/** * Replace hash() * * @category PHP * @package PHP_Compat * @license LGPL - http://www.gnu.org/licenses/lgpl.html * @copyright 2004-2007 Aidan Lister <*****@*****.**>, Arpad Ray <*****@*****.**> * @link http://php.net/function.hash * @author revulo <*****@*****.**> * @since PHP 5.1.2 * @require PHP 4.0.0 (user_error) */ function php_compat_hash($algo, $data, $raw_output = false) { $algo = strtolower($algo); switch ($algo) { case 'md5': $hash = md5($data); break; case 'sha1': if (!function_exists('sha1')) { require dirname(__FILE__) . '/sha1.php'; } $hash = sha1($data); break; case 'sha256': require_once dirname(__FILE__) . '/sha256.php'; $hash = SHA256::hash($data); break; default: user_error('hash(): Unknown hashing algorithm: ' . $algo, E_USER_WARNING); return false; } if ($raw_output) { return pack('H*', $hash); } else { return $hash; } }
/** * Creates SHA256 hash to obfuscate ips * * @param $ip ip address to be hashed * @return string sha256-hashed ip */ function hash_it_the_oas_way($ip) { global $config; $str = $ip . $config['hashsalt']; // hashen (SHA256) if (function_exists('mhash')) { // mhash-Extension geladen return bin2hex(mhash(MHASH_SHA256, $str)); } elseif (function_exists('hash')) { // hash-Extension geladen return hash('sha256', $str); // untested } else { // native PHP-Implementation als (langsame) Alternative / Fallback require_once 'sha256.php'; return SHA256::hash($str); // untested } }
* Vectors from: http://www.febooti.com/products/filetweak/members/hash-and-crc/test-vectors/ */ $sha1 = SHA1::compute($input); $sha1tv = SHA1::compute(""); $sha1hmac = SHA1::computeHMAC("1234567890123456", $input); // print "SHA-1 from otv is ok: " . bool_str(Base16::encode($sha1tv) == "da39a3ee5e6b4b0d3255bfef95601890afd80709") . "<br/>\n"; print "SHA-1 HMAC in UTF-8: " . Base16::encode($sha1hmac) . "<br/>\n"; print "SHA-1 in UTF-8: " . Base16::encode($sha1) . "<br/><br/>\n"; /** * Test SHA-256 with one official test vector and custom input. * Vectors from: http://www.febooti.com/products/filetweak/members/hash-and-crc/test-vectors/ */ $sha256 = SHA256::compute($input); $sha256tv = SHA256::compute(""); $sha256hmac = SHA256::computeHMAC("1234567890123456", $input); // print "SHA-256 from otv is ok: " . bool_str(Base16::encode($sha256tv) == "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855") . "<br/>\n"; print "SHA-256 HMAC in UTF-8: " . Base16::encode($sha256hmac) . "<br/>\n"; print "SHA-256 in UTF-8: " . Base16::encode($sha256) . "<br/><br/>\n"; /** * Test ARC4 with one official test vector and custom input. * Vectors from: http://reikon.us/arc4 */ $arc4tvk = Base16::decode("0123456789abcdef"); $arc4tvt = Base16::decode("0123456789abcdef"); $arc4tve = ARC4::encrypt($arc4tvk, $arc4tvt); $arc4tvd = ARC4::decrypt($arc4tvk, $arc4tve); // $arc4k = "1234567890123456"; $arc4e = ARC4::encrypt($arc4k, $input);
die(''); } require_once $homedir . "/classes/core/sha256.php"; $adminoutput = ""; // just to avoid notices include "database.php"; $query = "SELECT uid, password, lang FROM " . db_table_name('users') . " WHERE users_name=" . $connect->qstr($username); $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; $result = $connect->SelectLimit($query, 1) or die($query . "\n" . $connect->ErrorMsg()); if ($result->RecordCount() < 1) { // wrong or unknown username and/or email echo "\n" . $clang->gT("User name invalid!") . "\n"; exit; } else { $fields = $result->FetchRow(); if (SHA256::hashing($userpass) == $fields['password']) { $_SESSION['loginID'] = intval($fields['uid']); $clang = new limesurvey_lang($fields['lang']); GetSessionUserRights($_SESSION['loginID']); if (!$_SESSION['USER_RIGHT_CREATE_SURVEY']) { // no permission to create survey! echo "\n" . $clang->gT("You are not allowed to import a survey!") . "\n"; exit; } } else { // password don't match username echo "\n" . $clang->gT("User name and password do not match!") . "\n"; exit; } } echo "\n";
