function lcm_test_alter_table() { $log = ""; lcm_query("DROP TABLE lcm_test", true); lcm_query("CREATE TABLE lcm_test (a INT)"); lcm_query("ALTER TABLE lcm_test ADD b INT"); lcm_query("INSERT INTO lcm_test (b) VALUES (1)"); $result = lcm_query("SELECT b FROM lcm_test"); lcm_query("ALTER TABLE lcm_test DROP b"); if (!$result) { $log .= "User does not have the right to modify the database:"; if (lcm_sql_errno()) { $log .= "<p>" . lcm_sql_error() . "</p>"; } else { $log .= "<p>" . "No error message available." . "</p>"; } } lcm_query("DROP TABLE lcm_test", true); return $log; }
function auth() { global $INSECURE, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $REMOTE_USER, $PHP_AUTH_USER, $PHP_AUTH_PW; global $auth_can_disconnect; global $connect_id_auteur, $connect_nom, $connect_bio, $connect_email; global $connect_nom_site, $connect_url_site, $connect_login, $connect_pass; global $connect_activer_imessage, $connect_activer_messagerie; global $connect_status; global $author_session, $prefs; global $clean_link; // This reloads $GLOBALS['db_ok'], just in case include_config('inc_connect'); // If there is not SQL connection, quit. if (!$GLOBALS['db_ok']) { include_lcm('inc_presentation'); lcm_html_start("Technical problem", "install"); // annoy sql_errno() echo "\n<!-- \n"; echo "\t* Flag connect: " . $GLOBALS['flag_connect'] . "\n\t"; lcm_query("SELECT count(*) from lcm_meta"); echo "\n-->\n\n"; echo "<div align='left' style='width: 600px;' class='box_error'>\n"; echo "\t<h3>" . _T('title_technical_problem') . "</h3>\n"; echo "\t<p>" . _T('info_technical_problem_database') . "</p>\n"; if (lcm_sql_errno()) { echo "\t<p><tt>" . lcm_sql_errno() . " " . lcm_sql_error() . "</tt></p>\n"; } else { echo "\t<p><tt>No error diagnostic was provided.</tt></p>\n"; } echo "</div>\n"; lcm_html_end(); return false; } // Initialise variables (avoid URL hacks) $auth_login = ""; $auth_pass = ""; $auth_pass_ok = false; $auth_can_disconnect = false; // Fetch identification data from authentication session if (isset($_COOKIE['lcm_session'])) { if (verifier_session($_COOKIE['lcm_session'])) { if ($author_session['status'] == 'admin' or $author_session['status'] == 'normal') { $auth_login = $author_session['username']; $auth_pass_ok = true; $auth_can_disconnect = true; } } } else { if ($_REQUEST['privet'] == 'yes') { // Failed login attempt: cookie failed $link = new Link("lcm_cookie.php?cookie_test_failed=yes"); $clean_link->delVar('privet'); $url = str_replace('/./', '/', $clean_link->getUrl()); $link->addVar('var_url', $url); @header("Location: " . $link->getUrl()); exit; } } // If not authenticated, ask for login / password if (!$auth_login) { $url = $clean_link->getUrl(); @header("Location: lcm_login.php?var_url=" . urlencode($url)); exit; } // // Search for the login in the authors' table // $auth_login = addslashes($auth_login); $query = "SELECT * FROM lcm_author WHERE username='******' AND status !='external' AND status !='6forum'"; $result = @lcm_query($query); if ($row = lcm_fetch_array($result)) { $connect_id_auteur = $row['id_author']; $connect_nom = $row['name_first']; $connect_login = $row['username']; $connect_pass = $row['password']; $connect_status = $row['status']; $connect_activer_messagerie = "non"; //$row["messagerie"]; $connect_activer_imessage = "non "; //$row["imessage"]; // Set the users' preferences $prefs = unserialize(get_magic_quotes_runtime() ? stripslashes($row['prefs']) : $row['prefs']); // // Default values for some possibly unset preferences // if (!isset($prefs['page_rows']) || intval($prefs['page_rows']) < 1) { $prefs['page_rows'] = 15; } if (!isset($prefs['theme']) || !$prefs['theme']) { $prefs['theme'] = 'green'; } if (!isset($prefs['screen']) || !$prefs['screen']) { $prefs['screen'] = 'wide'; } if (!isset($prefs['font_size']) || !$prefs['font_size']) { $prefs['font_size'] = 'medium_font'; } if (!isset($prefs['case_owner']) || !$prefs['case_owner']) { $prefs['case_owner'] = 'my'; } if (!isset($prefs['case_period']) || !