From e1724c39d799bc053e927eb32773d49e3f546ef0 Mon Sep 17 00:00:00 2001 From: "nils@teampass.net" Date: Wed, 13 Jan 2016 22:22:39 +0100 Subject: [PATCH] 2.1.25 Fix for #1152, #1153, #1149 (partially) --- admin.settings.php | 64 ++--- includes/language/english.php | 3 +- items.load.php | 246 +++++++++--------- load.php | 10 +- sources/admin.queries.php | 476 +++++++++++++++++----------------- sources/identify.php | 18 +- sources/main.functions.php | 50 ++-- 7 files changed, 439 insertions(+), 428 deletions(-) diff --git a/admin.settings.php b/admin.settings.php index f7f878180..e9b0c6e07 100644 --- a/admin.settings.php +++ b/admin.settings.php @@ -6,7 +6,7 @@ * @version 2.1.24 * @copyright (c) 2009-2015 Nils Laumaillé * @licensing GNU AFFERO GPL 3.0 - * @link http://www.teampass.net + * @link http://www.teampass.net * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -295,8 +295,8 @@ function updateSettings ($setting, $val, $type = '') if (isset($_POST['ldap_mode']) && $_SESSION['settings']['ldap_mode'] != $_POST['ldap_mode']) { updateSettings('ldap_mode', $_POST['ldap_mode']); } - // Update LDAP type - if (isset($_POST['ldap_type']) && $_SESSION['settings']['ldap_type'] != $_POST['ldap_type']) { + // Update LDAP type + if (isset($_POST['ldap_type']) && $_SESSION['settings']['ldap_type'] != $_POST['ldap_type']) { updateSettings('ldap_type', $_POST['ldap_type']); } // Update LDAP ldap_suffix @@ -311,10 +311,10 @@ function updateSettings ($setting, $val, $type = '') if (isset($_POST['ldap_domain_controler']) && @$_SESSION['settings']['ldap_domain_controler'] != $_POST['ldap_domain_controler']) { updateSettings('ldap_domain_controler', $_POST['ldap_domain_controler']); } - // Update LDAP ldap_user_attribute - if (isset($_POST['ldap_user_attribute']) && $_SESSION['settings']['ldap_user_attribute'] != @$_POST['ldap_user_attribute']) { - updateSettings('ldap_user_attribute', $_POST['ldap_user_attribute']); - } + // Update LDAP ldap_user_attribute + if (isset($_POST['ldap_user_attribute']) && $_SESSION['settings']['ldap_user_attribute'] != @$_POST['ldap_user_attribute']) { + updateSettings('ldap_user_attribute', $_POST['ldap_user_attribute']); + } // Update LDAP ssl if (isset($_POST['ldap_ssl']) && $_SESSION['settings']['ldap_ssl'] != $_POST['ldap_ssl']) { updateSettings('ldap_ssl', $_POST['ldap_ssl']); @@ -327,10 +327,10 @@ function updateSettings ($setting, $val, $type = '') if (@$_SESSION['settings']['ldap_elusers'] != $_POST['ldap_elusers']) { updateSettings('ldap_elusers', $_POST['ldap_elusers']); } - // Update LDAP ldap_group - if (@$_SESSION['settings']['ldap_elusers'] != $_POST['ldap_elusers']) { - updateSettings('ldap_elusers', $_POST['ldap_elusers']); - } + // Update LDAP ldap_group + if (@$_SESSION['settings']['ldap_elusers'] != $_POST['ldap_elusers']) { + updateSettings('ldap_elusers', $_POST['ldap_elusers']); + } // Update LDAP ldap_bind_dn if (isset($_POST['ldap_bind_dn']) && @$_SESSION['settings']['ldap_bind_dn'] != $_POST['ldap_bind_dn']) { updateSettings('ldap_bind_dn', $_POST['ldap_bind_dn']); @@ -434,14 +434,14 @@ function updateSettings ($setting, $val, $type = '') if (@$_SESSION['settings']['personal_saltkey_cookie_duration'] != $_POST['personal_saltkey_cookie_duration']) { updateSettings('personal_saltkey_cookie_duration', $_POST['personal_saltkey_cookie_duration']); } - // Update settings_offline_mode - if (@$_SESSION['settings']['settings_offline_mode'] != $_POST['settings_offline_mode']) { - updateSettings('settings_offline_mode', $_POST['settings_offline_mode']); - } - // Update offline_key_level - if (@$_SESSION['settings']['offline_key_level'] != $_POST['offline_key_level']) { - updateSettings('offline_key_level', $_POST['offline_key_level']); - } + // Update settings_offline_mode + if (@$_SESSION['settings']['settings_offline_mode'] != $_POST['settings_offline_mode']) { + updateSettings('settings_offline_mode', $_POST['settings_offline_mode']); + } + // Update offline_key_level + if (@$_SESSION['settings']['offline_key_level'] != $_POST['offline_key_level']) { + updateSettings('offline_key_level', $_POST['offline_key_level']); + } // Update email_smtp_server if (@$_SESSION['settings']['email_smtp_server'] != $_POST['email_smtp_server']) { updateSettings('email_smtp_server', $_POST['email_smtp_server']); @@ -549,10 +549,10 @@ function updateSettings ($setting, $val, $type = '') if (@$_SESSION['settings']['can_create_root_folder'] != $_POST['can_create_root_folder']) { updateSettings('can_create_root_folder', $_POST['can_create_root_folder']); } - // Update use_md5_password_as_salt - if (@$_SESSION['settings']['use_md5_password_as_salt'] != $_POST['use_md5_password_as_salt']) { - updateSettings('use_md5_password_as_salt', $_POST['use_md5_password_as_salt']); - } + // Update use_md5_password_as_salt + if (@$_SESSION['settings']['use_md5_password_as_salt'] != $_POST['use_md5_password_as_salt']) { + updateSettings('use_md5_password_as_salt', $_POST['use_md5_password_as_salt']); + } // Update syslog_enable if (@$_SESSION['settings']['syslog_enable'] != $_POST['syslog_enable']) { updateSettings('syslog_enable', $_POST['syslog_enable']); @@ -825,7 +825,7 @@ function updateSettings ($setting, $val, $type = '') '; - + echo '
