function addToCacheTable($id) { global $server, $user, $pass, $database, $link; teampass_connect(); // get data $data = DB::queryfirstrow("SELECT i.label AS label, i.description AS description, i.id_tree AS id_tree, i.perso AS perso, i.restricted_to AS restricted_to, i.login AS login, i.id AS id\n FROM " . prefix_table("items") . " AS i\n AND " . prefix_table("log_items") . " AS l ON (l.id_item = i.id)\n WHERE i.id = %i\n AND l.action = %s", intval($id), at_creation); // Get all TAGS $tags = ""; $data_tags = DB::query("SELECT tag FROM " . prefix_table("tags") . " WHERE item_id=%i", $id); foreach ($data_tags as $itemTag) { if (!empty($itemTag['tag'])) { $tags .= $itemTag['tag'] . " "; } } // form id_tree to full foldername /*$folder = ""; $arbo = $tree->getPath($data['id_tree'], true); foreach ($arbo as $elem) { if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) { $elem->title = $_SESSION['login']; } if (empty($folder)) { $folder = stripslashes($elem->title); } else { $folder .= " » ".stripslashes($elem->title); } }*/ // finaly update DB::insert(prefix_table("cache"), array("id" => $data['id'], "label" => $data['label'], "description" => $data['description'], "tags" => $tags, "id_tree" => $data['id_tree'], "perso" => $data['perso'], "restricted_to" => $data['restricted_to'], "login" => $data['login'], "folder" => "", "restricted_to" => "0", "author" => "9999999")); }
function addToCacheTable($id) { global $server, $user, $pass, $database, $link; teampass_connect(); // get data $data = DB::queryfirstrow("SELECT i.label AS label, i.description AS description, i.id_tree AS id_tree, i.perso AS perso, i.restricted_to AS restricted_to, i.login AS login, i.id AS id\n FROM " . prefix_table("items") . " AS i\n AND " . prefix_table("log_items") . " AS l ON (l.id_item = i.id)\n WHERE i.id = %i\n AND l.action = %s", intval($id), at_creation); // Get all TAGS $tags = ""; $data_tags = DB::query("SELECT tag FROM " . prefix_table("tags") . " WHERE item_id=%i", $id); foreach ($data_tags as $itemTag) { if (!empty($itemTag['tag'])) { $tags .= $itemTag['tag'] . " "; } } // finaly update DB::insert(prefix_table("cache"), array("id" => $data['id'], "label" => $data['label'], "description" => $data['description'], "tags" => $tags, "id_tree" => $data['id_tree'], "perso" => $data['perso'], "restricted_to" => $data['restricted_to'], "login" => $data['login'], "folder" => "", "author" => API_USER_ID, "renewal_period" => 0, "timestamp" => time(), "url" => 0)); }
function checkUser($userId, $userKey, $pageVisited) { global $pagesRights; if (empty($userId) || empty($pageVisited) || empty($userKey)) { return false; } if (!is_array($pageVisited)) { $pageVisited = array($pageVisited); } include $_SESSION['settings']['cpassman_dir'] . '/includes/settings.php'; require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php'; require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php'; require_once 'main.functions.php'; // Connect to mysql server require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php'; DB::$host = $server; DB::$user = $user; DB::$password = $pass; DB::$dbName = $database; DB::$port = $port; DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); // load user's data $data = DB::queryfirstrow("SELECT login, key_tempo, admin, gestionnaire FROM " . prefix_table("users") . " WHERE id = %i", $userId); // check if user exists and tempo key is coherant if (empty($data['login']) || empty($data['key_tempo']) || $data['key_tempo'] != $userKey) { return false; } // check if user is allowed to see this page if (empty($data['admin']) && empty($data['gestionnaire']) && !IsInArray($pageVisited, $pagesRights['user'])) { return false; } else { if (empty($data['admin']) && !empty($data['gestionnaire']) && !IsInArray($pageVisited, $pagesRights['manager'])) { return false; } else { if (!empty($data['admin']) && !IsInArray($pageVisited, $pagesRights['admin'])) { return false; } } } return true; }
echo '[ { "status" : "none" } ]'; } break; /** * Open KB */ /** * Open KB */ case "open_kb": // Check KEY if ($_POST['key'] != $_SESSION['key']) { echo '[ { "error" : "key_not_conform" } ]'; break; } $ret = DB::queryfirstrow("SELECT k.id AS id, k.label AS label, k.description AS description, k.category_id AScategory_id, k.author_id AS author_id, k.anyone_can_modify AS anyone_can_modify, u.login AS login, c.category AS category\n FROM " . prefix_table("kb") . " AS k\n INNER JOIN " . prefix_table("kb_categories") . " AS c ON (c.id = k.category_id)\n INNER JOIN " . prefix_table("users") . " AS u ON (u.id = k.author_id)\n WHERE k.id = %i", $_POST['id']); //select associated items $rows = DB::query("SELECT item_id FROM " . prefix_table("kb") . "_items WHERE kb_id = %i", $_POST['id']); $arrOptions = array(); foreach ($rows as $record) { //echo '$("#kb_associated_to option[value='.$record['item_id'].']").attr("selected","selected");'; array_push($arrOptions, $record['item_id']); } $arrOutput = array("label" => $ret['label'], "category" => $ret['category'], "description" => $ret['description'], "anyone_can_modify" => $ret['anyone_can_modify'], "options" => $arrOptions); echo json_encode($arrOutput, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP); break; /** * Delete the KB */ /** * Delete the KB
