function AddManager($username, $password, $bd)
{
include dirname(__FILE__) . "/ressources/settings.inc";
$password = crypt::hmac('artica', $password);
$date = date('Y-m-d H:i:s');
$sql = "SELECT user_pwd FROM dotclear_user WHERE user_id='{$uid}'";
$ligne = @mysql_fetch_array(zQUERY_SQL($bd, $sql));
if ($ligne["user_pwd"] == null) {
$sql = "INSERT INTO `dotclear_user` (`user_id`, `user_super`, `user_status`, `user_pwd`, `user_recover_key`,\n \t\t\t\t`user_name`, `user_firstname`, `user_displayname`, `user_email`, `user_url`,\n \t\t\t\t`user_desc`, `user_default_blog`, `user_options`, `user_lang`, `user_tz`,\n \t\t\t\t`user_post_status`, `user_creadt`,\n \t\t\t`user_upddt`) VALUES\n\t\t\t\t('{$username}', 1, 1, '{$password}', NULL, '{$username}', '{$username}', NULL, '*****@*****.**', \n\t\t\t\tNULL, NULL, NULL, 'a:3:{s:9:\"edit_size\";i:24;s:14:\"enable_wysiwyg\";b:1;s:11:\"post_format\";s:4:\"wiki\";}', 'en',\n\t\t\t\t 'Europe/Berlin', -2, '{$date}', '{$date}');";
zQUERY_SQL($bd, $sql);
} else {
$sql = "UPDATE `artica_backup`.`dotclear_user` SET `user_pwd` = '{$password}' WHERE `dotclear_user`.`user_id` = '{$username}' LIMIT 1 ;";
zQUERY_SQL($bd, $sql);
}
}
private function getUserCursor(&$cur)
{
if ($cur->isField('user_id') && !preg_match('/^[A-Za-z0-9@._-]{2,}$/', $cur->user_id)) {
throw new Exception(T_('User ID must contain at least 2 characters using letters, numbers or symbols.'));
}
if ($cur->user_url !== null && $cur->user_url != '') {
if (!preg_match('|^http(s?)://|', $cur->user_url)) {
$cur->user_url = 'http://' . $cur->user_url;
}
}
if ($cur->isField('user_pwd')) {
if (strlen($cur->user_pwd) < 6) {
throw new Exception(T_('Password must contain at least 6 characters.'));
}
$cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $cur->user_pwd);
}
if ($cur->user_lang !== null && !preg_match('/^[a-z]{2}(-[a-z]{2})?$/', $cur->user_lang)) {
throw new Exception(T_('Invalid user language code'));
}
if ($cur->user_upddt === null) {
$cur->user_upddt = array('NOW()');
}
if ($cur->user_options !== null) {
$cur->user_options = serialize((array) $cur->user_options);
}
}
function addUserSignup($user_id, $user_fullname, $user_email, $password, $lang, $token)
{
global $core;
# Clean Up user_id
$user_id = preg_replace("( )", "_", $user_id);
$user_id = cleanString($user_id);
# Check if user's information already exist in not pending users
$rs1 = $core->con->select("SELECT user_id, user_fullname, user_email\n\t\tFROM " . $core->prefix . "user\n\t\tWHERE lower(user_id) = '" . strtolower($user_id) . "'\n\t\tOR lower(user_fullname) = '" . strtolower($user_fullname) . "'\n\t\tOR lower(user_email) = '" . strtolower($user_email) . "'");
if ($rs1->count() > 0) {
if ($rs1->f('user_id') == $user_id) {
$error[] = sprintf(T_('The user %s already exists'), $user_id);
}
if ($rs1->f('user_fullname') == $user_fullname) {
$error[] = sprintf(T_('The user %s already exists'), $user_fullname);
}
if ($rs1->f('user_email') == $user_email) {
$error[] = sprintf(T_('The email address %s is already in use'), $user_email);
}
} else {
# Check if website is already in use
$rs2 = $core->con->select("SELECT " . $core->prefix . "user.user_id\n\t\t\tFROM " . $core->prefix . "user, " . $core->prefix . "site\n\t\t\tWHERE " . $core->prefix . "site.user_id = " . $core->prefix . "user.user_id\n\t\t\tAND site_url = '" . $url . "'");
if ($rs2->count() > 0) {
$error[] = sprintf(T_('The website %s is already assigned to the user %s'), $url, $user_id);
}
}
# All OK
if (empty($error)) {
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_id = $user_id;
