function create_tables()
{
    global $errors, $DFLT;
    //$PHP_SELF = $_SERVER['PHP_SELF'];
    $gallery_dir = strtr(dirname($_SERVER['PHP_SELF']), '\\', '/');
    $protocol = isset($_SERVER['HTTPS']) ? 'https' : 'http';
    $gallery_url_prefix = $protocol . '://' . $_SERVER['HTTP_HOST'] . $gallery_dir . (substr($gallery_dir, -1) == '/' ? '' : '/');
    $db_schema = "{$DFLT['sql_d']}/schema.sql";
    $db_basic = "{$DFLT['sql_d']}/basic.sql";
    if (($sch_open = fopen($db_schema, 'r')) === FALSE) {
        $errors .= "<hr /><br />The file '{$db_schema}' could not be found. Check that you have uploaded all Coppermine files to your server<br /><br />";
        return;
    } else {
        $sql_query = fread($sch_open, filesize($db_schema));
        if (($bas_open = fopen($db_basic, 'r')) === FALSE) {
            $errors .= "<hr /><br />The file '{$db_basic}' could not be found. Check that you have uploaded all Coppermine files to your server<br /><br />";
            return;
        } else {
            $sql_query .= fread($bas_open, filesize($db_basic));
        }
    }
    require 'include/passwordhash.inc.php';
    $password_params = explode(':', cpg_password_create_hash($_POST['admin_password']));
    // Insert the admin account
    $sql_query .= "INSERT INTO CPG_users (user_id, user_group, user_active, user_name, user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations, user_lastvisit, user_regdate, user_group_list, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_actkey ) VALUES (1, 1, 'YES', '{$_POST['admin_username']}', '{$password_params[HASH_PBKDF2_INDEX]}', '{$password_params[HASH_SALT_INDEX]}', '{$password_params[HASH_ALGORITHM_INDEX]}', '{$password_params[HASH_ITERATION_INDEX]}', NOW(), NOW(), '', '{$_POST['admin_email']}', '', '', '', '', '', '', '');\n";
    // Set configuration values for image package
    $sql_query .= "REPLACE INTO CPG_config VALUES ('thumb_method', '{$_POST['thumb_method']}');\n";
    $sql_query .= "REPLACE INTO CPG_config VALUES ('impath', '{$_POST['impath']}');\n";
    $sql_query .= "REPLACE INTO CPG_config VALUES ('ecards_more_pic_target', '{$gallery_url_prefix}');\n";
    $sql_query .= "REPLACE INTO CPG_config VALUES ('gallery_admin_email', '{$_POST['admin_email']}');\n";
    // Enable silly_safe_mode if test has shown that it is not configured properly
    if (test_silly_safe_mode() == TRUE) {
        $sql_query .= "REPLACE INTO CPG_config VALUES ('silly_safe_mode', '1');\n";
    }
    // Test write permissions for main dir
    if (!is_writable('.')) {
        $sql_query .= "REPLACE INTO CPG_config VALUES ('default_dir_mode', '0777');\n";
        $sql_query .= "REPLACE INTO CPG_config VALUES ('default_file_mode', '0666');\n";
    }
    // Update table prefix
    $sql_query = preg_replace('/CPG_/', $_POST['table_prefix'], $sql_query);
    $sql_query = remove_remarks($sql_query);
    $sql_query = split_sql_file($sql_query, ';');
    foreach ($sql_query as $q) {
        if (!mysql_query($q)) {
            $errors .= "MySQL Error: " . mysql_error() . " on query '{$q}'<br /><br />";
            return;
        }
    }
}
示例#2
0
function check_user_info(&$error)
{
    global $CONFIG;
    global $lang_register_php, $lang_common, $lang_register_approve_email;
    global $lang_register_user_login, $lang_errors;
    $superCage = Inspekt::makeSuperCage();
    $user_name = trim(get_post_var('username'));
    $password = trim(get_post_var('password'));
    $password_again = trim(get_post_var('password_verification'));
    $email = trim(get_post_var('email'));
    $profile1 = $superCage->post->getEscaped('user_profile1');
    $profile2 = $superCage->post->getEscaped('user_profile2');
    $profile3 = $superCage->post->getEscaped('user_profile3');
    $profile4 = $superCage->post->getEscaped('user_profile4');
    $profile5 = $superCage->post->getEscaped('user_profile5');
    $profile6 = $superCage->post->getEscaped('user_profile6');
    $agree_disclaimer = $superCage->post->getEscaped('agree');
    $captcha_confirmation = $superCage->post->getEscaped('confirmCode');
    $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'";
    $result = cpg_db_query($sql);
    if ($result->numRows(free)) {
        $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
        return false;
    }
    if (utf_strlen($user_name) < 2) {
        $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
    }
    if (!empty($CONFIG['global_registration_pw'])) {
        $global_registration_pw = get_post_var('global_registration_pw');
        if ($global_registration_pw != $CONFIG['global_registration_pw']) {
            $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
        } elseif ($password == $CONFIG['global_registration_pw']) {
            $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
        }
    }
    if (utf_strlen($password) < 2) {
        $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
    }
    if ($password == $user_name) {
        $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
    }
    if ($password != $password_again) {
        $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
    }
    if (!Inspekt::isEmail($email)) {
        $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
    }
    if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
        $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
    }
    // Perform the ban check against email address and username
    $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1");
    if ($result->numRows(true)) {
        $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
    }
    $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1");
    if ($result->numRows(true)) {
        $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
    }
    // check captcha
    if ($CONFIG['registration_captcha'] != 0) {
        if (!captcha_plugin_enabled('register')) {
            require "include/captcha.inc.php";
            if (!PhpCaptcha::Validate($captcha_confirmation)) {
                $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
            }
        } else {
            $error = CPGPluginAPI::filter('captcha_register_validate', $error);
        }
    }
    if (!$CONFIG['allow_duplicate_emails_addr']) {
        $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'";
        $result = cpg_db_query($sql);
        if ($result->numRows(true)) {
            $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
        }
    }
    $error = CPGPluginAPI::filter('register_form_validate', $error);
    if ($error != '') {
        return false;
    }
