queryFirstRow() public static method

public static queryFirstRow ( )
DB Class Documentation
Exemplo n.º 1
1
 function test_3_more_inserts()
 {
     DB::insert('`accounts`', array('username' => 'Bart', 'password' => 'hello', 'age' => 15, 'height' => 10.371));
     $dbname = DB::$dbName;
     DB::insert("`{$dbname}`.`accounts`", array('username' => 'Charlie\'s Friend', 'password' => 'goodbye', 'age' => 30, 'height' => 155.23, 'favorite_word' => null));
     $this->assert(DB::insertId() === 3);
     $counter = DB::queryFirstField("SELECT COUNT(*) FROM accounts");
     $this->assert($counter === strval(3));
     DB::insert('`accounts`', array('username' => 'Deer', 'password' => '', 'age' => 15, 'height' => 10.371));
     $username = DB::queryFirstField("SELECT username FROM accounts WHERE password=%s0", null);
     $this->assert($username === 'Deer');
     $password = DB::queryFirstField("SELECT password FROM accounts WHERE favorite_word IS NULL");
     $this->assert($password === 'goodbye');
     DB::$usenull = false;
     DB::insertUpdate('accounts', array('id' => 3, 'favorite_word' => null));
     $password = DB::queryFirstField("SELECT password FROM accounts WHERE favorite_word=%s AND favorite_word=%s", null, '');
     $this->assert($password === 'goodbye');
     DB::$usenull = true;
     DB::insertUpdate('accounts', array('id' => 3, 'favorite_word' => null));
     DB::$param_char = '###';
     $bart = DB::queryFirstRow("SELECT * FROM accounts WHERE age IN ###li AND height IN ###ld AND username IN ###ls", array(15, 25), array(10.371, 150.123), array('Bart', 'Barts'));
     $this->assert($bart['username'] === 'Bart');
     DB::insert('accounts', array('username' => 'f_u'));
     DB::query("DELETE FROM accounts WHERE username=###s", 'f_u');
     DB::$param_char = '%';
     $charlie_password = DB::queryFirstField("SELECT password FROM accounts WHERE username IN %ls AND username = %s", array('Charlie', 'Charlie\'s Friend'), 'Charlie\'s Friend');
     $this->assert($charlie_password === 'goodbye');
     $charlie_password = DB::queryOneField('password', "SELECT * FROM accounts WHERE username IN %ls AND username = %s", array('Charlie', 'Charlie\'s Friend'), 'Charlie\'s Friend');
     $this->assert($charlie_password === 'goodbye');
     $passwords = DB::queryFirstColumn("SELECT password FROM accounts WHERE username=%s", 'Bart');
     $this->assert(count($passwords) === 1);
     $this->assert($passwords[0] === 'hello');
     $username = $password = $age = null;
     list($age, $username, $password) = DB::queryOneList("SELECT age,username,password FROM accounts WHERE username=%s", 'Bart');
     $this->assert($username === 'Bart');
     $this->assert($password === 'hello');
     $this->assert($age == 15);
     $mysqli_result = DB::queryRaw("SELECT * FROM accounts WHERE favorite_word IS NULL");
     $this->assert($mysqli_result instanceof MySQLi_Result);
     $row = $mysqli_result->fetch_assoc();
     $this->assert($row['password'] === 'goodbye');
     $this->assert($mysqli_result->fetch_assoc() === null);
 }
Exemplo n.º 2
0
function show_page()
{
    $row = DB::queryFirstRow('SELECT * FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"');
    $name = htmlentities($row['name']);
    $content = "      " . str_replace("\n", "\n      ", $row['content']);
    if (strpos($content, '<h1>') != 6) {
        $content = '<h1></h1><br /><br />' . $content;
    }
    global $LMT_EMAIL;
    $content = str_replace('{CONTACT_LINK}', email_obfuscate($LMT_EMAIL, null, '<span class="b">Please email us at:</span> '), $content);
    $page_id = htmlentities($_GET['ID']);
    global $use_rel_external_script;
    $use_rel_external_script = true;
    lmt_page_header($name);
    echo <<<HEREDOC
\t  <div style="float: left; margin-top: 40px;">
        <a href="List"><img src="../../../res/icons/arrow_left.png" alt="" /> Return to Page List</a>
        <div class="halfbreak"></div>
        <a href="Edit?ID={$page_id}"><img src="../../../res/icons/edit.png" alt="" /></a>
        <a href="Delete?ID={$page_id}"><img src="../../../res/icons/delete.png" alt="" /></a>
      </div>
      

HEREDOC;
    echo $content;
}
Exemplo n.º 3
0
function do_move()
{
    if ($_GET['xsrf_token'] != $_SESSION['xsrf_token']) {
        trigger_error('XSRF code incorrect', E_USER_ERROR);
    }
    if (isset($_GET['Up'])) {
        $operator = ' < ';
        $sql_order = 'DESC';
        $modifier = -1;
    } else {
        if (isset($_GET['Down'])) {
            $operator = ' > ';
            $sql_order = 'ASC';
            $modifier = 1;
        } else {
            trigger_error('Neither Up nor Down specified', E_USER_ERROR);
        }
    }
    $row = DB::queryFirstRow('SELECT order_num FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"');
    $order = $row['order_num'];
    $row = DB::queryFirstRow('SELECT page_id, order_num FROM pages WHERE order_num' . $operator . $order . ' ORDER BY order_num ' . $sql_order . ' LIMIT 1');
    $other_id = $row['page_id'];
    $new_order = (int) $order + $modifier;
    DB::queryRaw('UPDATE pages SET order_num="' . mysqli_real_escape_string(DB::get(), $new_order) . '" WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1');
    DB::queryRaw('UPDATE pages SET order_num="' . mysqli_real_escape_string(DB::get(), $order) . '" WHERE page_id="' . mysqli_real_escape_string(DB::get(), $other_id) . '" LIMIT 1');
    header('Location: List');
}
Exemplo n.º 4
0
 static function load($id)
 {
     $record = DB::queryFirstRow("SELECT * FROM " . SupplierTable::$TABLE_NAME . " WHERE id=%s", $id);
     if (!empty($record)) {
         return SuppliersService::supplierfromCursor($record);
     }
     return null;
 }
Exemplo n.º 5
0
 static function load($id)
 {
     $record = DB::queryFirstRow("SELECT * FROM " . PurchaseTable::$TABLE_NAME . " WHERE id=%s", $id);
     if (!empty($record)) {
         $purchase = PurchasesServices::purchaseFromCursor($record);
         return $purchase;
     }
     return null;
 }
Exemplo n.º 6
0
 public function login($type = 'public', $redirect = true)
 {
     // Initialize
     global $config;
     // Get user row
     if (!($user_row = DB::queryFirstRow("SELECT * FROM users WHERE username = %s", strtolower($_POST['username'])))) {
         $this->invalid_login($type);
     }
     // Check password
     $client = new encrypt();
     if ($client->get_password_hash($_POST['password'], $user_row['id']) != $user_row['password']) {
         $this->invalid_login($type);
     }
     // Get session ID
     do {
         $session_id = generate_random_string(60);
         $exists = DB::queryFirstRow("SELECT * FROM auth_sessions WHERE auth_hash = %s", hash('sha512', $session_id)) ? 1 : 0;
     } while ($exists > 0);
     // Check for 2FA
     $require_2fa = false;
     if ($config['enable_2fa'] == 'all') {
         $require_2fa = true;
     } elseif ($config['enable_2fa'] == 'admin' && $user_row['group_id'] == 1) {
         $require_2fa = true;
     }
     // Generate 2FA hash, if needed
     if ($require_2fa === true) {
         $status_2fa = 0;
         $hash_2fa = generate_random_string(60);
         // Send e-mail
         $url = "http://" . $_SERVER['HTTP_HOST'] . '/2fa/' . $hash_2fa;
