function password_save() { $rcmail = rcmail::get_instance(); $alternative_email = get_input_value('_alternative_email',RCUBE_INPUT_POST); if(preg_match('/.+@[^.]+\..+/Umi',$alternative_email)) { $rcmail->db->query("REPLACE INTO forgot_password(alternative_email, user_id) values(?,?)",$alternative_email,$rcmail->user->ID); $message = $this->gettext('alternative_email_updated','forgot_password'); $rcmail->output->command('display_message', $message, 'confirmation'); } else { $message = $this->gettext('alternative_email_invalid','forgot_password'); $rcmail->output->command('display_message', $message, 'error'); } $password_plugin = new password($this->api); if($_REQUEST['_curpasswd'] || $_REQUEST['_newpasswd'] || $_REQUEST['_confpasswd']) { $password_plugin->password_save(); } else { //render password form $password_plugin->add_texts('localization/'); $this->register_handler('plugin.body', array($password_plugin, 'password_form')); rcmail_overwrite_action('plugin.password'); $rcmail->output->send('plugin'); } }
public function createPassword($user) { $model = new password(); if ($model->load(Yii::$app->request->post())) { if ($model->validate()) { // form inputs are valid, do something here $user->verified = 1; $user->setPassword($model->password); $user->save(); Yii::$app->user->login($user, 3600 * 24 * 30); Yii::$app->getSession()->setFlash('info', 'Welcome to News Portal'); return $this->goHome(); } } return $this->render('password', ['model' => $model]); }
function extended_access_verify_password($password) { // test mot ny løsning if (password::verify_hash($password, login::$extended_access['passkey'])) { return true; } // for kompatibilitet mot gammel løsning if (password::verify_hash(md5(sha1($password . login::$user->id, $stored_hash) . login::$user->id), login::$extended_access['passkey'])) { return true; } // feil passord return false; }
/** * Crewside */ protected static function page_crew() { global $__server, $_lang; ess::$b->page->add_title("Crew"); $subpage2 = getval("b"); redirect::store(page_min_side::addr(NULL, $subpage2 != "" ? "b=" . $subpage2 : '')); ess::$b->page->add_css(' .minside_crew_links .active { color: #CCFF00 }'); $links = array(); $links[] = '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "", "player")) . '">Min spiller</a>'; $links[] = '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "")) . '"' . ($subpage2 == "" ? ' class="active"' : '') . '>Oversikt / logg</a>'; if (access::has("forum_mod")) { $links[] = '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=addlog")) . '"' . ($subpage2 == "addlog" ? ' class="active"' : '') . '>Nytt notat</a>'; } $links[] = '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=blokk")) . '"' . ($subpage2 == "blokk" ? ' class="active"' : '') . '>Blokkeringer</a>'; if (access::has("mod")) { $links[] = '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=banka")) . '"' . ($subpage2 == "banka" ? ' class="active"' : '') . '>Bankpassord</a>'; } if (access::has("mod")) { $links[] = '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=birth")) . '"' . ($subpage2 == "birth" ? ' class="active"' : '') . '>Fødselsdato</a>'; } if (access::has("mod")) { $links[] = '<a href="' . htmlspecialchars(page_min_side::addr("set", "b=pass")) . '">Passord</a>'; } if (access::has("admin")) { $links[] = '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=level")) . '"' . ($subpage2 == "level" ? ' class="active"' : '') . '>Tilgangsnivå</a>'; } $links[] = '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=send_email")) . '"' . ($subpage2 == "send_email" ? ' class="active"' : '') . '>Send e-post</a>'; $links[] = '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=warning")) . '"' . ($subpage2 == "warning" ? ' class="active"' : '') . '>Gi advarsel</a>'; echo ' <p class="c minside_crew_links">' . implode(" | ", $links) . '</p>'; if ($subpage2 == "") { // javascript for rapporteringer ess::$b->page->add_js_domready(' var w = $("minside_reports"); var xhr = new Request({ url: relative_path + "/ajax/minside_report", data: { u_id: ' . page_min_side::$active_user->id . ' }, evalScripts: function(script) { ajax.js += script; } }); xhr.addEvent("success", function(text) { w.set("html", text); w.getElements(".pagenumbers").each(function(elm) { elm.addEvent("set_page", function(s) { load(null, s, true); }); }); ajax.refresh(); }); xhr.addEvent("failure", function(x) { var p = new Element("p", {html: "Feil: " + x}).inject(w.empty()); }); function load(a, s, goto) { if (a !== null) xhr.options.data.a = a; if (s) xhr.options.data.s = s; if (goto) w.getParent().goto(-10); w.set("html", "<p>Laster inn data..</p>"); xhr.send(); } $("minside_reports_from").addEvent("click", function() { load("from", 1, true); }); $("minside_reports_to").addEvent("click", function() { load("to", 1, true); }); $("minside_reports_all").addEvent("click", function() { load("", 1, true); }); load();'); // css for rapporteringer ess::$b->page->add_css(' .rap_wrap { margin: 1em 0; background-color: #222222; position: relative; overflow: auto; } .rap_time { position: absolute; top: 8px; right: 5px; margin: 0; color: #777777; } .rap_time span { color: #EEEEEE; } .rap_w { margin: 0; padding: 5px; background-color: #282828; } .rap_u { font-size: 14px; } .rap_wrap .col2_w { margin: 0 } .rap_wrap .col_w.left { width: 40% } .rap_wrap .col_w.right { width: 60% } .rap_wrap .col_w.left .col { margin: 0 0 0 5px } .rap_wrap .col_w.right .col { margin: 5px 5px 5px 0 } .rap_note { background-color: #1C1C1C; padding: 5px !important; overflow: auto; border: 1px dotted #525252 } '); // faner ess::$b->page->add_js_domready(' $$(".minside_fane_link").addEvent("click", function(elm) { $$(".minside_fane").setStyle("display", "none"); $$(".minside_fane_link").removeClass("minside_fane_active"); this.addClass("minside_fane_active"); $(this.get("rel")).setStyle("display", ""); }); $$(".minside_fane_active").fireEvent("click");'); ess::$b->page->add_css(' .minside_fane_active, .minside_fane_active:hover { color: #CCFF00; }'); echo ' <div class="col2_w"> <div class="col_w left"> <div class="col"> <div class="bg1_c"> <h1 class="bg1">Oversikt<span class="left2"></span><span class="right2"></span></h1> <div class="bg1">'; // hent blokkeringer for brukeren $result = \Kofradia\DB::get()->query("SELECT ub_id, ub_type, ub_time_expire, ub_reason FROM users_ban WHERE ub_u_id = " . page_min_side::$active_user->id . " AND ub_time_expire > " . time()); if ($result->rowCount() > 0) { while ($row = $result->fetch()) { $access = access::has(blokkeringer::$types[$row['ub_type']]['access']); echo ' <p>Blokkert: ' . ($access ? '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=blokk&t={$row['ub_type']}")) . '">' : '') . htmlspecialchars(blokkeringer::$types[$row['ub_type']]['title']) . ($access ? '</a>' : '') . ' (til ' . ess::$b->date->get($row['ub_time_expire'])->format(date::FORMAT_SEC) . ', ' . game::counter($row['ub_time_expire'] - time()) . ')</p>'; } } echo ' <p>Trykk deg inn på de forskjellige spillerene til brukeren for å se informasjon knyttet opp mot dem.</p> </div> </div> </div> </div> <div class="col_w right"> <div class="col"> <div class="bg1_c"> <h1 class="bg1">Crewnotat for brukeren<span class="left2"></span><span class="right2"></span></h1> <p class="h_right"><a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=enote")) . '">rediger</a></p> <div class="bg1"> <p>Her kan hvem som helst i crewet legge til eller endre et notat for denne brukeren for å memorere ting som har med <u>brukeren</u> å gjøre.</p>' . (empty(page_min_side::$active_user->data['u_note_crew']) ? ' <p>Ingen notat er registrert.</p>' : ' <div class="p">' . game::bb_to_html(page_min_side::$active_user->data['u_note_crew']) . '</div>') . ' </div> </div> </div> </div> </div> <p class="c"><a class="minside_fane_link minside_fane_active" rel="minside_fane2">Loggoppføringer</a> | <a class="minside_fane_link" rel="minside_fane1">Rapporteringer</a></p> <div id="minside_fane1" class="minside_fane"> <p class="c">Filter: <a id="minside_reports_from">Brukerens egne rapporteringer</a> | <a id="minside_reports_to">Andres rapporteringer</a> | <a id="minside_reports_all">Alle</a></p> <div id="minside_reports"> <p>Laster inn..</p> </div> </div> <div id="minside_fane2" class="minside_fane"> <p class="c">Loggoppføringer for denne brukeren</p>'; // hent loggene for denne brukeren $pagei = new pagei(pagei::ACTIVE_GET, "side", pagei::PER_PAGE, 50); $result = $pagei->query("SELECT lc_id, lc_up_id, lc_time, lc_lca_id, lc_a_up_id, lc_log FROM log_crew JOIN users_players ON up_u_id = " . page_min_side::$active_user->id . " WHERE lc_a_up_id = up_id ORDER BY lc_time DESC"); // ingen handlinger? if ($result->rowCount() == 0) { echo ' <p class="c">Ingen oppføringer eksisterer.</p>'; } else { $rows = array(); while ($row = $result->fetch()) { $rows[$row['lc_id']] = $row; } $data = crewlog::load_summary_data($rows); $logs = array(); foreach ($data as $row) { // hent sammendrag $summary = crewlog::make_summary($row, NULL, $row['lc_a_up_id'] != page_min_side::$active_player->id); $day = ess::$b->date->get($row['lc_time'])->format(date::FORMAT_NOTIME); $logs[$day][] = '<p><span class="time">' . ess::$b->date->get($row['lc_time'])->format("H:i") . ':</span> ' . $summary . '</p>'; } ess::$b->page->add_css('.crewlog .time { color: #888888; padding-right: 5px }'); foreach ($logs as $day => $items) { echo ' <div class="bg1_c"> <h1 class="bg1">' . $day . '<span class="left2"></span><span class="right2"></span></h1> <div class="bg1 crewlog"> ' . implode(' ', $items) . ' </div> </div>'; } echo ' <p class="c">' . $pagei->pagenumbers() . '</p>'; } echo ' </div>'; } elseif ($subpage2 == "addlog" && access::has("forum_mod")) { // legge til? if (isset($_POST['notat'])) { $notat = trim(postval("notat")); $notat_bb = trim(game::bb_to_html($notat)); if (empty($notat_bb)) { ess::$b->page->add_message("Notatet kan ikke være tomt.", "error"); } else { // legg til i crewloggen crewlog::log("user_add_note", page_min_side::$active_player->id, $notat); ess::$b->page->add_message("Notatet ble registrert."); redirect::handle(page_min_side::addr()); } } ess::$b->page->add_title("Nytt notat"); ess::$b->page->add_js_domready('$("notat_felt").focus();'); echo ' <div class="bg1_c"> <h1 class="bg1">Legg til notat i crewloggen<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <p>Notat: (Vil bli lagt til som vanlig logg i <a href="' . htmlspecialchars(page_min_side::addr(NULL)) . '">Crewloggen</a>.)</p> <form action="" method="post"> <p><textarea name="notat" id="notat_felt" rows="10" cols="30" style="width: 98%; overflow: auto">' . htmlspecialchars(postval("notat")) . '</textarea></p> <p>' . show_sbutton("Legg til notat") . '</p> </form> </div> </div>'; } elseif ($subpage2 == "blokk") { ess::$b->page->add_title("Blokkeringer"); $type = false; if (isset($_GET['t'])) { // kontroller type $type_id = intval($_GET['t']); // fant ikke? if (!isset(blokkeringer::$types[$type_id])) { ess::$b->page->add_message("Ugyldig type '.{$type_id}.'.", "error"); } else { $type = blokkeringer::$types[$type_id]; // har vi tilgang til å gjøre noe med denne blokkeringen? if (!access::has($type['access'])) { ess::$b->page->add_message('Du har ikke tilgang til denne typen blokkering. (' . htmlspecialchars($type['title']) . ')', "error"); $type = false; } } } // vise en type blokkering? if ($type) { redirect::store(page_min_side::addr(NULL, "b=blokk&t={$type_id}")); // sjekk om det er en aktiv blokkering for denne typen $active = blokkeringer::check($type_id, page_min_side::$active_user->id); if ($active) { // hent informasjon om blokkeringen $info = blokkeringer::get_info($active['ub_id']); } // handling: legg til blokkering if (isset($_POST['add']) && $active) { ess::$b->page->add_message("Det er allerede en blokkering på brukeren som varer til " . ess::$b->date->get($active['ub_time_expire'])->format() . ".", "error"); } elseif (isset($_POST['add'])) { // kontroller verdier $date_type = isset($_POST['date_type']) && $_POST['date_type'] == "abs" ? "abs" : "rel"; $rel_weeks = intval(postval("rel_weeks")); $rel_days = intval(postval("rel_days")); $rel_hours = intval(postval("rel_hours")); $rel_mins = intval(postval("rel_mins")); $abs_date = postval("abs_date"); $abs_time = postval("abs_time"); // sjekk type og verdiene $expire = false; // bestemt dato/tidspunkt if ($date_type == "abs") { // kontroller datoen if (!