require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
// connect to DB
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
//Build tree
$tree = new SplClassLoader('Tree\\NestedTree', $_SESSION['settings']['cpassman_dir'] . '/includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
//User's language loading
$k['langage'] = @$_SESSION['user_language'];
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
//Manage type of action asked
switch ($_POST['type']) {
case "initialize_export_table":
DB::query("TRUNCATE TABLE " . prefix_table("export"));
break;
//CASE export to PDF format
//CASE export to PDF format
case "export_to_pdf_format":
/*
$ids = explode(',', $_POST['ids']);
foreach ($ids as $id) {
*/
mysqli_query($dbTmp, "ALTER TABLE" . $_SESSION['db_bdd'] . ".`{$table[0]}`\n DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci");
}
}
echo 'document.getElementById("res_step3").innerHTML = "Done!";';
echo 'document.getElementById("loader").style.display = "none";';
echo 'document.getElementById("but_next").disabled = "";';
echo 'document.getElementById("but_launch").disabled = "disabled";';
mysqli_close($dbTmp);
break;
#==========================
#==========================
case "step4":
//include librairies
require_once '../includes/libraries/Tree/NestedTree/NestedTree.php';
//Build tree
$tree = new Tree\NestedTree\NestedTree($_SESSION['tbl_prefix'] . 'nested_tree', 'id', 'parent_id', 'title');
// dataBase
$res = "";
@mysqli_connect($_SESSION['db_host'], $_SESSION['db_login'], $_SESSION['db_pw'], $_SESSION['db_bdd'], $_SESSION['db_port']);
$dbTmp = mysqli_connect($_SESSION['db_host'], $_SESSION['db_login'], $_SESSION['db_pw'], $_SESSION['db_bdd'], $_SESSION['db_port']);
## Populate table MISC
$val = array(array('admin', 'max_latest_items', '10', 0), array('admin', 'enable_favourites', '1', 0), array('admin', 'show_last_items', '1', 0), array('admin', 'enable_pf_feature', '0', 0), array('admin', 'menu_type', 'context', 0), array('admin', 'log_connections', '0', 0), array('admin', 'time_format', 'H:i:s', 0), array('admin', 'date_format', 'd/m/Y', 0), array('admin', 'duplicate_folder', '0', 0), array('admin', 'duplicate_item', '0', 0), array('admin', 'item_duplicate_in_same_folder', '0', 0), array('admin', 'number_of_used_pw', '3', 0), array('admin', 'manager_edit', '1', 0), array('admin', 'cpassman_dir', '', 0), array('admin', 'cpassman_url', '', 0), array('admin', 'favicon', '', 0), array('admin', 'activate_expiration', '0', 0), array('admin', 'pw_life_duration', '30', 0), array('admin', 'cpassman_version', $k['version'], 1), array('admin', 'ldap_mode', '0', 0), array('admin', 'ldap_type', '0', 0), array('admin', 'ldap_suffix', '0', 0), array('admin', 'ldap_domain_dn', '0', 0), array('admin', 'ldap_domain_controler', '0', 0), array('admin', 'ldap_user_attribute', '0', 0), array('admin', 'ldap_ssl', '0', 0), array('admin', 'ldap_tls', '0', 0), array('admin', 'ldap_elusers', '0', 0), array('admin', 'richtext', 0, 0), array('admin', 'allow_print', 0, 0), array('admin', 'roles_allowed_to_print', 0, 0), array('admin', 'show_description', 1, 0), array('admin', 'anyone_can_modify', 0, 0), array('admin', 'anyone_can_modify_bydefault', 0, 0), array('admin', 'nb_bad_authentication', 0, 0), array('admin', 'restricted_to', 0, 0), array('admin', 'restricted_to_roles', 0, 0), array('admin', 'utf8_enabled', 1, 0), array('admin', 'custom_logo', '', 0), array('admin', 'custom_login_text', '', 0), array('admin', 'log_accessed', '1', 1), array('admin', 'default_language', 'english', 0), array('admin', 'send_stats', empty($_SESSION['send_stats']) ? '0' : $_SESSION['send_stats'], 1), array('admin', 'get_tp_info', '1', 0), array('admin', 'send_mail_on_user_login', '0', 0), array('cron', 'sending_emails', '0', 0), array('admin', 'nb_items_by_query', 'auto', 0), array('admin', 'enable_delete_after_consultation', '0', 0), array('admin', 'path_to_upload_folder', strrpos($_SERVER['DOCUMENT_ROOT'], "/") == 1 ? strlen($_SERVER['DOCUMENT_ROOT']) - 1 . substr($_SERVER['PHP_SELF'], 0, strlen($_SERVER['PHP_SELF']) - 25) . '/upload' : $_SERVER['DOCUMENT_ROOT'] . substr($_SERVER['PHP_SELF'], 0, strlen($_SERVER['PHP_SELF']) - 25) . '/upload', 0), array('admin', 'url_to_upload_folder', 'http://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/') - 8) . '/upload', 0), array('admin', 'enable_personal_saltkey_cookie', '0', 0), array('admin', 'personal_saltkey_cookie_duration', '31', 0), array('admin', 'path_to_files_folder', strrpos($_SERVER['DOCUMENT_ROOT'], "/") == 1 ? strlen($_SERVER['DOCUMENT_ROOT']) - 1 . substr($_SERVER['PHP_SELF'], 0, strlen($_SERVER['PHP_SELF']) - 25) . '/files' : $_SERVER['DOCUMENT_ROOT'] . substr($_SERVER['PHP_SELF'], 0, strlen($_SERVER['PHP_SELF']) - 25) . '/files', 0), array('admin', 'url_to_files_folder', 'http://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/') - 8) . '/files', 