         mail($user_row['email'], "2FA Authentication - {$config['site_name']}", "You are receiving this e-mail because you just tried to login to {$config['site_name']}, which required 2FA.  To proceed with your login, please click on the below URL:\r\n\r\n\t{$url}\r\n\r\nThank you,\r\n{$config['site_name']}\r\n");
     } else {
         $status_2fa = 1;
         $hash_2fa = '';
     }
     // Create session
     DB::insert('auth_sessions', array('userid' => $user_row['id'], 'last_active' => time(), 'auth_hash' => hash('sha512', $session_id), '2fa_status' => $status_2fa, '2fa_hash' => $hash_2fa));
     // Set cookie
     $cookie_name = COOKIE_NAME . 'auth_hash';
     setcookie($cookie_name, $session_id);
     // Update alerts
     DB::query("UPDATE alerts SET is_new = 0 WHERE is_new = 2 AND userid = %d", $user_row['id']);
     DB::query("UPDATE alerts SET is_new = 2 WHERE is_new = 1 AND userid = %d", $user_row['id']);
     // Redirect user
     if ($status_2fa == 0) {
         $route = $type == 'admin' ? 'admin/2fa' : '2fa';
         $template = new template($route);
         echo $template->parse();
         exit(0);
     } elseif ($type == 'admin' && $redirect === true) {
         header("Location: " . SITE_URI . "/admin/index");
         exit(0);
     }
     // Return
     return $user_row['id'];
 }
Exemplo n.º 7
0
function do_add_separator()
{
    if ($_GET['xsrf_token'] != $_SESSION['xsrf_token']) {
        trigger_error('XSRF code incorrect', E_USER_ERROR);
    }
    $row = DB::queryFirstRow('SELECT MIN(order_num - 1) AS new_order FROM pages');
    $new_order = $row['new_order'];
    DB::queryRaw('INSERT INTO pages (name, content, order_num) VALUES ("", "", "' . mysqli_real_escape_string(DB::get(), $new_order) . '")');
    header('Location: List');
}
Exemplo n.º 8
0
 static function loadUserByApiKey($apiKey)
 {
     $record = DB::queryFirstRow("SELECT * FROM " . UsersService::$TABLE_NAME . " WHERE api_key= %s ", $apiKey);
     if (!empty($record)) {
         $user = User::fromCursor($record);
         return $user;
     } else {
         return null;
     }
 }
Exemplo n.º 9
0
function isUserLoggedIn()
{
    $userId = getUserId();
    if ($userId != -1) {
        $account = DB::queryFirstRow("SELECT Id, Status FROM CWM_User WHERE Id=%?", $userId);
        $uidHashFromServer = sha1($account['Id']);
        $uidHash = getUserIdHash();
        return isset($uidHash) && $uidHashFromServer == $uidHash && !is_null($account) && $account['Status'] == 1;
    }
    return false;
}
Exemplo n.º 10
0
 public static function is_survey_open($survey_id, $time_to_check)
 {
     if (!SurveyAvail::search_survey_id($survey_id)) {
         return FALSE;
     }
     $surv_avail = DB::queryFirstRow("SELECT * FROM credentials_stu WHERE survey_id = %i", $survey_id);
     $mapped_surv_avail = SurveyAvail::row_map($surv_avail);
     $survey_start = $mapped_surv_avail['survey_start'];
     $survey_end = $mapped_surv_avail['survey_end'];
     return $survey_start <= $time_to_check and $time_to_check <= $survey_end;
 }
Exemplo n.º 11
0
 /**
  * Adds a project to the solution
  * @param [int] $solutionId
  * @param [int] $projectId
  * @param [string] $tokenValue
  * @return [int] Returns -1 if invalid token, 1 if valid token and project was added to the solution, 0 if valid token, but project is already connected the solution
  */
 public static function addProject($solutionId, $projectId, $tokenValue)
 {
     $result = -1;
     if (CWM_API::IsTokenValid($tokenValue)) {
         $row = DB::queryFirstRow("SELECT * FROM CWM_SolutionProject WHERE SolutionId=%? AND ProjectId=%?", $solutionId, $projectId);
         $result = is_null($row) == true ? 1 : 0;
         if ($result) {
             $result = DB::insert('CWM_SolutionProject', array('SolutionId' => $solutionId, 'ProjectId' => $projectId));
         }
     }
     return $result;
 }
Exemplo n.º 12
0
 public function isAdmin()
 {
     \DB::$user = '******';
     \DB::$password = '******';
     \DB::$dbName = 'Euro2016';
     $row = \DB::queryFirstRow("select * from userroles where userid = %i;", Auth::user()->id);
     if (\DB::count() > 0) {
         return true;
     } else {
         return false;
     }
 }
Exemplo n.º 13
0
 public static function getFromToken($tokenValue)
 {
     $user = null;
     if (CWM_API::IsTokenValid($tokenValue)) {
         $row = DB::queryFirstRow("SELECT * FROM CWM_User as u JOIN CWM_ApiKeySession as aks ON u.Id = aks.UserId WHERE aks.TokenValue=%?", $tokenValue);
         if (!is_null($row)) {
             $status = $row['Status'] == '1' ? true : false;
             $isFirstTime = $row['IsFirstTime'] == '1' ? true : false;
             $user = new CWM_User($row['UserId'], $row['Email'], "", "", $status, $isFirstTime);
         }
     }
     return $user;
 }
Exemplo n.º 14
0
function do_delete_page()
{
    if ((int) $_GET['ID'] == -1) {
        trigger_error('Cannot delete Registration page', E_USER_ERROR);
    }
    if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
        trigger_error('XSRF code incorrect', E_USER_ERROR);
    }
    $row = DB::queryFirstRow('SELECT name FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"');
    $page_name = htmlentities($row['name']);
    DB::queryRaw('DELETE FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1');
    alert('The page &quot;' . $page_name . '&quot; has been deleted', 1);
    header('Location: List');
}
Exemplo n.º 15
0
 public function createPlaylst($StreamId)
 {
     $Sc_Trans_conf = \DB::queryFirstRow("SELECT * FROM sc_rel WHERE id=%s", $StreamId);
     $Sc_Playlist = \DB::queryFirstRow("SELECT * FROM playlist WHERE id=%s", $Sc_Trans_conf['play_list_id']);
     $SC_Port_Base = \DB::queryFirstRow("SELECT PortBase FROM sc_serv_conf WHERE id=%s", $Sc_Trans_conf['sc_serv_conf_id']);
     $datei = fopen("userconf/" . $SC_Port_Base['PortBase'] . "/" . $Sc_Playlist['playlist_name'] . ".lst", "w+");
     $columns = \DB::query("SELECT mp3_id FROM playlist_mp3_rel WHERE playlist_id=%s", $Sc_Playlist['id']);
     foreach ($columns as $mp3) {
         $mp3_name = \DB::query("SELECT dir_titel FROM mp3 WHERE id=%s", $mp3['mp3_id']);
         foreach ($mp3_name as $name) {
             fwrite($datei, $_SERVER['DOCUMENT_ROOT'] . "/mp3collection/" . $name['dir_titel'] . "\r\n");
         }
     }
     fclose($datei);
 }
Exemplo n.º 16
0
 public function __construct($parts = array())
 {
     // Get product ID
     $product_id = preg_replace("/\\.(.+)\$/", "", $parts[1]);
     if (!($prow = DB::queryFirstRow("SELECT * FROM products_images WHERE id = %d", $product_id))) {
         if (!($prow = DB::queryFirstRow("SELECT * FROM products_images WHERE id = 0"))) {
             echo "Invalid image";
             exit(0);
         }
     }
     // Display image
     header("Content-type: {$prow['mime_type']}");
     echo base64_decode($prow['contents']);
     exit(0);
 }
Exemplo n.º 17
0
function show_form($err)
{
    global $use_rel_external_script;
    $use_rel_external_script = true;
    lmt_page_header('Edit Page');
    if ($err != '') {
        $err = "\n        <div class=\"error\">{$err}</div><br />\n";
    }
    @($name = htmlentities($_POST['name']));
    @($content = htmlentities($_POST['content']));
