array_push($errors, 'Username taken!'); break; } mysqli_free_result($result); mysqli_query($link, 'UPDATE `users` SET `username`=\'' . mysqli_real_escape_string($link, $_POST['newusername']) . '\' WHERE `id`=' . $id . ';'); } } if (isset($_POST['oldpassword']) && isset($_POST['newpassword']) && $_POST['oldpassword'] != '' && $_POST['newpassword'] != '') { if ($_POST['oldpassword'] == $_POST['newpassword']) { $errors = isPasswordValid($_POST['newpassword'], $errors); } if (!password_verify($_POST['oldpassword'], $user['password'])) { array_push($errors, 'Old password invalid!'); } if (empty($errors)) { mysqli_query($link, 'UPDATE `users` SET `password`=\'' . getPasswordHash($_POST['newpassword']) . '\' WHERE `id`=' . $id . ';'); } } if (isset($_POST['newcolour']) && $_POST['newcolour'] != $user['colour']) { if (empty($errors)) { mysqli_query($link, 'UPDATE `users` SET `colour`=\'' . mysqli_real_escape_string($link, $_POST['newcolour']) . '\' WHERE `id`=' . $id . ';'); } } mysqli_close($link); unset($link); break; case 'torrent': if (!($link = db_init(true))) { die; } $result = mysqli_query($link, 'SELECT `filename` FROM `torrents` WHERE `id`=' . $id . ';');
$thispage_title = $l['t_user_registration']; $thispage_description = ''; require_once '../code/tce_page_header.php'; $sql = 'SELECT * FROM ' . K_TABLE_USERS . ' WHERE (user_verifycode=\'' . F_escape_sql($db, $verifycode) . '\' AND user_id=\'' . $userid . '\' AND user_email=\'' . F_escape_sql($db, $email) . '\') LIMIT 1'; if ($r = F_db_query($sql, $db)) { if ($m = F_db_fetch_array($r)) { // update user level if ($verifycode[0] == '@') { // password reset $new_password = substr(md5(uniqid(mt_rand(), true)), 0, 8); $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET user_password=\'' . getPasswordHash($new_password) . '\', user_verifycode=NULL WHERE user_id=' . $userid . ''; } else { // user registration $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET user_level=\'1\', user_verifycode=NULL WHERE user_id=' . $userid . ''; } if (!($ru = F_db_query($sqlu, $db))) { F_display_db_error(false); } else { if ($verifycode[0] == '@') { F_print_error('MESSAGE', $l['w_new_password'] . ': ' . $new_password); } else { F_print_error('MESSAGE', $l['m_user_registration_ok']); } echo K_NEWLINE; echo '<div class="container">' . K_NEWLINE; if (K_OTP_LOGIN) {
require_once '../config/tce_config.php'; require_once '../../shared/code/tce_authorization.php'; require_once '../../shared/code/tce_functions_tcecode.php'; require_once '../../shared/code/tce_functions_test.php'; require_once '../../shared/code/tce_functions_test_stats.php'; require_once '../../shared/config/tce_pdf.php'; require_once '../../shared/code/tcpdfex.php'; require_once '../../shared/code/tce_functions_statistics.php'; $user_id = intval($_SESSION['session_user_id']); if (isset($_REQUEST['mode']) and $_REQUEST['mode'] > 0) { $mode = intval($_REQUEST['mode']); } else { $mode = 0; } $onlytext = $mode == 5; if (isset($_REQUEST['email']) and $_REQUEST['email'] != getPasswordHash(date('Y') . $testuser_id . K_RANDOM_SECURITY . $test_id . date('m') . $user_id)) { F_print_error('ERROR', $l['m_authorization_denied']); exit; } $filter = 'sel=1'; if (isset($_REQUEST['test_id']) and $_REQUEST['test_id'] > 0) { $test_id = intval($_REQUEST['test_id']); if (!isset($_REQUEST['email'])) { if (!F_isAuthorizedUser(K_TABLE_TESTS, 'test_id', $test_id, 'test_user_id')) { exit; } } $filter .= '&test_id=' . $test_id . ''; } else { $test_id = 0; }
$PAGE_TITLE = PAGE_DEFAULT_TITLE . ' | Administrator utilities'; $NAVBAR = NAVBAR_FULL; require_once 'header.php'; $ACCEPTED_ACTIONS = array('exporttorrentdata_csv' => 'Export torrent data to CSV', 'exportuserdatadump_csv' => 'Export user data to CSV', 'password_hash' => 'Generate password hash', 'phpinfo' => 'phpinfo', 'statistics' => 'Server statistics'); ?> <body> <br> <br> <div class="container"> <div class="card-panel"> <h4>Administrator utilities</h4> <br> <?php if (isset($_POST['password_hash'])) { echo '<h6>Generate password hash</h6><br>'; echo '<code>' . getPasswordHash($_POST['password_hash']) . '</code>'; ?> <br> <br> <br> <div align="center"> <a href="utilities.php"><button class="btn waves-effect waves-light <?php echo $_SESSION['USER_COLOUR']; ?> ">Go back</button></a> </div> <?php } else { if (isset($_GET['action'])) { switch ($_GET['action']) { case 'password_hash':
function getSignupUrl() { $pwd = getP('pass'); $len = strlen($pwd); if ($len < 6 || $len > 256) { return '{ "success": false, "message": "Password should be 6 or more charaters long"}'; } return '{ "success": true, "url":"https://vault.elephantdrive.com/partners/vaultservices/genacct.aspx?a=reg&u=' . urlencode(getP('user')) . '&t=' . urlencode(getPasswordHash($pwd)) . '&c=' . getP('c') . '&format=json" }'; }
$app->render('login.php'); }); $app->post('/login', function () use($app) { try { $post = $app->request->post(); if (!(isset($post['email']) && is_string($post['email']) && isset($post['password']) && is_string($post['password']))) { throw new RuntimeException('メールアドレスまたはパスワードに誤りがあります'); } $mongoCollection = getMongoCollection('user'); foreach ($post as $key => $value) { $encode = mb_detect_encoding($value, array('UTF-8')); if ($encode !== 'UTF-8') { throw new RuntimeException('メールアドレスまたはパスワードに誤りがあります'); } } $result = $mongoCollection->find(array('email' => $post['email'], 'password' => getPasswordHash($post['email'], $post['password'], $app->config('salt')))); if ($result->count()) { session_regenerate_id(true); $user = $result->next(); $_SESSION['user'] = $user; $_SESSION['expires'] = time() + (int) $app->config('timeout'); $app->flash('info', 'ログインしました。'); $app->getLog()->info('ユーザー名「' . $user['username'] . '」(メールアドレス"' . $user['email'] . '")がログインしました。'); $app->redirect($app->config('static_path')); } else { throw new RuntimeException('メールアドレスまたはパスワードに誤りがあります'); } } catch (RuntimeException $e) { $app->flash('error', $e->getMessage()); $app->redirect($app->config('static_path') . 'login'); }
cpsession_data ) VALUES ( \'' . $fingerprintkey . '\', \'' . date(K_TIMESTAMP_FORMAT, time() + $wait) . '\', \'' . $wait . '\' )'; if (!F_db_query($sqls, $db)) { F_display_db_error(); } $bruteforce = false; } } if ($bruteforce) { F_print_error('WARNING', $l['m_login_brute_force'] . ' ' . $wait); } else { $xuser_password = getPasswordHash($_POST['xuser_password']); // one-way password encoding // check if submitted login information are correct $sql = 'SELECT * FROM ' . K_TABLE_USERS . ' WHERE user_name=\'' . F_escape_sql($_POST['xuser_name']) . '\' AND user_password=\'' . $xuser_password . '\''; if ($r = F_db_query($sql, $db)) { if ($m = F_db_fetch_array($r)) { // check One Time Password $otp = false; if (K_OTP_LOGIN) { $mtime = microtime(true); if (isset($_POST['xuser_otpcode']) and !empty($_POST['xuser_otpcode']) and ($_POST['xuser_otpcode'] == F_getOTP($m['user_otpkey'], $mtime) or $_POST['xuser_otpcode'] == F_getOTP($m['user_otpkey'], $mtime - 30) or $_POST['xuser_otpcode'] == F_getOTP($m['user_otpkey'], $mtime + 30))) { // check if this OTP token has been alredy used $sqlt = 'SELECT cpsession_id FROM ' . K_TABLE_SESSIONS . ' WHERE cpsession_id=\'' . $_POST['xuser_otpcode'] . '\' LIMIT 1'; if ($rt = F_db_query($sqlt, $db)) { if (!F_db_fetch_array($rt)) { // Store this token on the session table to mark it as invalid for 5 minute (300 seconds)