    if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
        $active = 'NO';
        list($usec, $sec) = explode(' ', microtime());
        $seed = (double) $sec + (double) $usec * 100000;
        srand($seed);
        $act_key = md5(uniqid(rand(), 1));
    } else {
        $active = 'YES';
        $act_key = '';
    }
    require 'include/passwordhash.inc.php';
    $password_params = explode(':', cpg_password_create_hash($password));
    $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$password_params[HASH_PBKDF2_INDEX]}', '{$password_params[HASH_SALT_INDEX]}', '{$password_params[HASH_ALGORITHM_INDEX]}', '{$password_params[HASH_ITERATION_INDEX]}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$CONFIG['lang']}')";
    $result = cpg_db_query($sql);
    $user_array = array();
    $user_array['user_id'] = cpg_db_last_insert_id();
    $user_array['user_name'] = $user_name;
    $user_array['user_email'] = $email;
    $user_array['user_active'] = $active;
    CPGPluginAPI::action('register_form_submit', $user_array);
    if ($CONFIG['log_mode']) {
        log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG);
    }
    // Create a personal album if corresponding option is enabled
    if ($CONFIG['personal_album_on_registration'] == 1) {
        $user_id = cpg_db_last_insert_id();
        $catid = $user_id + FIRST_USER_CAT;
        cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})");
    }
    // Registrations must be activated/verified by the user clicking a link in an email
    if ($CONFIG['reg_requires_valid_email']) {
        // Mail the user the activation/verification link
        $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
        $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
        if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
            cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
        }
        msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
    } else {
        if ($CONFIG['admin_activation']) {
            // We need admin activation only
            msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
        } else {
            // No activation required, account is ready for login
            msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
        }
    }
    // email notification or actication link to admin
    if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
        if (UDB_INTEGRATION == 'coppermine') {
            // get default language in which to inform the admins
            $result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
            while ($row = $result->fetchAssoc()) {
                if (!empty($row['user_email'])) {
                    $admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
                }
            }
            $result->free();
        } else {
            //@todo: is it possible to get the language from bridged installs?
            $admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
        }
        foreach ($admins as $admin) {
            //check if the admin language is available
            if (file_exists("lang/{$admin['lang']}.php")) {
                $lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
                $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
            } else {
                $lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
                $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
            }
            // if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
            if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
                $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
                $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
                cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
            } elseif ($CONFIG['reg_notify_admin_email']) {
                // otherwise, email is for information only
                cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
            }
        }
    }
    return true;
}
示例#3
0
function createAdmin()
{
    global $CONFIG, $config, $language;
    if (!isset($config['admin_username']) || $config['admin_username'] == '') {
        $GLOBALS['error'] = $language['no_admin_username'];
        return false;
    }
    if (!isset($config['admin_password']) || $config['admin_password'] == '') {
        $GLOBALS['error'] = $language['no_admin_password'];
        return false;
    }
    if (!isset($config['admin_email']) || $config['admin_email'] == '') {
        $GLOBALS['error'] = $language['no_admin_email'];
        return false;
    }
    require 'include/passwordhash.inc.php';
    $password_params = explode(':', cpg_password_create_hash($config['admin_password']));
    // Insert the admin account
    $sql_query = "INSERT INTO {$config['db_prefix']}users " . "(user_group, user_active, user_name, user_password, user_password_salt, " . " user_password_hash_algorithm, user_password_iterations, user_lastvisit, " . " user_regdate, user_group_list, user_email, user_profile1, user_profile2, " . " user_profile3, user_profile4, user_profile5, user_profile6, user_actkey) " . "VALUES " . "(1, 'YES', '{$config['admin_username']}', '{$password_params[HASH_PBKDF2_INDEX]}', " . " '{$password_params[HASH_SALT_INDEX]}', '{$password_params[HASH_ALGORITHM_INDEX]}', '{$password_params[HASH_ITERATION_INDEX]}', " . " NOW(), NOW(), '', '{$config['admin_email']}', '', '', '', '', '', '', '');\n";
    // Set gallery admin mail
    $sql_query .= "REPLACE INTO CPG_config VALUES ('gallery_admin_email', '{$config['admin_email']}');\n";
    // Update table prefix
    $sql_query = preg_replace('/CPG_/', $config['db_prefix'], $sql_query);
    require_once 'include/sql_parse.php';
    $sql_query = remove_remarks($sql_query);
    $sql_query = split_sql_file($sql_query, ';');
    // Get a connection with the db.
    //    if (!checkSqlConnection()) {
    //        return false;
    //    }
    foreach ($sql_query as $q) {
        if (!cpg_db_query($q)) {
            $GLOBALS['error'] = $language['dbase_error'] . cpg_db_getError() . ' ' . $language['on_q'] . " '{$q}'";
            return false;
        }
    }
    return true;
}
function cpg_password_create_update_string($password)
{
    $password_params = explode(':', cpg_password_create_hash($password));
    return "user_password = '******', user_password_salt = '{$password_params[HASH_SALT_INDEX]}', user_password_hash_algorithm = '{$password_params[HASH_ALGORITHM_INDEX]}', user_password_iterations = '{$password_params[HASH_ITERATION_INDEX]}'";
}