2006-04-26 12:28:53 +00:00
|
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
$Id: m_mem.php,v 1.19 2006/01/12 08:04:43 anarcat Exp $
|
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
|
LICENSE
|
|
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
|
modify it under the terms of the GNU General Public License (GPL)
|
|
|
|
|
as published by the Free Software Foundation; either version 2
|
|
|
|
|
of the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
To read the license please visit http://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
|
Original Author of file: Benjamin Sonntag
|
|
|
|
|
Purpose of file: Manage Login session on the virtual desktop and
|
|
|
|
|
member parameters
|
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
|
*/
|
|
|
|
|
/**
|
|
|
|
|
* This class manage user sessions in the web desktop.
|
|
|
|
|
*
|
|
|
|
|
* This class manage user sessions and administration in AlternC.
|
|
|
|
|
* @copyright AlternC-Team 2002-2005 http://alternc.org/
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
class m_mem {
|
|
|
|
|
|
|
|
|
|
/** Original uid for the temporary uid swapping (for administrators) */
|
|
|
|
|
var $olduid=0;
|
|
|
|
|
|
|
|
|
|
/** This array contains the Tableau contenant les champs de la table "membres" du membre courant
|
|
|
|
|
* Ce tableau est utilisable globalement par toutes les classes filles.
|
|
|
|
|
*/
|
|
|
|
|
var $user;
|
|
|
|
|
/** Tableau contenant les champs de la table "local" du membre courant
|
|
|
|
|
* Ce tableau est utilisable globalement par toutes les classes filles.
|
|
|
|
|
* Note : les champs de "local" sont sp<EFBFBD>cifiques <EFBFBD> l'h<EFBFBD>bergeur.
|
|
|
|
|
*/
|
|
|
|
|
var $local;
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/**
|
|
|
|
|
* Constructeur
|
|
|
|
|
*/
|
|
|
|
|
function m_mem() {
|
|
|
|
|
}
|
|
|
|
|
|
2009-11-30 05:02:53 +00:00
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/**
|
|
|
|
|
* Password kind used in this class (hook for admin class)
|
|
|
|
|
*/
|
|
|
|
|
function alternc_password_policy() {
|
|
|
|
|
return array("mem"=>"AlternC's account password");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2006-04-26 12:28:53 +00:00
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Check that the current user is an admnistrator.
|
|
|
|
|
* @return boolean TRUE if we are super user, or FALSE if we are not.
|
|
|
|
|
*/
|
|
|
|
|
function checkright() {
|
|
|
|
|
return ($this->user["su"]=="1");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Start a session in the web desktop. Check username and password.
|
|
|
|
|
* <b>Note : </b>If the user entered a bas password, the failure will be logged
|
|
|
|
|
* and told to the corresponding user on next successfull login.
|
|
|
|
|
* @param $username string Username that want to get connected.
|
|
|
|
|
* @param $password string User Password.
|
|
|
|
|
* @return boolean TRUE if the user has been successfully connected, or FALSE if an error occured.