/** * Check if a username+password pair is a valid login. * The name will be normalized to MediaWiki's requirements, so * you might need to munge it (for instance, for lowercase initial * letters). * * @param $username String: username. * @param $password String: user password. * @return bool * @public */ function authenticate($user, $pass) { if ($this->debug) { echo 'authenticate<br>'; } $user = strtolower(addslashes(htmlspecialchars(strip_tags($user), ENT_QUOTES))); // Username $pass = getPasswordHash($pass); if (isset($GLOBALS['authpluginjmTillatteBrukere']) && !in_array(strtolower($username), $GLOBALS['authpluginjmTillatteBrukere'])) { return false; } $is_external = isExternal(); if ($this->debug) { echo 'is_external=' . $is_external . '<br>'; } // Checking against database $Q_login = mysql_query("select user_id, deactivated, user_password_complex, user_password_lastchanged from `users` where lower(user_name_short) = '" . $user . "' and user_password = '******' limit 1", $this->database); if (mysql_num_rows($Q_login) > '0') { if ($is_external) { try { $user_login = array('user_password_lastchanged' => mysql_result($Q_login, 0, 'user_password_lastchanged')); loginPWcheckAge($user_login); } catch (Exception $e) { if ($this->debug) { echo 'auth failed, password to old for external user<br>'; } return false; } } if (mysql_result($Q_login, 0, 'deactivated')) { if ($this->debug) { echo 'auth failed, user deactivated<br>'; } return false; } elseif ($is_external && !mysql_result($Q_login, 0, 'user_password_complex')) { if ($this->debug) { echo 'auth failed, password not complex for external user<br>'; } return false; } elseif (!$external_failed) { if ($this->debug) { echo 'auth=true<br>'; } return true; } } else { if ($this->debug) { echo 'auth failed, user not found (' . $user . ', ' . $pass . ')<br>'; } return false; } }
if (!validateDataName($dataName, $failOffset)) { if ($strictFilename) { $response->errors[] = 'dataName is invalid, and strict_filename is enabled. can not continue. offending dataName character start at byte offset ' . $failOffset; return false; } $dataName = sanitizeDataName($dataName); $response->warnings[] = 'dataName is invalid. offending dataName character start at byte offset ' . $failOffset . '. dataName has been transliterated/sanitized from UTF8 to ASCII with iconv, and truncated to 255 bytes. the new dataName is: ' . $dataName; } $response->final_filename = $dataName; $clientIP = getClientIP(); if (!isset($_GET['response_type']) && !isset($_POST['response_type'])) { $responseType = 'json'; //currently unused... } require_once './../getdb.inc.php'; $passwordHash = getPasswordHash(); $localFilename = generateLocalFilename(); $fullFilePath = hhb_combine_filepaths($files_folder, $localFilename); if (!file_exists($fullFilePath)) { if (isset($_POST['upload_data'])) { if (($tmpi1 = strlen($_POST['upload_data'])) !== ($tmpi2 = file_put_contents($fullFilePath, $_POST['upload_data']))) { @unlink($fullFilePath); //attempt cleanup of corrupted file... $response->errors[] = 'internal server error. tried to write ' . var_export($tmpi1, true) . ' bytes to disk, but could only write ' . var_export($tmpi2, true) . ' bytes!'; return false; throw new Exception('TODO: HANDLE THIS ERROR'); } } elseif (is_string($_FILES['upload_data']['tmp_name'])) { if (!move_uploaded_file($_FILES['upload_data']['tmp_name'], $fullFilePath)) { $response->errors[] = 'internal server error. could not move the uploaded file to the files directory.'; return false;
/** * Sets the end element handler function for the XML parser parser.end_element_handler. * @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler. * @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters. * @private */ private function endElementHandler($parser, $name) { global $l, $db; require_once '../config/tce_config.php'; require_once 'tce_functions_user_select.php'; switch (strtolower($name)) { case 'name': case 'password': case 'email': case 'regdate': case 'ip': case 'firstname': case 'lastname': case 'birthdate': case 'birthplace': case 'regnumber': case 'ssn': case 'level': case 'verifycode': case 'otpkey': $this->current_data = F_escape_sql($db, F_xml_to_text($this->current_data)); $this->user_data[$this->current_element] = $this->current_data; $this->current_element = ''; $this->current_data = ''; break; case 'group': $group_name = F_escape_sql($db, F_xml_to_text($this->current_data)); // check if group already exist $sql = 'SELECT group_id FROM ' . K_TABLE_GROUPS . ' WHERE group_name=\'' . $group_name . '\' LIMIT 1'; if ($r = F_db_query($sql, $db)) { if ($m = F_db_fetch_array($r)) { // the group has been already added $this->group_data[] = $m['group_id']; } else { // add new group $sqli = 'INSERT INTO ' . K_TABLE_GROUPS . ' ( group_name ) VALUES ( \'' . $group_name . '\' )'; if (!($ri = F_db_query($sqli, $db))) { F_display_db_error(false); } else { $this->group_data[] = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id'); } } } else { F_display_db_error(); } break; case 'user': // insert users if (!empty($this->user_data['user_name'])) { if (empty($this->user_data['user_regdate'])) { $this->user_data['user_regdate'] = date(K_TIMESTAMP_FORMAT); } if (empty($this->user_data['user_ip'])) { $this->user_data['user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']); } if (!isset($this->user_data['user_level']) or strlen($this->user_data['user_level']) == 0) { $this->user_data['user_level'] = 1; } if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) { // you cannot edit a user with a level equal or higher than yours $this->user_data['user_level'] = min(max(0, $_SESSION['session_user_level'] - 1), $this->user_data['user_level']); // non-administrator can access only to his/her groups if (empty($this->group_data)) { break; } $common_groups = array_intersect(F_get_user_groups($_SESSION['session_user_id']), $this->group_data); if (empty($common_groups)) { break; } } // check if user already exist $sql = 'SELECT user_id,user_level FROM ' . K_TABLE_USERS . ' WHERE user_name=\'' . $this->user_data['user_name'] . '\' OR user_regnumber=\'' . $this->user_data['user_regnumber'] . '\' OR user_ssn=\'' . $this->user_data['user_ssn'] . '\' LIMIT 1'; if ($r = F_db_query($sql, $db)) { if ($m = F_db_fetch_array($r)) { // the user has been already added $user_id = $m['user_id']; if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR or $_SESSION['session_user_level'] > $m['user_level']) { //update user data $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET user_regdate=\'' . $this->user_data['user_regdate'] . '\', user_ip=\'' . $this->user_data['user_ip'] . '\', user_name=\'' . $this->user_data['user_name'] . '\', user_email=' . F_empty_to_null($this->user_data['user_email']) . ','; // update password only if it is specified if (!empty($this->user_data['user_password'])) { $sqlu .= ' user_password=\'' . getPasswordHash($this->user_data['user_password']) . '\','; } $sqlu .