|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* @file install.queries.php |
|
4
|
|
|
* @author Nils Laumaillé |
|
5
|
|
|
* @version 2.1.27 |
|
6
|
|
|
* @copyright (c) 2009-2017 Nils Laumaillé |
|
7
|
|
|
* @licensing GNU AFFERO GPL 3.0 |
|
8
|
|
|
* @link http://www.teampass.net |
|
9
|
|
|
* |
|
10
|
|
|
* This library is distributed in the hope that it will be useful, |
|
11
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
12
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
|
13
|
|
|
*/ |
|
14
|
|
|
require_once('../sources/SecureHandler.php'); |
|
15
|
|
|
session_start(); |
|
16
|
|
|
error_reporting(E_ERROR | E_PARSE); |
|
17
|
|
|
header("Content-type: text/html; charset=utf-8"); |
|
18
|
|
|
$session_db_encoding = "utf8"; |
|
19
|
|
|
|
|
20
|
|
|
function chmodRecursive($dir, $dirPermissions, $filePermissions) |
|
21
|
|
|
{ |
|
22
|
|
|
$pointer_dir = opendir($dir); |
|
|
|
|
|
|
23
|
|
|
$res = true; |
|
24
|
|
|
while ($file = readdir($pointer_dir)) { |
|
25
|
|
|
if (($file == ".") || ($file == "..")) { |
|
26
|
|
|
continue; |
|
27
|
|
|
} |
|
28
|
|
|
|
|
29
|
|
|
$fullPath = $dir."/".$file; |
|
30
|
|
|
|
|
31
|
|
|
if (is_dir($fullPath)) { |
|
32
|
|
|
if ($res = @chmod($fullPath, $dirPermissions)) { |
|
|
|
|
|
|
33
|
|
|
$res = @chmodRecursive($fullPath, $dirPermissions, $filePermissions); |
|
34
|
|
|
} |
|
35
|
|
|
} else { |
|
36
|
|
|
$res = chmod($fullPath, $filePermissions); |
|
|
|
|
|
|
37
|
|
|
} |
|
38
|
|
|
if (!$res) { |
|
39
|
|
|
closedir($pointer_dir); |
|
40
|
|
|
return false; |
|
41
|
|
|
} |
|
42
|
|
|
} |
|
43
|
|
|
closedir($pointer_dir); |
|
44
|
|
|
if (is_dir($dir) && $res) { |
|
45
|
|
|
$res = @chmod($dir, $dirPermissions); |
|
|
|
|
|
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
return $res; |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
/** |
|
52
|
|
|
* genHash() |
|
53
|
|
|
* |
|
54
|
|
|
* Generate a hash for user login |
|
55
|
|
|
* @param string $password |
|
56
|
|
|
*/ |
|
57
|
|
View Code Duplication |
function bCrypt($password, $cost) |
|
|
|
|
|
|
58
|
|
|
{ |
|
59
|
|
|
$salt = sprintf('$2y$%02d$', $cost); |
|
60
|
|
|
if (function_exists('openssl_random_pseudo_bytes')) { |
|
61
|
|
|
$salt .= bin2hex(openssl_random_pseudo_bytes(11)); |
|
62
|
|
|
} else { |
|
63
|
|
|
$chars = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; |
|
64
|
|
|
for ($i = 0; $i < 22; $i++) { |
|
65
|
|
|
$salt .= $chars[mt_rand(0, 63)]; |
|
66
|
|
|
} |
|
67
|
|
|
} |
|
68
|
|
|
return crypt($password, $salt); |
|
69
|
|
|
} |
|
70
|
|
|
|
|
71
|
|
|
/** |
|
72
|
|
|
* Permits to encrypt a message using Defuse |
|
73
|
|
|
* @param string $message Message to encrypt |
|
74
|
|
|
* @param string $ascii_key Key to hash |
|
75
|
|
|
* @return array String + Error |
|
76
|
|
|
*/ |
|
77
|
|
|
function encryptFollowingDefuse($message, $ascii_key) |
|
78
|
|
|
{ |
|
79
|
|
|
// load PhpEncryption library |
|
80
|
|
|
$path = '../includes/libraries/Encryption/Encryption/'; |
|
81
|
|
|
require_once $path.'Crypto.php'; |
|
82
|
|
|
require_once $path.'Encoding.php'; |
|
83
|
|
|
require_once $path.'DerivedKeys.php'; |
|
84
|
|
|
require_once $path.'Key.php'; |
|
85
|
|
|
require_once $path.'KeyOrPassword.php'; |
|
86
|
|
|
require_once $path.'File.php'; |
|
87
|
|
|
require_once $path.'RuntimeTests.php'; |
|
88
|
|
|
require_once $path.'KeyProtectedByPassword.php'; |
|
89
|
|
|
require_once $path.'Core.php'; |
|
90
|
|
|
|
|
91
|
|
|
// convert KEY |
|
92
|
|
|
$key = \Defuse\Crypto\Key::loadFromAsciiSafeString($ascii_key); |
|
93
|
|
|
|
|
94
|
|
|
try { |
|
95
|
|
|
$text = \Defuse\Crypto\Crypto::encrypt($message, $key); |
|
96
|
|
|
} catch (Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { |
|
97
|
|
|
$err = "an attack! either the wrong key was loaded, or the ciphertext has changed since it was created either corrupted in the database or intentionally modified by someone trying to carry out an attack."; |
|
98
|
|
|
} catch (Defuse\Crypto\Exception\BadFormatException $ex) { |
|
99
|
|
|
$err = $ex; |
|
100
|
|
|
} catch (Defuse\Crypto\Exception\EnvironmentIsBrokenException $ex) { |
|
101
|
|
|
$err = $ex; |
|
102
|
|
|
} catch (Defuse\Crypto\Exception\CryptoException $ex) { |
|
103
|
|
|
$err = $ex; |
|
104
|
|
|
} catch (Defuse\Crypto\Exception\IOException $ex) { |
|
105
|
|
|
$err = $ex; |
|
106
|
|
|
} |
|
107
|
|
|
|
|
108
|
|
|
return array( |
|
109
|
|
|
'string' => isset($text) ? $text : "", |
|
110
|
|
|
'error' => $err |
|
|
|
|
|
|
111
|
|
|
); |
|
112
|
|
|
} |
|
113
|
|
|
|
|
114
|
|
|
|
|
115
|
|
|
// Prepare POST variables |
|
116
|
|
|
$post_type = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING); |
|
117
|
|
|
$post_data = filter_input(INPUT_POST, 'data', FILTER_SANITIZE_STRING); |
|
118
|
|
|
$post_activity = filter_input(INPUT_POST, 'activity', FILTER_SANITIZE_STRING); |
|
119
|
|
|
$post_task = filter_input(INPUT_POST, 'task', FILTER_SANITIZE_STRING); |
|
120
|
|
|
$post_index = filter_input(INPUT_POST, 'index', FILTER_SANITIZE_NUMBER_INT); |
|
121
|
|
|
$post_multiple = filter_input(INPUT_POST, 'multiple', FILTER_SANITIZE_STRING); |
|
122
|
|
|
$post_db = filter_input(INPUT_POST, 'db', FILTER_SANITIZE_STRING); |
|
123
|
|
|
|
|
124
|
|
|
// Load libraries |
|
125
|
|
|
require_once '../includes/libraries/protect/SuperGlobal/SuperGlobal.php'; |
|
126
|
|
|
$superGlobal = new protect\SuperGlobal\SuperGlobal(); |
|
127
|
|
|
|
|
128
|
|
|
// Prepare SESSION variables |
|
129
|
|
|
$session_url_path = $superGlobal->get("url_path", "SESSION"); |
|
130
|
|
|
$session_abspath = $superGlobal->get("abspath", "SESSION"); |
|
131
|
|
|
$session_db_encoding = $superGlobal->get("db_encoding", "SESSION"); |
|
132
|
|
|
|
|
133
|
|
|
$superGlobal->put("CPM", 1, "SESSION"); |
|
134
|
|
|
|
|
135
|
|
|
if (null !== $post_type) { |
|
136
|
|
|
switch ($post_type) { |
|
137
|
|
|
case "step_2": |
|
138
|
|
|
//decrypt |
|
139
|
|
|
require_once 'libs/aesctr.php'; // AES Counter Mode implementation |
|
140
|
|
|
$json = Encryption\Crypt\aesctr::decrypt($post_data, "cpm", 128); |
|
|
|
|
|
|
141
|
|
|
$data = json_decode($json, true); |
|
142
|
|
|
$json = Encryption\Crypt\aesctr::decrypt($post_activity, "cpm", 128); |
|
|
|
|
|
|
143
|
|
|
$data = array_merge($data, array("activity" => $json)); |
|
144
|
|
|
$json = Encryption\Crypt\aesctr::decrypt($post_task, "cpm", 128); |
|
|
|
|
|
|
145
|
|
|
$data = array_merge($data, array("task" => $json)); |
|
146
|
|
|
|
|
147
|
|
|
$abspath = str_replace('\\', '/', $data['root_path']); |
|
148
|
|
View Code Duplication |
if (substr($abspath, strlen($abspath) - 1) == "/") { |
|
149
|
|
|
$abspath = substr($abspath, 0, strlen($abspath) - 1); |
|
150
|
|
|
} |
|
151
|
|
|
$session_abspath = $abspath; |
|
152
|
|
|
$session_url_path = $data['url_path']; |
|
153
|
|
|
|
|
154
|
|
|
if (isset($data['activity']) && $data['activity'] === "folder") { |
|
155
|
|
|
if (is_writable($abspath."/".$data['task']."/") === true) { |
|
156
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
157
|
|
|
} else { |
|
158
|
|
|
echo '[{"error" : " Path '.$data['task'].' is not writable!", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
159
|
|
|
} |
|
160
|
|
|
break; |
|
161
|
|
|
} |
|
162
|
|
|
|
|
163
|
|
View Code Duplication |
if (isset($data['activity']) && $data['activity'] === "extension") { |
|
164
|
|
|
if (extension_loaded($data['task'])) { |
|
165
