function process_form()
{
    global $phpcid, $vars, $phpcdb, $phpc_script;
    verify_token();
    if (empty($vars['user_name'])) {
        return message(__('You must specify a user name'));
    }
    if (empty($vars['password1'])) {
        return message(__('You must specify a password'));
    }
    if (empty($vars['password2']) || $vars['password1'] != $vars['password2']) {
        return message(__('Your passwords did not match'));
    }
    $make_admin = empty($vars['make_admin']) ? 0 : 1;
    $passwd = md5($vars['password1']);
    if ($phpcdb->get_user_by_name($vars["user_name"])) {
        return message(__('User already exists.'));
    }
    $uid = $phpcdb->create_user($vars["user_name"], $passwd, $make_admin);
    if (!empty($vars['groups'])) {
        foreach ($vars['groups'] as $gid) {
            $phpcdb->user_add_group($uid, $gid);
        }
    }
    return message(__('Added user.'));
}
Example #2
0
function process_form()
{
    global $phpcid, $vars, $phpcdb, $phpc_script, $phpc_cal;
    verify_token();
    $user = $phpcdb->get_user($vars["uid"]);
    // Remove existing groups for this calendar
    foreach ($user->get_groups() as $group) {
        if ($group["cid"] == $phpcid) {
            $phpcdb->user_remove_group($vars["uid"], $group["gid"]);
        }
    }
    $valid_groups = array();
    foreach ($phpc_cal->get_groups() as $group) {
        $valid_groups[] = $group["gid"];
    }
    if (!empty($vars["groups"])) {
        foreach ($vars["groups"] as $gid) {
            if (!in_array($gid, $valid_groups)) {
                soft_error("Invalid gid");
            }
            $phpcdb->user_add_group($vars["uid"], $gid);
        }
    }
    return message(__('Groups updated.'));
}
function process_form()
{
    global $vars, $phpcdb, $phpc_script;
    verify_token();
    $cid = $phpcdb->create_calendar();
    foreach (get_config_options() as $item) {
        $name = $item[0];
        $type = $item[2];
        if ($type == PHPC_CHECK) {
            if (isset($vars[$name])) {
                $value = "1";
            } else {
                $value = "0";
            }
        } else {
            if (isset($vars[$name])) {
                $value = $vars[$name];
            } else {
                soft_error(__("{$name} was not set."));
            }
        }
        $phpcdb->create_config($cid, $name, $value);
    }
    message(__('Calendar created.'));
}
function password_submit()
{
    global $vars, $phpcdb, $phpc_user;
    if (!is_user()) {
        return tag('div', __('You must be logged in.'));
    }
    verify_token();
    if (!$phpc_user->is_password_editable()) {
        soft_error(__('You do not have permission to change your password.'));
    }
    if (!isset($vars['old_password'])) {
        return tag('div', __('You must specify your old password.'));
    } else {
        $old_password = $vars['old_password'];
    }
    if ($phpc_user->password != md5($old_password)) {
        return tag('div', __('The password you entered did not match your old password.'));
    }
    if (empty($vars['password1'])) {
        return tag('div', __('You must specify a password'));
    }
    if (empty($vars['password2']) || $vars['password1'] != $vars['password2']) {
        return tag('div', __('Your passwords did not match'));
    }
    $passwd = md5($vars['password1']);
    $phpcdb->set_password($phpc_user->get_uid(), $passwd);
    return tag('div', __('Password updated.'));
}
function user_settings_submit()
{
    global $phpcid, $vars, $phpcdb, $phpc_user_tz, $phpc_user_lang, $phpc_prefix, $phpc_user, $phpc_script;
    verify_token();
    // If we have a timezone, make sure it's valid
    if (!empty($vars["timezone"]) && !in_array($vars['timezone'], timezone_identifiers_list())) {
        soft_error(__("Invalid timezone."));
    }
    // Expire 20 years in the future, give or take.