$cur->user_fullname = $user_fullname;
$cur->user_email = $user_email;
$cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $password);
$cur->user_token = $token;
$cur->user_status = 0;
$cur->user_lang = $lang;
$cur->created = array(' NOW() ');
$cur->modified = array(' NOW() ');
$cur->insert();
}
return $error;
}
foreach ($core->getFormaters() as $v) {
$formaters_combo[$v] = $v;
}
foreach ($core->blog->getAllPostStatus() as $k => $v) {
$status_combo[$v] = $k;
}
# Language codes
$langs = l10n::getISOcodes(1, 1);
foreach ($langs as $k => $v) {
$lang_avail = $v == 'en' || is_dir(DC_L10N_ROOT . '/' . $v);
$lang_combo[] = new formSelectOption($k, $v, $lang_avail ? 'avail10n' : '');
}
# Add or update user
if (isset($_POST['user_name'])) {
try {
$pwd_check = !empty($_POST['cur_pwd']) && $core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['cur_pwd']));
if ($core->auth->allowPassChange() && !$pwd_check && $user_email != $_POST['user_email']) {
throw new Exception(__('If you want to change your email or password you must provide your current password.'));
}
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_name = $user_name = $_POST['user_name'];
$cur->user_firstname = $user_firstname = $_POST['user_firstname'];
$cur->user_displayname = $user_displayname = $_POST['user_displayname'];
$cur->user_email = $user_email = $_POST['user_email'];
$cur->user_url = $user_url = $_POST['user_url'];
$cur->user_lang = $user_lang = $_POST['user_lang'];
$cur->user_tz = $user_tz = $_POST['user_tz'];
$cur->user_post_status = $user_post_status = $_POST['user_post_status'];
$user_options['edit_size'] = (int) $_POST['user_edit_size'];
if ($user_options['edit_size'] < 1) {
$user_options['edit_size'] = 10;
/**
* Client unique ID
*
* Returns a "almost" safe client unique ID.
*
* @param string $key HMAC key
* @return string
*/
public static function browserUID($key)
{
$uid = '';
$uid .= isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$uid .= isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '';
$uid .= isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '';
$uid .= isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '';
return crypt::hmac($key, $uid);
}
$sql = "SELECT user_id, user_fullname, user_email FROM " . $core->prefix . "user\n\t\t\t\tWHERE lower(user_id) != '" . strtolower($user_id) . "'\n\t\t\t\tAND (lower(user_fullname) = '" . strtolower($new_fullname['value']) . "'\n\t\t\t\tOR lower(user_email) = '" . strtolower($new_email['value']) . "')";
$rs1 = $core->con->select($sql);
if ($rs1->count() > 0) {
if ($rs1->f('user_fullname') == $new_fullname['value']) {
$error[] = sprintf(T_('The user %s already exists'), $new_fullname['value']);
}
if ($rs1->f('user_email') == $new_email['value']) {
$error[] = sprintf(T_('The email address %s is already in use by %s'), $new_email['value'], $rs1->f('user_id'));
}
}
if (empty($error)) {
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_fullname = $new_fullname['value'];
$cur->user_email = $new_email['value'];
if (!empty($new_password['value'])) {
$cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $new_password['value']);
}
$cur->modified = array(' NOW() ');
$cur->update("WHERE user_id = '{$user_id}'");
$user_perms = $core->getUserRolePermissions($user_id);
if ($user_perms->{'role'} == "god") {
$blog_settings->put('author_mail', $new_email['value'], "string");
$blog_settings->put('author', $new_fullname['value'], "string");
}
$output = sprintf(T_("User %s successfully updated"), $new_id['value']);
}
} else {
if (!$new_fullname['success']) {
$error[] = $new_fullname['error'];
}
