if ($ui->st('action', 'post') == 'pw') { if (!$password) { $errors[] = $sprache->error_pass; } if (!$passwordRepeat) { $errors[] = $sprache->error_pass; } if ($password != $passwordRepeat) { $errors[] = $sprache->error_passw_succ; } if (count($errors) > 0) { unset($header, $text); $template_file = 'admin_user_pass.tpl'; } else { $password = $ui->password('password', 255, 'post'); $newHash = passwordCreate($cname, $ui->password('password', 255, 'post')); if (is_array($newHash)) { $query = $reseller_id == 0 ? $sql->prepare("UPDATE `userdata` SET `updateTime`=NOW(),`security`=?,`salt`=? WHERE id=? AND (`resellerid`=? OR `id`=`resellerid`) LIMIT 1") : $sql->prepare("UPDATE `userdata` SET `updateTime`=NOW(),`security`=?,`salt`=? WHERE id=? AND `resellerid`=? LIMIT 1"); $query->execute(array($newHash['hash'], $newHash['salt'], $id, $resellerLockupID)); } else { $query = $reseller_id == 0 ? $sql->prepare("UPDATE `userdata` SET `updateTime`=NOW(),`security`=? WHERE id=? AND (`resellerid`=? OR `id`=`resellerid`) LIMIT 1") : $sql->prepare("UPDATE `userdata` SET `updateTime`=NOW(),`security`=? WHERE id=? AND `resellerid`=? LIMIT 1"); $query->execute(array($newHash, $id, $resellerLockupID)); } // Check if a row was affected meaning an entry could be deleted. If yes add log entry and display success message if ($query->rowCount() > 0) { $template_file = $spracheResponse->table_add; $loguseraction = '%psw% %user% ' . $cname; $insertlog->execute(); // Nothing was deleted, display an error } else { $template_file = $spracheResponse->error_table;
$localID = isset($data['localid']) ? $data['localid'] : ''; if (dataExist('identify_by', $data)) { $query = $sql->prepare("SELECT `id`,`cname`,`active` FROM `userdata` WHERE `" . $from[$data['identify_by']] . "`=? AND `resellerid`=?"); $query->execute(array($data[$data['identify_by']], $resellerID)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $localID = $row['id']; $name = $row['cname']; $oldactive = $row['active']; } if (isid($localID, 10)) { $what = array(); $foundGroupIDs = array(); $userGroupIDs = array(); if (isset($data['password']) and !in_array($data['password'], $bad)) { $password = $data['password']; $newHash = passwordCreate($name, $data['password']); if (is_array($newHash)) { $what['security'] = $newHash['hash']; $what['salt'] = $newHash['salt']; } else { $what['security'] = $newHash; } } if (isset($data['email']) and ismail($data['email'])) { $what['mail'] = $data['email']; $mail = $what['mail']; } if (isset($data['name']) and names($data['name'], 255)) { $what['name'] = names($data['name'], 255); $name = $what['name']; }
foreach ($ui->id('virtualserver_id', 19, 'post') as $virtualserver_id) { if ($ui->active("{$virtualserver_id}-import", 'post') == 'Y') { $customerID = $ui->id("{$virtualserver_id}-customer", 10, 'post'); if ($customerID == 0 or $customerID == false or $customerID == null) { $usernew = true; if ($ui->username("{$virtualserver_id}-username", 50, 'post') and $ui->ismail("{$virtualserver_id}-email", 'post')) { $query = $sql->prepare("SELECT `id` FROM `userdata` WHERE `cname`=? AND `mail`=? AND `resellerid`=? LIMIT 1"); $query->execute(array($ui->username("{$virtualserver_id}-username", 50, 'post'), $ui->ismail("{$virtualserver_id}-email", 'post'), $reseller_id)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $usernew = false; $customerID = $row['id']; $cnamenew = $ui->username("{$virtualserver_id}-username", 50, 'post'); } if ($usernew == true) { $initialpassword = passwordgenerate(10); $newHash = passwordCreate($ui->username("{$virtualserver_id}-username", 50, 'post'), $initialpassword); if (is_array($newHash)) { $query = $sql->prepare("INSERT INTO `userdata` (`cname`,`security`,`salt`,`mail`,`accounttype`,`resellerid`) VALUES (?,?,?,?,'u',?)"); $query->execute(array($ui->username("{$virtualserver_id}-username", 50, 'post'), $newHash['hash'], $newHash['salt'], $ui->ismail("{$virtualserver_id}-email", 'post'), $reseller_id)); } else { $query = $sql->prepare("INSERT INTO `userdata` (`cname`,`security`,`mail`,`accounttype`,`resellerid`) VALUES (?,?,?,'u',?)"); $query->execute(array($ui->username("{$virtualserver_id}-username", 50, 'post'), $newHash, $ui->ismail("{$virtualserver_id}-email", 'post'), $reseller_id)); } $query = $sql->prepare("SELECT `id` FROM `userdata` WHERE `cname`=? AND `mail`=? AND `resellerid`=? ORDER BY `id` DESC LIMIT 1"); $query->execute(array($ui->username("{$virtualserver_id}-username", 50, 'post'), $ui->ismail("{$virtualserver_id}-email", 'post'), $reseller_id)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $customerID = $row['id']; $cnamenew = $ui->username("{$virtualserver_id}-username", 50, 'post'); sendmail('emailuseradd', $customerID, $cnamenew, $initialpassword); } }
$query = $sql->prepare("INSERT INTO `userdata_substitutes` (`userID`,`active`,`loginName`,`name`,`vname`,`passwordHashed`,`resellerID`) VALUES (?,?,?,?,?,?,?)"); $query->execute(array($user_id, $ui->active('active', 'post'), $ui->names('loginName', 255, 'post'), $ui->names('name', 255, 'post'), $ui->names('vname', 255, 'post'), $newHash, $reseller_id)); } if ($query->rowCount() > 0) { $changed = true; $id = $sql->lastInsertId(); } } } else { if ($ui->st('action', 'post') == 'md' and $ui->id('id', 10, 'get')) { if ($ui->password('security', 255, 'post') != '(encrypted)') { $salt = md5(mt_rand() . date('Y-m-d H:i:s:u')); $query = $sql->prepare("SELECT `loginName` FROM `userdata_substitutes` WHERE `sID`=? AND `resellerID`=? LIMIT 1"); $query->execute(array($id, $reseller_id)); $loginName = $query->fetchColumn(); $newHash = passwordCreate($loginName, $ui->password('security', 255, 'post')); if (is_array($newHash)) { $query = $sql->prepare("UPDATE `userdata_substitutes` SET `active`=?,`name`=?,`vname`=?,`passwordHashed`=?,`salt`=? WHERE `sID`=? AND `userID`=? AND `resellerID`=? LIMIT 1"); $query->execute(array($ui->active('active', 'post'), $ui->names('name', 255, 'post'), $ui->names('vname', 255, 'post'), $newHash['hash'], $newHash['salt'], $id, $user_id, $reseller_id)); } else { $query = $sql->prepare("UPDATE `userdata_substitutes` SET `active`=?,`name`=?,`vname`=?,`passwordHashed`=? WHERE `sID`=? AND `userID`=? AND `resellerID`=? LIMIT 1"); $query->execute(array($ui->active('active', 'post'), $ui->names('name', 255, 'post'), $ui->names('vname', 255, 'post'), $newHash, $id, $user_id, $reseller_id)); } } else { $query = $sql->prepare("UPDATE `userdata_substitutes` SET `active`=?,`name`=?,`vname`=? WHERE `sID`=? AND `userID`=? AND `resellerID`=? LIMIT 1"); $query->execute(array($ui->active('active', 'post'), $ui->names('name', 255, 'post'), $ui->names('vname', 255, 'post'), $id, $user_id, $reseller_id)); } if ($query->rowCount() > 0) { $changed = true; } }
if ($ui->active("{$lookUp}-import", 'post') == 'Y' and isset($ex[1]) and port($ex[1])) { $ip = $ex[0]; $port = $ex[1]; $customer = $ui->id("{$lookUp}-customer", 19, 'post'); if ($customer == 0 or $customer == false or $customer == null) { $usernew = true; if ($ui->username("{$lookUp}-username", 50, 'post') and $ui->ismail("{$lookUp}-email", 'post')) { $query = $sql->prepare("SELECT `id` FROM `userdata` WHERE `cname`=? AND `mail`=? AND `resellerid`=? LIMIT 1"); $query->execute(array($ui->username("{$lookUp}-username", 50, 'post'), $ui->ismail("{$lookUp}-email", 'post'), $reseller_id)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $usernew = false; $customer = $row['id']; $cnamenew = $ui->username("{$lookUp}-username", 50, 'post'); } if ($usernew == true) { $newHash = passwordCreate($ui->username("{$lookUp}-username", 50, 'post'), passwordgenerate(10)); if (is_array($newHash)) { $query = $sql->prepare("INSERT INTO `userdata` (`cname`,`security`,`salt`,`mail`,`accounttype`,`resellerid`) VALUES (?,?,?,?,'u',?)"); $query->execute(array($ui->username("{$lookUp}-username", 50, 'post'), $newHash['hash'], $newHash['salt'], $ui->ismail("{$lookUp}-email", 'post'), $reseller_id)); } else { $query = $sql->prepare("INSERT INTO `userdata` (`cname`,`security`,`mail`,`accounttype`,`resellerid`) VALUES (?,?,?,'u',?)"); $query->execute(array($ui->username("{$lookUp}-username", 50, 'post'), $newHash, $ui->ismail("{$lookUp}-email", 'post'), $reseller_id)); } $query = $sql->prepare("SELECT `id` FROM `userdata` WHERE `cname`=? AND `mail`=? AND `resellerid`=? ORDER BY `id` DESC LIMIT 1"); $query->execute(array($ui->username("{$lookUp}-username", 50, 'post'), $ui->ismail("{$lookUp}-email", 'post'), $reseller_id)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $customer = $row['id']; $cnamenew = $ui->username("{$lookUp}-username", 50, 'post'); sendmail('emailuseradd', $customer, $cnamenew, $initialpassword); } }
$element->appendChild($key); $key = $xml->createElement('pwd', $password); $element->appendChild($key); $key = $xml->createElement('mail', $mail); $element->appendChild($key); $key = $xml->createElement('externalID', $externalID); $element->appendChild($key); $xml->appendChild($element); $postXML = urlencode(base64_encode($xml->saveXML())); } if (isset($activeAuth) and $activeAuth == 'Y') { $reply = webhostRequest($domainAuth, $ui->escaped('HTTP_HOST', 'server'), $fileAuth, array('authPWD' => $pwdAuth, 'userAuth' => $userAuth, 'postXML' => $postXML), $portAuth); $xmlReply = @simplexml_load_string($reply); if ($xmlReply and isset($xmlReply->success) and $xmlReply->success == 1 and $xmlReply->user == $username) { $passwordCorrect = true; $newHash = passwordCreate($username, $password); if (is_array($newHash)) { $query = $sql->prepare("UPDATE `userdata` SET `security`=?,`salt`=? WHERE `id`=? LIMIT 1"); $query->execute(array($newHash['hash'], $newHash['salt'], $id)); } else { $query = $sql->prepare("UPDATE `userdata` SET `security`=? WHERE `id`=? LIMIT 1"); $query->execute(array($newHash, $id)); } } else { if ($xmlReply and strlen($xmlReply->error) > 0) { $externalAuthError = $xmlReply->error; } else { $externalAuthError = $reply; } } }
} if ($ui->password('password', 255, 'post') != $ui->password('pass2', 255, 'post')) { $errors[] = $sprache->error_passw_succ; } if (!token(true)) { $errors[] = $spracheResponse->token; } if (count($errors) > 0) { $template_file = implode('<br />', $errors); } else { $salt = md5(mt_rand() . date('Y-m-d H:i:s:u')); $query = $sql->prepare("SELECT `loginName` FROM `userdata_substitutes` WHERE `sID`=? AND `resellerID`=? LIMIT 1"); $query->execute(array($_SESSION['sID'], $reseller_id)); $loginName = $query->fetchColumn(); if (strlen($loginName) > 0 and $ui->password('password', 255, 'post')) { $newHash = passwordCreate($loginName, (string) $ui->password('password', 255, 'post')); if (is_array($newHash)) { $query = $sql->prepare("UPDATE `userdata_substitutes` SET `passwordHashed`=?,`salt`=? WHERE `sID`=? AND `resellerID`=? LIMIT 1"); $query->execute(array($newHash['hash'], $newHash['salt'], $_SESSION['sID'], $reseller_id)); } else { $query = $sql->prepare("UPDATE `userdata_substitutes` SET `passwordHashed`=? WHERE `sID`=? AND `resellerID`=? LIMIT 1"); $query->execute(array($newHash, $_SESSION['sID'], $reseller_id)); } if ($query->rowCount() > 0) { $template_file = $spracheResponse->table_add; } else { $template_file = $spracheResponse->error_table; } } else { $template_file = 'userpanel_404.tpl'; }