$email = pdo_real_escape_string($_POST["email"]);
$emailResult = pdo_query("SELECT id FROM " . qid("user") . " where email='{$email}'");
add_last_sql_error("recoverPassword");
if (pdo_num_rows($emailResult) == 0) {
$xml .= "<warning>This email is not registered.</warning>";
} else {
// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#\$%&";
$length = 10;
// seed with microseconds
function make_seed_recoverpass()
{
list($usec, $sec) = explode(' ', microtime());
return (double) $sec + (double) $usec * 100000;
}
srand(make_seed_recoverpass());
$password = "";
$max = strlen($keychars) - 1;
for ($i = 0; $i <= $length; $i++) {
$password .= substr($keychars, rand(0, $max), 1);
}
$currentURI = get_server_URI();
$url = $currentURI . "/user.php";
$text = "Hello,\n\n You have asked to recover your password for CDash.\n\n";
$text .= "Your new password is: " . $password . "\n";
$text .= "Please go to this page to login: "******"{$url}\n";
$text .= "\n\nGenerated by CDash";
if (cdashmail("{$email}", "CDash password recovery", $text, "From: CDash <" . $CDASH_EMAIL_FROM . ">\nReply-To: " . $CDASH_EMAIL_REPLY . "\nContent-type: text/plain; charset=utf-8\nX-Mailer: PHP/" . phpversion() . "\nMIME-Version: 1.0")) {
$md5pass = md5($password);
// If we can send the email we update the database
/** LDAP authentication */
function ldapAuthenticate($email, $password, $SessionCachePolicy, $rememberme)
{
global $loginerror;
$loginerror = "";
include "cdash/config.php";
include_once "models/user.php";
$ldap = ldap_connect($CDASH_LDAP_HOSTNAME);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $CDASH_LDAP_PROTOCOL_VERSION);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, $CDASH_LDAP_OPT_REFERRALS);
// Bind as the LDAP user if authenticated ldap is enabled
if ($CDASH_LDAP_AUTHENTICATED) {
ldap_bind($ldap, $CDASH_LDAP_BIND_DN, $CDASH_LDAP_BIND_PASSWORD);
}
if (isset($ldap) && $ldap != '') {
/* search for pid dn */
$result = ldap_search($ldap, $CDASH_LDAP_BASEDN, '(&(mail=' . $email . ')' . $CDASH_LDAP_FILTER . ')', array('dn', 'cn'));
if ($result != 0) {
$entries = ldap_get_entries($ldap, $result);
@($principal = $entries[0]['dn']);
if (isset($principal)) {
// bind as this user
if (@ldap_bind($ldap, $principal, $password)) {
$sql = "SELECT id,password FROM " . qid("user") . " WHERE email='" . pdo_real_escape_string($email) . "'";
$result = pdo_query("{$sql}");
// If the user doesn't exist we add it
if (pdo_num_rows($result) == 0) {
@($givenname = $entries[0]['cn'][0]);
if (!isset($givenname)) {
$loginerror = 'No givenname (cn) set in LDAP, cannot register user into CDash';
return false;
}
$names = explode(" ", $givenname);
$User = new User();
if (count($names) > 1) {
$User->FirstName = $names[0];
$User->LastName = $names[1];
for ($i = 2; $i < count($names); $i++) {
$User->LastName .= " " . $names[$i];
}
} else {
$User->LastName = $names[0];
}
// Add the user in the database
$storedPassword = md5($password);
$User->Email = $email;
$User->Password = $storedPassword;
$User->Save();
$userid = $User->Id;
} else {
$user_array = pdo_fetch_array($result);
$storedPassword = $user_array["password"];
$userid = $user_array["id"];
// If the password has changed we update
if ($storedPassword != md5($password)) {
$User = new User();
$User->Id = $userid;
$User->SetPassword(md5($password));
}
}
if ($rememberme) {
$cookiename = "CDash-" . $_SERVER['SERVER_NAME'];
$time = time() + 60 * 60 * 24 * 30;
// 30 days;
// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = 32;
// seed with microseconds
function make_seed_recoverpass()
{
list($usec, $sec) = explode(' ', microtime());
return (double) $sec + (double) $usec * 100000;
}
srand(make_seed_recoverpass());
$key = "";
$max = strlen($keychars) - 1;
for ($i = 0; $i <= $length; $i++) {
$key .= substr($keychars, rand(0, $max), 1);
}
$value = $userid . $key;
setcookie($cookiename, $value, $time);
// Update the user key
pdo_query("UPDATE " . qid("user") . " SET cookiekey='" . $key . "' WHERE id=" . qnum($userid));
}
session_name("CDash");
session_cache_limiter($SessionCachePolicy);
session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
@ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
session_start();
// create the session array
if (isset($_SESSION['cdash']["password"])) {
$password = $_SESSION['cdash']["password"];
