echo $return_values;
break;
/**
* EDIT user
*/
/**
* EDIT user
*/
case "store_user_changes":
// Check KEY
if ($_POST['key'] != $_SESSION['key']) {
// error
exit;
}
// decrypt and retreive data in JSON format
$dataReceived = prepareExchangedData($_POST['data'], "decode");
// Empty user
if (mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['login'])) == "") {
echo '[ { "error" : "' . addslashes($LANG['error_empty_data']) . '" } ]';
break;
}
$account_status_action = mysqli_escape_string($link, htmlspecialchars_decode($dataReceived['action_on_user']));
// delete account
// delete user in database
if ($account_status_action == "delete") {
DB::delete(prefix_table("users"), "id = %i", $_POST['id']);
// delete personal folder and subfolders
$data = DB::queryfirstrow("SELECT id FROM " . prefix_table("nested_tree") . "\n WHERE title = %s AND personal_folder = %i", $_POST['id'], "1");
// Get through each subfolder
if (!empty($data['id'])) {
$folders = $tree->getDescendants($data['id'], true);
function identifyUser($sentData)
{
global $debugLdap, $debugDuo, $k;
include $_SESSION['settings']['cpassman_dir'] . '/includes/settings.php';
header("Content-type: text/html; charset=utf-8");
error_reporting(E_ERROR);
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/main.functions.php';
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
if ($debugDuo == 1) {
$dbgDuo = fopen($_SESSION['settings']['path_to_files_folder'] . "/duo.debug.txt", "a");
}
/*
if (empty($sentData) && isset($_COOKIE['TeamPassC'])) {
$sentData = prepareExchangedData($_COOKIE['TeamPassC'], "encode");
setcookie('TeamPassC', "", time()-3600);
}
*/
if ($debugDuo == 1) {
fputs($dbgDuo, "Content of data sent '" . $sentData . "'\n");
}
// connect to the server
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
//Load AES
$aes = new SplClassLoader('Encryption\\Crypt', '../includes/libraries');
$aes->register();
// load passwordLib library
$pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries');
$pwdlib->register();
$pwdlib = new PasswordLib\PasswordLib();
// User's language loading
$k['langage'] = @$_SESSION['user_language'];
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/language/' . $_SESSION['user_language'] . '.php';
// decrypt and retreive data in JSON format
$dataReceived = prepareExchangedData($sentData, "decode");
// Prepare variables
$passwordClear = htmlspecialchars_decode($dataReceived['pw']);
$passwordOldEncryption = encryptOld(htmlspecialchars_decode($dataReceived['pw']));
$username = htmlspecialchars_decode($dataReceived['login']);
$logError = "";
if ($debugDuo == 1) {
fputs($dbgDuo, "Starting authentication of '" . $username . "'\n");
}
// GET SALT KEY LENGTH
if (strlen(SALT) > 32) {
$_SESSION['error']['salt'] = true;
}
$_SESSION['user_language'] = $k['langage'];
$ldapConnection = false;
/* LDAP connection */
if ($debugLdap == 1) {
// create temp file
$dbgLdap = fopen($_SESSION['settings']['path_to_files_folder'] . "/ldap.debug.txt", "w");
fputs($dbgLdap, "Get all LDAP params : \n" . 'mode : ' . $_SESSION['settings']['ldap_mode'] . "\n" . 'type : ' . $_SESSION['settings']['ldap_type'] . "\n" . 'base_dn : ' . $_SESSION['settings']['ldap_domain_dn'] . "\n" . 'search_base : ' . $_SESSION['settings']['ldap_search_base'] . "\n" . 'bind_dn : ' . $_SESSION['settings']['ldap_bind_dn'] . "\n" . 'bind_passwd : ' . $_SESSION['settings']['ldap_bind_passwd'] . "\n" . 'user_attribute : ' . $_SESSION['settings']['ldap_user_attribute'] . "\n" . 'account_suffix : ' . $_SESSION['settings']['ldap_suffix'] . "\n" . 'domain_controllers : ' . $_SESSION['settings']['ldap_domain_controler'] . "\n" . 'use_ssl : ' . $_SESSION['settings']['ldap_ssl'] . "\n" . 'use_tls : ' . $_SESSION['settings']['ldap_tls'] . "\n*********\n\n");
