<?php
/**
*
* @name Pindorama Core Configuration
* @version 0.1
* @author Guilherme Capilé <hide@address.com>
*
*/
/*
$pcom["users.pin_manage_users"]="login.dav";
$pcom["users.pin_manage_cvs"]="login_cvs.dav";
*/
/**
*
* @name pin_manage_users
* @deprecated
* @version 0.11
*
* @author Guilherme Capilé <hide@address.com>
*
* @global $arg
* @global $param
* @global $c
* @global $l
*
* @see pin_output_header()
* @see pin_redirect()
* @see pin_xsl_process()
* @see pin_update_user()
* @see pin_update_admin()
* @see pin_read_permissions()
* @see pin_logout()
*
* @return
*/
function pin_manage_users()
{
global $arg, $param, $c, $l;
//logout
if (isset($_COOKIE["action"]) && $_COOKIE["action"] == "logout") {
setcookie("action", "", time());
}
if($_GET["action"] == "logout" && $_COOKIE["action"] != "logout") {
setcookie("action", "logout", time() + 600);
pin_logout();
exit();
} else if ($_GET["action"] == "logout") {
pin_redirect($param["script-name"]);
}
require($c["users"]."permissions.php");
pin_output_header ($param["script-name"], FALSE, "php");
pin_read_permissions ();
if (in_array($param["auth-user"], explode(" ", $g["admin"]))) {
pin_update_admin($param["auth-user"], $_POST["password"]);
echo pin_xsl_process ("index:users", $c["stylesheets"]."dav/login_admin.xsl");
} else {
pin_update_user($param["auth-user"], $_POST["password"]);
echo pin_xsl_process ("index:users", $c["stylesheets"]."dav/login.xsl");
}
}
/**
*
* @name pin_manage_cvs
* @deprecated
* @version 0.11
*
* @author Guilherme Capilé <hide@address.com>
*
* @global $arg
* @global $param
* @global $c
* @global $l
*
* @see pin_output_header()
* @see pin_redirect()
* @see pin_xsl_process()
* @see pin_update_cvs()
* @see pin_read_permission()
*
* @return
*/
function pin_manage_cvs()
{
global $arg, $param, $c, $l;
require($c["users"]."permissions.php");
pin_read_permissions ();
if (in_array($param["user"], explode(" ", $g["admin"]))) {
if (count($_POST) > 0) {
pin_update_cvs($param["auth-user"], $_POST["password"]);
}
if ($_GET["download"] != "") {
pin_output_header ($param["script-name"], FALSE, "txt");
echo pin_xsl_process ("index:users", $c["stylesheets"]."dav/login_cvs_download.xsl");
} else {
pin_output_header ($param["script-name"], FALSE, "php");
echo pin_xsl_process ("index:users", $c["stylesheets"]."dav/login_cvs.xsl");
}
} else {
pin_redirect("/start");
}
}
/**
*
* @name pin_update_cvs
* @deprecated
* @version 0.11
*
* @author Guilherme Capilé <hide@address.com>
*
* @param $user
* @param $pass
*
* @global $arg
* @global $param
* @global $c
* @global $l
*
* @see pin_xsl_process()
* @see pin_check_user()
* @see pin_save_file()
* @see pin_parse_cvs()
* @see pin_send_message()
*
* @return
*/
function pin_update_cvs ($user, $pass)
{ // atualiza os dados dos usuários a partir de informações enviadas em arquivo anexados
global $arg, $param, $c, $l;
$files = $_FILES;
if (count($_FILES) > 0) {
foreach ($_FILES as $k=>$v) {
$tmpnames = $v["tmp_name"];
foreach ($tmpnames as $tmpfile) {
if (is_uploaded_file($tmpfile)) {
$content = pin_parse_cvs(file_get_contents($tmpfile), array("login"=>array("/[\s\;\&\<\>\\\\\/]/", "_")));
pin_save_file($c["users"]."tmp.$user", $content);
$param["tmp-file-update"] = "tmp.$user";
}
}
}
} else if ($_POST["update-file"] != "" && is_file($c["users"].$_POST["update-file"])) {
