} $managedBy = '<option value="0">' . $LANG['administrators_only'] . '</option>'; foreach ($rolesList as $fonction) { if ($_SESSION['is_admin'] || in_array($fonction['id'], $_SESSION['user_roles'])) { if ($rowUser['isAdministratedByRole'] == $fonction['id']) { $tmp = ' selected="selected"'; } else { $tmp = ""; } $managedBy .= '<option value="' . $fonction['id'] . '"' . $tmp . '>' . $LANG['managers_of'] . ' "' . $fonction['title'] . '</option>'; } } // get FOLDERS FORBIDDEN $forbiddenFolders = ""; $userForbidFolders = explode(';', $rowUser['groupes_interdits']); $tree_desc = $tree->getDescendants(); foreach ($tree_desc as $t) { if (in_array($t->id, $_SESSION['groupes_visibles']) && !in_array($t->id, $_SESSION['personal_visible_groups'])) { $tmp = ""; $ident = ""; for ($y = 1; $y < $t->nlevel; $y++) { $ident .= " "; } if (in_array($t->id, $userForbidFolders)) { $tmp = ' selected="selected"'; } $forbiddenFolders .= '<option value="' . $t->id . '"' . $tmp . '>' . $ident . @htmlspecialchars($t->title, ENT_COMPAT, "UTF-8") . '</option>'; $prev_level = $t->nlevel; } } // get FOLDERS ALLOWED
$_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page include $_SESSION['settings']['cpassman_dir'] . '/error.php'; exit; } require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php'; require_once $_SESSION['settings']['cpassman_dir'] . '/sources/main.functions.php'; // Load file require_once 'users.load.php'; // load help require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '_admin_help.php'; //Build tree $tree = new SplClassLoader('Tree\\NestedTree', $_SESSION['settings']['cpassman_dir'] . '/includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); $treeDesc = $tree->getDescendants(); // Build FUNCTIONS list $rolesList = array(); $rows = DB::query("SELECT id,title FROM " . prefix_table("roles_title") . " ORDER BY title ASC"); foreach ($rows as $reccord) { $rolesList[$reccord['id']] = array('id' => $reccord['id'], 'title' => $reccord['title']); } // Display list of USERS echo ' <div class="title ui-widget-content ui-corner-all"> ' . $LANG['admin_users'] . ' <img src="includes/images/user--plus.png" title="' . $LANG['new_user_title'] . '" onclick="OpenDialog(\'add_new_user\')"class="button" style="padding:2px;" /> <span style="float:right;margin-right:5px;"><img src="includes/images/question-white.png" style="cursor:pointer" title="' . $LANG['show_help'] . '" onclick="OpenDialog(\'help_on_users\')" /></span> <input type="text" name="search" id="search" /> </div>'; echo '
$tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); //Load AES $aes = new SplClassLoader('Encryption\\Crypt', '../includes/libraries'); $aes->register(); //User's language loading $k['langage'] = @$_SESSION['user_language']; require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php'; // Build query switch ($_POST['type']) { //Check if import CSV file format is what expected case "import_file_format_csv": //load full tree $tree->rebuild(); $tst = $tree->getDescendants(); // do some initializations $file = $_SESSION['settings']['path_to_files_folder'] . "/" . $_POST['file']; $size = 4096; $separator = ","; $enclosure = '"'; $fields_expected = array("Account", "Login Name", "Password", "Web Site", "Comments"); //requiered fields from CSV $importation_possible = true; $display = "<table>"; $line_number = $prev_level = 0; $account = $text = ""; $continue_on_next_line = false; // Open file if ($fp = fopen($file, "r")) { // data from CSV
//get through all users $rows = DB::query("SELECT id,login,email FROM " . prefix_table("users") . " ORDER BY login ASC"); foreach ($rows as $record) { //update PF field for user DB::update(prefix_table("users"), array('personal_folder' => '1'), "id = %i", $record['id']); //if folder doesn't exist then create it $data = DB::queryfirstrow("SELECT * FROM " . prefix_table("nested_tree") . " WHERE title = %s AND parent_id = %i", $record['id'], 0); $counter = DB::count(); if ($counter == 0) { //If not exist then add it DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => $record['id'], 'personal_folder' => '1')); } else { //If exists then update it DB::update(prefix_table("nested_tree"), array('personal_folder' => '1'), "title=%s AND parent_id=%i", $record['id'], 0); // Get an array of all folders $folders = $tree->getDescendants($record['id'], false, true, true); foreach ($folders as $folder) { //update PF field for user DB::update(prefix_table("nested_tree"), array('personal_folder' => '1'), "id = %s", $folder); } } } //rebuild fuild tree folder $tree->rebuild(); echo '[{"result" : "pf_done"}]'; break; ########################################################### #CASE for deleting all items from DB that are linked to a folder that has been deleted ########################################################### #CASE for deleting all items from DB that are linked to a folder that has been deleted case "admin_action_db_clean_items":
<input type="hidden" id="selected_row" />'; // dialogboxes echo ' <div id="category_confirm" style="display:none;"> <span id="category_confirm_text"></span>? </div>'; echo ' <div id="add_new_field" style="display:none;"> ' . $LANG['new_field_title'] . '<input type="text" id="new_field_title" style="width: 200px; margin-left:20px;" /> </div>'; echo ' <div id="category_in_folder" style="display:none;"> ' . $LANG['select_folders_for_category'] . ' "<span style="font-weight:bold;" id="catInFolder_title"></span>" : <br /> <div style="text-align:center; margin-top:10px;"> <select id="cat_folders_selection" multiple size="12">'; $folders = $tree->getDescendants(); foreach ($folders as $folder) { DB::query("SELECT * FROM " . prefix_table("nested_tree") . "\n WHERE personal_folder = %i AND id = %i", '0', $folder->id); $counter = DB::count(); if ($counter > 0) { echo ' <option value="' . $folder->id . '">' . str_replace("&", "&", $folder->title) . '</option>'; } } echo ' </div> <div id="catInFolder_wait" class="ui-state-focus ui-corner-all" style="display:none;padding:2px;margin:5px 0 5px 0;">' . $LANG['please_wait'] . '...</div> </div>'; require_once 'admin.settings.load.php';
