public function add(array $values) { $users = tusers::i(); $email = trim($values['email']); if ($users->emailexists($email)) { return false; } $groups = tusergroups::i(); if (isset($values['idgroups'])) { $idgroups = $this->cleangroups($values['idgroups']); if (count($idgroups) == 0) { $idgroups = $groups->defaults; } } else { $idgroups = $groups->defaults; } $password = empty($values['password']) ? md5uniq() : $values['password']; $item = array('email' => $email, 'name' => isset($values['name']) ? trim($values['name']) : '', 'website' => isset($values['website']) ? trim($values['website']) : '', 'password' => litepublisher::$options->hash($email . $password), 'cookie' => md5uniq(), 'expired' => sqldate(), 'idgroups' => implode(',', $idgroups), 'trust' => 0, 'status' => isset($values['status']) ? $values['status'] : 'approved'); $id = $users->db->add($item); $item['idgroups'] = $idgroups; $users->items[$id] = $item; $users->setgroups($id, $item['idgroups']); if ('approved' == $item['status']) { tuserpages::i()->add($id); } $users->added($id); return $id; }
/** * Lite Publisher * Copyright (C) 2010 - 2015 Vladimir Yushko http://litepublisher.ru/ http://litepublisher.com/ * Dual licensed under the MIT (mit.txt) * and GPL (gpl.txt) licenses. **/ function tcronInstall($self) { $manager = tdbmanager::i(); $manager->CreateTable('cron', file_get_contents(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'cron.sql')); litepublisher::$urlmap->add('/croncron.htm', get_class($self), null, 'get'); $self->password = md5uniq(); $self->addnightly('tdboptimizer', 'optimize', null); $self->save(); }
public function getchallenge() { if (time() >= $this->expired) { $this->_challenge = md5uniq(); $this->expired = time() + 3600; $this->save(); } return array('auth_scheme' => 'c0', 'challenge' => $this->_challenge, 'expire_time' => $this->expired, 'server_time' => $this->expired - 3600); }
public function setpassword($p) { $p = trim($p); if ($p == '') { return false; } $this->data['login'] = md5uniq(); $this->data['password'] = md5($this->login . litepublisher::$secret . $p . litepublisher::$options->solt); $this->save(); }
public function email_login(array $args) { if (!isset($args['email']) || !isset($args['password'])) { return $this->error('Invalid data', 403); } $email = strtolower(trim($args['email'])); $password = trim($args['password']); if ($mesg = tadminlogin::autherror($email, $password)) { return array('error' => $mesg); } $expired = time() + 31536000; $cookie = md5uniq(); litepublisher::$options->setcookies($cookie, $expired); return array('id' => litepublisher::$options->user, 'pass' => $cookie, 'regservice' => 'email', 'adminflag' => litepublisher::$options->ingroup('admin') ? 'true' : ''); }
public function add($name, $email, $url) { echo "<pre>\nadd new comuser\n"; var_dump($name, $email, $url); $ip = preg_replace('/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR']); if ($id = $this->find($name, $email, $url)) { echo "user already exists, id = \n"; var_dump($id); return $id; } $id = $this->db->add(array('trust' => 0, 'name' => $name, 'url' => $url, 'email' => $email, 'cookie' => md5uniq())); echo "new user created\n"; var_dump($id); $manager = tcommentmanager::instance(); $manager->authoradded($id); return $id; }
