Exemplo n.º 1
0
function searchUsers($get)
{
    /***
     *
     ***/
    global $udb, $login_status;
    $q = $udb->sanitize($get['q']);
    $response = array('search' => $q);
    $search = array('username' => $q, 'name' => $q, 'dblink' => $q);
    $cols = array('username', 'name', 'dblink', "email_verified", "alternate_email_verified", "admin_flag", "alternate_email");
    if (!empty($get['cols'])) {
        if (checkUserColumnExists($get['cols'], false)) {
            # Replace the defaults
            $colList = explode(',', $get['cols']);
            $search = array();
            foreach ($colList as $col) {
                $col = trim($col);
                # If the column exists, we don't have to sanitize it
                # $col = $db->sanitize($col);
                $search[$col] = $q;
                $cols[] = $col;
            }
        } else {
            $response['notice'] = 'Invalid columns; defaults used';
            $response["detail"] = checkUserColumnExists($get["cols"], false, true);
        }
    }
    $response['status'] = true;
    $result = $udb->getQueryResults($search, $cols, 'OR', true, true);
    $suFlag = $login_status['detail']['userdata']['su_flag'];
    $isSu = boolstr($suFlag);
    $adminFlag = $login_status['detail']['userdata']['admin_flag'];
    $isAdmin = boolstr($adminFlag);
    foreach ($result as $k => $entry) {
        $clean = array('email' => $entry['username'], 'uid' => $entry['dblink'], "has_verified_email" => boolstr($entry["email_verified"]) || boolstr($entry["alternate_email_verified"]));
        if ($isAdmin) {
            $clean["is_admin"] = boolstr($entry["admin_flag"]);
            $clean["alternate_email"] = $entry["alternate_email"];
            $tmpUser = new UserFunctions($clean["email"]);
            $clean["unrestricted"] = $tmpUser->meetsRestrictionCriteria();
        }
        $nameXml = $entry['name'];
        $xml = new Xml();
        $xml->setXml($nameXml);
        $clean['first_name'] = htmlspecialchars_decode($xml->getTagContents('fname'));
        $clean['last_name'] = htmlspecialchars_decode($xml->getTagContents('lname'));
        $clean['full_name'] = htmlspecialchars_decode($xml->getTagContents('name'));
        $clean['handle'] = $xml->getTagContents('dname');
        $result[$k] = $clean;
    }
    $response['result'] = $result;
    $response['count'] = sizeof($result);
    returnAjax($response);
}
        $altPhone = "<p>Congratulations! Your phone number is verified.</p>";
    } catch (Exception $e) {
        $needPhone = false;
        $deferredJS .= "console.warn('An exception was thrown checking for SMS-ability:','" . $e->getMessage() . "');\n";
        $altPhone = "<p>You don't have a phone number registered with us. Please go to account settings and add a phone number.</p>";
    }
    $verifyphone_link = $needPhone ? "<li><a href='?q=verify'>Verify Phone</a></li>" : null;
    $phone_verify_form = $needPhone ? $phone_verify_template : $altPhone;
} catch (Exception $e) {
    # There have been no cookies set.
    $logged_in = false;
    $twofactor = "Please log in.";
}
if ($logged_in) {
    $xml->setXml($_COOKIE[$cookieperson]);
    $full_name = $xml->getTagContents("<name>");
    $first_name = $xml->getTagContents("<fname>");
    $display_name = $xml->getTagContents("<dname>");
    if (empty($first_name)) {
        $first_name = $_COOKIE[$cookieperson];
    }
} else {
    if ($captive_login) {
        header("Refresh: 0; url={$baseurl}");
        $deferredJS .= "\nwindow.location.href=\"{$baseurl}\";";
    }
}
// $random = "<li><a href='#' id='totp_help'>Help with Two-Factor Authentication</a></li>";
try {
    $has2fa = strbool($user->has2FA());
} catch (Exception $e) {
 public function writeToUser($data, $col, $validation_data = null, $replace = true, $alert_forbidden_column = true)
 {
     /***
      * Write data to a user column.
      *
      * @param string $data the data to be written
      * @param string $col the database column to be written to
      * @param array $validation_data data to verify access to the
      * user. An array of "password"=>$password or manually provided
      * cookie data with $this->linkColumn as the key. If this isn't
      * provided, cookies are used.
      * @param bool $replace whether to replace existing
      * data. Otherwise, it appends. Default: true.