}
if ($debugDuo == 1) {
fputs($dbgDuo, "LDAP status: " . $_SESSION['settings']['ldap_mode'] . "\n");
}
if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $username != "admin") {
//Multiple Domain Names
if (strpos(html_entity_decode($username), '\\') == true) {
$ldap_suffix = "@" . substr(html_entity_decode($username), 0, strpos(html_entity_decode($username), '\\'));
$username = substr(html_entity_decode($username), strpos(html_entity_decode($username), '\\') + 1);
}
if ($_SESSION['settings']['ldap_type'] == 'posix-search') {
$ldapconn = ldap_connect($_SESSION['settings']['ldap_domain_controler']);
if ($debugLdap == 1) {
fputs($dbgLdap, "LDAP connection : " . ($ldapconn ? "Connected" : "Failed") . "\n");
}
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($ldapconn) {
$ldapbind = ldap_bind($ldapconn, $_SESSION['settings']['ldap_bind_dn'], $_SESSION['settings']['ldap_bind_passwd']);
if ($debugLdap == 1) {
fputs($dbgLdap, "LDAP bind : " . ($ldapbind ? "Bound" : "Failed") . "\n");
}
if ($ldapbind) {
$filter = "(&(" . $_SESSION['settings']['ldap_user_attribute'] . "={$username})(objectClass=posixAccount))";
$result = ldap_search($ldapconn, $_SESSION['settings']['ldap_search_base'], $filter, array('dn'));
if ($debugLdap == 1) {
fputs($dbgLdap, 'Search filter : ' . $filter . "\n" . 'Results : ' . print_r(ldap_get_entries($ldapconn, $result), true) . "\n");
}
if (ldap_count_entries($ldapconn, $result)) {
// try auth
$result = ldap_get_entries($ldapconn, $result);
$user_dn = $result[0]['dn'];
$ldapbind = ldap_bind($ldapconn, $user_dn, $passwordClear);
if ($ldapbind) {
$ldapConnection = true;
} else {
$ldapConnection = false;
}
}
} else {
$ldapConnection = false;
}
} else {
$ldapConnection = false;
}
} else {
if ($debugLdap == 1) {
fputs($dbgLdap, "Get all ldap params : \n" . 'base_dn : ' . $_SESSION['settings']['ldap_domain_dn'] . "\n" . 'account_suffix : ' . $_SESSION['settings']['ldap_suffix'] . "\n" . 'domain_controllers : ' . $_SESSION['settings']['ldap_domain_controler'] . "\n" . 'use_ssl : ' . $_SESSION['settings']['ldap_ssl'] . "\n" . 'use_tls : ' . $_SESSION['settings']['ldap_tls'] . "\n*********\n\n");
}
$adldap = new SplClassLoader('LDAP\\adLDAP', '../includes/libraries');
$adldap->register();
// Posix style LDAP handles user searches a bit differently
if ($_SESSION['settings']['ldap_type'] == 'posix') {
$ldap_suffix = ',' . $_SESSION['settings']['ldap_suffix'] . ',' . $_SESSION['settings']['ldap_domain_dn'];
} elseif ($_SESSION['settings']['ldap_type'] == 'windows' and $ldap_suffix == '') {
//Multiple Domain Names
$ldap_suffix = $_SESSION['settings']['ldap_suffix'];
}
$adldap = new LDAP\adLDAP\adLDAP(array('base_dn' => $_SESSION['settings']['ldap_domain_dn'], 'account_suffix' => $ldap_suffix, 'domain_controllers' => explode(",", $_SESSION['settings']['ldap_domain_controler']), 'use_ssl' => $_SESSION['settings']['ldap_ssl'], 'use_tls' => $_SESSION['settings']['ldap_tls']));
if ($debugLdap == 1) {
fputs($dbgLdap, "Create new adldap object : " . $adldap->get_last_error() . "\n\n\n");
//Debug
}
// openLDAP expects an attribute=value pair
if ($_SESSION['settings']['ldap_type'] == 'posix') {
$auth_username = $_SESSION['settings']['ldap_user_attribute'] . '=' . $username;
} else {
$auth_username = $username;
}
// authenticate the user
if ($adldap->authenticate($auth_username, html_entity_decode($passwordClear))) {
$ldapConnection = true;
//update user's password
$data['pw'] = $pwdlib->createPasswordHash($passwordClear);
DB::update(prefix_table('users'), array('pw' => $data['pw']), "login=%s", $username);
} else {
$ldapConnection = false;
}
if ($debugLdap == 1) {
