* @link http://www.phpmyfaq.de
* @since 2012-07-07
*/
use Symfony\Component\HttpFoundation\JsonResponse;
if (!defined('IS_VALID_PHPMYFAQ')) {
$protocol = 'http';
if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') {
$protocol = 'https';
}
header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
$response = new JsonResponse();
$do = PMF_Filter::filterInput(INPUT_GET, 'do', FILTER_SANITIZE_STRING);
if ('insertentry' === $do && ($user->perm->checkRight($user->getUserId(), 'editbt') || $user->perm->checkRight($user->getUserId(), 'addbt')) || 'saveentry' === $do && $user->perm->checkRight($user->getUserId(), 'editbt')) {
$user = PMF_User_CurrentUser::getFromSession($faqConfig);
$dateStart = PMF_Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING);
$dateEnd = PMF_Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING);
$question = PMF_Filter::filterInput(INPUT_POST, 'question', FILTER_SANITIZE_STRING);
$categories = PMF_Filter::filterInputArray(INPUT_POST, array('rubrik' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY)));
$record_lang = PMF_Filter::filterInput(INPUT_POST, 'lang', FILTER_SANITIZE_STRING);
$tags = PMF_Filter::filterInput(INPUT_POST, 'tags', FILTER_SANITIZE_STRING);
$active = PMF_Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING);
$sticky = PMF_Filter::filterInput(INPUT_POST, 'sticky', FILTER_SANITIZE_STRING);
$content = PMF_Filter::filterInput(INPUT_POST, 'answer', FILTER_SANITIZE_SPECIAL_CHARS);
$keywords = PMF_Filter::filterInput(INPUT_POST, 'keywords', FILTER_SANITIZE_STRING);
$author = PMF_Filter::filterInput(INPUT_POST, 'author', FILTER_SANITIZE_STRING);
$email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
$comment = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING);
$record_id = PMF_Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT);
$solution_id = PMF_Filter::filterInput(INPUT_POST, 'solution_id', FILTER_VALIDATE_INT);
$groupAction = $defaultGroupAction;
$message = sprintf('<p class="alert alert-success">%s</p>', $PMF_LANG['ad_group_suc']);
// display error messages and show form again
} else {
$groupAction = 'add';
$message = '<p class="alert alert-error">';
foreach ($messages as $err) {
$message .= $err . '<br />';
}
$message .= '</p>';
}
}
if (!isset($message)) {
$message = '';
}
// show new group form
if ($groupAction == 'add' && $user->perm->checkRight($user->getUserId(), 'addgroup')) {
$user = new PMF_User_CurrentUser($faqConfig);
$twig->loadTemplate('group/add.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'descriptionCols' => $descriptionCols, 'descriptionRows' => $descriptionRows, 'groupAutoJoin' => !empty($group_auto_join), 'groupDescription' => isset($group_description) ? $group_description : '', 'groupName' => isset($group_name) ? $group_name : '', 'message' => $message));
}
// end if ($groupAction == 'add')
// show list of users
if ($groupAction == 'list') {
$rightsData = $user->perm->getAllRightsData();
foreach ($rightsData as $key => $right) {
if (isset($PMF_LANG['rightsLanguage'][$right['name']])) {
$rightsData[$key]['description'] = $PMF_LANG['rightsLanguage'][$right['name']];
}
}
$twig->loadTemplate('group/list.twig')->display(array('PMF_LANG' => $PMF_LANG, 'descriptionCols' => $descriptionCols, 'descriptionRows' => $descriptionRows, 'groupAutoJoin' => !empty($group_auto_join), 'groupDescription' => isset($group_description) ? $group_description : '', 'groupName' => isset($group_name) ? $group_name : '', 'groupSelectSize' => $groupSelectSize, 'memberSelectSize' => $memberSelectSize, 'message' => $message, 'rightsData' => $rightsData));
}
/**
* This static method returns a valid CurrentUser object if there is one
* in the cookie that is not timed out. The session-ID is updated then.
