58 return array(
"mem"=>
"AlternC's account password");
63 'title' => _(
"Settings"),
64 'ico' =>
'images/settings.png',
65 'link' =>
'mem_param.php',
77 return ($this->user[
"su"]==
"1");
93 $db->query(
"select * from membres where login='$username';");
94 if ($db->num_rows()==0) {
95 $err->raise(
"mem",_(
"User or password incorrect"));
100 $db->query(
"UPDATE membres SET lastfail=lastfail+1 WHERE uid='".$db->f(
"uid").
"';");
101 $err->raise(
"mem",_(
"User or password incorrect"));
104 if (!$db->f(
"enabled")) {
105 $err->raise(
"mem",_(
"This account is locked, contact the administrator"));
108 $this->user=$db->Record;
112 $err->raise(
"mem",_(
"This website is currently under maintenance, login is currently disabled."));
120 $aga = $authip->get_allowed(
'panel');
121 foreach ($aga as $k=>$v ) {
122 if ( $authip->is_in_subnet(
get_remote_ip(), $v[
'ip'], $v[
'subnet']) ) $allowed=
true ;
126 if (
sizeof($aga)>1 && !$allowed_ip && !$authip->is_wl(
get_remote_ip()) ) {
127 $err->raise(
"mem",_(
"Your IP isn't allowed to connect"));
133 $ip=
"'".get_remote_ip().
"'";
136 $db->query(
"DELETE FROM sessions WHERE DATE_ADD(ts,INTERVAL 2 DAY)<NOW();");
138 if (
isset($_COOKIE[
"oldid"]) ) setcookie(
'oldid',
'',0,
'/');
140 $sess=md5(uniqid(mt_rand()));
142 $db->query(
"insert into sessions (sid,ip,uid) values ('$sess',$ip,'$cuid');");
143 setcookie(
"session",$sess,0,
"/");
146 $db->query(
"SELECT * FROM local WHERE uid='$cuid';");
147 if ($db->num_rows()) {
149 $this->local=$db->Record;
165 $err->log(
"mem",
"setid",$id);
166 $db->query(
"select * from membres where uid='$id';");
167 if ($db->num_rows()==0) {
168 $err->raise(
"mem",_(
"User or password incorrect"));
172 $this->user=$db->Record;
175 $mysql->reload_dbus();
178 $sess=md5(uniqid(mt_rand()));
180 $db->query(
"insert into sessions (sid,ip,uid) values ('$sess','$ip','$cuid');");
181 setcookie(
"session",$sess,0,
"/");
184 $db->query(
"SELECT * FROM local WHERE uid='$cuid';");
185 if ($db->num_rows()) {
187 $this->local=$db->Record;
189 $quota->getquota(
'',
true);
198 $ip=addslashes(getenv(
"REMOTE_HOST"));
200 $db->query(
"UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip='$ip' WHERE uid='$cuid';");
205 $db->query(
"select pass from membres where uid='$cuid';");
207 $i=intval(time()/3600);
209 return md5(
"$i--".$db->f(
'pass'));
243 $err->raise(
"mem",_(
"Missing password"));
250 $_COOKIE[
"session"]=
isset($_COOKIE[
"session"])?addslashes($_COOKIE[
"session"]):
"";
251 if (strlen($_COOKIE[
"session"])!=32) {
252 $err->raise(
"mem",_(
"Identity lost or unknown, please login"));
256 $db->query(
"select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE[
"session"].
"'");
257 if ($db->num_rows()==0) {
258 $err->raise(
"mem",_(
"Session unknown, contact the administrator"));
263 if ($db->f(
"me")!=$db->f(
"ip")) {
264 $err->raise(
"mem",_(
"IP address incorrect, please contact the administrator"));
271 $err->raise(
"mem",_(
"This website is currently under maintenance, login is currently disabled."));
275 $db->query(
"select * from membres where uid='$cuid';");
277 $this->user=$db->Record;
280 $db->query(
"SELECT * FROM local WHERE uid='$cuid';");
281 if ($db->num_rows()) {
283 $this->local=$db->Record;
297 $db->query(
"select * from membres where uid='$uid';");
298 if ($db->num_rows()==0) {
299 $err->raise(
"mem",_(
"User or password incorrect"));
303 $this->user=$db->Record;
307 $mysql->reload_dbus();
319 $this->
su($this->olduid);
322 $mysql->reload_dbus();
333 $_COOKIE[
"session"]=addslashes(
isset($_COOKIE[
"session"])?$_COOKIE[
"session"]:
'');
334 setcookie(
"session",
"",0,
"/");
335 setcookie(
"oldid",
"",0,
"/");
336 if ($_COOKIE[
"session"]==
"") {
340 if (strlen($_COOKIE[
"session"])!=32) {
341 $err->raise(
"mem",_(
"Cookie incorrect, please accept the session cookie"));
345 $db->query(
"select uid,'$ip' as me,ip from sessions where sid='".$_COOKIE[
"session"].