fputs($dbgLdap, "After authenticate : " . $adldap->get_last_error() . "\n\n\n" . "ldap status : " . $ldapConnection . "\n\n\n");
//Debug
}
}
} else {
if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 2) {
// nothing
}
}
// Check if user exists
$data = DB::queryFirstRow("SELECT * FROM " . prefix_table("users") . " WHERE login=%s_login", array('login' => $username));
$counter = DB::count();
if ($debugDuo == 1) {
fputs($dbgDuo, "USer exists: " . $counter . "\n");
}
// Check PSK
if (isset($_SESSION['settings']['psk_authentication']) && $_SESSION['settings']['psk_authentication'] == 1 && $data['admin'] != 1) {
$psk = htmlspecialchars_decode($dataReceived['psk']);
$pskConfirm = htmlspecialchars_decode($dataReceived['psk_confirm']);
if (empty($psk)) {
echo '[{"value" : "psk_required"}]';
exit;
} elseif (empty($data['psk'])) {
if (empty($pskConfirm)) {
echo '[{"value" : "bad_psk_confirmation"}]';
exit;
} else {
$_SESSION['my_sk'] = $psk;
}
} elseif ($pwdlib->verifyPasswordHash($psk, $data['psk']) === true) {
echo '[{"value" : "bad_psk"}]';
exit;
}
}
$proceedIdentification = false;
if ($counter > 0) {
$proceedIdentification = true;
} elseif ($counter == 0 && $ldapConnection == true && isset($_SESSION['settings']['ldap_elusers']) && $_SESSION['settings']['ldap_elusers'] == 0) {
// If LDAP enabled, create user in CPM if doesn't exist
$data['pw'] = $pwdlib->createPasswordHash($passwordClear);
// create passwordhash
DB::insert(prefix_table('users'), array('login' => $username, 'pw' => $data['pw'], 'email' => "", 'admin' => '0', 'gestionnaire' => '0', 'personal_folder' => $_SESSION['settings']['enable_pf_feature'] == "1" ? '1' : '0', 'fonction_id' => '0', 'groupes_interdits' => '0', 'groupes_visibles' => '0', 'last_pw_change' => time(), 'user_language' => $_SESSION['settings']['default_language']));
$newUserId = DB::insertId();
// Create personnal folder
if ($_SESSION['settings']['enable_pf_feature'] == "1") {
DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => $newUserId, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1'));
}
// Get info for user
//$sql = "SELECT * FROM ".prefix_table("users")." WHERE login = '******'";
//$row = $db->query($sql);
$proceedIdentification = true;
}
// Check if user exists (and has been created in case of new LDAP user)
$data = DB::queryFirstRow("SELECT * FROM " . prefix_table("users") . " WHERE login=%s_login", array('login' => $username));
$counter = DB::count();
if ($counter == 0) {
echo '[{"value" : "user_not_exists", "text":""}]';
exit;
}
if ($debugDuo == 1) {
fputs($dbgDuo, "USer exists (confirm): " . $counter . "\n");
}
// check GA code
if (isset($_SESSION['settings']['2factors_authentication']) && $_SESSION['settings']['2factors_authentication'] == 1 && $username != "admin") {
if (isset($dataReceived['GACode']) && !empty($dataReceived['GACode'])) {
include_once $_SESSION['settings']['cpassman_dir'] . "/includes/libraries/Authentication/GoogleAuthenticator/FixedBitNotation.php";
include_once $_SESSION['settings']['cpassman_dir'] . "/includes/libraries/Authentication/GoogleAuthenticator/GoogleAuthenticator.php";
$g = new Authentication\GoogleAuthenticator\GoogleAuthenticator();
if ($g->checkCode($data['ga'], $dataReceived['GACode'])) {
$proceedIdentification = true;
} else {
$proceedIdentification = false;
$logError = "ga_code_wrong";
}
} else {
$proceedIdentification = false;
$logError = "ga_code_wrong";
}
}
if ($debugDuo == 1) {
fputs($dbgDuo, "Proceed with Ident: " . $proceedIdentification . "\n");
}
if ($proceedIdentification === true) {
// User exists in the DB
//$data = $db->fetchArray($row);
//v2.1.17 -> change encryption for users password
if ($passwordOldEncryption == $data['pw'] && !empty($data['pw'])) {
//update user's password