function compute(&$hashData) { static $vars = 'abcdefgh'; static $K = null; if ($K === null) { /* $K = array( (int)0x428A2F98, (int)0x71374491, (int)0xB5C0FBCF, (int)0xE9B5DBA5, (int)0x3956C25B, (int)0x59F111F1, (int)0x923F82A4, (int)0xAB1C5ED5, (int)0xD807AA98, (int)0x12835B01, (int)0x243185BE, (int)0x550C7DC3, (int)0x72BE5D74, (int)0x80DEB1FE, (int)0x9BDC06A7, (int)0xC19BF174, (int)0xE49B69C1, (int)0xEFBE4786, (int)0x0FC19DC6, (int)0x240CA1CC, (int)0x2DE92C6F, (int)0x4A7484AA, (int)0x5CB0A9DC, (int)0x76F988DA, (int)0x983E5152, (int)0xA831C66D, (int)0xB00327C8, (int)0xBF597FC7, (int)0xC6E00BF3, (int)0xD5A79147, (int)0x06CA6351, (int)0x14292967, (int)0x27B70A85, (int)0x2E1B2138, (int)0x4D2C6DFC, (int)0x53380D13, (int)0x650A7354, (int)0x766A0ABB, (int)0x81C2C92E, (int)0x92722C85, (int)0xA2BFE8A1, (int)0xA81A664B, (int)0xC24B8B70, (int)0xC76C51A3, (int)0xD192E819, (int)0xD6990624, (int)0xF40E3585, (int)0x106AA070, (int)0x19A4C116, (int)0x1E376C08, (int)0x2748774C, (int)0x34B0BCB5, (int)0x391C0CB3, (int)0x4ED8AA4A, (int)0x5B9CCA4F, (int)0x682E6FF3, (int)0x748F82EE, (int)0x78A5636F, (int)0x84C87814, (int)0x8CC70208, (int)0x90BEFFFA, (int)0xA4506CEB, (int)0xBEF9A3F7, (int)0xC67178F2 ); */ $K = array(1116352408, 1899447441, -1245643825, -373957723, 961987163, 1508970993, -1841331548, -1424204075, -670586216, 310598401, 607225278, 1426881987, 1925078388, -2132889090, -1680079193, -1046744716, -459576895, -272742522, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, -1740746414, -1473132947, -1341970488, -1084653625, -958395405, -710438585, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, -2117940946, -1838011259, -1564481375, -1474664885, -1035236496, -949202525, -778901479, -694614492, -200395387, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, -2067236844, -1933114872, -1866530822, -1538233109, -1090935817, -965641998); } $W = array(); for ($i = 0, $numChunks = sizeof($hashData->chunks); $i < $numChunks; $i++) { // initialize the registers for ($j = 0; $j < 8; $j++) { ${$vars[$j]} = $hashData->hash[$j]; } // the SHA-256 compression function for ($j = 0; $j < 64; $j++) { if ($j < 16) { $T1 = ord($hashData->chunks[$i][$j * 4]) & 0xff; $T1 <<= 8; $T1 |= ord($hashData->chunks[$i][$j * 4 + 1]) & 0xff; $T1 <<= 8; $T1 |= ord($hashData->chunks[$i][$j * 4 + 2]) & 0xff; $T1 <<= 8; $T1 |= ord($hashData->chunks[$i][$j * 4 + 3]) & 0xff; $W[$j] = $T1; } else { $W[$j] = SHA256::sum(($W[$j - 2] >> 17 & 0x7fff | $W[$j - 2] << 15) ^ ($W[$j - 2] >> 19 & 0x1fff | $W[$j - 2] << 13) ^ $W[$j - 2] >> 10 & 0x3fffff, $W[$j - 7], ($W[$j - 15] >> 7 & 0x1ffffff | $W[$j - 15] << 25) ^ ($W[$j - 15] >> 18 & 0x3fff | $W[$j - 15] << 14) ^ $W[$j - 15] >> 3 & 0x1fffffff, $W[$j - 16]); } $T1 = SHA256::sum($h, ($e >> 6 & 0x3ffffff | $e << 26) ^ ($e >> 11 & 0x1fffff | $e << 21) ^ ($e >> 25 & 0x7f | $e << 7), $e & $f ^ ~$e & $g, $K[$j], $W[$j]); $T2 = SHA256::sum(($a >> 2 & 0x3fffffff | $a << 30) ^ ($a >> 13 & 0x7ffff | $a << 19) ^ ($a >> 22 & 0x3ff | $a << 10), $a & $b ^ $a & $c ^ $b & $c); $h = $g; $g = $f; $f = $e; $e = SHA256::sum($d, $T1); $d = $c; $c = $b; $b = $a; $a = SHA256::sum($T1, $T2); } // compute the next hash set for ($j = 0; $j < 8; $j++) { $hashData->hash[$j] = SHA256::sum(${$vars[$j]}, $hashData->hash[$j]); } } }
/** * loginCheck for Lsrc, checks if the user with given password exists in LS Database and * sets the SESSION rights for this user * @param String $sUser * @param String $sPass * @return boolean */ function checkUser($sUser, $sPass) { global $connect; global $dbprefix; $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; include "lsrc.config.php"; require dirname(__FILE__) . "/../classes/core/sha256.php"; $query = "SELECT uid, password, lang, superadmin FROM {$dbprefix}users WHERE users_name=" . $connect->qstr(sanitize_user($sUser)); // echo $query; $result = db_execute_assoc($query); $gv = $result->FetchRow(); if ($result->RecordCount() < 1) { return false; } else { if (SHA256::hashing($sPass) == $gv['password']) { $_SESSION['loginID'] = $gv['uid']; $_SESSION['lang'] = $gv['lang']; $squery = "SELECT create_survey, configurator, create_user, delete_user, superadmin, manage_template, manage_label FROM {$dbprefix}users WHERE uid={$gv['uid']}"; $sresult = db_execute_assoc($squery); //Checked if ($sresult->RecordCount() > 0) { $fields = $sresult->FetchRow(); $_SESSION['USER_RIGHT_CREATE_SURVEY'] = $fields['create_survey']; $_SESSION['USER_RIGHT_CONFIGURATOR'] = $fields['configurator']; $_SESSION['USER_RIGHT_CREATE_USER'] = $fields['create_user']; $_SESSION['USER_RIGHT_DELETE_USER'] = $fields['delete_user']; $_SESSION['USER_RIGHT_SUPERADMIN'] = $fields['superadmin']; $_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = $fields['manage_template']; $_SESSION['USER_RIGHT_MANAGE_LABEL'] = $fields['manage_label']; } return true; } else { return false; } } }
