Skip to content
Permalink
Browse files Browse the repository at this point in the history
2.1.20
  • Loading branch information
nilsteampassnet committed Apr 18, 2014
1 parent 83ba51c commit 7715512
Show file tree
Hide file tree
Showing 55 changed files with 1,477 additions and 355 deletions.
14 changes: 13 additions & 1 deletion admin.php
Expand Up @@ -12,10 +12,22 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
if (
!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 ||
!isset($_SESSION['user_id']) || empty($_SESSION['user_id']) ||
!isset($_SESSION['key']) || empty($_SESSION['key']))
{
die('Hacking attempt...');
}

/* do checks */
require_once $_SESSION['settings']['cpassman_dir'].'/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], "users.php")) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page
include 'error.php';
exit();
}

echo '
<div class="title ui-widget-content ui-corner-all">'.$txt['admin'].'</div>
<div style="width:900px;margin-left:50px; line-height:25px;height:100%;overflow:auto;">';
Expand Down
38 changes: 34 additions & 4 deletions admin.settings.php
Expand Up @@ -13,10 +13,22 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
if (
!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 ||
!isset($_SESSION['user_id']) || empty($_SESSION['user_id']) ||
!isset($_SESSION['key']) || empty($_SESSION['key']))
{
die('Hacking attempt...');
}

/* do checks */
require_once $_SESSION['settings']['cpassman_dir'].'/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], curPage())) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page
include 'error.php';
exit();
}

/*
* FUNCTION permitting to store into DB the settings changes
*/
Expand All @@ -37,7 +49,14 @@ function updateSettings ($setting, $val, $type = '')
$db->connect();

// Check if setting is already in DB. If NO then insert, if YES then update.
$data = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."misc WHERE type='".$type."' AND intitule = '".$setting."'");
//$data = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."misc WHERE type='".$type."' AND intitule = '".$setting."'");
$data = $db->queryCount(
"misc",
array(
"type" => $type,
"intitule" => $setting
)
);
if ($data[0] == 0) {
$db->queryInsert(
"misc",
Expand Down Expand Up @@ -69,7 +88,14 @@ function updateSettings ($setting, $val, $type = '')
// in case of stats enabled, update the actual time
if ($setting == 'send_stats') {
// Check if previous time exists, if not them insert this value in DB
$data_time = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."misc WHERE type='".$type."' AND intitule = '".$setting."_time'");
//$data_time = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."misc WHERE type='".$type."' AND intitule = '".$setting."_time'");
$data_time = $db->queryCount(
"misc",
array(
"type" => $type,
"intitule" => $setting."_time"
)
);
if ($data_time[0] == 0) {
$db->queryInsert(
"misc",
Expand Down Expand Up @@ -1843,7 +1869,11 @@ function updateSettings ($setting, $val, $type = '')
</td>
</tr>';
// Send emails backlog
$nb_emails = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."emails WHERE status = 'not_sent' OR status = ''");
//$nb_emails = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."emails WHERE status = 'not_sent' OR status = ''");
$nb_emails = $db->queryCount(
"emails",
"status = 'not_sent' OR status = ''"
);
echo '
<tr style="margin-bottom:3px">
<td>
Expand Down
9 changes: 8 additions & 1 deletion admin.settings_categories.php
Expand Up @@ -189,7 +189,14 @@
<select id="cat_folders_selection" multiple size="12">';
$folders = $tree->getDescendants();
foreach ($folders as $folder) {
$data = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."nested_tree WHERE personal_folder=0 AND id = ".$folder->id);
//$data = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."nested_tree WHERE personal_folder=0 AND id = ".$folder->id);
$data = $db->queryCount(
"nested_tree",
array(
"personal_folder" => 0,
"id" => $folder->id
)
);
if ($data[0] > 0) {
echo '
<option value="'.$folder->id.'">'.str_replace("&", "&amp;", $folder->title).'</option>';
Expand Down
1 change: 1 addition & 0 deletions changelog.md
Expand Up @@ -12,6 +12,7 @@
#472 - Error on line 582 index.php
#474 - Set default to checked for secure passwords
#497 - Moved GA QR code creation to administration
#xxx - Off-line mode, link make the page scroll up
Fork from slimm609 - Encrypted Sessions and CSRFGuard enabled
Issues with folder creation in "personal folder"

