Пример #1
0
 $email = pdo_real_escape_string($_POST["email"]);
 $emailResult = pdo_query("SELECT id FROM " . qid("user") . " where email='{$email}'");
 add_last_sql_error("recoverPassword");
 if (pdo_num_rows($emailResult) == 0) {
     $xml .= "<warning>This email is not registered.</warning>";
 } else {
     // Create a new password
     $keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#\$%&";
     $length = 10;
     // seed with microseconds
     function make_seed_recoverpass()
     {
         list($usec, $sec) = explode(' ', microtime());
         return (double) $sec + (double) $usec * 100000;
     }
     srand(make_seed_recoverpass());
     $password = "";
     $max = strlen($keychars) - 1;
     for ($i = 0; $i <= $length; $i++) {
         $password .= substr($keychars, rand(0, $max), 1);
     }
     $currentURI = get_server_URI();
     $url = $currentURI . "/user.php";
     $text = "Hello,\n\n You have asked to recover your password for CDash.\n\n";
     $text .= "Your new password is: " . $password . "\n";
     $text .= "Please go to this page to login: "******"{$url}\n";
     $text .= "\n\nGenerated by CDash";
     if (cdashmail("{$email}", "CDash password recovery", $text, "From: CDash <" . $CDASH_EMAIL_FROM . ">\nReply-To: " . $CDASH_EMAIL_REPLY . "\nContent-type: text/plain; charset=utf-8\nX-Mailer: PHP/" . phpversion() . "\nMIME-Version: 1.0")) {
         $md5pass = md5($password);
         // If we can send the email we update the database
Пример #2
0
/** LDAP authentication */
function ldapAuthenticate($email, $password, $SessionCachePolicy, $rememberme)
{
    global $loginerror;
    $loginerror = "";
    include "cdash/config.php";
    include_once "models/user.php";
    $ldap = ldap_connect($CDASH_LDAP_HOSTNAME);
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $CDASH_LDAP_PROTOCOL_VERSION);
    ldap_set_option($ldap, LDAP_OPT_REFERRALS, $CDASH_LDAP_OPT_REFERRALS);
    // Bind as the LDAP user if authenticated ldap is enabled
    if ($CDASH_LDAP_AUTHENTICATED) {
        ldap_bind($ldap, $CDASH_LDAP_BIND_DN, $CDASH_LDAP_BIND_PASSWORD);
    }
    if (isset($ldap) && $ldap != '') {
        /* search for pid dn */
        $result = ldap_search($ldap, $CDASH_LDAP_BASEDN, '(&(mail=' . $email . ')' . $CDASH_LDAP_FILTER . ')', array('dn', 'cn'));
        if ($result != 0) {
            $entries = ldap_get_entries($ldap, $result);
            @($principal = $entries[0]['dn']);
            if (isset($principal)) {
                // bind as this user
                if (@ldap_bind($ldap, $principal, $password)) {
                    $sql = "SELECT id,password FROM " . qid("user") . " WHERE email='" . pdo_real_escape_string($email) . "'";
                    $result = pdo_query("{$sql}");
                    // If the user doesn't exist we add it
                    if (pdo_num_rows($result) == 0) {
                        @($givenname = $entries[0]['cn'][0]);
                        if (!isset($givenname)) {
                            $loginerror = 'No givenname (cn) set in LDAP, cannot register user into CDash';
                            return false;
                        }
                        $names = explode(" ", $givenname);
                        $User = new User();
                        if (count($names) > 1) {
                            $User->FirstName = $names[0];
                            $User->LastName = $names[1];
                            for ($i = 2; $i < count($names); $i++) {
                                $User->LastName .= " " . $names[$i];
                            }
                        } else {
                            $User->LastName = $names[0];
                        }
                        // Add the user in the database
                        $storedPassword = md5($password);
                        $User->Email = $email;
                        $User->Password = $storedPassword;
                        $User->Save();
                        $userid = $User->Id;
                    } else {
                        $user_array = pdo_fetch_array($result);
                        $storedPassword = $user_array["password"];
                        $userid = $user_array["id"];
                        // If the password has changed we update
                        if ($storedPassword != md5($password)) {
                            $User = new User();
                            $User->Id = $userid;
                            $User->SetPassword(md5($password));
                        }
                    }
                    if ($rememberme) {
                        $cookiename = "CDash-" . $_SERVER['SERVER_NAME'];
                        $time = time() + 60 * 60 * 24 * 30;
                        // 30 days;
                        // Create a new password
                        $keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
                        $length = 32;
                        // seed with microseconds
                        function make_seed_recoverpass()
                        {
                            list($usec, $sec) = explode(' ', microtime());
                            return (double) $sec + (double) $usec * 100000;
                        }
                        srand(make_seed_recoverpass());
                        $key = "";
                        $max = strlen($keychars) - 1;
                        for ($i = 0; $i <= $length; $i++) {
                            $key .= substr($keychars, rand(0, $max), 1);
                        }
                        $value = $userid . $key;
                        setcookie($cookiename, $value, $time);
                        // Update the user key
                        pdo_query("UPDATE " . qid("user") . " SET cookiekey='" . $key . "' WHERE id=" . qnum($userid));
