function test_3_more_inserts() { DB::insert('`accounts`', array('username' => 'Bart', 'password' => 'hello', 'age' => 15, 'height' => 10.371)); $dbname = DB::$dbName; DB::insert("`{$dbname}`.`accounts`", array('username' => 'Charlie\'s Friend', 'password' => 'goodbye', 'age' => 30, 'height' => 155.23, 'favorite_word' => null)); $this->assert(DB::insertId() === 3); $counter = DB::queryFirstField("SELECT COUNT(*) FROM accounts"); $this->assert($counter === strval(3)); DB::insert('`accounts`', array('username' => 'Deer', 'password' => '', 'age' => 15, 'height' => 10.371)); $username = DB::queryFirstField("SELECT username FROM accounts WHERE password=%s0", null); $this->assert($username === 'Deer'); $password = DB::queryFirstField("SELECT password FROM accounts WHERE favorite_word IS NULL"); $this->assert($password === 'goodbye'); DB::$usenull = false; DB::insertUpdate('accounts', array('id' => 3, 'favorite_word' => null)); $password = DB::queryFirstField("SELECT password FROM accounts WHERE favorite_word=%s AND favorite_word=%s", null, ''); $this->assert($password === 'goodbye'); DB::$usenull = true; DB::insertUpdate('accounts', array('id' => 3, 'favorite_word' => null)); DB::$param_char = '###'; $bart = DB::queryFirstRow("SELECT * FROM accounts WHERE age IN ###li AND height IN ###ld AND username IN ###ls", array(15, 25), array(10.371, 150.123), array('Bart', 'Barts')); $this->assert($bart['username'] === 'Bart'); DB::insert('accounts', array('username' => 'f_u')); DB::query("DELETE FROM accounts WHERE username=###s", 'f_u'); DB::$param_char = '%'; $charlie_password = DB::queryFirstField("SELECT password FROM accounts WHERE username IN %ls AND username = %s", array('Charlie', 'Charlie\'s Friend'), 'Charlie\'s Friend'); $this->assert($charlie_password === 'goodbye'); $charlie_password = DB::queryOneField('password', "SELECT * FROM accounts WHERE username IN %ls AND username = %s", array('Charlie', 'Charlie\'s Friend'), 'Charlie\'s Friend'); $this->assert($charlie_password === 'goodbye'); $passwords = DB::queryFirstColumn("SELECT password FROM accounts WHERE username=%s", 'Bart'); $this->assert(count($passwords) === 1); $this->assert($passwords[0] === 'hello'); $username = $password = $age = null; list($age, $username, $password) = DB::queryOneList("SELECT age,username,password FROM accounts WHERE username=%s", 'Bart'); $this->assert($username === 'Bart'); $this->assert($password === 'hello'); $this->assert($age == 15); $mysqli_result = DB::queryRaw("SELECT * FROM accounts WHERE favorite_word IS NULL"); $this->assert($mysqli_result instanceof MySQLi_Result); $row = $mysqli_result->fetch_assoc(); $this->assert($row['password'] === 'goodbye'); $this->assert($mysqli_result->fetch_assoc() === null); }
function show_page() { $row = DB::queryFirstRow('SELECT * FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"'); $name = htmlentities($row['name']); $content = " " . str_replace("\n", "\n ", $row['content']); if (strpos($content, '<h1>') != 6) { $content = '<h1></h1><br /><br />' . $content; } global $LMT_EMAIL; $content = str_replace('{CONTACT_LINK}', email_obfuscate($LMT_EMAIL, null, '<span class="b">Please email us at:</span> '), $content); $page_id = htmlentities($_GET['ID']); global $use_rel_external_script; $use_rel_external_script = true; lmt_page_header($name); echo <<<HEREDOC \t <div style="float: left; margin-top: 40px;"> <a href="List"><img src="../../../res/icons/arrow_left.png" alt="" /> Return to Page List</a> <div class="halfbreak"></div> <a href="Edit?ID={$page_id}"><img src="../../../res/icons/edit.png" alt="" /></a> <a href="Delete?ID={$page_id}"><img src="../../../res/icons/delete.png" alt="" /></a> </div> HEREDOC; echo $content; }
function do_move() { if ($_GET['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } if (isset($_GET['Up'])) { $operator = ' < '; $sql_order = 'DESC'; $modifier = -1; } else { if (isset($_GET['Down'])) { $operator = ' > '; $sql_order = 'ASC'; $modifier = 1; } else { trigger_error('Neither Up nor Down specified', E_USER_ERROR); } } $row = DB::queryFirstRow('SELECT order_num FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"'); $order = $row['order_num']; $row = DB::queryFirstRow('SELECT page_id, order_num FROM pages WHERE order_num' . $operator . $order . ' ORDER BY order_num ' . $sql_order . ' LIMIT 1'); $other_id = $row['page_id']; $new_order = (int) $order + $modifier; DB::queryRaw('UPDATE pages SET order_num="' . mysqli_real_escape_string(DB::get(), $new_order) . '" WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1'); DB::queryRaw('UPDATE pages SET order_num="' . mysqli_real_escape_string(DB::get(), $order) . '" WHERE page_id="' . mysqli_real_escape_string(DB::get(), $other_id) . '" LIMIT 1'); header('Location: List'); }
static function load($id) { $record = DB::queryFirstRow("SELECT * FROM " . SupplierTable::$TABLE_NAME . " WHERE id=%s", $id); if (!empty($record)) { return SuppliersService::supplierfromCursor($record); } return null; }
static function load($id) { $record = DB::queryFirstRow("SELECT * FROM " . PurchaseTable::$TABLE_NAME . " WHERE id=%s", $id); if (!empty($record)) { $purchase = PurchasesServices::purchaseFromCursor($record); return $purchase; } return null; }