0), array('admin', 'pwd_maximum_length', '40', 0), array('admin', 'ga_website_name', 'TeamPass for ChangeMe', 0), array('admin', 'email_smtp_server', @$_SESSION['smtp_server'], 0), array('admin', 'email_smtp_auth', @$_SESSION['smtp_auth'], 0), array('admin', 'email_auth_username', @$_SESSION['smtp_auth_username'], 0), array('admin', 'email_auth_pwd', @$_SESSION['smtp_auth_password'], 0), array('admin', 'email_port', @$_SESSION['smtp_port'], 0), array('admin', 'email_security', @$_SESSION['smtp_security'], 0), array('admin', 'email_from', @$_SESSION['email_from'], 0), array('admin', 'email_from_name', @$_SESSION['email_from_name'], 0), array('admin', '2factors_authentication', 0, 0), array('admin', 'delay_item_edition', 0, 0), array('admin', 'allow_import', 0, 0), array('admin', 'proxy_port', 0, 0), array('admin', 'proxy_port', 0, 0), array('admin', 'upload_maxfilesize', '10mb', 0), array('admin', 'upload_docext', 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx', 0), array('admin', 'upload_imagesext', 'jpg,jpeg,gif,png', 0), array('admin', 'upload_pkgext', '7z,rar,tar,zip', 0), array('admin', 'upload_otherext', 'sql,xml', 0), array('admin', 'upload_imageresize_options', '1', 0), array('admin', 'upload_imageresize_width', '800', 0), array('admin', 'upload_imageresize_height', '600', 0), array('admin', 'upload_imageresize_quality', '90', 0), array('admin', 'enable_send_email_on_user_login', '0', 0), array('admin', 'enable_user_can_create_folders', '0', 0), array('admin', 'insert_manual_entry_item_history', '0', 0), array('admin', 'enable_kb', '0', 0), array('admin', 'enable_email_notification_on_item_shown', '0', 0), array('admin', 'enable_email_notification_on_user_pw_change', '0', 0), array('admin', 'enable_sts', '0', 0), array('admin', 'encryptClientServer', '1', 0), array('admin', 'use_md5_password_as_salt', '0', 0), array('admin', 'api', '0', 0), array('admin', 'subfolder_rights_as_parent', '0', 0), array('admin', 'show_only_accessible_folders', '0', 0), array('admin', 'enable_suggestion', '0', 0), array('admin', 'email_server_url', '', 0), array('admin', 'otv_expiration_period', '7', 0), array('admin', 'default_session_expiration_time', '60', 0), array('admin', 'duo', '0', 0));
$res1 = "na";
foreach ($val as $elem) {
//Check if exists before inserting
$queryRes = mysqli_query($dbTmp, "SELECT COUNT(*) FROM " . $_SESSION['tbl_prefix'] . "misc\n WHERE type='" . $elem[0] . "' AND intitule='" . $elem[1] . "'");
if (mysqli_error($dbTmp)) {
echo 'document.getElementById("res_step4").innerHTML = "MySQL Error! ' . addslashes($queryError) . '";';
echo 'document.getElementById("tbl_1").innerHTML = "' . '<img src=\\"images/exclamation-red.png\\">";';
echo 'document.getElementById("loader").style.display = "none";';
break;
if (!empty($data['id'])) {
$folders = $tree->getDescendants($data['id'], true);
foreach ($folders as $folder) {
// delete folder
DB::delete(prefix_table("nested_tree"), "id = %i AND personal_folder = %i", $folder->id, "1");
// delete items & logs
$items = DB::query("SELECT id FROM " . prefix_table("items") . "\n WHERE id_tree=%i AND perso = %i", $folder->id, "1");
foreach ($items as $item) {
// Delete item
DB::delete(prefix_table("items"), "id = %i", $item['id']);
// log
DB::delete(prefix_table("log_items"), "id_item = %i", $item['id']);
}
}
// rebuild tree
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
}
// update LOG
logEvents('user_mngt', 'at_user_deleted', $_SESSION['user_id'], $_SESSION['login'], $_POST['id']);
} else {
// Get old data about user
$oldData = DB::queryfirstrow("SELECT * FROM " . prefix_table("users") . "\n WHERE id = %i", $_POST['id']);
// manage account status
$accountDisabled = 0;
if ($account_status_action == "unlock") {
$accountDisabled = 0;
$logDisabledText = "at_user_unlocked";
} elseif ($account_status_action == "lock") {
$accountDisabled = 1;
$logDisabledText = "at_user_locked";
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], curPage())) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
include $_SESSION['settings']['cpassman_dir'] . '/error.php';
exit;
}
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/main.functions.php';
// Load file
require_once 'users.load.php';
// load help
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '_admin_help.php';
//Build tree
$tree = new SplClassLoader('Tree\\NestedTree', $_SESSION['settings']['cpassman_dir'] . '/includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title');
$treeDesc = $tree->getDescendants();
// Build FUNCTIONS list
$rolesList = array();
$rows = DB::query("SELECT id,title FROM " . prefix_table("roles_title") . " ORDER BY title ASC");
foreach ($rows as $reccord) {
$rolesList[$reccord['id']] = array('id' => $reccord['id'], 'title' => $reccord['title']);
}
// Display list of USERS
echo '
<div class="title ui-widget-content ui-corner-all">
' . $LANG['admin_users'] . '
