/**
* Initialisation des paramètres de PWD
*/
function initSettings()
{
global $gSettings;
$gSettings = loadSettings();
if ($gSettings === FALSE) {
$gSettings = array();
$gSettings['options']['groupes']['groupe'] = array();
$gSettings['sites']['site'] = array();
saveSettings($gSettings);
}
}
/**
* Initialise une authentification en utilisant les paramêtre renseignés dans gepi
*
* @param string|NULL $auth The authentication source. Si non précisé, utilise la source configurée dans gepi.
*/
public function __construct($auth = null) {
if ($auth == null) {
if (isset($_SESSION['utilisateur_saml_source'])) {
//on prend la source précisée précedemment en session.
//Cela sert si le mode d'authentification a changé au cours de la session de l'utilisateur
$auth = $_SESSION['utilisateur_saml_source'];
} else {
//on va sélectionner la source d'authentification gepi
$path = dirname(dirname(dirname(dirname(dirname(dirname(__FILE__))))));
include_once("$path/secure/connect.inc.php");
// Database connection
require_once("$path/lib/mysql.inc");
require_once("$path/lib/settings.inc");
// Load settings
if (!loadSettings()) {
die("Erreur chargement settings");
}
$auth = getSettingValue('auth_simpleSAML_source');
}
}
$config = SimpleSAML_Configuration::getOptionalConfig('authsources.php');
$sources = $config->getOptions();
if (!count($sources)) {
echo 'Erreur simplesaml : Aucune source configurée dans le fichier authsources.php';
die;
}
if (!in_array($auth, $sources)) {
//si la source précisée n'est pas trouvée, utilisation par défaut d'une source proposant tout les choix possible
//(voir le fichier authsources.php)
if ($auth == 'unset') {
//l'admin a réglé la source à unset, ce n'est pas la peine de mettre un message d'erreur
} else {
echo 'Erreur simplesaml : source '.$auth.' non configurée. Utilisation par défaut de la source : «Authentification au choix entre toutes les sources configurees».';
}
$auth = 'Authentification au choix entre toutes les sources configurees';
}
//on utilise une variable en session pour se souvenir quelle est la source utilisé pour cette session. Utile pour le logout, si entretemps l'admin a changé la source d'authentification.
$_SESSION['utilisateur_saml_source'] = $auth;
//print_r($config);die;
$this->authSourceConfig = $config->getArray($auth);
assert('is_string($auth)');
$this->authSource = $auth;
parent::__construct($auth);
}
function loadBehaviors($type)
{
$settings = loadSettings();
$files = array();
if ($handle = opendir($settings['base_game'] . '/scripts/behaviors/' . $type . '/')) {
while (false !== ($entry = readdir($handle))) {
if ($entry != "." && $entry != "..") {
$files[] = substr($entry, 0, -3);
}
}
closedir($handle);
}
return $files;
}
function InitializeConfig()
{
global $config_db_name, $config_db, $version;
// Configuration Database
$config_db_name = dirname(__FILE__) . '/rest.config.sqlite3';
try {
$config_db = new PDO("sqlite:{$config_db_name}");
$config_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $ex) {
// Print PDOException message
die($ex->getMessage());
}
// Check for configuration DB
if (file_exists($config_db_name)) {
// $this->showMessage("DB Found");
// Check for Versioning Table
if (!checkTable('version')) {
// $this->showMessage("Versioning Table Missing");
createVersionTable();
}
// Check Table Version
$tblVer = checkTableVersion('version', $version);
if ($tblVer === false) {
// $this->showMessage('Adding Version Details');
addVersionRecord('version');
}
if ($tblVer === -99) {
// $this->showMessage('Updating Version Details');
updateVersionRecord('version');
}
// Check Users Table
if (!checkTable('users')) {
createUsersTable();
} else {
// Check Version
$tblVer = checkTableVersion('users', $version);
}
// Load Database Configurations
loadDBConnections();
// Load Published Tables
loadPublishedTables();
// Load System Settings
loadSettings();
} else {
die("Sorry, system cannot be setup configuration file....");
}
}
/**
* This is run before each unit test; it empties the database.
*/
protected function setUp()
{
GepiDataPopulator::depopulate($this->con);
mysqli_query($GLOBALS["mysqli"], 'delete from setting');
mysqli_query($GLOBALS["mysqli"], 'delete from droits');
mysqli_query($GLOBALS["mysqli"], 'delete from droits_aid');
mysqli_query($GLOBALS["mysqli"], 'delete from aid_productions');
mysqli_query($GLOBALS["mysqli"], 'delete from edt_setting');
mysqli_query($GLOBALS["mysqli"], 'delete from lettres_tcs');
mysqli_query($GLOBALS["mysqli"], 'delete from etiquettes_formats');
mysqli_query($GLOBALS["mysqli"], 'delete from lettres_types');
mysqli_query($GLOBALS["mysqli"], 'delete from lettres_cadres');
mysqli_query($GLOBALS["mysqli"], 'delete from ct_types_documents');
mysqli_query($GLOBALS["mysqli"], 'delete from absences_motifs');
mysqli_query($GLOBALS["mysqli"], 'delete from model_bulletin');
mysqli_query($GLOBALS["mysqli"], 'delete from absences_actions');
$fd = fopen(dirname(__FILE__) ."/../../../../sql/data_gepi.sql", "r");
if (!$fd) {
echo "Erreur : fichier sql/data_gepi.sql non trouve\n";
die;
}
while (!feof($fd)) {
$query = fgets($fd, 5000);
$query = trim($query);
if((substr($query,-1)==";")&&(substr($query,0,3)!="-- ")) {
$reg = mysqli_query($GLOBALS["mysqli"], $query);
if (!$reg) {
echo "ERROR : '$query' \n";
echo "Erreur retournée : ".mysqli_error($GLOBALS["mysqli"])."\n";
$result_ok = 'no';
}
}
}
fclose($fd);
loadSettings();
AbsenceEleveSaisiePeer::disableAgregation();
AbsenceEleveTraitementPeer::disableAgregation();
parent::setUp();
}
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To read the license please visit http://www.gnu.org/copyleft/gpl.html
*******************************************************************************/
// prevent direct invocation
if (!isset($cfg['user']) || isset($_REQUEST['cfg'])) {
@ob_end_clean();
@header("location: ../../../index.php");
exit;
}
/******************************************************************************/
// load global settings + overwrite per-user settings
loadSettings('tf_settings');
// init template-instance
tmplInitializeInstance($cfg["theme"], "page.admin.indexSettings.tmpl");
// set template-vars
tmplSetIndexPageFormVars();
//
tmplSetTitleBar("Administration - Index Settings");
tmplSetAdminMenu();
tmplSetFoot();
tmplSetIidVars();
// parse template
$tmpl->pparse();
</div>
</div>
<div class="clear">
</div>
<div id="footer">
<div id="btm_cont">
</div>
<div id="ft_btm"> <?php
loadLinks('footer');
?>
<?php
loadSettings('copyright');
?>
<?php
BsocketB('public-xhtml-footer');
?>
<br />
<!--Credits -->
<a href="http://ramblingsoul.com">CSS Template</a> by Rambling Soul<br />
Images from<a href="http://sxc.hu"> sxc.hu</a>
<!--/Credits -->
</div>
</div>
/**
* Attempt to log in using the given username and password.
*
* On a successful login, this function should return the users attributes. On failure,
* it should throw an exception. If the error was caused by the user entering the wrong
* username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.
*
* Note that both the username and the password are UTF-8 encoded.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @param string $organization The id of the organization the user chose.
* @return array Associative array with the users attributes.
