/**
* Create a default home calendar for the user.
* @param string $username The username of the user we are creating relationships for.
*/
function CreateHomeCalendar($username)
{
global $session, $c;
if (!isset($c->home_calendar_name) || strlen($c->home_calendar_name) == 0) {
return true;
}
$usr = getUserByName($username);
$parent_path = "/" . $username . "/";
$calendar_path = $parent_path . $c->home_calendar_name . "/";
$dav_etag = md5($usr->user_no . $calendar_path);
$qry = new AwlQuery('SELECT 1 FROM collection WHERE dav_name = :dav_name', array(':dav_name' => $calendar_path));
if ($qry->Exec()) {
if ($qry->rows() > 0) {
$c->messages[] = i18n("Home calendar already exists.");
return true;
}
} else {
$c->messages[] = i18n("There was an error writing to the database.");
return false;
}
$sql = 'INSERT INTO collection (user_no, parent_container, dav_name, dav_etag, dav_displayname, is_calendar, created, modified, resourcetypes) ';
$sql .= 'VALUES( :user_no, :parent_container, :calendar_path, :dav_etag, :displayname, true, current_timestamp, current_timestamp, :resourcetypes );';
$params = array(':user_no' => $usr->user_no, ':parent_container' => $parent_path, ':calendar_path' => $calendar_path, ':dav_etag' => $dav_etag, ':displayname' => $usr->fullname, ':resourcetypes' => '<DAV::collection/><urn:ietf:params:xml:ns:caldav:calendar/>');
$qry = new AwlQuery($sql, $params);
if ($qry->Exec()) {
$c->messages[] = i18n("Home calendar added.");
dbg_error_log("User", ":Write: Created user's home calendar at '%s'", $calendar_path);
} else {
$c->messages[] = i18n("There was an error writing to the database.");
return false;
}
return true;
}
function validateCreateUser()
{
$username = $_POST['username'];
$password = $_POST['password'];
$repeat = $_POST['repeat_password'];
$email = $_POST['email'];
$check = mysql_num_rows(getUserByName($username));
$err = false;
$msg = 'Sign up failed.\\n';
if (strlen($username) < 4) {
$err = true;
$msg .= 'Username must be at least 4 characters long.\\n';
}
if ($check > 0) {
$err = true;
$msg .= 'That username already exists.\\n';
}
if (strlen($password) < 6) {
$err = true;
$msg .= 'Password must be at least 6 characters long.\\n';
}
if (!($password === $repeat)) {
$err = true;
$msg .= 'Passwords must match.\\n';
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$err = true;
$msg .= 'Email Invalid.\\n';
}
if ($err) {
return $msg;
}
}
/**
* Check the username / password against the PAM system
*/
function SQUID_PAM_check($username, $password)
{
global $c;
/**
* @todo Think of the children! This is a horribly insecure use of unvalidated user input! Probably it should be done with a popen or something, and it seems remarkably dodgy to expect that naively quoted strings will work in any way reliably.
* Meanwhile, I've quickly hacked something basic in place to improve the situation. No quotes/backslashes in passwords for YOU!
