_POST['spamassassin'], ':sa_tag' => isset($_POST['sa_tag']) ? $_POST['sa_tag'] : 0, ':sa_refuse' => isset($_POST['sa_refuse']) ? $_POST['sa_refuse'] : 0, ':max_accounts' => $_POST['max_accounts'], ':quotas' => isset($_POST['quotas']) ? $_POST['quotas'] : 0, ':maildir' => $domainpath, ':pipe' => $_POST['pipe'], ':enabled' => $_POST['enabled'], ':uid' => $uid, ':gid' => $gid, ':type' => $_POST['type'], ':maxmsgsize' => isset($_POST['maxmsgsize']) ? $_POST['maxmsgsize'] : 0, ':relay_address' => $_POST['relay_address']));
}
if ($success) {
if ($_POST['type'] == "local") {
$query = "INSERT INTO users\n (domain_id, localpart, username, crypt, uid, gid,\n on_spamassassin, sa_tag, sa_refuse, quota, maxmsgsize,\n smtp, pop, realname, type, admin)\n SELECT domain_id, :localpart, :username, :crypt,:uid, :gid,\n :on_spamassassin, :sa_tag, :sa_refuse, :quota, :maxmsgsize,\n :smtp, :pop, 'Domain Admin', 'local', 1\n FROM domains\n WHERE domains.domain=:domain";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':localpart' => $_POST['localpart'], ':username' => $_POST['localpart'] . '@' . $_POST['domain'], ':crypt' => crypt_password($_POST['clear']), ':uid' => $uid, ':gid' => $gid, ':on_spamassassin' => $_POST['spamassassin'], ':sa_tag' => isset($_POST['sa_tag']) ? $_POST['sa_tag'] : 0, ':sa_refuse' => isset($_POST['sa_refuse']) ? $_POST['sa_refuse'] : 0, ':quota' => isset($_POST['quotas']) ? $_POST['quotas'] : 0, ':maxmsgsize' => isset($_POST['maxmsgsize']) ? $_POST['maxmsgsize'] : 0, ':smtp' => $smtphomepath, ':pop' => $pophomepath, ':domain' => $_POST['domain']));
// Is using indexes worth setting the domain_id by hand? -- GCBirzan
if (!$success) {
header("Location: site.php?failaddedusrerr={$_POST['domain']}");
die;
} else {
header("Location: site.php?added={$_POST['domain']}" . "&type={$_POST['type']}");
mail("{$_POST['localpart']}@{$_POST['domain']}", vexim_encode_header(_("Welcome Domain Admin!")), "{$welcome_newdomain}", "From: {$_POST['localpart']}@{$_POST['domain']}\r\nMIME-Version: 1.0\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Transfer-Encoding: 8bit\r\n");
die;
}
} else {
header("Location: site.php?added={$_POST['domain']}" . "&type={$_POST['type']}");
/* GLD fix for bug in relay welcome message to blank local part. email to: postmaster@<relay-to-domain> */
/* mail("{$_POST['localpart']}@{$_POST['domain']}", GLD removed this */
mail("postmaster@{$_POST['domain']}", vexim_encode_header(_("Welcome Domain Admin!")), "{$welcome_newdomain}", "MIME-Version: 1.0\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Transfer-Encoding: 8bit\r\n");
/* "From: {$_POST['localpart']}@{$_POST['domain']}\r\n"); GLD removed this */
} else {
$_POST['enabled'] = 0;
}
if (isset($_POST['pipe'])) {
$_POST['pipe'] = 1;
} else {
$_POST['pipe'] = 0;
}
if ($_POST['max_accounts'] == '') {
$_POST['max_accounts'] = '0';
}
if (isset($_POST['clear'])) {
if (validate_password($_POST['clear'], $_POST['vclear'])) {
$query = "UPDATE users SET crypt=:crypt WHERE localpart=:localpart AND domain_id=:domain_id";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':crypt' => crypt_password($_POST['clear']), ':localpart' => $_POST['localpart'], ':domain_id' => $_POST['domain_id']));
if ($success) {
header("Location: site.php?updated={$_POST['domain']}");
die;
} else {
header("Location: site.php?failupdated={$_POST['domain']}");
die;
}
} else {
header("Location: site.php?badpass={$_POST['domain']}");
die;
}
}
// User can specify either UID, or username, the former being preferred.
// Using posix_getpwuid/posix_getgrgid even when we have an UID is so we
// are sure the UID exists.
function edit_user($username, $new_username, $password, $groups, $permissions)
{
include 'config.php';
$res = "";
$db = new IMDB();
$fields = array();
$fields["username"] = "******" . $db->escapeString($new_username) . "'";
$fields["permissions"] = strval($permissions);
if (strlen(trim($password)) > 0) {
$fields["password"] = "******" . $db->escapeString(crypt_password($password)) . "'";
}
$where = array("username" => "'" . $username . "'");
$res = $db->edit_item_from_table("user", $fields, $where);
if ($res != "") {
$res = $db->lastErrorMsg() . $sql;
}
// borramos para volver a anyadirlos
$grp_res = $db->delete_item_from_table("users_grp", array("username" => "'" . $username . "'"));
if ($grp_res != "") {
$res = "Error adding user groups: " . $grp_res;
}
$all_ok = true;
$error_msg = "";
foreach ($groups as $group) {
$fields = array();
$fields[] = "'" . $db->escapeString($group) . "'";
$fields[] = "'" . $db->escapeString($username) . "'";
$grp_res = $db->insert_item_into_table("users_grp", $fields);
if ($grp_res != "") {
$all_ok = false;
$error_msg = $grp_res;
}
}
if (!$all_ok) {
$res = "Error adding user groups: " . $error_msg;
}
$db->close();
return $res;
}
$sql->query("UPDATE `config` SET `value`='false' WHERE `key`='recent_public'");
}
if (isset($_POST['recent_count'])) {
if (is_numeric($_POST['recent_count'])) {
$sql->query("UPDATE `config` SET `value`='" . (int) $_POST['recent_count'] . "' WHERE `key`='recent_count'");
}
}
$_SESSION['flash'] = "Änderungen erfolgreich gespeichert.";
header('Location: ucp.php?page=settings');
exit;
break;
case "password":
if (isset($_POST['password_change']) && isset($_POST['password_verify'])) {
if ($_POST['password_change'] === $_POST['password_verify']) {
if (strlen($_POST['password_change']) > 3) {
$sql->query("UPDATE `config` SET `value`='" . $sql->real_escape_string(crypt_password($_POST['password_change'], gen_salt(22))) . "' WHERE `key`='password';");
$_SESSION['flash'] = "Passwort erfolgreich geändert.";
header('Location: ucp.php?page=settings');
exit;
}
}
}
$_SESSION['flash'] = "Das Passwort stimmt nicht überein oder ist zu kurz.";
header('Location: ucp.php?page=settings');
exit;
break;
default:
$tpl->draw("settings");
}
}
break;
