Esempio n. 1
0
 static function addAuthor($username, $password, $email, $userlevel, $right_publish, $no_create)
 {
     global $serendipity;
     if (!is_array(serendipity_db_query("SELECT username FROM {$serendipity['dbPrefix']}pending_authors LIMIT 1", true, 'both', false, false, false, true))) {
         serendipity_db_schema_import("CREATE TABLE {$serendipity['dbPrefix']}pending_authors (\n              username varchar(20) default null,\n              password varchar(128) default null,\n              email varchar(128) not null default '',\n              userlevel int(4) {UNSIGNED} not null default '0',\n              right_publish int(1) default '1',\n              no_create int(1) default '0',\n              hash varchar(32) default null\n            );");
     }
     $hash = md5(time());
     if (function_exists('serendipity_hash')) {
         // Serendipity 1.5 style
         $hashpw = serendipity_hash($password);
     } else {
         $hashpw = md5($password);
     }
     serendipity_db_insert('pending_authors', array('username' => $username, 'password' => $hashpw, 'email' => $email, 'userlevel' => $userlevel, 'right_publish' => serendipity_db_bool($right_publish) ? '1' : '0', 'no_create' => serendipity_db_bool($no_create) ? '1' : '0', 'hash' => $hash));
     return $hash;
 }
/**
 * Backwards-compatibility to recognize old-style md5 passwords to allow migration
 *
 * @param string The string to hash
 * @param string  Either SHA1 or MD5 hash, depending on value
 */
function serendipity_passwordhash($cleartext_password)
{
    global $serendipity;
    if ($_SESSION['serendipityHashType'] > 0) {
        return serendipity_hash($cleartext_password);
    } else {
        return md5($cleartext_password);
    }
}
    function event_hook($event, &$bag, &$eventData, $addData = null)
    {
        global $serendipity;
        $hooks =& $bag->get('event_hooks');
        if (isset($hooks[$event])) {
            switch ($event) {
                case 'backend_login_page':
                    // first LINK
                    if (!isset($_GET['forgotpassword']) && !isset($_GET['username']) && !isset($_POST['username'])) {
                        $eventData['footer'] = '
                        <table cellspacing="10" cellpadding="0" border="0" align="center">
                            <tr>
                                <td colspan="2" align="right"><a href="?forgotpassword=1">' . PLUGIN_EVENT_FORGOTPASSWORD_LOST_PASSWORD . '</a></td>
                            </tr>
                        </table>';
                        return true;
                        // first FORM
                    } elseif (!isset($_POST['username']) && !isset($_GET['uid'])) {
                        $eventData['footer'] = '
                        <form action="serendipity_admin.php" method="post">
                            <table cellspacing="10" cellpadding="0" border="0" align="center">
                                <tr>
                                    <td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_ENTER_USERNAME . '</td>
                                </tr>

                                <tr>
                                    <td>' . USERNAME . '</td>
                                    <td><input class="input_textbox" type="text" name="username" /></td>
                                </tr>

                                <tr>
                                    <td colspan="2" align="right"><input type="submit" name="forgot" value="' . PLUGIN_EVENT_FORGOTPASSWORD_SEND_EMAIL . '" class="serendipityPrettyButton input_button" /></td>
                                </tr>
                            </table>
                        </form>';
                        return true;
                        // submitted FORM (send an email to user and show a simple page)
                    } elseif (!isset($_POST['uid']) && isset($_POST['username'])) {
                        $q = 'SELECT email, authorid FROM ' . $serendipity['dbPrefix'] . 'authors where username = \'' . serendipity_db_escape_string($_POST['username']) . '\'';
                        $sql = serendipity_db_query($q);
                        if (!is_array($sql) || count($sql) < 1) {
                            $eventData['footer'] = '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . PLUGIN_EVENT_FORGOTPASSWORD_USER_NOT_EXIST . '</div>';
                            return true;
                        }
                        if ($sql && is_array($sql)) {
                            if (empty($sql[0]['email'])) {
                                $eventData['footer'] = '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . $this->get_config('nomailinfo') . '</div>';
                                if ($this->get_config('nomailadd') != '') {
                                    $sent = serendipity_sendMail($this->get_config('nomailadd'), PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_SUBJECT, sprintf($this->get_config('nomailtxt'), $_POST['username']), NULL);
                                }
                                return true;
                            }
                            $res = $sql[0];
                            $email = $res['email'];
                            $authorid = $res['authorid'];
                            $md5 = md5(uniqid(time()));
                            $q = 'INSERT INTO ' . $serendipity['dbPrefix'] . 'forgotpassword VALUES (\'' . $md5 . '\', \'' . $authorid . '\')';
                            $sql = serendipity_db_query($q);
                            if (!$sql) {
                                $eventData['footer'] = '
                                <table cellspacing="10" cellpadding="0" border="0" align="center">
                                    <tr>
                                        <td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR . '</td>
                                    </tr>
                                </table>';
                                return true;
                            }
                            $sent = serendipity_sendMail($email, PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_SUBJECT, PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_BODY . $serendipity['baseURL'] . 'serendipity_admin.php?username='******'&uid=' . $md5, NULL);
                            if ($sent) {
                                $eventData['footer'] = '
                                <table cellspacing="10" cellpadding="0" border="0" align="center">
                                    <tr>
                                        <td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_SENT . '</td>
                                    </tr>
                                </table>';
                            } else {
                                $eventData['footer'] = '
                                <table cellspacing="10" cellpadding="0" border="0" align="center">
                                    <tr>
                                        <td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_CANNOT_SEND . '</td>
                                    </tr>
                                </table>';
                            }
                            return true;
                        } else {
                            $eventData['footer'] = '
                            <table cellspacing="10" cellpadding="0" border="0" align="center">
                                <tr>
                                    <td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR . '</td>
                                </tr>
                            </table>';
                            return true;
                        }
                        // clicked link in user email
                    } elseif (isset($_GET['uid']) && isset($_GET['username']) && !isset($_POST['password'])) {
                        $eventData['footer'] = '
                        <form action="serendipity_admin.php" method="post">
                            <table cellspacing="10" cellpadding="0" border="0" align="center">
                                <tr>
                                    <td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_ENTER_PASSWORD . '</td>
                                </tr>