      * @return
      ***/
     $vmeta = false;
     $error = false;
     if (empty($data) || empty($col)) {
         return array('status' => false, 'error' => 'Bad request');
     }
     $validated = false;
     if (is_array($validation_data)) {
         if (array_key_exists($this->linkColumn, $validation_data) && !empty($validation_data[$this->linkColumn])) {
             // confirm with validateUser();
             $validated = $this->validateUser($validation_data[$this->linkColumn], $validation_data['hash'], $validation_data['secret']);
             $method = 'Confirmation token';
             $where_col = $this->linkColumn;
             $user = $validation_data[$this->linkColumn];
         } elseif (array_key_exists('password', $validation_data)) {
             # confirm with lookupUser();
             # If TOTP is enabled, this lookup will always fail ...
             $vmeta = $this->lookupUser($validation_data['username'], $validation_data['password']);
             $validated = $vmeta[0];
             if ($validated) {
                 $this->getUser(array('username' => $validation_data['username']));
             }
             $method = 'Password';
         } elseif (array_key_exists('application_verification', $validation_data)) {
             # The user is accessing through an app. Check the
             # verification chain.
             $status = $this->verifyApp($validation_data['application_verification']);
             if ($status['status'] !== true) {
                 // array("status"=>false,"error"=>"Bad application verification","human_error"=>"There was a problem verifying the application","app_error_code"=>106);
                 return $status;
             }
         } else {
             return array('status' => false, 'error' => 'Bad validation data');
         }
     } else {
         $validated = $this->validateUser();
         $method = 'Cookie';
     }
     if ($validated) {
         $userdata = $this->getUser();
         $where_col = $this->linkColumn;
         $user = $userdata[$where_col];
         if (empty($user)) {
             return array('status' => false, 'error' => 'Problem assigning user');
         }
         // write it to the db
         // replace or append based on flag
         $real_col = $this->sanitize($col, true);
         if (!$replace) {
             # pull the existing data ...
             $l = $this->openDB();
             $prequery = "SELECT `{$real_col}` FROM `" . $this->getTable() . "` WHERE `{$where_col}`='{$user}'";
             # Look for relevent JSON entries or XML entries and replace them
             $r = mysqli_query($l, $prequery);
             $row = mysqli_fetch_row($r);
             $d = $row[0];
             $jd = json_decode($d, true);
             if ($jd == null) {
                 # XML -- only takes one tag in!!
                 $xml_data = explode('</', $data);
                 $tag = array_pop($xml_data);
                 $tag = $this->sanitize(substr($tag, 0, -1));
                 $tag = '<' . $tag . '>';
                 $xml = new Xml();
                 $xml->setXml($data);
                 $tag_data = $xml->getTagContents($tag);
                 $clean_tag_data = $this->sanitize($tag_data);
                 $new_data = $xml->updateTag($tag, $clean_tag_data);
             } else {
                 $jn = json_decode($data, true);
                 foreach ($jn as $k => $v) {
                     $ck = $this->sanitize($k);
                     $cv = $this->sanitize($v);
                     $jd[$ck] = $cv;
                 }
                 $new_data = json_encode($jd);
             }
             $real_data = mysqli_real_escape_string($l, $new_data);
         } else {
             $real_data = $this->sanitize($data);
         }
         if (empty($real_data)) {
             return array('status' => false, 'error' => 'Invalid input data (sanitization error)');
         }
         $query = 'UPDATE `' . $this->getTable() . "` SET `{$real_col}`=\"" . $real_data . "\" WHERE `{$where_col}`='{$user}'";
         $l = $this->openDB();
         mysqli_query($l, 'BEGIN');
         $r = mysqli_query($l, $query);
         $finish_query = $r ? 'COMMIT' : 'ROLLBACK';
         if ($finish_query == 'ROLLBACK') {
             $error = mysqli_error($l);
         }
         $r2 = mysqli_query($l, $finish_query);
         return array('status' => $r, 'data' => $data, 'col' => $col, 'action' => $finish_query, 'result' => $r2, 'method' => $method, 'error' => $error);
     } else {
         return array('status' => false, 'error' => 'Bad validation', 'method' => $method, 'validated_meta' => $vmeta, 'working_data' => $validation_data, 'link_col' => $this->linkColumn);
     }
     #,"validated_details_token"=>$this->validateUser($validation_data[$this->linkColumn],$validation_data['hash'],$validation_data['secret'],true));
 }