if (pin_check_user($user, $pass)) {
$todo = $_POST["upload-action"];
$param["edit-action"] = $todo;
if ($todo == "edit-user" || $todo == "delete-user") {
$arg["update"] = file_get_contents($c["users"].$_POST["update-file"]);
if (pin_xsl_process ($c["index"]."users.xml", $c["stylesheets"]."dav/login_update_cvs.xsl", $c["index"]."users.xml")) {
pin_send_message($l["msg"]["userinfo2"].$l["msg"]["success_ending2"]);
return true;
} else {
pin_send_message($l["msg"]["userinfo"].$l["msg"]["failure_ending2"]);
return false;
}
}
} else if (isset($_POST["password"])) {
pin_send_message($l["msg"]["wrong_password"]);
return false;
}
}
return true;
} // update_cvs
/**
*
* @name pin_parse_cvs
* @deprecated
* @version 0.11
*
* @author Guilherme Capilé <hide@address.com>
*
* @param $str
* @param $rules (Default = array)
*
* @global $arg
* @global $param
* @global $c
* @global $l
*
* @see pin_check_xml()
*
* @return
*/
function pin_parse_cvs($str, $rules = array()) {
global $arg, $c;
$search[] = "/\t/";
$replace[] = " ";
$search[] = "/\r/";
$replace[] = "";
$search[] = "/\#.*/";
$replace[] = "";
$search[] = "/(\\\"|\')? *\, *(\\\"|\')?/";
$replace[] = "\t";
$str = preg_replace($search, $replace, $str);
$str = preg_replace("/^(\\\"|\')/m", "", $str);
$str = preg_replace("/(\\\"|\')$/m", "", $str);
$arr = split("\n", $str);
$lno = 0;
$xmlstruct = "";
foreach ($arr as $line) {
if (trim($line) != "") {
$struct[] = split("\t", $line);
if ($lno == 0) {
foreach ($struct[0] as $tmplabel) {
$label[] = preg_replace("/[^a-z0-9\.\_\-]/i", "_", trim($tmplabel));
}
} else {
$xmlstruct .= "<line>";
$pos = 0;
foreach ($struct[$lno] as $tmp) {
if ($label[$pos] != "") {
$el = $label[$pos];
} else {
$el = "undef";
}
if (isset($el, $rules[$el][0])) {
$tmp = preg_replace($rules[$el][0], $rules[$el][1], $tmp);
}
$xmlstruct .= "<$el>".trim($tmp)."</$el>";
$pos++;
}
$xmlstruct .= "</line>";
}
$lno++;
}
}
$arg["cvs"] = $c["xmlpi"]."<cvs>".pin_check_xml($xmlstruct)."</cvs>";
return $arg["cvs"];
} // parse_cvs
/**
*
* @name pin_xml_crypt
* @deprecated
* @version 0.11
*
* @author Guilherme Capilé <hide@address.com>
*
* @param $str
*
* @return
*/
function pin_xml_crypt($str)
{
return "<crypt>".crypt($str)."</crypt>";
}
/**
*
* @name pin_update_user
* @deprecated
* @version 0.11
*
* @author Guilherme Capilé <hide@address.com>
*
* @param $user
* @param $pass
* @param $user_toupdate (Default = "")
*
* @global $arg
* @global $param
* @global $c
* @global $l
*
* @see pin_check_user()
* @see pin_send_message()
* @see pin_xsl_process()
* @see pin_redirect()
*
* @return
*/
function pin_update_user($user, $pass, $user_toupdate = "")
{
global $arg, $c, $param, $l;
if (pin_check_user($user, $pass)) {
if ($user_toupdate != "") {
$user = $user_toupdate;
}
if (isset($_POST["password-update"])){
if ($_POST["password-update"] == $_POST["password-update-confirm"]) {
$param["password-update"] = crypt($_POST["password-update"]);
} else {
pin_send_message($l["msg"]["wrong_password"]);
return false;
}
}
$arg["update"] = $c["xmlpi"]."<user><login>$user</login>".pin_xml_array($_POST["user"])."</user>";
if (pin_xsl_process ($c["index"]."users.xml", $c["stylesheets"]."dav/login_update.xsl", $c["index"]."users.xml")) {
pin_send_message($l["msg"]["userinfo"].$user.$l["msg"]["success_ending2"]);