|
|
|
|
|
*/
|
2011-06-03 17:08:44 +00:00
|
|
|
|
function login($username,$password,$restrictip=0,$authip_token=false) {
|
|
|
|
|
global $db,$err,$cuid, $authip;
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$err->log("mem","login",$username);
|
|
|
|
|
// $username=addslashes($username);
|
|
|
|
|
// $password=addslashes($password);
|
|
|
|
|
$db->query("select * from membres where login='$username';");
|
|
|
|
|
if ($db->num_rows()==0) {
|
|
|
|
|
$err->raise("mem",1);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$db->next_record();
|
|
|
|
|
if (_md5cr($password,$db->f("pass"))!=$db->f("pass")) {
|
|
|
|
|
$db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid='".$db->f("uid")."';");
|
|
|
|
|
$err->raise("mem",1);
|
|
|
|
|
return false;
|
2006-04-26 16:12:08 +00:00
|
|
|
|
}
|
2006-04-26 12:28:53 +00:00
|
|
|
|
if (!$db->f("enabled")) {
|
|
|
|
|
$err->raise("mem",2);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$this->user=$db->Record;
|
|
|
|
|
$cuid=$db->f("uid");
|
2011-06-03 17:08:44 +00:00
|
|
|
|
|
|
|
|
|
// AuthIP
|
|
|
|
|
$allowed_ip=false;
|
|
|
|
|
if ( $authip_token ) $allowed_ip = $this->authip_tokencheck($authip_token);
|
|
|
|
|
|
|
|
|
|
$aga = $authip->get_allowed('panel');
|
|
|
|
|
foreach ($aga as $k=>$v ) {
|
|
|
|
|
if ( $authip->is_in_subnet(getenv("REMOTE_ADDR"), $v['ip'], $v['subnet']) ) $allowed=true ;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Error if there is rules, the IP is not allowed and it's not in the whitelisted IP
|
|
|
|
|
if ( sizeof($aga)>1 && !$allowed_ip && !$authip->is_wl(getenv("REMOTE_ADDR")) ) {
|
|
|
|
|
$err->raise("mem",42); // FIXME have a real error code -- Votre ip est pas authoris<69>e
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
// End AuthIP
|
|
|
|
|
|
2006-04-26 12:28:53 +00:00
|
|
|
|
if ($restrictip) {
|
2010-08-04 14:35:28 +00:00
|
|
|
|
$ip="'".getenv("REMOTE_ADDR")."'";
|
|
|
|
|
} else $ip="''";
|
2006-04-26 12:28:53 +00:00
|
|
|
|
/* Close sessions that are more than 2 days old. */
|
|
|
|
|
$db->query("DELETE FROM sessions WHERE DATE_ADD(ts,INTERVAL 2 DAY)<NOW();");
|
|
|
|
|
/* Open the session : */
|
2010-08-04 14:35:28 +00:00
|
|
|
|
$_REQUEST["session"]=md5(uniqid(mt_rand()));
|
|
|
|
|
$db->query("insert into sessions (sid,ip,uid) values ('".$_REQUEST["session"]."',$ip,'$cuid');");
|
|
|
|
|
setcookie("session",$_REQUEST["session"],0,"/");
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$err->error=0;
|
|
|
|
|
/* Fill in $local */
|
|
|
|
|
$db->query("SELECT * FROM local WHERE uid='$cuid';");
|
|
|
|
|
if ($db->num_rows()) {
|
|
|
|
|
$db->next_record();
|
|
|
|
|
$this->local=$db->Record;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Start a session as another user from an administrator account.
|
|
|
|
|
* This function is not the same as su. setid connect the current user in the destination
|
|
|
|
|
* account (for good), and su allow any user to become another account for some commands only.
|
|
|
|
|
* (del_user, add_user ...) and allow to bring back admin rights with unsu
|
|
|
|
|
*
|
|
|
|
|
* @param $id integer User id where we will connect to.
|
|
|
|
|
* @return boolean TRUE if the user has been successfully connected, FALSE else.
