diff --git a/api/functions.php b/api/functions.php index 876e33b62..21373f676 100644 --- a/api/functions.php +++ b/api/functions.php @@ -251,7 +251,7 @@ function rest_get () { } $GLOBALS['request'] = explode('/',$matches[2]); } - + if(apikey_checker($GLOBALS['apikey'])) { global $server, $user, $pass, $database, $pre, $link; teampass_connect(); @@ -629,7 +629,7 @@ function rest_get () { $email ); // update LOG - logEvents('user_mngt', 'at_user_added', 'api - '.$GLOBALS['apikey'], $new_user_id); + logEvents('user_mngt', 'at_user_added', 'api - '.$GLOBALS['apikey'], $new_user_id); echo '{"status":"user added"}'; } catch(PDOException $ex) { echo '
' . $ex->getMessage(); @@ -665,15 +665,15 @@ function rest_get () { "SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM ".$pre."users WHERE login = %s", $GLOBALS['request'][3] ); - - // load passwordLib library - $_SESSION['settings']['cpassman_dir'] = ".."; - require_once '../sources/SplClassLoader.php'; - $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries'); - $pwdlib->register(); - $pwdlib = new PasswordLib\PasswordLib(); - - if ($pwdlib->verifyPasswordHash($GLOBALS['request'][4], $user['pw']) === true) { + + // load passwordLib library + $_SESSION['settings']['cpassman_dir'] = ".."; + require_once '../sources/SplClassLoader.php'; + $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries'); + $pwdlib->register(); + $pwdlib = new PasswordLib\PasswordLib(); + + if ($pwdlib->verifyPasswordHash($GLOBALS['request'][4], $user['pw']) === true) { // define the restriction of "id_tree" of this user $userDef = DB::queryOneColumn('folder_id', "SELECT DISTINCT folder_id @@ -707,11 +707,11 @@ function rest_get () { if ( empty($data['restricted_to']) || ($data['restricted_to'] != "" && in_array($user['id'], explode(";", $data['restricted_to']))) - ) { + ) { // prepare export $json[$data['id']]['label'] = mb_convert_encoding($data['label'], mb_detect_encoding($data['label']), 'UTF-8'); $json[$data['id']]['login'] = mb_convert_encoding($data['login'], mb_detect_encoding($data['login']), 'UTF-8'); - $json[$data['id']]['pw'] = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); + $json[$data['id']]['pw'] = cryption($data['pw'], SALT, $data['pw_iv'], "decrypt"); } } // prepare answer. If no access then inform @@ -732,6 +732,127 @@ function rest_get () { } else { rest_error ('AUTH_NO_IDENTIFIER'); } + } elseif ($GLOBALS['request'][0] == "set") { + /* + * Expected call format: .../api/index.php/set/////?apikey= + * Example: https://127.0.0.1/teampass/api/index.php/auth/myLogin/myPassword/USER1/test/76?apikey=chahthait5Aidood6johh6Avufieb6ohpaixain + * + * NEW ITEM WILL BE STORED IN SPECIFIC FOLDER + */ + // get user credentials + if(isset($GLOBALS['request'][4]) && isset($GLOBALS['request'][5])) { + // get url + if (isset($GLOBALS['request'][1]) && isset($GLOBALS['request'][2]) && isset($GLOBALS['request'][3])) { + // is user granted? + $user = DB::queryFirstRow( + "SELECT `id`, `pw`, `groupes_interdits`, `groupes_visibles`, `fonction_id` FROM " . $pre . "users WHERE login = %s", + $GLOBALS['request'][4] + ); + + // load passwordLib library + $_SESSION['settings']['cpassman_dir'] = ".."; + require_once '../sources/SplClassLoader.php'; + $pwdlib = new SplClassLoader('PasswordLib', '../includes/libraries'); + $pwdlib->register(); + $pwdlib = new PasswordLib\PasswordLib(); + + // is user identified? + if ($pwdlib->verifyPasswordHash($GLOBALS['request'][5], $user['pw']) === true) { + // does the