    // Fetch data if this is the first time the form has been shown
    if ($name == '' || $content == '') {
        $row = DB::queryFirstRow('SELECT name, content FROM pages WHERE page_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"');
        if ($name == '') {
            $name = htmlentities($row['name']);
        }
        if ($content == '') {
            $content = htmlentities($row['content']);
        }
    }
    echo <<<HEREDOC
      <h1>Edit Page</h1>
      {$err}
      <form id="lmtAddPage" method="post" action="{$_SERVER['REQUEST_URI']}">
        <table class="spacious">
          <tr>
            <td>Title:</td>
            <td><input type="text" name="name" value="{$name}" size="25" maxlength="25" /></td>
          </tr><tr>
            <td>Content:&nbsp;</td>
            <td>
              <textarea name="content" rows="25" cols="80" class="code">{$content}</textarea>
              <div class="small">Please write XHTML-compliant code.<br />
              Links marked with rel=&quot;external&quot; open in a new window. Links are relative to /LMT.</div><br />
            </td>
          </tr><tr>
            <td></td>
            <td>
              <input type="hidden" name="xsrf_token" value="{$_SESSION['xsrf_token']}" />
              <input type="submit" name="lmt_do_edit_page" value="Save Changes" />
              &nbsp;&nbsp;<a href="List">Cancel</a><br /><br /><br />
            </td>
          </tr>
        </table>
      </form>
HEREDOC;
    die;
}
Exemplo n.º 18
0
function show_page()
{
    lmt_page_header('Guts Extra');
    echo <<<HEREDOC
      <h1>Guts Extra</h1>
      
      <span class="b">Average x:</span> 
HEREDOC;
    $c_sub = "SELECT (SELECT AVG(guts_ans_c) FROM teams WHERE deleted=\"0\") as avg";
    $row = DB::queryFirstRow($c_sub);
    $avg = $row['avg'];
    if ($avg == '' || is_null($avg)) {
        $avg = '0';
    }
    echo $avg;
}
Exemplo n.º 19
0
 public function __construct($parts = array())
 {
     // Check for row
     if (!($row = DB::queryFirstRow("SELECT * FROM auth_sessions WHERE 2fa_hash = %s AND 2fa_status = 0", $parts[1]))) {
         echo "Invalid 2FA request.  Please check the URL, and try again.";
         exit(0);
     }
     // Update
     DB::query("UPDATE auth_sessions SET 2fa_hash = '', 2fa_status = 1 WHERE id = %d", $row['id']);
     // Redirect, as needed
     $group_id = DB::queryFirstField("SELECT group_id FROM users WHERE id = %d", $row['userid']);
     if ($group_id == 1) {
         header("Location: " . SITE_URI . "/admin/");
     } else {
         header("Location: " . SITE_URI);
     }
     // Exit
     exit(0);
 }
Exemplo n.º 20
0
 public function get_rows($start = 0)
 {
     // Get rows to display
     $rows = DB::query("SELECT * FROM coin_unauthorized_sends ORDER BY date_added DESC LIMIT {$start},{$this->rows_per_page}");
     // Go through rows
     $results = array();
     foreach ($rows as $row) {
         $irow = DB::queryFirstRow("SELECT * FROM coin_inputs WHERE id = %d", $row['input_id']);
         $username = get_user($irow['userid']);
         $row['date_added'] = fdate($row['date_added'], true);
         $row['amount'] = fmoney_coin($irow['amount']) . ' BTC';
         $row['checkbox'] = "<center><input type=\"checkbox\" name=\"unauthorized_send_id[]\" value=\"{$row['id']}\"></center>";
         $row['user'] = "******"" . SITE_URI . "/admin/user/manage2?username={$username}\">{$username}</a>";
         $row['address'] = "<a href=\"" . SITE_URI . "/admin/financial/addresses_view?address={$irow['address']}\">{$irow['address']}</a>";
         $row['viewtx'] = "<center><a href=\"" . SITE_URI . "/admin/financial/tx?txid={$row['txid']}\" class=\"btn btn-primary btn-xs\">View Tx</a></center>";
         array_push($results, $row);
     }
     // Return
     return $results;
 }
Exemplo n.º 21
0
 public function get_rows($start = 0)
 {
     // Initailize
     global $template;
     // Get rows to display
     $rows = DB::query("SELECT * FROM alerts WHERE type = %s AND userid = %d ORDER BY date_added DESC LIMIT {$start},{$this->rows_per_page}", $this->type, $GLOBALS['userid']);
     // Go through rows
     $results = array();
     foreach ($rows as $row) {
         // Get URLs
         $addr_url = $template->theme == 'public' ? SITE_URI . "/account/address?address={$row['address']}" : SITE_URI . "/admin/financial/addresses_view?address={$row['address']}";
         // Set variables
         $row['checkbox'] = "<center><input type=\"checkbox\" name=\"alert_id[]\" value=\"{$row['id']}\"></center>";
         $row['date_added'] = fdate($row['date_added'], true);
         // Type specific variables
         if ($this->type == 'new_user') {
             $user_row = DB::queryFirstRow("SELECT * FROM users WHERE id = %d", $row['reference_id']);
             $row['username'] = $user_row['username'];
             $row['email'] = $user_row['email'];
         } else {
             $input = DB::queryFirstRow("SELECT * FROM coin_inputs WHERE id = %d", $row['reference_id']);
             $row['username'] = get_user($input['userid']);
             $row['amount'] = fmoney_coin($input['amount']) . ' BTC';
             $row['viewtx'] = "<center><a href=\"" . SITE_URI . "/admin/financial/tx?txid=" . $input['txid'] . "\" class=\"btn btn-primary btn-xs\">View Tx</a></center>";
             if ($this->type == 'product_purchase') {
                 $row['product'] = DB::queryFirstField("SELECT display_name FROM products WHERE id = %d", $input['product_id']);
                 $row['manage'] = "<center><a href=\"" . SITE_URI . "/admin/financial/orders_manage?order_id=" . $input['order_id'] . "\" class=\"btn btn-primary btn-xs\">Manage</a></center>";
             } elseif ($this->type == 'invoice_paid') {
                 $irow = DB::queryFirstRow("SELECT * FROM invoices WHERE id = %d", $input['invoice_id']);
                 $row['invoice'] = "ID# {$input['invoice_id']} (added: " . fdate($invoice['date_added']) . ")";
                 $row['manage'] = "<center><a href=\"" . SITE_URI . "/admin/financial/invoices_manage?invoice_id=" . $input['invoice_id'] . "\" class=\"btn btn-primary btn-xs\">Manage</a></center>";
             }
         }
         //$row['address'] = "<a href=\"$addr_url\">$row[address]</a>";
         $row['username'] = "******"" . SITE_URI . "/admin/user/manage2?username={$row['username']}\">{$row['username']}</a>";
         array_push($results, $row);
     }
     // Return
     return $results;
 }
Exemplo n.º 22
0
function send_verification_email()
{
    global $WEBMASTER_EMAIL;
    // Fetch email and code
    $row = DB::queryFirstRow('SELECT name, email, email_verification FROM users WHERE id=%i', $_SESSION['user_id']);
    $name = $row['name'];
    $email = $row['email'];
    $verification_code = $row['email_verification'];
    // Generate the verification link
    $protocol = @$_SERVER['HTTPS'] == 'on' ? 'https' : 'http';
    $url_pieces = parse_url($_SERVER['REQUEST_URI']);
    $link = URL::fileurl() . '?id=' . $_SESSION['user_id'] . '&code=' . $verification_code;
    // Assemble the email
    $to = $email;
    //'"' . $name . '" <' . $email . '>'; //For some reason this gives an error about RFC format.