= ' user_regnumber=' . F_empty_to_null($this->user_data['user_regnumber']) . ', user_firstname=' . F_empty_to_null($this->user_data['user_firstname']) . ', user_lastname=' . F_empty_to_null($this->user_data['user_lastname']) . ', user_birthdate=' . F_empty_to_null($this->user_data['user_birthdate']) . ', user_birthplace=' . F_empty_to_null($this->user_data['user_birthplace']) . ', user_ssn=' . F_empty_to_null($this->user_data['user_ssn']) . ', user_level=\'' . $this->user_data['user_level'] . '\', user_verifycode=' . F_empty_to_null($this->user_data['user_verifycode']) . ', user_otpkey=' . F_empty_to_null($this->user_data['user_otpkey']) . ' WHERE user_id=' . $user_id . ''; if (!($ru = F_db_query($sqlu, $db))) { F_display_db_error(false); return FALSE; } } else { // no user is updated, so empty groups $this->group_data = array(); } } else { // add new user $sqlu = 'INSERT INTO ' . K_TABLE_USERS . ' ( user_regdate, user_ip, user_name, user_email, user_password, user_regnumber, user_firstname, user_lastname, user_birthdate, user_birthplace, user_ssn, user_level, user_verifycode, user_otpkey ) VALUES ( ' . F_empty_to_null($this->user_data['user_regdate']) . ', \'' . $this->user_data['user_ip'] . '\', \'' . $this->user_data['user_name'] . '\', ' . F_empty_to_null($this->user_data['user_email']) . ', \'' . getPasswordHash($this->user_data['user_password']) . '\', ' . F_empty_to_null($this->user_data['user_regnumber']) . ', ' . F_empty_to_null($this->user_data['user_firstname']) . ', ' . F_empty_to_null($this->user_data['user_lastname']) . ', ' . F_empty_to_null($this->user_data['user_birthdate']) . ', ' . F_empty_to_null($this->user_data['user_birthplace']) . ', ' . F_empty_to_null($this->user_data['user_ssn']) . ', \'' . $this->user_data['user_level'] . '\', ' . F_empty_to_null($this->user_data['user_verifycode']) . ', ' . F_empty_to_null($this->user_data['user_otpkey']) . ' )'; if (!($ru = F_db_query($sqlu, $db))) { F_display_db_error(false); return FALSE; } else { $user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id'); } } } else { F_display_db_error(false); return FALSE; } // user's groups if (!empty($this->group_data)) { while (list($key, $group_id) = each($this->group_data)) { // check if user-group already exist $sqls = 'SELECT * FROM ' . K_TABLE_USERGROUP . ' WHERE usrgrp_group_id=\'' . $group_id . '\' AND usrgrp_user_id=\'' . $user_id . '\' LIMIT 1'; if ($rs = F_db_query($sqls, $db)) { if (!($ms = F_db_fetch_array($rs))) { // associate group to user $sqlg = 'INSERT INTO ' . K_TABLE_USERGROUP . ' ( usrgrp_user_id, usrgrp_group_id ) VALUES ( ' . $user_id . ', ' . $group_id . ' )'; if (!($rg = F_db_query($sqlg, $db))) { F_display_db_error(false); return FALSE; } } } else { F_display_db_error(false); return FALSE; } } } } break; default: break; } }
/** * * @param array User (from getUser()) * @param string Password */ function loginPWcheckSetNew($user, $password) { global $login_password_external_new_notamonglast3; if ($login_password_external_new_notamonglast3) { $hash = getPasswordHash($password); if ($hash == $user['user_password'] || $hash == $user['user_password_1'] || $hash == $user['user_password_2']) { throw new Exception(_h('New password can not be the same as one of the last 3 passwords.')); } } }
?> <h4>Installation</h4> <div class="card-panel"> <?php $link = db_init(); if (!$link) { $failure = true; print_error('MySQL error! | ' . mysqli_connect_error() . ' | '); if (strpos(mysqli_connect_error(), 'refuse') !== false) { print_error('Is the MySQL server running? Are you using the right port?'); } else { print_error('Try creating the database <code>' . CONF_DATABASE_DBNAME . '</code>.'); } } if (!$failure) { $SETUP = array('DROP TABLE IF EXISTS `comments`;', 'CREATE TABLE `comments` (`id` INT NOT NULL, `on` INT NOT NULL, `author` INT NOT NULL, `created` DATETIME NOT NULL, `comment` LONGTEXT NOT NULL);', 'INSERT INTO `comments` (`id`) VALUES (0);', 'DROP TABLE IF EXISTS `meta`;', 'CREATE TABLE `meta` (`installed` DATETIME NOT NULL);', 'INSERT INTO `meta` (`installed`) VALUES (FROM_UNIXTIME(' . time() . '));', 'DROP TABLE IF EXISTS `torrents`;', 'CREATE TABLE `torrents` (`id` INT NOT NULL, `filename` VARCHAR(64) NOT NULL, `torrentname` VARCHAR(100) NOT NULL, `uploader` INT NOT NULL, `created` DATETIME NOT NULL, `downloads` INT NOT NULL);', 'INSERT INTO `torrents` (`id`) VALUES (0);', 'DROP TABLE IF EXISTS `users`;', 'CREATE TABLE `users` (`id` INT NOT NULL, `administrator` INT NOT NULL, `colour` VARCHAR(32) NOT NULL, `username` varchar(32) NOT NULL, `email` varchar(128) NOT NULL, `password` varchar(256) NOT NULL, `uploads` MEDIUMTEXT NOT NULL, `lastactive` DATETIME NOT NULL, `created` DATETIME NOT NULL);', 'INSERT INTO `users` (`id`, `administrator`, `colour`, `username`, `email`, `password`, `uploads`, `lastactive`, `created`) VALUES (0, 1, \'' . mysqli_real_escape_string($link, unserialize(_CONFIG)['general']['colours'][0]) . '\', \'admin\', \'admin@localhost\', \'' . getPasswordHash('password') . '\', \'' . mysqli_real_escape_string($link, serialize(array())) . '\', FROM_UNIXTIME(' . time() . '), FROM_UNIXTIME(' . time() . '));'); echo '<textarea class="materialize-textarea" id="textarea1">'; foreach ($SETUP as $query) { $result = mysqli_query($link, $query); echo (array_search($query, $SETUP) != 0 ? PHP_EOL : '') . $query . '... '; if (!$result) { echo 'Failure! | MySQL error! | ' . mysqli_error($link) . PHP_EOL; $failure = true; break; } echo 'Success!'; } echo '</textarea><label for="textarea1">Running MySQL quries</label><br><br><br><textarea class="materialize-textarea" id="textarea2">'; foreach ($_DIRECTORIES as $directory) { echo $directory . '...'; $directoryArray = getDirectoryContents($directory);
public function admin($action = false, $psbUserId = false, $psbCodeActivate = false) { $this->_session = $this->template->set('session', $this->session->userdata('sessionData')); $this->_backendmenus = $this->init->getMenusBackend(); $this->init->checkauth(); if (!$this->init->restrictip()) { redirect(base_url('error/forbidden')); } switch ($action) { case 'json': $order_field = array('user_id', 'psb_reg_firstname', 'psb_reg_lastname', 'psb_reg_code'); //don't edit me, pengaturan json untuk menampilkan data di datatable $order_key = !$this->input->get('iSortCol_0') ? 0 : $this->input->get('iSortCol_0'); $order = !$this->input->get('iSortCol_0') ? $this->default_order : $order_field[$order_key]; $sort = !$this->input->get('sSortDir_0') ? 'desc' : $this->input->get('sSortDir_0'); $search = !$this->input->get('sSearch') ? '' : $this->input->get('sSearch'); $limit = !$this->input->get('iDisplayLength') ? $this->limit : $this->input->get('iDisplayLength'); $start = !$this->input->get('iDisplayStart') ? 0 : $this->input->get('iDisplayStart'); $data['no'] = $start + 1; $data['sEcho'] = !$this->input->get('callback') ? 0 : $this->input->get('callback'); $count_tmp = $this->psb_model->count_all(1, $search, $order_field)->result(); $data['iTotalRecords'] = count($count_tmp); //load data supplier dari database $data['listPendaftar'] = $this->psb_model->get_paged_list($limit, $start, $order, $sort, $search, $order_field, 1)->result(); $data['callback'] = $this->input->get('callback'); $results['sEcho'] = $data['sEcho']; // $results['iSortingCols'] = $data['iSortingCols']; $results['iTotalRecords'] = $results['iTotalDisplayRecords'] = $data['iTotalRecords']; if (count($data['listPendaftar']) > 0) { $i = 0; foreach ($data['listPendaftar'] as $pendaftar) { $nomor = '<div style="text-align:center;">' . $data['no'] . '</a>'; // $d = new DateTime($agenda->agenda_datetime); // $timestamp = $d->getTimestamp(); // Unix timestamp // $agendaDate = $d->format('Y-m-d'); // 2003-10-16 // $tgl = ($agenda->agenda_datetime!