'; // TIMEZONE // get list of all timezones @@ -1157,9 +1157,9 @@ function updateSettings ($setting, $val, $type = '') - + '; // Correct passwords prefix echo ' @@ -1631,7 +1631,7 @@ function updateSettings ($setting, $val, $type = '') @@ -1701,9 +1701,9 @@ function updateSettings ($setting, $val, $type = '') '; - // Type - $ldap_type = isset($_SESSION['settings']['ldap_type']) ? $_SESSION['settings']['ldap_type'] : ''; - echo ' + // Type + $ldap_type = isset($_SESSION['settings']['ldap_type']) ? $_SESSION['settings']['ldap_type'] : ''; + echo '
@@ -1747,7 +1747,7 @@ function updateSettings ($setting, $val, $type = '') // LDAP username attribute if (isset($ldap_type) && $ldap_type == 'posix-search') { - echo ' + echo ' diff --git a/includes/language/english.php b/includes/language/english.php index a8b649cc8..2a6cb7e5a 100644 --- a/includes/language/english.php +++ b/includes/language/english.php @@ -14,7 +14,8 @@ */ global $LANG; $LANG = array ( - 'error_bad_credentials' => 'Login credentials do not correspond!', + 'reload_page_after_user_account_creation' => 'Your account has been created. This page will be automatically reloaded in 3 seconds ...', + 'error_bad_credentials' => 'Login credentials do not correspond!', 'user_ga_code' => 'Send GoogleAuthenticator to user by email', 'send_ga_code' => 'Google Authenticator for user', 'error_no_email' => 'This user has no email set!', diff --git a/items.load.php b/items.load.php index 4e9d86b1b..e19a64b13 100644 --- a/items.load.php +++ b/items.load.php @@ -85,16 +85,16 @@ function showItemsInTree(type) //FUNCTION mask/unmask passwords characters function ShowPassword(pw) { - if ($("#selected_items").val() == "") return; + if ($("#selected_items").val() == "") return; if ($('#id_pw').html().indexOf("fa-asterisk") != -1) { - itemLog("item_password_shown"); + itemLog("item_password_shown"); $('#id_pw').text($('#hid_pw').val()); } else { $('#id_pw').html(''); } } - + $("#tabs-02").on( "change", "#pw1", @@ -144,24 +144,24 @@ function OpenDialog(id, modal) */ function LoadTreeNode(node_id) { - + } - + //########### //## FUNCTION : Launch the listing of all items of one category //########### function ListerItems(groupe_id, restricted, start) { - // prevent launch of similar query in case of doubleclick - var me = $(this); + // prevent launch of similar query in case of doubleclick + var me = $(this); if ( me.data('requestRunning') ) { return false; } else { - me.data('requestRunning', true); - } - + me.data('requestRunning', true); + } + $("#request_lastItem, #selected_items").val(""); - + if (groupe_id != undefined) { if (query_in_progress != 0 && query_in_progress != groupe_id) request.abort(); //kill previous query if needed query_in_progress = groupe_id; @@ -196,17 +196,17 @@ function ListerItems(groupe_id, restricted, start) function(data) { //get data data = prepareExchangedData(data, "decode", ""); - - // reset doubleclick prevention - me.data('requestRunning', false); - - // manage not allowed - if (data.error == "not_allowed") { + + // reset doubleclick prevention + me.data('requestRunning', false); + + // manage not allowed + if (data.error == "not_allowed") { $("#div_dialog_message_text").html(data.error_text); $("#div_dialog_message").dialog("open"); - $("#items_path_var").html(' Error'); - $("#items_list_loader").hide(); - return false; + $("#items_path_var").html(' Error'); + $("#items_list_loader").hide(); + return false; } $("#pf_selected").val(data.IsPersonalFolder); @@ -309,7 +309,7 @@ function(data) { //Display items $("#item_details_no_personal_saltkey, #item_details_nok").hide(); $("#item_details_ok, #items_list").show(); - + $('#complexite_groupe').val(data.folder_complexity); $('#bloquer_creation_complexite').val(data.bloquer_creation_complexite); $('#bloquer_modification_complexite').val(data.bloquer_modification_complexite); @@ -377,17 +377,17 @@ function(data) { //move item $.post( "sources/items.queries.php", - { - type : "move_item", - item_id : ui.draggable.attr("id"), - folder_id : $(this).attr("id").substring(4), - key : "" - }, + { + type : "move_item", + item_id : ui.draggable.attr("id"), + folder_id : $(this).attr("id").substring(4), + key : "" + }, function(data) { //increment / decrement number of items in folders $("#itcount_"+data[0].from_folder).text(Math.floor($("#itcount_"+data[0].from_folder).text())-1); $("#itcount_"+data[0].to_folder).text(Math.floor($("#itcount_"+data[0].to_folder).text())+1); - $("#id_label, #item_viewed_x_times, #id_desc, #id_pw, #id_login, #id_email, #id_url, #id_files, #id_restricted_to, #id_tags, #id_kbs").html(""); + $("#id_label, #item_viewed_x_times, #id_desc, #id_pw, #id_login, #id_email, #id_url, #id_files, #id_restricted_to, #id_tags, #id_kbs").html(""); LoadingPage(); displayMessage(""); }, @@ -402,7 +402,7 @@ function(data) { //Delete data delete data; } - ); + ); } } @@ -498,7 +498,7 @@ function(data) { $("#div_dialog_message_text").html(data.error_msg); $("#div_dialog_message").dialog("open"); } - $("#div_loading").hide(); + $("#div_loading").hide(); } ); $.ajaxSetup({async: true}); @@ -743,7 +743,7 @@ function EditerItem() else if ($("#edit_pw1").val() == "") erreur = ""; else if ($("#edit_pw1").val() != $("#edit_pw2").val()) erreur = ""; else if ($("#edit_tags").val() != "" && reg.test($("#edit_tags").val())) erreur = ""; - else if ($("#edit_categorie option:selected").val() == "" || typeof $("#edit_categorie option:selected").val() === "undefined") erreur = ""; + else if ($("#edit_categorie option:selected").val() == "" || typeof $("#edit_categorie option:selected").val() === "undefined") erreur = ""; else{ //Check pw complexity level if (( @@ -953,24 +953,24 @@ function(data) { $("#itcount_"+$('#hid_cat').val()).text(Math.floor($("#itcount_"+$('#hid_cat').val()).text())-1); $("#itcount_"+$('#edit_categorie').val()).text(Math.floor($("#itcount_"+$('#edit_categorie').val()).text())+1); } - + //Prepare clipboard copies if ($('#edit_pw1').val() != "") { - new Clipboard("#menu_button_copy_pw, #button_quick_pw_copy", { - text: function() { - return unsanitizeString($('#edit_pw1').val()); - } - }); - + new Clipboard("#menu_button_copy_pw, #button_quick_pw_copy", { + text: function() { + return unsanitizeString($('#edit_pw1').val()); + } + }); + $("#button_quick_pw_copy").show(); } if ($('#edit_item_login').val() != "") { - var clipboard_elogin = new Clipboard("#menu_button_copy_login, #button_quick_login_copy", { - text: function() { - return unsanitizeString($('#edit_item_login').val()); - } - }); + var clipboard_elogin = new Clipboard("#menu_button_copy_login, #button_quick_login_copy", { + text: function() { + return unsanitizeString($('#edit_item_login').val()); + } + }); $("#button_quick_login_copy").show(); } @@ -1007,7 +1007,7 @@ function(data) { if (erreur != "") { $('#edit_show_error').html(erreur).show(); $("#div_formulaire_edition_item_info").hide().html(""); - $("#div_formulaire_edition_item ~ .ui-dialog-buttonpane").find("button:contains('')").prop("disabled", false); + $("#div_formulaire_edition_item ~ .ui-dialog-buttonpane").find("button:contains('')").prop("disabled", false); } } @@ -1340,59 +1340,59 @@ function(data) { //Prepare clipboard copies if (data.pw != "") { - var clipboard_pw = new Clipboard("#menu_button_copy_pw, #button_quick_pw_copy", { - text: function() { - return unsanitizeString(data.pw); - } - }); - clipboard_pw.on('success', function(e) { - $("#message_box").html("").show().fadeOut(1000); + var clipboard_pw = new Clipboard("#menu_button_copy_pw, #button_quick_pw_copy", { + text: function() { + return unsanitizeString(data.pw); + } + }); + clipboard_pw.on('success', function(e) { + $("#message_box").html("").show().fadeOut(1000); itemLog("item_password_copied"); - e.clearSelection(); - }); - + e.clearSelection(); + }); + $("#button_quick_pw_copy").show(); } if (data.login != "") { - var clipboard_login = new Clipboard("#menu_button_copy_login, #button_quick_login_copy", { - text: function() { - return unsanitizeString(data.login); - } - }); - clipboard_login.on('success', function(e) { - $("#message_box").html("").show().fadeOut(1000); - - e.clearSelection(); - }); + var clipboard_login = new Clipboard("#menu_button_copy_login, #button_quick_login_copy", { + text: function() { + return unsanitizeString(data.login); + } + }); + clipboard_login.on('success', function(e) { + $("#message_box").html("").show().fadeOut(1000); + + e.clearSelection(); + }); $("#button_quick_login_copy").show(); } // #525 if (data.url != "") { - var clipboard_url = new Clipboard("#menu_button_copy_url", { - text: function() { - return unsanitizeString(data.url); - } - }); - clipboard_url.on('success', function(e) { - $("#message_box").html("").show().fadeOut(1000); - - e.clearSelection(); - }); + var clipboard_url = new Clipboard("#menu_button_copy_url", { + text: function() { + return unsanitizeString(data.url); + } + }); + clipboard_url.on('success', function(e) { + $("#message_box").html("").show().fadeOut(1000); + + e.clearSelection(); + }); } - - //prepare link to clipboard - var clipboard_link = new Clipboard("#menu_button_copy_link", { - text: function() { - return ""+"/index.php?page=items&group="+data.folder+"&id="+data.id; - } - }); - clipboard_link.on('success', function(e) { - $("#message_box").html("").show().fadeOut(1000); - - e.clearSelection(); - }); - + + //prepare link to clipboard + var clipboard_link = new Clipboard("#menu_button_copy_link", { + text: function() { + return ""+"/index.php?page=items&group="+data.folder+"&id="+data.id; + } + }); + clipboard_link.on('success', function(e) { + $("#message_box").html("").show().fadeOut(1000); + + e.clearSelection(); + }); + //set if user can edit if (data.restricted == "1" || data.user_can_modify == "1") { @@ -1516,17 +1516,17 @@ function ActionOnQuickIcon(id, action) } //Send query - LoadingPage(); + LoadingPage(); $.post("sources/items.queries.php", - { - type : 'action_on_quick_icon', - id : id, - action : action - }, - function(data) { - LoadingPage(); - displayMessage(""); - } + { + type : 'action_on_quick_icon', + id : id, + action : action + }, + function(data) { + LoadingPage(); + displayMessage(""); + } ); } @@ -2139,8 +2139,8 @@ function(data) { //## EXECUTE WHEN PAGE IS LOADED //########### $(function() { - - $.ajaxSetup({ + + $.ajaxSetup({ error: function(jqXHR, exception) { if (jqXHR.status === 0) { console.log('Not connect.