function SLAM_sendUserResetMail(&$config, $db)
{
    $email = sql_real_escape($_REQUEST['user_email'], $db->link);
    $auth = $db->GetRecords("SELECT * FROM `{$config->values['user_table']}` WHERE `email`='{$email}'");
    //GetRecords returns false on error
    if ($auth === false) {
        $config->errors[] = 'Database error: Could not send reset email, could not access user table:' . $db->ErrorState();
        return;
    } elseif (count($auth) < 1) {
        $config->errors[] = 'Could not send reset email, address is not valid.';
        return;
    }
    $reset_urls = '';
    foreach ($auth as $user) {
        /* make the secret key the user will use to reset his/her password */
        $secret = makeRandomAlpha(10);
        /* save the secret to the user */
        $prefs = unserialize($user['prefs']);
        $prefs['reset_secret'] = $secret;
        $prefs = sql_real_escape(serialize($prefs), $db->link);
        /* attempt to save the secret back to the user */
        $result = $db->Query("UPDATE `{$config->values['user_table']}` SET `prefs`='{$prefs}' WHERE `username`='{$user['username']}' LIMIT 1");
        if ($result === false) {
            $config->errors[] = 'Database error:  Could not send reset email, could not update user table:' . $db->ErrorState();
            return;
        }
        $referrer = explode('?', $_SERVER[HTTP_REFERER]);
        $reset_urls .= "For the account: \"{$user['username']}\":\n";
        $reset_urls .= $referrer[0] . "?action=user&user_action=reset_change&user_name=" . urlencode($user['username']) . "&secret={$secret}\n\n";
    }
    $message = <<<EOL
Someone from the IP address {$_SERVER[REMOTE_ADDR]} has requested that your account password be reset.
If you did not request this, you can safely ignore this message.

If you would like to reset your password, please click or copy/paste this address into your browser:

{$reset_urls}
EOL;
    if (mail($email, 'SLAM Password reset', wordwrap($message, 70) . $url, $config->values['mail_header']) !== true) {
        $config->errors[] = 'Could not send password reset email.';
    }
    return;
}
Пример #2
0
function write_SLAM_config()
{
    global $sql_create_required;
    global $sql_create_optional;
    /* check for the presence of the template files */
    $fail = array();
    if (($config_ini = file_get_contents('./configuration.ini')) == false) {
        $fail[] = "Could not read configuration file template.";
    }
    if (($prefs_ini = file_get_contents('./preferences.ini')) == false) {
        $fail[] = "Could not read preference file template.";
    }
    if (count($fail) > 0) {
        return $fail;
    }
    /* do a last check of the saved options before continuining */
    $fail = check_SLAM_options();
    if (count($fail) > 0) {
        return $fail;
    }
    /* retrieve all the saved options */
    $ini = get_SLAM_options();
    $options = array_merge($ini[0], $ini[1], $ini[2], $ini[3]);
    /* try and connect to the database */
    $server = $options['SLAM_DB_HOST'];
    $dbname = $options['SLAM_DB_NAME'];
    $dbuser = $options['SLAM_DB_USER'];
    $dbpass = $options['SLAM_DB_PASS'];
    $link = @mysql_connect($server, $dbuser, $dbpass, true);
    if ($link === false) {
        return array("Could not connect to the database with the provided credentials:" . mysql_error());
    }
    if (mysql_select_db($dbname, $link) === false) {
        if (!mysql_query("CREATE DATABASE '{$dbname}'", $link)) {
            return array("Specified database '{$dbname}' doesn't exist and couldn't be created!");
        } elseif (!mysql_select_db($dbname, $link)) {
            return array("Created database '{$dbname}', but couldn't select it!");
        }
    }
    /* create the required tables */
    foreach ($sql_create_required as $table) {
        if (mysql_query($table['sql'], $link) === false) {
            return array(mysql_error());
        }
    }
