* * fDomain * fDisplay * search */ require_once 'common.php'; authentication_require_role('admin'); $admin_username = authentication_get_username(); $list_domains = list_domains_for_admin($admin_username); $page_size = $CONF['page_size']; $fDomain = safepost('fDomain', safeget('domain', safesession('list-virtual:domain'))); if (safesession('list-virtual:domain') != $fDomain) { unset($_SESSION['list-virtual:limit']); } $fDisplay = (int) safepost('limit', safeget('limit', safesession('list-virtual:limit'))); $search = safepost('search', safeget('search', array())); # not remembered in the session if (!is_array($search)) { die(Config::Lang('invalid_parameter')); } if (count($list_domains) == 0) { if (authentication_has_role('global-admin')) { flash_error($PALANG['no_domains_exist']); } else { flash_error($PALANG['no_domains_for_this_admin']); } header("Location: list.php?table=domain"); # no domains (for this admin at least) - redirect to domain list exit; } if (is_array($list_domains) and sizeof($list_domains) > 0) {
/** * Build a new team. * @ajaxreturn 'inteam' this user has already been in a team. * @ajaxreturn 'invited' this user has already been invited. * @ajaxreturn 'success' successfully build a new team. */ public function new_team_() { eval(USER); $id = session('userid'); if (DBModel::inTeam($id) || DBModel::beingInvited($id)) { $this->error(Error('inteam'), lastpage()); } else { $data['leader'] = $id; $data['id'] = $this->generateTeamId(); #$data['id'] = 'T13071000'; $data['name'] = xassert(safepost('name'), Error('post')); $data['university'] = xassert(safepost('university'), Error('post')); $data['teacher'] = xassert(safepost('teacher'), Error('post')); $root = C('ROOT'); if (isset($_FILES["picture"])) { $upload = uploadImage(); if (!is_string($upload)) { $data['picture'] = $root . $upload[0]["savepath"] . $upload[0]["savename"]; } if ($data["picture"] == $root) { unset($data["picture"]); } } DBModel::insertDB('cernet_team', $data); $dat['user_id'] = $id; $dat['team_id'] = $data['id']; $dat['statecode'] = 1; DBModel::insertDB('cernet_teammate', $dat); $am = new AdminModel(); $am->setTeamState($data['id'], 3); $this->success(Success('newteam'), '__ROOT__/User/currentstage'); } }
$smarty->assign('forward_only', ''); } else { $smarty->assign('forward_and_store', ''); $smarty->assign('forward_only', ' checked="checked"'); } $smarty->assign('tGotoArray', $tGotoArray); $smarty->display('index.tpl'); } if ($_SERVER['REQUEST_METHOD'] == "POST") { // user clicked on cancel button if (isset($_POST['fCancel'])) { header("Location: main.php"); exit(0); } $fGoto = trim(safepost('fGoto')); $fForward_and_store = safepost('fForward_and_store'); # TODO: use edit.php (or create a edit_user.php) # TODO: this will obsolete lots of the code below (parsing $goto and the error checks) $goto = strtolower($fGoto); $goto = preg_replace('/\\\\r\\\\n/', ',', $goto); $goto = preg_replace('/\\r\\n/', ',', $goto); $goto = preg_replace('/,[\\s]+/i', ',', $goto); $goto = preg_replace('/[\\s]+,/i', ',', $goto); $goto = preg_replace('/\\,*$/', '', $goto); $goto = explode(",", $goto); $error = 0; $goto = array_merge(array_unique($goto)); $good_goto = array(); if ($fForward_and_store != 1 && sizeof($goto) == 1 && $goto[0] == '') { flash_error($PALANG['pEdit_alias_goto_text_error1']); $error += 1;
* Template File: admin_list-domain.php * * Template Variables: * * -none- * * Form POST \ GET Variables: * * fUsername */ require_once 'common.php'; authentication_require_role('admin'); if (authentication_has_role('global-admin')) { $list_admins = list_admins(); $is_superadmin = 1; $fUsername = safepost('fUsername', safeget('username')); # prefer POST over GET variable if ($fUsername != "") { $admin_properties = get_admin_properties($fUsername); } } else { $list_admins = array(authentication_get_username()); $is_superadmin = 0; $fUsername = ""; } if (isset($admin_properties) && $admin_properties['domain_count'] == 'ALL') { # list all domains for superadmins $list_domains = list_domains(); } elseif (!empty($fUsername)) { $list_domains = list_domains_for_admin($fUsername); } elseif ($is_superadmin) {