public function login($type = 'public', $redirect = true) { // Initialize global $config; // Get user row if (!($user_row = DB::queryFirstRow("SELECT * FROM users WHERE username = %s", strtolower($_POST['username'])))) { $this->invalid_login($type); } // Check password $client = new encrypt(); if ($client->get_password_hash($_POST['password'], $user_row['id']) != $user_row['password']) { $this->invalid_login($type); } // Get session ID do { $session_id = generate_random_string(60); $exists = DB::queryFirstRow("SELECT * FROM auth_sessions WHERE auth_hash = %s", hash('sha512', $session_id)) ? 1 : 0; } while ($exists > 0); // Check for 2FA $require_2fa = false; if ($config['enable_2fa'] == 'all') { $require_2fa = true; } elseif ($config['enable_2fa'] == 'admin' && $user_row['group_id'] == 1) { $require_2fa = true; } // Generate 2FA hash, if needed if ($require_2fa === true) { $status_2fa = 0; $hash_2fa = generate_random_string(60); // Send e-mail $url = "http://" . $_SERVER['HTTP_HOST'] . '/2fa/' . $hash_2fa; mail($user_row['email'], "2FA Authentication - {$config['site_name']}", "You are receiving this e-mail because you just tried to login to {$config['site_name']}, which required 2FA. To proceed with your login, please click on the below URL:\r\n\r\n\t{$url}\r\n\r\nThank you,\r\n{$config['site_name']}\r\n"); } else { $status_2fa = 1; $hash_2fa = ''; } // Create session DB::insert('auth_sessions', array('userid' => $user_row['id'], 'last_active' => time(), 'auth_hash' => hash('sha512', $session_id), '2fa_status' => $status_2fa, '2fa_hash' => $hash_2fa)); // Set cookie $cookie_name = COOKIE_NAME . 'auth_hash'; setcookie($cookie_name, $session_id); // Update alerts DB::query("UPDATE alerts SET is_new = 0 WHERE is_new = 2 AND userid = %d", $user_row['id']); DB::query("UPDATE alerts SET is_new = 2 WHERE is_new = 1 AND userid = %d", $user_row['id']); // Redirect user if ($status_2fa == 0) { $route = $type == 'admin' ? 'admin/2fa' : '2fa'; $template = new template($route); echo $template->parse(); exit(0); } elseif ($type == 'admin' && $redirect === true) { header("Location: " . SITE_URI . "/admin/index"); exit(0); } // Return return $user_row['id']; }
function do_add_separator() { if ($_GET['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } $row = DB::queryFirstRow('SELECT MIN(order_num - 1) AS new_order FROM pages'); $new_order = $row['new_order']; DB::queryRaw('INSERT INTO pages (name, content, order_num) VALUES ("", "", "' . mysqli_real_escape_string(DB::get(), $new_order) . '")'); header('Location: List'); }
static function loadUserByApiKey($apiKey) { $record = DB::queryFirstRow("SELECT * FROM " . UsersService::$TABLE_NAME . " WHERE api_key= %s ", $apiKey); if (!empty($record)) { $user = User::fromCursor($record); return $user; } else { return null; } }
function isUserLoggedIn() { $userId = getUserId(); if ($userId != -1) { $account = DB::queryFirstRow("SELECT Id, Status FROM CWM_User WHERE Id=%?", $userId); $uidHashFromServer = sha1($account['Id']); $uidHash = getUserIdHash(); return isset($uidHash) && $uidHashFromServer == $uidHash && !is_null($account) && $account['Status'] == 1; } return false; }
public static function is_survey_open($survey_id, $time_to_check) { if (!SurveyAvail::search_survey_id($survey_id)) { return FALSE; } $surv_avail = DB::queryFirstRow("SELECT * FROM credentials_stu WHERE survey_id = %i", $survey_id); $mapped_surv_avail = SurveyAvail::row_map($surv_avail); $survey_start = $mapped_surv_avail['survey_start']; $survey_end = $mapped_surv_avail['survey_end']; return $survey_start <= $time_to_check and $time_to_check <= $survey_end; }
/** * Adds a project to the solution * @param [int] $solutionId * @param [int] $projectId * @param [string] $tokenValue * @return [int] Returns -1 if invalid token, 1 if valid token and project was added to the solution, 0 if valid token, but project is already connected the solution */ public static function addProject($solutionId, $projectId, $tokenValue) { $result = -1; if (CWM_API::IsTokenValid($tokenValue)) { $row = DB::queryFirstRow("SELECT * FROM CWM_SolutionProject WHERE SolutionId=%? AND ProjectId=%?", $solutionId, $projectId); $result = is_null($row) == true ? 1 : 0; if ($result) { $result = DB::insert('CWM_SolutionProject', array('SolutionId' => $solutionId, 'ProjectId' => $projectId)); } } return $result; }
public function isAdmin() { \DB::$user = '******'; \DB::$password = '******'; \DB::$dbName = 'Euro2016'; $row = \DB::queryFirstRow("select * from userroles where userid = %i;", Auth::user()->id); if (\DB::count() > 0) { return true; } else { return false; } }
public static function getFromToken($tokenValue) { $user = null; if (CWM_API::IsTokenValid($tokenValue)) { $row = DB::queryFirstRow("SELECT * FROM CWM_User as u JOIN CWM_ApiKeySession as aks ON u.Id = aks.UserId WHERE aks.TokenValue=%?", $tokenValue); if (!is_null($row)) { $status = $row['Status'] == '1' ? true : false; $isFirstTime = $row['IsFirstTime'] == '1' ? true : false; $user = new CWM_User($row['UserId'], $row['Email'], "", "", $status, $isFirstTime); } } return $user; }
function do_delete_page() { if ((int) $_GET['ID'] == -1) { trigger_error('Cannot delete Registration page', E_USER_ERROR); } if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } $row = DB::queryFirstRow('SELECT name FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"'); $page_name = htmlentities($row['name']); DB::queryRaw('DELETE FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1'); alert('The page "' . $page_name . '" has been deleted', 1); header('Location: List'); }
public function createPlaylst($StreamId) { $Sc_Trans_conf = \DB::queryFirstRow("SELECT * FROM sc_rel WHERE id=%s", $StreamId); $Sc_Playlist = \DB::queryFirstRow("SELECT * FROM playlist WHERE id=%s", $Sc_Trans_conf['play_list_id']); $SC_Port_Base = \DB::queryFirstRow("SELECT PortBase FROM sc_serv_conf WHERE id=%s", $Sc_Trans_conf['sc_serv_conf_id']); $datei = fopen("userconf/" . $SC_Port_Base['PortBase'] . "/" . $Sc_Playlist['playlist_name'] . ".lst", "w+"); $columns = \DB::query("SELECT mp3_id FROM playlist_mp3_rel WHERE playlist_id=%s", $Sc_Playlist['id']); foreach ($columns as $mp3) { $mp3_name = \DB::query("SELECT dir_titel FROM mp3 WHERE id=%s", $mp3['mp3_id']); foreach ($mp3_name as $name) { fwrite($datei, $_SERVER['DOCUMENT_ROOT'] . "/mp3collection/" . $name['dir_titel'] . "\r\n"); } } fclose($datei); }
public function __construct($parts = array()) { // Get product ID $product_id = preg_replace("/\\.(.+)\$/", "", $parts[1]); if (!($prow = DB::queryFirstRow("SELECT * FROM products_images WHERE id = %d", $product_id))) { if (!($prow = DB::queryFirstRow("SELECT * FROM products_images WHERE id = 0"))) { echo "Invalid image"; exit(0); } } // Display image header("Content-type: {$prow['mime_type']}"); echo base64_decode($prow['contents']); exit(0); }