='0000-00-00 00:00:00' && $agenda->agenda_datetime!='')?tgl_indo(date('Y-m-d', strtotime($agenda->agenda_datetime))).' '.date('h:i A', strtotime($agenda->agenda_datetime)):'<div style="text-align:center;">-</div>'; // $status = (date('Y-m-d') > $agendaDate)?'<center><span class="label label-warning">Tidak Aktif</span></center>':'<center><span class="label label-success">Aktif</span></center>'; $tanggal = ""; $status = ""; $action = ""; if ($pendaftar->psb_reg_status == '0' && $pendaftar->pendaftar_status == '0' && $pendaftar->user_status == '') { $tanggal = $pendaftar->psb_reg_date_create != '0000-00-00 00:00:00' && $pendaftar->psb_reg_date_create != '' ? tgl_indo(date('Y-m-d', strtotime($pendaftar->psb_reg_date_create))) . ' ' . date('h:i A', strtotime($pendaftar->psb_reg_date_create)) : '-'; $status = "Baru Daftar"; $action = '<div style="text-align:center;">'; //Hitung Jumlah hari $hari1 = $pendaftar->psb_reg_date_create; $hari2 = date('Y-m-d H:i:s'); $jmlHari = hitung_hari($hari1, $hari2); if ($jmlHari > 14) { $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>'; $action .= " "; } $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>'; $action .= "</div>"; } elseif ($pendaftar->user_status == '0' && $pendaftar->psb_reg_status == '1' && $pendaftar->pendaftar_status == '0') { $tglupdate = explode('|', $pendaftar->psb_reg_date_update); $tanggal = $pendaftar->psb_reg_date_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[0]))) . ' ' . date('h:i A', strtotime($tglupdate[0])) : '<div style="text-align:center;">-</div>'; $status = "Sudah Aktivasi (Transfer)"; $action = '<div style="text-align:center;">'; $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>'; $action .= " "; $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>'; $action .= "</div>"; } elseif ($pendaftar->user_status == '0' && $pendaftar->psb_reg_status == '2' && $pendaftar->pendaftar_status == '1') { $tglupdate = explode('|', $pendaftar->psb_reg_date_update); $tanggal = $pendaftar->psb_reg_date_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[1]))) . ' ' . date('h:i A', strtotime($tglupdate[1])) : '<div style="text-align:center;">-</div>'; $status = "Pembayaran verified"; $action = '<div style="text-align:center;">'; $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>'; $action .= " "; $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>'; $action .= "</div>"; } elseif ($pendaftar->user_status == '0' && $pendaftar->psb_reg_status == '2' && $pendaftar->pendaftar_status == '2') { $tglupdate = explode('|', $pendaftar->pendaftar_update); $tanggal = $pendaftar->pendaftar_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[1]))) . ' ' . date('h:i A', strtotime($tglupdate[1])) : '<div style="text-align:center;">-</div>'; $status = "Data Pendaftar Ok"; $action = '<div style="text-align:center;">'; $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>'; $action .= " "; $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>'; $action .= "</div>"; } elseif ($pendaftar->user_status == '0' && $pendaftar->psb_reg_status == '2' && $pendaftar->pendaftar_status == '3') { $tglupdate = explode('|', $pendaftar->pendaftar_update); $tanggal = $pendaftar->pendaftar_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[2]))) . ' ' . date('h:i A', strtotime($tglupdate[2])) : '<div style="text-align:center;">-</div>'; $status = "Telah Mengikuti Test"; $action = '<div style="text-align:center;">'; $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>'; $action .= " "; $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>'; $action .= "</div>"; } elseif ($pendaftar->user_status == '1' && $pendaftar->psb_reg_status == '2' && $pendaftar->pendaftar_status == '4') { $tglupdate = explode('|', $pendaftar->pendaftar_update); $tanggal = $pendaftar->pendaftar_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[3]))) . ' ' . date('h:i A', strtotime($tglupdate[3])) : '<div style="text-align:center;">-</div>'; $status = "Lulus Test"; $action = '<div style="text-align:center;">'; $action .= '<a href="' . base_url('psb/admin/update/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-success"><i class="fa fa-edit"></i></a>'; $action .= " "; $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>'; $action .= "</div>"; } elseif ($pendaftar->user_status == '99' && $pendaftar->psb_reg_status == '99' && $pendaftar->pendaftar_status == '99') { $tglupdate = explode('|', $pendaftar->pendaftar_update); $tanggal = $pendaftar->pendaftar_update != '' ? tgl_indo(date('Y-m-d', strtotime($tglupdate[4]))) . ' ' . date('h:i A', strtotime($tglupdate[4])) : '<div style="text-align:center;">-</div>'; $status = "Tidak Lulus Test"; $action = '<div style="text-align:center;">'; // $action .= '<a href="'.base_url('psb/admin/update/'.base64_encode($pendaftar->user_id).'/'.base64_encode($pendaftar->user_activation_code)).'" class="btn btn-success"><i class="fa fa-edit"></i></a>'; // $action .= " "; $action .= '<a href="' . base_url('psb/admin/read/' . base64_encode($pendaftar->user_id) . '/' . base64_encode($pendaftar->user_activation_code)) . '" class="btn btn-info" title="Detil Data PPDB"><i class="fa fa-search-plus"></i></a>'; $action .= "</div>"; } $namaLengkap = $pendaftar->psb_reg_firstname . ' ' . $pendaftar->psb_reg_lastname; $results['aaData'][$i] = array($nomor, $namaLengkap, $tanggal, $status, $action); $data['no']++; ++$i; } } else { for ($i = 0; $i < 6; ++$i) { $results['aaData'][0][$i] = ''; } } print $data['callback'] . json_encode($results); // $this->template->single('admin/anggota/lists.json', $data); break; case 'update': if ($psbUserId == '' && $psbCodeActivate == '') { redirect(base_url('psb/admin')); } if ($updatePost = $this->input->post()) { $dataPendaftar = array(); $dataRegister = array(); $dataUjianOnline = array(); $dataUjianOnlineGroup = array(); $getAuthLog = $this->psb_model->getUserById(base64_decode($psbUserId))->row_array(); $getPendaftarByUserId = $this->psb_model->getRCalonSiswaByUserId(base64_decode($psbUserId))->row_array(); $pecahUpdateTgl = explode('|', $getPendaftarByUserId['pendaftar_update']); $getRegistranByUserId = $this->psb_model->getRegisterByUserId(base64_decode($psbUserId))->row_array(); $pecahUpdateTglRegister = explode('|', $getRegistranByUserId['psb_reg_date_update']); $noDaftar = $updatePost['pendaftar_dari'] . '-' . $updatePost['no_pendataran_otomatis']; $validate = $updatePost['paymentStatus']; $dataPendaftar = array('pendaftar_tahun_ajar_id' => $updatePost['tahun_ajar'], 'pendaftar_nomor' => $noDaftar, 'pendaftar_keterangan' => '', 'pendaftar_update' => $pecahUpdateTgl[0] . '|' . date('Y-m-d H:i:s'), 'pendaftar_status' => 1); $dataRegister = array('psb_reg_date_update' => $pecahUpdateTglRegister[0] . '|' . date('Y-m-d H:i:s'), 'psb_reg_status' => $validate); mt_srand((double) microtime() * 1000000); $dataUjianOnline = array('user_regdate' => date('Y-m-d H:i:s'), 'user_ip' => $this->input->ip_address(), 'user_name' => $getAuthLog['user_name'], 'user_email' => $getAuthLog['user_email'], 'user_password' => getPasswordHash($getAuthLog['user_password_forget']), 'user_regnumber' => $noDaftar, 'user_firstname' => $getPendaftarByUserId['pendaftar_nama_depan'], 'user_lastname' => $getPendaftarByUserId['pendaftar_nama_belakang'], 'user_birthdate' => '', 'user_birthplace' => '', 'user_ssn' => random_string('numeric', 9), 'user_level' => 1, 'user_verifycode' => md5(uniqid(mt_rand(), true)), 'user_otpkey' => F_getRandomOTPkey()); $userIdTest = $this->psb_model->registerOnlineTest($dataUjianOnline); $dataUjianOnlineGroup = array('usrgrp_user_id' => $userIdTest, 'usrgrp_group_id' => 2); $updateAdmin = $this->psb_model->registerOnlineTestGroup($dataUjianOnlineGroup); $updateAdmin .