|
|
|
|
|
*/
|
|
|
|
|
function setid($id) {
|
2010-08-04 14:35:28 +00:00
|
|
|
|
global $db,$err,$cuid;
|
2012-04-06 10:10:36 +00:00
|
|
|
|
$err->log("mem","setid",$id);
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$db->query("select * from membres where uid='$id';");
|
|
|
|
|
if ($db->num_rows()==0) {
|
|
|
|
|
$err->raise("mem",1);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$db->next_record();
|
|
|
|
|
$this->user=$db->Record;
|
|
|
|
|
$cuid=$db->f("uid");
|
|
|
|
|
$ip=getenv("REMOTE_ADDR");
|
2010-08-04 14:35:28 +00:00
|
|
|
|
$_REQUEST["session"]=md5(uniqid(mt_rand()));
|
|
|
|
|
$db->query("insert into sessions (sid,ip,uid) values ('".$_REQUEST["session"]."','$ip','$cuid');");
|
|
|
|
|
setcookie("session",$_REQUEST["session"],0,"/");
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$err->error=0;
|
|
|
|
|
/* Fill in $local */
|
|
|
|
|
$db->query("SELECT * FROM local WHERE uid='$cuid';");
|
|
|
|
|
if ($db->num_rows()) {
|
|
|
|
|
$db->next_record();
|
|
|
|
|
$this->local=$db->Record;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Suite <EFBFBD> la connexion de l'utilisateur, r<EFBFBD>initialise ses param<EFBFBD>tres de derni<EFBFBD>re connexion
|
|
|
|
|
*/
|
|
|
|
|
function resetlast() {
|
|
|
|
|
global $db,$cuid;
|
|
|
|
|
$ip=addslashes(getenv("REMOTE_HOST"));
|
|
|
|
|
if (!$ip) $ip=addslashes(getenv("REMOTE_ADDR"));
|
|
|
|
|
$db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip='$ip' WHERE uid='$cuid';");
|
|
|
|
|
}
|
|
|
|
|
|
2011-06-03 17:08:44 +00:00
|
|
|
|
function authip_token($bis=false) {
|
|
|
|
|
global $db,$cuid;
|
|
|
|
|
$db->query("select pass from membres where uid='$cuid';");
|
|
|
|
|
$db->next_record();
|
|
|
|
|
$i=intval(time()/3600);
|
|
|
|
|
if ($bis) ++$i;
|
|
|
|
|
return md5("$i--".$db->f('pass'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function authip_tokencheck($t) {
|
|
|
|
|
if ($t==$this->authip_token() || $t==$this->authip_token(true) ) return true;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-06 10:10:36 +00:00
|
|
|
|
/* Faut finir de l'impl<EFBFBD>menter :)
|
2011-06-03 17:08:44 +00:00
|
|
|
|
function authip_class() {
|
|
|
|
|
global $cuid;
|
|
|
|
|
$c = Array();
|
|
|
|
|
$c['name']="Panel access";
|
|
|
|
|
$c['protocol']="panel";
|
|
|
|
|
$c['values']=Array($cuid=>'');
|
|
|
|
|
|
|
|
|
|
return $c;
|
|
|
|
|
}
|
2012-04-06 10:10:36 +00:00
|
|
|
|
*/
|
2011-06-03 17:08:44 +00:00
|
|
|
|
|
2006-04-26 12:28:53 +00:00
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** V<EFBFBD>rifie que la session courante est correcte (cookie ok et ip valide).
|
|
|
|
|
* Si besoin, et si r<EFBFBD>ception des champs username & password, cr<EFBFBD>e une nouvelle
|
|
|
|
|
* session pour l'utilisateur annonc<EFBFBD>.
|
|
|
|
|
* Cette fonction doit <EFBFBD>tre appell<EFBFBD>e <EFBFBD> chaque page devant <EFBFBD>tre authentifi<EFBFBD>e.
|
|
|
|
|
* et AVANT d'<EFBFBD>mettre des donn<EFBFBD>es. (un cookie peut <EFBFBD>tre envoy<EFBFBD>)
|
|
|
|
|
* @global string $session Le cookie de session eventuel
|
|
|
|
|
* @global string $username/password le login/pass de l'utilisateur
|
|
|
|
|
* @return TRUE si la session est correcte, FALSE sinon.
