/**
* Replace hash()
*
* @category PHP
* @package PHP_Compat
* @license LGPL - http://www.gnu.org/licenses/lgpl.html
* @copyright 2004-2007 Aidan Lister <*****@*****.**>, Arpad Ray <*****@*****.**>
* @link http://php.net/function.hash
* @author revulo <*****@*****.**>
* @since PHP 5.1.2
* @require PHP 4.0.0 (user_error)
*/
function php_compat_hash($algo, $data, $raw_output = false)
{
$algo = strtolower($algo);
switch ($algo) {
case 'md5':
$hash = md5($data);
break;
case 'sha1':
if (!function_exists('sha1')) {
require dirname(__FILE__) . '/sha1.php';
}
$hash = sha1($data);
break;
case 'sha256':
require_once dirname(__FILE__) . '/sha256.php';
$hash = SHA256::hash($data);
break;
default:
user_error('hash(): Unknown hashing algorithm: ' . $algo, E_USER_WARNING);
return false;
}
if ($raw_output) {
return pack('H*', $hash);
} else {
return $hash;
}
}
/**
* Creates SHA256 hash to obfuscate ips
*
* @param $ip ip address to be hashed
* @return string sha256-hashed ip
*/
function hash_it_the_oas_way($ip)
{
global $config;
$str = $ip . $config['hashsalt'];
// hashen (SHA256)
if (function_exists('mhash')) {
// mhash-Extension geladen
return bin2hex(mhash(MHASH_SHA256, $str));
} elseif (function_exists('hash')) {
// hash-Extension geladen
return hash('sha256', $str);
// untested
} else {
// native PHP-Implementation als (langsame) Alternative / Fallback
require_once 'sha256.php';
return SHA256::hash($str);
// untested
}
}
* Vectors from: http://www.febooti.com/products/filetweak/members/hash-and-crc/test-vectors/
*/
$sha1 = SHA1::compute($input);
$sha1tv = SHA1::compute("");
$sha1hmac = SHA1::computeHMAC("1234567890123456", $input);
//
print "SHA-1 from otv is ok: " . bool_str(Base16::encode($sha1tv) == "da39a3ee5e6b4b0d3255bfef95601890afd80709") . "<br/>\n";
print "SHA-1 HMAC in UTF-8: " . Base16::encode($sha1hmac) . "<br/>\n";
print "SHA-1 in UTF-8: " . Base16::encode($sha1) . "<br/><br/>\n";
/**
* Test SHA-256 with one official test vector and custom input.
* Vectors from: http://www.febooti.com/products/filetweak/members/hash-and-crc/test-vectors/
*/
$sha256 = SHA256::compute($input);
$sha256tv = SHA256::compute("");
$sha256hmac = SHA256::computeHMAC("1234567890123456", $input);
//
print "SHA-256 from otv is ok: " . bool_str(Base16::encode($sha256tv) == "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855") . "<br/>\n";
print "SHA-256 HMAC in UTF-8: " . Base16::encode($sha256hmac) . "<br/>\n";
print "SHA-256 in UTF-8: " . Base16::encode($sha256) . "<br/><br/>\n";
/**
* Test ARC4 with one official test vector and custom input.
* Vectors from: http://reikon.us/arc4
*/
$arc4tvk = Base16::decode("0123456789abcdef");
$arc4tvt = Base16::decode("0123456789abcdef");
$arc4tve = ARC4::encrypt($arc4tvk, $arc4tvt);
$arc4tvd = ARC4::decrypt($arc4tvk, $arc4tve);
//
$arc4k = "1234567890123456";
$arc4e = ARC4::encrypt($arc4k, $input);
die('');
}
require_once $homedir . "/classes/core/sha256.php";
$adminoutput = "";
// just to avoid notices
include "database.php";
$query = "SELECT uid, password, lang FROM " . db_table_name('users') . " WHERE users_name=" . $connect->qstr($username);
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$result = $connect->SelectLimit($query, 1) or die($query . "\n" . $connect->ErrorMsg());
if ($result->RecordCount() < 1) {
// wrong or unknown username and/or email
echo "\n" . $clang->gT("User name invalid!") . "\n";
exit;
} else {
$fields = $result->FetchRow();
if (SHA256::hashing($userpass) == $fields['password']) {
$_SESSION['loginID'] = intval($fields['uid']);
$clang = new limesurvey_lang($fields['lang']);
GetSessionUserRights($_SESSION['loginID']);
if (!$_SESSION['USER_RIGHT_CREATE_SURVEY']) {
// no permission to create survey!