*/
$username = str_replace("'", "", str_replace('"', "", str_replace('\\', "", $username)));
$password = str_replace("'", "", str_replace('"', "", str_replace('\\', "", $password)));
$cmd = "echo '" . $username . "' '" . $password . "' | " . $c->authenticate_hook['config']['script'] . " -n common-auth";
$auth_result = exec($cmd);
if ($auth_result == "OK") {
if ($usr = getUserByName($username)) {
return $usr;
} else {
dbg_error_log("PAM", "user %s doesn't exist in local DB, we need to create it", $username);
$fullname = exec('getent passwd "' . $username . '"');
$fullname = preg_replace('{^[^:]+:[^:]+:\\d+:\\d+:([^:,]+)(,?[^:]*):.*$}', '$1', $fullname);
$usr = (object) array('user_no' => 0, 'username' => $username, 'active' => 't', 'email' => $username . "@" . $c->authenticate_hook['config']['email_base'], 'updated' => date(), 'fullname' => $fullname);
UpdateUserFromExternal($usr);
return $usr;
}
} else {
dbg_error_log("PAM", "User %s is not a valid username (or password was wrong)", $username);
return false;
}
}
function checkUserPwd($user, $pwd)
{
global $key_pwd;
if (!($u = getUserByName($user))) {
$u = getUserByEmail($user);
}
if (dc_decrypt($u->password, $key_pwd) == $pwd) {
return $u;
} else {
return false;
}
}
public function __construct($username)
{
$result = getUserByName($username);
$count = mysql_num_rows($result);
if (count === 1) {
// user exists
$row = mysql_fetch_row($result);
$this->userId = $row[0];
$this->username = $row[1];
$this->email = $row[2];
$this->houseId = $row[5];
} else {
throw new Exception('Username not found.');
}
}
/**
* Constructor
* @param mixed $parameters If null, an empty Principal is created. If it
* is an integer then that ID is read (if possible). If it is
* an array then the Principal matching the supplied elements
* is read. If it is an object then it is expected to be a 'usr'
* record that was read elsewhere.
*
* @return boolean Whether we actually read data from the DB to initialise the record.
*/
function __construct($parameters = null)
{
global $session, $c;
$this->exists = null;
$this->url = null;
if ($parameters == null) {
return false;
}
$this->by_email = false;
if (is_object($parameters)) {
dbg_error_log('principal', 'Principal: record for %s', $parameters->username);
$usr = $parameters;
} else {
if (is_int($parameters)) {
dbg_error_log('principal', 'Principal: %d', $parameters);
$usr = getUserByID($parameters);
$this->user_no = $parameters['user_no'];
} else {
if (is_array($parameters)) {
if (!isset($parameters['options']['allow_by_email'])) {
$parameters['options']['allow_by_email'] = false;
}
if (isset($parameters['username'])) {
$usr = getUserByName($parameters['username']);
$this->username = $parameters['username'];
} else {
if (isset($parameters['user_no'])) {
$usr = getUserByID($parameters['user_no']);
$this->user_no = $parameters['user_no'];
} else {
if (isset($parameters['email']) && $parameters['options']['allow_by_email']) {
if ($username = $this->UsernameFromEMail($parameters['email'])) {
$usr = getUserByName($username);
$this->username = $username;
}
} else {
if (isset($parameters['path'])) {
dbg_error_log('principal', 'Finding Principal from path: "%s", options.allow_by_email: "%s"', $parameters['path'], $parameters['options']['allow_by_email']);
if ($username = $this->UsernameFromPath($parameters['path'], $parameters['options'])) {
$usr = getUserByName($username);
$this->username = $username;
}
} else {
if (isset($parameters['principal-property-search'])) {
$usr = $this->PropertySearch($parameters['principal-property-search']);
}
}
}
}
}
}
}
}
if (!isset($usr) || !is_object($usr)) {
$this->exists = false;
return false;
}
$this->exists = true;
$this->InitialiseRecord($usr);
if (is_array($parameters) && !isset($parameters['username']) && !isset($parameters['user_no']) && isset($parameters['path']) && preg_match('{^/(~|principals/)}', $parameters['path'])) {
// Force it to match
