if ($ui->st('action', 'post') == 'pw') {
if (!$password) {
$errors[] = $sprache->error_pass;
}
if (!$passwordRepeat) {
$errors[] = $sprache->error_pass;
}
if ($password != $passwordRepeat) {
$errors[] = $sprache->error_passw_succ;
}
if (count($errors) > 0) {
unset($header, $text);
$template_file = 'admin_user_pass.tpl';
} else {
$password = $ui->password('password', 255, 'post');
$newHash = passwordCreate($cname, $ui->password('password', 255, 'post'));
if (is_array($newHash)) {
$query = $reseller_id == 0 ? $sql->prepare("UPDATE `userdata` SET `updateTime`=NOW(),`security`=?,`salt`=? WHERE id=? AND (`resellerid`=? OR `id`=`resellerid`) LIMIT 1") : $sql->prepare("UPDATE `userdata` SET `updateTime`=NOW(),`security`=?,`salt`=? WHERE id=? AND `resellerid`=? LIMIT 1");
$query->execute(array($newHash['hash'], $newHash['salt'], $id, $resellerLockupID));
} else {
$query = $reseller_id == 0 ? $sql->prepare("UPDATE `userdata` SET `updateTime`=NOW(),`security`=? WHERE id=? AND (`resellerid`=? OR `id`=`resellerid`) LIMIT 1") : $sql->prepare("UPDATE `userdata` SET `updateTime`=NOW(),`security`=? WHERE id=? AND `resellerid`=? LIMIT 1");
$query->execute(array($newHash, $id, $resellerLockupID));
}
// Check if a row was affected meaning an entry could be deleted. If yes add log entry and display success message
if ($query->rowCount() > 0) {
$template_file = $spracheResponse->table_add;
$loguseraction = '%psw% %user% ' . $cname;
$insertlog->execute();
// Nothing was deleted, display an error
} else {
$template_file = $spracheResponse->error_table;
$localID = isset($data['localid']) ? $data['localid'] : '';
if (dataExist('identify_by', $data)) {
$query = $sql->prepare("SELECT `id`,`cname`,`active` FROM `userdata` WHERE `" . $from[$data['identify_by']] . "`=? AND `resellerid`=?");
$query->execute(array($data[$data['identify_by']], $resellerID));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$localID = $row['id'];
$name = $row['cname'];
$oldactive = $row['active'];
}
if (isid($localID, 10)) {
$what = array();
$foundGroupIDs = array();
$userGroupIDs = array();
if (isset($data['password']) and !in_array($data['password'], $bad)) {
$password = $data['password'];
$newHash = passwordCreate($name, $data['password']);
if (is_array($newHash)) {
$what['security'] = $newHash['hash'];
$what['salt'] = $newHash['salt'];
} else {
$what['security'] = $newHash;
}
}
if (isset($data['email']) and ismail($data['email'])) {
$what['mail'] = $data['email'];
$mail = $what['mail'];
}
if (isset($data['name']) and names($data['name'], 255)) {
$what['name'] = names($data['name'], 255);
$name = $what['name'];
}
foreach ($ui->id('virtualserver_id', 19, 'post') as $virtualserver_id) {
if ($ui->active("{$virtualserver_id}-import", 'post') == 'Y') {
$customerID = $ui->id("{$virtualserver_id}-customer", 10, 'post');
if ($customerID == 0 or $customerID == false or $customerID == null) {
$usernew = true;
if ($ui->username("{$virtualserver_id}-username", 50, 'post') and $ui->ismail("{$virtualserver_id}-email", 'post')) {
$query = $sql->prepare("SELECT `id` FROM `userdata` WHERE `cname`=? AND `mail`=? AND `resellerid`=? LIMIT 1");
$query->execute(array($ui->username("{$virtualserver_id}-username", 50, 'post'), $ui->ismail("{$virtualserver_id}-email", 'post'), $reseller_id));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$usernew = false;
$customerID = $row['id'];
$cnamenew = $ui->username("{$virtualserver_id}-username", 50, 'post');
}
if ($usernew == true) {
$initialpassword = passwordgenerate(10);
$newHash = passwordCreate($ui->username("{$virtualserver_id}-username", 50, 'post'), $initialpassword);
if (is_array($newHash)) {
$query = $sql->prepare("INSERT INTO `userdata` (`cname`,`security`,`salt`,`mail`,`accounttype`,`resellerid`) VALUES (?,?,?,?,'u',?)");
