<?php
include_once dirname(__FILE__) . '/config/variables.php';
include_once dirname(__FILE__) . '/config/authpostmaster.php';
include_once dirname(__FILE__) . '/config/functions.php';
include_once dirname(__FILE__) . '/config/httpheaders.php';
check_user_exists($dbh, $_POST['localpart'], $_SESSION['domain_id'], 'adminfail.php');
if (preg_match("/['@%!\\/\\| ']/", $_POST['localpart'])) {
header("Location: adminfail.php?badname={$_POST['localpart']}");
die;
}
$query = "INSERT INTO users (localpart, username, domain_id, smtp, pop,\n uid, gid, type, realname) SELECT :localpart,\n :username, :domain_id, ':fail:', ':fail:', uid, gid, 'fail',\n 'Fail' FROM domains WHERE domain_id=:domain_id";
$sth = $dbh->prepare($query);
$success = $sth->execute(array(':localpart' => $_POST['localpart'], ':username' => $_POST['localpart'] . '@' . $_SESSION['domain'], ':domain_id' => $_SESSION['domain_id']));
if ($success) {
header("Location: adminfail.php?added={$_POST['localpart']}");
} else {
header("Location: adminfail.php?failadded={$_POST['localpart']}");
}
?>
<!-- Layout and CSS tricks obtained from http://www.bluerobot.com/web/layouts/ -->
<?php
include 'include/database.class.php';
/*If any registration is invalid,
/ set up error message in error string
/ to inform to the other page.error.php
*/
if (isset($_GET['uname'], $_GET['uemail'], $_GET['upassword'])) {
$uname = filter_input(INPUT_GET, 'uname', FILTER_SANITIZE_STRING);
// $uemail = $_GET['uemail'];
$uemail = filter_input(INPUT_GET, 'uemail', FILTER_SANITIZE_EMAIL);
$upassword = $_GET['upassword'];
check_email($uemail);
check_user_exists($uname, $uemail);
check_password($upassword);
insert_user($uname, $uemail, $upassword);
} else {
$mgs = "INFORMATION NOT PROPERLY SET";
send_error($mgs);
}
function check_email($uemail)
{
if (!filter_var($uemail, FILTER_VALIDATE_EMAIL)) {
$mgs = "INVALID EMAIL";
send_error($mgs);
} else {
if (check_email_exists($uemail)) {
$mgs = "EMAIL ALREADY REGISTERED";
send_error($mgs);
exit;
} else {
<?php
# Resets user password
# Generates a random string as new password and emails it.
include "../includes/db_lib.php";
include "../includes/user_lib.php";
# Helper function to check email address validity
function check_valid_email($email)
{
# TODO:
# The following works for only >= PHP 5.2.0, hence not working on arc server.
//return filter_var($email, FILTER_VALIDATE_EMAIL);
return true;
}
$username = $_REQUEST['username'];
$user_exists = check_user_exists($username);
if ($user_exists == false) {
$msg = "User <b>{$username}</b> not found. Please check the username entered.";
} else {
$user_profile = get_user_by_name($username);
$email = $user_profile->email;
# Remove the following line once get_user_profile works
if (trim($email) == "") {
$msg = "Email address not present for <b>{$username}</b>. Please contact sysadmin to reset your password.";
} else {
if (check_valid_email($email) === false) {
$msg = "Email address <b>{$email}</b> not valid. Please contact sysadmin to reset your password.";
} else {
$new_password = get_random_password();
$password_changed = change_user_password($username, $new_password);
if ($password_changed === false) {
function saveUberProject()
{
//Let's check to make sure everything is correct & there are no errors
if (empty($_POST['up_nameofwork'])) {
$errormsg .= "Overall Name of Uber Project is required.<br>";
}
if (!empty($_POST['checkedoutby'])) {
$checkedoutby = $_POST['checkedoutby'];
$errormsg .= check_user_exists($checkedoutby, 'PPer/PPVer');
}
/*
if (!empty($_POST['up_topic_id']))
{
$up_topic_id = $_POST['up_topic_id'];
$result = mysql_query("SELECT forum_id FROM phpbb_topics WHERE topic_id = '$up_topic_id'");
