function getLoginState($get, $default = false) { global $login_url; $conf = $get['hash']; $s = $get['secret']; $id = $get['dblink']; $u = new UserFunctions(); $userDetail = $u->validateUser($id, $conf, $s, true); $loginStatus = $userDetail['status']; try { unset($userDetail['userdata']['password']); unset($userDetail['userdata']['secret']); unset($userDetail['userdata']['pass_meta']); unset($userDetail['userdata']['secdata']); unset($userDetail['userdata']['emergency_code']); unset($userDetail['userdata']['auth_key']); unset($userDetail['userdata']['data']); unset($userDetail['userdata']['private_key']); unset($userDetail['userdata']['random_seed']); unset($userDetail['userdata']['special_1']); unset($userDetail['userdata']['special_2']); unset($userDetail['userdata']['app_key']); unset($userDetail['userdata']['phone_verified']); unset($userDetail['userdata']['last_ip']); unset($userDetail['source']); unset($userDetail['salt']); unset($userDetail['calc_conf']); unset($userDetail['basis_conf']); unset($userDetail['iv']); } catch (Exception $e) { # Do nothing, that unset just failed $userDetail = $e->getMessage(); } $response = array('status' => $loginStatus, 'defaulted' => $default, 'login_url' => $login_url, 'detail' => $userDetail, "unrestricted" => $u->meetsRestrictionCriteria(), "has_alternate" => $u->hasAlternateEmail(), "email_allowed" => $u->emailIsAllowed(), "alternate_allowed" => $u->alternateIsAllowed(), "restriction_criteria" => $u->getRestrictionCriteria()); if ($default) { $response["provided_arguments"] = $_REQUEST; } return $response; }
} else { if ($captive_login) { header("Refresh: 0; url={$baseurl}"); $deferredJS .= "\nwindow.location.href=\"{$baseurl}\";"; } } // $random = "<li><a href='#' id='totp_help'>Help with Two-Factor Authentication</a></li>"; try { $has2fa = strbool($user->has2FA()); } catch (Exception $e) { $has2fa = false; } try { $emailHtml = "<p class='primary-email' data-alternate='false' data-user='******'>" . $user->getUsername(); $emailVerifiedBadge = $user->isVerified() ? " <span class='glyphicon glyphicon-check text-success' data-toggle='tooltip' title='Verified Email'></span>" : " <button class='btn btn-xs btn-success verify-email'>Verify Now</button>"; $unrestricted = $user->meetsRestrictionCriteria() ? " <span class='glyphicon glyphicon-star' data-toggle='tooltip' title='Unrestricted User'></span>" : ""; $emailHtml .= $emailVerifiedBadge . $unrestricted . "</p>"; if ($user->hasAlternateEmail()) { $alternateEmailHtml = "<p class='text-muted alternate-email' data-alternate='true' data-user='******'>" . $user->getAlternateEmail(); $emailVerifiedBadge = $user->isVerified(true) ? " <span class='glyphicon glyphicon-check text-success' data-toggle='tooltip' title='Verified Email'></span>" : " <button class='btn btn-xs btn-success verify-email'>Verify Now</button>"; $alternateEmailHtml .= $emailVerifiedBadge . " <button class='btn btn-xs btn-info' id='add-alternate'>Change</button></p>"; } else { $alternateEmailHtml = "<p class='text-muted alternate-email' data-alternate='true' data-user='******'>No alternate email set <button class='btn btn-xs btn-info' id='add-alternate'>Add One</button></p>"; } } catch (Exception $e) { $emailHtml = ""; $alternateEmailHtml = ""; } $settings_blob = "<section id='account_settings' class='panel panel-default clearfix'><div class='panel-heading'><h2 class='panel-title'>Settings</h2></div><div class='panel-body'>" . $emailHtml . $alternateEmailHtml . "<ul id='settings_list'><li><a href='#' id='showAdvancedOptions' data-domain='{$domain}' data-user-tfa='" . $has2fa . "' role='button' class='btn btn-default'>More Options</a></li>" . $verifyphone_link . $random . "</ul></div></section>"; $login_output .= "<div id='login_block'>"; $alt_forms = "<div id='alt_logins'>\n<!-- OpenID, Google, Twitter, Facebook -->\n</div>";
function searchUsers($get) { /*** * ***/ global $udb, $login_status; $q = $udb->sanitize($get['q']); $response = array('search' => $q); $search = array('username' => $q, 'name' => $q, 'dblink' => $q); $cols = array('username', 'name', 'dblink', "email_verified", "alternate_email_verified", "admin_flag", "alternate_email"); if (!empty($get['cols'])) { if (checkUserColumnExists($get['cols'], false)) { # Replace the defaults $colList = explode(',', $get['cols']); $search = array(); foreach ($colList as $col) { $col = trim($col); # If the column exists, we don't have to sanitize it # $col = $db->sanitize($col); $search[$col] = $q; $cols[] = $col; } } else { $response['notice'] = 'Invalid columns; defaults used'; $response["detail"] = checkUserColumnExists($get["cols"], false, true); } } $response['status'] = true; $result = $udb->getQueryResults($search, $cols, 'OR', true, true); $suFlag = $login_status['detail']['userdata']['su_flag']; $isSu = boolstr($suFlag); $adminFlag = $login_status['detail']['userdata']['admin_flag']; $isAdmin = boolstr($adminFlag); foreach ($result as $k => $entry) { $clean = array('email' => $entry['username'], 'uid' => $entry['dblink'], "has_verified_email" => boolstr($entry["email_verified"]) || boolstr($entry["alternate_email_verified"])); if ($isAdmin) { $clean["is_admin"] = boolstr($entry["admin_flag"]); $clean["alternate_email"] = $entry["alternate_email"]; $tmpUser = new UserFunctions($clean["email"]); $clean["unrestricted"] = $tmpUser->meetsRestrictionCriteria(); } $nameXml = $entry['name']; $xml = new Xml(); $xml->setXml($nameXml); $clean['first_name'] = htmlspecialchars_decode($xml->getTagContents('fname')); $clean['last_name'] = htmlspecialchars_decode($xml->getTagContents('lname')); $clean['full_name'] = htmlspecialchars_decode($xml->getTagContents('name')); $clean['handle'] = $xml->getTagContents('dname'); $result[$k] = $clean; } $response['result'] = $result; $response['count'] = sizeof($result); returnAjax($response); }