echo "\n" . $clang->gT("You are not allowed to import a survey!") . "\n";
exit;
}
} else {
// password don't match username
echo "\n" . $clang->gT("User name and password do not match!") . "\n";
exit;
}
}
echo "\n";
function compute(&$hashData)
{
static $vars = 'abcdefgh';
static $K = null;
if ($K === null) {
/*
$K = array(
(int)0x428A2F98, (int)0x71374491, (int)0xB5C0FBCF, (int)0xE9B5DBA5,
(int)0x3956C25B, (int)0x59F111F1, (int)0x923F82A4, (int)0xAB1C5ED5,
(int)0xD807AA98, (int)0x12835B01, (int)0x243185BE, (int)0x550C7DC3,
(int)0x72BE5D74, (int)0x80DEB1FE, (int)0x9BDC06A7, (int)0xC19BF174,
(int)0xE49B69C1, (int)0xEFBE4786, (int)0x0FC19DC6, (int)0x240CA1CC,
(int)0x2DE92C6F, (int)0x4A7484AA, (int)0x5CB0A9DC, (int)0x76F988DA,
(int)0x983E5152, (int)0xA831C66D, (int)0xB00327C8, (int)0xBF597FC7,
(int)0xC6E00BF3, (int)0xD5A79147, (int)0x06CA6351, (int)0x14292967,
(int)0x27B70A85, (int)0x2E1B2138, (int)0x4D2C6DFC, (int)0x53380D13,
(int)0x650A7354, (int)0x766A0ABB, (int)0x81C2C92E, (int)0x92722C85,
(int)0xA2BFE8A1, (int)0xA81A664B, (int)0xC24B8B70, (int)0xC76C51A3,
(int)0xD192E819, (int)0xD6990624, (int)0xF40E3585, (int)0x106AA070,
(int)0x19A4C116, (int)0x1E376C08, (int)0x2748774C, (int)0x34B0BCB5,
(int)0x391C0CB3, (int)0x4ED8AA4A, (int)0x5B9CCA4F, (int)0x682E6FF3,
(int)0x748F82EE, (int)0x78A5636F, (int)0x84C87814, (int)0x8CC70208,
(int)0x90BEFFFA, (int)0xA4506CEB, (int)0xBEF9A3F7, (int)0xC67178F2
);
*/
$K = array(1116352408, 1899447441, -1245643825, -373957723, 961987163, 1508970993, -1841331548, -1424204075, -670586216, 310598401, 607225278, 1426881987, 1925078388, -2132889090, -1680079193, -1046744716, -459576895, -272742522, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, -1740746414, -1473132947, -1341970488, -1084653625, -958395405, -710438585, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, -2117940946, -1838011259, -1564481375, -1474664885, -1035236496, -949202525, -778901479, -694614492, -200395387, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, -2067236844, -1933114872, -1866530822, -1538233109, -1090935817, -965641998);
}
$W = array();
for ($i = 0, $numChunks = sizeof($hashData->chunks); $i < $numChunks; $i++) {
// initialize the registers
for ($j = 0; $j < 8; $j++) {
${$vars[$j]} = $hashData->hash[$j];
}
// the SHA-256 compression function
for ($j = 0; $j < 64; $j++) {
if ($j < 16) {
$T1 = ord($hashData->chunks[$i][$j * 4]) & 0xff;
$T1 <<= 8;
$T1 |= ord($hashData->chunks[$i][$j * 4 + 1]) & 0xff;
$T1 <<= 8;
$T1 |= ord($hashData->chunks[$i][$j * 4 + 2]) & 0xff;
$T1 <<= 8;
$T1 |= ord($hashData->chunks[$i][$j * 4 + 3]) & 0xff;
$W[$j] = $T1;
} else {
$W[$j] = SHA256::sum(($W[$j - 2] >> 17 & 0x7fff | $W[$j - 2] << 15) ^ ($W[$j - 2] >> 19 & 0x1fff | $W[$j - 2] << 13) ^ $W[$j - 2] >> 10 & 0x3fffff, $W[$j - 7], ($W[$j - 15] >> 7 & 0x1ffffff | $W[$j - 15] << 25) ^ ($W[$j - 15] >> 18 & 0x3fff | $W[$j - 15] << 14) ^ $W[$j - 15] >> 3 & 0x1fffffff, $W[$j - 16]);
}
$T1 = SHA256::sum($h, ($e >> 6 & 0x3ffffff | $e << 26) ^ ($e >> 11 & 0x1fffff | $e << 21) ^ ($e >> 25 & 0x7f | $e << 7), $e & $f ^ ~$e & $g, $K[$j], $W[$j]);
$T2 = SHA256::sum(($a >> 2 & 0x3fffffff | $a << 30) ^ ($a >> 13 & 0x7ffff | $a << 19) ^ ($a >> 22 & 0x3ff | $a << 10), $a & $b ^ $a & $c ^ $b & $c);
$h = $g;
$g = $f;
$f = $e;
$e = SHA256::sum($d, $T1);
$d = $c;
$c = $b;
$b = $a;
$a = SHA256::sum($T1, $T2);
}
// compute the next hash set
for ($j = 0; $j < 8; $j++) {
$hashData->hash[$j] = SHA256::sum(${$vars[$j]}, $hashData->hash[$j]);
}
}
}
/**
* loginCheck for Lsrc, checks if the user with given password exists in LS Database and
* sets the SESSION rights for this user
* @param String $sUser
* @param String $sPass
* @return boolean
*/
function checkUser($sUser, $sPass)
{
global $connect;
global $dbprefix;