                                <tr>
                                    <td>' . PASSWORD . '</td>
                                    <td><input class="input_textbox" type="password" name="password" />
                                        <input type="hidden" name="username" value="' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($_GET['username']) : htmlspecialchars($_GET['username'], ENT_COMPAT, LANG_CHARSET)) . '" />
                                        <input type="hidden" name="uid" value="' . (function_exists('serendipity_specialchars') ? serendipity_specialchars($_GET['uid']) : htmlspecialchars($_GET['uid'], ENT_COMPAT, LANG_CHARSET)) . '" /></td>
                                </tr>

                                <tr>
                                    <td colspan="2" align="right"><input type="submit" name="forgot" value="' . PLUGIN_EVENT_FORGOTPASSWORD_CHANGE_PASSWORD . '" class="serendipityPrettyButton input_button" /></td>
                                </tr>
                            </table>
                        </form>';
                        return true;
                        // changed password page
                    } elseif (isset($_POST['uid']) && isset($_POST['username']) && isset($_POST['password'])) {
                        $q = 'SELECT * FROM ' . $serendipity['dbPrefix'] . 'forgotpassword where authorid = \'' . serendipity_db_escape_string($_POST['username']) . '\' and uid = \'' . serendipity_db_escape_string($_POST['uid']) . '\'';
                        $sql = serendipity_db_query($q);
                        if ($sql && is_array($sql)) {
                            $res = $sql[0];
                            $authorid = $res['authorid'];
                            if (function_exists('serendipity_hash')) {
                                $password = serendipity_hash($_POST['password']);
                                $q = 'UPDATE ' . $serendipity['dbPrefix'] . 'authors SET hashtype=1, password=\'' . $password . '\' where authorid = \'' . serendipity_db_escape_string($_POST['username']) . '\'';
                            } else {
                                $password = md5($_POST['password']);
                                $q = 'UPDATE ' . $serendipity['dbPrefix'] . 'authors SET password=\'' . $password . '\' where authorid = \'' . serendipity_db_escape_string($_POST['username']) . '\'';
                            }
                            $sql = serendipity_db_query($q);
                            if (!$sql) {
                                $eventData['footer'] = '
                                <table cellspacing="10" cellpadding="0" border="0" align="center">
                                    <tr>
                                        <td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR . '</td>
                                    </tr>
                                </table>';
                                return true;
                            }
                            $q = 'DELETE FROM ' . $serendipity['dbPrefix'] . 'forgotpassword where authorid = \'' . serendipity_db_escape_string($_POST['username']) . '\'';
                            $sql = serendipity_db_query($q);
                            $eventData['footer'] = '
                            <table cellspacing="10" cellpadding="0" border="0" align="center">
                                <tr>
                                    <td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_PASSWORD_CHANGED . '</td>
                                </tr>
                            </table>';
                            return true;
                        } else {
                            $eventData['footer'] = '
                            <table cellspacing="10" cellpadding="0" border="0" align="center">
                                <tr>
                                    <td colspan="2" align="right">' . PLUGIN_EVENT_FORGOTPASSWORD_EMAIL_DB_ERROR . '</td>
                                </tr>
                            </table>';
                            return true;
                        }
                    }
                    break;
                default:
                    return false;
            }
        } else {
            return false;
        }
        return false;
    }