= $this->psb_model->updateCalonsiswa(base64_decode($psbUserId), $dataPendaftar); $updateAdmin .= $this->psb_model->updateRegistran(base64_decode($psbUserId), $dataRegister); // if($updateAdmin){ $isi = "Assalamu'alaikum Wr. Wb. <br />Selamat Datang di Pendaftaran Siswa Baru SMAIH BATAM"; $isi .= "Berikut Data - Data Verifikasi Pembayaran Anda:<br /><br /> "; $isi .= "Nama : <strong>" . $getRegistranByUserId['psb_reg_firstname'] . " " . $getRegistranByUserId['psb_reg_lastname'] . "</strong> <br />"; $isi .= "Status Pembayaran : " . ($validate == 1) ? '<strong>Belum diverifikasi</strong> <br />' : '<strong>Sudah diverifikasi</strong> <br />'; $isi .= "Username Online Test : <strong>" . $getAuthLog['user_name'] . "</strong> <br />"; $isi .= "Password Online Test : <strong>" . $getAuthLog['user_password_forget'] . "</strong> <br />"; $isi .= "Sebelum mengikuti test online silahkan lengkapi terlebih dahulu data calon siswa dengan mengunjungi <a href='" . base_url('psb/activation/step-2/' . base64_encode($getAuthLog['user_activation_code'])) . "' target='_blank'>Halaman Berikut</a><br /> "; $isi .= "Dan ikuti instruksi yang ada dihalaman tersebut. Demikian informasi yang dapat kami sampaikan.<br />"; $isi .= "Wassalamu'alaikum Wr. Wb.<br />"; $this->email->from('*****@*****.**'); // change it to yours $this->email->to($getAuthLog['user_email']); // change it to yours $this->email->subject('[PPDB-SMAIH-' . date('Y') . '] Verifikasi Pembayaran Pendaftaran Online'); $this->email->message($isi); //Jika Sukses if ($this->email->send()) { // $this->email->print_debugger(); $this->session->set_flashdata('sukses_update', 'Data pendaftar dan data ujian oline diperbaharui dan disimpan ke database.'); redirect(base_url('psb/admin')); } else { //Jika Gagal echo "Maaf ada kesalahan pada saat pemrosesan data. silahkan ulangi lagi klik <a href='javascript: window.history.go(-1)'>disini</a>"; } // } } $this->template->title('Manajemen PPDB', $this->init->getSettingVal('gen_site_name'))->set_breadcrumb('Home', base_url('home/dashboard'))->set_breadcrumb('Verify Data PPDB', '#')->set('pagedesc', 'Manajemen PPDB <small>Pengelolaan Penerimaan Siswa Baru</small>')->set('modul', $this->_backendmenus)->set('kodeAktivasi', base64_decode($psbCodeActivate))->set('userID', base64_decode($psbUserId))->set('listThnAjar', $this->psb_model->getListThnAjar()->result_array())->set('getOneUser', $this->psb_model->getUserById(base64_decode($psbUserId))->row_array())->set('getOneRegister', $this->psb_model->getRegisterByUserId(base64_decode($psbUserId))->row_array())->set('getOneCalonSiswa', $this->psb_model->getRCalonSiswaByUserId(base64_decode($psbUserId))->row_array())->set('content', 'psb/update')->build('template'); break; case 'read': if ($psbUserId == '' && $psbCodeActivate == '') { redirect(base_url('psb/admin')); } $this->template->title('Manajemen PPDB', $this->init->getSettingVal('gen_site_name'))->set_breadcrumb('Home', base_url('home/dashboard'))->set_breadcrumb('Detail Data PPDB', '#')->set('pagedesc', 'Manajemen PPDB <small>Pengelolaan Penerimaan Siswa Baru</small>')->set('modul', $this->_backendmenus)->set('getOneUser', $this->psb_model->getUserById(base64_decode($psbUserId))->row_array())->set('getOneRegister', $this->psb_model->getRegisterByUserId(base64_decode($psbUserId))->row_array())->set('getOneCalonSiswa', $this->psb_model->getRCalonSiswaByUserId(base64_decode($psbUserId))->row_array())->set('content', 'psb/detail')->build('template'); break; default: $this->template->title('Manajemen PPDB', $this->init->getSettingVal('gen_site_name'))->set_breadcrumb('Home', base_url('home/dashboard'))->set_breadcrumb('Daftar Pendaftar PPDB', '#')->set('pagedesc', 'Manajemen PPDB <small>Pengelolaan Penerimaan Siswa Baru</small>')->set('modul', $this->_backendmenus)->set('content', 'psb/list')->build('template'); break; } }
} $id = (int) mysqli_fetch_all($result, MYSQLI_ASSOC)[0]['id'] + 1; mysqli_free_result($result); $result = mysqli_query($link, 'SELECT * FROM `users` WHERE LOWER(`username`)=\'' . $username . '\';'); if (is_array(mysqli_fetch_all($result, MYSQLI_ASSOC)[0])) { array_push($errors, 'Username taken!'); break; } mysqli_free_result($result); $result = mysqli_query($link, 'SELECT * FROM `users` WHERE LOWER(`email`)=\'' . strtolower($email) . '\';'); if (is_array(mysqli_fetch_all($result, MYSQLI_ASSOC)[0])) { array_push($errors, 'Email address taken!'); break; } mysqli_free_result($result); $result = mysqli_query($link, 'INSERT INTO `users` (`id`, `administrator`, `colour`, `username`, `email`, `password`, `uploads`, `lastactive`, `created`) VALUES (' . $id . ', 0, \'' . $colour . '\', \'' . mysqli_real_escape_string($link, $username) . '\', \'' . mysqli_real_escape_string($link, $email) . '\', \'' . getPasswordHash($password) . '\', \'' . mysqli_real_escape_string($link, serialize(array())) . '\', FROM_UNIXTIME(' . time() . '), FROM_UNIXTIME(' . time() . '));'); if (!$result) { print_error('MySQL error! | ' . mysqli_error($link) . '<br>'); break; } mysqli_free_result($result); mysqli_close($link); unset($link); redirect('login.php?signedUp&username=' . $username, false); break; } } ?> <body> <br> <br>
case 2: // absolute redirect header('Location: ' . K_PATH_HOST . $_SERVER['SCRIPT_NAME']); break; case 3: // html redirect echo $htmlredir; break; case 4: default: // full redirect header('Location: ' . K_PATH_HOST . $_SERVER['SCRIPT_NAME']); echo $htmlredir; break; } exit; } // check for test password if (isset($_POST['testpswaction']) and $_POST['testpswaction'] == 'login' and isset($_POST['xtest_password']) and isset($_POST['testid'])) { require_once '../../shared/code/tce_functions_test.php'; $tph = F_getTestPassword($_POST['testid']); if (getPasswordHash($_POST['xtest_password']) == $tph) { // test password is correct, save status on a session variable $_SESSION['session_test_login'] = getPasswordHash($tph . $_POST['testid'] . $_SESSION['session_user_id'] . $_SESSION['session_user_ip']); } else { F_print_error('WARNING', $l['m_wrong_test_password']); } } //============================================================+ // END OF FILE //============================================================+