    $expiration_time = time() + 20 * 365 * 24 * 60 * 60;
    // One hour in the past
    $past_time = time() - 3600;
    if (!empty($vars["timezone"])) {
        setcookie("{$phpc_prefix}tz", $vars['timezone'], $expiration_time);
    } else {
        setcookie("{$phpc_prefix}tz", '', $past_time);
    }
    if (!empty($vars["language"])) {
        setcookie("{$phpc_prefix}lang", $vars['language'], $expiration_time);
    } else {
        setcookie("{$phpc_prefix}lang", '', $past_time);
    }
    if (is_user()) {
        $uid = $phpc_user->get_uid();
        $phpcdb->set_user_default_cid($uid, $vars['default_cid']);
        $phpcdb->set_timezone($uid, $vars['timezone']);
        $phpcdb->set_language($uid, $vars['language']);
        $phpc_user_tz = $vars["timezone"];
        $phpc_user_lang = $vars["language"];
    }
    return message_redirect(__('Settings updated.'), "{$phpc_script}?action=user_settings&phpcid={$phpcid}");
}
Example #6
0
function settings_submit()
{
    global $phpcid, $vars, $phpcdb, $phpc_user_tz, $phpc_user_lang, $phpc_prefix, $phpc_user;
    verify_token();
    // Expire 20 years in the future, give or take.
    $expiration_time = time() + 20 * 365 * 24 * 60 * 60;
    // One hour in the past
    $past_time = time() - 3600;
    if (!empty($vars["timezone"])) {
        setcookie("{$phpc_prefix}tz", $vars['timezone'], $expiration_time);
    } else {
        setcookie("{$phpc_prefix}tz", '', $past_time);
    }
    if (!empty($vars["language"])) {
        setcookie("{$phpc_prefix}lang", $vars['language'], $expiration_time);
    } else {
        setcookie("{$phpc_prefix}lang", '', $past_time);
    }
    if (is_user()) {
        $uid = $phpc_user->get_uid();
        $phpcdb->set_timezone($uid, $vars['timezone']);
        $phpcdb->set_language($uid, $vars['language']);
        $phpc_user_tz = $vars["timezone"];
        $phpc_user_lang = $vars["language"];
    }
    return message(__('Settings updated.'));
}
    if ($format != $translation) {
        $args[0] = format_number($number);
    }
    return vsprintf($format, $args);
}
function switch_lang()
{
    global $LANG, $langs;
    echo "<form action='' method='post'>\n<div id='lang'>";
    echo lang('Language') . ": " . html_select("lang", $langs, $LANG, "this.form.submit();");
    echo " <input type='submit' value='" . lang('Use') . "' class='hidden'>\n";
    echo "<input type='hidden' name='token' value='" . get_token() . "'>\n";
    // $token may be empty in auth.inc.php
    echo "</div>\n</form>\n";
}
if (isset($_POST["lang"]) && verify_token()) {
    // $error not yet available
    cookie("adminer_lang", $_POST["lang"]);
    $_SESSION["lang"] = $_POST["lang"];
    // cookies may be disabled
    $_SESSION["translations"] = array();
    // used in compiled version
    adminer_redirect(remove_from_uri());
}
$LANG = "en";
if (isset($langs[$_COOKIE["adminer_lang"]])) {
    cookie("adminer_lang", $_COOKIE["adminer_lang"]);
    $LANG = $_COOKIE["adminer_lang"];
} elseif (isset($langs[$_SESSION["lang"]])) {
    $LANG = $_SESSION["lang"];
} else {
Example #8
0
function process_form()
{
    global $vars, $phpcdb, $phpc_cal, $phpcid, $phpc_script;
    if (!isset($vars['eid']) && !isset($vars['oid'])) {
        soft_error(__("Cannot create occurrence."));
    }
    $start_ts = get_timestamp("start");
    $end_ts = get_timestamp("end");
    switch ($vars["time-type"]) {
        case 'normal':
            $time_type = 0;
            break;
        case 'full':
            $time_type = 1;
            break;
        case 'tba':
            $time_type = 2;
            break;
        default:
            soft_error(__("Unrecognized Time Type."));
    }
    $duration = $end_ts - $start_ts;
    if ($duration < 0) {
        soft_error(__("An event cannot have an end earlier than its start."));
    }
    verify_token();
    if (!$phpc_cal->can_write()) {
        permission_error(__('You do not have permission to write to this calendar.'));
    }
    if (!isset($vars['oid'])) {
        $modify = false;
        if (!isset($vars["eid"])) {
            soft_error(__("EID not set."));
        }
        $oid = $phpcdb->create_occurrence($vars["eid"], $time_type, $start_ts, $end_ts);
    } else {
        $modify = true;
        $oid = $vars["oid"];
        $phpcdb->modify_occurrence($oid, $time_type, $start_ts, $end_ts);
    }
    if ($oid != 0) {
        if ($modify) {
            $message = __("Modified occurence: ");
        } else {
            $message = __("Created occurence: ");
        }
        return message_redirect(tag('', $message, create_event_link($oid, 'display_event', $oid)), "{$phpc_script}?action=display_event&phpcid={$phpcid}&oid={$oid}");
    } else {
        return message_redirect(__('Error submitting occurrence.'), "{$phpc_script}?action=display_month&phpcid={$phpcid}");