$sPassword = html_entity_decode($_POST['pass'], ENT_QUOTES, 'UTF-8'); if ($sPassword == '%%unchanged%%') { $sPassword = ''; } $full_name = html_entity_decode($postfull_name, ENT_QUOTES, 'UTF-8'); $valid_email = true; if (!validate_email($email)) { $valid_email = false; $failed = true; $addsummary .= "<div class=\"warningheader\">" . $clang->gT("Could not modify user data.") . "</div><br />\n" . " " . $clang->gT("Email address is not valid.") . "<br />\n"; } elseif ($valid_email) { $failed = false; if (empty($sPassword)) { $uquery = "UPDATE " . db_table_name('users') . " SET email='" . db_quote($email) . "', full_name='" . db_quote($full_name) . "' WHERE uid=" . $postuserid; } else { $uquery = "UPDATE " . db_table_name('users') . " SET email='" . db_quote($email) . "', full_name='" . db_quote($full_name) . "', password='******' WHERE uid=" . $postuserid; } $uresult = $connect->Execute($uquery); //Checked if ($uresult && empty($sPassword)) { $addsummary .= "<br />" . $clang->gT("Username") . ": {$users_name}<br />" . $clang->gT("Password") . ": (" . $clang->gT("Unchanged") . ")<br /><br />\n"; $addsummary .= "<div class=\"successheader\">" . $clang->gT("Success!") . "</div>\n"; } elseif ($uresult && !empty($sPassword)) { if ($display_user_password_in_html === true) { $displayedPwd = $sPassword; } else { $displayedPwd = preg_replace('/./', '*', $sPassword); } $addsummary .= "<br />" . $clang->gT("Username") . ": {$users_name}<br />" . $clang->gT("Password") . ": {$displayedPwd}<br /><br />\n"; $addsummary .= "<div class=\"successheader\">" . $clang->gT("Success!") . "</div>\n"; } else {
function compute(&$hashData) { static $vars = 'abcdefgh'; static $K = null; if ($K === null) { $K = array((int) 0x428a2f98, (int) 0x71374491, (int) 3049323471.0, (int) 0.0, (int) 0x3956c25b, (int) 0x59f111f1, (int) 2453635748.0, (int) 0.0, (int) 3624381080.0, (int) 0x12835b01, (int) 0x243185be, (int) 0x550c7dc3, (int) 0x72be5d74, (int) 0.0, (int) 2614888103.0, (int) 3248222580.0, (int) 0.0, (int) 0.0, (int) 0xfc19dc6, (int) 0x240ca1cc, (int) 0x2de92c6f, (int) 0x4a7484aa, (int) 0x5cb0a9dc, (int) 0x76f988da, (int) 0.0, (int) 2821834349.0, (int) 2952996808.0, (int) 3210313671.0, (int) 0.0, (int) 3584528711.0, (int) 0x6ca6351, (int) 0x14292967, (int) 0x27b70a85, (int) 0x2e1b2138, (int) 0x4d2c6dfc, (int) 0x53380d13, (int) 0x650a7354, (int) 0x766a0abb, (int) 0.0, (int) 2456956037.0, (int) 0.0, (int) 2820302411.0, (int) 3259730800.0, (int) 3345764771.0, (int) 0.0, (int) 3600352804.0, (int) 0.0, (int) 0x106aa070, (int) 0x19a4c116, (int) 0x1e376c08, (int) 0x2748774c, (int) 0x34b0bcb5, (int) 0x391c0cb3, (int) 0x4ed8aa4a, (int) 0x5b9cca4f, (int) 0x682e6ff3, (int) 0x748f82ee, (int) 0x78a5636f, (int) 2227730452.0, (int) 2361852424.0, (int) 0.0, (int) 0.0, (int) 0.0, (int) 3329325298.0); } $W = array(); for ($i = 0, $numChunks = sizeof($hashData->chunks); $i < $numChunks; $i++) { // initialize the registers for ($j = 0; $j < 8; $j++) { ${$vars[$j]} = $hashData->hash[$j]; } // the SHA-256 compression function for ($j = 0; $j < 64; $j++) { if ($j < 16) { $T1 = ord($hashData->chunks[$i][$j * 4]) & 0xff; $T1 <<= 8; $T1 |= ord($hashData->chunks[$i][$j * 4 + 1]) & 0xff; $T1 <<= 8; $T1 |= ord($hashData->chunks[$i][$j * 4 + 2]) & 0xff; $T1 <<= 8; $T1 |= ord($hashData->chunks[$i][$j * 4 + 3]) & 0xff; $W[$j] = $T1; } else { $W[$j] = SHA256::sum(($W[$j - 2] >> 17 & 0x7fff | $W[$j - 2] << 15) ^ ($W[$j - 2] >> 19 & 0x1fff | $W[$j - 2] << 13) ^ $W[$j - 2] >> 10 & 0x3fffff, $W[$j - 7], ($W[$j - 15] >> 7 & 0x1ffffff | $W[$j - 15] << 25) ^ ($W[$j - 15] >> 18 & 0x3fff | $W[$j - 15] << 14) ^ $W[$j - 15] >> 3 & 0x1fffffff, $W[$j - 16]); } $T1 = SHA256::sum($h, ($e >> 6 & 0x3ffffff | $e << 26) ^ ($e >> 11 & 0x1fffff | $e << 21) ^ ($e >> 25 & 0x7f | $e << 7), $e & $f ^ ~$e & $g, $K[$j], $W[$j]); $T2 = SHA256::sum(($a >> 2 & 0x3fffffff | $a << 30) ^ ($a >> 13 & 0x7ffff | $a << 19) ^ ($a >> 22 & 0x3ff | $a << 10), $a & $b ^ $a & $c ^ $b & $c); $h = $g; $g = $f; $f = $e; $e = SHA256::sum($d, $T1); $d = $c; $c = $b; $b = $a; $a = SHA256::sum($T1, $T2); } // compute the next hash set for ($j = 0; $j < 8; $j++) { $hashData->hash[$j] = SHA256::sum(${$vars[$j]}, $hashData->hash[$j]); } } }
