nilsteampassnet /
TeamPass
@@ -85,8 +85,8 @@ |
||
| 85 | 85 | ); |
| 86 | 86 | if ($row['valeur'] === "true") { |
| 87 | 87 | /** |
| 88 | - * Permits to delete files and folders recursively |
|
| 89 | - */ |
|
| 88 | + * Permits to delete files and folders recursively |
|
| 89 | + */ |
|
| 90 | 90 | function delTree($dir) |
| 91 | 91 | { |
| 92 | 92 | $files = array_diff(scandir($dir), array('.', '..')); |
@@ -201,7 +201,7 @@ |
||
| 201 | 201 | logEvents('user_mngt', 'at_user_pwd_changed', $_SESSION['user_id'], $_SESSION['login'], $_SESSION['user_id']); |
| 202 | 202 | echo '[ { "error" : "none" } ]'; |
| 203 | 203 | } else { |
| 204 | - echo '[ { "error" : "pwd_hash_not_correct" } ]'; |
|
| 204 | + echo '[ { "error" : "pwd_hash_not_correct" } ]'; |
|
| 205 | 205 | } |
| 206 | 206 | break; |
| 207 | 207 | |
@@ -18,15 +18,15 @@ discard block |
||
| 18 | 18 | |
| 19 | 19 | // Load config if $SETTINGS not defined |
| 20 | 20 | if (!isset($SETTINGS['cpassman_dir']) || empty($SETTINGS['cpassman_dir'])) { |
| 21 | - if (file_exists('../includes/config/tp.config.php')) { |
|
| 22 | - require_once '../includes/config/tp.config.php'; |
|
| 23 | - } elseif (file_exists('./includes/config/tp.config.php')) { |
|
| 24 | - require_once './includes/config/tp.config.php'; |
|
| 25 | - } elseif (file_exists('../../includes/config/tp.config.php')) { |
|
| 26 | - require_once '../../includes/config/tp.config.php'; |
|
| 27 | - } else { |
|
| 28 | - throw new Exception("Error file '/includes/config/tp.config.php' not exists", 1); |
|
| 29 | - } |
|
| 21 | + if (file_exists('../includes/config/tp.config.php')) { |
|
| 22 | + require_once '../includes/config/tp.config.php'; |
|
| 23 | + } elseif (file_exists('./includes/config/tp.config.php')) { |
|
| 24 | + require_once './includes/config/tp.config.php'; |
|
| 25 | + } elseif (file_exists('../../includes/config/tp.config.php')) { |
|
| 26 | + require_once '../../includes/config/tp.config.php'; |
|
| 27 | + } else { |
|
| 28 | + throw new Exception("Error file '/includes/config/tp.config.php' not exists", 1); |
|
| 29 | + } |
|
| 30 | 30 | } |
| 31 | 31 | |
| 32 | 32 | // load phpCrypt |
@@ -1430,7 +1430,7 @@ discard block |
||
| 1430 | 1430 | // Can we use PHP7 random_int function? |
| 1431 | 1431 | if (version_compare(phpversion(), '7.0', '>=')) { |
| 1432 | 1432 | require_once $SETTINGS['cpassman_dir'].'/includes/libraries/PasswordGenerator/RandomGenerator/Php7RandomGenerator.php'; |
| 1433 | - $generator->setRandomGenerator(new PasswordGenerator\RandomGenerator\Php7RandomGenerator()); |
|
| 1433 | + $generator->setRandomGenerator(new PasswordGenerator\RandomGenerator\Php7RandomGenerator()); |
|
| 1434 | 1434 | } |
| 1435 | 1435 | |
| 1436 | 1436 | // init |
@@ -700,20 +700,20 @@ |
||
| 700 | 700 | && $SETTINGS['maintenance_mode'] === '1') |
| 701 | 701 | ) { |
| 702 | 702 | if (strpos($_SERVER['PHP_AUTH_USER'], '@') !== false) { |
| 703 | - $username = explode("@", $_SERVER['PHP_AUTH_USER'])[0]; |
|
| 704 | - } elseif (strpos($_SERVER['PHP_AUTH_USER'], '\\') !== false) { |