    }
}
Example #9
0
function process_form()
{
    global $vars, $phpcdb, $phpc_cal, $phpcid, $phpc_script, $phpc_user;
    // When modifying events, this is the value of the checkbox that
    //   determines if the date should change
    $modify_occur = !isset($vars['eid']) || !empty($vars['phpc-modify']);
    if ($modify_occur) {
        $start_ts = get_timestamp("start");
        $end_ts = get_timestamp("end");
        switch ($vars["time-type"]) {
            case 'normal':
                $time_type = 0;
                break;
            case 'full':
                $time_type = 1;
                break;
            case 'tba':
                $time_type = 2;
                break;
            default:
                soft_error(__("Unrecognized Time Type."));
        }
        $duration = $end_ts - $start_ts;
        if ($duration < 0) {
            message(__("An event cannot have an end earlier than its start."));
            return display_form();
        }
    }
    verify_token();
    if (0) {
        permission_error(__('You do not have permission to write to this calendar.'));
    }
    if ($phpc_cal->can_create_readonly() && !empty($vars['readonly'])) {
        $readonly = true;
    } else {
        $readonly = false;
    }
    $catid = empty($vars['catid']) ? false : $vars['catid'];
    if (!isset($vars['eid'])) {
        $modify = false;
        $eid = $phpcdb->create_event($phpcid, $phpc_user->get_uid(), $vars["subject"], $vars["description"], $readonly, $catid);
    } else {
        $modify = true;
        $eid = $vars['eid'];
        $phpcdb->modify_event($eid, $vars['subject'], $vars['description'], $readonly, $catid);
        if ($modify_occur) {
            $phpcdb->delete_occurrences($eid);
        }
    }
    if ($modify_occur) {
        $oid = $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
        $occurrences = 1;
        switch ($vars["repeats"]) {
            case "never":
                break;
            case 'daily':
                if (!isset($vars["every-day"])) {
                    soft_error(__("Required field \"every-day\" is not set."));
                }
                $ndays = $vars["every-day"];
                if ($ndays < 1) {
                    soft_error(__("every-day must be greater than 1"));
                }
                $daily_until = get_timestamp("daily-until");
                while ($occurrences <= 730) {
                    $start_ts = add_days($start_ts, $ndays);
                    $end_ts = add_days($end_ts, $ndays);
                    if (days_between($start_ts, $daily_until) < 0) {
                        break;
                    }
                    $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
                    $occurrences++;
                }
                break;
            case 'weekly':
                if (!isset($vars["every-week"])) {
                    soft_error(__("Required field \"every-week\" is not set."));
                }
                if ($vars["every-week"] < 1) {
                    soft_error(__("every-week must be greater than 1"));
                }
                $ndays = $vars["every-week"] * 7;
                $weekly_until = get_timestamp("weekly-until");
                while ($occurrences <= 730) {
                    $start_ts = add_days($start_ts, $ndays);
                    $end_ts = add_days($end_ts, $ndays);
                    if (days_between($start_ts, $weekly_until) < 0) {
                        break;
                    }
                    $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
                    $occurrences++;
                }
                break;
            case 'monthly':
                if (!isset($vars["every-month"])) {
                    soft_error(__("Required field \"every-month\" is not set."));
                }
                if ($vars["every-month"] < 1) {
                    soft_error(__("every-month must be greater than 1"));
                }
                $nmonths = $vars["every-month"];
                $monthly_until = get_timestamp("monthly-until");
                while ($occurrences <= 730) {
                    $start_ts = add_months($start_ts, $nmonths);
                    $end_ts = add_months($end_ts, $nmonths);
                    if (days_between($start_ts, $monthly_until) < 0) {
                        break;
                    }
                    $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
                    $occurrences++;
                }
                break;
            case 'yearly':
                if (!isset($vars["every-year"])) {
                    soft_error(__("Required field \"every-year\" is not set."));
                }
                if ($vars["every-year"] < 1) {
                    soft_error(__("every-month must be greater than 1"));
