Example #1
0
        if (!$error) {
            $_SESSION['admin_encrypt'] = $enc_key;
            $messageStack->add(GEN_ENCRYPTION_KEY_SET, 'success');
        }
        break;
    case 'encrypt_key':
        validate_security($security_level, 4);
        $old_key = db_prepare_input($_POST['old_encrypt_key']);
        $new_key = db_prepare_input($_POST['new_encrypt_key']);
        $new_key_confirm = db_prepare_input($_POST['new_encrypt_confirm']);
        if (defined('ENCRYPTION_VALUE') && !pw_validate_password($old_key, ENCRYPTION_VALUE)) {
            $error = $messageStack->add(ERROR_OLD_ENCRYPT_NOT_CORRECT, 'error');
        }
        if (strlen($new_key) < ENTRY_PASSWORD_MIN_LENGTH) {
            $error = $messageStack->add(sprintf(ENTRY_PASSWORD_NEW_ERROR, ENTRY_PASSWORD_MIN_LENGTH), 'error');
        }
        if ($new_key != $new_key_confirm) {
            $error = $messageStack->add(ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING, 'error');
        }
        if (!$error) {
            write_configure('ENCRYPTION_VALUE', pw_encrypt_password($new_key));
            $messageStack->add(GEN_ENCRYPTION_KEY_CHANGED, 'success');
        }
        break;
    default:
}
/*****************   prepare to display templates  *************************/
$include_header = true;
$include_footer = true;
$include_template = 'template_main.php';
define('PAGE_TITLE', BOX_HEADING_ENCRYPTION);
     }
 }
 $sql_data_array = array('admin_name' => db_prepare_input($_POST['admin_name']), 'inactive' => isset($_POST['inactive']) ? '1' : '0', 'display_name' => db_prepare_input($_POST['display_name']), 'admin_email' => db_prepare_input($_POST['admin_email']), 'account_id' => db_prepare_input($_POST['account_id']), 'admin_prefs' => serialize($prefs), 'admin_security' => $admin_security);
 if ($_POST['password_new']) {
     $password_new = db_prepare_input($_POST['password_new']);
     $password_conf = db_prepare_input($_POST['password_conf']);
     if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
         $error = true;
         $messageStack->add(ENTRY_PASSWORD_NEW_ERROR, 'error');
     } else {
         if ($password_new != $password_conf) {
             $error = true;
             $messageStack->add(ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING, 'error');
         }
     }
     $sql_data_array['admin_pass'] = pw_encrypt_password($password_new);
 }
 if (!$error) {
     if ($admin_id) {
         db_perform(TABLE_USERS, $sql_data_array, 'update', 'admin_id = ' . (int) $admin_id);
         gen_add_audit_log(GEN_LOG_USER_UPDATE . $admin_name);
     } else {
         db_perform(TABLE_USERS, $sql_data_array);
         $admin_id = db_insert_id();
         gen_add_audit_log(GEN_LOG_USER_ADD . $admin_name);
     }
 } elseif ($error) {
     $action = 'edit';
 }
 $uInfo = new objectInfo($_POST);
 $uInfo->admin_security = $admin_security;
if (isset($_POST['submit'])) {
    if (!$_POST['admin_email']) {
        $error_check = true;
        $email_message = ERROR_WRONG_EMAIL_NULL;
    }
    $_SESSION['company'] = $_SESSION['companies'][$_POST['company']];
    $admin_email = db_prepare_input($_POST['admin_email']);
    $sql = "select admin_id, admin_name, admin_email, admin_pass \r\n  \tfrom " . TABLE_USERS . " where admin_email = '" . db_input($admin_email) . "'";
    $result = $db->Execute($sql);
    if (!($admin_email == $result->fields['admin_email'])) {
        $error_check = true;
        $email_message = ERROR_WRONG_EMAIL;
    }
    if (!$error_check) {
        $new_password = pw_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
        $admin_pass = pw_encrypt_password($new_password);
        $sql = "update " . TABLE_USERS . " set admin_pass = '" . db_input($admin_pass) . "' \r\n\t\twhere admin_email = '" . $result->fields['admin_email'] . "'";
        $db->Execute($sql);
        $html_msg['EMAIL_CUSTOMERS_NAME'] = $result->fields['admin_name'];
        $html_msg['EMAIL_MESSAGE_HTML'] = sprintf(TEXT_EMAIL_MESSAGE, $new_password);
        validate_send_mail($result->fields['admin_name'], $result->fields['admin_email'], TEXT_EMAIL_SUBJECT, sprintf(TEXT_EMAIL_MESSAGE, $new_password), COMPANY_NAME, EMAIL_FROM, $html_msg);
        $email_message = SUCCESS_PASSWORD_SENT;
        gen_add_audit_log(GEN_LOG_RESEND_PW . $admin_email);
    }
}
/*****************   prepare to display templates  *************************/
$include_header = false;
$include_footer = false;
$include_tabs = false;
$include_calendar = false;
$include_template = 'template_main.php';
