function mrt_sub1()
{
?>
<div class=wrap>
<h2><?php
_e('WP - Password Tools');
?>
</h2>
<div style="height:299px">
<?php
echo "<br /><strong>Password Strength Tool</strong>";
?>
<table><tr valign=top><td><form name="commandForm">
Type password: <input type=password size=30 maxlength=50 name=password onkeyup="testPassword(document.forms.commandForm.password.value);" value="">
<br/><font color="#808080">Minimum 6 Characters</td><td><font size="1"> Password Strength:</font><a id="Words"><table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table></a></td></tr></table></td></tr></table></form>
<br /><hr align=left size=2 width=612px>
<?php
echo "<br /><br /><strong>Strong Password Generator</strong><br />";
echo "Strong Password: "******"red">' . make_password(15) . "</font>";
?>
</div>
Plugin by <a href="http://semperfiwebdesign.com/" title="Semper Fi Web Design">Semper Fi Web Design</a>
</div>
<?php
}
function login($lusername,$lpassword,$key,$lifetime=0){
global $set_username,$set_password,$set_loginauth,$set_loginkey;
if(empty($lusername)||empty($lpassword))
{
printerror("EmptyLoginUser","index.php");
}
//验证码
if(!$set_loginkey)
{
if($key<>getcvar('checkkey')||empty($key))
{
printerror("FailLoginKey","index.php");
}
}
if(md5($lusername)<>md5($set_username)||md5($lpassword)<>$set_password)
{
printerror("ErrorUser","index.php");
}
//认证码
if($set_loginauth&&$set_loginauth!=$_POST['loginauth'])
{
printerror("ErrorLoginAuth","index.php");
}
$logintime=time();
$rnd=make_password(12);
$s1=esetcookie("bakusername",$lusername,0);
$s2=esetcookie("bakrnd",$rnd,0);
$s3=esetcookie("baklogintime",$logintime,0);
Ebak_SCookieRnd($lusername,$rnd);
if(!$s1||!$s2)
{
printerror("NotOpenCookie","index.php");
}
printerror("LoginSuccess","admin.php");
}
function registerUser($userInfo)
{
$errors = array();
$result = '';
if (empty($userInfo['name'])) {
$errors[] = 'Вы не ввели имя';
}
if (empty($userInfo['email'])) {
$errors[] = 'Вы не ввели email';
}
if (empty($userInfo['phone'])) {
$errors[] = 'Вы не ввели телефон';
}
if (empty($errors)) {
$user = new CUser();
$password = make_password(8);
$arFields = array("NAME" => $userInfo['name'], "EMAIL" => $userInfo['email'], "LOGIN" => $userInfo['email'], "ACTIVE" => "Y", "GROUP_ID" => array(6), "PASSWORD" => $password, "CONFIRM_PASSWORD" => $password, "PERSONAL_PHONE" => $userInfo['phone']);
$ID = $user->Add($arFields);
if (intval($ID) > 0) {
$result = "Вы успешно зарегистрированы.";
$arEventField = array("NAME" => $userInfo['name'], "EMAIL" => $userInfo['email'], "PASSWORD" => $password);
CEvent::SendImmediate("NEW_REG", "s1", $arEventField);
unset($_POST['user']);
global $USER;
global $APPLICATION;
$USER->Authorize($ID);
LocalRedirect($APPLICATION->GetCurPageParam('', array('user[name]', 'user[email]', 'ELEMENT_CODE', 'code')));
} else {
$errors[] = $user->LAST_ERROR;
}
}
return $errors;
}
function QMReturnCheckPass($userid, $username, $email, $ecms = 1)
{
global $ecms_config;
$r['rnd'] = make_password(12);
$r['dotime'] = time();
$r['checkpass'] = md5(md5($r['rnd'] . '-' . $userid . '-' . $r['dotime'] . '-' . $ecms) . $ecms_config['cks']['ckrnd']);
$r['ecms'] = $ecms;
return $r;
}
function mrt_sub1()
{
mrt_wpss_menu_head('WP - Password Tools');
?>
<div class="metabox-holder">
<div class="postbox" style="width: 60%;">
<h3 class="hndle"><span><?php
echo __('Password Strength Tool');
?>
</span></h3>
<div class="inside">
<p></p>
<table id="wsd_pwdtool">
<tr valign="top">
<td>
<form name="commandForm">
Type password: <input type="password" size="30" maxlength="50" name="password" onkeyup="testPassword(this.value);" value="" />
<br/>
<span style="color:#808080">Minimum 6 Characters</span>
</form>
</td>
<td style="padding-left: 6px;">
<span>Password Strength:</span>
<div id="Words">
<p class="indicator"></p>
<p><strong>Begin Typing</strong></p>
</div>
</td>
</tr>
</table>
<p></p>
</div>
</div>
</div>
<div>
<?php
echo "<br /><strong>Strong Password Generator</strong><br />";
echo "Strong Password: "******"color:#f00;">' . make_password(15) . "</span>";
?>
</div>
<br/><br/>
<p style="margin-top: 75px;"></p>
<hr align="left" size="2" width="612px" />
<?php
mrt_wpss_menu_footer();
}
public function changePassword($oldPwd, $newPwd)
{
$user = $this->getUser();
if (make_password($user->username, $oldPwd) != $user->password) {
return "旧密码不正确";
}
$newPwd = make_password($user->username, $newPwd);
$this->CI->load->model('company/Company_user_model', 'CompanyUserModel');
$where = array('id' => $user->id);
$rs = $this->CI->CompanyUserModel->update(array('password' => $newPwd), $where);
if ($rs == 1) {
return true;
}
return "修改密码失败";
}
function auto_create_user($login, $password = false)
{
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
$user_id = $this->find_user_by_login($login);
if (!$password) {
$password = make_password();
}
if (!$user_id) {
$login = $this->dbh->escape_string($login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = hash_password($password);
$query = "INSERT INTO ttrss_users\n (login,access_level,last_login,created,pwd_hash,salt)\n VALUES ('{$login}', 0, null, NOW(), '{$pwd_hash}','{$salt}')";
$this->dbh->query($query);
return $this->find_user_by_login($login);
}
return $user_id;
}
return $this->find_user_by_login($login);
}
function pleac_Generating_Random_Numbers()
{
// Techniques used here simply mirror Perl examples, and are not an endorsement
// of any particular RNG technique
// In PHP do this ...
$random = rand($lowerbound, $upperbound);
$random = rand($x, $y);
// ----------------------------
function make_password($chars, $reqlen)
{
$len = strlen($chars);
for ($i = 0; $i < $reqlen; $i++) {
$password .= substr($chars, rand(0, $len), 1);
}
return $password;
}
$chars = 'ABCDEfghijKLMNOpqrstUVWXYz';
$reqlen = 8;
$password = make_password($chars, $reqlen);
}
function mrt_sub1()
{
mrt_wpss_menu_head('WP - Password Tools');
?>
<div style="height:299px">
<?php
echo "<br /><strong>Password Strength Tool</strong>";
?>
<table><tr valign=top><td><form name="commandForm">
Type password: <input type=password size=30 maxlength=50 name=password onkeyup="testPassword(document.forms.commandForm.password.value);" value="">
<br/><font color="#808080">Minimum 6 Characters</td><td><font size="1"> Password Strength:</font><a id="Words"><table><tr><td><table><tr><td height=4 width=150 bgcolor=tan></td></tr></table></td><td> <b>Begin Typing</b></td></tr></table></a></td></tr></table></td></tr></table></form>
<br /><hr align=left size=2 width=612px>
<?php
echo "<br /><br /><strong>Strong Password Generator</strong><br />";
echo "Strong Password: "******"red">' . make_password(15) . "</font>";
?>
</div>
<?php
mrt_wpss_menu_footer();
}
static function resetUserPassword($uid, $show_password)
{
$result = db_query("SELECT login,email\n\t\t\t\tFROM ttrss_users WHERE id = '{$uid}'");
$login = db_fetch_result($result, 0, "login");
$email = db_fetch_result($result, 0, "email");
$salt = db_fetch_result($result, 0, "salt");
$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$tmp_user_pwd = make_password(8);
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
db_query("UPDATE ttrss_users SET pwd_hash = '{$pwd_hash}', salt = '{$new_salt}', otp_enabled = false\n\t\t\t\tWHERE id = '{$uid}'");
if ($show_password) {
print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd);
} else {
print_notice(T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email));
}
require_once 'classes/ttrssmailer.php';
if ($email) {
require_once "lib/MiniTemplator.class.php";
$tpl = new MiniTemplator();
$tpl->readTemplateFromFile("templates/resetpass_template.txt");
$tpl->setVariable('LOGIN', $login);
$tpl->setVariable('NEWPASS', $tmp_user_pwd);
$tpl->addBlock('message');
$message = "";
$tpl->generateOutputToString($message);
$mail = new ttrssMailer();
$rc = $mail->quickMail($email, $login, __("[tt-rss] Password change notification"), $message, false);
if (!$rc) {
print_error($mail->ErrorInfo);
}
}
}
$login = mb_strtolower(trim(db_escape_string($_REQUEST["login"])));
$email = trim(db_escape_string($_REQUEST["email"]));
$test = trim(db_escape_string($_REQUEST["turing_test"]));
if (!$login || !$email || !$test) {
print_error(__("Your registration information is incomplete."));
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t</form>";
return;
}
if ($test == "four" || $test == "4") {
$result = db_query("SELECT id FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'");
$is_registered = db_num_rows($result) > 0;
if ($is_registered) {
print_error(__('Sorry, this username is already taken.'));
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t</form>";
} else {
$password = make_password();
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
db_query("INSERT INTO ttrss_users\n\t\t\t\t\t(login,pwd_hash,access_level,last_login, email, created, salt)\n\t\t\t\t\tVALUES ('{$login}', '{$pwd_hash}', 0, null, '{$email}', NOW(), '{$salt}')");
$result = db_query("SELECT id FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'");
if (db_num_rows($result) != 1) {
print_error(__('Registration failed.'));
print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t</form>";
} else {
$new_uid = db_fetch_result($result, 0, "id");
initialize_user($new_uid);
$reg_text = "Hi!\n" . "\n" . "You are receiving this message, because you (or somebody else) have opened\n" . "an account at Tiny Tiny RSS.\n" . "\n" . "Your login information is as follows:\n" . "\n" . "Login: {$login}\n" . "Password: {$password}\n" . "\n" . "Don't forget to login at least once to your new account, otherwise\n" . "it will be deleted in 24 hours.\n" . "\n" . "If that wasn't you, just ignore this message. Thanks.";
$mail = new ttrssMailer();
$mail->IsHTML(false);
$rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false);
if (!$rc) {
function register($add)
{
global $empire, $dbtbpre, $public_r, $ecms_config;
//关闭注册
if ($public_r['register_ok']) {
printerror('CloseRegister', '', 1);
}
//验证时间段允许操作
eCheckTimeCloseDo('reg');
//验证IP
eCheckAccessDoIp('register');
if (!empty($ecms_config['member']['registerurl'])) {
Header("Location:" . $ecms_config['member']['registerurl']);
exit;
}
//已经登陆不能注册
if (getcvar('mluserid')) {
printerror('LoginToRegister', '', 1);
}
CheckCanPostUrl();
//验证来源
$username = trim($add['username']);
$password = trim($add['password']);
$username = RepPostVar($username);
$password = RepPostVar($password);
$email = RepPostStr($add['email']);
if (!$username || !$password || !$email) {
printerror("EmptyMember", "history.go(-1)", 1);
}
$tobind = (int) $add['tobind'];
//验证码
$keyvname = 'checkregkey';
if ($public_r['regkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], 1);
}
$user_groupid = eReturnMemberDefGroupid();
$groupid = (int) $add['groupid'];
$groupid = empty($groupid) ? $user_groupid : $groupid;
CheckMemberGroupCanReg($groupid);
//IP
$regip = egetip();
$regipport = egetipport();
//用户字数
$pr = $empire->fetch1("select min_userlen,max_userlen,min_passlen,max_passlen,regretime,regclosewords,regemailonly from {$dbtbpre}enewspublic limit 1");
$userlen = strlen($username);
if ($userlen < $pr[min_userlen] || $userlen > $pr[max_userlen]) {
printerror('FaiUserlen', '', 1);
}
//密码字数
$passlen = strlen($password);
if ($passlen < $pr[min_passlen] || $passlen > $pr[max_passlen]) {
printerror('FailPasslen', '', 1);
}
if ($add['repassword'] !== $password) {
printerror('NotRepassword', '', 1);
}
if (!chemail($email)) {
printerror('EmailFail', '', 1);
}
if (strstr($username, '|') || strstr($username, '*')) {
printerror('NotSpeWord', '', 1);
}
//同一IP注册
eCheckIpRegTime($regip, $pr['regretime']);
//保留用户
toCheckCloseWord($username, $pr['regclosewords'], 'RegHaveCloseword');
$username = RepPostStr($username);
//重复用户
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if ($num) {
printerror('ReUsername', '', 1);
}
//重复邮箱
if ($pr['regemailonly']) {
$num = $empire->gettotal("select count(*) as total from " . eReturnMemberTable() . " where " . egetmf('email') . "='{$email}' limit 1");
if ($num) {
printerror('ReEmailFail', '', 1);
}
}
//注册时间
$lasttime = time();
$registertime = eReturnAddMemberRegtime();
$rnd = make_password(20);
//产生随机密码
$userkey = eReturnMemberUserKey();
//密码
$truepassword = $password;
$salt = eReturnMemberSalt();
$password = eDoMemberPw($password, $salt);
//审核
$checked = ReturnGroupChecked($groupid);
if ($checked && $public_r['regacttype'] == 1) {
$checked = 0;
}
//验证附加表必填项
$mr['add_filepass'] = ReturnTranFilepass();
$fid = GetMemberFormId($groupid);
$member_r = ReturnDoMemberF($fid, $add, $mr, 0, $username);
$sql = $empire->query("insert into " . eReturnMemberTable() . "(" . eReturnInsertMemberF('username,password,rnd,email,registertime,groupid,userfen,userdate,money,zgroupid,havemsg,checked,salt,userkey') . ") values('{$username}','{$password}','{$rnd}','{$email}','{$registertime}','{$groupid}','{$public_r['reggetfen']}','0','0','0','0','{$checked}','{$salt}','{$userkey}');");
//取得userid
$userid = $empire->lastid();
//附加表
$addr = $empire->fetch1("select * from {$dbtbpre}enewsmemberadd where userid='{$userid}'");
if (!$addr[userid]) {
$spacestyleid = ReturnGroupSpaceStyleid($groupid);
$sql1 = $empire->query("insert into {$dbtbpre}enewsmemberadd(userid,spacestyleid,regip,lasttime,lastip,loginnum,regipport,lastipport" . $member_r[0] . ") values('{$userid}','{$spacestyleid}','{$regip}','{$lasttime}','{$regip}','1','{$regipport}','{$regipport}'" . $member_r[1] . ");");
}
//更新附件
UpdateTheFileOther(6, $userid, $mr['add_filepass'], 'member');
ecmsEmptyShowKey($keyvname);
//清空验证码
//绑定帐号
if ($tobind) {
MemberConnect_BindUser($userid);
}
if ($sql) {
//邮箱激活
if ($checked == 0 && $public_r['regacttype'] == 1) {
include 'class/member_actfun.php';
SendActUserEmail($userid, $username, $email);
}
//审核
if ($checked == 0) {
$location = DoingReturnUrl("../../", $_POST['ecmsfrom']);
printerror("RegisterSuccessCheck", $location, 1);
}
$logincookie = 0;
if ($ecms_config['member']['regcookietime']) {
$logincookie = time() + $ecms_config['member']['regcookietime'];
}
$r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('userid') . "='{$userid}' limit 1");
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $userid, $logincookie);
$set3 = esetcookie("mlgroupid", $groupid, $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//验证符
qGetLoginAuthstr($userid, $username, $rnd, $groupid, $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl && !strstr($returnurl, "e/member/iframe") && !strstr($returnurl, "e/member/register") && !strstr($returnurl, "enews=exit")) {
$location = $returnurl;
}
$set5 = esetcookie("returnurl", "");
//易通行系统
DoEpassport('reg', $userid, $username, $truepassword, $salt, $email, $groupid, $registertime);
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("RegisterSuccess", $location, 1);
} else {
printerror("DbError", "history.go(-1)", 1);
}
}
}
if (!isset($_SESSION['score'])) {
$_SESSION['score'] = 0;
}
if (isset($_POST['password']) && isset($_SESSION['password'])) {
if ($_POST['password'] == $_SESSION['password']) {
$_SESSION['score']++;
unset($_SESSION['password']);
echo "<p>You win !</p>";
} else {
echo "<p>You lose !</p>";
}
}
echo '<p>Score: ', $_SESSION['score'], '/1000';
if ($_SESSION['score'] >= 1000) {
echo "<p>The passphrase is: ", file_get_contents('/tmp/passphrase.txt'), "</p>";
}
$_SESSION['password'] = make_password();
?>
<div>
<?php
echo "<p>Captcha: " . $_SESSION['password'] . "</p>";
?>
</div>
<div>
<form method="POST">
<input name="password" type="text" />
<input type="submit" />
</form>
</div>
echo $ecms_config['cks']['ckrnd'];
?>
" size="35">
<input type="button" name="Submit32" value="随机" onclick="document.setform.cookieckrnd.value='<?php
echo make_password(36);
?>
';">
<font color="#666666">(填写10~50个任意字符,最好多种字符组合)</font></td>
</tr>
<tr>
<td height="25" bgcolor="#FFFFFF">COOKIE验证随机码2</td>
<td height="25" bgcolor="#FFFFFF"><input name="cookieckrndtwo" type="text" id="cookieckrndtwo" value="<?php
echo $ecms_config['cks']['ckrndtwo'];
?>
" size="35">
<input type="button" name="Submit322" value="随机" onclick="document.setform.cookieckrndtwo.value='<?php
echo make_password(36);
?>
';">
<font color="#666666">(填写10~50个任意字符,最好多种字符组合)</font></td>
</tr>
<tr>
<td height="25" bgcolor="#FFFFFF"></td>
<td height="25" bgcolor="#FFFFFF"> <input type="submit" name="Submit" value=" 设 置 ">
<input type="reset" name="Submit2" value="重置"></td>
</tr>
</table>
</form>
</body>
</html>
/**
* Edit Project Icon
*
* @param void
* @return null
*/
function edit_icon()
{
if ($this->active_project->isNew()) {
$this->httpError(HTTP_ERR_NOT_FOUND);
}
// if
if (!$this->active_project->canEdit($this->logged_user)) {
$this->httpError(HTTP_ERR_FORBIDDEN);
}
// if
if (!extension_loaded('gd')) {
$message = lang('<b>GD not Installed</b> - GD extension is not installed on your system. You will not be able to upload project icons, company logos and avatars!');
if ($this->request->isAsyncCall()) {
echo "<p>{$message}</p>";
die;
} else {
$this->wireframe->addPageMessage($message, PAGE_MESSAGE_ERROR);
}
// if
}
// if
if ($this->request->isSubmitted()) {
if (!isset($_FILES['icon']) || !is_uploaded_file($_FILES['icon']['tmp_name'])) {
$message = lang('Please select an image');
if ($this->request->isAsyncCall()) {
$this->httpError(HTTP_ERR_OPERATION_FAILED, $message);
} else {
flash_error($message);
$this->redirectToUrl($this->active_project->getEditIconUrl());
}
// if
}
// if
if (can_resize_images()) {
$errors = new ValidationErrors();
do {
$from = WORK_PATH . '/' . make_password(10) . '_' . $_FILES['icon']['name'];
} while (is_file($from));
if (!move_uploaded_file($_FILES['icon']['tmp_name'], $from)) {
$errors->addError(lang("Can't copy image to work path"), 'icon');
} else {
if (FIX_UPLOAD_PERMISSION !== false) {
@chmod($from, FIX_UPLOAD_PERMISSION);
}
// if
// small avatar
$to = $this->active_project->getIconPath();
$small = scale_image($from, $to, 16, 16, IMAGETYPE_GIF);
// large avatar
$to = $this->active_project->getIconPath(true);
$large = scale_image($from, $to, 40, 40, IMAGETYPE_GIF);
@unlink($from);
}
// if
if (empty($from)) {
$errors->addError('Select icon', 'icon');
}
// if
if ($errors->hasErrors()) {
$this->smarty->assign('errors', $errors);
$this->render();
}
// if
cache_remove('project_icons');
}
// if
}
// if
}
function auto_create_user_account()
{
# Automatically creates a user account (which requires approval unless $auto_approve_accounts is true).
global $applicationname,$user_email,$email_from,$baseurl,$email_notify,$lang,$custom_registration_fields,$custom_registration_required,$user_account_auto_creation_usergroup,$registration_group_select,$auto_approve_accounts,$auto_approve_domains;
# Add custom fields
$c="";
if (isset($custom_registration_fields))
{
$custom=explode(",",$custom_registration_fields);
# Required fields?
if (isset($custom_registration_required)) {$required=explode(",",$custom_registration_required);}
for ($n=0;$n<count($custom);$n++)
{
if (isset($required) && in_array($custom[$n],$required) && getval("custom" . $n,"")=="")
{
return false; # Required field was not set.
}
$c.=i18n_get_translated($custom[$n]) . ": " . getval("custom" . $n,"") . "\n\n";
}
}
# Required fields (name, email) not set?
if (getval("name","")=="") {return $lang['requiredfields'];}
if (getval("email","")=="") {return $lang['requiredfields'];}
# Work out which user group to set. Allow a hook to change this, if necessary.
$altgroup=hook("auto_approve_account_switch_group");
if ($altgroup!==false)
{
$usergroup=$altgroup;
}
else
{
$usergroup=$user_account_auto_creation_usergroup;
}
if ($registration_group_select)
{
$usergroup=getvalescaped("usergroup","",true);
# Check this is a valid selectable usergroup (should always be valid unless this is a hack attempt)
if (sql_value("select allow_registration_selection value from usergroup where ref='$usergroup'",0)!=1) {exit("Invalid user group selection");}
}
$username=escape_check(make_username(getval("name","")));
#check if account already exists
$check=sql_value("select email value from user where email = '$user_email'","");
if ($check!=""){return $lang["useremailalreadyexists"];}
# Prepare to create the user.
$email=trim(getvalescaped("email","")) ;
$password=make_password();
# Work out if we should automatically approve this account based on $auto_approve_accounts or $auto_approve_domains
$approve=false;
if ($auto_approve_accounts==true)
{
$approve=true;
}
elseif (count($auto_approve_domains)>0)
{
# Check e-mail domain.
foreach ($auto_approve_domains as $domain=>$set_usergroup)
{
// If a group is not specified the variables don't get set correctly so we need to correct this
if (is_numeric($domain)){$domain=$set_usergroup;$set_usergroup="";}
if (substr(strtolower($email),strlen($email)-strlen($domain)-1)==("@" . strtolower($domain)))
{
# E-mail domain match.
$approve=true;
# If user group is supplied, set this
if (is_numeric($set_usergroup)) {$usergroup=$set_usergroup;}
}
}
}
# Create the user
sql_query("insert into user (username,password,fullname,email,usergroup,comments,approved) values ('" . $username . "','" . $password . "','" . getvalescaped("name","") . "','" . $email . "','" . $usergroup . "','" . escape_check($c) . "'," . (($approve)?1:0) . ")");
$new=sql_insert_id();
if ($approve)
{
# Auto approving, send mail direct to user
email_user_welcome($email,$username,$password,$usergroup);
}
else
{
# Not auto approving.
# Build a message to send to an admin notifying of unapproved user
$message=$lang["userrequestnotification1"] . "\n\n" . $lang["name"] . ": " . getval("name","") . "\n\n" . $lang["email"] . ": " . getval("email","") . "\n\n" . $lang["comment"] . ": " . getval("userrequestcomment","") . "\n\n" . $lang["ipaddress"] . ": '" . $_SERVER["REMOTE_ADDR"] . "'\n\n" . $c . "\n\n" . $lang["userrequestnotification3"] . "\n$baseurl?u=" . $new;
send_mail($email_notify,$applicationname . ": " . $lang["requestuserlogin"] . " - " . getval("name",""),$message,"",$user_email,"","",getval("name",""));
}
return true;
}
function make_config($DB_TYPE, $DB_HOST, $DB_USER, $DB_NAME, $DB_PASS, $DB_PORT, $SELF_URL_PATH)
{
$data = explode("\n", file_get_contents("../config.php-dist"));
$rv = "";
$finished = false;
if (function_exists("mcrypt_decrypt")) {
$crypt_key = make_password(24);
} else {
$crypt_key = "";
}
foreach ($data as $line) {
if (preg_match("/define\\('DB_TYPE'/", $line)) {
$rv .= "\tdefine('DB_TYPE', '{$DB_TYPE}');\n";
} else {
if (preg_match("/define\\('DB_HOST'/", $line)) {
$rv .= "\tdefine('DB_HOST', '{$DB_HOST}');\n";
} else {
if (preg_match("/define\\('DB_USER'/", $line)) {
$rv .= "\tdefine('DB_USER', '{$DB_USER}');\n";
} else {
if (preg_match("/define\\('DB_NAME'/", $line)) {
$rv .= "\tdefine('DB_NAME', '{$DB_NAME}');\n";
} else {
if (preg_match("/define\\('DB_PASS'/", $line)) {
$rv .= "\tdefine('DB_PASS', '{$DB_PASS}');\n";
} else {
if (preg_match("/define\\('DB_PORT'/", $line)) {
$rv .= "\tdefine('DB_PORT', '{$DB_PORT}');\n";
} else {
if (preg_match("/define\\('SELF_URL_PATH'/", $line)) {
$rv .= "\tdefine('SELF_URL_PATH', '{$SELF_URL_PATH}');\n";
} else {
if (preg_match("/define\\('FEED_CRYPT_KEY'/", $line)) {
$rv .= "\tdefine('FEED_CRYPT_KEY', '{$crypt_key}');\n";
} else {
if (!$finished) {
$rv .= "{$line}\n";
}
}
}
}
}
}
}
}
}
if (preg_match("/\\?\\>/", $line)) {
$finished = true;
}
}
return $rv;
}
function login1($username, $password, $lifetime, $key, $location)
{
global $empire, $user_tablename, $user_userid, $user_username, $user_password, $user_dopass, $user_group, $user_groupid, $user_rnd, $public_r, $user_salt, $user_saltnum, $dbtbpre, $eloginurl, $user_checked;
if ($eloginurl) {
Header("Location:{$eloginurl}");
exit;
}
$dopr = 1;
if ($_POST['prtype']) {
$dopr = 9;
}
if (!trim($username) || !trim($password)) {
printerror("EmptyLogin", "history.go(-1)", $dopr);
}
//验证码
$keyvname = 'checkloginkey';
if ($public_r['loginkey_ok']) {
ecmsCheckShowKey($keyvname, $key, $dopr);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
//编码转换
$utfusername = doUtfAndGbk($username, 0);
$password = doUtfAndGbk($password, 0);
//密码
if (empty($user_dopass)) {
$password = md5($password);
}
if ($user_dopass == 3) {
$password = substr(md5($password), 8, 16);
}
//双重md5
$num = 0;
if ($user_dopass == 2) {
$ur = $empire->fetch1("select " . $user_userid . "," . $user_salt . "," . $user_password . " from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
$password = md5(md5($password) . $ur[$user_salt]);
$num = 0;
if ($password == $ur[$user_password]) {
$num = 1;
}
if (empty($ur[$user_userid])) {
$num = 0;
}
} else {
$num = $empire->gettotal("select count(*) as total from " . $user_tablename . " where " . $user_username . "='{$utfusername}' and " . $user_password . "='" . $password . "' limit 1");
}
if (!$num) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
$r = $empire->fetch1("select * from " . $user_tablename . " where " . $user_username . "='{$utfusername}' limit 1");
if ($r[$user_checked] == 0) {
if ($public_r['regacttype'] == 1) {
printerror('NotCheckedUser', '../member/register/regsend.php', 1);
} else {
printerror('NotCheckedUser', '', 1);
}
}
$time = date("Y-m-d H:i:s");
$rnd = make_password(12);
//取得随机密码
//默认会员组
if (empty($r[$user_group])) {
$r[$user_group] = $user_groupid;
}
$r[$user_group] = (int) $r[$user_group];
$usql = $empire->query("update " . $user_tablename . " set " . $user_rnd . "='{$rnd}'," . $user_group . "=" . $r[$user_group] . " where " . $user_userid . "='{$r[$user_userid]}'");
//设置cookie
$logincookie = 0;
if ($lifetime) {
$logincookie = time() + $lifetime;
}
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $r[$user_userid], $logincookie);
$set3 = esetcookie("mlgroupid", $r[$user_group], $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl) {
$location = $returnurl;
}
if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
$location = "../member/iframe/";
}
if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
$location = "../member/cp/";
$_POST['ecmsfrom'] = '';
}
ecmsEmptyShowKey($keyvname);
//清空验证码
$set6 = esetcookie("returnurl", "");
if ($set1 && $set2) {
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("LoginSuccess", $location, $dopr);
} else {
printerror("NotCookie", "history.go(-1)", $dopr);
}
}
function qlogin($add)
{
global $empire, $dbtbpre, $public_r, $ecms_config;
if ($ecms_config['member']['loginurl']) {
Header("Location:" . $ecms_config['member']['loginurl']);
exit;
}
$dopr = 1;
if ($_POST['prtype']) {
$dopr = 9;
}
$username = trim($add['username']);
$password = trim($add['password']);
if (!$username || !$password) {
printerror("EmptyLogin", "history.go(-1)", $dopr);
}
$tobind = (int) $add['tobind'];
//验证码
$keyvname = 'checkloginkey';
if ($public_r['loginkey_ok']) {
ecmsCheckShowKey($keyvname, $add['key'], $dopr);
}
$username = RepPostVar($username);
$password = RepPostVar($password);
$num = 0;
$r = $empire->fetch1("select " . eReturnSelectMemberF('*') . " from " . eReturnMemberTable() . " where " . egetmf('username') . "='{$username}' limit 1");
if (!$r['userid']) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
if (!eDoCkMemberPw($password, $r['password'], $r['salt'])) {
printerror("FailPassword", "history.go(-1)", $dopr);
}
if ($r['checked'] == 0) {
if ($public_r['regacttype'] == 1) {
printerror('NotCheckedUser', '../member/register/regsend.php', 1);
} else {
printerror('NotCheckedUser', '', 1);
}
}
//绑定帐号
if ($tobind) {
MemberConnect_BindUser($r['userid']);
}
$rnd = make_password(20);
//取得随机密码
//默认会员组
if (empty($r['groupid'])) {
$r['groupid'] = eReturnMemberDefGroupid();
}
$r['groupid'] = (int) $r['groupid'];
$lasttime = time();
//IP
$lastip = egetip();
$lastipport = egetipport();
$usql = $empire->query("update " . eReturnMemberTable() . " set " . egetmf('rnd') . "='{$rnd}'," . egetmf('groupid') . "='{$r['groupid']}' where " . egetmf('userid') . "='{$r['userid']}'");
$empire->query("update {$dbtbpre}enewsmemberadd set lasttime='{$lasttime}',lastip='{$lastip}',loginnum=loginnum+1,lastipport='{$lastipport}' where userid='{$r['userid']}'");
//设置cookie
$lifetime = (int) $add['lifetime'];
$logincookie = 0;
if ($lifetime) {
$logincookie = time() + $lifetime;
}
$set1 = esetcookie("mlusername", $username, $logincookie);
$set2 = esetcookie("mluserid", $r['userid'], $logincookie);
$set3 = esetcookie("mlgroupid", $r['groupid'], $logincookie);
$set4 = esetcookie("mlrnd", $rnd, $logincookie);
//验证符
qGetLoginAuthstr($r['userid'], $username, $rnd, $r['groupid'], $logincookie);
//登录附加cookie
AddLoginCookie($r);
$location = "../member/cp/";
$returnurl = getcvar('returnurl');
if ($returnurl) {
$location = $returnurl;
}
if (strstr($_SERVER['HTTP_REFERER'], "e/member/iframe")) {
$location = "../member/iframe/";
}
if (strstr($location, "enews=exit") || strstr($location, "e/member/register") || strstr($_SERVER['HTTP_REFERER'], "e/member/register")) {
$location = "../member/cp/";
$_POST['ecmsfrom'] = '';
}
ecmsEmptyShowKey($keyvname);
//清空验证码
$set6 = esetcookie("returnurl", "");
if ($set1 && $set2) {
//易通行系统
DoEpassport('login', $r['userid'], $username, $password, $r['salt'], $r['email'], $r['groupid'], $r['registertime']);
$location = DoingReturnUrl($location, $_POST['ecmsfrom']);
printerror("LoginSuccess", $location, $dopr);
} else {
printerror("NotCookie", "history.go(-1)", $dopr);
}
}
function loginout($userid, $username, $rnd)
{
global $empire, $dbtbpre, $do_ckhloginfile;
$userid = (int) $userid;
if (!$userid || !$username) {
printerror("NotLogin", "history.go(-1)");
}
$set1 = esetcookie("loginuserid", "", 0, 1);
$set2 = esetcookie("loginusername", "", 0, 1);
$set3 = esetcookie("loginrnd", "", 0, 1);
$set4 = esetcookie("loginlevel", "", 0, 1);
//FireWall
FWEmptyPassword();
//取得随机密码
$rnd = make_password(20);
$sql = $empire->query("update {$dbtbpre}enewsuser set rnd='{$rnd}' where userid='{$userid}'");
if (empty($do_ckhloginfile)) {
DoEDelFileRnd($userid);
}
//操作日志
insert_dolog("");
printerror("ExitSuccess", "index.php");
}
function resetPass()
{
$uid = db_escape_string($_REQUEST["id"]);
$result = db_query($this->link, "SELECT login,email\n\t\t\t\tFROM ttrss_users WHERE id = '{$uid}'");
$login = db_fetch_result($result, 0, "login");
$email = db_fetch_result($result, 0, "email");
$salt = db_fetch_result($result, 0, "salt");
$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$tmp_user_pwd = make_password(8);
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '{$pwd_hash}', salt = '{$new_salt}'\n\t\t\t\tWHERE id = '{$uid}'");
print T_sprintf("Changed password of user <b>%s</b>\n\t\t\t\t to <b>%s</b>", $login, $tmp_user_pwd);
require_once 'lib/phpmailer/class.phpmailer.php';
if ($email) {
print " ";
print T_sprintf("Notifying <b>%s</b>.", $email);
require_once "lib/MiniTemplator.class.php";
$tpl = new MiniTemplator();
$tpl->readTemplateFromFile("templates/resetpass_template.txt");
$tpl->setVariable('LOGIN', $login);
$tpl->setVariable('NEWPASS', $tmp_user_pwd);
$tpl->addBlock('message');
$message = "";
$tpl->generateOutputToString($message);
$mail = new PHPMailer();
$mail->PluginDir = "lib/phpmailer/";
$mail->SetLanguage("en", "lib/phpmailer/language/");
$mail->CharSet = "UTF-8";
$mail->From = SMTP_FROM_ADDRESS;
$mail->FromName = SMTP_FROM_NAME;
$mail->AddAddress($email, $login);
if (SMTP_HOST) {
$mail->Host = SMTP_HOST;
$mail->Mailer = "smtp";
$mail->SMTPAuth = SMTP_LOGIN != '';
$mail->Username = SMTP_LOGIN;
$mail->Password = SMTP_PASSWORD;
}
$mail->IsHTML(false);
$mail->Subject = __("[tt-rss] Password change notification");
$mail->Body = $message;
$rc = $mail->Send();
if (!$rc) {
print_error($mail->ErrorInfo);
}
}
print "</div>";
}
<td height="25">访问端目录:</td>
<td height="25"><input name="ppath" type="text" id="ppath" value="<?php
echo $r[ppath];
?>
" size="50">
*<font color="#666666">(需填绝对目录地址,结尾需加“/”,比如:d:/abc/3g/)</font></td>
</tr>
<tr bgcolor="#FFFFFF">
<td height="25">通讯密钥:</td>
<td height="25"><input name="postpass" type="text" id="postpass" value="<?php
echo $r[postpass];
?>
" size="50">
*
<input type="button" name="Submit32" value="随机" onclick="document.moreportform.postpass.value='<?php
echo make_password(60);
?>
';">
<font color="#666666">(填写10~100个任意字符,最好多种字符组合)</font></td>
</tr>
<tr bgcolor="#FFFFFF">
<td height="25">使用模板组:</td>
<td height="25"><select name="tempgid" id="tempgid">
<?php
echo $tgtemps;
?>
</select>
* <font color="#666666">(选择本访问端使用的模板组)</font></td>
</tr>
<tr bgcolor="#FFFFFF">
<td height="25">页面模式:</td>
/**
* Send welcome message
*
* @param void
* @return null
*/
function send_welcome_message()
{
if ($this->active_user->isNew()) {
$this->httpError(HTTP_ERR_NOT_FOUND);
}
// if
if (!$this->active_user->canSendWelcomeMessage($this->logged_user)) {
$this->httpError(HTTP_ERR_FORBIDDEN);
}
// if
$this->skip_layout = $this->request->isAsyncCall();
$welcome_message_data = $this->request->post('welcome_message');
if (!is_array($welcome_message_data)) {
$welcome_message_data = array('message' => UserConfigOptions::getValue('welcome_message', $this->active_user));
}
// if
$this->smarty->assign('welcome_message_data', $welcome_message_data);
if ($this->request->isSubmitted()) {
$welcome_message = trim(array_var($welcome_message_data, 'message'));
if ($welcome_message) {
UserConfigOptions::setValue('welcome_message', $welcome_message, $this->active_user);
} else {
UserConfigOptions::removeValue('welcome_message', $this->active_user);
}
// if
$password = make_password(11);
$this->active_user->setPassword($password);
$save = $this->active_user->save();
if ($save && !is_error($save)) {
$welcome_message_sent = ApplicationMailer::send(array($this->active_user), 'system/new_user', array('created_by_id' => $this->logged_user->getId(), 'created_by_name' => $this->logged_user->getDisplayName(), 'created_by_url' => $this->logged_user->getViewUrl(), 'email' => $this->active_user->getEmail(), 'password' => $password, 'login_url' => assemble_url('login'), 'welcome_body' => $welcome_message ? nl2br(clean($welcome_message)) : ''));
if ($welcome_message_sent) {
$message = lang('Welcome message has been sent to :name', array('name' => $this->active_user->getDisplayName()));
} else {
$message = lang('Failed to send welcome message to :name. Please try again later', array('name' => $this->active_user->getDisplayName()));
}
// if
if ($this->request->isAsyncCall()) {
die($message);
} else {
flash_success($message);
$this->redirectToUrl($this->active_user->getViewUrl());
}
// if
} else {
if ($this->request->isAsyncCall()) {
$this->httpError(HTTP_ERR_OPERATION_FAILED);
} else {
flash_error($message);
$this->redirectToUrl($this->active_user->getViewUrl());
}
// if
}
// if
}
// if
}
function LoadInTempGroup($add, $file, $file_name, $file_type, $file_size, $userid, $username)
{
global $empire, $dbtbpre;
//验证权限
CheckLevel($userid, $username, $classid, "tempgroup");
if (!$file_name || !$file_size) {
printerror("EmptyLoadInTempGroup", "");
}
$gid = (int) $add['gid'];
//扩展名
$filetype = GetFiletype($file_name);
if ($filetype != ".temp") {
printerror("LoadInTempGroupMusttemp", "");
}
//上传文件
$path = ECMS_PATH . DASHBOARD . '/data/tmp/temp/uploadtg' . time() . make_password(10) . '.temp';
$cp = @move_uploaded_file($file, $path);
DoChmodFile($path);
$data = ReadFiletext($path);
DelFiletext($path);
//转码
if ($add['ChangeChar']) {
$data = LoadInTempChangeChar($add['tempchar'], $data);
}
if (empty($data)) {
printerror("EmptyLoadInTempGroup", "");
}
//返回版本
$pageexp = "<!---ecms.temp--->";
$checkpr = explode($pageexp, $data);
$tempverr = LoadInTGReturnVer($checkpr[0]);
$gname = $tempverr['gname'];
$thistempver = $tempverr['ver'];
$thistempchar = $tempverr['tempchar'];
//替换旧地址
$GLOBALS['loadtempver'] = $thistempver;
if (empty($thistempver)) {
$data = LoadInTGReptext_pubvar($data);
}
//入库
$pageexp = "<!---ecms.temp--->";
$record = "<!---ecms.record--->";
$field = "<!---ecms.field--->";
$pr = explode($pageexp, $data);
if (empty($gid)) {
$sql = $empire->query("insert into {$dbtbpre}enewstempgroup(gname,isdefault) values('" . addslashes($gname) . "',0);");
$gid = $empire->lastid();
$gname = $pr[0];
$en = "_" . $gid;
CreateTempTb($gid, $en);
//复制表
} else {
$r = $empire->fetch1("select gid,gname from {$dbtbpre}enewstempgroup where gid={$gid}");
if (!$r['gid']) {
printerror("LoadInTempGroupMusttemp", "");
}
if ($gid == 1) {
$en = "";
} else {
$en = "_" . $gid;
}
$gname = $r['gname'];
ClearTempTb($gid, $en);
//清空表
}
//版本
$isold = 0;
$ckcount = count($pr);
if ($ckcount <= 10) {
$isold = 1;
} elseif ($ckcount <= 11) {
$isold = 2;
}
LoadInTGBqtemp($gid, $en, $record, $field, $pr[1]);
//标签模板
LoadInTGJstemp($gid, $en, $record, $field, $pr[2]);
//JS模板
LoadInTGListtemp($gid, $en, $record, $field, $pr[3]);
//列表模板
LoadInTGNewstemp($gid, $en, $record, $field, $pr[4]);
//内容模板
LoadInTGPubtemp($gid, $en, $record, $field, $pr[5], $isold);
//公共模板
LoadInTGSearchtemp($gid, $en, $record, $field, $pr[6]);
//搜索模板
LoadInTGTempvar($gid, $en, $record, $field, $pr[7]);
//模板变量
LoadInTGVotetemp($gid, $en, $record, $field, $pr[8]);
//投票模板
LoadInTGClasstemp($gid, $en, $record, $field, $pr[9]);
//栏目模板
if ($isold != 1) {
LoadInTGPltemp($gid, $en, $record, $field, $pr[10]);
//评论模板
}
if ($isold == 0) {
LoadInTGPrinttemp($gid, $en, $record, $field, $pr[11]);
//打印模板
}
LoadInTGPagetemp($gid, $en, $record, $field, $pr[12]);
//自定义页面模板
//操作日志
insert_dolog("gid={$gid}&gname={$gname}");
printerror("LoadInTempGroupSuccess", "TempGroup.php" . hReturnEcmsHashStrHref2(1));
}
function loginout($userid,$username,$rnd){
global $empire,$dbtbpre,$ecms_config;
$userid=(int)$userid;
if(!$userid||!$username)
{
printerror("NotLogin","history.go(-1)");
}
$set1=esetcookie("loginuserid","",0,1);
$set2=esetcookie("loginusername","",0,1);
$set3=esetcookie("loginrnd","",0,1);
$set4=esetcookie("loginlevel","",0,1);
//COOKIERND
DelECookieRnd();
DelESessionRnd();
DelECookieAdminLoginFileInfo();
//FireWall
FWEmptyPassword();
//取得随机密码
$rnd=make_password(20);
$sql=$empire->query("update {$dbtbpre}enewsuser set rnd='$rnd' where userid='$userid'");
DoEDelFileRnd($userid);
DoEDelAndAuthRnd($userid);
//操作日志
insert_dolog("");
printerror("ExitSuccess","index.php");
}
function LoadInMod($add, $file, $file_name, $file_type, $file_size, $userid, $username)
{
global $empire, $dbtbpre, $phome_db_dbchar;
//验证权限
CheckLevel($userid, $username, $classid, "table");
$tbname = RepPostVar(trim($add['tbname']));
if (!$file_name || !$file_size || !$tbname) {
printerror("EmptyLoadInMod", "");
}
//扩展名
$filetype = GetFiletype($file_name);
if ($filetype != ".mod") {
printerror("LoadInModMustmod", "");
}
//表名是否已存在
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewstable where tbname='{$tbname}' limit 1");
if ($num) {
printerror("HaveLoadInTb", "");
}
//上传文件
$path = ECMS_PATH . "e/data/tmp/mod/uploadm" . time() . make_password(10) . ".php";
$cp = @move_uploaded_file($file, $path);
if (!$cp) {
printerror("EmptyLoadInMod", "");
}
DoChmodFile($path);
@(include $path);
UpdateTbDefMod($tid, $tbname, $mid);
//公共变量
TogSaveTxtF(1);
GetConfig(1);
//更新缓存
//生成模型表单文件
$modr = $empire->fetch1("select mtemp,qmtemp,cj from {$dbtbpre}enewsmod where mid='{$mid}'");
ChangeMForm($mid, $tid, $modr[mtemp]);
//更新表单
ChangeQmForm($mid, $tid, $modr[qmtemp]);
//更新前台表单
ChangeMCj($mid, $tid, $modr[cj]);
//采集表单
//删除文件
DelFiletext($path);
//操作日志
insert_dolog("tid={$tid}&tb={$tbname}<br>mid={$mid}");
printerror("LoadInModSuccess", "db/ListTable.php");
}
function create_password_reset_key($username)
{
global $scramble_key;
$resetuniquecode = make_password();
$password_reset_hash = hash('sha256', date("Ymd") . md5("RS" . $resetuniquecode . $username . $scramble_key));
sql_query("update user set password_reset_hash='{$password_reset_hash}' where username='******'");
$password_reset_url_key = substr(hash('sha256', date("Ymd") . $password_reset_hash . $username . $scramble_key), 0, 15);
return $password_reset_url_key;
}
function EditUser($userid, $username, $password, $repassword, $groupid, $adminclass, $oldusername, $checked, $styleid, $loginuserid, $loginusername)
{
global $empire, $class_r, $dbtbpre;
$userid = (int) $userid;
if (!$userid || !$username) {
printerror("EnterUsername", "history.go(-1)");
}
//操作权限
CheckLevel($loginuserid, $loginusername, $classid, "user");
//修改用户名
if ($oldusername != $username) {
$num = $empire->gettotal("select count(*) as total from {$dbtbpre}enewsuser where username='******' and userid<>{$userid} limit 1");
if ($num) {
printerror("ReUsername", "history.go(-1)");
}
//修改信息
//$nsql=$empire->query("update {$dbtbpre}enewsnews set username='******' where username='******'");
//修改日志
$lsql = $empire->query("update {$dbtbpre}enewslog set username='******' where username='******'");
$lsql = $empire->query("update {$dbtbpre}enewsdolog set username='******' where username='******'");
}
//修改密码
if ($password) {
if ($password != $repassword) {
printerror("NotRepassword", "history.go(-1)");
}
if (strlen($password) < 6) {
printerror("LessPassword", "history.go(-1)");
}
$salt = make_password(8);
$password = md5(md5($password) . $salt);
$add = ",password='******',salt='{$salt}'";
}
//管理目录
for ($i = 0; $i < count($adminclass); $i++) {
//大栏目
if (empty($class_r[$adminclass[$i]][islast])) {
if (empty($class_r[$adminclass[$i]][sonclass]) || $class_r[$adminclass[$i]][sonclass] == "|") {
continue;
} else {
$andclass = substr($class_r[$adminclass[$i]][sonclass], 1);
}
$insert_class .= $andclass;
} else {
$insert_class .= $adminclass[$i] . "|";
}
}
$insert_class = "|" . $insert_class;
$styleid = (int) $styleid;
$groupid = (int) $groupid;
$checked = (int) $checked;
$filelevel = (int) $_POST['filelevel'];
$classid = (int) $_POST['classid'];
$truename = htmlspecialchars($_POST['truename']);
$email = htmlspecialchars($_POST['email']);
$sql = $empire->query("update {$dbtbpre}enewsuser set username='******',groupid={$groupid},adminclass='{$insert_class}',checked={$checked},styleid={$styleid},filelevel='{$filelevel}',truename='{$truename}',email='{$email}',classid='{$classid}'" . $add . " where userid='{$userid}'");
//安全提问
$equestion = (int) $_POST['equestion'];
$eanswer = $_POST['eanswer'];
$uadd = '';
if ($equestion) {
if ($equestion != $_POST['oldequestion'] && !$eanswer) {
printerror('EmptyEAnswer', '');
}
if ($eanswer) {
$eanswer = ReturnHLoginQuestionStr($userid, $username, $equestion, $eanswer);
$uadd = ",eanswer='{$eanswer}'";
}
} else {
$uadd = ",eanswer=''";
}
$empire->query("update {$dbtbpre}enewsuseradd set equestion='{$equestion}'" . $uadd . " where userid='{$userid}'");
if ($_POST['oldadminclass'] != $insert_class) {
DelFiletext('../../data/fc/ListEnews' . $userid . '.php');
}
if ($sql) {
//操作日志
insert_dolog("userid=" . $userid . "<br>username="******"EditUserSuccess", "ListUser.php");
} else {
printerror("DbError", "history.go(-1)");
}
}
if (db_num_rows($result) == 0) {
$tmp_password = make_password();
$pwd_hash = db_escape_string(encrypt_password($tmp_password, $login));
$rv[0] = T_sprintf("Created user %s with password <b>%s</b>.", $login, $tmp_password);
db_query($link, "INSERT INTO ttirc_users \n\t\t\t\t\t(login, pwd_hash, email, nick, realname) \n\t\t\t\t\tVALUES\n\t\t\t\t\t('{$login}', '{$pwd_hash}', '{$login}@localhost', '{$login}', '{$login}')");
} else {
$rv[0] = T_sprintf("User %s already exists", $login);
}
$rv[1] = format_users($link);
print json_encode($rv);
}
break;
case "reset-password":
$id = db_escape_string($_REQUEST["id"]);
if ($_SESSION["access_level"] >= 10) {
$tmp_password = make_password();
$login = get_user_login($link, $id);
$pwd_hash = db_escape_string(encrypt_password($tmp_password, $login));
db_query($link, "UPDATE ttirc_users SET pwd_hash = '{$pwd_hash}'\n\t\t\t\tWHERE id = '{$id}'");
print json_encode(array("message" => T_sprintf("Reset password of user %s to <b>%s</b>.", $login, $tmp_password)));
}
break;
case "delete-user":
$ids = db_escape_string($_REQUEST["ids"]);
if ($_SESSION["access_level"] >= 10) {
db_query($link, "DELETE FROM ttirc_users WHERE\n\t\t\t\tid in ({$ids}) AND id != " . $_SESSION["uid"]);
print format_users($link);
}
break;
case "users":
if ($_SESSION["access_level"] >= 10) {
function module_pref_users($link)
{
global $access_level_names;
if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
print __("Your access level is insufficient to open this tab.");
return;
}
$subop = $_REQUEST["subop"];
if ($subop == "user-details") {
$uid = sprintf("%d", $_REQUEST["id"]);
print "<div id=\"infoBoxTitle\">" . __('User details') . "</div>";
print "<div class='infoBoxContents'>";
$result = db_query($link, "SELECT login,\n\t\t\t\t" . SUBSTRING_FOR_DATE . "(last_login,1,16) AS last_login,\n\t\t\t\taccess_level,\n\t\t\t\t(SELECT COUNT(int_id) FROM ttrss_user_entries \n\t\t\t\t\tWHERE owner_uid = id) AS stored_articles,\n\t\t\t\t" . SUBSTRING_FOR_DATE . "(created,1,16) AS created\n\t\t\t\tFROM ttrss_users \n\t\t\t\tWHERE id = '{$uid}'");
if (db_num_rows($result) == 0) {
print "<h1>" . __('User not found') . "</h1>";
return;
}
// print "<h1>User Details</h1>";
$login = db_fetch_result($result, 0, "login");
print "<table width='100%'>";
$last_login = date(get_pref($link, 'LONG_DATE_FORMAT'), strtotime(db_fetch_result($result, 0, "last_login")));
$created = date(get_pref($link, 'LONG_DATE_FORMAT'), strtotime(db_fetch_result($result, 0, "created")));
$access_level = db_fetch_result($result, 0, "access_level");
$stored_articles = db_fetch_result($result, 0, "stored_articles");
print "<tr><td>" . __('Registered') . "</td><td>{$created}</td></tr>";
print "<tr><td>" . __('Last logged in') . "</td><td>{$last_login}</td></tr>";
$result = db_query($link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds\n\t\t\t\tWHERE owner_uid = '{$uid}'");
$num_feeds = db_fetch_result($result, 0, "num_feeds");
print "<tr><td>" . __('Subscribed feeds count') . "</td><td>{$num_feeds}</td></tr>";
print "</table>";
print "<h1>" . __('Subscribed feeds') . "</h1>";
$result = db_query($link, "SELECT id,title,site_url FROM ttrss_feeds\n\t\t\t\tWHERE owner_uid = '{$uid}' ORDER BY title");
print "<ul class=\"userFeedList\">";
$row_class = "odd";
while ($line = db_fetch_assoc($result)) {
$icon_file = ICONS_URL . "/" . $line["id"] . ".ico";
if (file_exists($icon_file) && filesize($icon_file) > 0) {
$feed_icon = "<img class=\"tinyFeedIcon\" src=\"{$icon_file}\">";
} else {
$feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
}
print "<li class=\"{$row_class}\">{$feed_icon} <a href=\"" . $line["site_url"] . "\">" . $line["title"] . "</a></li>";
$row_class = toggleEvenOdd($row_class);
}
if (db_num_rows($result) < $num_feeds) {
// FIXME - add link to show ALL subscribed feeds here somewhere
print "<li><img \n\t\t\t\t\tclass=\"tinyFeedIcon\" src=\"images/blank_icon.gif\"> ...</li>";
}
print "</ul>";
print "<div align='center'>\n\t\t\t\t<button onclick=\"closeInfoBox()\">" . __("Close this window") . "</button></div>";
print "</div>";
return;
}
if ($subop == "edit") {
$id = db_escape_string($_REQUEST["id"]);
print "<div id=\"infoBoxTitle\">" . __('User Editor') . "</div>";
print "<div class=\"infoBoxContents\">";
print "<form id=\"user_edit_form\" onsubmit='return false'>";
print "<input type=\"hidden\" name=\"id\" value=\"{$id}\">";
print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
$result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '{$id}'");
$login = db_fetch_result($result, 0, "login");
$access_level = db_fetch_result($result, 0, "access_level");
$email = db_fetch_result($result, 0, "email");
$sel_disabled = $id == $_SESSION["uid"] ? "disabled" : "";
print "<div class=\"dlgSec\">" . __("User") . "</div>";
print "<div class=\"dlgSecCont\">";
if ($sel_disabled) {
print "<input type=\"hidden\" name=\"login\" value=\"{$login}\">";
print "<input size=\"30\" style=\"font-size : 16px\" \n\t\t\t\t\tonkeypress=\"return filterCR(event, userEditSave)\" {$sel_disabled}\n\t\t\t\t\tvalue=\"{$login}\">";
} else {
print "<input size=\"30\" style=\"font-size : 16px\" \n\t\t\t\t\tonkeypress=\"return filterCR(event, userEditSave)\" {$sel_disabled}\n\t\t\t\t\tname=\"login\" value=\"{$login}\">";
}
print "</div>";
print "<div class=\"dlgSec\">" . __("Authentication") . "</div>";
print "<div class=\"dlgSecCont\">";
print __('Access level: ') . " ";
if (!$sel_disabled) {
print_select_hash("access_level", $access_level, $access_level_names, $sel_disabled);
} else {
print_select_hash("", $access_level, $access_level_names, $sel_disabled);
print "<input type=\"hidden\" name=\"access_level\" value=\"{$access_level}\">";
}
print "<br/>";
print __('Change password to') . " <input size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\"\n\t\t\t\tname=\"password\">";
print "</div>";
print "<div class=\"dlgSec\">" . __("Options") . "</div>";
print "<div class=\"dlgSecCont\">";
print __('E-mail: ') . " <input size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\"\n\t\t\t\tvalue=\"{$email}\">";
print "</div>";
print "</table>";
print "</form>";
print "<div class=\"dlgButtons\">\n\t\t\t\t<button onclick=\"return userEditSave()\">" . __('Save') . "</button>\n\t\t\t\t<button onclick=\"return userEditCancel()\">" . __('Cancel') . "</button></div>";
print "</div>";
return;
}
if ($subop == "editSave") {
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
$login = db_escape_string(trim($_REQUEST["login"]));
$uid = db_escape_string($_REQUEST["id"]);
$access_level = (int) $_REQUEST["access_level"];
$email = db_escape_string(trim($_REQUEST["email"]));
$password = db_escape_string(trim($_REQUEST["password"]));
if ($password) {
$pwd_hash = encrypt_password($password, $login);
$pass_query_part = "pwd_hash = '{$pwd_hash}', ";
print_notice(T_sprintf('Changed password of user <b>%s</b>.', $login));
} else {
$pass_query_part = "";
}
db_query($link, "UPDATE ttrss_users SET {$pass_query_part} login = '******', \n\t\t\t\t\taccess_level = '{$access_level}', email = '{$email}' WHERE id = '{$uid}'");
}
} else {
if ($subop == "remove") {
if ($_SESSION["access_level"] >= 10) {
$ids = split(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
if ($id != $_SESSION["uid"]) {
db_query($link, "DELETE FROM ttrss_tags WHERE owner_uid = '{$id}'");
db_query($link, "DELETE FROM ttrss_feeds WHERE owner_uid = '{$id}'");
db_query($link, "DELETE FROM ttrss_users WHERE id = '{$id}'");
}
}
}
} else {
if ($subop == "add") {
if ($_SESSION["access_level"] >= 10) {
$login = db_escape_string(trim($_REQUEST["login"]));
$tmp_user_pwd = make_password(8);
$pwd_hash = encrypt_password($tmp_user_pwd, $login);
$result = db_query($link, "SELECT id FROM ttrss_users WHERE \n\t\t\t\t\tlogin = '******'");
if (db_num_rows($result) == 0) {
db_query($link, "INSERT INTO ttrss_users \n\t\t\t\t\t\t(login,pwd_hash,access_level,last_login,created)\n\t\t\t\t\t\tVALUES ('{$login}', '{$pwd_hash}', 0, null, NOW())");
$result = db_query($link, "SELECT id FROM ttrss_users WHERE \n\t\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'");
if (db_num_rows($result) == 1) {
$new_uid = db_fetch_result($result, 0, "id");
print_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>", $login, $tmp_user_pwd));
initialize_user($link, $new_uid);
} else {
print_warning(T_sprintf("Could not create user <b>%s</b>", $login));
}
} else {
print_warning(T_sprintf("User <b>%s</b> already exists.", $login));
}
}
} else {
if ($subop == "resetPass") {
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
$uid = db_escape_string($_REQUEST["id"]);
$result = db_query($link, "SELECT login,email \n\t\t\t\t\tFROM ttrss_users WHERE id = '{$uid}'");
$login = db_fetch_result($result, 0, "login");
$email = db_fetch_result($result, 0, "email");
$tmp_user_pwd = make_password(8);
$pwd_hash = encrypt_password($tmp_user_pwd, $login);
db_query($link, "UPDATE ttrss_users SET pwd_hash = '{$pwd_hash}'\n\t\t\t\t\tWHERE id = '{$uid}'");
print_notice(T_sprintf("Changed password of user <b>%s</b>\n\t\t\t\t\t to <b>%s</b>", $login, $tmp_user_pwd));
if ($email) {
print_notice(T_sprintf("Notifying <b>%s</b>.", $email));
require_once "lib/MiniTemplator.class.php";
$tpl = new MiniTemplator();
$tpl->readTemplateFromFile("templates/resetpass_template.txt");
$tpl->setVariable('LOGIN', $login);
$tpl->setVariable('NEWPASS', $tmp_user_pwd);
$tpl->addBlock('message');
$message = "";
$tpl->generateOutputToString($message);
$mail = new PHPMailer();
$mail->PluginDir = "lib/phpmailer/";
$mail->SetLanguage("en", "lib/phpmailer/language/");
$mail->CharSet = "UTF-8";
$mail->From = DIGEST_FROM_ADDRESS;
$mail->FromName = DIGEST_FROM_NAME;
$mail->AddAddress($email, $login);
if (DIGEST_SMTP_HOST) {
$mail->Host = DIGEST_SMTP_HOST;
$mail->Mailer = "smtp";
$mail->SMTPAuth = DIGEST_SMTP_LOGIN != '';
$mail->Username = DIGEST_SMTP_LOGIN;
$mail->Password = DIGEST_SMTP_PASSWORD;
}
$mail->IsHTML(false);
$mail->Subject = __("[tt-rss] Password change notification");
$mail->Body = $message;
$rc = $mail->Send();
if (!$rc) {
print_error($mail->ErrorInfo);
}
/* mail("$login <$email>", "Password reset notification",
"Hi, $login.\n".
"\n".
"Your password for this TT-RSS installation was reset by".
" an administrator.\n".
"\n".
"Your new password is $tmp_user_pwd, please remember".
" it for later reference.\n".
"\n".
"Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM); */
}
print "</div>";
}
}
}
}
}
set_pref($link, "_PREFS_ACTIVE_TAB", "userConfig");
$user_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_user_search"] = $user_search;
} else {
$user_search = $_SESSION["prefs_user_search"];
}
print "<div style='float : right'>\n\t\t\t<input id=\"user_search\" size=\"20\" type=\"search\"\n\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\tonchange=\"javascript:updateUsersList()\" value=\"{$user_search}\">\n\t\t\t<button onclick=\"javascript:updateUsersList()\">" . __('Search') . "</button>\n\t\t\t</div>";
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "login";
}
print "<button onclick=\"javascript:addUser()\">" . __('Create user') . "</button>";
print "\n\t\t\t<button onclick=\"javascript:selectedUserDetails()\">" . __('Details') . "</button>\n\t\t\t<button onclick=\"javascript:editSelectedUser()\">" . __('Edit') . "</button>\n\t\t\t<button onclick=\"javascript:removeSelectedUsers()\">" . __('Remove') . "</button>\n\t\t\t<button onclick=\"javascript:resetSelectedUserPass()\">" . __('Reset password') . "</button>";
print "</div>";
if ($user_search) {
$user_search = split(" ", $user_search);
$tokens = array();
foreach ($user_search as $token) {
$token = trim($token);
array_push($tokens, "(UPPER(login) LIKE UPPER('%{$token}%'))");
}
$user_search_query = "(" . join($tokens, " AND ") . ") AND ";
} else {
$user_search_query = "";
}
$result = db_query($link, "SELECT \n\t\t\t\tid,login,access_level,email,\n\t\t\t\t" . SUBSTRING_FOR_DATE . "(last_login,1,16) as last_login,\n\t\t\t\t" . SUBSTRING_FOR_DATE . "(created,1,16) as created\n\t\t\tFROM \n\t\t\t\tttrss_users\n\t\t\tWHERE\n\t\t\t\t{$user_search_query}\n\t\t\t\tid > 0\n\t\t\tORDER BY {$sort}");
if (db_num_rows($result) > 0) {
// print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
print "<p><table width=\"100%\" cellspacing=\"0\" \n\t\t\tclass=\"prefUserList\" id=\"prefUserList\">";
print "<tr><td class=\"selectPrompt\" colspan=\"8\">\n\t\t\t\t" . __('Select:') . " \n\t\t\t\t\t<a href=\"javascript:selectPrefRows('user', true)\">" . __('All') . "</a>,\n\t\t\t\t\t<a href=\"javascript:selectPrefRows('user', false)\">" . __('None') . "</a>\n\t\t\t\t</td</tr>";
print "<tr class=\"title\">\n\t\t\t\t\t<td align='center' width=\"5%\"> </td>\n\t\t\t\t\t<td width=''><a href=\"javascript:updateUsersList('login')\">" . __('Login') . "</a></td>\n\t\t\t\t\t<td width='20%'><a href=\"javascript:updateUsersList('access_level')\">" . __('Access Level') . "</a></td>\n\t\t\t\t\t<td width='20%'><a href=\"javascript:updateUsersList('created')\">" . __('Registered') . "</a></td>\n\t\t\t\t\t<td width='20%'><a href=\"javascript:updateUsersList('last_login')\">" . __('Last login') . "</a></td></tr>";
$lnum = 0;
while ($line = db_fetch_assoc($result)) {
$class = $lnum % 2 ? "even" : "odd";
$uid = $line["id"];
$edit_uid = $_REQUEST["id"];
if ($subop == "edit" && $uid != $edit_uid) {
$class .= "Grayed";
$this_row_id = "";
} else {
$this_row_id = "id=\"UMRR-{$uid}\"";
}
print "<tr class=\"{$class}\" {$this_row_id}>";
$line["login"] = htmlspecialchars($line["login"]);
# $line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'),
# strtotime($line["last_login"]));
if (get_pref($link, 'HEADLINES_SMART_DATE')) {
$line["last_login"] = smart_date_time(strtotime($line["last_login"]));
$line["created"] = smart_date_time(strtotime($line["created"]));
} else {
$line["last_login"] = date(get_pref($link, 'SHORT_DATE_FORMAT'), strtotime($line["last_login"]));
$line["created"] = date(get_pref($link, 'SHORT_DATE_FORMAT'), strtotime($line["created"]));
}
print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"user\");' \n\t\t\t\ttype=\"checkbox\" id=\"UMCHK-{$uid}\"></td>";
$onclick = "onclick='editUser({$uid})' title='" . __('Click to edit') . "'";
print "<td {$onclick}>" . $line["login"] . "</td>";
if (!$line["email"]) {
$line["email"] = " ";
}
print "<td {$onclick}>" . $access_level_names[$line["access_level"]] . "</td>";
print "<td {$onclick}>" . $line["created"] . "</td>";
print "<td {$onclick}>" . $line["last_login"] . "</td>";
print "</tr>";
++$lnum;
}
print "</table>";
} else {
print "<p>";
if (!$user_search) {
print_warning(__('No users defined.'));
} else {
print_warning(__('No matching users found.'));
}
print "</p>";
}
}
