Exemple #1
0
                 array_push($errors, 'Username taken!');
                 break;
             }
             mysqli_free_result($result);
             mysqli_query($link, 'UPDATE `users` SET `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\' WHERE `id`=' . $id . ';');
         }
     }
     if (isset($_POST['oldpassword']) && isset($_POST['newpassword']) && $_POST['oldpassword'] != '' && $_POST['newpassword'] != '') {
         if ($_POST['oldpassword'] == $_POST['newpassword']) {
             $errors = isPasswordValid($_POST['newpassword'], $errors);
         }
         if (!password_verify($_POST['oldpassword'], $user['password'])) {
             array_push($errors, 'Old password invalid!');
         }
         if (empty($errors)) {
             mysqli_query($link, 'UPDATE `users` SET `password`=\'' . getPasswordHash($_POST['newpassword']) . '\' WHERE `id`=' . $id . ';');
         }
     }
     if (isset($_POST['newcolour']) && $_POST['newcolour'] != $user['colour']) {
         if (empty($errors)) {
             mysqli_query($link, 'UPDATE `users` SET `colour`=\'' . mysqli_real_escape_string($link, $_POST['newcolour']) . '\' WHERE `id`=' . $id . ';');
         }
     }
     mysqli_close($link);
     unset($link);
     break;
 case 'torrent':
     if (!($link = db_init(true))) {
         die;
     }
     $result = mysqli_query($link, 'SELECT `filename` FROM `torrents` WHERE `id`=' . $id . ';');
Exemple #2
0
$thispage_title = $l['t_user_registration'];
$thispage_description = '';
require_once '../code/tce_page_header.php';
$sql = 'SELECT *
	FROM ' . K_TABLE_USERS . '
	WHERE (user_verifycode=\'' . F_escape_sql($db, $verifycode) . '\'
		AND user_id=\'' . $userid . '\'
		AND user_email=\'' . F_escape_sql($db, $email) . '\')
		LIMIT 1';
if ($r = F_db_query($sql, $db)) {
    if ($m = F_db_fetch_array($r)) {
        // update user level
        if ($verifycode[0] == '@') {
            // password reset
            $new_password = substr(md5(uniqid(mt_rand(), true)), 0, 8);
            $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET user_password=\'' . getPasswordHash($new_password) . '\', user_verifycode=NULL WHERE user_id=' . $userid . '';
        } else {
            // user registration
            $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET user_level=\'1\', user_verifycode=NULL WHERE user_id=' . $userid . '';
        }
        if (!($ru = F_db_query($sqlu, $db))) {
            F_display_db_error(false);
        } else {
            if ($verifycode[0] == '@') {
                F_print_error('MESSAGE', $l['w_new_password'] . ': ' . $new_password);
            } else {
                F_print_error('MESSAGE', $l['m_user_registration_ok']);
            }
            echo K_NEWLINE;
            echo '<div class="container">' . K_NEWLINE;
            if (K_OTP_LOGIN) {
Exemple #3
0
require_once '../config/tce_config.php';
require_once '../../shared/code/tce_authorization.php';
require_once '../../shared/code/tce_functions_tcecode.php';
require_once '../../shared/code/tce_functions_test.php';
require_once '../../shared/code/tce_functions_test_stats.php';
require_once '../../shared/config/tce_pdf.php';
require_once '../../shared/code/tcpdfex.php';
require_once '../../shared/code/tce_functions_statistics.php';
$user_id = intval($_SESSION['session_user_id']);
if (isset($_REQUEST['mode']) and $_REQUEST['mode'] > 0) {
    $mode = intval($_REQUEST['mode']);
} else {
    $mode = 0;
}
$onlytext = $mode == 5;
if (isset($_REQUEST['email']) and $_REQUEST['email'] != getPasswordHash(date('Y') . $testuser_id . K_RANDOM_SECURITY . $test_id . date('m') . $user_id)) {
    F_print_error('ERROR', $l['m_authorization_denied']);
    exit;
}
$filter = 'sel=1';
if (isset($_REQUEST['test_id']) and $_REQUEST['test_id'] > 0) {
    $test_id = intval($_REQUEST['test_id']);
    if (!isset($_REQUEST['email'])) {
        if (!F_isAuthorizedUser(K_TABLE_TESTS, 'test_id', $test_id, 'test_user_id')) {
            exit;
        }
    }
    $filter .= '&amp;test_id=' . $test_id . '';
} else {
    $test_id = 0;
}
Exemple #4
0
$PAGE_TITLE = PAGE_DEFAULT_TITLE . ' | Administrator utilities';
$NAVBAR = NAVBAR_FULL;
require_once 'header.php';
$ACCEPTED_ACTIONS = array('exporttorrentdata_csv' => 'Export torrent data to CSV', 'exportuserdatadump_csv' => 'Export user data to CSV', 'password_hash' => 'Generate password hash', 'phpinfo' => 'phpinfo', 'statistics' => 'Server statistics');
?>
<body>
	<br>
	<br>
	<div class="container">
		<div class="card-panel">
			<h4>Administrator utilities</h4>
			<br>
			<?php 
if (isset($_POST['password_hash'])) {
    echo '<h6>Generate password hash</h6><br>';
    echo '<code>' . getPasswordHash($_POST['password_hash']) . '</code>';
    ?>
            <br> <br> <br>
			<div align="center">
				<a href="utilities.php"><button
						class="btn waves-effect waves-light <?php 
    echo $_SESSION['USER_COLOUR'];
    ?>
">Go
						back</button></a>
			</div>
    <?php 
} else {
    if (isset($_GET['action'])) {
        switch ($_GET['action']) {
            case 'password_hash':
Exemple #5
0
function getSignupUrl()
{
    $pwd = getP('pass');
    $len = strlen($pwd);
    if ($len < 6 || $len > 256) {
        return '{ "success": false, "message": "Password should be 6 or more charaters long"}';
    }
    return '{ "success": true, "url":"https://vault.elephantdrive.com/partners/vaultservices/genacct.aspx?a=reg&u=' . urlencode(getP('user')) . '&t=' . urlencode(getPasswordHash($pwd)) . '&c=' . getP('c') . '&format=json" }';
}
Exemple #6
0
     $app->render('login.php');
 });
 $app->post('/login', function () use($app) {
     try {
         $post = $app->request->post();
         if (!(isset($post['email']) && is_string($post['email']) && isset($post['password']) && is_string($post['password']))) {
             throw new RuntimeException('メールアドレスまたはパスワードに誤りがあります');
         }
         $mongoCollection = getMongoCollection('user');
         foreach ($post as $key => $value) {
             $encode = mb_detect_encoding($value, array('UTF-8'));
             if ($encode !== 'UTF-8') {
                 throw new RuntimeException('メールアドレスまたはパスワードに誤りがあります');
             }
         }
         $result = $mongoCollection->find(array('email' => $post['email'], 'password' => getPasswordHash($post['email'], $post['password'], $app->config('salt'))));
         if ($result->count()) {
             session_regenerate_id(true);
             $user = $result->next();
             $_SESSION['user'] = $user;
             $_SESSION['expires'] = time() + (int) $app->config('timeout');
             $app->flash('info', 'ログインしました。');
             $app->getLog()->info('ユーザー名「' . $user['username'] . '」(メールアドレス"' . $user['email'] . '")がログインしました。');
             $app->redirect($app->config('static_path'));
         } else {
             throw new RuntimeException('メールアドレスまたはパスワードに誤りがあります');
         }
     } catch (RuntimeException $e) {
         $app->flash('error', $e->getMessage());
         $app->redirect($app->config('static_path') . 'login');
     }
Exemple #7
0
				cpsession_data
				) VALUES (
				\'' . $fingerprintkey . '\',
				\'' . date(K_TIMESTAMP_FORMAT, time() + $wait) . '\',
				\'' . $wait . '\'
				)';
            if (!F_db_query($sqls, $db)) {
                F_display_db_error();
            }
            $bruteforce = false;
        }
    }
    if ($bruteforce) {
        F_print_error('WARNING', $l['m_login_brute_force'] . ' ' . $wait);
    } else {
        $xuser_password = getPasswordHash($_POST['xuser_password']);
        // one-way password encoding
        // check if submitted login information are correct
        $sql = 'SELECT * FROM ' . K_TABLE_USERS . ' WHERE user_name=\'' . F_escape_sql($_POST['xuser_name']) . '\' AND user_password=\'' . $xuser_password . '\'';
        if ($r = F_db_query($sql, $db)) {
            if ($m = F_db_fetch_array($r)) {
                // check One Time Password
                $otp = false;
                if (K_OTP_LOGIN) {
                    $mtime = microtime(true);
                    if (isset($_POST['xuser_otpcode']) and !empty($_POST['xuser_otpcode']) and ($_POST['xuser_otpcode'] == F_getOTP($m['user_otpkey'], $mtime) or $_POST['xuser_otpcode'] == F_getOTP($m['user_otpkey'], $mtime - 30) or $_POST['xuser_otpcode'] == F_getOTP($m['user_otpkey'], $mtime + 30))) {
                        // check if this OTP token has been alredy used
                        $sqlt = 'SELECT cpsession_id FROM ' . K_TABLE_SESSIONS . ' WHERE cpsession_id=\'' . $_POST['xuser_otpcode'] . '\' LIMIT 1';
                        if ($rt = F_db_query($sqlt, $db)) {
                            if (!F_db_fetch_array($rt)) {
                                // Store this token on the session table to mark it as invalid for 5 minute (300 seconds)
Exemple #8
0
 /**
  * Check if a username+password pair is a valid login.