if (mysql_num_rows($result) == 0)
{
$errormsg .= "Uber Project Topic must already exist - check topic id.<br>";
}
}
`up_topic_id` int(10) default NULL,
`up_contents_post_id` int(10) default NULL,
*/
if (!empty($_POST['special'])) {
$special = $_POST['special'];
if (strncmp($special, 'Birthday', 8) == 0 or strncmp($special, 'Otherday', 8) == 0) {
if (empty($_POST['bdayday']) or empty($_POST['bdaymonth'])) {
$errormsg .= "Month and Day are required for Default Special of Birthday or Otherday.<br>";
} else {
$bdaymonth = $_POST['bdaymonth'];
$bdayday = $_POST['bdayday'];
if (!checkdate($bdaymonth, $bdayday, 2000)) {
$errormsg .= "Invalid date supplied for Default Special of Birthday or Otherday.<br>";
} else {
if (strlen($special) == 8) {
$special = $special . " " . $bdaymonth . $bdayday;
}
}
}
}
}
if (!empty($_POST['image_preparer'])) {
$image_preparer = $_POST['image_preparer'];
$errormsg .= check_user_exists($image_preparer, 'Image Preparer');
}
if (!empty($_POST['text_preparer'])) {
$text_preparer = $_POST['text_preparer'];
$errormsg .= check_user_exists($text_preparer, 'Text Preparer');
}
if (isset($errormsg)) {
return $errormsg;
exit;
}
//Format the language as pri_language with sec_language if pri_language is set
//Otherwise set just the pri_language
if (!empty($_POST['sec_language'])) {
$language = $_POST['pri_language'] . " with " . $_POST['sec_language'];
} else {
$language = $_POST['pri_language'];
}
//If we are just updating an already existing uber project
if (isset($_POST['up_projectid'])) {
//Update the uber project database table with the updated info
mysql_query("\n UPDATE uber_projects\n SET\n up_nameofwork='{$_POST['up_nameofwork']}',\n up_topic_id='{$_POST['up_topic_id']}',\n up_contents_post_id='{$_POST['up_contents_post_id']}',\n up_modifieddate=UNIX_TIMESTAMP(),\n up_description='{$_POST['up_description']}',\n d_nameofwork='{$_POST['nameofwork']}',\n d_authorsname='{$_POST['authorsname']}',\n d_checkedoutby='{$_POST['checkedoutby']}',\n d_language='{$language}',\n d_genre='{$_POST['genre']}',\n d_year='{$_POST['year']}',\n d_difficulty='{$_POST['difficulty_level']}',\n d_comments='{$_POST['comments']}',\n d_scannercredit='{$_POST['scannercredit']}',\n d_clearance='{$_POST['clearance']}',\n d_special='{$special}',\n d_image_source = '{$_POST['image_source']},\n d_image_preparer = '{$image_preparer}',\n d_text_preparer = '{$text_preparer}',\n d_extra_comments = '{$_POST['extra_comments']}'\n WHERE up_projectid='{$_POST['up_projectid']}'\n ");
} else {
global $up_projectid;
//Insert a new row into the uber projects table
mysql_query("\n INSERT INTO uber_projects\n (up_nameofwork, up_topic_id, up_contents_post_id, up_modifieddate, up_enabled, up_description,\n d_nameofwork, d_authorsname, d_language, d_comments, d_special, d_checkedoutby, d_scannercredit,\n d_clearance, d_year, d_genre, d_difficulty, d_image_source, d_image_preparer, d_text_preparer,\n d_extra_credits)\n VALUES (\n '{$_POST['up_nameofwork']}',\n '{$_POST['up_topic_id']}',\n '{$_POST['up_comments_post_id']}',\n UNIX_TIMESTAMP(),\n 1,\n '{$_POST['up_description']}',\n '{$_POST['nameofwork']}',\n '{$_POST['authorsname']}',\n '{$language}',\n '{$_POST['comments']}',\n '{$special}',\n '{$_POST['checkedoutby']}',\n '{$_POST['scannercredit']}',\n '{$_POST['clearance']}',\n '{$_POST['year']}',\n '{$_POST['genre']}',\n '{$_POST['difficulty_level']}',\n '{$_POST['image_source']},\n {$image_preparer},\n {$text_preparer},\n '{$_POST['extra_credits']}\n )\n ");
$up_projectid = mysql_insert_id();
// '{$GLOBALS['pguser']}'
// if topic / post IDs are blank :
// create the auto uber post and/or the auto contents post ?