|
|
|
|
|
*/
|
2007-09-09 21:55:18 +00:00
|
|
|
|
function checkid() {
|
2011-06-03 17:08:44 +00:00
|
|
|
|
global $db,$err,$cuid,$restrictip,$authip;
|
2012-04-06 10:10:36 +00:00
|
|
|
|
if (isset($_REQUEST["username"])) {
|
|
|
|
|
if ($_REQUEST["username"] && $_REQUEST["password"]) {
|
|
|
|
|
return $this->login($_REQUEST["username"],$_REQUEST["password"],$_REQUEST["restrictip"]);
|
|
|
|
|
}
|
|
|
|
|
} // end isset
|
|
|
|
|
$_COOKIE["session"]=isset($_COOKIE["session"])?addslashes($_COOKIE["session"]):"";
|
2010-08-04 14:35:28 +00:00
|
|
|
|
if (strlen($_COOKIE["session"])!=32) {
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$err->raise("mem",3);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$ip=getenv("REMOTE_ADDR");
|
2010-08-04 14:35:28 +00:00
|
|
|
|
$db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'");
|
2006-04-26 12:28:53 +00:00
|
|
|
|
if ($db->num_rows()==0) {
|
|
|
|
|
$err->raise("mem",4);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$db->next_record();
|
|
|
|
|
if ($db->f("ip")) {
|
|
|
|
|
if ($db->f("me")!=$db->f("ip")) {
|
2011-06-03 17:08:44 +00:00
|
|
|
|
$err->raise("mem",5);
|
|
|
|
|
return false;
|
2006-04-26 12:28:53 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$cuid=$db->f("uid");
|
|
|
|
|
$db->query("select * from membres where uid='$cuid';");
|
|
|
|
|
$db->next_record();
|
|
|
|
|
$this->user=$db->Record;
|
|
|
|
|
$err->error=0;
|
|
|
|
|
/* Remplissage de $local */
|
|
|
|
|
$db->query("SELECT * FROM local WHERE uid='$cuid';");
|
|
|
|
|
if ($db->num_rows()) {
|
|
|
|
|
$db->next_record();
|
|
|
|
|
$this->local=$db->Record;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Change l'identit<69> d'un utilisateur temporairement.
|
|
|
|
|
* @global string $uid Utilisateur dont on prends l'identit<EFBFBD>
|
|
|
|
|
* @return TRUE si la session est correcte, FALSE sinon.
|
|
|
|
|
*/
|
|
|
|
|
function su($uid) {
|
|
|
|
|
global $cuid,$db,$err;
|
|
|
|
|
if (!$this->olduid)
|
2011-06-03 17:08:44 +00:00
|
|
|
|
$this->olduid=$cuid;
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$db->query("select * from membres where uid='$uid';");
|
|
|
|
|
if ($db->num_rows()==0) {
|
|
|
|
|
$err->raise("mem",1);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$db->next_record();
|
|
|
|
|
$this->user=$db->Record;
|
|
|
|
|
$cuid=$db->f("uid");
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Retourne a l'identite d'origine de l'utilisateur apres su.
|
|
|
|
|
* @return TRUE si la session est correcte, FALSE sinon.
|
|
|
|
|
*/
|
|
|
|
|
function unsu() {
|
|
|
|
|
global $cuid;
|
|
|
|
|
if (!$this->olduid)
|
|
|
|
|
return false;
|
|
|
|
|
$this->su($this->olduid);
|
|
|
|
|
$this->olduid=0;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Termine une session du bureau virtuel (logout)
|
|
|
|
|
* @return boolean TRUE si la session a bien <EFBFBD>t<EFBFBD> d<EFBFBD>truite, FALSE sinon.