*/
protected function login($username, $password, $organization) {
assert('is_string($username)');
assert('is_string($password)');
assert('is_string($organization)');
if ($organization != '') {
//$organization contient le numéro de rne
setcookie('RNE', $organization, null, '/');
}
$path = dirname(dirname(dirname(dirname(dirname(dirname(dirname(dirname(__FILE__))))))));
require_once("$path/secure/connect.inc.php");
// Database connection
require_once("$path/lib/mysql.inc");
require_once("$path/lib/mysqli.inc.php");
require_once("$path/lib/settings.inc");
require_once("$path/lib/settings.inc.php");
require_once("$path/lib/old_mysql_result.php");
// Load settings
if (!loadSettings()) {
die("Erreur chargement settings");
}
// Global configuration file
require_once("$path/lib/global.inc.php");
// Libraries
include "$path/lib/share.inc.php";
// Session related functions
require_once("$path/lib/Session.class.php");
$session_gepi = new Session();
# L'instance de Session permettant de gérer directement les authentifications
# SSO, on ne s'embête pas :
$auth = $session_gepi->authenticate_gepi($username, $password);
if ($auth != "1") {
# Echec d'authentification.
$session_gepi->record_failed_login($username);
session_write_close();
SimpleSAML_Logger::error('gepiauth:' . $this->authId .
': not authenticated. Probably wrong username/password.');
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
SimpleSAML_Logger::info('gepiauth:' . $this->authId . ': authenticated');
# On interroge la base de données pour récupérer des attributs qu'on va retourner
$query = mysqli_query($GLOBALS["mysqli"], "SELECT nom, prenom, email, statut FROM utilisateurs WHERE (login = '******')");
$row = mysqli_fetch_object($query);
//on vérifie le status
if ($this->requiredStatut != null) {
if ($this->requiredStatut != $row->statut) {
# Echec d'authentification pour ce statut
$session_gepi->close('2');
session_write_close();
SimpleSAML_Logger::error('gepiauth:' . $this->authId .
': not authenticated. Statut is wrong.');
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
}
$attributes = array();
$attributes['login_gepi'] = array($username);
$attributes['nom'] = array($row->nom);
$attributes['prenom'] = array($row->prenom);
$attributes['statut'] = array($row->statut);
$attributes['email'] = array($row->email);
$sql = "SELECT id_matiere FROM j_professeurs_matieres WHERE (id_professeur = '" . $username . "') ORDER BY ordre_matieres LIMIT 1";
$matiere_principale = sql_query1($sql);
$attributes['matieres'] = array($matiere_principale);
SimpleSAML_Logger::info('gepiauth:' . $this->authId . ': Attributes: ' .
implode(',', array_keys($attributes)));
return $attributes;
}
function rest_get()
{
$_SESSION['user_id'] = "'api'";
if (!@count($GLOBALS['request']) == 0) {
$request_uri = $GLOBALS['_SERVER']['REQUEST_URI'];
preg_match('/\\/api(\\/index.php|)\\/(.*)\\?apikey=(.*)/', $request_uri, $matches);
if (count($matches) == 0) {
rest_error('REQUEST_SENT_NOT_UNDERSTANDABLE');
}
$GLOBALS['request'] = explode('/', $matches[2]);
}
if (apikey_checker($GLOBALS['apikey'])) {
global $server, $user, $pass, $database, $pre, $link;
teampass_connect();
$category_query = "";
if ($GLOBALS['request'][0] == "read") {
if ($GLOBALS['request'][1] == "category") {
// get ids
if (strpos($GLOBALS['request'][2], ";") > 0) {
$condition = "id_tree IN %ls";
$condition_value = explode(';', $GLOBALS['request'][2]);
} else {
$condition = "id_tree = %s";
$condition_value = $GLOBALS['request'][2];
}
DB::debugMode(false);
// get items in this module
$response = DB::query("SELECT id,label,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE inactif='0' AND " . $condition, $condition_value);
foreach ($response as $data) {
// prepare output
$id = $data['id'];
$json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8');
$crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
$json[$id]['pw'] = $crypt_pw['string'];
}
/* load folders */
$response = DB::query("SELECT id,parent_id,title,nleft,nright,nlevel FROM " . prefix_table("nested_tree") . " WHERE parent_id=%i ORDER BY `title` ASC", $GLOBALS['request'][2]);
$rows = array();
$i = 0;
foreach ($response as $row) {
$response = DB::query("SELECT id,label,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE inactif = %i AND id_tree=%i", "0", $row['id']);
foreach ($response as $data) {
// prepare output
$id = $data['id'];
$json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8');
$crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
$json[$id]['pw'] = $crypt_pw['string'];
}
}
} else {
if ($GLOBALS['request'][1] == "userpw") {
$username = $GLOBALS['request'][2];
if (strcmp($username, "admin") == 0) {
// forbid admin access
}
$response = DB::query("SELECT fonction_id FROM " . prefix_table("users") . " WHERE login='******'");
foreach ($response as $data) {
$role_str = $data['fonction_id'];
}
$folder_arr = array();
$roles = explode(";", $role_str);
foreach ($roles as $role) {
$response = DB::query("SELECT folder_id FROM " . prefix_table("roles_values") . " WHERE role_id='" . $role . "'");
foreach ($response as $data) {
$folder_id = $data['folder_id'];
if (!array_key_exists($folder_id, $folder_arr)) {
array_push($folder_arr, $folder_id);
}
}
}
$folder_str = implode(";", $folder_arr);
// get ids
if (strpos($folder_str, ";") > 0) {
$condition = "id_tree IN %ls";
$condition_value = explode(';', $folder_str);
} else {
$condition = "id_tree = %s";
$condition_value = $folder_str;
}
DB::debugMode(false);
$data = "";
// get items in this module
$response = DB::query("SELECT id,label,url,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE inactif='0' AND " . $condition, $condition_value);
foreach ($response as $data) {
// prepare output
$id = $data['id'];
$json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8');
$crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
$json[$id]['pw'] = $crypt_pw['string'];
}
/* load folders */
$response = DB::query("SELECT id,parent_id,title,nleft,nright,nlevel FROM " . prefix_table("nested_tree") . " WHERE parent_id=%i ORDER BY `title` ASC", $folder_str);
$rows = array();
$i = 0;
foreach ($response as $row) {
$response = DB::query("SELECT id,label,url,login,pw, pw_iv FROM " . prefix_table("items") . " WHERE inactif = %i AND id_tree=%i", "0", $row['id']);
foreach ($response as $data) {
// prepare output
$id = $data['id'];
$json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8');
$crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
$json[$id]['pw'] = $crypt_pw['string'];
}
}
} elseif ($GLOBALS['request'][1] == "items") {
$array_items = explode(';', $GLOBALS['request'][2]);
// check if not empty
if (count($array_items) == 0) {
rest_error('NO_ITEM');
}
// only accepts numeric
foreach ($array_items as $item) {
if (!is_numeric($item)) {
rest_error('ITEM_MALFORMED');
}
}
$response = DB::query("SELECT id,label,login,pw, pw_iv, id_tree FROM " . prefix_table("items") . " WHERE inactif = %i AND id IN %ls", "0", $array_items);
foreach ($response as $data) {
// prepare output
$id = $data['id'];
$json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8');
$crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
$json[$id]['pw'] = $crypt_pw['string'];
}
}
}
if (isset($json) && $json) {
echo json_encode($json);
} else {
rest_error('EMPTY');
}
} elseif ($GLOBALS['request'][0] == "find") {
if ($GLOBALS['request'][1] == "item") {
$array_category = explode(';', $GLOBALS['request'][2]);
$item = $GLOBALS['request'][3];
foreach ($array_category as $category) {
if (!preg_match_all("/^([\\w\\:\\'\\-\\sàáâãäåçèéêëìíîïðòóôõöùúûüýÿ]+)\$/i", $category, $result)) {
rest_error('CATEGORY_MALFORMED');
}
}
if (!preg_match_all("/^([\\w\\:\\'\\-\\sàáâãäåçèéêëìíîïðòóôõöùúûüýÿ]+)\$/i", $item, $result)) {
rest_error('ITEM_MALFORMED');
} elseif (empty($item) || count($array_category) == 0) {
rest_error('MALFORMED');
}
if (count($array_category) > 1 && count($array_category) < 5) {
for ($i = count($array_category); $i > 0; $i--) {
$slot = $i - 1;
if (!$slot) {
$category_query .= "select id from " . prefix_table("nested_tree") . " where title LIKE '" . $array_category[$slot] . "' AND parent_id = 0";
} else {
$category_query .= "select id from " . prefix_table("nested_tree") . " where title LIKE '" . $array_category[$slot] . "' AND parent_id = (";
}
}
for ($i = 1; $i < count($array_category); $i++) {
$category_query .= ")";
}
} elseif (count($array_category) == 1) {
$category_query = "select id from " . prefix_table("nested_tree") . " where title LIKE '" . $array_category[0] . "' AND parent_id = 0";
} else {
rest_error('NO_CATEGORY');
}
DB::debugMode(false);
$response = DB::query("SELECT id, label, login, pw, pw_iv, id_tree\n FROM " . prefix_table("items") . "\n WHERE \n inactif = %i \n AND id_tree = (%s)\n AND label LIKE %ss", "0", $category_query, $item);
foreach ($response as $data) {
// prepare output
$id = $data['id'];
$json[$id]['id'] = mb_convert_encoding($data['id'], mb_detect_encoding($data['id']), 'UTF-8');
$json[$id]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$id]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$json[$id]['url'] = mb_convert_encoding($data['url'], mb_detect_encoding($data['url']), 'UTF-8');
$crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
$json[$id]['pw'] = $crypt_pw['string'];
$json[$id]['folder_id'] = $data['id_tree'];
$json[$id]['status'] = utf8_encode("OK");
}
if (isset($json) && $json) {
echo json_encode($json);
} else {
rest_error('EMPTY');
}
}
} elseif ($GLOBALS['request'][0] == "add") {
if ($GLOBALS['request'][1] == "item") {
// get item definition
$array_item = explode(';', urldecode($GLOBALS['request'][2]));
if (count($array_item) != 9) {
rest_error('ITEMBADDEFINITION');
}
$item_label = $array_item[0];
$item_pwd = $array_item[1];
$item_desc = $array_item[2];
$item_folder_id = $array_item[3];
$item_login = $array_item[4];
$item_email = $array_item[5];
$item_url = $array_item[6];
$item_tags = $array_item[7];
$item_anyonecanmodify = $array_item[8];
// added so one can sent data including the http or https !