personal folder of this user exists? + DB::queryFirstRow( + "SELECT `id` + FROM " . $pre . "nested_tree + WHERE title = %s AND personal_folder = 1", + $user['id'] + ); + if (DB::count() > 0) { + // check if "teampass-connect" folder exists + // if not create it + $folder = DB::queryFirstRow( + "SELECT `id` + FROM " . $pre . "nested_tree + WHERE title = %s", + "teampass-connect" + ); + if (DB::count() == 0) { + DB::insert( + prefix_table("nested_tree"), + array( + 'parent_id' => '0', + 'title' => "teampass-connect" + ) + ); + $tpc_folder_id = DB::insertId(); + + //Add complexity + DB::insert( + prefix_table("misc"), + array( + 'type' => 'complex', + 'intitule' => $tpc_folder_id, + 'valeur' => '0' + ) + ); + + // rebuild tree + $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); + $tree->rebuild(); + } else { + $tpc_folder_id = $folder['id']; + } + + // encrypt password + $encrypt = cryption($GLOBALS['request'][2], SALT, "", "encrypt"); + + // add new item + DB::insert( + prefix_table("items"), + array( + 'label' => "Credentials for ".urldecode($GLOBALS['request'][3].'%'), + 'description' => "Imported with Teampass-Connect", + 'pw' => $encrypt['string'], + 'pw_iv' => $encrypt['iv'], + 'email' => "", + 'url' => urldecode($GLOBALS['request'][3].'%'), + 'id_tree' => $tpc_folder_id, + 'login' => $GLOBALS['request'][1], + 'inactif' => '0', + 'restricted_to' => $user['id'], + 'perso' => '0', + 'anyone_can_modify' => '0', + 'complexity_level' => '0' + ) + ); + $newID = DB::insertId(); + + // log + logItems( + $newID, + "Credentials for ".urldecode($GLOBALS['request'][3].'%'), + $user['id'], + 'at_creation', + $GLOBALS['request'][1] + ); + + $json['status'] = "ok"; + // prepare answer. If no access then inform + if (empty($json)) { + rest_error ('AUTH_NO_DATA'); + } else { + echo json_encode($json); + } + } else { + rest_error ('NO_PF_EXIST_FOR_USER'); + } + } else { + rest_error ('AUTH_NOT_GRANTED'); + } + } else { + rest_error ('SET_NO_DATA'); + } + } else { + rest_error ('AUTH_NO_IDENTIFIER'); + } } else { rest_error ('METHOD'); } @@ -750,6 +871,7 @@ function rest_put() { if(apikey_checker($GLOBALS['apikey'])) { global $server, $user, $pass, $database, $pre, $link; teampass_connect(); + } } @@ -830,6 +952,12 @@ function rest_error ($type,$detail = 'N/A') { case 'ITEMMISSINGDATA': $message = Array('err' => 'Label or Password or Folder ID is missing'); break; + case 'SET_NO_DATA': + $message = Array('err' => 'No data to be stored'); + break; + case 'NO_PF_EXIST_FOR_USER': + $message = Array('err' => 'No Personal Folder exists for this user'); + break; default: $message = Array('err' => 'Something happen ... but what ?'); header('HTTP/1.1 500 Internal Server Error'); diff --git a/api/index.php b/api/index.php index 950ed50b4..92aa3ff2e 100644 --- a/api/index.php +++ b/api/index.php @@ -19,8 +19,8 @@ header('Content-Type: application/json'); if (teampass_api_enabled() != "1") { - echo '{"err":"API access not allowed."}'; - exit; + echo '{"err":"API access not allowed."}'; + exit; } teampass_whitelist(); diff --git a/profile.php b/profile.php index 44158914e..2928ac799 100644 --- a/profile.php +++ b/profile.php @@ -88,8 +88,10 @@
  •  '.$LANG['admin_actions_title'].'
      -
    •  '.$LANG['upload_new_avatar'].'
      • -
    •  '.$LANG['index_change_pw'].'
      • +
    •  '.$LANG['upload_new_avatar'].'
      • '; + if (!isset($_SESSION['settings']['duo']) || $_SESSION['settings']['duo'] == 0) echo ' +
    •  '.$LANG['index_change_pw'].'