    $subject = 'Verify your Email Address';
    //NOTE: in PHP Heredocs, apparently [] means something for variable interpolation,
    //so you need to wrap the variable in {}.
    $body = <<<HEREDOC
Welcome to the LHS Math Club website, {$name}!
Please click on the link below to verify your email address.

[b][url]{$link}[/url][/b]


If you didn't create an account, just ignore this email and nothing will happen.

To report abuse, please contact <{$WEBMASTER_EMAIL}>.
HEREDOC;
    send_email(array($to), $subject, $body, array($WEBMASTER_EMAIL));
    if (isset($_SESSION['ACCOUNT_do_send_verification_email'])) {
        unset($_SESSION['ACCOUNT_do_send_verification_email']);
    } else {
        $_SESSION['ACCOUNT_resent_confirmation_email'] = true;
    }
    // so that the page says 'Email has been re-sent'
    header('Location: Verify_Email');
    // reload the page so Refreshing won't resend
}
Exemplo n.º 23
0
 public static function authorize($data, $publicApiKey, $hash)
 {
     $newToken = "";
     $row = DB::queryFirstRow("SELECT * FROM CWM_ApiKey as ak JOIN CWM_UserApiKey uak ON ak.Id = uak.ApiKeyId WHERE PublicKey=%s", $publicApiKey);
     if (!is_null($row) && strlen(trim($publicApiKey)) > 0) {
         $userId = $row['UserId'];
         $privateApiKey = $row['PrivateKey'];
         $apiKeyIndex = $row['Id'];
         $hashCheck = sha1($data . $privateApiKey . $publicApiKey);
         $result = $hashCheck == $hash;
         if ($result) {
             $oldToken = DB::queryOneField('TokenValue', 'SELECT * FROM CWM_ApiKeySession WHERE UserId=%?', $userId);
             if (!CWM_API::isTokenValid($oldToken)) {
                 $newToken = sha1($userId . $privateApiKey . $hashCheck . CWM_API::getDateTime(time()));
                 DB::insertUpdate('CWM_ApiKeySession', array('ApiKeyId' => $apiKeyIndex, 'LastAccess' => CWM_API::getDateTime(time()), 'UserId' => $userId, 'TokenValue' => $newToken));
             } else {
                 $newToken = $oldToken;
             }
         }
     }
     return $newToken;
 }
Exemplo n.º 24
0
function do_add_page()
{
    if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
        trigger_error('XSRF code incorrect', E_USER_ERROR);
    }
    $name = $_POST['name'];
    $content = $_POST['content'];
    if ($name == '') {
        show_form('Please choose a name for the page');
    }
    if (strlen($name) > 25) {
        show_form('The page name may not be longer than 25 characters');
    }
    if (strlen($content) > 20000) {
        show_form('The content may not be longer than 20,000 characters');
    }
    // ** VALIDATION COMPLETE ** \\
    $row = DB::queryFirstRow('SELECT MIN(order_num - 1) AS new_order FROM pages');
    $new_order = $row['new_order'];
    DB::queryRaw('INSERT INTO pages (name, content, order_num) VALUES ("' . mysqli_real_escape_string(DB::get(), $name) . '", "' . mysqli_real_escape_string(DB::get(), $content) . '", "' . mysqli_real_escape_string(DB::get(), $new_order) . '")');
    $row = DB::queryFirstRow('SELECT page_id FROM pages WHERE order_num="' . mysqli_real_escape_string(DB::get(), $new_order) . '"');
    header('Location: View?ID=' . $row['page_id']);
}
Exemplo n.º 25
0
function addscore($id, $score)
{
    if ($score <= 0 || $score > 5) {
        exit('score_illegal');
    }
    $info = DB::queryFirstRow('SELECT * FROM rating WHERE itemid=' . $id);
    if (!$info) {
        //exit("$id info_not_found");
        DB::insert('rating', array('itemid' => $id));
    }
    $myscore = DB::queryFirstRow('SELECT * FROM rating_log WHERE itemid=' . $id . ' AND ip=\'' . getip() . '\' ORDER BY timestamp DESC');
    if (!$myscore) {
        $newscore = $info['totalrate'] + $score;
        DB::update('rating', array('totalrate' => $newscore, 'ratenum' => $info['ratenum'] + 1), "itemid={$id}");
        DB::insert('rating_log', array('ip' => getip(), 'itemid' => $id, 'score' => $score, 'timestamp' => time(), 'opt' => 1));
    } else {
        //update
        $newscore = $info['totalrate'] + $score - $myscore['score'];
        DB::update('rating', array('totalrate' => $newscore, 'ratenum' => $info['ratenum']), "itemid={$id}");
        DB::insert('rating_log', array('ip' => getip(), 'itemid' => $id, 'score' => $score, 'timestamp' => time(), 'opt' => 0));
    }
    return true;
}
Exemplo n.º 26
0
function attempt_login_user($user_name, $password, $company_id, $superadmin)
{
    // build a check here to put appropriate fields in the session
    $is_logged = DB::queryFirstRow("SELECT * FROM " . DB_PREFIX . "test_users u WHERE (u.`user_name`='" . $user_name . "' OR u.`user_email`='" . $user_name . "') AND u.`password`='" . $password . "' AND u.`company_id`='" . $company_id . "' AND u.`user_status`='active'");
    if ($is_logged) {
        $company = get_company_details($company_id);
        $_SESSION['is_logged'] = 1;
        $_SESSION['company_id'] = $company_id;
        $_SESSION['user_id'] = $is_logged['user_id'];
        $_SESSION['user_name'] = $is_logged['user_name'];
        $_SESSION['role_id'] = 1;
        $_SESSION['co_prefix'] = get_db_co_prefix($company_id);
        $_SESSION['company_name'] = $company['company_name'];
        $_SESSION['default_expense_account'] = 1;
        // get default Expense Account Company
        return true;
    } else {
        $prefix = DB_PREFIX;
        $is_company_admin = DB::queryFirstField("SELECT COUNT(*) FROM " . $prefix . "companies WHERE super_admin_user = '******' AND super_admin_password = '******' ");
        if ($is_company_admin) {
            $company = get_company_details($company_id);
            $_SESSION['is_logged'] = 1;
            $_SESSION['company_id'] = $company_id;
            $_SESSION['user_id'] = 1;
            $_SESSION['user_name'] = $user_name;
            $_SESSION['role_id'] = 1;
            $_SESSION['co_prefix'] = get_db_co_prefix($company_id);
            $_SESSION['company_name'] = $company['company_name'];
            $_SESSION['default_expense_account'] = 1;
            // get default Expense Account Company
            return true;
        } else {
            return '<h4 style="color:red;">Invalid User Name or Password</h4>';
        }
    }
}
Exemplo n.º 27
0
        // close file exist
        //if update is successful redirect the page to view client list
        if ($update) {
            echo '<script>alert("Edited Details Successfully");</script>';
            echo '<script>window.location.replace("' . $_SERVER['PHP_SELF'] . '?route=modules/clients/view_clients");</script>';
        }
    }
    echo '<h2> $_FILES variable</h2>';
    echo "<pre>";
    print_r($_FILES);
    echo "</pre>";
}
if (isset($_GET['client_id'])) {
    $client_id = $_GET['client_id'];
    $sql = "SELECT\n\t\t\t\t*\n\t\t\t\tFROM\n\t\t\t\ttams_clients\n\t\t\t\tWHERE client_id = {$client_id} ;";
    $client = DB::queryFirstRow($sql);
    $client_id = $client['client_id'];
    $company_name = $client['company_name'];
    $logo_url = $client['logo_url'];