$this->url = $parameters['path'];
$this->dav_name = $parameters['path'];
}
}
unset($user["password"]);
$result->status = true;
$result->data = $user;
} else {
$result->message = "invalid_key";
}
} else {
$result->message = "sketcy";
}
echo json_encode($result);
});
$app->get("/user/:username", function ($username) {
global $app;
$result = new stdClass();
$result->status = false;
$user = getUserByName($username);
if ($user) {
unset($user["password"]);
$result->status = true;
$result->data = $user;
}
echo json_encode($result);
});
$app->get("/email/:email", function ($email) {
global $app;
$result = new stdClass();
$result->status = false;
$user = getUserByEmail($email);
if ($user) {
unset($user["password"]);
$result->status = true;
function addUser($user)
{
$db = connectDB();
//Ajout de l'user dans la table USER
$sql = 'INSERT INTO mif22_user (username_user, password_user, type_user) VALUES ("' . $user->getUsername() . '", "' . $user->getPass() . '",' . $user->getType() . ');';
mysql_query($sql) or die('Erreur SQL ! : ' . mysql_error());
mysql_close($db);
if ($user->getType() != 0) {
//Si ce n'est pas un enseignant
//Selection de l'id du dernier user
$user = getUserByName($user->getUsername());
$db = connectDB();
//Initialisation des niveaux du joueur
$sql = 'INSERT INTO mif22_levelUserExercice (`id_user`, `id_exercice`, `level`) VALUES
(' . $user->getId() . ', 1, 0),
(' . $user->getId() . ', 21, 1),
(' . $user->getId() . ', 22, 1),
(' . $user->getId() . ', 23, 1),
(' . $user->getId() . ', 24, 1),
(' . $user->getId() . ', 31, 1),
(' . $user->getId() . ', 32, 1),
(' . $user->getId() . ', 33, 1);';
echo $sql;
mysql_query($sql) or die('Erreur SQL la ! : ' . mysql_error());
$sql = 'INSERT INTO mif22_noteFausseExoSol (`id_user`,`do`,`re`,`mi`,`fa`,`sol`,`la`,`si`) VALUES
(' . $user->getId() . ', 1, 1, 1, 1, 1, 1, 1);';
mysql_query($sql) or die('Erreur SQL la ! : ' . mysql_error());
$sql = 'INSERT INTO mif22_noteFausseExoFa (`id_user`,`do`,`re`,`mi`,`fa`,`sol`,`la`,`si`) VALUES
(' . $user->getId() . ', 1, 1, 1, 1, 1, 1, 1);';
mysql_query($sql) or die('Erreur SQL la ! : ' . mysql_error());
mysql_close($db);
}
}
<?php
require_once "query/message.php";
$DOJSS = $_COOKIE['DOJSS'];
$user = checkDOJSS($DOJSS);
if ($user) {
$offset = $limit = '';
$list = $la = [];
if (isset($_GET['pid'])) {
$pid = (int) $_GET['pid'];
$la[] = "`pid` = {$pid}";
}
if (isset($_GET['uname'])) {
$uid = getUserByName($_GET['uname']);
if ($uid) {
$uid = $uid->id;
} else {
$uid = 0;
}
$la[] = "`uid` = {$uid}";
}
if ($la) {
$limit = "WHERE " . join(" AND ", $la);
}
if (isset($_GET['offset'])) {
$offset = "OFFSET " . (int) $_GET['offset'];
}
$res = mysql_query("SELECT * FROM `submit` {$limit} ORDER BY `id` DESC LIMIT 50 {$offset}");
while ($r = mysql_fetch_object($res)) {
unset($r->code);
$r->uname = getUserByID($r->uid)->name;
<?php
require 'dbadapter.php';
require 'validate.php';
if (isset($_POST['username'])) {
$error = validateUserLogin();
if (!$error) {
// validation successful
$username = $_POST['username'];
$result = getUserByName($username);
$count = mysql_num_rows($result);
if ($count === 1) {
// user exists
$row = mysql_fetch_row($result);
if (password_verify($_POST['password'], $row[3])) {
// password verified
userActive($username);
// switch active on for user $username
session_regenerate_id();
$_SESSION['username'] = $username;
session_write_close();
$message = "Welcome {$username}";
echo "<script type='text/javascript'>alert('{$message}'); window.location.href = 'http://localhost/mates/home.php';</script>";
} else {
// wrong password
$message = "Sorry, the password did not match, please try again.";
echo "<script type='text/javascript'>alert('{$message}');</script>";
}
} else {
// no user of that username
$message = "That username does not exist. Please try again or sign up.";
/**
* CheckPassword does all of the password checking and
* returns a user record object, or false if it all ends in tears.