// update uber_projects table with topic and/or post IDs
}
}
$_POST['on_avscan'] = 1;
} else {
$_POST['on_avscan'] = 0;
}
if (isset($_POST['on_spamassassin']) && $row['spamassassin'] == 1) {
$_POST['on_spamassassin'] = 1;
} else {
$_POST['on_spamassassin'] = 0;
}
// Don't accept blank passwords
if ($_POST['clear'] == "" && $_POST['vclear'] == "") {
$junk = md5(time());
$_POST['clear'] = $junk;
$_POST['vclear'] = $junk;
}
check_user_exists($db, $_POST['localpart'], $_SESSION['domain_id'], 'adminalias.php');
if (preg_match("/['@%!\\/\\|\" ']/", $_POST['localpart']) || preg_match("/^\\s*\$/", $_POST['realname'])) {
header("Location: adminalias.php?badname={$_POST['localpart']}");
die;
}
$aliasto = preg_replace("/[', ']+/", ",", $_POST['smtp']);
if (alias_validate_password($_POST['clear'], $_POST['vclear'])) {
$query = "INSERT INTO users\n (localpart, username, domain_id, clear, smtp, pop, uid,\n gid, realname, type, admin, on_avscan, on_spamassassin, enabled)\n SELECT '{$_POST['localpart']}',\n '{$_POST['localpart']}@{$_SESSION['domain']}',\n '{$_SESSION['domain_id']}',\n '{$_POST['clear']}',\n '{$aliasto}',\n '{$aliasto}',\n uid,\n gid,\n '{$_POST['realname']}',\n 'alias',\n {$_POST['admin']},\n {$_POST['on_avscan']},\n {$_POST['on_spamassassin']},\n {$_POST['enabled']} from domains\n WHERE domains.domain_id={$_SESSION['domain_id']}";
$result = $db->query($query);
if (!DB::isError($result)) {
header("Location: adminalias.php?added={$_POST['localpart']}");
} else {
header("Location: adminalias.php?failadded={$_POST['localpart']}");
}
} else {
header("Location: adminalias.php?badaliaspass={$_POST['localpart']}");
function add_user($name, $uname, $pass, $dpt, $level)
{
global $lse_db;
$name = $lse_db->real_escape_string($name);
$uname = $lse_db->real_escape_string($uname);
$pass = $lse_db->real_escape_string($pass);
$dpt = $lse_db->real_escape_string($dpt);
$level = $lse_db->real_escape_string($level);
$pass = md5($pass);
$query = "INSERT INTO `users`(`user_name`,`user_uname`, `user_pass`, `user_dpt`,`user_level`)\n VALUES ('{$name}', '{$uname}', '{$pass}', '{$dpt}', {$level});";
if (!check_user_exists($uname)) {
$res = $lse_db->query($query);
if ($res) {
$r['message'] = "Ok";
$r['type'] = 1;
echo json_encode($r);
} else {
$r['message'] = "Eroare";
$r['type'] = 0;
echo json_encode($r);
}
} else {
$r['message'] = "Userul Exista";
$r['type'] = 0;
echo json_encode($r);
}
}
function set_from_post()
{
if (get_magic_quotes_gpc()) {
// Values in $_POST come with backslashes added.
// We want the fields of $this to be unescaped strings,
// so we strip the slashes.