// anyway we have to urlencode this data
$item_url = urldecode($item_url);
// same for the email
$item_email = urldecode($item_email);
// do some checks
if (!empty($item_label) && !empty($item_pwd) && !empty($item_folder_id)) {
// Check length
if (strlen($item_pwd) > 50) {
rest_error('PASSWORDTOOLONG');
}
// Check Folder ID
DB::query("SELECT * FROM " . prefix_table("nested_tree") . " WHERE id = %i", $item_folder_id);
$counter = DB::count();
if ($counter == 0) {
rest_error('NOSUCHFOLDER');
}
// check if element doesn't already exist
DB::query("SELECT * FROM " . prefix_table("items") . " WHERE label = %s AND inactif = %i", addslashes($item_label), "0");
$counter = DB::count();
if ($counter != 0) {
$itemExists = 1;
// prevent the error if the label already exists
// so lets just add the time() as a random factor
$item_label .= " (" . time() . ")";
} else {
$itemExists = 0;
}
if ($itemExists == 0) {
$encrypt = cryption($item_pwd, SALT, "", "encrypt");
if (empty($encrypt['string'])) {
rest_error('PASSWORDEMPTY');
}
// ADD item
try {
DB::insert(prefix_table("items"), array("label" => $item_label, "description" => $item_desc, 'pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv'], "email" => $item_email, "url" => $item_url, "id_tree" => intval($item_folder_id), "login" => $item_login, "inactif" => 0, "restricted_to" => "", "perso" => 0, "anyone_can_modify" => intval($item_anyonecanmodify)));
$newID = DB::InsertId();
// log
DB::insert(prefix_table("log_items"), array("id_item" => $newID, "date" => time(), "id_user" => API_USER_ID, "action" => "at_creation"));
// Add tags
$tags = explode(' ', $item_tags);
foreach ((array) $tags as $tag) {
if (!empty($tag)) {
DB::insert(prefix_table("tags"), array("item_id" => $newID, "tag" => strtolower($tag)));
}
}
// Update CACHE table
DB::insert(prefix_table("cache"), array("id" => $newID, "label" => $item_label, "description" => $item_desc, "tags" => $item_tags, "id_tree" => $item_folder_id, "perso" => "0", "restricted_to" => "", "login" => $item_login, "folder" => "", "author" => API_USER_ID, "renewal_period" => "0", "timestamp" => time(), "url" => "0"));
echo '{"status":"item added"}';
} catch (PDOException $ex) {
echo '<br />' . $ex->getMessage();
}
} else {
rest_error('ITEMEXISTS');
}
} else {
rest_error('ITEMMISSINGDATA');
}
} elseif ($GLOBALS['request'][1] == "user") {
// get user definition
$array_user = explode(';', $GLOBALS['request'][2]);
if (count($array_user) != 11) {
rest_error('USERBADDEFINITION');
}
$login = $array_user[0];
$name = $array_user[1];
$lastname = $array_user[2];
$password = $array_user[3];
$email = $array_user[4];
$adminby = urldecode($array_user[5]);
$isreadonly = urldecode($array_user[6]);
$roles = urldecode($array_user[7]);
$isadmin = $array_user[8];
$ismanager = $array_user[9];
$haspf = $array_user[10];
// Empty user
if (mysqli_escape_string($link, htmlspecialchars_decode($login)) == "") {
rest_error('USERLOGINEMPTY');
}
// Check if user already exists
$data = DB::query("SELECT id, fonction_id, groupes_interdits, groupes_visibles FROM " . prefix_table("users") . "\n WHERE login LIKE %ss", mysqli_escape_string($link, stripslashes($login)));
if (DB::count() == 0) {
try {
// find AdminRole code in DB
$resRole = DB::queryFirstRow("SELECT id\n FROM " . prefix_table("roles_title") . "\n WHERE title LIKE %ss", mysqli_escape_string($link, stripslashes($adminby)));
// get default language
$lang = DB::queryFirstRow("SELECT `valeur` FROM " . prefix_table("misc") . " WHERE type = %s AND intitule = %s", "admin", "default_language");
// prepare roles list
$rolesList = "";
foreach (explode(',', $roles) as $role) {
//echo $role."-";
$tmp = DB::queryFirstRow("SELECT `id` FROM " . prefix_table("roles_title") . " WHERE title = %s", $role);
if (empty($rolesList)) {
$rolesList = $tmp['id'];
} else {
$rolesList .= ";" . $tmp['id'];
}
}
// Add user in DB
DB::insert(prefix_table("users"), array('login' => $login, 'name' => $name, 'lastname' => $lastname, 'pw' => bCrypt(stringUtf8Decode($password), COST), 'email' => $email, 'admin' => intval($isadmin), 'gestionnaire' => intval($ismanager), 'read_only' => intval($isreadonly), 'personal_folder' => intval($haspf), 'user_language' => $lang['valeur'], 'fonction_id' => $rolesList, 'groupes_interdits' => '0', 'groupes_visibles' => '0', 'isAdministratedByRole' => empty($resRole) ? '0' : $resRole['id']));
$new_user_id = DB::insertId();
// Create personnal folder
if (intval($haspf) == 1) {
DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => $new_user_id, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1'));
}
// load settings
loadSettings();
// Send email to new user
@sendEmail($LANG['email_subject_new_user'], str_replace(array('#tp_login#', '#tp_pw#', '#tp_link#'), array(" " . addslashes($login), addslashes($password), $_SESSION['settings']['email_server_url']), $LANG['email_new_user_mail']), $email, "");
// update LOG
logEvents('user_mngt', 'at_user_added', 'api - ' . $GLOBALS['apikey'], $new_user_id, "");
echo '{"status":"user added"}';
} catch (PDOException $ex) {
echo '<br />' . $ex->getMessage();
}
} else {
rest_error('USERALREADYEXISTS');
}
}
} elseif ($GLOBALS['request'][0] == "auth") {
/*
** FOR SECURITY PURPOSE, it is mandatory to use SSL to connect your teampass instance. The user password is not encrypted!