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
166
|
|
|
} else { |
|
167
|
|
|
echo '[{"error" : " Extension '.$data['task'].' is not loaded!", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
168
|
|
|
} |
|
169
|
|
|
break; |
|
170
|
|
|
} |
|
171
|
|
|
|
|
172
|
|
View Code Duplication |
if (isset($data['activity']) && $data['activity'] === "function") { |
|
173
|
|
|
if (function_exists($data['task'])) { |
|
174
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
175
|
|
|
} else { |
|
176
|
|
|
echo '[{"error" : " Function '.$data['task'].' is not available!", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
177
|
|
|
} |
|
178
|
|
|
break; |
|
179
|
|
|
} |
|
180
|
|
|
|
|
181
|
|
|
if (isset($data['activity']) && $data['activity'] === "version") { |
|
182
|
|
View Code Duplication |
if (version_compare(phpversion(), '5.5.0', '>=')) { |
|
183
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
184
|
|
|
} else { |
|
185
|
|
|
echo '[{"error" : "PHP version '.phpversion().' is not OK (minimum is 5.5.0)", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
186
|
|
|
} |
|
187
|
|
|
break; |
|
188
|
|
|
} |
|
189
|
|
|
|
|
190
|
|
|
if (isset($data['activity']) && $data['activity'] === "ini") { |
|
191
|
|
View Code Duplication |
if (ini_get($data['task']) >= 60) { |
|
192
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'"}]'; |
|
193
|
|
|
} else { |
|
194
|
|
|
echo '[{"error" : "PHP \"Maximum execution time\" is set to '.ini_get('max_execution_time').' seconds. Please try to set to 60s at least during installation.", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
195
|
|
|
} |
|
196
|
|
|
break; |
|
197
|
|
|
} |
|
198
|
|
|
break; |
|
199
|
|
|
|
|
200
|
|
|
case "step_3": |
|
201
|
|
|
//decrypt |
|
202
|
|
|
require_once 'libs/aesctr.php'; // AES Counter Mode implementation |
|
203
|
|
|
$json = Encryption\Crypt\aesctr::decrypt($post_data, "cpm", 128); |
|
|
|
|
|
|
204
|
|
|
$data = json_decode($json, true); |
|
205
|
|
|
$json = Encryption\Crypt\aesctr::decrypt($post_db, "cpm", 128); |
|
|
|
|
|
|
206
|
|
|
$db = json_decode($json, true); |
|
207
|
|
|
|
|
208
|
|
|
// launch |
|
209
|
|
|
if ($dbTmp = mysqli_connect($db['db_host'], $db['db_login'], $db['db_pw'], $db['db_bdd'], $db['db_port'])) { |
|
210
|
|
|
// create temporary INSTALL mysqli table |
|
211
|
|
|
$mysqli_result = mysqli_query( |
|
212
|
|
|
$dbTmp, |
|
213
|
|
|
"CREATE TABLE IF NOT EXISTS `_install` ( |
|
214
|
|
|
`key` varchar(100) NOT NULL, |
|
215
|
|
|
`value` varchar(500) NOT NULL |
|
216
|
|
|
) CHARSET=utf8;" |
|
217
|
|
|
); |
|
218
|
|
|
// store values |
|
219
|
|
View Code Duplication |
foreach ($data as $key => $value) { |
|
220
|
|
|
$superGlobal->put($key, $value, "SESSION"); |
|
221
|
|
|
$tmp = mysqli_num_rows(mysqli_query($db_link, "SELECT * FROM `_install` WHERE `key` = '".$key."'")); |
|
222
|
|
|
if (intval($tmp) === 0) { |
|
223
|
|
|
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('".$key."', '".$value."');"); |
|
224
|
|
|
} else { |
|
225
|
|
|
mysqli_query($dbTmp, "UPDATE `_install` SET `value` = '".$value."' WHERE `key` = '".$key."';"); |
|
226
|
|
|
} |
|
227
|
|
|
} |
|
228
|
|
|
$tmp = mysqli_num_rows(mysqli_query($db_link, "SELECT * FROM `_install` WHERE `key` = 'url_path'")); |
|
229
|
|
View Code Duplication |
if (intval($tmp) === 0) { |
|
230
|
|
|
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('url_path', '", empty($session_url_path) ? $db['url_path'] : $session_url_path, "');"); |
|
231
|
|
|
} else { |
|
232
|
|
|
mysqli_query($dbTmp, "UPDATE `_install` SET `value` = '", empty($session_url_path) ? $db['url_path'] : $session_url_path, "' WHERE `key` = 'url_path';"); |
|
233
|
|
|
} |
|
234
|
|
|
$tmp = mysqli_num_rows(mysqli_query($db_link, "SELECT * FROM `_install` WHERE `key` = 'abspath'")); |
|
235
|
|
View Code Duplication |
if (intval($tmp) === 0) { |
|
236
|
|
|
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('abspath', '", empty($session_abspath) ? $db['abspath'] : $session_abspath, "');"); |
|
237
|
|
|
} else { |
|
238
|
|
|
mysqli_query($dbTmp, "UPDATE `_install` SET `value` = '", empty($session_abspath) ? $db['abspath'] : $session_abspath, "' WHERE `key` = 'abspath';"); |
|
239
|
|
|
} |
|
240
|
|
|
|
|
241
|
|
|
echo '[{"error" : "", "result" : "Connection is successful", "multiple" : ""}]'; |
|
242
|
|
View Code Duplication |
} else { |
|
243
|
|
|
echo '[{"error" : "'.addslashes(str_replace(array("'", "\n", "\r"), array('"', '', ''), mysqli_connect_error())).'", "result" : "Failed", "multiple" : ""}]'; |
|
244
|
|
|
} |
|
245
|
|
|
mysqli_close($dbTmp); |
|
246
|
|
|
break; |
|
247
|
|
|
|
|
248
|
|
|
case "step_4": |
|
249
|
|
|
//decrypt |
|
250
|
|
|
require_once 'libs/aesctr.php'; // AES Counter Mode implementation |
|
251
|
|
|
$json = Encryption\Crypt\aesctr::decrypt($post_data, "cpm", 128); |
|
|
|
|
|
|
252
|
|
|
$data = json_decode($json, true); |
|
253
|
|
|
$json = Encryption\Crypt\aesctr::decrypt($post_db, "cpm", 128); |
|
|
|
|
|
|
254
|
|
|
$db = json_decode($json, true); |
|
255
|
|
|
|
|
256
|
|
|
$dbTmp = mysqli_connect($db['db_host'], $db['db_login'], $db['db_pw'], $db['db_bdd'], $db['db_port']); |
|
257
|
|
|
|
|
258
|
|
|
// prepare data |
|
259
|
|
|
foreach ($data as $key => $value) { |
|
260
|
|
|
$data[$key] = str_replace(array('"', '\'), array('""', '\\\\'), $value); |
|
261
|
|
|
} |
|
262
|
|
|
|
|
263
|
|
|
// check skpath |
|
264
|
|
|
if (empty($data['sk_path'])) { |
|
265
|
|
|
$data['sk_path'] = $session_abspath."/includes"; |
|
266
|
|
|
} else { |
|
267
|
|
|
$data['sk_path'] = str_replace("\", "/", $data['sk_path']); |
|
268
|
|
|
} |
|
269
|
|
|
if (substr($data['sk_path'], strlen($data['sk_path']) - 1) == "/" || substr($data['sk_path'], strlen($data['sk_path']) - 1) == "\"") { |
|
270
|
|
|
$data['sk_path'] = substr($data['sk_path'], 0, strlen($data['sk_path']) - 1); |
|
271
|
|
|
} |
|
272
|
|
|
if (is_dir($data['sk_path'])) { |
|
273
|
|
|
if (is_writable($data['sk_path'])) { |
|
274
|
|
|
// store all variables in SESSION |
|
275
|
|
View Code Duplication |
foreach ($data as $key => $value) { |
|
276
|
|
|
$superGlobal->put($key, $value, "SESSION"); |
|
277
|
|
|
$tmp = mysqli_num_rows(mysqli_query($db_link, "SELECT * FROM `_install` WHERE `key` = '".$key."'")); |
|
|
|
|
|
|
278
|
|
|
if (intval($tmp) === 0) { |
|
279
|
|
|
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('".$key."', '".$value."');"); |
|
|
|
|
|
|
280
|
|
|
} else { |
|
281
|
|
|
mysqli_query($dbTmp, "UPDATE `_install` SET `value` = '".$value."' WHERE `key` = '".$key."';"); |
|
|
|
|
|
|
282
|
|
|
} |
|
283
|
|
|
} |
|
284
|
|
|
echo '[{"error" : "", "result" : "Information stored", "multiple" : ""}]'; |
|
285
|
|
|
} else { |
|
286
|
|
|
echo '[{"error" : "The Directory must be writable!", "result" : "Information stored", "multiple" : ""}]'; |
|
287
|
|
|
} |
|
288
|
|
|
} else { |
|
289
|
|
|
echo '[{"error" : "'.$data['sk_path'].' is not a Directory!", "result" : "Information stored", "multiple" : ""}]'; |
|
|
|
|
|
|
290
|
|
|
} |
|
291
|
|
|
mysqli_close($dbTmp); |
|
292
|
|
|
break; |
|
293
|
|
|
|
|
294
|
|
|
case "step_5": |
|
295
|
|
|
//decrypt |
|
296
|
|
|
require_once 'libs/aesctr.php'; // AES Counter Mode implementation |
|
297
|
|
|
$activity = Encryption\Crypt\aesctr::decrypt($post_activity, "cpm", 128); |
|
|
|
|
|
|
298
|
|
|
$task = Encryption\Crypt\aesctr::decrypt($post_task, "cpm", 128); |