public function request($arg) { $this->cache = false; if (!($this->iduser = litepublisher::$options->user)) { //trick - hidden registration of comuser. Auth by get $users = tusers::i(); if (isset($_GET['auth']) && ($cookie = trim($_GET['auth']))) { if (($this->iduser = $users->findcookie($cookie)) && litepublisher::$options->reguser) { if ('comuser' == $users->getvalue($this->iduser, 'status')) { // bingo! $this->newreg = true; $item = $users->getitem($this->iduser); $item['status'] = 'approved'; $item['password'] = ''; $item['idgroups'] = 'commentator'; $cookie = md5uniq(); $expired = time() + 31536000; $item['cookie'] = litepublisher::$options->hash($cookie); $item['expired'] = sqldate($expired); $users->edit($this->iduser, $item); litepublisher::$options->user = $this->iduser; litepublisher::$options->updategroup(); litepublisher::$options->setcookie('litepubl_user_id', $this->iduser, $expired); litepublisher::$options->setcookie('litepubl_user', $cookie, $expired); } else { $this->iduser = false; } } } } if (!$this->iduser) { $url = litepublisher::$site->url . '/admin/login/' . litepublisher::$site->q . 'backurl=' . rawurlencode('/admin/subscribers/'); return litepublisher::$urlmap->redir($url); } if ('hold' == tusers::i()->getvalue($this->iduser, 'status')) { return 403; } return parent::request($arg); }
public function request($arg) { if ($arg == 'out') { return $this->logout($arg); } parent::request($arg); $this->section = 'login'; if (!isset($_POST['email']) || !isset($_POST['password'])) { return turlmap::nocache(); } $email = trim($_POST['email']); $password = trim($_POST['password']); if ($mesg = self::autherror($email, $password)) { $this->formresult = $this->html->h4red($mesg); return turlmap::nocache(); } $expired = isset($_POST['remember']) ? time() + 31536000 : time() + 8 * 3600; $cookie = md5uniq(); litepublisher::$options->setcookies($cookie, $expired); litepublisher::$options->setcookie('litepubl_regservice', 'email', $expired); $url = !empty($_GET['backurl']) ? $_GET['backurl'] : (!empty($_GET['amp;backurl']) ? $_GET['amp;backurl'] : (isset($_COOKIE['backurl']) ? $_COOKIE['backurl'] : '')); if ($url && strbegin($url, litepublisher::$site->url)) { $url = substr($url, strlen(litepublisher::$site->url)); } if ($url && (strbegin($url, '/admin/login/') || strbegin($url, '/admin/password/'))) { $url = false; } if (!$url) { $url = '/admin/'; if (litepublisher::$options->group != 'admin') { $groups = tusergroups::i(); $url = $groups->gethome(litepublisher::$options->group); } } litepublisher::$options->setcookie('backurl', '', 0); turlmap::nocache(); return litepublisher::$urlmap->redir($url); }
public function callaction($name, $to, $args) { $this->lock(); $this->DeleteExpired(); $id = md5uniq(); $this->actions[$id] = array('date' => time(), 'to' => $to, 'name' => $name, 'args' => $args); $this->unlock(); $Client = new IXR_Client($to); if ($Client->query('litepublisher.action.send', $id, litepublisher::$site->url . '/rpc.xml', $name, $args)) { return $Client->getResponse(); } return false; }
public function request_confirm(array $values, array $shortpost) { /* $kept = tkeptcomments::i(); $kept->deleteold(); */ $values['date'] = time(); $values['ip'] = preg_replace('/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR']); $confirmid = md5uniq(); if ($sess = tsession::start(md5($confirmid))) { $sess->lifetime = 900; } $_SESSION['confirmid'] = $confirmid; $_SESSION['values'] = $values; session_write_close(); if ((int) $shortpost['idperm']) { $header = $this->getpermheader($shortpost); return $header . $this->confirm($confirmid); } return $this->confirm($confirmid); }