\nVerify Network.'); @@ -2248,19 +2248,19 @@ function(data) { "animation" : 0, "check_callback" : true, 'data' : { - 'url' : "./sources/tree.php", + 'url' : "./sources/tree.php", "dataType" : "json", "async" : true, - 'data' : function (node) { - return { 'id' : node.id.split('_')[1] }; - } + 'data' : function (node) { + return { 'id' : node.id.split('_')[1] }; + } }, "strings" : { "Loading ..." : "..." }, - "error" : { - - } + "error" : { + + } }, "plugins" : [ "state", "search" @@ -2421,7 +2421,7 @@ function(data) { //window.location.href = "index.php?page=items&group="+$('#copy_in_folder').val()+"&id="+data[1].new_id; ListerItems($('#copy_in_folder').val(),'', 0); AfficherDetailsItem(data[1].new_id); - refreshTree($('#copy_in_folder').val()); + refreshTree($('#copy_in_folder').val()); $("#copy_in_folder").val(""); $("#div_copy_item_to_folder").dialog('close'); } @@ -2488,7 +2488,7 @@ function(data) { }, "": function() { $("#edit_rep_show_error").html("").hide(); - $("#div_editer_rep ~ .ui-dialog-buttonpane").find("button:contains('')").prop("disabled", false); + $("#div_editer_rep ~ .ui-dialog-buttonpane").find("button:contains('')").prop("disabled", false); $(this).dialog('close'); } }, @@ -2659,7 +2659,7 @@ function(data) { { type : "del_item", id : $("#id_item").val(), - label : $("#hid_label").val(), + label : $("#hid_label").val(), key : "" }, function(data) { @@ -3270,7 +3270,7 @@ function(data) { } var showPwd = function(){ - $("#visible_pw, #edit_visible_pw").toggle(); + $("#visible_pw, #edit_visible_pw").toggle(); } /* @@ -3284,7 +3284,7 @@ function itemLog(log_case) type : log_case, id_item : $('#id_item').val(), folder_id : $('#hid_cat').val(), - hid_label : $('#hid_label').val(), + hid_label : $('#hid_label').val(), key : "" } ); @@ -3351,18 +3351,18 @@ function proceed_list_update() $("#items_list_loader").hide(); // prepare clipboard items - var clipboard = new Clipboard('.mini_login'); - clipboard.on('success', function(e) { - $("#message_box").html("").show().fadeOut(1000); - e.clearSelection(); - }); - - var clipboard = new Clipboard('.mini_pw'); - clipboard.on('success', function(e) { - $("#message_box").html("").show().fadeOut(1000); + var clipboard = new Clipboard('.mini_login'); + clipboard.on('success', function(e) { + $("#message_box").html("").show().fadeOut(1000); + e.clearSelection(); + }); + + var clipboard = new Clipboard('.mini_pw'); + clipboard.on('success', function(e) { + $("#message_box").html("").show().fadeOut(1000); itemLog("item_password_copied"); - e.clearSelection(); - }); + e.clearSelection(); + }); $(".tip").tooltipster(); $(".mini_login, .mini_pw").css("cursor", "pointer"); @@ -3612,7 +3612,7 @@ function(data) { data = prepareExchangedData(data , "decode", ""); displayMessage(data.message); $("#items_path_var").html(' '); - $("#items_list").html(""); + $("#items_list").html(""); $("#full_items_list").html(data.items_html); $("#items_list_loader").hide(); } diff --git a/load.php b/load.php index dfa67c3c7..2c748fa84 100644 --- a/load.php +++ b/load.php @@ -220,7 +220,7 @@ function identifyUser(redirect, psk, data, randomstring) }, function(data) { if (data[0].value == randomstring) { - $("#connection_error").hide();console.log("ici "+data[0].initial_url+" -- "); + $("#connection_error").hide(); //redirection for admin is specific if (data[0].user_admin == "1") window.location.href="index.php?page=manage_main"; else if (data[0].initial_url != "") window.location.href=data[0].initial_url; @@ -244,6 +244,14 @@ function(data) { } else if (data[0].value == "error") { $("#mysql_error_warning").html(data[0].text).show(); $("#div_mysql_error").show().dialog("open"); + } else if (data[0].value == "new_ldap_account_created") { + $("#connection_error").html("'.$LANG['reload_page_after_user_account_creation'].'").show().switchClass("ui-state-error", "ui-state-default"); + setTimeout( + function (){ + window.location.href="index.php" + }, + 3000 + ); } else if (data[0].value == "false_onetimepw") { $("#connection_error").html("'.$LANG['bad_onetime_password'].'").show(); } else if (data[0].error == "bad_credentials") { diff --git a/sources/admin.queries.php b/sources/admin.queries.php index a865e6145..60acae2fa 100644 --- a/sources/admin.queries.php +++ b/sources/admin.queries.php @@ -6,7 +6,7 @@ * @version 2.1.24 * @copyright (c) 2009-2015 Nils Laumaillé * @licensing GNU AFFERO GPL 3.0 - * @link http://www.teampass.net + * @link http://www.teampass.net * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -315,7 +315,7 @@ $_SESSION['key_tmp'] = $pwgen->generate(); //update LOG - logEvents('admin_action', 'dataBase backup', $_SESSION['user_id'], $_SESSION['login']); + logEvents('admin_action', 'dataBase backup', $_SESSION['user_id'], $_SESSION['login']); echo '[{"result":"db_backup" , "href":"sources/downloadFile.php?name='.urlencode($filename).'&sub=files&file='.$filename.'&type=sql&key='.$_SESSION['key'].'&key_tmp='.$_SESSION['key_tmp'].'&pathIsFiles=1"}]'; } @@ -487,32 +487,32 @@ case "admin_action_change_salt_key___start": $error = ""; require_once 'main.functions.php'; - - // check saltkey - $dataReceived = prepareExchangedData($_POST['newSK'], "decode"); - $new_salt_key = htmlspecialchars_decode($dataReceived['newSK']); - if (!isUTF8($new_salt_key) || empty($new_salt_key)) { - // SK is not correct - echo '[{"nextAction":"" , "error":"saltkey is corrupted or empty" , "nbOfItems":""}]'; - break; - } - + + // check saltkey + $dataReceived = prepareExchangedData($_POST['newSK'], "decode"); + $new_salt_key = htmlspecialchars_decode($dataReceived['newSK']); + if (!isUTF8($new_salt_key) || empty($new_salt_key)) { + // SK is not correct + echo '[{"nextAction":"" , "error":"saltkey is corrupted or empty" , "nbOfItems":""}]'; + break; + } + //put tool in maintenance. - DB::update( - prefix_table("misc"), - array( - 'valeur' => '1', - ), - "intitule = %s AND type= %s", - "maintenance_mode", "admin" - ); - //log - logEvents('system', 'change_salt_key', $_SESSION['user_id'], $_SESSION['login']); - - // get number of items to change - DB::query("SELECT id FROM ".prefix_table("items")." WHERE perso = %i", 0); - - echo '[{"nextAction":"encrypt_items" , "error":"'.