Exemple #1
0
/**
* Create a default home calendar for the user.
* @param string $username The username of the user we are creating relationships for.
*/
function CreateHomeCalendar($username)
{
    global $session, $c;
    if (!isset($c->home_calendar_name) || strlen($c->home_calendar_name) == 0) {
        return true;
    }
    $usr = getUserByName($username);
    $parent_path = "/" . $username . "/";
    $calendar_path = $parent_path . $c->home_calendar_name . "/";
    $dav_etag = md5($usr->user_no . $calendar_path);
    $qry = new AwlQuery('SELECT 1 FROM collection WHERE dav_name = :dav_name', array(':dav_name' => $calendar_path));
    if ($qry->Exec()) {
        if ($qry->rows() > 0) {
            $c->messages[] = i18n("Home calendar already exists.");
            return true;
        }
    } else {
        $c->messages[] = i18n("There was an error writing to the database.");
        return false;
    }
    $sql = 'INSERT INTO collection (user_no, parent_container, dav_name, dav_etag, dav_displayname, is_calendar, created, modified, resourcetypes) ';
    $sql .= 'VALUES( :user_no, :parent_container, :calendar_path, :dav_etag, :displayname, true, current_timestamp, current_timestamp, :resourcetypes );';
    $params = array(':user_no' => $usr->user_no, ':parent_container' => $parent_path, ':calendar_path' => $calendar_path, ':dav_etag' => $dav_etag, ':displayname' => $usr->fullname, ':resourcetypes' => '<DAV::collection/><urn:ietf:params:xml:ns:caldav:calendar/>');
    $qry = new AwlQuery($sql, $params);
    if ($qry->Exec()) {
        $c->messages[] = i18n("Home calendar added.");
        dbg_error_log("User", ":Write: Created user's home calendar at '%s'", $calendar_path);
    } else {
        $c->messages[] = i18n("There was an error writing to the database.");
        return false;
    }
    return true;
}
Exemple #2
0
function validateCreateUser()
{
    $username = $_POST['username'];
    $password = $_POST['password'];
    $repeat = $_POST['repeat_password'];
    $email = $_POST['email'];
    $check = mysql_num_rows(getUserByName($username));
    $err = false;
    $msg = 'Sign up failed.\\n';
    if (strlen($username) < 4) {
        $err = true;
        $msg .= 'Username must be at least 4 characters long.\\n';
    }
    if ($check > 0) {
        $err = true;
        $msg .= 'That username already exists.\\n';
    }
    if (strlen($password) < 6) {
        $err = true;
        $msg .= 'Password must be at least 6 characters long.\\n';
    }
    if (!($password === $repeat)) {
        $err = true;
        $msg .= 'Passwords must match.\\n';
    }
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $err = true;
        $msg .= 'Email Invalid.\\n';
    }
    if ($err) {
        return $msg;
    }
}
/**
* Check the username / password against the PAM system
*/
function SQUID_PAM_check($username, $password)
{
    global $c;
    /**
     * @todo Think of the children!  This is a horribly insecure use of unvalidated user input!  Probably it should be done with a popen or something, and it seems remarkably dodgy to expect that naively quoted strings will work in any way reliably.
     * Meanwhile, I've quickly hacked something basic in place to improve the situation.  No quotes/backslashes in passwords for YOU!