|
|
|
|
|
|
299
|
|
|
$json = Encryption\Crypt\aesctr::decrypt($post_db, "cpm", 128); |
|
|
|
|
|
|
300
|
|
|
$db = json_decode($json, true); |
|
301
|
|
|
|
|
302
|
|
|
// launch |
|
303
|
|
|
$dbTmp = mysqli_connect($db['db_host'], $db['db_login'], $db['db_pw'], $db['db_bdd'], $db['db_port']); |
|
304
|
|
|
$dbBdd = $db['db_bdd']; |
|
305
|
|
|
if ($dbTmp) { |
|
306
|
|
|
$mysqli_result = ""; |
|
307
|
|
|
|
|
308
|
|
|
// read install variables |
|
309
|
|
|
$result = mysqli_query($dbTmp, "SELECT * FROM `_install`"); |
|
310
|
|
|
while ($row = $result->fetch_array()) { |
|
311
|
|
|
$var[$row[0]] = $row[1]; |
|
312
|
|
|
} |
|
313
|
|
|
|
|
314
|
|
|
if ($activity === "table") { |
|
315
|
|
|
//FORCE UTF8 DATABASE |
|
316
|
|
|
mysqli_query($dbTmp, "ALTER DATABASE `".$dbBdd."` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci"); |
|
317
|
|
|
if ($task === "items") { |
|
318
|
|
|
$mysqli_result = mysqli_query( |
|
319
|
|
|
$dbTmp, |
|
320
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."items` ( |
|
321
|
|
|
`id` int(12) NOT null AUTO_INCREMENT, |
|
322
|
|
|
`label` varchar(500) NOT NULL, |
|
323
|
|
|
`description` text DEFAULT NULL, |
|
324
|
|
|
`pw` text DEFAULT NULL, |
|
325
|
|
|
`pw_iv` text DEFAULT NULL, |
|
326
|
|
|
`pw_len` int(5) NOT NULL DEFAULT '0', |
|
327
|
|
|
`url` varchar(500) DEFAULT NULL, |
|
328
|
|
|
`id_tree` varchar(10) DEFAULT NULL, |
|
329
|
|
|
`perso` tinyint(1) NOT null DEFAULT '0', |
|
330
|
|
|
`login` varchar(200) DEFAULT NULL, |
|
331
|
|
|
`inactif` tinyint(1) NOT null DEFAULT '0', |
|
332
|
|
|
`restricted_to` varchar(200) DEFAULT NULL, |
|
333
|
|
|
`anyone_can_modify` tinyint(1) NOT null DEFAULT '0', |
|
334
|
|
|
`email` varchar(100) DEFAULT NULL, |
|
335
|
|
|
`notification` varchar(250) DEFAULT NULL, |
|
336
|
|
|
`viewed_no` int(12) NOT null DEFAULT '0', |
|
337
|
|
|
`complexity_level` varchar(3) NOT null DEFAULT '-1', |
|
338
|
|
|
`auto_update_pwd_frequency` tinyint(2) NOT null DEFAULT '0', |
|
339
|
|
|
`auto_update_pwd_next_date` varchar(100) NOT null DEFAULT '0', |
|
340
|
|
|
`encryption_type` VARCHAR(20) NOT NULL DEFAULT 'not_set', |
|
341
|
|
|
PRIMARY KEY (`id`), |
|
342
|
|
|
KEY `restricted_inactif_idx` (`restricted_to`,`inactif`) |
|
343
|
|
|
) CHARSET=utf8;" |
|
344
|
|
|
); |
|
345
|
|
View Code Duplication |
} elseif ($task === "log_items") { |
|
346
|
|
|
$mysqli_result = mysqli_query( |
|
347
|
|
|
$dbTmp, |
|
348
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."log_items` ( |
|
349
|
|
|
`id_item` int(8) NOT NULL, |
|
350
|
|
|
`date` varchar(50) NOT NULL, |
|
351
|
|
|
`id_user` int(8) NOT NULL, |
|
352
|
|
|
`action` varchar(250) NULL, |
|
353
|
|
|
`raison` text NULL, |
|
354
|
|
|
`raison_iv` text NULL, |
|
355
|
|
|
`encryption_type` VARCHAR(20) NOT NULL DEFAULT 'not_set' |
|
356
|
|
|
) CHARSET=utf8;" |
|
357
|
|
|
); |
|
358
|
|
|
// create index |
|
359
|
|
|
mysqli_query( |
|
360
|
|
|
$dbTmp, |
|
361
|
|
|
"CREATE INDEX teampass_log_items_id_item_IDX ON ".$var['tbl_prefix']."log_items (id_item,date);" |
|
362
|
|
|
); |
|
363
|
|
|
} elseif ($task === "misc") { |
|
364
|
|
|
$mysqli_result = mysqli_query( |
|
365
|
|
|
$dbTmp, |
|
366
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."misc` ( |
|
367
|
|
|
`id` int(12) NOT null AUTO_INCREMENT, |
|
368
|
|
|
`type` varchar(50) NOT NULL, |
|
369
|
|
|
`intitule` varchar(100) NOT NULL, |
|
370
|
|
|
`valeur` varchar(500) NOT NULL, |
|
371
|
|
|
PRIMARY KEY (`id`) |
|
372
|
|
|
) CHARSET=utf8;" |
|
373
|
|
|
); |
|
374
|
|
|
|
|
375
|
|
|
// include constants |
|
376
|
|
|
require_once "../includes/config/include.php"; |
|
377
|
|
|
|
|
378
|
|
|
// prepare config file |
|
379
|
|
|
$tp_config_file = "../includes/config/tp.config.php"; |
|
380
|
|
View Code Duplication |
if (file_exists($tp_config_file)) { |
|
381
|
|
|
if (!copy($tp_config_file, $tp_config_file.'.'.date("Y_m_d", mktime(0, 0, 0, date('m'), date('d'), date('y'))))) { |
|
382
|
|
|
echo '[{"error" : "includes/config/tp.config.php file already exists and cannot be renamed. Please do it by yourself and click on button Launch.", "result":"", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
383
|
|
|
break; |
|
384
|
|
|
} else { |
|
385
|
|
|
unlink($tp_config_file); |
|
386
|
|
|
} |
|
387
|
|
|
} |
|
388
|
|
|
$file_handler = fopen($tp_config_file, 'w'); |
|
389
|
|
|
$config_text = "<?php |
|
390
|
|
|
global \$SETTINGS; |
|
391
|
|
|
\$SETTINGS = array ("; |
|
392
|
|
|
|
|
393
|
|
|
// add by default settings |
|
394
|
|
|
$aMiscVal = array( |
|
395
|
|
|
array('admin', 'max_latest_items', '10'), |
|
396
|
|
|
array('admin', 'enable_favourites', '1'), |
|
397
|
|
|
array('admin', 'show_last_items', '1'), |
|
398
|
|
|
array('admin', 'enable_pf_feature', '0'), |
|
399
|
|
|
array('admin', 'log_connections', '0'), |
|
400
|
|
|
array('admin', 'log_accessed', '1'), |
|
401
|
|
|
array('admin', 'time_format', 'H:i:s'), |
|
402
|
|
|
array('admin', 'date_format', 'd/m/Y'), |
|
403
|
|
|
array('admin', 'duplicate_folder', '0'), |
|
404
|
|
|
array('admin', 'item_duplicate_in_same_folder', '0'), |
|
405
|
|
|
array('admin', 'duplicate_item', '0'), |
|
406
|
|
|
array('admin', 'number_of_used_pw', '3'), |
|
407
|
|
|
array('admin', 'manager_edit', '1'), |
|
408
|
|
|
array('admin', 'cpassman_dir', $var['abspath']), |
|
409
|
|
|
array('admin', 'cpassman_url', $var['url_path']), |
|
410
|
|
|
array('admin', 'favicon', $var['url_path'].'/favicon.ico'), |
|
411
|
|
|
array('admin', 'path_to_upload_folder', $var['abspath'].'/upload'), |
|
412
|
|
|
array('admin', 'url_to_upload_folder', $var['url_path'].'/upload'), |
|
413
|
|
|
array('admin', 'path_to_files_folder', $var['abspath'].'/files'), |
|
414
|
|
|
array('admin', 'url_to_files_folder', $var['url_path'].'/files'), |
|
415
|
|
|
array('admin', 'activate_expiration', '0'), |
|
416
|
|
|
array('admin', 'pw_life_duration', '0'), |
|
417
|
|
|
array('admin', 'maintenance_mode', '1'), |
|
418
|
|
|
array('admin', 'enable_sts', '0'), |
|
419
|
|
|
array('admin', 'encryptClientServer', '1'), |
|
420
|
|
|
array('admin', 'cpassman_version', $SETTINGS_EXT['version']), |
|
421
|
|
|
array('admin', 'ldap_mode', '0'), |
|
422
|
|
|
array('admin', 'ldap_type', '0'), |
|
423
|
|
|
array('admin', 'ldap_suffix', '0'), |
|
424
|
|
|
array('admin', 'ldap_domain_dn', '0'), |
|
425
|
|
|
array('admin', 'ldap_domain_controler', '0'), |
|
426
|
|
|
array('admin', 'ldap_user_attribute', '0'), |
|
427
|
|
|
array('admin', 'ldap_ssl', '0'), |
|
428
|
|
|
array('admin', 'ldap_tls', '0'), |
|
429
|
|
|
array('admin', 'ldap_elusers', '0'), |
|
430
|
|
|
array('admin', 'ldap_search_base', '0'), |
|
431
|
|
|
array('admin', 'richtext', '0'), |
|
432
|
|
|
array('admin', 'allow_print', '0'), |
|
433
|
|
|
array('admin', 'roles_allowed_to_print', '0'), |
|
434
|
|
|
array('admin', 'show_description', '1'), |
|
435
|
|
|
array('admin', 'anyone_can_modify', '0'), |
|
436
|
|
|
array('admin', 'anyone_can_modify_bydefault', '0'), |
|
437
|
|
|
array('admin', 'nb_bad_authentication', '0'), |
|
438
|
|
|
array('admin', 'utf8_enabled', '1'), |
|
439
|
|
|
array('admin', 'restricted_to', '0'), |
|
440
|
|
|
array('admin', 'restricted_to_roles', '0'), |
|
441
|
|
|
array('admin', 'enable_send_email_on_user_login', '0'), |
|
442
|
|
|
array('admin', 'enable_user_can_create_folders', '0'), |
|
443
|
|
|
array('admin', 'insert_manual_entry_item_history', '0'), |