$error.'" , "nbOfItems":"'.DB::count().'"}]'; + DB::update( + prefix_table("misc"), + array( + 'valeur' => '1', + ), + "intitule = %s AND type= %s", + "maintenance_mode", "admin" + ); + //log + logEvents('system', 'change_salt_key', $_SESSION['user_id'], $_SESSION['login']); + + // get number of items to change + DB::query("SELECT id FROM ".prefix_table("items")." WHERE perso = %i", 0); + + echo '[{"nextAction":"encrypt_items" , "error":"'.$error.'" , "nbOfItems":"'.DB::count().'"}]'; break; /* @@ -522,45 +522,45 @@ $error = ""; require_once 'main.functions.php'; - // prepare SK - $dataReceived = prepareExchangedData($_POST['newSK'], "decode"); - $new_salt_key = htmlspecialchars_decode($dataReceived['newSK']); - if (!isUTF8($new_salt_key) || empty($new_salt_key)) { - // SK is not correct - echo '[{"nextAction":"" , "error":"saltkey is corrupted or empty" , "nbOfItems":""}]'; - break; - } + // prepare SK + $dataReceived = prepareExchangedData($_POST['newSK'], "decode"); + $new_salt_key = htmlspecialchars_decode($dataReceived['newSK']); + if (!isUTF8($new_salt_key) || empty($new_salt_key)) { + // SK is not correct + echo '[{"nextAction":"" , "error":"saltkey is corrupted or empty" , "nbOfItems":""}]'; + break; + } //change all passwords in DB $rows = DB::query(" - SELECT id, pw, pw_iv - FROM ".prefix_table("items")." - WHERE perso = %s - LIMIT ".filter_var($_POST['start'], FILTER_SANITIZE_NUMBER_INT) .", ". filter_var($_POST['length'], FILTER_SANITIZE_NUMBER_INT), - "0"); + SELECT id, pw, pw_iv + FROM ".prefix_table("items")." + WHERE perso = %s + LIMIT ".filter_var($_POST['start'], FILTER_SANITIZE_NUMBER_INT) .", ". filter_var($_POST['length'], FILTER_SANITIZE_NUMBER_INT), + "0"); foreach ($rows as $record) { $pw = cryption($record['pw'], SALT, $record['pw_iv'], "decrypt"); //encrypt with new SALT - $encrypt = cryption($pw, $new_salt_key, "", "encrypt"); + $encrypt = cryption($pw, $new_salt_key, "", "encrypt"); DB::update( prefix_table("items"), array( 'pw' => $encrypt['string'], - 'pw_iv' => $encrypt['iv'], + 'pw_iv' => $encrypt['iv'], ), "id = %i", $record['id'] ); } - - $nextStart = intval($_POST['start']) + intval($_POST['length']); - - // check if last item to change has been treated - if ($nextStart >= intval($_POST['nbItems'])) { - $nextAction = "finishing"; - } else { - $nextAction = "encrypting"; - } + + $nextStart = intval($_POST['start']) + intval($_POST['length']); + + // check if last item to change has been treated + if ($nextStart >= intval($_POST['nbItems'])) { + $nextAction = "finishing"; + } else { + $nextAction = "encrypting"; + } echo '[{"nextAction":"'.$nextAction.'" , "nextStart":"'.$nextStart.'", "error":"'.$error.'"}]'; break; @@ -570,16 +570,16 @@ */ case "admin_action_change_salt_key___end": $error = ""; - - $dataReceived = prepareExchangedData($_POST['newSK'], "decode"); - $new_salt_key = htmlspecialchars_decode($dataReceived['newSK']); - if (!isUTF8($new_salt_key) || empty($new_salt_key)) { - // SK is not correct - echo '[{"nextAction":"" , "error":"saltkey is corrupted or empty" , "nbOfItems":""}]'; - break; - } - - // write the sk.php file + + $dataReceived = prepareExchangedData($_POST['newSK'], "decode"); + $new_salt_key = htmlspecialchars_decode($dataReceived['newSK']); + if (!isUTF8($new_salt_key) || empty($new_salt_key)) { + // SK is not correct + echo '[{"nextAction":"" , "error":"saltkey is corrupted or empty" , "nbOfItems":""}]'; + break; + } + + // write the sk.php file // get path to sk.php $filename = "../includes/settings.php"; if (file_exists($filename)) { @@ -606,21 +606,21 @@ ) ); fclose($fh); - - // quit maintenance mode. - DB::update( - prefix_table("misc"), - array( - 'valeur' => '0', - ), - "intitule = %s AND type= %s", - "maintenance_mode", "admin" - ); - - // redefine SALT - @define(SALT, $new_salt_key); - - echo '[{"nextAction":"done" , "error":"'.$error.'"}]'; + + // quit maintenance mode. + DB::update( + prefix_table("misc"), + array( + 'valeur' => '0', + ), + "intitule = %s AND type= %s", + "maintenance_mode", "admin" + ); + + // redefine SALT + @define(SALT, $new_salt_key); + + echo '[{"nextAction":"done" , "error":"'.$error.'"}]'; break; /* @@ -665,7 +665,7 @@ } //update LOG - logEvents('admin_action', 'Emails backlog', $_SESSION['user_id'], $_SESSION['login']); + logEvents('admin_action', 'Emails backlog', $_SESSION['user_id'], $_SESSION['login']); echo '[{"result":"admin_email_send_backlog", '.@sendEmail($LANG['admin_email_test_subject'], $LANG['admin_email_test_body'], $_SESSION['settings']['email_from']).'}]'; break; @@ -911,7 +911,7 @@ DB::insert( prefix_table("api"), array( - 'id' => null, + 'id' => null, 'type' => 'key', 'label' => $_POST['label'], 'value' => $_POST['key'], @@ -935,33 +935,33 @@ else // delete existing key if (isset($_POST['action']) && $_POST['action'] == "delete") { - DB::query("DELETE FROM ".prefix_table("api")." WHERE id = %i", $_POST['id']); + DB::query("DELETE FROM ".prefix_table("api")." WHERE id = %i", $_POST['id']); } echo '[{"error":"'.$error.'"