Expand Down
26 changes: 19 additions & 7 deletions datatable.logs.php
@@ -1,9 +1,9 @@
<?php
/**
* @file datatable.users_logged.php
* @author Nils Laumaill�
* @file datatable.logs.php
* @author Nils Laumaillé
* @version 2.1.19
* @copyright (c) 2009-2014 Nils Laumaill�
* @copyright (c) 2009-2014 Nils Laumaillé
* @licensing GNU AFFERO GPL 3.0
* @link http://www.teampass.net
*
Expand All @@ -14,10 +14,22 @@

require_once('sources/sessions.php');
session_start();
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
if (
!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 ||
!isset($_SESSION['user_id']) || empty($_SESSION['user_id']) ||
!isset($_SESSION['key']) || empty($_SESSION['key']))
{
die('Hacking attempt...');
}

/* do checks */
require_once $_SESSION['settings']['cpassman_dir'].'/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], "manage_views")) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page
include 'error.php';
exit();
}

require_once $_SESSION['settings']['cpassman_dir'].'/sources/SplClassLoader.php';

global $k, $settings;
Expand All @@ -42,7 +54,7 @@
//Paging
$sLimit = "";
if (isset($_GET['iDisplayStart']) && $_GET['iDisplayLength'] != '-1') {
$sLimit = "LIMIT ". $_GET['iDisplayStart'] .", ". $_GET['iDisplayLength'] ;
$sLimit = "LIMIT ". mysql_real_escape_string($_GET['iDisplayStart']) .", ". mysql_real_escape_string($_GET['iDisplayLength']) ."" ;
}

//Ordering
Expand All @@ -51,8 +63,8 @@
$sOrder = "ORDER BY ";
for ($i=0; $i<intval($_GET['iSortingCols']); $i++) {
if ($_GET[ 'bSortable_'.intval($_GET['iSortCol_'.$i]) ] == "true") {
$sOrder .= $aColumns[ intval($_GET['iSortCol_'.$i]) ]."
".mysql_real_escape_string($_GET['sSortDir_'.$i]) .", ";
$sOrder .= $aColumns[ intval(mysql_real_escape_string($_GET['iSortCol_'.$i])) ]."
'".mysql_real_escape_string($_GET['sSortDir_'.$i]) ."', ";
}
}

Expand Down
3 changes: 3 additions & 0 deletions error.php
Expand Up @@ -63,6 +63,9 @@
} elseif (@$_SESSION['error']['code'] == ERR_NO_MCRYPT) {
echo '
<div class="ui-state-error ui-corner-all error" style="text-align:center;" >'.$txt['error_mcrypt_not_loaded'].'<br /><br /><a href="index.php" />'.$txt['home'] .'</a></div>';
} elseif (@$_SESSION['error']['code'] == ERR_VALID_SESSION) {
echo '
<div class="ui-state-error ui-corner-all error" style="text-align:center;" >'.$txt['error_not_authorized'].'<br /><br /><a href="index.php" />'.$txt['home'] .'</a></div>';
}
}

Expand Down
14 changes: 13 additions & 1 deletion find.php
Expand Up @@ -9,10 +9,22 @@
* @link
*/

if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
if (
!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 ||
!isset($_SESSION['user_id']) || empty($_SESSION['user_id']) ||
!isset($_SESSION['key']) || empty($_SESSION['key']))
{
die('Hacking attempt...');
}

/* do checks */
require_once $_SESSION['settings']['cpassman_dir'].'/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], curPage())) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page
include 'error.php';
exit();
}

require_once $_SESSION['settings']['cpassman_dir'].'/sources/SplClassLoader.php';