} $command = ''; $connect->SetFetchMode(ADODB_FETCH_NUM); foreach ($lines as $line) { $line = rtrim($line); $length = strlen($line); if ($length and $line[0] != '#' and substr($line, 0, 2) != '--') { if (substr($line, $length - 1, 1) == ';') { $line = substr($line, 0, $length - 1); // strip ; $command .= $line; $command = str_replace('prefix_', $dbprefix, $command); // Table prefixes $command = str_replace('$defaultuser', $defaultuser, $command); // variables By Moses $command = str_replace('$defaultpass', SHA256::hashing($defaultpass), $command); // variables By Moses $command = str_replace('$siteadminname', $siteadminname, $command); $command = str_replace('$siteadminemail', $siteadminemail, $command); // variables By Moses $command = str_replace('$defaultlang', $defaultlang, $command); // variables By Moses $command = str_replace('$sessionname', 'ls' . sRandomChars(20, '123456789'), $command); $command = str_replace('$databasetabletype', $databasetabletype, $command); if (!$connect->Execute($command, false)) { print "\n" . $clang->gT("Executing") . "....." . $command . "..." . $clang->gT('Failed! Reason:') . "\n" . $connect->ErrorMsg() . "\n\n"; $success = 1; } $command = ''; } else { $command .= $line;
/** * Run an arbitrary sequence of semicolon-delimited SQL commands * * Assumes that the input text (file or string) consists of * a number of SQL statements ENDING WITH SEMICOLONS. The * semicolons MUST be the last character in a line. * Lines that are blank or that start with "#" or "--" (postgres) are ignored. * Only tested with mysql dump files (mysqldump -p -d limesurvey) * Function kindly borrowed by Moodle * @uses $dbprefix * @param string $sqlfile The path where a file with sql commands can be found on the server. * @param string $sqlstring If no path is supplied then a string with semicolon delimited sql * commands can be supplied in this argument. * @return bool Returns true if database was modified successfully. */ function modify_database($sqlfile = '', $sqlstring = '') { global $dbprefix; global $defaultuser; global $defaultpass; global $siteadminemail; global $siteadminname; global $defaultlang; global $codeString; global $rootdir, $homedir; global $connect; global $clang; global $modifyoutput; global $databasetabletype; require_once $homedir . "/classes/core/sha256.php"; $success = true; // Let's be optimistic $modifyoutput = ''; if (!empty($sqlfile)) { if (!is_readable($sqlfile)) { $success = false; echo '<p>Tried to modify database, but "' . $sqlfile . '" doesn\'t exist!</p>'; return $success; } else { $lines = file($sqlfile); } } else { $sqlstring = trim($sqlstring); if ($sqlstring[strlen($sqlstring) - 1] != ";") { $sqlstring .= ";"; // add it in if it's not there. } $lines[] = $sqlstring; } $command = ''; foreach ($lines as $line) { $line = rtrim($line); $length = strlen($line); if ($length and $line[0] != '#' and substr($line, 0, 2) != '--') { if (substr($line, $length - 1, 1) == ';') { $line = substr($line, 0, $length - 1); // strip ; $command .= $line; $command = str_replace('prefix_', $dbprefix, $command); // Table prefixes $command = str_replace('$defaultuser', $defaultuser, $command); $command = str_replace('$defaultpass', SHA256::hashing($defaultpass), $command); $command = str_replace('$siteadminname', $siteadminname, $command); $command = str_replace('$siteadminemail', $siteadminemail, $command); $command = str_replace('$defaultlang', $defaultlang, $command); $command = str_replace('$sessionname', 'ls' . sRandomChars(20, '123456789'), $command); $command = str_replace('$databasetabletype', $databasetabletype, $command); if (!db_execute_num($command)) { //Checked $command = htmlspecialchars($command); $modifyoutput .= "<br />" . sprintf($clang->gT("SQL command failed: %s Reason: %s"), "<span style='font-size:10px;'>" . $command . "</span>", "<span style='color:#ee0000;font-size:10px;'>" . $connect->ErrorMsg() . "</span><br/>"); $success = false; } else { $command = htmlspecialchars($command); $modifyoutput .= ". "; } $command = ''; } else { $command .= $line; } } } return $success; }