*/
function CheckPassword($username, $password)
{
global $c;
if (isset($c->authenticate_hook) && isset($c->authenticate_hook['call']) && function_exists($c->authenticate_hook['call'])) {
/**
* The authenticate hook needs to:
* - Accept a username / password
* - Confirm the username / password are correct
* - Create (or update) a 'usr' record in our database
* - Return the 'usr' record as an object
* - Return === false when authentication fails
*
* It can expect that:
* - Configuration data will be in $c->authenticate_hook['config'], which might be an array, or whatever is needed.
*/
$hook_response = call_user_func($c->authenticate_hook['call'], $username, $password);
/**
* make the authentication hook optional: if the flag is set, ignore a return value of 'false'
*/
if (isset($c->authenticate_hook['optional']) && $c->authenticate_hook['optional']) {
if ($hook_response !== false) {
return $hook_response;
}
} else {
return $hook_response;
}
}
if ($usr = getUserByName($username)) {
dbg_error_log("BasicAuth", ":CheckPassword: Name:%s, Pass:%s, File:%s, Active:%s", $username, $password, $usr->password, $usr->active ? 'Yes' : 'No');
if ($usr->active && session_validate_password($password, $usr->password)) {
return $usr;
}
}
return false;
}
<?php
require 'auth.php';
require 'dbadapter.php';
// fetch house info for logged in user
$userRow = mysql_fetch_row(getUserByName($username));
$userHouseId = $userRow[5];
$houseRow = mysql_fetch_row(getHouseById($userHouseId));
//house details
$houseName = $houseRow[1];
$houseRent = $houseRow[3];
$houseSqft = $houseRow[4];
include_once 'header.php';
?>
<h2>House View</h2>
<p>You live in your house, <?php
echo $houseName;
?>
</p>
<?php
if ($houseSqft) {
echo "<p>Your house is {$houseSqft} sq. ft. in size</p>";
}
?>
<p>Your rent is <?php
echo $houseRent;
?>
</p>
<a href="http://localhost/mates/home.php">Home</a>
<?php
include_once 'footer.php';
<?php
require_once 'query/message.php';
$msg = $_POST;
if (isset($msg['user'])) {
$user = $msg['user'];
}
if (isset($msg['password'])) {
$pwd = $msg['password'];
}
$rem = isset($msg['remember']);
if (getUserByName($user) || getUserByEmail($user)) {
if ($r = checkUserPwd($user, $pwd)) {
if ($rem) {
$time = time() + 3600 * 24 * 365;
} else {
$time = 0;
}
setcookie("DOJSS", DOJSS($r->id, $r->password), $time);
header("Location:/");
} else {
$error = $err['wrongPwd'];
}
} else {
$error = $err['noUser'];
}
require_once 'template/login.php';
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<?php
include './common/meta.php';
?>
<title>写纸条</title>
</head>
<body>
<?php
$MSG_TEXT_LIST = array('0' => '消息发送成功!', '1' => '消息内容不能为空!', '2' => '用户名输入错误!', '3' => '用户名不能为空', '10' => '数据库连接错误!');
$doc_title = '写纸条';
$user = $common['user'];
if ($_POST) {
$username = trim($_POST['username']);
$content = trim($_POST['content']);
$target = getUserByName($username, $con);
$msg_code = -1;
if ($username == '') {
$msg_code = 3;
} else {
if ($content == '') {
$msg_code = 1;
} else {
if ($target && $target['userid'] != $user['userid']) {