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
include "lsrc.config.php";
require dirname(__FILE__) . "/../classes/core/sha256.php";
$query = "SELECT uid, password, lang, superadmin FROM {$dbprefix}users WHERE users_name=" . $connect->qstr(sanitize_user($sUser));
// echo $query;
$result = db_execute_assoc($query);
$gv = $result->FetchRow();
if ($result->RecordCount() < 1) {
return false;
} else {
if (SHA256::hashing($sPass) == $gv['password']) {
$_SESSION['loginID'] = $gv['uid'];
$_SESSION['lang'] = $gv['lang'];
$squery = "SELECT create_survey, configurator, create_user, delete_user, superadmin, manage_template, manage_label FROM {$dbprefix}users WHERE uid={$gv['uid']}";
$sresult = db_execute_assoc($squery);
//Checked
if ($sresult->RecordCount() > 0) {
$fields = $sresult->FetchRow();
$_SESSION['USER_RIGHT_CREATE_SURVEY'] = $fields['create_survey'];
$_SESSION['USER_RIGHT_CONFIGURATOR'] = $fields['configurator'];
$_SESSION['USER_RIGHT_CREATE_USER'] = $fields['create_user'];
$_SESSION['USER_RIGHT_DELETE_USER'] = $fields['delete_user'];
$_SESSION['USER_RIGHT_SUPERADMIN'] = $fields['superadmin'];
$_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = $fields['manage_template'];
$_SESSION['USER_RIGHT_MANAGE_LABEL'] = $fields['manage_label'];
}
return true;
} else {
return false;
}
}
}
$sPassword = html_entity_decode($_POST['pass'], ENT_QUOTES, 'UTF-8');
if ($sPassword == '%%unchanged%%') {
$sPassword = '';
}
$full_name = html_entity_decode($postfull_name, ENT_QUOTES, 'UTF-8');
$valid_email = true;
if (!validate_email($email)) {
$valid_email = false;
$failed = true;
$addsummary .= "<div class=\"warningheader\">" . $clang->gT("Could not modify user data.") . "</div><br />\n" . " " . $clang->gT("Email address is not valid.") . "<br />\n";
} elseif ($valid_email) {
$failed = false;
if (empty($sPassword)) {
$uquery = "UPDATE " . db_table_name('users') . " SET email='" . db_quote($email) . "', full_name='" . db_quote($full_name) . "' WHERE uid=" . $postuserid;
} else {
$uquery = "UPDATE " . db_table_name('users') . " SET email='" . db_quote($email) . "', full_name='" . db_quote($full_name) . "', password='******' WHERE uid=" . $postuserid;
}
$uresult = $connect->Execute($uquery);
//Checked
if ($uresult && empty($sPassword)) {
$addsummary .= "<br />" . $clang->gT("Username") . ": {$users_name}<br />" . $clang->gT("Password") . ": (" . $clang->gT("Unchanged") . ")<br /><br />\n";
$addsummary .= "<div class=\"successheader\">" . $clang->gT("Success!") . "</div>\n";
} elseif ($uresult && !empty($sPassword)) {
if ($display_user_password_in_html === true) {
$displayedPwd = $sPassword;
} else {
$displayedPwd = preg_replace('/./', '*', $sPassword);
}
$addsummary .= "<br />" . $clang->gT("Username") . ": {$users_name}<br />" . $clang->gT("Password") . ": {$displayedPwd}<br /><br />\n";
$addsummary .= "<div class=\"successheader\">" . $clang->gT("Success!") . "</div>\n";
} else {
function compute(&$hashData)
{
static $vars = 'abcdefgh';
static $K = null;
if ($K === null) {
$K = array((int) 0x428a2f98, (int) 0x71374491, (int) 3049323471.0, (int) 0.0, (int) 0x3956c25b, (int) 0x59f111f1, (int) 2453635748.0, (int) 0.0, (int) 3624381080.0, (int) 0x12835b01, (int) 0x243185be, (int) 0x550c7dc3, (int) 0x72be5d74, (int) 0.0, (int) 2614888103.0, (int) 3248222580.0, (int) 0.0, (int) 0.0, (int) 0xfc19dc6, (int) 0x240ca1cc, (int) 0x2de92c6f, (int) 0x4a7484aa, (int) 0x5cb0a9dc, (int) 0x76f988da, (int) 0.0, (int) 2821834349.0, (int) 2952996808.0, (int) 3210313671.0, (int) 0.0, (int) 3584528711.0, (int) 0x6ca6351, (int) 0x14292967, (int) 0x27b70a85, (int) 0x2e1b2138, (int) 0x4d2c6dfc, (int) 0x53380d13, (int) 0x650a7354, (int) 0x766a0abb, (int) 0.0, (int) 2456956037.0, (int) 0.0, (int) 2820302411.0, (int) 3259730800.0, (int) 3345764771.0, (int) 0.0, (int) 3600352804.0, (int) 0.0, (int) 0x106aa070, (int) 0x19a4c116, (int) 0x1e376c08, (int) 0x2748774c, (int) 0x34b0bcb5, (int) 0x391c0cb3, (int) 0x4ed8aa4a, (int) 0x5b9cca4f, (int) 0x682e6ff3, (int) 0x748f82ee, (int) 0x78a5636f, (int) 2227730452.0, (int) 2361852424.0, (int) 0.0, (int) 0.0, (int) 0.0, (int) 3329325298.0);