$_POST = array_map('stripslashes', $_POST);
}
$errors = '';
if (isset($_POST['projectid'])) {
$projectid = validate_projectID('projectid', @$_POST['projectid']);
$this->projectid = $projectid;
$ucep_result = user_can_edit_project($this->projectid);
if ($ucep_result == PROJECT_DOES_NOT_EXIST) {
return _("parameter 'projectid' is invalid: no such project") . ": '{$this->projectid}'";
} else {
if ($ucep_result == USER_CANNOT_EDIT_PROJECT) {
return _("You are not authorized to manage this project.") . ": '{$this->projectid}'";
} else {
if ($ucep_result == USER_CAN_EDIT_PROJECT) {
// fine
} else {
return _("unexpected return value from user_can_edit_project") . ": '{$ucep_result}'";
}
}
}
} else {
if (isset($_POST['clone_projectid'])) {
// we're creating a clone
$clone_projectid = validate_projectID('clone_projectid', @$_POST['clone_projectid']);
$this->clone_projectid = $clone_projectid;
}
}
$this->nameofwork = @$_POST['nameofwork'];
// we're using preg_match as this field will be space-normalised later
if (preg_match('/^\\s*$/', $this->nameofwork)) {
$errors .= "Name of work is required.<br>";
}
$this->authorsname = @$_POST['authorsname'];
if (preg_match('/^\\s*$/', $this->authorsname)) {
$errors .= "Author is required.<br>";
}
if (user_is_a_sitemanager()) {
$this->projectmanager = @$_POST['username'];
if ($this->projectmanager == '') {
$errors .= _("Project manager is required.") . "<br>";
} else {
$errors .= check_user_exists($this->projectmanager, 'Project manager');
}
if (empty($errors) && !that_user_is_PM($this->projectmanager)) {
$errors .= sprintf(_("%s is not a PM."), $this->projectmanager) . "<br>";
}
} else {
$this->projectmanager = '';
}
$pri_language = @$_POST['pri_language'];
if ($pri_language == '') {
$errors .= _("Primary Language is required.") . "<br>";
}
$sec_language = @$_POST['sec_language'];
$this->language = $sec_language != '' ? "{$pri_language} with {$sec_language}" : $pri_language;
$this->genre = @$_POST['genre'];
if ($this->genre == '') {
$errors .= _("Genre is required.") . "<br>";
}
$this->image_source = @$_POST['image_source'];
if ($this->image_source == '') {
$errors .= _("Image Source is required. If the one you want isn't in list, you can propose to add it.") . "<br>";
$this->image_source = '_internal';
}
/*
else
{
if ($this->image_source == 'OTHER')
{
if (empty($_POST['imso_other']))
{
$errors .= "When Image Source is OTHER, details must be supplied.<br>";
}
else
{
$imso_other = $_POST['imso_other'];
$this->image_source = "O:".$imso_other;
}
}
}
*/
$this->special_code = @$_POST['special_code'];
if ($this->special_code != '') {
if (startswith($this->special_code, 'Birthday') || startswith($this->special_code, 'Otherday')) {
if (empty($_POST['bdayday']) or empty($_POST['bdaymonth'])) {
$errors .= _("Month and Day are required for Birthday or Otherday Specials.") . "<br>";
} else {
$bdaymonth = $_POST['bdaymonth'];
$bdayday = $_POST['bdayday'];
if (!checkdate($bdaymonth, $bdayday, 2000)) {
$errors .= _("Invalid date supplied for Birthday or Otherday Special.") . "<br>";
} else {
if (strlen($this->special_code) == 8) {
$this->special_code .= " " . $bdaymonth . $bdayday;
}
}
}
}
}
$this->checkedoutby = @$_POST['checkedoutby'];
// if it's an existing project, we want to know its state
if (isset($this->projectid)) {
// Somewhat kludgey to have to do this query here.