if (isset($_POST['chat_enable'])) { $chat_enable = 1; } if (isset($_POST['enabled'])) { $enabled = 1; } if (isset($_POST['admin'])) { $superadmin = 1; } //get username $sql = "SELECT username\r\n FROM operator\r\n WHERE operator_id = {$operator_id}"; $uname = $db->GetOne($sql); $sql = "UPDATE " . LIME_PREFIX . "users \r\n SET users_name = " . $db->qstr($_POST['username']) . ",\r\n email = " . $db->qstr($_POST['email']) . ",\r\n full_name = " . $db->qstr($_POST['firstName']) . ",\r\n superadmin = {$superadmin}"; if (!empty($_POST['password'])) { include_once "../include/limesurvey/admin/classes/core/sha256.php"; $sql .= ", password = '******'password']) . "' "; } $sql .= " WHERE users_name = '{$uname}'"; $rs = $db->Execute($sql); if (!empty($rs)) { $sql = "UPDATE operator\r\n SET username = "******",\r\n lastName = " . $db->qstr($_POST['lastName']) . ",\r\n firstName = " . $db->qstr($_POST['firstName']) . ",\r\n chat_user = "******",\r\n chat_password = "******",\r\n Time_zone_name = " . $db->qstr($_POST['timezone']) . ",\r\n voip = {$voip}, enabled = {$enabled}, chat_enable = {$chat_enable}\r\n WHERE operator_id = {$operator_id}"; $rs = $db->Execute($sql); if (!empty($rs)) { //only update extension if we aren't on a case $sql = "SELECT case_id\r\n FROM `case`\r\n WHERE current_operator_id = {$operator_id}"; $cc = $db->GetOne($sql); if (empty($cc)) { $sql = "UPDATE extension\r\n SET current_operator_id = NULL\r\n WHERE current_operator_id= {$operator_id}"; $db->Execute($sql); if (!empty($_POST['extension_id'])) { $sql = "UPDATE extension\r\n SET current_operator_id = {$operator_id}\r\n WHERE extension_id = " . intval($_POST['extension_id']);
} $command = ''; $connect->SetFetchMode(ADODB_FETCH_NUM); foreach ($lines as $line) { $line = rtrim($line); $length = strlen($line); if ($length and $line[0] <> '#' and substr($line,0,2) <> '--') { if (substr($line, $length-1, 1) == ';') { $line = substr($line, 0, $length-1); // strip ; $command .= $line; $command = str_replace('prefix_', $dbprefix, $command); // Table prefixes $command = str_replace('$defaultuser', $defaultuser, $command); // variables By Moses $command = str_replace('$defaultpass', SHA256::hashing($defaultpass), $command); // variables By Moses $command = str_replace('$siteadminname', $siteadminname, $command); $command = str_replace('$siteadminemail', $siteadminemail, $command); // variables By Moses $command = str_replace('$defaultlang', $defaultlang, $command); // variables By Moses $command = str_replace('$sessionname', 'ls'.sRandomChars(20,'123456789'), $command); $command = str_replace('$databasetabletype', $databasetabletype, $command); if(!$connect->Execute($command,false)) { print ("\n".$clang->gT("Executing").".....".$command."...".$clang->gT('Failed! Reason:')."\n".$connect->ErrorMsg()."\n\n"); $success=1; }
$sql .= "WHERE `uid` = {$uid}"; if ($db->Execute($sql)) { $a = T_("Updated") . ": " . $client; } else { $a = T_("Update error"); } } else { $a = T_("Could not update") . " " . $client; } } else { //save as a new client $sql = "INSERT INTO client (`client_id` ,`username` ,`firstName` ,`lastName`, `Time_zone_name`)\r\n\t\t\t\t\tVALUES (NULL , {$client}, {$firstname} , {$lastname}, {$time_zone_name});"; if ($db->Execute($sql)) { include_once "../include/limesurvey/admin/classes/core/sha256.php"; //Insert into lime_users $sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`) \r\n\t\t\t\t\t\tVALUES ({$client}, '" . SHA256::hashing($_POST['password']) . "', {$firstname} ,1,0,{$email},'auto')"; if ($db->Execute($sql)) { $a = T_("Added") . ": " . $client; } else { $a = T_("Error adding client"); } } else { $a = T_("Could not add") . " " . $client; } } } else { $a = T_("Username") . " " . $client . ". " . T_("is already in use"); } $client = ""; $firstname = ""; $lastname = "";
