예제 #1
0
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with sysPass.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
use SP\Request;
use SP\Themes;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
    SP\Util::logout();
}
SP\Util::checkReload();
if (!SP\Request::analyze('actionId', 0, true)) {
    die('<div class="error">' . _('Parámetros incorrectos') . '</DIV>');
}
$actionId = SP\Request::analyze('actionId');
$itemId = SP\Request::analyze('itemId', 0);
$lastAction = SP\Request::analyze('lastAction', \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH);
$tpl = new SP\Template();
$tpl->assign('actionId', $actionId);
$tpl->assign('id', $itemId);
$tpl->assign('activeTabId', $itemId);
$tpl->assign('lastAccountId', \SP\Session::getLastAcountId());
$tpl->assign('queryTimeStart', microtime());
$tpl->assign('userId', SP\Session::getUserId());
$tpl->assign('userGroupId', SP\Session::getUserGroupId());
$tpl->assign('userIsAdminApp', SP\Session::getUserIsAdminApp());
예제 #2
0
// Comprobamos que la clave maestra del usuario es correcta y está actualizada
if (!$masterPass && (!UserPass::checkUserMPass($User) || !UserPass::checkUserUpdateMPass($userLogin))) {
    SP\Response::printJSON(_('La clave maestra no ha sido guardada o es incorrecta'), 3);
} elseif ($masterPass) {
    if (CryptMasterPass::checkTempMasterPass($masterPass)) {
        $masterPass = CryptMasterPass::getTempMasterPass($masterPass);
    }
    if (!$User->updateUserMPass($masterPass)) {
        $Log->addDescription(_('Clave maestra incorrecta'));
        $Log->writeLog();
        SP\Response::printJSON(_('Clave maestra incorrecta'), 4);
    }
}
// Comprobar si se ha forzado un cambio de clave
if ($User->isUserChangePass()) {
    $hash = SP\Util::generate_random_bytes();
    if (UserPassRecover::addPassRecover($userLogin, $hash)) {
        $url = SP\Init::$WEBURI . '/index.php?a=passreset&h=' . $hash . '&t=' . time() . '&f=1';
        SP\Response::printJSON($url, 0);
    }
}
// Obtenemos la clave maestra del usuario
if ($User->getUserMPass()) {
    // Actualizar el último login del usuario
    UserUtil::setUserLastLogin($User->getUserId());
    // Cargar las variables de sesión del usuario
    SessionUtil::loadUserSession($User);
    $Log->addDescription(sprintf('%s: %s', _('Usuario'), $userLogin));
    $Log->addDescription(sprintf('%s: %s', _('Perfil'), SP\Profile::getProfileNameById($User->getUserProfileId())));
    $Log->addDescription(sprintf('%s: %s', _('Grupo'), SP\Groups::getGroupNameById($User->getUserGroupId())));
    $Log->writeLog();
예제 #3
0
 *
 * sysPass is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with sysPass.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
use SP\Request;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
    SP\Util::logout();
}
if (!SP\Request::analyze('itemId', false, true) || !SP\Request::analyze('actionId', false, true)) {
    exit;
}
$actionId = SP\Request::analyze('actionId', 0);
$tpl = new SP\Template();
$tpl->assign('itemId', SP\Request::analyze('itemId', 0));
$tpl->assign('activeTab', SP\Request::analyze('activeTab', 0));
$tpl->assign('actionId', $actionId);
$tpl->assign('isView', false);
switch ($actionId) {
    case \SP\Controller\ActionsInterface::ACTION_USR_USERS_VIEW:
        $tpl->assign('header', _('Ver Usuario'));
        $tpl->assign('onCloseAction', \SP\Controller\ActionsInterface::ACTION_USR);
        $tpl->assign('isView', true);
예제 #4
0
         $log->writeLog();
         \SP\Response::printJSON($log->getDescription());
     }
 } else {
     $log->addDescription(_('Archivo inválido') . ":<br>" . $_FILES['inFile']['name']);
     $log->writeLog();
     \SP\Response::printJSON($log->getDescription());
 }
 // Variables con información del archivo
 $fileData['name'] = SP\Html::sanitize($_FILES['inFile']['name']);
 $tmpName = SP\Html::sanitize($_FILES['inFile']['tmp_name']);
 $fileData['size'] = $_FILES['inFile']['size'];
 $fileData['type'] = $_FILES['inFile']['type'];
 if (!file_exists($tmpName)) {
     // Registramos el máximo tamaño permitido por PHP
     SP\Util::getMaxUpload();
     $log->addDescription(_('Error interno al leer el archivo'));
     $log->writeLog();
     \SP\Response::printJSON($log->getDescription());
 }
 if ($fileData['size'] > $allowedSize * 1000) {
     $log->addDescription(_('El archivo es mayor de ') . " " . round($allowedSize / 1000, 1) . "MB");
     $log->writeLog();
     \SP\Response::printJSON($log->getDescription());
 }
 // Leemos el archivo a una variable
 $fileData['content'] = file_get_contents($tmpName);
 if ($fileData['content'] === false) {
     $log->addDescription(_('Error interno al leer el archivo'));
     $log->writeLog();
     \SP\Response::printJSON($log->getDescription());
예제 #5
0
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with sysPass.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
use SP\Request;
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
    SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
if (SP\Util::demoIsEnabled()) {
    SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
$sk = SP\Request::analyze('sk', false);
$defaultUser = SP\Request::analyze('defUser', 0);
$defaultGroup = SP\Request::analyze('defGroup', 0);
$importPwd = SP\Request::analyzeEncrypted('importPwd');
$csvDelimiter = SP\Request::analyze('csvDelimiter');
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
    SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
SP\Import::setDefUser($defaultUser);
SP\Import::setDefGroup($defaultGroup);
SP\Import::setImportPwd($importPwd);
SP\Import::setCsvDelimiter($csvDelimiter);