|
|
|
|
|
*/
|
|
|
|
|
function del_session() {
|
2010-08-04 14:35:28 +00:00
|
|
|
|
global $db,$user,$err,$cuid,$classes;
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$err->log("mem","del_session");
|
2011-03-06 20:43:51 +00:00
|
|
|
|
$_COOKIE["session"]=addslashes(isset($_COOKIE["session"])?$_COOKIE["session"]:'');
|
2006-04-26 12:28:53 +00:00
|
|
|
|
setcookie("session","",0,"/");
|
2011-03-04 12:29:37 +00:00
|
|
|
|
setcookie("oldid","",0,"/admin/");
|
2010-08-04 14:35:28 +00:00
|
|
|
|
if ($_COOKIE["session"]=="") {
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$err->error=0;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2010-08-04 14:35:28 +00:00
|
|
|
|
if (strlen($_COOKIE["session"])!=32) {
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$err->raise("mem",3);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$ip=getenv("REMOTE_ADDR");
|
2010-08-04 14:35:28 +00:00
|
|
|
|
$db->query("select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE["session"]."'");
|
2006-04-26 12:28:53 +00:00
|
|
|
|
if ($db->num_rows()==0) {
|
|
|
|
|
$err->raise("mem",4);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$db->next_record();
|
|
|
|
|
if ($db->f("me")!=$db->f("ip")) {
|
|
|
|
|
$err->raise("mem",5);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$cuid=$db->f("uid");
|
2010-08-04 14:35:28 +00:00
|
|
|
|
$db->query("delete from sessions where sid='".$_COOKIE["session"]."';");
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$err->error=0;
|
2008-01-21 18:50:55 +00:00
|
|
|
|
|
|
|
|
|
# Invoker le logout dans toutes les autres classes
|
|
|
|
|
foreach($classes as $c) {
|
|
|
|
|
if (method_exists($GLOBALS[$c],"alternc_del_session")) {
|
2012-04-06 10:10:36 +00:00
|
|
|
|
$GLOBALS[$c]->alternc_del_session();
|
2008-01-21 18:50:55 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
2006-04-26 12:28:53 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Change le mot de passe de l'utilisateur courant.
|
|
|
|
|
* @param string $oldpass Ancien mot de passe.
|
|
|
|
|
* @param string $newpass Nouveau mot de passe
|
|
|
|
|
* @param string $newpass2 Nouveau mot de passe (<EFBFBD> nouveau)
|
|
|
|
|
* @return boolean TRUE si le mot de passe a <EFBFBD>t<EFBFBD> chang<EFBFBD>, FALSE sinon.
|
|
|
|
|
*/
|
|
|
|
|
function passwd($oldpass,$newpass,$newpass2) {
|
2010-02-01 22:13:31 +00:00
|
|
|
|
global $db,$err,$cuid,$admin;
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$err->log("mem","passwd");
|
|
|
|
|
$oldpass=stripslashes($oldpass);
|
|
|
|
|
$newpass=stripslashes($newpass);
|
|
|
|
|
$newpass2=stripslashes($newpass2);
|
|
|
|
|
if (!$this->user["canpass"]) {
|
|
|
|
|
$err->raise("mem",11);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if ($this->user["pass"]!=_md5cr($oldpass,$this->user["pass"])) {
|
|
|
|
|
$err->raise("mem",6);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if ($newpass!=$newpass2) {
|
|
|
|
|
$err->raise("mem",7);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (strlen($newpass)<3) {
|
|
|
|
|
$err->raise("mem",8);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2010-02-01 22:13:31 +00:00
|
|
|
|
$db->query("SELECT login FROM membres WHERE uid='$cuid';");
|
|
|
|
|
$db->next_record();
|
|
|
|
|
$login=$db->Record["login"];
|
|
|
|
|
if (!$admin->checkPolicy("mem",$login,$newpass)) {
|
|
|
|
|
return false; // The error has been raised by checkPolicy()
|
|
|
|
|
}
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$newpass=_md5cr($newpass);
|
|
|
|
|
$db->query("UPDATE membres SET pass='$newpass' WHERE uid='$cuid';");
|
|
|
|
|
$err->error=0;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Change les pr<EFBFBD>f<EFBFBD>rences administrateur d'un compte
|
|
|
|
|
* @param integer $admlist Mode de visualisation des membres (0=large 1=courte)
|
|
|
|
|
* @return boolean TRUE si les pr<EFBFBD>f<EFBFBD>rences ont <EFBFBD>t<EFBFBD> chang<EFBFBD>es, FALSE sinon.
|
|
|
|
|
*/
|
|
|
|
|
function adminpref($admlist) {
|
|
|
|
|
global $db,$err,$cuid;
|
|
|
|
|
$err->log("mem","admlist");
|
|
|
|
|
if (!$this->user["su"]) {
|
|
|
|
|
$err->raise("mem",12);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$db->query("UPDATE membres SET admlist='$admlist' WHERE uid='$cuid';");
|
|
|
|
|
$err->error=0;
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Envoie en mail le mot de passe d'un compte.