//CASE where to update the associated Function //CASE where to update the associated Function case "fonction": /* do checks */ require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php'; if (!checkUser($_SESSION['user_id'], $_SESSION['key'], "manage_folders")) { $_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page include $_SESSION['settings']['cpassman_dir'] . '/error.php'; exit; } // get values $val = explode(';', $_POST['valeur']); $valeur = $_POST['valeur']; //Check if ID already exists $data = DB::queryfirstrow("SELECT authorized FROM " . prefix_table("rights") . " WHERE tree_id = %i AND fonction_id= %i", $val[0], $val[1]); if (empty($data['authorized'])) { //Insert into DB DB::insert(prefix_table("rights"), array('tree_id' => $val[0], 'fonction_id' => $val[1], 'authorized' => 1)); } else { //Update DB if ($data['authorized'] == 1) { DB::update(prefix_table("rights"), array('authorized' => 0), "id = %i AND fonction_id=%i", $val[0], $val[1]); } else { DB::update(prefix_table("rights"), array('authorized' => 1), "id = %i AND fonction_id=%i", $val[0], $val[1]); } } break; // CASE where to authorize an ITEM creation without respecting the complexity // CASE where to authorize an ITEM creation without respecting the complexity case "modif_droit_autorisation_sans_complexite":
} $texte .= '<tr><td><input type=\'checkbox\' class=\'cb_deleted_item\' value=\'' . $reccord['id'] . '\' id=\'item_deleted_' . $reccord['id'] . '\' /> <b>' . $reccord['label'] . '</b></td><td width=\\"100px\\" align=\\"center\\">' . date($_SESSION['settings']['date_format'], $reccord['date']) . '</td><td width=\\"70px\\" align=\\"center\\">' . $reccord['login'] . '</td>' . $thisFolder . '</tr>'; } echo '[{"text":"' . $texte . '</table><div style=\'margin-left:5px;\'><input type=\'checkbox\' id=\'item_deleted_select_all\' /> <img src=\\"includes/images/arrow-repeat.png\\" title=\\"' . $LANG['restore'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"restoreDeletedItems()\\"> <img src=\\"includes/images/bin_empty.png\\" title=\\"' . $LANG['delete'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"reallyDeleteItems()\\"></div>"}]'; break; /** * CASE admin want to restaure a list of deleted items */ /** * CASE admin want to restaure a list of deleted items */ case "restore_deleted__items": //restore FOLDERS if (count($_POST['list_f']) > 0) { foreach (explode(';', $_POST['list_f']) as $id) { $data = DB::queryfirstrow("SELECT valeur\n FROM " . prefix_table("misc") . "\n WHERE type = 'folder_deleted'\n AND intitule = %s", $id); if ($data['valeur'] != 0) { $folderData = explode(', ', $data['valeur']); //insert deleted folder DB::insert(prefix_table("nested_tree"), array('id' => $folderData[0], 'parent_id' => $folderData[1], 'title' => $folderData[2], 'nleft' => $folderData[3], 'nright' => $folderData[4], 'nlevel' => $folderData[5], 'bloquer_creation' => $folderData[6], 'bloquer_modification' => $folderData[7], 'personal_folder' => $folderData[8], 'renewal_period' => $folderData[9])); //delete log DB::delete(prefix_table("misc"), "type = %s AND intitule = %s", "folder_deleted", $id); } } } //restore ITEMS if (count($_POST['list_i']) > 0) { foreach (explode(';', $_POST['list_i']) as $id) { DB::update(prefix_table("items"), array('inactif' => '0'), 'id = %i', $id); //log DB::insert(prefix_table("log_items"), array("id_item" => $id, "date" => time(), "id_user" => $_SESSION['user_id'], "action" => "at_restored"));
} $texte .= '<tr><td><input type=\'checkbox\' class=\'cb_deleted_item\' value=\'' . $reccord['id'] . '\' id=\'item_deleted_' . $reccord['id'] . '\' /> <b>' . $reccord['label'] . '</b></td><td width=\\"100px\\" align=\\"center\\">' . date($_SESSION['settings']['date_format'], $reccord['date']) . '</td><td width=\\"70px\\" align=\\"center\\">' . $reccord['login'] . '</td>' . $thisFolder . '</tr>'; } echo '[{"text":"' . $texte . '</table><div style=\'margin-left:5px;\'><input type=\'checkbox\' id=\'item_deleted_select_all\' /> <img src=\\"includes/images/arrow-repeat.png\\" title=\\"' . $LANG['restore'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"restoreDeletedItems()\\"> <img src=\\"includes/images/bin_empty.png\\" title=\\"' . $LANG['delete'] . '\\" style=\\"cursor:pointer;\\" onclick=\\"reallyDeleteItems()\\"></div>"}]'; break; /** * CASE admin want to restaure a list of deleted items */ /** * CASE admin want to restaure a list of deleted items */ case "restore_deleted__items": //restore FOLDERS if (count($_POST['list_f']) > 0) { foreach (explode(';', $_POST['list_f']) as $id) { $data = DB::queryfirstrow("SELECT valeur\n FROM " . $pre . "misc\n WHERE type = 'folder_deleted'\n AND intitule = %s", $id); if ($data['valeur'] != 0) { $folderData = explode(', ', $data['valeur']); //insert deleted folder DB::insert($pre . 'nested_tree', array('id' => $folderData[0], 'parent_id' => $folderData[1], 'title' => $folderData[2], 'nleft' => $folderData[3], 'nright' => $folderData[4], 'nlevel' => $folderData[5], 'bloquer_creation' => $folderData[6], 'bloquer_modification' => $folderData[7], 'personal_folder' => $folderData[8], 'renewal_period' => $folderData[9])); //delete log DB::delete($pre . "misc", "type = %s AND intitule = %s", "folder_deleted", $id); } } } //restore ITEMS if (count($_POST['list_i']) > 0) { foreach (explode(';', $_POST['list_i']) as $id) { DB::update($pre . "items", array('inactif' => '0'), 'id = %i', $id); //log DB::insert($pre . "log_items", array("id_item" => $id, "date" => time(), "id_user" => $_SESSION['user_id'], "action" => "at_restored"));