function show_form($err) { global $use_rel_external_script; $use_rel_external_script = true; lmt_page_header('Edit Page'); if ($err != '') { $err = "\n <div class=\"error\">{$err}</div><br />\n"; } @($name = htmlentities($_POST['name'])); @($content = htmlentities($_POST['content'])); // Fetch data if this is the first time the form has been shown if ($name == '' || $content == '') { $row = DB::queryFirstRow('SELECT name, content FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"'); if ($name == '') { $name = htmlentities($row['name']); } if ($content == '') { $content = htmlentities($row['content']); } } echo <<<HEREDOC <h1>Edit Page</h1> {$err} <form id="lmtAddPage" method="post" action="{$_SERVER['REQUEST_URI']}"> <table class="spacious"> <tr> <td>Title:</td> <td><input type="text" name="name" value="{$name}" size="25" maxlength="25" /></td> </tr><tr> <td>Content: </td> <td> <textarea name="content" rows="25" cols="80" class="code">{$content}</textarea> <div class="small">Please write XHTML-compliant code.<br /> Links marked with rel="external" open in a new window. Links are relative to /LMT.</div><br /> </td> </tr><tr> <td></td> <td> <input type="hidden" name="xsrf_token" value="{$_SESSION['xsrf_token']}" /> <input type="submit" name="lmt_do_edit_page" value="Save Changes" /> <a href="List">Cancel</a><br /><br /><br /> </td> </tr> </table> </form> HEREDOC; die; }
function show_page() { lmt_page_header('Guts Extra'); echo <<<HEREDOC <h1>Guts Extra</h1> <span class="b">Average x:</span> HEREDOC; $c_sub = "SELECT (SELECT AVG(guts_ans_c) FROM teams WHERE deleted=\"0\") as avg"; $row = DB::queryFirstRow($c_sub); $avg = $row['avg']; if ($avg == '' || is_null($avg)) { $avg = '0'; } echo $avg; }
public function __construct($parts = array()) { // Check for row if (!($row = DB::queryFirstRow("SELECT * FROM auth_sessions WHERE 2fa_hash = %s AND 2fa_status = 0", $parts[1]))) { echo "Invalid 2FA request. Please check the URL, and try again."; exit(0); } // Update DB::query("UPDATE auth_sessions SET 2fa_hash = '', 2fa_status = 1 WHERE id = %d", $row['id']); // Redirect, as needed $group_id = DB::queryFirstField("SELECT group_id FROM users WHERE id = %d", $row['userid']); if ($group_id == 1) { header("Location: " . SITE_URI . "/admin/"); } else { header("Location: " . SITE_URI); } // Exit exit(0); }
public function get_rows($start = 0) { // Get rows to display $rows = DB::query("SELECT * FROM coin_unauthorized_sends ORDER BY date_added DESC LIMIT {$start},{$this->rows_per_page}"); // Go through rows $results = array(); foreach ($rows as $row) { $irow = DB::queryFirstRow("SELECT * FROM coin_inputs WHERE id = %d", $row['input_id']); $username = get_user($irow['userid']); $row['date_added'] = fdate($row['date_added'], true); $row['amount'] = fmoney_coin($irow['amount']) . ' BTC'; $row['checkbox'] = "<center><input type=\"checkbox\" name=\"unauthorized_send_id[]\" value=\"{$row['id']}\"></center>"; $row['user'] = "******"" . SITE_URI . "/admin/user/manage2?username={$username}\">{$username}</a>"; $row['address'] = "<a href=\"" . SITE_URI . "/admin/financial/addresses_view?address={$irow['address']}\">{$irow['address']}</a>"; $row['viewtx'] = "<center><a href=\"" . SITE_URI . "/admin/financial/tx?txid={$row['txid']}\" class=\"btn btn-primary btn-xs\">View Tx</a></center>"; array_push($results, $row); } // Return return $results; }
public function get_rows($start = 0) { // Initailize global $template; // Get rows to display $rows = DB::query("SELECT * FROM alerts WHERE type = %s AND userid = %d ORDER BY date_added DESC LIMIT {$start},{$this->rows_per_page}", $this->type, $GLOBALS['userid']); // Go through rows $results = array(); foreach ($rows as $row) { // Get URLs $addr_url = $template->theme == 'public' ? SITE_URI . "/account/address?address={$row['address']}" : SITE_URI . "/admin/financial/addresses_view?address={$row['address']}"; // Set variables $row['checkbox'] = "<center><input type=\"checkbox\" name=\"alert_id[]\" value=\"{$row['id']}\"></center>"; $row['date_added'] = fdate($row['date_added'], true); // Type specific variables if ($this->type == 'new_user') { $user_row = DB::queryFirstRow("SELECT * FROM users WHERE id = %d", $row['reference_id']); $row['username'] = $user_row['username']; $row['email'] = $user_row['email']; } else { $input = DB::queryFirstRow("SELECT * FROM coin_inputs WHERE id = %d", $row['reference_id']); $row['username'] = get_user($input['userid']); $row['amount'] = fmoney_coin($input['amount']) . ' BTC'; $row['viewtx'] = "<center><a href=\"" . SITE_URI . "/admin/financial/tx?txid=" . $input['txid'] . "\" class=\"btn btn-primary btn-xs\">View Tx</a></center>"; if ($this->type == 'product_purchase') { $row['product'] = DB::queryFirstField("SELECT display_name FROM products WHERE id = %d", $input['product_id']); $row['manage'] = "<center><a href=\"" . SITE_URI . "/admin/financial/orders_manage?order_id=" . $input['order_id'] . "\" class=\"btn btn-primary btn-xs\">Manage</a></center>"; } elseif ($this->type == 'invoice_paid') { $irow = DB::queryFirstRow("SELECT * FROM invoices WHERE id = %d", $input['invoice_id']); $row['invoice'] = "ID# {$input['invoice_id']} (added: " . fdate($invoice['date_added']) . ")"; $row['manage'] = "<center><a href=\"" . SITE_URI . "/admin/financial/invoices_manage?invoice_id=" . $input['invoice_id'] . "\" class=\"btn btn-primary btn-xs\">Manage</a></center>"; } } //$row['address'] = "<a href=\"$addr_url\">$row[address]</a>"; $row['username'] = "******"" . SITE_URI . "/admin/user/manage2?username={$row['username']}\">{$row['username']}</a>"; array_push($results, $row); } // Return return $results; }