}]'; break; - /* - * API save key - */ - case "admin_action_api_save_ip": - $error = ""; - // add new key - if (isset($_POST['action']) && $_POST['action'] == "add") { - DB::insert( + /* + * API save key + */ + case "admin_action_api_save_ip": + $error = ""; + // add new key + if (isset($_POST['action']) && $_POST['action'] == "add") { + DB::insert( prefix_table("api"), array( - 'id' => null, + 'id' => null, 'type' => 'ip', 'label' => $_POST['label'], 'value' => $_POST['key'], 'timestamp' => time() ) - ); - } - else - // update existing key - if (isset($_POST['action']) && $_POST['action'] == "update") { - DB::update( + ); + } + else + // update existing key + if (isset($_POST['action']) && $_POST['action'] == "update") { + DB::update( prefix_table("api"), array( 'label' => $_POST['label'], @@ -970,121 +970,121 @@ ), "id=%i", $_POST['id'] - ); - } - else - // delete existing key - if (isset($_POST['action']) && $_POST['action'] == "delete") { - DB::query("DELETE FROM ".prefix_table("api")." WHERE id=%i", $_POST['id']); - } - echo '[{"error":"'.$error.'"}]'; - break; - - case "save_api_status": - DB::query("SELECT * FROM ".prefix_table("misc")." WHERE type = %s AND intitule = %s", "admin", "api"); + ); + } + else + // delete existing key + if (isset($_POST['action']) && $_POST['action'] == "delete") { + DB::query("DELETE FROM ".prefix_table("api")." WHERE id=%i", $_POST['id']); + } + echo '[{"error":"'.$error.'"}]'; + break; + + case "save_api_status": + DB::query("SELECT * FROM ".prefix_table("misc")." WHERE type = %s AND intitule = %s", "admin", "api"); $counter = DB::count(); - if ($counter == 0) { - DB::insert( - prefix_table("misc"), - array( - 'type' => "admin", - "intitule" => "api", - 'valeur' => intval($_POST['status']) - ) - ); - } else { - DB::update( - prefix_table("misc"), - array( - 'valeur' => intval($_POST['status']) - ), - "type = %s AND intitule = %s", + if ($counter == 0) { + DB::insert( + prefix_table("misc"), + array( + 'type' => "admin", + "intitule" => "api", + 'valeur' => intval($_POST['status']) + ) + ); + } else { + DB::update( + prefix_table("misc"), + array( + 'valeur' => intval($_POST['status']) + ), + "type = %s AND intitule = %s", "admin", "api" - ); - } - $_SESSION['settings']['api'] = intval($_POST['status']); - break; + ); + } + $_SESSION['settings']['api'] = intval($_POST['status']); + break; - case "save_duo_status": - DB::query("SELECT * FROM ".prefix_table("misc")." WHERE type = %s AND intitule = %s", "admin", "duo"); + case "save_duo_status": + DB::query("SELECT * FROM ".prefix_table("misc")." WHERE type = %s AND intitule = %s", "admin", "duo"); $counter = DB::count(); - if ($counter == 0) { - DB::insert( - prefix_table("misc"), - array( - 'type' => "admin", - "intitule" => "duo", - 'valeur' => intval($_POST['status']) - ) - ); - } else { - DB::update( - prefix_table("misc"), - array( - 'valeur' => intval($_POST['status']) - ), - "type = %s AND intitule = %s", + if ($counter == 0) { + DB::insert( + prefix_table("misc"), + array( + 'type' => "admin", + "intitule" => "duo", + 'valeur' => intval($_POST['status']) + ) + ); + } else { + DB::update( + prefix_table("misc"), + array( + 'valeur' => intval($_POST['status']) + ), + "type = %s AND intitule = %s", "admin", "duo" - ); - } - $_SESSION['settings']['duo'] = intval($_POST['status']); - break; - - case "save_duo_in_sk_file": - // Check KEY and rights - if ($_POST['key'] != $_SESSION['key']) { - echo prepareExchangedData(array("error" => "ERR_KEY_NOT_CORRECT"), "encode"); - break; - } - // decrypt and retreive data in JSON format - $dataReceived = prepareExchangedData($_POST['data'], "decode"); - - // Prepare variables - $akey = htmlspecialchars_decode($dataReceived['akey']); - $ikey = htmlspecialchars_decode($dataReceived['ikey']); - $skey = htmlspecialchars_decode($dataReceived['skey']); - $host = htmlspecialchars_decode($dataReceived['host']); - - //get infos from SETTINGS.PHP file - $filename = $_SESSION['settings']['cpassman_dir'].'/includes/settings.php'; - if (file_exists($filename)) { - // get sk.php file path - $settingsFile = file($filename); - while (list($key,$val) = each($settingsFile)) { - if (substr_count($val, 'require_once "')>0 && substr_count($val, 'sk.php')>0) { - $tmp_skfile = substr($val, 14, strpos($val, '";')-14); - } - } - - // before perform a copy of sk.php file - if (file_exists($tmp_skfile)) { - //Do a copy of the existing file - if (!copy( - $tmp_skfile, - $tmp_skfile.'.'.date( - "Y_m_d", - mktime(0, 0, 0, date('m'), date('d'), date('y')) - ) - )) { - echo '[{"result" : "" , "error" : "Could NOT perform a copy of file: '.$tmp_skfile.'"}]'; - break; - } else { - unlink($tmp_skfile); - } - } else { - // send back an error - echo '[{"result" : "" , "error" : "Could NOT access file: '.$tmp_skfile.'"}]'; - break; - } - } - - // Write back values in sk.php file - $fh = fopen($tmp_skfile, 'w'); - $result2 = fwrite( - $fh, - utf8_encode( + ); + } + $_SESSION['settings']['duo'] = intval($_POST['status']); + break; + + case "save_duo_in_sk_file": + // Check KEY and rights + if ($_POST['key'] != $_SESSION['key']) { + echo prepareExchangedData(array("error" => "ERR_KEY_NOT_CORRECT"), "encode"); + break; + } + // decrypt and retreive data in JSON format + $dataReceived = prepareExchangedData($_POST['data'], "decode"); + + // Prepare variables + $akey = htmlspecialchars_decode($dataReceived['akey']); + $ikey = htmlspecialchars_decode($dataReceived['ikey']); + $skey = htmlspecialchars_decode($dataReceived['skey']); + $host = htmlspecialchars_decode($dataReceived['host']); + + //get infos from SETTINGS.PHP file + $filename = $_SESSION['settings']['cpassman_dir'].'