}
$W = array();
for ($i = 0, $numChunks = sizeof($hashData->chunks); $i < $numChunks; $i++) {
// initialize the registers
for ($j = 0; $j < 8; $j++) {
${$vars[$j]} = $hashData->hash[$j];
}
// the SHA-256 compression function
for ($j = 0; $j < 64; $j++) {
if ($j < 16) {
$T1 = ord($hashData->chunks[$i][$j * 4]) & 0xff;
$T1 <<= 8;
$T1 |= ord($hashData->chunks[$i][$j * 4 + 1]) & 0xff;
$T1 <<= 8;
$T1 |= ord($hashData->chunks[$i][$j * 4 + 2]) & 0xff;
$T1 <<= 8;
$T1 |= ord($hashData->chunks[$i][$j * 4 + 3]) & 0xff;
$W[$j] = $T1;
} else {
$W[$j] = SHA256::sum(($W[$j - 2] >> 17 & 0x7fff | $W[$j - 2] << 15) ^ ($W[$j - 2] >> 19 & 0x1fff | $W[$j - 2] << 13) ^ $W[$j - 2] >> 10 & 0x3fffff, $W[$j - 7], ($W[$j - 15] >> 7 & 0x1ffffff | $W[$j - 15] << 25) ^ ($W[$j - 15] >> 18 & 0x3fff | $W[$j - 15] << 14) ^ $W[$j - 15] >> 3 & 0x1fffffff, $W[$j - 16]);
}
$T1 = SHA256::sum($h, ($e >> 6 & 0x3ffffff | $e << 26) ^ ($e >> 11 & 0x1fffff | $e << 21) ^ ($e >> 25 & 0x7f | $e << 7), $e & $f ^ ~$e & $g, $K[$j], $W[$j]);
$T2 = SHA256::sum(($a >> 2 & 0x3fffffff | $a << 30) ^ ($a >> 13 & 0x7ffff | $a << 19) ^ ($a >> 22 & 0x3ff | $a << 10), $a & $b ^ $a & $c ^ $b & $c);
$h = $g;
$g = $f;
$f = $e;
$e = SHA256::sum($d, $T1);
$d = $c;
$c = $b;
$b = $a;
$a = SHA256::sum($T1, $T2);
}
// compute the next hash set
for ($j = 0; $j < 8; $j++) {
$hashData->hash[$j] = SHA256::sum(${$vars[$j]}, $hashData->hash[$j]);
}
}
}
}
$command = '';
$connect->SetFetchMode(ADODB_FETCH_NUM);
foreach ($lines as $line) {
$line = rtrim($line);
$length = strlen($line);
if ($length and $line[0] != '#' and substr($line, 0, 2) != '--') {
if (substr($line, $length - 1, 1) == ';') {
$line = substr($line, 0, $length - 1);
// strip ;
$command .= $line;
$command = str_replace('prefix_', $dbprefix, $command);
// Table prefixes
$command = str_replace('$defaultuser', $defaultuser, $command);
// variables By Moses
$command = str_replace('$defaultpass', SHA256::hashing($defaultpass), $command);
// variables By Moses
$command = str_replace('$siteadminname', $siteadminname, $command);
$command = str_replace('$siteadminemail', $siteadminemail, $command);
// variables By Moses
$command = str_replace('$defaultlang', $defaultlang, $command);
// variables By Moses
$command = str_replace('$sessionname', 'ls' . sRandomChars(20, '123456789'), $command);
$command = str_replace('$databasetabletype', $databasetabletype, $command);
if (!$connect->Execute($command, false)) {
print "\n" . $clang->gT("Executing") . "....." . $command . "..." . $clang->gT('Failed! Reason:') . "\n" . $connect->ErrorMsg() . "\n\n";
$success = 1;
}
$command = '';
} else {
$command .= $line;
/**
* Run an arbitrary sequence of semicolon-delimited SQL commands
*
* Assumes that the input text (file or string) consists of
* a number of SQL statements ENDING WITH SEMICOLONS. The
* semicolons MUST be the last character in a line.
* Lines that are blank or that start with "#" or "--" (postgres) are ignored.
* Only tested with mysql dump files (mysqldump -p -d limesurvey)
* Function kindly borrowed by Moodle
* @uses $dbprefix
* @param string $sqlfile The path where a file with sql commands can be found on the server.
* @param string $sqlstring If no path is supplied then a string with semicolon delimited sql
* commands can be supplied in this argument.
* @return bool Returns true if database was modified successfully.