"'");
346 if ($db->num_rows()==0) {
347 $err->raise(
"mem",_(
"Session unknown, contact the administrator"));
351 if ($db->f(
"me")!=$db->f(
"ip")) {
352 $err->raise(
"mem",_(
"IP address incorrect, please contact the administrator"));
356 $db->query(
"delete from sessions where sid='".$_COOKIE[
"session"].
"';");
359 # Invoker le logout dans toutes les autres classes
367 $hooks->invoke(
"alternc_del_session");
381 function passwd($oldpass,$newpass,$newpass2) {
383 $err->log(
"mem",
"passwd");
384 $oldpass=stripslashes($oldpass);
385 $newpass=stripslashes($newpass);
386 $newpass2=stripslashes($newpass2);
387 if (!$this->user[
"canpass"]) {
388 $err->raise(
"mem",_(
"You are not allowed to change your password."));
391 if ($this->user[
"pass"]!=
_md5cr($oldpass,$this->user[
"pass"])) {
392 $err->raise(
"mem",_(
"The old password is incorrect"));
395 if ($newpass!=$newpass2) {
396 $err->raise(
"mem",_(
"The new passwords are differents, please retry"));
399 $db->query(
"SELECT login FROM membres WHERE uid='$cuid';");
401 $login=$db->Record[
"login"];
402 if (!$admin->checkPolicy(
"mem",$login,$newpass)) {
405 $newpass=
_md5cr($newpass);
406 $db->query(
"UPDATE membres SET pass='$newpass' WHERE uid='$cuid';");
418 $err->log(
"mem",
"admlist");
419 if (!$this->user[
"su"]) {
420 $err->raise(
"mem",_(
"You must be a system administrator to do this."));
423 $db->query(
"UPDATE membres SET admlist='$admlist' WHERE uid='$cuid';");
436 global
$err,
$db,$L_HOSTING,$L_FQDN;
437 $err->log(
"mem",
"send_pass");
438 $db->query(
"SELECT * FROM membres WHERE login='$login';");
439 if (!$db->num_rows()) {
440 $err->raise(
"mem",_(
"This account is locked, contact the administrator."));
444 if (time()-$db->f(
"lastaskpass")<86400) {
445 $err->raise(
"mem",_(
"The new passwords are differents, please retry"));
448 $txt=sprintf(_(
"Hello,
450 You requested the modification of your password for your
452 Here are your username and password to access the panel :
454 --------------------------------------
459 --------------------------------------
461 Note : if you didn't requested that modification, it means that
462 someone did it instead of you. You can choose to ignore this message.
463 If it happens again, please contact your server's Administrator.
466 "), $login, $L_HOSTING, $db->f(
"login"), $db->f(
"pass"));
467 mail($db->f(
"mail"),
"Your password on $L_HOSTING",$txt,
"From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
468 $db->query(
"UPDATE membres SET lastaskpass=".time().
" WHERE login='$login';");
480 $err->log(
"mem",
"changemail1",$newmail);
481 $db->query(
"SELECT * FROM membres WHERE uid='$cuid';");
482 if (!$db->num_rows()) {
483 $err->raise(
"mem",_(
"This account is locked, contact the administrator"));
489 $COOKIE=substr(md5(uniqid(rand(),1)),0,20);
491 $KEY=substr(md5(uniqid(rand(),1)),0,6);
492 $link=
"https://$L_FQDN/mem_cm.php?usr=$cuid&cookie=$COOKIE";
493 $txt=sprintf(_(
"Hello,
495 Someone (maybe you) requested an email's address modification of the account
497 To confirm your request, go to this url :
501 (Warning : if this address is displayed on 2 lines, don't forgot to
502 take it on one line).
