function AddManager($username, $password, $bd) { include dirname(__FILE__) . "/ressources/settings.inc"; $password = crypt::hmac('artica', $password); $date = date('Y-m-d H:i:s'); $sql = "SELECT user_pwd FROM dotclear_user WHERE user_id='{$uid}'"; $ligne = @mysql_fetch_array(zQUERY_SQL($bd, $sql)); if ($ligne["user_pwd"] == null) { $sql = "INSERT INTO `dotclear_user` (`user_id`, `user_super`, `user_status`, `user_pwd`, `user_recover_key`,\n \t\t\t\t`user_name`, `user_firstname`, `user_displayname`, `user_email`, `user_url`,\n \t\t\t\t`user_desc`, `user_default_blog`, `user_options`, `user_lang`, `user_tz`,\n \t\t\t\t`user_post_status`, `user_creadt`,\n \t\t\t`user_upddt`) VALUES\n\t\t\t\t('{$username}', 1, 1, '{$password}', NULL, '{$username}', '{$username}', NULL, '*****@*****.**', \n\t\t\t\tNULL, NULL, NULL, 'a:3:{s:9:\"edit_size\";i:24;s:14:\"enable_wysiwyg\";b:1;s:11:\"post_format\";s:4:\"wiki\";}', 'en',\n\t\t\t\t 'Europe/Berlin', -2, '{$date}', '{$date}');"; zQUERY_SQL($bd, $sql); } else { $sql = "UPDATE `artica_backup`.`dotclear_user` SET `user_pwd` = '{$password}' WHERE `dotclear_user`.`user_id` = '{$username}' LIMIT 1 ;"; zQUERY_SQL($bd, $sql); } }
private function getUserCursor(&$cur) { if ($cur->isField('user_id') && !preg_match('/^[A-Za-z0-9@._-]{2,}$/', $cur->user_id)) { throw new Exception(T_('User ID must contain at least 2 characters using letters, numbers or symbols.')); } if ($cur->user_url !== null && $cur->user_url != '') { if (!preg_match('|^http(s?)://|', $cur->user_url)) { $cur->user_url = 'http://' . $cur->user_url; } } if ($cur->isField('user_pwd')) { if (strlen($cur->user_pwd) < 6) { throw new Exception(T_('Password must contain at least 6 characters.')); } $cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $cur->user_pwd); } if ($cur->user_lang !== null && !preg_match('/^[a-z]{2}(-[a-z]{2})?$/', $cur->user_lang)) { throw new Exception(T_('Invalid user language code')); } if ($cur->user_upddt === null) { $cur->user_upddt = array('NOW()'); } if ($cur->user_options !== null) { $cur->user_options = serialize((array) $cur->user_options); } }
function addUserSignup($user_id, $user_fullname, $user_email, $password, $lang, $token) { global $core; # Clean Up user_id $user_id = preg_replace("( )", "_", $user_id); $user_id = cleanString($user_id); # Check if user's information already exist in not pending users $rs1 = $core->con->select("SELECT user_id, user_fullname, user_email\n\t\tFROM " . $core->prefix . "user\n\t\tWHERE lower(user_id) = '" . strtolower($user_id) . "'\n\t\tOR lower(user_fullname) = '" . strtolower($user_fullname) . "'\n\t\tOR lower(user_email) = '" . strtolower($user_email) . "'"); if ($rs1->count() > 0) { if ($rs1->f('user_id') == $user_id) { $error[] = sprintf(T_('The user %s already exists'), $user_id); } if ($rs1->f('user_fullname') == $user_fullname) { $error[] = sprintf(T_('The user %s already exists'), $user_fullname); } if ($rs1->f('user_email') == $user_email) { $error[] = sprintf(T_('The email address %s is already in use'), $user_email); } } else { # Check if website is already in use $rs2 = $core->con->select("SELECT " . $core->prefix . "user.user_id\n\t\t\tFROM " . $core->prefix . "user, " . $core->prefix . "site\n\t\t\tWHERE " . $core->prefix . "site.user_id = " . $core->prefix . "user.user_id\n\t\t\tAND site_url = '" . $url . "'"); if ($rs2->count() > 0) { $error[] = sprintf(T_('The website %s is already assigned to the user %s'), $url, $user_id); } } # All OK if (empty($error)) { $cur = $core->con->openCursor($core->prefix . 'user'); $cur->user_id = $user_id; $cur->user_fullname = $user_fullname; $cur->user_email = $user_email; $cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $password); $cur->user_token = $token; $cur->user_status = 0; $cur->user_lang = $lang; $cur->created = array(' NOW() '); $cur->modified = array(' NOW() '); $cur->insert(); } return $error; }