     */
    $username = str_replace("'", "", str_replace('"', "", str_replace('\\', "", $username)));
    $password = str_replace("'", "", str_replace('"', "", str_replace('\\', "", $password)));
    $cmd = "echo '" . $username . "' '" . $password . "' | " . $c->authenticate_hook['config']['script'] . " -n common-auth";
    $auth_result = exec($cmd);
    if ($auth_result == "OK") {
        if ($usr = getUserByName($username)) {
            return $usr;
        } else {
            dbg_error_log("PAM", "user %s doesn't exist in local DB, we need to create it", $username);
            $fullname = exec('getent passwd "' . $username . '"');
            $fullname = preg_replace('{^[^:]+:[^:]+:\\d+:\\d+:([^:,]+)(,?[^:]*):.*$}', '$1', $fullname);
            $usr = (object) array('user_no' => 0, 'username' => $username, 'active' => 't', 'email' => $username . "@" . $c->authenticate_hook['config']['email_base'], 'updated' => date(), 'fullname' => $fullname);
            UpdateUserFromExternal($usr);
            return $usr;
        }
    } else {
        dbg_error_log("PAM", "User %s is not a valid username (or password was wrong)", $username);
        return false;
    }
}
Exemple #4
0
function checkUserPwd($user, $pwd)
{
    global $key_pwd;
    if (!($u = getUserByName($user))) {
        $u = getUserByEmail($user);
    }
    if (dc_decrypt($u->password, $key_pwd) == $pwd) {
        return $u;
    } else {
        return false;
    }
}
Exemple #5
0
 public function __construct($username)
 {
     $result = getUserByName($username);
     $count = mysql_num_rows($result);
     if (count === 1) {
         // user exists
         $row = mysql_fetch_row($result);
         $this->userId = $row[0];
         $this->username = $row[1];
         $this->email = $row[2];
         $this->houseId = $row[5];
     } else {
         throw new Exception('Username not found.');
     }
 }
Exemple #6
0
 /**
  * Constructor
  * @param mixed $parameters If null, an empty Principal is created.  If it
  *              is an integer then that ID is read (if possible).  If it is
  *              an array then the Principal matching the supplied elements
  *              is read.  If it is an object then it is expected to be a 'usr'
  *              record that was read elsewhere.
  *
  * @return boolean Whether we actually read data from the DB to initialise the record.
  */
 function __construct($parameters = null)
 {
     global $session, $c;
     $this->exists = null;
     $this->url = null;
     if ($parameters == null) {
         return false;
     }
     $this->by_email = false;
     if (is_object($parameters)) {
         dbg_error_log('principal', 'Principal: record for %s', $parameters->username);
         $usr = $parameters;
     } else {
         if (is_int($parameters)) {
             dbg_error_log('principal', 'Principal: %d', $parameters);
             $usr = getUserByID($parameters);
             $this->user_no = $parameters['user_no'];
         } else {
             if (is_array($parameters)) {
                 if (!isset($parameters['options']['allow_by_email'])) {
                     $parameters['options']['allow_by_email'] = false;
                 }
                 if (isset($parameters['username'])) {
                     $usr = getUserByName($parameters['username']);
                     $this->username = $parameters['username'];
                 } else {
                     if (isset($parameters['user_no'])) {
                         $usr = getUserByID($parameters['user_no']);
                         $this->user_no = $parameters['user_no'];
                     } else {
                         if (isset($parameters['email']) && $parameters['options']['allow_by_email']) {
                             if ($username = $this->UsernameFromEMail($parameters['email'])) {
                                 $usr = getUserByName($username);
                                 $this->username = $username;
                             }
                         } else {
                             if (isset($parameters['path'])) {
                                 dbg_error_log('principal', 'Finding Principal from path: "%s", options.allow_by_email: "%s"', $parameters['path'], $parameters['options']['allow_by_email']);
                                 if ($username = $this->UsernameFromPath($parameters['path'], $parameters['options'])) {
                                     $usr = getUserByName($username);
                                     $this->username = $username;
                                 }
                             } else {
                                 if (isset($parameters['principal-property-search'])) {
                                     $usr = $this->PropertySearch($parameters['principal-property-search']);
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
     if (!isset($usr) || !is_object($usr)) {
         $this->exists = false;
         return false;
     }
     $this->exists = true;
     $this->InitialiseRecord($usr);