$sql = "insert into message (toid, authorid, content, dateline) values(" . $target['userid'] . "," . $user['userid'] . ", '" . $content . "'," . time() . ");";
$result = mysql_query($sql);
if ($result) {
$msg_code = 0;
} else {
$msg_code = 10;
}
}
} else {
// Sinon affiche une erreur
$error = '<span id="helpBlock" class="help-block">Some field are empty.</span>';
}
}
// Si le formulaire de connexion est envoyé
if (isset($_REQUEST["btnSubmit"])) {
// Initialisation
$UserName = filter_input(INPUT_POST, 'UserName', FILTER_SANITIZE_SPECIAL_CHARS);
$UserPassword = filter_input(INPUT_POST, 'UserPassword', FILTER_SANITIZE_SPECIAL_CHARS);
// Si le login est juste
if (CheckLogin($UserName, $UserPassword)) {
// Initialise une variable dans $_SESSION à true
$_SESSION['user_logged'] = $UserName;
$_SESSION["user"] = getUserByName($UserName);
// Redirige vers l'index
header('Location: index.php');
} else {
$error = '<span id="helpBlock" class="help-block">The login has failed.</span>';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<?php
ob_start();
session_start();
require_once '../db/database.php';
spl_autoload_register('loadClass');
unset($_SESSION['loginError']);
unset($_SESSION['creationSuccess']);
//CONNEXION
if (isset($_POST['user_login']) && isset($_POST['user_pass'])) {
$resConnect = checkUserConnexion($_POST['user_login'], $_POST['user_pass']);
if ($resConnect == 1) {
$user = getUserByName($_POST['user_login']);
$_SESSION['user'] = serialize($user);
$_SESSION['username'] = $user->getUsername();
if ($user->getType() == 0) {
header('Location: ../part/panelEnseignant.php');
} else {
header('Location: ../part/main.php');
}
} else {
if ($resConnect == -2) {
$_SESSION['loginError'] = "Nom d'utilisateur inconnu";
} else {
if ($resConnect == -1) {
$_SESSION['loginError'] = "Mauvais mot de passe";
}
}
$_SESSION['username'] = '******';
header('Location: ../part/accueil.php');
}
/**
* Defunct function for creating default relationships.
* @param string $username The username of the user we are creating relationships for.
*/
function CreateDefaultRelationships($username)
{
global $c;
if (!isset($c->default_relationships) || count($c->default_relationships) == 0) {
return true;
}
$changes = false;
foreach ($c->default_relationships as $group => $relationships) {
$sql = 'INSERT INTO grants (by_principal, to_principal, privileges) VALUES(:by_principal, :to_principal, :privileges::INT::BIT(24))';
$params = array(':by_principal' => getUserByName($username)->principal_id, ':to_principal' => $group, ':privileges' => privilege_to_bits($relationships));
$qry = new AwlQuery($sql, $params);
if ($qry->Exec()) {
$changes = true;
dbg_error_log("User", ":Write: Created user's default relationship by:'%s', to:'%s', privileges:'%s'", $params[':by_principal'], $params[':to_principal'], $params[':privileges']);
} else {
$c->messages[] = i18n("There was an error writing to the database.");
return false;
}
}
if ($changes) {
$c->messages[] = i18n("Default relationships added.");
}
return true;
}
/**
* Work out the user whose calendar we are accessing, based on elements of the path.
