debmon/nagiosql
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 3.4.0

Browse Source
This commit is contained in:
Mario Fetka
2019-04-17 11:40:50 +02:00
parent 8b51dbf723
commit 8948a800bb
236 changed files with 48199 additions and 37546 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
admin/password.php
View File

@@ -5,71 +5,84 @@
//
///////////////////////////////////////////////////////////////////////////////
//
// (c) 2005-2017 by Martin Willisegger
// (c) 2005-2018 by Martin Willisegger
//
// Project : NagiosQL
// Component : Password administration
// Website : http://www.nagiosql.org
// Date : $LastChangedDate: 2017-06-22 09:29:35 +0200 (Thu, 22 Jun 2017) $
// Author : $LastChangedBy: martin $
// Version : 3.3.0
// Revision : $LastChangedRevision: 2 $
// Website : https://sourceforge.net/projects/nagiosql/
// Version : 3.4.0
// GIT Repo : https://gitlab.com/wizonet/NagiosQL
//
///////////////////////////////////////////////////////////////////////////////
//
// Path settings
// ===================
$strPattern = '(admin/[^/]*.php)';
$preRelPath = preg_replace($strPattern, '', filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_STRING));
$preBasePath = preg_replace($strPattern, '', filter_input(INPUT_SERVER, 'SCRIPT_FILENAME', FILTER_SANITIZE_STRING));
//
// Define common variables
// =======================
$prePageId = 31;
$preContent = "admin/admin_master.tpl.htm";
$preAccess = 1;
$preFieldvars = 1;
$preShowHeader = 0;
$prePageId = 31;
$preContent = 'admin/password.htm.tpl';
$preAccess = 1;
$preFieldvars = 1;
$preShowHeader = 0;
//
// Include preprocessing files
// ===========================
require("../functions/prepend_adm.php");
require("../functions/prepend_content.php");
require $preBasePath.'functions/prepend_adm.php';
require $preBasePath.'functions/prepend_content.php';
//
// Change password
// =======================
if (($chkTfValue1 != "") && ($chkTfValue2 != "")) {
// Check old password
$strSQL = "SELECT * FROM `tbl_user` WHERE `username`='".$_SESSION['username']."' AND `password`=MD5('$chkTfValue1')";
$booReturn = $myDBClass->getDataArray($strSQL,$arrDataLines,$intDataCount);
if ($booReturn == false) {
$myVisClass->processMessage(translate('Error while selecting data from database:'),$strErrorMessage);
$myVisClass->processMessage($myDBClass->strErrorMessage,$strErrorMessage);
} else if ($intDataCount == 1) {
// Check equality and password length
if (($chkTfValue2 === $chkTfValue3) && (strlen($chkTfValue2) >=5)) {
// Update database
$strSQLUpdate = "UPDATE `tbl_user` SET `password`=MD5('$chkTfValue2'),
`last_login`=NOW() WHERE `username`='".$_SESSION['username']."'";
$booReturn = $myDBClass->insertData($strSQLUpdate);
if ($booReturn == true) {
$myDataClass->writeLog(translate('Password successfully modified'));
// Force new login
$_SESSION['logged_in'] = 0;
$_SESSION['username'] = "";
$_SESSION['userid'] = 0;
$_SESSION['groupadm'] = 0;
$_SESSION['domain'] = 0;
header("Location: ".$SETS['path']['protocol']."://".$_SERVER['HTTP_HOST'].$_SESSION['SETS']['path']['base_url']."index.php");
} else {
$myVisClass->processMessage(translate('Error while selecting data from database:'),$strErrorMessage);
$myVisClass->processMessage($myDBClass->strErrorMessage,$strErrorMessage);
}
} else {
// New password wrong
$myVisClass->processMessage(translate('Password too short or password fields unequally!'),$strErrorMessage);
}
} else {
// Old password wrong
$myVisClass->processMessage(translate('Old password is wrong'),$strErrorMessage);
}
} else if (isset($_POST['submit'])) {
// Wrong data
$myVisClass->processMessage(translate('Database entry failed! Not all necessary data filled in!'),$strErrorMessage);
if (($chkTfValue1 != '') && ($chkTfValue2 != '')) {
// Check old password
$strSQL = 'SELECT * FROM `tbl_user` '
. "WHERE `username`='".$_SESSION['username']."' AND `password`=MD5('$chkTfValue1')";
$booReturn = $myDBClass->hasDataArray($strSQL, $arrDataLines, $intDataCount);
if ($booReturn == false) {
$myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage);
$myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
} elseif ($intDataCount == 1) {
// Check equality and password length
if (($chkTfValue2 === $chkTfValue3) && (strlen($chkTfValue2) >=5)) {
// Update database
$strSQLUpdate = "UPDATE `tbl_user` SET `password`=MD5('$chkTfValue2'), `last_login`=NOW() "
. "WHERE `username`='".$_SESSION['username']."'";
$booReturn = $myDBClass->insertData($strSQLUpdate);
if ($booReturn == true) {
$myDataClass->writeLog(translate('Password successfully modified'));
// Force new login
$_SESSION['logged_in'] = 0;
$_SESSION['username'] = '';
$_SESSION['userid'] = 0;
$_SESSION['groupadm'] = 0;
$_SESSION['domain'] = 0;
header('Location: ' .$SETS['path']['protocol']. '://' .