                    }
                    session_name("CDash");
                    session_cache_limiter($SessionCachePolicy);
                    session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
                    @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
                    session_start();
                    // create the session array
                    if (isset($_SESSION['cdash']["password"])) {
                        $password = $_SESSION['cdash']["password"];
                    }
                    $sessionArray = array("login" => $email, "passwd" => $storedPassword, "ID" => session_id(), "valid" => 1, "loginid" => $userid);
                    $_SESSION['cdash'] = $sessionArray;
                    return true;
                } else {
                    $loginerror = "Wrong email or password.";
                    return false;
                }
            } else {
                $loginerror = 'User not found in LDAP';
            }
            ldap_free_result($result);
        } else {
            $loginerror = 'Error occured searching the LDAP';
        }
        ldap_close($ldap);
    } else {
        $loginerror = 'Could not connect to LDAP at ' . $CDASH_LDAP_HOSTNAME;
    }
    return false;
}
Пример #3
0
function generate_web_api_key()
{
    $keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    $length = 40;
    // seed with microseconds
    function make_seed_recoverpass()
    {
        list($usec, $sec) = explode(' ', microtime());
        return (double) $sec + (double) $usec * 100000;
    }
    srand(make_seed_recoverpass());
    $key = "";
    $max = strlen($keychars) - 1;
    for ($i = 0; $i < $length; $i++) {
        $key .= substr($keychars, rand(0, $max), 1);
    }
    return $key;
}
Пример #4
0
 function register_user($projectid, $email, $firstName, $lastName, $repositoryCredential)
 {
     include "cdash/config.php";
     $UserProject = new UserProject();
     $UserProject->ProjectId = $projectid;
     // Check if the user is already registered
     $user = pdo_query("SELECT id FROM " . qid("user") . " WHERE email='{$email}'");
     if (pdo_num_rows($user) > 0) {
         // Check if the user has been registered to the project
         $user_array2 = pdo_fetch_array($user);
         $userid = $user_array2["id"];
         $user = pdo_query("SELECT userid FROM user2project WHERE userid='{$userid}' AND projectid='{$projectid}'");
         if (pdo_num_rows($user) == 0) {
             // We register the user to the project
             pdo_query("INSERT INTO user2project (userid,projectid,role,emailtype)\n                                  VALUES ('{$userid}','{$projectid}','0','1')");
             // We add the credentials if not already added
             $UserProject->UserId = $userid;
             $UserProject->AddCredential($repositoryCredential);
             $UserProject->ProjectId = 0;
             $UserProject->AddCredential($email);
             // Add the email by default
             echo pdo_error();
             return false;
         }
         return "<error>User " . $email . " already registered.</error>";
     }
     // already registered
     // Check if the repositoryCredential exists for this project
     $UserProject->RepositoryCredential = $repositoryCredential;
     if ($UserProject->FillFromRepositoryCredential() === true) {
         return "<error>" . $repositoryCredential . " was already registered for this project under a different email address</error>";
     }
     // Register the user
     // Create a new password
     $keychars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
     $length = 10;
     srand(make_seed_recoverpass());
     $pass = "";
     $max = strlen($keychars) - 1;
     for ($i = 0; $i <= $length; $i++) {
         $pass .= substr($keychars, rand(0, $max), 1);
     }
     $encrypted = md5($pass);
     pdo_query("INSERT INTO " . qid("user") . " (email,password,firstname,lastname,institution,admin)\n                 VALUES ('{$email}','{$encrypted}','{$firstName}','{$lastName}','','0')");
     add_last_sql_error("register_user");
     $userid = pdo_insert_id("user");
     // Insert the user into the project
     pdo_query("INSERT INTO user2project (userid,projectid,role,emailtype)\n                                VALUES ('{$userid}','{$projectid}','0','1')");
     add_last_sql_error("register_user");
     // We add the credentials if not already added
     $UserProject->UserId = $userid;
     $UserProject->AddCredential($repositoryCredential);
     $UserProject->ProjectId = 0;
     $UserProject->AddCredential($email);
     // Add the email by default
     $currentURI = get_server_URI();
     $prefix = "";
     if (strlen($firstName) > 0) {
         $prefix = " ";
     }
     $project = pdo_query("SELECT name FROM project WHERE id='{$projectid}'");
     $project_array = pdo_fetch_array($project);
     $projectname = $project_array['name'];
     // Send the email
     $text = "Hello" . $prefix . $firstName . ",<br><br>";
     $text .= "You have been registered to CDash because you have CVS/SVN access to the repository for " . $projectname . " <br>";
     $text .= "To access your CDash account: " . $currentURI . "/user.php<br>";
     $text .= "Your login is: " . $email . "<br>";
     $text .= "Your password is: " . $pass . "<br>";
     $text .= "<br>Generated by CDash.";
     if (@cdashmail("{$email}", "CDash - " . $projectname . " : Subscription", "{$text}", "From: {$CDASH_EMAILADMIN}\nReply-To: no-reply\nContent-type: text/plain; charset=utf-8\nX-Mailer: PHP/" . phpversion() . "\nMIME-Version: 1.0\nContent-type: text/html; charset=UTF-8")) {
         echo "Email sent to: " . $email . "<br>";
     }
     return true;
 }