  * The name will be normalized to MediaWiki's requirements, so
  * you might need to munge it (for instance, for lowercase initial
  * letters).
  *
  * @param $username String: username.
  * @param $password String: user password.
  * @return bool
  * @public
  */
 function authenticate($user, $pass)
 {
     if ($this->debug) {
         echo 'authenticate<br>';
     }
     $user = strtolower(addslashes(htmlspecialchars(strip_tags($user), ENT_QUOTES)));
     // Username
     $pass = getPasswordHash($pass);
     if (isset($GLOBALS['authpluginjmTillatteBrukere']) && !in_array(strtolower($username), $GLOBALS['authpluginjmTillatteBrukere'])) {
         return false;
     }
     $is_external = isExternal();
     if ($this->debug) {
         echo 'is_external=' . $is_external . '<br>';
     }
     // Checking against database
     $Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where lower(user_name_short) = '" . $user . "' and user_password = '******' limit 1", $this->database);
     if (mysql_num_rows($Q_login) > '0') {
         if ($is_external) {
             try {
                 $user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged'));
                 loginPWcheckAge($user_login);
             } catch (Exception $e) {
                 if ($this->debug) {
                     echo 'auth failed, password to old for external user<br>';
                 }
                 return false;
             }
         }
         if (mysql_result($Q_login, 0, 'deactivated')) {
             if ($this->debug) {
                 echo 'auth failed, user deactivated<br>';
             }
             return false;
         } elseif ($is_external && !mysql_result($Q_login, 0, 'user_password_complex')) {
             if ($this->debug) {
                 echo 'auth failed, password not complex for external user<br>';
             }
             return false;
         } elseif (!$external_failed) {
             if ($this->debug) {
                 echo 'auth=true<br>';
             }
             return true;
         }
     } else {
         if ($this->debug) {
             echo 'auth failed, user not found (' . $user . ', ' . $pass . ')<br>';
         }
         return false;
     }
 }
Exemple #9
0
if (!validateDataName($dataName, $failOffset)) {
    if ($strictFilename) {
        $response->errors[] = 'dataName is invalid, and strict_filename is enabled. can not continue. offending dataName character start at byte offset ' . $failOffset;
        return false;
    }
    $dataName = sanitizeDataName($dataName);
    $response->warnings[] = 'dataName is invalid. offending dataName character start at byte offset ' . $failOffset . '. dataName has been transliterated/sanitized from UTF8 to ASCII with iconv, and truncated to 255 bytes. the new dataName is: ' . $dataName;
}
$response->final_filename = $dataName;
$clientIP = getClientIP();
if (!isset($_GET['response_type']) && !isset($_POST['response_type'])) {
    $responseType = 'json';
    //currently unused...
}
require_once './../getdb.inc.php';
$passwordHash = getPasswordHash();
$localFilename = generateLocalFilename();
$fullFilePath = hhb_combine_filepaths($files_folder, $localFilename);
if (!file_exists($fullFilePath)) {
    if (isset($_POST['upload_data'])) {
        if (($tmpi1 = strlen($_POST['upload_data'])) !== ($tmpi2 = file_put_contents($fullFilePath, $_POST['upload_data']))) {
            @unlink($fullFilePath);
            //attempt cleanup of corrupted file...
            $response->errors[] = 'internal server error. tried to write ' . var_export($tmpi1, true) . ' bytes to disk, but could only write ' . var_export($tmpi2, true) . ' bytes!';
            return false;
            throw new Exception('TODO: HANDLE THIS ERROR');
        }
    } elseif (is_string($_FILES['upload_data']['tmp_name'])) {
        if (!move_uploaded_file($_FILES['upload_data']['tmp_name'], $fullFilePath)) {
            $response->errors[] = 'internal server error. could not move the uploaded file to the files directory.';
            return false;
Exemple #10
0
    /**
     * Sets the end element handler function for the XML parser parser.end_element_handler.
     * @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler.
     * @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters.
     * @private
     */
    private function endElementHandler($parser, $name)
    {
        global $l, $db;
        require_once '../config/tce_config.php';
        require_once 'tce_functions_user_select.php';
        switch (strtolower($name)) {
            case 'name':
            case 'password':
            case 'email':
            case 'regdate':
            case 'ip':
            case 'firstname':
            case 'lastname':
            case 'birthdate':
            case 'birthplace':
            case 'regnumber':
            case 'ssn':
            case 'level':
            case 'verifycode':
            case 'otpkey':
                $this->current_data = F_escape_sql($db, F_xml_to_text($this->current_data));
                $this->user_data[$this->current_element] = $this->current_data;
                $this->current_element = '';
                $this->current_data = '';
                break;
            case 'group':
                $group_name = F_escape_sql($db, F_xml_to_text($this->current_data));
                // check if group already exist
                $sql = 'SELECT group_id
					FROM ' . K_TABLE_GROUPS . '
					WHERE group_name=\'' . $group_name . '\'
					LIMIT 1';
                if ($r = F_db_query($sql, $db)) {
                    if ($m = F_db_fetch_array($r)) {
                        // the group has been already added
                        $this->group_data[] = $m['group_id'];
                    } else {
                        // add new group
                        $sqli = 'INSERT INTO ' . K_TABLE_GROUPS . ' (
							group_name
							) VALUES (
							\'' . $group_name . '\'
							)';
                        if (!($ri = F_db_query($sqli, $db))) {
                            F_display_db_error(false);
                        } else {
                            $this->group_data[] = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id');
                        }
                    }
                } else {
                    F_display_db_error();
                }
                break;
            case 'user':
                // insert users
                if (!empty($this->user_data['user_name'])) {
                    if (empty($this->user_data['user_regdate'])) {
                        $this->user_data['user_regdate'] = date(K_TIMESTAMP_FORMAT);
                    }
                    if (empty($this->user_data['user_ip'])) {
                        $this->user_data['user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
                    }
                    if (!isset($this->user_data['user_level']) or strlen($this->user_data['user_level']) == 0) {
                        $this->user_data['user_level'] = 1;
                    }
                    if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
                        // you cannot edit a user with a level equal or higher than yours
                        $this->user_data['user_level'] = min(max(0, $_SESSION['session_user_level'] - 1), $this->user_data['user_level']);
                        // non-administrator can access only to his/her groups
                        if (empty($this->group_data)) {
                            break;
                        }
                        $common_groups = array_intersect(F_get_user_groups($_SESSION['session_user_id']), $this->group_data);
                        if (empty($common_groups)) {
                            break;
                        }
                    }
                    // check if user already exist
                    $sql = 'SELECT user_id,user_level
						FROM ' . K_TABLE_USERS . '
						WHERE user_name=\'' . $this->user_data['user_name'] . '\'
							OR user_regnumber=\'' . $this->user_data['user_regnumber'] . '\'
							OR user_ssn=\'' . $this->user_data['user_ssn'] . '\'
						LIMIT 1';
                    if ($r = F_db_query($sql, $db)) {
                        if ($m = F_db_fetch_array($r)) {
                            // the user has been already added
                            $user_id = $m['user_id'];
                            if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR or $_SESSION['session_user_level'] > $m['user_level']) {
                                //update user data
                                $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET
									user_regdate=\'' . $this->user_data['user_regdate'] . '\',
									user_ip=\'' . $this->user_data['user_ip'] . '\',
									user_name=\'' . $this->user_data['user_name'] . '\',
									user_email=' . F_empty_to_null($this->user_data['user_email']) . ',';
                                // update password only if it is specified
                                if (!empty($this->user_data['user_password'])) {
                                    $sqlu .= ' user_password=\'' . getPasswordHash($this->user_data['user_password']) . '\',';
                                }