                }
                $nyears = $vars["every-year"];
                $yearly_until = get_timestamp("yearly-until");
                while ($occurrences <= 730) {
                    $start_ts = add_years($start_ts, $nyears);
                    $end_ts = add_years($end_ts, $nyears);
                    if (days_between($start_ts, $yearly_until) < 0) {
                        break;
                    }
                    $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
                    $occurrences++;
                }
                break;
            default:
                soft_error(__("Invalid event type."));
        }
    }
    if ($eid != 0) {
        if ($modify) {
            $message = __("Modified event: ");
        } else {
            $message = __("Created event: ");
        }
        /* before
        return message_redirect(tag($eid, $message,
        					create_event_link('', 'display_event',
        						$eid)), */
        return message_redirect(tag('', $message, create_event_link('', 'display_event', '')), "{$phpc_script}?action=display_event&phpcid={$phpcid}&oid={$oid}");
        /* <-- before last paremeter was &eid=$eid instead of &oid=$oid */
    } else {
        return message_redirect(__('Error submitting event.'), "{$phpc_script}?action=display_month&phpcid={$phpcid}");
    }
}
    echo "</select>";
    echo " <input type='submit' value='" . lang('Use') . "' class='hidden'>\n";
    echo "<input type='hidden' name='token' value='" . get_token() . "'>\n";
    // $token may be empty in auth.inc.php
    echo "</div>\n</form>\n";
}
if (isset($_POST["lang"]) && verify_token()) {
    // $error not yet available
    cookie("adminer_lang", $_POST["lang"]);
    $_SESSION["lang"] = $_POST["lang"];
    // cookies may be disabled
    $_SESSION["translations"] = array();
    // used in compiled version
    redirect(remove_from_uri());
}
if (isset($_POST["theme"]) && verify_token()) {
    // $error not yet available
    if ($_POST["theme"] == 'default') {
        setcookie("adminer_theme", null, time() - 3600);
        if (file_exists("./adminer.css")) {
            unlink("./adminer.css");
        }
    } else {
        copy("../designs/" . $_POST["theme"] . "/adminer.css", "./adminer.css");
        cookie("adminer_theme", $_REQUEST["theme"]);
    }
    redirect(remove_from_uri());
}
$LANG = "en";
if (isset($langs[$_COOKIE["adminer_lang"]])) {
    cookie("adminer_lang", $_COOKIE["adminer_lang"]);
Example #11
0
        exit;
    }
    $connection = connect();
}
$driver = new Min_Driver($connection);
if (!is_object($connection) || !$adminer->login($_GET["username"], get_password())) {
    auth_error(is_string($connection) ? $connection : lang('Invalid credentials.'));
}
if ($auth && $_POST["token"]) {
    $_POST["token"] = $token;
    // reset token after explicit login
}
$error = '';
///< @var string
if ($_POST) {
    if (!verify_token()) {
        $ini = "max_input_vars";
        $max_vars = ini_get($ini);
        if (extension_loaded("suhosin")) {
            foreach (array("suhosin.request.max_vars", "suhosin.post.max_vars") as $key) {
                $val = ini_get($key);
                if ($val && (!$max_vars || $val < $max_vars)) {
                    $ini = $key;
                    $max_vars = $val;
                }
            }
        }
        $error = !$_POST["token"] && $max_vars ? lang('Maximum number of allowed fields exceeded. Please increase %s.', "'{$ini}'") : lang('Invalid CSRF token. Send the form again.') . ' ' . lang('If you did not send this request from Adminer then close this page.');
    }
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
    // posted form with no data means that post_max_size exceeded because Adminer always sends token at least
Example #12
0
function ensure_privileged_api_data_and_token_or_slave($db)
{
    $data = ensure_privileged_api_data();
    if (should_authenticate_as_slave($data)) {
        verify_slave($db, $data);
    } else {
        if (!verify_token(array_get($data, 'token'))) {
            exit_with_error('InvalidToken');
        }
    }
    return $data;
}
Example #13
0
File: pub.php Project: rhiaro/img
         "Content-Type: application/x-www-form-urlencoded"
        ,"Authorization: $token"
    ));
    $response = Array();
    parse_str(curl_exec($ch), $response);
    curl_close($ch);
    return $response;
  }
}

// AUTH FIRST
// Verify token
$headers = apache_request_headers();
if(isset($headers['Authorization'])) {
  $token = $headers['Authorization'];
  $response = verify_token($token);
  $me = @$response['me'];
  $iss = @$response['issued_by'];
  $client = @$response['client_id'];
  $scope = @$response['scope'];
}else{
  header("HTTP/1.1 403 Forbidden");
  echo "403: No authorization header set.";