function send_verification_email() { global $WEBMASTER_EMAIL; // Fetch email and code $row = DB::queryFirstRow('SELECT name, email, email_verification FROM users WHERE id=%i', $_SESSION['user_id']); $name = $row['name']; $email = $row['email']; $verification_code = $row['email_verification']; // Generate the verification link $protocol = @$_SERVER['HTTPS'] == 'on' ? 'https' : 'http'; $url_pieces = parse_url($_SERVER['REQUEST_URI']); $link = URL::fileurl() . '?id=' . $_SESSION['user_id'] . '&code=' . $verification_code; // Assemble the email $to = $email; //'"' . $name . '" <' . $email . '>'; //For some reason this gives an error about RFC format. $subject = 'Verify your Email Address'; //NOTE: in PHP Heredocs, apparently [] means something for variable interpolation, //so you need to wrap the variable in {}. $body = <<<HEREDOC Welcome to the LHS Math Club website, {$name}! Please click on the link below to verify your email address. [b][url]{$link}[/url][/b] If you didn't create an account, just ignore this email and nothing will happen. To report abuse, please contact <{$WEBMASTER_EMAIL}>. HEREDOC; send_email(array($to), $subject, $body, array($WEBMASTER_EMAIL)); if (isset($_SESSION['ACCOUNT_do_send_verification_email'])) { unset($_SESSION['ACCOUNT_do_send_verification_email']); } else { $_SESSION['ACCOUNT_resent_confirmation_email'] = true; } // so that the page says 'Email has been re-sent' header('Location: Verify_Email'); // reload the page so Refreshing won't resend }
public static function authorize($data, $publicApiKey, $hash) { $newToken = ""; $row = DB::queryFirstRow("SELECT * FROM CWM_ApiKey as ak JOIN CWM_UserApiKey uak ON ak.Id = uak.ApiKeyId WHERE PublicKey=%s", $publicApiKey); if (!is_null($row) && strlen(trim($publicApiKey)) > 0) { $userId = $row['UserId']; $privateApiKey = $row['PrivateKey']; $apiKeyIndex = $row['Id']; $hashCheck = sha1($data . $privateApiKey . $publicApiKey); $result = $hashCheck == $hash; if ($result) { $oldToken = DB::queryOneField('TokenValue', 'SELECT * FROM CWM_ApiKeySession WHERE UserId=%?', $userId); if (!CWM_API::isTokenValid($oldToken)) { $newToken = sha1($userId . $privateApiKey . $hashCheck . CWM_API::getDateTime(time())); DB::insertUpdate('CWM_ApiKeySession', array('ApiKeyId' => $apiKeyIndex, 'LastAccess' => CWM_API::getDateTime(time()), 'UserId' => $userId, 'TokenValue' => $newToken)); } else { $newToken = $oldToken; } } } return $newToken; }
function do_add_page() { if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) { trigger_error('XSRF code incorrect', E_USER_ERROR); } $name = $_POST['name']; $content = $_POST['content']; if ($name == '') { show_form('Please choose a name for the page'); } if (strlen($name) > 25) { show_form('The page name may not be longer than 25 characters'); } if (strlen($content) > 20000) { show_form('The content may not be longer than 20,000 characters'); } // ** VALIDATION COMPLETE ** \\ $row = DB::queryFirstRow('SELECT MIN(order_num - 1) AS new_order FROM pages'); $new_order = $row['new_order']; DB::queryRaw('INSERT INTO pages (name, content, order_num) VALUES ("' . mysqli_real_escape_string(DB::get(), $name) . '", "' . mysqli_real_escape_string(DB::get(), $content) . '", "' . mysqli_real_escape_string(DB::get(), $new_order) . '")'); $row = DB::queryFirstRow('SELECT page_id FROM pages WHERE order_num="' . mysqli_real_escape_string(DB::get(), $new_order) . '"'); header('Location: View?ID=' . $row['page_id']); }
function addscore($id, $score) { if ($score <= 0 || $score > 5) { exit('score_illegal'); } $info = DB::queryFirstRow('SELECT * FROM rating WHERE itemid=' . $id); if (!$info) { //exit("$id info_not_found"); DB::insert('rating', array('itemid' => $id)); } $myscore = DB::queryFirstRow('SELECT * FROM rating_log WHERE itemid=' . $id . ' AND ip=\'' . getip() . '\' ORDER BY timestamp DESC'); if (!$myscore) { $newscore = $info['totalrate'] + $score; DB::update('rating', array('totalrate' => $newscore, 'ratenum' => $info['ratenum'] + 1), "itemid={$id}"); DB::insert('rating_log', array('ip' => getip(), 'itemid' => $id, 'score' => $score, 'timestamp' => time(), 'opt' => 1)); } else { //update $newscore = $info['totalrate'] + $score - $myscore['score']; DB::update('rating', array('totalrate' => $newscore, 'ratenum' => $info['ratenum']), "itemid={$id}"); DB::insert('rating_log', array('ip' => getip(), 'itemid' => $id, 'score' => $score, 'timestamp' => time(), 'opt' => 0)); } return true; }
function attempt_login_user($user_name, $password, $company_id, $superadmin) { // build a check here to put appropriate fields in the session $is_logged = DB::queryFirstRow("SELECT * FROM " . DB_PREFIX . "test_users u WHERE (u.`user_name`='" . $user_name . "' OR u.`user_email`='" . $user_name . "') AND u.`password`='" . $password . "' AND u.`company_id`='" . $company_id . "' AND u.`user_status`='active'"); if ($is_logged) { $company = get_company_details($company_id); $_SESSION['is_logged'] = 1; $_SESSION['company_id'] = $company_id; $_SESSION['user_id'] = $is_logged['user_id']; $_SESSION['user_name'] = $is_logged['user_name']; $_SESSION['role_id'] = 1; $_SESSION['co_prefix'] = get_db_co_prefix($company_id); $_SESSION['company_name'] = $company['company_name']; $_SESSION['default_expense_account'] = 1; // get default Expense Account Company return true; } else { $prefix = DB_PREFIX; $is_company_admin = DB::queryFirstField("SELECT COUNT(*) FROM " . $prefix . "companies WHERE super_admin_user = '******' AND super_admin_password = '******' "); if ($is_company_admin) { $company = get_company_details($company_id); $_SESSION['is_logged'] = 1; $_SESSION['company_id'] = $company_id; $_SESSION['user_id'] = 1; $_SESSION['user_name'] = $user_name; $_SESSION['role_id'] = 1; $_SESSION['co_prefix'] = get_db_co_prefix($company_id); $_SESSION['company_name'] = $company['company_name']; $_SESSION['default_expense_account'] = 1; // get default Expense Account Company return true; } else { return '<h4 style="color:red;">Invalid User Name or Password</h4>'; } } }