<img src="includes/images/user--plus.png" title="' . $LANG['new_user_title'] . '" onclick="OpenDialog(\'add_new_user\')"class="button" style="padding:2px;" />
<span style="float:right;margin-right:5px;"><img src="includes/images/question-white.png" style="cursor:pointer" title="' . $LANG['show_help'] . '" onclick="OpenDialog(\'help_on_users\')" /></span>
<input type="text" name="search" id="search" />
</div>';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/main.functions.php';
// connect to the server
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
//Load Tree
$tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
//Load AES
$aes = new SplClassLoader('Encryption\\Crypt', '../includes/libraries');
$aes->register();
//User's language loading
$k['langage'] = @$_SESSION['user_language'];
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
// Build query
switch ($_POST['type']) {
//Check if import CSV file format is what expected
case "import_file_format_csv":
//load full tree
$tree->rebuild();
$tst = $tree->getDescendants();
// do some initializations
$file = $_SESSION['settings']['path_to_files_folder'] . "/" . $_POST['file'];
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
// connect to the server
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
//Load Tree
$tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title');
//Load AES
$aes = new SplClassLoader('Encryption\\Crypt', '../includes/libraries');
$aes->register();
switch ($_POST['type']) {
#CASE for getting informations about the tool
# connection to author's cpassman website
case "cpm_status":
$text = "<ul>";
$error = "";
if (!isset($k['admin_no_info']) || isset($k['admin_no_info']) && $k['admin_no_info'] == 0) {
if (isset($_SESSION['settings']['get_tp_info']) && $_SESSION['settings']['get_tp_info'] == 1) {
$handleDistant = array();
if (isset($_SESSION['settings']['proxy_ip']) && !empty($_SESSION['settings']['proxy_ip'])) {
$fp = fsockopen($_SESSION['settings']['proxy_ip'], $_SESSION['settings']['proxy_port']);
} else {
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
// connect to the server
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
//Build tree
$tree = new SplClassLoader('Tree\\NestedTree', './includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
/*
* Loads the Item Categories
*/
//Build tree of Categories
$categoriesSelect = "";
$arrCategories = array();
$rows = DB::query("SELECT * FROM " . prefix_table("categories") . "\n WHERE level = %i\n ORDER BY " . $pre . "categories.order ASC", '0');
foreach ($rows as $record) {
array_push($arrCategories, array($record['id'], $record['title'], $record['order']));
// build selection list
$categoriesSelect .= '<option value="' . $record['id'] . '">' . $record['title'] . '</option>';
}
echo '
<div id="tabs-8">
}
// Connect to mysql server
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
//Build tree
$tree = new SplClassLoader('Tree\\NestedTree', $_SESSION['settings']['cpassman_dir'] . '/includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
$folders = $tree->getDescendants();
// define temporary sessions
if ($_SESSION['user_admin'] == 1 && (isset($k['admin_full_right']) && $k['admin_full_right'] == true) || !isset($k['admin_full_right'])) {
$_SESSION['groupes_visibles'] = $_SESSION['personal_visible_groups'];
$_SESSION['groupes_visibles_list'] = implode(',', $_SESSION['groupes_visibles']);
}
// prepare some variables
if (isset($_COOKIE['jstree_select']) && !empty($_COOKIE['jstree_select'])) {
$firstGroup = str_replace("#li_", "", $_COOKIE['jstree_select']);
} else {
$firstGroup = "";
}
if (isset($_SESSION['list_folders_limited']) && count($_SESSION['list_folders_limited']) > 0) {
$listFoldersLimitedKeys = @array_keys($_SESSION['list_folders_limited']);
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 || !isset($_SESSION['user_id']) || empty($_SESSION['user_id']) || !isset($_SESSION['key']) || empty($_SESSION['key']) || !isset($_SESSION['settings']['enable_suggestion']) || $_SESSION['settings']['enable_suggestion'] != 1) {
die('Hacking attempt...');
}
/* do checks */
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], curPage())) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
include $_SESSION['settings']['cpassman_dir'] . '/error.php';
exit;
}
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
//Build tree
$tree = new SplClassLoader('Tree\\NestedTree', './includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
$folders = $tree->getDescendants();
// prepare folders list
if (isset($_SESSION['list_folders_limited']) && count($_SESSION['list_folders_limited']) > 0) {
$listFoldersLimitedKeys = @array_keys($_SESSION['list_folders_limited']);
} else {
$listFoldersLimitedKeys = array();
}
// list of items accessible but not in an allowed folder
if (isset($_SESSION['list_restricted_folders_for_items']) && count($_SESSION['list_restricted_folders_for_items']) > 0) {