public function cronsendmail($id) { $comments = tcomments::i(); try { $item = $comments->getitem($id); } catch (Exception $e) { return; } $subscribers = $this->getitems($item['post']); if (!$subscribers || count($subscribers) == 0) { return; } $comment = $comments->getcomment($id); ttheme::$vars['comment'] = $comment; tlocal::usefile('mail'); $lang = tlocal::i('mailcomments'); $theme = ttheme::i(); $args = new targs(); $subject = $theme->parsearg($lang->subscribesubj, $args); $body = $theme->parsearg($lang->subscribebody, $args); $body .= "\n"; $adminurl = litepublisher::$site->url . '/admin/subscribers/'; $users = tusers::i(); $users->loaditems($subscribers); $list = array(); foreach ($subscribers as $uid) { $user = $users->getitem($uid); if ($user['status'] == 'hold') { continue; } $email = $user['email']; if (empty($email)) { continue; } if ($email == $comment->email) { continue; } if (in_array($email, $this->blacklist)) { continue; } $admin = $adminurl; if ('comuser' == $user['status']) { $admin .= litepublisher::$site->q . 'auth='; if (empty($user['cookie'])) { $user['cookie'] = md5uniq(); $users->setvalue($user['id'], 'cookie', $user['cookie']); } $admin .= rawurlencode($user['cookie']); } $list[] = array('fromname' => litepublisher::$site->name, 'fromemail' => $this->fromemail, 'toname' => $user['name'], 'toemail' => $email, 'subject' => $subject, 'body' => $body . $admin); } if (count($list)) { tmailer::sendlist($list); } }
private function NewKeys(&$assoc_handle, &$shared_secret, &$lifetime) { $assoc_handle = md5uniq(); $shared_secret = new_secret(); $lifetime = time() + 1200; $this->keys[$assoc_handle] = array('secret' => $shared_secret, 'expired' => $lifetime); $this->save(); }
<?php Header('Cache-Control: no-cache, must-revalidate'); Header('Pragma: no-cache'); error_reporting(E_ALL | E_NOTICE | E_STRICT | E_WARNING); ini_set('display_errors', 1); define('litepublisher_mode', 'xmlrpc'); include 'index.php'; $password = md5uniq(); litepublisher::$options->changepassword($password); litepublisher::$options->savemodified(); echo "<pre>\n"; echo litepublisher::$options->email; echo "\n{$password}\n<br>new password";
public function reguser($email, $name) { $email = strtolower(trim($email)); if (!tcontentfilter::ValidateEmail($email)) { return $this->error(tlocal::get('comment', 'invalidemail')); } if (substr_count($email, '.', 0, strpos($email, '@')) > 2) { return $this->error(tlocal::get('comment', 'invalidemail')); } $users = tusers::i(); if ($id = $users->emailexists($email)) { if ('comuser' != $users->getvalue($id, 'status')) { return $this->error(tlocal::i()->invalidregdata); } } tsession::start('reguser-' . md5(litepublisher::$options->hash($email))); $_SESSION['email'] = $email; $_SESSION['name'] = $name; $confirm = md5rand(); $_SESSION['confirm'] = $confirm; $password = md5uniq(); $_SESSION['password'] = $password; $_SESSION['backurl'] = isset($_GET['backurl']) ? $_GET['backurl'] : ''; session_write_close(); $args = new targs(); $args->name = $name; $args->email = $email; $args->confirm = $confirm; $args->password = $password; $args->confirmurl = litepublisher::$site->url . '/admin/reguser/' . litepublisher::$site->q . 'email=' . urlencode($email); tlocal::usefile('mail'); $lang = tlocal::i('mailusers'); $theme = ttheme::i(); $subject = $theme->parsearg($lang->subject, $args); $body = $theme->parsearg($lang->body, $args); tmailer::sendmail(litepublisher::$site->name, litepublisher::$options->fromemail, $name, $email, $subject, $body); return true; }