* tBody * * Form POST \ GET Variables: * * fTo * fSubject * fBody */ require_once 'common.php'; authentication_require_role('admin'); $CONF['sendmail'] == 'NO' ? header("Location: main.php") && exit : '1'; $smtp_from_email = smtp_get_admin_email(); if ($_SERVER['REQUEST_METHOD'] == "POST") { $fTo = safepost('fTo'); $fFrom = $smtp_from_email; $fSubject = safepost('fSubject'); $tBody = $_POST['fBody']; if (get_magic_quotes_gpc()) { $tBody = stripslashes($tBody); # TODO: check for get_magic_quotes_gpc inside safepost/safeget } $email_check = check_email($fTo); if (empty($fTo) or $email_check != '') { $error = 1; $tTo = escape_string($_POST['fTo']); $tSubject = escape_string($_POST['fSubject']); flash_error($PALANG['pSendmail_to_text_error']); # TODO: superfluous? flash_error($email_check); } if ($error != 1) {
} elseif (safepost("form") == "createadmin") { # "create admin" form submitted list($pw_check_error, $pw_check_result) = check_setup_password(safepost('setup_password')); if ($pw_check_result != 'pass_OK') { $error += 1; $setupMessage = $pw_check_result; } if ($error == 0 && $pw_check_result == 'pass_OK') { // XXX need to ensure domains table includes an 'ALL' entry. $table_domain = table_by_key('domain'); $r = db_query("SELECT * FROM {$table_domain} WHERE domain = 'ALL'"); if ($r['rows'] == 0) { db_insert('domain', array('domain' => 'ALL', 'description' => '', 'transport' => '')); // all other fields should default through the schema. } $values = array('username' => safepost('username'), 'password' => safepost('password'), 'password2' => safepost('password2'), 'superadmin' => 1, 'domains' => array(), 'active' => 1); list($error, $setupMessage, $errormsg) = create_admin($values); if ($error != 0) { $tUsername = htmlentities($values['username']); } else { $setupMessage .= "<p>You are done with your basic setup. "; $setupMessage .= "<p><b>You can now <a href='login.php'>login to PostfixAdmin</a> using the account you just created.</b>"; } } } if ($setuppw == "" || $setuppw == "changeme" || safeget("lostpw") == 1 || $lostpw_error != 0) { # show "create setup password" form ?> <div class="standout"><?php print $setupMessage;
$form_fields = $handler->getStruct(); # refresh $form_fields - a prefill field might have changed something } else { # edit mode - read values from database if (!$handler->view()) { flash_error($handler->errormsg); header("Location: " . $formconf['listview']); exit; } else { $values = $handler->result; $values[$id_field] = $edit; } } } if ($_SERVER['REQUEST_METHOD'] == "POST") { $inp_values = safepost('value', array()); foreach ($form_fields as $key => $field) { if ($field['editable'] && $field['display_in_form']) { if (!isset($inp_values[$key])) { $inp_values[$key] = ''; # newer PHP versions don't include empty fields in $_POST (noticed with PHP 5.6.6) } if ($field['type'] == 'bool' && $inp_values[$key] == '') { $values[$key] = 0; # isset() for unchecked checkboxes is always false } elseif ($field['type'] == 'txtl') { $values[$key] = $inp_values[$key]; $values[$key] = preg_replace('/\\\\r\\\\n/', ',', $values[$key]); $values[$key] = preg_replace('/\\r\\n/', ',', $values[$key]); $values[$key] = preg_replace('/,[\\s]+/i', ',', $values[$key]); $values[$key] = preg_replace('/[\\s]+,/i', ',', $values[$key]);
* Form POST \ GET Variables: * * fTo * fSubject * fBody */ require_once 'common.php'; authentication_require_role('admin'); $CONF['sendmail'] == 'NO' ? header("Location: " . $CONF['postfix_admin_url'] . "/main.php") && exit : '1'; $SESSID_USERNAME = authentication_get_username(); if ($_SERVER['REQUEST_METHOD'] == "POST") { $fTo = safepost('fTo'); $fFrom = $SESSID_USERNAME; $fHeaders = "To: " . $fTo . "\n"; $fHeaders .= "From: " . $fFrom . "\n"; $fHeaders .= "Subject: " . encode_header(safepost('fSubject')) . "\n"; $fHeaders .= "MIME-Version: 1.0\n"; $fHeaders .= "Content-Type: text/plain; charset=utf-8\n"; $fHeaders .= "Content-Transfer-Encoding: 8bit\n"; $fHeaders .= escape_string($_POST['fBody']); if (empty($fTo) or !check_email($fTo)) { $error = 1; $tTo = escape_string($_POST['fTo']); $tSubject = escape_string($_POST['fSubject']); $tBody = escape_string($_POST['fBody']); $tMessage = $PALANG['pSendmail_to_text_error']; } if ($error != 1) { if (!smtp_mail($fTo, $fFrom, $fHeaders)) { $tMessage .= $PALANG['pSendmail_result_error']; } else {