$listRestrictedFoldersForItemsKeys = @array_keys($_SESSION['list_restricted_folders_for_items']);
} else {
$listRestrictedFoldersForItemsKeys = array();
}
$selectVisibleFoldersOptions = "<option value=\"\">--" . $LANG['select'] . "--</option>";
/**
* updateCacheTable()
*
* Update the CACHE table
*/
function updateCacheTable($action, $id = "")
{
global $db, $server, $user, $pass, $database, $pre, $port, $encoding;
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
//Connect to DB
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
//Load Tree
$tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title');
// Rebuild full cache table
if ($action == "reload") {
// truncate table
DB::query("TRUNCATE TABLE " . $pre . "cache");
// reload date
$rows = DB::query("SELECT *\n FROM " . $pre . "items as i\n INNER JOIN " . $pre . "log_items as l ON (l.id_item = i.id)\n AND l.action = %s\n AND i.inactif = %i", 'at_creation', 0);
foreach ($rows as $record) {
// Get all TAGS
$tags = "";
$itemTags = DB::query("SELECT tag FROM " . $pre . "tags WHERE item_id=%i", $record['id']);
foreach ($itemTags as $itemTag) {
if (!empty($itemTag['tag'])) {
$tags .= $itemTag['tag'] . " ";
}
}
// form id_tree to full foldername
$folder = "";
$arbo = $tree->getPath($record['id_tree'], true);
foreach ($arbo as $elem) {
if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) {
$elem->title = $_SESSION['login'];
}
if (empty($folder)) {
$folder = stripslashes($elem->title);
} else {
$folder .= " » " . stripslashes($elem->title);
}
}
// store data
DB::insert($pre . "cache", array('id' => $record['id'], 'label' => $record['label'], 'description' => $record['description'], 'tags' => $tags, 'id_tree' => $record['id_tree'], 'perso' => $record['perso'], 'restricted_to' => $record['restricted_to'], 'login' => $record['login'] == null ? "" : $record['login'], 'folder' => $folder, 'author' => $record['id_user']));
}
// UPDATE an item
} elseif ($action == "update_value") {
// get new value from db
$data = DB::queryfirstrow("SELECT label, description, id_tree, perso, restricted_to, login\n FROM " . $pre . "items\n WHERE id=%i", $id);
// Get all TAGS
$tags = "";
$itemTags = DB::query("SELECT tag FROM " . $pre . "tags WHERE item_id=%i", $id);
foreach ($itemTags as $itemTag) {
if (!empty($itemTag['tag'])) {
$tags .= $itemTag['tag'] . " ";
}
}
// form id_tree to full foldername
$folder = "";
$arbo = $tree->getPath($data['id_tree'], true);
foreach ($arbo as $elem) {
if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) {
$elem->title = $_SESSION['login'];
}
if (empty($folder)) {
$folder = stripslashes($elem->title);
} else {
$folder .= " » " . stripslashes($elem->title);
}
}
// finaly update
DB::update($pre . "cache", array('label' => $data['label'], 'description' => $data['description'], 'tags' => $tags, 'id_tree' => $data['id_tree'], 'perso' => $data['perso'], 'restricted_to' => $data['restricted_to'], 'login' => $data['login'], 'folder' => $folder, 'author' => $_SESSION['user_id']), "id = %i", $id);
// ADD an item
} elseif ($action == "add_value") {
// get new value from db
$data = DB::queryFirstRow("SELECT i.label, i.description, i.id_tree as id_tree, i.perso, i.restricted_to, i.id, i.login\n FROM " . $pre . "items as i\n INNER JOIN " . $pre . "log_items as l ON (l.id_item = i.id)\n WHERE i.id = %i\n AND l.action = %s", $id, 'at_creation');
// Get all TAGS
$tags = "";
$itemTags = DB::query("SELECT tag FROM " . $pre . "tags WHERE item_id = %i", $id);
foreach ($itemTags as $itemTag) {
if (!empty($itemTag['tag'])) {
$tags .= $itemTag['tag'] . " ";
}
}
// form id_tree to full foldername
$folder = "";
$arbo = $tree->getPath($data['id_tree'], true);
foreach ($arbo as $elem) {
if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) {
$elem->title = $_SESSION['login'];
}
if (empty($folder)) {
$folder = stripslashes($elem->title);
} else {
$folder .= " » " . stripslashes($elem->title);
}
}
// finaly update
DB::insert($pre . "cache", array('id' => $data['id'], 'label' => $data['label'], 'description' => $data['description'], 'tags' => $tags, 'id_tree' => $data['id_tree'], 'perso' => $data['perso'], 'restricted_to' => $data['restricted_to'], 'login' => $data['login'], 'folder' => $folder, 'author' => $_SESSION['user_id']));
// DELETE an item
} elseif ($action == "delete_value") {
DB::delete($pre . "cache", "id = %i", $id);
}
}
}
/* do checks */
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], curPage())) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED;
//not allowed page
include $_SESSION['settings']['cpassman_dir'] . '/error.php';
exit;
}
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
/* load help*/
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '_admin_help.php';
//Build tree
$tree = new SplClassLoader('Tree\\NestedTree', $_SESSION['settings']['cpassman_dir'] . '/includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