$res = mysql_query("\n SELECT state, checkedoutby, username\n FROM projects\n WHERE projectid='{$this->projectid}'\n ") or die(mysql_error());
list($state, $PPer, $PM) = mysql_fetch_row($res);
$this->state = $state;
// don't allow an empty PPer/PPVer if the project is checked out
if (($this->state == PROJ_POST_FIRST_CHECKED_OUT || $this->state == PROJ_POST_SECOND_CHECKED_OUT) && $this->checkedoutby == '') {
$errors .= _("This project is checked out: you must specify a PPer/PPVer");
$this->checkedoutby = $PPer;
}
if ($this->projectmanager == '') {
$this->projectmanager = $PM;
}
} else {
$this->state = '';
}
if ($this->checkedoutby != '') {
// make sure the named PPer/PPVer actually exists
$errors .= check_user_exists($this->checkedoutby, 'PPer/PPVer');
}
$this->image_preparer = @$_POST['image_preparer'];
if ($this->image_preparer != '') {
$errors .= check_user_exists($this->image_preparer, 'Image Preparer');
}
$this->text_preparer = @$_POST['text_preparer'];
if ($this->text_preparer != '') {
$errors .= check_user_exists($this->text_preparer, 'Text Preparer');
}
$this->posted = @$_POST['posted'];
$this->postednum = @$_POST['postednum'];
if ($this->posted) {
// We are in the process of marking this project as posted.
if ($this->postednum == '') {
$errors .= _("Posted Number is required.") . "<br>";
} else {
if (!preg_match('/^[1-9][0-9]*$/', $this->postednum)) {
$errors .= sprintf(_("Posted Number \"%s\" is not of the correct format."), $this->postednum) . "<br>";
// You'll sometimes see PG etext numbers with a 'C' appended.
// The 'C' is not part of the etext number
// (e.g., it does not appear in PG's RDF catalog),
// rather it's a bit of information about the identified text,
// namely that it's still under (US) copyright.
// Anyhow, the 'C' should not be included here.
}
}
}
$this->scannercredit = @$_POST['scannercredit'];
$this->comments = @$_POST['comments'];
$this->clearance = @$_POST['clearance'];
$this->difficulty_level = @$_POST['difficulty_level'];
$this->up_projectid = intval(@$_POST['up_projectid']);
$this->original_marc_array_encd = @$_POST['rec'];
$this->extra_credits = @$_POST['extra_credits'];
$this->deletion_reason = @$_POST['deletion_reason'];
if ($this->difficulty_level == '') {
global $pguser;
$this->difficulty_level = $pguser == "BEGIN" ? "beginner" : "average";
}
return $errors;
}
function add_user($user)
{
# Adds a new user account
if (!check_user_exists($user->username)) {
$saved_db = DbUtil::switchToGlobal();
$password = encrypt_password($user->password);
$rwoptions = $user->rwoptions;
if ($user->level == 17) {
$user->rwoptions = LabConfig::getDoctorUserOptions();
}
$query_string = "INSERT INTO user(username, password, actualname, level, created_by, lab_config_id, email, phone, lang_id, rwoptions) " . "VALUES ('{$user->username}', '{$password}', '{$user->actualName}', {$user->level}, {$user->createdBy}, '{$user->labConfigId}', '{$user->email}', '{$user->phone}', '{$user->langId}','{$user->rwoptions}')";
query_insert_one($query_string);
DbUtil::switchRestore($saved_db);
$saved_db = DbUtil::switchToGlobal();
$query_string = "SELECT user_id FROM user WHERE username='******' LIMIT 1";
$record = query_associative_one($query_string);
$query_string = "INSERT INTO user_config(user_id, level, parameter, value, created_by, created_on, modified_by, modified_on) " . "VALUES ('" . $record['user_id'] . "',{$user->level}, 'rwoptions', '{$rwoptions}', {$user->createdBy}, curdate(), {$user->createdBy}, curdate())";
query_insert_one($query_string);
DbUtil::switchRestore($saved_db);
return true;
}
return false;
}
if ($user_loggedin) {
render_page('Registration', phtml('logged-in-reg', [], false), $script_path);
} else {
render_page('Registration', phtml('registration', ['script_path' => $script_path], false), $script_path);
}
});