|
|
|
|
|
* <b>Note : </b>On ne peut demander le mot de passe qu'une seule fois par jour.
|
|
|
|
|
* TODO : Translate this mail into the localization program.
|
|
|
|
|
* TODO : Check this function's !
|
|
|
|
|
* @return boolean TRUE si le mot de passe a <EFBFBD>t<EFBFBD> envoy<EFBFBD> avec succ<EFBFBD>s, FALSE sinon.
|
|
|
|
|
*/
|
|
|
|
|
function send_pass($login) {
|
|
|
|
|
global $err,$db,$L_HOSTING,$L_FQDN;
|
|
|
|
|
$err->log("mem","send_pass");
|
|
|
|
|
$db->query("SELECT * FROM membres WHERE login='$login';");
|
|
|
|
|
if (!$db->num_rows()) {
|
|
|
|
|
$err->raise("mem",2);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$db->next_record();
|
|
|
|
|
if (time()-$db->f("lastaskpass")<86400) {
|
|
|
|
|
$err->raise("mem",7);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$txt="Bonjour,
|
|
|
|
|
Il semblerait que vous ayez demand<EFBFBD> <EFBFBD> recevoir le mot de passe du
|
|
|
|
|
compte ".$login." sur $L_HOSTING
|
|
|
|
|
Voici donc le nom d'utilisateur et le mot de passe qui vous
|
|
|
|
|
permettront de rentrer sur le bureau virtuel :
|
|
|
|
|
|
|
|
|
|
--------------------------------------
|
|
|
|
|
|
|
|
|
|
Nom d'utilisateur : ".$db->f("login")."
|
|
|
|
|
|
|
|
|
|
Mot de passe : ".$db->f("pass")."
|
|
|
|
|
|
|
|
|
|
--------------------------------------
|
|
|
|
|
|
|
|
|
|
Note : si vous n'avez pas fait cette demande, cela signifie que
|
|
|
|
|
quelqu'un l'a faite pour vous. Vous pouvez donc ignorer ce message.
|
|
|
|
|
Si cela se reproduit, n'h<>sitez pas <20> contacter l'administrateur
|
|
|
|
|
de votre serveur.
|
|
|
|
|
|
|
|
|
|
Cordialement.
|
|
|
|
|
";
|
|
|
|
|
mail($db->f("mail"),"Votre mot de passe sur $L_HOSTING",$txt,"From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
|
|
|
|
|
$db->query("UPDATE membres SET lastaskpass=".time()." WHERE login='$login';");
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Change le mail d'un membre (premi<EFBFBD>re etape, envoi du CookiE)
|
|
|
|
|
* TODO : insert this mail string into the localization system
|
|
|
|
|
* @param string $newmail Nouveau mail souhait<EFBFBD> pour le membre.
|
|
|
|
|
* @return string le cookie si le mail a bien <EFBFBD>t<EFBFBD> envoy<EFBFBD>, FALSE sinon
|
|
|
|
|
*/
|
|
|
|
|
function ChangeMail1($newmail) {
|
|
|
|
|
global $err,$db,$L_HOSTING,$L_FQDN,$cuid;
|
|
|
|
|
$err->log("mem","changemail1",$newmail);
|
|
|
|
|
$db->query("SELECT * FROM membres WHERE uid='$cuid';");
|
|
|
|
|
if (!$db->num_rows()) {
|
|
|
|
|
$err->raise("mem",2);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$db->next_record();
|
|
|
|
|
|
|
|
|
|
// un cookie de 20 caract<63>res pour le mail
|
|
|
|
|
$COOKIE=substr(md5(uniqid(rand(),1)),0,20);
|
|
|
|
|
// et de 6 pour la cl<63> <20> entrer. ca me semble suffisant...