      • '; + echo '
    •  '.$LANG['menu_title_new_personal_saltkey'].'
    •  '.$LANG['personal_saltkey_lost'].'
    @@ -100,8 +102,11 @@
    - + '; +// if DUOSecurity enabled then changing PWD is not allowed +if (!isset($_SESSION['settings']['duo']) || $_SESSION['settings']['duo'] == 0) + echo ' '; //change the saltkey dialogbox diff --git a/sources/datatable/datatable.users.php b/sources/datatable/datatable.users.php index 1243db27e..871886545 100644 --- a/sources/datatable/datatable.users.php +++ b/sources/datatable/datatable.users.php @@ -76,15 +76,15 @@ .mysqli_escape_string($link, $_GET['order'][0]['column']) .", "; } /* - for ($i=0; $i 0) { $sOutput = '['; } else { - $sOutput = ''; + $sOutput = ''; } foreach ($rows as $record) { @@ -288,8 +288,8 @@ //Finish the line $sOutput .= '],'; - - $iFilteredTotal ++; + + $iFilteredTotal ++; } } diff --git a/sources/folders.queries.php b/sources/folders.queries.php index d4c6ce3d4..819489a73 100644 --- a/sources/folders.queries.php +++ b/sources/folders.queries.php @@ -386,9 +386,9 @@ // add new folder id in SESSION array_push($_SESSION['groupes_visibles'], $newId); - if ($isPersonal == 1) { - array_push($_SESSION['personal_folders'], $newId); - } + if ($isPersonal == 1) { + array_push($_SESSION['personal_folders'], $newId); + } // rebuild tree $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); diff --git a/sources/identify.php b/sources/identify.php index e36e8ff55..7498d8585 100644 --- a/sources/identify.php +++ b/sources/identify.php @@ -398,7 +398,7 @@ function identifyUser($sentData) ); $counter = DB::count(); if ($counter == 0) { - logEvents('user_not_exists', 'connection', "", stripslashes($username)); + logEvents('user_connection', 'user_not_exists', "", stripslashes($username)); echo '[{"value" : "user_not_exists", "text":""}]'; exit; } @@ -474,7 +474,7 @@ function identifyUser($sentData) $userPasswordVerified = true; } else { $userPasswordVerified = false; - logEvents('user_password_not_correct', 'connection', "", stripslashes($username)); + logEvents('user_connection', 'user_password_not_correct', "", stripslashes($username)); } if ($debugDuo == 1) { diff --git a/sources/main.functions.php b/sources/main.functions.php index 5b6764500..7a38595f5 100644 --- a/sources/main.functions.php +++ b/sources/main.functions.php @@ -610,45 +610,6 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi ); } -/** - * logEvents() - * - * permits to log events into DB - */ -function logEvents($type, $label, $who, $login="", $field_1 = NULL) -{ - global $server, $user, $pass, $database, $pre, $port, $encoding; - // include librairies & connect to DB - require_once $_SESSION['settings']['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php'; - DB::$host = $server; - DB::$user = $user; - DB::$password = $pass; - DB::$dbName = $database; - DB::$port = $port; - DB::$encoding = $encoding; - DB::$error_handler = 'db_error_handler'; - $link = mysqli_connect($server, $user, $pass, $database, $port); - $link->set_charset($encoding); - - DB::insert( - prefix_table("log_system"), - array( - 'type' => $type, - 'date' => time(), - 'label' => $label, - 'qui' => $who, - 'field_1' => $field_1 - ) - ); - if (isset($_SESSION['settings']['syslog_enable']) && $_SESSION['settings']['syslog_enable'] == 1) { - if ($type == "user_mngt"){ - send_syslog("The User " .$login. " perform the acction off " .$label. " to the user " .$field_1. " - " .$type,"teampass","php",$_SESSION['settings']['syslog_host'],$_SESSION['settings']['syslog_port']); - } else { - send_syslog("The User " .$login. " perform the acction off " .$label. " - " .