    $client_name = $client['client_name'];
    $client_title = $client['client_title'];
    $client_address = $client['client_address'];
    $client_city = $client['client_city'];
    $client_country = $client['client_country'];
    $client_phone_1 = $client['client_phone_1'];
    $client_phone_2 = $client['client_phone_2'];
    $client_fax = $client['client_fax'];
    $client_email = $client['client_email'];
    $client_account_manager = $client['client_account_manager'];
    $client_status = $client['client_status'];
    $created_on = $client['created_on'];
Exemplo n.º 28
0
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
//load main functions needed
require_once 'sources/main.functions.php';
// Load CORE
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/core.php';
/* DEFINE WHAT LANGUAGE TO USE */
if (!isset($_SESSION['user_id']) && isset($_GET['language'])) {
    // case of user has change language in the login page
    $dataLanguage = DB::queryFirstRow("SELECT flag, name\n        FROM " . prefix_table("languages") . "\n        WHERE name = %s", $_GET['language']);
    $_SESSION['user_language'] = $dataLanguage['name'];
    $_SESSION['user_language_flag'] = $dataLanguage['flag'];
} elseif (!isset($_SESSION['user_id']) && !isset($_POST['language']) && !isset($_SESSION['user_language'])) {
    //get default language
    $dataLanguage = DB::queryFirstRow("SELECT m.valeur AS valeur, l.flag AS flag\n        FROM " . prefix_table("misc") . " AS m\n        INNER JOIN " . prefix_table("languages") . " AS l ON (m.valeur = l.name)\n        WHERE m.type=%s_type AND m.intitule=%s_intitule", array('type' => "admin", 'intitule' => "default_language"));
    if (empty($dataLanguage['valeur'])) {
        $_SESSION['user_language'] = "english";
        $_SESSION['user_language_flag'] = "us.png";
    } else {
        $_SESSION['user_language'] = $dataLanguage['valeur'];
        $_SESSION['user_language_flag'] = $dataLanguage['flag'];
    }
} elseif (isset($_SESSION['settings']['default_language']) && !isset($_SESSION['user_language'])) {
    $_SESSION['user_language'] = $_SESSION['settings']['default_language'];
} elseif (isset($_POST['language'])) {
    $_SESSION['user_language'] = filter_var($_POST['language'], FILTER_SANITIZE_STRING);
} elseif (!isset($_SESSION['user_language']) || empty($_SESSION['user_language'])) {
    if (isset($_POST['language'])) {
        $_SESSION['user_language'] = filter_var($_POST['language'], FILTER_SANITIZE_STRING);
    } elseif (isset($_SESSION['settings']['default_language'])) {
Exemplo n.º 29
0
    echo $txtEditView . " " . $appTitle;
    ?>
</h3>
	<a href="javascript:parent.jQuery.fancybox.close();" class="btn">Close</a>
            <div style="float: right; margin-bottom: 10px">
            <label style="display: inline-block; margin-right: 50px"><input type="checkbox" id="autoopen" style="vertical-align: baseline">&nbsp;auto-open next field</label>
            <button id="enable" class="btn"><?php 
    echo $txtEnableButton;
    ?>
</button>
            </div>
	<table id="editform" class="table table-bordered table-striped table-hover">
		<tbody>
		<?php 
    $FieldType = explode(',', $strFieldType);
    $record = DB::queryFirstRow("SELECT * FROM {$db_Table} WHERE {$arrFieldNames['0']}=%i", $key);
    $columns = DB::columnList($db_Table);
    $count = count($columns);
    for ($i = 0; $i <= $count - 1; $i++) {
        if (substr($strDisplayViewEdit, $i, 1) == 1 || substr($strDisplayViewEdit, $i, 1) == 2 || substr($strDisplayViewEdit, $i, 1) == 3) {
            if (substr($strRequired, $i, 1) == 1) {
                $required = "<font color='red'>*</font>";
            } else {
                $required = '';
            }
            echo '<tr><td id="fieldnames" class="editfieldname">' . $arrFieldNames[$i] . ':' . $required . '</td>';
            // check if field type is checkkist or select2 and see if it needs to be unserialized
            if (!empty($FieldType[$i]) && $FieldType[$i] == 'checklist' || $FieldType[$i] == 'select2') {
                $data = @unserialize($record[$arrFieldNames[$i]]);
                if ($data !== false || $record[$arrFieldNames[$i]] === 'b:0;') {
                    $record[$arrFieldNames[$i]] = json_encode(unserialize($record[$arrFieldNames[$i]]));
Exemplo n.º 30
0
function identifyUser($sentData)
{
    global $debugLdap, $debugDuo, $k;
    include $_SESSION['settings']['cpassman_dir'] . '/includes/settings.php';
    header("Content-type: text/html; charset=utf-8");
    error_reporting(E_ERROR);
    require_once $_SESSION['settings']['cpassman_dir'] . '/sources/main.functions.php';
    require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
    if ($debugDuo == 1) {
        $dbgDuo = fopen($_SESSION['settings']['path_to_files_folder'] . "/duo.debug.txt", "a");
    }
    /*
    if (empty($sentData) && isset($_COOKIE['TeamPassC'])) {
    	$sentData = prepareExchangedData($_COOKIE['TeamPassC'], "encode");
    	setcookie('TeamPassC', "", time()-3600);
    }
    */
    if ($debugDuo == 1) {
        fputs($dbgDuo, "Content of data sent '" . $sentData . "'\n");
    }
    // connect to the server
    require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
    DB::$host = $server;
    DB::$user = $user;
    DB::$password = $pass;
    DB::$dbName = $database;
    DB::$port = $port;
    DB::$encoding = $encoding;
    DB::$error_handler = 'db_error_handler';
    $link = mysqli_connect($server, $user, $pass, $database, $port);
    $link->set_charset($encoding);
    //Load AES
    $aes = new SplClassLoader('Encryption\\Crypt', '../includes/libraries');
    $aes->register();
    // load passwordLib library
    $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries');
    $pwdlib->register();
    $pwdlib = new PasswordLib\PasswordLib();
    // User's language loading
    $k['langage'] = @$_SESSION['user_language'];
    require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
    // decrypt and retreive data in JSON format
    $dataReceived = prepareExchangedData($sentData, "decode");
    // Prepare variables
    $passwordClear = htmlspecialchars_decode($dataReceived['pw']);
    $passwordOldEncryption = encryptOld(htmlspecialchars_decode($dataReceived['pw']));
    $username = htmlspecialchars_decode($dataReceived['login']);
    $logError = "";
    if ($debugDuo == 1) {
        fputs($dbgDuo, "Starting authentication of '" . $username . "'\n");
    }
    // GET SALT KEY LENGTH
    if (strlen(SALT) > 32) {
        $_SESSION['error']['salt'] = true;
    }
    $_SESSION['user_language'] = $k['langage'];
    $ldapConnection = false;
    /* LDAP connection */
    if ($debugLdap == 1) {
        // create temp file
        $dbgLdap = fopen($_SESSION['settings']['path_to_files_folder'] . "/ldap.debug.txt", "w");