$query->execute(array($ui->username("{$virtualserver_id}-username", 50, 'post'), $newHash['hash'], $newHash['salt'], $ui->ismail("{$virtualserver_id}-email", 'post'), $reseller_id));
} else {
$query = $sql->prepare("INSERT INTO `userdata` (`cname`,`security`,`mail`,`accounttype`,`resellerid`) VALUES (?,?,?,'u',?)");
$query->execute(array($ui->username("{$virtualserver_id}-username", 50, 'post'), $newHash, $ui->ismail("{$virtualserver_id}-email", 'post'), $reseller_id));
}
$query = $sql->prepare("SELECT `id` FROM `userdata` WHERE `cname`=? AND `mail`=? AND `resellerid`=? ORDER BY `id` DESC LIMIT 1");
$query->execute(array($ui->username("{$virtualserver_id}-username", 50, 'post'), $ui->ismail("{$virtualserver_id}-email", 'post'), $reseller_id));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$customerID = $row['id'];
$cnamenew = $ui->username("{$virtualserver_id}-username", 50, 'post');
sendmail('emailuseradd', $customerID, $cnamenew, $initialpassword);
}
}
$query = $sql->prepare("INSERT INTO `userdata_substitutes` (`userID`,`active`,`loginName`,`name`,`vname`,`passwordHashed`,`resellerID`) VALUES (?,?,?,?,?,?,?)");
$query->execute(array($user_id, $ui->active('active', 'post'), $ui->names('loginName', 255, 'post'), $ui->names('name', 255, 'post'), $ui->names('vname', 255, 'post'), $newHash, $reseller_id));
}
if ($query->rowCount() > 0) {
$changed = true;
$id = $sql->lastInsertId();
}
}
} else {
if ($ui->st('action', 'post') == 'md' and $ui->id('id', 10, 'get')) {
if ($ui->password('security', 255, 'post') != '(encrypted)') {
$salt = md5(mt_rand() . date('Y-m-d H:i:s:u'));
$query = $sql->prepare("SELECT `loginName` FROM `userdata_substitutes` WHERE `sID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($id, $reseller_id));
$loginName = $query->fetchColumn();
$newHash = passwordCreate($loginName, $ui->password('security', 255, 'post'));
if (is_array($newHash)) {
$query = $sql->prepare("UPDATE `userdata_substitutes` SET `active`=?,`name`=?,`vname`=?,`passwordHashed`=?,`salt`=? WHERE `sID`=? AND `userID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($ui->active('active', 'post'), $ui->names('name', 255, 'post'), $ui->names('vname', 255, 'post'), $newHash['hash'], $newHash['salt'], $id, $user_id, $reseller_id));
} else {
$query = $sql->prepare("UPDATE `userdata_substitutes` SET `active`=?,`name`=?,`vname`=?,`passwordHashed`=? WHERE `sID`=? AND `userID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($ui->active('active', 'post'), $ui->names('name', 255, 'post'), $ui->names('vname', 255, 'post'), $newHash, $id, $user_id, $reseller_id));
}
} else {
$query = $sql->prepare("UPDATE `userdata_substitutes` SET `active`=?,`name`=?,`vname`=? WHERE `sID`=? AND `userID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($ui->active('active', 'post'), $ui->names('name', 255, 'post'), $ui->names('vname', 255, 'post'), $id, $user_id, $reseller_id));
}
if ($query->rowCount() > 0) {
$changed = true;
}
}
if ($ui->active("{$lookUp}-import", 'post') == 'Y' and isset($ex[1]) and port($ex[1])) {
$ip = $ex[0];
$port = $ex[1];
$customer = $ui->id("{$lookUp}-customer", 19, 'post');
if ($customer == 0 or $customer == false or $customer == null) {
$usernew = true;
if ($ui->username("{$lookUp}-username", 50, 'post') and $ui->ismail("{$lookUp}-email", 'post')) {
$query = $sql->prepare("SELECT `id` FROM `userdata` WHERE `cname`=? AND `mail`=? AND `resellerid`=? LIMIT 1");
$query->execute(array($ui->username("{$lookUp}-username", 50, 'post'), $ui->ismail("{$lookUp}-email", 'post'), $reseller_id));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$usernew = false;
$customer = $row['id'];
$cnamenew = $ui->username("{$lookUp}-username", 50, 'post');
}