foreach ($core->getFormaters() as $v) { $formaters_combo[$v] = $v; } foreach ($core->blog->getAllPostStatus() as $k => $v) { $status_combo[$v] = $k; } # Language codes $langs = l10n::getISOcodes(1, 1); foreach ($langs as $k => $v) { $lang_avail = $v == 'en' || is_dir(DC_L10N_ROOT . '/' . $v); $lang_combo[] = new formSelectOption($k, $v, $lang_avail ? 'avail10n' : ''); } # Add or update user if (isset($_POST['user_name'])) { try { $pwd_check = !empty($_POST['cur_pwd']) && $core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['cur_pwd'])); if ($core->auth->allowPassChange() && !$pwd_check && $user_email != $_POST['user_email']) { throw new Exception(__('If you want to change your email or password you must provide your current password.')); } $cur = $core->con->openCursor($core->prefix . 'user'); $cur->user_name = $user_name = $_POST['user_name']; $cur->user_firstname = $user_firstname = $_POST['user_firstname']; $cur->user_displayname = $user_displayname = $_POST['user_displayname']; $cur->user_email = $user_email = $_POST['user_email']; $cur->user_url = $user_url = $_POST['user_url']; $cur->user_lang = $user_lang = $_POST['user_lang']; $cur->user_tz = $user_tz = $_POST['user_tz']; $cur->user_post_status = $user_post_status = $_POST['user_post_status']; $user_options['edit_size'] = (int) $_POST['user_edit_size']; if ($user_options['edit_size'] < 1) { $user_options['edit_size'] = 10;
/** * Client unique ID * * Returns a "almost" safe client unique ID. * * @param string $key HMAC key * @return string */ public static function browserUID($key) { $uid = ''; $uid .= isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $uid .= isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : ''; $uid .= isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ''; $uid .= isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : ''; return crypt::hmac($key, $uid); }
$sql = "SELECT user_id, user_fullname, user_email FROM " . $core->prefix . "user\n\t\t\t\tWHERE lower(user_id) != '" . strtolower($user_id) . "'\n\t\t\t\tAND (lower(user_fullname) = '" . strtolower($new_fullname['value']) . "'\n\t\t\t\tOR lower(user_email) = '" . strtolower($new_email['value']) . "')"; $rs1 = $core->con->select($sql); if ($rs1->count() > 0) { if ($rs1->f('user_fullname') == $new_fullname['value']) { $error[] = sprintf(T_('The user %s already exists'), $new_fullname['value']); } if ($rs1->f('user_email') == $new_email['value']) { $error[] = sprintf(T_('The email address %s is already in use by %s'), $new_email['value'], $rs1->f('user_id')); } } if (empty($error)) { $cur = $core->con->openCursor($core->prefix . 'user'); $cur->user_fullname = $new_fullname['value']; $cur->user_email = $new_email['value']; if (!empty($new_password['value'])) { $cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $new_password['value']); } $cur->modified = array(' NOW() '); $cur->update("WHERE user_id = '{$user_id}'"); $user_perms = $core->getUserRolePermissions($user_id); if ($user_perms->{'role'} == "god") { $blog_settings->put('author_mail', $new_email['value'], "string"); $blog_settings->put('author', $new_fullname['value'], "string"); } $output = sprintf(T_("User %s successfully updated"), $new_id['value']); } } else { if (!$new_fullname['success']) { $error[] = $new_fullname['error']; } if (!$new_email['success']) {