// close file exist //if update is successful redirect the page to view client list if ($update) { echo '<script>alert("Edited Details Successfully");</script>'; echo '<script>window.location.replace("' . $_SERVER['PHP_SELF'] . '?route=modules/clients/view_clients");</script>'; } } echo '<h2> $_FILES variable</h2>'; echo "<pre>"; print_r($_FILES); echo "</pre>"; } if (isset($_GET['client_id'])) { $client_id = $_GET['client_id']; $sql = "SELECT\n\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\ttams_clients\n\t\t\t\tWHERE client_id = {$client_id} ;"; $client = DB::queryFirstRow($sql); $client_id = $client['client_id']; $company_name = $client['company_name']; $logo_url = $client['logo_url']; $client_name = $client['client_name']; $client_title = $client['client_title']; $client_address = $client['client_address']; $client_city = $client['client_city']; $client_country = $client['client_country']; $client_phone_1 = $client['client_phone_1']; $client_phone_2 = $client['client_phone_2']; $client_fax = $client['client_fax']; $client_email = $client['client_email']; $client_account_manager = $client['client_account_manager']; $client_status = $client['client_status']; $created_on = $client['created_on'];
DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); //load main functions needed require_once 'sources/main.functions.php'; // Load CORE require_once $_SESSION['settings']['cpassman_dir'] . '/sources/core.php'; /* DEFINE WHAT LANGUAGE TO USE */ if (!isset($_SESSION['user_id']) && isset($_GET['language'])) { // case of user has change language in the login page $dataLanguage = DB::queryFirstRow("SELECT flag, name\n FROM " . prefix_table("languages") . "\n WHERE name = %s", $_GET['language']); $_SESSION['user_language'] = $dataLanguage['name']; $_SESSION['user_language_flag'] = $dataLanguage['flag']; } elseif (!isset($_SESSION['user_id']) && !isset($_POST['language']) && !isset($_SESSION['user_language'])) { //get default language $dataLanguage = DB::queryFirstRow("SELECT m.valeur AS valeur, l.flag AS flag\n FROM " . prefix_table("misc") . " AS m\n INNER JOIN " . prefix_table("languages") . " AS l ON (m.valeur = l.name)\n WHERE m.type=%s_type AND m.intitule=%s_intitule", array('type' => "admin", 'intitule' => "default_language")); if (empty($dataLanguage['valeur'])) { $_SESSION['user_language'] = "english"; $_SESSION['user_language_flag'] = "us.png"; } else { $_SESSION['user_language'] = $dataLanguage['valeur']; $_SESSION['user_language_flag'] = $dataLanguage['flag']; } } elseif (isset($_SESSION['settings']['default_language']) && !isset($_SESSION['user_language'])) { $_SESSION['user_language'] = $_SESSION['settings']['default_language']; } elseif (isset($_POST['language'])) { $_SESSION['user_language'] = filter_var($_POST['language'], FILTER_SANITIZE_STRING); } elseif (!isset($_SESSION['user_language']) || empty($_SESSION['user_language'])) { if (isset($_POST['language'])) { $_SESSION['user_language'] = filter_var($_POST['language'], FILTER_SANITIZE_STRING); } elseif (isset($_SESSION['settings']['default_language'])) {
echo $txtEditView . " " . $appTitle; ?> </h3> <a href="javascript:parent.jQuery.fancybox.close();" class="btn">Close</a> <div style="float: right; margin-bottom: 10px"> <label style="display: inline-block; margin-right: 50px"><input type="checkbox" id="autoopen" style="vertical-align: baseline"> auto-open next field</label> <button id="enable" class="btn"><?php echo $txtEnableButton; ?> </button> </div> <table id="editform" class="table table-bordered table-striped table-hover"> <tbody> <?php $FieldType = explode(',', $strFieldType); $record = DB::queryFirstRow("SELECT * FROM {$db_Table} WHERE {$arrFieldNames['0']}=%i", $key); $columns = DB::columnList($db_Table); $count = count($columns); for ($i = 0; $i <= $count - 1; $i++) { if (substr($strDisplayViewEdit, $i, 1) == 1 || substr($strDisplayViewEdit, $i, 1) == 2 || substr($strDisplayViewEdit, $i, 1) == 3) { if (substr($strRequired, $i, 1) == 1) { $required = "<font color='red'>*</font>"; } else { $required = ''; } echo '<tr><td id="fieldnames" class="editfieldname">' . $arrFieldNames[$i] . ':' . $required . '</td>'; // check if field type is checkkist or select2 and see if it needs to be unserialized if (!empty($FieldType[$i]) && $FieldType[$i] == 'checklist' || $FieldType[$i] == 'select2') { $data = @unserialize($record[$arrFieldNames[$i]]); if ($data !== false || $record[$arrFieldNames[$i]] === 'b:0;') { $record[$arrFieldNames[$i]] = json_encode(unserialize($record[$arrFieldNames[$i]]));
function identifyUser($sentData) { global $debugLdap, $debugDuo, $k; include $_SESSION['settings']['cpassman_dir'] . '/includes/settings.php'; header("Content-type: text/html; charset=utf-8"); error_reporting(E_ERROR); require_once $_SESSION['settings']['cpassman_dir'] . '/sources/main.functions.php'; require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php'; if ($debugDuo == 1) { $dbgDuo = fopen($_SESSION['settings']['path_to_files_folder'] . "/duo.debug.txt", "a"); } /* if (empty($sentData) && isset($_COOKIE['TeamPassC'])) { $sentData = prepareExchangedData($_COOKIE['TeamPassC'], "encode"); setcookie('TeamPassC', "", time()-3600); } */ if ($debugDuo == 1) { fputs($dbgDuo, "Content of data sent '" . $sentData . "'\n"); } // connect to the server require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php'; DB::$host = $server; DB::$user = $user; DB::$password = $pass; DB::$dbName = $database; DB::$port = $port; DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); //Load AES $aes = new SplClassLoader('Encryption\\Crypt', '../includes/libraries'); $aes->register(); // load passwordLib library $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries'); $pwdlib->register(); $pwdlib = new PasswordLib\PasswordLib(); // User's language loading $k['langage'] = @$_SESSION['user_language']; require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php'; // decrypt and retreive data in JSON format $dataReceived = prepareExchangedData($sentData, "decode"); // Prepare variables $passwordClear = htmlspecialchars_decode($dataReceived['pw']); $passwordOldEncryption = encryptOld(htmlspecialchars_decode($dataReceived['pw'])); $username = htmlspecialchars_decode($dataReceived['login']); $logError = ""; if ($debugDuo == 1) { fputs($dbgDuo, "Starting authentication of '" . $username . "'\n"); } // GET SALT KEY LENGTH if (strlen(SALT) > 32) { $_SESSION['error']['salt'] = true; } $_SESSION['user_language'] = $k['langage']; $ldapConnection = false; /* LDAP connection */ if ($debugLdap == 1) { // create temp file $dbgLdap = fopen($_SESSION['settings']['path_to_files_folder'] . "/ldap.debug.txt", "w"); fputs($dbgLdap, "Get all LDAP params : \n" . 