function compute(&$hashData) { static $vars = 'abcdefgh'; static $K = null; if ($K === null) { $K = array(1116352408, 1899447441, -1245643825, -373957723, 961987163, 1508970993, -1841331548, -1424204075, -670586216, 310598401, 607225278, 1426881987, 1925078388, -2132889090, -1680079193, -1046744716, -459576895, -272742522, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, -1740746414, -1473132947, -1341970488, -1084653625, -958395405, -710438585, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, -2117940946, -1838011259, -1564481375, -1474664885, -1035236496, -949202525, -778901479, -694614492, -200395387, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, -2067236844, -1933114872, -1866530822, -1538233109, -1090935817, -965641998); } $W = array(); for ($i = 0, $numChunks = sizeof($hashData->chunks); $i < $numChunks; $i++) { for ($j = 0; $j < 8; $j++) { ${$vars[$j]} = $hashData->hash[$j]; } for ($j = 0; $j < 64; $j++) { if ($j < 16) { $T1 = ord($hashData->chunks[$i][$j * 4]) & 0xff; $T1 <<= 8; $T1 |= ord($hashData->chunks[$i][$j * 4 + 1]) & 0xff; $T1 <<= 8; $T1 |= ord($hashData->chunks[$i][$j * 4 + 2]) & 0xff; $T1 <<= 8; $T1 |= ord($hashData->chunks[$i][$j * 4 + 3]) & 0xff; $W[$j] = $T1; } else { $W[$j] = SHA256::sum(($W[$j - 2] >> 17 & 0x7fff | $W[$j - 2] << 15) ^ ($W[$j - 2] >> 19 & 0x1fff | $W[$j - 2] << 13) ^ $W[$j - 2] >> 10 & 0x3fffff, $W[$j - 7], ($W[$j - 15] >> 7 & 0x1ffffff | $W[$j - 15] << 25) ^ ($W[$j - 15] >> 18 & 0x3fff | $W[$j - 15] << 14) ^ $W[$j - 15] >> 3 & 0x1fffffff, $W[$j - 16]); } $T1 = SHA256::sum($h, ($e >> 6 & 0x3ffffff | $e << 26) ^ ($e >> 11 & 0x1fffff | $e << 21) ^ ($e >> 25 & 0x7f | $e << 7), $e & $f ^ ~$e & $g, $K[$j], $W[$j]); $T2 = SHA256::sum(($a >> 2 & 0x3fffffff | $a << 30) ^ ($a >> 13 & 0x7ffff | $a << 19) ^ ($a >> 22 & 0x3ff | $a << 10), $a & $b ^ $a & $c ^ $b & $c); $h = $g; $g = $f; $f = $e; $e = SHA256::sum($d, $T1); $d = $c; $c = $b; $b = $a; $a = SHA256::sum($T1, $T2); } for ($j = 0; $j < 8; $j++) { $hashData->hash[$j] = SHA256::sum(${$vars[$j]}, $hashData->hash[$j]); } } }
function strhash($str, $salt = true) { if ($salt === true) { $str = md5($str) . $str; } elseif ($salt !== false) { $str = $salt . $str; } if (phpversion() >= '5.1.2' && @extension_loaded('pecl')) { return hash('sha256', $str); } else { import('lib/sha256'); return SHA256::hash($str); } }
function savescript($postvars = array()) { $username = $this->session->userdata('user_name'); if (empty($username) || is_null($username)) { $this->commonhelper->deletesession($_SERVER['REMOTE_ADDR']); #die("Error: Session expired kindly re-login"); } $go_SuccessNewlimesurveycreated = $this->lang->line('go_SuccessNewlimesurveycreated'); $go_Erroronsavingdatacontactyoursupport = $this->lang->line('go_Erroronsavingdatacontactyoursupport'); $go_Errornodatatoprocess = $this->lang->line('go_Errornodatatoprocess'); if (!empty($postvars)) { if ($postvars['script_type'] == 'default') { if ($this->commonhelper->checkIfTenant($this->session->userdata('user_group'))) { $accounts = $this->session->userdata('user_group'); } else { if (array_key_exists('accounts', $postvars)) { $accounts = $postvars['accounts']; } else { $accounts = $this->session->userdata('user_group'); } } $data['vicidial_scripts'] = array('data' => array('script_id' => $postvars['script_id'], 'script_name' => $postvars['script_name'], 'script_comments' => $postvars['script_comments'], 'active' => $postvars['active'], 'script_text' => $postvars['script_text'], 'user_group' => $accounts)); $data['go_scripts'] = array('data' => array('account_num' => $accounts, 'script_id' => $postvars['script_id'], 'campaign_id' => $postvars['campaign_id'], 'surveyid' => '')); $data['vicidial_campaigns'] = array('data' => array('campaign_script' => $postvars['script_id']), 'condition' => array('campaign_id' => $postvars['campaign_id'])); $result = $this->go_script->savedefaultscript($data); die($result); } else { $rootdir = $this->config->item('lime_path') . "/limesurvey"; require_once $rootdir . '/classes/adodb/adodb.inc.php'; require_once $rootdir . '/common_functions_ci.php'; require_once $rootdir . '/admin/admin_functions.php'; require_once $rootdir . '/classes/core/sanitize.php'; require_once $rootdir . '/classes/core/language.php'; require_once $rootdir . '/admin/classes/core/sha256.php'; $clang = new limesurvey_lang('en'); require_once $rootdir . '/classes/core/surveytranslator_ci.php'; do { $surveyid = sRandomChars(5, '123456789'); $this->go_script->limesurveyDB->where(array('sid' => $surveyid)); $isexist = $this->go_script->limesurveyDB->get('lime_surveys'); } while ($isexist->num_rows > 0); $userInfo = $this->go_script->collectfromviciuser($username); if ($userInfo->num_rows() > 0) { $userDetail = $userInfo->result(); $viciemail = $userDetail[0]->email; $viciuseralias = $userDetail[0]->user; $vicipass = $userDetail[0]->pass; $vicicompany = $userDetail[0]->full_name; #$viciuser = $userDetail[0]->user_group; if ($this->commonhelper->checkIfTenant($this->session->userdata('user_group'))) { $viciuser = $userDetail[0]->user_group; } else { $viciuser = "******"; } } $userInfo = $this->go_script->collectfromlimesurvey($viciuseralias); $userlevel = $this->session->userdata('users_level'); if ($userInfo->num_rows() < 1) { # create new limesurvey user $newUser = array('users_name' => $viciuseralias, 'password' => SHA256::hashing($vicipass), 'full_name' => $vicicompany, 'parent_id' => '1', 'lang' => 'auto', 'email' => $viciemail, 'create_survey' => '1', 'create_user' => '1', 'delete_user' => '1', 'configurator' => '1', 'manage_template' => '1', 'manage_label' => '1'); $this->go_script->insertTolimesurvey($newUser, 'lime_users', $newId); if (!empty($newId)) { $this->go_script->insertTolimesurvey(array('uid' => $newId, 'folder' => 'default', 'use' => '1'), 'lime_templates_rights'); } $uid = $newId; } else { $userDetail = $userInfo->result(); $uid = $userDetail[0]->uid; } $aDefaultTexts = aTemplateDefaultTexts($clang, 'unescaped'); $languagedetails = getLanguageDetails($postvars['lang'], $clang); $aDefaultTexts['admin_detailed_notification'] = $aDefaultTexts['admin_detailed_notification_css'] . $aDefaultTexts['admin_detailed_notification']; $this->go_script->limesurveyDB->where(array('sid' => $surveyid)); $group = $this->go_script->limesurveyDB->get('lime_groups'); $count = $group->num_rows(); $count++; if ($count < 100) { $lastGroup = "0{$count}"; } elseif ($count < 10) { $lastGroup = "00{$count}"; } $data['limesurvey'] = array('lime_surveys' => array('data' => array(array('sid' => $surveyid, 'owner_id' => $uid, 'admin' => $vicicompany, 'adminemail' => $viciemail, 'active' => 'N', 'format' => 'G', 'language' => $postvars['lang'], 'datecreated' => date('Y-m-d'), 'htmlemail' => 'Y', 'usecaptcha' => 'D', 'bounce_email' => $viciemail))), 'lime_surveys_languagesettings' => array('data' => array(array('surveyls_survey_id' => $surveyid, 'surveyls_language' => $postvars['lang'], 'surveyls_title' => $postvars['script_name'], 'surveyls_email_invite_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['invitation_subject'])), 'surveyls_email_invite' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['invitation'])), 'surveyls_email_remind_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['reminder_subject'])), 'surveyls_email_remind' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['reminder'])), 'surveyls_email_confirm_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['confirmation_subject'])), 'surveyls_email_confirm' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['confirmation'])), 'surveyls_email_register_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['registration_subject'])), 'surveyls_email_register' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['registration'])), 'email_admin_notification_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_notification_subject'])), 'email_admin_notification' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_notification'])), 'email_admin_responses_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_detailed_notification_subject'])), 'email_admin_responses' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_detailed_notification'])), 'surveyls_dateformat' => $languagedetails['dateformat'], 'surveyls_description' => $postvars['script_comments'], 'surveyls_welcometext' => $postvars['welcome_message'], 'surveyls_endtext' => $postvars['end_message'], 'surveyls_url' => $postvars['survey_url'], 'surveyls_urldescription' => $postvars['survey_url_desc']))), 'lime_survey_permissions' => array('data' => array(array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'assessments', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'translations', 