/** * Try various external Login Systems. * (SSL, HTTP-BASIC, CAS, SHIBBOLETH, RADIUS, LDAP) * @return array of user's data for successful login, false otherwise * @since 2012-06-05 */ function F_altLogin() { global $l, $db; require_once '../config/tce_config.php'; // TCExam tries to retrive the user login information from the following systems: // 1) SSL ---------------------------------------------------------- require_once '../../shared/config/tce_ssl.php'; if (K_SSL_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) { if (isset($_SERVER['SSL_CLIENT_M_SERIAL']) and isset($_SERVER['SSL_CLIENT_I_DN']) and isset($_SERVER['SSL_CLIENT_V_END']) and isset($_SERVER['SSL_CLIENT_VERIFY']) and $_SERVER['SSL_CLIENT_VERIFY'] === 'SUCCESS' and isset($_SERVER['SSL_CLIENT_V_REMAIN']) and $_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) { $_POST['xuser_name'] = md5($_SERVER['SSL_CLIENT_M_SERIAL'] . $_SERVER['SSL_CLIENT_I_DN']); $_POST['xuser_password'] = getPasswordHash($_SERVER['SSL_CLIENT_M_SERIAL'] . $_SERVER['SSL_CLIENT_I_DN'] . K_RANDOM_SECURITY . $_SERVER['SSL_CLIENT_V_END']); $_POST['logaction'] = 'login'; $usr = array(); if (isset($_SERVER['SSL_CLIENT_S_DN_Email'])) { $usr['user_email'] = $_SERVER['SSL_CLIENT_S_DN_Email']; } else { $usr['user_email'] = ''; } if (isset($_SERVER['SSL_CLIENT_S_DN_CN'])) { $usr['user_firstname'] = $_SERVER['SSL_CLIENT_S_DN_CN']; } else { $usr['user_firstname'] = ''; } $usr['user_lastname'] = ''; $usr['user_birthdate'] = ''; $usr['user_birthplace'] = ''; $usr['user_regnumber'] = ''; $usr['user_ssn'] = ''; $usr['user_level'] = K_SSL_USER_LEVEL; $usr['usrgrp_group_id'] = K_SSL_USER_GROUP_ID; return $usr; } } // ----------------------------------------------------------------- // 2) HTTP BASIC --------------------------------------------------- require_once '../../shared/config/tce_httpbasic.php'; if (K_HTTPBASIC_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) { if (isset($_SERVER['AUTH_TYPE']) and $_SERVER['AUTH_TYPE'] == 'Basic' and isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW']) and $_SESSION['session_user_name'] != $_SERVER['PHP_AUTH_USER']) { $_POST['xuser_name'] = $_SERVER['PHP_AUTH_USER']; $_POST['xuser_password'] = $_SERVER['PHP_AUTH_PW']; $_POST['logaction'] = 'login'; $usr = array(); $usr['user_email'] = ''; $usr['user_firstname'] = ''; $usr['user_lastname'] = ''; $usr['user_birthdate'] = ''; $usr['user_birthplace'] = ''; $usr['user_regnumber'] = ''; $usr['user_ssn'] = ''; $usr['user_level'] = K_HTTPBASIC_USER_LEVEL; $usr['usrgrp_group_id'] = K_HTTPBASIC_USER_GROUP_ID; return $usr; } } // ----------------------------------------------------------------- // 3) CAS - Central Authentication Service ------------------------- require_once '../../shared/config/tce_cas.php'; if (K_CAS_ENABLED) { require_once '../../shared/cas/CAS.php'; phpCAS::client(K_CAS_VERSION, K_CAS_HOST, K_CAS_PORT, K_CAS_PATH, false); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); if ($_SESSION['session_user_name'] != phpCAS::getUser()) { $_POST['xuser_name'] = phpCAS::getUser(); $_POST['xuser_password'] = getPasswordHash($_POST['xuser_name'] . K_RANDOM_SECURITY); $_POST['logaction'] = 'login'; $usr = array(); $usr['user_email'] = ''; $usr['user_firstname'] = ''; $usr['user_lastname'] = ''; $usr['user_birthdate'] = ''; $usr['user_birthplace'] = ''; $usr['user_regnumber'] = ''; $usr['user_ssn'] = ''; $usr['user_level'] = K_CAS_USER_LEVEL; $usr['usrgrp_group_id'] = K_CAS_USER_GROUP_ID; return $usr; } } // ----------------------------------------------------------------- // 4) Shibboleth --------------------------------------------------- require_once '../../shared/config/tce_shibboleth.php'; if (K_SHIBBOLETH_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) { if (isset($_SERVER['AUTH_TYPE']) and $_SERVER['AUTH_TYPE'] == 'shibboleth' and (isset($_SERVER['Shib_Session_ID']) and !empty($_SERVER['Shib_Session_ID']) or isset($_SERVER['HTTP_SHIB_IDENTITY_PROVIDER']) and !empty($_SERVER['HTTP_SHIB_IDENTITY_PROVIDER'])) and isset($_SERVER['eppn']) and $_SESSION['session_user_name'] != $_SERVER['eppn']) { $_POST['xuser_name'] = $_SERVER['eppn']; $_POST['xuser_password'] = getPasswordHash($_POST['xuser_name'] . K_RANDOM_SECURITY); $_POST['logaction'] = 'login'; $usr = array(); $usr['user_email'] = $_SERVER['eppn']; if (isset($_SERVER['givenName'])) { $usr['user_firstname'] = $_SERVER['givenName']; } else { $usr['user_firstname'] = ''; } if (isset($_SERVER['sn'])) { $usr['user_lastname'] = $_SERVER['sn']; } else { $usr['user_lastname'] = ''; } $usr['user_birthdate'] = ''; $usr['user_birthplace'] = ''; if (isset($_SERVER['employeeNumber'])) { $usr['user_regnumber'] = $_SERVER['employeeNumber']; } else { $usr['user_regnumber'] = ''; } $usr['user_ssn'] = ''; $usr['user_level'] = K_SHIBBOLETH_USER_LEVEL; $usr['usrgrp_group_id'] = K_SHIBBOLETH_USER_GROUP_ID; return $usr; } } // ----------------------------------------------------------------- if (isset($_POST['logaction']) and $_POST['logaction'] == 'login' and isset($_POST['xuser_name']) and isset($_POST['xuser_password'])) { // 5) RADIUS --------------------------------------------------- require_once '../../shared/config/tce_radius.php'; if (K_RADIUS_ENABLED) { require_once '../../shared/radius/radius.class.php'; $radius = new Radius(K_RADIUS_SERVER_IP, K_RADIUS_SHARED_SECRET, K_RADIUS_SUFFIX, K_RADIUS_UDP_TIMEOUT, K_RADIUS_AUTHENTICATION_PORT, K_RADIUS_ACCOUNTING_PORT); if (K_RADIUS_UTF8) { $radusername = utf8_encode($_POST['xuser_name']); $radpassword = utf8_encode($_POST['xuser_password']); } else { $radusername = $_POST['xuser_name']; $radpassword = $_POST['xuser_password']; } if ($radius->AccessRequest($radusername, $radpassword)) { $usr = array(); $usr['user_email'] = ''; $usr['user_firstname'] = ''; $usr['user_lastname'] = ''; $usr['user_birthdate'] = ''; $usr['user_birthplace'] = ''; $usr['user_regnumber'] = ''; $usr['user_ssn'] = ''; $usr['user_level'] = K_RADIUS_USER_LEVEL; $usr['usrgrp_group_id'] = K_RADIUS_USER_GROUP_ID; return $usr; } } // ------------------------------------------------------------- // 6) LDAP ----------------------------------------------------- require_once '../../shared/config/tce_ldap.php'; if (K_LDAP_ENABLED) { // make ldap connection $ldapconn = ldap_connect(K_LDAP_HOST, K_LDAP_PORT); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, K_LDAP_PROTOCOL_VERSION); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); // recommended for W2K3 // bind anonymously and get dn for username. if (K_LDAP_UTF8) { $ldapusername = utf8_encode($_POST['xuser_name']); $ldappassword = utf8_encode($_POST['xuser_password']); } else { $ldapusername = $_POST['xuser_name']; $ldappassword = $_POST['xuser_password']; } if ($lbind = ldap_bind($ldapconn, $ldapusername, $ldappassword)) { // Search user on LDAP tree sort($ldap_attr); $ldap_filter = str_replace('#USERNAME#', $ldapusername, K_LDAP_FILTER); if ($search = @ldap_search($ldapconn, K_LDAP_BASE_DN, $ldap_filter, $ldap_attr)) { if ($rdn = @ldap_get_entries($ldapconn, $search)) { if (@ldap_bind($ldapconn, $rdn['dn'], $_POST['xuser_password'])) { @ldap_unbind($ldapconn); $usr = array(); foreach ($ldap_attr as $k => $v) { if (!empty($v) and isset($rdn[$v])) { $usr[$k] = $rdn[$v]; } else { $usr[$k] = ''; } } $usr['user_level'] = K_LDAP_USER_LEVEL; $usr['usrgrp_group_id'] = K_LDAP_USER_GROUP_ID; return $usr; } } } } @ldap_unbind($ldapconn); } // ------------------------------------------------------------- } return false; }