|
|
|
|
|
$KEY=substr(md5(uniqid(rand(),1)),0,6);
|
|
|
|
|
// TODO : Translate this and insert this in alternc.po
|
|
|
|
|
$txt="Bonjour,
|
|
|
|
|
Quelqu'un (peut-etre vous) a demand<6E> le changement de l'email du compte
|
|
|
|
|
".$db->f("login")." sur $L_HOSTING
|
|
|
|
|
Afin de confirmer que cet email est valide, merci de vous rendre <EFBFBD> l'adresse
|
|
|
|
|
ci-dessous :
|
|
|
|
|
|
|
|
|
|
https://$L_FQDN/admin/mem_cm.php?usr=$cuid&cookie=$COOKIE
|
|
|
|
|
|
|
|
|
|
(attention : si cette adresse est coup<EFBFBD>e sur 2 lignes, ne pas oublier de
|
|
|
|
|
reconstituer sur une seule ligne). Le bureau vous demandera la cl<EFBFBD> qui vous
|
|
|
|
|
a <EFBFBD>t<EFBFBD> donn<EFBFBD>e lors de la demande de changement d'email.
|
|
|
|
|
|
|
|
|
|
Note : si vous n'avez pas fait cette demande, cela signifie que quelqu'un
|
|
|
|
|
l'a faite pour vous. Vous pouvez donc ignorer ce message. Si cela se
|
|
|
|
|
reproduit, n'h<>sitez pas <20> contacter l'administrateur de votre serveur.
|
|
|
|
|
|
|
|
|
|
Cordialement.
|
|
|
|
|
";
|
|
|
|
|
mail($newmail,"Changement d'email sur $L_HOSTING",$txt,"From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
|
|
|
|
|
// Supprime les demandes pr<70>c<EFBFBD>dentes de ce compte !
|
|
|
|
|
$db->query("DELETE FROM chgmail WHERE uid='$cuid';");
|
|
|
|
|
$db->query("INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ('$COOKIE','$KEY','$cuid','$newmail',".time().");");
|
|
|
|
|
// Supprime les cookies de la veille :)
|
|
|
|
|
$lts=time()-86400;
|
|
|
|
|
$db->query("DELETE FROM chgmail WHERE ts<'$lts';");
|
|
|
|
|
return $KEY;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Change le mail d'un membre (seconde etape, CookiE+cl<EFBFBD> = application)
|
|
|
|
|
* @param string $COOKIE Cookie envoy<EFBFBD> par mail
|
|
|
|
|
* @param string $KEY cl<EFBFBD> affich<EFBFBD>e <EFBFBD> l'<EFBFBD>cran
|
|
|
|
|
* @param integer $uid Utilisateur concern<EFBFBD> (on est hors session)
|
|
|
|
|
* @return TRUE si le mail a bien <EFBFBD>t<EFBFBD> modifi<EFBFBD>, FALSE sinon
|
|
|
|
|
*/
|
|
|
|
|
function ChangeMail2($COOKIE,$KEY,$uid) {
|
|
|
|
|
global $err,$db,$L_HOSTING,$L_FQDN;
|
|
|
|
|
$err->log("mem","changemail2",$uid);
|
|
|
|
|
$db->query("SELECT * FROM chgmail WHERE cookie='$COOKIE' and ckey='$KEY' and uid='$uid';");
|
|
|
|
|
if (!$db->num_rows()) {
|
|
|
|
|
$err->raise("mem",9);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$db->next_record();
|
|
|
|
|
|
|
|
|
|
// met <20> jour le compte :
|
|
|
|
|
$db->query("UPDATE membres SET mail='".$db->f("mail")."' WHERE uid='$uid';");
|
|
|
|
|
|
|
|
|
|
$db->query("DELETE FROM chgmail WHERE uid='$uid';");
|
|
|
|
|
// Supprime les cookies de la veille :)
|
|
|
|
|
$lts=time()-86400;
|
|
|
|
|
$db->query("DELETE FROM chgmail WHERE ts<'$lts';");
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Modifie le param<EFBFBD>tre d'aide en ligne (1/0)
|
|
|
|
|
* @param integer $show Faut-il (1) ou non (0) afficher l'aide en ligne
|
|
|
|
|
*/
|
|
|
|
|
function set_help_param($show) {
|
|
|
|
|
global $db,$err,$cuid;
|
|
|
|
|
$err->log("mem","set_help_param",$show);
|
|
|
|
|
$db->query("UPDATE membres SET show_help='$show' WHERE uid='$cuid';");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Dit si l'aide en ligne est demand<EFBFBD>e
|
|
|
|
|
* @return boolean TRUE si l'aide en ligne est demand<EFBFBD>e, FALSE sinon.