* The CurrentUser will be removed from the session, if it is
* timed out. If there is no valid CurrentUser in the cookie or the
* cookie is timed out, null will be returned. If the cookie is correct,
* but there is no user found in the user table, false will be returned.
* On success, a valid CurrentUser object is returned
*
* @static
*
* @param PMF_Configuration $config
*
* @return null|PMF_User_CurrentUser
*/
public static function getFromCookie(PMF_Configuration $config)
{
if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser($config);
$user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
if (-1 === $user->getUserId()) {
return null;
}
// sessionId needs to be updated
$user->updateSessionId(true);
// user is now logged in
$user->_loggedIn = true;
// save current user to session and return the instance
$user->saveToSession();
// add CSRF token to session
$user->saveCrsfTokenToSession();
return $user;
}
/**
* This static method returns a valid CurrentUser object if there is one
* in the cookie that is not timed out. The session-ID is updated if
* necessary. The CurrentUser will be removed from the session, if it is
* timed out. If there is no valid CurrentUser in the cookie or the
* cookie is timed out, null will be returned. If the cookie is correct,
* but there is no user found in the user table, false will be returned.
* On success, a valid CurrentUser object is returned
*
* @static
* @param PMF_Configuration $config
*
* @return null|PMF_User_CurrentUser
*/
public static function getFromCookie(PMF_Configuration $config)
{
if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser($config);
$user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]);
if (-1 === $user->getUserId()) {
return null;
}
// sessionId and cookie information needs to be updated
if ($user->sessionIdIsTimedOut()) {
$user->updateSessionId();
$user->setRememberMe(sha1(session_id()));
}
// user is now logged in
$user->_loggedIn = true;
// save current user to session and return the instance
$user->saveToSession();
return $user;
}
* The contents of this file are subject to the Mozilla Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS"
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
* License for the specific language governing rights and limitations
* under the License.
*/
if (!defined('IS_VALID_PHPMYFAQ_ADMIN')) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
// Re-evaluate $user
$user = PMF_User_CurrentUser::getFromSession($faqconfig->get('main.ipCheck'));
$category = new PMF_Category($current_admin_user, $current_admin_groups, false);
if ($permission['editbt']) {
// Get submit action
$submit = PMF_Filter::filterInputArray(INPUT_POST, array('submit' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY)));
// FAQ data
$dateStart = PMF_Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING);
$dateEnd = PMF_Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING);
$question = PMF_Filter::filterInput(INPUT_POST, 'thema', FILTER_SANITIZE_STRING);
$categories = PMF_Filter::filterInputArray(INPUT_POST, array('rubrik' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY)));
$record_lang = PMF_Filter::filterInput(INPUT_POST, 'language', FILTER_SANITIZE_STRING);
$tags = PMF_Filter::filterInput(INPUT_POST, 'tags', FILTER_SANITIZE_STRING);
$active = 'yes' == PMF_Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING) && $permission['approverec'] ? 'yes' : 'no';
$sticky = PMF_Filter::filterInput(INPUT_POST, 'sticky', FILTER_SANITIZE_STRING);
$content = PMF_Filter::filterInput(INPUT_POST, 'content', FILTER_SANITIZE_SPECIAL_CHARS);
$keywords = PMF_Filter::filterInput(INPUT_POST, 'keywords', FILTER_SANITIZE_STRING);
/**
* This static method returns a valid CurrentUser object if
* there is one in the session that is not timed out.
* If the the optional parameter ip_check is true, the current
* user must have the same ip which is stored in the user table
* The session-ID is updated if necessary. The CurrentUser
* will be removed from the session, if it is timed out. If
* there is no valid CurrentUser in the session or the session
* is timed out, null will be returned. If the session data is
* correct, but there is no user found in the user table, false
* will be returned. On success, a valid CurrentUser object is
* returned.