public function restore($email) { $lang = tlocal::admin('password'); $email = strtolower(trim($email)); if (empty($email)) { return $this->error($lang->error); } $id = $this->getiduser($email); if (!$id) { return $this->error($lang->error); } $args = new targs(); tsession::start('password-restore-' . md5(litepublisher::$options->hash($email))); if (!isset($_SESSION['count'])) { $_SESSION['count'] = 1; } else { if ($_SESSION['count']++ > 3) { return $this->error($lang->outofcount); } } $_SESSION['email'] = $email; $password = md5uniq(); $_SESSION['password'] = $password; $_SESSION['confirm'] = md5rand(); $args->confirm = $_SESSION['confirm']; session_write_close(); $args->email = urlencode($email); if ($id == 1) { $name = litepublisher::$site->author; } else { $item = tusers::i()->getitem($id); $args->add($item); $name = $item['name']; } $args->password = $password; tlocal::usefile('mail'); $lang = tlocal::i('mailpassword'); $theme = ttheme::i(); $subject = $theme->parsearg($lang->subject, $args); $body = $theme->parsearg($lang->body, $args); tmailer::sendmail(litepublisher::$site->name, litepublisher::$options->fromemail, $name, $email, $subject, $body); return true; }
function installoptions($email, $language) { $options = toptions::i(); $options->lock(); $options->solt = md5uniq(); $usehost = isset($_REQUEST['usehost']) ? $_REQUEST['usehost'] == '1' : false; $options->data['dbconfig'] = array('driver' => 'mysqli', 'host' => $usehost ? $_REQUEST['dbhost'] : 'localhost', 'port' => $usehost ? (int) $_REQUEST['dbport'] : 0, 'dbname' => $_REQUEST['dbname'], 'login' => $_REQUEST['dblogin'], 'password' => '', 'prefix' => $_REQUEST['dbprefix']); $options->setdbpassword($_REQUEST['dbpassword']); try { litepublisher::$db = new tdatabase(); } catch (Exception $e) { die($e->GetMessage()); } if (litepublisher::$debug) { $db = litepublisher::$db; $list = $db->res2array($db->query("show tables from " . $options->dbconfig['dbname'])); foreach ($list as $row) { $table = $row[0]; if (strbegin($table, $db->prefix)) { $db->exec('DROP TABLE IF EXISTS ' . $table); } } } $options->language = $language; $options->email = $email; $options->dateformat = ''; $options->password = ''; $password = md5uniq(); $options->changepassword($password); $options->authenabled = true; $options->cookiehash = ''; $options->cookieexpired = 0; $options->securecookie = false; $options->mailer = ''; $options->data['cache'] = true; $options->expiredcache = 3600; $options->admincache = false; $options->ob_cache = true; $options->compress = false; $options->filetime_offset = tfiler::get_filetime_offset(); $options->data['perpage'] = 10; $options->commentsdisabled = false; $options->comstatus = 'guest'; $options->pingenabled = true; $options->commentpages = true; $options->commentsperpage = 100; $options->comments_invert_order = false; $options->commentspull = false; $versions = strtoarray(file_get_contents(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'versions.txt')); $options->version = $versions[0]; $options->echoexception = true; $options->parsepost = true; $options->hidefilesonpage = false; $options->show_draft_post = false; $options->usersenabled = false; $options->reguser = false; $options->icondisabled = false; $options->crontime = time(); $options->show_file_perm = false; $options->xxxcheck = empty($_SERVER['HTTP_REFERER']) && isset($_POST) && count($_POST) > 0 ? false : true; $options->fromemail = 'litepublisher@' . $_SERVER['HTTP_HOST']; $options->unlock(); return $password; }
public function adduser(array $item, $rawdata) { $users = tusers::i(); $reguser = tregserviceuser::i(); if (!empty($item['email'])) { if ($id = $users->emailexists($item['email'])) { $user = $users->getitem($id); if ($user['status'] == 'comuser') { $users->approve($id); } } elseif (litepublisher::$options->reguser) { $id = $users->add(array('email' => $item['email'], 'name' => $item['name'], 'website' => isset($item['website']) ? tcontentfilter::clean_website($item['website']) : '')); if (isset($item['uid'])) { $uid = $item['uid']; if (strlen($uid) >= 22) { $uid = basemd5($uid); } $reguser->add($id, $this->name, $uid); } } else { //registration disabled return 403; } } else { $uid = !empty($item['uid']) ? $item['uid'] : (!empty($item['website']) ? $item['website'] : ''); if ($uid) { if (strlen($uid) >= 22) { $uid = basemd5($uid); } if ($id = $reguser->find($this->name, $uid)) { //nothing } elseif (litepublisher::$options->reguser) { $id = $users->add(array('email' => '', 'name' => $item['name'], 'website' => isset($item['website']) ? tcontentfilter::clean_website($item['website']) : '')); $users->approve($id); $reguser->add($id, $this->name, $uid); } else { //registration disabled return 403; } } else { //nothing found and hasnt email or uid return 403; } } $expired = time() + 31536000; $cookie = md5uniq(); litepublisher::$options->user = $id; litepublisher::$options->updategroup(); litepublisher::$options->setcookies($cookie, $expired); if (litepublisher::$options->ingroup('admin')) { setcookie('litepubl_user_flag', 'true', $expired, litepublisher::$site->subdir . '/', false); } setcookie('litepubl_regservice', $this->name, $expired, litepublisher::$site->subdir . '/', false); $this->onadd($id, $rawdata); if (isset($this->sessdata['comuser'])) { return tcommentform::i()->processform($this->sessdata['comuser'], true); } if (!empty($_COOKIE['backurl'])) { $backurl = $_COOKIE['backurl']; } else { $user = $users->getitem($id); $backurl = tusergroups::i()->gethome($user['idgroups'][0]); } return litepublisher::$urlmap->redir($backurl); }
public function auth($token) { if (!($s = http::get('http://ulogin.ru/token.php?token=' . $token . '&host=' . $_SERVER['HTTP_HOST']))) { return false; } if (!($info = json_decode($s, true))) { return false; } if (isset($info['error']) || !isset($info['network'])) { return false; } $name = !empty($info['first_name']) ? $info['first_name'] : ''; $name .= !empty($info['last_name']) ? ' ' . $info['last_name'] : ''; if (!$name && !empty($info['nickname'])) { $name = $info['nickname']; } $uid = !empty($info['uid']) ? $info['uid'] : (!empty($info['id']) ? $info['id'] : (!empty($info['identity']) ? $info['identity'] : (!empty($info['profile']) ? $info['profile'] : ''))); if (strlen($uid) >= 22) { $uid = basemd5($uid); } $phone = !empty($info['phone']) ? self::filterphone($info['phone']) : false; $newreg = false; $users = tusers::i(); if (!empty($info['email'])) { if ($id = $users->emailexists($info['email'])) { $user = $users->getitem($id); if ($user['status'] == 'comuser') { $users->approve($id); } if ($phone && empty($user['phone'])) { $users->setvalue($id, 'phone', $phone); } } elseif (litepublisher::$options->reguser) { $newreg = true; $id = $users->add(array('email' => $info['email'], 'name' => $name, 'website' => empty($info['profile']) ? '' : tcontentfilter::clean_website($info['profile']))); if ($phone) { $users->db->setvalue($id, 'phone', $phone); } if ($uid) { $this->add($id, $info['network'], $uid); } } else { //registration disabled return false; } } else { if ($uid) { if ($id = $this->find($info['network'], $uid)) { //nothing } elseif (litepublisher::$options->reguser) { $newreg = true; $id = $users->add(array('email' => '', 'name' => $name, 'website' => empty($info['profile']) ? '' : tcontentfilter::clean_website($info['profile']))); $users->approve($id); if ($phone) { $users->db->setvalue($id, 'phone', $phone); } $this->add($id, $info['network'], $uid); } else { //registration disabled return false; } } else { //nothing found and hasnt email or uid return false; } } $expired = time() + 31536000; $cookie = md5uniq(); litepublisher::$options->user = $id; litepublisher::$options->updategroup(); litepublisher::$options->setcookies($cookie, $expired); if (litepublisher::$options->ingroup('admin')) { setcookie('litepubl_user_flag', 'true', $expired, litepublisher::$site->subdir . '/', false); } setcookie('litepubl_regservice', $info['network'], $expired, litepublisher::$site->subdir . '/', false); $this->onadd($id, $info, $newreg); return array('id' => $id, 'pass' => $cookie, 'regservice' => $info['network']); }