        fputs($dbgLdap, "Get all LDAP params : \n" . 'mode : ' . $_SESSION['settings']['ldap_mode'] . "\n" . 'type : ' . $_SESSION['settings']['ldap_type'] . "\n" . 'base_dn : ' . $_SESSION['settings']['ldap_domain_dn'] . "\n" . 'search_base : ' . $_SESSION['settings']['ldap_search_base'] . "\n" . 'bind_dn : ' . $_SESSION['settings']['ldap_bind_dn'] . "\n" . 'bind_passwd : ' . $_SESSION['settings']['ldap_bind_passwd'] . "\n" . 'user_attribute : ' . $_SESSION['settings']['ldap_user_attribute'] . "\n" . 'account_suffix : ' . $_SESSION['settings']['ldap_suffix'] . "\n" . 'domain_controllers : ' . $_SESSION['settings']['ldap_domain_controler'] . "\n" . 'use_ssl : ' . $_SESSION['settings']['ldap_ssl'] . "\n" . 'use_tls : ' . $_SESSION['settings']['ldap_tls'] . "\n*********\n\n");
    }
    if ($debugDuo == 1) {
        fputs($dbgDuo, "LDAP status: " . $_SESSION['settings']['ldap_mode'] . "\n");
    }
    if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $username != "admin") {
        //Multiple Domain Names
        if (strpos(html_entity_decode($username), '\\') == true) {
            $ldap_suffix = "@" . substr(html_entity_decode($username), 0, strpos(html_entity_decode($username), '\\'));
            $username = substr(html_entity_decode($username), strpos(html_entity_decode($username), '\\') + 1);
        }
        if ($_SESSION['settings']['ldap_type'] == 'posix-search') {
            $ldapconn = ldap_connect($_SESSION['settings']['ldap_domain_controler']);
            if ($debugLdap == 1) {
                fputs($dbgLdap, "LDAP connection : " . ($ldapconn ? "Connected" : "Failed") . "\n");
            }
            ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
            if ($ldapconn) {
                $ldapbind = ldap_bind($ldapconn, $_SESSION['settings']['ldap_bind_dn'], $_SESSION['settings']['ldap_bind_passwd']);
                if ($debugLdap == 1) {
                    fputs($dbgLdap, "LDAP bind : " . ($ldapbind ? "Bound" : "Failed") . "\n");
                }
                if ($ldapbind) {
                    $filter = "(&(" . $_SESSION['settings']['ldap_user_attribute'] . "={$username})(objectClass=posixAccount))";
                    $result = ldap_search($ldapconn, $_SESSION['settings']['ldap_search_base'], $filter, array('dn'));
                    if ($debugLdap == 1) {
                        fputs($dbgLdap, 'Search filter : ' . $filter . "\n" . 'Results : ' . print_r(ldap_get_entries($ldapconn, $result), true) . "\n");
                    }
                    if (ldap_count_entries($ldapconn, $result)) {
                        // try auth
                        $result = ldap_get_entries($ldapconn, $result);
                        $user_dn = $result[0]['dn'];
                        $ldapbind = ldap_bind($ldapconn, $user_dn, $passwordClear);
                        if ($ldapbind) {
                            $ldapConnection = true;
                        } else {
                            $ldapConnection = false;
                        }
                    }
                } else {
                    $ldapConnection = false;
                }
            } else {
                $ldapConnection = false;
            }
        } else {
            if ($debugLdap == 1) {
                fputs($dbgLdap, "Get all ldap params : \n" . 'base_dn : ' . $_SESSION['settings']['ldap_domain_dn'] . "\n" . 'account_suffix : ' . $_SESSION['settings']['ldap_suffix'] . "\n" . 'domain_controllers : ' . $_SESSION['settings']['ldap_domain_controler'] . "\n" . 'use_ssl : ' . $_SESSION['settings']['ldap_ssl'] . "\n" . 'use_tls : ' . $_SESSION['settings']['ldap_tls'] . "\n*********\n\n");
            }
            $adldap = new SplClassLoader('LDAP\\adLDAP', '../includes/libraries');
            $adldap->register();
            // Posix style LDAP handles user searches a bit differently
            if ($_SESSION['settings']['ldap_type'] == 'posix') {
                $ldap_suffix = ',' . $_SESSION['settings']['ldap_suffix'] . ',' . $_SESSION['settings']['ldap_domain_dn'];
            } elseif ($_SESSION['settings']['ldap_type'] == 'windows' and $ldap_suffix == '') {
                //Multiple Domain Names
                $ldap_suffix = $_SESSION['settings']['ldap_suffix'];
            }
            $adldap = new LDAP\adLDAP\adLDAP(array('base_dn' => $_SESSION['settings']['ldap_domain_dn'], 'account_suffix' => $ldap_suffix, 'domain_controllers' => explode(",", $_SESSION['settings']['ldap_domain_controler']), 'use_ssl' => $_SESSION['settings']['ldap_ssl'], 'use_tls' => $_SESSION['settings']['ldap_tls']));
            if ($debugLdap == 1) {
                fputs($dbgLdap, "Create new adldap object : " . $adldap->get_last_error() . "\n\n\n");
                //Debug
            }
            // openLDAP expects an attribute=value pair
            if ($_SESSION['settings']['ldap_type'] == 'posix') {
                $auth_username = $_SESSION['settings']['ldap_user_attribute'] . '=' . $username;
            } else {
                $auth_username = $username;
            }
            // authenticate the user
            if ($adldap->authenticate($auth_username, html_entity_decode($passwordClear))) {
                $ldapConnection = true;
                //update user's password
                $data['pw'] = $pwdlib->createPasswordHash($passwordClear);
                DB::update(prefix_table('users'), array('pw' => $data['pw']), "login=%s", $username);
            } else {
                $ldapConnection = false;
            }
            if ($debugLdap == 1) {
                fputs($dbgLdap, "After authenticate : " . $adldap->get_last_error() . "\n\n\n" . "ldap status : " . $ldapConnection . "\n\n\n");
                //Debug
            }
        }
    } else {
        if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 2) {
            // nothing
        }
    }
    // Check if user exists
    $data = DB::queryFirstRow("SELECT * FROM " . prefix_table("users") . " WHERE login=%s_login", array('login' => $username));
    $counter = DB::count();
    if ($debugDuo == 1) {
        fputs($dbgDuo, "USer exists: " . $counter . "\n");
    }
    // Check PSK
    if (isset($_SESSION['settings']['psk_authentication']) && $_SESSION['settings']['psk_authentication'] == 1 && $data['admin'] != 1) {
        $psk = htmlspecialchars_decode($dataReceived['psk']);
        $pskConfirm = htmlspecialchars_decode($dataReceived['psk_confirm']);
        if (empty($psk)) {
            echo '[{"value" : "psk_required"}]';
            exit;
        } elseif (empty($data['psk'])) {
            if (empty($pskConfirm)) {
                echo '[{"value" : "bad_psk_confirmation"}]';
                exit;
            } else {
                $_SESSION['my_sk'] = $psk;
            }
        } elseif ($pwdlib->verifyPasswordHash($psk, $data['psk']) === true) {
            echo '[{"value" : "bad_psk"}]';
            exit;
        }
    }
    $proceedIdentification = false;
    if ($counter > 0) {
        $proceedIdentification = true;
    } elseif ($counter == 0 && $ldapConnection == true && isset($_SESSION['settings']['ldap_elusers']) && $_SESSION['settings']['ldap_elusers'] == 0) {