$res = SP\Import::doImport($_FILES["inFile"]);
예제 #6
0
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * sysPass is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with sysPass.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
use SP\Request;
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('GET');
if (!SP\Init::isLoggedIn()) {
    return;
}
if (!SP\Util::fileIsEnabled()) {
    echo _('Gestión de archivos deshabilitada');
    return false;
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
    SP\Response::printXML(_('CONSULTA INVÁLIDA'));
}
$controller = new SP\Controller\AccountsMgmtC();
$controller->getFiles();
$controller->view();
예제 #7
0
        }
    } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_EDITPASS) {
        if (SP\Util::demoIsEnabled() && UserUtil::getUserLoginById($itemId) == 'demo') {
            SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
        } elseif (!$User->getUserPass() || !$userPassR) {
            SP\Response::printJSON(_('La clave no puede estar en blanco'), 2);
        } elseif ($User->getUserPass() != $userPassR) {
            SP\Response::printJSON(_('Las claves no coinciden'), 2);
        }
        if ($User->updateUserPass()) {
            SP\Response::printJSON(_('Clave actualizada'), 0);
        }
        SP\Response::printJSON(_('Error al modificar la clave'));
        // Eliminar usuario
    } elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_USERS_DELETE) {
        if (SP\Util::demoIsEnabled() && UserUtil::getUserLoginById($itemId) == 'demo') {
            SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
        } elseif ($User->getUserId() == SP\Session::getUserId()) {
            SP\Response::printJSON(_('No es posible eliminar, usuario en uso'));
        }
        if ($User->deleteUser() && SP\CustomFields::deleteCustomFieldForItem($User->getUserId(), \SP\Controller\ActionsInterface::ACTION_USR_USERS)) {
            SP\Response::printJSON(_('Usuario eliminado'), 0, $doActionOnClose);
        }
        SP\Response::printJSON(_('Error al eliminar el usuario'));
    }
} elseif ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_DELETE) {
    // Variables POST del formulario
    $frmGrpName = SP\Request::analyze('name');
    $frmGrpDesc = SP\Request::analyze('description');
    $frmGrpUsers = SP\Request::analyze('users');
    if ($actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_NEW || $actionId === \SP\Controller\ActionsInterface::ACTION_USR_GROUPS_EDIT) {
예제 #8
0
use SP\UserUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
SP\Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
    SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
    SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$frmAccountId = SP\Request::analyze('accountid', 0);
$frmDescription = SP\Request::analyze('description');
if (!$frmDescription) {
    SP\Response::printJSON(_('Es necesaria una descripción'));
}
$accountRequestData = SP\Account::getAccountRequestData($frmAccountId);
$recipients = array(UserUtil::getUserEmail($accountRequestData->account_userId), UserUtil::getUserEmail($accountRequestData->account_userEditId));
$requestUsername = SP\Session::getUserName();
$requestLogin = SP\Session::getUserLogin();
$log = new \SP\Log(_('Solicitud de Modificación de Cuenta'));
$log->addDescription(SP\Html::strongText(_('Solicitante') . ': ') . $requestUsername . ' (' . $requestLogin . ')');
$log->addDescription(SP\Html::strongText(_('Cuenta') . ': ') . $accountRequestData->account_name);
$log->addDescription(SP\Html::strongText(_('Cliente') . ': ') . $accountRequestData->customer_name);
$log->addDescription(SP\Html::strongText(_('Descripción') . ': ') . $frmDescription);
$mailto = implode(',', $recipients);
if (strlen($mailto) > 1 && SP\Util::mailrequestIsEnabled() && SP\Email::sendEmail($log, $mailto)) {
    $log->writeLog();
    SP\Response::printJSON(_('Solicitud enviada'), 0, "doAction('" . \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH . "');");
}
SP\Response::printJSON(_('Error al enviar la solicitud'));
예제 #9
0
    $UserPrefs->setSortViews($sortViews);
    $UserPrefs->setTopNavbar($topNavbar);
    $UserPrefs->setOptionalActions($optionalActions);
    if (!$UserPrefs->updatePreferences()) {
        SP\Response::printJSON(_('Error al actualizar preferencias'));
    }
    // Forzar la detección del lenguaje tras actualizar
    SP\Language::setLanguage(true);
    SP\Themes::setTheme(true);
    // Actualizar las preferencias en la sesión y recargar la página
    SP\Session::setUserPreferences($UserPrefs);
    SP\Util::reload();
    SP\Response::printJSON(_('Preferencias actualizadas'), 0, $doActionOnClose);
} else {
    if ($actionId === SP\Controller\ActionsInterface::ACTION_USR_PREFERENCES_SECURITY) {
        if (SP\Util::demoIsEnabled() && \SP\Session::getUserLogin() === 'demo') {
            SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
        }
        // Variables POST del formulario
        $twoFaEnabled = SP\Request::analyze('security_2faenabled', 0, false, 1);
        $pin = SP\Request::analyze('security_pin', 0);
        $userLogin = UserUtil::getUserLoginById($itemId);
        $twoFa = new \SP\Auth\Auth2FA($itemId, $userLogin);
        if (!$twoFa->verifyKey($pin)) {
            SP\Response::printJSON(_('Código incorrecto'));
        }
        // No se instancia la clase ya que es necesario guardar los atributos ya guardados
        $UserPrefs = \SP\UserPreferences::getPreferences($itemId);
        $UserPrefs->setId($itemId);
        $UserPrefs->setUse2Fa(\SP\Util::boolval($twoFaEnabled));
        if (!$UserPrefs->updatePreferences()) {