$sOutput .= '"iTotalDisplayRecords": ' . $iFilteredTotal . ', '; $sOutput .= '"aaData": '; if ($iFilteredTotal > 0) { $sOutput .= '['; } foreach ($rows as $record) { $sOutput .= "["; //col1 $sOutput .= '"<img src=\\"includes/images/direction_arrow.png\\" onclick=\\"openKB(\'' . $record['id'] . '\')\\" style=\\"cursor:pointer;\\" />'; if ($record['anyone_can_modify'] == 1 || $record['author_id'] == $_SESSION['user_id']) { $sOutput .= '<img src=\\"includes/images/direction_minus.png\\" onclick=\\"deleteKB(\'' . $record['id'] . '\')\\" style=\\"cursor:pointer;\\" />'; } $sOutput .= '",'; //col2 $ret_cat = DB::queryfirstrow("SELECT category FROM " . $pre . "kb_categories WHERE id = %i", $record['category_id']); $sOutput .= '"' . htmlspecialchars(stripslashes($ret_cat['category']), ENT_QUOTES) . '",'; //col3 $sOutput .= '"' . htmlspecialchars(stripslashes($record['label']), ENT_QUOTES) . '",'; //col4 $ret_author = DB::queryfirstrow("SELECT login FROM " . $pre . "users WHERE id = %i", $record['author_id']); $sOutput .= '"' . html_entity_decode($ret_author['login'], ENT_NOQUOTES) . '"'; //Finish the line $sOutput .= '],'; } if (count($rows) > 0) { $sOutput = substr_replace($sOutput, "", -1); $sOutput .= '] }'; } else { $sOutput .= '[] }'; } echo $sOutput;
$return = ""; //Get all tables $tables = array(); $result = DB::query('SHOW TABLES'); foreach ($result as $row) { $tables[] = $row["Tables_in_" . $database]; } //cycle through foreach ($tables as $table) { if (empty($pre) || substr_count($table, $pre) > 0) { $result = DB::queryRaw('SELECT * FROM ' . $table); $mysqli_result = DB::queryRaw("SELECT *\n FROM INFORMATION_SCHEMA.COLUMNS\n WHERE table_schema = %s\n AND table_name = %s", $database, $table); $numFields = DB::count(); // prepare a drop table $return .= 'DROP TABLE ' . $table . ';'; $row2 = DB::queryfirstrow('SHOW CREATE TABLE ' . $table); $return .= "\n\n" . $row2["Create Table"] . ";\n\n"; //prepare all fields and datas for ($i = 0; $i < $numFields; $i++) { while ($row = $result->fetch_row()) { $return .= 'INSERT INTO ' . $table . ' VALUES('; for ($j = 0; $j < $numFields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = preg_replace("/\n/", "\\n", $row[$j]); if (isset($row[$j])) { $return .= '"' . $row[$j] . '"'; } else { $return .= 'NULL'; } if ($j < $numFields - 1) { $return .= ',';
} else { // COMPLETE RE-ENCRYPTION $personal_sk = $_SESSION['my_sk']; // get data about pw $data = DB::queryfirstrow("SELECT id, pw, pw_iv\n FROM " . prefix_table("items") . "\n WHERE id = %i", $_POST['currentId']); if (empty($data['pw_iv'])) { // check if pw encrypted with protocol #2 $pw = decrypt($data['pw'], $_SESSION['my_sk']); if (empty($pw)) { // used protocol is #1 $pw = decryptOld($data['pw'], $_SESSION['my_sk']); // decrypt using protocol #1 } else { // used protocol is #2 // get key for this pw $dataItem = DB::queryfirstrow("SELECT rand_key\n FROM " . prefix_table("keys") . "\n WHERE `sql_table` = %s AND id = %i", "items", $data['id']); if (!empty($dataItem['rand_key'])) { // remove key from pw $pw = substr($pw, strlen($dataTemp['rand_key'])); } } // encrypt it $encrypt = cryption($pw, $personal_sk, "", "encrypt"); // store Password DB::update(prefix_table('items'), array('pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv']), "id = %i", $data['id']); } else { // already re-encrypted } } echo '[{"error" : ""}]'; break;
// launch query $rows = DB::query("SELECT *\n FROM " . prefix_table("log_system") . "\n WHERE type = %s AND field_1=%i\n ORDER BY date DESC\n LIMIT {$start}," . $_POST['nb_items_by_page'], "user_mngt", $_POST['id']); } // generate data if (isset($counter) && $counter != 0) { $nb_pages = ceil($counter / $_POST['nb_items_by_page']); for ($i = 1; $i <= $nb_pages; $i++) { $pages .= '<td onclick=\'displayLogs(' . $i . ',\\"user_mngt\\")\'><span style=\'cursor:pointer;' . ($_POST['page'] == $i ? 'font-weight:bold;font-size:18px;\'>' . $i : '\'>' . $i) . '</span></td>'; } } $pages .= '</tr></table>'; if (isset($rows)) { foreach ($rows as $record) { if ($_POST['scope'] == "user_mngt") { $user = DB::queryfirstrow("SELECT login from " . prefix_table("users") . " WHERE id=%i", $record['qui']); $user_1 = DB::queryfirstrow("SELECT login from " . prefix_table("users") . " WHERE id=%i", $_POST['id']); $tmp = explode(":", $record['label']); $logs .= '<tr><td>' . date($_SESSION['settings']['date_format'] . " " . $_SESSION['settings']['time_format'], $record['date']) . '</td><td align=\\"center\\">' . str_replace(array('"', '#user_login#'), array('\\"', $user_1['login']), $LANG['login']) . '</td><td align=\\"center\\">' . $user['login'] . '</td><td align=\\"center\\"></td></tr>'; } else { $logs .= '<tr><td>' . date($_SESSION['settings']['date_format'] . " " . $_SESSION['settings']['time_format'], $record['date']) . '</td><td align=\\"center\\">' . str_replace('"', '\\"', $record['label']) . '</td><td align=\\"center\\">' . $record['login'] . '</td><td align=\\"center\\">' . $LANG[$record['action']] . '</td></tr>'; } } } echo '[ { "table_logs": "' . $logs . '", "pages": "' . $pages . '", "error" : "no" } ]'; break; /* * Migrate the Admin PF to User */ /* * Migrate the Admin PF to User */
