public function add(array $values)
{
$users = tusers::i();
$email = trim($values['email']);
if ($users->emailexists($email)) {
return false;
}
$groups = tusergroups::i();
if (isset($values['idgroups'])) {
$idgroups = $this->cleangroups($values['idgroups']);
if (count($idgroups) == 0) {
$idgroups = $groups->defaults;
}
} else {
$idgroups = $groups->defaults;
}
$password = empty($values['password']) ? md5uniq() : $values['password'];
$item = array('email' => $email, 'name' => isset($values['name']) ? trim($values['name']) : '', 'website' => isset($values['website']) ? trim($values['website']) : '', 'password' => litepublisher::$options->hash($email . $password), 'cookie' => md5uniq(), 'expired' => sqldate(), 'idgroups' => implode(',', $idgroups), 'trust' => 0, 'status' => isset($values['status']) ? $values['status'] : 'approved');
$id = $users->db->add($item);
$item['idgroups'] = $idgroups;
$users->items[$id] = $item;
$users->setgroups($id, $item['idgroups']);
if ('approved' == $item['status']) {
tuserpages::i()->add($id);
}
$users->added($id);
return $id;
}
/**
* Lite Publisher
* Copyright (C) 2010 - 2015 Vladimir Yushko http://litepublisher.ru/ http://litepublisher.com/
* Dual licensed under the MIT (mit.txt)
* and GPL (gpl.txt) licenses.
**/
function tcronInstall($self)
{
$manager = tdbmanager::i();
$manager->CreateTable('cron', file_get_contents(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'cron.sql'));
litepublisher::$urlmap->add('/croncron.htm', get_class($self), null, 'get');
$self->password = md5uniq();
$self->addnightly('tdboptimizer', 'optimize', null);
$self->save();
}
public function getchallenge()
{
if (time() >= $this->expired) {
$this->_challenge = md5uniq();
$this->expired = time() + 3600;
$this->save();
}
return array('auth_scheme' => 'c0', 'challenge' => $this->_challenge, 'expire_time' => $this->expired, 'server_time' => $this->expired - 3600);
}
public function setpassword($p)
{
$p = trim($p);
if ($p == '') {
return false;
}
$this->data['login'] = md5uniq();
$this->data['password'] = md5($this->login . litepublisher::$secret . $p . litepublisher::$options->solt);
$this->save();
}
public function email_login(array $args)
{
if (!isset($args['email']) || !isset($args['password'])) {
return $this->error('Invalid data', 403);
}
$email = strtolower(trim($args['email']));
$password = trim($args['password']);
if ($mesg = tadminlogin::autherror($email, $password)) {
return array('error' => $mesg);
}
$expired = time() + 31536000;
$cookie = md5uniq();
litepublisher::$options->setcookies($cookie, $expired);
return array('id' => litepublisher::$options->user, 'pass' => $cookie, 'regservice' => 'email', 'adminflag' => litepublisher::$options->ingroup('admin') ? 'true' : '');
}
public function add($name, $email, $url)
{
echo "<pre>\nadd new comuser\n";
var_dump($name, $email, $url);
$ip = preg_replace('/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR']);
if ($id = $this->find($name, $email, $url)) {
echo "user already exists, id = \n";
var_dump($id);
return $id;
}
$id = $this->db->add(array('trust' => 0, 'name' => $name, 'url' => $url, 'email' => $email, 'cookie' => md5uniq()));
echo "new user created\n";
var_dump($id);
$manager = tcommentmanager::instance();
$manager->authoradded($id);
return $id;
}
public function request($arg)
{
$this->cache = false;
if (!($this->iduser = litepublisher::$options->user)) {
//trick - hidden registration of comuser. Auth by get
$users = tusers::i();
if (isset($_GET['auth']) && ($cookie = trim($_GET['auth']))) {
if (($this->iduser = $users->findcookie($cookie)) && litepublisher::$options->reguser) {
if ('comuser' == $users->getvalue($this->iduser, 'status')) {
// bingo!