public static function checkUserCode($core, $code) { $code = pack('H*', $code); $user_id = trim(@pack('a32', substr($code, 0, 32))); $pwd = @unpack('H40hex', substr($code, 32, 40)); if ($user_id === false || $pwd === false) { return false; } $pwd = $pwd['hex']; $strReq = 'SELECT user_id, user_pwd ' . 'FROM ' . $core->prefix . 'user ' . "WHERE user_id = '" . $core->con->escape($user_id) . "' "; $rs = $core->con->select($strReq); if ($rs->isEmpty()) { return false; } if (crypt::hmac(DC_MASTER_KEY, $rs->user_pwd) != $pwd) { return false; } return $rs->user_id; }
private function addUser(array $params) { self::getConnection($this->parameters); if (empty($params['username']) || empty($params['password'])) { throw new Exception('Username and Password for user are mandatory' . "\n"); } $strReq = 'SELECT count(1) FROM ' . self::$prefix . 'user'; $strReq .= ' WHERE user_id = \'' . self::$con->escape($params['username']) . '\''; if ((int) self::$con->select($strReq)->f(0) == 0) { $user = self::$con->openCursor(self::$prefix . 'user'); $user->user_id = $params['username']; $user->user_pwd = \crypt::hmac(DC_MASTER_KEY, $params['password']); $user->user_super = 1; $user->insert(); } }
$blog_id = ''; if (!empty($_POST['blog_id'])) { try { $rs = $core->getBlog($_POST['blog_id']); } catch (Exception $e) { $core->error->add($e->getMessage()); } if ($rs->isEmpty()) { $core->error->add(__('No such blog ID')); } else { $blog_id = $rs->blog_id; } } # Delete the blog if (!$core->error->flag() && $blog_id && !empty($_POST['del'])) { if (!$core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['pwd']))) { $core->error->add(__('Password verification failed')); } else { try { $core->delBlog($blog_id); http::redirect('blogs.php?del=1'); } catch (Exception $e) { $core->error->add($e->getMessage()); } } } dcPage::open('Delete a blog'); if (!$core->error->flag()) { echo '<h2>' . __('Delete a blog') . '</h2>' . '<p class="message">' . __('Warning') . '</p>' . '<p>' . sprintf(__('You are about to delete the blog %s. Every entry, comment and category will be deleted.'), '<strong>' . $blog_id . '</strong>') . '</p>' . '<p>' . __('Please give your password to confirm the blog deletion.') . '</p>'; echo '<form action="blog_del.php" method="post">' . '<div>' . $core->formNonce() . '</div>' . '<p><label>' . __('Your password:'******' ' . form::password('pwd', 20, 255) . '</label></p>' . '<p><input type="submit" name="del" value="' . __('Delete this blog') . '" />' . form::hidden('blog_id', $blog_id) . '</p>' . '</form>'; }
if ($rs0->f('nb') > 0) { $flash['error'][] = T_("Two users have the same name, impossible to import. Please try again. Username : "******"user"); $cur->user_id = $user_id; $cur->user_fullname = $nom_membre; $cur->user_email = $email_membre; $cur->user_status = $statut_membre; $cur->user_lang = $blog_settings->get('planet_lang'); $cur->created = array('NOW()'); $cur->modified = array('NOW()'); if ($user_id == $author_id) { $cur->update("WHERE user_id == '" . $author_id . "'"); } else { $cur->user_pwd = crypt::hmac($user_id, $email_membre); $cur->insert(); } $rs3 = $core->con->select('SELECT MAX(site_id) ' . 'FROM ' . $core->prefix . 'site '); $next_site_id = (int) $rs3->f(0) + 1; $cur = $core->con->openCursor($core->prefix . 'site'); $cur->site_id = $next_site_id; $cur->user_id = $user_id; $cur->site_name = ''; $cur->site_url = $site_membre; $cur->site_status = 1; $cur->created = array(' NOW() '); $cur->modified = array(' NOW() '); $cur->insert(); } break;