($abs_date_m = check_date($abs_date, "%y-%m-%d"))) { ess::$b->page->add_message('Datoen du skrev inn er ikke gyldig.', "error"); } elseif (!($abs_time_m = check_date($abs_time, "%h:%i:%s"))) { ess::$b->page->add_message('Tidspunktet du skrev inn er ikke gyldig.', "error"); } else { // ok $date = ess::$b->date->get(); $date->setTime($abs_time_m[1], $abs_time_m[2], $abs_time_m[3]); $date->setDate($abs_date_m[1], $abs_date_m[2], $abs_date_m[3]); $expire = $date->format("U"); } } else { // sjekk uker if ($rel_weeks < 0 || $rel_weeks > 9) { ess::$b->page->add_message('Antall uker kan ikke være under 0 eller over 9.', "error"); } elseif ($rel_days < 0 || $rel_days > 6) { ess::$b->page->add_message('Antall dager kan ikke være under 0 eller over 6.', "error"); } elseif ($rel_hours < 0 || $rel_hours > 23) { ess::$b->page->add_message('Antall timer kan ikke være under 0 eller over 23.', "error"); } elseif ($rel_mins < 0 || $rel_mins > 59) { ess::$b->page->add_message('Antall minutter kan ikke være under 0 eller over 59.', "error"); } else { // ok $expire = time() + $rel_weeks * 604800 + $rel_days * 86400 + $rel_hours * 3600 + $rel_mins * 60; } } // sjekke videre? if ($expire) { // sjekk at datoen er minst 1 min fremover i tid if ($expire < time() + 60) { ess::$b->page->add_message('Du kan ikke legge til en blokkering for mindre enn 1 minutt.', "error"); } else { // kontroller begrunnelse og intern informasjon $log = trim(postval("log")); $note = trim(postval("note")); // mangler begrunnelse? if ($log == "") { ess::$b->page->add_message('Mangler begrunnelse.', "error"); } elseif ($note == "") { ess::$b->page->add_message("Mangler intern informasjon", "error"); } else { // forsøk å legg til blokkeringen $add = blokkeringer::add(page_min_side::$active_user->id, $type_id, $expire, $log, $note); if ($add !== true) { ess::$b->page->add_message("Det er allerede en blokkering på brukeren som varer til " . ess::$b->date->get($add['ub_time_expire'])->format() . ".", "error"); } else { // legg til crewlogg crewlog::log("user_ban_active", page_min_side::$active_player->id, $log, array("type" => $type_id, "time_end" => $expire, "note" => $note)); ess::$b->page->add_message('Brukeren er nå blokkert til ' . ess::$b->date->get($expire)->format() . '. (' . htmlspecialchars($type['title']) . ')'); redirect::handle(); } } } } } elseif (isset($_POST['edit']) && !$active) { // ingen blokkering å redigere? ess::$b->page->add_message("Brukeren har ikke lengre denne blokkeringen.", "error"); } elseif (isset($_POST['edit'])) { // godkjent handling? if (isset($_POST['log_change'])) { // kontroller verdier $date = postval("date"); $time = postval("time"); // kontroller datoen if (!($date_m = check_date($date, "%y-%m-%d"))) { ess::$b->page->add_message('Datoen du skrev inn er ikke gyldig.', "error"); } elseif (!($time_m = check_date($time, "%h:%i:%s"))) { ess::$b->page->add_message('Tidspunktet du skrev inn er ikke gyldig.', "error"); } else { $date = ess::$b->date->get(); $date->setTime($time_m[1], $time_m[2], $time_m[3]); $date->setDate($date_m[1], $date_m[2], $date_m[3]); $expire = $date->format("U"); // sjekk at datoen er minst 1 min fremover i tid if ($expire < time() + 60) { ess::$b->page->add_message('Du kan ikke legge til en blokkering for mindre enn 1 minutt.', "error"); } else { // kontroller begrunnelse for utestengelse, begrunnelse for endring og intern informasjon $log_ban = trim(postval("log_ban")); $log_change = trim(postval("log_change")); $note = trim(postval("note")); // mangler begrunnelse for endring? if ($log_change == "") { ess::$b->page->add_message('Mangler begrunnelse for endring.', "error"); } elseif ($log_ban == "") { ess::$b->page->add_message('Mangler begrunnelse for utestengelse.', "error"); } elseif ($note == "") { ess::$b->page->add_message('Mangler intern informasjon.', "error"); } elseif ($expire == $info['ub_time_expire'] && $log_ban == $info['ub_reason'] && $note == $info['ub_note']) { ess::$b->page->add_message('Ingen endringer ble utført.', "error"); } else { // oppdater blokkeringen $edit = blokkeringer::edit($active['ub_id'], $expire, $log_ban, $note); if ($edit == 0) { ess::$b->page->add_message("Blokkeringen kunne ikke bli oppdatert. Den er mest sannsynlig ikke lengre aktiv.", "error"); } else { // legg til crewlogg $data = array("type" => $type_id, "time_end_old" => $info['ub_time_expire'], "log_old" => $info['ub_reason'], "note_old" => $info['ub_note']); if ($expire != $info['ub_time_expire']) { $data["time_end_new"] = $expire; } if ($log_ban != $info['ub_reason']) { $data["log_new"] = $log_ban; } if ($note != $info['ub_note']) { $data["note_new"] = $note; } crewlog::log("user_ban_change", page_min_side::$active_player->id, $log_change, $data); ess::$b->page->add_message('Du har oppdatert blokkeringen. Brukeren er nå blokkert til ' . ess::$b->date->get($expire)->format() . '. (' . htmlspecialchars($type['title']) . ')'); redirect::handle(); } } } } } } elseif (isset($_POST['delete']) && !$active) { // ingen blokkering å slette? ess::$b->page->add_message("Brukeren har ikke lengre denne blokkeringen.", "error"); } elseif (isset($_POST['delete'])) { // godkjent handling? if (isset($_POST['log'])) { $log = trim(postval("log")); // mangler logg? if ($log == "") { ess::$b->page->add_message('Mangler begrunnelse.', "error"); } else { // fjern blokkeringen $delete = blokkeringer::delete($active['ub_id']); if ($delete == 0) { ess::$b->page->add_message("Blokkeringen kunne ikke bli oppdatert. Den er mest sannsynlig ikke lengre aktiv.", "error"); } else { // legg til crewlogg crewlog::log("user_ban_delete", page_min_side::$active_player->id, $log, array("type" => $type_id, "time_end" => $info['ub_time_expire'], "log" => $info['ub_reason'], "note" => $info['ub_note'])); ess::$b->page->add_message('Du har fjernet blokkeringen. (' . htmlspecialchars($type['title']) . ')'); redirect::handle(); } } } } echo ' <div class="bg1_c" style="width: 350px"> <h1 class="bg1">Blokkering: ' . htmlspecialchars($type['title']) . '<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <boxes /> <p class="r">Tilgangsnivå: ' . access::name($type['access']) . '</p> <p><u>Hensikt:</u> ' . $type['description'] . '</p>'; // blokkert? if ($active) { echo ' <p>Brukeren er blokkert.</p> <dl class="dd_right"> <dt>Lagt til</dt> <dd>' . ess::$b->date->get($info['ub_time_added'])->format(date::FORMAT_SEC) . '<br />' . game::timespan($info['ub_time_added'], game::TIME_ABS | game::TIME_ALL, 5) . '</dd> <dt>Utestengt til</dt> <dd>' . ess::$b->date->get($info['ub_time_expire'])->format(date::FORMAT_SEC) . '<br />' . game::counter($info['ub_time_expire'] - time()) . '</dd> </dl> <div class="section"> <h2>Begrunnelse</h2> <div class="p">' . (($reason = game::bb_to_html($info['ub_reason'])) == "" ? 'Ikke oppgitt.' : $reason) . '</div> <h2>Intern informasjon</h2> <div class="p">' . (($note = game::bb_to_html($info['ub_note'])) == "" ? 'Ikke oppgitt.' : $note) . '</div> </div>'; // handling: redigere blokkering if (isset($_POST['edit'])) { echo ' <p>Du er i ferd med å endre blokkeringen til brukeren.</p> <form action="" method="post"> <dl class="dd_right dl_2x"> <dt>Til</dt> <dd> Dato: <input type="text" name="date" id="ban_date" value="' . htmlspecialchars(postval("date", ess::$b->date->get($info['ub_time_expire'])->format("Y-m-d"))) . '" class="styled w80" /> <input type="text" name="time" id="ban_time" value="' . htmlspecialchars(postval("time", ess::$b->date->get($info['ub_time_expire'])->format("H:i:s"))) . '" class="styled w80" /> </dd> <dt>Begrunnelse for endring</dt> <dd><textarea name="log_change" cols="30" rows="5">' . htmlspecialchars(postval("log_change")) . '</textarea></dd> <dt>Begrunnelse for blokkering</dt> <dd><textarea name="log_ban" cols="30" rows="5">' . htmlspecialchars(postval("log_ban", $info['ub_reason'])) . '</textarea></dd> <dt>Intern informasjon</dt> <dd><textarea name="note" cols="30" rows="5">' . htmlspecialchars(postval("note", $info['ub_note'])) . '</textarea></dd> <dd> ' . show_sbutton("Lagre endringer", 'name="edit"') . ' ' . show_sbutton("Avbryt") . ' </dd> </dl> </form>'; } elseif (isset($_POST['delete'])) { echo ' <p>Du er i ferd med å fjerne blokkeringen til brukeren.</p> <form action="" method="post"> <dl class="dd_right dl_2x"> <dt>Begrunnelse for fjerning</dt> <dd><textarea name="log" cols="30" rows="5">' . htmlspecialchars(postval("log")) . '</textarea></dd> <form action="" method="post"> <dd> ' . show_sbutton("Fjern", 'name="delete"') . ' ' . show_sbutton("Avbryt") . ' </dd> </form> </dl> </form>'; } else { echo ' <form action="" method="post"> <p> ' . show_sbutton("Endre", 'name="edit"') . ' ' . show_sbutton("Fjern", 'name="delete"') . ' <a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=blokk")) . '" class="button">Tilbake</a> </p> </form>'; } } else { $date_type = isset($_POST['type']) && $_POST['type'] == "abs" ? "abs" : "rel"; $hide_rel = $date_type == "rel" ? '' : ' hide'; $hide_abs = $date_type == "abs" ? '' : ' hide'; echo ' <p>Brukeren har ingen aktiv blokkering.</p> <form action="" method="post"> <input type="hidden" name="date_type" value="' . $date_type . '" /> <dl class="dd_right dl_2x"> <dt class="date_rel' . $hide_rel . '">Varighet (<a href="#" onclick="handleClass(\'.date_abs\', \'.date_rel\', event, this.parentNode.parentNode); $(\'date_type\').value=\'abs\'">velg dato</a>)</dt> <dd class="date_rel' . $hide_rel . '"> <input type="text" name="rel_weeks" class="styled w30 r" style="width: 10px" value="' . intval(postval("rel_weeks")) . '" maxlength="1" /> uker <input type="text" name="rel_days" class="styled w30 r" style="width: 10px" value="' . intval(postval("rel_days")) . '" maxlength="1" /> dager <input type="text" name="rel_hours" class="styled w30 r" style="width: 17px" value="' . intval(postval("rel_hours")) . '" maxlength="2" /> timer <input type="text" name="rel_mins" class="styled w30 r" style="width: 17px" value="' . intval(postval("rel_mins")) . '" maxlength="2" /> minutter </dd> <dt class="date_abs' . $hide_abs . '">Til (<a href="#" onclick="handleClass(\'.date_rel\', \'.date_abs\', event, this.parentNode.parentNode); $(\'date_type\').value=\'rel\'">velg varighet</a>)</dt> <dd class="date_abs' . $hide_abs . '"> Dato: <input type="text" name="abs_date" value="' . htmlspecialchars(postval("abs_date", ess::$b->date->get()->format("Y-m-d"))) . '" class="styled w80" /> <input type="text" name="abs_time" value="' . htmlspecialchars(postval("abs_time", ess::$b->date->get()->format("H:i:s"))) . '" class="styled w60" /> </dd> <dt>Begrunnelse</dt> <dd><textarea name="log" cols="30" rows="5">' . htmlspecialchars(postval("log")) . '</textarea></dd> <dt>Intern informasjon</dt> <dd><textarea name="note" cols="30" rows="5">' . htmlspecialchars(postval("note")) . '</textarea></dd> <dd> ' . show_sbutton("Legg til blokkering", 'name="add"') . ' <a href="' . htmlspecialchars(page_min_side::addr(NULL, "a=blokk")) . '" class="button">Tilbake</a> </dd> </dl> </form>'; } echo ' </div> </div>'; } else { // filtrer ut de blokkeringene vi har tilgang til å sette $types = blokkeringer::$types; $links = array(); foreach ($types as $id => $type) { if (!access::has($type['access'])) { continue; } $links[$type['title']] = ' <li><a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=blokk&t={$id}")) . '" title="' . htmlspecialchars($type['description']) . '">' . htmlspecialchars($type['title']) . '</a></li>'; } // sorter ksort($links); $links = implode('', $links); // vis oversikt echo ' <div class="bg1_c" style="width: 350px"> <h1 class="bg1">Blokkeringer<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <p>Velg type:</p>'; if ($links == '') { echo ' <p>Du har ikke tilgang til noen blokkeringstyper.