* @link http://www.phpmyfaq.de * @since 2012-07-07 */ use Symfony\Component\HttpFoundation\JsonResponse; if (!defined('IS_VALID_PHPMYFAQ')) { $protocol = 'http'; if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') { $protocol = 'https'; } header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $response = new JsonResponse(); $do = PMF_Filter::filterInput(INPUT_GET, 'do', FILTER_SANITIZE_STRING); if ('insertentry' === $do && ($user->perm->checkRight($user->getUserId(), 'editbt') || $user->perm->checkRight($user->getUserId(), 'addbt')) || 'saveentry' === $do && $user->perm->checkRight($user->getUserId(), 'editbt')) { $user = PMF_User_CurrentUser::getFromSession($faqConfig); $dateStart = PMF_Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING); $dateEnd = PMF_Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING); $question = PMF_Filter::filterInput(INPUT_POST, 'question', FILTER_SANITIZE_STRING); $categories = PMF_Filter::filterInputArray(INPUT_POST, array('rubrik' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY))); $record_lang = PMF_Filter::filterInput(INPUT_POST, 'lang', FILTER_SANITIZE_STRING); $tags = PMF_Filter::filterInput(INPUT_POST, 'tags', FILTER_SANITIZE_STRING); $active = PMF_Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING); $sticky = PMF_Filter::filterInput(INPUT_POST, 'sticky', FILTER_SANITIZE_STRING); $content = PMF_Filter::filterInput(INPUT_POST, 'answer', FILTER_SANITIZE_SPECIAL_CHARS); $keywords = PMF_Filter::filterInput(INPUT_POST, 'keywords', FILTER_SANITIZE_STRING); $author = PMF_Filter::filterInput(INPUT_POST, 'author', FILTER_SANITIZE_STRING); $email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); $comment = PMF_Filter::filterInput(INPUT_POST, 'comment', FILTER_SANITIZE_STRING); $record_id = PMF_Filter::filterInput(INPUT_POST, 'record_id', FILTER_VALIDATE_INT); $solution_id = PMF_Filter::filterInput(INPUT_POST, 'solution_id', FILTER_VALIDATE_INT);
$groupAction = $defaultGroupAction; $message = sprintf('<p class="alert alert-success">%s</p>', $PMF_LANG['ad_group_suc']); // display error messages and show form again } else { $groupAction = 'add'; $message = '<p class="alert alert-error">'; foreach ($messages as $err) { $message .= $err . '<br />'; } $message .= '</p>'; } } if (!isset($message)) { $message = ''; } // show new group form if ($groupAction == 'add' && $user->perm->checkRight($user->getUserId(), 'addgroup')) { $user = new PMF_User_CurrentUser($faqConfig); $twig->loadTemplate('group/add.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'descriptionCols' => $descriptionCols, 'descriptionRows' => $descriptionRows, 'groupAutoJoin' => !empty($group_auto_join), 'groupDescription' => isset($group_description) ? $group_description : '', 'groupName' => isset($group_name) ? $group_name : '', 'message' => $message)); } // end if ($groupAction == 'add') // show list of users if ($groupAction == 'list') { $rightsData = $user->perm->getAllRightsData(); foreach ($rightsData as $key => $right) { if (isset($PMF_LANG['rightsLanguage'][$right['name']])) { $rightsData[$key]['description'] = $PMF_LANG['rightsLanguage'][$right['name']]; } } $twig->loadTemplate('group/list.twig')->display(array('PMF_LANG' => $PMF_LANG, 'descriptionCols' => $descriptionCols, 'descriptionRows' => $descriptionRows, 'groupAutoJoin' => !empty($group_auto_join), 'groupDescription' => isset($group_description) ? $group_description : '', 'groupName' => isset($group_name) ? $group_name : '', 'groupSelectSize' => $groupSelectSize, 'memberSelectSize' => $memberSelectSize, 'message' => $message, 'rightsData' => $rightsData)); }