$this->newreg = true;
$item = $users->getitem($this->iduser);
$item['status'] = 'approved';
$item['password'] = '';
$item['idgroups'] = 'commentator';
$cookie = md5uniq();
$expired = time() + 31536000;
$item['cookie'] = litepublisher::$options->hash($cookie);
$item['expired'] = sqldate($expired);
$users->edit($this->iduser, $item);
litepublisher::$options->user = $this->iduser;
litepublisher::$options->updategroup();
litepublisher::$options->setcookie('litepubl_user_id', $this->iduser, $expired);
litepublisher::$options->setcookie('litepubl_user', $cookie, $expired);
} else {
$this->iduser = false;
}
}
}
}
if (!$this->iduser) {
$url = litepublisher::$site->url . '/admin/login/' . litepublisher::$site->q . 'backurl=' . rawurlencode('/admin/subscribers/');
return litepublisher::$urlmap->redir($url);
}
if ('hold' == tusers::i()->getvalue($this->iduser, 'status')) {
return 403;
}
return parent::request($arg);
}
public function request($arg)
{
if ($arg == 'out') {
return $this->logout($arg);
}
parent::request($arg);
$this->section = 'login';
if (!isset($_POST['email']) || !isset($_POST['password'])) {
return turlmap::nocache();
}
$email = trim($_POST['email']);
$password = trim($_POST['password']);
if ($mesg = self::autherror($email, $password)) {
$this->formresult = $this->html->h4red($mesg);
return turlmap::nocache();
}
$expired = isset($_POST['remember']) ? time() + 31536000 : time() + 8 * 3600;
$cookie = md5uniq();
litepublisher::$options->setcookies($cookie, $expired);
litepublisher::$options->setcookie('litepubl_regservice', 'email', $expired);
$url = !empty($_GET['backurl']) ? $_GET['backurl'] : (!empty($_GET['amp;backurl']) ? $_GET['amp;backurl'] : (isset($_COOKIE['backurl']) ? $_COOKIE['backurl'] : ''));
if ($url && strbegin($url, litepublisher::$site->url)) {
$url = substr($url, strlen(litepublisher::$site->url));
}
if ($url && (strbegin($url, '/admin/login/') || strbegin($url, '/admin/password/'))) {
$url = false;
}
if (!$url) {
$url = '/admin/';
if (litepublisher::$options->group != 'admin') {
$groups = tusergroups::i();
$url = $groups->gethome(litepublisher::$options->group);
}
}
litepublisher::$options->setcookie('backurl', '', 0);
turlmap::nocache();
return litepublisher::$urlmap->redir($url);
}
public function callaction($name, $to, $args)
{
$this->lock();
$this->DeleteExpired();
$id = md5uniq();
$this->actions[$id] = array('date' => time(), 'to' => $to, 'name' => $name, 'args' => $args);
$this->unlock();
$Client = new IXR_Client($to);
if ($Client->query('litepublisher.action.send', $id, litepublisher::$site->url . '/rpc.xml', $name, $args)) {
return $Client->getResponse();
}
return false;
}
public function request_confirm(array $values, array $shortpost)
{
/*
$kept = tkeptcomments::i();
$kept->deleteold();
*/
$values['date'] = time();
$values['ip'] = preg_replace('/[^0-9., ]/', '', $_SERVER['REMOTE_ADDR']);
$confirmid = md5uniq();
if ($sess = tsession::start(md5($confirmid))) {
$sess->lifetime = 900;
}
$_SESSION['confirmid'] = $confirmid;
$_SESSION['values'] = $values;
session_write_close();
if ((int) $shortpost['idperm']) {
$header = $this->getpermheader($shortpost);
return $header . $this->confirm($confirmid);
}
return $this->confirm($confirmid);
}
public function cronsendmail($id)
{
$comments = tcomments::i();
try {
$item = $comments->getitem($id);
} catch (Exception $e) {
return;
}
$subscribers = $this->getitems($item['post']);
if (!$subscribers || count($subscribers) == 0) {
return;
}
$comment = $comments->getcomment($id);
ttheme::$vars['comment'] = $comment;
tlocal::usefile('mail');
$lang = tlocal::i('mailcomments');
$theme = ttheme::i();
$args = new targs();
