function SQLAuthenticate() { global $db; global $password_encryption; global $session_key; if (isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) { //Username and password are set, lets try to authenticate. $session_pass = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($session_key), base64_decode($_SESSION["userpwd"]), MCRYPT_MODE_CBC, md5(md5($session_key))), ""); $rowObj = $db->queryRow("SELECT id, fullname, password FROM users WHERE username="******"userlogin"], 'text') . " AND active=1"); if ($rowObj) { if (Poweradmin\Password::verify($session_pass, $rowObj['password'])) { $_SESSION["userid"] = $rowObj["id"]; $_SESSION["name"] = $rowObj["fullname"]; $_SESSION["auth_used"] = "internal"; if (isset($_POST["authenticate"])) { log_notice(sprintf('Successful authentication attempt from [%s] for user \'%s\'', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"])); //If a user has just authenticated, redirect him to requested page session_write_close(); $redirect_url = $_POST["query_string"] ? $_SERVER['SCRIPT_NAME'] . "?" . $_POST["query_string"] : $_SERVER['SCRIPT_NAME']; clean_page($redirect_url); exit; } } else { if (isset($_POST['authenticate'])) { // auth( _('Authentication failed! - <a href="reset_password.php">(forgot password)</a>'),"error"); auth(_('Authentication failed!'), "error"); } else { auth(); } } } else { if (isset($_POST['authenticate'])) { log_warn(sprintf('Failed authentication attempt from [%s]', $_SERVER['REMOTE_ADDR'])); //Authentication failed, retry. // auth( _('Authentication failed! - <a href="reset_password.php">(forgot password)</a>'),"error"); auth(_('Authentication failed!'), "error"); } else { unset($_SESSION["userpwd"]); unset($_SESSION["userlogin"]); auth(); } } } else { //No username and password set, show auth form (again). auth(); } }
/** * Add a new user * * @param mixed[] $details Array of User details * * @return boolean true on success, false otherwise */ function add_new_user_local($details) { global $db; if (!do_hook('verify_permission', 'user_add_new')) { error(ERR_PERM_ADD_USER); return false; } elseif (user_exists($details['username'])) { error(ERR_USER_EXIST); return false; } elseif (!is_valid_email($details['email'])) { error(ERR_INV_EMAIL); return false; } elseif ($details['active'] == 1) { $active = 1; } else { $active = 0; } $query = "INSERT INTO users (username, password, fullname, email, description,"; if (do_hook('verify_permission', 'user_edit_templ_perm')) { $query .= ' perm_templ,'; } $password_hash = Poweradmin\Password::hash($details['password']); $query .= " active) VALUES (" . $db->quote($details['username'], 'text') . ", " . $db->quote($password_hash, 'text') . ", " . $db->quote($details['fullname'], 'text') . ", " . $db->quote($details['email'], 'text') . ", " . $db->quote($details['descr'], 'text') . ", "; if (do_hook('verify_permission', 'user_edit_templ_perm')) { $query .= $db->quote($details['perm_templ'], 'integer') . ", "; } $query .= $db->quote($active, 'integer') . ")"; $response = $db->query($query); if (PEAR::isError($response)) { error($response->getMessage()); return false; } return true; }
echo "<input type=\"hidden\" name=\"dns_ns1\" value=\"" . $dns_ns1 . "\">"; echo "<input type=\"hidden\" name=\"dns_ns2\" value=\"" . $dns_ns2 . "\">"; echo "<input type=\"hidden\" name=\"step\" value=\"" . $current_step . "\">"; echo "<input type=\"hidden\" name=\"language\" value=\"" . $language . "\">"; echo "<input type=\"submit\" name=\"submit\" value=\"" . _('Go to step') . " " . $current_step . "\">"; echo "</form>"; break; case 6: // Try to create configuration file $config_file_created = false; $configuration = ''; // FIXME if (is_writeable(LOCAL_CONFIG_FILE)) { $local_config = fopen(LOCAL_CONFIG_FILE, "w"); fwrite($local_config, $configuration); fclose($local_config); $config_file_created = true; } // No need to set database port if it's standard port for that db $db_port = $_POST['db_type'] == 'mysql' && $_POST['db_port'] != 3306 || $_POST['db_type'] == 'pgsql' && $_POST['db_port'] != 5432 ? $_POST['db_port'] : ''; // For SQLite we should provide path to db file $db_file = $_POST['db_type'] == 'sqlite' ? $db_file = $_POST['db_name'] : ''; echo $twig->render('step6.html', array('next_step' => ++$current_step, 'language' => $language, 'config_file_created' => $config_file_created, 'local_config_file' => LOCAL_CONFIG_FILE, 'session_key' => Poweradmin\Password::salt(SESSION_KEY_LENGTH), 'iface_lang' => $language, 'dns_hostmaster' => $_POST['dns_hostmaster'], 'dns_ns1' => $_POST['dns_ns1'], 'dns_ns2' => $_POST['dns_ns2'], 'db_host' => $_POST['db_host'], 'db_user' => $_POST['pa_db_user'], 'db_pass' => $_POST['pa_db_pass'], 'db_name' => $_POST['db_name'], 'db_type' => $_POST['db_type'], 'db_port' => $db_port, 'db_charset' => $_POST['db_charset'], 'pa_pass' => $_POST['pa_pass'])); break; case 7: echo $twig->render('step7.html'); break; default: break; } echo $twig->render('footer.html', array('version' => Poweradmin\Version::VERSION));