|
444
|
|
|
array('admin', 'enable_kb', '0'), |
|
445
|
|
|
array('admin', 'enable_email_notification_on_item_shown', '0'), |
|
446
|
|
|
array('admin', 'enable_email_notification_on_user_pw_change', '0'), |
|
447
|
|
|
array('admin', 'custom_logo', ''), |
|
448
|
|
|
array('admin', 'custom_login_text', ''), |
|
449
|
|
|
array('admin', 'default_language', 'english'), |
|
450
|
|
|
array('admin', 'send_stats', '0'), |
|
451
|
|
|
array('admin', 'send_statistics_items', 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;'), |
|
452
|
|
|
array('admin', 'send_stats_time', time() - 2592000), |
|
453
|
|
|
array('admin', 'get_tp_info', '1'), |
|
454
|
|
|
array('admin', 'send_mail_on_user_login', '0'), |
|
455
|
|
|
array('cron', 'sending_emails', '0'), |
|
456
|
|
|
array('admin', 'nb_items_by_query', 'auto'), |
|
457
|
|
|
array('admin', 'enable_delete_after_consultation', '0'), |
|
458
|
|
|
array('admin', 'enable_personal_saltkey_cookie', '0'), |
|
459
|
|
|
array('admin', 'personal_saltkey_cookie_duration', '31'), |
|
460
|
|
|
array('admin', 'email_smtp_server', ''), |
|
461
|
|
|
array('admin', 'email_smtp_auth', ''), |
|
462
|
|
|
array('admin', 'email_auth_username', ''), |
|
463
|
|
|
array('admin', 'email_auth_pwd', ''), |
|
464
|
|
|
array('admin', 'email_port', ''), |
|
465
|
|
|
array('admin', 'email_security', ''), |
|
466
|
|
|
array('admin', 'email_server_url', ''), |
|
467
|
|
|
array('admin', 'email_from', ''), |
|
468
|
|
|
array('admin', 'email_from_name', ''), |
|
469
|
|
|
array('admin', 'pwd_maximum_length', '40'), |
|
470
|
|
|
array('admin', 'google_authentication', '0'), |
|
471
|
|
|
array('admin', 'delay_item_edition', '0'), |
|
472
|
|
|
array('admin', 'allow_import', '0'), |
|
473
|
|
|
array('admin', 'proxy_ip', ''), |
|
474
|
|
|
array('admin', 'proxy_port', ''), |
|
475
|
|
|
array('admin', 'upload_maxfilesize', '10mb'), |
|
476
|
|
|
array('admin', 'upload_docext', 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx'), |
|
477
|
|
|
array('admin', 'upload_imagesext', 'jpg,jpeg,gif,png'), |
|
478
|
|
|
array('admin', 'upload_pkgext', '7z,rar,tar,zip'), |
|
479
|
|
|
array('admin', 'upload_otherext', 'sql,xml'), |
|
480
|
|
|
array('admin', 'upload_imageresize_options', '1'), |
|
481
|
|
|
array('admin', 'upload_imageresize_width', '800'), |
|
482
|
|
|
array('admin', 'upload_imageresize_height', '600'), |
|
483
|
|
|
array('admin', 'upload_imageresize_quality', '90'), |
|
484
|
|
|
array('admin', 'use_md5_password_as_salt', '0'), |
|
485
|
|
|
array('admin', 'ga_website_name', 'TeamPass for ChangeMe'), |
|
486
|
|
|
array('admin', 'api', '0'), |
|
487
|
|
|
array('admin', 'subfolder_rights_as_parent', '0'), |
|
488
|
|
|
array('admin', 'show_only_accessible_folders', '0'), |
|
489
|
|
|
array('admin', 'enable_suggestion', '0'), |
|
490
|
|
|
array('admin', 'otv_expiration_period', '7'), |
|
491
|
|
|
array('admin', 'default_session_expiration_time', '60'), |
|
492
|
|
|
array('admin', 'duo', '0'), |
|
493
|
|
|
array('admin', 'enable_server_password_change', '0'), |
|
494
|
|
|
array('admin', 'ldap_object_class', '0'), |
|
495
|
|
|
array('admin', 'bck_script_path', $var['abspath']."/backups"), |
|
496
|
|
|
array('admin', 'bck_script_filename', 'bck_teampass'), |
|
497
|
|
|
array('admin', 'syslog_enable', '0'), |
|
498
|
|
|
array('admin', 'syslog_host', 'localhost'), |
|
499
|
|
|
array('admin', 'syslog_port', '514'), |
|
500
|
|
|
array('admin', 'manager_move_item', '0'), |
|
501
|
|
|
array('admin', 'create_item_without_password', '0'), |
|
502
|
|
|
array('admin', 'otv_is_enabled', '0'), |
|
503
|
|
|
array('admin', 'agses_authentication_enabled', '0'), |
|
504
|
|
|
array('admin', 'item_extra_fields', '0'), |
|
505
|
|
|
array('admin', 'saltkey_ante_2127', 'none'), |
|
506
|
|
|
array('admin', 'migration_to_2127', 'done'), |
|
507
|
|
|
array('admin', 'files_with_defuse', 'done'), |
|
508
|
|
|
array('admin', 'timezone', 'UTC') |
|
509
|
|
|
); |
|
510
|
|
|
foreach ($aMiscVal as $elem) { |
|
511
|
|
|
//Check if exists before inserting |
|
512
|
|
|
$tmp = mysqli_num_rows( |
|
513
|
|
|
mysqli_query( |
|
514
|
|
|
$dbTmp, |
|
515
|
|
|
"SELECT * FROM `".$var['tbl_prefix']."misc` |
|
516
|
|
|
WHERE type='".$elem[0]."' AND intitule='".$elem[1]."'" |
|
517
|
|
|
) |
|
518
|
|
|
); |
|
519
|
|
|
if (intval($tmp) === 0) { |
|
520
|
|
|
$queryRes = mysqli_query( |
|
521
|
|
|
$dbTmp, |
|
522
|
|
|
"INSERT INTO `".$var['tbl_prefix']."misc` |
|
523
|
|
|
(`type`, `intitule`, `valeur`) VALUES |
|
524
|
|
|
('".$elem[0]."', '".$elem[1]."', '". |
|
525
|
|
|
str_replace("'", "", $elem[2])."');" |
|
526
|
|
|
); // or die(mysqli_error($dbTmp)) |
|
|
|
|
|
|
527
|
|
|
} |
|
528
|
|
|
|
|
529
|
|
|
// append new setting in config file |
|
530
|
|
|
$config_text .= " |
|
531
|
|
|
'".$elem[1]."' => '".str_replace("'", "", $elem[2])."',"; |
|
532
|
|
|
} |
|
533
|
|
|
|
|
534
|
|
|
// write to config file |
|
535
|
|
|
$result = fwrite( |
|
536
|
|
|
$file_handler, |
|
537
|
|
|
utf8_encode( |
|
538
|
|
|
substr_replace($config_text, "", -1)." |
|
539
|
|
|
);" |
|
540
|
|
|
) |
|
541
|
|
|
); |
|
542
|
|
|
fclose($file_handler); |
|
543
|
|
|
} elseif ($task === "nested_tree") { |
|
544
|
|
|
$mysqli_result = mysqli_query( |
|
545
|
|
|
$dbTmp, |
|
546
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."nested_tree` ( |
|
547
|
|
|
`id` bigint(20) unsigned NOT null AUTO_INCREMENT, |
|
548
|
|
|
`parent_id` int(11) NOT NULL, |
|
549
|
|
|
`title` varchar(255) NOT NULL, |
|
550
|
|
|
`nleft` int(11) NOT NULL DEFAULT '0', |
|
551
|
|
|
`nright` int(11) NOT NULL DEFAULT '0', |
|
552
|
|
|
`nlevel` int(11) NOT NULL DEFAULT '0', |
|
553
|
|
|
`bloquer_creation` tinyint(1) NOT null DEFAULT '0', |
|
554
|
|
|
`bloquer_modification` tinyint(1) NOT null DEFAULT '0', |
|
555
|
|
|
`personal_folder` tinyint(1) NOT null DEFAULT '0', |
|
556
|
|
|
`renewal_period` TINYINT(4) NOT null DEFAULT '0', |
|
557
|
|
|
PRIMARY KEY (`id`), |
|
558
|
|
|
UNIQUE KEY `id` (`id`), |
|
559
|
|
|
KEY `nested_tree_parent_id` (`parent_id`), |
|
560
|
|
|
KEY `nested_tree_nleft` (`nleft`), |
|
561
|
|
|
KEY `nested_tree_nright` (`nright`), |
|
562
|
|
|
KEY `nested_tree_nlevel` (`nlevel`), |
|
563
|
|
|
KEY `personal_folder_idx` (`personal_folder`) |
|
564
|
|
|
) CHARSET=utf8;" |
|
565
|
|
|
); |
|
566
|
|
|
} elseif ($task === "rights") { |
|
567
|
|
|
$mysqli_result = mysqli_query( |
|
568
|
|
|
$dbTmp, |
|
569
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."rights` ( |
|
570
|
|
|
`id` int(12) NOT null AUTO_INCREMENT, |
|
571
|
|
|
`tree_id` int(12) NOT NULL, |
|
572
|
|
|
`fonction_id` int(12) NOT NULL, |
|
573
|
|
|
`authorized` tinyint(1) NOT null DEFAULT '0', |
|
574
|
|
|
PRIMARY KEY (`id`) |
|
575
|
|
|
) CHARSET=utf8;" |
|
576
|
|
|
); |
|
577
|
|
|
} elseif ($task === "users") { |
|
578
|
|
|
$mysqli_result = mysqli_query( |
|
579
|
|
|
$dbTmp, |
|
580
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."users` ( |
|
581
|
|
|
`id` int(12) NOT null AUTO_INCREMENT, |
|
582
|
|
|
`login` varchar(50) NOT NULL, |
|
583
|
|
|
`pw` varchar(400) NOT NULL, |
|
584
|
|
|
`groupes_visibles` varchar(250) NOT NULL, |
|
585
|
|
|
`derniers` text NULL, |
|
586
|
|
|
`key_tempo` varchar(100) NULL, |
|
587
|
|
|
`last_pw_change` varchar(30) NULL, |
|
588
|
|
|
`last_pw` text NULL, |
|
589
|
|
|
`admin` tinyint(1) NOT null DEFAULT '0', |
|
590
|
|
|
`fonction_id` varchar(255) NULL, |