if (isset($param["password-update"]) && !isset($param["edit-action"])) {
pin_send_message($l["msg"]["userpwd"].$user.$l["msg"]["success_ending"]);
pin_redirect($param["script-name"]);
}
return true;
} else {
pin_send_message($l["msg"]["userinfo"].$user.$l["msg"]["failure_ending2"]);
return false;
}
} else if (isset($_POST["password"])) {
pin_send_message($l["msg"]["wrong_password"]);
return false;
}
} // update_user
/**
*
* @name pin_update_admin
* @deprecated
* @version 0.11
*
* @author Guilherme Capilé <hide@address.com>
*
* @param @user
* @param @pass
*
* @global $arg
* @global $param
* @global $c
* @global $l
*
* @see pin_seve_file()
* @see pin_send_message()
* @see pin_check_user()
* @see pin_read_permissions()
* @see pin_update_user()
*
* @return
*/
function pin_update_admin($user, $pass)
{
global $arg, $c, $param, $l;
require($c["users"]."permissions.php");
if (preg_match("/(new|edit|delete)\-(usergroups|group|permission)/", $_POST["edit-action"], $matches)) {
//editando os grupos e permissões
if (pin_check_user($user, $pass)) {
$pcontent = file_get_contents($c["users"]."permissions.php");
$pcontent = preg_replace("/\<\?php|\?\>/", "", $pcontent);
$pcontent = trim($pcontent, " \t\r\n");
$group = preg_replace("/[\s\;\&\<\>\\\\\/]/", "_", $_POST["login"]);
$urlrule = preg_replace("/\'\;/", "", stripslashes($_POST["url"]));
$urlrule = preg_replace("/^\//", "", $urlrule);
$urlrule = preg_replace("/([^\\\\])\/$/", "\\1", $urlrule);
if ($matches[1] == "new" && $matches[2] == "group" && $group != "") {
if (!isset($g[$group])) {
$pcontent = "<?php\n".'$g["'.$group.'"] = "'hide@address.com(" ", $_POST["users"]).'";'."\n$pcontent\n?>";
pin_save_file($c["users"]."permissions.php", $pcontent);
pin_send_message($l["msg"]["group"].$group.$l["msg"]["success_ending_new"]);
pin_read_permissions ();
return true;
} else {
pin_send_message($l["msg"]["group"].$group.$l["msg"]["failure_ending_exists"]);
return false;
}
} else if ($matches[1] == "new" && $matches[2] == "permission") {
if ($urlrule != "") {
$i = count($p);
$pcontent = "<?php\n$pcontent\n\$p[$i][\"url\"] = '$urlrule';";
if (isset($_POST["users"])) {
$pcontent .= "\n\$p[$i][\"usr\"] = \""hide@address.com(" ", $_POST["users"])."\";";
}
if (isset($_POST["groups"])) {
$pcontent .= "\n\$p[$i][\"grp\"] = \""hide@address.com(" ", $_POST["groups"])."\";";
}
$pcontent .= "\n?>";
pin_save_file($c["users"]."permissions.php", $pcontent);
pin_send_message($l["msg"]["new_rule"]);
pin_read_permissions ();
return true;
} else {
pin_send_message($l["msg"]["empty_rule"]);
return false;
}
} else if ($matches[1] == "edit" && $matches[2] == "group" && isset($g[$group])) {
$search = '/\$g\[\"'.$group.'\"\][^\;]+\;\r?\n?/';
$pcontent = preg_replace($search, "", $pcontent);
$pcontent = "<?php\n".'$g["'.$group.'"] = "'hide@address.com(" ", $_POST["users"]).'";'."\n$pcontent\n?>";
pin_save_file($c["users"]."permissions.php", $pcontent);
pin_send_message($l["msg"]["groupinfo"].$group.$l["msg"]["success_ending"]);
pin_read_permissions ();
return true;
} else if ($matches[1] == "edit" && $matches[2] == "usergroups") {
$newgroups = "";
$selgroups = $_POST["usergroups"];
foreach ($g as $k=>$v) {
if (in_array($k, $selgroups)) {
$newgroups .= "\$g['$k'] = '$group ".preg_replace("/ *$group */", " ", $v)."';\n";