|
|
|
|
|
*/
|
|
|
|
|
function get_help_param() {
|
|
|
|
|
return $this->user["show_help"];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/** Affiche (echo) l'aide contextuelle
|
|
|
|
|
* @param integer $file Num<EFBFBD>ro de fichier d'aide <EFBFBD> afficher.
|
|
|
|
|
* @return TRUE si l'aide contextuelle a <EFBFBD>t<EFBFBD> trouv<EFBFBD>e, FALSE sinon
|
|
|
|
|
*/
|
2009-09-08 05:29:38 +00:00
|
|
|
|
function show_help($file,$force=false) {
|
2006-04-26 12:28:53 +00:00
|
|
|
|
global $err;
|
2011-03-06 18:06:27 +00:00
|
|
|
|
$err->log("mem","show_help");
|
2009-09-08 05:29:38 +00:00
|
|
|
|
if ($this->user["show_help"] || $force) {
|
2006-04-26 12:28:53 +00:00
|
|
|
|
$hlp=_("hlp_$file");
|
|
|
|
|
if ($hlp!="hlp_$file") {
|
2011-06-17 10:32:21 +00:00
|
|
|
|
$hlp=preg_replace(
|
|
|
|
|
"#HELPID_([0-9]*)#",
|
2006-04-26 12:28:53 +00:00
|
|
|
|
"<a href=\"javascript:help(\\1);\"><img src=\"/admin/aide/help.png\" width=\"17\" height=\"17\" style=\"vertical-align: middle;\" alt=\""._("Help")."\" /></a>",$hlp);
|
2011-03-06 18:06:27 +00:00
|
|
|
|
echo "<p class=\"hlp\">".$hlp."</p>";
|
|
|
|
|
return true;
|
2006-04-26 12:28:53 +00:00
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} else {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------- */
|
|
|
|
|
/**
|
|
|
|
|
* Exports all the personnal user related information for an account.
|
|
|
|
|
* @access private
|
|
|
|
|
*/
|
2012-02-28 14:48:45 +00:00
|
|
|
|
function alternc_export_conf() {
|
2006-04-26 12:28:53 +00:00
|
|
|
|
global $db,$err;
|
|
|
|
|
$err->log("mem","export");
|
2012-05-21 15:58:20 +00:00
|
|
|
|
$str=" <member>\n";
|
2012-02-28 14:48:45 +00:00
|
|
|
|
$users=$this->user;
|
2012-05-21 15:58:20 +00:00
|
|
|
|
$str.=" <uid>".$users["uid"]."</uid>\n";
|
|
|
|
|
$str.=" <login>".$users["login"]."</login>\n";
|
|
|
|
|
$str.=" <enabled>".$users["enabled"]."</enabled>\n";
|
|
|
|
|
$str.=" <su>".$users["su"]."</su>\n";
|
|
|
|
|
$str.=" <password>".$users["pass"]."</password>\n";
|
|
|
|
|
$str.=" <mail>".$users["mail"]."</mail>\n";
|
|
|
|
|
$str.=" <created>".$users["created"]."</created>\n";
|
|
|
|
|
$str.=" <lastip>".$users["lastip"]."</lastip>\n";
|
|
|
|
|
$str.=" <lastlogin>".$users["lastlogin"]."</lastlogin>\n";
|
|
|
|
|
$str.=" <lastfail>".$users["lastfail"]."</lastfail>\n";
|
|
|
|
|
$str.=" </member>\n";
|
2006-04-26 12:28:53 +00:00
|
|
|
|
return $str;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} /* Classe Membre */
|
|
|
|
|
|
|
|
|
|
?>
|