Location: PHPKode > projects > cPassMan > cpassman_1.55/sources/main.queries.php
<?php
####################################################################################################
## File : main.queries.php
## Author : Nils Laumaillé
## Description : File contains queries for ajax
## 
## DON'T CHANGE !!!
## 
####################################################################################################
global $k, $settings;
include('../includes/settings.php'); 
header("Content-type: text/html; charset=".$k['charset']);
session_start();
error_reporting (E_ERROR);


// connect to the server 
    require_once("class.database.php"); 
    $db = new Database($server, $user, $pass, $database, $pre);
    $db->connect(); 

//User's language loading
$k['langage'] = @$_SESSION['user_language'];    
require_once('../includes/language/'.$_SESSION['user_language'].'.php'); 

// Construction de la requête en fonction du type de valeur
switch($_POST['type'])
{
    case "change_pw":
        //Get a string with the old pw array
        $last_pw = explode(';',$_SESSION['last_pw']);

        //if size is bigger then clean the array
        if ( sizeof($last_pw) > $_SESSION['settings']['number_of_used_pw'] && $_SESSION['settings']['number_of_used_pw'] > 0 ){
            for($x=0;$x<$_SESSION['settings']['number_of_used_pw'];$x++)
                unset($last_pw[$x]);
            
            //reinit SESSION
            $_SESSION['last_pw'] = implode(';',$last_pw);
        }
        //specific case where admin setting "number_of_used_pw" is 0
        else if ( $_SESSION['settings']['number_of_used_pw'] == 0 ){
            $_SESSION['last_pw'] = "";
            $last_pw = array();
        }
        
        //check if new pw is different that old ones
        if ( in_array(mysql_real_escape_string(stripslashes(md5($_POST['new_pw']))),$last_pw) ){
            echo 'document.getElementById("new_pw").value = "";';
            echo 'document.getElementById("new_pw2").value = "";';
            echo '$("#change_pwd_error").addClass("ui-state-error ui-corner-all").show().html("<span>'.$txt['pw_used'].'</span>");';
        }else{
            //update old pw with new pw
            if ( sizeof($last_pw) == ($_SESSION['settings']['number_of_used_pw']+1) ){
                unset($last_pw[0]);
            }else{
                array_push($last_pw,mysql_real_escape_string(stripslashes(md5($_POST['new_pw']))));
            }
            
            //create a list of last pw based on the table
            $old_pw = "";
            foreach($last_pw as $elem){
                if ( !empty($elem) ){
                    if (empty($old_pw)) $old_pw = $elem;
                    else $old_pw .= ";".$elem;
                }
            }
            
            //update sessions
            $_SESSION['last_pw'] = $old_pw;
            $_SESSION['last_pw_change'] = mktime(0,0,0,date('m'),date('d'),date('y'));
            $_SESSION['validite_pw'] = true;
            
            //update DB
            $db->query_update(
                "users",
                array(
                    'pw' => mysql_real_escape_string(stripslashes(md5($_POST['new_pw']))),
                    'last_pw_change' => mktime(0,0,0,date('m'),date('d'),date('y')),
                    'last_pw' => $old_pw
                ),
                "id = ".$_SESSION['user_id']
            );
            
            //reload page
            echo 'document.main_form.submit();';
        }
        
    break;
    
    case "identify_user":
        //Tuer les précédentes sessions
        $_SESSION = array();
        session_destroy();
        session_start();
        
            
        ## LOAD CPASSMAN SETTINGS
            $_SESSION['settings']['duplicate_folder'] = 0;  //by default, this is false;
            $_SESSION['settings']['duplicate_item'] = 0;  //by default, this is false;
            $_SESSION['settings']['number_of_used_pw'] = 5; //by default, this value is 5;
            
            $rows = $db->fetch_all_array("SELECT valeur,intitule FROM ".$pre."misc WHERE type = 'admin'");
            foreach( $rows as $reccord ){
                $_SESSION['settings'][$reccord['intitule']] = $reccord['valeur'];
            }
        #####
        
        ## GET SALT KEY LENGTH
        if ( strlen(SALT) > 32 ) {
            $_SESSION['error']['salt'] = TRUE;
        }
        
        
        $_SESSION['user_language'] = $k['langage'];
        
        require_once ("main.functions.php");
        require_once ("../sources/NestedTree.class.php");
            
        $sql="SELECT * FROM ".$pre."users WHERE login = '".mysql_real_escape_string(stripslashes($_POST['login']))."'";
        $row = $db->query($sql); 
        $data = $db->fetch_array($row);
        
        if ( mysql_real_escape_string(stripslashes(md5($_POST['pw']))) == $data['pw'] ) {
            $_SESSION['autoriser'] = true;
            
            // Create a ramdom ID
            $key = "";
            $size = 50;
            $letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
            srand(time());
            for ($i=0;$i<$size;$i++)
            {
                $key.=substr($letters,(rand()%(strlen($letters))),1);
            }
            
            //Log into DB the user's connection
            if ( isset($_SESSION['settings']['log_connections']) && $_SESSION['settings']['log_connections'] == 1 )
                logEvents('user_connection','connection',$data['id']);