*/
function modify_database($sqlfile = '', $sqlstring = '')
{
global $dbprefix;
global $defaultuser;
global $defaultpass;
global $siteadminemail;
global $siteadminname;
global $defaultlang;
global $codeString;
global $rootdir, $homedir;
global $connect;
global $clang;
global $modifyoutput;
global $databasetabletype;
require_once $homedir . "/classes/core/sha256.php";
$success = true;
// Let's be optimistic
$modifyoutput = '';
if (!empty($sqlfile)) {
if (!is_readable($sqlfile)) {
$success = false;
echo '<p>Tried to modify database, but "' . $sqlfile . '" doesn\'t exist!</p>';
return $success;
} else {
$lines = file($sqlfile);
}
} else {
$sqlstring = trim($sqlstring);
if ($sqlstring[strlen($sqlstring) - 1] != ";") {
$sqlstring .= ";";
// add it in if it's not there.
}
$lines[] = $sqlstring;
}
$command = '';
foreach ($lines as $line) {
$line = rtrim($line);
$length = strlen($line);
if ($length and $line[0] != '#' and substr($line, 0, 2) != '--') {
if (substr($line, $length - 1, 1) == ';') {
$line = substr($line, 0, $length - 1);
// strip ;
$command .= $line;
$command = str_replace('prefix_', $dbprefix, $command);
// Table prefixes
$command = str_replace('$defaultuser', $defaultuser, $command);
$command = str_replace('$defaultpass', SHA256::hashing($defaultpass), $command);
$command = str_replace('$siteadminname', $siteadminname, $command);
$command = str_replace('$siteadminemail', $siteadminemail, $command);
$command = str_replace('$defaultlang', $defaultlang, $command);
$command = str_replace('$sessionname', 'ls' . sRandomChars(20, '123456789'), $command);
$command = str_replace('$databasetabletype', $databasetabletype, $command);
if (!db_execute_num($command)) {
//Checked
$command = htmlspecialchars($command);
$modifyoutput .= "<br />" . sprintf($clang->gT("SQL command failed: %s Reason: %s"), "<span style='font-size:10px;'>" . $command . "</span>", "<span style='color:#ee0000;font-size:10px;'>" . $connect->ErrorMsg() . "</span><br/>");
$success = false;
} else {
$command = htmlspecialchars($command);
$modifyoutput .= ". ";
}
$command = '';
} else {
$command .= $line;
}
}
}
return $success;
}
if (isset($_POST['chat_enable'])) {
$chat_enable = 1;
}
if (isset($_POST['enabled'])) {
$enabled = 1;
}
if (isset($_POST['admin'])) {
$superadmin = 1;
}
//get username
$sql = "SELECT username\r\n FROM operator\r\n WHERE operator_id = {$operator_id}";
$uname = $db->GetOne($sql);
$sql = "UPDATE " . LIME_PREFIX . "users \r\n SET users_name = " . $db->qstr($_POST['username']) . ",\r\n email = " . $db->qstr($_POST['email']) . ",\r\n full_name = " . $db->qstr($_POST['firstName']) . ",\r\n superadmin = {$superadmin}";
if (!empty($_POST['password'])) {
include_once "../include/limesurvey/admin/classes/core/sha256.php";
$sql .= ", password = '******'password']) . "' ";
}
$sql .= " WHERE users_name = '{$uname}'";
$rs = $db->Execute($sql);
if (!empty($rs)) {
$sql = "UPDATE operator\r\n SET username = "******",\r\n lastName = " . $db->qstr($_POST['lastName']) . ",\r\n firstName = " . $db->qstr($_POST['firstName']) . ",\r\n chat_user = "******",\r\n chat_password = "******",\r\n Time_zone_name = " . $db->qstr($_POST['timezone']) . ",\r\n voip = {$voip}, enabled = {$enabled}, chat_enable = {$chat_enable}\r\n WHERE operator_id = {$operator_id}";
$rs = $db->Execute($sql);
if (!empty($rs)) {
//only update extension if we aren't on a case
$sql = "SELECT case_id\r\n FROM `case`\r\n WHERE current_operator_id = {$operator_id}";
$cc = $db->GetOne($sql);
if (empty($cc)) {
$sql = "UPDATE extension\r\n SET current_operator_id = NULL\r\n WHERE current_operator_id= {$operator_id}";
$db->Execute($sql);
if (!empty($_POST['extension_id'])) {
$sql = "UPDATE extension\r\n SET current_operator_id = {$operator_id}\r\n WHERE extension_id = " . intval($_POST['extension_id']);
}
$command = '';
$connect->SetFetchMode(ADODB_FETCH_NUM);
foreach ($lines as $line) {
$line = rtrim($line);
$length = strlen($line);
if ($length and $line[0] <> '#' and substr($line,0,2) <> '--') {
if (substr($line, $length-1, 1) == ';') {
$line = substr($line, 0, $length-1); // strip ;
$command .= $line;
$command = str_replace('prefix_', $dbprefix, $command); // Table prefixes
$command = str_replace('$defaultuser', $defaultuser, $command); // variables By Moses
$command = str_replace('$defaultpass', SHA256::hashing($defaultpass), $command); // variables By Moses
$command = str_replace('$siteadminname', $siteadminname, $command);
$command = str_replace('$siteadminemail', $siteadminemail, $command); // variables By Moses
$command = str_replace('$defaultlang', $defaultlang, $command); // variables By Moses
$command = str_replace('$sessionname', 'ls'.sRandomChars(20,'123456789'), $command);