**
**
** Expected call format: .../api/index.php/auth/<PROTOCOL>/<URL>/<login>/<password>?apikey=<VALID API KEY>
** Example: https://127.0.0.1/teampass/api/index.php/auth/http/www.zadig-tge.adp.com/U1/test/76?apikey=chahthait5Aidood6johh6Avufieb6ohpaixain
** RESTRICTIONS:
** - <PROTOCOL> ==> http|https|ftp|...
** - <URL> ==> encode URL without protocol (example: http://www.teampass.net becomes www.teampass.net)
** - <login> ==> user's login
** - <password> ==> currently clear password
**
** RETURNED ANSWER:
** - format sent back is JSON
** - Example: {"<item_id>":{"label":"<pass#1>","login":"******","pw":"<pwd#1>"},"<item_id>":{"label":"<pass#2>","login":"******","pw":"<pwd#2>"}}
**
*/
// get user credentials
if (isset($GLOBALS['request'][3]) && isset($GLOBALS['request'][4])) {
// get url
if (isset($GLOBALS['request'][1]) && isset($GLOBALS['request'][2])) {
// is user granted?
$userData = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][3]);
// load passwordLib library
$_SESSION['settings']['cpassman_dir'] = "..";
require_once '../sources/SplClassLoader.php';
$pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries');
$pwdlib->register();
$pwdlib = new PasswordLib\PasswordLib();
if ($pwdlib->verifyPasswordHash($GLOBALS['request'][4], $userData['pw']) === true) {
// define the restriction of "id_tree" of this user
//db::debugMode(true);
$userDef = DB::queryOneColumn('folder_id', "SELECT DISTINCT folder_id\n FROM " . prefix_table("roles_values") . "\n WHERE type IN ('R', 'W', 'ND', 'NE', 'NDNE', 'NEND') ", empty($userData['groupes_interdits']) ? "" : "\n AND folder_id NOT IN (" . str_replace(";", ",", $userData['groupes_interdits']) . ")", "\n AND role_id IN %ls\n GROUP BY folder_id", explode(";", $userData['groupes_interdits']));
// complete with "groupes_visibles"
foreach (explode(";", $userData['groupes_visibles']) as $v) {
array_push($userDef, $v);
}
// find the item associated to the url
$response = DB::query("SELECT id, label, login, pw, pw_iv, id_tree, restricted_to\n FROM " . prefix_table("items") . "\n WHERE url LIKE %s\n AND id_tree IN (" . implode(",", $userDef) . ")\n ORDER BY id DESC", $GLOBALS['request'][1] . "://" . urldecode($GLOBALS['request'][2] . '%'));
$counter = DB::count();
if ($counter > 0) {
$json = "";
foreach ($response as $data) {
// check if item visible
if (empty($data['restricted_to']) || $data['restricted_to'] != "" && in_array($userData['id'], explode(";", $data['restricted_to']))) {
// prepare export
$json[$data['id']]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$data['id']]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
$json[$data['id']]['pw'] = $crypt_pw['string'];
}
}
// prepare answer. If no access then inform
if (empty($json)) {
rest_error('AUTH_NO_DATA');
} else {
echo json_encode($json);
}
} else {
rest_error('NO_DATA_EXIST');
}
} else {
rest_error('AUTH_NOT_GRANTED');
}
} else {
rest_error('AUTH_NO_URL');
}
} else {
rest_error('AUTH_NO_IDENTIFIER');
}
} elseif ($GLOBALS['request'][0] == "auth_tpc") {
/*
** TO BE USED ONLY BY TEAMPASS-CONNECT
**
*/
// get user credentials
if (isset($GLOBALS['request'][2]) && isset($GLOBALS['request'][3])) {
// get url
if (isset($GLOBALS['request'][1])) {
// is user granted?
$userData = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][2]);
// load passwordLib library
$_SESSION['settings']['cpassman_dir'] = "..";
require_once '../sources/SplClassLoader.php';
$pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries');
$pwdlib->register();
$pwdlib = new PasswordLib\PasswordLib();
if ($pwdlib->verifyPasswordHash($GLOBALS['request'][3], $userData['pw']) === true) {
// define the restriction of "id_tree" of this user
//db::debugMode(true);
$userDef = DB::queryOneColumn('folder_id', "SELECT DISTINCT folder_id\n FROM " . prefix_table("roles_values") . "\n WHERE type IN ('R', 'W', 'ND', 'NE', 'NDNE', 'NEND') ", empty($userData['groupes_interdits']) ? "" : "\n AND folder_id NOT IN (" . str_replace(";", ",", $userData['groupes_interdits']) . ")", "\n AND role_id IN %ls\n GROUP BY folder_id", explode(";", $userData['groupes_interdits']));
// complete with "groupes_visibles"
foreach (explode(";", $userData['groupes_visibles']) as $v) {
array_push($userDef, $v);
}
// decrypt url
$tpc_url = base64_decode($GLOBALS['request'][1]);
// find the item associated to the url
$response = DB::query("SELECT id, label, login, pw, pw_iv, id_tree, restricted_to\n FROM " . prefix_table("items") . "\n WHERE url LIKE %s\n AND id_tree IN (" . implode(",", $userDef) . ")\n ORDER BY id DESC", $tpc_url . '%');
$counter = DB::count();
if ($counter > 0) {
$json = "";
foreach ($response as $data) {
// check if item visible
if (empty($data['restricted_to']) || $data['restricted_to'] != "" && in_array($userData['id'], explode(";", $data['restricted_to']))) {
// prepare export
$json[$data['id']]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8');
$json[$data['id']]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8');
$crypt_pw = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt");
$json[$data['id']]['pw'] = $crypt_pw['string'];
}
}
// prepare answer. If no access then inform
if (empty($json)) {
rest_error('AUTH_NO_DATA');
} else {
echo json_encode($json);
}
} else {
rest_error('NO_DATA_EXIST');
}
} else {
rest_error('AUTH_NOT_GRANTED');
}
} else {
rest_error('AUTH_NO_URL');
}
} else {
rest_error('AUTH_NO_IDENTIFIER');
}
} elseif ($GLOBALS['request'][0] == "set") {
/*
* Expected call format: .../api/index.php/set/<login_to_save>/<password_to_save>/<url>/<user_login>/<user_password>/<label>/<protocol>?apikey=<VALID API KEY>
* Example: https://127.0.0.1/teampass/api/index.php/set/newLogin/newPassword/newUrl/myLogin/myPassword?apikey=gu6Eexaewaishooph6iethoh5woh0yoit6ohquo
*
* NEW ITEM WILL BE STORED IN SPECIFIC FOLDER
*/
// get user credentials
if (isset($GLOBALS['request'][4]) && isset($GLOBALS['request'][5])) {
// get url
if (isset($GLOBALS['request'][1]) && isset($GLOBALS['request'][2]) && isset($GLOBALS['request'][3])) {
// is user granted?
$userData = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][4]);
if (DB::count() == 0) {
rest_error('AUTH_NO_IDENTIFIER');
}
// load passwordLib library
$_SESSION['settings']['cpassman_dir'] = "..";
require_once '../sources/SplClassLoader.php';
$pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries');
$pwdlib->register();
$pwdlib = new PasswordLib\PasswordLib();
// is user identified?
if ($pwdlib->verifyPasswordHash($GLOBALS['request'][5], $userData['pw']) === true) {
// does the personal folder of this user exists?
DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s AND personal_folder = 1", $userData['id']);
if (DB::count() > 0) {
// check if "teampass-connect" folder exists
// if not create it
$folder = DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s", "teampass-connect");
if (DB::count() == 0) {
DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => "teampass-connect"));
$tpc_folder_id = DB::insertId();
//Add complexity
DB::insert(prefix_table("misc"), array('type' => 'complex', 'intitule' => $tpc_folder_id, 'valeur' => '0'));
// rebuild tree
$tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title');
$tree->rebuild();
} else {
$tpc_folder_id = $folder['id'];
}
// encrypt password
$encrypt = cryption($GLOBALS['request'][2], SALT, "", "encrypt");
// is there a protocol?
if (isset($GLOBALS['request'][7]) || empty($GLOBALS['request'][7])) {
$protocol = "http://";
} else {
$protocol = urldecode($GLOBALS['request'][7]) . "://";
}
// add new item
DB::insert(prefix_table("items"), array('label' => "Credentials for " . urldecode($GLOBALS['request'][3]), 'description' => "Imported with Teampass-Connect", 'pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv'], 'email' => "", 'url' => urldecode($GLOBALS['request'][3]), 'id_tree' => $tpc_folder_id, 'login' => $GLOBALS['request'][1], 'inactif' => '0', 'restricted_to' => $userData['id'], 'perso' => '0', 'anyone_can_modify' => '0', 'complexity_level' => '0'));
$newID = DB::insertId();
// log
logItems($newID, "Credentials for " . urldecode($GLOBALS['request'][3] . '%'), $userData['id'], 'at_creation', $GLOBALS['request'][1]);
$json['status'] = "ok";
// prepare answer. If no access then inform
if (empty($json)) {
rest_error('AUTH_NO_DATA');
} else {
echo json_encode($json);
}
} else {
rest_error('NO_PF_EXIST_FOR_USER');
}
} else {
rest_error('AUTH_NOT_GRANTED');
}
} else {
rest_error('SET_NO_DATA');
}
} else {
rest_error('AUTH_NO_IDENTIFIER');
}
} elseif ($GLOBALS['request'][0] == "set_tpc") {
/*
* TO BE USED ONLY BY TEAMPASS-CONNECT
*/
// get user credentials
if (isset($GLOBALS['request'][2]) && isset($GLOBALS['request'][3])) {
// get url
if (isset($GLOBALS['request'][1])) {
// is user granted?
$userData = DB::queryFirstRow("SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", $GLOBALS['request'][2]);
if (DB::count() == 0) {
rest_error('AUTH_NO_IDENTIFIER');
}
// load passwordLib library
$_SESSION['settings']['cpassman_dir'] = "..";
require_once '../sources/SplClassLoader.php';
$pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries');
$pwdlib->register();
$pwdlib = new PasswordLib\PasswordLib();
// is user identified?
if ($pwdlib->verifyPasswordHash($GLOBALS['request'][3], $userData['pw']) === true) {
// does the personal folder of this user exists?
DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s AND personal_folder = 1", $userData['id']);
if (DB::count() > 0) {
// check if "teampass-connect" folder exists
// if not create it
$folder = DB::queryFirstRow("SELECT `id`\n FROM " . $pre . "nested_tree\n WHERE title = %s", "teampass-connect");
if (DB::count() == 0) {
DB::insert(prefix_table("nested_tree"), array('parent_id' => '0', 'title' => "teampass-connect"));
$tpc_folder_id = DB::insertId();
//Add complexity
DB::insert(prefix_table("misc"), array('type' => 'complex', 'intitule' => $tpc_folder_id, 'valeur' => '0'));
// rebuild tree
$tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title');
$tree->rebuild();
} else {
$tpc_folder_id = $folder['id'];
}
// prepare TPC parameters
$tpc_param = explode('/', base64_decode($GLOBALS['request'][1]));
// encrypt password
$encrypt = cryption(urldecode($tpc_param[1]), SALT, "", "encrypt");
// is there a label?
if (empty($tpc_param[3])) {
$label = "Credentials for " . urldecode($tpc_param[2]);
} else {
$label = urldecode($tpc_param[3]);
}
// add new item
DB::insert(prefix_table("items"), array('label' => $label, 'description' => "Imported with Teampass-Connect", 'pw' => $encrypt['string'], 'pw_iv' => $encrypt['iv'], 'email' => "", 'url' => urldecode($tpc_param[2]), 'id_tree' => $tpc_folder_id, 'login' => urldecode($tpc_param[0]), 'inactif' => '0', 'restricted_to' => $userData['id'], 'perso' => '0', 'anyone_can_modify' => '0', 'complexity_level' => '0'));
$newID = DB::insertId();
// log
logItems($newID, $label, $userData['id'], 'at_creation', '');
$json['status'] = "ok";
// prepare answer. If no access then inform
if (empty($json)) {
rest_error('AUTH_NO_DATA');
} else {
echo json_encode($json);
}
} else {
rest_error('NO_PF_EXIST_FOR_USER');
}
} else {
rest_error('AUTH_NOT_GRANTED');
}
} else {
rest_error('SET_NO_DATA');
}
} else {
rest_error('AUTH_NO_IDENTIFIER');
}
} elseif ($GLOBALS['request'][0] == "delete") {
$_SESSION['settings']['cpassman_dir'] = "..";
if ($GLOBALS['request'][1] == "folder") {
$array_category = explode(';', $GLOBALS['request'][2]);
if (count($array_category) > 0 && count($array_category) < 5) {
// load passwordLib library
require_once '../sources/SplClassLoader.php';
// prepare tree
$tree = new SplClassLoader('Tree\\NestedTree', '../includes/libraries');
$tree->register();
$tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title', 'personal_folder');
// this will delete all sub folders and items associated
for ($i = 0; $i < count($array_category); $i++) {
// Get through each subfolder
$folders = $tree->getDescendants($array_category[$i], true);
print_r($folders);
if (count($folders) > 0) {
foreach ($folders as $folder) {
if (($folder->parent_id > 0 || $folder->parent_id == 0) && $folder->personal_folder != 1) {
//Store the deleted folder (recycled bin)
DB::insert(prefix_table("misc"), array('type' => 'folder_deleted', 'intitule' => "f" . $array_category[$i], 'valeur' => $folder->id . ', ' . $folder->parent_id . ', ' . $folder->title . ', ' . $folder->nleft . ', ' . $folder->nright . ', ' . $folder->nlevel . ', 0, 0, 0, 0'));
//delete folder
DB::delete(prefix_table("nested_tree"), "id = %i", $folder->id);
//delete items & logs
$items = DB::query("SELECT id\n FROM " . prefix_table("items") . "\n WHERE id_tree=%i", $folder->id);
foreach ($items as $item) {
DB::update(prefix_table("items"), array('inactif' => '1'), "id = %i", $item['id']);
//log
DB::insert(prefix_table("log_items"), array('id_item' => $item['id'], 'date' => time(), 'id_user' => API_USER_ID, 'action' => 'at_delete'));
}
//Update CACHE table
updateCacheTable("delete_value", $array_category[$i]);
}
}
}
}
} else {
rest_error('NO_CATEGORY');
}
$json['status'] = 'OK';
} elseif ($GLOBALS['request'][1] == "item") {
$array_items = explode(';', $GLOBALS['request'][2]);
for ($i = 0; $i < count($array_items); $i++) {
DB::update(prefix_table("items"), array('inactif' => '1'), "id = %i", $array_items[$i]);
//log
DB::insert(prefix_table("log_items"), array('id_item' => $array_items[$i], 'date' => time(), 'id_user' => API_USER_ID, 'action' => 'at_delete'));
//Update CACHE table
updateCacheTable("delete_value", $array_items[$i]);
}
$json['status'] = 'OK';
}
if ($json) {
echo json_encode($json);
} else {
rest_error('EMPTY');
}
} else {
rest_error('METHOD');
}
}
}
TorrentFlux is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with TorrentFlux; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
// ADODB support.
require_once 'db.php';
require_once "settingsfunctions.php";
// Create Connection.