/* Get full tree structure */
$tst = $tree->getDescendants();
// prepare options list
$prev_level = 0;
$droplist = '<option value="na">---' . $LANG['select'] . '---</option>';
if ($_SESSION['is_admin'] == 1 || $_SESSION['can_create_root_folder'] == 1) {
$droplist .= '<option value="0">' . $LANG['root'] . '</option>';
}
foreach ($tst as $t) {
if (in_array($t->id, $_SESSION['groupes_visibles']) && !in_array($t->id, $_SESSION['personal_visible_groups'])) {
$ident = "";
for ($x = 1; $x < $t->nlevel; $x++) {
$ident .= " ";
}
if ($prev_level < $t->nlevel) {
<div id="import_selection" style="margin:10px 0 0 10px;"></div>
</div>
</div>
<!-- end tab -->
<!-- TAB2 -->
<div id="tabs-2">
<!-- Prepare a list of all folders that the user can choose -->
<div style="margin-top:10px;" id="keypass_import_options">
<label><b>' . $LANG['import_keepass_to_folder'] . '</b></label>
<select id="import_keepass_items_to">
<option value="0">' . $LANG['root'] . '</option>';
//Load Tree
$tree = new SplClassLoader('Tree\\NestedTree', './includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$folders = $tree->getDescendants();
// show list of all folders
foreach ($folders as $t) {
if (in_array($t->id, $_SESSION['groupes_visibles'])) {
if (is_numeric($t->title)) {
$user = DB::queryfirstrow("SELECT login FROM " . prefix_table("users") . " WHERE id = %i", $t->title);
$t->title = $user['login'];
$t->id = $t->id . "-perso";
}
$ident = " ";
for ($x = 1; $x < $t->nlevel; $x++) {
$ident .= " ";
}
if (isset($_GET['folder_id']) && $_GET['folder_id'] == $t->id) {
$selected = " selected";
* @copyright (c) 2009-2015 Nils Laumaillé
* @licensing GNU AFFERO GPL 3.0
* @link http://www.teampass.net
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
die('Hacking attempt...');
}
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
//Call nestedtree library and load full tree
$tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
$fullTree = $tree->getDescendants();
echo '
<div style="line-height: 24px;margin-top:10px;min-height:220px;">
<span class="ui-icon ui-icon-person" style="float: left; margin-right: .3em;"> </span>
' . $LANG['index_welcome'] . ' <b>', isset($_SESSION['name']) && !empty($_SESSION['name']) ? $_SESSION['name'] . ' ' . $_SESSION['lastname'] : $_SESSION['login'], '</b><br />';
//Check if password is valid
if (empty($_SESSION['last_pw_change']) || $_SESSION['validite_pw'] == false) {
echo '
<div style="margin:auto;padding:4px;width:300px;" class="ui-state-focus ui-corner-all">
<h3>' . $LANG['index_change_pw'] . '</h3>
<div style="height:20px;text-align:center;margin:2px;display:none;" id="change_pwd_error" class=""></div>
<div style="text-align:center;margin:5px;padding:3px;" id="change_pwd_complexPw" class="ui-widget ui-state-active ui-corner-all">' . $LANG['complex_asked'] . ' : ' . $_SESSION['settings']['pwComplexity'][$_SESSION['user_pw_complexity']][1] . '</div>
<div id="pw_strength" style="margin:0 0 10px 30px;"></div>
<table>
if (!empty($data['id'])) {
$folders = $tree->getDescendants($data['id'], true);
foreach ($folders as $folder) {
// delete folder
DB::delete(prefix_table("nested_tree"), "id = %i AND personal_folder = %i", $folder->id, "1");
// delete items & logs
$items = DB::query("SELECT id FROM " . prefix_table("items") . "\n WHERE id_tree=%i AND perso = %i", $folder->id, "1");
foreach ($items as $item) {
// Delete item
DB::delete(prefix_table("items"), "id = %i", $item['id']);
// log
DB::delete(prefix_table("log_items"), "id_item = %i", $item['id']);
}
}
// rebuild tree
$tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
}
// update LOG
DB::insert(prefix_table("log_system"), array('type' => 'user_mngt', 'date' => time(), 'label' => 'at_user_deleted', 'qui' => $_SESSION['user_id'], 'field_1' => $_POST['id']));
} else {
// lock user in database
DB::update(prefix_table("users"), array('disabled' => 1, 'key_tempo' => ""), "id=%i", $_POST['id']);
// update LOG
DB::insert(prefix_table("log_system"), array('type' => 'user_mngt', 'date' => time(), 'label' => 'at_user_locked', 'qui' => $_SESSION['user_id'], 'field_1' => $_POST['id']));
}
echo '[ { "error" : "no" } ]';
break;
/**
* UPDATE EMAIL OF USER
*/
$tree->rebuild();
}
// send data
echo '[{"error" : ""}]';
break;
/*
* CASE
* Store hierarchic position of Group
*/
/*
* CASE
* Store hierarchic position of Group
*/
case 'save_position':
DB::update(prefix_table("nested_tree"), array('parent_id' => $_POST['destination']), 'id = %i', $_POST['source']);
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title');
$tree->rebuild();
break;
/*
* CASE
* List items of a group
*/
/*
* CASE
* List items of a group
*/
case 'lister_items_groupe':
$arboHtml = $html = "";
$folderIsPf = $showError = 0;
$itemsIDList = $rights = $returnedData = array();
// Build query limits
function rest_get()
{
$_SESSION['user_id'] = "'api'";