$data['pw'] = bCrypt($passwordClear, COST);
DB::update(prefix_table('users'), array('pw' => $data['pw']), "id=%i", $data['id']);
}
if (crypt($passwordClear, $data['pw']) == $data['pw'] && !empty($data['pw'])) {
//update user's password
$data['pw'] = $pwdlib->createPasswordHash($passwordClear);
DB::update(prefix_table('users'), array('pw' => $data['pw']), "id=%i", $data['id']);
}
// check the given password
if ($pwdlib->verifyPasswordHash($passwordClear, $data['pw']) === true) {
$userPasswordVerified = true;
} else {
$userPasswordVerified = false;
}
if ($debugDuo == 1) {
fputs($dbgDuo, "User's password verified: " . $userPasswordVerified . "\n");
}
// Can connect if
// 1- no LDAP mode + user enabled + pw ok
// 2- LDAP mode + user enabled + ldap connection ok + user is not admin
// 3- LDAP mode + user enabled + pw ok + usre is admin
// This in order to allow admin by default to connect even if LDAP is activated
if (isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 0 && $userPasswordVerified == true && $data['disabled'] == 0 || isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $ldapConnection == true && $data['disabled'] == 0 && $username != "admin" || isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 2 && $ldapConnection == true && $data['disabled'] == 0 && $username != "admin" || isset($_SESSION['settings']['ldap_mode']) && $_SESSION['settings']['ldap_mode'] == 1 && $username == "admin" && $userPasswordVerified == true && $data['disabled'] == 0) {
$_SESSION['autoriser'] = true;
// Generate a ramdom ID
$key = $pwdlib->getRandomToken(50);
if ($debugDuo == 1) {
fputs($dbgDuo, "User's token: " . $key . "\n");
}
// Log into DB the user's connection
if (isset($_SESSION['settings']['log_connections']) && $_SESSION['settings']['log_connections'] == 1) {
logEvents('user_connection', 'connection', $data['id']);
}
// Save account in SESSION
$_SESSION['login'] = stripslashes($username);
$_SESSION['name'] = stripslashes($data['name']);
$_SESSION['lastname'] = stripslashes($data['lastname']);
$_SESSION['user_id'] = $data['id'];
$_SESSION['user_admin'] = $data['admin'];
$_SESSION['user_manager'] = $data['gestionnaire'];
$_SESSION['user_read_only'] = $data['read_only'];
$_SESSION['last_pw_change'] = $data['last_pw_change'];
$_SESSION['last_pw'] = $data['last_pw'];
$_SESSION['can_create_root_folder'] = $data['can_create_root_folder'];
$_SESSION['key'] = $key;
$_SESSION['personal_folder'] = $data['personal_folder'];
$_SESSION['user_language'] = $data['user_language'];
$_SESSION['user_email'] = $data['email'];
$_SESSION['user_ga'] = $data['ga'];
$_SESSION['user_avatar'] = $data['avatar'];
$_SESSION['user_avatar_thumb'] = $data['avatar_thumb'];
$_SESSION['user_upgrade_needed'] = $data['upgrade_needed'];
// manage session expiration
$serverTime = time();
if ($dataReceived['TimezoneOffset'] > 0) {
$userTime = $serverTime + $dataReceived['TimezoneOffset'];
} else {
$userTime = $serverTime;
}
$_SESSION['fin_session'] = $userTime + $dataReceived['duree_session'] * 60;
/* If this option is set user password MD5 is used as personal SALTKey */
if (isset($_SESSION['settings']['use_md5_password_as_salt']) && $_SESSION['settings']['use_md5_password_as_salt'] == 1) {
$_SESSION['my_sk'] = md5($passwordClear);
setcookie("TeamPass_PFSK_" . md5($_SESSION['user_id']), encrypt($_SESSION['my_sk'], ""), time() + 60 * 60 * 24 * $_SESSION['settings']['personal_saltkey_cookie_duration'], '/');
}
@syslog(LOG_WARNING, "User logged in - " . $_SESSION['user_id'] . " - " . date("Y/m/d H:i:s") . " {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
if (empty($data['last_connexion'])) {
$_SESSION['derniere_connexion'] = time();
} else {