$tUseremail = $fUsername; $tDomain = $fDomain; if ($tSubject == '') { $tSubject = html_entity_decode($PALANG['pUsersVacation_subject_text'], ENT_QUOTES, 'UTF-8'); } if ($tBody == '') { $tBody = html_entity_decode($PALANG['pUsersVacation_body_text'], ENT_QUOTES, 'UTF-8'); } } if ($_SERVER['REQUEST_METHOD'] == "POST") { $tSubject = safepost('fSubject'); $fSubject = escape_string($tSubject); $tBody = safepost('fBody'); $fBody = escape_string($tBody); $fChange = escape_string(safepost('fChange')); $fBack = escape_string(safepost('fBack')); if (authentication_has_role('admin') && isset($_GET['domain'])) { $fDomain = escape_string($_GET['domain']); } else { $fDomain = $USERID_DOMAIN; } if (authentication_has_role('admin') && isset($_GET['username'])) { $fUsername = escape_string($_GET['username']); } else { $fUsername = authentication_get_username(); } $tUseremail = $fUsername; if ($tSubject == '') { $tSubject = html_entity_decode($PALANG['pUsersVacation_subject_text'], ENT_QUOTES, 'UTF-8'); } if ($tBody == '') {
function check_language($use_post = 1) { global $CONF; global $supported_languages; # from languages/languages.php $lang = $CONF['default_language']; if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $lang_array = preg_split('/(\\s*,\\s*)/', $_SERVER['HTTP_ACCEPT_LANGUAGE']); if (safecookie('lang')) { array_unshift($lang_array, safecookie('lang')); # prefer language from cookie } if ($use_post && safepost('lang')) { array_unshift($lang_array, safepost('lang')); # but prefer $_POST['lang'] even more } for ($i = 0; $i < count($lang_array); $i++) { $lang_next = $lang_array[$i]; $lang_next = strtolower(trim($lang_next)); if (array_key_exists($lang_next, $supported_languages)) { $lang = $lang_next; break; } } } return $lang; }
<?php require "./navigation.php"; $cid = safeget('cid'); $contest = new ContestsTbl($cid); $contest->Get() or error("No such contest"); if (isset($_POST['pwd'])) { $pwd = safepost('pwd'); if ($contest->detail['authtype'] != 'password') { error("No password is needed"); } if ($contest->detail['pwd'] == $pwd) { $_SESSION["access{$cid}"] = 1; MsgAndRedirect("contest_detail.php?cid={$cid}"); } else { $error_msg = "Password Incorrect"; } } if (isset($_SESSION["access{$cid}"]) && $_SESSION["access{$cid}"] == 1 || $contest->detail['authtype'] != 'password') { // already auth MsgAndRedirect("contest_detail.php?cid={$cid}"); } ?> <div class="background_container"> <div class="ui-corner-all ui-widget-content"> <table width="900" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="300" height="100" bgcolor="#F0F0F0"><img src="images/register_01.jpg" width="300" height="100"></td>
require_once 'common.php'; # if (safeget('token') != $_SESSION['PFA_token']) die('Invalid token!'); $username = authentication_get_username(); # enforce login $table = safeget('table'); $handlerclass = ucfirst($table) . 'Handler'; if (!preg_match('/^[a-z]+$/', $table) || !file_exists("model/{$handlerclass}.php")) { # validate $table die("Invalid table name given!"); } # default: domain admin restrictions $is_superadmin = 0; if (authentication_has_role('global-admin')) { # more permissions? Fine! $is_superadmin = 1; $username = safepost('username', safeget('username', $username)); # prefer POST over GET variable } $is_admin = authentication_has_role('admin'); $handler = new $handlerclass(0, $username, $is_admin); $formconf = $handler->webformConfig(); $list_admins = array($username); if ($is_superadmin && $formconf['required_role'] != 'global-admin') { # 'simulate admin' dropdown doesn't make sense for superadmin-only modules $list_admins = array_keys(list_admins()); } if ($is_admin) { authentication_require_role($formconf['required_role']); } else { if (empty($formconf['user_hardcoded_field'])) { die($handlerclass . ' is not available for users');