*/
function UserFromPath()
{
global $session;
$this->user_no = $session->user_no;
$this->username = $session->username;
$this->principal_id = $session->principal_id;
@dbg_error_log("WARN", "Call to deprecated CalDAVRequest::UserFromPath()");
if ($this->path == '/' || $this->path == '') {
dbg_error_log("caldav", "No useful path split possible");
return false;
}
$path_split = explode('/', $this->path);
$this->username = $path_split[1];
if ($this->username == 'principals') {
$this->username = $path_split[3];
}
@dbg_error_log("caldav", "Path split into at least /// %s /// %s /// %s", $path_split[1], $path_split[2], $path_split[3]);
if (isset($this->options['allow_by_email']) && preg_match('#/(\\S+@\\S+[.]\\S+)/?$#', $this->path, $matches)) {
$this->by_email = $matches[1];
$qry = new AwlQuery("SELECT user_no, principal_id, username FROM usr JOIN principal USING (user_no) WHERE email = :email", array(':email' => $this->by_email));
if ($qry->Exec('caldav', __LINE__, __FILE__) && ($user = $qry->Fetch())) {
$this->user_no = $user->user_no;
$this->username = $user->username;
$this->principal_id = $user->principal_id;
}
} elseif ($user = getUserByName($this->username, 'caldav', __LINE__, __FILE__)) {
$this->principal = $user;
$this->user_no = $user->user_no;
$this->principal_id = $user->principal_id;
}
}
/**
* Check the username / password against the LDAP server
*/
function LDAP_check($username, $password)
{
global $c;
$ldapDriver = getStaticLdap();
if (!$ldapDriver->valid) {
dbg_error_log("ERROR", "Couldn't contact LDAP server for authentication");
return false;
}
$mapping = $c->authenticate_hook['config']['mapping_field'];
$attributes = array_values($mapping);
/**
* If the config contains a filter that starts with a ( then believe
* them and don't modify it, otherwise wrap the filter.
*/
$filter_munge = "";
if (preg_match('/^\\(/', $ldapDriver->filterUsers)) {
$filter_munge = $ldapDriver->filterUsers;
} else {
if (isset($ldapDriver->filterUsers) && $ldapDriver->filterUsers != '') {
$filter_munge = "({$ldapDriver->filterUsers})";
}
}
$filter = "(&{$filter_munge}(" . $mapping["username"] . "={$username}))";
$valid = $ldapDriver->requestUser($filter, $attributes, $username, $password);
// is a valid user or not
if (!$valid) {
dbg_error_log("LDAP", "user %s is not a valid user", $username);
return false;
}
$ldap_timestamp = $valid[$mapping["updated"]];
/**
* This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
*/
foreach ($c->authenticate_hook['config']['format_updated'] as $k => $v) {
${$k} = substr($ldap_timestamp, $v[0], $v[1]);
}
$ldap_timestamp = "{$Y}" . "{$m}" . "{$d}" . "{$H}" . "{$M}" . "{$S}";
$valid[$mapping["updated"]] = "{$Y}-{$m}-{$d} {$H}:{$M}:{$S}";
if ($usr = getUserByName($username)) {
// should we update it ?
$db_timestamp = $usr->updated;
$db_timestamp = substr(strtr($db_timestamp, array(':' => '', ' ' => '', '-' => '')), 0, 14);
if ($ldap_timestamp <= $db_timestamp) {
return $usr;
// no need to update
}
// we will need to update the user record
} else {
dbg_error_log("LDAP", "user %s doesn't exist in local DB, we need to create it", $username);
$usr = (object) array('user_no' => 0);
}
// The local cached user doesn't exist, or is older, so we create/update their details
sync_user_from_LDAP($usr, $mapping, $valid);
return $usr;
}
/**
* Check the username / password against the PAM system
*/
function PWAUTH_PAM_check($username, $password)
{
global $c;
$program = $c->authenticate_hook['config']['path'];
$email_base = $c->authenticate_hook['config']['email_base'];
$pipe = popen(escapeshellarg($program), 'w');
$authinfo = sprintf("%s\n%s\n", $username, $password);
$written = fwrite($pipe, $authinfo);
dbg_error_log('pwauth', 'Bytes written: %d of %d', $written, strlen($authinfo));
$return_status = pclose($pipe);
switch ($return_status) {
case 0:
// STATUS_OK: Authentication succeeded.