                                $sqlu .= '
									user_regnumber=' . F_empty_to_null($this->user_data['user_regnumber']) . ',
									user_firstname=' . F_empty_to_null($this->user_data['user_firstname']) . ',
									user_lastname=' . F_empty_to_null($this->user_data['user_lastname']) . ',
									user_birthdate=' . F_empty_to_null($this->user_data['user_birthdate']) . ',
									user_birthplace=' . F_empty_to_null($this->user_data['user_birthplace']) . ',
									user_ssn=' . F_empty_to_null($this->user_data['user_ssn']) . ',
									user_level=\'' . $this->user_data['user_level'] . '\',
									user_verifycode=' . F_empty_to_null($this->user_data['user_verifycode']) . ',
									user_otpkey=' . F_empty_to_null($this->user_data['user_otpkey']) . '
									WHERE user_id=' . $user_id . '';
                                if (!($ru = F_db_query($sqlu, $db))) {
                                    F_display_db_error(false);
                                    return FALSE;
                                }
                            } else {
                                // no user is updated, so empty groups
                                $this->group_data = array();
                            }
                        } else {
                            // add new user
                            $sqlu = 'INSERT INTO ' . K_TABLE_USERS . ' (
								user_regdate,
								user_ip,
								user_name,
								user_email,
								user_password,
								user_regnumber,
								user_firstname,
								user_lastname,
								user_birthdate,
								user_birthplace,
								user_ssn,
								user_level,
								user_verifycode,
								user_otpkey
								) VALUES (
								' . F_empty_to_null($this->user_data['user_regdate']) . ',
								\'' . $this->user_data['user_ip'] . '\',
								\'' . $this->user_data['user_name'] . '\',
								' . F_empty_to_null($this->user_data['user_email']) . ',
								\'' . getPasswordHash($this->user_data['user_password']) . '\',
								' . F_empty_to_null($this->user_data['user_regnumber']) . ',
								' . F_empty_to_null($this->user_data['user_firstname']) . ',
								' . F_empty_to_null($this->user_data['user_lastname']) . ',
								' . F_empty_to_null($this->user_data['user_birthdate']) . ',
								' . F_empty_to_null($this->user_data['user_birthplace']) . ',
								' . F_empty_to_null($this->user_data['user_ssn']) . ',
								\'' . $this->user_data['user_level'] . '\',
								' . F_empty_to_null($this->user_data['user_verifycode']) . ',
								' . F_empty_to_null($this->user_data['user_otpkey']) . '
								)';
                            if (!($ru = F_db_query($sqlu, $db))) {
                                F_display_db_error(false);
                                return FALSE;
                            } else {
                                $user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id');
                            }
                        }
                    } else {
                        F_display_db_error(false);
                        return FALSE;
                    }
                    // user's groups
                    if (!empty($this->group_data)) {
                        while (list($key, $group_id) = each($this->group_data)) {
                            // check if user-group already exist
                            $sqls = 'SELECT *
								FROM ' . K_TABLE_USERGROUP . '
								WHERE usrgrp_group_id=\'' . $group_id . '\'
									AND usrgrp_user_id=\'' . $user_id . '\'
								LIMIT 1';
                            if ($rs = F_db_query($sqls, $db)) {
                                if (!($ms = F_db_fetch_array($rs))) {
                                    // associate group to user
                                    $sqlg = 'INSERT INTO ' . K_TABLE_USERGROUP . ' (
										usrgrp_user_id,
										usrgrp_group_id
										) VALUES (
										' . $user_id . ',
										' . $group_id . '
										)';
                                    if (!($rg = F_db_query($sqlg, $db))) {
                                        F_display_db_error(false);
                                        return FALSE;
                                    }
                                }
                            } else {
                                F_display_db_error(false);
                                return FALSE;
                            }
                        }
                    }
                }
                break;
            default:
                break;
        }
    }
Exemple #11
0
/**
 * 
 * @param array   User (from getUser())
 * @param string  Password
 */
function loginPWcheckSetNew($user, $password)
{
    global $login_password_external_new_notamonglast3;
    if ($login_password_external_new_notamonglast3) {
        $hash = getPasswordHash($password);
        if ($hash == $user['user_password'] || $hash == $user['user_password_1'] || $hash == $user['user_password_2']) {
            throw new Exception(_h('New password can not be the same as one of the last 3 passwords.'));
        }
    }
}
Exemple #12
0
        ?>
    <h4>Installation</h4>
		<div class="card-panel">
  <?php 
        $link = db_init();
        if (!$link) {
            $failure = true;
            print_error('MySQL error! | ' . mysqli_connect_error() . '&nbsp;|&nbsp;');
            if (strpos(mysqli_connect_error(), 'refuse') !== false) {
                print_error('Is the MySQL server running? Are you using the right port?');
            } else {
                print_error('Try creating the database <code>' . CONF_DATABASE_DBNAME . '</code>.');
            }
        }
        if (!$failure) {
            $SETUP = array('DROP TABLE IF EXISTS `comments`;', 'CREATE TABLE `comments` (`id` INT NOT NULL, `on` INT NOT NULL, `author` INT NOT NULL, `created` DATETIME NOT NULL, `comment` LONGTEXT NOT NULL);', 'INSERT INTO `comments` (`id`) VALUES (0);', 'DROP TABLE IF EXISTS `meta`;', 'CREATE TABLE `meta` (`installed` DATETIME NOT NULL);', 'INSERT INTO `meta` (`installed`) VALUES (FROM_UNIXTIME(' . time() . '));', 'DROP TABLE IF EXISTS `torrents`;', 'CREATE TABLE `torrents` (`id` INT NOT NULL, `filename` VARCHAR(64) NOT NULL, `torrentname` VARCHAR(100) NOT NULL, `uploader` INT NOT NULL, `created` DATETIME NOT NULL, `downloads` INT NOT NULL);', 'INSERT INTO `torrents` (`id`) VALUES (0);', 'DROP TABLE IF EXISTS `users`;', 'CREATE TABLE `users` (`id` INT NOT NULL, `administrator` INT NOT NULL, `colour` VARCHAR(32) NOT NULL, `username` varchar(32) NOT NULL, `email` varchar(128) NOT NULL, `password` varchar(256) NOT NULL, `uploads` MEDIUMTEXT NOT NULL, `lastactive` DATETIME NOT NULL, `created` DATETIME NOT NULL);', 'INSERT INTO `users` (`id`, `administrator`, `colour`, `username`, `email`, `password`, `uploads`, `lastactive`, `created`) VALUES (0, 1, \'' . mysqli_real_escape_string($link, unserialize(_CONFIG)['general']['colours'][0]) . '\', \'admin\', \'admin@localhost\', \'' . getPasswordHash('password') . '\', \'' . mysqli_real_escape_string($link, serialize(array())) . '\', FROM_UNIXTIME(' . time() . '), FROM_UNIXTIME(' . time() . '));');
            echo '<textarea class="materialize-textarea" id="textarea1">';
            foreach ($SETUP as $query) {
                $result = mysqli_query($link, $query);
                echo (array_search($query, $SETUP) != 0 ? PHP_EOL : '') . $query . '... ';
                if (!$result) {
                    echo 'Failure! | MySQL error! | ' . mysqli_error($link) . PHP_EOL;
                    $failure = true;
                    break;
                }
                echo 'Success!';
            }
            echo '</textarea><label for="textarea1">Running MySQL quries</label><br><br><br><textarea class="materialize-textarea" id="textarea2">';
            foreach ($_DIRECTORIES as $directory) {
                echo $directory . '...';
                $directoryArray = getDirectoryContents($directory);
Exemple #13
0
 public function admin($action = false, $psbUserId = false, $psbCodeActivate = false)
 {
     $this->_session = $this->template->set('session', $this->session->userdata('sessionData'));
     $this->_backendmenus = $this->init->getMenusBackend();
     $this->init->checkauth();
     if (!$this->init->restrictip()) {
         redirect(base_url('error/forbidden'));
     }
     switch ($action) {
         case 'json':
             $order_field = array('user_id', 'psb_reg_firstname', 'psb_reg_lastname', 'psb_reg_code');
             //don't edit me, pengaturan json untuk menampilkan data di datatable
             $order_key = !$this->input->get('iSortCol_0') ? 0 : $this->input->get('iSortCol_0');
             $order = !$this->input->get('iSortCol_0') ? $this->default_order : $order_field[$order_key];
             $sort = !$this->input->get('sSortDir_0') ? 'desc' : $this->input->get('sSortDir_0');
             $search = !$this->input->get('sSearch') ? '' : $this->input->get('sSearch');
             $limit = !$this->input->get('iDisplayLength') ? $this->limit : $this->input->get('iDisplayLength');
             $start = !$this->input->get('iDisplayStart') ? 0 : $this->input->get('iDisplayStart');
             $data['no'] = $start + 1;