if ($user_email != $user_email_repeat) { //print message and exit F_print_error('WARNING', $l['m_different_emails']); $formstatus = FALSE; F_stripslashes_formfields(); break; } } mt_srand((double) microtime() * 1000000); $user_verifycode = md5(uniqid(mt_rand(), true)); // verification code $sql = 'UPDATE ' . K_TABLE_USERS . ' SET user_email=\'' . F_escape_sql($user_email) . '\', user_level=\'0\', user_verifycode=\'' . $user_verifycode . '\' WHERE user_id=' . $user_id . ' AND user_password=\'' . getPasswordHash($currentpassword) . '\''; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { F_print_error('MESSAGE', $l['m_email_updated']); // require email confirmation require_once '../../shared/code/tce_functions_user_registration.php'; F_send_user_reg_email($user_id, $user_email, $user_verifycode); F_print_error('MESSAGE', $user_email . ': ' . $l['m_user_verification_sent']); echo '<div class="container">' . K_NEWLINE; echo '<strong><a href="index.php" title="' . $l['h_index'] . '">' . $l['h_index'] . ' ></a></strong>' . K_NEWLINE; echo '</div>' . K_NEWLINE; require_once 'tce_page_footer.php'; exit; } }
<?php require __DIR__ . '/../vendor/autoload.php'; require __DIR__ . '/../app/config.php'; require __DIR__ . '/../app/db.php'; require __DIR__ . '/../app/utility.php'; $app = new \Slim\Slim($config); $mongoCollection = getMongoCollection('user'); try { $username = $argv[1]; $email = $argv[2]; $password = $argv[3]; $result = $mongoCollection->find(array('username' => $username)); if (!$result->count()) { throw new RuntimeException('存在しないユーザーです'); } $result = $mongoCollection->find(array('email' => $email, 'username' => array('$ne' => $username))); if ($result->count()) { throw new RuntimeException('メールアドレスの重複はできません'); } $mongoCollection->update(array('username' => $username), array('username' => $username, 'email' => $email, 'password' => getPasswordHash($email, $password, $app->config('salt')))); } catch (RuntimeException $e) { echo $e->getMessage() . PHP_EOL; return; } echo 'User:'******' updated.' . PHP_EOL;
if ($newpass != $newpasscnfm) { ?> <div class="password-change alert alert-danger fade in" role="alert"> <p class="lead"> <span class="glyphicon glyphicon-remove-sign" aria-hidden="true"></span> <strong>Error</strong> New password does not match confirmed password. <br> <a class="alert-link" href="javascript:history.back()">Return and Fix</a> </p> </div> <?php exit; } else { if (checkPassword($currentpwd)) { $db = new DB_Functions(); $hashedPassword = getPasswordHash($newpass); $db->changePassword($_SESSION['email'], $hashedPassword); ?> <div class="password-change alert alert-success fade in" role="alert"> <p class="lead"> <span class="glyphicon glyphicon-ok-sign" aria-hidden="true"></span> <strong>Success</strong> Your password has been changed! </p> </div> <script type="text/javascript"> (function(){ setTimeout(function(){window.location.href = "./"; }, 1200); })(); </script> <?php } else {
case 'add': // Add if ($formstatus = F_check_form_fields()) { // check if name is unique if (!F_check_unique(K_TABLE_TESTS, 'test_name=\'' . F_escape_sql($db, $test_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } if (isset($test_id) and $test_id > 0) { // save previous test_id. $old_test_id = $test_id; } if (!empty($new_test_password)) { $test_password = getPasswordHash($new_test_password); } $sql = 'INSERT INTO ' . K_TABLE_TESTS . ' ( test_name, test_description, test_begin_time, test_end_time, test_duration_time, test_ip_range, test_results_to_users, test_report_to_users, test_score_right, test_score_wrong, test_score_unanswered, test_max_score, test_user_id,
$testlog_id = intval($_REQUEST['testlogid']); } if (isset($_REQUEST['answerid']) and $_REQUEST['answerid'] > 0) { $answer_id = $_REQUEST['answerid']; } if (isset($_REQUEST['answertext']) and !empty($_REQUEST['answertext'])) { $answer_text = $_REQUEST['answertext']; } if (isset($_REQUEST['reaction_time']) and $_REQUEST['reaction_time'] > 0) { $reaction_time = intval($_REQUEST['reaction_time']); } else { $reaction_time = 0; } // check for test password $tph = F_getTestPassword($test_id); if (!empty($tph) and $_SESSION['session_test_login'] != getPasswordHash($tph . $test_id . $_SESSION['session_user_id'] . $_SESSION['session_user_ip'])) { // display login page require_once '../code/tce_page_header.php'; echo F_testLoginForm($_SERVER['SCRIPT_NAME'], 'form_test_login', 'post', 'multipart/form-data', $test_id); require_once '../code/tce_page_footer.php'; exit; //break page here } if (F_executeTest($test_id)) { if (isset($_REQUEST['forceterminate']) and !empty($_REQUEST['forceterminate'])) { if ($_REQUEST['forceterminate'] == 'lasttimedquestion') { // update last question F_updateQuestionLog($test_id, $testlog_id, $answer_id, $answer_text, $reaction_time); } // terminate the test (lock the test to status=4) F_terminateUserTest($test_id);
$user2['user_password_lastchanged'] = time(); // All new $pw = $_POST['password_new']; try { if ($id == $login['user_id'] && (!isset($_POST['password_old']) || getPasswordHash($_POST['password_old']) != $user['user_password'])) { $serious_failed = true; throw new Exception(_h('Old password is not correct.')); } loginPWcheckExternal($user2, $pw); loginPWcheckSetNew($user2, $pw); } catch (Exception $e) { $failed_msg = $e->getMessage(); $failed = true; } if (!$serious_failed && (!$failed || $failed && isset($_POST['ignore_msg']) && $_POST['ignore_msg'] == '1')) { $sql = 'UPDATE `users` SET ' . '`user_password` = \'' . getPasswordHash($pw) . '\', ' . '`user_password_1` = \'' . $user['user_password'] . '\', ' . '`user_password_2` = \'' . $user['user_password_1'] . '\', ' . '`user_password_3` = \'' . $user['user_password_2'] . '\', ' . '`user_password_lastchanged` = \'' . time() . '\', ' . '`user_password_complex` = \'' . !$failed . '\'' . ' WHERE `user_id` = ' . $user['user_id'] . ' LIMIT 1 ;'; mysql_query($sql); if (mysql_error()) { echo 'Error<br>'; echo mysql_error(); exit; } if ($user['user_id'] == $login['user_id']) { header('Location: logout.php?newpw_ok=1'); } else { header('Location: admin_user_password.php?id=' . $user['user_id'] . '&ok=1'); } exit; } } include "include/admin_middel.php";
if (isset($user_regnumber) and strlen($user_regnumber) > 0 and !F_check_unique(K_TABLE_USERS, 'user_regnumber=\'' . F_escape_sql($db, $user_regnumber) . '\'')) { F_print_error('WARNING', $l['m_duplicate_regnumber']); $formstatus = FALSE; F_stripslashes_formfields(); } // check if ssn is unique if (isset($user_ssn) and strlen($user_ssn) > 0 and !F_check_unique(K_TABLE_USERS, 'user_ssn=\'' . F_escape_sql($db, $user_ssn) . '\'')) { F_print_error('WARNING', $l['m_duplicate_ssn']); $formstatus = FALSE; F_stripslashes_formfields(); } // check password if (!empty($newpassword) or !empty($newpassword_repeat)) { // update password if ($newpassword == $newpassword_repeat) { $user_password = getPasswordHash($newpassword); // update OTP key $user_otpkey = F_getRandomOTPkey(); } else { //print message and exit F_print_error('WARNING', $l['m_different_passwords']); $formstatus = FALSE; F_stripslashes_formfields(); } } else { //print message and exit F_print_error('WARNING', $l['m_empty_password']); $formstatus = FALSE; F_stripslashes_formfields(); } if ($formstatus) {