$command = str_replace('$databasetabletype', $databasetabletype, $command);
if(!$connect->Execute($command,false))
{
print ("\n".$clang->gT("Executing").".....".$command."...".$clang->gT('Failed! Reason:')."\n".$connect->ErrorMsg()."\n\n");
$success=1;
}
$sql .= "WHERE `uid` = {$uid}";
if ($db->Execute($sql)) {
$a = T_("Updated") . ": " . $client;
} else {
$a = T_("Update error");
}
} else {
$a = T_("Could not update") . " " . $client;
}
} else {
//save as a new client
$sql = "INSERT INTO client (`client_id` ,`username` ,`firstName` ,`lastName`, `Time_zone_name`)\r\n\t\t\t\t\tVALUES (NULL , {$client}, {$firstname} , {$lastname}, {$time_zone_name});";
if ($db->Execute($sql)) {
include_once "../include/limesurvey/admin/classes/core/sha256.php";
//Insert into lime_users
$sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`) \r\n\t\t\t\t\t\tVALUES ({$client}, '" . SHA256::hashing($_POST['password']) . "', {$firstname} ,1,0,{$email},'auto')";
if ($db->Execute($sql)) {
$a = T_("Added") . ": " . $client;
} else {
$a = T_("Error adding client");
}
} else {
$a = T_("Could not add") . " " . $client;
}
}
} else {
$a = T_("Username") . " " . $client . ". " . T_("is already in use");
}
$client = "";
$firstname = "";
$lastname = "";
function compute(&$hashData)
{
static $vars = 'abcdefgh';
static $K = null;
if ($K === null) {
$K = array(1116352408, 1899447441, -1245643825, -373957723, 961987163, 1508970993, -1841331548, -1424204075, -670586216, 310598401, 607225278, 1426881987, 1925078388, -2132889090, -1680079193, -1046744716, -459576895, -272742522, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, -1740746414, -1473132947, -1341970488, -1084653625, -958395405, -710438585, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, -2117940946, -1838011259, -1564481375, -1474664885, -1035236496, -949202525, -778901479, -694614492, -200395387, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, -2067236844, -1933114872, -1866530822, -1538233109, -1090935817, -965641998);
}
$W = array();
for ($i = 0, $numChunks = sizeof($hashData->chunks); $i < $numChunks; $i++) {
for ($j = 0; $j < 8; $j++) {
${$vars[$j]} = $hashData->hash[$j];
}
for ($j = 0; $j < 64; $j++) {
if ($j < 16) {
$T1 = ord($hashData->chunks[$i][$j * 4]) & 0xff;
$T1 <<= 8;
$T1 |= ord($hashData->chunks[$i][$j * 4 + 1]) & 0xff;
$T1 <<= 8;
$T1 |= ord($hashData->chunks[$i][$j * 4 + 2]) & 0xff;
$T1 <<= 8;
$T1 |= ord($hashData->chunks[$i][$j * 4 + 3]) & 0xff;
$W[$j] = $T1;
} else {
$W[$j] = SHA256::sum(($W[$j - 2] >> 17 & 0x7fff | $W[$j - 2] << 15) ^ ($W[$j - 2] >> 19 & 0x1fff | $W[$j - 2] << 13) ^ $W[$j - 2] >> 10 & 0x3fffff, $W[$j - 7], ($W[$j - 15] >> 7 & 0x1ffffff | $W[$j - 15] << 25) ^ ($W[$j - 15] >> 18 & 0x3fff | $W[$j - 15] << 14) ^ $W[$j - 15] >> 3 & 0x1fffffff, $W[$j - 16]);
}
$T1 = SHA256::sum($h, ($e >> 6 & 0x3ffffff | $e << 26) ^ ($e >> 11 & 0x1fffff | $e << 21) ^ ($e >> 25 & 0x7f | $e << 7), $e & $f ^ ~$e & $g, $K[$j], $W[$j]);
$T2 = SHA256::sum(($a >> 2 & 0x3fffffff | $a << 30) ^ ($a >> 13 & 0x7ffff | $a << 19) ^ ($a >> 22 & 0x3ff | $a << 10), $a & $b ^ $a & $c ^ $b & $c);
$h = $g;
$g = $f;
$f = $e;
$e = SHA256::sum($d, $T1);
$d = $c;
$c = $b;
$b = $a;
$a = SHA256::sum($T1, $T2);
}
for ($j = 0; $j < 8; $j++) {
$hashData->hash[$j] = SHA256::sum(${$vars[$j]}, $hashData->hash[$j]);
}
}
}
function strhash($str, $salt = true)
{
if ($salt === true) {
$str = md5($str) . $str;
} elseif ($salt !== false) {
$str = $salt . $str;
}
if (phpversion() >= '5.1.2' && @extension_loaded('pecl')) {
return hash('sha256', $str);
} else {
import('lib/sha256');
return SHA256::hash($str);
}
}
function savescript($postvars = array())
{
$username = $this->session->userdata('user_name');
if (empty($username) || is_null($username)) {
$this->commonhelper->deletesession($_SERVER['REMOTE_ADDR']);
#die("Error: Session expired kindly re-login");
}
$go_SuccessNewlimesurveycreated = $this->lang->line('go_SuccessNewlimesurveycreated');
$go_Erroronsavingdatacontactyoursupport = $this->lang->line('go_Erroronsavingdatacontactyoursupport');
$go_Errornodatatoprocess = $this->lang->line('go_Errornodatatoprocess');
if (!empty($postvars)) {
if ($postvars['script_type'] == 'default') {
if ($this->commonhelper->checkIfTenant($this->session->userdata('user_group'))) {
$accounts = $this->session->userdata('user_group');
} else {
if (array_key_exists('accounts', $postvars)) {
$accounts = $postvars['accounts'];
} else {
$accounts = $this->session->userdata('user_group');
}
}
$data['vicidial_scripts'] = array('data' => array('script_id' => $postvars['script_id'], 'script_name' => $postvars['script_name'], 'script_comments' => $postvars['script_comments'], 'active' => $postvars['active'], 'script_text' => $postvars['script_text'], 'user_group' => $accounts));