|
591
|
|
|
`groupes_interdits` varchar(255) NULL, |
|
592
|
|
|
`last_connexion` varchar(30) NULL, |
|
593
|
|
|
`gestionnaire` int(11) NOT null DEFAULT '0', |
|
594
|
|
|
`email` varchar(300) NOT NULL, |
|
595
|
|
|
`favourites` varchar(300) NULL, |
|
596
|
|
|
`latest_items` varchar(300) NULL, |
|
597
|
|
|
`personal_folder` int(1) NOT null DEFAULT '0', |
|
598
|
|
|
`disabled` tinyint(1) NOT null DEFAULT '0', |
|
599
|
|
|
`no_bad_attempts` tinyint(1) NOT null DEFAULT '0', |
|
600
|
|
|
`can_create_root_folder` tinyint(1) NOT null DEFAULT '0', |
|
601
|
|
|
`read_only` tinyint(1) NOT null DEFAULT '0', |
|
602
|
|
|
`timestamp` varchar(30) NOT null DEFAULT '0', |
|
603
|
|
|
`user_language` varchar(50) NOT null DEFAULT '0', |
|
604
|
|
|
`name` varchar(100) NULL, |
|
605
|
|
|
`lastname` varchar(100) NULL, |
|
606
|
|
|
`session_end` varchar(30) NULL, |
|
607
|
|
|
`isAdministratedByRole` tinyint(5) NOT null DEFAULT '0', |
|
608
|
|
|
`psk` varchar(400) NULL, |
|
609
|
|
|
`ga` varchar(50) NULL, |
|
610
|
|
|
`ga_temporary_code` VARCHAR(20) NOT NULL DEFAULT 'none', |
|
611
|
|
|
`avatar` varchar(255) NULL, |
|
612
|
|
|
`avatar_thumb` varchar(255) NULL, |
|
613
|
|
|
`upgrade_needed` BOOLEAN NOT NULL DEFAULT FALSE, |
|
614
|
|
|
`treeloadstrategy` varchar(30) NOT null DEFAULT 'full', |
|
615
|
|
|
`can_manage_all_users` tinyint(1) NOT NULL DEFAULT '0', |
|
616
|
|
|
`usertimezone` VARCHAR(50) NOT NULL DEFAULT 'not_defined', |
|
617
|
|
|
`agses-usercardid` VARCHAR(50) NOT NULL DEFAULT '0', |
|
618
|
|
|
`encrypted_psk` text NULL, |
|
619
|
|
|
`user_ip` varchar(60) NOT null DEFAULT 'none', |
|
620
|
|
|
PRIMARY KEY (`id`), |
|
621
|
|
|
UNIQUE KEY `login` (`login`) |
|
622
|
|
|
) CHARSET=utf8;" |
|
623
|
|
|
); |
|
624
|
|
|
} elseif ($task === "tags") { |
|
625
|
|
|
$mysqli_result = mysqli_query( |
|
626
|
|
|
$dbTmp, |
|
627
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."tags` ( |
|
628
|
|
|
`id` int(12) NOT null AUTO_INCREMENT, |
|
629
|
|
|
`tag` varchar(30) NOT NULL, |
|
630
|
|
|
`item_id` int(12) NOT NULL, |
|
631
|
|
|
PRIMARY KEY (`id`), |
|
632
|
|
|
UNIQUE KEY `id` (`id`) |
|
633
|
|
|
) CHARSET=utf8;" |
|
634
|
|
|
); |
|
635
|
|
|
} elseif ($task === "log_system") { |
|
636
|
|
|
$mysqli_result = mysqli_query( |
|
637
|
|
|
$dbTmp, |
|
638
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."log_system` ( |
|
639
|
|
|
`id` int(12) NOT null AUTO_INCREMENT, |
|
640
|
|
|
`type` varchar(20) NOT NULL, |
|
641
|
|
|
`date` varchar(30) NOT NULL, |
|
642
|
|
|
`label` text NOT NULL, |
|
643
|
|
|
`qui` varchar(255) NOT NULL, |
|
644
|
|
|
`field_1` varchar(250) DEFAULT NULL, |
|
645
|
|
|
PRIMARY KEY (`id`) |
|
646
|
|
|
) CHARSET=utf8;" |
|
647
|
|
|
); |
|
648
|
|
|
} elseif ($task === "files") { |
|
649
|
|
|
$mysqli_result = mysqli_query( |
|
650
|
|
|
$dbTmp, |
|
651
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."files` ( |
|
652
|
|
|
`id` int(11) NOT null AUTO_INCREMENT, |
|
653
|
|
|
`id_item` int(11) NOT NULL, |
|
654
|
|
|
`name` varchar(100) NOT NULL, |
|
655
|
|
|
`size` int(10) NOT NULL, |
|
656
|
|
|
`extension` varchar(10) NOT NULL, |
|
657
|
|
|
`type` varchar(255) NOT NULL, |
|
658
|
|
|
`file` varchar(50) NOT NULL, |
|
659
|
|
|
`status` varchar(50) NOT NULL DEFAULT '0', |
|
660
|
|
|
PRIMARY KEY (`id`) |
|
661
|
|
|
) CHARSET=utf8;" |
|
662
|
|
|
); |
|
663
|
|
|
} elseif ($task === "cache") { |
|
664
|
|
|
$mysqli_result = mysqli_query( |
|
665
|
|
|
$dbTmp, |
|
666
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."cache` ( |
|
667
|
|
|
`id` int(12) NOT NULL, |
|
668
|
|
|
`label` varchar(500) NOT NULL, |
|
669
|
|
|
`description` text NOT NULL, |
|
670
|
|
|
`tags` text DEFAULT NULL, |
|
671
|
|
|
`id_tree` int(12) NOT NULL, |
|
672
|
|
|
`perso` tinyint(1) NOT NULL, |
|
673
|
|
|
`restricted_to` varchar(200) DEFAULT NULL, |
|
674
|
|
|
`login` varchar(200) DEFAULT NULL, |
|
675
|
|
|
`folder` varchar(300) NOT NULL, |
|
676
|
|
|
`author` varchar(50) NOT NULL, |
|
677
|
|
|
`renewal_period` tinyint(4) NOT NULL DEFAULT '0', |
|
678
|
|
|
`timestamp` varchar(50) DEFAULT NULL, |
|
679
|
|
|
`url` varchar(500) NOT NULL DEFAULT '0', |
|
680
|
|
|
`encryption_type` VARCHAR(50) DEFAULT NULL DEFAULT '0' |
|
681
|
|
|
) CHARSET=utf8;" |
|
682
|
|
|
); |
|
683
|
|
|
} elseif ($task === "roles_title") { |
|
684
|
|
|
$mysqli_result = mysqli_query( |
|
685
|
|
|
$dbTmp, |
|
686
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."roles_title` ( |
|
687
|
|
|
`id` int(12) NOT null AUTO_INCREMENT, |
|
688
|
|
|
`title` varchar(50) NOT NULL, |
|
689
|
|
|
`allow_pw_change` TINYINT(1) NOT null DEFAULT '0', |
|
690
|
|
|
`complexity` INT(5) NOT null DEFAULT '0', |
|
691
|
|
|
`creator_id` int(11) NOT null DEFAULT '0', |
|
692
|
|
|
PRIMARY KEY (`id`) |
|
693
|
|
|
) CHARSET=utf8;" |
|
694
|
|
|
); |
|
695
|
|
|
} elseif ($task === "roles_values") { |
|
696
|
|
|
$mysqli_result = mysqli_query( |
|
697
|
|
|
$dbTmp, |
|
698
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."roles_values` ( |
|
699
|
|
|
`role_id` int(12) NOT NULL, |
|
700
|
|
|
`folder_id` int(12) NOT NULL, |
|
701
|
|
|
`type` varchar(5) NOT NULL DEFAULT 'R', |
|
702
|
|
|
KEY `role_id_idx` (`role_id`) |
|
703
|
|
|
) CHARSET=utf8;" |
|
704
|
|
|
); |
|
705
|
|
|
} elseif ($task === "kb") { |
|
706
|
|
|
$mysqli_result = mysqli_query( |
|
707
|
|
|
$dbTmp, |
|
708
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."kb` ( |
|
709
|
|
|
`id` int(12) NOT null AUTO_INCREMENT, |
|
710
|
|
|
`category_id` int(12) NOT NULL, |
|
711
|
|
|
`label` varchar(200) NOT NULL, |
|
712
|
|
|
`description` text NOT NULL, |
|
713
|
|
|
`author_id` int(12) NOT NULL, |
|
714
|
|
|
`anyone_can_modify` tinyint(1) NOT null DEFAULT '0', |
|
715
|
|
|
PRIMARY KEY (`id`) |
|
716
|
|
|
) CHARSET=utf8;" |
|
717
|
|
|
); |
|
718
|
|
|
} elseif ($task === "kb_categories") { |
|
719
|
|
|
$mysqli_result = mysqli_query( |
|
720
|
|
|
$dbTmp, |
|
721
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."kb_categories` ( |
|
722
|
|
|
`id` int(12) NOT null AUTO_INCREMENT, |
|
723
|
|
|
`category` varchar(50) NOT NULL, |
|
724
|
|
|
PRIMARY KEY (`id`) |
|
725
|
|
|
) CHARSET=utf8;" |
|
726
|
|
|
); |
|
727
|
|
|
} elseif ($task === "kb_items") { |
|
728
|
|
|
$mysqli_result = mysqli_query( |
|
729
|
|
|
$dbTmp, |
|
730
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."kb_items` ( |
|
731
|
|
|
`kb_id` int(12) NOT NULL, |
|
732
|
|
|
`item_id` int(12) NOT NULL |
|
733
|
|
|
) CHARSET=utf8;" |
|
734
|
|
|
); |
|
735
|
|
View Code Duplication |
} elseif ($task == "restriction_to_roles") { |
|
736
|
|
|
$mysqli_result = mysqli_query( |
|
737
|
|
|
$dbTmp, |
|
738
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."restriction_to_roles` ( |
|
739
|
|
|
`role_id` int(12) NOT NULL, |
|
740
|
|
|
`item_id` int(12) NOT NULL, |
|
741
|
|
|
KEY `role_id_idx` (`role_id`) |
|
742
|
|
|
) CHARSET=utf8;" |
|
743
|
|
|
); |
|
744
|
|
|
} elseif ($task === "languages") { |
|
745
|
|
|
$mysqli_result = mysqli_query( |
|
746
|
|
|
$dbTmp, |
|
747
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."languages` ( |
|
748
|
|
|
`id` INT(10) NOT null AUTO_INCREMENT PRIMARY KEY , |
|
749
|
|
|
`name` VARCHAR(50) NOT null , |
|
750
|
|
|
`label` VARCHAR(50) NOT null , |
|
751
|
|
|
`code` VARCHAR(10) NOT null , |
|
752
|
|
|
`flag` VARCHAR(30) NOT NULL |
|
753
|
|
|
) CHARSET=utf8;" |
|
754
|
|
|
); |