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); $tree->rebuild(); //Update CACHE table updateCacheTable("delete_value", $_POST['id']); break; // CASE where DELETING multiple groups // CASE where DELETING multiple groups case "delete_multiple_folders": //decrypt and retreive data in JSON format $dataReceived = prepareExchangedData($_POST['data'], "decode"); $error = ""; $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); foreach (explode(';', $dataReceived['foldersList']) as $folderId) { $foldersDeleted = ""; // Get through each subfolder $folders = $tree->getDescendants($folderId, true); foreach ($folders as $folder) { if (($folder->parent_id > 0 || $folder->parent_id == 0) && $folder->title != $_SESSION['user_id']) { //Store the deleted folder (recycled bin) DB::insert(prefix_table("misc"), array('type' => 'folder_deleted', 'intitule' => "f" . $folderId, 'valeur' => $folder->id . ', ' . $folder->parent_id . ', ' . $folder->title . ', ' . $folder->nleft . ', ' . $folder->nright . ', ' . $folder->nlevel . ', 0, 0, 0, 0')); //delete folder DB::delete(prefix_table("nested_tree"), "id = %i", $folder->id); //delete items & logs $items = DB::query("SELECT id FROM " . prefix_table("items") . " WHERE id_tree=%i", $folder->id); foreach ($items as $item) { DB::update(prefix_table("items"), array('inactif' => '1'), "id = %i", $item['id']); //log DB::insert(prefix_table("log_items"), array('id_item' => $item['id'], 'date' => time(), 'id_user' => $_SESSION['user_id'], 'action' => 'at_delete')); } //Actualize the variable $_SESSION['nb_folders']--;
} /* do checks */ require_once $_SESSION['settings']['cpassman_dir'] . '/sources/checks.php'; if (!checkUser($_SESSION['user_id'], $_SESSION['key'], curPage())) { $_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page include $_SESSION['settings']['cpassman_dir'] . '/error.php'; exit; } require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php'; //Build tree $tree = new SplClassLoader('Tree\\NestedTree', './includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree->rebuild(); $folders = $tree->getDescendants(); // prepare folders list if (isset($_SESSION['list_folders_limited']) && count($_SESSION['list_folders_limited']) > 0) { $listFoldersLimitedKeys = @array_keys($_SESSION['list_folders_limited']); } else { $listFoldersLimitedKeys = array(); } // list of items accessible but not in an allowed folder if (isset($_SESSION['list_restricted_folders_for_items']) && count($_SESSION['list_restricted_folders_for_items']) > 0) { $listRestrictedFoldersForItemsKeys = @array_keys($_SESSION['list_restricted_folders_for_items']); } else { $listRestrictedFoldersForItemsKeys = array(); } $selectVisibleFoldersOptions = "<option value=\"\">--" . $LANG['select'] . "--</option>"; foreach ($folders as $folder) { // Be sure that user can only see folders he/she is allowed to
/** * identifyUserRights() * * @return */ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmin, $idFonctions, $refresh) { global $server, $user, $pass, $database, $pre, $port, $encoding; //load ClassLoader require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php'; //Connect to DB require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php'; DB::$host = $server; DB::$user = $user; DB::$password = $pass; DB::$dbName = $database; DB::$port = $port; DB::$encoding = $encoding; DB::$error_handler = 'db_error_handler'; $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); //Build tree $tree = new SplClassLoader('Tree\\NestedTree', $_SESSION['settings']['cpassman_dir'] . '/includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); // Check if user is ADMINISTRATOR if ($isAdmin == 1) { $groupesVisibles = array(); $_SESSION['groupes_visibles'] = array(); $_SESSION['groupes_interdits'] = array(); $_SESSION['personal_visible_groups'] = array(); $_SESSION['list_restricted_folders_for_items'] = array(); $_SESSION['groupes_visibles_list'] = ""; $rows = DB::query("SELECT id FROM " . prefix_table("nested_tree") . " WHERE personal_folder = %i", 0); foreach ($rows as $record) { array_push($groupesVisibles, $record['id']); } $_SESSION['groupes_visibles'] = $groupesVisibles; $_SESSION['all_non_personal_folders'] = $groupesVisibles; // Exclude all PF $_SESSION['forbiden_pfs'] = array(); //$sql = "SELECT id FROM ".prefix_table("nested_tree")." WHERE personal_folder = 1"; $where = new WhereClause('and'); // create a WHERE statement of pieces joined by ANDs $where->add('personal_folder=%i', 1); if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) { //$sql .= " AND title != '".$_SESSION['user_id']."'"; $where->add('title=%s', $_SESSION['user_id']); $where->negateLast(); } // Get ID of personal folder $pf = DB::queryfirstrow("SELECT id FROM " . prefix_table("nested_tree") . " WHERE title = %s", $_SESSION['user_id']); if (!empty($pf['id'])) { if (!in_array($pf['id'], $_SESSION['groupes_visibles'])) { array_push($_SESSION['groupes_visibles'], $pf['id']); array_push($_SESSION['personal_visible_groups'], $pf['id']); // get all descendants $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title', 'personal_folder'); $tree->rebuild(); $tst = $tree->getDescendants($pf['id']); foreach ($tst as $t) { array_push($_SESSION['groupes_visibles'], $t->id); array_push($_SESSION['personal_visible_groups'], $t->id); } } } $_SESSION['groupes_visibles_list'] = implode(',', $_SESSION['groupes_visibles']); $_SESSION['is_admin'] = $isAdmin; // Check if admin has created Folders and Roles DB::query("SELECT * FROM " . prefix_table("nested_tree") . ""); $_SESSION['nb_folders'] = DB::count(); DB::query("SELECT * FROM " . prefix_table("roles_title")); $_SESSION['nb_roles'] = DB::count(); } else { // init $_SESSION['groupes_visibles'] = array(); $_SESSION['groupes_interdits'] = array(); $_SESSION['personal_visible_groups'] = array(); $_SESSION['read_only_folders'] = array(); $groupesVisibles = array(); $groupesInterdits = array(); $groupesInterditsUser = explode(';', trimElement($groupesInterditsUser, ";")); if (!empty($groupesInterditsUser) && count($groupesInterditsUser) > 0) { $groupesInterdits = $groupesInterditsUser; } $_SESSION['is_admin'] = $isAdmin; $fonctionsAssociees = explode(';', trimElement($idFonctions, ";")); $newListeGpVisibles = array(); $listeGpInterdits = array(); $listAllowedFolders = $listForbidenFolders = $listFoldersLimited = $listFoldersEditableByRole = $listRestrictedFoldersForItems = $listReadOnlyFolders = $listNoAccessFolders = array(); // rechercher tous les groupes visibles en fonction des roles de l'utilisateur foreach ($fonctionsAssociees as $roleId) { if (!empty($roleId)) { // Get allowed folders for each Role $rows = DB::query("SELECT folder_id FROM " . prefix_table("roles_values") . " WHERE role_id=%i", $roleId); if (DB::count() > 0) { $tmp = DB::queryfirstrow("SELECT allow_pw_change FROM " . prefix_table("roles_title") . " WHERE id = %i", $roleId); foreach ($rows as $record) { if (isset($record['folder_id']) && !in_array($record['folder_id'], $listAllowedFolders)) { array_push($listAllowedFolders, $record['folder_id']); //echo $record['folder_id'].";"; } // Check if this group is allowed to modify any pw in allowed folders if ($tmp['allow_pw_change'] == 1 && !in_array($record['folder_id'], $listFoldersEditableByRole)) { array_push($listFoldersEditableByRole, $record['folder_id']); } } // Check for the users roles if some specific rights exist on items $rows = DB::query("SELECT i.id_tree, r.item_id\n FROM " . prefix_table("items") . " as i\n INNER JOIN " . prefix_table("restriction_to_roles") . " as r ON (r.item_id=i.id)\n WHERE r.role_id=%i\n ORDER BY i.id_tree ASC", $roleId); $x = 0; foreach ($rows as $record) { if (isset($record['id_tree'])) { $listFoldersLimited[$record['id_tree']][$x] = $record['item_id']; $x++; } } } } } // Does this user is allowed to see other items $x = 0; $rows = DB::query("SELECT id, id_tree FROM " . prefix_table("items") . "\n WHERE restricted_to=%ss AND inactif=%s", $_SESSION['user_id'], '0'); foreach ($rows as $record) { $listRestrictedFoldersForItems[$record['id_tree']][$x] = $record['id']; $x++; // array_push($listRestrictedFoldersForItems, $record['id_tree']); } // => Build final lists // Clean arrays $allowedFoldersTmp = array(); $listAllowedFolders = array_unique($listAllowedFolders); // Add user allowed folders $allowedFoldersTmp = array_unique(array_merge($listAllowedFolders, explode(';', trimElement($groupesVisiblesUser, ";")))); // Exclude from allowed folders all the specific user forbidden folders $allowedFolders = array(); foreach ($allowedFoldersTmp as $id) { if (!in_array($id, $groupesInterditsUser) && !empty($id)) { array_push($allowedFolders, $id); } } // Clean array $listAllowedFolders = array_filter(array_unique($allowedFolders)); // Exclude all PF $_SESSION['forbiden_pfs'] = array(); $where = new WhereClause('and'); $where->add('personal_folder=%i', 1); if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1 && isset($_SESSION['personal_folder']) && $_SESSION['personal_folder'] == 1) { $where->add('title=%s', $_SESSION['user_id']); $where->negateLast(); } $pfs = DB::query("SELECT id FROM " . prefix_table("nested_tree") . " WHERE %l", $where); foreach ($pfs as $pfId) { array_push($_SESSION['forbiden_pfs'], $pfId['id']); } // Get ID of personal folder if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1 && isset($_SESSION['personal_folder']) && $_SESSION['personal_folder'] == 1) { $pf = DB::queryfirstrow("SELECT id FROM " . prefix_table("nested_tree") . " WHERE title = %s", $_SESSION['user_id']); if (!empty($pf['id'])) { if (!in_array($pf['id'], $listAllowedFolders)) { // get all descendants $ids = $tree->getDescendants($pf['id'], true); foreach ($ids as $id) { array_push($listAllowedFolders, $id->id); array_push($_SESSION['personal_visible_groups'], $id->id); } } } } // get list of readonly folders // rule - if one folder is set as W in one of the Role, then User has access as W foreach ($listAllowedFolders as $folderId) { if (!in_array($folderId, $listReadOnlyFolders) || isset($pf) && $folderId != $pf['id']) { DB::query("SELECT *\n FROM " . prefix_table("roles_values") . "\n WHERE folder_id = %i AND role_id IN %li AND type = %s", $folderId, $fonctionsAssociees, "W"); if (DB::count() == 0) { array_push($listReadOnlyFolders, $folderId); } } } $_SESSION['all_non_personal_folders'] = $listAllowedFolders; $_SESSION['groupes_visibles'] = $listAllowedFolders; $_SESSION['groupes_visibles_list'] = implode(',', $listAllowedFolders); $_SESSION['read_only_folders'] = $listReadOnlyFolders; $_SESSION['list_folders_limited'] = $listFoldersLimited; $_SESSION['list_folders_editable_by_role'] = $listFoldersEditableByRole; $_SESSION['list_restricted_folders_for_items'] = $listRestrictedFoldersForItems; // Folders and Roles numbers DB::queryfirstrow("SELECT id FROM " . prefix_table("nested_tree") . ""); $_SESSION['nb_folders'] = DB::count(); DB::queryfirstrow("SELECT id FROM " . prefix_table("roles_title")); $_SESSION['nb_roles'] = DB::count(); } // update user's timestamp DB::update(prefix_table('users'), array('timestamp' => time()), "id=%i", $_SESSION['user_id']); }
