break;
case \SP\Controller\ActionsInterface::ACTION_ACC_DELETE:
$Account->setAccountId($accountId);
// Eliminar cuenta
if ($Account->deleteAccount() && \SP\CustomFields::deleteCustomFieldForItem($accountId, \SP\Controller\ActionsInterface::ACTION_ACC_NEW)) {
SP\Response::printJSON(_('Cuenta eliminada'), 0, "sysPassUtil.Common.doAction('" . \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH . "');");
}
SP\Response::printJSON(_('Error al eliminar la cuenta'));
break;
case \SP\Controller\ActionsInterface::ACTION_ACC_EDIT_PASS:
$Account->setAccountId($accountId);
$Account->setAccountPass($accountEncPass['data']);
$Account->setAccountIV($accountEncPass['iv']);
$Account->setAccountUserEditId($currentUserId);
// Actualizar clave de cuenta
if ($Account->updateAccountPass()) {
SP\Response::printJSON(_('Clave actualizada'), 0);
}
SP\Response::printJSON(_('Error al actualizar la clave'));
break;
case \SP\Controller\ActionsInterface::ACTION_ACC_EDIT_RESTORE:
$Account->setAccountId(SP\AccountHistory::getAccountIdFromId($accountId));
$Account->setAccountUserEditId($currentUserId);
if ($Account->restoreFromHistory($accountId)) {
SP\Response::printJSON(_('Cuenta restaurada'), 0);
}
SP\Response::printJSON(_('Error al restaurar cuenta'));
break;
default:
SP\Response::printJSON(_('Acción Inválida'));
}
* @copyright 2012-2015 Rubén Domínguez nuxsmin@syspass.org
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
use SP\Request;
define('APP_ROOT', '..');
require APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
require APP_ROOT . DIRECTORY_SEPARATOR . 'js' . DIRECTORY_SEPARATOR . 'strings.js.php';
Request::checkReferer('GET');
$data = array('lang' => $stringsJsLang, 'app_root' => SP\Init::$WEBURI, 'pk' => '');
try {
$CryptPKI = new SP\CryptPKI();
$data['pk'] = SP\Session::getPublicKey() ? SP\Session::getPublicKey() : $CryptPKI->getPublicKey();
} catch (Exception $e) {
}
SP\Response::printJSON($data, 0);
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
if (SP\Util::demoIsEnabled()) {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
$sk = SP\Request::analyze('sk', false);
$defaultUser = SP\Request::analyze('defUser', 0);
$defaultGroup = SP\Request::analyze('defGroup', 0);
$importPwd = SP\Request::analyzeEncrypted('importPwd');
$csvDelimiter = SP\Request::analyze('csvDelimiter');
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
SP\Import::setDefUser($defaultUser);
SP\Import::setDefGroup($defaultGroup);
SP\Import::setImportPwd($importPwd);
SP\Import::setCsvDelimiter($csvDelimiter);
$res = SP\Import::doImport($_FILES["inFile"]);
if (isset($res['error']) && is_array($res['error'])) {
error_log($res['error']['hint']);
$out = implode('\\n\\n', $res['error']);
SP\Response::printJSON($out);
} else {
if (is_array($res['ok'])) {
$out = implode('\\n\\n', $res['ok']);
SP\Response::printJSON($out, 0);
}
}
SessionUtil::loadUserSession($User);
$Log->addDescription(sprintf('%s: %s', _('Usuario'), $userLogin));
$Log->addDescription(sprintf('%s: %s', _('Perfil'), SP\Profile::getProfileNameById($User->getUserProfileId())));
$Log->addDescription(sprintf('%s: %s', _('Grupo'), SP\Groups::getGroupNameById($User->getUserGroupId())));
$Log->writeLog();
} else {
SP\Response::printJSON(_('Error interno'));
}
$UserPrefs = \SP\UserPreferences::getPreferences($User->getUserId());
if ($UserPrefs->isUse2Fa()) {
SP\Session::set2FApassed(false);