$_SESSION['derniere_connexion'] = $data['last_connexion'];
}
if (!empty($data['latest_items'])) {
$_SESSION['latest_items'] = explode(';', $data['latest_items']);
} else {
$_SESSION['latest_items'] = array();
}
if (!empty($data['favourites'])) {
$_SESSION['favourites'] = explode(';', $data['favourites']);
} else {
$_SESSION['favourites'] = array();
}
if (!empty($data['groupes_visibles'])) {
$_SESSION['groupes_visibles'] = @implode(';', $data['groupes_visibles']);
} else {
$_SESSION['groupes_visibles'] = array();
}
if (!empty($data['groupes_interdits'])) {
$_SESSION['groupes_interdits'] = @implode(';', $data['groupes_interdits']);
} else {
$_SESSION['groupes_interdits'] = array();
}
// User's roles
$_SESSION['fonction_id'] = $data['fonction_id'];
$_SESSION['user_roles'] = explode(";", $data['fonction_id']);
// build array of roles
$_SESSION['user_pw_complexity'] = 0;
$_SESSION['arr_roles'] = array();
foreach (array_filter(explode(';', $_SESSION['fonction_id'])) as $role) {
$resRoles = DB::queryFirstRow("SELECT title, complexity FROM " . prefix_table("roles_title") . " WHERE id=%i", $role);
$_SESSION['arr_roles'][$role] = array('id' => $role, 'title' => $resRoles['title']);
// get highest complexity
if ($_SESSION['user_pw_complexity'] < $resRoles['complexity']) {
$_SESSION['user_pw_complexity'] = $resRoles['complexity'];
}
}
// build complete array of roles
$_SESSION['arr_roles_full'] = array();
$rows = DB::query("SELECT id, title FROM " . prefix_table("roles_title") . " ORDER BY title ASC");
foreach ($rows as $record) {
$_SESSION['arr_roles_full'][$record['id']] = array('id' => $record['id'], 'title' => $record['title']);
}
// Set some settings
$_SESSION['user']['find_cookie'] = false;
$_SESSION['settings']['update_needed'] = "";
// Update table
DB::update(prefix_table('users'), array('key_tempo' => $_SESSION['key'], 'last_connexion' => time(), 'timestamp' => time(), 'disabled' => 0, 'no_bad_attempts' => 0, 'session_end' => $_SESSION['fin_session'], 'psk' => $pwdlib->createPasswordHash(htmlspecialchars_decode($psk))), "id=%i", $data['id']);
if ($debugDuo == 1) {
fputs($dbgDuo, "Preparing to identify the user rights\n");
}
// Get user's rights
identifyUserRights($data['groupes_visibles'], $_SESSION['groupes_interdits'], $data['admin'], $data['fonction_id'], false);
// Get some more elements
$_SESSION['screenHeight'] = $dataReceived['screenHeight'];
// Get last seen items
$_SESSION['latest_items_tab'][] = "";
foreach ($_SESSION['latest_items'] as $item) {
if (!empty($item)) {
$data = DB::queryFirstRow("SELECT id,label,id_tree FROM " . prefix_table("items") . " WHERE id=%i", $item);
$_SESSION['latest_items_tab'][$item] = array('id' => $item, 'label' => $data['label'], 'url' => 'index.php?page=items&group=' . $data['id_tree'] . '&id=' . $item);
}
}
// send back the random key
$return = $dataReceived['randomstring'];
// Send email
if (isset($_SESSION['settings']['enable_send_email_on_user_login']) && $_SESSION['settings']['enable_send_email_on_user_login'] == 1 && $_SESSION['user_admin'] != 1) {
// get all Admin users
$receivers = "";
$rows = DB::query("SELECT email FROM " . prefix_table("users") . " WHERE admin = %i", 1);
foreach ($rows as $record) {
if (empty($receivers)) {
$receivers = $record['email'];
} else {
$receivers = "," . $record['email'];
}
}
// Add email to table
DB::insert(prefix_table("emails"), array('timestamp' => time(), 'subject' => $LANG['email_subject_on_user_login'], 'body' => str_replace(array('#tp_user#', '#tp_date#', '#tp_time#'), array(" " . $_SESSION['login'], date($_SESSION['settings']['date_format'], $_SESSION['derniere_connexion']), date($_SESSION['settings']['time_format'], $_SESSION['derniere_connexion'])), $LANG['email_body_on_user_login']), 'receivers' => $receivers, 'status' => "not sent"));