if (!@count($GLOBALS['request']) == 0) {
$request_uri = $GLOBALS['_SERVER']['REQUEST_URI'];
preg_match('/\\/api(\\/index.php|)\\/(.*)\\?apikey=(.*)/', $request_uri, $matches);
if (count($matches) == 0) {
rest_error('REQUEST_SENT_NOT_UNDERSTANDABLE');
}
$GLOBALS['request'] = explode('/', $matches[2]);
}
if (apikey_checker($GLOBALS['apikey'])) {
global $server, $user, $pass, $database, $pre, $link;
teampass_connect();
$category_query = "";
if ($GLOBALS['request'][0] == "read") {
if ($GLOBALS['request'][1] == "category") {
// get ids
if (strpos($GLOBALS['request'][2], ";") > 0) {
$condition = "id_tree IN %ls";
$condition_value = explode(';', $GLOBALS['request'][2]);
} else {
$condition = "id_tree = %s";
$condition_value = $GLOBALS['request'][2];
}
DB::debugMode(false);
// get items in this module
$response = DB::query("SELECT id,label,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE " . $condition, $condition_value);
foreach ($response as $data) {
// prepare output
$id = $data['id'];
$json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$id]['pw'] = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
}
/* load folders */
$response = DB::query("SELECT id,parent_id,title,nleft,nright,nlevel FROM " . prefix_table("nested_tree") . " WHERE parent_id=%i ORDER BY `title` ASC", $GLOBALS['request'][2]);
$rows = array();
$i = 0;
foreach ($response as $row) {
$response = DB::query("SELECT id,label,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE id_tree=%i", $row['id']);
foreach ($response as $data) {
// prepare output
$id = $data['id'];
$json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$id]['pw'] = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
}
}
} elseif ($GLOBALS['request'][1] == "items") {
$array_items = explode(';', $GLOBALS['request'][2]);
// check if not empty
if (count($array_items) == 0) {
rest_error('NO_ITEM');
}
// only accepts numeric
foreach ($array_items as $item) {
if (!is_numeric($item)) {
rest_error('ITEM_MALFORMED');
}
}
$response = DB::query("select id,label,login,pw, pw_iv, id_tree from " . prefix_table("items") . " where id IN %ls", $array_items);
foreach ($response as $data) {
// prepare output
$id = $data['id'];
$json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$id]['pw'] = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
}
}
if (isset($json) && $json) {
echo json_encode($json);
} else {
rest_error('EMPTY');
}
} elseif ($GLOBALS['request'][0] == "find") {
if ($GLOBALS['request'][1] == "item") {
$array_category = explode(';', $GLOBALS['request'][2]);
$item = $GLOBALS['request'][3];
foreach ($array_category as $category) {
if (!preg_match_all("/^([\\w\\:\\'\\-\\sàáâãäåçèéêëìíîïðòóôõöùúûüýÿ]+)\$/i", $category, $result)) {
rest_error('CATEGORY_MALFORMED');
}
}
if (!preg_match_all("/^([\\w\\:\\'\\-\\sàáâãäåçèéêëìíîïðòóôõöùúûüýÿ]+)\$/i", $item, $result)) {
rest_error('ITEM_MALFORMED');
} elseif (empty($item) || count($array_category) == 0) {
rest_error('MALFORMED');
}
if (count($array_category) > 1 && count($array_category) < 5) {
for ($i = count($array_category); $i > 0; $i--) {
$slot = $i - 1;
if (!$slot) {
$category_query .= "select id from " . prefix_table("nested_tree") . " where title LIKE '" . $array_category[$slot] . "' AND parent_id = 0";
} else {
$category_query .= "select id from " . prefix_table("nested_tree") . " where title LIKE '" . $array_category[$slot] . "' AND parent_id = (";
}
}
for ($i = 1; $i < count($array_category); $i++) {
$category_query .= ")";
}
} elseif (count($array_category) == 1) {
$category_query = "select id from " . prefix_table("nested_tree") . " where title LIKE '" . $array_category[0] . "' AND parent_id = 0";
} else {
rest_error('NO_CATEGORY');
}
DB::debugMode(false);
$response = DB::query("select id, label, login, pw, pw_iv, id_tree\n from " . prefix_table("items") . "\n where id_tree = (%s)\n and label LIKE %ss", $category_query, $item);
foreach ($response as $data) {
// prepare output
$json['id'] = mb_convert_encoding($data['id'], mb_detect_encoding($data['id']), 'UTF-8');
$json['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json['pw'] = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
$json['folder_id'] = $data['id_tree'];
$json['status'] = utf8_encode("OK");
}
if (isset($json) && $json) {
echo json_encode($json);
} else {
rest_error('EMPTY');
}
}
} elseif ($GLOBALS['request'][0] == "add") {
if ($GLOBALS['request'][1] == "item") {
// get item definition
$array_item = explode(';', urldecode($GLOBALS['request'][2]));
if (count($array_item) != 9) {
rest_error('ITEMBADDEFINITION');
}
$item_label = $array_item[0];
$item_pwd = $array_item[1];
$item_desc = $array_item[2];
$item_folder_id = $array_item[3];
$item_login = $array_item[4];
$item_email = $array_item[5];
$item_url = $array_item[6];
$item_tags = $array_item[7];
$item_anyonecanmodify = $array_item[8];
// added so one can sent data including the http or https !