        // If LDAP enabled, create user in CPM if doesn't exist
        $data['pw'] = $pwdlib->createPasswordHash($passwordClear);
        // create passwordhash
        DB::insert(prefix_table('users'), array('login' => $username, 'pw' => $data['pw'], 'email' => "", 'admin' => '0', 'gestionnaire' => '0', 'personal_folder' => $_SESSION['settings']['enable_pf_feature'] == "1" ? '1' : '0', 'fonction_id' => '0', 'groupes_interdits' => '0', 'groupes_visibles' => '0', 'last_pw_change' => time(), 'user_language' => $_SESSION['settings']['default_language']));
        $newUserId = DB::insertId();
        // Create personnal folder
        if ($_SESSION['settings']['enable_pf_feature'] == "1") {
            DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => $newUserId, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1'));
        }
        // Get info for user
        //$sql = "SELECT * FROM ".prefix_table("users")." WHERE login = '******'";
        //$row = $db->query($sql);
        $proceedIdentification = true;
    }
    // Check if user exists (and has been created in case of new LDAP user)
    $data = DB::queryFirstRow("SELECT * FROM " . prefix_table("users") . " WHERE login=%s_login", array('login' => $username));
    $counter = DB::count();
    if ($counter == 0) {
        echo '[{"value" : "user_not_exists", "text":""}]';
        exit;
    }
    if ($debugDuo == 1) {
        fputs($dbgDuo, "USer exists (confirm): " . $counter . "\n");
    }
    // check GA code
    if (isset($_SESSION['settings']['2factors_authentication']) && $_SESSION['settings']['2factors_authentication'] == 1 && $username != "admin") {
        if (isset($dataReceived['GACode']) && !empty($dataReceived['GACode'])) {
            include_once $_SESSION['settings']['cpassman_dir'] . "/includes/libraries/Authentication/GoogleAuthenticator/FixedBitNotation.php";
            include_once $_SESSION['settings']['cpassman_dir'] . "/includes/libraries/Authentication/GoogleAuthenticator/GoogleAuthenticator.php";
            $g = new Authentication\GoogleAuthenticator\GoogleAuthenticator();
            if ($g->checkCode($data['ga'], $dataReceived['GACode'])) {
                $proceedIdentification = true;
            } else {
                $proceedIdentification = false;
                $logError = "ga_code_wrong";
            }
        } else {
            $proceedIdentification = false;
            $logError = "ga_code_wrong";
        }
    }
    if ($debugDuo == 1) {
        fputs($dbgDuo, "Proceed with Ident: " . $proceedIdentification . "\n");
    }
    if ($proceedIdentification === true) {
        // User exists in the DB
        //$data = $db->fetchArray($row);
        //v2.1.17 -> change encryption for users password
        if ($passwordOldEncryption == $data['pw'] && !empty($data['pw'])) {
            //update user's password
            $data['pw'] = bCrypt($passwordClear, COST);
            DB::update(prefix_table('users'), array('pw' => $data['pw']), "id=%i", $data['id']);
        }
        if (crypt($passwordClear, $data['pw']) == $data['pw'] && !empty($data['pw'])) {
            //update user's password
            $data['pw'] = $pwdlib->createPasswordHash($passwordClear);
            DB::update(prefix_table('users'), array('pw' => $data['pw']), "id=%i", $data['id']);
        }
        // check the given password
        if ($pwdlib->verifyPasswordHash($passwordClear, $data['pw']) === true) {
            $userPasswordVerified = true;
        } else {
            $userPasswordVerified = false;
        }
        if ($debugDuo == 1) {
            fputs($dbgDuo, "User's password verified: " . $userPasswordVerified . "\n");
        }
        // Can connect if
        // 1- no LDAP mode + user enabled + pw ok
        // 2- LDAP mode + user enabled + ldap connection ok + user is not admin
        // 3-  LDAP mode + user enabled + pw ok + usre is admin
        // This in order to allow admin by default to connect even if LDAP is activated
        if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 0 && $userPasswordVerified == true && $data['disabled'] == 0 || isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $ldapConnection == true && $data['disabled'] == 0 && $username != "admin" || isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 2 && $ldapConnection == true && $data['disabled'] == 0 && $username != "admin" || isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $username == "admin" && $userPasswordVerified == true && $data['disabled'] == 0) {
            $_SESSION['autoriser'] = true;
            // Generate a ramdom ID
            $key = $pwdlib->getRandomToken(50);
            if ($debugDuo == 1) {
                fputs($dbgDuo, "User's token: " . $key . "\n");
            }
            // Log into DB the user's connection
            if (isset($_SESSION['settings']['log_connections']) && $_SESSION['settings']['log_connections'] == 1) {
                logEvents('user_connection', 'connection', $data['id']);
            }
            // Save account in SESSION
            $_SESSION['login'] = stripslashes($username);
            $_SESSION['name'] = stripslashes($data['name']);
            $_SESSION['lastname'] = stripslashes($data['lastname']);
            $_SESSION['user_id'] = $data['id'];
            $_SESSION['user_admin'] = $data['admin'];
            $_SESSION['user_manager'] = $data['gestionnaire'];
            $_SESSION['user_read_only'] = $data['read_only'];
            $_SESSION['last_pw_change'] = $data['last_pw_change'];
            $_SESSION['last_pw'] = $data['last_pw'];
            $_SESSION['can_create_root_folder'] = $data['can_create_root_folder'];
            $_SESSION['key'] = $key;
            $_SESSION['personal_folder'] = $data['personal_folder'];
            $_SESSION['user_language'] = $data['user_language'];
            $_SESSION['user_email'] = $data['email'];
            $_SESSION['user_ga'] = $data['ga'];
            $_SESSION['user_avatar'] = $data['avatar'];
            $_SESSION['user_avatar_thumb'] = $data['avatar_thumb'];
            $_SESSION['user_upgrade_needed'] = $data['upgrade_needed'];
            // manage session expiration
            $serverTime = time();
            if ($dataReceived['TimezoneOffset'] > 0) {
                $userTime = $serverTime + $dataReceived['TimezoneOffset'];
            } else {
                $userTime = $serverTime;
            }
            $_SESSION['fin_session'] = $userTime + $dataReceived['duree_session'] * 60;
            /* If this option is set user password MD5 is used as personal SALTKey */
            if (isset($_SESSION['settings']['use_md5_password_as_salt']) && $_SESSION['settings']['use_md5_password_as_salt'] == 1) {
                $_SESSION['my_sk'] = md5($passwordClear);
                setcookie("TeamPass_PFSK_" . md5($_SESSION['user_id']), encrypt($_SESSION['my_sk'], ""), time() + 60 * 60 * 24 * $_SESSION['settings']['personal_saltkey_cookie_duration'], '/');
            }