}
$sessionArray = array("login" => $email, "passwd" => $storedPassword, "ID" => session_id(), "valid" => 1, "loginid" => $userid);
$_SESSION['cdash'] = $sessionArray;
return true;
} else {
$loginerror = "Wrong email or password.";
return false;
}
} else {
$loginerror = 'User not found in LDAP';
}
ldap_free_result($result);
} else {
$loginerror = 'Error occured searching the LDAP';
}
ldap_close($ldap);
} else {
$loginerror = 'Could not connect to LDAP at ' . $CDASH_LDAP_HOSTNAME;
}
return false;
}
function generate_web_api_key()
{
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = 40;
// seed with microseconds
function make_seed_recoverpass()
{
list($usec, $sec) = explode(' ', microtime());
return (double) $sec + (double) $usec * 100000;
}
srand(make_seed_recoverpass());
$key = "";
$max = strlen($keychars) - 1;
for ($i = 0; $i < $length; $i++) {
$key .= substr($keychars, rand(0, $max), 1);
}
return $key;
}
function register_user($projectid, $email, $firstName, $lastName, $repositoryCredential)
{
include "cdash/config.php";
$UserProject = new UserProject();
$UserProject->ProjectId = $projectid;
// Check if the user is already registered
$user = pdo_query("SELECT id FROM " . qid("user") . " WHERE email='{$email}'");
if (pdo_num_rows($user) > 0) {
// Check if the user has been registered to the project
$user_array2 = pdo_fetch_array($user);
$userid = $user_array2["id"];
$user = pdo_query("SELECT userid FROM user2project WHERE userid='{$userid}' AND projectid='{$projectid}'");
if (pdo_num_rows($user) == 0) {
// We register the user to the project
pdo_query("INSERT INTO user2project (userid,projectid,role,emailtype)\n VALUES ('{$userid}','{$projectid}','0','1')");
// We add the credentials if not already added
$UserProject->UserId = $userid;
$UserProject->AddCredential($repositoryCredential);
$UserProject->ProjectId = 0;
$UserProject->AddCredential($email);
// Add the email by default
echo pdo_error();
return false;
}
return "<error>User " . $email . " already registered.</error>";
}
// already registered
// Check if the repositoryCredential exists for this project
$UserProject->RepositoryCredential = $repositoryCredential;
if ($UserProject->FillFromRepositoryCredential() === true) {
return "<error>" . $repositoryCredential . " was already registered for this project under a different email address</error>";
}
// Register the user
// Create a new password
$keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$length = 10;
srand(make_seed_recoverpass());
$pass = "";
$max = strlen($keychars) - 1;
for ($i = 0; $i <= $length; $i++) {
$pass .= substr($keychars, rand(0, $max), 1);
}
$encrypted = md5($pass);
pdo_query("INSERT INTO " . qid("user") . " (email,password,firstname,lastname,institution,admin)\n VALUES ('{$email}','{$encrypted}','{$firstName}','{$lastName}','','0')");
add_last_sql_error("register_user");
$userid = pdo_insert_id("user");
// Insert the user into the project
pdo_query("INSERT INTO user2project (userid,projectid,role,emailtype)\n VALUES ('{$userid}','{$projectid}','0','1')");
add_last_sql_error("register_user");
// We add the credentials if not already added
$UserProject->UserId = $userid;
$UserProject->AddCredential($repositoryCredential);
$UserProject->ProjectId = 0;
$UserProject->AddCredential($email);
// Add the email by default
$currentURI = get_server_URI();
$prefix = "";
if (strlen($firstName) > 0) {
$prefix = " ";
}
$project = pdo_query("SELECT name FROM project WHERE id='{$projectid}'");
$project_array = pdo_fetch_array($project);
$projectname = $project_array['name'];
// Send the email
$text = "Hello" . $prefix . $firstName . ",<br><br>";
$text .= "You have been registered to CDash because you have CVS/SVN access to the repository for " . $projectname . " <br>";
$text .= "To access your CDash account: " . $currentURI . "/user.php<br>";
$text .= "Your login is: " . $email . "<br>";
$text .= "Your password is: " . $pass . "<br>";
$text .= "<br>Generated by CDash.";
if (@cdashmail("{$email}", "CDash - " . $projectname . " : Subscription", "{$text}", "From: {$CDASH_EMAILADMIN}\nReply-To: no-reply\nContent-type: text/plain; charset=utf-8\nX-Mailer: PHP/" . phpversion() . "\nMIME-Version: 1.0\nContent-type: text/html; charset=UTF-8")) {
echo "Email sent to: " . $email . "<br>";
}
return true;
}