// Build list of visible folders
Expand Down
115 changes: 81 additions & 34 deletions folders.php
Expand Up @@ -13,10 +13,22 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
if (
!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1 ||
!isset($_SESSION['user_id']) || empty($_SESSION['user_id']) ||
!isset($_SESSION['key']) || empty($_SESSION['key']))
{
die('Hacking attempt...');
}

/* do checks */
require_once $_SESSION['settings']['cpassman_dir'].'/sources/checks.php';
if (!checkUser($_SESSION['user_id'], $_SESSION['key'], curPage())) {
$_SESSION['error']['code'] = ERR_NOT_ALLOWED; //not allowed page
include 'error.php';
exit();
}

require_once $_SESSION['settings']['cpassman_dir'].'/sources/SplClassLoader.php';

/* load help*/
Expand Down Expand Up @@ -89,7 +101,16 @@
foreach ($tst as $t) {
if (in_array($t->id, $_SESSION['groupes_visibles']) && !in_array($t->id, $_SESSION['personal_visible_groups'])) {
// r?cup $t->parent_id
$data = $db->fetchRow("SELECT title FROM ".$pre."nested_tree WHERE id = ".$t->parent_id);
//$data = $db->fetchRow("SELECT title FROM ".$pre."nested_tree WHERE id = ".$t->parent_id);
$data = $db->queryGetRow(
"nested_tree",
array(
"title"
),
array(
"id" => intval($t->parent_id)
)
);
if ($t->nlevel == 1) {
$data[0] = $txt['root'];
}
Expand All @@ -105,48 +126,74 @@
$ident .= "&nbsp;&nbsp;";
}
// Get some elements from DB concerning this node
$node_data = $db->fetchRow(
/*$node_data = $db->fetchRow(
"SELECT m.valeur as valeur, n.renewal_period as renewal_period
FROM ".$pre."misc as m,
".$pre."nested_tree as n
WHERE m.type='complex'
AND m.intitule = n.id
AND m.intitule = ".$t->id
);*/
$node_data = $db->queryGetRow(
array(
"misc" => "m",
"nested_tree" => "n"
),
array(
"m.valeur" => "valeur",
"n.renewal_period" => "renewal_period"
),
array(
"m.type" => "complex",
"m.intitule" => intval(n.id),
"m.intitule" => intval($t->id)
)
);

echo '<tr class="ligne0" id="row_'.$t->id.'">
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">'.$t->id.'</td>
<td width="50%" onclick="open_edit_folder_dialog('.$t->id.')">
'.$ident.'<span id="title_'.$t->id.'">'.$t->title.'</span>
</td>
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">
<span id="complexite_'.$t->id.'">'.@$pwComplexity[$node_data[0]][1].'</span>
</td>
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">
<span id="parent_'.$t->id.'">'.$data[0].'</span>
</td>
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">
'.$t->nlevel.'
</td>
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">
<span id="renewal_'.$t->id.'">'.$node_data[1].'</span>
</td>
<td align="center">
<img src="includes/images/folder--minus.png" onclick="supprimer_groupe(\''.$t->id.'\')" style="cursor:pointer;" />
</td>';
echo '
<tr class="ligne0" id="row_'.$t->id.'">
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">'.$t->id.'</td>
<td width="50%" onclick="open_edit_folder_dialog('.$t->id.')">
'.$ident.'<span id="title_'.$t->id.'">'.$t->title.'</span>
</td>
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">
<span id="complexite_'.$t->id.'">'.@$pwComplexity[$node_data[0]][1].'</span>
</td>
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">
<span id="parent_'.$t->id.'">'.$data[0].'</span>
</td>
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">
'.$t->nlevel.'
</td>
<td align="center" onclick="open_edit_folder_dialog('.$t->id.')">
<span id="renewal_'.$t->id.'">'.$node_data[1].'</span>
</td>
<td align="center">
<img src="includes/images/folder--minus.png" onclick="supprimer_groupe(\''.$t->id.'\')" style="cursor:pointer;" />
</td>';