*
* @param boolean $ip_check Check th IP address
* @return mixed
*/
public static function getFromSession($ip_check = false)
{
// there is no valid user object in session
if (!isset($_SESSION[PMF_SESSION_CURRENT_USER]) || !isset($_SESSION[PMF_SESSION_ID_TIMESTAMP])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser();
$user->getUserById($_SESSION[PMF_SESSION_CURRENT_USER]);
// user object is timed out
if ($user->sessionIsTimedOut()) {
$user->deleteFromSession();
return null;
}
// session-id not found in user table
$session_info = $user->getSessionInfo();
$session_id = isset($session_info['session_id']) ? $session_info['session_id'] : '';
if ($session_id == '' || $session_id != session_id()) {
return false;
}
// check ip
if ($ip_check and $session_info['ip'] != $_SERVER['REMOTE_ADDR']) {
return false;
}
// session-id needs to be updated
if ($user->sessionIdIsTimedOut()) {
$user->updateSessionId();
}
// user is now logged in
$user->logged_in = true;
// save current user to session and return the instance
$user->saveToSession();
return $user;
}
// error
$logging = new PMF_Logging($faqConfig);
$logging->logAdmin($user, 'Loginerror\\nLogin: '******'\\nErrors: ' . implode(', ', $user->errors));
$error = $PMF_LANG['ad_auth_fail'];
}
} else {
// Try to authenticate with cookie information
$user = PMF_User_CurrentUser::getFromCookie($faqConfig);
// authenticate with session information
if (!$user instanceof PMF_User_CurrentUser) {
$user = PMF_User_CurrentUser::getFromSession($faqConfig);
}
if ($user instanceof PMF_User_CurrentUser) {
$auth = true;
} else {
$user = new PMF_User_CurrentUser($faqConfig);
}
}
// logout
if ($action == 'logout' && $auth) {
$user->deleteFromSession(true);
$auth = null;
$ssoLogout = $faqConfig->get('security.ssoLogoutRedirect');
if ($faqConfig->get('security.ssoSupport') && !empty($ssoLogout)) {
header("Location: {$ssoLogout}");
}
}
//
// Get current admin user and group id - default: -1
//
if (isset($user) && is_object($user)) {
* @link http://www.phpmyfaq.de
* @since 2009-06-23
*/
if (!defined('IS_VALID_PHPMYFAQ')) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
set_time_limit(0);
if (headers_sent()) {
die;
}
$attachmentErrors = array();
// authenticate with session information
$user = PMF_User_CurrentUser::getFromSession($faqconfig->get('security.ipCheck'));
if (!$user instanceof PMF_User_CurrentUser) {
$user = new PMF_User_CurrentUser();
// user not logged in -> empty user object
}
$id = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT);
$attachment = PMF_Attachment_Factory::create($id);
$userPermission = $faq->getPermission('user', $attachment->getRecordId());
$groupPermission = $faq->getPermission('group', $attachment->getRecordId());
// Check on group permissions
if ($user->perm instanceof PMF_Perm_PermMedium) {
if (count($groupPermission) && in_array($groupPermission[0], $user->perm->getUserGroups($user->getUserId()))) {
$groupPermission = true;
} else {
$groupPermission = false;
}
} else {
$groupPermission = true;
// error
$error = $PMF_LANG['ad_auth_fail'];
$loginVisibility = '';
$action = 'password' === $action ? 'password' : 'login';
}
} else {
// Try to authenticate with cookie information
$user = PMF_User_CurrentUser::getFromCookie($faqConfig);
// authenticate with session information
if (!$user instanceof PMF_User_CurrentUser) {
$user = PMF_User_CurrentUser::getFromSession($faqConfig);
}
if ($user instanceof PMF_User_CurrentUser) {
$auth = true;
} else {
$user = new PMF_User_CurrentUser($faqConfig);
}
}
//
// Logout
//
if ('logout' === $action && isset($auth)) {
$user->deleteFromSession(true);
$auth = null;
$action = 'main';
$ssoLogout = $faqConfig->get('security.ssoLogoutRedirect');