if ($usernew == true) {
$newHash = passwordCreate($ui->username("{$lookUp}-username", 50, 'post'), passwordgenerate(10));
if (is_array($newHash)) {
$query = $sql->prepare("INSERT INTO `userdata` (`cname`,`security`,`salt`,`mail`,`accounttype`,`resellerid`) VALUES (?,?,?,?,'u',?)");
$query->execute(array($ui->username("{$lookUp}-username", 50, 'post'), $newHash['hash'], $newHash['salt'], $ui->ismail("{$lookUp}-email", 'post'), $reseller_id));
} else {
$query = $sql->prepare("INSERT INTO `userdata` (`cname`,`security`,`mail`,`accounttype`,`resellerid`) VALUES (?,?,?,'u',?)");
$query->execute(array($ui->username("{$lookUp}-username", 50, 'post'), $newHash, $ui->ismail("{$lookUp}-email", 'post'), $reseller_id));
}
$query = $sql->prepare("SELECT `id` FROM `userdata` WHERE `cname`=? AND `mail`=? AND `resellerid`=? ORDER BY `id` DESC LIMIT 1");
$query->execute(array($ui->username("{$lookUp}-username", 50, 'post'), $ui->ismail("{$lookUp}-email", 'post'), $reseller_id));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$customer = $row['id'];
$cnamenew = $ui->username("{$lookUp}-username", 50, 'post');
sendmail('emailuseradd', $customer, $cnamenew, $initialpassword);
}
}
$element->appendChild($key);
$key = $xml->createElement('pwd', $password);
$element->appendChild($key);
$key = $xml->createElement('mail', $mail);
$element->appendChild($key);
$key = $xml->createElement('externalID', $externalID);
$element->appendChild($key);
$xml->appendChild($element);
$postXML = urlencode(base64_encode($xml->saveXML()));
}
if (isset($activeAuth) and $activeAuth == 'Y') {
$reply = webhostRequest($domainAuth, $ui->escaped('HTTP_HOST', 'server'), $fileAuth, array('authPWD' => $pwdAuth, 'userAuth' => $userAuth, 'postXML' => $postXML), $portAuth);
$xmlReply = @simplexml_load_string($reply);
if ($xmlReply and isset($xmlReply->success) and $xmlReply->success == 1 and $xmlReply->user == $username) {
$passwordCorrect = true;
$newHash = passwordCreate($username, $password);
if (is_array($newHash)) {
$query = $sql->prepare("UPDATE `userdata` SET `security`=?,`salt`=? WHERE `id`=? LIMIT 1");
$query->execute(array($newHash['hash'], $newHash['salt'], $id));
} else {
$query = $sql->prepare("UPDATE `userdata` SET `security`=? WHERE `id`=? LIMIT 1");
$query->execute(array($newHash, $id));
}
} else {
if ($xmlReply and strlen($xmlReply->error) > 0) {
$externalAuthError = $xmlReply->error;
} else {
$externalAuthError = $reply;
}
}
}
}
if ($ui->password('password', 255, 'post') != $ui->password('pass2', 255, 'post')) {
$errors[] = $sprache->error_passw_succ;
}
if (!token(true)) {
$errors[] = $spracheResponse->token;
}
if (count($errors) > 0) {
$template_file = implode('<br />', $errors);
} else {
$salt = md5(mt_rand() . date('Y-m-d H:i:s:u'));
$query = $sql->prepare("SELECT `loginName` FROM `userdata_substitutes` WHERE `sID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($_SESSION['sID'], $reseller_id));
$loginName = $query->fetchColumn();
if (strlen($loginName) > 0 and $ui->password('password', 255, 'post')) {
$newHash = passwordCreate($loginName, (string) $ui->password('password', 255, 'post'));
if (is_array($newHash)) {
$query = $sql->prepare("UPDATE `userdata_substitutes` SET `passwordHashed`=?,`salt`=? WHERE `sID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($newHash['hash'], $newHash['salt'], $_SESSION['sID'], $reseller_id));
} else {
$query = $sql->prepare("UPDATE `userdata_substitutes` SET `passwordHashed`=? WHERE `sID`=? AND `resellerID`=? LIMIT 1");
$query->execute(array($newHash, $_SESSION['sID'], $reseller_id));
}
if ($query->rowCount() > 0) {
$template_file = $spracheResponse->table_add;
} else {
$template_file = $spracheResponse->error_table;
}
} else {
$template_file = 'userpanel_404.tpl';
}