/** * This method crypt given string (password, session_id, …). * * @param string $pwd string to be crypted * @return string crypted value */ public function crypt($pwd) { return crypt::hmac(DC_MASTER_KEY, $pwd); }
/** Creates a new user password using recovery key. Returns an array: - user_email - user_id - new_pass @param recover_key <b>string</b> Recovery key @return <b>array</b> */ public function recoverUserPassword($recover_key) { $strReq = 'SELECT user_id, user_email ' . 'FROM ' . $this->user_table . ' ' . "WHERE user_recover_key = '" . $this->con->escape($recover_key) . "' "; $rs = $this->con->select($strReq); if ($rs->isEmpty()) { throw new Exception(T_('That key does not exists in the database.')); } $new_pass = crypt::createPassword(); $cur = $this->con->openCursor($this->user_table); $cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $new_pass); $cur->user_recover_key = null; $cur->update("WHERE user_recover_key = '" . $this->con->escape($recover_key) . "'"); return array('user_email' => $rs->user_email, 'user_id' => $rs->user_id, 'new_pass' => $new_pass); }
mail::sendMail($recover_res['user_email'], $subject, $message, $headers); $msg = __('Your new password is in your mailbox.'); } catch (Exception $e) { $err = $e->getMessage(); } } elseif ($user_id !== null && ($user_pwd !== null || $user_key !== null)) { # We check the user if ($core->auth->checkUser($user_id, $user_pwd, $user_key) === true) { $core->session->start(); $_SESSION['sess_user_id'] = $user_id; $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); if (!empty($_POST['blog'])) { $_SESSION['sess_blog_id'] = $_POST['blog']; } if (!empty($_POST['user_remember'])) { $cookie_admin = http::browserUID(DC_MASTER_KEY . $user_id . crypt::hmac(DC_MASTER_KEY, $user_pwd)) . bin2hex(pack('a32', $user_id)); setcookie('dc_admin', $cookie_admin, strtotime('+15 days'), '', '', DC_ADMIN_SSL); } http::redirect('index.php'); } else { if (isset($_COOKIE['dc_admin'])) { unset($_COOKIE['dc_admin']); setcookie('dc_admin', false, -600, '', '', DC_ADMIN_SSL); } $err = __('Wrong username or password'); } } if (isset($_GET['user'])) { $user_id = $_GET['user']; } header('Content-Type: text/html; charset=UTF-8');
public function process($do) { if ($do == 'single' || $do == 'full') { $this->status = $do; return; } $to_unlink = false; # Single blog import $files = $this->getPublicFiles(); $single_upl = null; if (!empty($_POST['public_single_file']) && in_array($_POST['public_single_file'], $files)) { $single_upl = false; } elseif (!empty($_FILES['up_single_file'])) { $single_upl = true; } if ($single_upl !== null) { if ($single_upl) { files::uploadStatus($_FILES['up_single_file']); $file = DC_TPL_CACHE . '/' . md5(uniqid()); if (!move_uploaded_file($_FILES['up_single_file']['tmp_name'], $file)) { throw new Exception(__('Unable to move uploaded file.')); } $to_unlink = true; } else { $file = $_POST['public_single_file']; } try { $bk = new dcImport($this->core, $file); $bk->importSingle(); } catch (Exception $e) { if ($to_unlink) { @unlink($file); } throw $e; } if ($to_unlink) { @unlink($file); } http::redirect($this->getURL() . '&do=single'); } # Full import $full_upl = null; if (!empty($_POST['public_full_file']) && in_array($_POST['public_full_file'], $files)) { $full_upl = false; } elseif (!empty($_FILES['up_full_file'])) { $full_upl = true; } if ($full_upl !== null && $this->core->auth->isSuperAdmin()) { if (empty($_POST['your_pwd']) || !