dbg_error_log('pwauth', 'User %s successfully authenticated', $username);
if ($user = getUserByName($username)) {
return $user;
} else {
dbg_error_log('pwauth', 'User %s does not exist in local db, creating', $username);
$fullname = exec(sprintf('getent passwd %s', escapeshellarg($username)));
$fullname = preg_replace('{^[^:]+:[^:]+:\\d+:\\d+:([^:,]+)(,[^:]*):.*$}', '$1', $fullname);
$user = (object) array('user_no' => 0, 'username' => $username, 'active' => 't', 'email' => sprintf('%s@%s', $username, $email_base), 'updated' => date('%r'), 'fullname' => $fullname);
UpdateUserFromExternal($user);
return $user;
}
break;
/*
* Note that for system configurations using PAM instead of
* reading the password database directly, if PAM is unable to
* read the password database, pwauth will return status 1.
*/
/*
* Note that for system configurations using PAM instead of
* reading the password database directly, if PAM is unable to
* read the password database, pwauth will return status 1.
*/
case 1:
case 2:
// (1) STATUS_UNKNOWN: Invalid username or password.
// (2) STATUS_INVALID: Invalid password.
dbg_error_log('pwauth', 'Invalid username or password (username: %s)', $username);
break;
case 3:
// STATUS_BLOCKED: UID for username is < pwauth's MIN_UNIX_UID
dbg_error_log('pwauth', 'UID for username %s is < pwauth MIN_UNIX_UID', $username);
break;
case 4:
// STATUS_EXPIRED: The user account has expired.
dbg_error_log('pwauth', 'The account for %s has expired', $username);
break;
case 5:
// STATUS_PW_EXPIRED: The user account's password has expired.
dbg_error_log('pwauth', 'The account password for user %s has expired', $username);
break;
case 6:
// STATUS_NOLOGIN: Logins to the system are administratively disabled.
dbg_error_log('pwauth', 'Logins administratively disabled (%s)', $username);
break;
case 7:
// STATUS_MANYFAILS: Too many login failures for user account.
dbg_error_log('pwauth', 'Login rejected for %s, too many failures', $username);
break;
case 50:
// STATUS_INT_USER: Configuration error, Web server cannot use pwauth
dbg_error_log('pwauth', 'config error: see pwauth man page (%s)', 'STATUS_INT_USER');
break;
case 51:
// STATUS_INT_ARGS: pwauth received no username/passwd to check
dbg_error_log('pwauth', 'error: pwauth received no username/password');
break;
case 52:
// STATUS_INT_ERR: unknown error
dbg_error_log('pwauth', 'error: see pwauth man page (%s)', 'STATUS_INT_ERR');
break;
case 53:
// STATUS_INT_NOROOT: pwauth could not read the password database
dbg_error_log('pwauth', 'config error: cannot read password database (%s)', 'STATUS_INT_NOROOT');
default:
// Unknown error code.