$type,"teampass","php",$_SESSION['settings']['syslog_host'],$_SESSION['settings']['syslog_port']); - } - } -} - /** * updateCacheTable() * @@ -1118,6 +1079,50 @@ function send_syslog($message, $component = "teampass", $program = "php", $host socket_close($sock); } + + +/** + * logEvents() + * + * permits to log events into DB + */ +function logEvents($type, $label, $who, $login="", $field_1 = NULL) +{ + global $server, $user, $pass, $database, $pre, $port, $encoding; + + if (empty($who)) $who = get_client_ip_server(); + + // include librairies & connect to DB + require_once $_SESSION['settings']['cpassman_dir'].'/includes/libraries/Database/Meekrodb/db.class.php'; + DB::$host = $server; + DB::$user = $user; + DB::$password = $pass; + DB::$dbName = $database; + DB::$port = $port; + DB::$encoding = $encoding; + DB::$error_handler = 'db_error_handler'; + $link = mysqli_connect($server, $user, $pass, $database, $port); + $link->set_charset($encoding); + + DB::insert( + prefix_table("log_system"), + array( + 'type' => $type, + 'date' => time(), + 'label' => $label, + 'qui' => $who, + 'field_1' => $field_1 + ) + ); + if (isset($_SESSION['settings']['syslog_enable']) && $_SESSION['settings']['syslog_enable'] == 1) { + if ($type == "user_mngt"){ + send_syslog("The User " .$login. " perform the acction off " .$label. " to the user " .$field_1. " - " .$type,"teampass","php",$_SESSION['settings']['syslog_host'],$_SESSION['settings']['syslog_port']); + } else { + send_syslog("The User " .$login. " perform the acction off " .$label. " - " .$type,"teampass","php",$_SESSION['settings']['syslog_host'],$_SESSION['settings']['syslog_port']); + } + } +} + function logItems($id, $item, $id_user, $action, $login = "", $raison = NULL, $raison_iv = NULL) { global $server, $user, $pass, $database, $pre, $port, $encoding; @@ -1133,17 +1138,41 @@ function logItems($id, $item, $id_user, $action, $login = "", $raison = NULL, $r $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); DB::insert( - prefix_table("log_items"), - array( - 'id_item' => $id, - 'date' => time(), - 'id_user' => $id_user, - 'action' => $action, - 'raison' => $raison, - 'raison_iv' => $raison_iv - ) - ); + prefix_table( + "log_items"), + array( + 'id_item' => $id, + 'date' => time(), + 'id_user' => $id_user, + 'action' => $action, + 'raison' => $raison, + 'raison_iv' => $raison_iv + ) + ); if (isset($_SESSION['settings']['syslog_enable']) && $_SESSION['settings']['syslog_enable'] == 1) { send_syslog("The Item ".$item." was ".$action." by ".$login." ".$raison,"teampass","php",$_SESSION['settings']['syslog_host'],$_SESSION['settings']['syslog_port']); } } + +/* +* Function to get the client ip address + */ +function get_client_ip_server() { + $ipaddress = ''; + if ($_SERVER['HTTP_CLIENT_IP']) + $ipaddress = $_SERVER['HTTP_CLIENT_IP']; + else if($_SERVER['HTTP_X_FORWARDED_FOR']) + $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR']; + else if($_SERVER['HTTP_X_FORWARDED']) + $ipaddress = $_SERVER['HTTP_X_FORWARDED']; + else if($_SERVER['HTTP_FORWARDED_FOR']) + $ipaddress = $_SERVER['HTTP_FORWARDED_FOR']; + else if($_SERVER['HTTP_FORWARDED']) + $ipaddress = $_SERVER['HTTP_FORWARDED']; + else if($_SERVER['REMOTE_ADDR']) + $ipaddress = $_SERVER['REMOTE_ADDR']; + else + $ipaddress = 'UNKNOWN'; + + return $ipaddress; +} \ No newline at end of file diff --git a/users.load.php b/users.load.php index 0247a8b05..325f4d049 100644 --- a/users.load.php +++ b/users.load.php @@ -128,16 +128,16 @@ key : "" }, function(data) { - data = prepareExchangedData(data, "decode", ""); - $("#div_loading").hide(); - - // manage not allowed - if (data.error == "not_allowed") { - $("#div_dialog_message_text").html(data.error_text); - $("#div_dialog_message").dialog("open"); - return false; - } - + data = prepareExchangedData(data, "decode", ""); + $("#div_loading").hide(); + + // manage not allowed + if (data.error == "not_allowed") { + $("#div_dialog_message_text").html(data.error_text); + $("#div_dialog_message").dialog("open"); + return false; + } + // refresh table content tableUsers.api().ajax.reload(); } @@ -475,19 +475,19 @@ function(data) { } }); - $("#manager_dialog").dialog({ - bgiframe: true, - modal: true, - autoOpen: false, - width: 400, - height: 200, - title: "", - buttons: { - "": function() { - $(this).dialog("close"); - } - } - }); + $("#manager_dialog").dialog({ + bgiframe: true, + modal: true, + autoOpen: false, + width: 400, + height: 200, + title: "", + buttons: { + "": function() { + $(this).dialog("close"); + } + } + }); $("#user_edit_login_dialog").dialog({ bgiframe: true, @@ -531,38 +531,38 @@ function(data) { } }); - var watermark = 'Search a user'; - - //init, set watermark text and class - $('#search').val(watermark).addClass('watermark'); - - //if blur and no value inside, set watermark text and class again. - $('#search').blur(function(){ - if ($(this).val().length == 0){ - $(this).val(watermark).addClass('watermark'); - } - }); - - //if focus and text is watermrk, set it to empty and remove the watermark class - $('#search').focus(function(){ - if ($(this).val() == watermark){ - $(this).val('').removeClass('watermark'); - } - }); - - - $('input[name="search"]').keyup(function(){ - var searchterm = $(this).val(); - if(searchterm.length > 1) { - var match = $('tr.data-row:containsIN("' + searchterm + '")'); - var nomatch = $('tr.data-row:not(:containsIN("' + searchterm + '"))'); - match.addClass('selected'); - nomatch.css("display", "none"); - } else { - $('tr.data-row').css("display", ""); - $('tr.data-row').removeClass('selected'); - } - }); + var watermark = 'Search a user'; + + //init, set watermark text and class + $('#search').val(watermark).addClass('watermark'); + + //if blur and no value inside, set watermark text and class again. + $('#search').blur(function(){ + if ($(this).val().length == 0){ + $(this).val(watermark).addClass('watermark'); + } + }); + + //if focus and text is watermrk, set it to empty and remove the watermark class + $('#search').focus(function(){ + if ($(this).val() == watermark){ + $(this).val('').removeClass('watermark'); + } + }); + + + $('input[name="search"]').keyup(function(){ + var searchterm = $(this).val(); + if(searchterm.length > 1) { + var match = $('tr.data-row:containsIN("' + searchterm + '")'); + var nomatch = $('tr.data-row:not(:containsIN("' + searchterm + '"))'); + match.addClass('selected'); + nomatch.css("display", "none"); + } else { + $('tr.data-row').css("display", ""); + $('tr.data-row').removeClass('selected'); + } + }); $("#manager_dialog").dialog({ bgiframe: true, @@ -587,7 +587,7 @@ function(data) { title: "", open: function() { $("#user_edit_functions_list, #user_edit_managedby, #user_edit_auth, #user_edit_forbid").empty(); - $(".ui-dialog-buttonpane button:contains('')").button("disable"); + $(".ui-dialog-buttonpane button:contains('')").button("disable"); $.post( "sources/users.queries.php", { @@ -597,8 +597,8 @@ function(data) { }, function(data) { if (data.error == "no") { - $(".ui-dialog-buttonpane button:contains('')").button("enable"); - + $(".ui-dialog-buttonpane button:contains('')").button("enable"); + $("#user_edit_login").val(data.log); $("#user_edit_name").val(data.name); $("#user_edit_lastname").val(data.lastname); @@ -620,10 +620,10 @@ function(data) { $("#user_edit_wait").hide(); $("#user_edit_div").show(); } else { - $("#user_edit_error").html("") + $("#user_edit_error").html("") $("#user_edit_wait").hide(); - $("#user_edit_div").show(); - } + $("#user_edit_div").show(); + } }, "json" );