             $data['sEcho'] = !$this->input->get('callback') ? 0 : $this->input->get('callback');
             $count_tmp = $this->psb_model->count_all(1, $search, $order_field)->result();
             $data['iTotalRecords'] = count($count_tmp);
             //load data supplier dari database
             $data['listPendaftar'] = $this->psb_model->get_paged_list($limit, $start, $order, $sort, $search, $order_field, 1)->result();
             $data['callback'] = $this->input->get('callback');
             $results['sEcho'] = $data['sEcho'];
             // $results['iSortingCols'] = $data['iSortingCols'];
             $results['iTotalRecords'] = $results['iTotalDisplayRecords'] = $data['iTotalRecords'];
             if (count($data['listPendaftar']) > 0) {
                 $i = 0;
                 foreach ($data['listPendaftar'] as $pendaftar) {
                     $nomor = '<div style="text-align:center;">' . $data['no'] . '</a>';
                     // $d 				= new DateTime($agenda->agenda_datetime);
                     // $timestamp 		= $d->getTimestamp(); // Unix timestamp
                     // $agendaDate 	= $d->format('Y-m-d'); // 2003-10-16
                     // $tgl 			= ($agenda->agenda_datetime!='0000-00-00 00:00:00' && $agenda->agenda_datetime!='')?tgl_indo(date('Y-m-d', strtotime($agenda->agenda_datetime))).' '.date('h:i A', strtotime($agenda->agenda_datetime)):'<div style="text-align:center;">-</div>';
                     // $status 		= (date('Y-m-d') > $agendaDate)?'<center><span class="label label-warning">Tidak Aktif</span></center>':'<center><span class="label label-success">Aktif</span></center>';
                     $tanggal = "";
                     $status = "";
                     $action = "";
                     if ($pendaftar->psb_reg_status == '0' && $pendaftar->pendaftar_status == '0' && $pendaftar->user_status == '') {
                         $tanggal = $pendaftar->psb_reg_date_create != '0000-00-00 00:00:00' && $pendaftar->psb_reg_date_create != '' ? tgl_indo(date('Y-m-d', strtotime($pendaftar->psb_reg_date_create))) . ' ' . date('h:i A', strtotime($pendaftar->psb_reg_date_create)) : '-';
                         $status = "Baru Daftar";
                         $action = '<div style="text-align:center;">';
                         //Hitung Jumlah hari
                         $hari1 = $pendaftar->psb_reg_date_create;
                         $hari2 = date('Y-m-d H:i:s');
                         $jmlHari = hitung_hari($hari1, $hari2);
                         if ($jmlHari > 14) {
                             $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>';
                             $action .= "&nbsp;&nbsp;";
                         }
                         $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>';
                         $action .= "</div>";
                     } elseif ($pendaftar->user_status == '0' && $pendaftar->psb_reg_status == '1' && $pendaftar->pendaftar_status == '0') {
                         $tglupdate = explode('|', $pendaftar->psb_reg_date_update);
                         $tanggal = $pendaftar->psb_reg_date_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[0]))) . ' ' . date('h:i A', strtotime($tglupdate[0])) : '<div style="text-align:center;">-</div>';
                         $status = "Sudah Aktivasi (Transfer)";
                         $action = '<div style="text-align:center;">';
                         $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>';
                         $action .= "&nbsp;&nbsp;";
                         $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>';
                         $action .= "</div>";
                     } elseif ($pendaftar->user_status == '0' && $pendaftar->psb_reg_status == '2' && $pendaftar->pendaftar_status == '1') {
                         $tglupdate = explode('|', $pendaftar->psb_reg_date_update);
                         $tanggal = $pendaftar->psb_reg_date_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[1]))) . ' ' . date('h:i A', strtotime($tglupdate[1])) : '<div style="text-align:center;">-</div>';
                         $status = "Pembayaran verified";
                         $action = '<div style="text-align:center;">';
                         $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>';
                         $action .= "&nbsp;&nbsp;";
                         $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>';
                         $action .= "</div>";
                     } elseif ($pendaftar->user_status == '0' && $pendaftar->psb_reg_status == '2' && $pendaftar->pendaftar_status == '2') {
                         $tglupdate = explode('|', $pendaftar->pendaftar_update);
                         $tanggal = $pendaftar->pendaftar_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[1]))) . ' ' . date('h:i A', strtotime($tglupdate[1])) : '<div style="text-align:center;">-</div>';
                         $status = "Data Pendaftar Ok";
                         $action = '<div style="text-align:center;">';
                         $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>';
                         $action .= "&nbsp;&nbsp;";
                         $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>';
                         $action .= "</div>";
                     } elseif ($pendaftar->user_status == '0' && $pendaftar->psb_reg_status == '2' && $pendaftar->pendaftar_status == '3') {
                         $tglupdate = explode('|', $pendaftar->pendaftar_update);
                         $tanggal = $pendaftar->pendaftar_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[2]))) . ' ' . date('h:i A', strtotime($tglupdate[2])) : '<div style="text-align:center;">-</div>';
                         $status = "Telah Mengikuti Test";
                         $action = '<div style="text-align:center;">';
                         $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>';
                         $action .= "&nbsp;&nbsp;";
                         $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>';
                         $action .= "</div>";
                     } elseif ($pendaftar->user_status == '1' && $pendaftar->psb_reg_status == '2' && $pendaftar->pendaftar_status == '4') {
                         $tglupdate = explode('|', $pendaftar->pendaftar_update);
                         $tanggal = $pendaftar->pendaftar_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[3]))) . ' ' . date('h:i A', strtotime($tglupdate[3])) : '<div style="text-align:center;">-</div>';
                         $status = "Lulus Test";
                         $action = '<div style="text-align:center;">';
                         $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>';
                         $action .= "&nbsp;&nbsp;";
                         $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>';
                         $action .= "</div>";
                     } elseif ($pendaftar->user_status == '99' && $pendaftar->psb_reg_status == '99' && $pendaftar->pendaftar_status == '99') {
                         $tglupdate = explode('|', $pendaftar->pendaftar_update);
                         $tanggal = $pendaftar->pendaftar_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[4]))) . ' ' . date('h:i A', strtotime($tglupdate[4])) : '<div style="text-align:center;">-</div>';
                         $status = "Tidak Lulus Test";
                         $action = '<div style="text-align:center;">';
                         // $action    	.= '<a href="'.base_url('psb/admin/update/'.base64_encode($pendaftar->user_id).'/'.base64_encode($pendaftar->user_activation_code)).'" class="btn btn-success"><i class="fa fa-edit"></i></a>';
                         // $action    	.= "&nbsp;&nbsp;";
                         $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>';
                         $action .= "</div>";
                     }
                     $namaLengkap = $pendaftar->psb_reg_firstname . ' ' . $pendaftar->psb_reg_lastname;
                     $results['aaData'][$i] = array($nomor, $namaLengkap, $tanggal, $status, $action);
                     $data['no']++;
                     ++$i;
                 }
             } else {
                 for ($i = 0; $i < 6; ++$i) {
                     $results['aaData'][0][$i] = '';
                 }
             }
             print $data['callback'] . json_encode($results);
             // $this->template->single('admin/anggota/lists.json', $data);
             break;
         case 'update':
             if ($psbUserId == '' && $psbCodeActivate == '') {
                 redirect(base_url('psb/admin'));
             }
             if ($updatePost = $this->input->post()) {
                 $dataPendaftar = array();
                 $dataRegister = array();
                 $dataUjianOnline = array();
                 $dataUjianOnlineGroup = array();
                 $getAuthLog = $this->psb_model->getUserById(base64_decode($psbUserId))->row_array();
                 $getPendaftarByUserId = $this->psb_model->getRCalonSiswaByUserId(base64_decode($psbUserId))->row_array();