'create_p' => '0', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'quotas', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'responses', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '1', 'export_p' => '1'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'statistics', 'create_p' => '0', 'read_p' => '1', 'update_p' => '0', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveyactivation', 'create_p' => '0', 'read_p' => '0', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveycontent', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '1', 'export_p' => '1'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'survey', 'create_p' => '0', 'read_p' => '1', 'update_p' => '0', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveylocale', 'create_p' => '0', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveysecurity', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveysettings', 'create_p' => '0', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'tokens', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '1', 'export_p' => '1'))), 'lime_groups' => array('data' => array(array('sid' => $surveyid, 'group_name' => "{$vicicompany} Group {$lastGroup}", 'description' => "{$vicicompany} Group {$lastGroup}", 'language' => $postvars['lang']))), 'lime_questions' => array('format_data' => array("lime_groups_0"), 'data' => array(array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q1', 'question' => 'Lead ID:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '0', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q2', 'question' => 'Firstname:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '1', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q3', 'question' => 'Lastname:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '2', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q4', 'question' => 'Phone Number:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '3', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q5', 'question' => 'Address:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '4', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0')))); // end lime survey collected data $script_text = '<iframe src="' . $this->config->item('base_url') . '/limesurvey/index.php?sid=' . $surveyid . '&lang=' . $postvars['lang'] . '&' . $surveyid . 'X{lime_groups_0}X{lime_questions_0}=--A--lead_id--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_1}=--A--first_name--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_2}=--A--last_name--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_3}=--A--phone_number--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_4}=--A--address1--B--&lead_id=--A--lead_id--B--&first_name=--A--first_name--B--&last_name=--A--last_name--B--&phone_number=--A--phone_number--B--&address1=--A--address1--B--" style="background-color:transparent;" scrolling="auto" frameborder="0" allowtransparency="true" id="popupFrame" name="popupFrame" width="--A--script_width--B--" height="--A--script_height--B--" STYLE="z-index:17"></iframe>'; $data['vicidial'] = array('vicidial_scripts' => array('format_data' => array("lime_groups_0", "lime_questions_0", "lime_questions_1", "lime_questions_2", "lime_questions_3", "lime_questions_4"), 'data' => array(array('script_id' => $postvars['script_id'], 'script_name' => $postvars['script_name'], 'script_text' => $script_text, 'active' => 'N', 'user_group' => $viciuser))), 'go_scripts' => array('data' => array(array('account_num' => $viciuser, 'script_id' => $postvars['script_id'], 'campaign_id' => $postvars['campaign_id'], 'surveyid' => $surveyid))), 'vicidial_campaigns' => array('condition' => array("campaign_id" => $postvars['campaign_id']), 'data' => array(array('campaign_script' => $postvars['script_id'])))); // saving the script data $result = $this->go_script->saveadvancescript($data); if ($result) { die('' . $this->lang->line("go_success_new_lime_survey") . ''); //die("Success: New limesurvey created"); } else { die('' . $this->lang->line("go_error_saving_data_support") . ''); //die("Error on saving data contact your support"); } } } else { die('' . $this->lang->line("go_error_no_data_process") . ''); //die("Error: no data to process"); } }