if (!$new_email['success']) {
public static function checkUserCode($core, $code)
{
$code = pack('H*', $code);
$user_id = trim(@pack('a32', substr($code, 0, 32)));
$pwd = @unpack('H40hex', substr($code, 32, 40));
if ($user_id === false || $pwd === false) {
return false;
}
$pwd = $pwd['hex'];
$strReq = 'SELECT user_id, user_pwd ' . 'FROM ' . $core->prefix . 'user ' . "WHERE user_id = '" . $core->con->escape($user_id) . "' ";
$rs = $core->con->select($strReq);
if ($rs->isEmpty()) {
return false;
}
if (crypt::hmac(DC_MASTER_KEY, $rs->user_pwd) != $pwd) {
return false;
}
return $rs->user_id;
}
private function addUser(array $params)
{
self::getConnection($this->parameters);
if (empty($params['username']) || empty($params['password'])) {
throw new Exception('Username and Password for user are mandatory' . "\n");
}
$strReq = 'SELECT count(1) FROM ' . self::$prefix . 'user';
$strReq .= ' WHERE user_id = \'' . self::$con->escape($params['username']) . '\'';
if ((int) self::$con->select($strReq)->f(0) == 0) {
$user = self::$con->openCursor(self::$prefix . 'user');
$user->user_id = $params['username'];
$user->user_pwd = \crypt::hmac(DC_MASTER_KEY, $params['password']);
$user->user_super = 1;
$user->insert();
}
}
$blog_id = '';
if (!empty($_POST['blog_id'])) {
try {
$rs = $core->getBlog($_POST['blog_id']);
} catch (Exception $e) {
$core->error->add($e->getMessage());
}
if ($rs->isEmpty()) {
$core->error->add(__('No such blog ID'));
} else {
$blog_id = $rs->blog_id;
}
}
# Delete the blog
if (!$core->error->flag() && $blog_id && !empty($_POST['del'])) {
if (!$core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['pwd']))) {
$core->error->add(__('Password verification failed'));
} else {
try {
$core->delBlog($blog_id);
http::redirect('blogs.php?del=1');
} catch (Exception $e) {
$core->error->add($e->getMessage());
}
}
}
dcPage::open('Delete a blog');
if (!$core->error->flag()) {
echo '<h2>' . __('Delete a blog') . '</h2>' . '<p class="message">' . __('Warning') . '</p>' . '<p>' . sprintf(__('You are about to delete the blog %s. Every entry, comment and category will be deleted.'), '<strong>' . $blog_id . '</strong>') . '</p>' . '<p>' . __('Please give your password to confirm the blog deletion.') . '</p>';
echo '<form action="blog_del.php" method="post">' . '<div>' . $core->formNonce() . '</div>' . '<p><label>' . __('Your password:'******' ' . form::password('pwd', 20, 255) . '</label></p>' . '<p><input type="submit" name="del" value="' . __('Delete this blog') . '" />' . form::hidden('blog_id', $blog_id) . '</p>' . '</form>';
}
if ($rs0->f('nb') > 0) {
$flash['error'][] = T_("Two users have the same name, impossible to import. Please try again. Username : "******"user");
$cur->user_id = $user_id;
$cur->user_fullname = $nom_membre;
$cur->user_email = $email_membre;
$cur->user_status = $statut_membre;
$cur->user_lang = $blog_settings->get('planet_lang');
$cur->created = array('NOW()');
$cur->modified = array('NOW()');
if ($user_id == $author_id) {
$cur->update("WHERE user_id == '" . $author_id . "'");
} else {
$cur->user_pwd = crypt::hmac($user_id, $email_membre);
$cur->insert();
}
$rs3 = $core->con->select('SELECT MAX(site_id) ' . 'FROM ' . $core->prefix . 'site ');
$next_site_id = (int) $rs3->f(0) + 1;
$cur = $core->con->openCursor($core->prefix . 'site');
$cur->site_id = $next_site_id;
$cur->user_id = $user_id;
$cur->site_name = '';
$cur->site_url = $site_membre;
$cur->site_status = 1;
$cur->created = array(' NOW() ');
$cur->modified = array(' NOW() ');
$cur->insert();
}
break;
/**
* This method crypt given string (password, session_id, …).