</p>'; } else { echo ' <ul>' . $links . ' </ul>'; } echo ' </div> </div>'; // hent alle aktive blokkeringer $result = \Kofradia\DB::get()->query("SELECT ub_type, ub_time_expire, ub_reason FROM users_ban WHERE ub_u_id = " . page_min_side::$active_user->id . " AND ub_time_expire > " . time() . " ORDER BY ub_time_expire"); if ($result->rowCount() > 0) { echo ' <div class="bg1_c" style="width: 350px"> <h1 class="bg1">Aktive blokkeringer<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <table class="table tablem" style="width: 100%"> <thead> <tr> <th>Type</th> <th>Dato</th> <th>Begrunnelse</th> </tr> </thead> <tbody>'; $i = 0; while ($row = $result->fetch()) { $type = blokkeringer::get_type($row['ub_type']); $access = access::has($type['access']); echo ' <tr' . (++$i % 2 == 0 ? ' class="color"' : '') . '> <td>' . ($access ? '<a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=blokk&t={$row['ub_type']}")) . '">' : '') . htmlspecialchars($type['title']) . ($access ? '</a>' : '') . '</td> <td> ' . ess::$b->date->get($row['ub_time_expire'])->format(date::FORMAT_SEC) . '<br /> (' . game::timespan($row['ub_time_expire'], game::TIME_ABS | game::TIME_ALL, 5) . ') </td> <td>' . game::format_data($row['ub_reason'], "bb-opt", "Ingen begrunnelse gitt.") . '</td> </tr>'; } echo ' </tbody> </table> </div> </div>'; } } } elseif ($subpage2 == "send_email") { ess::$b->page->add_title("Send e-post"); // har tekst? $show_form = true; if (isset($_POST['text']) && !isset($_POST['edit'])) { $subject = trim(postval("subject")); $text = trim(postval("text")); // mangler emne? if (empty($subject)) { ess::$b->page->add_message("Du må fylle ut emnefeltet.", "error"); } elseif (empty($text)) { ess::$b->page->add_message("Du må fylle ut innholdet.", "error"); } else { $email_subject = $subject; $email_text = $text . "\n\n--\n" . login::$user->player->data['up_name'] . "\nwww.kofradia.no\n\nDenne meldingen ble sendt til " . page_min_side::$active_user->data['u_email'] . " som tilhører " . page_min_side::$active_player->data['up_name']; // godkjent? if (isset($_POST['send'])) { // send e-posten $email = new email(); $email->text = $email_text; $email->headers['BCC'] = "*****@*****.**"; $email->headers['Reply-To'] = "*****@*****.**"; $email->send(page_min_side::$active_user->data['u_email'], $email_subject); // legg til crewlogg crewlog::log("user_send_email", page_min_side::$active_player->id, NULL, array("email" => page_min_side::$active_user->data['u_email'], "email_subject" => $email_subject, "email_content" => $email_text)); ess::$b->page->add_message("E-posten ble sendt til " . htmlspecialchars(page_min_side::$active_user->data['u_email']) . "."); redirect::handle(page_min_side::addr("")); } echo ' <div class="bg1_c" style="width: 400px"> <h1 class="bg1">Send e-post<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <p><b>Mottaker:</b> ' . htmlspecialchars(page_min_side::$active_user->data['u_email']) . '</p> <p><b>Emne:</b> ' . htmlspecialchars($email_subject) . '</p> <p style="font-family: monospace">' . nl2br(htmlspecialchars($email_text)) . '</p> <form action="" method="post"> <input type="hidden" id="email_subject" name="subject" value="' . htmlspecialchars($subject) . '" /> <input type="hidden" id="email_text" name="text" value="' . htmlspecialchars($text) . '" /> <p>' . show_sbutton("Send e-posten", 'name="send"') . ' ' . show_sbutton("Tilbake / endre", 'name="edit"') . '</p> </form> </div> </div>'; $show_form = false; } } if ($show_form) { ess::$b->page->add_js_domready('$("email_subject").focus();'); echo ' <div class="bg1_c" style="width: 400px"> <h1 class="bg1">Send e-post<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <boxes /> <p>Her sender du e-post til brukeren på vegne av Kofradia. Avsender vil være den normale avsendere all e-post fra Kofradia blir sendt fra.</p> <form action="" method="post"> <dl class="dd_right dl_2x"> <dt>Mottaker</dt> <dd>' . htmlspecialchars(page_min_side::$active_user->data['u_email']) . '</dd> <dt>Emne</dt> <dd><input type="text" value="' . htmlspecialchars(postval("subject")) . '" name="subject" id="email_subject" class="styled w200" /></dd> <dt>Innhold</dt> <dd><textarea name="text" id="email_text" cols="50" rows="10">' . htmlspecialchars(postval("text", "Hei,\n\n")) . '</textarea></dd> <dd>' . show_sbutton("Forhåndsvis / fortsett") . '</dd> </dl> </form> </div> </div>'; } } elseif ($subpage2 == "warning") { ess::$b->page->add_title("Gi advarsel til brukeren"); $types = crewlog::$user_warning_types; // legge til advarsel? if (isset($_POST['log'])) { $log = trim(postval("log")); $note = trim(postval("note")); $type = postval("type"); $priority = (int) postval("priority"); $notify = isset($_POST['notify']); if (empty($log) || empty($note)) { ess::$b->page->add_message("Både begrunnelse og intern informasjon må fylles ut.", "error"); } elseif (!isset($types[$type])) { ess::$b->page->add_message("Ugyldig kategori.", "error"); } elseif ($priority < 1 || $priority > 3) { ess::$b->page->add_message("Ugylig alvorlighet.", "error"); } else { $data = array("type" => $types[$type], "note" => $note, "priority" => $priority); // legge til spillerlogg? if ($notify) { $data['notified'] = 1; $data['notified_id'] = player::add_log_static(gamelog::$items['advarsel'], urlencode($types[$type]) . ':' . urlencode($log), NULL, page_min_side::$active_player->id); ess::$b->page->add_message("Advarselen ble lagret. Brukeren ble informert."); } else { ess::$b->page->add_message("Advarselen ble lagret. Du har ikke informert brukeren om denne advarselen."); } // legg til advarselen crewlog::log("user_warning", page_min_side::$active_player->id, $log, $data); redirect::handle(); } } echo ' <div class="bg1_c" style="width: 400px"> <h1 class="bg1">Gi advarsel til brukeren<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <form action="" method="post"> <boxes /> <p>Dette kan benyttes som et verktøy for å gi advarsler til brukere. Det kan velges om brukeren skal motta advarselen eller ikke. Hvis man ikke velger å informere brukeren om noe, blir det alikevel søkbart i crewloggen for brukeren.</p> <p>Alvorligheten av advarselen blir benyttet for å automatisere en poengsum brukeren får avhengig av antall advarseler. En advarsel med høy alvorlighet varer lenger og teller mer enn en med lav alvorlighet.</p> <dl class="dd_right"> <dt>Kategori</dt> <dd> <select name="type">'; $type = isset($_POST['type']) && isset($types[$_POST['type']]) ? intval($_POST['type']) : false; if ($type === false) { echo ' <option value="">Velg ..</option>'; } foreach ($types as $key => $row) { echo ' <option value="' . $key . '"' . ($key === $type ? ' selected="selected"' : '') . '>' . htmlspecialchars($row) . '</option>'; } echo ' </select> </dd> <dt>Alvorlighet/prioritet</dt> <dd> <select name="priority">'; $priority = isset($_POST['priority']) && is_numeric($_POST['priority']) && $_POST['priority'] >= 1 && $_POST['priority'] <= 3 ? $_POST['priority'] : 2; echo ' <option value="1"' . ($priority == 1 ? ' selected="selected"' : '') . '>Lav</option> <option value="2"' . ($priority == 2 ? ' selected="selected"' : '') . '>Moderat</option> <option value="3"' . ($priority == 3 ? ' selected="selected"' : '') . '>Høy</option> </select> </dd> </dl> <p>Begrunnelse:</p> <p><textarea name="log" rows="10" cols="30" style="width: 98%">' . htmlspecialchars(postval("log")) . '</textarea></p> <p>Intern informasjon:</p> <p><textarea name="note" rows="10" cols="30" style="width: 98%">' . htmlspecialchars(postval("note")) . '</textarea></p> <p><input type="checkbox" name="notify"' . ($_SERVER['REQUEST_METHOD'] == "POST" && !isset($_POST['notify']) ? '' : ' checked="checked"') . ' id="warning_notify" /><label for="warning_notify"> Gi brukeren informasjon om denne advarselen. Kun kategori og begrunnelse vil bli oppgitt til brukeren som en logg i hendelser.</label></p> <p class="c">' . show_sbutton("Lagre") . '</p> </form> </div> </div>'; // analyser advarsler $lca_id = crewlog::$actions['user_warning'][0]; $pagei = new pagei(pagei::ACTIVE_GET, "side", pagei::PER_PAGE, 15); $result = $pagei->query("\n\t\t\t\tSELECT lc_id, lc_up_id, lc_time, lc_log, lcd_data_int\n\t\t\t\tFROM log_crew\n\t\t\t\t\tJOIN users_players ON lc_a_up_id = up_id AND up_u_id = " . page_min_side::$active_user->id . "\n\t\t\t\t\tLEFT JOIN log_crew_data ON lcd_lc_id = lc_id AND lcd_lce_id = 5\n\t\t\t\tWHERE lc_lca_id = {$lca_id} AND (lcd_data_int IS NULL OR lcd_data_int = 0)\n\t\t\t\tORDER BY lc_time DESC"); $data = array(); while ($row = $result->fetch()) { $data[$row['lc_id']] = $row; } // sett opp data $data = crewlog::load_summary_data($data); echo ' <div class="bg1_c ' . (count($data) == 0 ? 'xsmall' : 'medium') . '"> <h1 class="bg1">Tidligere advarsler<span class="left2"></span><span class="right2"></span></h1> <div class="bg1">'; if (count($data) == 0) { echo ' <p>Brukeren har ingen tidligere advarsler.</p>'; } else { ess::$b->page->add_css(' .advarsel { border: 1px solid #292929; margin: 10px 0; padding: 0 10px }'); foreach ($data as $row) { $priority = $row['data']['priority'] == 1 ? "lav" : ($row['data']['priority'] == 2 ? "moderat" : "høy"); echo ' <div class="advarsel"> <p><b>' . ess::$b->date->get($row['lc_time'])->format() . '</b>: ' . $row['data']['type'] . ' (alvorlighet: <b>' . $priority . '</b>):</p> <ul> <li>' . game::format_data($row['lc_log']) . '</li> <li>Internt notat: ' . game::format_data($row['data']['note']) . '</li> </ul> <p>' . (empty($row['data']['notified']) ? 'Ble IKKE varslet.' : 'Ble varslet.') . ' Av <user id="' . $row['lc_up_id'] . '" /></p> </div>'; } echo ' <p class="c">' . $pagei->pagenumbers() . '</p>'; } echo ' </div> </div>'; } elseif ($subpage2 == "enote") { ess::$b->page->add_title("Endre notat for bruker"); // lagre endringer? if (isset($_POST['notat'])) { $notat = postval("notat"); if ($notat == page_min_side::$active_user->data['u_note_crew']) { ess::$b->page->add_message("Ingen endringer ble utført.", "error"); } else { \Kofradia\DB::get()->exec("UPDATE users SET u_note_crew = " . \Kofradia\DB::quote($notat) . " WHERE u_id = " . page_min_side::$active_user->id); // legg til crewlogg crewlog::log("user_note_crew", page_min_side::$active_player->id, NULL, array("note_old" => page_min_side::$active_user->data['u_note_crew'], "note_diff" => diff::make(page_min_side::$active_user->data['u_note_crew'], $notat))); ess::$b->page->add_message("Notatet ble endret."); redirect::handle(); } } echo ' <div class="bg1_c" style="width: 400px"> <h1 class="bg1">Endre crewnotat for bruker<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <form action="" method="post"> <p>Dette endrer notatet som er tilknyttet brukeren. Du kan også tilknytte <a href="' . htmlspecialchars(page_min_side::addr(NULL, "b=enote", "player")) . '">informasjon til spilleren</a>, hvis det heller er ønskelig.</p> <p>Notat:</p> <p><textarea name="notat" rows="10" cols="30" style="width: 98%">' . htmlspecialchars(page_min_side::$active_user->data['u_note_crew']) . '</textarea></p> <p class="c">' . show_sbutton("Lagre") . '</p> </form> </div> </div>'; } elseif ($subpage2 == "level" && access::has("admin")) { // nivåer man kan bytte til static $levels = array(1 => "Vanlig bruker", 14 => "Skjult nostat (crewtilgang)", -4 => "Ressurs", 12 => "Ressurs (nostat)", 13 => "Utvikler", 4 => "Forummoderator", 6 => "Forummoderator (nostat)", 5 => "Moderator", 11 => "Seniormoderator"); if (access::has("sadmin")) { $levels[7] = "Administrator"; } if (access::has("sadmin")) { $levels[8] = "Superadministrator"; } // kan vi ikke endre brukernivået til denne brukeren? if (!isset($levels[page_min_side::$active_user->data['u_access_level']])) { ess::$b->page->add_message("Du har ikke rettigheter til å endre tilgangsnivået til denne brukeren.", "error"); redirect::handle(page_min_side::addr()); } // endre brukernivå? if (isset($_POST['level'])) { $level = intval($_POST['level']); $log = trim(postval("log")); // samme brukernivå? if ($level == page_min_side::$active_user->data['u_access_level']) { ess::$b->page->add_message("Du må velge et nytt tilgangsnivå.", "error"); } elseif (!isset($levels[$level])) { ess::$b->page->add_message("Ugyldig tilgangsnivå."); } elseif (empty($log)) { ess::$b->page->add_message("Mangler begrunnelse."); } else { // endre tilgangsnivå $old = page_min_side::$active_user->data['u_access_level']; if (page_min_side::$active_user->change_level($level, isset($_POST['no_update_up']))) { // e-post logg sysreport::log("Endring av tilgangsnivå: " . login::$user->player->data['up_name'] . " endret tilgangsnivået til " . page_min_side::$active_user->data['u_email'] . " (" . page_min_side::$active_player->data['up_name'] . ") fra {$levels[$old]} til {$levels[$level]} {$__server['path']}/min_side?u_id=" . page_min_side::$active_user->id . "\n\nBegrunnelse: " . strip_tags(game::format_data($log)), "Kofradia: Endring av tilgangsnivå for " . page_min_side::$active_user->data['u_email'] . " (" . page_min_side::$active_player->data['up_name'] . ")"); // finn totalt beløp spilleren har $result = \Kofradia\DB::get()->query("SELECT up_cash + up_bank FROM users_players WHERE up_id = " . page_min_side::$active_player->id); $money = $result->fetchColumn(0); // crewlogg $data = array("level_old" => $old, "level_old_text" => $levels[$old], "level_new" => $level, "level_new_text" => $levels[$level], "money" => $money, "points" => page_min_side::$active_player->data['up_points']); if (page_min_side::$active_player->active && !isset($_POST['no_update_up'])) { $data['up_id'] = page_min_side::$active_player->id; } crewlog::log("user_level", page_min_side::$active_player->id, $log, $data); putlog("CREWCHAN", "%bEndring av tilgangsnivå%b: " . login::$user->player->data['up_name'] . " endret tilgangsnivået til " . page_min_side::$active_user->data['u_email'] . " (" . page_min_side::$active_player->data['up_name'] . ") fra {$levels[$old]} til {$levels[$level]} {$__server['path']}/min_side?u_id=" . page_min_side::$active_user->id); ess::$b->page->add_message('Tilgangsnivået ble endret fra <b>' . htmlspecialchars($levels[$old]) . '</b> til <b>' . htmlspecialchars($levels[$level]) . '</b>.'); } else { ess::$b->page->add_message("Tilgangsnivået kunne ikke endres.", "error"); } redirect::handle(); } } echo ' <div class="bg1_c" style="width: 350px"> <h1 class="bg1">Endre tilgangsnivå for bruker<span class="left2"></span><span class="right2"></span></h1> <div class="bg1">' . (page_min_side::$active_player->active ? ' <p>Dette vil automatisk berøre spilleren ' . page_min_side::$active_player->profile_link() . '.