// anyway we have to urlencode this data
$item_url = urldecode($item_url);
// same for the email
$item_email = urldecode($item_email);
// do some checks
if (!empty($item_label) && !empty($item_pwd) && !empty($item_folder_id)) {
// Check length
if (strlen($item_pwd) > 50) {
rest_error('PASSWORDTOOLONG');
}
// Check Folder ID
DB::query("SELECT * FROM " . prefix_table("nested_tree") . " WHERE id = %i", $item_folder_id);
$counter = DB::count();
if ($counter == 0) {
rest_error('NOSUCHFOLDER');
}
// check if element doesn't already exist
DB::query("SELECT * FROM " . prefix_table("items") . " WHERE label = %s AND inactif = %i", addslashes($item_label), "0");
$counter = DB::count();
if ($counter != 0) {
$itemExists = 1;
// prevent the error if the label already exists
// so lets just add the time() as a random factor
$item_label .= " (" . time() . ")";
} else {
$itemExists = 0;
}
if ($itemExists == 0) {
$encrypt = cryption($item_pwd, SALT, "", "encrypt");
if (empty($encrypt['string'])) {
rest_error('PASSWORDEMPTY');
}
// ADD item
try {
DB::insert(prefix_table("items"), array("label" => $item_label, "description" => $item_desc, 'pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv'], "email" => $item_email, "url" => $item_url, "id_tree" => intval($item_folder_id), "login" => $item_login, "inactif" => 0, "restricted_to" => "", "perso" => 0, "anyone_can_modify" => intval($item_anyonecanmodify)));
$newID = DB::InsertId();
// log
DB::insert(prefix_table("log_items"), array("id_item" => $newID, "date" => time(), "id_user" => "9999999", "action" => "at_creation"));
// Add tags
$tags = explode(' ', $item_tags);
foreach ((array) $tags as $tag) {
if (!empty($tag)) {
DB::insert(prefix_table("tags"), array("item_id" => $newID, "tag" => strtolower($tag)));
}
}
// Update CACHE table
DB::insert(prefix_table("cache"), array("id" => $newID, "label" => $item_label, "description" => $item_desc, "tags" => $item_tags, "id_tree" => $item_folder_id, "perso" => "0", "restricted_to" => "", "login" => $item_login, "folder" => "", "author" => "9999999"));
echo '{"status":"item added"}';
} catch (PDOException $ex) {
echo '<br />' . $ex->getMessage();
}
} else {
rest_error('ITEMEXISTS');
}
} else {
rest_error('ITEMMISSINGDATA');
}
} elseif ($GLOBALS['request'][1] == "user") {
// get user definition
$array_user = explode(';', $GLOBALS['request'][2]);
if (count($array_user) != 11) {
rest_error('USERBADDEFINITION');
}
$login = $array_user[0];
$name = $array_user[1];
$lastname = $array_user[2];
$password = $array_user[3];
$email = $array_user[4];
$adminby = $array_user[5];
$isreadonly = $array_user[6];
$roles = $array_user[7];
$isadmin = $array_user[8];
$ismanager = $array_user[9];
$haspf = $array_user[10];
// Empty user
if (mysqli_escape_string($link, htmlspecialchars_decode($login)) == "") {
rest_error('USERLOGINEMPTY');
}
// Check if user already exists
$data = DB::query("SELECT id, fonction_id, groupes_interdits, groupes_visibles FROM " . prefix_table("users") . "\n WHERE login LIKE %ss", mysqli_escape_string($link, stripslashes($login)));
if (DB::count() == 0) {
try {
// find AdminRole code in DB
$resRole = DB::queryFirstRow("SELECT id\n FROM " . prefix_table("roles_title") . "\n WHERE title LIKE %ss", mysqli_escape_string($link, stripslashes($adminby)));
// get default language
$lang = DB::queryFirstRow("SELECT `valeur` FROM " . prefix_table("misc") . " WHERE type = %s AND intitule = %s", "admin", "default_language");
// prepare roles list
$rolesList = "";
foreach (explode('|', $roles) as $role) {
echo $role . "-";
$tmp = DB::queryFirstRow("SELECT `id` FROM " . prefix_table("roles_title") . " WHERE title = %s", $role);
if (empty($rolesList)) {
$rolesList = $tmp['id'];
} else {
$rolesList .= ";" . $tmp['id'];
}
}
// Add user in DB
DB::insert(prefix_table("users"), array('login' => $login, 'name' => $name, 'lastname' => $lastname, 'pw' => bCrypt(stringUtf8Decode($password), COST), 'email' => $email, 'admin' => intval($isadmin), 'gestionnaire' => intval($ismanager), 'read_only' => intval($isreadonly), 'personal_folder' => intval($haspf), 'user_language' => $lang['valeur'], 'fonction_id' => $rolesList, 'groupes_interdits' => '0', 'groupes_visibles' => '0', 'isAdministratedByRole' => empty($resRole) ? '0' : $resRole['id']));
$new_user_id = DB::insertId();
// Create personnal folder
if (intval($haspf) == 1) {
DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => $new_user_id, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1'));
}
// Send email to new user
@sendEmail($LANG['email_subject_new_user'], str_replace(array('#tp_login#', '#tp_pw#', '#tp_link#'), array(" " . addslashes($login), addslashes($password), $_SESSION['settings']['email_server_url']), $LANG['email_new_user_mail']), $email);
// update LOG
logEvents('user_mngt', 'at_user_added', 'api - ' . $GLOBALS['apikey'], $new_user_id);
echo '{"status":"user added"}';
} catch (PDOException $ex) {
echo '<br />' . $ex->getMessage();
}
} else {
rest_error('USERALREADYEXISTS');
}
}
} elseif ($GLOBALS['request'][0] == "auth") {
/*
** FOR SECURITY PURPOSE, it is mandatory to use SSL to connect your teampass instance. The user password is not encrypted!
**
**
** Expected call format: .../api/index.php/auth/<PROTOCOL>/<URL>/<login>/<password>?apikey=<VALID API KEY>
** Example: https://127.0.0.1/teampass/api/index.php/auth/http/www.zadig-tge.adp.com/U1/test/76?apikey=chahthait5Aidood6johh6Avufieb6ohpaixain
** RESTRICTIONS:
** - <PROTOCOL> ==> http|https|ftp|...
** - <URL> ==> encode URL without protocol (example: http://www.teampass.net becomes www.teampass.net)
** - <login> ==> user's login
** - <password> ==> currently clear password
**
** RETURNED ANSWER:
** - format sent back is JSON
** - Example: {"<item_id>":{"label":"<pass#1>","login":"******","pw":"<pwd#1>"},"<item_id>":{"label":"<pass#2>","login":"******","pw":"<pwd#2>"}}
**
*/
// get user credentials
if (isset($GLOBALS['request'][3]) && isset($GLOBALS['request'][4])) {
// get url
if (isset($GLOBALS['request'][1]) && isset($GLOBALS['request'][2])) {
// is user granted?