*
* @param string $pwd string to be crypted
* @return string crypted value
*/
public function crypt($pwd)
{
return crypt::hmac(DC_MASTER_KEY, $pwd);
}
/**
Creates a new user password using recovery key. Returns an array:
- user_email
- user_id
- new_pass
@param recover_key <b>string</b> Recovery key
@return <b>array</b>
*/
public function recoverUserPassword($recover_key)
{
$strReq = 'SELECT user_id, user_email ' . 'FROM ' . $this->user_table . ' ' . "WHERE user_recover_key = '" . $this->con->escape($recover_key) . "' ";
$rs = $this->con->select($strReq);
if ($rs->isEmpty()) {
throw new Exception(T_('That key does not exists in the database.'));
}
$new_pass = crypt::createPassword();
$cur = $this->con->openCursor($this->user_table);
$cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $new_pass);
$cur->user_recover_key = null;
$cur->update("WHERE user_recover_key = '" . $this->con->escape($recover_key) . "'");
return array('user_email' => $rs->user_email, 'user_id' => $rs->user_id, 'new_pass' => $new_pass);
}
mail::sendMail($recover_res['user_email'], $subject, $message, $headers);
$msg = __('Your new password is in your mailbox.');
} catch (Exception $e) {
$err = $e->getMessage();
}
} elseif ($user_id !== null && ($user_pwd !== null || $user_key !== null)) {
# We check the user
if ($core->auth->checkUser($user_id, $user_pwd, $user_key) === true) {
$core->session->start();
$_SESSION['sess_user_id'] = $user_id;
$_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY);
if (!empty($_POST['blog'])) {
$_SESSION['sess_blog_id'] = $_POST['blog'];
}
if (!empty($_POST['user_remember'])) {
$cookie_admin = http::browserUID(DC_MASTER_KEY . $user_id . crypt::hmac(DC_MASTER_KEY, $user_pwd)) . bin2hex(pack('a32', $user_id));
setcookie('dc_admin', $cookie_admin, strtotime('+15 days'), '', '', DC_ADMIN_SSL);
}
http::redirect('index.php');
} else {
if (isset($_COOKIE['dc_admin'])) {
unset($_COOKIE['dc_admin']);
setcookie('dc_admin', false, -600, '', '', DC_ADMIN_SSL);
}
$err = __('Wrong username or password');
}
}
if (isset($_GET['user'])) {
$user_id = $_GET['user'];
}
header('Content-Type: text/html; charset=UTF-8');
public function process($do)
{
if ($do == 'single' || $do == 'full') {
$this->status = $do;
return;
}
$to_unlink = false;
# Single blog import
$files = $this->getPublicFiles();
$single_upl = null;
if (!empty($_POST['public_single_file']) && in_array($_POST['public_single_file'], $files)) {
$single_upl = false;
} elseif (!empty($_FILES['up_single_file'])) {
$single_upl = true;
}
if ($single_upl !== null) {
if ($single_upl) {
files::uploadStatus($_FILES['up_single_file']);
$file = DC_TPL_CACHE . '/' . md5(uniqid());
if (!move_uploaded_file($_FILES['up_single_file']['tmp_name'], $file)) {
throw new Exception(__('Unable to move uploaded file.'));
}
$to_unlink = true;
} else {
$file = $_POST['public_single_file'];
}
try {
$bk = new dcImport($this->core, $file);
$bk->importSingle();
} catch (Exception $e) {
if ($to_unlink) {
@unlink($file);
}
throw $e;
}
if ($to_unlink) {
@unlink($file);
}
http::redirect($this->getURL() . '&do=single');
}
# Full import
$full_upl = null;
if (!empty($_POST['public_full_file']) && in_array($_POST['public_full_file'], $files)) {
$full_upl = false;
} elseif (!empty($_FILES['up_full_file'])) {
$full_upl = true;
}
if ($full_upl !== null && $this->core->auth->isSuperAdmin()) {
if (empty($_POST['your_pwd']) || !$this->core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['your_pwd']))) {
throw new Exception(__('Password verification failed'));