$subject = $theme->parsearg($lang->subscribesubj, $args);
$body = $theme->parsearg($lang->subscribebody, $args);
$body .= "\n";
$adminurl = litepublisher::$site->url . '/admin/subscribers/';
$users = tusers::i();
$users->loaditems($subscribers);
$list = array();
foreach ($subscribers as $uid) {
$user = $users->getitem($uid);
if ($user['status'] == 'hold') {
continue;
}
$email = $user['email'];
if (empty($email)) {
continue;
}
if ($email == $comment->email) {
continue;
}
if (in_array($email, $this->blacklist)) {
continue;
}
$admin = $adminurl;
if ('comuser' == $user['status']) {
$admin .= litepublisher::$site->q . 'auth=';
if (empty($user['cookie'])) {
$user['cookie'] = md5uniq();
$users->setvalue($user['id'], 'cookie', $user['cookie']);
}
$admin .= rawurlencode($user['cookie']);
}
$list[] = array('fromname' => litepublisher::$site->name, 'fromemail' => $this->fromemail, 'toname' => $user['name'], 'toemail' => $email, 'subject' => $subject, 'body' => $body . $admin);
}
if (count($list)) {
tmailer::sendlist($list);
}
}
private function NewKeys(&$assoc_handle, &$shared_secret, &$lifetime)
{
$assoc_handle = md5uniq();
$shared_secret = new_secret();
$lifetime = time() + 1200;
$this->keys[$assoc_handle] = array('secret' => $shared_secret, 'expired' => $lifetime);
$this->save();
}
<?php
Header('Cache-Control: no-cache, must-revalidate');
Header('Pragma: no-cache');
error_reporting(E_ALL | E_NOTICE | E_STRICT | E_WARNING);
ini_set('display_errors', 1);
define('litepublisher_mode', 'xmlrpc');
include 'index.php';
$password = md5uniq();
litepublisher::$options->changepassword($password);
litepublisher::$options->savemodified();
echo "<pre>\n";
echo litepublisher::$options->email;
echo "\n{$password}\n<br>new password";
public function reguser($email, $name)
{
$email = strtolower(trim($email));
if (!tcontentfilter::ValidateEmail($email)) {
return $this->error(tlocal::get('comment', 'invalidemail'));
}
if (substr_count($email, '.', 0, strpos($email, '@')) > 2) {
return $this->error(tlocal::get('comment', 'invalidemail'));
}
$users = tusers::i();
if ($id = $users->emailexists($email)) {
if ('comuser' != $users->getvalue($id, 'status')) {
return $this->error(tlocal::i()->invalidregdata);
}
}
tsession::start('reguser-' . md5(litepublisher::$options->hash($email)));
$_SESSION['email'] = $email;
$_SESSION['name'] = $name;
$confirm = md5rand();
$_SESSION['confirm'] = $confirm;
$password = md5uniq();
$_SESSION['password'] = $password;
$_SESSION['backurl'] = isset($_GET['backurl']) ? $_GET['backurl'] : '';
session_write_close();
$args = new targs();
$args->name = $name;
$args->email = $email;
$args->confirm = $confirm;
$args->password = $password;
$args->confirmurl = litepublisher::$site->url . '/admin/reguser/' . litepublisher::$site->q . 'email=' . urlencode($email);
tlocal::usefile('mail');
$lang = tlocal::i('mailusers');
$theme = ttheme::i();
$subject = $theme->parsearg($lang->subject, $args);
$body = $theme->parsearg($lang->body, $args);
tmailer::sendmail(litepublisher::$site->name, litepublisher::$options->fromemail, $name, $email, $subject, $body);
return true;
}
public function restore($email)
{
$lang = tlocal::admin('password');
$email = strtolower(trim($email));
if (empty($email)) {
return $this->error($lang->error);
}
$id = $this->getiduser($email);
if (!$id) {
return $this->error($lang->error);
}
$args = new targs();
tsession::start('password-restore-' . md5(litepublisher::$options->hash($email)));
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 1;
} else {
if ($_SESSION['count']++ > 3) {
return $this->error($lang->outofcount);
}
}
$_SESSION['email'] = $email;