$this->core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['your_pwd']))) { throw new Exception(__('Password verification failed')); } if ($full_upl) { files::uploadStatus($_FILES['up_full_file']); $file = DC_TPL_CACHE . '/' . md5(uniqid()); if (!move_uploaded_file($_FILES['up_full_file']['tmp_name'], $file)) { throw new Exception(__('Unable to move uploaded file.')); } $to_unlink = true; } else { $file = $_POST['public_full_file']; } try { $bk = new dcImport($this->core, $file); $bk->importFull(); } catch (Exception $e) { if ($to_unlink) { @unlink($file); } throw $e; } if ($to_unlink) { @unlink($file); } http::redirect($this->getURL() . '&do=full'); } header('content-type:text/plain'); var_dump($_POST); exit; $this->status = true; }
$default_tz = $_tz; } } unset($_tz); } } # Create schema $_s = new dbStruct($core->con, $core->prefix); require dirname(__FILE__) . '/../../inc/dbschema/db-schema.php'; $si = new dbStruct($core->con, $core->prefix); $changes = $si->synchronize($_s); # Create user $cur = $core->con->openCursor($core->prefix . 'user'); $cur->user_id = $u_login; $cur->user_super = 1; $cur->user_pwd = crypt::hmac(DC_MASTER_KEY, $u_pwd); $cur->user_name = (string) $u_name; $cur->user_firstname = (string) $u_firstname; $cur->user_email = (string) $u_email; $cur->user_lang = $dlang; $cur->user_tz = $default_tz; $cur->user_creadt = array('NOW()'); $cur->user_upddt = array('NOW()'); $cur->user_options = serialize($core->userDefaults()); $cur->insert(); $core->auth->checkUser($u_login); $admin_url = preg_replace('%install/index.php$%', '', $_SERVER['REQUEST_URI']); $root_url = preg_replace('%/admin/install/index.php$%', '', $_SERVER['REQUEST_URI']); # Create blog $cur = $core->con->openCursor($core->prefix . 'blog'); $cur->blog_id = 'default';
try { $ret_code = dc_lang_install($dest); } catch (Exception $e) { @unlink($dest); throw $e; } @unlink($dest); http::redirect('langs.php?added=' . $ret_code); } catch (Exception $e) { $core->error->add($e->getMessage()); } } # Upload a language pack if ($is_writable && !empty($_POST['upload_pkg'])) { try { if (empty($_POST['your_pwd']) || !$core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['your_pwd']))) { throw new Exception(__('Password verification failed')); } files::uploadStatus($_FILES['pkg_file']); $dest = DC_L10N_ROOT . '/' . $_FILES['pkg_file']['name']; if (!move_uploaded_file($_FILES['pkg_file']['tmp_name'], $dest)) { throw new Exception(__('Unable to move uploaded file.')); } try { $ret_code = dc_lang_install($dest); } catch (Exception $e) { @unlink($dest); throw $e; } @unlink($dest); http::redirect('langs.php?added=' . $ret_code);
} } unset($_tz); } } # Create schema $_s = new dbStruct($core->con, $core->prefix); require dirname(__FILE__) . '/../../inc/dbschema/db-schema.php'; $si = new dbStruct($core->con, $core->prefix); $changes = $si->synchronize($_s); # Create user $cur = $core->con->openCursor($core->prefix . 'user'); $cur->user_id = (string) $u_login; $cur->user_fullname = (string) $u_fullname; $cur->user_email = (string) $u_email; $cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $u_pwd); $cur->user_token = generateUserToken($u_fullname, $u_email, $u_pwd); $cur->user_lang = $p_lang; $cur->created = array('NOW()'); $cur->modified = array('NOW()'); $cur->insert(); if (!empty($u_site)) { # Get next ID $rs3 = $core->con->select('SELECT MAX(site_id) ' . 'FROM ' . $core->prefix . 'site '); $next_site_id = (int) $rs3->f(0) + 1; $cur = $core->con->openCursor($core->prefix . 'site'); $cur->site_id = $next_site_id; $cur->user_id = $u_login; $cur->site_name = 'Author site'; $cur->site_url = $u_site; $cur->site_status = 1;