$data['go_scripts'] = array('data' => array('account_num' => $accounts, 'script_id' => $postvars['script_id'], 'campaign_id' => $postvars['campaign_id'], 'surveyid' => ''));
$data['vicidial_campaigns'] = array('data' => array('campaign_script' => $postvars['script_id']), 'condition' => array('campaign_id' => $postvars['campaign_id']));
$result = $this->go_script->savedefaultscript($data);
die($result);
} else {
$rootdir = $this->config->item('lime_path') . "/limesurvey";
require_once $rootdir . '/classes/adodb/adodb.inc.php';
require_once $rootdir . '/common_functions_ci.php';
require_once $rootdir . '/admin/admin_functions.php';
require_once $rootdir . '/classes/core/sanitize.php';
require_once $rootdir . '/classes/core/language.php';
require_once $rootdir . '/admin/classes/core/sha256.php';
$clang = new limesurvey_lang('en');
require_once $rootdir . '/classes/core/surveytranslator_ci.php';
do {
$surveyid = sRandomChars(5, '123456789');
$this->go_script->limesurveyDB->where(array('sid' => $surveyid));
$isexist = $this->go_script->limesurveyDB->get('lime_surveys');
} while ($isexist->num_rows > 0);
$userInfo = $this->go_script->collectfromviciuser($username);
if ($userInfo->num_rows() > 0) {
$userDetail = $userInfo->result();
$viciemail = $userDetail[0]->email;
$viciuseralias = $userDetail[0]->user;
$vicipass = $userDetail[0]->pass;
$vicicompany = $userDetail[0]->full_name;
#$viciuser = $userDetail[0]->user_group;
if ($this->commonhelper->checkIfTenant($this->session->userdata('user_group'))) {
$viciuser = $userDetail[0]->user_group;
} else {
$viciuser = "******";
}
}
$userInfo = $this->go_script->collectfromlimesurvey($viciuseralias);
$userlevel = $this->session->userdata('users_level');
if ($userInfo->num_rows() < 1) {
# create new limesurvey user
$newUser = array('users_name' => $viciuseralias, 'password' => SHA256::hashing($vicipass), 'full_name' => $vicicompany, 'parent_id' => '1', 'lang' => 'auto', 'email' => $viciemail, 'create_survey' => '1', 'create_user' => '1', 'delete_user' => '1', 'configurator' => '1', 'manage_template' => '1', 'manage_label' => '1');
$this->go_script->insertTolimesurvey($newUser, 'lime_users', $newId);
if (!empty($newId)) {
$this->go_script->insertTolimesurvey(array('uid' => $newId, 'folder' => 'default', 'use' => '1'), 'lime_templates_rights');
}
$uid = $newId;
} else {
$userDetail = $userInfo->result();
$uid = $userDetail[0]->uid;
}
$aDefaultTexts = aTemplateDefaultTexts($clang, 'unescaped');
$languagedetails = getLanguageDetails($postvars['lang'], $clang);
$aDefaultTexts['admin_detailed_notification'] = $aDefaultTexts['admin_detailed_notification_css'] . $aDefaultTexts['admin_detailed_notification'];
$this->go_script->limesurveyDB->where(array('sid' => $surveyid));
$group = $this->go_script->limesurveyDB->get('lime_groups');
$count = $group->num_rows();
$count++;
if ($count < 100) {
$lastGroup = "0{$count}";
} elseif ($count < 10) {
$lastGroup = "00{$count}";
}
$data['limesurvey'] = array('lime_surveys' => array('data' => array(array('sid' => $surveyid, 'owner_id' => $uid, 'admin' => $vicicompany, 'adminemail' => $viciemail, 'active' => 'N', 'format' => 'G', 'language' => $postvars['lang'], 'datecreated' => date('Y-m-d'), 'htmlemail' => 'Y', 'usecaptcha' => 'D', 'bounce_email' => $viciemail))), 'lime_surveys_languagesettings' => array('data' => array(array('surveyls_survey_id' => $surveyid, 'surveyls_language' => $postvars['lang'], 'surveyls_title' => $postvars['script_name'], 'surveyls_email_invite_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['invitation_subject'])), 'surveyls_email_invite' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['invitation'])), 'surveyls_email_remind_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['reminder_subject'])), 'surveyls_email_remind' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['reminder'])), 'surveyls_email_confirm_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['confirmation_subject'])), 'surveyls_email_confirm' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['confirmation'])), 'surveyls_email_register_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['registration_subject'])), 'surveyls_email_register' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['registration'])), 'email_admin_notification_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_notification_subject'])), 'email_admin_notification' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_notification'])), 'email_admin_responses_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_detailed_notification_subject'])), 'email_admin_responses' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_detailed_notification'])), 