Exemple #1
0
function userLoginResetPassword($params)
{
    if (isset($params['view']) && $params['view'] == 'resetPasswordChange' || isset($params['action']) && $params['action'] == 'resetPasswordChange') {
        //validate IWP reset password link, before showing the form or saving new password
        $result = resetPasswordLinkValidate(array('resetHash' => $params['resetHash'], 'transID' => $params['transID']));
        if ($result['isValidLink'] == true && $result['isExpired'] == true) {
            header("Location: login.php?errorMsg=resetPasswordLinkExpired");
            exit;
        } elseif ($result['isValidLink'] == false) {
            $errorMsg = 'resetPasswordLinkInvalid';
            header("Location: login.php?errorMsg=resetPasswordLinkInvalid");
            exit;
        }
        //if above if conditions fails, then it all good, allow to load reset password form
    }
    if (isset($params['action']) && $params['action'] == 'resetPasswordChange') {
        //above code should validate the resetHash and transID
        if (!isset($params['newPassword']) || empty($params['newPassword'])) {
            header('Location: login.php?view=resetPasswordChange&resetHash=' . $params['resetHash'] . '&transID=' . $params['transID'] . '&errorMsg=resetPasswordInvalidPassword');
            exit;
        }
        $isUpdated = DB::update("?:users", array("password" => sha1($params['newPassword']), "resetPassword" => serialize(array())), "sha1(email) = '" . $params['transID'] . "' ");
        if ($isUpdated) {
            header('Location: login.php?successMsg=resetPasswordChanged');
            exit;
        } else {
            header('Location: login.php?view=resetPasswordChange&resetHash=' . $params['resetHash'] . '&transID=' . $params['transID'] . '&errorMsg=resetPasswordFailed');
            exit;
        }
    } elseif (isset($params['action']) && $params['action'] == 'resetPasswordSendMail') {
        $params["email"] = DB::realEscapeString($params['email']);
        $userDets = DB::getRow("?:users", "userID", "email = '" . $params["email"] . "'");
        $isUserExists = !empty($userDets["userID"]) ? true : false;
        if (!$isUserExists) {
            header('Location: login.php?view=resetPassword&errorMsg=resetPasswordEmailNotFound');
            exit;
        }
        $hashValue = serialize(array('hashCode' => 'resetPassword', 'uniqueTime' => microtime(true), 'userPin' => $userDets['userID']));
        $resetHash = sha1($hashValue);
        DB::update("?:users", array("resetPassword" => serialize(array("resetHash" => $resetHash, "validity" => time() + 86400))), "userID = '" . $userDets['userID'] . "' ");
        $verificationURL = APP_FULL_URL . "login.php?view=resetPasswordChange&resetHash=" . $resetHash . "&transID=" . sha1($params["email"]);
        $isSent = sendAppMail(array('userID' => $userDets["userID"], 'verificationURL' => $verificationURL), '/templates/email/resetPassword.tpl.php');
        if (!empty($isSent)) {
            header('Location: login.php?successMsg=resetPasswordMailSent');
            exit;
        } else {
            header('Location: login.php?view=resetPassword&errorMsg=resetPasswordMailError');
            exit;
        }
    }
}
 public static function loadSiteProcessor($siteIDs, $params)
 {
     $timeout = DEFAULT_MAX_CLIENT_REQUEST_TIMEOUT;
     //$siteID = reset($siteIDs);
     $siteID = $_REQUEST['siteID'];
     if (empty($siteID)) {
         echo 'Invalid Site ID';
     }
     //$where = $params['where'] ? $params['where'].".php" : '';
     $where = $_REQUEST['where'] ? $_REQUEST['where'] . ".php" : '';
     $loadSiteVars = array();
     if (isset($_REQUEST['var_0'])) {
         for ($i = 0; $i < 5; $i++) {
             if (isset($_REQUEST['var_' . $i]) && strpos($_REQUEST['var_' . $i], '__IWPVAR__') !== false) {
                 $temp = explode('__IWPVAR__', $_REQUEST['var_' . $i]);
                 $loadSiteVars[$temp[0]] = $temp[1];
             }
         }
     }
     //if(!empty($params['vars']) && is_array($params['vars'])){
     //			$loadSiteVars = $params['vars'];
     //		}
     $siteData = DB::getRow("?:sites", "*", "siteID=" . DB::realEscapeString($siteID));
     if (empty($siteData)) {
         echo 'Invalid Site ID';
     }
     $type = 'site';
     $action = 'load';
     $events = 1;
     $historyData = array('siteID' => $siteData['siteID'], 'actionID' => Reg::get('currentRequest.actionID'), 'userID' => $GLOBALS['userID'], 'type' => $type, 'action' => $action, 'events' => $events, 'URL' => $siteData['URL'], 'status' => 'completed', 'timeout' => $timeout);
     $historyAdditionalData[] = array('detailedAction' => 'loadSite', 'uniqueName' => 'loadSite', 'status' => 'success');
     $historyID = addHistory($historyData, $historyAdditionalData);
     $signature = signData($where . $historyID, $siteData['isOpenSSLActive'], $siteData['privateKey'], $siteData['randomSignature']);
     $URLQueryArray = array('auto_login' => 1, 'iwp_goto' => $where, 'signature' => base64_encode($signature), 'message_id' => $historyID, 'username' => $siteData['adminUsername']);
     //signature urlencode will be taken care by httpBuildURLCustom()
     if (!empty($loadSiteVars) && is_array($loadSiteVars)) {
         $URLQueryArray = array_merge($URLQueryArray, $loadSiteVars);
     }
     $adminURLArray = parse_url($siteData['adminURL']);
     if (!empty($adminURLArray['query'])) {
         $parsedQuery = array();
         parse_str($adminURLArray['query'], $parsedQuery);
         if (!empty($parsedQuery) && is_array($parsedQuery)) {
             $URLQueryArray = array_merge($parsedQuery, $URLQueryArray);
         }
     }
     $adminURLArray['query'] = $URLQueryArray;
     $adminURLArray['path'] .= $where ? $where : '';
     $URL = httpBuildURLCustom($adminURLArray);
     $argSeparator = ini_get('arg_separator.output');
     if ($argSeparator == "&amp;" || $argSeparator == "&amp") {
         $URL = str_replace($argSeparator, "&", $URL);
     }
     //$URL .='&signature='.$tempSignature;
     //$URL = $siteData['adminURL'].$where.'?'."auto_login=1&iwp_goto=".$where."&signature=".urlencode(base64_encode($signature))."&message_id=".$historyID."&username="******"Location: " . $URL);
     exit;
 }
Exemple #3
0
function filterParameters($array, $DBEscapeString = true)
{
    if (is_array($array)) {
        foreach ($array as $key => $value) {
            $array[$key] = filterParameters($array[$key]);
        }
    } elseif (is_string($array)) {
        if (get_magic_quotes_gpc()) {
            $array = stripslashes($array);
        }
        if ($DBEscapeString) {
            $array = DB::realEscapeString($array);
        }
    }
    return $array;
}