|
755
|
|
|
|
|
756
|
|
|
// add lanaguages |
|
757
|
|
|
$tmp = mysqli_num_rows(mysqli_query($dbTmp, "SELECT * FROM `".$var['tbl_prefix']."languages` WHERE name = 'french'")); |
|
758
|
|
|
if ($tmp[0] == 0) { |
|
759
|
|
|
$mysql_result = mysqli_query( |
|
760
|
|
|
$dbTmp, |
|
761
|
|
|
"INSERT INTO `".$var['tbl_prefix']."languages` (`name`, `label`, `code`, `flag`) VALUES |
|
762
|
|
|
('french', 'French' , 'fr', 'fr.png'), |
|
763
|
|
|
('english', 'English' , 'us', 'us.png'), |
|
764
|
|
|
('spanish', 'Spanish' , 'es', 'es.png'), |
|
765
|
|
|
('german', 'German' , 'de', 'de.png'), |
|
766
|
|
|
('czech', 'Czech' , 'cz', 'cz.png'), |
|
767
|
|
|
('italian', 'Italian' , 'it', 'it.png'), |
|
768
|
|
|
('russian', 'Russian' , 'ru', 'ru.png'), |
|
769
|
|
|
('turkish', 'Turkish' , 'tr', 'tr.png'), |
|
770
|
|
|
('norwegian', 'Norwegian' , 'no', 'no.png'), |
|
771
|
|
|
('japanese', 'Japanese' , 'ja', 'ja.png'), |
|
772
|
|
|
('portuguese', 'Portuguese' , 'pr', 'pr.png'), |
|
773
|
|
|
('portuguese_br', 'Portuguese (Brazil)' , 'pr-bt', 'pr-bt.png'), |
|
774
|
|
|
('chinese', 'Chinese' , 'cn', 'cn.png'), |
|
775
|
|
|
('swedish', 'Swedish' , 'se', 'se.png'), |
|
776
|
|
|
('dutch', 'Dutch' , 'nl', 'nl.png'), |
|
777
|
|
|
('catalan', 'Catalan' , 'ct', 'ct.png'), |
|
778
|
|
|
('vietnamese', 'Vietnamese' , 'vi', 'vi.png'), |
|
779
|
|
|
('estonian', 'Estonian' , 'ee', 'ee.png');" |
|
780
|
|
|
); |
|
781
|
|
|
} |
|
782
|
|
|
} elseif ($task === "emails") { |
|
783
|
|
|
$mysqli_result = mysqli_query( |
|
784
|
|
|
$dbTmp, |
|
785
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."emails` ( |
|
786
|
|
|
`timestamp` INT(30) NOT null , |
|
787
|
|
|
`subject` VARCHAR(255) NOT null , |
|
788
|
|
|
`body` TEXT NOT null , |
|
789
|
|
|
`receivers` VARCHAR(255) NOT null , |
|
790
|
|
|
`status` VARCHAR(30) NOT NULL |
|
791
|
|
|
) CHARSET=utf8;" |
|
792
|
|
|
); |
|
793
|
|
|
} elseif ($task === "automatic_del") { |
|
794
|
|
|
$mysqli_result = mysqli_query( |
|
795
|
|
|
$dbTmp, |
|
796
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."automatic_del` ( |
|
797
|
|
|
`item_id` int(11) NOT NULL, |
|
798
|
|
|
`del_enabled` tinyint(1) NOT NULL, |
|
799
|
|
|
`del_type` tinyint(1) NOT NULL, |
|
800
|
|
|
`del_value` varchar(35) NOT NULL |
|
801
|
|
|
) CHARSET=utf8;" |
|
802
|
|
|
); |
|
803
|
|
|
} elseif ($task === "items_edition") { |
|
804
|
|
|
$mysqli_result = mysqli_query( |
|
805
|
|
|
$dbTmp, |
|
806
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."items_edition` ( |
|
807
|
|
|
`item_id` int(11) NOT NULL, |
|
808
|
|
|
`user_id` int(12) NOT NULL, |
|
809
|
|
|
`timestamp` varchar(50) NOT NULL |
|
810
|
|
|
) CHARSET=utf8;" |
|
811
|
|
|
); |
|
812
|
|
|
} elseif ($task === "categories") { |
|
813
|
|
|
$mysqli_result = mysqli_query( |
|
814
|
|
|
$dbTmp, |
|
815
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."categories` ( |
|
816
|
|
|
`id` int(12) NOT NULL AUTO_INCREMENT, |
|
817
|
|
|
`parent_id` int(12) NOT NULL, |
|
818
|
|
|
`title` varchar(255) NOT NULL, |
|
819
|
|
|
`level` int(2) NOT NULL, |
|
820
|
|
|
`description` text NULL, |
|
821
|
|
|
`type` varchar(50) NULL default '', |
|
822
|
|
|
`order` int(12) NOT NULL default '0', |
|
823
|
|
|
`encrypted_data` tinyint(1) NOT NULL default '1', |
|
824
|
|
|
PRIMARY KEY (`id`) |
|
825
|
|
|
) CHARSET=utf8;" |
|
826
|
|
|
); |
|
827
|
|
|
} elseif ($task === "categories_items") { |
|
828
|
|
|
$mysqli_result = mysqli_query( |
|
829
|
|
|
$dbTmp, |
|
830
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."categories_items` ( |
|
831
|
|
|
`id` int(12) NOT NULL AUTO_INCREMENT, |
|
832
|
|
|
`field_id` int(11) NOT NULL, |
|
833
|
|
|
`item_id` int(11) NOT NULL, |
|
834
|
|
|
`data` text NOT NULL, |
|
835
|
|
|
`data_iv` text NOT NULL, |
|
836
|
|
|
`encryption_type` VARCHAR(20) NOT NULL DEFAULT 'not_set', |
|
837
|
|
|
PRIMARY KEY (`id`) |
|
838
|
|
|
) CHARSET=utf8;" |
|
839
|
|
|
); |
|
840
|
|
|
} elseif ($task === "categories_folders") { |
|
841
|
|
|
$mysqli_result = mysqli_query( |
|
842
|
|
|
$dbTmp, |
|
843
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."categories_folders` ( |
|
844
|
|
|
`id_category` int(12) NOT NULL, |
|
845
|
|
|
`id_folder` int(12) NOT NULL |
|
846
|
|
|
) CHARSET=utf8;" |
|
847
|
|
|
); |
|
848
|
|
|
} elseif ($task === "api") { |
|
849
|
|
|
$mysqli_result = mysqli_query( |
|
850
|
|
|
$dbTmp, |
|
851
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."api` ( |
|
852
|
|
|
`id` int(20) NOT NULL AUTO_INCREMENT, |
|
853
|
|
|
`type` varchar(15) NOT NULL, |
|
854
|
|
|
`label` varchar(255) NOT NULL, |
|
855
|
|
|
`value` varchar(255) NOT NULL, |
|
856
|
|
|
`timestamp` varchar(50) NOT NULL, |
|
857
|
|
|
PRIMARY KEY (`id`) |
|
858
|
|
|
) CHARSET=utf8;" |
|
859
|
|
|
); |
|
860
|
|
|
} elseif ($task === "otv") { |
|
861
|
|
|
$mysqli_result = mysqli_query( |
|
862
|
|
|
$dbTmp, |
|
863
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."otv` ( |
|
864
|
|
|
`id` int(10) NOT NULL AUTO_INCREMENT, |
|
865
|
|
|
`timestamp` text NOT NULL, |
|
866
|
|
|
`code` varchar(100) NOT NULL, |
|
867
|
|
|
`item_id` int(12) NOT NULL, |
|
868
|
|
|
`originator` int(12) NOT NULL, |
|
869
|
|
|
PRIMARY KEY (`id`) |
|
870
|
|
|
) CHARSET=utf8;" |
|
871
|
|
|
); |
|
872
|
|
View Code Duplication |
} elseif ($task === "suggestion") { |
|
873
|
|
|
$mysqli_result = mysqli_query( |
|
874
|
|
|
$dbTmp, |
|
875
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."suggestion` ( |
|
876
|
|
|
`id` tinyint(12) NOT NULL AUTO_INCREMENT, |
|
877
|
|
|
`label` varchar(255) NOT NULL, |
|
878
|
|
|
`pw` text NOT NULL, |
|
879
|
|
|
`pw_iv` text NOT NULL, |
|
880
|
|
|
`pw_len` int(5) NOT NULL, |
|
881
|
|
|
`description` text NOT NULL, |
|
882
|
|
|
`author_id` int(12) NOT NULL, |
|
883
|
|
|
`folder_id` int(12) NOT NULL, |
|
884
|
|
|
`comment` text NOT NULL, |
|
885
|
|
|
`suggestion_type` varchar(10) NOT NULL default 'new', |
|
886
|
|
|
PRIMARY KEY (`id`) |
|
887
|
|
|
) CHARSET=utf8;" |
|
888
|
|
|
); |
|
889
|
|
|
|
|
890
|
|
|
$mysqli_result = mysqli_query( |
|
891
|
|
|
$dbTmp, |
|
892
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."export` ( |
|
893
|
|
|
`id` int(12) NOT NULL, |
|
894
|
|
|
`label` varchar(255) NOT NULL, |
|
895
|
|
|
`login` varchar(100) NOT NULL, |
|
896
|
|
|
`description` text NOT NULL, |
|
897
|
|
|
`pw` text NOT NULL, |
|
898
|
|
|
`path` varchar(500) NOT NULL, |
|
899
|
|
|
`email` varchar(500) NOT NULL default 'none', |
|
900
|
|
|
`url` varchar(500) NOT NULL default 'none', |
|
901
|
|
|
`kbs` varchar(500) NOT NULL default 'none', |
|
902
|
|
|
`tags` varchar(500) NOT NULL default 'none' |
|
903
|
|
|
) CHARSET=utf8;" |
|
904
|
|
|
); |
|
905
|
|
|
} elseif ($task === "tokens") { |
|
906
|
|
|
$mysqli_result = mysqli_query( |
|
907
|
|
|
$dbTmp, |
|
908
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."tokens` ( |
|
909
|
|
|
`id` int(12) NOT NULL AUTO_INCREMENT, |
|
910
|
|
|
`user_id` int(12) NOT NULL, |
|
911
|
|
|
`token` varchar(255) NOT NULL, |
|
912
|
|
|
`reason` varchar(255) NOT NULL, |
|
913
|
|
|
`creation_timestamp` varchar(50) NOT NULL, |
|
914
|
|
|
`end_timestamp` varchar(50) NOT NULL, |
|
915
|
|
|
PRIMARY KEY (`id`) |
|
916
|
|
|
) CHARSET=utf8;" |
|
917
|
|
|
); |
|
918
|
|
|
} elseif ($task === "items_change") { |
|
919
|
|
|
$mysqli_result = mysqli_query( |
|
920
|
|
|
$dbTmp, |
|
921
|
|
|
"CREATE TABLE IF NOT EXISTS `".$var['tbl_prefix']."items_change` ( |