$prefs['case_period']) { $prefs['case_period'] = '91'; } if (!isset($prefs['mode']) || !$prefs['mode']) { $prefs['mode'] = 'simple'; } if (!isset($prefs['time_intervals']) || !$prefs['time_intervals']) { $prefs['time_intervals'] = 'relative'; $prefs['time_intervals_notation'] = 'hours_only'; } } else { // This case is a strange possibility: the author is authentified // OK, but he does not exist in the authors table. Possible cause: // the database was restaured and the author does not exist (and // the user was authentified by another source, such as LDAP). // Note: we use to show a strange error message which would advice // to logout, but since it occurs only after db upgrade, just logout // brutally (with cookie_admin=no to forget the username). lcm_header('Location: lcm_cookie.php?cookie_admin=no&logout=' . $auth_login); exit; } if (!$auth_pass_ok) { @header("Location: lcm_login.php?var_erreur=pass"); exit; } // [ML] Again, not sure how this is used, but we can ignore it for now // TODO (note: nouveau == new) if ($connect_status == 'nouveau') { $query = "UPDATE lcm_author SET status = 'normal' WHERE id_author = {$connect_id_auteur}"; $result = lcm_query($query); $connect_status = 'normal'; } // PHP sessions are started here, and stopped at logout session_start(); return true; }
function lcm_query_db($query, $accept_fail = false) { global $lcm_mysql_link; static $tt = 0; $my_debug = $GLOBALS['sql_debug']; $my_profile = $GLOBALS['sql_profile']; /* [ML] I have no idea whether this is overkill, but without it, we get strange problems with Cyrillic and other non-latin charsets. We need to check whether tables were installed correctly, or else it will not show non-latin utf8 characters correctly. (i.e. for people who upgraded LCM, but didn't import/export their data to fix the tables.) */ if (read_meta('db_utf8') == 'yes') { lcm_mysql_set_utf8(); } elseif (!read_meta('db_utf8') == 'no' && !read_meta('lcm_db_version')) { // We are not yet installed, so check MySQL version on every request // Note: checking is is_file('inc/data/inc_meta_cache.php') is not // enough, because the keywords cache may have been generated, but not // the meta. if (!preg_match("/^(4\\.0|3\\.)/", mysql_get_server_info())) { lcm_mysql_set_utf8(); } } $query = process_query($query); if ($my_profile) { $m1 = microtime(); } if ($GLOBALS['mysql_recall_link'] and $lcm_mysql_link) { $result = mysql_query($query, $lcm_mysql_link); } else { $result = mysql_query($query); } if ($my_debug and $my_profile) { $m2 = microtime(); list($usec, $sec) = explode(" ", $m1); list($usec2, $sec2) = explode(" ", $m2); $dt = $sec2 + $usec2 - $sec - $usec; $tt += $dt; echo "<small>" . htmlentities($query); echo " -> <font color='blue'>" . sprintf("%3f", $dt) . "</font> ({$tt})</small><p>\n"; } if ($my_debug) { lcm_debug("QUERY: {$query}\n", 1, 'sql'); } if (lcm_sql_errno() && !$accept_fail) { $s = lcm_sql_error(); $error = _T('warning_sql_query_failed') . "<br />\n" . htmlentities($query) . "<br />\n"; $error .= "« " . htmlentities($s) . " »<br />"; lcm_panic($error); } return $result; }
function install_step_2() { $using_pgsql = false; if (preg_match("/^PostgreSQL/", lcm_sql_server_info())) { $using_pgsql = true; } $db_address = $_SESSION['form_data']['db_address'] = $_REQUEST['db_address']; $db_login = $_SESSION['form_data']['db_login'] = $_REQUEST['db_login']; $db_password = $_SESSION['form_data']['db_password'] = $_REQUEST['db_password']; $db_choice = $_SESSION['form_data']['db_choice'] = _request('db_choice'); if (!$db_login) { $_SESSION['errors']['login'] = _Ti('install_connection_login') . _T('warning_field_mandatory'); } if (!$db_password) { $_SESSION['errors']['password'] = _Ti('install_connection_password') . _T('warning_field_mandatory'); } if ($using_pgsql && !$db_choice) { $_SESSION['errors']['dbname'] = "Database name: " . _T('warning_field_mandatory'); } // TRAD if (count($_SESSION['errors'])) { return install_step_1(); } echo "\n<!