/** * This static method returns a valid CurrentUser object if there is one * in the cookie that is not timed out. The session-ID is updated then. * The CurrentUser will be removed from the session, if it is * timed out. If there is no valid CurrentUser in the cookie or the * cookie is timed out, null will be returned. If the cookie is correct, * but there is no user found in the user table, false will be returned. * On success, a valid CurrentUser object is returned * * @static * * @param PMF_Configuration $config * * @return null|PMF_User_CurrentUser */ public static function getFromCookie(PMF_Configuration $config) { if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) { return null; } // create a new CurrentUser object $user = new PMF_User_CurrentUser($config); $user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]); if (-1 === $user->getUserId()) { return null; } // sessionId needs to be updated $user->updateSessionId(true); // user is now logged in $user->_loggedIn = true; // save current user to session and return the instance $user->saveToSession(); // add CSRF token to session $user->saveCrsfTokenToSession(); return $user; }
/** * This static method returns a valid CurrentUser object if there is one * in the cookie that is not timed out. The session-ID is updated if * necessary. The CurrentUser will be removed from the session, if it is * timed out. If there is no valid CurrentUser in the cookie or the * cookie is timed out, null will be returned. If the cookie is correct, * but there is no user found in the user table, false will be returned. * On success, a valid CurrentUser object is returned * * @static * @param PMF_Configuration $config * * @return null|PMF_User_CurrentUser */ public static function getFromCookie(PMF_Configuration $config) { if (!isset($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME])) { return null; } // create a new CurrentUser object $user = new PMF_User_CurrentUser($config); $user->getUserByCookie($_COOKIE[PMF_Session::PMF_COOKIE_NAME_REMEMBERME]); if (-1 === $user->getUserId()) { return null; } // sessionId and cookie information needs to be updated if ($user->sessionIdIsTimedOut()) { $user->updateSessionId(); $user->setRememberMe(sha1(session_id())); } // user is now logged in $user->_loggedIn = true; // save current user to session and return the instance $user->saveToSession(); return $user; }
* The contents of this file are subject to the Mozilla Public License * Version 1.1 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the * License for the specific language governing rights and limitations * under the License. */ if (!defined('IS_VALID_PHPMYFAQ_ADMIN')) { header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } // Re-evaluate $user $user = PMF_User_CurrentUser::getFromSession($faqconfig->get('main.ipCheck')); $category = new PMF_Category($current_admin_user, $current_admin_groups, false); if ($permission['editbt']) { // Get submit action $submit = PMF_Filter::filterInputArray(INPUT_POST, array('submit' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY))); // FAQ data $dateStart = PMF_Filter::filterInput(INPUT_POST, 'dateStart', FILTER_SANITIZE_STRING); $dateEnd = PMF_Filter::filterInput(INPUT_POST, 'dateEnd', FILTER_SANITIZE_STRING); $question = PMF_Filter::filterInput(INPUT_POST, 'thema', FILTER_SANITIZE_STRING); $categories = PMF_Filter::filterInputArray(INPUT_POST, array('rubrik' => array('filter' => FILTER_VALIDATE_INT, 'flags' => FILTER_REQUIRE_ARRAY))); $record_lang = PMF_Filter::filterInput(INPUT_POST, 'language', FILTER_SANITIZE_STRING); $tags = PMF_Filter::filterInput(INPUT_POST, 'tags', FILTER_SANITIZE_STRING); $active = 'yes' == PMF_Filter::filterInput(INPUT_POST, 'active', FILTER_SANITIZE_STRING) && $permission['approverec'] ? 'yes' : 'no'; $sticky = PMF_Filter::filterInput(INPUT_POST, 'sticky', FILTER_SANITIZE_STRING); $content = PMF_Filter::filterInput(INPUT_POST, 'content', FILTER_SANITIZE_SPECIAL_CHARS); $keywords = PMF_Filter::filterInput(INPUT_POST, 'keywords', FILTER_SANITIZE_STRING);