dbg_error_log('pwauth', 'An unknown error (%d) has occurred', $return_status);
}
return FALSE;
}
function formularioUsuarios()
{
$html = <<<EOS
\t\t\t<form action="" method="POST" id="formbuscausu">
\t\t\t<label>Nombre de usuario:</label><input id="text" type="text" name="cadena">
\t\t\t<input type="submit" name="submit" value="Buscar" /><!-- boton de enviar -->
\t\t\t</form>
EOS;
echo $html;
$me = getUserByName($_SESSION["usuario"]);
if (isset($_POST['submit'])) {
$usuarios = buscarUsuario($_POST['cadena']);
echo '<table id="tabla-contenido">';
if ($usuarios != NULL) {
//$me = getUserByName($_SESSION["usuario"]);
foreach ($usuarios as $usuario) {
$nick = $usuario["username"];
$id = $usuario["id_user"];
echo '<tr>';
if (!isFriendDB($me["id_user"], $id)) {
echo '<td><a href="perfil.php?id=' . $id . '">' . $nick . '</a></td><td><a href="add-friend.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/add_friend.png" /></a></td>';
} else {
echo '<td><a href="delete-friend.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/delete_friend.png" /></a></td>';
}
echo '</tr>';
if (isset($_SESSION["rol"]) && $_SESSION["rol"] > 1) {
echo '<td><a href="modify-rol.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/rol_admin.png" /></a></td></tr>';
}
}
echo '</table>';
} else {
echo '<div class="info"><ul><li>No se han encontrado usuarios.</li></ul></div>';
}
} else {
$usuarios = buscarUsuario("");
echo '<table id="tabla-contenido">';
foreach ($usuarios as $usuario) {
$nick = $usuario["username"];
$id = $usuario["id_user"];
echo '<tr><td><a href="perfil.php?id=' . $id . '">' . $nick . '</a></td>';
if (!isFriendDB($me["id_user"], $id)) {
echo '<td><a href="add-friend.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/add_friend.png" /></a></td><td></td>';
} else {
echo '<td></td><td><a href="delete-friend.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/delete_friend.png" /></a></td>';
}
if (isset($_SESSION["rol"]) && $_SESSION["rol"] > 1) {
echo '<td><a href="modify-rol.php?id=' . $id . '"><img src="' . RAIZ_APP . 'img/rol_admin.png" /></a></td></tr>';
echo '</tr>';
}
}
echo '</table>';
}
}
$comments = dameCommentsMercha($content["id_merchandising"]);
if ($comments != NULL) {
foreach ($comments as $comment) {
?>
<div id = "detalle-comentario">
<a href="perfil.php?id=<?php
echo $comment["id_user"];
?>
"><?php
echo getUser($comment["id_user"])["username"];
?>
</a> el <?php
echo $comment["fecha"];
?>
<?php
if (isset($_SESSION['rol']) && (isset($_SESSION["rol"]) && $_SESSION["rol"] > 1 || getUserByName($_SESSION["usuario"]) == $comment["id_user"])) {
?>
<a class="options-comment" href="delete-comment.php?id=<?php
echo $comment["id_comment"];
?>
"> Eliminar </a>
<?php
}
?>
<p><?php
echo $comment["texto"];
?>
</p>
</div>
<?php
<?php
require_once "query/message.php";
$DOJSS = $_COOKIE['DOJSS'];
$name = safe($_POST['name']);
$pwd = safe($_POST['password']);
$user = checkDOJSS($DOJSS);
if (!checkName($name)) {
send(1, $err['invalidName']);
}
if ($user) {
if ($user->name == $name) {
send(2, $warning['sameMsg']);
}
if ($u = getUserByName($name)) {
if ($u->id != $user->id) {
send(1, $err['sameName']);
}
}
if (dc_decrypt($user->password, $key_pwd) != $pwd) {
send(1, $err['wrongPwd']);
}
$uid = $user->id;
mysql_query("UPDATE `users` SET \n\t\t\t`name` = '{$name}'\n\t\tWHERE `id` = {$uid} ");
if (mysql_affected_rows()) {
send(0, $tip['changedName'], "\$('#myName').html('{$name}');");
} else {
send(1, $err['notSaved']);
}
} else {
send(1, $err['wrongDOJSS']);
require_once 'query/message.php';
$msg = $_POST;
$name = $msg['name'];
$password = $msg['password'];
$mail = $msg['email'];
$key = $msg['key'];
if (!checkName($name)) {
$error = $err['invalidName'];
} else {
if (!checkPwd($password)) {
$error = $err['invalidPwd'];
} else {
if (!checkEmail($mail)) {
$error = $err['wrongEmailFormat'];
} else {
if (getUserByName($name)) {
$error = $err['sameName'];
} else {
if (getUserByEmail($mail)) {
$error = $err['sameEmail'];
}
}
}
}
}
$kmail = checkKey($key);
if ($kmail == $mail . '&') {
$admin = 1;
} else {
if ($kmail == $mail) {
$admin = 0;
