* @link http://syspass.org * @copyright 2012-2015 Rubén Domínguez nuxsmin@syspass.org * * This file is part of sysPass. * * sysPass is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * sysPass is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with sysPass. If not, see <http://www.gnu.org/licenses/>. * */ use SP\Request; define('APP_ROOT', '..'); require APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; require APP_ROOT . DIRECTORY_SEPARATOR . 'js' . DIRECTORY_SEPARATOR . 'strings.js.php'; Request::checkReferer('GET'); $data = array('lang' => $stringsJsLang, 'app_root' => SP\Init::$WEBURI, 'pk' => ''); try { $CryptPKI = new SP\CryptPKI(); $data['pk'] = SP\Session::getPublicKey() ? SP\Session::getPublicKey() : $CryptPKI->getPublicKey(); } catch (Exception $e) { } SP\Response::printJSON($data, 0);
} } $Account->setAccountId($accountId); $Account->setAccountName($accountName); $Account->setAccountCategoryId($categoryId); $Account->setAccountCustomerId($customerId); $Account->setAccountLogin($accountLogin); $Account->setAccountUrl($accountUrl); $Account->setAccountNotes($accountNotes); $Account->setAccountUserEditId($currentUserId); $Account->setAccountUsersId($accountOtherUsers); $Account->setAccountUserGroupsId($accountOtherGroups); $Account->setAccountOtherUserEdit($accountUserEditEnabled); $Account->setAccountOtherGroupEdit($accountGroupEditEnabled); // Cambiar el grupo principal si el usuario es Admin if (SP\Session::getUserIsAdminApp() || SP\Session::getUserIsAdminAcc()) { $Account->setAccountUserGroupId($accountMainGroupId); } // Comprobar si han habido cambios if ($accountChangesHash == $Account->calcChangesHash()) { SP\Response::printJSON(_('Sin cambios'), 0); } // Actualizar cuenta if ($Account->updateAccount()) { if (is_array($customFields)) { foreach ($customFields as $id => $value) { $CustomFields = new \SP\CustomFields($id, $accountId, $value); $CustomFields->updateCustomField(); } } SP\Response::printJSON(_('Cuenta actualizada'), 0);
// Cargar las variables de sesión del usuario SessionUtil::loadUserSession($User); $Log->addDescription(sprintf('%s: %s', _('Usuario'), $userLogin)); $Log->addDescription(sprintf('%s: %s', _('Perfil'), SP\Profile::getProfileNameById($User->getUserProfileId()))); $Log->addDescription(sprintf('%s: %s', _('Grupo'), SP\Groups::getGroupNameById($User->getUserGroupId()))); $Log->writeLog(); } else { SP\Response::printJSON(_('Error interno')); } $UserPrefs = \SP\UserPreferences::getPreferences($User->getUserId()); if ($UserPrefs->isUse2Fa()) { SP\Session::set2FApassed(false); $url = SP\Init::$WEBURI . '/index.php?a=2fa&i=' . $User->getUserId() . '&t=' . time() . '&f=1'; SP\Response::printJSON($url, 0); } else { SP\Session::set2FApassed(true); } SP\Language::setLanguage(true); SP\Themes::setTheme(true); SP\Session::setUserPreferences($UserPrefs); $params = array(); // Comprobar si existen parámetros adicionales en URL via POST para pasarlos por GET foreach ($_POST as $param => $value) { \SP\Html::sanitize($param); \SP\Html::sanitize($value); if (!strncmp($param, 'g_', 2)) { $params[] = substr($param, 2) . '=' . $value; } } $urlParams = count($params) > 0 ? '?' . implode('&', $params) : ''; SP\Response::printJSON('index.php' . $urlParams, 0);
if (!SP\Request::analyze('actionId', 0, true)) { die('<div class="error">' . _('Parámetros incorrectos') . '</DIV>'); } $actionId = SP\Request::analyze('actionId'); $itemId = SP\Request::analyze('itemId', 0); $lastAction = SP\Request::analyze('lastAction', \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH); $tpl = new SP\Template(); $tpl->assign('actionId', $actionId); $tpl->assign('id', $itemId); $tpl->assign('activeTabId', $itemId); $tpl->assign('lastAccountId', \SP\Session::getLastAcountId()); $tpl->assign('queryTimeStart', microtime()); $tpl->assign('userId', SP\Session::getUserId()); $tpl->assign('userGroupId', SP\Session::getUserGroupId()); $tpl->assign('userIsAdminApp', SP\Session::getUserIsAdminApp()); $tpl->assign('userIsAdminAcc', SP\Session::getUserIsAdminAcc()); $tpl->assign('themeUri', Themes::$themeUri); // Control