<p>' : ' <p>Dette vil kun ha innvirkning på brukeren, siden det ikke er noen aktiv spiller.</p>') . ' <form action="" method="post"> <dl class="dd_right"> <dt>Nåværende tilgangsnivå</dt> <dd>' . $levels[page_min_side::$active_user->data['u_access_level']] . '</dd> <dt>Nytt tilgangsnivå</dt> <dd> <select name="level">'; $level = intval(postval("level", page_min_side::$active_user->data['u_access_level'])); foreach ($levels as $id => $name) { echo ' <option value="' . $id . '"' . ($level == $id ? ' selected="selected"' : '') . '>' . htmlspecialchars($name) . '</option>'; } echo ' </select> </dd> <dt>Begrunnelse</dt> <dd><textarea name="log" id="log" cols="30" rows="5">' . htmlspecialchars(postval("log")) . '</textarea></dd> </dl>' . (page_min_side::$active_player->active ? ' <p><input type="checkbox" id="no_update_up" name="no_update_up"' . (isset($_POST['no_update_up']) ? ' checked="checked"' : '') . ' /><label for="no_update_up"> Ikke oppdater det visuelle tilgangsnivået til ' . page_min_side::$active_player->profile_link() . '</label></p>' : '') . ' <p class="c">' . show_sbutton("Endre tilgangsnivå") . '</p> </form> </div> </div>'; } elseif ($subpage2 == "banka" && access::has("mod")) { // lagre nytt passord if (isset($_POST['bank_auth'])) { $bank_auth = postval("bank_auth"); $log = trim(postval("log")); // for kort? if (mb_strlen($bank_auth) < 6) { ess::$b->page->add_message("Passordet må inneholde minst 6 tegn.", "error"); } elseif (password::verify_hash($bank_auth, page_min_side::$active_user->data['u_bank_auth'], 'bank_auth')) { ess::$b->page->add_message("Passordet er det samme som nåværende.", "error"); } elseif ($log == "") { ess::$b->page->add_message("Mangler begrunnelse.", "error"); } else { $newpass = password::hash($bank_auth, null, 'bank_auth'); \Kofradia\DB::get()->exec("UPDATE users SET u_bank_auth = " . \Kofradia\DB::quote($newpass) . " WHERE u_id = " . page_min_side::$active_user->id); // crewlogg crewlog::log("user_bank_auth", page_min_side::$active_player->id, $log, array("pass_old" => page_min_side::$active_user->data['u_bank_auth'], "pass_new" => $newpass)); ess::$b->page->add_message("Bankpassordet ble endret."); redirect::handle(); } } ess::$b->page->add_title("Endre bankpassord"); echo ' <div class="bg1_c" style="width: 350px"> <h1 class="bg1">Endre bankpassord<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <form action="" method="post" autocomplete="off"> <dl class="dd_right"> <dt>Nytt bankpassord</dt> <dd><input type="password" id="bank_auth" class="styled w120" /></dd> <dt>Begrunnelse for endring</dt> <dd><textarea name="log" id="log" cols="30" rows="5">' . htmlspecialchars(postval("log")) . '</textarea></dd> </dl> <p class="c">' . show_sbutton("Lagre") . '</p> </form> </div> </div>'; } elseif ($subpage2 == "phone" && access::has("mod")) { // lagre nytt nummer? if (isset($_POST['phone'])) { $phone = postval("phone"); $log = trim(postval("log")); if (!preg_match("/^47\\d{8}\$/Du", $phone) && $phone != "") { ess::$b->page->add_message("Ugyldig telefonnummer. Må bestå av 10 tall inkludert 47 først.", "error"); } else { // kontroller at nummeret ikke er lagt inn fra før $result = \Kofradia\DB::get()->query("SELECT u_id, u_email, up_id, up_name, up_access_level FROM users, users_players WHERE u_phone = " . \Kofradia\DB::quote($phone) . " AND u_id != " . page_min_side::$active_user->id . " AND up_id = u_active_up_id LIMIT 1"); if ($result->rowCount() > 0) { $row = $result->fetch(); ess::$b->page->add_message('Nummeret er allerede i bruk av <a href="min_side?u_id=' . $row['u_id'] . '">' . htmlspecialchars($row['u_email']) . '</a> (' . game::profile_link($row['up_id'], $row['up_name'], $row['up_access_level']) . ').', "error"); } elseif ($phone == page_min_side::$active_user->data['u_phone']) { ess::$b->page->add_message("Nummeret er det samme som nåværende nummer.", "error"); } elseif ($log == "") { ess::$b->page->add_message("Mangler logg melding."); } else { // lagre nytt nummer \Kofradia\DB::get()->exec("UPDATE users SET u_phone = " . \Kofradia\DB::quote($phone) . " WHERE u_id = " . page_min_side::$active_user->id); crewlog::log("user_phone", page_min_side::$active_player->id, $log, array("phone_old" => page_min_side::$active_user->data['u_phone'], "phone_new" => $phone)); ess::$b->page->add_message('Mobilnummeret ble endret fra <b>' . (empty(page_min_side::$active_user->data['u_phone']) ? 'tomt' : htmlspecialchars(page_min_side::$active_user->data['u_phone'])) . '</b> til <b>' . (empty($phone) ? 'tomt' : $phone) . '</b>.'); } } } ess::$b->page->add_title("Endre mobilnummer"); echo ' <div class="bg1_c" style="width: 350px"> <h1 class="bg1">Endre mobilnummer<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <p>Her endrer du mobilnummeret til brukeren. Dette kan bli brukt til å sende ut forskjellig informasjon.</p> <form action="" method="post"> <dl class="dd_right dl_2x"> <dt>Nåværende nummer</dt> <dd>' . (empty(page_min_side::$active_user->data['u_phone']) ? 'Tomt' : htmlspecialchars(page_min_side::$active_user->data['u_phone'])) . '</dd> <dt>Nytt nummer</dt> <dd><input type="text" maxlength="10" value="' . htmlspecialchars(postval("phone", page_min_side::$active_user->data['u_phone'])) . '" name="phone" class="styled w80" /></dd> <dt>Begrunnelse for endring</dt> <dd><textarea name="log" cols="30" rows="5">' . htmlspecialchars(postval("log")) . '</textarea></dd> </dl> <p class="c">' . show_sbutton("Lagre") . '</p> </form> </div> </div>'; } elseif ($subpage2 == "birth" && access::has("mod")) { // lagre ny fødselsdato? if (isset($_POST['birth_day']) && isset($_POST['birth_month']) && isset($_POST['birth_year'])) { $birth = postval("birth"); // sjekk fødselsdato $birth_day = intval(postval("birth_day")); $birth_month = intval(postval("birth_month")); $birth_year = intval(postval("birth_year")); $date = ess::$b->date->get(); $n_day = $date->format("j"); $n_month = $date->format("n"); $n_year = $date->format("Y"); $age = $n_year - $birth_year - ($n_month < $birth_month || $birth_month == $n_month && $n_day < $birth_day ? 1 : 0); $birth = $birth_year . "-" . str_pad($birth_month, 2, "0", STR_PAD_LEFT) . "-" . str_pad($birth_day, 2, "0", STR_PAD_LEFT); // sjekk om fødselsdatoen er gyldig $birth_date = ess::$b->date->get(); $birth_date->setDate($birth_year, $birth_month, $birth_day); $birth_valid = $birth_date->format("Y-m-d") == $birth; $log = trim(postval("log")); // ugyldig dag? if ($birth_day < 0 || $birth_day > 31) { ess::$b->page->add_message("Du må velge en gyldig dag.", "error"); } elseif ($birth_month < 0 || $birth_month > 12) { ess::$b->page->add_message("Du må velge en gyldig måned.", "error"); } elseif (($birth_year < 1900 || $birth_year > $n_year) && $birth_year !== 0) { ess::$b->page->add_message("Du må velge et gyldig år.", "error"); } elseif (!$birth_valid && $birth !== '0-00-00') { ess::$b->page->add_message("Datoen du fylte inn for fødselsdatoen din eksisterer ikke."); } elseif ($birth == page_min_side::$active_user->data['u_birth']) { ess::$b->page->add_message("Fødselsdatoen ble ikke endret.", "error"); } elseif ($log == "") { ess::$b->page->add_message("Mangler begrunnelse.", "error"); } else { // oppdater \Kofradia\DB::get()->exec("UPDATE users SET u_birth = " . \Kofradia\DB::quote($birth) . " WHERE u_id = " . page_min_side::$active_user->id); // legg til crewlogg crewlog::log("user_birth", page_min_side::$active_player->id, $log, array("birth_old" => page_min_side::$active_user->data['u_birth'], "birth_new" => $birth)); // alder if ($age < 13) { ess::$b->page->add_message("Fødselsdatoen ble satt til <b>{$birth}</b> ({$age} år). Brukeren oppfyller <u>ikke</u> kravet om alder jf. betingelsene."); } else { ess::$b->page->add_message("Fødselsdatoen ble satt til <b>{$birth}</b> ({$age} år)."); } redirect::handle(); } } $birth = explode("-", page_min_side::$active_user->data['u_birth']); $birth_day = isset($birth[2]) ? intval($birth[2]) : 0; $birth_month = isset($birth[1]) ? intval($birth[1]) : 0; $birth_year = isset($birth[0]) ? intval($birth[0]) : 0; ess::$b->page->add_title("Endre fødselsdato"); echo ' <div class="bg1_c" style="width: 350px"> <h1 class="bg1">Endre fødselsdato<span class="left2"></span><span class="right2"></span></h1> <div class="bg1"> <form action="" method="post"> <dl class="dd_right dl_2x"> <dt>Nåværende fødselsdato</dt> <dd>' . (empty(page_min_side::$active_user->data['u_birth']) ? 'Ikke registrert' : htmlspecialchars(page_min_side::$active_user->data['u_birth'])) . '</dd> <dt>Ny fødselsdato</dt> <dd> <select name="birth_day"> <option value="">Dag</option> <option value="0">0</option>'; $active = postval("birth_day", $birth_day); for ($i = 1; $i <= 31; $i++) { echo ' <option value="' . $i . '"' . ($i == $active ? ' selected="selected"' : '') . '>' . $i . '</option>'; } echo ' </select> <select name="birth_month"> <option value="">Måned</option> <option value="0">Tom</option>'; $active = postval("birth_month", $birth_month); for ($i = 1; $i <= 12; $i++) { echo ' <option value="' . $i . '"' . ($i == $active ? ' selected="selected"' : '') . '>' . ucfirst($_lang['months'][$i]) . '</option>'; } echo ' </select> <select name="birth_year"> <option value="">År</option> <option value="0">0000</option>'; $active = postval("birth_year", $birth_year); for ($i = ess::$b->date->get()->format("Y"); $i >= 1900; $i--) { echo ' <option value="' . $i . '"' . ($i == $active ? ' selected="selected"' : '') . '>' . $i . '</option>'; } echo ' </select> </dd> <dt>Begrunnelse for endring</dt> <dd><textarea name="log" id="log" cols="30" rows="5">' . htmlspecialchars(postval("log")) . '</textarea></dd> </dl> <p class="c">' . show_sbutton("Lagre") . '</p> </form> </div> </div>'; } }
/** * Creates a new user * * @param array $user * @return User */ public static function create($data = array()) { static::validate($data, 'insert'); // all usernames must be lowercase $data['username'] = str::lower($data['username']); // create the file root $file = c::get('root.accounts') . DS . $data['username'] . '.php'; // check for an existing username if (file_exists($file)) { throw new Exception('The username is taken'); } // create a new hash for the password if (!empty($data['password'])) { $data['password'] = password::hash($data['password']); } static::save($file, $data); // return the created user project return new static($data['username']); }