/includes/settings.php'; + if (file_exists($filename)) { + // get sk.php file path + $settingsFile = file($filename); + while (list($key,$val) = each($settingsFile)) { + if (substr_count($val, 'require_once "')>0 && substr_count($val, 'sk.php')>0) { + $tmp_skfile = substr($val, 14, strpos($val, '";')-14); + } + } + + // before perform a copy of sk.php file + if (file_exists($tmp_skfile)) { + //Do a copy of the existing file + if (!copy( + $tmp_skfile, + $tmp_skfile.'.'.date( + "Y_m_d", + mktime(0, 0, 0, date('m'), date('d'), date('y')) + ) + )) { + echo '[{"result" : "" , "error" : "Could NOT perform a copy of file: '.$tmp_skfile.'"}]'; + break; + } else { + unlink($tmp_skfile); + } + } else { + // send back an error + echo '[{"result" : "" , "error" : "Could NOT access file: '.$tmp_skfile.'"}]'; + break; + } + } + + // Write back values in sk.php file + $fh = fopen($tmp_skfile, 'w'); + $result2 = fwrite( + $fh, + utf8_encode( "" - ) - ); - fclose($fh); - - - - // send data - echo '[{"result" : "'.addslashes($LANG['admin_duo_stored']).'" , "error" : ""}]'; - break; + ) + ); + fclose($fh); + + + + // send data + echo '[{"result" : "'.addslashes($LANG['admin_duo_stored']).'" , "error" : ""}]'; + break; case "save_fa_options": // Check KEY and rights @@ -1141,33 +1141,33 @@ $_SESSION['settings']['2factors_authentication'] = htmlspecialchars_decode($dataReceived['2factors_authentication']); // ga_website_name - if (!is_null($dataReceived['ga_website_name'])) { - DB::query("SELECT * FROM ".prefix_table("misc")." WHERE type = %s AND intitule = %s", "admin", "ga_website_name"); - $counter = DB::count(); - if ($counter == 0) { - DB::insert( - prefix_table("misc"), - array( - 'type' => "admin", - "intitule" => "ga_website_name", - 'valeur' => htmlspecialchars_decode($dataReceived['ga_website_name']) - ) - ); - } else { - DB::update( - prefix_table("misc"), - array( - 'valeur' => htmlspecialchars_decode($dataReceived['ga_website_name']) - ), - "type = %s AND intitule = %s", - "admin", - "ga_website_name" - ); - } - $_SESSION['settings']['ga_website_name'] = htmlspecialchars_decode($dataReceived['ga_website_name']); - } else { - $_SESSION['settings']['ga_website_name'] = ""; - } + if (!is_null($dataReceived['ga_website_name'])) { + DB::query("SELECT * FROM ".prefix_table("misc")." WHERE type = %s AND intitule = %s", "admin", "ga_website_name"); + $counter = DB::count(); + if ($counter == 0) { + DB::insert( + prefix_table("misc"), + array( + 'type' => "admin", + "intitule" => "ga_website_name", + 'valeur' => htmlspecialchars_decode($dataReceived['ga_website_name']) + ) + ); + } else { + DB::update( + prefix_table("misc"), + array( + 'valeur' => htmlspecialchars_decode($dataReceived['ga_website_name']) + ), + "type = %s AND intitule = %s", + "admin", + "ga_website_name" + ); + } + $_SESSION['settings']['ga_website_name'] = htmlspecialchars_decode($dataReceived['ga_website_name']); + } else { + $_SESSION['settings']['ga_website_name'] = ""; + } // send data echo '[{"result" : "'.addslashes($LANG['done']).'" , "error" : ""}]'; diff --git a/sources/identify.php b/sources/identify.php index 534273e44..e36e8ff55 100644 --- a/sources/identify.php +++ b/sources/identify.php @@ -79,7 +79,7 @@ // not used any more (only development purpose) if ($_POST['key'] != $_SESSION['key']) { echo '[{"error" : "something_wrong"}]'; - break; + return false; } // store some connection data in cookie setcookie( @@ -398,6 +398,7 @@ function identifyUser($sentData) ); $counter = DB::count(); if ($counter == 0) { + logEvents('user_not_exists', 'connection', "", stripslashes($username)); echo '[{"value" : "user_not_exists", "text":""}]'; exit; } @@ -435,7 +436,7 @@ function identifyUser($sentData) ); } - if ($proceedIdentification === true) { + if ($proceedIdentification === true && $user_initial_creation_through_ldap == false) { // User exists in the DB //$data = $db->fetchArray($row); @@ -473,6 +474,7 @@ function identifyUser($sentData) $userPasswordVerified = true; } else { $userPasswordVerified = false; + logEvents('user_password_not_correct', 'connection', "", stripslashes($username)); } if ($debugDuo == 1) { @@ -769,7 +771,11 @@ function identifyUser($sentData) } } } else { - $return = "false"; + if ($user_initial_creation_through_ldap == true) { + $return = "new_ldap_account_created"; + } else { + $return = "false"; + } } if ($debugDuo == 1) { @@ -780,10 +786,8 @@ function identifyUser($sentData) ); } - echo '[{"value" : "'.$return.'", "user_admin":"', - isset($_SESSION['user_admin']) ? $_SESSION['user_admin'] : "", - '", "initial_url" : "'.@$_SESSION['initial_url'].'", - "error" : "'.$logError.'"}]'; + echo '[{"value" : "'.$return.'", "user_admin":"', isset($_SESSION['user_admin']) ? $_SESSION['user_admin'] : "", '", "initial_url" : "'.@$_SESSION['initial_url'].'", "error" : "'.$logError.'"}]'; + $_SESSION['initial_url'] = ""; if ($_SESSION['settings']['cpassman_dir'] == "..") { $_SESSION['settings']['cpassman_dir'] = "."; diff --git a/sources/main.functions.php b/sources/main.functions.php index 69faaeeb9..5b6764500 100644 --- a/sources/main.functions.php +++ b/sources/main.functions.php @@ -155,9 +155,9 @@ function encrypt($decrypted, $personalSalt = "") } if (!empty($personalSalt)) { - $staticSalt = $personalSalt; + $staticSalt = $personalSalt; } else { - $staticSalt = SALT; + $staticSalt = SALT; } //set our salt to a variable @@ -196,9 +196,9 @@ function decrypt($encrypted, $personalSalt = "") } if (!empty($personalSalt)) { - $staticSalt = $personalSalt; + $staticSalt = $personalSalt; } else { - $staticSalt = SALT; + $staticSalt = SALT; } //base64 decode the entire payload $encrypted = base64_decode($encrypted); @@ -365,18 +365,18 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi $tree = new SplClassLoader('Tree\NestedTree', $_SESSION['settings']['cpassman_dir'].'