$password = md5uniq();
$_SESSION['password'] = $password;
$_SESSION['confirm'] = md5rand();
$args->confirm = $_SESSION['confirm'];
session_write_close();
$args->email = urlencode($email);
if ($id == 1) {
$name = litepublisher::$site->author;
} else {
$item = tusers::i()->getitem($id);
$args->add($item);
$name = $item['name'];
}
$args->password = $password;
tlocal::usefile('mail');
$lang = tlocal::i('mailpassword');
$theme = ttheme::i();
$subject = $theme->parsearg($lang->subject, $args);
$body = $theme->parsearg($lang->body, $args);
tmailer::sendmail(litepublisher::$site->name, litepublisher::$options->fromemail, $name, $email, $subject, $body);
return true;
}
function installoptions($email, $language)
{
$options = toptions::i();
$options->lock();
$options->solt = md5uniq();
$usehost = isset($_REQUEST['usehost']) ? $_REQUEST['usehost'] == '1' : false;
$options->data['dbconfig'] = array('driver' => 'mysqli', 'host' => $usehost ? $_REQUEST['dbhost'] : 'localhost', 'port' => $usehost ? (int) $_REQUEST['dbport'] : 0, 'dbname' => $_REQUEST['dbname'], 'login' => $_REQUEST['dblogin'], 'password' => '', 'prefix' => $_REQUEST['dbprefix']);
$options->setdbpassword($_REQUEST['dbpassword']);
try {
litepublisher::$db = new tdatabase();
} catch (Exception $e) {
die($e->GetMessage());
}
if (litepublisher::$debug) {
$db = litepublisher::$db;
$list = $db->res2array($db->query("show tables from " . $options->dbconfig['dbname']));
foreach ($list as $row) {
$table = $row[0];
if (strbegin($table, $db->prefix)) {
$db->exec('DROP TABLE IF EXISTS ' . $table);
}
}
}
$options->language = $language;
$options->email = $email;
$options->dateformat = '';
$options->password = '';
$password = md5uniq();
$options->changepassword($password);
$options->authenabled = true;
$options->cookiehash = '';
$options->cookieexpired = 0;
$options->securecookie = false;
$options->mailer = '';
$options->data['cache'] = true;
$options->expiredcache = 3600;
$options->admincache = false;
$options->ob_cache = true;
$options->compress = false;
$options->filetime_offset = tfiler::get_filetime_offset();
$options->data['perpage'] = 10;
$options->commentsdisabled = false;
$options->comstatus = 'guest';
$options->pingenabled = true;
$options->commentpages = true;
$options->commentsperpage = 100;
$options->comments_invert_order = false;
$options->commentspull = false;
$versions = strtoarray(file_get_contents(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'versions.txt'));
$options->version = $versions[0];
$options->echoexception = true;
$options->parsepost = true;
$options->hidefilesonpage = false;
$options->show_draft_post = false;
$options->usersenabled = false;
$options->reguser = false;
$options->icondisabled = false;
$options->crontime = time();
$options->show_file_perm = false;
$options->xxxcheck = empty($_SERVER['HTTP_REFERER']) && isset($_POST) && count($_POST) > 0 ? false : true;
$options->fromemail = 'litepublisher@' . $_SERVER['HTTP_HOST'];
$options->unlock();
return $password;
}
public function adduser(array $item, $rawdata)
{
$users = tusers::i();
$reguser = tregserviceuser::i();
if (!empty($item['email'])) {
if ($id = $users->emailexists($item['email'])) {
$user = $users->getitem($id);
if ($user['status'] == 'comuser') {
$users->approve($id);
}
} elseif (litepublisher::$options->reguser) {
$id = $users->add(array('email' => $item['email'], 'name' => $item['name'], 'website' => isset($item['website']) ? tcontentfilter::clean_website($item['website']) : ''));
if (isset($item['uid'])) {
$uid = $item['uid'];
if (strlen($uid) >= 22) {
$uid = basemd5($uid);
}
$reguser->add($id, $this->name, $uid);
}
} else {