/** * This static method returns a valid CurrentUser object if * there is one in the session that is not timed out. * If the the optional parameter ip_check is true, the current * user must have the same ip which is stored in the user table * The session-ID is updated if necessary. The CurrentUser * will be removed from the session, if it is timed out. If * there is no valid CurrentUser in the session or the session * is timed out, null will be returned. If the session data is * correct, but there is no user found in the user table, false * will be returned. On success, a valid CurrentUser object is * returned. * * @param boolean $ip_check Check th IP address * @return mixed */ public static function getFromSession($ip_check = false) { // there is no valid user object in session if (!isset($_SESSION[PMF_SESSION_CURRENT_USER]) || !isset($_SESSION[PMF_SESSION_ID_TIMESTAMP])) { return null; } // create a new CurrentUser object $user = new PMF_User_CurrentUser(); $user->getUserById($_SESSION[PMF_SESSION_CURRENT_USER]); // user object is timed out if ($user->sessionIsTimedOut()) { $user->deleteFromSession(); return null; } // session-id not found in user table $session_info = $user->getSessionInfo(); $session_id = isset($session_info['session_id']) ? $session_info['session_id'] : ''; if ($session_id == '' || $session_id != session_id()) { return false; } // check ip if ($ip_check and $session_info['ip'] != $_SERVER['REMOTE_ADDR']) { return false; } // session-id needs to be updated if ($user->sessionIdIsTimedOut()) { $user->updateSessionId(); } // user is now logged in $user->logged_in = true; // save current user to session and return the instance $user->saveToSession(); return $user; }
// error $logging = new PMF_Logging($faqConfig); $logging->logAdmin($user, 'Loginerror\\nLogin: '******'\\nErrors: ' . implode(', ', $user->errors)); $error = $PMF_LANG['ad_auth_fail']; } } else { // Try to authenticate with cookie information $user = PMF_User_CurrentUser::getFromCookie($faqConfig); // authenticate with session information if (!$user instanceof PMF_User_CurrentUser) { $user = PMF_User_CurrentUser::getFromSession($faqConfig); } if ($user instanceof PMF_User_CurrentUser) { $auth = true; } else { $user = new PMF_User_CurrentUser($faqConfig); } } // logout if ($action == 'logout' && $auth) { $user->deleteFromSession(true); $auth = null; $ssoLogout = $faqConfig->get('security.ssoLogoutRedirect'); if ($faqConfig->get('security.ssoSupport') && !empty($ssoLogout)) { header("Location: {$ssoLogout}"); } } // // Get current admin user and group id - default: -1 // if (isset($user) && is_object($user)) {
* @link http://www.phpmyfaq.de * @since 2009-06-23 */ if (!defined('IS_VALID_PHPMYFAQ')) { header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } set_time_limit(0); if (headers_sent()) { die; } $attachmentErrors = array(); // authenticate with session information $user = PMF_User_CurrentUser::getFromSession($faqconfig->get('security.ipCheck')); if (!$user instanceof PMF_User_CurrentUser) { $user = new PMF_User_CurrentUser(); // user not logged in -> empty user object } $id = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT); $attachment = PMF_Attachment_Factory::create($id); $userPermission = $faq->getPermission('user', $attachment->getRecordId()); $groupPermission = $faq->getPermission('group', $attachment->getRecordId()); // Check on group permissions if ($user->perm instanceof PMF_Perm_PermMedium) { if (count($groupPermission) && in_array($groupPermission[0], $user->perm->getUserGroups($user->getUserId()))) { $groupPermission = true; } else { $groupPermission = false; } } else { $groupPermission = true;