$url = SP\Init::$WEBURI . '/index.php?a=2fa&i=' . $User->getUserId() . '&t=' . time() . '&f=1';
SP\Response::printJSON($url, 0);
} else {
SP\Session::set2FApassed(true);
}
SP\Language::setLanguage(true);
SP\Themes::setTheme(true);
SP\Session::setUserPreferences($UserPrefs);
$params = array();
// Comprobar si existen parámetros adicionales en URL via POST para pasarlos por GET
foreach ($_POST as $param => $value) {
\SP\Html::sanitize($param);
\SP\Html::sanitize($value);
if (!strncmp($param, 'g_', 2)) {
$params[] = substr($param, 2) . '=' . $value;
}
}
$urlParams = count($params) > 0 ? '?' . implode('&', $params) : '';
SP\Response::printJSON('index.php' . $urlParams, 0);
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
use SP\Request;
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
Request::checkReferer('GET');
if (!SP\Init::isLoggedIn()) {
return;
}
if (!SP\Util::fileIsEnabled()) {
echo _('Gestión de archivos deshabilitada');
return false;
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printXML(_('CONSULTA INVÁLIDA'));
}
$controller = new SP\Controller\AccountsMgmtC();
$controller->getFiles();
$controller->view();
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$actionId = SP\Request::analyze('actionId', 0);
$onCloseAction = SP\Request::analyze('onCloseAction');
$activeTab = SP\Request::analyze('activeTab', 0);
$exportPassword = SP\Request::analyzeEncrypted('exportPwd');
$exportPasswordR = SP\Request::analyzeEncrypted('exportPwdR');
$doActionOnClose = "sysPassUtil.Common.doAction({$actionId},'',{$activeTab});";
if ($actionId === SP\Controller\ActionsInterface::ACTION_CFG_BACKUP) {
if (SP\Util::demoIsEnabled()) {
SP\Response::printJSON(_('Ey, esto es una DEMO!!'));
}
if (!SP\Backup::doBackup()) {
SP\Log::writeNewLogAndEmail(_('Realizar Backup'), _('Error al realizar el backup'));
SP\Response::printJSON(_('Error al realizar el backup') . ';;' . _('Revise el registro de eventos para más detalles'));
}
SP\Log::writeNewLogAndEmail(_('Realizar Backup'), _('Copia de la aplicación y base de datos realizada correctamente'));
SP\Response::printJSON(_('Proceso de backup finalizado'), 0, $doActionOnClose);
} elseif ($actionId === SP\Controller\ActionsInterface::ACTION_CFG_EXPORT) {
if (!empty($exportPassword) && $exportPassword !== $exportPasswordR) {
SP\Response::printJSON(_('Las claves no coinciden'));
}
if (!\SP\XmlExport::doExport($exportPassword)) {
SP\Log::writeNewLogAndEmail(_('Realizar Exportación'), _('Error al realizar la exportación de cuentas'));
SP\Response::printJSON(_('Error al realizar la exportación') . ';;' . _('Revise el registro de eventos para más detalles'));
}
SP\Log::writeNewLogAndEmail(_('Realizar Exportación'), _('Exportación de cuentas realizada correctamente'));
SP\Response::printJSON(_('Proceso de exportación finalizado'), 0, $doActionOnClose);
}
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
SP\Request::checkReferer('POST');
if (!SP\Init::isLoggedIn()) {
SP\Response::printJSON(_('La sesión no se ha iniciado o ha caducado'), 10);
}
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$frmAccountId = SP\Request::analyze('accountid', 0);
$frmDescription = SP\Request::analyze('description');
if (!$frmDescription) {
SP\Response::printJSON(_('Es necesaria una descripción'));
}
$accountRequestData = SP\Account::getAccountRequestData($frmAccountId);