                 $pecahUpdateTgl = explode('|', $getPendaftarByUserId['pendaftar_update']);
                 $getRegistranByUserId = $this->psb_model->getRegisterByUserId(base64_decode($psbUserId))->row_array();
                 $pecahUpdateTglRegister = explode('|', $getRegistranByUserId['psb_reg_date_update']);
                 $noDaftar = $updatePost['pendaftar_dari'] . '-' . $updatePost['no_pendataran_otomatis'];
                 $validate = $updatePost['paymentStatus'];
                 $dataPendaftar = array('pendaftar_tahun_ajar_id' => $updatePost['tahun_ajar'], 'pendaftar_nomor' => $noDaftar, 'pendaftar_keterangan' => '', 'pendaftar_update' => $pecahUpdateTgl[0] . '|' . date('Y-m-d H:i:s'), 'pendaftar_status' => 1);
                 $dataRegister = array('psb_reg_date_update' => $pecahUpdateTglRegister[0] . '|' . date('Y-m-d H:i:s'), 'psb_reg_status' => $validate);
                 mt_srand((double) microtime() * 1000000);
                 $dataUjianOnline = array('user_regdate' => date('Y-m-d H:i:s'), 'user_ip' => $this->input->ip_address(), 'user_name' => $getAuthLog['user_name'], 'user_email' => $getAuthLog['user_email'], 'user_password' => getPasswordHash($getAuthLog['user_password_forget']), 'user_regnumber' => $noDaftar, 'user_firstname' => $getPendaftarByUserId['pendaftar_nama_depan'], 'user_lastname' => $getPendaftarByUserId['pendaftar_nama_belakang'], 'user_birthdate' => '', 'user_birthplace' => '', 'user_ssn' => random_string('numeric', 9), 'user_level' => 1, 'user_verifycode' => md5(uniqid(mt_rand(), true)), 'user_otpkey' => F_getRandomOTPkey());
                 $userIdTest = $this->psb_model->registerOnlineTest($dataUjianOnline);
                 $dataUjianOnlineGroup = array('usrgrp_user_id' => $userIdTest, 'usrgrp_group_id' => 2);
                 $updateAdmin = $this->psb_model->registerOnlineTestGroup($dataUjianOnlineGroup);
                 $updateAdmin .= $this->psb_model->updateCalonsiswa(base64_decode($psbUserId), $dataPendaftar);
                 $updateAdmin .= $this->psb_model->updateRegistran(base64_decode($psbUserId), $dataRegister);
                 // if($updateAdmin){
                 $isi = "Assalamu'alaikum Wr. Wb. <br />Selamat Datang di Pendaftaran Siswa Baru SMAIH BATAM";
                 $isi .= "Berikut Data - Data Verifikasi Pembayaran Anda:<br /><br /> ";
                 $isi .= "Nama                  : <strong>" . $getRegistranByUserId['psb_reg_firstname'] . " " . $getRegistranByUserId['psb_reg_lastname'] . "</strong> <br />";
                 $isi .= "Status Pembayaran     : " . ($validate == 1) ? '<strong>Belum diverifikasi</strong> <br />' : '<strong>Sudah diverifikasi</strong> <br />';
                 $isi .= "Username Online Test  :  <strong>" . $getAuthLog['user_name'] . "</strong> <br />";
                 $isi .= "Password Online Test  :  <strong>" . $getAuthLog['user_password_forget'] . "</strong> <br />";
                 $isi .= "Sebelum mengikuti test online silahkan lengkapi terlebih dahulu data calon siswa dengan mengunjungi <a href='" . base_url('psb/activation/step-2/' . base64_encode($getAuthLog['user_activation_code'])) . "' target='_blank'>Halaman Berikut</a><br /> ";
                 $isi .= "Dan ikuti instruksi yang ada dihalaman tersebut. Demikian informasi yang dapat kami sampaikan.<br />";
                 $isi .= "Wassalamu'alaikum Wr. Wb.<br />";
                 $this->email->from('*****@*****.**');
                 // change it to yours
                 $this->email->to($getAuthLog['user_email']);
                 // change it to yours
                 $this->email->subject('[PPDB-SMAIH-' . date('Y') . '] Verifikasi Pembayaran Pendaftaran Online');
                 $this->email->message($isi);
                 //Jika Sukses
                 if ($this->email->send()) {
                     // $this->email->print_debugger();
                     $this->session->set_flashdata('sukses_update', 'Data pendaftar dan data ujian oline diperbaharui dan disimpan ke database.');
                     redirect(base_url('psb/admin'));
                 } else {
                     //Jika Gagal
                     echo "Maaf ada kesalahan pada saat pemrosesan data. silahkan ulangi lagi klik <a href='javascript: window.history.go(-1)'>disini</a>";
                 }
                 // }
             }
             $this->template->title('Manajemen PPDB', $this->init->getSettingVal('gen_site_name'))->set_breadcrumb('Home', base_url('home/dashboard'))->set_breadcrumb('Verify Data PPDB', '#')->set('pagedesc', 'Manajemen PPDB <small>Pengelolaan Penerimaan Siswa Baru</small>')->set('modul', $this->_backendmenus)->set('kodeAktivasi', base64_decode($psbCodeActivate))->set('userID', base64_decode($psbUserId))->set('listThnAjar', $this->psb_model->getListThnAjar()->result_array())->set('getOneUser', $this->psb_model->getUserById(base64_decode($psbUserId))->row_array())->set('getOneRegister', $this->psb_model->getRegisterByUserId(base64_decode($psbUserId))->row_array())->set('getOneCalonSiswa', $this->psb_model->getRCalonSiswaByUserId(base64_decode($psbUserId))->row_array())->set('content', 'psb/update')->build('template');
             break;
         case 'read':
             if ($psbUserId == '' && $psbCodeActivate == '') {
                 redirect(base_url('psb/admin'));
             }
             $this->template->title('Manajemen PPDB', $this->init->getSettingVal('gen_site_name'))->set_breadcrumb('Home', base_url('home/dashboard'))->set_breadcrumb('Detail Data PPDB', '#')->set('pagedesc', 'Manajemen PPDB <small>Pengelolaan Penerimaan Siswa Baru</small>')->set('modul', $this->_backendmenus)->set('getOneUser', $this->psb_model->getUserById(base64_decode($psbUserId))->row_array())->set('getOneRegister', $this->psb_model->getRegisterByUserId(base64_decode($psbUserId))->row_array())->set('getOneCalonSiswa', $this->psb_model->getRCalonSiswaByUserId(base64_decode($psbUserId))->row_array())->set('content', 'psb/detail')->build('template');
             break;
         default:
             $this->template->title('Manajemen PPDB', $this->init->getSettingVal('gen_site_name'))->set_breadcrumb('Home', base_url('home/dashboard'))->set_breadcrumb('Daftar Pendaftar PPDB', '#')->set('pagedesc', 'Manajemen PPDB <small>Pengelolaan Penerimaan Siswa Baru</small>')->set('modul', $this->_backendmenus)->set('content', 'psb/list')->build('template');
             break;
     }
 }
Exemple #14
0
        }
        $id = (int) mysqli_fetch_all($result, MYSQLI_ASSOC)[0]['id'] + 1;
        mysqli_free_result($result);
        $result = mysqli_query($link, 'SELECT * FROM `users` WHERE LOWER(`username`)=\'' . $username . '\';');
        if (is_array(mysqli_fetch_all($result, MYSQLI_ASSOC)[0])) {
            array_push($errors, 'Username taken!');
            break;
        }
        mysqli_free_result($result);
        $result = mysqli_query($link, 'SELECT * FROM `users` WHERE LOWER(`email`)=\'' . strtolower($email) . '\';');
        if (is_array(mysqli_fetch_all($result, MYSQLI_ASSOC)[0])) {
            array_push($errors, 'Email address taken!');
            break;
        }
        mysqli_free_result($result);
        $result = mysqli_query($link, 'INSERT INTO `users` (`id`, `administrator`, `colour`, `username`, `email`, `password`, `uploads`, `lastactive`, `created`) VALUES (' . $id . ', 0, \'' . $colour . '\', \'' . mysqli_real_escape_string($link, $username) . '\', \'' . mysqli_real_escape_string($link, $email) . '\', \'' . getPasswordHash($password) . '\', \'' . mysqli_real_escape_string($link, serialize(array())) . '\', FROM_UNIXTIME(' . time() . '), FROM_UNIXTIME(' . time() . '));');
        if (!$result) {
            print_error('MySQL error! | ' . mysqli_error($link) . '<br>');
            break;
        }
        mysqli_free_result($result);
        mysqli_close($link);
        unset($link);
        redirect('login.php?signedUp&username=' . $username, false);
        break;
    }
}
?>
<body>
	<br>
	<br>
Exemple #15
0
        case 2:
            // absolute redirect
            header('Location: ' . K_PATH_HOST . $_SERVER['SCRIPT_NAME']);
            break;
        case 3:
            // html redirect
            echo $htmlredir;
            break;
        case 4:
        default:
            // full redirect
            header('Location: ' . K_PATH_HOST . $_SERVER['SCRIPT_NAME']);
            echo $htmlredir;
            break;
    }
    exit;
}
// check for test password
if (isset($_POST['testpswaction']) and $_POST['testpswaction'] == 'login' and isset($_POST['xtest_password']) and isset($_POST['testid'])) {
    require_once '../../shared/code/tce_functions_test.php';
    $tph = F_getTestPassword($_POST['testid']);
    if (getPasswordHash($_POST['xtest_password']) == $tph) {
        // test password is correct, save status on a session variable
        $_SESSION['session_test_login'] = getPasswordHash($tph . $_POST['testid'] . $_SESSION['session_user_id'] . $_SESSION['session_user_ip']);
    } else {
        F_print_error('WARNING', $l['m_wrong_test_password']);
    }
}
//============================================================+
// END OF FILE
//============================================================+
Exemple #16
0
/**
 * Try various external Login Systems.