--\n"; $link = lcm_connect_db_test($db_address, $db_login, $db_password, $db_choice); $error = lcm_sql_errno() ? lcm_sql_error() : ''; echo "\n-->\n"; if ($error || !$link) { $_SESSION['errors']['generic'] = _T('warning_sql_connection_failed') . ' ' . _T('install_info_sql_connection_failed') . ' (' . lcm_sql_errno() . ': ' . $error . ')'; return install_step_1(); } // If PgSQL, go to next step, db already chosen if ($using_pgsql) { return install_step_3(); } install_html_start('AUTO', '', 2); echo "<h3><small>" . _T('install_step_two') . "</small> " . _T('install_title_select_database') . "</h3>\n"; echo "<form action='install.php' method='post'>\n"; echo "<input type='hidden' name='step' value='3' />\n"; echo "<input type='hidden' name='db_address' value=\"{$db_address}\" size='40' />\n"; echo "<input type='hidden' name='db_login' value=\"{$db_login}\" />\n"; echo "<input type='hidden' name='db_password' value=\"{$db_password}\" />\n\n"; $result = lcm_list_databases($db_address, $db_login, $db_password); echo "<fieldset class='fs_box'>\n"; echo "<p><b><label>" . _T('install_select_database') . "</label></b> " . lcm_help('install_database', 'database') . "</p>"; echo "<!-- " . count($result) . " -->\n"; if (is_array($result) && ($num = count($result)) > 0) { echo "<ul class=\"simple_list\">"; $listdbtxt = ""; for ($i = 0; $i < $num; $i++) { // $table_nom = mysql_dbname($result, $i); $table_name = array_pop($result); $base = "<li><input name='db_choice' value='" . $table_name . "' type='radio' id='tab{$i}'"; $base_end = " /><label for='tab{$i}'>" . $table_name . "</label></li>\n"; if ($table_name == $db_login) { $listdbtxt = "{$base} checked='checked'{$base_end}" . $listdbtxt; $checked = true; } else { $listdbtxt .= "{$base}{$base_end}\n"; } } echo $listdbtxt; echo "</ul>\n"; } else { echo "<div class='box_warning'>\n"; echo "<p><b>" . _T('install_warning_no_databases_1') . "</b></p>\n"; echo "<p><small>" . _T('install_warning_no_databases_2') . "</small></p>\n"; echo "</div>\n"; if ($db_login) { echo _T('install_warning_no_databases_3'); echo "<ul class=\"simple_list\">"; echo "<li><input name=\"db_choice\" value=\"" . $db_login . "\" type='radio' id='stand' checked='checked' />"; echo "<label for='stand'>" . $db_login . "</label><br />\n"; echo "</li></ul>"; echo "<p align='left'>" . _T('info_or') . " ... </p>\n"; $checked = true; } echo '<ul class="simple_list">'; echo '<li><input name="db_choice" value="__manual__" type="radio" id="manual_db_checkbox"'; if (!$checked) { echo ' checked="checked"'; } echo " />\n"; echo "<label for='manual_db_checkbox'>" . _T('install_enter_name_manually') . "</label><br />\n"; echo "<label for='manual_db'>" . _T('install_input_database_name') . "</label>\n"; echo "<input type='text' name='manual_db' id='manual_db' value='' size='20' class='txt_lmnt' /></li>\n"; echo "</ul>\n"; } echo "</fieldset>\n"; echo "<br /><div align='" . $GLOBALS['lcm_lang_right'] . "'>" . "<button type='submit' name='Next'>" . _T('button_next') . " >></button> " . "</div>\n"; echo "</form>\n"; install_html_end(); }
function newusername($id_author, $old_username, $new_username, $author_session = 0) { $this->error = ""; if ($this->is_newusername_allowed($id_author, $old_username, $author_session) == false) { return false; } // Check for username size if (strlen(lcm_utf8_decode($new_username)) < 3) { $this->error = _T('login_warning_too_short'); return false; } // Check if username is not already taken $query = "SELECT username\n\t\t\t\t\tFROM lcm_author\n\t\t\t\t\tWHERE username = '******'"; $result = lcm_query($query); if ($row = lcm_fetch_array($result)) { $this->error = _T('login_warning_already_exists '); return false; } $query = "UPDATE lcm_author\n\t\t\t\t\tSET username = '******'\n\t\t\t\t\tWHERE id_author = {$id_author}"; lcm_query($query); // Check for errors (duplicates, format, etc.) if (lcm_sql_errno()) { $this->error = lcm_sql_error(); lcm_log("newusername: " . $this->error); return false; } return true; }