DB::$user = $user; DB::$password = $pass; DB::$dbName = $database; DB::$port = $port; DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); // check session validity $data = DB::queryfirstrow("SELECT id, timestamp, code, item_id FROM " . prefix_table("otv") . "\n WHERE code = %i", intval($_GET['code'])); if ($data['timestamp'] == $_GET['stamp']) { // otv is too old if ($data['timestamp'] < time() - $_SESSION['settings']['otv_expiration_period'] * 86400) { $html = "Link is too old!"; } else { $dataItem = DB::queryfirstrow("SELECT *\n FROM " . prefix_table("items") . " as i\n INNER JOIN " . prefix_table("log_items") . " as l ON (l.id_item = i.id)\n WHERE i.id = %i AND l.action = %s", intval($data['item_id']), 'at_creation'); // get data $pw = cryption($dataItem['pw'], SALT, $dataItem['pw_iv'], "decrypt"); $label = $dataItem['label']; $email = $dataItem['email']; $url = $dataItem['url']; $description = preg_replace('/(?<!\\r)\\n+(?!\\r)/', '', strip_tags($dataItem['description'], $k['allowedTags'])); $login = str_replace('"', '"', $dataItem['login']); // display data $html = "<div style='margin:30px;'>" . "<div style='font-size:20px;font-weight:bold;'>Welcome to One-Time item view page.</div>" . "<div style='font-style:italic;'>Here are the details of the Item that has been shared to you</div>" . "<div style='margin-top:10px;'><table>" . "<tr><td>Label:</td><td>" . $label . "</td</tr>" . "<tr><td>Password:</td><td>" . $pw . "</td</tr>" . "<tr><td>Description:</td><td>" . $description . "</td</tr>" . "<tr><td>login:</td><td>" . $login . "</td</tr>" . "<tr><td>URL:</td><td>" . $url . "</td</tr>" . "</table></div>" . "<div style='margin-top:30px;'>Copy carefully the data you need. This page is only visible once.</div>" . "</div>"; // delete entry //DB::delete(prefix_table("otv"), "id = %i", intval($_GET['otv_id'])); // display echo $html; } } else {
/* * CASE * Free Item for Edition */ /* * CASE * Free Item for Edition */ case "delete_file": // Check KEY if ($_POST['key'] != $_SESSION['key']) { echo '[ { "error" : "key_not_conform" } ]'; break; } // get file info $result = DB::queryfirstrow("SELECT file FROM " . prefix_table("files") . " WHERE id=%i", substr($_POST['uri'], 1)); @unlink($_SESSION['settings']['path_to_upload_folder'] . '/' . $result['file'] . $_POST['file_suffix']); break; /* * CASE * Get list of users that have access to the folder */ /* * CASE * Get list of users that have access to the folder */ case "get_refined_list_of_users": // Check KEY if ($_POST['key'] != $_SESSION['key']) { echo '[ { "error" : "key_not_conform" } ]'; break;
DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); // check session validity $data = DB::queryfirstrow("SELECT id, timestamp, code, item_id FROM " . prefix_table("otv") . "\n WHERE code = %s", $_GET['code']); if ($data['timestamp'] == intval($_GET['stamp'])) { // otv is too old if ($data['timestamp'] < time() - $_SESSION['settings']['otv_expiration_period'] * 86400) { $html = "Link is too old!"; } else { // get from DB $dataItem = DB::queryfirstrow("SELECT *\n FROM " . prefix_table("items") . " as i\n INNER JOIN " . prefix_table("log_items") . " as l ON (l.id_item = i.id)\n WHERE i.id = %i AND l.action = %s", intval($data['item_id']), 'at_creation'); // is Item still valid regarding number of times being seen // Decrement the number before being deleted $dataDelete = DB::queryfirstrow("SELECT * FROM " . prefix_table("automatic_del") . " WHERE item_id=%i", $data['item_id']); if (isset($_SESSION['settings']['enable_delete_after_consultation']) && $_SESSION['settings']['enable_delete_after_consultation'] == 1) { if ($dataDelete['del_enabled'] == 1) { if ($dataDelete['del_type'] == 1 && $dataDelete['del_value'] >= 1) { // decrease counter DB::update($pre . "automatic_del", array('del_value' => $dataDelete['del_value'] - 1), "item_id = %i", $data['item_id']); } elseif ($dataDelete['del_type'] == 1 && $dataDelete['del_value'] <= 1 || $dataDelete['del_type'] == 2 && $dataDelete['del_value'] < time()) { // delete item DB::delete($pre . "automatic_del", "item_id = %i", $data['item_id']); // make inactive object DB::update(prefix_table("items"), array('inactif' => '1'), "id = %i", $data['item_id']); // log logItems($data['item_id'], $dataItem['label'], OTV_USER_ID, 'at_delete', 'otv', 'at_automatically_deleted'); echo '<div style="padding:10px; margin:90px 30px 30px 30px; text-align:center;" class="ui-widget-content ui-state-error ui-corner-all"><i class="fa fa-warning fa-2x"></i> ' . LANG['not_allowed_to_see_pw_is_expired'] . '</div>'; return false; }
} else { $ret .= "<tr><td><input class='pw_cb' type='checkbox' id='" . $record['id'] . "'></td><td id='old_" . $record['id'] . "'>" . $pw . "</td><td> -> </td><td id='new_" . $record['id'] . "'>" . $reduced_pw . "</td><td id='res_" . $record['id'] . "'></td></tr>"; $rowColor = true; } } else { $pw = ""; $reduced_pw = ""; if ($rowColor == true) { $ret .= "<tr class='alt' style='disabled:disabled;'><td></td><td id='old_" . $record['id'] . "'>Password error encoding</td><td> -> </td><td id='new_" . $record['id'] . "'>" . $reduced_pw . "</td><td id='res_" . $record['id'] . "'></td></tr>"; $rowColor = false; } else { $ret .= "<tr style='disabled:disabled;'><td></td><td id='old_" . $record['id'] . "'>Password error encoding</td><td> -> </td><td id='new_" . $record['id'] . "'>" . $reduced_pw . "</td><td id='res_" . $record['id'] . "'></td></tr>"; $rowColor = true; } } } } echo '[{"error":"", "result":"' . $ret . '", "index":"' . $_POST['index'] . '"}]'; } elseif (isset($_POST['action']) && $_POST['action'] == "tool_clean_1" && $_POST['prefix_len'] != "") { $data = DB::queryfirstrow('SELECT i.pw AS pw, k.rand_key AS rand_key FROM `' . $pre . 'items` as i LEFT JOIN ' . $pre . 'keys as k ON (k.id = i.id) WHERE i.id = %i', $_POST['id']); $pw = decrypt($data['pw']); $pw = substr($pw, strlen($data['rand_key'])); $pw = $data['rand_key'] . substr($pw, $_POST['prefix_len']); DB::update($pre . "items", array('pw' => encrypt($pw)), "id = %i", $_POST['id']); echo '[{"error":"", "result":"' . $_POST['id'] . '"}]'; } break; }