 * (SSL, HTTP-BASIC, CAS, SHIBBOLETH, RADIUS, LDAP)
 * @return array of user's data for successful login, false otherwise
 * @since 2012-06-05
 */
function F_altLogin()
{
    global $l, $db;
    require_once '../config/tce_config.php';
    // TCExam tries to retrive the user login information from the following systems:
    // 1) SSL ----------------------------------------------------------
    require_once '../../shared/config/tce_ssl.php';
    if (K_SSL_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) {
        if (isset($_SERVER['SSL_CLIENT_M_SERIAL']) and isset($_SERVER['SSL_CLIENT_I_DN']) and isset($_SERVER['SSL_CLIENT_V_END']) and isset($_SERVER['SSL_CLIENT_VERIFY']) and $_SERVER['SSL_CLIENT_VERIFY'] === 'SUCCESS' and isset($_SERVER['SSL_CLIENT_V_REMAIN']) and $_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
            $_POST['xuser_name'] = md5($_SERVER['SSL_CLIENT_M_SERIAL'] . $_SERVER['SSL_CLIENT_I_DN']);
            $_POST['xuser_password'] = getPasswordHash($_SERVER['SSL_CLIENT_M_SERIAL'] . $_SERVER['SSL_CLIENT_I_DN'] . K_RANDOM_SECURITY . $_SERVER['SSL_CLIENT_V_END']);
            $_POST['logaction'] = 'login';
            $usr = array();
            if (isset($_SERVER['SSL_CLIENT_S_DN_Email'])) {
                $usr['user_email'] = $_SERVER['SSL_CLIENT_S_DN_Email'];
            } else {
                $usr['user_email'] = '';
            }
            if (isset($_SERVER['SSL_CLIENT_S_DN_CN'])) {
                $usr['user_firstname'] = $_SERVER['SSL_CLIENT_S_DN_CN'];
            } else {
                $usr['user_firstname'] = '';
            }
            $usr['user_lastname'] = '';
            $usr['user_birthdate'] = '';
            $usr['user_birthplace'] = '';
            $usr['user_regnumber'] = '';
            $usr['user_ssn'] = '';
            $usr['user_level'] = K_SSL_USER_LEVEL;
            $usr['usrgrp_group_id'] = K_SSL_USER_GROUP_ID;
            return $usr;
        }
    }
    // -----------------------------------------------------------------
    // 2) HTTP BASIC ---------------------------------------------------
    require_once '../../shared/config/tce_httpbasic.php';
    if (K_HTTPBASIC_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) {
        if (isset($_SERVER['AUTH_TYPE']) and $_SERVER['AUTH_TYPE'] == 'Basic' and isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW']) and $_SESSION['session_user_name'] != $_SERVER['PHP_AUTH_USER']) {
            $_POST['xuser_name'] = $_SERVER['PHP_AUTH_USER'];
            $_POST['xuser_password'] = $_SERVER['PHP_AUTH_PW'];
            $_POST['logaction'] = 'login';
            $usr = array();
            $usr['user_email'] = '';
            $usr['user_firstname'] = '';
            $usr['user_lastname'] = '';
            $usr['user_birthdate'] = '';
            $usr['user_birthplace'] = '';
            $usr['user_regnumber'] = '';
            $usr['user_ssn'] = '';
            $usr['user_level'] = K_HTTPBASIC_USER_LEVEL;
            $usr['usrgrp_group_id'] = K_HTTPBASIC_USER_GROUP_ID;
            return $usr;
        }
    }
    // -----------------------------------------------------------------
    // 3) CAS - Central Authentication Service -------------------------
    require_once '../../shared/config/tce_cas.php';
    if (K_CAS_ENABLED) {
        require_once '../../shared/cas/CAS.php';
        phpCAS::client(K_CAS_VERSION, K_CAS_HOST, K_CAS_PORT, K_CAS_PATH, false);
        phpCAS::setNoCasServerValidation();
        phpCAS::forceAuthentication();
        if ($_SESSION['session_user_name'] != phpCAS::getUser()) {
            $_POST['xuser_name'] = phpCAS::getUser();
            $_POST['xuser_password'] = getPasswordHash($_POST['xuser_name'] . K_RANDOM_SECURITY);
            $_POST['logaction'] = 'login';
            $usr = array();
            $usr['user_email'] = '';
            $usr['user_firstname'] = '';
            $usr['user_lastname'] = '';
            $usr['user_birthdate'] = '';
            $usr['user_birthplace'] = '';
            $usr['user_regnumber'] = '';
            $usr['user_ssn'] = '';
            $usr['user_level'] = K_CAS_USER_LEVEL;
            $usr['usrgrp_group_id'] = K_CAS_USER_GROUP_ID;
            return $usr;
        }
    }
    // -----------------------------------------------------------------
    // 4) Shibboleth ---------------------------------------------------
    require_once '../../shared/config/tce_shibboleth.php';
    if (K_SHIBBOLETH_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) {
        if (isset($_SERVER['AUTH_TYPE']) and $_SERVER['AUTH_TYPE'] == 'shibboleth' and (isset($_SERVER['Shib_Session_ID']) and !empty($_SERVER['Shib_Session_ID']) or isset($_SERVER['HTTP_SHIB_IDENTITY_PROVIDER']) and !empty($_SERVER['HTTP_SHIB_IDENTITY_PROVIDER'])) and isset($_SERVER['eppn']) and $_SESSION['session_user_name'] != $_SERVER['eppn']) {
            $_POST['xuser_name'] = $_SERVER['eppn'];
            $_POST['xuser_password'] = getPasswordHash($_POST['xuser_name'] . K_RANDOM_SECURITY);
            $_POST['logaction'] = 'login';
            $usr = array();
            $usr['user_email'] = $_SERVER['eppn'];
            if (isset($_SERVER['givenName'])) {
                $usr['user_firstname'] = $_SERVER['givenName'];
            } else {
                $usr['user_firstname'] = '';
            }
            if (isset($_SERVER['sn'])) {
                $usr['user_lastname'] = $_SERVER['sn'];
            } else {
                $usr['user_lastname'] = '';
            }
            $usr['user_birthdate'] = '';
            $usr['user_birthplace'] = '';
            if (isset($_SERVER['employeeNumber'])) {
                $usr['user_regnumber'] = $_SERVER['employeeNumber'];
            } else {
                $usr['user_regnumber'] = '';
            }
            $usr['user_ssn'] = '';
            $usr['user_level'] = K_SHIBBOLETH_USER_LEVEL;
            $usr['usrgrp_group_id'] = K_SHIBBOLETH_USER_GROUP_ID;
            return $usr;
        }
    }
    // -----------------------------------------------------------------
    if (isset($_POST['logaction']) and $_POST['logaction'] == 'login' and isset($_POST['xuser_name']) and isset($_POST['xuser_password'])) {
        // 5) RADIUS ---------------------------------------------------
        require_once '../../shared/config/tce_radius.php';
        if (K_RADIUS_ENABLED) {
            require_once '../../shared/radius/radius.class.php';
            $radius = new Radius(K_RADIUS_SERVER_IP, K_RADIUS_SHARED_SECRET, K_RADIUS_SUFFIX, K_RADIUS_UDP_TIMEOUT, K_RADIUS_AUTHENTICATION_PORT, K_RADIUS_ACCOUNTING_PORT);
            if (K_RADIUS_UTF8) {
                $radusername = utf8_encode($_POST['xuser_name']);
                $radpassword = utf8_encode($_POST['xuser_password']);
            } else {
                $radusername = $_POST['xuser_name'];
                $radpassword = $_POST['xuser_password'];
            }
            if ($radius->AccessRequest($radusername, $radpassword)) {
                $usr = array();
                $usr['user_email'] = '';
                $usr['user_firstname'] = '';
                $usr['user_lastname'] = '';
                $usr['user_birthdate'] = '';
                $usr['user_birthplace'] = '';
                $usr['user_regnumber'] = '';
                $usr['user_ssn'] = '';
                $usr['user_level'] = K_RADIUS_USER_LEVEL;
                $usr['usrgrp_group_id'] = K_RADIUS_USER_GROUP_ID;
                return $usr;
            }
        }
        // -------------------------------------------------------------
        // 6) LDAP -----------------------------------------------------
        require_once '../../shared/config/tce_ldap.php';
        if (K_LDAP_ENABLED) {
            // make ldap connection
            $ldapconn = ldap_connect(K_LDAP_HOST, K_LDAP_PORT);
            ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, K_LDAP_PROTOCOL_VERSION);
            ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
            // recommended for W2K3
            // bind anonymously and get dn for username.
            if (K_LDAP_UTF8) {
                $ldapusername = utf8_encode($_POST['xuser_name']);
                $ldappassword = utf8_encode($_POST['xuser_password']);
            } else {
                $ldapusername = $_POST['xuser_name'];
                $ldappassword = $_POST['xuser_password'];
            }
            if ($lbind = ldap_bind($ldapconn, $ldapusername, $ldappassword)) {
                // Search user on LDAP tree
                sort($ldap_attr);
                $ldap_filter = str_replace('#USERNAME#', $ldapusername, K_LDAP_FILTER);
                if ($search = @ldap_search($ldapconn, K_LDAP_BASE_DN, $ldap_filter, $ldap_attr)) {
                    if ($rdn = @ldap_get_entries($ldapconn, $search)) {
                        if (@ldap_bind($ldapconn, $rdn['dn'], $_POST['xuser_password'])) {
                            @ldap_unbind($ldapconn);
                            $usr = array();
                            foreach ($ldap_attr as $k => $v) {
                                if (!empty($v) and isset($rdn[$v])) {
                                    $usr[$k] = $rdn[$v];
                                } else {
                                    $usr[$k] = '';
                                }
                            }
                            $usr['user_level'] = K_LDAP_USER_LEVEL;
                            $usr['usrgrp_group_id'] = K_LDAP_USER_GROUP_ID;
                            return $usr;
                        }
                    }
                }
            }
            @ldap_unbind($ldapconn);
        }
        // -------------------------------------------------------------
    }
    return false;
}
Exemple #17
0
                if ($user_email != $user_email_repeat) {
                    //print message and exit
                    F_print_error('WARNING', $l['m_different_emails']);
                    $formstatus = FALSE;
                    F_stripslashes_formfields();
                    break;
                }
            }
            mt_srand((double) microtime() * 1000000);
            $user_verifycode = md5(uniqid(mt_rand(), true));
            // verification code
            $sql = 'UPDATE ' . K_TABLE_USERS . ' SET
				user_email=\'' . F_escape_sql($user_email) . '\',
				user_level=\'0\',
				user_verifycode=\'' . $user_verifycode . '\'
				WHERE user_id=' . $user_id . ' AND user_password=\'' . getPasswordHash($currentpassword) . '\'';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                F_print_error('MESSAGE', $l['m_email_updated']);
                // require email confirmation
                require_once '../../shared/code/tce_functions_user_registration.php';
                F_send_user_reg_email($user_id, $user_email, $user_verifycode);
                F_print_error('MESSAGE', $user_email . ': ' . $l['m_user_verification_sent']);
                echo '<div class="container">' . K_NEWLINE;
                echo '<strong><a href="index.php" title="' . $l['h_index'] . '">' . $l['h_index'] . ' &gt;</a></strong>' . K_NEWLINE;
                echo '</div>' . K_NEWLINE;
                require_once 'tce_page_footer.php';
                exit;
            }
        }
Exemple #18
0
<?php

require __DIR__ . '/../vendor/autoload.php';
require __DIR__ . '/../app/config.php';
require __DIR__ . '/../app/db.php';
require __DIR__ . '/../app/utility.php';
$app = new \Slim\Slim($config);
$mongoCollection = getMongoCollection('user');
try {
    $username = $argv[1];
    $email = $argv[2];
    $password = $argv[3];
    $result = $mongoCollection->find(array('username' => $username));
    if (!$result->count()) {
        throw new RuntimeException('存在しないユーザーです');
    }
    $result = $mongoCollection->find(array('email' => $email, 'username' => array('$ne' => $username)));
    if ($result->count()) {
        throw new RuntimeException('メールアドレスの重複はできません');
    }
    $mongoCollection->update(array('username' => $username), array('username' => $username, 'email' => $email, 'password' => getPasswordHash($email, $password, $app->config('salt'))));
} catch (RuntimeException $e) {
    echo $e->getMessage() . PHP_EOL;
    return;
}
echo 'User:'******' updated.' . PHP_EOL;
Exemple #19
0
 if ($newpass != $newpasscnfm) {
     ?>
     <div class="password-change alert alert-danger fade in" role="alert">
         <p class="lead">
             <span class="glyphicon glyphicon-remove-sign" aria-hidden="true"></span>
             <strong>Error</strong> New password does not match confirmed password.