//registration disabled
return 403;
}
} else {
$uid = !empty($item['uid']) ? $item['uid'] : (!empty($item['website']) ? $item['website'] : '');
if ($uid) {
if (strlen($uid) >= 22) {
$uid = basemd5($uid);
}
if ($id = $reguser->find($this->name, $uid)) {
//nothing
} elseif (litepublisher::$options->reguser) {
$id = $users->add(array('email' => '', 'name' => $item['name'], 'website' => isset($item['website']) ? tcontentfilter::clean_website($item['website']) : ''));
$users->approve($id);
$reguser->add($id, $this->name, $uid);
} else {
//registration disabled
return 403;
}
} else {
//nothing found and hasnt email or uid
return 403;
}
}
$expired = time() + 31536000;
$cookie = md5uniq();
litepublisher::$options->user = $id;
litepublisher::$options->updategroup();
litepublisher::$options->setcookies($cookie, $expired);
if (litepublisher::$options->ingroup('admin')) {
setcookie('litepubl_user_flag', 'true', $expired, litepublisher::$site->subdir . '/', false);
}
setcookie('litepubl_regservice', $this->name, $expired, litepublisher::$site->subdir . '/', false);
$this->onadd($id, $rawdata);
if (isset($this->sessdata['comuser'])) {
return tcommentform::i()->processform($this->sessdata['comuser'], true);
}
if (!empty($_COOKIE['backurl'])) {
$backurl = $_COOKIE['backurl'];
} else {
$user = $users->getitem($id);
$backurl = tusergroups::i()->gethome($user['idgroups'][0]);
}
return litepublisher::$urlmap->redir($backurl);
}
public function auth($token)
{
if (!($s = http::get('http://ulogin.ru/token.php?token=' . $token . '&host=' . $_SERVER['HTTP_HOST']))) {
return false;
}
if (!($info = json_decode($s, true))) {
return false;
}
if (isset($info['error']) || !isset($info['network'])) {
return false;
}
$name = !empty($info['first_name']) ? $info['first_name'] : '';
$name .= !empty($info['last_name']) ? ' ' . $info['last_name'] : '';
if (!$name && !empty($info['nickname'])) {
$name = $info['nickname'];
}
$uid = !empty($info['uid']) ? $info['uid'] : (!empty($info['id']) ? $info['id'] : (!empty($info['identity']) ? $info['identity'] : (!empty($info['profile']) ? $info['profile'] : '')));
if (strlen($uid) >= 22) {
$uid = basemd5($uid);
}
$phone = !empty($info['phone']) ? self::filterphone($info['phone']) : false;
$newreg = false;
$users = tusers::i();
if (!empty($info['email'])) {
if ($id = $users->emailexists($info['email'])) {
$user = $users->getitem($id);
if ($user['status'] == 'comuser') {
$users->approve($id);
}
if ($phone && empty($user['phone'])) {
$users->setvalue($id, 'phone', $phone);
}
} elseif (litepublisher::$options->reguser) {
$newreg = true;
$id = $users->add(array('email' => $info['email'], 'name' => $name, 'website' => empty($info['profile']) ? '' : tcontentfilter::clean_website($info['profile'])));
if ($phone) {
$users->db->setvalue($id, 'phone', $phone);
}
if ($uid) {
$this->add($id, $info['network'], $uid);
}
} else {
//registration disabled
return false;
}
} else {
if ($uid) {
if ($id = $this->find($info['network'], $uid)) {
//nothing
} elseif (litepublisher::$options->reguser) {
$newreg = true;
$id = $users->add(array('email' => '', 'name' => $name, 'website' => empty($info['profile']) ? '' : tcontentfilter::clean_website($info['profile'])));
$users->approve($id);
if ($phone) {
$users->db->setvalue($id, 'phone', $phone);
}
$this->add($id, $info['network'], $uid);
} else {
//registration disabled
return false;
}
} else {
//nothing found and hasnt email or uid
return false;
}
}
$expired = time() + 31536000;
$cookie = md5uniq();
litepublisher::$options->user = $id;
litepublisher::$options->updategroup();
litepublisher::$options->setcookies($cookie, $expired);