|
922
|
|
|
`id` int(12) NOT NULL AUTO_INCREMENT, |
|
923
|
|
|
`item_id` int(12) NOT NULL, |
|
924
|
|
|
`label` varchar(255) NOT NULL DEFAULT 'none', |
|
925
|
|
|
`pw` text NOT NULL, |
|
926
|
|
|
`login` varchar(255) NOT NULL DEFAULT 'none', |
|
927
|
|
|
`email` varchar(255) NOT NULL DEFAULT 'none', |
|
928
|
|
|
`url` varchar(255) NOT NULL DEFAULT 'none', |
|
929
|
|
|
`description` text NOT NULL, |
|
930
|
|
|
`comment` text NOT NULL, |
|
931
|
|
|
`folder_id` tinyint(12) NOT NULL, |
|
932
|
|
|
`user_id` int(12) NOT NULL, |
|
933
|
|
|
`timestamp` varchar(50) NOT NULL DEFAULT 'none', |
|
934
|
|
|
PRIMARY KEY (`id`) |
|
935
|
|
|
) CHARSET=utf8;" |
|
936
|
|
|
); |
|
937
|
|
|
} |
|
938
|
|
|
} elseif ($activity === "populate") { |
|
939
|
|
|
// include constants |
|
940
|
|
|
require_once "../includes/config/include.php"; |
|
941
|
|
|
|
|
942
|
|
|
if ($task === "admin") { |
|
943
|
|
|
// check that admin accounts doesn't exist |
|
944
|
|
|
$tmp = mysqli_num_rows(mysqli_query($dbTmp, "SELECT * FROM `".$var['tbl_prefix']."users` WHERE login = 'admin'")); |
|
945
|
|
|
if ($tmp == 0) { |
|
946
|
|
|
$mysqli_result = mysqli_query( |
|
947
|
|
|
$dbTmp, |
|
948
|
|
|
"INSERT INTO `".$var['tbl_prefix']."users` (`id`, `login`, `pw`, `admin`, `gestionnaire`, `personal_folder`, `groupes_visibles`, `email`, `encrypted_psk`, `last_pw_change`) VALUES ('1', 'admin', '".bCrypt($var['admin_pwd'], '13')."', '1', '0', '0', '', '', '', '".time()."')" |
|
949
|
|
|
); |
|
950
|
|
|
} else { |
|
951
|
|
|
$mysqli_result = mysqli_query($dbTmp, "UPDATE `".$var['tbl_prefix']."users` SET `pw` = '".bCrypt($var['admin_pwd'], '13')."' WHERE login = 'admin' AND id = '1'"); |
|
952
|
|
|
} |
|
953
|
|
|
|
|
954
|
|
|
// check that API doesn't exist |
|
955
|
|
|
$tmp = mysqli_num_rows(mysqli_query($dbTmp, "SELECT * FROM `".$var['tbl_prefix']."users` WHERE id = '".API_USER_ID."'")); |
|
956
|
|
View Code Duplication |
if ($tmp == 0) { |
|
957
|
|
|
$mysqli_result = mysqli_query( |
|
958
|
|
|
$dbTmp, |
|
959
|
|
|
"INSERT INTO `".$var['tbl_prefix']."users` (`id`, `login`, `pw`, `groupes_visibles`, `derniers`, `key_tempo`, `last_pw_change`, `last_pw`, `admin`, `fonction_id`, `groupes_interdits`, `last_connexion`, `gestionnaire`, `email`, `favourites`, `latest_items`, `personal_folder`) VALUES ('".API_USER_ID."', 'API', '', '', '', '', '', '', '1', '', '', '', '0', '', '', '', '0')" |
|
960
|
|
|
); |
|
961
|
|
|
} |
|
962
|
|
|
|
|
963
|
|
|
// check that OTV doesn't exist |
|
964
|
|
|
$tmp = mysqli_num_rows(mysqli_query($dbTmp, "SELECT * FROM `".$var['tbl_prefix']."users` WHERE id = '".OTV_USER_ID."'")); |
|
965
|
|
View Code Duplication |
if ($tmp == 0) { |
|
966
|
|
|
$mysqli_result = mysqli_query( |
|
967
|
|
|
$dbTmp, |
|
968
|
|
|
"INSERT INTO `".$var['tbl_prefix']."users` (`id`, `login`, `pw`, `groupes_visibles`, `derniers`, `key_tempo`, `last_pw_change`, `last_pw`, `admin`, `fonction_id`, `groupes_interdits`, `last_connexion`, `gestionnaire`, `email`, `favourites`, `latest_items`, `personal_folder`) VALUES ('".OTV_USER_ID."', 'OTV', '', '', '', '', '', '', '1', '', '', '', '0', '', '', '', '0')" |
|
969
|
|
|
); |
|
970
|
|
|
} |
|
971
|
|
|
} |
|
972
|
|
|
} |
|
973
|
|
|
// answer back |
|
974
|
|
|
if ($mysqli_result) { |
|
975
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'", "task" : "'.$task.'", "activity" : "'.$activity.'"}]'; |
|
976
|
|
|
} else { |
|
977
|
|
|
echo '[{"error" : "'.addslashes(str_replace(array("'", "\n", "\r"), array('"', '', ''), mysqli_error())).'", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'", "table" : "'.$task.'"}]'; |
|
978
|
|
|
} |
|
979
|
|
View Code Duplication |
} else { |
|
980
|
|
|
echo '[{"error" : "'.addslashes(str_replace(array("'", "\n", "\r"), array('"', '', ''), mysqli_connect_error())).'", "result" : "Failed", "multiple" : ""}]'; |
|
981
|
|
|
} |
|
982
|
|
|
|
|
983
|
|
|
mysqli_close($dbTmp); |
|
984
|
|
|
// Destroy session without writing to disk |
|
985
|
|
|
define('NODESTROY_SESSION', 'true'); |
|
986
|
|
|
session_destroy(); |
|
987
|
|
|
break; |
|
988
|
|
|
|
|
989
|
|
|
case "step_6": |
|
990
|
|
|
//decrypt |
|
991
|
|
|
require_once 'libs/aesctr.php'; // AES Counter Mode implementation |
|
992
|
|
|
$activity = Encryption\Crypt\aesctr::decrypt($post_activity, "cpm", 128); |
|
|
|
|
|
|
993
|
|
|
$data_sent = Encryption\Crypt\aesctr::decrypt($post_data, "cpm", 128); |
|
|
|
|
|
|
994
|
|
|
$data_sent = json_decode($data_sent, true); |
|
995
|
|
|
$task = Encryption\Crypt\aesctr::decrypt($post_task, "cpm", 128); |
|
|
|
|
|
|
996
|
|
|
$json = Encryption\Crypt\aesctr::decrypt($post_db, "cpm", 128); |
|
|
|
|
|
|
997
|
|
|
$db = json_decode($json, true); |
|
998
|
|
|
|
|
999
|
|
|
$dbTmp = mysqli_connect( |
|
1000
|
|
|
$db['db_host'], |
|
1001
|
|
|
$db['db_login'], |
|
1002
|
|
|
$db['db_pw'], |
|
1003
|
|
|
$db['db_bdd'], |
|
1004
|
|
|
$db['db_port'] |
|
1005
|
|
|
); |
|
1006
|
|
|
|
|
1007
|
|
|
// read install variables |
|
1008
|
|
|
$result = mysqli_query($dbTmp, "SELECT * FROM `_install`"); |
|
1009
|
|
|
while ($row = $result->fetch_array()) { |
|
1010
|
|
|
$var[$row[0]] = $row[1]; |
|
1011
|
|
|
} |
|
1012
|
|
|
|
|
1013
|
|
|
// launch |
|
1014
|
|
|
if (empty($var['sk_path'])) { |
|
1015
|
|
|
$skFile = $var['abspath'].'/includes/sk.php'; |
|
1016
|
|
|
$securePath = $var['abspath']; |
|
1017
|
|
|
} else { |
|
1018
|
|
|
//ensure $var['sk_path'] has no trailing slash |
|
1019
|
|
|
$var['sk_path'] = rtrim($var['sk_path'], '/\\'); |
|
1020
|
|
|
$skFile = $var['sk_path'].'/sk.php'; |
|
1021
|
|
|
$securePath = $var['sk_path']; |
|
1022
|
|
|
} |
|
1023
|
|
|
|
|
1024
|
|
|
$events = ""; |
|
1025
|
|
|
|
|
1026
|
|
|
if ($activity === "file") { |
|
1027
|
|
|
if ($task === "settings.php") { |
|
1028
|
|
|
$filename = "../includes/config/settings.php"; |
|
1029
|
|
|
|
|
1030
|
|
|
if (file_exists($filename)) { |
|
1031
|
|
|
if (!copy($filename, $filename.'.'.date("Y_m_d", mktime(0, 0, 0, date('m'), date('d'), date('y'))))) { |
|
1032
|
|
|
echo '[{"error" : "Setting.php file already exists and cannot be renamed. Please do it by yourself and click on button Launch.", "result":"", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1033
|
|
|
break; |
|
1034
|
|
|
} else { |
|
1035
|
|
|
$events .= "The file $filename already exist. A copy has been created.<br />"; |
|
1036
|
|
|
unlink($filename); |
|
1037
|
|
|
} |
|
1038
|
|
|
} |
|
1039
|
|
|
|
|
1040
|
|
|
// Encrypt the DB password |
|
1041
|
|
|
$encrypted_text = encryptFollowingDefuse( |
|
1042
|
|
|
$db['db_pw'], |
|
1043
|
|
|
file_get_contents($securePath."/teampass-seckey.txt") |
|
1044
|
|
|
)['string']; |
|
1045
|
|
|
|
|
1046
|
|
|
// Open and write Settings file |
|
1047
|
|
|
$file_handler = fopen($filename, 'w'); |
|
1048
|
|
|
$result = fwrite( |
|
1049
|
|
|
$file_handler, |
|
1050
|
|
|
utf8_encode( |
|
|
|
|
|
|
1051
|
|
|
"<?php |
|
1052
|
|
|
global \$lang, \$txt, \$pathTeampas, \$urlTeampass, \$pwComplexity, \$mngPages; |
|
1053
|
|
|
global \$server, \$user, \$pass, \$database, \$pre, \$db, \$port, \$encoding; |
|
1054
|
|
|
|
|
1055
|
|
|
### DATABASE connexion parameters ### |
|
1056
|
|
|
\$server = \"".$db['db_host']."\"; |
|
1057
|
|
|
\$user = \"".$db['db_login']."\"; |
|
1058
|
|
|
\$pass = \"".str_replace("$", "\\$", $encrypted_text)."\"; |
|
1059
|
|
|
\$database = \"".$db['db_bdd']."\"; |