/** * Behandle nytt passord */ protected function solve_pass() { // lagre passord if (isset($_POST['save_pass'])) { // kontroller alle feltene $pass_new = trim(postval("pass_new")); $pass_repeat = trim(postval("pass_repeat")); // kontroller at alle feltene er fylt ut if ($pass_new == "" || $pass_repeat == "") { ess::$b->page->add_message("Alle feltene må fylles ut.", "error"); } elseif ($pass_new != $pass_repeat) { ess::$b->page->add_message("De nye passordene var ikke like.", "error"); } elseif (mb_strlen($pass_new) < 6) { ess::$b->page->add_message("Det nye passordet må inneholde minimum 6 tegn.", "error"); } elseif (password::validate($pass_new, password::LEVEL_LOGIN) != 0) { ess::$b->page->add_message("Du må velge et vanskeligere passord.", "error"); } elseif (password::verify_hash($pass_new, login::$user->data['u_bank_auth'], 'bank_auth')) { ess::$b->page->add_message("Velg et annet passord enn du har i banken."); } else { \Kofradia\DB::get()->exec("UPDATE users SET u_pass = "******", u_pass_change = NULL WHERE u_id = " . login::$user->id); // melding ess::$b->page->add_message("Du har nå lagret et nytt passord for brukeren din."); putlog("NOTICE", "%bPASSORD%b: %u" . login::$user->player->data['up_name'] . "%u lagret nytt passord på sin bruker (var nullstilt). " . ess::$s['path'] . "/min_side?u_id=" . login::$user->id); // send ut e-post for å informere $email = new email(); $email->text = 'Hei, Det er nå blitt opprettet et nytt passord fra ' . $_SERVER['REMOTE_ADDR'] . ' (' . $_SERVER['HTTP_USER_AGENT'] . '). Bruker ID: ' . login::$user->data['u_id'] . ' E-post: ' . login::$user->data['u_email'] . ' Vi sender selvfølgelig ikke ditt nye passord på e-post. Det skal du kunne selv! -- www.kofradia.no'; $email->send(login::$user->data['u_email'], "Nytt passord"); // logg ut alle andre brukere \Kofradia\DB::get()->exec("UPDATE sessions SET ses_active = 0, ses_logout_time = " . time() . " WHERE ses_active = 1 AND ses_u_id = " . login::$user->id . " AND ses_id != " . login::$info['ses_id']); redirect::handle(); } } ess::$b->page->add_js_domready('$("lockpass").focus();'); echo ' <div class="bg1_c small"> <h1 class="bg1">Lagre nytt passord<span class="left"></span><span class="right"></span></h1> <p class="h_left"><a href="' . htmlspecialchars($this->url) . '">Tilbake</a></p> <div class="bg1"> <p>Ditt passord har blitt nullstilt. Du vil ikke kunne logge inn uten å måtte benytte <i>glemt passord</i> funksjonen før du har opprettet et nytt passord.</p> <form action="" method="post" autocomplete="off"> <dl class="dd_right dl_2x center" style="width: 80%"> <dt>Nytt passord</dt> <dd><input type="password" class="styled w100" name="pass_new" id="lockpass" /></dd> <dt>Gjenta nytt passord</dt> <dd><input type="password" class="styled w100" name="pass_repeat" /></dd> </dl> <p class="c">' . show_sbutton("Lagre passordet", 'name="save_pass"') . '</p> </form> </div> </div>'; }
/** * Behandle nedleggelse */ protected function page_drop_handle() { // allerede lagt ned? if (!$this->ff->active) { ess::$b->page->add_message(ucfirst($this->ff->type['refobj']) . " er allerde oppløst."); redirect::handle(); } // sjekk for aktiv auksjon $result = \Kofradia\DB::get()->query("SELECT a_id, a_params FROM auksjoner WHERE a_type = " . auksjon::TYPE_FIRMA . " AND a_end >= " . time() . " AND a_completed = 0 AND a_active != 0"); while ($row = $result->fetch()) { $params = new params($row['a_params']); if ($params->get("ff_id") == $this->ff->id) { ess::$b->page->add_message(ucfirst($this->ff->type['refobj']) . ' ligger allerede ute på auksjon og kan ikke legges ned på nytt nå.', "error"); redirect::handle("/auksjoner?a_id={$row['a_id']}", redirect::ROOT); } } ess::$b->page->add_title("Legg ned {$this->ff->type['refobj']}"); // godkjent å legge ned FF? if (isset($_POST['confirm']) && (isset($_POST['pass']) || $this->ff->mod) && validate_sid()) { // kontroller passordet if (!$this->ff->mod && !password::verify_hash($_POST['pass'], login::$user->data['u_pass'], 'user')) { ess::$b->page->add_message("Passordet du skrev inn stemmer ikke.", "error"); } else { // melding putlog("CREWCHAN", "%u" . login::$user->player->data['up_name'] . "%u la ned {$this->ff->type['refobj']} %u{$this->ff->data['ff_name']}%u"); // legg ned FF $this->ff->dies(); ess::$b->page->add_message("Du har lagt ned {$this->ff->type['refobj']} {$this->ff->data['ff_name']}."); redirect::handle(""); } } echo ' <div class="section" style="width: 220px"> <h1>Legg ned ' . $this->ff->type['refobj'] . '</h1> <p class="h_right"><a href="panel?ff_id=' . $this->ff->id . '">Tilbake</a></p> <boxes /> <form action="" method="post"> <input type="hidden" name="sid" value="' . login::$info['ses_id'] . '" /> <p>Du er i ferd med å <u>legge ned ' . $this->ff->type['refobj'] . '</u>. Når du legger ned ' . $this->ff->type['refobj'] . ' vil ' . $this->ff->type['refobj'] . ' bli oppløst. Du og alle medlemmer vil miste tilgang til ' . $this->ff->type['refobj'] . ' og dets forum.</p>' . ($this->ff->type['type'] == 'familie' ? $this->ff->competition || $this->ff->params->get("die_no_new") ? '' : ' <p>En ny broderskapkonkurranse vil bli opprettet som vil gjøre det mulig om å konkurrere om et nytt broderskap som tar denne sin plass.' : ' <p>Firmaet vil bli lagt ut på en auksjon, og vinneren av auksjonen vil fortsette driften av firmaet. Du vil ikke motta noe fra denne auksjonen.</p>') . ' <p>Du kan alternativt <a href="panel?ff_id=' . $this->ff->id . '&a=sell">selge</a> ' . $this->ff->type['refobj'] . '.</p>' . ($this->ff->competition ? ' <p><b>Merk:</b> Du har ikke mulighet til å opprette ny ' . $this->ff->type['refobj'] . ' i samme konkurranse etter at du har lagt ned ' . $this->ff->type['refobj'] . '.</p>' : '') . ' <dl class="dd_right"> <dt>Penger i banken</dt> <dd>' . game::format_cash($this->ff->data['ff_bank']) . '</dd> <dt>Antall medlemmer</dt> <dd>' . count($this->ff->members['members']) . '</dd> </dl>' . (!$this->ff->mod ? ' <dl class="dd_right"> <dt>Brukerpassord</dt> <dd><input type="password" name="pass" class="styled w100" /></dd> </dl>' : '') . ' <p class="c"> <span class="red">' . show_sbutton("Bekreft, legg ned {$this->ff->type['refobj']}", 'name="confirm"') . '</span> <a href="panel?ff_id=' . $this->ff->id . '">Tilbake</a> </p> </form> </div>'; $this->ff->load_page(); }
/** * Behandle logg inn forespørsel * @param string $email kan også være brukerid * @param string $pass * @param integer $expire_type * @param boolean $md5 skal passordet krypteres? * @param boolean $secure_only skal vi fortsette å bruke ssl etter innlogging? * @return boolean */ public static function do_login($email, $pass, $expire_type = LOGIN_TYPE_TIMEOUT, $md5 = true, $secure_only = false, $skip_pass = null) { // hent potensielle brukere $result = \Kofradia\DB::get()->query("\n\t\t\tSELECT u_id, u_pass, u_email, u_online_time, u_online_ip, u_access_level, u_force_ssl\n\t\t\tFROM users LEFT JOIN users_players ON u_id = up_u_id\n\t\t\tWHERE (u_email = " . \Kofradia\DB::quote($email) . " OR u_id = " . intval($email) . " OR up_name = " . \Kofradia\DB::quote($email) . ")\n\t\t\tORDER BY u_access_level = 0, u_online_time DESC"); if (!$result->rowCount()) { return LOGIN_ERROR_USER_OR_PASS; } $p_ok = false; while ($user = $result->fetch()) { // ikke sjekke passord if ($skip_pass) { $p_ok = true; break; } // stemmer passordet? if ($md5 && password::verify_hash($pass, $user['u_pass'], 'user') || !$md5 && $pass == $user['u_pass']) { // ok! $p_ok = true; break; } } // fant ikke noen bruker med riktig passord? if (!$p_ok) { return LOGIN_ERROR_USER_OR_PASS; } // ikke aktivert? if ($user['u_access_level'] == 0) { global $uid; $uid = $user['u_id']; return LOGIN_ERROR_ACTIVATE; } // e-post og passord stemte, logg inn personen self::do_login_handle($user['u_id'], $user, $expire_type, $secure_only); return -1; }
/** * Checks a create_team request for invalid inputs and performs all * SQL actions if no error occurs * * @access public * @return true */ function complete_create_team() { if (valid_request(array(isset($_POST['name'])))) { global $smarty; global $db; //test if name fits into name conventions if (!preg_match('/^[a-zA-Z0-9-. ]+$/', $_POST['name'])) { display_errors(200); } elseif (strlen($_POST['name']) > 50) { display_errors(201); } else { //insert team //create password require_once 'classes/class.password.php'; $password = new password(8); $password->uppercase = false; $sql = "add_team('" . $_POST['name'] . "', '" . $password->generate() . "', " . $_SESSION['user_id'] . ");"; $db->run($sql); if ($db->error_result) { display_errors(203); } else { $row = $db->get_result_row(); display_success("create_team", $row['team_id']); $smarty->assign('content', $smarty->fetch("succes.tpl")); } } } return true; }
} else { $tmp = new acl($config, NULL, $ui->dn); $ui->ocMapping = $tmp->ocMapping; $ui->loadACL(); $acls = $ui->get_permissions($ui->dn, "users/password"); if (!preg_match("/w/i", $acls)) { $message[] = _("You have no permissions to change your password!"); } } } // Call external check hook to validate the password change if (!count($message)) { $attrs = array(); $attrs['current_password'] = $current_password; $attrs['new_password'] = $new_password; $checkRes = password::callCheckHook($config, $ui->dn, $attrs); if (count($checkRes)) { $message[] = sprintf(_("Check-hook reported a problem: %s. Password change canceled!"), implode($checkRes)); } } // Display error messages if (count($message) != 0) { msg_dialog::displayChecks($message); } else { // Try to change the password if (!change_password($ui->dn, $_POST['new_password'], FALSE, $method, get_post('current_password'), $msg)) { msg_dialog::displayChecks(array($msg)); } else { gosa_log("User/password has been changed"); $smarty->assign("changed", true); }
die(html_jump("./index.php")); } if (isset($_GET['url'])) { $url = "&url=" . $_GET['url']; } $url = NULL; if (!(isset($_POST['user']) && $_POST['user'] != NULL)) { die(html_jump("./login.php?err=用户名不能为空" . $url)); } if (!(isset($_POST['pwd']) && $_POST['pwd'] != NULL)) { die(html_jump("./login.php?err=密码不能为空" . $url)); } if (!(isset($_POST['save']) && $_POST['save'] == 1)) { $_POST['save'] = 0; } $login = new password($_POST['user'], $_POST['pwd']); if (!$login->mysql_pwd()) { die(html_jump("./login.php?err=密码错误" . $url)); } if (!$GLOBALS['user']['active']) { die(html_jump("./login.php?err=账户被禁止" . $url)); } $cookie = new mycookies($GLOBALS['user']['user'], $option->arr['cookie_key'], NULL); $cookie->new_cookie(); $cookie->set($_POST['save'] * $option->arr['cookie_time'] * 60 * 60); if (!$cookie->up_data()) { die(html_jump("./login.php?err=登陆错误") . $url); } else { if (isset($_GET['url'])) { die(html_jump(urldecode($_GET['url']))); }
<?php include 'class.password.php'; // default is 10 character lentth $pas = new password(); // generate password include uppercase, lowercase & number echo $pas->generate() . '<br>'; // generate password not include lowercase $pas->lowercase = false; echo $pas->generate() . '<br>'; // generate password include spec char $pas->specchar = true; echo $pas->generate() . '<br>';