* @link http://www.teampass.net * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) { die('Hacking attempt...'); } require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php'; //Call nestedtree library and load full tree $tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree->rebuild(); $fullTree = $tree->getDescendants(); echo ' <div style="line-height: 24px;margin-top:10px;min-height:220px;"> <span class="ui-icon ui-icon-person" style="float: left; margin-right: .3em;"> </span> ' . $LANG['index_welcome'] . ' <b>', isset($_SESSION['name']) && !empty($_SESSION['name']) ? $_SESSION['name'] . ' ' . $_SESSION['lastname'] : $_SESSION['login'], '</b><br />'; //Check if password is valid if (empty($_SESSION['last_pw_change']) || $_SESSION['validite_pw'] == false) { echo ' <div style="margin:auto;padding:4px;width:300px;" class="ui-state-focus ui-corner-all"> <h3>' . $LANG['index_change_pw'] . '</h3> <div style="height:20px;text-align:center;margin:2px;display:none;" id="change_pwd_error" class=""></div> <div style="text-align:center;margin:5px;padding:3px;" id="change_pwd_complexPw" class="ui-widget ui-state-active ui-corner-all">' . $LANG['complex_asked'] . ' : ' . $_SESSION['settings']['pwComplexity'][$_SESSION['user_pw_complexity']][1] . '</div> <div id="pw_strength" style="margin:0 0 10px 30px;"></div> <table> <tr> <td>' . $LANG['index_new_pw'] . ' :</td><td><input type="password" size="15" name="new_pw" id="new_pw"/></td>
} // send back data echo '[{"text":"' . $text . '"}]'; break; /** * CHANGE AUTHORIZED GROUPS */ /** * CHANGE AUTHORIZED GROUPS */ case "open_div_autgroups": $text = ""; // Refresh list of existing functions $data_user = DB::queryfirstrow("SELECT groupes_visibles FROM " . prefix_table("users") . "\n WHERE id = %i", $_POST['id']); $user = explode(';', $data_user['groupes_visibles']); $tree_desc = $tree->getDescendants(); foreach ($tree_desc as $t) { if (in_array($t->id, $_SESSION['groupes_visibles']) && !in_array($t->id, $_SESSION['personal_visible_groups'])) { $text .= '<input type="checkbox" id="cb_change_autgroup-' . $t->id . '"'; $ident = ""; for ($y = 1; $y < $t->nlevel; $y++) { $ident .= " "; } if (in_array($t->id, $user)) { $text .= ' checked'; } $text .= '> ' . $ident . $t->title . '<br />'; $prev_level = $t->nlevel; } } // return data
function rest_get() { $_SESSION['user_id'] = "'api'"; if (!@count($GLOBALS['request']) == 0) { $request_uri = $GLOBALS['_SERVER']['REQUEST_URI']; preg_match('/\\/api(\\/index.php|)\\/(.*)\\?apikey=(.*)/', $request_uri, $matches); if (count($matches) == 0) { rest_error('REQUEST_SENT_NOT_UNDERSTANDABLE'); } $GLOBALS['request'] = explode('/', $matches[2]); } if (apikey_checker($GLOBALS['apikey'])) { global $server, $user, $pass, $database, $pre, $link; teampass_connect(); $category_query = ""; if ($GLOBALS['request'][0] == "read") { if ($GLOBALS['request'][1] == "category") { // get ids if (strpos($GLOBALS['request'][2], ";") > 0) { $condition = "id_tree IN %ls"; $condition_value = explode(';', $GLOBALS['request'][2]); } else { $condition = "id_tree = %s"; $condition_value = $GLOBALS['request'][2]; } DB::debugMode(false); // get items in this module $response = DB::query("SELECT id,label,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE inactif='0' AND " . $condition, $condition_value); foreach ($response as $data) { // prepare output $id = $data['id']; $json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8'); $json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8'); $json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8'); $crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); $json[$id]['pw'] = $crypt_pw['string']; } /* load folders */ $response = DB::query("SELECT id,parent_id,title,nleft,nright,nlevel FROM " . prefix_table("nested_tree") . " WHERE parent_id=%i ORDER BY `title` ASC", $GLOBALS['request'][2]); $rows = array(); $i = 0; foreach ($response as $row) { $response = DB::query("SELECT id,label,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE inactif = %i AND id_tree=%i", "0", $row['id']); foreach ($response as $data) { // prepare output $id = $data['id']; $json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8'); $json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8'); $json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8'); $crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); $json[$id]['pw'] = $crypt_pw['string']; } } } else { if ($GLOBALS['request'][1] == "userpw") { $username = $GLOBALS['request'][2]; if (strcmp($username, "admin") == 0) { // forbid admin access } $response = DB::query("SELECT fonction_id FROM " . prefix_table("users") . " WHERE login='******'"); foreach ($response as $data) { $role_str = $data['fonction_id']; } $folder_arr = array(); $roles = explode(";", $role_str); foreach ($roles as $role) { $response = DB::query("SELECT folder_id FROM " . prefix_table("roles_values") . " WHERE role_id='" . $role . "'"); foreach ($response as $data) { $folder_id = $data['folder_id']; if (!array_key_exists($folder_id, $folder_arr)) { array_push($folder_arr, $folder_id); } } } $folder_str = implode(";", $folder_arr); // get ids if (strpos($folder_str, ";") > 0) { $condition = "id_tree IN %ls"; $condition_value = explode(';', $folder_str); } else { $condition = "id_tree = %s"; $condition_value = $folder_str; } DB::debugMode(false); $data = ""; // get items in this module $response = DB::query("SELECT id,label,url,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE inactif='0' AND " . $condition, $condition_value); foreach ($response as $data) { // prepare output $id = $data['id']; $json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8'); $json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8'); $json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8'); $crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); $json[$id]['pw'] = $crypt_pw['string']; } /* load folders */ $response = DB::query("SELECT id,parent_id,title,nleft,nright,nlevel FROM " . prefix_table("nested_tree") . " WHERE parent_id=%i ORDER BY `title` ASC", $folder_str); $rows = array(); $i = 0; foreach ($response as $row) { $response = DB::query("SELECT id,label,url,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE inactif = %i AND id_tree=%i", "0", $row['id']); foreach ($response as $data) { // prepare output $id = $data['id']; $json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8'); $json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8'); $json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8'); $crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); $json[$id]['pw'] = $crypt_pw['string']; } } } elseif ($GLOBALS['request'][1] == "items") { $array_items = explode(';', $GLOBALS['request'][2]); // check if not empty if (count($array_items) == 0) { rest_error('NO_ITEM'); } // only accepts numeric foreach ($array_items as $item) { if (!is_numeric($item)) { rest_error('ITEM_MALFORMED'); } } $response = DB::query("SELECT id,label,login,pw, pw_iv, id_tree FROM " . prefix_table("items") . " WHERE inactif = %i AND id IN %ls", "0", $array_items); foreach ($response as $data) { // prepare output $id = $data['id']; $json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8'); $json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8'); $json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8'); $crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); $json[$id]['pw'] = $crypt_pw['string']; } } } if (isset($json) && $json) { echo json_encode($json); } else { rest_error('EMPTY'); } } elseif ($GLOBALS['request'][0] == "find") { if ($GLOBALS['request'][1] == "item") { $array_category = explode(';', $GLOBALS['request'][2]); $item = $GLOBALS['request'][3]; foreach ($array_category as $category) { if (!preg_match_all("/^([\\w\\:\\'\\-\\sàáâãäåçèéêëìíîïðòóôõöùúûüýÿ]+)\$/i", $category, $result)) { rest_error('CATEGORY_MALFORMED'); } } if (!preg_match_all("/^([\\w\\:\\'\\-\\sàáâãäåçèéêëìíîïðòóôõöùúûüýÿ]+)\$/i", $item, $result)) { rest_error('ITEM_MALFORMED'); } elseif (empty($item) || count($array_category) == 0) { rest_error('MALFORMED'); } if (count($array_category) > 1 && count($array_category) < 5) { for ($i = count($array_category); $i > 0; $i--) { $slot = $i - 1; if (!$slot) { $category_query .= "select id from " . prefix_table("nested_tree") . " where title LIKE '" . $array_category[$slot] . "' AND parent_id = 0"; } else { $category_query .= "select id from " . prefix_table("nested_tree") . " where title LIKE '" . $array_category[$slot] . "' AND parent_id = ("; } } for ($i = 1; $i < count($array_category); $i++) { $category_query .= ")"; } } elseif (count($array_category) == 1) { $category_query = "select id from " . prefix_table("nested_tree") . " where title LIKE '" . $array_category[0] . "' AND parent_id = 0"; } else { rest_error('NO_CATEGORY'); } DB::debugMode(false); $response = DB::query("SELECT id, label, login, pw, pw_iv, id_tree\n FROM " . prefix_table("items") . "\n WHERE \n inactif = %i \n AND id_tree = (%s)\n AND label LIKE %ss", "0", $category_query, $item); foreach ($response as $data) { // prepare output $id = $data['id']; $json[$id]['id'] = mb_convert_encoding($data['id'], mb_detect_encoding($data['id']), 'UTF-8'); $json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8'); $json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8'); $json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8'); $crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); $json[$id]['pw'] = $crypt_pw['string']; $json[$id]['folder_id'] = $data['id_tree']; $json[$id]['status'] = utf8_encode("OK"); } if (isset($json) && $json) { echo json_encode($json); } else { rest_error('EMPTY'); } } } elseif ($GLOBALS['request'][0] == "add") { if ($GLOBALS['request'][1] == "item") { // get item definition $array_item = explode(';', urldecode($GLOBALS['request'][2])); if (count($array_item) != 9) { rest_error('ITEMBADDEFINITION'); } $item_label = $array_item[0]; $item_pwd = $array_item[1]; $item_desc = $array_item[2]; $item_folder_id = $array_item[3]; $item_login = $array_item[4]; $item_email = $array_item[5]; $item_url = $array_item[6]; $item_tags = $array_item[7]; $item_anyonecanmodify = $array_item[8]; // added so one can sent data including the http or https ! // anyway we have to urlencode this data $item_url = urldecode($item_url); // same for the email $item_email = urldecode($item_email); // do some checks if (!empty($item_label) && !empty($item_pwd) && !empty($item_folder_id)) { // Check length if (strlen($item_pwd) > 50) { rest_error('PASSWORDTOOLONG'); } // Check Folder ID DB::query("SELECT * FROM " . prefix_table("nested_tree") . " WHERE id = %i", $item_folder_id); $counter = DB::count(); if ($counter == 0) { rest_error('NOSUCHFOLDER'); } // check if element doesn't already exist DB::query("SELECT * FROM " . prefix_table("items") . " WHERE label = %s AND inactif = %i", addslashes($item_label), "0"); $counter = DB::count(); if ($counter != 0) { $itemExists = 1; // prevent the error if the label already exists // so lets just add the time() as a random factor $item_label .= " (" . time() . ")"; } else { $itemExists = 0; } if ($itemExists == 0) { $encrypt = cryption($item_pwd, SALT, "", "encrypt"); if (empty($encrypt['string'])) { rest_error('PASSWORDEMPTY'); } // ADD item try { DB::insert(prefix_table("items"), array("label" => $item_label, "description" => $item_desc, 'pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv'], "email" => $item_email, "url" => $item_url, "id_tree" => intval($item_folder_id), "login" => $item_login, "inactif" => 0, "restricted_to" => "", "perso" => 0, "anyone_can_modify" => intval($item_anyonecanmodify))); $newID = DB::InsertId(); // log DB::insert(prefix_table("log_items"), array("id_item" => $newID, "date" => time(), "id_user" => API_USER_ID, "action" => "at_creation")); // Add tags $tags = explode(' ', $item_tags); foreach ((array) $tags as $tag) { if (!empty($tag)) { DB::insert(prefix_table("tags"), array("item_id" => $newID, "tag" => strtolower($tag))); } } // Update CACHE table DB::insert(prefix_table("cache"), array("id" => $newID, "label" => $item_label, "description" => $item_desc, "tags" => $item_tags, "id_tree" => $item_folder_id, "perso" => "0", "restricted_to" => "", "login" => $item_login, "folder" => "", "author" => API_USER_ID, "renewal_period" => "0", "timestamp" => time(), "url" => "0")); echo '{"status":"item added"}'; } catch (PDOException $ex) { echo '<br />' . $ex->getMessage(); } } else { rest_error('ITEMEXISTS'); } } else { rest_error('ITEMMISSINGDATA'); } } elseif ($GLOBALS['request'][1] == "user") { // get user definition $array_user = explode(';', $GLOBALS['request'][2]); if (count($array_user) != 11) { rest_error('USERBADDEFINITION'); } $login = $array_user[0]; $name = $array_user[1]; $lastname = $array_user[2]; $password = $array_user[3]; $email = $array_user[4]; $adminby = urldecode($array_user[5]); $isreadonly = urldecode($array_user[6]); $roles = urldecode($array_user[7]); $isadmin = $array_user[8]; $ismanager = $array_user[9]; $haspf = $array_user[10]; // Empty user if (mysqli_escape_string($link, htmlspecialchars_decode($login)) == "") { rest_error('USERLOGINEMPTY'); } // Check if user already exists $data = DB::query("SELECT id, fonction_id, groupes_interdits, groupes_visibles FROM " . prefix_table("users") . "\n WHERE login LIKE %ss", mysqli_escape_string($link, stripslashes($login))); if (DB::count() == 0) { try { // find AdminRole code in DB $resRole = DB::queryFirstRow("SELECT id\n FROM " . prefix_table("roles_title") . "\n WHERE title LIKE %ss", mysqli_escape_string($link, stripslashes($adminby))); // get default language $lang = DB::queryFirstRow("SELECT `valeur` FROM " . prefix_table("misc") . " WHERE type = %s AND intitule = %s", "admin", "default_language"); // prepare roles list $rolesList = ""; foreach (explode(',', $roles) as $role) { //echo $role."-"; $tmp = DB::queryFirstRow("SELECT `id` FROM " . prefix_table("roles_title") . " WHERE title = %s", $role); if (empty($rolesList)) { $rolesList = $tmp['id']; } else { $rolesList .= ";" . $tmp['id']; } } // Add user in DB DB::insert(prefix_table("users"), array('login' => $login, 'name' => $name, 'lastname' => $lastname, 'pw' => bCrypt(stringUtf8Decode($password), COST), 'email' => $email, 'admin' => intval($isadmin), 'gestionnaire' => intval($ismanager), 'read_only' => intval($isreadonly), 'personal_folder' => intval($haspf), 'user_language' => $lang['valeur'], 'fonction_id' => $rolesList, 'groupes_interdits' => '0', 'groupes_visibles' => '0', 'isAdministratedByRole' => empty($resRole) ? '0' : $resRole['id'])); $new_user_id = DB::insertId(); // Create personnal folder if (intval($haspf) == 1) { DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => $new_user_id, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1')); } // load settings loadSettings(); // Send email to new user @sendEmail($LANG['email_subject_new_user'], str_replace(array('#tp_login#', '#tp_pw#', '#tp_link#'), array(" " . addslashes($login), addslashes($password), $_SESSION['settings']['email_server_url']), $LANG['email_new_user_mail']), $email, ""); // update LOG logEvents('user_mngt', 'at_user_added', 'api - ' . $GLOBALS['apikey'], $new_user_id, ""); echo '{"status":"user added"}'; } catch (PDOException $ex) { echo '<br />' . $ex->getMessage(); } } else { rest_error('USERALREADYEXISTS'); } } } elseif ($GLOBALS['request'][0] == "auth") { /* ** FOR SECURITY PURPOSE, it is mandatory to use SSL to connect your teampass instance. The user password is not encrypted! ** ** ** Expected call format: .../api/index.php/auth/<PROTOCOL>/<URL>/<login>/<password>?apikey=<VALID API KEY> ** Example: https://127.0.0.1/teampass/api/index.php/auth/http/www.zadig-tge.adp.com/U1/test/76?apikey=chahthait5Aidood6johh6Avufieb6ohpaixain ** RESTRICTIONS: ** - <PROTOCOL> ==> http|https|ftp|... ** - <URL> ==> encode URL without protocol (example: http://www.teampass.net becomes www.teampass.net) ** - <login> ==> user's login ** - <password> ==> currently clear password ** ** RETURNED ANSWER: ** - format sent back is JSON ** - Example: {"<item_id>":{"label":"<pass#1>","login":"******","pw":"<pwd#1>"},"<item_id>":{"label":"<pass#2>","login":"******","pw":"<pwd#2>"}} ** */ // get user credentials if (isset($GLOBALS['request'][3]) && isset($GLOBALS['request'][4])) { // get url if (isset($GLOBALS['request'][1]) && isset($GLOBALS['request'][2])) { // is user granted? $userData = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][3]); // load passwordLib library $_SESSION['settings']['cpassman_dir'] = ".."; require_once '../sources/SplClassLoader.php'; $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries'); $pwdlib->register(); $pwdlib = new PasswordLib\PasswordLib(); if ($pwdlib->verifyPasswordHash($GLOBALS['request'][4], $userData['pw']) === true) { // define the restriction of "id_tree" of this user //db::debugMode(true); $userDef = DB::queryOneColumn('folder_id', "SELECT DISTINCT folder_id\n FROM " . prefix_table("roles_values") . "\n WHERE type IN ('R', 'W', 'ND', 'NE', 'NDNE', 'NEND') ", empty($userData['groupes_interdits']) ? "" : "\n AND folder_id NOT IN (" . str_replace(";", ",", $userData['groupes_interdits']) . ")", "\n AND role_id IN %ls\n GROUP BY folder_id", explode(";", $userData['groupes_interdits'])); // complete with "groupes_visibles" foreach (explode(";", $userData['groupes_visibles']) as $v) { array_push($userDef, $v); } // find the item associated to the url $response = DB::query("SELECT id, label, login, pw, pw_iv, id_tree, restricted_to\n FROM " . prefix_table("items") . "\n WHERE url LIKE %s\n AND id_tree IN (" . implode(",", $userDef) . ")\n ORDER BY id DESC", $GLOBALS['request'][1] . "://" . urldecode($GLOBALS['request'][2] . '%')); $counter = DB::count(); if ($counter > 0) { $json = ""; foreach ($response as $data) { // check if item visible if (empty($data['restricted_to']) || $data['restricted_to'] != "" && in_array($userData['id'], explode(";", $data['restricted_to']))) { // prepare export $json[$data['id']]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8'); $json[$data['id']]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8'); $crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); $json[$data['id']]['pw'] = $crypt_pw['string']; } } // prepare answer. If no access then inform if (empty($json)) { rest_error('AUTH_NO_DATA'); } else { echo json_encode($json); } } else { rest_error('NO_DATA_EXIST'); } } else { rest_error('AUTH_NOT_GRANTED'); } } else { rest_error('AUTH_NO_URL'); } } else { rest_error('AUTH_NO_IDENTIFIER'); } } elseif ($GLOBALS['request'][0] == "auth_tpc") { /* ** TO BE USED ONLY BY TEAMPASS-CONNECT ** */ // get user credentials if (isset($GLOBALS['request'][2]) && isset($GLOBALS['request'][3])) { // get url if (isset($GLOBALS['request'][1])) { // is user granted? $userData = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][2]); // load passwordLib library $_SESSION['settings']['cpassman_dir'] = ".."; require_once '../sources/SplClassLoader.php'; $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries'); $pwdlib->register(); $pwdlib = new PasswordLib\PasswordLib(); if ($pwdlib->verifyPasswordHash($GLOBALS['request'][3], $userData['pw']) === true) { // define the restriction of "id_tree" of this user //db::debugMode(true); $userDef = DB::queryOneColumn('folder_id', "SELECT DISTINCT folder_id\n FROM " . prefix_table("roles_values") . "\n WHERE type IN ('R', 'W', 'ND', 'NE', 'NDNE', 'NEND') ", empty($userData['groupes_interdits']) ? "" : "\n AND folder_id NOT IN (" . str_replace(";", ",", $userData['groupes_interdits']) . ")", "\n AND role_id IN %ls\n GROUP BY folder_id", explode(";", $userData['groupes_interdits'])); // complete with "groupes_visibles" foreach (explode(";", $userData['groupes_visibles']) as $v) { array_push($userDef, $v); } // decrypt url $tpc_url = base64_decode($GLOBALS['request'][1]); // find the item associated to the url $response = DB::query("SELECT id, label, login, pw, pw_iv, id_tree, restricted_to\n FROM " . prefix_table("items") . "\n WHERE url LIKE %s\n AND id_tree IN (" . implode(",", $userDef) . ")\n ORDER BY id DESC", $tpc_url . '%'); $counter = DB::count(); if ($counter > 0) { $json = ""; foreach ($response as $data) { // check if item visible if (empty($data['restricted_to']) || $data['restricted_to'] != "" && in_array($userData['id'], explode(";", $data['restricted_to']))) { // prepare export $json[$data['id']]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8'); $json[$data['id']]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8'); $crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); $json[$data['id']]['pw'] = $crypt_pw['string']; } } // prepare answer. If no access then inform if (empty($json)) { rest_error('AUTH_NO_DATA'); } else { echo json_encode($json); } } else { rest_error('NO_DATA_EXIST'); } } else { rest_error('AUTH_NOT_GRANTED'); } } else { rest_error('AUTH_NO_URL'); } } else { rest_error('AUTH_NO_IDENTIFIER'); } } elseif ($GLOBALS['request'][0] == "set") { /* * Expected call format: .../api/index.php/set/<login_to_save>/<password_to_save>/<url>/<user_login>/<user_password>/<label>/<protocol>?apikey=<VALID API KEY> * Example: https://127.0.0.1/teampass/api/index.php/set/newLogin/newPassword/newUrl/myLogin/myPassword?apikey=gu6Eexaewaishooph6iethoh5woh0yoit6ohquo * * NEW ITEM WILL BE STORED IN SPECIFIC FOLDER */ // get user credentials if (isset($GLOBALS['request'][4]) && isset($GLOBALS['request'][5])) { // get url if (isset($GLOBALS['request'][1]) && isset($GLOBALS['request'][2]) && isset($GLOBALS['request'][3])) { // is user granted? $userData = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][4]); if (DB::count() == 0) { rest_error('AUTH_NO_IDENTIFIER'); } // load passwordLib library $_SESSION['settings']['cpassman_dir'] = ".."; require_once '../sources/SplClassLoader.php'; $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries'); $pwdlib->register(); $pwdlib = new PasswordLib\PasswordLib(); // is user identified? if ($pwdlib->verifyPasswordHash($GLOBALS['request'][5], $userData['pw']) === true) { // does the personal folder of this user exists? DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s AND personal_folder = 1", $userData['id']); if (DB::count() > 0) { // check if "teampass-connect" folder exists // if not create it $folder = DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s", "teampass-connect"); if (DB::count() == 0) { DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => "teampass-connect")); $tpc_folder_id = DB::insertId(); //Add complexity DB::insert(prefix_table("misc"), array('type' => 'complex', 'intitule' => $tpc_folder_id, 'valeur' => '0')); // rebuild tree $tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); $tree->rebuild(); } else { $tpc_folder_id = $folder['id']; } // encrypt password $encrypt = cryption($GLOBALS['request'][2], SALT, "", "encrypt"); // is there a protocol? if (isset($GLOBALS['request'][7]) || empty($GLOBALS['request'][7])) { $protocol = "http://"; } else { $protocol = urldecode($GLOBALS['request'][7]) . "://"; } // add new item DB::insert(prefix_table("items"), array('label' => "Credentials for " . urldecode($GLOBALS['request'][3]), 'description' => "Imported with Teampass-Connect", 'pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv'], 'email' => "", 'url' => urldecode($GLOBALS['request'][3]), 'id_tree' => $tpc_folder_id, 'login' => $GLOBALS['request'][1], 'inactif' => '0', 'restricted_to' => $userData['id'], 'perso' => '0', 'anyone_can_modify' => '0', 'complexity_level' => '0')); $newID = DB::insertId(); // log logItems($newID, "Credentials for " . urldecode($GLOBALS['request'][3] . '%'), $userData['id'], 'at_creation', $GLOBALS['request'][1]); $json['status'] = "ok"; // prepare answer. If no access then inform if (empty($json)) { rest_error('AUTH_NO_DATA'); } else { echo json_encode($json); } } else { rest_error('NO_PF_EXIST_FOR_USER'); } } else { rest_error('AUTH_NOT_GRANTED'); } } else { rest_error('SET_NO_DATA'); } } else { rest_error('AUTH_NO_IDENTIFIER'); } } elseif ($GLOBALS['request'][0] == "set_tpc") { /* * TO BE USED ONLY BY TEAMPASS-CONNECT */ // get user credentials if (isset($GLOBALS['request'][2]) && isset($GLOBALS['request'][3])) { // get url if (isset($GLOBALS['request'][1])) { // is user granted? $userData = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][2]); if (DB::count() == 0) { rest_error('AUTH_NO_IDENTIFIER'); } // load passwordLib library $_SESSION['settings']['cpassman_dir'] = ".."; require_once '../sources/SplClassLoader.php'; $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries'); $pwdlib->register(); $pwdlib = new PasswordLib\PasswordLib(); // is user identified? if ($pwdlib->verifyPasswordHash($GLOBALS['request'][3], $userData['pw']) === true) { // does the personal folder of this user exists? DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s AND personal_folder = 1", $userData['id']); if (DB::count() > 0) { // check if "teampass-connect" folder exists // if not create it $folder = DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s", "teampass-connect"); if (DB::count() == 0) { DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => "teampass-connect")); $tpc_folder_id = DB::insertId(); //Add complexity DB::insert(prefix_table("misc"), array('type' => 'complex', 'intitule' => $tpc_folder_id, 'valeur' => '0')); // rebuild tree $tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); $tree->rebuild(); } else { $tpc_folder_id = $folder['id']; } // prepare TPC parameters $tpc_param = explode('/', base64_decode($GLOBALS['request'][1])); // encrypt password $encrypt = cryption(urldecode($tpc_param[1]), SALT, "", "encrypt"); // is there a label? if (empty($tpc_param[3])) { $label = "Credentials for " . urldecode($tpc_param[2]); } else { $label = urldecode($tpc_param[3]); } // add new item DB::insert(prefix_table("items"), array('label' => $label, 'description' => "Imported with Teampass-Connect", 'pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv'], 'email' => "", 'url' => urldecode($tpc_param[2]), 'id_tree' => $tpc_folder_id, 'login' => urldecode($tpc_param[0]), 'inactif' => '0', 'restricted_to' => $userData['id'], 'perso' => '0', 'anyone_can_modify' => '0', 'complexity_level' => '0')); $newID = DB::insertId(); // log logItems($newID, $label, $userData['id'], 'at_creation', ''); $json['status'] = "ok"; // prepare answer. If no access then inform if (empty($json)) { rest_error('AUTH_NO_DATA'); } else { echo json_encode($json); } } else { rest_error('NO_PF_EXIST_FOR_USER'); } } else { rest_error('AUTH_NOT_GRANTED'); } } else { rest_error('SET_NO_DATA'); } } else { rest_error('AUTH_NO_IDENTIFIER'); } } elseif ($GLOBALS['request'][0] == "delete") { $_SESSION['settings']['cpassman_dir'] = ".."; if ($GLOBALS['request'][1] == "folder") { $array_category = explode(';', $GLOBALS['request'][2]); if (count($array_category) > 0 && count($array_category) < 5) { // load passwordLib library require_once '../sources/SplClassLoader.php'; // prepare tree $tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title', 'personal_folder'); // this will delete all sub folders and items associated for ($i = 0; $i < count($array_category); $i++) { // Get through each subfolder $folders = $tree->getDescendants($array_category[$i], true); print_r($folders); if (count($folders) > 0) { foreach ($folders as $folder) { if (($folder->parent_id > 0 || $folder->parent_id == 0) && $folder->personal_folder != 1) { //Store the deleted folder (recycled bin) DB::insert(prefix_table("misc"), array('type' => 'folder_deleted', 'intitule' => "f" . $array_category[$i], 'valeur' => $folder->id . ', ' . $folder->parent_id . ', ' . $folder->title . ', ' . $folder->nleft . ', ' . $folder->nright . ', ' . $folder->nlevel . ', 0, 0, 0, 0')); //delete folder DB::delete(prefix_table("nested_tree"), "id = %i", $folder->id); //delete items & logs $items = DB::query("SELECT id\n FROM " . prefix_table("items") . "\n WHERE id_tree=%i", $folder->id); foreach ($items as $item) { DB::update(prefix_table("items"), array('inactif' => '1'), "id = %i", $item['id']); //log DB::insert(prefix_table("log_items"), array('id_item' => $item['id'], 'date' => time(), 'id_user' => API_USER_ID, 'action' => 'at_delete')); } //Update CACHE table updateCacheTable("delete_value", $array_category[$i]); } } } } } else { rest_error('NO_CATEGORY'); } $json['status'] = 'OK'; } elseif ($GLOBALS['request'][1] == "item") { $array_items = explode(';', $GLOBALS['request'][2]); for ($i = 0; $i < count($array_items); $i++) { DB::update(prefix_table("items"), array('inactif' => '1'), "id = %i", $array_items[$i]); //log DB::insert(prefix_table("log_items"), array('id_item' => $array_items[$i], 'date' => time(), 'id_user' => API_USER_ID, 'action' => 'at_delete')); //Update CACHE table updateCacheTable("delete_value", $array_items[$i]); } $json['status'] = 'OK'; } if ($json) { echo json_encode($json); } else { rest_error('EMPTY'); } } else { rest_error('METHOD'); } } }
} //Get title to display it echo $pwComplexity[$_POST['changer_complexite']][1]; //rebuild the tree grid $tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree->rebuild(); // Several other cases } elseif (isset($_POST['type'])) { switch ($_POST['type']) { // CASE where DELETING a group case "delete_folder": $foldersDeleted = ""; // this will delete all sub folders and items associated $tree = new Tree\NestedTree\NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); // Get through each subfolder $folders = $tree->getDescendants($_POST['id'], true); foreach ($folders as $folder) { if (($folder->parent_id > 0 || $folder->parent_id == 0) && $folder->title != $_SESSION['user_id']) { //Store the deleted folder (recycled bin) DB::insert($pre . 'misc', array('type' => 'folder_deleted', 'intitule' => "f" . $_POST['id'], 'valeur' => $folder->id . ', ' . $folder->parent_id . ', ' . $folder->title . ', ' . $folder->nleft . ', ' . $folder->nright . ', ' . $folder->nlevel . ', 0, 0, 0, 0')); //delete folder DB::delete($pre . "nested_tree", "id = %i", $folder->id); //delete items & logs $items = DB::query("SELECT id FROM " . $pre . "items WHERE id_tree=%i", $folder->id); foreach ($items as $item) { DB::update($pre . "items", array('inactif' => '1'), "id = %i", $item['id']); //log DB::insert($pre . "log_items", array('id_item' => $item['id'], 'date' => time(), 'id_user' => $_SESSION['user_id'], 'action' => 'at_delete')); } //Actualize the variable $_SESSION['nb_folders']--;