}
} elseif ($data['disabled'] == 1) {
// User and password is okay but account is locked
$return = "user_is_locked";
} else {
// User exists in the DB but Password is false
// check if user is locked
$userIsLocked = 0;
$nbAttempts = intval($data['no_bad_attempts'] + 1);
if ($_SESSION['settings']['nb_bad_authentication'] > 0 && intval($_SESSION['settings']['nb_bad_authentication']) < $nbAttempts) {
$userIsLocked = 1;
// log it
if (isset($_SESSION['settings']['log_connections']) && $_SESSION['settings']['log_connections'] == 1) {
logEvents('user_locked', 'connection', $data['id']);
}
}
DB::update(prefix_table('users'), array('key_tempo' => $_SESSION['key'], 'last_connexion' => time(), 'disabled' => $userIsLocked, 'no_bad_attempts' => $nbAttempts), "id=%i", $data['id']);
// What return shoulb we do
if ($userIsLocked == 1) {
$return = "user_is_locked";
} elseif ($_SESSION['settings']['nb_bad_authentication'] == 0) {
$return = "false";
} else {
$return = $nbAttempts;
}
}
} else {
$return = "false";
}
if ($debugDuo == 1) {
fputs($dbgDuo, "\n\n----\n" . "Identified : " . $return . "\n");
}
echo '[{"value" : "' . $return . '", "user_admin":"', isset($_SESSION['user_admin']) ? $_SESSION['user_admin'] : "", '", "initial_url" : "' . @$_SESSION['initial_url'] . '",
"error" : "' . $logError . '"}]';
$_SESSION['initial_url'] = "";
if ($_SESSION['settings']['cpassman_dir'] == "..") {
$_SESSION['settings']['cpassman_dir'] = ".";
}
}
$findPfGroup = "";
$init_personal_folder = true;
}
}
// prepare new line
$sOutput .= '<li ondblclick="' . $action_dbl . '" class="item" id="' . $record['id'] . '" style="margin-left:-30px;"><a id="fileclass' . $record['id'] . '" class="file_search" onclick="' . $action . '"><i class="fa fa-key mi-yellow"></i> ' . substr(stripslashes($record['label']), 0, 65);
if (!empty($record['description']) && isset($_SESSION['settings']['show_description']) && $_SESSION['settings']['show_description'] == 1) {
$tempo = explode("<br />", $record['description']);
if (count($tempo) == 1) {
$sOutput .= ' <font size="2px">[' . strip_tags(stripslashes(substr(cleanString($record['description']), 0, 30))) . ']</font>';
} else {
$sOutput .= ' <font size="2px">[' . strip_tags(stripslashes(substr(cleanString($tempo[0]), 0, 30))) . ']</font>';
}
}
// set folder
$sOutput .= ' <span style="font-size:11px;font-style:italic;"><i class="fa fa-folder-o"></i> ' . strip_tags(stripslashes(substr(cleanString($record['folder']), 0, 30))) . '</span>';
$sOutput .= '<span style="float:right;margin:2px 10px 0px 0px;">';
// Prepare make Favorite small icon
$sOutput .= ' <span id="quick_icon_fav_' . $record['id'] . '" title="Manage Favorite" class="cursor tip">';
if (in_array($record['id'], $_SESSION['favourites'])) {
$sOutput .= '<i class="fa fa-star mi-yellow fa-lg" onclick="ActionOnQuickIcon(' . $record['id'] . ',0)" class="tip"></i> ';
} else {
$sOutput .= '<i class="fa fa-star-o fa-lg" onclick="ActionOnQuickIcon(' . $record['id'] . ',1)" class="tip"></i> ';
}
$sOutput .= "</span>";
$sOutput .= '</li>';
}
$returnValues = array("items_html" => $sOutput, "message" => str_replace("%X%", $iFilteredTotal, $LANG['find_message']));
echo prepareExchangedData($returnValues, "encode");
}
}
if ($dataReceived['field'] == "restricted_to_input" && $dataReceived['value'] == "0") {
DB::update(prefix_table("misc"), array('valeur' => 0), "type = %s AND intitule = %s", $type, 'restricted_to_roles');
}
}
/* else
if ($dataReceived['field'] == "use_md5_password_as_salt" && $dataReceived['value'] == "0") {
// in case this option is changed, we need to warn the users to adapt
$rows = DB::query(
"SELECT id FROM ".prefix_table("users")."