# delete an entry $result = db_query("delete from fetchmail WHERE id=" . $delete); if ($result['rows'] != 1) { flash_error($PALANG['pDelete_delete_error']) . '</span>'; } else { flash_info(sprintf($PALANG['pDelete_delete_success'], $account)); } $delete = 0; } elseif (($edit || $new) && $save) { # $edit or $new AND save button pressed $formvars = array(); foreach ($fm_struct as $key => $row) { list($editible, $view, $type) = $row; if ($editible != 0) { $func = "_inp_" . $type; $val = safepost($key); if ($type != "password" || strlen($val) > 0) { # skip on empty (aka unchanged) password $formvars[$key] = escape_string(function_exists($func) ? $func($val) : $val); } } } $formvars['id'] = $edit; # results in 0 on $new if ($CONF['database_type'] == 'pgsql' && $new) { // skip - shouldn't need to specify this as it will default to the next available value anyway. unset($formvars['id']); } if (!in_array($formvars['mailbox'], $fm_defaults['mailbox'])) { flash_error($PALANG['pFetchmail_invalid_mailbox']); $save = 0;
* Form POST \ GET Variables: * * fUsername * fPassword * lang */ require_once "../common.php"; if ($_SERVER['REQUEST_METHOD'] == "GET") { include "../templates/header.php"; include "../templates/users_login.php"; include "../templates/footer.php"; } if ($_SERVER['REQUEST_METHOD'] == "POST") { $fUsername = escape_string($_POST['fUsername']); $fPassword = escape_string($_POST['fPassword']); $lang = safepost('lang'); if ($lang != check_language(0)) { # only set cookie if language selection was changed setcookie('lang', $lang, time() + 60 * 60 * 24 * 30); # language cookie, lifetime 30 days # (language preference cookie is processed even if username and/or password are invalid) } $active = db_get_boolean(True); $query = "SELECT password FROM {$table_mailbox} WHERE username='******' AND active={$active}"; $result = db_query($query); if ($result['rows'] == 1) { $row = db_array($result['result']); $password = pacrypt($fPassword, $row['password']); $query = "SELECT * FROM {$table_mailbox} WHERE username='******' AND password='******' AND active={$active}"; $result = db_query($query); if ($result['rows'] != 1) {
/** * Password find back handle function. * Usertype: Student */ public function nopassword_() { try { require 'powerdream/Common/Mail.class.php'; $cond['email'] = xassert(safepost('email'), Error('post')); $random = rand(0, 100) . ' This is a salt.'; $pwd = substr(encrypt($random), 0, 8); $data['password'] = encrypt($pwd); if (!DBModel::existUser('cernet_user', $cond)) { $this->error(Error('email'), lastpage()); } else { DBModel::updateDB('cernet_user', $cond, $data); $user = DBModel::selectDB('cernet_user', $cond); $user = $user[0]; $mailto = $cond['email']; $replace['[#password]'] = $pwd; $replace['[#username]'] = $user['username']; $content = Mail::contentTemplate('nopassword'); Mail::autosend($mailto, $content, $replace); $this->success(Success('nopassword'), '__ROOT__'); } } catch (Exception $e) { bassert($this, false, $e->getMessage()); } }
* * tUsername * * Form POST \ GET Variables: * * fUsername * fPassword * lang */ $rel_path = '../'; define('POSTFIXADMIN_LOGOUT', 1); require_once "../common.php"; if ($_SERVER['REQUEST_METHOD'] == "POST") { $lang = safepost('lang'); $fUsername = trim(safepost('fUsername')); $fPassword = safepost('fPassword'); if ($lang != check_language(0)) { # only set cookie if language selection was changed setcookie('lang', $lang, time() + 60 * 60 * 24 * 30); # language cookie, lifetime 30 days # (language preference cookie is processed even if username and/or password are invalid) } $h = new MailboxHandler(); if ($h->login($fUsername, $fPassword)) { session_regenerate_id(); $_SESSION['sessid'] = array(); $_SESSION['sessid']['roles'] = array(); $_SESSION['sessid']['roles'][] = 'user'; $_SESSION['sessid']['username'] = $fUsername; $_SESSION['PFA_token'] = md5(uniqid(rand(), true)); header("Location: main.php");
public function meta_quiz_() { eval(ADMIN); try { $data["stat_total_once"] = xassert(safepost("stat_total_once"), Error("post")); $data["stat_pass"] = xassert(safepost("stat_pass"), Error("post")); DBModel::updateDB("cernet_quiz_meta", array("id" => 1), $data); goback(); } catch (Exception $e) { #$this->error(Error("upload"), $e->getMessage()); throw_exception($e->getMessage()); } }