$db = getdb();
loadSettings();
session_start("TorrentFlux");
require_once "config.php";
include "themes/" . $cfg["default_theme"] . "/index.php";
global $cfg;
if (isset($_SESSION['user'])) {
header("location: index.php");
exit;
}
ob_start();
// authentication
switch ($cfg['auth_type']) {
case 3:
/* Basic-Passthru */
/* Basic-Passthru */
case 2:
* @author Florian Lippert <*****@*****.**> (2003-2009)
* @author Froxlor team <*****@*****.**> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Panel
*
*/
define('AREA', 'admin');
/**
* Include our init.php, which manages Sessions, Language etc.
*/
$need_db_sql_data = true;
$need_root_db_sql_data = true;
require "./lib/init.php";
if (($page == 'settings' || $page == 'overview') && $userinfo['change_serversettings'] == '1') {
$settings_data = loadConfigArrayDir('./actions/admin/settings/');
$settings = loadSettings($settings_data, $db);
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$_part = isset($_GET['part']) ? $_GET['part'] : '';
if ($_part == '') {
$_part = isset($_POST['part']) ? $_POST['part'] : '';
}
if ($_part != '') {
if ($_part == 'all') {
$settings_all = true;
$settings_part = false;
} else {
$settings_all = false;
$settings_part = true;
}
$only_enabledisable = false;
} else {
send('<font color="red"><strong>Error</strong></font><br>');
send('database-config-file <em>' . _DIR . _FILE_DBCONF . '</em> missing. setup cannot continue.');
}
} elseif (isset($_REQUEST["3"])) {
// 3 - rename files and dirs
sendHead(" - Rename Files and Dirs");
send("<h1>" . _TITLE . "</h1>");
send("<h2>Rename Files and Dirs</h2>");
if (is_file(_FILE_DBCONF)) {
require_once _FILE_DBCONF;
$dbCon = getAdoConnection($cfg["db_type"], $cfg["db_host"], $cfg["db_user"], $cfg["db_pass"], $cfg["db_name"]);
if (!$dbCon) {
send('<font color="red"><strong>Error</strong></font><br>');
send("cannot connect to database.<p>");
} else {
$tf_settings = loadSettings("tf_settings");
// close ado-connection
$dbCon->Close();
if ($tf_settings !== false) {
$path = $tf_settings["path"];
$pathExists = false;
$renameOk = false;
$allDone = true;
if (@is_dir($path) === true && @is_dir($path . ".torrents") === true) {
$pathExists = true;
send('<ul>');
// transfers-dir
send('<li><em>' . $path . ".torrents -> " . $path . ".transfers" . '</em> : ');
$renameOk = rename($path . ".torrents", $path . ".transfers");
if ($renameOk === true) {
send('<font color="green">Ok</font></li>');
* @copyright (c) the authors
* @author Florian Lippert <*****@*****.**>
* @license GPLv2 http://files.syscp.org/misc/COPYING.txt
* @package Panel
* @version $Id$
*/
define('AREA', 'admin');
/**
* Include our init.php, which manages Sessions, Language etc.
*/
$need_db_sql_data = true;
$need_root_db_sql_data = true;
require "./lib/init.php";
if (($page == 'settings' || $page == 'overview') && $userinfo['change_serversettings'] == '1') {
$settings_data = loadConfigArrayDir('./actions/admin/settings/');
$settings = loadSettings(&$settings_data, &$db);
if (isset($_POST['send']) && $_POST['send'] == 'send') {
if (processForm(&$settings_data, &$_POST, array('filename' => $filename, 'action' => $action, 'page' => $page))) {
standard_success('settingssaved', '', array('filename' => $filename, 'action' => $action, 'page' => $page));
}
} else {
$fields = buildForm(&$settings_data);
eval("echo \"" . getTemplate("settings/settings") . "\";");
}
} elseif ($page == 'rebuildconfigs' && $userinfo['change_serversettings'] == '1') {
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$log->logAction(ADM_ACTION, LOG_INFO, "rebuild configfiles");
inserttask('1');
inserttask('4');
inserttask('5');
redirectTo('admin_index.php', array('s' => $s));
// Some other requires
require_once "{$IP}/includes/Defines.php";
require_once MWInit::compiledPath('includes/DefaultSettings.php');
foreach (get_defined_vars() as $key => $var) {
if (!array_key_exists($key, $GLOBALS)) {
$GLOBALS[$key] = $var;
}
}
global $wgAutoloadClasses;
$wgAutoloadClasses = array();
if (defined('MW_CONFIG_CALLBACK')) {
# Use a callback function to configure MediaWiki
MWFunction::call(MW_CONFIG_CALLBACK);
} else {
// Require the configuration (probably LocalSettings.php)
require loadSettings();
}
// Some last includes
require_once MWInit::compiledPath('includes/Setup.php');
// Much much faster startup than creating a title object
$wgTitle = null;
require_once $IP . '/tests/TestsAutoLoader.php';
function loadSettings()
{
global $wgCommandLineMode, $IP;
$settingsFile = "{$IP}/LocalSettings.php";
if (!is_readable($settingsFile)) {
$this->error("A copy of your installation's LocalSettings.php\n" . "must exist and be readable in the source directory.\n" . "Use --conf to specify it.", true);
}
$wgCommandLineMode = true;
return $settingsFile;
<?php
// check for admin access to this function library //
if (!$_SESSION['adminLogIn']) {
die("Access Denied");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title><?php
loadSettings('sitename');
?>
- ADMIN</title>
<meta name="description" content="" />
<meta name="keywords" content="" />
<link rel="stylesheet" type="text/css" href="theme/default_css.css" />
<link rel="shortcut icon" href="theme/images/favicon.ico" type="image/x-icon"/>
<?php
BsocketB('admin-xhtml-head');
?>
</head>
<body>
<div id="brace">
<div id="pageframe">
<div id="pageframer">
<div id="headermid">
<div id="headerr">
<div id="header">
<h1>razorCMS <span class='redtext'><?php
$javascript = "schedule.js";
require "includes/userHeader.php";
//get the date
$theDate = date("d F Y");
if ($_POST["theDate"] != "") {
$theDate = $_POST["theDate"];
}
$lastSunday = strtotime("last Sunday", strtotime($theDate));
$day1 = date("l, F j", $lastSunday);
$day2 = date("l, F j", strtotime("+1 day", $lastSunday));
$day3 = date("l, F j", strtotime("+2 day", $lastSunday));
$day4 = date("l, F j", strtotime("+3 day", $lastSunday));
$day5 = date("l, F j", strtotime("+4 day", $lastSunday));
$day6 = date("l, F j", strtotime("+5 day", $lastSunday));
$day7 = date("l, F j", strtotime("+6 day", $lastSunday));
loadSettings(1);
$empID = "-1";
$userID = $_SESSION["id"];
loadUser($userID);
$jobs = array();
$jobs[1] = loadEmployeeJob($empID, date("Y", $lastSunday), date("m", $lastSunday), date("d", $lastSunday));
$jobs[2] = loadEmployeeJob($empID, date("Y", $lastSunday), date("m", $lastSunday), date("d", $lastSunday) + 1);
$jobs[3] = loadEmployeeJob($empID, date("Y", $lastSunday), date("m", $lastSunday), date("d", $lastSunday) + 2);
$jobs[4] = loadEmployeeJob($empID, date("Y", $lastSunday), date("m", $lastSunday), date("d", $lastSunday) + 3);
$jobs[5] = loadEmployeeJob($empID, date("Y", $lastSunday), date("m", $lastSunday), date("d", $lastSunday) + 4);
$jobs[6] = loadEmployeeJob($empID, date("Y", $lastSunday), date("m", $lastSunday), date("d", $lastSunday) + 5);
$jobs[7] = loadEmployeeJob($empID, date("Y", $lastSunday), date("m", $lastSunday), date("d", $lastSunday) + 6);
padBegin(6, 6);
?>
<input type="hidden" id="day1" name="day1" />
/**
* read client settings from database
*/
private function _readSettings()
{
if (isset($this->cid) && $this->cid != -1) {
$spath = makeCorrectDir(dirname(dirname(dirname(dirname(__FILE__)))));
$this->s_data = loadConfigArrayDir(makeCorrectDir($spath . '/actions/admin/settings/'), makeCorrectDir($spath . '/actions/multiserver/clientsettings/'));