map('POST', '/register', function ($conn) use(&$script_path, &$user_loggedin) {
$is_error = false;
$error_msg = '';
if (!empty($_POST['txtFullName']) && !empty($_POST['txtUsername']) && !empty($_POST['txtPassword']) && !empty($_POST['txtPseudoName'])) {
if (strlen($_POST['txtUsername']) > 2 && $_POST['txtUsername'] != 'asthra' && $_POST['txtUsername'] != 'f**k' && $_POST['txtUsername'] != 'shit' && $_POST['txtUsername'] != 'house') {
$user_fullname = process_form($conn->escape_string($_POST['txtFullName']), 's');
$pseudoname = process_form($conn->escape_string($_POST['txtPseudoName']), 's');
$username = process_form($conn->escape_string($_POST['txtUsername']));
$pswd = sha1(process_form($conn->escape_string($_POST['txtPassword'])));
if (!check_user_exists($username)) {
$pwdsetz = rand(0, 5);
$query = "INSERT INTO " . USER_TABLE . " " . "(user_name, user_pswd, user_pseudoname, user_fullname, user_pwdset) VALUES " . "('" . $username . "', '" . $pswd . "', '" . $pseudoname . "', '" . $user_fullname . "', " . $pwdsetz . ")";
$result = $conn->query($query) or die($conn->error);
if ($conn->affected_rows == 1) {
render_page('Registration', phtml('registration-success', ['username' => $username], false), $script_path);
} else {
msg_die('Something went, not wrong, but not right either', 'D');
}
} else {
$is_error = true;
$error_msg = 'Username Already Exists. Please choose another one';
}
} else {
$is_error = true;
$error_msg = 'Invalid Username! (needs atleast 3 characters and CANNOT be "house")';
<?php
#
# Adds a new lab user account to DB
# Called via Ajax from lab_user_new.php
#
include "../includes/db_lib.php";
$saved_session = SessionUtil::save();
$user_list = $_REQUEST['userlist'];
$user_list_arr = explode(',', $user_list);
$error_flag = 0;
$msg = "";
for ($i = 0; $i <= count($user_list_arr); $i++) {
if (check_user_exists($user_list_arr[$i])) {
$error_flag = 1;
$msg .= $user_list_arr[$i] . ",";
}
}
if ($error_flag == 1) {
$msg = rtrim($msg, ',');
$msg = "The following username(s) are already taken. Please try a different value - " . $msg;
} else {
$msg = "success";
}
echo $msg;
SessionUtil::restore($saved_session);
} else {
if (empty($last_name)) {
$_SESSION['add_user_error'] = "Please enter the users surname.";
header('Location: ../add_user_gui.php');
} else {
if (empty($email)) {
$_SESSION['add_user_error'] = "Please enter the users email.";
header('Location: ../add_user_gui.php');
} else {
if (empty($phone_number)) {
$_SESSION['add_user_error'] = "Please enter the users contact number.";
header('Location: ../add_user_gui.php');
} else {
if (empty($gender)) {
$_SESSION['add_user_error'] = "Please enter the users gender.";
header('Location: ../add_user_gui.php');
} else {
if (empty($access_level)) {
$_SESSION['add_user_error'] = "Please enter the users user type.";
header('Location: ../add_user_gui.php');
}
}
}
}
}
}
}
$new_user = new User($student_id, $first_name, $last_name, $email, $phone_number, $gpa, $gender, $access_level);
$new_user . check_user_exists($DB_con);
$new_user . add_user($DB_con);
}
{
$u_handler =& xoonips_getormhandler('xoonips', 'xoops_users');
$criteria = new Criteria('uname', addslashes($uname));
$u_count = $u_handler->getCount($criteria);
if ($u_count != 0) {
xoops_cp_header();
echo 'User name ' . $uname . ' already exists';
xoops_cp_footer();
exit;
}
}
// check variables
check_variables($vals);
// check user exists
if ($uid == 0) {
check_user_exists($vals['xoops']['uname']);
}
// update db values
// >> xoops user information
$u_handler =& xoonips_getormhandler('xoonips', 'xoops_users');
if ($uid == 0) {
$u_obj =& $u_handler->create();
} else {
$u_obj =& $u_handler->get($uid);
}
if (!is_object($u_obj)) {
redirect_header($xoonips_admin['mypage_url'], 3, _AM_XOONIPS_MSG_UNEXPECTED_ERROR);
exit;
}
foreach ($vals['xoops'] as $key => $val) {
$u_obj->set($key, $val);