// error $error = $PMF_LANG['ad_auth_fail']; $loginVisibility = ''; $action = 'password' === $action ? 'password' : 'login'; } } else { // Try to authenticate with cookie information $user = PMF_User_CurrentUser::getFromCookie($faqConfig); // authenticate with session information if (!$user instanceof PMF_User_CurrentUser) { $user = PMF_User_CurrentUser::getFromSession($faqConfig); } if ($user instanceof PMF_User_CurrentUser) { $auth = true; } else { $user = new PMF_User_CurrentUser($faqConfig); } } // // Logout // if ('logout' === $action && isset($auth)) { $user->deleteFromSession(true); $auth = null; $action = 'main'; $ssoLogout = $faqConfig->get('security.ssoLogoutRedirect'); if ($faqConfig->get('security.ssoSupport') && !empty($ssoLogout)) { $location = $ssoLogout; } else { $location = $faqConfig->get('main.referenceURL'); }
} else { $LANGCODE = 'en'; } // // Initalizing static string wrapper // PMF_String::init($LANGCODE); /* header of the admin page */ require 'header.php'; $action = PMF_Filter::filterInput(INPUT_GET, 'action', FILTER_SANITIZE_STRING); $message = ''; if ($action == "sendmail") { $username = PMF_Filter::filterInput(INPUT_POST, 'username', FILTER_SANITIZE_STRING); $email = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); if (!is_null($username) && !is_null($email)) { $user = new PMF_User_CurrentUser(); $loginExist = $user->getUserByLogin($username); if ($loginExist && $email == $user->getUserData('email')) { $consonants = array('b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'p', 'r', 's', 't', 'v', 'w', 'x', 'y', 'z'); $vowels = array('a', 'e', 'i', 'o', 'u'); $newPassword = ''; srand((double) microtime() * 1000000); for ($i = 1; $i <= 4; $i++) { $newPassword .= $consonants[rand(0, 19)]; $newPassword .= $vowels[rand(0, 4)]; } $user->changePassword($newPassword); $text = $PMF_LANG['lostpwd_text_1'] . "\nUsername: "******"\nNew Password: "******"\n\n" . $PMF_LANG["lostpwd_text_2"]; $mail = new PMF_Mail(); $mail->addTo($email); $mail->subject = '[%sitename%] Username / password request';
$LANGCODE = $Language->setLanguage($faqconfig->get('main.languageDetection'), $faqconfig->get('main.language')); // Preload English strings require_once PMF_ROOT_DIR . '/lang/language_en.php'; if (isset($LANGCODE) && PMF_Language::isASupportedLanguage($LANGCODE)) { // Overwrite English strings with the ones we have in the current language require_once PMF_ROOT_DIR . '/lang/language_' . $LANGCODE . '.php'; } else { $LANGCODE = 'en'; } if ($faqconfig->get('security.enableLoginOnly')) { if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="phpMyFAQ RSS Feeds"'); header('HTTP/1.0 401 Unauthorized'); exit; } else { $user = new PMF_User_CurrentUser(); if ($user->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { if ($user->getStatus() != 'blocked') { $auth = true; } else { $user = null; } } else { $user = null; } } } // // Get current user and group id - default: -1 // if (isset($user) && !is_null($user) && $user instanceof PMF_User_CurrentUser) {
$mail->message = sprintf("\nName: %s\nLogin name: %s\nNew password: %s\n\n", $userData['display_name'], $user->getLogin(), $newPassword); $result = $mail->send(); unset($mail); } if (!$user->userdata->set(array_keys($userData), array_values($userData)) or !$user->setStatus($userStatus)) { $message .= sprintf('<p class="alert alert-danger">%s</p>', $PMF_LANG['ad_msg_mysqlerr']); } else { $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF_LANG['ad_msg_savedsuc_1'], $user->getLogin(), $PMF_LANG['ad_msg_savedsuc_2']); $message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>'; } } } // delete user confirmation if ($userAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'deluser')) { $message = ''; $user = new PMF_User_CurrentUser($faqConfig); $userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0); if ($userId == 0) { $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']); $userAction = $defaultUserAction; } else { $user->getUserById($userId); // account is protected if ($user->getStatus() == 'protected' || $userId == 1) { $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']); $userAction = $defaultUserAction; } else { $twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin())); } } }