            //Save account in SESSION
                $_SESSION['login'] = $_POST['login'];
                $_SESSION['user_id'] = $data['id'];
                $_SESSION['user_admin'] = $data['admin'];
                $_SESSION['user_gestionnaire'] = $data['gestionnaire'];
                $_SESSION['last_pw_change'] = $data['last_pw_change'];
                $_SESSION['last_pw'] = $data['last_pw'];
                $_SESSION['cle_session'] = $key;
                $_SESSION['fin_session'] = time() + $_POST['duree_session'] * 60;
                if ( empty($data['last_connexion']) ) $_SESSION['derniere_connexion'] = mktime(date('h'),date('m'),date('s'),date('m'),date('d'),date('y'));
                else $_SESSION['derniere_connexion'] = $data['last_connexion'];
                if ( !empty($data['latest_items']) ) $_SESSION['latest_items'] = explode(';',$data['latest_items']);
                else $_SESSION['latest_items'] = array();
                if ( !empty($data['favourites']) ) $_SESSION['favourites'] = explode(';',$data['favourites']);
                else $_SESSION['favourites'] = array();
                $_SESSION['groupes_visibles'] = array();
                $_SESSION['groupes_interdits'] = array();
                if ( !empty($data['groupes_visibles'])) $_SESSION['groupes_visibles'] = @implode(';',$data['groupes_visibles']);
                if ( !empty($data['groupes_interdits'])) $_SESSION['groupes_interdits'] = @implode(';',$data['groupes_interdits']);
                $_SESSION['fonction_id'] = $data['fonction_id'];
                $_SESSION['user']['find_cookie'] = false;
                
            // Update table
            $db->query_update(
                "users",
                array(
                    'key_tempo'=>$_SESSION['cle_session'],
                    'last_connexion'=>mktime(date("h"),date("i"),date("s"),date("m"),date("d"),date("Y"))
                ),
                "id=".$data['id']
            );
            
            //récupérer les droits de l'utilisateur
            IdentificationDesDroits($data['groupes_visibles'],$data['groupes_interdits'],$data['admin'],$data['fonction_id'],false);
            
            //Get some more elements            
            $_SESSION['hauteur_ecran'] = $_POST['hauteur_ecran'];            
            
            //Get last seen items
            $_SESSION['latest_items_tab'][] = "";
            foreach($_SESSION['latest_items'] as $item){
                if ( !empty($item) ){
                    $data = $db->query_first("SELECT label,id_tree FROM ".$pre."items WHERE id = ".$item);
                    $_SESSION['latest_items_tab'][$item] = array(
                        'label'=>$data['label'],
                        'url'=>'index.php?page=items&amp;group='.$data['id_tree'].'&amp;id='.$item
                    );
                }
            }
            
            echo 'document.getElementById(\'erreur_connexion\').style.display = "none";';
        }else{
            echo 'document.getElementById(\'erreur_connexion\').style.display = "";';
            echo 'document.getElementById(\'ajax_loader_connexion\').style.display = "none";';
        }
    break;
    
    case "augmenter_session":
        $_SESSION['fin_session'] = $_SESSION['fin_session']+3600;
        echo 'document.getElementById(\'temps_restant\').value = "'.$_SESSION['fin_session'].'";';
    break;
    
    //Used in order to send the password to the user by email
    case "send_pw_by_email":
        //found account and pw associated to email
        $data = $db->fetch_row("SELECT COUNT(*) FROM ".$pre."users WHERE email = '".mysql_real_escape_string(stripslashes(($_POST['email'])))."'");
        if ( $data[0] != 0 ){
            $data = $db->fetch_array("SELECT login,pw FROM ".$pre."users WHERE email = '".mysql_real_escape_string(stripslashes(($_POST['email'])))."'");
            
            //load library
            require_once("class.phpmailer.php");
            
            //send to user
            $mail = new PHPMailer();                    
            $mail->SetLanguage("en","../includes/phpmailer/language");                    
            $mail->IsSMTP();                                   // send via SMTP
            $mail->Host     = $smtp_server; // SMTP servers
            $mail->SMTPAuth = $smtp_auth;     // turn on SMTP authentication
            $mail->Username = $smtp_auth_username;  // SMTP username
            $mail->Password = $smtp_auth_password; // SMTP password
            $mail->From     = $email_from;
            $mail->FromName = $email_from_name;                    
            $mail->AddAddress($mail_destinataire);     //Destinataire                     
            $mail->WordWrap = 80;                              // set word wrap
            $mail->IsHTML(true);                               // send as HTML                    
            $mail->Subject  =  $txt['forgot_pw_email_subject'];
            $mail->AltBody  =  $txt['forgot_pw_email_altbody_1']." ".$txt['at_login']." : ".$data['login']." - ".$txt['index_password']." : ".md5($data['pw']);
            $mail->Body     =  $txt['forgot_pw_email_body_1']." ".$txt['at_login']." : ".$data['login']." <br /> ".$txt['index_password']." : ".md5($data['pw']);                     
            $mail->Send();
            
            //inform user that email is sent
            echo '$("#forgot_pw_email").val("'.$txt['forgot_my_pw_email_sent'].'");$("#div_forgot_pw").dialog("close");';
        }else{
            //no one has this email ... alert
            echo '$("#div_forgot_pw_alert").val("'.$txt['forgot_my_pw_error_email_not_exist'].'");$("#div_forgot_pw_alert").show();';
        }
    break;
    
}

?>
Return current item: cPassMan