function connexion_empr() { global $dbh, $msg, $opac_duration_session_auth; global $time_expired, $erreur_session, $login, $password, $encrypted_password; global $auth_ok, $lang, $code, $emprlogin; global $password_key; global $first_log; global $erreur_connexion; global $opac_opac_view_activate, $pmb_opac_view_class, $opac_view_class; global $opac_default_style; //a positionner si authentification exterieure global $ext_auth, $empty_pwd; global $base_path, $class_path; global $cms_build_activate; //a positionner si les vues OPAC sont activées global $include_path; $erreur_connexion = 0; $log_ok = 0; if (!$_SESSION["user_code"]) { if (!get_magic_quotes_gpc()) { $p_login = addslashes($_POST['login']); } else { $p_login = $_POST['login']; } if ($time_expired == 0) { // début if ($time_expired==0) 1 //Si pas de session en cours, vérification du login $verif_query = "SELECT id_empr, empr_cb, empr_nom, empr_prenom, empr_password, empr_lang, empr_date_expiration<sysdate() as isexp, empr_login, empr_ldap,empr_location, allow_opac \n\t\t\t\t\tFROM empr\n\t\t\t\t\tJOIN empr_statut ON empr_statut=idstatut\n\t\t\t\t\tWHERE empr_login='******'"; $verif_result = pmb_mysql_query($verif_query); // récupération des valeurs MySQL du lecteur et injection dans les variables while ($verif_line = pmb_mysql_fetch_array($verif_result)) { $verif_empr_cb = $verif_line['empr_cb']; $verif_empr_login = $verif_line['empr_login']; $verif_empr_ldap = $verif_line['empr_ldap']; $verif_empr_password = $verif_line['empr_password']; $verif_lang = $verif_line['empr_lang'] ? $verif_line['empr_lang'] : "fr_FR"; $verif_id_empr = $verif_line['id_empr']; $verif_isexp = $verif_line['isexp']; $verif_opac = $verif_line['allow_opac']; $empr_location = $verif_line['empr_location']; } $auth_ok = 0; if ($verif_opac) { if (!$encrypted_password) { $encrypted_password = password::gen_hash($password, $verif_id_empr); } if ($ext_auth) { $auth_ok = $ext_auth; } elseif ($code) { $auth_ok = connexion_auto(); } elseif ($password_key) { $auth_ok = connexion_unique(); } elseif ($verif_empr_ldap) { $auth_ok = auth_ldap($p_login, $password); } else { $auth_ok = ($empty_pwd || !$empty_pwd && $verif_empr_password) && $verif_empr_password == stripslashes($encrypted_password) && $verif_empr_login != ""; } //auth standard } if ($auth_ok) { // début if ($auth_ok) 1 //Si mot de passe correct, enregistrement dans la session de l'utilisateur startSession("PmbOpac", $verif_empr_login); $log_ok = 1; if ($_SESSION["cms_build_activate"]) { $cms_build_activate = 1; } if ($_SESSION["build_id_version"]) { $build_id_version = $_SESSION["build_id_version"]; } //Récupération de l'environnement précédent $requete = "select session from opac_sessions where empr_id=" . $verif_id_empr; $res_session = pmb_mysql_query($requete); if (@pmb_mysql_num_rows($res_session)) { $temp_session = unserialize(pmb_mysql_result($res_session, 0, 0)); $_SESSION = $temp_session; } else { $_SESSION = array(); } $_SESSION["cms_build_activate"] = $cms_build_activate; $_SESSION["build_id_version"] = $build_id_version; if (!$code) { $_SESSION["connexion_empr_auto"] = 0; } $_SESSION["user_code"] = $verif_empr_login; $_SESSION["id_empr_session"] = $verif_id_empr; $_SESSION["connect_time"] = time(); $_SESSION["lang"] = $verif_lang; $_SESSION["empr_location"] = $empr_location; $req = "select location_libelle from docs_location where idlocation='" . $_SESSION["empr_location"] . "'"; $_SESSION["empr_location_libelle"] = pmb_mysql_result(pmb_mysql_query($req, $dbh), 0, 0); // change language and charset after login $lang = $_SESSION["lang"]; set_language($lang); if (!$verif_isexp) { recupere_pref_droits($_SESSION["user_code"]); $_SESSION["user_expired"] = $verif_isexp; } else { recupere_pref_droits($_SESSION["user_code"], 1); $_SESSION["user_expired"] = $verif_isexp; echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>"; $erreur_connexion = 1; } if ($opac_opac_view_activate) { $_SESSION["opac_view"] = 0; $_SESSION['opac_view_query'] = 0; if (!$pmb_opac_view_class) { $pmb_opac_view_class = "opac_view"; } require_once $base_path . "/classes/" . $pmb_opac_view_class . ".class.php"; $opac_view_class = new $pmb_opac_view_class($_SESSION["opac_view"], $_SESSION["id_empr_session"]); if ($opac_view_class->id) { $opac_view_class->set_parameters(); $opac_view_filter_class = $opac_view_class->opac_filters; $_SESSION["opac_view"] = $opac_view_class->id; if (!$opac_view_class->opac_view_wo_query) { $_SESSION['opac_view_query'] = 1; } } else { $_SESSION["opac_view"] = 0; } $css = $_SESSION["css"] = $opac_default_style; } $first_log = true; } else { //Sinon, on détruit la session créée if ($_SESSION["cms_build_activate"]) { $cms_build_activate = 1; } if ($_SESSION["build_id_version"]) { $build_id_version = $_SESSION["build_id_version"]; } @session_destroy(); if ($cms_build_activate) { session_start(); $_SESSION["cms_build_activate"] = $cms_build_activate; $_SESSION["build_id_version"] = $build_id_version; } if (!$encrypted_password) { $encrypted_password = password::gen_hash($password, $verif_id_empr); } if ($verif_empr_password != stripslashes($encrypted_password) || $verif_empr_login == "" || $verif_empr_ldap || $code) { // la saisie du mot de passe ou du login est incorrect ou erreur de connexion avec le ldap $erreur_session = $empr_erreur_header; $erreur_session .= $msg["empr_type_card_number"] . "<br />"; $erreur_session .= $empr_erreur_footer; $erreur_connexion = 3; } elseif ($verif_isexp) { //Si l'abonnement est expiré echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>"; $erreur_connexion = 1; } elseif (!$verif_opac) { //Si la connexion à l'opac est interdite echo "<script>alert(\"" . $msg["empr_connexion_interdite"] . "\");</script>"; $erreur_connexion = 2; } else { // Autre cas au cas où... $erreur_session = $empr_erreur_header; $erreur_session .= $msg["empr_type_card_number"] . "<br />"; $erreur_session .= $empr_erreur_footer; $erreur_connexion = 3; } $log_ok = 0; $time_expired = 0; } // fin if ($auth_ok) 1 } else { // la session a expiré, on va le lui dire echo "<script>alert(\"" . sprintf($msg["session_expired"], round($opac_duration_session_auth / 60)) . "\");</script>"; } } else { //Si session en cours, pas de problème... $log_ok = 1; $login = $_SESSION["user_code"]; if ($_SESSION["user_expired"]) { recupere_pref_droits($login, 1); } else { recupere_pref_droits($login); } if (!$code) { $_SESSION["connexion_empr_auto"] = 0; } } // pour visualiser une notice issue de DSI avec une connexion auto if ($_SESSION["connexion_empr_auto"] && $log_ok) { global $connexion_empr_auto, $tab, $lvl; $connexion_empr_auto = 1; if (!$code) { if (!$tab) { $tab = "dsi"; } if (!$lvl) { $lvl = "bannette"; } } } return $log_ok; }
static function hash_password($empr_login = '', $empr_password = '') { global $dbh; global $opac_empr_password_salt; if (!$opac_empr_password_salt) { $salt_base = password::gen_salt_base(); if (!$salt_base) { return false; } } $id_empr = 0; if ($empr_login) { $query = "select id_empr from empr where empr_login='******'"; $result = pmb_mysql_query($query, $dbh); if (pmb_mysql_num_rows($result) == 1) { $id_empr = pmb_mysql_result($result, 0, "id_empr"); } } if ($id_empr) { $rqt = "show tables like 'empr_passwords'"; if (pmb_mysql_num_rows(mysql_query($rqt, $dbh))) { $q = "update empr_passwords set empr_password='******' where id_empr='" . $id_empr . "'"; pmb_mysql_query($q, $dbh); } $q = "update empr set empr_password='******', empr_password_is_encrypted = 1 where empr_login='******'"; pmb_mysql_query($q, $dbh); } }
/** * Modification du mot de passe d'un utilisateur * * @param $aParams * @return boolean */ public function changeUserPassword($aParams = array()) { $this->checkPassword($aParams); if (!$this->error->isEmpty()) { return false; } $password_hash = password::hash($aParams['password'], PASSWORD_DEFAULT); $sQuery = 'UPDATE ' . $this->t_users . ' SET ' . 'password=\'' . $this->db->escapeStr($password_hash) . '\', ' . 'salt=\'' . $this->db->escapeStr(util::random_key(12)) . '\' ' . 'WHERE id=' . (int) $aParams['id']; if (!$this->db->execute($sQuery)) { return false; } return true; }
// bytte passord? if (isset($_POST['u_id'])) { $u_id = (int) $_POST['u_id']; $pass = trim(postval("pass")); // finn brukeren $user = user::get($u_id); if (!$user) { ess::$b->page->add_message("Fant ikke brukeren.", "error"); } elseif ($pass == "") { ess::$b->page->add_message("Passordet kan ikke være tomt.", "error"); } else { // lagre passord for utvidede tilganger $hash = password::hash($pass); $user->params->update("extended_access_passkey", $hash, true); // lagre nytt passord $hash = \Kofradia\DB::quote(password::hash($pass, null, "user")); \Kofradia\DB::get()->exec("UPDATE users SET u_pass = {$hash}, u_bank_auth = {$hash} WHERE u_id = {$user->id}"); ess::$b->page->add_message("Du lagret nytt passord for brukeren #{$user->id} (" . htmlspecialchars($user->data['u_email']) . ", " . $user->player->profile_link() . ")."); redirect::handle(); } } ess::$b->page->add_js_domready('$("u_id").focus();'); echo ' <h1>Sett passord på en bruker</h1> <p><a href="./">Tilbake</a></p> <form action="" method="post"> <dl class="dl_15"> <dt>Bruker ID</dt> <dd><input type="text" class="styled w40" name="u_id" id="u_id" value="' . postval("u_id") . '" /></dd> <dt>Nytt passord</dt> <dd><input type="password" class="styled w100" name="pass" /></dd>
/** * Get PasswordHash-object * @return PasswordHash */ private static function get_ph_object() { if (!self::$ph) { self::$ph = new PasswordHash(8, false); } return self::$ph; }
$newfield = new hidden(); $newfield->field = "Fhidden"; $newfield->multiLang = true; $newfield->value = array("fr" => "FRXXXXXXXXX", "en" => "ENXXXXXXXXXXXXXXXX"); $newfield->defaultValue = array("fr" => "FFFF", "en" => "EEEE"); $newfield->add(); $newfield = new password(); $newfield->field = "Fpassword"; $newfield->label = "mot de passe"; $newfield->tooltip = "Que des chiffres et des lettres, sans espace ni caractères spéciaux"; $newfield->add(); $newfield->rule("alphanumeric", true); $newfield->rule("minlength", 5); $newfield->rule("maxlength", 20); // password confirm $newfield = new password(); $newfield->field = "Fconfirm_password"; $newfield->label = "Confirmation"; $newfield->value = $formMaj->datasForm[$myAdmin->LANG_DATAS]["password"]; $newfield->add(); $newfield->rule("equalTo", "'#Fpassword'"); $newfield = new textarea(); $newfield->field = "Ftextarea"; $newfield->multiLang = true; $newfield->disabled = false; $newfield->counter = 20; //"countType:'characters', maxCount:10, strictMax:true"; $newfield->variablesAuthorized = false; $newfield->placeholder = "placeholder"; $newfield->widthField = 4; $newfield->rows = 5;
function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $this->debug = $rcmail->config->get('ldap_debug'); $ldap_host = $rcmail->config->get('password_ldap_host'); $ldap_port = $rcmail->config->get('password_ldap_port'); $this->_debug("C: Connect to {$ldap_host}:{$ldap_port}"); // Connect if (!($ds = ldap_connect($ldap_host, $ldap_port))) { $this->_debug("S: NOT OK"); rcube::raise_error(array('code' => 100, 'type' => 'ldap', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Could not connect to LDAP server"), true); return PASSWORD_CONNECT_ERROR; } $this->_debug("S: OK"); // Set protocol version ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $rcmail->config->get('password_ldap_version')); // Start TLS if ($rcmail->config->get('password_ldap_starttls')) { if (!ldap_start_tls($ds)) { ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } } // include 'ldap' driver, we share some static methods with it require_once INSTALL_PATH . 'plugins/password/drivers/ldap.php'; // other plugins might want to modify user DN $plugin = $rcmail->plugins->exec_hook('password_ldap_bind', array('user_dn' => '', 'conn' => $ds)); // Build user DN if (!empty($plugin['user_dn'])) { $user_dn = $plugin['user_dn']; } else { if ($user_dn = $rcmail->config->get('password_ldap_userDN_mask')) { $user_dn = rcube_ldap_password::substitute_vars($user_dn); } else { $user_dn = $this->search_userdn($rcmail, $ds); } } if (empty($user_dn)) { ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } // Connection method switch ($rcmail->config->get('password_ldap_method')) { case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpw = $rcmail->config->get('password_ldap_adminPW'); break; case 'user': default: $binddn = $user_dn; $bindpw = $curpass; break; } $lchattr = $rcmail->config->get('password_ldap_lchattr'); $pwattr = $rcmail->config->get('password_ldap_pwattr'); $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); $samba = $rcmail->config->get('password_ldap_samba'); $pass_mode = $rcmail->config->get('password_ldap_encodage'); $crypted_pass = password::hash_password($passwd, $pass_mode); // Support password_ldap_samba option for backward compat. if ($samba && !$smbpwattr) { $smbpwattr = 'sambaNTPassword'; $smblchattr = 'sambaPwdLastSet'; } // Crypt new password if (!$crypted_pass) { return PASSWORD_CRYPT_ERROR; } // Crypt new Samba password if ($smbpwattr && !($samba_pass = password::hash_password($passwd, 'samba'))) { return PASSWORD_CRYPT_ERROR; } $this->_debug("C: Bind {$binddn}, pass: **** [" . strlen($bindpw) . "]"); // Bind if (!ldap_bind($ds, $binddn, $bindpw)) { $this->_debug("S: " . ldap_error($ds)); ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } $this->_debug("S: OK"); $entry[$pwattr] = $crypted_pass; // Update PasswordLastChange Attribute if desired if ($lchattr) { $entry[$lchattr] = (int) (time() / 86400); } // Update Samba password if ($smbpwattr) { $entry[$smbpwattr] = $samba_pass; } // Update Samba password last change if ($smblchattr) { $entry[$smblchattr] = time(); } $this->_debug("C: Modify {$user_dn}: " . print_r($entry, true)); if (!ldap_modify($ds, $user_dn, $entry)) { $this->_debug("S: " . ldap_error($ds)); ldap_unbind($ds); return PASSWORD_CONNECT_ERROR; } $this->_debug("S: OK"); // All done, no error ldap_unbind($ds); return PASSWORD_SUCCESS; }