/** * Sends email test reports to users. * @author Nicola Asuni * @since 2005-02-24 * @param $test_id (int) TEST ID * @param $user_id (int) USER ID (0 means all users) * @param $testuser_id (int) test-user ID - if greater than zero, filter stats for the specified test-user. * @param $group_id (int) GROUP ID (0 means all groups) * @param $startdate (int) start date ID - if greater than zero, filter stats for the specified starting date * @param $enddate (int) end date ID - if greater than zero, filter stats for the specified ending date * @param $mode (int) type of report to send: 0=detailed report; 1=summary report (without questions) * @param $display_mode display (int) mode: 0 = disabled; 1 = minimum; 2 = module; 3 = subject; 4 = question; 5 = answer. * @param $show_graph (boolean) If true display the score graph. */ function F_send_report_emails($test_id, $user_id = 0, $testuser_id = 0, $group_id = 0, $startdate = 0, $enddate = 0, $mode = 0, $display_mode = 1, $show_graph = false) { global $l, $db; require_once '../config/tce_config.php'; require_once '../../shared/code/tce_functions_test.php'; require_once '../../shared/code/tce_functions_test_stats.php'; require_once '../../shared/code/tce_class_mailer.php'; require_once 'tce_functions_user_select.php'; $mode = intval($mode); if ($test_id > 0) { $test_id = intval($test_id); if (!F_isAuthorizedUser(K_TABLE_TESTS, 'test_id', $test_id, 'test_user_id')) { return; } } else { $test_id = 0; } if ($user_id > 0) { $user_id = intval($user_id); } else { $user_id = 0; } if ($testuser_id > 0) { $testuser_id = intval($testuser_id); } else { $testuser_id = 0; } if ($group_id > 0) { $group_id = intval($group_id); } else { $group_id = 0; } if (!empty($startdate)) { $startdate_time = strtotime($startdate); $startdate = date(K_TIMESTAMP_FORMAT, $startdate_time); } else { $startdate = ''; } if (!empty($enddate)) { $enddate_time = strtotime($enddate); $enddate = date(K_TIMESTAMP_FORMAT, $enddate_time); } else { $enddate = ''; } // Instantiate C_mailer class $mail = new C_mailer(); //Load default values $mail->language = $l; $mail->Priority = $emailcfg['Priority']; $mail->ContentType = $emailcfg['ContentType']; $mail->Encoding = $emailcfg['Encoding']; $mail->WordWrap = $emailcfg['WordWrap']; $mail->Mailer = $emailcfg['Mailer']; $mail->Sendmail = $emailcfg['Sendmail']; $mail->UseMSMailHeaders = $emailcfg['UseMSMailHeaders']; $mail->Host = $emailcfg['Host']; $mail->Port = $emailcfg['Port']; $mail->Helo = $emailcfg['Helo']; $mail->SMTPAuth = $emailcfg['SMTPAuth']; $mail->SMTPSecure = $emailcfg['SMTPSecure']; $mail->Username = $emailcfg['Username']; $mail->Password = $emailcfg['Password']; $mail->Timeout = $emailcfg['Timeout']; $mail->SMTPDebug = $emailcfg['SMTPDebug']; $mail->PluginDir = $emailcfg['PluginDir']; $mail->Sender = $emailcfg['Sender']; $mail->From = $emailcfg['From']; $mail->FromName = $emailcfg['FromName']; if ($emailcfg['Reply']) { $mail->AddReplyTo($emailcfg['Reply'], $emailcfg['ReplyName']); } $mail->CharSet = $l['a_meta_charset']; if (!$mail->CharSet) { $mail->CharSet = $emailcfg['CharSet']; } $mail->Subject = $l['t_result_user']; $mail->IsHTML(TRUE); // Set message type to HTML. $email_num = 0; // count emails; // get all data $data = F_getAllUsersTestStat($test_id, $group_id, $user_id, $startdate, $enddate, 'total_score', false, $display_mode); foreach ($data['testuser'] as $tu) { if (strlen($tu['user_email']) > 3) { // set HTML header $mail->Body = $emailcfg['MsgHeader']; // compose alternate TEXT message $mail->AltBody = '' . $l['t_result_user'] . ' [' . $tu['testuser_creation_time'] . ']' . K_NEWLINE; $mail->AltBody .= $l['w_test'] . ': ' . $tu['test']['test_name'] . K_NEWLINE; $passmsg = ''; if ($tu['test']['test_score_threshold'] > 0) { $mail->AltBody .= $l['w_test_score_threshold'] . ': ' . $tu['test']['test_score_threshold']; if ($tu['total_score'] >= $tu['test']['test_score_threshold']) { $passmsg = ' - ' . $l['w_passed']; } else { $passmsg = ' - ' . $l['w_not_passed']; } $mail->AltBody .= K_NEWLINE; } $mail->AltBody .= $l['w_score'] . ': ' . F_formatFloat($tu['total_score']) . ' ' . F_formatPercentage($tu['total_score_perc'], false) . $passmsg . K_NEWLINE; if ($display_mode > 0) { $mail->AltBody .= $l['w_answers_right'] . ': ' . $tu['right'] . ' ' . F_formatPercentage($tu['right_perc'], false) . K_NEWLINE; $mail->AltBody .= $l['w_answers_wrong'] . ': ' . $tu['wrong'] . ' ' . F_formatPercentage($tu['wrong_perc'], false) . K_NEWLINE; $mail->AltBody .= $l['w_questions_unanswered'] . ': ' . $tu['unanswered'] . ' ' . F_formatPercentage($tu['unanswered_perc'], false) . K_NEWLINE; $mail->AltBody .= $l['w_questions_undisplayed'] . ': ' . $tu['undisplayed'] . ' ' . F_formatPercentage($tu['undisplayed_perc'], false) . K_NEWLINE; } if ($mode == 0) { $pdfkey = getPasswordHash(date('Y') . $tu['id'] . K_RANDOM_SECURITY . $tu['test']['test_id'] . date('m') . $tu['user_id']); // create PDF doc $mode = 3; $pdf_content = file_get_contents(K_PATH_HOST . K_PATH_TCEXAM . 'admin/code/tce_pdf_results.php?mode=' . $mode . '&diplay_mode=' . $display_mode . '&show_graph=' . $show_graph . '&test_id=' . $tu['test']['test_id'] . '&user_id=' . $tu['user_id'] . '&testuser_id=' . $tu['id'] . '&email=' . $pdfkey); // set PDF document file name $doc_name = 'tcexam_report'; $doc_name .= '_' . $mode; $doc_name .= '_0'; $doc_name .= '_' . $tu['test']['test_id']; $doc_name .= '_0'; $doc_name .= '_' . $tu['user_id']; $doc_name .= '_' . $tu['id']; $doc_name .= '.pdf'; // attach document $mail->AddStringAttachment($pdf_content, $doc_name, $emailcfg['AttachmentsEncoding'], 'application/octet-stream'); $mail->AltBody .= K_NEWLINE . $l['w_attachment'] . ': ' . $doc_name . K_NEWLINE; } // convert alternate text to HTML $mail->Body .= str_replace(K_NEWLINE, '<br />' . K_NEWLINE, $mail->AltBody); // add HTML footer $mail->Body .= $emailcfg['MsgFooter']; //--- Elaborate user Templates --- $mail->Body = str_replace('#CHARSET#', $l['a_meta_charset'], $mail->Body); $mail->Body = str_replace('#LANG#', $l['a_meta_language'], $mail->Body); $mail->Body = str_replace('#LANGDIR#', $l['a_meta_dir'], $mail->Body); $mail->Body = str_replace('#EMAIL#', $tu['user_email'], $mail->Body); $mail->Body = str_replace('#USERNAME#', htmlspecialchars($tu['user_name'], ENT_NOQUOTES, $l['a_meta_charset']), $mail->Body); $mail->Body = str_replace('#USERFIRSTNAME#', htmlspecialchars($tu['user_firstname'], ENT_NOQUOTES, $l['a_meta_charset']), $mail->Body); $mail->Body = str_replace('#USERLASTNAME#', htmlspecialchars($tu['user_lastname'], ENT_NOQUOTES, $l['a_meta_charset']), $mail->Body); // add a "To" address $mail->AddAddress($tu['user_email'], $tu['user_name']); $email_num++; $progresslog = '' . $email_num . '. ' . $tu['user_email'] . ' [' . $tu['user_name'] . ']'; //output user data if (!$mail->Send()) { //send email to user $progresslog .= ' [' . $l['t_error'] . ']'; //display error message } $mail->ClearAddresses(); // Clear all addresses for next loop $mail->ClearAttachments(); // Clears all previously set filesystem, string, and binary attachments } else { $progresslog = '[' . $l['t_error'] . '] ' . $tu['user_name'] . ': ' . $l['m_unknown_email'] . ''; //output user data } echo $progresslog . '<br />' . K_NEWLINE; //output processed emails flush(); // force browser output } $mail->ClearAddresses(); // Clear all addresses for next loop $mail->ClearCustomHeaders(); // Clears all custom headers $mail->ClearAllRecipients(); // Clears all recipients assigned in the TO, CC and BCC $mail->ClearAttachments(); // Clears all previously set filesystem, string, and binary attachments $mail->ClearReplyTos(); // Clears all recipients assigned in the ReplyTo array return; }