$data3 = $db->fetchRow("SELECT bloquer_creation,bloquer_modification FROM ".$pre."nested_tree WHERE id = ".$t->id);
//$data3 = $db->fetchRow("SELECT bloquer_creation,bloquer_modification FROM ".$pre."nested_tree WHERE id = ".$t->id);
$data3 = $db->queryGetRow(
array(
"bloquer_creation",
"bloquer_modification"
),
"nested_tree",
array(
"id" => intval($t->id)
)
);
echo '
<td align="center">
<input type="checkbox" id="cb_droit_'.$t->id.'" onchange="Changer_Droit_Complexite(\''.$t->id.'\',\'creation\')"', isset($data3[0]) && $data3[0] == 1 ? 'checked' : '', ' />
</td>
<td align="center">
<input type="checkbox" id="cb_droit_modif_'.$t->id.'" onchange="Changer_Droit_Complexite(\''.$t->id.'\',\'modification\')"', isset($data3[1]) && $data3[1] == 1 ? 'checked' : '', ' />
</td>
<td>
<input type="hidden" id="parent_id_'.$t->id.'" value="'.$t->parent_id.'" />
<input type="hidden" id="renewal_id_'.$t->id.'" value="'.$node_data[0].'" />
</td>
<td align="center">
<input type="checkbox" id="cb_droit_'.$t->id.'" onchange="Changer_Droit_Complexite(\''.$t->id.'\',\'creation\')"', isset($data3[0]) && $data3[0] == 1 ? 'checked' : '', ' />
</td>
<td align="center">
<input type="checkbox" id="cb_droit_modif_'.$t->id.'" onchange="Changer_Droit_Complexite(\''.$t->id.'\',\'modification\')"', isset($data3[1]) && $data3[1] == 1 ? 'checked' : '', ' />
</td>
<td>
<input type="hidden" id="parent_id_'.$t->id.'" value="'.$t->parent_id.'" />
<input type="hidden" id="renewal_id_'.$t->id.'" value="'.$node_data[0].'" />
</td>
</tr>';
array_push($arr_ids, $t->id);
$x++;
Expand Down
9 changes: 8 additions & 1 deletion home.php
Expand Up @@ -73,7 +73,14 @@
$cpt=1;
$rows = $db->fetchAllArray($sql);
foreach ($rows as $record) {
$data = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."log_items WHERE id_item = '".$record['id']."' AND action = 'at_delete'");
//$data = $db->fetchRow("SELECT COUNT(*) FROM ".$pre."log_items WHERE id_item = '".$record['id']."' AND action = 'at_delete'");
$data = $db->queryCount(
"log_items",
array(
"id_item" => intval($record['id']),
"action" => "at_delete"
)
);
if ($data[0] == 0) {
echo '<span class="ui-icon ui-icon-tag" style="float: left; margin-right: .3em;">&nbsp;</span>
<a href="#" onClick="javascript:$(\'#menu_action\').val(\'action\');window.location.href =\'index.php?page=items&amp;group='.$record['id_tree'].'&amp;id='.$record['id'].'\';" style="cursor:pointer;">'.stripslashes($record['label']).'</a><br />';
Expand Down
Binary file modified includes/images/ajax-loader.gif
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file removed includes/images/ajax-loader_old.gif
Binary file not shown.
Binary file removed includes/images/phone.png
Binary file not shown.
Binary file removed includes/images/phone_add.png
Binary file not shown.
Binary file removed includes/images/phone_sound.png
Binary file not shown.
Binary file added includes/images/ui-toolbar-bookmark.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 0 additions & 1 deletion includes/include.php
Expand Up @@ -13,7 +13,6 @@

$k['version'] = "2.1.20";
$k['tool_name'] = "TeamPass";
$k['copyright'] = "&nbsp;&copy;&nbsp;copyright 2009-2014";
$k['jquery-version'] = "1.9.1";
$k['jquery-ui-version'] = "1.10.3";
$k['jquery-ui-theme'] = "overcast";
Expand Down

0 comments on commit 7715512

Please sign in to comment.