public function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); require_once 'Net/LDAP2.php'; // Building user DN if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) { $userDN = self::substitute_vars($userDN); } else { $userDN = $this->search_userdn($rcmail); } if (empty($userDN)) { return PASSWORD_CONNECT_ERROR; } // Connection Method switch ($rcmail->config->get('password_ldap_method')) { case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpw = $rcmail->config->get('password_ldap_adminPW'); break; case 'user': default: $binddn = $userDN; $bindpw = $curpass; break; } // Configuration array $ldapConfig = array('binddn' => $binddn, 'bindpw' => $bindpw, 'basedn' => $rcmail->config->get('password_ldap_basedn'), 'host' => $rcmail->config->get('password_ldap_host'), 'port' => $rcmail->config->get('password_ldap_port'), 'starttls' => $rcmail->config->get('password_ldap_starttls'), 'version' => $rcmail->config->get('password_ldap_version')); // Connecting using the configuration array $ldap = Net_LDAP2::connect($ldapConfig); // Checking for connection error if (is_a($ldap, 'PEAR_Error')) { return PASSWORD_CONNECT_ERROR; } $force = $rcmail->config->get('password_ldap_force_replace'); $pwattr = $rcmail->config->get('password_ldap_pwattr'); $lchattr = $rcmail->config->get('password_ldap_lchattr'); $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); $samba = $rcmail->config->get('password_ldap_samba'); $encodage = $rcmail->config->get('password_ldap_encodage'); // Support multiple userPassword values where desired. // multiple encodings can be specified separated by '+' (e.g. "cram-md5+ssha") $encodages = explode('+', $encodage); $crypted_pass = array(); foreach ($encodages as $enc) { if ($cpw = password::hash_password($passwd, $enc)) { $crypted_pass[] = $cpw; } } // Support password_ldap_samba option for backward compat. if ($samba && !$smbpwattr) { $smbpwattr = 'sambaNTPassword'; $smblchattr = 'sambaPwdLastSet'; } // Crypt new password if (empty($crypted_pass)) { return PASSWORD_CRYPT_ERROR; } // Crypt new samba password if ($smbpwattr && !($samba_pass = password::hash_password($passwd, 'samba'))) { return PASSWORD_CRYPT_ERROR; } // Writing new crypted password to LDAP $userEntry = $ldap->getEntry($userDN); if (Net_LDAP2::isError($userEntry)) { return PASSWORD_CONNECT_ERROR; } if (!$userEntry->replace(array($pwattr => $crypted_pass), $force)) { return PASSWORD_CONNECT_ERROR; } // Updating PasswordLastChange Attribute if desired if ($lchattr) { $current_day = (int) (time() / 86400); if (!$userEntry->replace(array($lchattr => $current_day), $force)) { return PASSWORD_CONNECT_ERROR; } } // Update Samba password and last change fields if ($smbpwattr) { $userEntry->replace(array($smbpwattr => $samba_pass), $force); } // Update Samba password last change field if ($smblchattr) { $userEntry->replace(array($smblchattr => time()), $force); } if (Net_LDAP2::isError($userEntry->update())) { return PASSWORD_CONNECT_ERROR; } // All done, no error return PASSWORD_SUCCESS; }
public static function _generate($size = 8, $pw_flags = 3) { return password::generate($size, $pw_flags); }
function check_auth(&$empr_login, &$empr_password, &$empr_id) { //grassement copié de opac_css/includes/empr_func.inc.php global $dbh, $verif_empr_ldap; global $charset; if ($this->proxy_parent->input_charset != 'utf-8' && $charset == 'utf-8') { $empr_login = utf8_encode($empr_login); $empr_password = utf8_encode($empr_password); } else { if ($this->proxy_parent->input_charset == 'utf-8' && $charset != 'utf-8') { $empr_login = utf8_decode($empr_login); $empr_password = utf8_decode($empr_password); } } $verif_query = "SELECT id_empr, empr_cb, empr_nom, empr_prenom, empr_password, empr_lang, empr_date_expiration<sysdate() as isexp, empr_login, empr_ldap,empr_location \n\t\t\t\t\t\tFROM empr \n\t\t\t\t\t\tWHERE empr_login='******'"; $verif_result = pmb_mysql_query($verif_query); if (!$verif_result) { return 0; } // récupération des valeurs MySQL du lecteur et injection dans les variables $verif_line = pmb_mysql_fetch_array($verif_result); $verif_empr_cb = $verif_line['empr_cb']; $verif_empr_login = $verif_line['empr_login']; $verif_empr_ldap = $verif_line['empr_ldap']; $verif_empr_password = $verif_line['empr_password']; $verif_lang = $verif_line['empr_lang'] ? $verif_line['empr_lang'] : "fr_FR"; $verif_id_empr = $verif_line['id_empr']; $empr_id = $verif_id_empr; $verif_isexp = $verif_line['isexp']; $empr_location = $verif_line['empr_location']; global $base_path, $class_path; if (file_exists($base_path . "/external_services/pmbesOPACEmpr/external_auth.class.php")) { require_once $base_path . "/external_services/pmbesOPACEmpr/external_auth.class.php"; $external_auth = new external_auth(); $check = $external_auth->check_auth($empr_login, $empr_password); if ($check) { return true; } else { if (!$external_auth->normal_auth) { return false; } } } if ($verif_empr_ldap) { //Authentification par LDAP global $ldap_server, $ldap_basedn, $ldap_port, $ldap_proto, $ldap_binddn, $ldap_encoding_utf8; define('LDAP_SERVER', $ldap_server); //url server ldap define('LDAP_BASEDN', $ldap_basedn); //search base define('LDAP_PORT', $ldap_port); //port define('LDAP_PROTO', $ldap_proto); //protocollo define('LDAP_BINDDN', $ldap_binddn); global $ldap_accessible; if (!$ldap_accessible) { return 0; } $ret = 0; if ($pwd) { //Gestion encodage if ($ldap_encoding_utf8 && $charset != "utf-8") { $uid = utf8_encode($uid); $pwd = utf8_encode($pwd); } elseif (!$ldap_encoding_utf8 && $charset == "utf-8") { $uid = utf8_decode($uid); $pwd = utf8_decode($pwd); } $dn = str_replace('UID', $uid, LDAP_BINDDN); $conn = @ldap_connect(LDAP_SERVER, LDAP_PORT); // must be a valid LDAP server! ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, LDAP_PROTO); if ($conn) { $ret = @ldap_bind($conn, $dn, $pwd); ldap_close($conn); } } return $ret; } else { //Autentification standard $encrypted_password = password::gen_hash($empr_password, $verif_id_empr); return $verif_empr_password == $encrypted_password && $verif_empr_login != "" && !$verif_isexp; } }
$newfield->rule("minlength", 5); $newfield->rule("maxlength", 20); $newfield->rule("remote", array("script" => DOS_AJAX_ADMIN . "ajax_checkNotExiste.php", "table" => $myTable, "valOrigin" => "FIELD:login", "params" => ""), $datas_lang["existedeja"]); $newfield = new password(); $newfield->field = "mdp"; $newfield->multiLang = false; $newfield->label = $datas_lang["motdepasse"]; $newfield->value = ""; $newfield->add(); if ($majInsert == 1) { $newfield->rule("required", true); } $newfield->rule("alphanumeric", true); $newfield->rule("minlength", 5); $newfield->rule("maxlength", 20); $newfield = new password(); $newfield->field = "confirm_mdp"; $newfield->label = $datas_lang["modepasseconfirmation"]; $newfield->add(); $newfield->rule("equalTo", "'#mdp'"); $newfield = new input(); $newfield->field = "titre"; $newfield->multiLang = false; $newfield->label = $datas_lang["titre"]; $newfield->add(); $newfield->rule("required", true); $newfield = new input(); $newfield->field = "email"; $newfield->multiLang = false; $newfield->label = $datas_lang["email"]; $newfield->add();
/** * Kontroller at vi er logget inn i banken */ protected function auth_verify() { // alltid logget inn i banken når man er logget inn som crew if (isset(login::$extended_access['authed'])) { return; } // sjekk om vi er logget inn i banken $last = login::data_get("banken_last_view", 0); $idle = 1800; // hvor lenge vi kan være inaktiv $exceed = max(0, time() - $last - $idle); // allerede logget inn? if ($last != 0 && $exceed == 0) { login::data_set("banken_last_view", time()); return; } // logge inn? if (isset($_POST['passord'])) { // sjekk passord if (!password::verify_hash($_POST['passord'], $this->up->user->data['u_bank_auth'], "bank_auth")) { ess::$b->page->add_message("Passordet var ikke riktig. Husk at dette er bank passordet og ikke passordet til brukerkontoen.", "error"); putlog("ABUSE", "%c4%bUGYLDIG PASSORD I BANKEN:%b%c %u" . $this->up->data['up_name'] . "%u ({$_SERVER['REMOTE_ADDR']}) brukte feil passord for å logge inn i banken"); } else { // logget inn login::data_set("banken_last_view", time()); ess::$b->page->add_message("Du er nå logget inn i banken. Du blir logget ut etter " . game::timespan($idle, game::TIME_FULL) . " uten å besøke banken."); } redirect::handle(); } // glemt passord? if (isset($_GET['rp'])) { // validere? if (!empty($_GET['rp'])) { $this->auth_reset($_GET['rp']); } // be om e-post? if (isset($_POST['send']) && validate_sid()) { $this->auth_send_link(); } ess::$b->page->add_title("Nullstill bankpassord"); $requested = $this->up->user->params->get("bankauth_change_rtime"); $expire = $this->up->user->params->get("bankauth_change_expire"); echo ' <div class="bg1_c xsmall"> <h1 class="bg1">Nullstill bankpassord<span class="left"></span><span class="right"></span></h1> <div class="bg1"> <boxes /> <p>For å nullstille passordet til banken må du bekrefte din identitet via e-posten din.</p>'; // allerede sendt e-post? if ($expire > time()) { echo ' <p>Du ba om e-post ' . ess::$b->date->get($requested)->format() . ' for å nullstille ditt passord. Forespørselen er gyldig til ' . ess::$b->date->get($expire)->format() . '.</p> <p>Du må vente til dette klokkeslettet for å be om ny e-post.</p>'; } else { echo ' <form action="" method="post"> <input type="hidden" name="rp" /> <input type="hidden" name="sid" value="' . login::$info['ses_id'] . '" /> <p class="c">' . show_sbutton("Send e-post", 'name="send"') . '</p> </form>'; } echo ' <p class="c"><a href="banken">Tilbake</a></p> </div> </div>'; ess::$b->page->load(); } echo ' <div class="bg1_c xsmall"> <h1 class="bg1"> Banken <span class="left"></span><span class="right"></span> </h1> <div class="bg1"> <boxes />'; if ($exceed > 0 && $last != 0) { login::data_set("banken_last_view", 0); echo ' <p>Det gikk for lang tid siden du viste banken og du må logge inn på nytt. Du var ' . game::timespan($exceed, game::TIME_FULL) . ' over tiden.</p>'; } // javascript for fokus til passord feltet ess::$b->page->add_body_post('<script type="text/javascript"> document.getElementById("b_pass").focus(); </script>'); echo ' <p>Du må logge inn for å få tilgang til bankkontoen din.</p> <p>Denne sikkerheten er her for å hindre uvedkommende i å kvitte seg med pengene dine, selv om de kommer inn på spilleren din.</p> <form action="" method="post"> <dl class="dd_right dl_2x"> <dt>Bankpassord</dt> <dd><input type="password" class="styled w100" name="passord" id="b_pass" /></dd> </dl> <p class="c">' . show_sbutton("Logg inn") . '</p> <p class="c"><a href="banken?rp">Nullstill bankpassord</a></p> </form> </div> </div>'; ess::$b->page->load(); }
$errors->set(__('i_supa_must_admin_password')); } if ($admin_email == '') { $errors->set(__('i_supa_must_admin_email')); } $current_timestamp = time(); # si pas d'erreur on ajoutent les utilisateurs if ($errors->isEmpty()) { # insertion invité id 1 $query = 'INSERT INTO `' . OKT_DB_PREFIX . 'core_users` (`id`, `username`, `group_id`, `password`) ' . 'VALUES ( 1, \'Guest\', 3, \'Guest\' );'; $db->query($query); # insertion superadmin (id 2) $query = 'INSERT INTO `' . OKT_DB_PREFIX . 'core_users` (' . '`id`, `username`, `group_id`, `salt`, `password`, `language`, `timezone`, `email`, `registered`, `last_visit`' . ') VALUES ( ' . '2, ' . '\'' . $db->escapeStr($sudo_user) . '\', ' . '1, ' . '\'' . $db->escapeStr(util::random_key(12)) . '\', ' . '\'' . $db->escapeStr(password::hash($sudo_password, PASSWORD_DEFAULT)) . '\', ' . '\'fr\', ' . '\'Europe/Paris\', ' . '\'' . $db->escapeStr($sudo_email) . '\', ' . $current_timestamp . ', ' . $current_timestamp . ' ' . ');'; $db->query($query); # insertion admin id 3 $query = 'INSERT INTO `' . OKT_DB_PREFIX . 'core_users` (' . '`id`, `username`, `group_id`, `salt`, `password`, `language`, `timezone`, `email`, `registered`, `last_visit`' . ') VALUES ( ' . '3, ' . '\'' . $db->escapeStr($admin_user) . '\', ' . '2, ' . '\'' . $db->escapeStr(util::random_key(12)) . '\', ' . '\'' . $db->escapeStr(password::hash($admin_password, PASSWORD_DEFAULT)) . '\', ' . '\'fr\', ' . '\'Europe/Paris\', ' . '\'' . $db->escapeStr($admin_email) . '\', ' . $current_timestamp . ', ' . $current_timestamp . ' ' . ');'; $db->query($query); $_SESSION['okt_install_sudo_user'] = $sudo_user; $_SESSION['okt_install_sudo_password'] = $sudo_password; $_SESSION['okt_install_admin_user'] = $admin_user; $_SESSION['okt_install_admin_password'] = $admin_password; # Inclusion du prepend require_once __DIR__ . '/../../../oktInc/prepend.php'; # login $okt->user->login($sudo_user, $sudo_password, 1); http::redirect('index.php?step=' . $stepper->getNextStep()); } } /* Affichage ------------------------------------------------------------*/ # En-tête