$settings = loadSettings($this->s_data, $this->db, $this->cid);
foreach ($settings as $group => $fv) {
foreach ($fv as $field => $value) {
$this->setSetting($group, $field, $value, true, true, true);
}
}
}
}
<title>School organizer | Home</title> </head> <body bgcolor="#' . $bgcolor . '"> <input type="hidden" id="user" value="' . $user->getEmail() . '" /> <table id="hometable"> <tr> <td id="hometableleft"></td> <td id="hometablemid" style="background-color:#ffffff; box-shadow: 0px 0px 10px #000000;" valign="top"> <br /><br /><br /> <!-- Content --> <div class="contentz" id="home" name="' . $email . '">' . loadHome($user, $db) . '</div> <div class="contentz" id="kalender" name="' . $email . '">' . loadKalender($user, $db) . '</div> <div class="contentz" id="stundenplan" name="' . $email . '">' . loadStundenplan($user, $db) . '</div> <div class="contentz" id="gruppen" name="' . $email . '">' . loadGruppen($user, $db) . '</div> <div class="contentz" id="freunde" name="' . $email . '">' . loadFreunde($user, $db) . '</div> <div class="contentz" id="settings" name="' . $email . '">' . loadSettings($user, $db) . '</div> </td> <td id="hometableright">'; include '../../global/chat.php'; echo '</td> </tr> </table> <div id="menu" style="background-color:#' . $MENUCOLOR . '; box-shadow: 0px 0px 10px #000000;"> <div align="center"> <input type="hidden" name="email" value="' . $user->getEmail() . '" /> <input type="button" class="menubutton" name="home" id="b1" value="Home" style="background-color:' . $MENUCOLOR . '; color:' . $MAINCOLOR2 . '"><div class="menuslider" id="s1" style="background-color:' . $MAINCOLOR2 . '"></div> <input type="button" class="menubutton" name="kalender" id="b2" value="Kalender" style="background-color:' . $MENUCOLOR . '; color:' . $MAINCOLOR . '"><div class="menuslider" id="s2" style="background-color:' . $MAINCOLOR2 . '"></div> <input type="button" class="menubutton" name="stundenplan" id="b3" value="Stundenplan" style="background-color:' . $MENUCOLOR . '; color:' . $MAINCOLOR . '"><div class="menuslider" id="s3" style="background-color:' . $MAINCOLOR2 . '"></div>
$databaseTypes['postgres'] = 'pg_connect';
if (array_key_exists($cfg["db_type"], $databaseTypes)) {
if (!function_exists($databaseTypes[$cfg["db_type"]])) {
@error("Database Problems", "", "", array('This PHP installation does not have support for ' . $cfg["db_type"] . ' built into it. Please reinstall PHP and ensure support for the selected database is built in.'));
}
} else {
@error("Database Problems", "", "", array('Error in database-config, database-type ' . $cfg["db_type"] . ' is not supported.', "Check your database-config-file. (inc/config/config.db.php)"));
}
// initialize database
dbInitialize();
// load global settings
loadSettings('tf_settings');
// load dir-settings
loadSettings('tf_settings_dir');
// load stats-settings
loadSettings('tf_settings_stats');
// load users
$arUsers = GetUsers();
$cfg['users'] = isset($arUsers) && is_array($arUsers) ? $arUsers : array($cfg['user']);
// load links
$arLinks = GetLinks();
if (isset($arLinks) && is_array($arLinks)) {
$linklist = array();
foreach ($arLinks as $link) {
array_push($linklist, array('link_url' => $link['url'], 'link_sitename' => $link['sitename']));
}
$cfg['linklist'] = $linklist;
}
// Path to where the meta files will be stored... usually a sub of $cfg["path"]
$cfg["transfer_file_path"] = $cfg["path"] . ".transfers/";
// Free space in MB
function uiSettings()
{
global $cfg;
// load global settings + overwrite per-user settings
loadSettings();
// display
DisplayHead("Administration - UI Settings");
// Admin Menu
displayMenu();
// Main Settings Section
?>
<div align="center">
<table width="100%" border="1" bordercolor="<?php
echo $cfg["table_admin_border"];
?>
" cellpadding="2" cellspacing="0" bgcolor="<?php
echo $cfg["table_data_bg"];
?>
">
<tr><td bgcolor="<?php
echo $cfg["table_header_bg"];
?>
" background="themes/<?php
echo $cfg["theme"];
?>
/images/bar.gif">
<img src="images/properties.png" width="18" height="13" border="0"> <font class="title">UI Settings</font>
</td></tr><tr><td align="center">
<div align="center">
<table cellpadding="5" cellspacing="0" border="0" width="100%">
<form name="theForm" action="admin.php?op=updateUiSettings" method="post">
<tr><td colspan="2" align="center" bgcolor="<?php
echo $cfg["table_header_bg"];
?>
"><strong>Index-Page</strong></td></tr>
<tr>
<td align="left" width="350" valign="top"><strong>Select index-page</strong><br>
Select the index-Page.
</td>
<td valign="top">
<?php
printIndexPageSelectForm();
?>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>index-page settings</strong><br>
Select the columns in transfer-list on index-Page.<br>(only for b4rt-index-page)
</td>
<td valign="top">
<?php
printIndexPageSettingsForm();
?>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Width</strong><br>
Specify the width of the index-page. (780):
</td>
<td valign="bottom">
<input name="ui_dim_main_w" type="Text" maxlength="5" value="<?php
echo $cfg["ui_dim_main_w"];
?>
" size="5">
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Display Links</strong><br>
Display Links on the index-page. (true):
</td>
<td valign="bottom">
<select name="ui_displaylinks">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["ui_displaylinks"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Display Users</strong><br>
Display Users on the index-page. (true):
</td>
<td valign="bottom">
<select name="ui_displayusers">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["ui_displayusers"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Select Drivespace-Bar</strong><br>
Select Style of Drivespace-Bar on index-Page.
</td>
<td valign="top">
<?php
printDrivespacebarSelectForm();
?>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Show Server Stats</strong><br>
Enable showing the server stats at the bottom:
</td>
<td valign="top">
<select name="index_page_stats">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["index_page_stats"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Show Server Load</strong><br>
Enable showing the average server load over the last 15 minutes:
</td>
<td valign="top">
<select name="show_server_load">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["show_server_load"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Show Connections</strong><br>
Enable showing the Sum of TCP-Connections:
</td>
<td valign="top">
<select name="index_page_connections">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["index_page_connections"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Use Refresh</strong><br>
Use meta-refresh on index-page. (true):
</td>
<td valign="bottom">
<select name="ui_indexrefresh">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["ui_indexrefresh"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Page Refresh (in seconds)</strong><br>
Number of seconds before the torrent list page refreshes:
</td>
<td valign="top">
<input name="page_refresh" type="Text" maxlength="3" value="<?php
echo $cfg["page_refresh"];
?>
" size="3">
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Select Sort-Order</strong><br>
Select default Sort-Order of transfers on index-Page.