de ruta de acciones if ($actionId != \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH) { $actionsPath =& $_SESSION['actionsPath']; $actionsPath[] = $actionId; $actions = count($actionsPath); // Se eliminan las acciones ya realizadas if ($actions > 2 && $actionsPath[$actions - 3] == $actionId) { unset($actionsPath[$actions - 3]); unset($actionsPath[$actions - 2]); $actionsPath = array_values($actionsPath); $actions = count($actionsPath); } $tpl->assign('lastAction', $actionsPath[$actions - 2]); }
if (SP\Util::demoIsEnabled() && UserUtil::getUserLoginById($itemId) == 'demo') { SP\Response::printJSON(_('Ey, esto es una DEMO!!')); } elseif (!$User->getUserPass() || !$userPassR) { SP\Response::printJSON(_('La clave no puede estar en blanco'), 2); } elseif ($User->getUserPass() != $userPassR) { SP\Response::printJSON(_('Las claves no coinciden'), 2); } if ($User->updateUserPass()) { SP\Response::printJSON(_('Clave actualizada'), 0); } SP\Response::printJSON(_('Error al modificar la clave')); // Eliminar usuario } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_DELETE) { if (SP\Util::demoIsEnabled() && UserUtil::getUserLoginById($itemId) == 'demo') { SP\Response::printJSON(_('Ey, esto es una DEMO!!')); } elseif ($User->getUserId() == SP\Session::getUserId()) { SP\Response::printJSON(_('No es posible eliminar, usuario en uso')); } if ($User->deleteUser() && SP\CustomFields::deleteCustomFieldForItem($User->getUserId(), \SP\Controller\ActionsInterface::ACTION_USR_USERS)) { SP\Response::printJSON(_('Usuario eliminado'), 0, $doActionOnClose); } SP\Response::printJSON(_('Error al eliminar el usuario')); } } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_DELETE) { // Variables POST del formulario $frmGrpName = SP\Request::analyze('name'); $frmGrpDesc = SP\Request::analyze('description'); $frmGrpUsers = SP\Request::analyze('users'); if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT) { if (!$frmGrpName) { SP\Response::printJSON(_('Es necesario un nombre de grupo'), 2);
use SP\UserUtil; define('APP_ROOT', '..'); require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php'; SP\Request::checkReferer('POST'); if (!SP\Init::isLoggedIn()) { SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10); } $sk = SP\Request::analyze('sk', false); if (!$sk || !SessionUtil::checkSessionKey($sk)) { SP\Response::printJSON(_('CONSULTA INVÁLIDA')); } $frmAccountId = SP\Request::analyze('accountid', 0); $frmDescription = SP\Request::analyze('description'); if (!$frmDescription) { SP\Response::printJSON(_('Es necesaria una descripción')); } $accountRequestData = SP\Account::getAccountRequestData($frmAccountId); $recipients = array(UserUtil::getUserEmail($accountRequestData->account_userId), UserUtil::getUserEmail($accountRequestData->account_userEditId)); $requestUsername = SP\Session::getUserName(); $requestLogin = SP\Session::getUserLogin(); $log = new \SP\Log(_('Solicitud de Modificación de Cuenta')); $log->addDescription(SP\Html::strongText(_('Solicitante') . ': ') . $requestUsername . ' (' . $requestLogin . ')'); $log->addDescription(SP\Html::strongText(_('Cuenta') . ': ') . $accountRequestData->account_name); $log->addDescription(SP\Html::strongText(_('Cliente') . ': ') . $accountRequestData->customer_name); $log->addDescription(SP\Html::strongText(_('Descripción') . ': ') . $frmDescription); $mailto = implode(',', $recipients); if (strlen($mailto) > 1 && SP\Util::mailrequestIsEnabled() && SP\Email::sendEmail($log, $mailto)) { $log->writeLog(); SP\Response::printJSON(_('Solicitud enviada'), 0, "doAction('" . \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH . "');"); } SP\Response::printJSON(_('Error al enviar la solicitud'));