}
if ($full_upl) {
files::uploadStatus($_FILES['up_full_file']);
$file = DC_TPL_CACHE . '/' . md5(uniqid());
if (!move_uploaded_file($_FILES['up_full_file']['tmp_name'], $file)) {
throw new Exception(__('Unable to move uploaded file.'));
}
$to_unlink = true;
} else {
$file = $_POST['public_full_file'];
}
try {
$bk = new dcImport($this->core, $file);
$bk->importFull();
} catch (Exception $e) {
if ($to_unlink) {
@unlink($file);
}
throw $e;
}
if ($to_unlink) {
@unlink($file);
}
http::redirect($this->getURL() . '&do=full');
}
header('content-type:text/plain');
var_dump($_POST);
exit;
$this->status = true;
}
$default_tz = $_tz;
}
}
unset($_tz);
}
}
# Create schema
$_s = new dbStruct($core->con, $core->prefix);
require dirname(__FILE__) . '/../../inc/dbschema/db-schema.php';
$si = new dbStruct($core->con, $core->prefix);
$changes = $si->synchronize($_s);
# Create user
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_id = $u_login;
$cur->user_super = 1;
$cur->user_pwd = crypt::hmac(DC_MASTER_KEY, $u_pwd);
$cur->user_name = (string) $u_name;
$cur->user_firstname = (string) $u_firstname;
$cur->user_email = (string) $u_email;
$cur->user_lang = $dlang;
$cur->user_tz = $default_tz;
$cur->user_creadt = array('NOW()');
$cur->user_upddt = array('NOW()');
$cur->user_options = serialize($core->userDefaults());
$cur->insert();
$core->auth->checkUser($u_login);
$admin_url = preg_replace('%install/index.php$%', '', $_SERVER['REQUEST_URI']);
$root_url = preg_replace('%/admin/install/index.php$%', '', $_SERVER['REQUEST_URI']);
# Create blog
$cur = $core->con->openCursor($core->prefix . 'blog');
$cur->blog_id = 'default';
try {
$ret_code = dc_lang_install($dest);
} catch (Exception $e) {
@unlink($dest);
throw $e;
}
@unlink($dest);
http::redirect('langs.php?added=' . $ret_code);
} catch (Exception $e) {
$core->error->add($e->getMessage());
}
}
# Upload a language pack
if ($is_writable && !empty($_POST['upload_pkg'])) {
try {
if (empty($_POST['your_pwd']) || !$core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['your_pwd']))) {
throw new Exception(__('Password verification failed'));
}
files::uploadStatus($_FILES['pkg_file']);
$dest = DC_L10N_ROOT . '/' . $_FILES['pkg_file']['name'];
if (!move_uploaded_file($_FILES['pkg_file']['tmp_name'], $dest)) {
throw new Exception(__('Unable to move uploaded file.'));
}
try {
$ret_code = dc_lang_install($dest);
} catch (Exception $e) {
@unlink($dest);
throw $e;
}
@unlink($dest);
http::redirect('langs.php?added=' . $ret_code);
}
}
unset($_tz);
}
}
# Create schema
$_s = new dbStruct($core->con, $core->prefix);
require dirname(__FILE__) . '/../../inc/dbschema/db-schema.php';
$si = new dbStruct($core->con, $core->prefix);
$changes = $si->synchronize($_s);
# Create user
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_id = (string) $u_login;
$cur->user_fullname = (string) $u_fullname;
$cur->user_email = (string) $u_email;
$cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $u_pwd);
$cur->user_token = generateUserToken($u_fullname, $u_email, $u_pwd);
$cur->user_lang = $p_lang;
$cur->created = array('NOW()');
$cur->modified = array('NOW()');
$cur->insert();
if (!empty($u_site)) {
# Get next ID
$rs3 = $core->con->select('SELECT MAX(site_id) ' . 'FROM ' . $core->prefix . 'site ');
$next_site_id = (int) $rs3->f(0) + 1;
$cur = $core->con->openCursor($core->prefix . 'site');
$cur->site_id = $next_site_id;
$cur->user_id = $u_login;
$cur->site_name = 'Author site';
$cur->site_url = $u_site;
$cur->site_status = 1;