     if (is_array($parameters) && !isset($parameters['username']) && !isset($parameters['user_no']) && isset($parameters['path']) && preg_match('{^/(~|principals/)}', $parameters['path'])) {
         // Force it to match
         $this->url = $parameters['path'];
         $this->dav_name = $parameters['path'];
     }
 }
Exemple #7
0
            unset($user["password"]);
            $result->status = true;
            $result->data = $user;
        } else {
            $result->message = "invalid_key";
        }
    } else {
        $result->message = "sketcy";
    }
    echo json_encode($result);
});
$app->get("/user/:username", function ($username) {
    global $app;
    $result = new stdClass();
    $result->status = false;
    $user = getUserByName($username);
    if ($user) {
        unset($user["password"]);
        $result->status = true;
        $result->data = $user;
    }
    echo json_encode($result);
});
$app->get("/email/:email", function ($email) {
    global $app;
    $result = new stdClass();
    $result->status = false;
    $user = getUserByEmail($email);
    if ($user) {
        unset($user["password"]);
        $result->status = true;
function addUser($user)
{
    $db = connectDB();
    //Ajout de l'user dans la table USER
    $sql = 'INSERT INTO mif22_user (username_user, password_user, type_user) VALUES ("' . $user->getUsername() . '", "' . $user->getPass() . '",' . $user->getType() . ');';
    mysql_query($sql) or die('Erreur SQL ! : ' . mysql_error());
    mysql_close($db);
    if ($user->getType() != 0) {
        //Si ce n'est pas un enseignant
        //Selection de l'id du dernier user
        $user = getUserByName($user->getUsername());
        $db = connectDB();
        //Initialisation des niveaux du joueur
        $sql = 'INSERT INTO mif22_levelUserExercice (`id_user`, `id_exercice`, `level`) VALUES 
        (' . $user->getId() . ', 1, 0), 
        (' . $user->getId() . ', 21, 1), 
        (' . $user->getId() . ', 22, 1), 
        (' . $user->getId() . ', 23, 1), 
        (' . $user->getId() . ', 24, 1), 
        (' . $user->getId() . ', 31, 1), 
        (' . $user->getId() . ', 32, 1), 
        (' . $user->getId() . ', 33, 1);';
        echo $sql;
        mysql_query($sql) or die('Erreur SQL la ! : ' . mysql_error());
        $sql = 'INSERT INTO mif22_noteFausseExoSol (`id_user`,`do`,`re`,`mi`,`fa`,`sol`,`la`,`si`) VALUES
        (' . $user->getId() . ', 1, 1, 1, 1, 1, 1, 1);';
        mysql_query($sql) or die('Erreur SQL la ! : ' . mysql_error());
        $sql = 'INSERT INTO mif22_noteFausseExoFa (`id_user`,`do`,`re`,`mi`,`fa`,`sol`,`la`,`si`) VALUES
        (' . $user->getId() . ', 1, 1, 1, 1, 1, 1, 1);';
        mysql_query($sql) or die('Erreur SQL la ! : ' . mysql_error());
        mysql_close($db);
    }
}
Exemple #9
0
<?php

require_once "query/message.php";
$DOJSS = $_COOKIE['DOJSS'];
$user = checkDOJSS($DOJSS);
if ($user) {
    $offset = $limit = '';
    $list = $la = [];
    if (isset($_GET['pid'])) {
        $pid = (int) $_GET['pid'];
        $la[] = "`pid` = {$pid}";
    }
    if (isset($_GET['uname'])) {
        $uid = getUserByName($_GET['uname']);
        if ($uid) {
            $uid = $uid->id;
        } else {
            $uid = 0;
        }
        $la[] = "`uid` = {$uid}";
    }
    if ($la) {
        $limit = "WHERE " . join(" AND ", $la);
    }
    if (isset($_GET['offset'])) {
        $offset = "OFFSET " . (int) $_GET['offset'];
    }
    $res = mysql_query("SELECT * FROM `submit` {$limit} ORDER BY `id` DESC LIMIT 50 {$offset}");
    while ($r = mysql_fetch_object($res)) {
        unset($r->code);
        $r->uname = getUserByID($r->uid)->name;
Exemple #10
0
<?php

require 'dbadapter.php';
require 'validate.php';
if (isset($_POST['username'])) {
    $error = validateUserLogin();
    if (!$error) {
        // validation successful
        $username = $_POST['username'];
        $result = getUserByName($username);
        $count = mysql_num_rows($result);
        if ($count === 1) {
            // user exists
            $row = mysql_fetch_row($result);
            if (password_verify($_POST['password'], $row[3])) {
                // password verified
                userActive($username);
                // switch active on for user $username
                session_regenerate_id();
                $_SESSION['username'] = $username;
                session_write_close();
                $message = "Welcome {$username}";
                echo "<script type='text/javascript'>alert('{$message}'); window.location.href = 'http://localhost/mates/home.php';</script>";
            } else {
                // wrong password
                $message = "Sorry, the password did not match, please try again.";
                echo "<script type='text/javascript'>alert('{$message}');</script>";
            }
        } else {
            // no user of that username
            $message = "That username does not exist. Please try again or sign up.";
Exemple #11
0
 /**
  * CheckPassword does all of the password checking and
  * returns a user record object, or false if it all ends in tears.