DB::$dbName = $database; DB::$port = $port; DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); // check user's token $dataUser = DB::queryfirstrow("SELECT key_tempo\n FROM " . prefix_table("users") . "\n WHERE id=%i", $_SESSION['user_id']); if ($dataUser['key_tempo'] !== $_GET['key']) { $_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page include $_SESSION['settings']['cpassman_dir'] . '/error.php'; exit; } // get data about item $dataItem = DB::queryfirstrow("SELECT label, login, pw, pw_iv, url, auto_update_pwd_frequency\n FROM " . prefix_table("items") . "\n WHERE id=%i", $_GET['id']); // decrypt password $oldPwClear = cryption($dataItem['pw'], SALT, $dataItem['pw_iv'], "decrypt"); echo ' <div id="tabs"> <ul> <li><a href="#tabs-1">' . $LANG['ssh_one_shot_change'] . '</a></li> <li><a href="#tabs-2">' . $LANG['ssh_scheduled_change'] . '</a></li> </ul> <div id="tabs-1"> <div> <label for="ausp_ssh_root">' . $LANG['ssh_user'] . ':</label> <input type="text" id="ausp_ssh_root" class="menu_250 text ui-widget-content ui-corner-all" style="padding:3px;" value="' . $dataItem['login'] . '" /> </div> <div> <label for="ausp_ssh_pwd">' . $LANG['ssh_pwd'] . ':</label>
foreach ($server_cert['issuer'] as $key => $value) { $cert_issuer .= "/{$key}={$value}"; } if (isset($cert_name) && !empty($cert_name) && $cert_name != $cert_issuer) { if (isset($_SERVER['HTTPS'])) { header('Strict-Transport-Security: max-age=500'); $_SESSION['error']['sts'] = 0; } } elseif ($cert_name == $cert_issuer) { $_SESSION['error']['sts'] = 1; } } /* LOAD INFORMATION CONCERNING USER */ if (isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) { // query on user $data = DB::queryfirstrow("SELECT admin, gestionnaire, groupes_visibles, groupes_interdits, fonction_id FROM " . prefix_table("users") . " WHERE id=%i_id", array('id' => $_SESSION['user_id'])); //Check if user has been deleted or unlogged if (empty($data)) { // erase session table $_SESSION = array(); // Kill session session_destroy(); //redirection to index echo ' <script language="javascript" type="text/javascript"> <!-- setTimeout(function(){document.location.href="index.php"}, 10); --> </script>'; } else { // update user's rights
// connect to DB require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php'; DB::$host = $server; DB::$user = $user; DB::$password = $pass; DB::$dbName = $database; DB::$port = $port; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); // manage action required if (!empty($_POST['type'])) { switch ($_POST['type']) { #CASE adding a new function case "del_fav": //Get actual favourites $data = DB::queryfirstrow("SELECT favourites FROM " . $pre . "users WHERE id = %i", $_SESSION['user_id']); $tmp = explode(";", $data['favourites']); $favs = ""; $tab_favs = array(); //redefine new list of favourites foreach ($tmp as $f) { if (!empty($f) && $f != $_POST['id']) { if (empty($favs)) { $favs = $f; } else { $favs = ';' . $f; } array_push($tab_favs, $f); } } //update user's account
DB::$host = $server; DB::$user = $user; DB::$password = $pass; DB::$dbName = $database; DB::$port = $port; DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); // manage action required if (!empty($_POST['type'])) { switch ($_POST['type']) { #CASE adding a new function case "del_fav": //Get actual favourites $data = DB::queryfirstrow("SELECT favourites FROM " . prefix_table("users") . " WHERE id = %i", $_SESSION['user_id']); $tmp = explode(";", $data['favourites']); $favs = ""; $tab_favs = array(); //redefine new list of favourites foreach ($tmp as $f) { if (!empty($f) && $f != $_POST['id']) { if (empty($favs)) { $favs = $f; } else { $favs = ';' . $f; } array_push($tab_favs, $f); } } //update user's account
if (isset($_SESSION['settings']['psk_authentication']) && $_SESSION['settings']['psk_authentication'] == 1 && !empty($data['psk'])) { $pskSet = true; } else { $pskSet = false; } echo '[{"login" : "' . $userOk . '", "psk":"' . $pskSet . '"}]'; break; /** * Make statistics on item */ /** * Make statistics on item */ case "item_stat": if (isset($_POST['scope']) && $_POST['scope'] == "item") { $data = DB::queryfirstrow("SELECT view FROM " . prefix_table("statistics") . " WHERE scope = %s AND item_id = %i", 'item', $_POST['id']); $counter = DB::count(); if ($counter == 0) { DB::insert(prefix_table("statistics"), array('scope' => 'item', 'view' => '1', 'item_id' => $_POST['id'])); } else { DB::update(prefix_table("statistics"), array('scope' => 'item', 'view' => $data['view'] + 1), "item_id = %i", $_POST['id']); } } break; /** * Refresh list of last items seen */ /** * Refresh list of last items seen */ case "refresh_list_items_seen":