        $new_key = db_prepare_input($_POST['new_encrypt_key']);
        $new_key_confirm = db_prepare_input($_POST['new_encrypt_confirm']);
        if (ENCRYPTION_VALUE && !pw_validate_password($old_key, ENCRYPTION_VALUE)) {
            $error = true;
            $messageStack->add(ERROR_OLD_ENCRYPT_NOT_CORRECT, 'error');
        }
        if (strlen($new_key) < ENTRY_PASSWORD_MIN_LENGTH) {
            $error = true;
            $messageStack->add(ENTRY_PASSWORD_NEW_ERROR, 'error');
        }
        if ($new_key != $new_key_confirm) {
            $error = true;
            $messageStack->add(ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING, 'error');
        }
        if (!$error) {
            $db->Execute("update " . TABLE_CONFIGURATION . " set configuration_value = '" . pw_encrypt_password($new_key) . "' \r\n\t\twhere configuration_key = 'ENCRYPTION_VALUE'");
            $messageStack->add(GEN_ENCRYPTION_KEY_CHANGED, 'success');
        }
        break;
    default:
}
/*****************   prepare to display templates  *************************/
$include_header = true;
// include header flag
$include_footer = true;
// include footer flag
$include_tabs = false;
$include_calendar = false;
$include_template = 'template_main.php';
// include display template (required)
define('PAGE_TITLE', BOX_HEADING_ENCRYPTION);
    $zc_install->isEmail($admin_email, ERROR_TEXT_ADMIN_EMAIL_NOTEMAIL, ERROR_CODE_ADMIN_EMAIL_NOTEMAIL);
    $zc_install->isEmpty($admin_pass, ERROR_TEXT_LOGIN_PASS_ISEMPTY, ERROR_CODE_ADMIN_PASS_ISEMPTY);
    $zc_install->isEqual($admin_pass, $admin_pass_confirm, ERROR_TEXT_LOGIN_PASS_NOTEQUAL, ERROR_CODE_ADMIN_PASS_NOTEQUAL);
    if (!$zc_install->error) {
        session_start();
        if (isset($_SESSION['company'])) {
            define('DB_DATABASE', $_SESSION['company']);
            define('DB_SERVER', $_SESSION['db_server']);
            define('DB_SERVER_USERNAME', $_SESSION['db_user']);
            define('DB_SERVER_PASSWORD', $_SESSION['db_pw']);
        } else {
            die("Unknown company database name.");
        }
        $db->Connect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD, DB_DATABASE) or die("Unable to connect to database");
        $security = load_full_access_security();
        $sql = "insert into " . DB_PREFIX . "users set admin_name = '" . $admin_username . "', admin_email = '" . $admin_email . "', \r\n\t  \t\tadmin_pass = '" . pw_encrypt_password($admin_pass) . "', admin_security = '" . $security . "'";
        $db->Execute($sql);
        $_SESSION['admin_id'] = db_insert_id();
        $_SESSION['language'] = $language;
        $_SESSION['admin_security'] = gen_parse_permissions($security);
        $db->Close();
        header('location: index.php?main_page=store_setup&language=' . $language);
        exit;
    }
}
if (!isset($_POST['admin_username'])) {
    $_POST['admin_username'] = '';
}
if (!isset($_POST['admin_email'])) {
    $_POST['admin_email'] = '';
}
Example #6
0
     foreach ($contents as $entry) {
         // install reports now that categories are set up
         if ($entry != '.' && $entry != '..') {
             admin_add_reports($entry, DIR_FS_MY_FILES . $_SESSION['company'] . '/phreeform/');
         }
     }
 }
 if (!$error) {
     // input admin username record, clear the tables first
     if (DEBUG) {
         $messageStack->debug("\n  installing users");
     }
     $db->Execute("TRUNCATE TABLE " . TABLE_USERS);
     $db->Execute("TRUNCATE TABLE " . TABLE_USERS_PROFILES);
     $security = load_full_access_security();
     $db->Execute($sql = "insert into " . TABLE_USERS . " set\n\t\t      admin_name  = '" . $user_username . "', \n\t\t\t  admin_email = '" . $user_email . "', \n\t\t  \t  admin_pass  = '" . pw_encrypt_password($user_password) . "',\n\t\t\t  admin_security = '" . $security . "'");
     $user_id = $db->insert_ID();
     if (sizeof($params) > 0) {
         // create My Notes dashboard entries
         $db->Execute("insert into " . TABLE_USERS_PROFILES . " set user_id = " . $user_id . ",\n\t\t\t\t  menu_id = 'index', module_id = 'phreedom', dashboard_id = 'to_do', column_id = 1, row_id = 1, \n\t\t\t  \t  params = '" . serialize($params) . "'");
     }
 }
 if (!$error) {
     // install fiscal year, default chart of accounts
     if (DEBUG) {
         $messageStack->debug("\n  installing fiscal year.");
     }
     require_once '../modules/phreebooks/functions/phreebooks.php';
     $db->Execute("TRUNCATE TABLE " . TABLE_ACCOUNTING_PERIODS);
     $current_year = date('Y');
     $start_year = $fy_year;