$user = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][3]);
// load passwordLib library
$_SESSION['settings']['cpassman_dir'] = "..";
require_once '../sources/SplClassLoader.php';
$pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries');
$pwdlib->register();
$pwdlib = new PasswordLib\PasswordLib();
if ($pwdlib->verifyPasswordHash($GLOBALS['request'][4], $user['pw']) === true) {
// define the restriction of "id_tree" of this user
$userDef = DB::queryOneColumn('folder_id', "SELECT DISTINCT folder_id \n FROM " . prefix_table("roles_values") . "\n WHERE type IN ('R', 'W') ", empty($user['groupes_interdits']) ? "" : "\n AND folder_id NOT IN (" . str_replace(";", ",", $user['groupes_interdits']) . ")", " \n AND role_id IN %ls \n GROUP BY folder_id", explode(";", $user['groupes_interdits']));
// complete with "groupes_visibles"
foreach (explode(";", $user['groupes_visibles']) as $v) {
array_push($userDef, $v);
}
// find the item associated to the url
$response = DB::query("SELECT id, label, login, pw, pw_iv, id_tree, restricted_to\n FROM " . prefix_table("items") . " \n WHERE url LIKE %s\n AND id_tree IN (" . implode(",", $userDef) . ")\n ORDER BY id DESC", $GLOBALS['request'][1] . "://" . urldecode($GLOBALS['request'][2] . '%'));
$counter = DB::count();
if ($counter > 0) {
$json = "";
foreach ($response as $data) {
// check if item visible
if (empty($data['restricted_to']) || $data['restricted_to'] != "" && in_array($user['id'], explode(";", $data['restricted_to']))) {
// prepare export
$json[$data['id']]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$data['id']]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$data['id']]['pw'] = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
}
}
// prepare answer. If no access then inform
if (empty($json)) {
rest_error('AUTH_NO_DATA');
} else {
echo json_encode($json);
}
} else {
rest_error('AUTH_NO_DATA');
}
} else {
rest_error('AUTH_NOT_GRANTED');
}
} else {
rest_error('AUTH_NO_URL');
}
} else {
rest_error('AUTH_NO_IDENTIFIER');
}
} elseif ($GLOBALS['request'][0] == "set") {
/*
* Expected call format: .../api/index.php/set/<login_to_save>/<password_to_save>/<url>/<user_login>/<user_password>?apikey=<VALID API KEY>
* Example: https://127.0.0.1/teampass/api/index.php/auth/myLogin/myPassword/USER1/test/76?apikey=chahthait5Aidood6johh6Avufieb6ohpaixain
*
* NEW ITEM WILL BE STORED IN SPECIFIC FOLDER
*/
// get user credentials
if (isset($GLOBALS['request'][4]) && isset($GLOBALS['request'][5])) {
// get url
if (isset($GLOBALS['request'][1]) && isset($GLOBALS['request'][2]) && isset($GLOBALS['request'][3])) {
// is user granted?
$user = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][4]);
// load passwordLib library
$_SESSION['settings']['cpassman_dir'] = "..";
require_once '../sources/SplClassLoader.php';
$pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries');
$pwdlib->register();
$pwdlib = new PasswordLib\PasswordLib();
// is user identified?
if ($pwdlib->verifyPasswordHash($GLOBALS['request'][5], $user['pw']) === true) {
// does the personal folder of this user exists?
DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s AND personal_folder = 1", $user['id']);
if (DB::count() > 0) {
// check if "teampass-connect" folder exists
// if not create it
$folder = DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s", "teampass-connect");
if (DB::count() == 0) {
DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => "teampass-connect"));
$tpc_folder_id = DB::insertId();
//Add complexity
DB::insert(prefix_table("misc"), array('type' => 'complex', 'intitule' => $tpc_folder_id, 'valeur' => '0'));
// rebuild tree
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title');
$tree->rebuild();
} else {
$tpc_folder_id = $folder['id'];
}
// encrypt password
$encrypt = cryption($GLOBALS['request'][2], SALT, "", "encrypt");
// add new item
DB::insert(prefix_table("items"), array('label' => "Credentials for " . urldecode($GLOBALS['request'][3] . '%'), 'description' => "Imported with Teampass-Connect", 'pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv'], 'email' => "", 'url' => urldecode($GLOBALS['request'][3] . '%'), 'id_tree' => $tpc_folder_id, 'login' => $GLOBALS['request'][1], 'inactif' => '0', 'restricted_to' => $user['id'], 'perso' => '0', 'anyone_can_modify' => '0', 'complexity_level' => '0'));
$newID = DB::insertId();
// log
logItems($newID, "Credentials for " . urldecode($GLOBALS['request'][3] . '%'), $user['id'], 'at_creation', $GLOBALS['request'][1]);
$json['status'] = "ok";
// prepare answer. If no access then inform
if (empty($json)) {
rest_error('AUTH_NO_DATA');
} else {
echo json_encode($json);
}
} else {
rest_error('NO_PF_EXIST_FOR_USER');
}
} else {
rest_error('AUTH_NOT_GRANTED');
}
} else {
rest_error('SET_NO_DATA');
}
} else {
rest_error('AUTH_NO_IDENTIFIER');
}
} else {
rest_error('METHOD');
}
}
}