if ($faqConfig->get('security.ssoSupport') && !empty($ssoLogout)) {
$location = $ssoLogout;
} else {
$location = $faqConfig->get('main.referenceURL');
}
} else {
$LANGCODE = 'en';
}
//
// Initalizing static string wrapper
//
PMF_String::init($LANGCODE);
/* header of the admin page */
require 'header.php';
$action = PMF_Filter::filterInput(INPUT_GET, 'action', FILTER_SANITIZE_STRING);
$message = '';
if ($action == "sendmail") {
$username = PMF_Filter::filterInput(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
if (!is_null($username) && !is_null($email)) {
$user = new PMF_User_CurrentUser();
$loginExist = $user->getUserByLogin($username);
if ($loginExist && $email == $user->getUserData('email')) {
$consonants = array('b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'p', 'r', 's', 't', 'v', 'w', 'x', 'y', 'z');
$vowels = array('a', 'e', 'i', 'o', 'u');
$newPassword = '';
srand((double) microtime() * 1000000);
for ($i = 1; $i <= 4; $i++) {
$newPassword .= $consonants[rand(0, 19)];
$newPassword .= $vowels[rand(0, 4)];
}
$user->changePassword($newPassword);
$text = $PMF_LANG['lostpwd_text_1'] . "\nUsername: "******"\nNew Password: "******"\n\n" . $PMF_LANG["lostpwd_text_2"];
$mail = new PMF_Mail();
$mail->addTo($email);
$mail->subject = '[%sitename%] Username / password request';
$LANGCODE = $Language->setLanguage($faqconfig->get('main.languageDetection'), $faqconfig->get('main.language'));
// Preload English strings
require_once PMF_ROOT_DIR . '/lang/language_en.php';
if (isset($LANGCODE) && PMF_Language::isASupportedLanguage($LANGCODE)) {
// Overwrite English strings with the ones we have in the current language
require_once PMF_ROOT_DIR . '/lang/language_' . $LANGCODE . '.php';
} else {
$LANGCODE = 'en';
}
if ($faqconfig->get('security.enableLoginOnly')) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="phpMyFAQ RSS Feeds"');
header('HTTP/1.0 401 Unauthorized');
exit;
} else {
$user = new PMF_User_CurrentUser();
if ($user->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
if ($user->getStatus() != 'blocked') {
$auth = true;
} else {
$user = null;
}
} else {
$user = null;
}
}
}
//
// Get current user and group id - default: -1
//
if (isset($user) && !is_null($user) && $user instanceof PMF_User_CurrentUser) {
$mail->message = sprintf("\nName: %s\nLogin name: %s\nNew password: %s\n\n", $userData['display_name'], $user->getLogin(), $newPassword);
$result = $mail->send();
unset($mail);
}
if (!$user->userdata->set(array_keys($userData), array_values($userData)) or !$user->setStatus($userStatus)) {
$message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_msg_mysqlerr']);
} else {
$message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF_LANG['ad_msg_savedsuc_1'], $user->getLogin(), $PMF_LANG['ad_msg_savedsuc_2']);
$message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>';
}
}
}
// delete user confirmation
if ($userAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
$message = '';
$user = new PMF_User_CurrentUser($faqConfig);
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
if ($userId == 0) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
$userAction = $defaultUserAction;
} else {
$user->getUserById($userId);
// account is protected
if ($user->getStatus() == 'protected' || $userId == 1) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
$userAction = $defaultUserAction;
} else {
$twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin()));
}
}
}
$mail->message = sprintf("\nUsername: %s\nLoginname: %s\nNew Password: %s\n\n", $userData['display_name'], $user->getLogin(), $newPassword);
$result = $mail->send();
unset($mail);
}