|
1060
|
|
|
\$pre = \"".$var['tbl_prefix']."\"; |
|
1061
|
|
|
\$port = ".$db['db_port']."; |
|
1062
|
|
|
\$encoding = \"".$session_db_encoding."\"; |
|
1063
|
|
|
|
|
1064
|
|
|
@date_default_timezone_set(\$_SESSION['settings']['timezone']); |
|
1065
|
|
|
@define('SECUREPATH', '".$securePath."'); |
|
1066
|
|
|
if (file_exists(\"".str_replace('\\', '/', $skFile)."\")) { |
|
1067
|
|
|
require_once \"".str_replace('\\', '/', $skFile)."\"; |
|
1068
|
|
|
} |
|
1069
|
|
|
" |
|
1070
|
|
|
) |
|
1071
|
|
|
); |
|
1072
|
|
|
fclose($file_handler); |
|
1073
|
|
View Code Duplication |
if ($result === false) { |
|
1074
|
|
|
echo '[{"error" : "Setting.php file could not be created. Please check the path and the rights", "result":"", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1075
|
|
|
} else { |
|
1076
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1077
|
|
|
} |
|
1078
|
|
|
} elseif ($task === "sk.php") { |
|
1079
|
|
|
//Create sk.php file |
|
1080
|
|
View Code Duplication |
if (file_exists($skFile)) { |
|
1081
|
|
|
if (!copy($skFile, $skFile.'.'.date("Y_m_d", mktime(0, 0, 0, date('m'), date('d'), date('y'))))) { |
|
1082
|
|
|
echo '[{"error" : "sk.php file already exists and cannot be renamed. Please do it by yourself and click on button Launch.", "result":"", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1083
|
|
|
break; |
|
1084
|
|
|
} else { |
|
1085
|
|
|
unlink($skFile); |
|
1086
|
|
|
} |
|
1087
|
|
|
} |
|
1088
|
|
|
$file_handler = fopen($skFile, 'w'); |
|
1089
|
|
|
|
|
1090
|
|
|
$result = fwrite( |
|
1091
|
|
|
$file_handler, |
|
1092
|
|
|
utf8_encode( |
|
1093
|
|
|
"<?php |
|
1094
|
|
|
@define('COST', '13'); // Don't change this. |
|
1095
|
|
|
@define('AKEY', ''); |
|
1096
|
|
|
@define('IKEY', ''); |
|
1097
|
|
|
@define('SKEY', ''); |
|
1098
|
|
|
@define('HOST', ''); |
|
1099
|
|
|
?>" |
|
1100
|
|
|
) |
|
1101
|
|
|
); |
|
1102
|
|
|
fclose($file_handler); |
|
1103
|
|
|
|
|
1104
|
|
|
// finalize |
|
1105
|
|
View Code Duplication |
if ($result === false) { |
|
1106
|
|
|
echo '[{"error" : "sk.php file could not be created. Please check the path and the rights.", "result":"", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1107
|
|
|
} else { |
|
1108
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1109
|
|
|
} |
|
1110
|
|
|
} elseif ($task === "security") { |
|
1111
|
|
|
# Sort out the file permissions |
|
1112
|
|
|
|
|
1113
|
|
|
// is server Windows or Linux? |
|
1114
|
|
|
if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') { |
|
1115
|
|
|
// Change directory permissions |
|
1116
|
|
|
$result = chmodRecursive($session_abspath, 0770, 0740); |
|
1117
|
|
|
if ($result) { |
|
1118
|
|
|
$result = chmodRecursive($session_abspath.'/files', 0770, 0770); |
|
1119
|
|
|
} |
|
1120
|
|
|
if ($result) { |
|
1121
|
|
|
$result = chmodRecursive($session_abspath.'/upload', 0770, 0770); |
|
1122
|
|
|
} |
|
1123
|
|
|
} |
|
1124
|
|
|
|
|
1125
|
|
View Code Duplication |
if ($result === false) { |
|
1126
|
|
|
echo '[{"error" : "Cannot change directory permissions - please fix manually", "result":"", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1127
|
|
|
} else { |
|
1128
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1129
|
|
|
} |
|
1130
|
|
|
} elseif ($task === "teampass-seckey") { |
|
1131
|
|
|
// create teampass-seckey.txt |
|
1132
|
|
|
require_once '../includes/libraries/Encryption/Encryption/Crypto.php'; |
|
1133
|
|
|
require_once '../includes/libraries/Encryption/Encryption/Encoding.php'; |
|
1134
|
|
|
require_once '../includes/libraries/Encryption/Encryption/DerivedKeys.php'; |
|
1135
|
|
|
require_once '../includes/libraries/Encryption/Encryption/Key.php'; |
|
1136
|
|
|
require_once '../includes/libraries/Encryption/Encryption/KeyOrPassword.php'; |
|
1137
|
|
|
require_once '../includes/libraries/Encryption/Encryption/File.php'; |
|
1138
|
|
|
require_once '../includes/libraries/Encryption/Encryption/RuntimeTests.php'; |
|
1139
|
|
|
require_once '../includes/libraries/Encryption/Encryption/KeyProtectedByPassword.php'; |
|
1140
|
|
|
require_once '../includes/libraries/Encryption/Encryption/Core.php'; |
|
1141
|
|
|
|
|
1142
|
|
|
$key = \Defuse\Crypto\Key::createNewRandomKey(); |
|
1143
|
|
|
$new_salt = $key->saveToAsciiSafeString(); |
|
1144
|
|
|
|
|
1145
|
|
|
file_put_contents( |
|
1146
|
|
|
$securePath."/teampass-seckey.txt", |
|
1147
|
|
|
$new_salt |
|
1148
|
|
|
); |
|
1149
|
|
|
|
|
1150
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1151
|
|
|
} elseif ($task === "csrfp-token") { |
|
1152
|
|
|
// update CSRFP TOKEN |
|
1153
|
|
|
$csrfp_file_sample = "../includes/libraries/csrfp/libs/csrfp.config.sample.php"; |
|
1154
|
|
|
$csrfp_file = "../includes/libraries/csrfp/libs/csrfp.config.php"; |
|
1155
|
|
|
if (file_exists($csrfp_file)) { |
|
1156
|
|
|
if (!copy($csrfp_file, $csrfp_file.'.'.date("Y_m_d", mktime(0, 0, 0, date('m'), date('d'), date('y'))))) { |
|
1157
|
|
|
echo '[{"error" : "csrfp.config.php file already exists and cannot be renamed. Please do it by yourself and click on button Launch.", "result":"", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1158
|
|
|
break; |
|
1159
|
|
|
} else { |
|
1160
|
|
|
$events .= "The file $csrfp_file already exist. A copy has been created.<br />"; |
|
1161
|
|
|
} |
|
1162
|
|
|
} |
|
1163
|
|
|
unlink($csrfp_file); // delete existing csrfp.config file |
|
1164
|
|
|
copy($csrfp_file_sample, $csrfp_file); // make a copy of csrfp.config.sample file |
|
1165
|
|
|
$data = file_get_contents($csrfp_file); |
|
1166
|
|
|
$newdata = str_replace('"CSRFP_TOKEN" => ""', '"CSRFP_TOKEN" => "'.bin2hex(openssl_random_pseudo_bytes(25)).'"', $data); |
|
1167
|
|
|
$jsUrl = $data_sent['url_path'].'/includes/libraries/csrfp/js/csrfprotector.js'; |
|
1168
|
|
|
$newdata = str_replace('"jsUrl" => ""', '"jsUrl" => "'.$jsUrl.'"', $newdata); |
|
1169
|
|
|
file_put_contents("../includes/libraries/csrfp/libs/csrfp.config.php", $newdata); |
|
1170
|
|
|
|
|
1171
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1172
|
|
|
} |
|
1173
|
|
|
} elseif ($activity === "install") { |
|
1174
|
|
|
if ($task === "cleanup") { |
|
1175
|
|
|
// Mark a tag to force Install stuff (folders, files and table) to be cleanup while first login |
|
1176
|
|
|
mysqli_query($dbTmp, "INSERT INTO `".$var['tbl_prefix']."misc` (`type`, `intitule`, `valeur`) VALUES ('install', 'clear_install_folder', 'true')"); |
|
1177
|
|
|
|
|
1178
|
|
|
echo '[{"error" : "", "index" : "'.$post_index.'", "multiple" : "'.$post_multiple.'"}]'; |
|
1179
|
|
|
} |
|
1180
|
|
|
} |
|
1181
|
|
|
|
|
1182
|
|
|
mysqli_close($dbTmp); |
|
1183
|
|
|
// Destroy session without writing to disk |
|
1184
|
|
|
define('NODESTROY_SESSION', 'true'); |
|
1185
|
|
|
session_destroy(); |
|
1186
|
|
|
break; |
|
1187
|
|
|
} |
|
1188
|
|
|
} |
|
1189
|
|
|
|
nilsteampassnet /
TeamPass
Loading history...
$dircan contain request data and is used in file inclusion context(s) leading to a potential security vulnerability.1 path for user data to reach this point
$_GETin includes/libraries/protect/SuperGlobal/SuperGlobal.php on line 45
$session_abspathis assignedin install/install.queries.php on line 130
$session_abspathis passed to chmodRecursive()in install/install.queries.php on line 1116
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); }For numeric data, we recommend to explicitly cast the data: