*
* fDomain
* fDisplay
* search
*/
require_once 'common.php';
authentication_require_role('admin');
$admin_username = authentication_get_username();
$list_domains = list_domains_for_admin($admin_username);
$page_size = $CONF['page_size'];
$fDomain = safepost('fDomain', safeget('domain', safesession('list-virtual:domain')));
if (safesession('list-virtual:domain') != $fDomain) {
unset($_SESSION['list-virtual:limit']);
}
$fDisplay = (int) safepost('limit', safeget('limit', safesession('list-virtual:limit')));
$search = safepost('search', safeget('search', array()));
# not remembered in the session
if (!is_array($search)) {
die(Config::Lang('invalid_parameter'));
}
if (count($list_domains) == 0) {
if (authentication_has_role('global-admin')) {
flash_error($PALANG['no_domains_exist']);
} else {
flash_error($PALANG['no_domains_for_this_admin']);
}
header("Location: list.php?table=domain");
# no domains (for this admin at least) - redirect to domain list
exit;
}
if (is_array($list_domains) and sizeof($list_domains) > 0) {
/**
* Build a new team.
* @ajaxreturn 'inteam' this user has already been in a team.
* @ajaxreturn 'invited' this user has already been invited.
* @ajaxreturn 'success' successfully build a new team.
*/
public function new_team_()
{
eval(USER);
$id = session('userid');
if (DBModel::inTeam($id) || DBModel::beingInvited($id)) {
$this->error(Error('inteam'), lastpage());
} else {
$data['leader'] = $id;
$data['id'] = $this->generateTeamId();
#$data['id'] = 'T13071000';
$data['name'] = xassert(safepost('name'), Error('post'));
$data['university'] = xassert(safepost('university'), Error('post'));
$data['teacher'] = xassert(safepost('teacher'), Error('post'));
$root = C('ROOT');
if (isset($_FILES["picture"])) {
$upload = uploadImage();
if (!is_string($upload)) {
$data['picture'] = $root . $upload[0]["savepath"] . $upload[0]["savename"];
}
if ($data["picture"] == $root) {
unset($data["picture"]);
}
}
DBModel::insertDB('cernet_team', $data);
$dat['user_id'] = $id;
$dat['team_id'] = $data['id'];
$dat['statecode'] = 1;
DBModel::insertDB('cernet_teammate', $dat);
$am = new AdminModel();
$am->setTeamState($data['id'], 3);
$this->success(Success('newteam'), '__ROOT__/User/currentstage');
}
}
$smarty->assign('forward_only', '');
} else {
$smarty->assign('forward_and_store', '');
$smarty->assign('forward_only', ' checked="checked"');
}
$smarty->assign('tGotoArray', $tGotoArray);
$smarty->display('index.tpl');
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// user clicked on cancel button
if (isset($_POST['fCancel'])) {
header("Location: main.php");
exit(0);
}
$fGoto = trim(safepost('fGoto'));
$fForward_and_store = safepost('fForward_and_store');
# TODO: use edit.php (or create a edit_user.php)
# TODO: this will obsolete lots of the code below (parsing $goto and the error checks)
$goto = strtolower($fGoto);
$goto = preg_replace('/\\\\r\\\\n/', ',', $goto);
$goto = preg_replace('/\\r\\n/', ',', $goto);
$goto = preg_replace('/,[\\s]+/i', ',', $goto);
$goto = preg_replace('/[\\s]+,/i', ',', $goto);
$goto = preg_replace('/\\,*$/', '', $goto);
$goto = explode(",", $goto);
$error = 0;
$goto = array_merge(array_unique($goto));
$good_goto = array();
if ($fForward_and_store != 1 && sizeof($goto) == 1 && $goto[0] == '') {
flash_error($PALANG['pEdit_alias_goto_text_error1']);
$error += 1;
* Template File: admin_list-domain.php
*
* Template Variables:
*
* -none-
*
* Form POST \ GET Variables:
*
* fUsername
*/
require_once 'common.php';
authentication_require_role('admin');
if (authentication_has_role('global-admin')) {
$list_admins = list_admins();
$is_superadmin = 1;
$fUsername = safepost('fUsername', safeget('username'));
# prefer POST over GET variable
if ($fUsername != "") {
$admin_properties = get_admin_properties($fUsername);
}
} else {
$list_admins = array(authentication_get_username());
$is_superadmin = 0;
$fUsername = "";
}
if (isset($admin_properties) && $admin_properties['domain_count'] == 'ALL') {
# list all domains for superadmins
$list_domains = list_domains();
} elseif (!empty($fUsername)) {
$list_domains = list_domains_for_admin($fUsername);
} elseif ($is_superadmin) {
* tBody
*
* Form POST \ GET Variables:
*
* fTo
* fSubject
* fBody
*/
require_once 'common.php';
authentication_require_role('admin');
$CONF['sendmail'] == 'NO' ? header("Location: main.php") && exit : '1';
$smtp_from_email = smtp_get_admin_email();
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fTo = safepost('fTo');
$fFrom = $smtp_from_email;
$fSubject = safepost('fSubject');
$tBody = $_POST['fBody'];
if (get_magic_quotes_gpc()) {
$tBody = stripslashes($tBody);
# TODO: check for get_magic_quotes_gpc inside safepost/safeget
}
$email_check = check_email($fTo);
if (empty($fTo) or $email_check != '') {
$error = 1;
$tTo = escape_string($_POST['fTo']);
$tSubject = escape_string($_POST['fSubject']);
flash_error($PALANG['pSendmail_to_text_error']);
# TODO: superfluous?
flash_error($email_check);
}
if ($error != 1) {
} elseif (safepost("form") == "createadmin") {
# "create admin" form submitted
list($pw_check_error, $pw_check_result) = check_setup_password(safepost('setup_password'));
if ($pw_check_result != 'pass_OK') {
$error += 1;
$setupMessage = $pw_check_result;
}
if ($error == 0 && $pw_check_result == 'pass_OK') {
// XXX need to ensure domains table includes an 'ALL' entry.
$table_domain = table_by_key('domain');
$r = db_query("SELECT * FROM {$table_domain} WHERE domain = 'ALL'");
if ($r['rows'] == 0) {
db_insert('domain', array('domain' => 'ALL', 'description' => '', 'transport' => ''));
// all other fields should default through the schema.
}
$values = array('username' => safepost('username'), 'password' => safepost('password'), 'password2' => safepost('password2'), 'superadmin' => 1, 'domains' => array(), 'active' => 1);
list($error, $setupMessage, $errormsg) = create_admin($values);
if ($error != 0) {
$tUsername = htmlentities($values['username']);
} else {
$setupMessage .= "<p>You are done with your basic setup. ";
$setupMessage .= "<p><b>You can now <a href='login.php'>login to PostfixAdmin</a> using the account you just created.</b>";
}
}
}
if ($setuppw == "" || $setuppw == "changeme" || safeget("lostpw") == 1 || $lostpw_error != 0) {
# show "create setup password" form
?>
<div class="standout"><?php
print $setupMessage;
$form_fields = $handler->getStruct();
# refresh $form_fields - a prefill field might have changed something
} else {
# edit mode - read values from database
if (!$handler->view()) {
flash_error($handler->errormsg);
header("Location: " . $formconf['listview']);
exit;
} else {
$values = $handler->result;
$values[$id_field] = $edit;
}
}
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$inp_values = safepost('value', array());
foreach ($form_fields as $key => $field) {
if ($field['editable'] && $field['display_in_form']) {
if (!isset($inp_values[$key])) {
$inp_values[$key] = '';
# newer PHP versions don't include empty fields in $_POST (noticed with PHP 5.6.6)
}
if ($field['type'] == 'bool' && $inp_values[$key] == '') {
$values[$key] = 0;
# isset() for unchecked checkboxes is always false
} elseif ($field['type'] == 'txtl') {
$values[$key] = $inp_values[$key];
$values[$key] = preg_replace('/\\\\r\\\\n/', ',', $values[$key]);
$values[$key] = preg_replace('/\\r\\n/', ',', $values[$key]);
$values[$key] = preg_replace('/,[\\s]+/i', ',', $values[$key]);
$values[$key] = preg_replace('/[\\s]+,/i', ',', $values[$key]);
* Form POST \ GET Variables:
*
* fTo
* fSubject
* fBody
*/
require_once 'common.php';
authentication_require_role('admin');
$CONF['sendmail'] == 'NO' ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1';
$SESSID_USERNAME = authentication_get_username();
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fTo = safepost('fTo');
$fFrom = $SESSID_USERNAME;
$fHeaders = "To: " . $fTo . "\n";
$fHeaders .= "From: " . $fFrom . "\n";
$fHeaders .= "Subject: " . encode_header(safepost('fSubject')) . "\n";
$fHeaders .= "MIME-Version: 1.0\n";
$fHeaders .= "Content-Type: text/plain; charset=utf-8\n";
$fHeaders .= "Content-Transfer-Encoding: 8bit\n";
$fHeaders .= escape_string($_POST['fBody']);
if (empty($fTo) or !check_email($fTo)) {
$error = 1;
$tTo = escape_string($_POST['fTo']);
$tSubject = escape_string($_POST['fSubject']);
$tBody = escape_string($_POST['fBody']);
$tMessage = $PALANG['pSendmail_to_text_error'];
}
if ($error != 1) {
if (!smtp_mail($fTo, $fFrom, $fHeaders)) {
$tMessage .= $PALANG['pSendmail_result_error'];
} else {
$tUseremail = $fUsername;
$tDomain = $fDomain;
if ($tSubject == '') {
$tSubject = html_entity_decode($PALANG['pUsersVacation_subject_text'], ENT_QUOTES, 'UTF-8');
}
if ($tBody == '') {
$tBody = html_entity_decode($PALANG['pUsersVacation_body_text'], ENT_QUOTES, 'UTF-8');
}
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$tSubject = safepost('fSubject');
$fSubject = escape_string($tSubject);
$tBody = safepost('fBody');
$fBody = escape_string($tBody);
$fChange = escape_string(safepost('fChange'));
$fBack = escape_string(safepost('fBack'));
if (authentication_has_role('admin') && isset($_GET['domain'])) {
$fDomain = escape_string($_GET['domain']);
} else {
$fDomain = $USERID_DOMAIN;
}
if (authentication_has_role('admin') && isset($_GET['username'])) {
$fUsername = escape_string($_GET['username']);
} else {
$fUsername = authentication_get_username();
}
$tUseremail = $fUsername;
if ($tSubject == '') {
$tSubject = html_entity_decode($PALANG['pUsersVacation_subject_text'], ENT_QUOTES, 'UTF-8');
}
if ($tBody == '') {
function check_language($use_post = 1)
{
global $CONF;
global $supported_languages;
# from languages/languages.php
$lang = $CONF['default_language'];
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$lang_array = preg_split('/(\\s*,\\s*)/', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
if (safecookie('lang')) {
array_unshift($lang_array, safecookie('lang'));
# prefer language from cookie
}
if ($use_post && safepost('lang')) {
array_unshift($lang_array, safepost('lang'));
# but prefer $_POST['lang'] even more
}
for ($i = 0; $i < count($lang_array); $i++) {
$lang_next = $lang_array[$i];
$lang_next = strtolower(trim($lang_next));
if (array_key_exists($lang_next, $supported_languages)) {
$lang = $lang_next;
break;
}
}
}
return $lang;
}
<?php
require "./navigation.php";
$cid = safeget('cid');
$contest = new ContestsTbl($cid);
$contest->Get() or error("No such contest");
if (isset($_POST['pwd'])) {
$pwd = safepost('pwd');
if ($contest->detail['authtype'] != 'password') {
error("No password is needed");
}
if ($contest->detail['pwd'] == $pwd) {
$_SESSION["access{$cid}"] = 1;
MsgAndRedirect("contest_detail.php?cid={$cid}");
} else {
$error_msg = "Password Incorrect";
}
}
if (isset($_SESSION["access{$cid}"]) && $_SESSION["access{$cid}"] == 1 || $contest->detail['authtype'] != 'password') {
// already auth
MsgAndRedirect("contest_detail.php?cid={$cid}");
}
?>
<div class="background_container">
<div class="ui-corner-all ui-widget-content">
<table width="900" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="300" height="100" bgcolor="#F0F0F0"><img src="images/register_01.jpg" width="300" height="100"></td>
require_once 'common.php';
# if (safeget('token') != $_SESSION['PFA_token']) die('Invalid token!');
$username = authentication_get_username();
# enforce login
$table = safeget('table');
$handlerclass = ucfirst($table) . 'Handler';
if (!preg_match('/^[a-z]+$/', $table) || !file_exists("model/{$handlerclass}.php")) {
# validate $table
die("Invalid table name given!");
}
# default: domain admin restrictions
$is_superadmin = 0;
if (authentication_has_role('global-admin')) {
# more permissions? Fine!
$is_superadmin = 1;
$username = safepost('username', safeget('username', $username));
# prefer POST over GET variable
}
$is_admin = authentication_has_role('admin');
$handler = new $handlerclass(0, $username, $is_admin);
$formconf = $handler->webformConfig();
$list_admins = array($username);
if ($is_superadmin && $formconf['required_role'] != 'global-admin') {
# 'simulate admin' dropdown doesn't make sense for superadmin-only modules
$list_admins = array_keys(list_admins());
}
if ($is_admin) {
authentication_require_role($formconf['required_role']);
} else {
if (empty($formconf['user_hardcoded_field'])) {
die($handlerclass . ' is not available for users');
# delete an entry
$result = db_query("delete from fetchmail WHERE id=" . $delete);
if ($result['rows'] != 1) {
flash_error($PALANG['pDelete_delete_error']) . '</span>';
} else {
flash_info(sprintf($PALANG['pDelete_delete_success'], $account));
}
$delete = 0;
} elseif (($edit || $new) && $save) {
# $edit or $new AND save button pressed
$formvars = array();
foreach ($fm_struct as $key => $row) {
list($editible, $view, $type) = $row;
if ($editible != 0) {
$func = "_inp_" . $type;
$val = safepost($key);
if ($type != "password" || strlen($val) > 0) {
# skip on empty (aka unchanged) password
$formvars[$key] = escape_string(function_exists($func) ? $func($val) : $val);
}
}
}
$formvars['id'] = $edit;
# results in 0 on $new
if ($CONF['database_type'] == 'pgsql' && $new) {
// skip - shouldn't need to specify this as it will default to the next available value anyway.
unset($formvars['id']);
}
if (!in_array($formvars['mailbox'], $fm_defaults['mailbox'])) {
flash_error($PALANG['pFetchmail_invalid_mailbox']);
$save = 0;
* Form POST \ GET Variables:
*
* fUsername
* fPassword
* lang
*/
require_once "../common.php";
if ($_SERVER['REQUEST_METHOD'] == "GET") {
include "../templates/header.php";
include "../templates/users_login.php";
include "../templates/footer.php";
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$fUsername = escape_string($_POST['fUsername']);
$fPassword = escape_string($_POST['fPassword']);
$lang = safepost('lang');
if ($lang != check_language(0)) {
# only set cookie if language selection was changed
setcookie('lang', $lang, time() + 60 * 60 * 24 * 30);
# language cookie, lifetime 30 days
# (language preference cookie is processed even if username and/or password are invalid)
}
$active = db_get_boolean(True);
$query = "SELECT password FROM {$table_mailbox} WHERE username='******' AND active={$active}";
$result = db_query($query);
if ($result['rows'] == 1) {
$row = db_array($result['result']);
$password = pacrypt($fPassword, $row['password']);
$query = "SELECT * FROM {$table_mailbox} WHERE username='******' AND password='******' AND active={$active}";
$result = db_query($query);
if ($result['rows'] != 1) {
/**
* Password find back handle function.
* Usertype: Student
*/
public function nopassword_()
{
try {
require 'powerdream/Common/Mail.class.php';
$cond['email'] = xassert(safepost('email'), Error('post'));
$random = rand(0, 100) . ' This is a salt.';
$pwd = substr(encrypt($random), 0, 8);
$data['password'] = encrypt($pwd);
if (!DBModel::existUser('cernet_user', $cond)) {
$this->error(Error('email'), lastpage());
} else {
DBModel::updateDB('cernet_user', $cond, $data);
$user = DBModel::selectDB('cernet_user', $cond);
$user = $user[0];
$mailto = $cond['email'];
$replace['[#password]'] = $pwd;
$replace['[#username]'] = $user['username'];
$content = Mail::contentTemplate('nopassword');
Mail::autosend($mailto, $content, $replace);
$this->success(Success('nopassword'), '__ROOT__');
}
} catch (Exception $e) {
bassert($this, false, $e->getMessage());
}
}
*
* tUsername
*
* Form POST \ GET Variables:
*
* fUsername
* fPassword
* lang
*/
$rel_path = '../';
define('POSTFIXADMIN_LOGOUT', 1);
require_once "../common.php";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$lang = safepost('lang');
$fUsername = trim(safepost('fUsername'));
$fPassword = safepost('fPassword');
if ($lang != check_language(0)) {
# only set cookie if language selection was changed
setcookie('lang', $lang, time() + 60 * 60 * 24 * 30);
# language cookie, lifetime 30 days
# (language preference cookie is processed even if username and/or password are invalid)
}
$h = new MailboxHandler();
if ($h->login($fUsername, $fPassword)) {
session_regenerate_id();
$_SESSION['sessid'] = array();
$_SESSION['sessid']['roles'] = array();
$_SESSION['sessid']['roles'][] = 'user';
$_SESSION['sessid']['username'] = $fUsername;
$_SESSION['PFA_token'] = md5(uniqid(rand(), true));
header("Location: main.php");
public function meta_quiz_()
{
eval(ADMIN);
try {
$data["stat_total_once"] = xassert(safepost("stat_total_once"), Error("post"));
$data["stat_pass"] = xassert(safepost("stat_pass"), Error("post"));
DBModel::updateDB("cernet_quiz_meta", array("id" => 1), $data);
goback();
} catch (Exception $e) {
#$this->error(Error("upload"), $e->getMessage());
throw_exception($e->getMessage());
}
}