WHERE admin != %i",
"",
"1"
);
foreach ($rows as $record) {
DB::update(
prefix_table("users"),
array(
'upgrade_needed' => "1"
),
"id = %i"
);
}
}*/
// store in SESSION
$_SESSION['settings'][$dataReceived['field']] = $dataReceived['value'];
// save change in config file
handleConfigFile("update", $dataReceived['field'], $dataReceived['value']);
// Encrypt data to return
echo prepareExchangedData(array("error" => "", "misc" => $counter . " ; " . $_SESSION['settings'][$dataReceived['field']]), "encode");
break;
}
$pwgen = new SplClassLoader('Encryption\\PwGen', '../includes/libraries');
$pwgen->register();
$pwgen = new Encryption\PwGen\pwgen();
$pwgen->setLength($_POST['size']);
if (isset($_POST['secure']) && $_POST['secure'] == "true") {
$pwgen->setSecure(true);
$pwgen->setSymbols(true);
$pwgen->setCapitalize(true);
$pwgen->setNumerals(true);
} else {
$pwgen->setSecure($_POST['secure'] == "true" ? true : false);
$pwgen->setNumerals($_POST['numerals'] == "true" ? true : false);
$pwgen->setCapitalize($_POST['capitalize'] == "true" ? true : false);
$pwgen->setSymbols($_POST['symbols'] == "true" ? true : false);
}
echo prepareExchangedData(array("key" => $pwgen->generate(), "error" => ""), "encode");
break;
/**
* Check if user exists and send back if psk is set
*/
/**
* Check if user exists and send back if psk is set
*/
case "check_login_exists":
$data = DB::query("SELECT login, psk FROM " . prefix_table("users") . "\n WHERE login = %i", mysqli_escape_string($link, stripslashes($_POST['userId'])));
if (empty($data['login'])) {
$userOk = false;
} else {
$userOk = true;
}
if (isset($_SESSION['settings']['psk_authentication']) && $_SESSION['settings']['psk_authentication'] == 1 && !empty($data['psk'])) {
//Class loader
require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php';
// Connect to mysql server
require_once $_SESSION['settings']['cpassman_dir'] . '/includes/libraries/Database/Meekrodb/db.class.php';
DB::$host = $server;
DB::$user = $user;
DB::$password = $pass;
DB::$dbName = $database;
DB::$port = $port;
DB::$encoding = $encoding;
DB::$error_handler = 'db_error_handler';
$link = mysqli_connect($server, $user, $pass, $database, $port);
$link->set_charset($encoding);
// Check KEY and rights
if (!isset($_POST['key']) || $_POST['key'] != $_SESSION['key']) {
echo prepareExchangedData(array("error" => "ERR_KEY_NOT_CORRECT"), "encode");
break;
}
// Do asked action
if (isset($_POST['type'])) {
switch ($_POST['type']) {
/*
* CASE
* log if item's password is shown
*/
case "item_password_shown":
if (isset($_SESSION['settings']['log_accessed']) && $_SESSION['settings']['log_accessed'] == 1) {
DB::insert(prefix_table("log_items"), array('id_item' => $_POST['id_item'], 'date' => time(), 'id_user' => $_SESSION['user_id'], 'action' => 'at_password_shown'));
}
break;
/*
function meekrodb_error_handler($params)
{
/*if (isset($params['query'])) $out[] = "QUERY: " . $params['query'];
if (isset($params['error'])) $out[] = "ERROR: " . $params['error'];
$out[] = "";
if (php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR'])) {
echo implode("\n", $out);
} else {
echo implode("<br>\n", $out);
}
*/
echo prepareExchangedData('[{"error" : "' . $params['error'] . '"}]', "encode");
die;
}
// end
$html .= '
</tr>';
$x++;
}
}
// check if end
$next_start = intval($_POST['from']) + intval($_POST['nb']);
DB::query("SELECT * FROM " . prefix_table("users"));
if ($next_start > DB::count()) {
$end_is_reached = 1;
} else {
$end_is_reached = 0;
}
//echo $html;
echo prepareExchangedData(array("html" => $html, "error" => "", "from" => $next_start, "end_reached" => $end_is_reached), "encode");
break;
/**
* UPDATE CAN CREATE ROOT FOLDER RIGHT
*/
/**
* UPDATE CAN CREATE ROOT FOLDER RIGHT
*/
case "user_edit_login":
// Check KEY
if ($_POST['key'] != $_SESSION['key']) {
// error
exit;
}
DB::update(prefix_table("users"), array('login' => $_POST['login'], 'name' => $_POST['name'], 'lastname' => $_POST['lastname']), "id = %i", $_POST['id']);
break;
if ($_POST['key'] != $_SESSION['key']) {
echo '[{"error" : "something_wrong"}]';
break;
}
if (empty($_POST['currentId'])) {