$recipients = array(UserUtil::getUserEmail($accountRequestData->account_userId), UserUtil::getUserEmail($accountRequestData->account_userEditId));
$requestUsername = SP\Session::getUserName();
$requestLogin = SP\Session::getUserLogin();
$log = new \SP\Log(_('Solicitud de Modificación de Cuenta'));
$log->addDescription(SP\Html::strongText(_('Solicitante') . ': ') . $requestUsername . ' (' . $requestLogin . ')');
$log->addDescription(SP\Html::strongText(_('Cuenta') . ': ') . $accountRequestData->account_name);
$log->addDescription(SP\Html::strongText(_('Cliente') . ': ') . $accountRequestData->customer_name);
$log->addDescription(SP\Html::strongText(_('Descripción') . ': ') . $frmDescription);
$mailto = implode(',', $recipients);
if (strlen($mailto) > 1 && SP\Util::mailrequestIsEnabled() && SP\Email::sendEmail($log, $mailto)) {
$log->writeLog();
SP\Response::printJSON(_('Solicitud enviada'), 0, "doAction('" . \SP\Controller\ActionsInterface::ACTION_ACC_SEARCH . "');");
}
SP\Response::printJSON(_('Error al enviar la solicitud'));
$userLogin = SP\Request::analyze('login');
$userEmail = SP\Request::analyze('email');
$userPass = SP\Request::analyzeEncrypted('pass');
$userPassR = SP\Request::analyzeEncrypted('passR');
$hash = SP\Request::analyze('hash');
$time = SP\Request::analyze('time');
$message['action'] = _('Recuperación de Clave');
if ($userLogin && $userEmail) {
$log = new \SP\Log(_('Recuperación de Clave'));
if (SP\Auth::mailPassRecover($userLogin, $userEmail)) {
$log->addDescription(SP\Html::strongText(_('Solicitado para') . ': ') . ' ' . $userLogin . ' (' . $userEmail . ')');
SP\Response::printJSON(_('Solicitud enviada') . ';;' . _('En breve recibirá un correo para completar la solicitud.'), 0, 'goLogin();');
} else {
$log->addDescription('ERROR');
$log->addDescription(SP\Html::strongText(_('Solicitado para') . ': ') . ' ' . $userLogin . ' (' . $userEmail . ')');
SP\Response::printJSON(_('No se ha podido realizar la solicitud. Consulte con el administrador.'));
}
$log->writeLog();
SP\Email::sendEmail($log);
} elseif ($userPass && $userPassR && $userPass === $userPassR) {
$userId = UserPassRecover::checkHashPassRecover($hash);
if ($userId) {
if (UserPass::updateUserPass($userId, $userPass) && UserPassRecover::updateHashPassRecover($hash)) {
\SP\Log::writeNewLogAndEmail(_('Modificar Clave Usuario'), SP\Html::strongText(_('Login') . ': ') . UserUtil::getUserLoginById($userId));
SP\Response::printJSON(_('Clave actualizada'), 0, 'goLogin();');
}
}
SP\Response::printJSON(_('Error al modificar la clave'));
} else {
SP\Response::printJSON(_('La clave es incorrecta o no coincide'));
}
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*
*/
use SP\SessionUtil;
define('APP_ROOT', '..');
require_once APP_ROOT . DIRECTORY_SEPARATOR . 'inc' . DIRECTORY_SEPARATOR . 'Base.php';
SP\Request::checkReferer('POST');
$sk = SP\Request::analyze('sk', false);
if (!$sk || !SessionUtil::checkSessionKey($sk)) {
SP\Response::printJSON(_('CONSULTA INVÁLIDA'));
}
$userId = SP\Request::analyze('itemId', 0);
$pin = SP\Request::analyze('security_pin', 0);
$twoFa = new \SP\Auth\Auth2FA($userId, $userLogin);
if ($userId && $pin && $twoFa->verifyKey($pin)) {
\SP\Session::set2FApassed(true);
SP\Response::printJSON(_('Código correcto'), 0, 'sysPassUtil.Common.redirect(\'index.php\')');
} else {
\SP\Session::set2FApassed(false);
SP\Response::printJSON(_('Código incorrecto'));
}