DB::insert(prefix_table("items"), array('label' => $suggestion['label'], 'description' => $suggestion['description'], 'pw' => $suggestion['pw'], 'id_tree' => $suggestion['folder_id'], 'inactif' => '0', 'perso' => '0', 'anyone_can_modify' => '0', 'pw_iv' => $suggestion['pw_iv'])); $newID = DB::insertId(); if (is_numeric($newID)) { // update log DB::insert(prefix_table("log_items"), array('id_item' => $newID, 'date' => time(), 'id_user' => $suggestion['author_id'], 'action' => 'at_creation')); // update cache table updateCacheTable("add_value", $newID); // delete suggestion DB::delete(prefix_table("suggestion"), "id = %i", $_POST['id']); echo '[ { "status" : "done" } ]'; } else { echo '[ { "status" : "error_when_creating" } ]'; } } break; case "get_complexity_level": // Check KEY if ($_POST['key'] != $_SESSION['key']) { echo '[ { "error" : "key_not_conform" } ]'; break; } $data = DB::queryfirstrow("SELECT valeur FROM " . $pre . "misc WHERE intitule = %s AND type = %s", $_POST['folder_id'], "complex"); if (isset($data['valeur']) && (!empty($data['valeur']) || $data['valeur'] == 0)) { $complexity = $_SESSION['settings']['pwComplexity'][$data['valeur']][1]; } else { $complexity = $LANG['not_defined']; } echo '[ { "status" : "ok" , "complexity" : "' . $data['valeur'] . '" , "complexity_text" : "' . $complexity . '" } ]'; break; } }
foreach ($items as $item) { // Delete item DB::delete(prefix_table("items"), "id = %i", $item['id']); // log DB::delete(prefix_table("log_items"), "id_item = %i", $item['id']); } } // rebuild tree $tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree->rebuild(); } // update LOG logEvents('user_mngt', 'at_user_deleted', $_SESSION['user_id'], $_SESSION['login'], $_POST['id']); } else { // Get old data about user $oldData = DB::queryfirstrow("SELECT * FROM " . prefix_table("users") . "\n WHERE id = %i", $_POST['id']); // manage account status $accountDisabled = 0; if ($account_status_action == "unlock") { $accountDisabled = 0; $logDisabledText = "at_user_unlocked"; } elseif ($account_status_action == "lock") { $accountDisabled = 1; $logDisabledText = "at_user_locked"; } // update user DB::update(prefix_table("users"), array('login' => mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['login'])), 'name' => mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['name'])), 'lastname' => mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['lastname'])), 'email' => mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['email'])), 'disabled' => $accountDisabled, 'isAdministratedByRole' => $dataReceived['managedby'], 'groupes_interdits' => empty($dataReceived['forbidFld']) ? '0' : rtrim($dataReceived['forbidFld'], ";"), 'groupes_visibles' => empty($dataReceived['allowFld']) ? '0' : rtrim($dataReceived['allowFld'], ";"), 'fonction_id' => empty($dataReceived['functions']) ? '0' : rtrim($dataReceived['functions'], ";")), "id = %i", $_POST['id']); // update LOG if ($oldData['email'] != mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['email']))) { logEvents('user_mngt', 'at_user_email_changed:' . $oldData['email'], intval($_SESSION['user_id']), $_SESSION['login'], intval($_POST['id'])); }
$rows = DB::query("SELECT * FROM " . $pre . "categories \n WHERE parent_id = %i\n ORDER BY " . $pre . "categories.order ASC", $record['id']); if (count($rows) > 0) { foreach ($rows as $field) { array_push($arrCategories, array('2', $field['id'], $field['title'], $field['order'], "", "")); } } } echo json_encode($arrCategories, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP); break; case "categoryInFolders": // update order if (!empty($_POST['foldersIds'])) { // delete all existing inputs DB::delete($pre . "categories_folders", "id_category = %i", $_POST['id']); // create new list $list = ""; foreach (explode(';', $_POST['foldersIds']) as $folder) { DB::insert($pre . 'categories_folders', array('id_category' => $_POST['id'], 'id_folder' => $folder)); // prepare a list $row = DB::queryfirstrow("SELECT title FROM " . $pre . "nested_tree WHERE id=%i", $folder); if (empty($list)) { $list = $row['title']; } else { $list .= " | " . $row['title']; } } echo '[{"list" : "' . $list . '"}]'; } break; } }
DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); // check session validity $data = DB::queryfirstrow("SELECT timestamp, code, item_id FROM " . prefix_table("otv") . "\n WHERE id = %i", intval($_GET['otv_id'])); if ($data['timestamp'] == $_GET['stamp'] && $data['code'] == $_GET['code'] && $data['item_id'] == $_GET['item_id']) { // otv is too old if ($data['timestamp'] < time() - $_SESSION['settings']['otv_expiration_period'] * 86400) { $html = "Link is too old!"; } else { $dataItem = DB::queryfirstrow("SELECT *\n FROM " . prefix_table("items") . " as i\n INNER JOIN " . prefix_table("log_items") . " as l ON (l.id_item = i.id)\n WHERE i.id = %i AND l.action = %s", intval($_GET['item_id']), 'at_creation'); // get data $pw = cryption($dataItem['pw'], SALT, $dataItem['pw_iv'], "decrypt"); // get key for original pw $originalKey = DB::queryfirstrow("SELECT rand_key FROM `" . prefix_table("keys") . "`\n WHERE `sql_table` = %s AND `id` = %i", 'items', intval($_GET['item_id'])); // unsalt previous pw $pw = substr($pw, strlen($originalKey['rand_key'])); $label = $dataItem['label']; $email = $dataItem['email']; $url = $dataItem['url']; $description = preg_replace('/(?<!\\r)\\n+(?!\\r)/', '', strip_tags($dataItem['description'], $k['allowedTags'])); $login = str_replace('"', '"', $dataItem['login']); // display data $html = "<div style='margin:30px;'>" . "<div style='font-size:20px;font-weight:bold;'>Welcome to One-Time item view page.</div>" . "<div style='font-style:italic;'>Here are the details of the Item that has been shared to you</div>" . "<div style='margin-top:10px;'><table>" . "<tr><td>Label:</td><td>" . $label . "</td</tr>" . "<tr><td>Password:</td><td>" . $pw . "</td</tr>" . "<tr><td>Description:</td><td>" . $description . "</td</tr>" . "<tr><td>login:</td><td>" . $login . "</td</tr>" . "<tr><td>URL:</td><td>" . $url . "</td</tr>" . "</table></div>" . "<div style='margin-top:30px;'>Copy carefully the data you need. This page is only visible once.</div>" . "</div>"; // delete entry //DB::delete(prefix_table("otv"), "id = %i", intval($_GET['otv_id'])); // display echo $html; } } else {