} else {
$newgroups .= "\$g['$k'] = '".preg_replace("/ *$group */", " ", $v)."';\n";
}
}
$newgroups = str_replace(array("'", " "), array('"', " "), $newgroups);
$search = '/\$g\[\"[^\"]+\"\][^\;]+\;\r?\n?/';
$pcontent = preg_replace($search, "", $pcontent);
$pcontent = "<?php\n".$newgroups.$pcontent."\n?>";
pin_save_file($c["users"]."permissions.php", $pcontent);
pin_send_message($l["msg"]["userinfo"].$group.$l["msg"]["success_ending"]);
pin_read_permissions ();
return true;
} else if ($matches[1] == "edit" && $matches[2] == "permission") {
if ($urlrule != "") {
$i = $_POST["rule"];
$search = '/\$p\['.$i.'\][^\;]+\;\r?\n?/';
$pcontent = preg_replace($search, "", $pcontent);
$pcontent = trim($pcontent, " \t\r\n");
$pcontent = "<?php\n$pcontent\n\$p[$i][\"url\"] = '$urlrule';";
if (isset($_POST["users"])) {
$pcontent .= "\n\$p[$i][\"usr\"] = \""hide@address.com(" ", $_POST["users"])."\";";
}
if (isset($_POST["groups"])) {
$pcontent .= "\n\$p[$i][\"grp\"] = \""hide@address.com(" ", $_POST["groups"])."\";";
}
$pcontent .= "\n?>";
pin_save_file($c["users"]."permissions.php", $pcontent);
pin_send_message($l["msg"]["success_rule"]);
pin_read_permissions ();
return true;
} else {
pin_send_message($l["msg"]["empty_rule"]);
return false;
}
} else if ($matches[1] == "delete" && $matches[2] == "group" && isset($g[$group])) {
$search = '/\$g\[\"'.$group.'\"\][^\;]+\;\r?\n?/';
$pcontent = pin_preg_replace($search, "", $pcontent);
$pcontent = "<?php\n$pcontent\n?>";
pin_save_file($c["users"]."permissions.php", $pcontent);
pin_send_message($l["msg"]["group"].$group.$l["msg"]["delete_ending"]);
pin_read_permissions ();
return true;
} else if ($matches[1] == "delete" && $matches[2] == "permission") {
if ($urlrule != "") {
$i = 0;
$search = '/\$p\[[^\;]+\;\r?\n?/';
$pcontent = preg_replace($search, "", $pcontent);
$pcontent = trim($pcontent, " \t\r\n");
foreach ($p as $perm) {
if($perm["url"] != $urlrule) {
$pcontent .= "\n\$p[$i][\"url\"] = '".$perm["url"]."';";
if (isset($perm["usr"])) {
$pcontent .= "\n\$p[$i][\"usr\"] = \"".$perm["usr"]."\";";
}
if (isset($perm["grp"])) {
$pcontent .= "\n\$p[$i][\"grp\"] = \"".$perm["grp"]."\";";
}
$i++;
}
}
$pcontent = "<?php\n$pcontent\n?>";
pin_save_file($c["users"]."permissions.php", $pcontent);
pin_send_message($l["msg"]["success_rule"]);
pin_read_permissions ();
return true;
} else {
pin_send_message($l["msg"]["empty_rule"]);
return false;
}
}
} else if (isset($_POST["password"])) {
pin_send_message($l["msg"]["wrong_password"]);
return false;
}
} else {
$param["edit-action"] = pin_clean_xml($_POST["edit-action"]);
pin_update_user($param["auth-user"], $_POST["password"], preg_replace("/[\s]*/", "", $_POST["login"]));
}
} // update_admin
/**
*
* @name pin_read_permissions
* @deprecated
* @version 0.11
*
* @author Guilherme Capilé <hide@address.com>
*
* @global $arg
* @global $c
*
* @see pin_xml_array()
*
* @return
*/
function pin_read_permissions () {
global $arg, $c;
include($c["users"]."permissions.php");
$arg["permissions"] = $c["xmlpi"].'<xpml><resource name="groups">'.pin_xml_array($g).'</resource><resource name="permissions">';
ksort($p);
foreach ($p as $perm) {
$arg["permissions"] .= "<permission>".pin_xml_array($perm)."</permission>";
}
$arg["permissions"] .= '</resource></xpml>';
}
?>