  */
 function CheckPassword($username, $password)
 {
     global $c;
     if (isset($c->authenticate_hook) && isset($c->authenticate_hook['call']) && function_exists($c->authenticate_hook['call'])) {
         /**
          * The authenticate hook needs to:
          *   - Accept a username / password
          *   - Confirm the username / password are correct
          *   - Create (or update) a 'usr' record in our database
          *   - Return the 'usr' record as an object
          *   - Return === false when authentication fails
          *
          * It can expect that:
          *   - Configuration data will be in $c->authenticate_hook['config'], which might be an array, or whatever is needed.
          */
         $hook_response = call_user_func($c->authenticate_hook['call'], $username, $password);
         /**
          * make the authentication hook optional: if the flag is set, ignore a return value of 'false'
          */
         if (isset($c->authenticate_hook['optional']) && $c->authenticate_hook['optional']) {
             if ($hook_response !== false) {
                 return $hook_response;
             }
         } else {
             return $hook_response;
         }
     }
     if ($usr = getUserByName($username)) {
         dbg_error_log("BasicAuth", ":CheckPassword: Name:%s, Pass:%s, File:%s, Active:%s", $username, $password, $usr->password, $usr->active ? 'Yes' : 'No');
         if ($usr->active && session_validate_password($password, $usr->password)) {
             return $usr;
         }
     }
     return false;
 }
Exemple #12
0
<?php

require 'auth.php';
require 'dbadapter.php';
// fetch house info for logged in user
$userRow = mysql_fetch_row(getUserByName($username));
$userHouseId = $userRow[5];
$houseRow = mysql_fetch_row(getHouseById($userHouseId));
//house details
$houseName = $houseRow[1];
$houseRent = $houseRow[3];
$houseSqft = $houseRow[4];
include_once 'header.php';
?>
<h2>House View</h2>
<p>You live in your house, <?php 
echo $houseName;
?>
</p>
<?php 
if ($houseSqft) {
    echo "<p>Your house is {$houseSqft} sq. ft. in size</p>";
}
?>
<p>Your rent is <?php 
echo $houseRent;
?>
</p>
<a href="http://localhost/mates/home.php">Home</a>
<?php 
include_once 'footer.php';
Exemple #13
0
<?php

require_once 'query/message.php';
$msg = $_POST;
if (isset($msg['user'])) {
    $user = $msg['user'];
}
if (isset($msg['password'])) {
    $pwd = $msg['password'];
}
$rem = isset($msg['remember']);
if (getUserByName($user) || getUserByEmail($user)) {
    if ($r = checkUserPwd($user, $pwd)) {
        if ($rem) {
            $time = time() + 3600 * 24 * 365;
        } else {
            $time = 0;
        }
        setcookie("DOJSS", DOJSS($r->id, $r->password), $time);
        header("Location:/");
    } else {
        $error = $err['wrongPwd'];
    }
} else {
    $error = $err['noUser'];
}
require_once 'template/login.php';
Exemple #14
0
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <?php 
include './common/meta.php';
?>
    <title>写纸条</title>
</head>
<body>
<?php 
$MSG_TEXT_LIST = array('0' => '消息发送成功!', '1' => '消息内容不能为空!', '2' => '用户名输入错误!', '3' => '用户名不能为空', '10' => '数据库连接错误!');
$doc_title = '写纸条';
$user = $common['user'];
if ($_POST) {
    $username = trim($_POST['username']);
    $content = trim($_POST['content']);
    $target = getUserByName($username, $con);
    $msg_code = -1;
    if ($username == '') {
        $msg_code = 3;
    } else {
        if ($content == '') {
            $msg_code = 1;
        } else {
            if ($target && $target['userid'] != $user['userid']) {
                $sql = "insert into message (toid, authorid, content, dateline) values(" . $target['userid'] . "," . $user['userid'] . ", '" . $content . "'," . time() . ");";
                $result = mysql_query($sql);
                if ($result) {
                    $msg_code = 0;
                } else {
                    $msg_code = 10;
                }
Exemple #15
0
        }
    } else {
        // Sinon affiche une erreur
        $error = '<span id="helpBlock" class="help-block">Some field are empty.</span>';
    }
}
// Si le formulaire de connexion est envoyé
if (isset($_REQUEST["btnSubmit"])) {
    // Initialisation
    $UserName = filter_input(INPUT_POST, 'UserName', FILTER_SANITIZE_SPECIAL_CHARS);
    $UserPassword = filter_input(INPUT_POST, 'UserPassword', FILTER_SANITIZE_SPECIAL_CHARS);
    // Si le login est juste
    if (CheckLogin($UserName, $UserPassword)) {
        // Initialise une variable dans $_SESSION à true
        $_SESSION['user_logged'] = $UserName;
        $_SESSION["user"] = getUserByName($UserName);
        // Redirige vers l'index
        header('Location: index.php');
    } else {
        $error = '<span id="helpBlock" class="help-block">The login has failed.</span>';
    }
}
?>
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <meta name="description" content="">
        <meta name="author" content="">
<?php

ob_start();
session_start();
require_once '../db/database.php';
spl_autoload_register('loadClass');
unset($_SESSION['loginError']);
unset($_SESSION['creationSuccess']);
//CONNEXION
if (isset($_POST['user_login']) && isset($_POST['user_pass'])) {
    $resConnect = checkUserConnexion($_POST['user_login'], $_POST['user_pass']);
    if ($resConnect == 1) {
        $user = getUserByName($_POST['user_login']);
        $_SESSION['user'] = serialize($user);
        $_SESSION['username'] = $user->getUsername();
        if ($user->getType() == 0) {
            header('Location: ../part/panelEnseignant.php');
        } else {
            header('Location: ../part/main.php');
        }
    } else {
        if ($resConnect == -2) {
            $_SESSION['loginError'] = "Nom d'utilisateur inconnu";
        } else {
            if ($resConnect == -1) {
                $_SESSION['loginError'] = "Mauvais mot de passe";
            }
        }
        $_SESSION['username'] = '******';
        header('Location: ../part/accueil.php');
    }
/**
* Defunct function for creating default relationships.
* @param string $username The username of the user we are creating relationships for.
*/
function CreateDefaultRelationships($username)
{
    global $c;
    if (!isset($c->default_relationships) || count($c->default_relationships) == 0) {
        return true;
    }
    $changes = false;
    foreach ($c->default_relationships as $group => $relationships) {
        $sql = 'INSERT INTO grants (by_principal, to_principal, privileges) VALUES(:by_principal, :to_principal, :privileges::INT::BIT(24))';
        $params = array(':by_principal' => getUserByName($username)->principal_id, ':to_principal' => $group, ':privileges' => privilege_to_bits($relationships));
        $qry = new AwlQuery($sql, $params);
        if ($qry->Exec()) {
            $changes = true;
            dbg_error_log("User", ":Write: Created user's default relationship by:'%s', to:'%s', privileges:'%s'", $params[':by_principal'], $params[':to_principal'], $params[':privileges']);
        } else {
            $c->messages[] = i18n("There was an error writing to the database.");
            return false;
        }
    }
    if ($changes) {
        $c->messages[] = i18n("Default relationships added.");
    }
    return true;
}
Exemple #18
0
 /**
  * Work out the user whose calendar we are accessing, based on elements of the path.
  */
 function UserFromPath()
 {
     global $session;
     $this->user_no = $session->user_no;
     $this->username = $session->username;
     $this->principal_id = $session->principal_id;
     @dbg_error_log("WARN", "Call to deprecated CalDAVRequest::UserFromPath()");
     if ($this->path == '/' || $this->path == '') {
         dbg_error_log("caldav", "No useful path split possible");
         return false;
     }
     $path_split = explode('/', $this->path);
     $this->username = $path_split[1];
     if ($this->username == 'principals') {
         $this->username = $path_split[3];
     }
     @dbg_error_log("caldav", "Path split into at least /// %s /// %s /// %s", $path_split[1], $path_split[2], $path_split[3]);
     if (isset($this->options['allow_by_email']) && preg_match('#/(\\S+@\\S+[.]\\S+)/?$#', $this->path, $matches)) {
         $this->by_email = $matches[1];
         $qry = new AwlQuery("SELECT user_no, principal_id, username FROM usr JOIN principal USING (user_no) WHERE email = :email", array(':email' => $this->by_email));
         if ($qry->Exec('caldav', __LINE__, __FILE__) && ($user = $qry->Fetch())) {
             $this->user_no = $user->user_no;
             $this->username = $user->username;
             $this->principal_id = $user->principal_id;
         }
     } elseif ($user = getUserByName($this->username, 'caldav', __LINE__, __FILE__)) {
         $this->principal = $user;
         $this->user_no = $user->user_no;
         $this->principal_id = $user->principal_id;
     }
 }
Exemple #19
0
/**
* Check the username / password against the LDAP server
*/
function LDAP_check($username, $password)
{
    global $c;
    $ldapDriver = getStaticLdap();
    if (!$ldapDriver->valid) {
        dbg_error_log("ERROR", "Couldn't contact LDAP server for authentication");
        return false;
    }
    $mapping = $c->authenticate_hook['config']['mapping_field'];
    $attributes = array_values($mapping);
    /**
     * If the config contains a filter that starts with a ( then believe
     * them and don't modify it, otherwise wrap the filter.
     */
    $filter_munge = "";
    if (preg_match('/^\\(/', $ldapDriver->filterUsers)) {
        $filter_munge = $ldapDriver->filterUsers;
    } else {
        if (isset($ldapDriver->filterUsers) && $ldapDriver->filterUsers != '') {
            $filter_munge = "({$ldapDriver->filterUsers})";
        }
    }
    $filter = "(&{$filter_munge}(" . $mapping["username"] . "={$username}))";
    $valid = $ldapDriver->requestUser($filter, $attributes, $username, $password);
    // is a valid user or not
    if (!$valid) {
        dbg_error_log("LDAP", "user %s is not a valid user", $username);
        return false;
    }
    $ldap_timestamp = $valid[$mapping["updated"]];
    /**
     * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
     */
    foreach ($c->authenticate_hook['config']['format_updated'] as $k => $v) {
        ${$k} = substr($ldap_timestamp, $v[0], $v[1]);
    }
    $ldap_timestamp = "{$Y}" . "{$m}" . "{$d}" . "{$H}" . "{$M}" . "{$S}";
    $valid[$mapping["updated"]] = "{$Y}-{$m}-{$d} {$H}:{$M}:{$S}";
    if ($usr = getUserByName($username)) {
        // should we update it ?
        $db_timestamp = $usr->updated;
        $db_timestamp = substr(strtr($db_timestamp, array(':' => '', ' ' => '', '-' => '')), 0, 14);
        if ($ldap_timestamp <= $db_timestamp) {
            return $usr;
            // no need to update
        }
        // we will need to update the user record
    } else {
        dbg_error_log("LDAP", "user %s doesn't exist in local DB, we need to create it", $username);
        $usr = (object) array('user_no' => 0);
    }
    // The local cached user doesn't exist, or is older, so we create/update their details
    sync_user_from_LDAP($usr, $mapping, $valid);
    return $usr;
}
/**
 * Check the username / password against the PAM system
 */
function PWAUTH_PAM_check($username, $password)
{
    global $c;
    $program = $c->authenticate_hook['config']['path'];
    $email_base = $c->authenticate_hook['config']['email_base'];
    $pipe = popen(escapeshellarg($program), 'w');
    $authinfo = sprintf("%s\n%s\n", $username, $password);
    $written = fwrite($pipe, $authinfo);
    dbg_error_log('pwauth', 'Bytes written: %d of %d', $written, strlen($authinfo));
    $return_status = pclose($pipe);
    switch ($return_status) {
        case 0:
            // STATUS_OK: Authentication succeeded.