$rows = DB::query("SELECT * FROM " . prefix_table("categories") . "\n WHERE parent_id = %i\n ORDER BY " . $pre . "categories.order ASC", $record['id']); if (count($rows) > 0) { foreach ($rows as $field) { array_push($arrCategories, array('2', $field['id'], $field['title'], $field['order'], "", "")); } } } echo json_encode($arrCategories, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP); break; case "categoryInFolders": // update order if (!empty($_POST['foldersIds'])) { // delete all existing inputs DB::delete($pre . "categories_folders", "id_category = %i", $_POST['id']); // create new list $list = ""; foreach (explode(';', $_POST['foldersIds']) as $folder) { DB::insert(prefix_table("categories_folders"), array('id_category' => $_POST['id'], 'id_folder' => $folder)); // prepare a list $row = DB::queryfirstrow("SELECT title FROM " . prefix_table("nested_tree") . " WHERE id=%i", $folder); if (empty($list)) { $list = $row['title']; } else { $list .= " | " . $row['title']; } } echo '[{"list" : "' . $list . '"}]'; } break; } }
// already re-encrypted } } echo '[{"error" : ""}]'; break; #CASE auto update server password #CASE auto update server password case "server_auto_update_password": if ($_POST['key'] != $_SESSION['key']) { echo '[{"error" : "something_wrong"}]'; break; } // decrypt and retreive data in JSON format $dataReceived = prepareExchangedData($_POST['data'], "decode"); // get data about item $dataItem = DB::queryfirstrow("SELECT label, login, pw, pw_iv, url\n FROM " . prefix_table("items") . "\n WHERE id=%i", $dataReceived['currentId']); // decrypt password $oldPwClear = cryption($dataItem['pw'], SALT, $dataItem['pw_iv'], "decrypt"); // encrypt new password $encrypt = cryption($dataReceived['new_pwd'], SALT, "", "encrypt"); // connect ot server with ssh $ret = ""; stream_resolve_include_path($_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Authentication/phpseclib/Crypt/RC4.php'); include $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Authentication/phpseclib/Net/SSH2.php'; $parse = parse_url($dataItem['url']); if (!isset($parse['host']) || empty($parse['host']) || !isset($parse['host']) || empty($parse['host'])) { // error in parsing the url echo prepareExchangedData(array("error" => "Parsing URL failed.<br />Ensure the URL is well written!</i>", "text" => ""), "encode"); break; } else { $ssh = new Net_SSH2($parse['host'], $parse['port']);
} else { require_once 'main.functions.php'; // connect to DB include $_SESSION['settings']['cpassman_dir'] . '/includes/config/settings.php'; require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php'; DB::$host = $server; DB::$user = $user; DB::$password = $pass; DB::$dbName = $database; DB::$port = $port; DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); // get file key $result = DB::queryfirstrow("SELECT file FROM " . prefix_table("files") . " WHERE id=%i", $_GET['fileid']); // Open the file $fp = fopen($_SESSION['settings']['path_to_upload_folder'] . '/' . $result['file'], 'rb'); // should we decrypt the attachment? if (isset($_SESSION['settings']['enable_attachment_encryption']) && $_SESSION['settings']['enable_attachment_encryption'] == 1) { include $_SESSION['settings']['cpassman_dir'] . '/includes/config/settings.php'; // Prepare encryption options $iv = substr(md5("<X" . SALT, true), 0, 8); $key = substr(md5("-üØ" . SALT, true) . md5("-üÙ" . SALT, true), 0, 24); $opts = array('iv' => $iv, 'key' => $key); // Add the Mcrypt stream filter stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_READ, $opts); } // Read the file contents fpassthru($fp); }
<div id="tabs-2"> <!-- Prepare a list of all folders that the user can choose --> <div style="margin-top:10px;" id="keypass_import_options"> <label><b>' . $LANG['import_keepass_to_folder'] . '</b></label> <select id="import_keepass_items_to"> <option value="0">' . $LANG['root'] . '</option>'; //Load Tree $tree = new SplClassLoader('Tree\\NestedTree', './includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $folders = $tree->getDescendants(); // show list of all folders foreach ($folders as $t) { if (in_array($t->id, $_SESSION['groupes_visibles'])) { if (is_numeric($t->title)) { $user = DB::queryfirstrow("SELECT login FROM " . prefix_table("users") . " WHERE id = %i", $t->title); $t->title = $user['login']; $t->id = $t->id . "-perso"; } $ident = " "; for ($x = 1; $x < $t->nlevel; $x++) { $ident .= " "; } if (isset($_GET['folder_id']) && $_GET['folder_id'] == $t->id) { $selected = " selected"; } else { $selected = ""; } if ($prevLevel < $t->nlevel) { echo '<option value="' . $t->id . '"' . $selected . '>' . $ident . $t->title . '</option>'; } elseif ($prevLevel == $t->nlevel) {