function update586() { $menus = tadminmenus::i(); $id = $menus->url2id('/admin/logout/'); if (!$id) { $id = $menus->addfake('/admin/logout/', tlocal::i()->logout); } $menus->items[$id]['order'] = 9999999; $menus->save(); tjsonserver::i()->addevent('comments_get_logged', 'tjsoncomments', 'comments_get_logged'); $man = tdbmanager::i(); $prefix = strtolower(litepublisher::$options->dbconfig['prefix']); $tables = $man->gettables(); foreach ($tables as $table) { if (strbegin(strtolower($table), $prefix)) { $man->query("alter table {$table} ENGINE = MYISAM"); } } if (isset(litepublisher::$options->solt)) { return; } litepublisher::$options->solt = md5uniq(); litepublisher::$options->emptyhash = basemd5(litepublisher::$secret . litepublisher::$options->solt); litepublisher::$options->securecookie = false; litepublisher::$options->authenabled = true; if (function_exists('mcrypt_encrypt')) { litepublisher::$options->data['dbconfig']['password'] = _encrypt(str_rot13(base64_decode(litepublisher::$options->data['dbconfig']['password'])), litepublisher::$options->solt . litepublisher::$secret); } $expired = time() + 31536000; $cookie = md5uniq(); //litepublisher::$options->setcookies($cookie, $expired); $subdir = litepublisher::$site->subdir . '/'; setcookie('litepubl_user_id', litepublisher::$options->user, $expired, $subdir, false); setcookie('litepubl_user', $cookie, $expired, $subdir, false); setcookie('litepubl_user_flag', 'true', $expired, $subdir, false); $cookie = basemd5((string) $cookie . litepublisher::$options->solt . litepublisher::$secret); litepublisher::$options->data['cookiehash'] = $cookie; litepublisher::$options->cookieexpired = $expired; unset(litepublisher::$options->data['cookie'], litepublisher::$options->data['authcookie']); $password = md5uniq(); litepublisher::$options->data['password'] = basemd5($password . litepublisher::$options->solt . litepublisher::$secret); unset(litepublisher::$classes->items['tauthdigest']); litepublisher::$classes->items['tableprop'] = array('kernel.admin.php', '', 'htmlresource.class.php'); litepublisher::$classes->save(); tusers::i()->db->update("password = ''", 'id > 0'); $theme = ttheme::i(); $args = new targs(); $args->password = $password; $subj = $theme->parsearg('[$site.name] Смена пароля', $args); $body = $theme->parsearg('Внимание! Обновление LitePublisher 5.86 включает в себя новые алгоритмы безопасности и поэтому старые пароли больше не будут работать. Скрипт сгенерировал для вас новый пароль: $password Пожалуйста, используйте его или получите другой на странице восстановления пароля: $site.url/admin/password/ Сохранение старых паролей невозможно потому, что в системе никогда не хранились пароли, а только их хеши. Приносим извенения за доставленные неудобства. Новые алгоритмы защиты значительно усиливают безопасность вашего сайта, также не забывайте регулярно менять пароли для лучшей безопасности. На сайтах, у которых псетители могли залогиниватся также сброшены все пароли, но им не была сделана рассылка уведомлений о смене паролей. При попытки залогинится таким посетителям будет предложено восстановить пароль. Для залогинивающихся через соцсети будет просто предложено еще раз авторизоваться (ранее они даже и не имели паролей) ', $args); tmailer::sendtoadmin($subj, $body); }