            dbg_error_log('pwauth', 'User %s successfully authenticated', $username);
            if ($user = getUserByName($username)) {
                return $user;
            } else {
                dbg_error_log('pwauth', 'User %s does not exist in local db, creating', $username);
                $fullname = exec(sprintf('getent passwd %s', escapeshellarg($username)));
                $fullname = preg_replace('{^[^:]+:[^:]+:\\d+:\\d+:([^:,]+)(,[^:]*):.*$}', '$1', $fullname);
                $user = (object) array('user_no' => 0, 'username' => $username, 'active' => 't', 'email' => sprintf('%s@%s', $username, $email_base), 'updated' => date('%r'), 'fullname' => $fullname);
                UpdateUserFromExternal($user);
                return $user;
            }
            break;
            /*
             * Note that for system configurations using PAM instead of
             * reading the password database directly, if PAM is unable to
             * read the password database, pwauth will return status 1.
             */
        /*
         * Note that for system configurations using PAM instead of
         * reading the password database directly, if PAM is unable to
         * read the password database, pwauth will return status 1.
         */
        case 1:
        case 2:
            // (1) STATUS_UNKNOWN: Invalid username or password.
            // (2) STATUS_INVALID: Invalid password.
            dbg_error_log('pwauth', 'Invalid username or password (username: %s)', $username);
            break;
        case 3:
            // STATUS_BLOCKED: UID for username is < pwauth's MIN_UNIX_UID
            dbg_error_log('pwauth', 'UID for username %s is < pwauth MIN_UNIX_UID', $username);
            break;
        case 4:
            // STATUS_EXPIRED: The user account has expired.
            dbg_error_log('pwauth', 'The account for %s has expired', $username);
            break;
        case 5:
            // STATUS_PW_EXPIRED: The user account's password has expired.
            dbg_error_log('pwauth', 'The account password for user %s has expired', $username);
            break;
        case 6:
            // STATUS_NOLOGIN: Logins to the system are administratively disabled.
            dbg_error_log('pwauth', 'Logins administratively disabled (%s)', $username);
            break;
        case 7:
            // STATUS_MANYFAILS: Too many login failures for user account.
            dbg_error_log('pwauth', 'Login rejected for %s, too many failures', $username);
            break;
        case 50:
            // STATUS_INT_USER: Configuration error, Web server cannot use pwauth
            dbg_error_log('pwauth', 'config error: see pwauth man page (%s)', 'STATUS_INT_USER');
            break;
        case 51:
            // STATUS_INT_ARGS: pwauth received no username/passwd to check
            dbg_error_log('pwauth', 'error: pwauth received no username/password');
            break;
        case 52:
            // STATUS_INT_ERR: unknown error
            dbg_error_log('pwauth', 'error: see pwauth man page (%s)', 'STATUS_INT_ERR');
            break;
        case 53:
            // STATUS_INT_NOROOT: pwauth could not read the password database
            dbg_error_log('pwauth', 'config error: cannot read password database (%s)', 'STATUS_INT_NOROOT');
        default:
            // Unknown error code.