echo '[{"error" : "No ID provided"}]';
break;
}
if (empty($_SESSION['my_sk'])) {
echo '[{"error" : "No personnal saltkey provided"}]';
break;
}
if (isset($_POST['data_to_share'])) {
// ON DEMAND
//decrypt and retreive data in JSON format
$dataReceived = prepareExchangedData(str_replace("'", '"', $_POST['data_to_share']), "decode");
//Prepare variables
$personal_sk = htmlspecialchars_decode($dataReceived['sk']);
$oldPersonalSaltkey = htmlspecialchars_decode($dataReceived['old_sk']);
if (empty($oldPersonalSaltkey)) {
$oldPersonalSaltkey = $_SESSION['my_sk'];
}
if (empty($personal_sk)) {
echo '[{"error" : "No personal saltkey provided"}]';
break;
}
// get data about pw
$data = DB::queryfirstrow("SELECT id, pw, pw_iv\n FROM " . prefix_table("items") . "\n WHERE id = %i", $_POST['currentId']);
// check if current encryption protocol #3
if (!empty($data['pw_iv']) && !empty($data['pw'])) {
// decrypt it
$ret_server = $ssh->exec('echo -e "' . $dataReceived['new_pwd'] . '\\n' . $dataReceived['new_pwd'] . '" | passwd ' . $dataItem['login']);
if (strpos($ret_server, "updated successfully") !== false) {
$err = false;
} else {
$err = true;
}
$ret .= $ret_server . "</div>";
}
}
if ($err == false) {
// store new password
DB::update(prefix_table("items"), array('pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv']), "id = %i", $dataReceived['currentId']);
// update log
logItems($dataReceived['currentId'], $dataItem['label'], $_SESSION['user_id'], 'at_modification', $_SESSION['login'], 'at_pw :' . $oldPw, $oldPwIV);
$ret .= "<br />" . $LANG['ssh_action_performed'];
} else {
$ret .= "<br /><i class='fa fa-warning'></i> " . $LANG['ssh_action_performed_with_error'] . "<br />";
}
// finished
echo prepareExchangedData(array("error" => "", "text" => str_replace(array("\n"), array("<br />"), $ret)), "encode");
break;
case "server_auto_update_password_frequency":
if ($_POST['key'] != $_SESSION['key'] || !isset($_POST['id']) || !isset($_POST['freq'])) {
echo '[{"error" : "something_wrong"}]';
break;
}
// store new frequency
DB::update(prefix_table("items"), array('auto_update_pwd_frequency' => $_POST['freq'], 'auto_update_pwd_next_date' => time() + 2592000 * intval($_POST['freq'])), "id = %i", $_POST['id']);
echo '[{"error" : ""}]';
break;
}
$reason[1] = "";
}
}
// imported via API
if ($record['login'] == "") {
$record['login'] = $LANG['imported_via_api'];
}
if (!empty($reason[1]) || $record['action'] == "at_copy" || $record['action'] == "at_creation" || $record['action'] == "at_manual" || $record['action'] == "at_modification" || $record['action'] == "at_delete" || $record['action'] == "at_restored") {
$avatar = isset($record['avatar_thumb']) && !empty($record['avatar_thumb']) ? $_SESSION['settings']['cpassman_url'] . '/includes/avatars/' . $record['avatar_thumb'] : $_SESSION['settings']['cpassman_url'] . '/includes/images/photo.jpg';
$history .= '<tr style="">' . '<td rowspan="2" style="width:40px;"><img src="' . $avatar . '" style="border-radius:20px; height:35px;"></td>' . '<td colspan="2" style="font-size:11px;"><i>' . $LANG['by'] . ' ' . $record['login'] . ' ' . $LANG['at'] . ' ' . date($_SESSION['settings']['date_format'] . ' ' . $_SESSION['settings']['time_format'], $record['date']) . '</i></td></tr>' . '<tr style="border-bottom:3px solid #C9C9C9;"><td style="width:100px;"><b>' . $LANG[$record['action']] . '</b></td>' . '<td style="">' . (!empty($record['raison']) ? count($reason) > 1 ? $LANG[trim($reason[0])] . ' : ' . handleBackslash($reason[1]) : ($record['action'] == "at_manual" ? $reason[0] : $LANG[trim($reason[0])]) : '') . '</td>' . '</tr>' . '<tr></tr>';
}
}
$history .= "</table>";
$data = array('error' => "", 'new_html' => $history);
// send data
echo prepareExchangedData($data, "encode");
break;
}
}
// Build the QUERY in case of GET
if (isset($_GET['type'])) {
switch ($_GET['type']) {
/*
* CASE
* Autocomplet for TAGS
*/
case "autocomplete_tags":
// Get a list off all existing TAGS
$listOfTags = "";
$rows = DB::query("SELECT tag FROM " . prefix_table("tags") . " WHERE tag LIKE %ss GROUP BY tag", $_GET['term']);
foreach ($rows as $record) {