</td>
<td valign="top">
<?php
printSortOrderSettingsForm();
?>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Enable sorttable</strong><br>
Enable Client-Side sorting of Transfer-Table:
</td>
<td valign="top">
<select name="enable_sorttable">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["enable_sorttable"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Enable Good looking statistics</strong><br>
Enable/Disable "Good looking statistics" :
</td>
<td valign="top">
<select name="enable_goodlookstats">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["enable_goodlookstats"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Good looking statistics settings</strong><br>
Configure Settings of "Good looking statistics" :
</td>
<td valign="top">
<?php
printGoodLookingStatsForm();
?>
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Enable Big bold drivespace warning</strong><br>
Enable/Disable "Big bold drivespace warning" :
</td>
<td valign="top">
<select name="enable_bigboldwarning">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["enable_bigboldwarning"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr><td colspan="2" align="center" bgcolor="<?php
echo $cfg["table_header_bg"];
?>
"><strong>Download-Details</strong></td></tr>
<tr>
<td align="left" width="350" valign="top"><strong>Width</strong><br>
Specify the width of the details-popup. (450):
</td>
<td valign="bottom">
<input name="ui_dim_details_w" type="Text" maxlength="5" value="<?php
echo $cfg["ui_dim_details_w"];
?>
" size="5">
</td>
</tr>
<tr>
<td align="left" width="350" valign="top"><strong>Height</strong><br>
Specify the height of the details-popup. (290):
</td>
<td valign="bottom">
<input name="ui_dim_details_h" type="Text" maxlength="5" value="<?php
echo $cfg["ui_dim_details_h"];
?>
" size="5">
</td>
</tr>
<tr><td colspan="2" align="center" bgcolor="<?php
echo $cfg["table_header_bg"];
?>
"><strong>Misc</strong></td></tr>
<tr>
<td align="left" width="350" valign="top"><strong>Display TorrentFlux Link</strong><br>
Display TorrentFlux Link at bottom of pages. (true):
</td>
<td valign="bottom">
<select name="ui_displayfluxlink">
<option value="1">true</option>
<option value="0" <?php
if (!$cfg["ui_displayfluxlink"]) {
echo "selected";
}
?>
>false</option>
</select>
</td>
</tr>
<tr><td colspan="2"><hr noshade></td></tr>
<tr>
<td align="center" colspan="2">
<input type="Submit" value="Update Settings">
</td>
</tr>
</form>
</table>
</div>
</td></tr>
</table></div>
<?php
DisplayFoot(true, true);
}
* @author Florian Lippert <*****@*****.**> (2003-2009)
* @author Froxlor team <*****@*****.**> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Panel
*
*/
define('AREA', 'admin');
require './lib/init.php';
// get sql-root access data
Database::needRoot(true);
Database::needSqlData();
$sql_root = Database::getSqlData();
Database::needRoot(false);
if ($page == 'overview' && $userinfo['change_serversettings'] == '1') {
$settings_data = loadConfigArrayDir('./actions/admin/settings/');
$settings = loadSettings($settings_data);
if (isset($_POST['send']) && $_POST['send'] == 'send') {
$_part = isset($_GET['part']) ? $_GET['part'] : '';
if ($_part == '') {
$_part = isset($_POST['part']) ? $_POST['part'] : '';
}
if ($_part != '') {
if ($_part == 'all') {
$settings_all = true;
$settings_part = false;
} else {
$settings_all = false;
$settings_part = true;
}
$only_enabledisable = false;
} else {
<?php
include_once '../global/ranvier.php';
include_once '../global/yaml/spyc.php';
$area = $_POST['area'];
$room = $_POST['room'];
$settings = loadSettings();
$foundTheRoom = false;
$array = readRanvierFile('/entities/areas/' . $area . '/rooms.yml', IS_YAML);
for ($x = 0; $x < count($array); $x++) {
if ($array[$x]['location'] == $room['location']) {
$foundTheRoom = true;
if (ranvierFileExists('/scripts/rooms/' . $room['location'] . '.js')) {
$room['script'] = $room['location'] . '.js';
} else {
unset($room['script']);
}
$array[$x] = $room;
$x = count($array);
}
}
if (!$foundTheRoom) {
$array[] = $room;
}
$yaml = Spyc::YAMLDump($array, 4, 60);
saveRanvierFile('/entities/areas/' . $area . '/rooms.yml', $yaml);
function preparse_php($script_filename)
{
global $convert_data;
$preparsing = true;
require $script_filename;
if (empty($convert_data['parameters'])) {
$convert_data['parameters'] = array();
}
if (empty($convert_data['defines'])) {
$convert_data['defines'] = array();
}
if (empty($convert_data['globals'])) {
$convert_data['globals'] = array();
}
if (empty($convert_data['settings'])) {
$convert_data['settings'] = array();
}
if (empty($convert_data['variable'])) {
$convert_data['variable'] = array();
}
if (empty($convert_data['database_support'])) {
$convert_data['database_support'] = array('mysql');
}
foreach ($convert_data['globals'] as $k => $v) {
$v = trim($v);
$convert_data['globals'][$k] = $v[0] == '$' ? substr($v, 1) : $v;
}
if (isset($_POST['path_to']) && !empty($_GET['step'])) {
loadSettings();
}
}
} else {
$msg .= "Erreur lors de la suppression de la réserve sur les comptes élèves.<br />";
}
}
if (isset($_GET['suppr_reserve_resp'])) {
check_token();
$sql = "DELETE FROM tempo_utilisateurs WHERE statut='responsable';";
$res = mysqli_query($GLOBALS["mysqli"], $sql);
if ($res) {
$msg .= "Suppression de la réserve sur les comptes responsables effectuée.<br />";
} else {
$msg .= "Erreur lors de la suppression de la réserve sur les comptes responsables.<br />";
}
}
// Load settings
if (!loadSettings()) {
die("Erreur chargement settings");
}
if (isset($_POST['is_posted']) and $msg == '') {
$msg = "Les modifications ont été enregistrées !";
}
if (isset($_SESSION['chgt_annee'])) {
unset($_SESSION['chgt_annee']);
}
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
$themessage = 'Des informations ont été modifiées. Voulez-vous vraiment quitter sans enregistrer ?';
//**************** EN-TETE *****************
// End standart header
$titre_page = "Changement d'année";
require_once "../lib/header.inc.php";
//**************** FIN EN-TETE *****************
<link rel="stylesheet" type="text/css" href="theme/maintenance_css.css" />
<link rel="shortcut icon" href="theme/images/favicon.ico" type="image/x-icon"/>
</head>
<body>
<div id="brace">
<div id="pageframe">
<div id="pageframer">
<div id="headermid">
<div id="headerr">
<div id="header">
<h1><?php
loadSettings('sitename');
?>
</h1>
<h2><?php
loadSettings('siteslogan');
?>
</h2>
</div>
</div>
</div>
<div id="midbrace">
<div id="midbox">
<div id="content">
<img src="theme/images/warning.png" title="warning" alt="warning" />
<h1><?php
echo lt('UNDER MAINTENANCE');
?>
</h1>
<p><?php
echo lt('This site is currently under going routine maintenance, sorry for any inconvenience this has cause, we hope to be up and running shortly');
function saveUserSettings($uid, $settings)
{
global $cfg;
// Messy - a not exists would prob work better. but would have to be done
// on every key/value pair so lots of extra-statements.
deleteUserSettings($uid);
// load global settings + overwrite per-user settings
loadSettings('tf_settings');
// insert new settings
foreach ($settings as $key => $value) {
if (in_array($key, $cfg['validUserSettingsKeys'])) {
insertUserSettingPair($uid, $key, $value);
} else {
AuditAction($cfg["constants"]["error"], "ILLEGAL SETTING: " . $cfg["user"] . " tried to insert " . $value . " for key " . $key);
}
}
// flush session-cache
cacheFlush($cfg["user"]);
// return
return true;
}
* Revision 1.3 2008-11-11 22:01:14 grr
* *** empty log message ***
*
*
*/
include "include/connect.inc.php";
include "include/config.inc.php";
include "include/misc.inc.php";
include "include/functions.inc.php";
include "include/$dbsys.inc.php";
// Settings
require_once("./include/settings.inc.php");
//Chargement des valeurs de la table settingS
if (!loadSettings()) die("Erreur chargement settings");
// Paramètres langage
include "include/language.inc.php";
// Session related functions
require_once("./include/session.inc.php");
// Vérification du numéro de version et renvoi automatique vers la page de mise à jour
if (verif_version()) {
header("Location: ./admin_maj.php");
exit();
}
// User wants to be authentified
if (isset($_POST['login']) && isset($_POST['password'])) {
// Détruit toutes les variables de session au cas où une session existait auparavant