$mail->message = sprintf("\nUsername: %s\nLoginname: %s\nNew Password: %s\n\n", $userData['display_name'], $user->getLogin(), $newPassword); $result = $mail->send(); unset($mail); } if (!$user->userdata->set(array_keys($userData), array_values($userData)) or !$user->setStatus($userStatus)) { $message .= '<p class="error">' . $errorMessages['updateUser'] . '</p>'; } else { $message .= '<p class="success">' . sprintf($successMessages['updateUser'], $user->getLogin()) . '</p>'; $message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>'; } } } // delete user confirmation if ($userAction == 'delete_confirm') { $message = ''; $user = new PMF_User_CurrentUser(); $userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0); if ($userId == 0) { $message .= '<p class="error">' . $errorMessages['delUser_noId'] . '</p>'; $userAction = $defaultUserAction; } else { $user->getUserById($userId); // account is protected if ($user->getStatus() == 'protected' || $userId == 1) { $userAction = $defaultUserAction; $message .= '<p class="error">' . $errorMessages['delUser_protectedAccount'] . '</p>'; } else { ?> <h2><?php print $text['header'];
// display error messages and show form again } else { $groupAction = 'add'; $message = '<p class="alert alert-error">'; foreach ($messages as $err) { $message .= $err . '<br />'; } $message .= '</p>'; } } if (!isset($message)) { $message = ''; } // show new group form if ($groupAction == 'add' && $permission['addgroup']) { $user = new PMF_User_CurrentUser($faqConfig); ?> <header> <h2><i class="icon-user"></i> <?php print $PMF_LANG['ad_group_add']; ?> </h2> </header> <div id="user_message"><?php print $message; ?> </div> <form class="form-horizontal" name="group_create" action="?action=group&group_action=addsave" method="post" accept-charset="utf-8"> <input type="hidden" name="csrf" value="<?php print $user->getCsrfTokenFromSession();
* @link http://www.phpmyfaq.de * @since 2002-08-27 */ if (!defined('IS_VALID_PHPMYFAQ')) { header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $captcha = new PMF_Captcha($db, $Language); $oGlossary = new PMF_Glossary(); $oLnk = new PMF_Linkverifier(); $faqTagging = new PMF_Tags($db, $Language); $faqRelation = new PMF_Relation($db, $Language); $faqRating = new PMF_Rating(); $faqComment = new PMF_Comment(); if (is_null($user)) { $user = new PMF_User_CurrentUser(); } $faqSearchResult = new PMF_Search_Resultset($user, $faq); $captcha->setSessionId($sids); if (!is_null($showCaptcha)) { $captcha->showCaptchaImg(); exit; } $currentCategory = $cat; $recordId = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT); $solutionId = PMF_Filter::filterInput(INPUT_GET, 'solution_id', FILTER_VALIDATE_INT); $highlight = PMF_Filter::filterInput(INPUT_GET, 'highlight', FILTER_SANITIZE_STRIPPED); // Set the FAQ language $faq->setLanguage($lang); // Get all data from the FAQ record if (0 == $solutionId) {
$protocol = 'http'; if (isset($_SERVER['HTTPS']) && strtoupper($_SERVER['HTTPS']) === 'ON') { $protocol = 'https'; } header('Location: ' . $protocol . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $captcha = new PMF_Captcha($faqConfig); $oGlossary = new PMF_Glossary($faqConfig); $oLnk = new PMF_Linkverifier($faqConfig); $faqTagging = new PMF_Tags($faqConfig); $faqRelation = new PMF_Relation($faqConfig); $faqRating = new PMF_Rating($faqConfig); $faqComment = new PMF_Comment($faqConfig); if (is_null($user)) { $user = new PMF_User_CurrentUser($faqConfig); } $faqSearchResult = new PMF_Search_Resultset($user, $faq, $faqConfig); $captcha->setSessionId($sids); if (!is_null($showCaptcha)) { $captcha->showCaptchaImg(); exit; } $currentCategory = $cat; $recordId = PMF_Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT); $solutionId = PMF_Filter::filterInput(INPUT_GET, 'solution_id', FILTER_VALIDATE_INT); // Get all data from the FAQ record if (0 == $solutionId) { $faq->getRecord($recordId); } else { $faq->getRecordBySolutionId($solutionId);