             <br>
             <a class="alert-link" href="javascript:history.back()">Return and Fix</a>
         </p>
     </div>
     <?php 
     exit;
 } else {
     if (checkPassword($currentpwd)) {
         $db = new DB_Functions();
         $hashedPassword = getPasswordHash($newpass);
         $db->changePassword($_SESSION['email'], $hashedPassword);
         ?>
     <div class="password-change alert alert-success fade in" role="alert">
         <p class="lead">
             <span class="glyphicon glyphicon-ok-sign" aria-hidden="true"></span>
             <strong>Success</strong> Your password has been changed!
         </p>
     </div>
     <script type="text/javascript">
     (function(){
         setTimeout(function(){window.location.href = "./"; }, 1200);
     })();
     </script>
     <?php 
     } else {
Exemple #20
0
    case 'add':
        // Add
        if ($formstatus = F_check_form_fields()) {
            // check if name is unique
            if (!F_check_unique(K_TABLE_TESTS, 'test_name=\'' . F_escape_sql($db, $test_name) . '\'')) {
                F_print_error('WARNING', $l['m_duplicate_name']);
                $formstatus = FALSE;
                F_stripslashes_formfields();
                break;
            }
            if (isset($test_id) and $test_id > 0) {
                // save previous test_id.
                $old_test_id = $test_id;
            }
            if (!empty($new_test_password)) {
                $test_password = getPasswordHash($new_test_password);
            }
            $sql = 'INSERT INTO ' . K_TABLE_TESTS . ' (
			test_name,
				test_description,
				test_begin_time,
				test_end_time,
				test_duration_time,
				test_ip_range,
				test_results_to_users,
				test_report_to_users,
				test_score_right,
				test_score_wrong,
				test_score_unanswered,
				test_max_score,
				test_user_id,
Exemple #21
0
     $testlog_id = intval($_REQUEST['testlogid']);
 }
 if (isset($_REQUEST['answerid']) and $_REQUEST['answerid'] > 0) {
     $answer_id = $_REQUEST['answerid'];
 }
 if (isset($_REQUEST['answertext']) and !empty($_REQUEST['answertext'])) {
     $answer_text = $_REQUEST['answertext'];
 }
 if (isset($_REQUEST['reaction_time']) and $_REQUEST['reaction_time'] > 0) {
     $reaction_time = intval($_REQUEST['reaction_time']);
 } else {
     $reaction_time = 0;
 }
 // check for test password
 $tph = F_getTestPassword($test_id);
 if (!empty($tph) and $_SESSION['session_test_login'] != getPasswordHash($tph . $test_id . $_SESSION['session_user_id'] . $_SESSION['session_user_ip'])) {
     // display login page
     require_once '../code/tce_page_header.php';
     echo F_testLoginForm($_SERVER['SCRIPT_NAME'], 'form_test_login', 'post', 'multipart/form-data', $test_id);
     require_once '../code/tce_page_footer.php';
     exit;
     //break page here
 }
 if (F_executeTest($test_id)) {
     if (isset($_REQUEST['forceterminate']) and !empty($_REQUEST['forceterminate'])) {
         if ($_REQUEST['forceterminate'] == 'lasttimedquestion') {
             // update last question
             F_updateQuestionLog($test_id, $testlog_id, $answer_id, $answer_text, $reaction_time);
         }
         // terminate the test (lock the test to status=4)
         F_terminateUserTest($test_id);
Exemple #22
0
    $user2['user_password_lastchanged'] = time();
    // All new
    $pw = $_POST['password_new'];
    try {
        if ($id == $login['user_id'] && (!isset($_POST['password_old']) || getPasswordHash($_POST['password_old']) != $user['user_password'])) {
            $serious_failed = true;
            throw new Exception(_h('Old password is not correct.'));
        }
        loginPWcheckExternal($user2, $pw);
        loginPWcheckSetNew($user2, $pw);
    } catch (Exception $e) {
        $failed_msg = $e->getMessage();
        $failed = true;
    }
    if (!$serious_failed && (!$failed || $failed && isset($_POST['ignore_msg']) && $_POST['ignore_msg'] == '1')) {
        $sql = 'UPDATE `users` SET ' . '`user_password`              = \'' . getPasswordHash($pw) . '\', ' . '`user_password_1`            = \'' . $user['user_password'] . '\', ' . '`user_password_2`            = \'' . $user['user_password_1'] . '\', ' . '`user_password_3`            = \'' . $user['user_password_2'] . '\', ' . '`user_password_lastchanged`  = \'' . time() . '\', ' . '`user_password_complex`      = \'' . !$failed . '\'' . ' WHERE `user_id` = ' . $user['user_id'] . ' LIMIT 1 ;';
        mysql_query($sql);
        if (mysql_error()) {
            echo 'Error<br>';
            echo mysql_error();
            exit;
        }
        if ($user['user_id'] == $login['user_id']) {
            header('Location: logout.php?newpw_ok=1');
        } else {
            header('Location: admin_user_password.php?id=' . $user['user_id'] . '&ok=1');
        }
        exit;
    }
}
include "include/admin_middel.php";
Exemple #23
0
 if (isset($user_regnumber) and strlen($user_regnumber) > 0 and !F_check_unique(K_TABLE_USERS, 'user_regnumber=\'' . F_escape_sql($db, $user_regnumber) . '\'')) {
     F_print_error('WARNING', $l['m_duplicate_regnumber']);
     $formstatus = FALSE;
     F_stripslashes_formfields();
 }
 // check if ssn is unique
 if (isset($user_ssn) and strlen($user_ssn) > 0 and !F_check_unique(K_TABLE_USERS, 'user_ssn=\'' . F_escape_sql($db, $user_ssn) . '\'')) {
     F_print_error('WARNING', $l['m_duplicate_ssn']);
     $formstatus = FALSE;
     F_stripslashes_formfields();
 }
 // check password
 if (!empty($newpassword) or !empty($newpassword_repeat)) {
     // update password
     if ($newpassword == $newpassword_repeat) {
         $user_password = getPasswordHash($newpassword);
         // update OTP key
         $user_otpkey = F_getRandomOTPkey();
     } else {
         //print message and exit
         F_print_error('WARNING', $l['m_different_passwords']);
         $formstatus = FALSE;
         F_stripslashes_formfields();
     }
 } else {
     //print message and exit
     F_print_error('WARNING', $l['m_empty_password']);
     $formstatus = FALSE;
     F_stripslashes_formfields();
 }
 if ($formstatus) {
Exemple #24
0
/**
 * Sends email test reports to users.
 * @author Nicola Asuni
 * @since 2005-02-24
 * @param $test_id (int) TEST ID
 * @param $user_id (int) USER ID (0 means all users)
 * @param $testuser_id (int) test-user ID - if greater than zero, filter stats for the specified test-user.
 * @param $group_id (int) GROUP ID (0 means all groups)
 * @param $startdate (int) start date ID - if greater than zero, filter stats for the specified starting date
 * @param $enddate (int) end date ID - if greater than zero, filter stats for the specified ending date
 * @param $mode (int) type of report to send: 0=detailed report; 1=summary report (without questions)
 * @param $display_mode display (int) mode: 0 = disabled; 1 = minimum; 2 = module; 3 = subject; 4 = question; 5 = answer.
 * @param $show_graph (boolean) If true display the score graph.