    /* step 1 options */
    $options['SLAM_CONF_PATH'] = rtrim($options['SLAM_CONF_PATH'], '/');
    $options['SLAM_FILE_ARCH_DIR'] = rtrim($options['SLAM_FILE_ARCH_DIR'], '/');
    $options['SLAM_FILE_TEMP_DIR'] = rtrim($options['SLAM_FILE_TEMP_DIR'], '/');
    if (!file_exists($options['SLAM_FILE_ARCH_DIR'])) {
        if (!mkdir($options['SLAM_FILE_ARCH_DIR'])) {
            return array("Could not create {$options['SLAM_FILE_ARCH_DIR']}.");
        }
    }
    if (!file_exists($options['SLAM_FILE_TEMP_DIR'])) {
        if (!mkdir($options['SLAM_FILE_TEMP_DIR'])) {
            return array("Could not create {$options['SLAM_FILE_TEMP_DIR']}.");
        }
    }
    /* step 2 options */
    /* create the optional categories */
    foreach ($options['SLAM_OPTIONAL_INSTALL'] as $i) {
        $name = base64_decode($options['SLAM_OPTIONAL_TABLE'][$i]);
        $prefix = $options['SLAM_OPTIONAL_PREFIX'][$i];
        $sql = $sql_create_optional[$name]['sql'];
        if (mysql_query($sql, $link) === false) {
            return array(mysql_error());
        }
        /* don't add the template category to the category list */
        if ($name == 'Template') {
            continue;
        }
        /* add the categories to the category table */
        if (SLAM_write_to_table($link, 'SLAM_Categories', array('Name' => $name, 'Prefix' => $prefix)) === false) {
            return array(mysql_error());
        }
    }
    /* step 3 options */
    if ($options['SLAM_CUSTOM_PROJECT'] != 'true') {
        $options['SLAM_CUSTOM_PROJECT'] = 'false';
    }
    foreach ($options['SLAM_PROJECT_NAME'] as $name) {
        if (SLAM_write_to_table($link, 'SLAM_Projects', array('Name' => $name)) === false) {
            return array(mysql_error());
        }
    }
    /* step 4 options */
    /* make the superuser account */
    $salt = makeRandomAlpha(8);
    $crypt = sha1($salt . $options['SLAM_ROOT_PASS_1']);
    if (SLAM_write_to_table($link, 'SLAM_Researchers', array('username' => $options['SLAM_ROOT_NAME'], 'email' => $options['SLAM_ROOT_EMAIL'], 'crypt' => $crypt, 'salt' => $salt, 'superuser' => '1')) === false) {
        return array(mysql_error());
    }
    /* create the other accounts */
    $errors = array();
    foreach ($options['SLAM_USERS'] as $index => $name) {
        # prevent an all-whitespace user
        if (preg_replace('/\\s+/', '', $name) == '') {
            continue;
        }
        $email = $options['SLAM_EMAILS'][$index];
        $salt = makeRandomAlpha(8);
        $crypt = sha1($salt . $options['SLAM_PASSWORDS'][$index]);
        if (is_array($options["SLAM_USER_PROJECTS_{$index}"])) {
            $projects = implode(',', $options["SLAM_USER_PROJECTS_{$index}"]);
        } else {
            $projects = '';
        }
        if (SLAM_write_to_table($link, 'SLAM_Researchers', array('username' => $name, 'email' => $email, 'crypt' => $crypt, 'salt' => $salt, 'superuser' => '0', 'projects' => $projects)) === false) {
            $errors[] = mysql_error();
        }
    }
    if (count($errors) > 0) {
        return $errors;
    }
    /* all done with the database */
    mysql_close($link);
    # write all of the simple replacements
    foreach ($options as $key => $value) {
        $config_ini = str_replace($key, $value, $config_ini);
        $prefs_ini = str_replace($key, $value, $prefs_ini);
    }
    # get installation path
    $path = $options['SLAM_CONF_PATH'];
    if (file_put_contents("{$path}/configuration.ini", $config_ini) === false) {
        return array("Could not write configuration file.");
    }
    if (file_put_contents("{$path}/preferences.ini", $prefs_ini) === false) {
        return array("Could not write preferences file.");
    }
    if (!unlink('./step_1.ini') || !unlink('./step_2.ini') || !unlink('./step_3.ini') || !unlink('./step_4.ini')) {
        return array("Could not remove step setup files.");
    }
    return true;
}