} $texte .= '</tr></thead><tbody>'; //Display each folder with associated rights by role $i = 0; foreach ($tree as $node) { if (in_array($node->id, $_SESSION['groupes_visibles']) && !in_array($node->id, $_SESSION['personal_visible_groups'])) { $ident = ""; for ($a = 1; $a < $node->nlevel; $a++) { $ident .= "—"; } //display 1st cell of the line $texte .= '<tr><td style=\'font-size:10px; font-family:arial;\' title=\'ID=' . $node->id . '\'>' . $ident . " " . $node->title . '</td>'; foreach ($arrRoles as $role) { //check if this role has access or not // if not then color is red; if yes then color is green $role_detail = DB::queryfirstrow("SELECT * FROM " . prefix_table("roles_values") . " WHERE folder_id = %i AND role_id = %i", $node->id, $role); if (DB::count() > 0) { if ($role_detail['type'] == "W") { $couleur = '#008000'; $allowed = "W"; $title = $LANG['write']; $label = '<i class="fa fa-indent"></i> <i class="fa fa-edit"></i> <i class="fa fa-eraser"></i>'; } elseif ($role_detail['type'] == "ND") { $couleur = '#4E45F7'; $allowed = "ND"; $title = $LANG['no_delete']; $label = '<i class="fa fa-indent"></i> <i class="fa fa-edit"></i>'; } elseif ($role_detail['type'] == "NE") { $couleur = '#4E45F7'; $allowed = "NE"; $title = $LANG['no_edit'];
/** * updateCacheTable() * * Update the CACHE table */ function updateCacheTable($action, $id = "") { global $db, $server, $user, $pass, $database, $pre, $port, $encoding; require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php'; //Connect to DB require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php'; DB::$host = $server; DB::$user = $user; DB::$password = $pass; DB::$dbName = $database; DB::$port = $port; DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); //Load Tree $tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); // Rebuild full cache table if ($action == "reload") { // truncate table DB::query("TRUNCATE TABLE " . $pre . "cache"); // reload date $rows = DB::query("SELECT *\n FROM " . $pre . "items as i\n INNER JOIN " . $pre . "log_items as l ON (l.id_item = i.id)\n AND l.action = %s\n AND i.inactif = %i", 'at_creation', 0); foreach ($rows as $record) { // Get all TAGS $tags = ""; $itemTags = DB::query("SELECT tag FROM " . $pre . "tags WHERE item_id=%i", $record['id']); foreach ($itemTags as $itemTag) { if (!empty($itemTag['tag'])) { $tags .= $itemTag['tag'] . " "; } } // form id_tree to full foldername $folder = ""; $arbo = $tree->getPath($record['id_tree'], true); foreach ($arbo as $elem) { if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) { $elem->title = $_SESSION['login']; } if (empty($folder)) { $folder = stripslashes($elem->title); } else { $folder .= " » " . stripslashes($elem->title); } } // store data DB::insert($pre . "cache", array('id' => $record['id'], 'label' => $record['label'], 'description' => $record['description'], 'tags' => $tags, 'id_tree' => $record['id_tree'], 'perso' => $record['perso'], 'restricted_to' => $record['restricted_to'], 'login' => $record['login'] == null ? "" : $record['login'], 'folder' => $folder, 'author' => $record['id_user'])); } // UPDATE an item } elseif ($action == "update_value") { // get new value from db $data = DB::queryfirstrow("SELECT label, description, id_tree, perso, restricted_to, login\n FROM " . $pre . "items\n WHERE id=%i", $id); // Get all TAGS $tags = ""; $itemTags = DB::query("SELECT tag FROM " . $pre . "tags WHERE item_id=%i", $id); foreach ($itemTags as $itemTag) { if (!empty($itemTag['tag'])) { $tags .= $itemTag['tag'] . " "; } } // form id_tree to full foldername $folder = ""; $arbo = $tree->getPath($data['id_tree'], true); foreach ($arbo as $elem) { if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) { $elem->title = $_SESSION['login']; } if (empty($folder)) { $folder = stripslashes($elem->title); } else { $folder .= " » " . stripslashes($elem->title); } } // finaly update DB::update($pre . "cache", array('label' => $data['label'], 'description' => $data['description'], 'tags' => $tags, 'id_tree' => $data['id_tree'], 'perso' => $data['perso'], 'restricted_to' => $data['restricted_to'], 'login' => $data['login'], 'folder' => $folder, 'author' => $_SESSION['user_id']), "id = %i", $id); // ADD an item } elseif ($action == "add_value") { // get new value from db $data = DB::queryFirstRow("SELECT i.label, i.description, i.id_tree as id_tree, i.perso, i.restricted_to, i.id, i.login\n FROM " . $pre . "items as i\n INNER JOIN " . $pre . "log_items as l ON (l.id_item = i.id)\n WHERE i.id = %i\n AND l.action = %s", $id, 'at_creation'); // Get all TAGS $tags = ""; $itemTags = DB::query("SELECT tag FROM " . $pre . "tags WHERE item_id = %i", $id); foreach ($itemTags as $itemTag) { if (!empty($itemTag['tag'])) { $tags .= $itemTag['tag'] . " "; } } // form id_tree to full foldername $folder = ""; $arbo = $tree->getPath($data['id_tree'], true); foreach ($arbo as $elem) { if ($elem->title == $_SESSION['user_id'] && $elem->nlevel == 1) { $elem->title = $_SESSION['login']; } if (empty($folder)) { $folder = stripslashes($elem->title); } else { $folder .= " » " . stripslashes($elem->title); } } // finaly update DB::insert($pre . "cache", array('id' => $data['id'], 'label' => $data['label'], 'description' => $data['description'], 'tags' => $tags, 'id_tree' => $data['id_tree'], 'perso' => $data['perso'], 'restricted_to' => $data['restricted_to'], 'login' => $data['login'], 'folder' => $folder, 'author' => $_SESSION['user_id'])); // DELETE an item } elseif ($action == "delete_value") { DB::delete($pre . "cache", "id = %i", $id); } }