'mode : ' . $_SESSION['settings']['ldap_mode'] . "\n" . 'type : ' . $_SESSION['settings']['ldap_type'] . "\n" . 'base_dn : ' . $_SESSION['settings']['ldap_domain_dn'] . "\n" . 'search_base : ' . $_SESSION['settings']['ldap_search_base'] . "\n" . 'bind_dn : ' . $_SESSION['settings']['ldap_bind_dn'] . "\n" . 'bind_passwd : ' . $_SESSION['settings']['ldap_bind_passwd'] . "\n" . 'user_attribute : ' . $_SESSION['settings']['ldap_user_attribute'] . "\n" . 'account_suffix : ' . $_SESSION['settings']['ldap_suffix'] . "\n" . 'domain_controllers : ' . $_SESSION['settings']['ldap_domain_controler'] . "\n" . 'use_ssl : ' . $_SESSION['settings']['ldap_ssl'] . "\n" . 'use_tls : ' . $_SESSION['settings']['ldap_tls'] . "\n*********\n\n"); } if ($debugDuo == 1) { fputs($dbgDuo, "LDAP status: " . $_SESSION['settings']['ldap_mode'] . "\n"); } if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $username != "admin") { //Multiple Domain Names if (strpos(html_entity_decode($username), '\\') == true) { $ldap_suffix = "@" . substr(html_entity_decode($username), 0, strpos(html_entity_decode($username), '\\')); $username = substr(html_entity_decode($username), strpos(html_entity_decode($username), '\\') + 1); } if ($_SESSION['settings']['ldap_type'] == 'posix-search') { $ldapconn = ldap_connect($_SESSION['settings']['ldap_domain_controler']); if ($debugLdap == 1) { fputs($dbgLdap, "LDAP connection : " . ($ldapconn ? "Connected" : "Failed") . "\n"); } ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); if ($ldapconn) { $ldapbind = ldap_bind($ldapconn, $_SESSION['settings']['ldap_bind_dn'], $_SESSION['settings']['ldap_bind_passwd']); if ($debugLdap == 1) { fputs($dbgLdap, "LDAP bind : " . ($ldapbind ? "Bound" : "Failed") . "\n"); } if ($ldapbind) { $filter = "(&(" . $_SESSION['settings']['ldap_user_attribute'] . "={$username})(objectClass=posixAccount))"; $result = ldap_search($ldapconn, $_SESSION['settings']['ldap_search_base'], $filter, array('dn')); if ($debugLdap == 1) { fputs($dbgLdap, 'Search filter : ' . $filter . "\n" . 'Results : ' . print_r(ldap_get_entries($ldapconn, $result), true) . "\n"); } if (ldap_count_entries($ldapconn, $result)) { // try auth $result = ldap_get_entries($ldapconn, $result); $user_dn = $result[0]['dn']; $ldapbind = ldap_bind($ldapconn, $user_dn, $passwordClear); if ($ldapbind) { $ldapConnection = true; } else { $ldapConnection = false; } } } else { $ldapConnection = false; } } else { $ldapConnection = false; } } else { if ($debugLdap == 1) { fputs($dbgLdap, "Get all ldap params : \n" . 'base_dn : ' . $_SESSION['settings']['ldap_domain_dn'] . "\n" . 'account_suffix : ' . $_SESSION['settings']['ldap_suffix'] . "\n" . 'domain_controllers : ' . $_SESSION['settings']['ldap_domain_controler'] . "\n" . 'use_ssl : ' . $_SESSION['settings']['ldap_ssl'] . "\n" . 'use_tls : ' . $_SESSION['settings']['ldap_tls'] . "\n*********\n\n"); } $adldap = new SplClassLoader('LDAP\\adLDAP', '../includes/libraries'); $adldap->register(); // Posix style LDAP handles user searches a bit differently if ($_SESSION['settings']['ldap_type'] == 'posix') { $ldap_suffix = ',' . $_SESSION['settings']['ldap_suffix'] . ',' . $_SESSION['settings']['ldap_domain_dn']; } elseif ($_SESSION['settings']['ldap_type'] == 'windows' and $ldap_suffix == '') { //Multiple Domain Names $ldap_suffix = $_SESSION['settings']['ldap_suffix']; } $adldap = new LDAP\adLDAP\adLDAP(array('base_dn' => $_SESSION['settings']['ldap_domain_dn'], 'account_suffix' => $ldap_suffix, 'domain_controllers' => explode(",", $_SESSION['settings']['ldap_domain_controler']), 'use_ssl' => $_SESSION['settings']['ldap_ssl'], 'use_tls' => $_SESSION['settings']['ldap_tls'])); if ($debugLdap == 1) { fputs($dbgLdap, "Create new adldap object : " . $adldap->get_last_error() . "\n\n\n"); //Debug } // openLDAP expects an attribute=value pair if ($_SESSION['settings']['ldap_type'] == 'posix') { $auth_username = $_SESSION['settings']['ldap_user_attribute'] . '=' . $username; } else { $auth_username = $username; } // authenticate the user if ($adldap->authenticate($auth_username, html_entity_decode($passwordClear))) { $ldapConnection = true; //update user's password $data['pw'] = $pwdlib->createPasswordHash($passwordClear); DB::update(prefix_table('users'), array('pw' => $data['pw']), "login=%s", $username); } else { $ldapConnection = false; } if ($debugLdap == 1) { fputs($dbgLdap, "After authenticate : " . $adldap->get_last_error() . "\n\n\n" . "ldap status : " . $ldapConnection . "\n\n\n"); //Debug } } } else { if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 2) { // nothing } } // Check if user exists $data = DB::queryFirstRow("SELECT * FROM " . prefix_table("users") . " WHERE login=%s_login", array('login' => $username)); $counter = DB::count(); if ($debugDuo == 1) { fputs($dbgDuo, "USer exists: " . $counter . "\n"); } // Check PSK if (isset($_SESSION['settings']['psk_authentication']) && $_SESSION['settings']['psk_authentication'] == 1 && $data['admin'] != 1) { $psk = htmlspecialchars_decode($dataReceived['psk']); $pskConfirm = htmlspecialchars_decode($dataReceived['psk_confirm']); if (empty($psk)) { echo '[{"value" : "psk_required"}]'; exit; } elseif (empty($data['psk'])) { if (empty($pskConfirm)) { echo '[{"value" : "bad_psk_confirmation"}]'; exit; } else { $_SESSION['my_sk'] = $psk; } } elseif ($pwdlib->verifyPasswordHash($psk, $data['psk']) === true) { echo '[{"value" : "bad_psk"}]'; exit; } } $proceedIdentification = false; if ($counter > 0) { $proceedIdentification = true; } elseif ($counter == 0 && $ldapConnection == true && isset($_SESSION['settings']['ldap_elusers']) && $_SESSION['settings']['ldap_elusers'] == 0) { // If LDAP enabled, create user in CPM if doesn't exist $data['pw'] = $pwdlib->createPasswordHash($passwordClear); // create passwordhash DB::insert(prefix_table('users'), array('login' => $username, 'pw' => $data['pw'], 'email' => "", 'admin' => '0', 'gestionnaire' => '0', 'personal_folder' => $_SESSION['settings']['enable_pf_feature'] == "1" ? '1' : '0', 'fonction_id' => '0', 'groupes_interdits' => '0', 'groupes_visibles' => '0', 'last_pw_change' => time(), 'user_language' => $_SESSION['settings']['default_language'])); $newUserId = DB::insertId(); // Create personnal folder if ($_SESSION['settings']['enable_pf_feature'] == "1") { DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => $newUserId, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1')); } // Get info for user //$sql = "SELECT * FROM ".prefix_table("users")." WHERE login = '******'"; //$row = $db->query($sql); $proceedIdentification = true; } // Check if user exists (and has been created in case of new LDAP user) $data = DB::queryFirstRow("SELECT * FROM " . prefix_table("users") . " WHERE login=%s_login", array('login' => $username)); $counter = DB::count(); if ($counter == 0) { echo '[{"value" : "user_not_exists", "text":""}]'; exit; } if ($debugDuo == 1) { fputs($dbgDuo, "USer exists (confirm): " . $counter . "\n"); } // check GA code if (isset($_SESSION['settings']['2factors_authentication']) && $_SESSION['settings']['2factors_authentication'] == 1 && $username != "admin") { if (isset($dataReceived['GACode']) && !empty($dataReceived['GACode'])) { include_once $_SESSION['settings']['cpassman_dir'] . "/includes/libraries/Authentication/GoogleAuthenticator/FixedBitNotation.php"; include_once $_SESSION['settings']['cpassman_dir'] . "/includes/libraries/Authentication/GoogleAuthenticator/GoogleAuthenticator.php"; $g = new Authentication\GoogleAuthenticator\GoogleAuthenticator(); if ($g->checkCode($data['ga'], $dataReceived['GACode'])) { $proceedIdentification = true; } else { $proceedIdentification = false; $logError = "ga_code_wrong"; } } else { $proceedIdentification = false; $logError = "ga_code_wrong"; } } if ($debugDuo == 1) { fputs($dbgDuo, "Proceed with Ident: " . $proceedIdentification . "\n"); } if ($proceedIdentification === true) { // User exists in the DB //$data = $db->fetchArray($row); //v2.1.17 -> change encryption for users password if ($passwordOldEncryption == $data['pw'] && !empty($data['pw'])) { //update user's password $data['pw'] = bCrypt($passwordClear, COST); DB::update(prefix_table('users'), array('pw' => $data['pw']), "id=%i", $data['id']); } if (crypt($passwordClear, $data['pw']) == $data['pw'] && !empty($data['pw'])) { //update user's password $data['pw'] = $pwdlib->createPasswordHash($passwordClear); DB::update(prefix_table('users'), array('pw' => $data['pw']), "id=%i", $data['id']); } // check the given password if ($pwdlib->verifyPasswordHash($passwordClear, $data['pw']) === true) { $userPasswordVerified = true; } else { $userPasswordVerified = false; } if ($debugDuo == 1) { fputs($dbgDuo, "User's password verified: " . $userPasswordVerified . "\n"); } // Can connect if // 1- no LDAP mode + user enabled + pw ok // 2- LDAP mode + user enabled + ldap connection ok + user is not admin // 3- LDAP mode + user enabled + pw ok + usre is admin // This in order to allow admin by default to connect even if LDAP is activated if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 0 && $userPasswordVerified == true && $data['disabled'] == 0 || isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $ldapConnection == true && $data['disabled'] == 0 && $username != "admin" || isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 2 && $ldapConnection == true && $data['disabled'] == 0 && $username != "admin" || isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $username == "admin" && $userPasswordVerified == true && $data['disabled'] == 0) { $_SESSION['autoriser'] = true; // Generate a ramdom ID $key = $pwdlib->getRandomToken(50); if ($debugDuo == 1) { fputs($dbgDuo, "User's token: " . $key . "\n"); } // Log into DB the user's connection if (isset($_SESSION['settings']['log_connections']) && $_SESSION['settings']['log_connections'] == 1) { logEvents('user_connection', 'connection', $data['id']); } // Save account in SESSION $_SESSION['login'] = stripslashes($username); $_SESSION['name'] = stripslashes($data['name']); $_SESSION['lastname'] = stripslashes($data['lastname']); $_SESSION['user_id'] = $data['id']; $_SESSION['user_admin'] = $data['admin']; $_SESSION['user_manager'] = $data['gestionnaire']; $_SESSION['user_read_only'] = $data['read_only']; $_SESSION['last_pw_change'] = $data['last_pw_change']; $_SESSION['last_pw'] = $data['last_pw']; $_SESSION['can_create_root_folder'] = $data['can_create_root_folder']; $_SESSION['key'] = $key; $_SESSION['personal_folder'] = $data['personal_folder']; $_SESSION['user_language'] = $data['user_language']; $_SESSION['user_email'] = $data['email']; $_SESSION['user_ga'] = $data['ga']; $_SESSION['user_avatar'] = $data['avatar']; $_SESSION['user_avatar_thumb'] = $data['avatar_thumb']; $_SESSION['user_upgrade_needed'] = $data['upgrade_needed']; // manage session expiration $serverTime = time(); if ($dataReceived['TimezoneOffset'] > 0) { $userTime = $serverTime + $dataReceived['TimezoneOffset']; } else { $userTime = $serverTime; } $_SESSION['fin_session'] = $userTime + $dataReceived['duree_session'] * 60; /* If this option is set user password MD5 is used as personal SALTKey */ if (isset($_SESSION['settings']['use_md5_password_as_salt']) && $_SESSION['settings']['use_md5_password_as_salt'] == 1) { $_SESSION['my_sk'] = md5($passwordClear); setcookie("TeamPass_PFSK_" . md5($_SESSION['user_id']), encrypt($_SESSION['my_sk'], ""), time() + 60 * 60 * 24 * $_SESSION['settings']['personal_saltkey_cookie_duration'], '/'); } @syslog(LOG_WARNING, "User logged in - " . $_SESSION['user_id'] . " - " . date("Y/m/d H:i:s") . " {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})"); if (empty($data['last_connexion'])) { $_SESSION['derniere_connexion'] = time(); } else { $_SESSION['derniere_connexion'] = $data['last_connexion']; } if (!empty($data['latest_items'])) { $_SESSION['latest_items'] = explode(';', $data['latest_items']); } else { $_SESSION['latest_items'] = array(); } if (!empty($data['favourites'])) { $_SESSION['favourites'] = explode(';', $data['favourites']); } else { $_SESSION['favourites'] = array(); } if (!empty($data['groupes_visibles'])) { $_SESSION['groupes_visibles'] = @implode(';', $data['groupes_visibles']); } else { $_SESSION['groupes_visibles'] = array(); } if (!empty($data['groupes_interdits'])) { $_SESSION['groupes_interdits'] = @implode(';', $data['groupes_interdits']); } else { $_SESSION['groupes_interdits'] = array(); } // User's roles $_SESSION['fonction_id'] = $data['fonction_id']; $_SESSION['user_roles'] = explode(";", $data['fonction_id']); // build array of roles $_SESSION['user_pw_complexity'] = 0; $_SESSION['arr_roles'] = array(); foreach (array_filter(explode(';', $_SESSION['fonction_id'])) as $role) { $resRoles = DB::queryFirstRow("SELECT title, complexity FROM " . prefix_table("roles_title") . " WHERE id=%i", $role); $_SESSION['arr_roles'][$role] = array('id' => $role, 'title' => $resRoles['title']); // get highest complexity if ($_SESSION['user_pw_complexity'] < $resRoles['complexity']) { $_SESSION['user_pw_complexity'] = $resRoles['complexity']; } } // build complete array of roles $_SESSION['arr_roles_full'] = array(); $rows = DB::query("SELECT id, title FROM " . prefix_table("roles_title") . " ORDER BY title ASC"); foreach ($rows as $record) { $_SESSION['arr_roles_full'][$record['id']] = array('id' => $record['id'], 'title' => $record['title']); } // Set some settings $_SESSION['user']['find_cookie'] = false; $_SESSION['settings']['update_needed'] = ""; // Update table DB::update(prefix_table('users'), array('key_tempo' => $_SESSION['key'], 'last_connexion' => time(), 'timestamp' => time(), 'disabled' => 0, 'no_bad_attempts' => 0, 'session_end' => $_SESSION['fin_session'], 'psk' => $pwdlib->createPasswordHash(htmlspecialchars_decode($psk))), "id=%i", $data['id']); if ($debugDuo == 1) { fputs($dbgDuo, "Preparing to identify the user rights\n"); } // Get user's rights identifyUserRights($data['groupes_visibles'], $_SESSION['groupes_interdits'], $data['admin'], $data['fonction_id'], false); // Get some more elements $_SESSION['screenHeight'] = $dataReceived['screenHeight']; // Get last seen items $_SESSION['latest_items_tab'][] = ""; foreach ($_SESSION['latest_items'] as $item) { if (!empty($item)) { $data = DB::queryFirstRow("SELECT id,label,id_tree FROM " . prefix_table("items") . " WHERE id=%i", $item); $_SESSION['latest_items_tab'][$item] = array('id' => $item, 'label' => $data['label'], 'url' => 'index.php?page=items&group=' . $data['id_tree'] . '&id=' . $item); } } // send back the random key $return = $dataReceived['randomstring']; // Send email if (isset($_SESSION['settings']['enable_send_email_on_user_login']) && $_SESSION['settings']['enable_send_email_on_user_login'] == 1 && $_SESSION['user_admin'] != 1) { // get all Admin users $receivers = ""; $rows = DB::query("SELECT email FROM " . prefix_table("users") . " WHERE admin = %i", 1); foreach ($rows as $record) { if (empty($receivers)) { $receivers = $record['email']; } else { $receivers = "," . $record['email']; } } // Add email to table DB::insert(prefix_table("emails"), array('timestamp' => time(), 'subject' => $LANG['email_subject_on_user_login'], 'body' => str_replace(array('#tp_user#', '#tp_date#', '#tp_time#'), array(" " . $_SESSION['login'], date($_SESSION['settings']['date_format'], $_SESSION['derniere_connexion']), date($_SESSION['settings']['time_format'], $_SESSION['derniere_connexion'])), $LANG['email_body_on_user_login']), 'receivers' => $receivers, 'status' => "not sent")); } } elseif ($data['disabled'] == 1) { // User and password is okay but account is locked $return = "user_is_locked"; } else { // User exists in the DB but Password is false // check if user is locked $userIsLocked = 0; $nbAttempts = intval($data['no_bad_attempts'] + 1); if ($_SESSION['settings']['nb_bad_authentication'] > 0 && intval($_SESSION['settings']['nb_bad_authentication']) < $nbAttempts) { $userIsLocked = 1; // log it if (isset($_SESSION['settings']['log_connections']) && $_SESSION['settings']['log_connections'] == 1) { logEvents('user_locked', 'connection', $data['id']); } } DB::update(prefix_table('users'), array('key_tempo' => $_SESSION['key'], 'last_connexion' => time(), 'disabled' => $userIsLocked, 'no_bad_attempts' => $nbAttempts), "id=%i", $data['id']); // What return shoulb we do if ($userIsLocked == 1) { $return = "user_is_locked"; } elseif ($_SESSION['settings']['nb_bad_authentication'] == 0) { $return = "false"; } else { $return = $nbAttempts; } } } else { $return = "false"; } if ($debugDuo == 1) { fputs($dbgDuo, "\n\n----\n" . "Identified : " . $return . "\n"); } echo '[{"value" : "' . $return . '", "user_admin":"', isset($_SESSION['user_admin']) ? $_SESSION['user_admin'] : "", '", "initial_url" : "' . @$_SESSION['initial_url'] . '", "error" : "' . $logError . '"}]'; $_SESSION['initial_url'] = ""; if ($_SESSION['settings']['cpassman_dir'] == "..") { $_SESSION['settings']['cpassman_dir'] = "."; } }