function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); if (!($sql = $rcmail->config->get('password_query'))) { $sql = 'SELECT update_passwd(%c, %u)'; } if ($dsn = $rcmail->config->get('password_db_dsn')) { $db = rcube_db::factory($dsn, '', false); $db->set_debug((bool) $rcmail->config->get('sql_debug')); } else { $db = $rcmail->get_dbh(); } if ($db->is_error()) { return PASSWORD_ERROR; } // new password - default hash method if (strpos($sql, '%P') !== false) { $password = password::hash_password($passwd); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%P', $db->quote($password), $sql); } // old password - default hash method if (strpos($sql, '%O') !== false) { $password = password::hash_password($curpass); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%O', $db->quote($password), $sql); } // crypted password (deprecated, use %P) if (strpos($sql, '%c') !== false) { $password = password::hash_password($passwd, 'crypt', false); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%c', $db->quote($password), $sql); } // dovecotpw (deprecated, use %P) if (strpos($sql, '%D') !== false) { $password = password::hash_password($passwd, 'dovecot', false); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%D', $db->quote($password), $sql); } // hashed passwords (deprecated, use %P) if (strpos($sql, '%n') !== false) { $password = password::hash_password($passwd, 'hash', false); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%n', $db->quote($password, 'text'), $sql); } // hashed passwords (deprecated, use %P) if (strpos($sql, '%q') !== false) { $password = password::hash_password($curpass, 'hash', false); if ($password === false) { return PASSWORD_CRYPT_ERROR; } $sql = str_replace('%q', $db->quote($password, 'text'), $sql); } // Handle clear text passwords securely (#1487034) $sql_vars = array(); if (preg_match_all('/%[p|o]/', $sql, $m)) { foreach ($m[0] as $var) { if ($var == '%p') { $sql = preg_replace('/%p/', '?', $sql, 1); $sql_vars[] = (string) $passwd; } else { // %o $sql = preg_replace('/%o/', '?', $sql, 1); $sql_vars[] = (string) $curpass; } } } $local_part = $rcmail->user->get_username('local'); $domain_part = $rcmail->user->get_username('domain'); $username = $_SESSION['username']; $host = $_SESSION['imap_host']; // convert domains to/from punnycode if ($rcmail->config->get('password_idn_ascii')) { $domain_part = rcube_utils::idn_to_ascii($domain_part); $username = rcube_utils::idn_to_ascii($username); $host = rcube_utils::idn_to_ascii($host); } else { $domain_part = rcube_utils::idn_to_utf8($domain_part); $username = rcube_utils::idn_to_utf8($username); $host = rcube_utils::idn_to_utf8($host); } // at least we should always have the local part $sql = str_replace('%l', $db->quote($local_part, 'text'), $sql); $sql = str_replace('%d', $db->quote($domain_part, 'text'), $sql); $sql = str_replace('%u', $db->quote($username, 'text'), $sql); $sql = str_replace('%h', $db->quote($host, 'text'), $sql); $res = $db->query($sql, $sql_vars); if (!$db->is_error()) { if (strtolower(substr(trim($sql), 0, 6)) == 'select') { if ($db->fetch_array($res)) { return PASSWORD_SUCCESS; } } else { // This is the good case: 1 row updated if ($db->affected_rows($res) == 1) { return PASSWORD_SUCCESS; } // @TODO: Some queries don't affect any rows // Should we assume a success if there was no error? } } return PASSWORD_ERROR; }
function step3() { $referers = array(1 => array("Via google eller en annen søkeside", false), array("En venn tipset meg", false), array("Leste det på en nettside", "Lenke til nettsiden"), array("Så en reklameannonse", "Lenke til nettsiden"), array("Så det i et forum", "Lenke til forumet"), array("Annet", "Spesifiser")); // er skjemaet sendt inn? if ($_SERVER['REQUEST_METHOD'] == "POST") { // sjekk for gyldig trinn if (!isset($_POST['step']) || $_POST['step'] != 3) { redirect::handle(); } // spillernavn, passord1, passord2, referer1, referer2 $brukernavn = postval("brukernavn"); $passord1 = postval("passord1"); $passord2 = postval("passord2"); $referer1 = postval("referer1"); $referer2 = trim(postval("referer2")); // diverse spørringer $result1 = \Kofradia\DB::get()->query("SELECT " . \Kofradia\DB::quoteNoNull($brukernavn) . " REGEXP regex AS m, error FROM regex_checks WHERE (type = 'reg_user_special' OR type = 'reg_user_strength') HAVING m = 1"); $result2 = \Kofradia\DB::get()->query("SELECT up_id FROM users_players WHERE up_name = " . \Kofradia\DB::quote($brukernavn)); $result3 = \Kofradia\DB::get()->query("SELECT id FROM registration WHERE user = "******"SELECT " . \Kofradia\DB::quoteNoNull($passord1) . " REGEXP regex AS m, error FROM regex_checks WHERE type = 'reg_pass' HAVING m = 1"); // sjekk spillernavn if ($result1->rowCount() > 0) { $feil = array(); while ($row = $result1->fetch()) { $feil[] = '<li>' . htmlspecialchars($row['error']) . '</li>'; } ess::$b->page->add_message("Spillernavnet var ikke gyldig:<ul>" . implode("", $feil) . "</ul>", "error"); } elseif ($result2->rowCount() > 0) { ess::$b->page->add_message("Spillernavnet er allerede tatt! Velg et annet.", "error"); } elseif ($result3->rowCount() > 0) { ess::$b->page->add_message("Noen holder allerede på å registrere seg med dette spillernavnet. Velg et annet.", "error"); } elseif ($result4->rowCount() > 0) { $feil = array(); while ($row = $result4->fetch()) { $feil[] = '<li>' . htmlspecialchars($row['error']) . '</li>'; } ess::$b->page->add_message("Passordet var ikke gyldig:<ul>" . implode("", $feil) . "</ul>", "error"); } elseif ($passord1 == $brukernavn) { ess::$b->page->add_message("Passordet kan ikke være det samme som spillernavnet.", "error"); } elseif ($passord1 != $passord2) { ess::$b->page->add_message("Passordene var ikke like med hverandre.", "error"); } elseif (!isset($referers[$referer1])) { ess::$b->page->add_message("Velg et gyldig alternativ for hvor du hørte om Kofradia.", "error"); } elseif ($referers[$referer1][1] && empty($referer2)) { ess::$b->page->add_message("Fyll ut feltet for mer informasjon for hvor du hørte om Kofradia.", "error"); } else { $referer = $referers[$referer1][0] . "|" . $referer2; // oppdater databasen \Kofradia\DB::get()->exec("UPDATE registration SET user = "******", referer = " . \Kofradia\DB::quote($referer) . ", pass = "******" WHERE id = {$this->id}"); $_SESSION[$GLOBALS['__server']['session_prefix'] . 'reg']['step'] = 4; redirect::handle(); } } $refs = array(); foreach ($referers as $ref) { if ($ref[1]) { $refs[] = "'" . addslashes($ref[1]) . "'"; } else { $refs[] = "false"; } } ess::$b->page->add_js('var referers = [false,' . implode(",", $refs) . ']; function checkReferer(elm) { var index = elm.selectedIndex + (elm.options[0].value == "" ? 0 : 1); var ref = referers[index]; var elms = $$(".referer2p"); var text = $("referer2i"); if (ref) { text.innerHTML = ref; elms.each(function(elm){elm.setStyle("display", "");}); } else { elms.each(function(elm){elm.setStyle("display", "none");}); } }'); echo ' <form action="registrer" method="post"> <input type="hidden" name="abort" /> <h1>Brukerinformasjon</h1> <p class="h_right">' . show_sbutton("Avbryt registrering", 'onclick="return confirm(\'Er du sikker på at du vil AVBRYTE?\')"') . '</p> </form> <p>Det er nå tid for å velge spillernavn og passord. Spillernavnet vil du ikke kunne endre senere, mens passordet kan endres når du ønsker og nullstilles via e-post.</p> <p>Tips: Trykk «Gå videre» for å sjekke om spillernavnet er ledig før du fyller inn passordet for å slippe å fylle inn passordet hver gang.</p> <boxes /> <form action="registrer" method="post"> <input type="hidden" name="step" value="3" /> <dl class="dl_30"> <dt>Ønsket spillernavn</dt> <dd><input type="text" name="brukernavn" value="' . htmlspecialchars(postval("brukernavn")) . '" class="styled w120" /></dd> <dt>Passord</dt> <dd><input type="password" name="passord1" class="styled w120" /></dd> <dt>Gjenta passord</dt> <dd><input type="password" name="passord2" class="styled w120" /></dd> <dt>Hvor hørte du om Kofradia?</dt> <dd> <select name="referer1" id="referer_select" onchange="checkReferer(this)">'; $selected = postval("referer1", false); if (!isset($referers[$selected])) { echo ' <option value="">Velg</option>'; } foreach ($referers as $id => $referer) { echo ' <option value="' . $id . '"' . ($selected == $id ? ' selected="selected"' : '') . '>' . $referer[0] . '</option>'; } echo ' </select> </dd> <dt class="referer2p" id="referer2i">Spesifiser</dt> <dd class="referer2p"><input type="text" name="referer2" value="' . htmlspecialchars(postval("referer2")) . '" class="styled w250" /></dd> <dd>' . show_sbutton("Gå videre") . '</dd> </dl> </form>'; ess::$b->page->add_body_post('<script type="text/javascript">checkReferer($("referer_select"));</script>'); }
function change_pwd($id, $pwd, $old) { $user_id = $GLOBALS['user']['id']; if ($id != $user_id) { if ($GLOBALS['user']['power'] != 1) { return '权限不够'; } } $new_pwd = new password($id, $old); if (!$new_pwd->check_pwd()) { return "密码错误"; } if (!$new_pwd->up_pwd($pwd)) { return "修改密码错误"; } if (!$this->clear_mysql_cookie($id)) { return "更新数据失败"; } return 'OK'; }
/** * Creates a new user * * @param array $user * @return User */ public static function create($data = array()) { // sanitize the given data for the new user $data = static::sanitize($data, 'insert'); // validate the dataset static::validate($data, 'insert'); // create the file root $file = kirby::instance()->roots()->accounts() . DS . $data['username'] . '.php'; // check for an existing username if (file_exists($file)) { throw new Exception('The username is taken'); } // create a new hash for the password if (!empty($data['password'])) { $data['password'] = password::hash($data['password']); } static::save($file, $data); // return the created user project return new static($data['username']); }
include_once $_SESSION['site']['root'] . "/classes/dbHelper.php"; include_once $_SESSION['site']['root'] . "/classes/password.class.php"; require_once $_SESSION['site']['root'] . "/classes/AES.php"; //------------------------------------------- // Reset session count 10 secs = 1 Flop //------------------------------------------- $_SESSION['site']['flops'] = 0; //------------------------------------------- // password to AES and validate //------------------------------------------- $aes = new AES($_SESSION['site']['AESkey']); //------------------------------------------ // Database class instance //------------------------------------------ $mitos_db = new dbHelper(); $password_class = new password(); // ********************************************************************************************************************* // Parse the data generated by EXTJS witch is JSON // ********************************************************************************************************************* $data = json_decode($_POST['row'], true); // ********************************************************************************************************************* // Lets manage the password using the password class, this class will check for user rights, // password complexity, encrypt the password, ck password history, and finally save the new password. // ********************************************************************************************************************* if ($data['nPassword'] != null || $data['nPassword'] != '' && $data['oPassword'] != null || $data['oPassword'] != '') { $password_class->nPassword = $data['nPassword']; $password_class->oPassword = $data['oPassword']; $password_class->user_id = $data['id']; $password_class->changePassword(); } else { $row['username'] = $data['username'];