  exit;
}

if(empty($response)){
  header("HTTP/1.1 401 Unauthorized");
  echo "401: Access token could not be verified.";
  exit;
}elseif(stripos($me, "rhiaro.co.uk") === false || $scope != "update"){
Example #14
0
function process_form()
{
    global $vars, $phpcdb, $phpc_script, $phpc_user, $phpc_cal;
    // When modifying events, this is the value of the checkbox that
    //   determines if the date should change
    $modify_occur = !isset($vars['eid']) || !empty($vars['phpc-modify']);
    if ($modify_occur) {
        $start_ts = get_timestamp("start");
        $end_ts = get_timestamp("end");
        switch ($vars["time-type"]) {
            case 'normal':
                $time_type = 0;
                break;
            case 'full':
                $time_type = 1;
                break;
            case 'tba':
                $time_type = 2;
                break;
            default:
                soft_error(__("Unrecognized Time Type."));
        }
        $duration = $end_ts - $start_ts;
        if ($duration < 0) {
            throw new Exception(__("An event cannot have an end earlier than its start."));
        }
    }
    verify_token();
    if (!isset($vars['cid'])) {
        throw new Exception(__("Calendar ID is not set."));
    }
    $cid = $vars['cid'];
    $calendar = $phpcdb->get_calendar($cid);
    if (!$calendar->can_write()) {
        permission_error(__('You do not have permission to write to this calendar.'));
    }
    if ($calendar->can_create_readonly() && !empty($vars['readonly'])) {
        $readonly = true;
    } else {
        $readonly = false;
    }
    $catid = empty($vars['catid']) ? false : $vars['catid'];
    if (!isset($vars['eid'])) {
        $modify = false;
        $eid = $phpcdb->create_event($cid, $phpc_user->get_uid(), $vars["subject"], $vars["description"], $readonly, $catid);
    } else {
        $modify = true;
        $eid = $vars['eid'];
        $phpcdb->modify_event($eid, $vars['subject'], $vars['description'], $readonly, $catid);
        if ($modify_occur) {
            $phpcdb->delete_occurrences($eid);
        }
    }
    foreach ($phpc_cal->get_fields() as $field) {
        $fid = $field['fid'];
        if (empty($vars["phpc-field-{$fid}"])) {
            if ($field['required']) {
                throw new Exception(sprintf(__('Field "%s" is required but was not set.'), $field['name']));
            }
            continue;
        }
        $phpcdb->add_event_field($eid, $fid, $vars["phpc-field-{$fid}"]);
    }
    if ($modify_occur) {
        $occurrences = 0;
        $n = 1;
        $until = $start_ts;
        switch ($vars['repeats']) {
            case 'daily':
                check_input("every-day");
                $n = $vars["every-day"];
                $until = get_timestamp("daily-until");
                break;
            case 'weekly':
                check_input("every-week");
                $n = $vars["every-week"] * 7;
                $until = get_timestamp("weekly-until");
                break;
            case 'monthly':
                check_input("every-month");
                $n = $vars["every-month"];
                $until = get_timestamp("monthly-until");
                break;
            case 'yearly':
                check_input("every-year");
                $n = $vars["every-year"];
                $until = get_timestamp("yearly-until");
                break;
        }
        if ($n < 1) {
            soft_error(__('Increment must be 1 or greater.'));
        }
        while ($occurrences <= 730 && days_between($start_ts, $until) >= 0) {
            $oid = $phpcdb->create_occurrence($eid, $time_type, $start_ts, $end_ts);
            $occurrences++;
            switch ($vars["repeats"]) {
                case 'daily':
                case 'weekly':
                    $start_ts = add_days($start_ts, $n);
                    $end_ts = add_days($end_ts, $n);
                    break;
                case 'monthly':
                    $start_ts = add_months($start_ts, $n);
                    $end_ts = add_months($end_ts, $n);
                    break;
                case 'yearly':
                    $start_ts = add_years($start_ts, $n);
                    $end_ts = add_years($end_ts, $n);
                    break;
                default:
                    break 2;
            }
        }
    }
    if ($eid != 0) {
        if ($modify) {
            $message = __("Modified event: ");
        } else {
            $message = __("Created event: ");
        }
        return message_redirect(tag('', $message, create_event_link($eid, 'display_event', $eid)), "{$phpc_script}?action=display_event&eid={$eid}");
    } else {
        return message_redirect(__('Error submitting event.'), "{$phpc_script}?action=display_month&phpcid={$cid}");
    }
}