'surveyls_dateformat' => $languagedetails['dateformat'], 'surveyls_description' => $postvars['script_comments'], 'surveyls_welcometext' => $postvars['welcome_message'], 'surveyls_endtext' => $postvars['end_message'], 'surveyls_url' => $postvars['survey_url'], 'surveyls_urldescription' => $postvars['survey_url_desc']))), 'lime_survey_permissions' => array('data' => array(array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'assessments', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'translations', 'create_p' => '0', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'quotas', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'responses', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '1', 'export_p' => '1'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'statistics', 'create_p' => '0', 'read_p' => '1', 'update_p' => '0', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveyactivation', 'create_p' => '0', 'read_p' => '0', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveycontent', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '1', 'export_p' => '1'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'survey', 'create_p' => '0', 'read_p' => '1', 'update_p' => '0', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveylocale', 'create_p' => '0', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveysecurity', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveysettings', 'create_p' => '0', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'tokens', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '1', 'export_p' => '1'))), 'lime_groups' => array('data' => array(array('sid' => $surveyid, 'group_name' => "{$vicicompany} Group {$lastGroup}", 'description' => "{$vicicompany} Group {$lastGroup}", 'language' => $postvars['lang']))), 'lime_questions' => array('format_data' => array("lime_groups_0"), 'data' => array(array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q1', 'question' => 'Lead ID:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '0', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q2', 'question' => 'Firstname:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '1', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q3', 'question' => 'Lastname:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '2', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q4', 'question' => 'Phone Number:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '3', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q5', 'question' => 'Address:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '4', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'))));
// end lime survey collected data
$script_text = '<iframe src="' . $this->config->item('base_url') . '/limesurvey/index.php?sid=' . $surveyid . '&lang=' . $postvars['lang'] . '&' . $surveyid . 'X{lime_groups_0}X{lime_questions_0}=--A--lead_id--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_1}=--A--first_name--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_2}=--A--last_name--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_3}=--A--phone_number--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_4}=--A--address1--B--&lead_id=--A--lead_id--B--&first_name=--A--first_name--B--&last_name=--A--last_name--B--&phone_number=--A--phone_number--B--&address1=--A--address1--B--" style="background-color:transparent;" scrolling="auto" frameborder="0" allowtransparency="true" id="popupFrame" name="popupFrame" width="--A--script_width--B--" height="--A--script_height--B--" STYLE="z-index:17"></iframe>';
$data['vicidial'] = array('vicidial_scripts' => array('format_data' => array("lime_groups_0", "lime_questions_0", "lime_questions_1", "lime_questions_2", "lime_questions_3", "lime_questions_4"), 'data' => array(array('script_id' => $postvars['script_id'], 'script_name' => $postvars['script_name'], 'script_text' => $script_text, 'active' => 'N', 'user_group' => $viciuser))), 'go_scripts' => array('data' => array(array('account_num' => $viciuser, 'script_id' => $postvars['script_id'], 'campaign_id' => $postvars['campaign_id'], 'surveyid' => $surveyid))), 'vicidial_campaigns' => array('condition' => array("campaign_id" => $postvars['campaign_id']), 'data' => array(array('campaign_script' => $postvars['script_id']))));
// saving the script data
$result = $this->go_script->saveadvancescript($data);
if ($result) {
die('' . $this->lang->line("go_success_new_lime_survey") . '');
//die("Success: New limesurvey created");
} else {
die('' . $this->lang->line("go_error_saving_data_support") . '');
//die("Error on saving data contact your support");
}
}
} else {
die('' . $this->lang->line("go_error_no_data_process") . '');
//die("Error: no data to process");
}
}