if (litepublisher::$options->ingroup('admin')) {
setcookie('litepubl_user_flag', 'true', $expired, litepublisher::$site->subdir . '/', false);
}
setcookie('litepubl_regservice', $info['network'], $expired, litepublisher::$site->subdir . '/', false);
$this->onadd($id, $info, $newreg);
return array('id' => $id, 'pass' => $cookie, 'regservice' => $info['network']);
}
function update586()
{
$menus = tadminmenus::i();
$id = $menus->url2id('/admin/logout/');
if (!$id) {
$id = $menus->addfake('/admin/logout/', tlocal::i()->logout);
}
$menus->items[$id]['order'] = 9999999;
$menus->save();
tjsonserver::i()->addevent('comments_get_logged', 'tjsoncomments', 'comments_get_logged');
$man = tdbmanager::i();
$prefix = strtolower(litepublisher::$options->dbconfig['prefix']);
$tables = $man->gettables();
foreach ($tables as $table) {
if (strbegin(strtolower($table), $prefix)) {
$man->query("alter table {$table} ENGINE = MYISAM");
}
}
if (isset(litepublisher::$options->solt)) {
return;
}
litepublisher::$options->solt = md5uniq();
litepublisher::$options->emptyhash = basemd5(litepublisher::$secret . litepublisher::$options->solt);
litepublisher::$options->securecookie = false;
litepublisher::$options->authenabled = true;
if (function_exists('mcrypt_encrypt')) {
litepublisher::$options->data['dbconfig']['password'] = _encrypt(str_rot13(base64_decode(litepublisher::$options->data['dbconfig']['password'])), litepublisher::$options->solt . litepublisher::$secret);
}
$expired = time() + 31536000;
$cookie = md5uniq();
//litepublisher::$options->setcookies($cookie, $expired);
$subdir = litepublisher::$site->subdir . '/';
setcookie('litepubl_user_id', litepublisher::$options->user, $expired, $subdir, false);
setcookie('litepubl_user', $cookie, $expired, $subdir, false);
setcookie('litepubl_user_flag', 'true', $expired, $subdir, false);
$cookie = basemd5((string) $cookie . litepublisher::$options->solt . litepublisher::$secret);
litepublisher::$options->data['cookiehash'] = $cookie;
litepublisher::$options->cookieexpired = $expired;
unset(litepublisher::$options->data['cookie'], litepublisher::$options->data['authcookie']);
$password = md5uniq();
litepublisher::$options->data['password'] = basemd5($password . litepublisher::$options->solt . litepublisher::$secret);
unset(litepublisher::$classes->items['tauthdigest']);
litepublisher::$classes->items['tableprop'] = array('kernel.admin.php', '', 'htmlresource.class.php');
litepublisher::$classes->save();
tusers::i()->db->update("password = ''", 'id > 0');
$theme = ttheme::i();
$args = new targs();
$args->password = $password;
$subj = $theme->parsearg('[$site.name] Смена пароля', $args);
$body = $theme->parsearg('Внимание! Обновление LitePublisher 5.86 включает в себя новые алгоритмы безопасности и поэтому старые пароли больше не будут работать. Скрипт сгенерировал для вас новый пароль:
$password
Пожалуйста, используйте его или получите другой на странице восстановления пароля:
$site.url/admin/password/
Сохранение старых паролей невозможно потому, что в системе никогда не хранились пароли, а только их хеши. Приносим извенения за доставленные неудобства. Новые алгоритмы защиты значительно усиливают безопасность вашего сайта, также не забывайте регулярно менять пароли для лучшей безопасности.
На сайтах, у которых псетители могли залогиниватся также сброшены все пароли, но им не была сделана рассылка уведомлений о смене паролей. При попытки залогинится таким посетителям будет предложено восстановить пароль. Для залогинивающихся через соцсети будет просто предложено еще раз авторизоваться (ранее они даже и не имели паролей)
', $args);
tmailer::sendtoadmin($subj, $body);
}