            dbg_error_log('pwauth', 'An unknown error (%d) has occurred', $return_status);
    }
    return FALSE;
}
function formularioUsuarios()
{
    $html = <<<EOS
\t\t\t<form action="" method="POST" id="formbuscausu">
\t\t\t<label>Nombre de usuario:</label><input id="text" type="text" name="cadena">
\t\t\t<input type="submit" name="submit" value="Buscar" /><!-- boton de enviar -->
\t\t\t</form>
EOS;
    echo $html;
    $me = getUserByName($_SESSION["usuario"]);
    if (isset($_POST['submit'])) {
        $usuarios = buscarUsuario($_POST['cadena']);
        echo '<table id="tabla-contenido">';
        if ($usuarios != NULL) {
            //$me = getUserByName($_SESSION["usuario"]);
            foreach ($usuarios as $usuario) {
                $nick = $usuario["username"];
                $id = $usuario["id_user"];
                echo '<tr>';
                if (!isFriendDB($me["id_user"], $id)) {
                    echo '<td><a href="perfil.php?id=' . $id . '">' . $nick . '</a></td><td><a href="add-friend.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/add_friend.png" /></a></td>';
                } else {
                    echo '<td><a href="delete-friend.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/delete_friend.png" /></a></td>';
                }
                echo '</tr>';
                if (isset($_SESSION["rol"]) && $_SESSION["rol"] > 1) {
                    echo '<td><a href="modify-rol.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/rol_admin.png" /></a></td></tr>';
                }
            }
            echo '</table>';
        } else {
            echo '<div class="info"><ul><li>No se han encontrado usuarios.</li></ul></div>';
        }
    } else {
        $usuarios = buscarUsuario("");
        echo '<table id="tabla-contenido">';
        foreach ($usuarios as $usuario) {
            $nick = $usuario["username"];
            $id = $usuario["id_user"];
            echo '<tr><td><a href="perfil.php?id=' . $id . '">' . $nick . '</a></td>';
            if (!isFriendDB($me["id_user"], $id)) {
                echo '<td><a href="add-friend.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/add_friend.png" /></a></td><td></td>';
            } else {
                echo '<td></td><td><a href="delete-friend.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/delete_friend.png" /></a></td>';
            }
            if (isset($_SESSION["rol"]) && $_SESSION["rol"] > 1) {
                echo '<td><a href="modify-rol.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/rol_admin.png" /></a></td></tr>';
                echo '</tr>';
            }
        }
        echo '</table>';
    }
}
    $comments = dameCommentsMercha($content["id_merchandising"]);
    if ($comments != NULL) {
        foreach ($comments as $comment) {
            ?>
					<div id = "detalle-comentario">
						<a href="perfil.php?id=<?php 
            echo $comment["id_user"];
            ?>
"><?php 
            echo getUser($comment["id_user"])["username"];
            ?>
</a> el <?php 
            echo $comment["fecha"];
            ?>
						<?php 
            if (isset($_SESSION['rol']) && (isset($_SESSION["rol"]) && $_SESSION["rol"] > 1 || getUserByName($_SESSION["usuario"]) == $comment["id_user"])) {
                ?>
						<a class="options-comment" href="delete-comment.php?id=<?php 
                echo $comment["id_comment"];
                ?>
"> Eliminar </a>
						<?php 
            }
            ?>
						<p><?php 
            echo $comment["texto"];
            ?>
</p>
					</div>
					
					<?php 
Exemple #23
0
<?php

require_once "query/message.php";
$DOJSS = $_COOKIE['DOJSS'];
$name = safe($_POST['name']);
$pwd = safe($_POST['password']);
$user = checkDOJSS($DOJSS);
if (!checkName($name)) {
    send(1, $err['invalidName']);
}
if ($user) {
    if ($user->name == $name) {
        send(2, $warning['sameMsg']);
    }
    if ($u = getUserByName($name)) {
        if ($u->id != $user->id) {
            send(1, $err['sameName']);
        }
    }
    if (dc_decrypt($user->password, $key_pwd) != $pwd) {
        send(1, $err['wrongPwd']);
    }
    $uid = $user->id;
    mysql_query("UPDATE `users` SET \n\t\t\t`name` = '{$name}'\n\t\tWHERE `id` = {$uid} ");
    if (mysql_affected_rows()) {
        send(0, $tip['changedName'], "\$('#myName').html('{$name}');");
    } else {
        send(1, $err['notSaved']);
    }
} else {
    send(1, $err['wrongDOJSS']);
Exemple #24
0
require_once 'query/message.php';
$msg = $_POST;
$name = $msg['name'];
$password = $msg['password'];
$mail = $msg['email'];
$key = $msg['key'];
if (!checkName($name)) {
    $error = $err['invalidName'];
} else {
    if (!checkPwd($password)) {
        $error = $err['invalidPwd'];
    } else {
        if (!checkEmail($mail)) {
            $error = $err['wrongEmailFormat'];
        } else {
            if (getUserByName($name)) {
                $error = $err['sameName'];
            } else {
                if (getUserByEmail($mail)) {
                    $error = $err['sameEmail'];
                }
            }
        }
    }
}
$kmail = checkKey($key);
if ($kmail == $mail . '&') {
    $admin = 1;
} else {
    if ($kmail == $mail) {
        $admin = 0;