 */
function F_send_report_emails($test_id, $user_id = 0, $testuser_id = 0, $group_id = 0, $startdate = 0, $enddate = 0, $mode = 0, $display_mode = 1, $show_graph = false)
{
    global $l, $db;
    require_once '../config/tce_config.php';
    require_once '../../shared/code/tce_functions_test.php';
    require_once '../../shared/code/tce_functions_test_stats.php';
    require_once '../../shared/code/tce_class_mailer.php';
    require_once 'tce_functions_user_select.php';
    $mode = intval($mode);
    if ($test_id > 0) {
        $test_id = intval($test_id);
        if (!F_isAuthorizedUser(K_TABLE_TESTS, 'test_id', $test_id, 'test_user_id')) {
            return;
        }
    } else {
        $test_id = 0;
    }
    if ($user_id > 0) {
        $user_id = intval($user_id);
    } else {
        $user_id = 0;
    }
    if ($testuser_id > 0) {
        $testuser_id = intval($testuser_id);
    } else {
        $testuser_id = 0;
    }
    if ($group_id > 0) {
        $group_id = intval($group_id);
    } else {
        $group_id = 0;
    }
    if (!empty($startdate)) {
        $startdate_time = strtotime($startdate);
        $startdate = date(K_TIMESTAMP_FORMAT, $startdate_time);
    } else {
        $startdate = '';
    }
    if (!empty($enddate)) {
        $enddate_time = strtotime($enddate);
        $enddate = date(K_TIMESTAMP_FORMAT, $enddate_time);
    } else {
        $enddate = '';
    }
    // Instantiate C_mailer class
    $mail = new C_mailer();
    //Load default values
    $mail->language = $l;
    $mail->Priority = $emailcfg['Priority'];
    $mail->ContentType = $emailcfg['ContentType'];
    $mail->Encoding = $emailcfg['Encoding'];
    $mail->WordWrap = $emailcfg['WordWrap'];
    $mail->Mailer = $emailcfg['Mailer'];
    $mail->Sendmail = $emailcfg['Sendmail'];
    $mail->UseMSMailHeaders = $emailcfg['UseMSMailHeaders'];
    $mail->Host = $emailcfg['Host'];
    $mail->Port = $emailcfg['Port'];
    $mail->Helo = $emailcfg['Helo'];
    $mail->SMTPAuth = $emailcfg['SMTPAuth'];
    $mail->SMTPSecure = $emailcfg['SMTPSecure'];
    $mail->Username = $emailcfg['Username'];
    $mail->Password = $emailcfg['Password'];
    $mail->Timeout = $emailcfg['Timeout'];
    $mail->SMTPDebug = $emailcfg['SMTPDebug'];
    $mail->PluginDir = $emailcfg['PluginDir'];
    $mail->Sender = $emailcfg['Sender'];
    $mail->From = $emailcfg['From'];
    $mail->FromName = $emailcfg['FromName'];
    if ($emailcfg['Reply']) {
        $mail->AddReplyTo($emailcfg['Reply'], $emailcfg['ReplyName']);
    }
    $mail->CharSet = $l['a_meta_charset'];
    if (!$mail->CharSet) {
        $mail->CharSet = $emailcfg['CharSet'];
    }
    $mail->Subject = $l['t_result_user'];
    $mail->IsHTML(TRUE);
    // Set message type to HTML.
    $email_num = 0;
    // count emails;
    // get all data
    $data = F_getAllUsersTestStat($test_id, $group_id, $user_id, $startdate, $enddate, 'total_score', false, $display_mode);
    foreach ($data['testuser'] as $tu) {
        if (strlen($tu['user_email']) > 3) {
            // set HTML header
            $mail->Body = $emailcfg['MsgHeader'];
            // compose alternate TEXT message
            $mail->AltBody = '' . $l['t_result_user'] . ' [' . $tu['testuser_creation_time'] . ']' . K_NEWLINE;
            $mail->AltBody .= $l['w_test'] . ': ' . $tu['test']['test_name'] . K_NEWLINE;
            $passmsg = '';
            if ($tu['test']['test_score_threshold'] > 0) {
                $mail->AltBody .= $l['w_test_score_threshold'] . ': ' . $tu['test']['test_score_threshold'];
                if ($tu['total_score'] >= $tu['test']['test_score_threshold']) {
                    $passmsg = ' - ' . $l['w_passed'];
                } else {
                    $passmsg = ' - ' . $l['w_not_passed'];
                }
                $mail->AltBody .= K_NEWLINE;
            }
            $mail->AltBody .= $l['w_score'] . ': ' . F_formatFloat($tu['total_score']) . ' ' . F_formatPercentage($tu['total_score_perc'], false) . $passmsg . K_NEWLINE;
            if ($display_mode > 0) {
                $mail->AltBody .= $l['w_answers_right'] . ': ' . $tu['right'] . '&nbsp;' . F_formatPercentage($tu['right_perc'], false) . K_NEWLINE;
                $mail->AltBody .= $l['w_answers_wrong'] . ': ' . $tu['wrong'] . '&nbsp;' . F_formatPercentage($tu['wrong_perc'], false) . K_NEWLINE;
                $mail->AltBody .= $l['w_questions_unanswered'] . ': ' . $tu['unanswered'] . '&nbsp;' . F_formatPercentage($tu['unanswered_perc'], false) . K_NEWLINE;
                $mail->AltBody .= $l['w_questions_undisplayed'] . ': ' . $tu['undisplayed'] . '&nbsp;' . F_formatPercentage($tu['undisplayed_perc'], false) . K_NEWLINE;
            }
            if ($mode == 0) {
                $pdfkey = getPasswordHash(date('Y') . $tu['id'] . K_RANDOM_SECURITY . $tu['test']['test_id'] . date('m') . $tu['user_id']);
                // create PDF doc
                $mode = 3;
                $pdf_content = file_get_contents(K_PATH_HOST . K_PATH_TCEXAM . 'admin/code/tce_pdf_results.php?mode=' . $mode . '&diplay_mode=' . $display_mode . '&show_graph=' . $show_graph . '&test_id=' . $tu['test']['test_id'] . '&user_id=' . $tu['user_id'] . '&testuser_id=' . $tu['id'] . '&email=' . $pdfkey);
                // set PDF document file name
                $doc_name = 'tcexam_report';
                $doc_name .= '_' . $mode;
                $doc_name .= '_0';
                $doc_name .= '_' . $tu['test']['test_id'];
                $doc_name .= '_0';
                $doc_name .= '_' . $tu['user_id'];
                $doc_name .= '_' . $tu['id'];
                $doc_name .= '.pdf';
                // attach document
                $mail->AddStringAttachment($pdf_content, $doc_name, $emailcfg['AttachmentsEncoding'], 'application/octet-stream');
                $mail->AltBody .= K_NEWLINE . $l['w_attachment'] . ': ' . $doc_name . K_NEWLINE;
            }
            // convert alternate text to HTML
            $mail->Body .= str_replace(K_NEWLINE, '<br />' . K_NEWLINE, $mail->AltBody);
            // add HTML footer
            $mail->Body .= $emailcfg['MsgFooter'];
            //--- Elaborate user Templates ---
            $mail->Body = str_replace('#CHARSET#', $l['a_meta_charset'], $mail->Body);
            $mail->Body = str_replace('#LANG#', $l['a_meta_language'], $mail->Body);
            $mail->Body = str_replace('#LANGDIR#', $l['a_meta_dir'], $mail->Body);
            $mail->Body = str_replace('#EMAIL#', $tu['user_email'], $mail->Body);
            $mail->Body = str_replace('#USERNAME#', htmlspecialchars($tu['user_name'], ENT_NOQUOTES, $l['a_meta_charset']), $mail->Body);
            $mail->Body = str_replace('#USERFIRSTNAME#', htmlspecialchars($tu['user_firstname'], ENT_NOQUOTES, $l['a_meta_charset']), $mail->Body);
            $mail->Body = str_replace('#USERLASTNAME#', htmlspecialchars($tu['user_lastname'], ENT_NOQUOTES, $l['a_meta_charset']), $mail->Body);
            // add a "To" address
            $mail->AddAddress($tu['user_email'], $tu['user_name']);
            $email_num++;
            $progresslog = '' . $email_num . '. ' . $tu['user_email'] . ' [' . $tu['user_name'] . ']';
            //output user data
            if (!$mail->Send()) {
                //send email to user
                $progresslog .= ' [' . $l['t_error'] . ']';
                //display error message
            }
            $mail->ClearAddresses();
            // Clear all addresses for next loop
            $mail->ClearAttachments();
            // Clears all previously set filesystem, string, and binary attachments
        } else {
            $progresslog = '[' . $l['t_error'] . '] ' . $tu['user_name'] . ': ' . $l['m_unknown_email'] . '';
            //output user data
        }
        echo $progresslog . '<br />' . K_NEWLINE;
        //output processed emails
        flush();
        // force browser output
    }
    $mail->ClearAddresses();
    // Clear all addresses for next loop
    $mail->ClearCustomHeaders();
    // Clears all custom headers
    $mail->ClearAllRecipients();
    // Clears all recipients assigned in the TO, CC and BCC
    $mail->ClearAttachments();
    // Clears all previously set filesystem, string, and binary attachments
    $mail->ClearReplyTos();
    // Clears all recipients assigned in the ReplyTo array
    return;
}