filter_input(INPUT_SERVER, 'HTTP_HOST', FILTER_SANITIZE_STRING).
$_SESSION['SETS']['path']['base_url']. 'index.php');
} else {
$myVisClass->processMessage(translate('Error while selecting data from database:'), $strErrorMessage);
$myVisClass->processMessage($myDBClass->strErrorMessage, $strErrorMessage);
}
} else {
// New password wrong
$myVisClass->processMessage(
translate('Password too short or password fields do not match!'),
$strErrorMessage
);
}
} else {
// Old password wrong
$myVisClass->processMessage(translate('The old password is invalid'), $strErrorMessage);
}
} elseif (filter_input(INPUT_POST, 'submit')) {
// Wrong data
$myVisClass->processMessage(
translate('Database entry failed! Not all necessary data filled in!'),
$strErrorMessage
);
}
//
// Output header variable
@@ -78,25 +91,29 @@ echo $tplHeaderVar;
//
// Include content
// ===============
foreach($arrDescription AS $elem) {
$conttp->setVariable($elem['name'],$elem['string']);
foreach ($arrDescription as $elem) {
$conttp->setVariable($elem['name'], $elem['string']);
}
$conttp->setVariable("LANG_SAVE",translate('Save'));
$conttp->setVariable("LANG_ABORT",translate('Abort'));
$conttp->setVariable("FILL_ALLFIELDS",translate('Please fill in all fields marked with an *'));
$conttp->setVariable("FILL_NEW_PASSWD_NOT_EQUAL",translate('The new passwords are not equal!'));
$conttp->setVariable("FILL_NEW_PWDSHORT",translate('The new password is too short - use at least 6 characters!'));
if ($strErrorMessage != "") $conttp->setVariable("ERRORMESSAGE",$strErrorMessage);
$conttp->setVariable("ACTION_INSERT",filter_var($_SERVER['PHP_SELF'], FILTER_SANITIZE_STRING));
$conttp->setVariable("IMAGE_PATH",$_SESSION['SETS']['path']['base_url']."images/");
$conttp->setVariable('LANG_SAVE', translate('Save'));
$conttp->setVariable('LANG_ABORT', translate('Abort'));
$conttp->setVariable('FILL_ALLFIELDS', translate('Please fill in all fields marked with an *'));
$conttp->setVariable('FILL_NEW_PASSWD_NOT_EQUAL', translate('The new passwords don not match!'));
$conttp->setVariable('FILL_NEW_PWDSHORT', translate('The new password is too short - use at least 6 characters!'));
if ($strErrorMessage != '') {
$conttp->setVariable('ERRORMESSAGE', $strErrorMessage);
}
$conttp->setVariable('ACTION_INSERT', filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_STRING));
$conttp->setVariable('IMAGE_PATH', $_SESSION['SETS']['path']['base_url']. 'images/');
// Check access rights for adding new objects
if ($myVisClass->checkAccGroup($prePageKey,'write') != 0) $conttp->setVariable("ADD_CONTROL","disabled=\"disabled\"");
$conttp->parse("passwordsite");
$conttp->show("passwordsite");
if ($myVisClass->checkAccountGroup($prePageKey, 'write') != 0) {
$conttp->setVariable('ADD_CONTROL', 'disabled="disabled"');
}
$conttp->parse('passwordsite');
$conttp->show('passwordsite');
//
// Include footer
// ==============
$maintp->setVariable("VERSION_INFO","<a href='http://www.nagiosql.org' target='_blank'>NagiosQL</a> $setFileVersion");
$maintp->parse("footer");
$maintp->show("footer");
?>
$maintp->setVariable('VERSION_INFO', "<a href='https://sourceforge.net/projects/nagiosql/' "
. "target='_blank'>NagiosQL</a> $setFileVersion");
$maintp->parse('footer');
$maintp->show('footer');