            @syslog(LOG_WARNING, "User logged in - " . $_SESSION['user_id'] . " - " . date("Y/m/d H:i:s") . " {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
            if (empty($data['last_connexion'])) {
                $_SESSION['derniere_connexion'] = time();
            } else {
                $_SESSION['derniere_connexion'] = $data['last_connexion'];
            }
            if (!empty($data['latest_items'])) {
                $_SESSION['latest_items'] = explode(';', $data['latest_items']);
            } else {
                $_SESSION['latest_items'] = array();
            }
            if (!empty($data['favourites'])) {
                $_SESSION['favourites'] = explode(';', $data['favourites']);
            } else {
                $_SESSION['favourites'] = array();
            }
            if (!empty($data['groupes_visibles'])) {
                $_SESSION['groupes_visibles'] = @implode(';', $data['groupes_visibles']);
            } else {
                $_SESSION['groupes_visibles'] = array();
            }
            if (!empty($data['groupes_interdits'])) {
                $_SESSION['groupes_interdits'] = @implode(';', $data['groupes_interdits']);
            } else {
                $_SESSION['groupes_interdits'] = array();
            }
            // User's roles
            $_SESSION['fonction_id'] = $data['fonction_id'];
            $_SESSION['user_roles'] = explode(";", $data['fonction_id']);
            // build array of roles
            $_SESSION['user_pw_complexity'] = 0;
            $_SESSION['arr_roles'] = array();
            foreach (array_filter(explode(';', $_SESSION['fonction_id'])) as $role) {
                $resRoles = DB::queryFirstRow("SELECT title, complexity FROM " . prefix_table("roles_title") . " WHERE id=%i", $role);
                $_SESSION['arr_roles'][$role] = array('id' => $role, 'title' => $resRoles['title']);
                // get highest complexity
                if ($_SESSION['user_pw_complexity'] < $resRoles['complexity']) {
                    $_SESSION['user_pw_complexity'] = $resRoles['complexity'];
                }
            }
            // build complete array of roles
            $_SESSION['arr_roles_full'] = array();
            $rows = DB::query("SELECT id, title FROM " . prefix_table("roles_title") . " ORDER BY title ASC");
            foreach ($rows as $record) {
                $_SESSION['arr_roles_full'][$record['id']] = array('id' => $record['id'], 'title' => $record['title']);
            }
            // Set some settings
            $_SESSION['user']['find_cookie'] = false;
            $_SESSION['settings']['update_needed'] = "";
            // Update table
            DB::update(prefix_table('users'), array('key_tempo' => $_SESSION['key'], 'last_connexion' => time(), 'timestamp' => time(), 'disabled' => 0, 'no_bad_attempts' => 0, 'session_end' => $_SESSION['fin_session'], 'psk' => $pwdlib->createPasswordHash(htmlspecialchars_decode($psk))), "id=%i", $data['id']);
            if ($debugDuo == 1) {
                fputs($dbgDuo, "Preparing to identify the user rights\n");
            }
            // Get user's rights
            identifyUserRights($data['groupes_visibles'], $_SESSION['groupes_interdits'], $data['admin'], $data['fonction_id'], false);
            // Get some more elements
            $_SESSION['screenHeight'] = $dataReceived['screenHeight'];
            // Get last seen items
            $_SESSION['latest_items_tab'][] = "";
            foreach ($_SESSION['latest_items'] as $item) {
                if (!empty($item)) {
                    $data = DB::queryFirstRow("SELECT id,label,id_tree FROM " . prefix_table("items") . " WHERE id=%i", $item);
                    $_SESSION['latest_items_tab'][$item] = array('id' => $item, 'label' => $data['label'], 'url' => 'index.php?page=items&amp;group=' . $data['id_tree'] . '&amp;id=' . $item);
                }
            }
            // send back the random key
            $return = $dataReceived['randomstring'];
            // Send email
            if (isset($_SESSION['settings']['enable_send_email_on_user_login']) && $_SESSION['settings']['enable_send_email_on_user_login'] == 1 && $_SESSION['user_admin'] != 1) {
                // get all Admin users
                $receivers = "";
                $rows = DB::query("SELECT email FROM " . prefix_table("users") . " WHERE admin = %i", 1);
                foreach ($rows as $record) {
                    if (empty($receivers)) {
                        $receivers = $record['email'];
                    } else {
                        $receivers = "," . $record['email'];
                    }
                }
                // Add email to table
                DB::insert(prefix_table("emails"), array('timestamp' => time(), 'subject' => $LANG['email_subject_on_user_login'], 'body' => str_replace(array('#tp_user#', '#tp_date#', '#tp_time#'), array(" " . $_SESSION['login'], date($_SESSION['settings']['date_format'], $_SESSION['derniere_connexion']), date($_SESSION['settings']['time_format'], $_SESSION['derniere_connexion'])), $LANG['email_body_on_user_login']), 'receivers' => $receivers, 'status' => "not sent"));
            }
        } elseif ($data['disabled'] == 1) {
            // User and password is okay but account is locked
            $return = "user_is_locked";
        } else {
            // User exists in the DB but Password is false
            // check if user is locked
            $userIsLocked = 0;
            $nbAttempts = intval($data['no_bad_attempts'] + 1);
            if ($_SESSION['settings']['nb_bad_authentication'] > 0 && intval($_SESSION['settings']['nb_bad_authentication']) < $nbAttempts) {
                $userIsLocked = 1;
                // log it
                if (isset($_SESSION['settings']['log_connections']) && $_SESSION['settings']['log_connections'] == 1) {
                    logEvents('user_locked', 'connection', $data['id']);
                }
            }
            DB::update(prefix_table('users'), array('key_tempo' => $_SESSION['key'], 'last_connexion' => time(), 'disabled' => $userIsLocked, 'no_bad_attempts' => $nbAttempts), "id=%i", $data['id']);
            // What return shoulb we do
            if ($userIsLocked == 1) {
                $return = "user_is_locked";
            } elseif ($_SESSION['settings']['nb_bad_authentication'] == 0) {
                $return = "false";
            } else {
                $return = $nbAttempts;
            }
        }
    } else {
        $return = "false";
    }
    if ($debugDuo == 1) {
        fputs($dbgDuo, "\n\n----\n" . "Identified : " . $return . "\n");
    }
    echo '[{"value" : "' . $return . '", "user_admin":"', isset($_SESSION['user_admin']) ? $_SESSION['user_admin'] : "", '", "initial_url" : "' . @$_SESSION['initial_url'] . '",
            "error" : "' . $logError . '"}]';
    $_SESSION['initial_url'] = "";
    if ($_SESSION['settings']['cpassman_dir'] == "..") {
        $_SESSION['settings']['cpassman_dir'] = ".";
    }
}