/includes/libraries'); $tree->register(); $tree = new Tree\NestedTree\NestedTree(prefix_table("nested_tree"), 'id', 'parent_id', 'title'); -//echo " ici12"; + // Check if user is ADMINISTRATOR if ($isAdmin == 1) { $groupesVisibles = array(); - $_SESSION['personal_folders'] = array(); + $_SESSION['personal_folders'] = array(); $_SESSION['groupes_visibles'] = array(); $_SESSION['groupes_interdits'] = array(); $_SESSION['personal_visible_groups'] = array(); $_SESSION['read_only_folders'] = array(); $_SESSION['list_restricted_folders_for_items'] = array(); $_SESSION['groupes_visibles_list'] = ""; - $_SESSION['list_folders_limited'] = ""; + $_SESSION['list_folders_limited'] = ""; $rows = DB::query("SELECT id FROM ".prefix_table("nested_tree")." WHERE personal_folder = %i", 0); foreach ($rows as $record) { array_push($groupesVisibles, $record['id']); @@ -385,11 +385,9 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi $_SESSION['all_non_personal_folders'] = $groupesVisibles; // Exclude all PF $_SESSION['forbiden_pfs'] = array(); - //$sql = "SELECT id FROM ".prefix_table("nested_tree")." WHERE personal_folder = 1"; $where = new WhereClause('and'); // create a WHERE statement of pieces joined by ANDs $where->add('personal_folder=%i', 1); if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) { - //$sql .= " AND title != '".$_SESSION['user_id']."'"; $where->add('title=%s', $_SESSION['user_id']); $where->negateLast(); } @@ -423,7 +421,7 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi } else { // init $_SESSION['groupes_visibles'] = array(); - $_SESSION['personal_folders'] = array(); + $_SESSION['personal_folders'] = array(); $_SESSION['groupes_interdits'] = array(); $_SESSION['personal_visible_groups'] = array(); $_SESSION['read_only_folders'] = array(); @@ -537,13 +535,13 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi $pf = DB::queryfirstrow("SELECT id FROM ".prefix_table("nested_tree")." WHERE title = %s", $_SESSION['user_id']); if (!empty($pf['id'])) { if (!in_array($pf['id'], $listAllowedFolders)) { - array_push($_SESSION['personal_folders'], $pf['id']); + array_push($_SESSION['personal_folders'], $pf['id']); // get all descendants $ids = $tree->getDescendants($pf['id'], true); foreach ($ids as $id) { array_push($listAllowedFolders, $id->id); array_push($_SESSION['personal_visible_groups'], $id->id); - array_push($_SESSION['personal_folders'], $id->id); + array_push($_SESSION['personal_folders'], $id->id); } } } @@ -558,7 +556,7 @@ function identifyUserRights($groupesVisiblesUser, $groupesInterditsUser, $isAdmi $folderId, $fonctionsAssociees, array("W","ND","NE","NDNE") - + ); if (DB::count() == 0 && !in_array($folderId, $groupesVisiblesUser)) { array_push($listReadOnlyFolders, $folderId); @@ -639,16 +637,16 @@ function logEvents($type, $label, $who, $login="", $field_1 = NULL) 'date' => time(), 'label' => $label, 'qui' => $who, - 'field_1' => $field_1 + 'field_1' => $field_1 ) ); - if (isset($_SESSION['settings']['syslog_enable']) && $_SESSION['settings']['syslog_enable'] == 1) { - if ($type == "user_mngt"){ - send_syslog("The User " .$login. " perform the acction off " .$label. " to the user " .$field_1. " - " .$type,"teampass","php",$_SESSION['settings']['syslog_host'],$_SESSION['settings']['syslog_port']); - } else { - send_syslog("The User " .$login. " perform the acction off " .$label. " - " .$type,"teampass","php",$_SESSION['settings']['syslog_host'],$_SESSION['settings']['syslog_port']); - } - } + if (isset($_SESSION['settings']['syslog_enable']) && $_SESSION['settings']['syslog_enable'] == 1) { + if ($type == "user_mngt"){ + send_syslog("The User " .$login. " perform the acction off " .$label. " to the user " .$field_1. " - " .$type,"teampass","php",$_SESSION['settings']['syslog_host'],$_SESSION['settings']['syslog_port']); + } else { + send_syslog("The User " .$login. " perform the acction off " .$label. " - " .$type,"teampass","php",$_SESSION['settings']['syslog_host'],$_SESSION['settings']['syslog_port']); + } + } } /** @@ -1108,14 +1106,14 @@ function prefix_table($table) */ function GenerateCryptKey($size) { - return PHP_Crypt::createKey(PHP_Crypt::RAND, $size); + return PHP_Crypt::createKey(PHP_Crypt::RAND, $size); } function send_syslog($message, $component = "teampass", $program = "php", $host , $port) { $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP); //$syslog_message = "<123>" . date('M d H:i:s ') . " " .$host . " " . $component . ": " . $message; - $syslog_message = "<123>" . date('M d H:i:s ') . $component . ": " . $message; + $syslog_message = "<123>" . date('M d H:i:s ') . $component . ": " . $message; socket_sendto($sock, $syslog_message, strlen($syslog_message), 0, $host, $port); socket_close($sock); } @@ -1135,14 +1133,14 @@ function logItems($id, $item, $id_user, $action, $login = "", $raison = NULL, $r $link = mysqli_connect($server, $user, $pass, $database, $port); $link->set_charset($encoding); DB::insert( - prefix_table("log_items"), + prefix_table("log_items"), array( 'id_item' => $id, 'date' => time(), 'id_user' => $id_user, 'action' => $action, - 'raison' => $raison, - 'raison_iv' => $raison_iv + 'raison' => $raison, + 'raison_iv' => $raison_iv ) ); if (isset($_SESSION['settings']['syslog_enable']) && $_SESSION['settings']['syslog_enable'] == 1) {