if (!$user->userdata->set(array_keys($userData), array_values($userData)) or !$user->setStatus($userStatus)) {
$message .= '<p class="error">' . $errorMessages['updateUser'] . '</p>';
} else {
$message .= '<p class="success">' . sprintf($successMessages['updateUser'], $user->getLogin()) . '</p>';
$message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>';
}
}
}
// delete user confirmation
if ($userAction == 'delete_confirm') {
$message = '';
$user = new PMF_User_CurrentUser();
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
if ($userId == 0) {
$message .= '<p class="error">' . $errorMessages['delUser_noId'] . '</p>';
$userAction = $defaultUserAction;
} else {
$user->getUserById($userId);
// account is protected
if ($user->getStatus() == 'protected' || $userId == 1) {
$userAction = $defaultUserAction;
$message .= '<p class="error">' . $errorMessages['delUser_protectedAccount'] . '</p>';
} else {
?>
<h2><?php
print $text['header'];
// display error messages and show form again
} else {
$groupAction = 'add';
$message = '<p class="alert alert-error">';
foreach ($messages as $err) {
$message .= $err . '<br />';
}
$message .= '</p>';
}
}
if (!isset($message)) {
$message = '';
}
// show new group form
if ($groupAction == 'add' && $permission['addgroup']) {
$user = new PMF_User_CurrentUser($faqConfig);
?>
<header>
<h2><i class="icon-user"></i> <?php
print $PMF_LANG['ad_group_add'];
?>
</h2>
</header>
<div id="user_message"><?php
print $message;
?>
</div>
<form class="form-horizontal" name="group_create" action="?action=group&group_action=addsave" method="post" accept-charset="utf-8">
<input type="hidden" name="csrf" value="<?php
print $user->getCsrfTokenFromSession();
* @link http://www.phpmyfaq.de
* @since 2002-08-27
*/
if (!defined('IS_VALID_PHPMYFAQ')) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
$captcha = new PMF_Captcha($db, $Language);
$oGlossary = new PMF_Glossary();
$oLnk = new PMF_Linkverifier();
$faqTagging = new PMF_Tags($db, $Language);
$faqRelation = new PMF_Relation($db, $Language);
$faqRating = new PMF_Rating();
$faqComment = new PMF_Comment();
if (is_null($user)) {
$user = new PMF_User_CurrentUser();
}
$faqSearchResult = new PMF_Search_Resultset($user, $faq);
$captcha->setSessionId($sids);
if (!is_null($showCaptcha)) {
$captcha->showCaptchaImg();
exit;
}
$currentCategory = $cat;
$recordId = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT);
$solutionId = PMF_Filter::filterInput(INPUT_GET, 'solution_id', FILTER_VALIDATE_INT);
$highlight = PMF_Filter::filterInput(INPUT_GET, 'highlight', FILTER_SANITIZE_STRIPPED);
// Set the FAQ language
$faq->setLanguage($lang);
// Get all data from the FAQ record
if (0 == $solutionId) {
$protocol = 'http';
if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') {
$protocol = 'https';
}
header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
$captcha = new PMF_Captcha($faqConfig);
$oGlossary = new PMF_Glossary($faqConfig);
$oLnk = new PMF_Linkverifier($faqConfig);
$faqTagging = new PMF_Tags($faqConfig);
$faqRelation = new PMF_Relation($faqConfig);
$faqRating = new PMF_Rating($faqConfig);
$faqComment = new PMF_Comment($faqConfig);
if (is_null($user)) {
$user = new PMF_User_CurrentUser($faqConfig);
}
$faqSearchResult = new PMF_Search_Resultset($user, $faq, $faqConfig);
$captcha->setSessionId($sids);
if (!is_null($showCaptcha)) {
$captcha->showCaptchaImg();
exit;
}
$currentCategory = $cat;
$recordId = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT);
$solutionId = PMF_Filter::filterInput(INPUT_GET, 'solution_id', FILTER_VALIDATE_INT);
// Get all data from the FAQ record
if (0 == $solutionId) {
$faq->getRecord($recordId);
} else {
$faq->getRecordBySolutionId($solutionId);