503 The panel will ask you the key given when the email address
504 modification was requested.
506 If you didn't asked for this modification, it means that someone
507 did it instead of you. You can choose to ignore this message. If it happens
508 again, please contact your server's administrator.
511 "), $db->f(
"login"), $L_HOSTING,
$link);
512 mail($newmail,
"Email modification request on $L_HOSTING",$txt,
"From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
514 $db->query(
"DELETE FROM chgmail WHERE uid='$cuid';");
515 $db->query(
"INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ('$COOKIE','$KEY','$cuid','$newmail',".time().
");");
518 $db->query(
"DELETE FROM chgmail WHERE ts<'$lts';");
530 global
$err,
$db,$L_HOSTING,$L_FQDN;
531 $err->log(
"mem",
"changemail2",
$uid);
532 $db->query(
"SELECT * FROM chgmail WHERE cookie='$COOKIE' and ckey='$KEY' and uid='$uid';");
533 if (!$db->num_rows()) {
534 $err->raise(
"mem",_(
"The information you entered is incorrect."));
540 $db->query(
"UPDATE membres SET mail='".$db->f(
"mail").
"' WHERE uid='$uid';");
542 $db->query(
"DELETE FROM chgmail WHERE uid='$uid';");
545 $db->query(
"DELETE FROM chgmail WHERE ts<'$lts';");
555 $err->log(
"mem",
"set_help_param",$show);
556 $db->query(
"UPDATE membres SET show_help='$show' WHERE uid='$cuid';");
564 return $this->user[
"show_help"];
574 if ($this->user[
"show_help"] ||
$force) {
576 if ($hlp!=
"hlp_$file") {
579 "<a href=\"javascript:help(\\1);\"><img src=\"/aide/help.png\" width=\"17\" height=\"17\" style=\"vertical-align: middle;\" alt=\""._(
"Help").
"\" /></a>",$hlp);
580 echo
"<p class=\"hlp\">".$hlp.
"</p>";
591 $err->log(
"dom",
"get_creator_by_uid");
592 $uid=mysql_real_escape_string(intval(
$uid));
593 $db->query(
"select creator from membres where uid = '$uid';");
594 if (! $db->next_record())
return false;
595 return intval($db->f(
'creator') );
606 $err->log(
"mem",
"export");
609 $str.=
" <uid>".$users[
"uid"].
"</uid>\n";
610 $str.=
" <login>".$users[
"login"].
"</login>\n";
611 $str.=
" <enabled>".$users[
"enabled"].
"</enabled>\n";
612 $str.=
" <su>".$users[
"su"].
"</su>\n";
613 $str.=
" <password>".$users[
"pass"].
"</password>\n";
614 $str.=
" <mail>".$users[
"mail"].
"</mail>\n";
615 $str.=
" <created>".$users[
"created"].
"</created>\n";
616 $str.=
" <lastip>".$users[
"lastip"].
"</lastip>\n";
617 $str.=
" <lastlogin>".$users[
"lastlogin"].
"</lastlogin>\n";
618 $str.=
" <lastfail>".$users[
"lastfail"].
"</lastfail>\n";
619 $str.=
" </member>\n";
625 if (empty($_COOKIE[
'session']))
return false;
626 $sid=$_COOKIE[
'session'];
627 if ( empty($_SESSION[$sid.
'-'.$uid]) ) {
630 $j=$_SESSION[$sid.
'-'.
$uid];
631 $j=json_decode($j,
true);
632 if ( ! empty($j[$v] ) ) {
640 if (empty($_COOKIE[
'session']))
return false;
641 $sid=$_COOKIE[
'session'];
643 if ( ! empty($_SESSION[$sid.
'-'.$uid]) ) {
644 $p = json_decode($_SESSION[$sid.
'-'.$uid],
true);
646 if (! $ecrase && (
isset(
$p[$k]) && is_array(
$p[$k])) && is_array($v) ) {
647 $v=array_merge(
$p[$k], $v);
651 $_SESSION[$sid.
'-'.
$uid]=json_encode(
$p);