|
| 705 | - $username = explode("\\", $_SERVER['PHP_AUTH_USER'])[1]; |
|
| 706 | - } else { |
|
| 707 | - $username = $_SERVER['PHP_AUTH_USER']; |
|
| 708 | - } |
|
| 709 | - echo ' |
|
| 703 | + $username = explode("@", $_SERVER['PHP_AUTH_USER'])[0]; |
|
| 704 | + } elseif (strpos($_SERVER['PHP_AUTH_USER'], '\\') !== false) { |
|
| 705 | + $username = explode("\\", $_SERVER['PHP_AUTH_USER'])[1]; |
|
| 706 | + } else { |
|
| 707 | + $username = $_SERVER['PHP_AUTH_USER']; |
|
| 708 | + } |
|
| 709 | + echo ' |
|
| 710 | 710 | <div style="margin-bottom:3px;"> |
| 711 | 711 | <label for="login" class="form_label">', isset($SETTINGS['custom_login_text']) && !empty($SETTINGS['custom_login_text']) ? (string) $SETTINGS['custom_login_text'] : $LANG['index_login'], '</label> |
| 712 | 712 | <input type="text" size="10" id="login" name="login" class="input_text text ui-widget-content ui-corner-all" value="' , $username , '" readonly /> |
| 713 | 713 | <span id="login_check_wait" style="display:none; float:right;"><i class="fa fa-cog fa-spin fa-1x"></i></span> |
| 714 | 714 | </div>'; |
| 715 | - } else { |
|
| 716 | - echo ' |
|
| 715 | + } else { |
|
| 716 | + echo ' |
|
| 717 | 717 | <div style="margin-bottom:3px;"> |
| 718 | 718 | <label for="login" class="form_label">', isset($SETTINGS['custom_login_text']) && !empty($SETTINGS['custom_login_text']) ? (string) $SETTINGS['custom_login_text'] : $LANG['index_login'], '</label> |
| 719 | 719 | <input type="text" size="10" id="login" name="login" class="input_text text ui-widget-content ui-corner-all" value="', empty($post_login) === false ? $post_login : '', '" /> |
@@ -105,7 +105,7 @@ discard block |
||
| 105 | 105 | //load full tree |
| 106 | 106 | $tree->rebuild(); |
| 107 | 107 | $tree = $tree->getDescendants(); |
| 108 | - // Init post variable |
|
| 108 | + // Init post variable |
|
| 109 | 109 | $post_operation_id = filter_input(INPUT_POST, 'file', FILTER_SANITIZE_NUMBER_INT); |
| 110 | 110 | |
| 111 | 111 | // Get filename from database |
@@ -436,7 +436,7 @@ discard block |
||
| 436 | 436 | } |
| 437 | 437 | |
| 438 | 438 | /** |
| 439 | - ** Recursive function that will permit to read each level of XML nodes |
|
| 439 | + ** Recursive function that will permit to read each level of XML nodes |
|
| 440 | 440 | */ |
| 441 | 441 | function recursiveKeepassXML($xmlRoot, $xmlLevel = 0) |
| 442 | 442 | { |
@@ -586,7 +586,7 @@ discard block |
||
| 586 | 586 | |
| 587 | 587 | //recursive call |
| 588 | 588 | if ($history !== true) { |
| 589 | - recursiveKeepassXML($xmlChildren, $xmlLevel + 1); |
|
| 589 | + recursiveKeepassXML($xmlChildren, $xmlLevel + 1); |
|
| 590 | 590 | } |
| 591 | 591 | |
| 592 | 592 | // Force History to false |
@@ -978,9 +978,9 @@ discard block |
||
| 978 | 978 | |
| 979 | 979 | // Get all allowed folders |
| 980 | 980 | $array_all_visible_folders = array_merge( |
| 981 | - $_SESSION['groupes_visibles'], |
|
| 982 | - $_SESSION['read_only_folders'], |
|
| 983 | - $_SESSION['personal_visible_groups'] |
|
| 981 | + $_SESSION['groupes_visibles'], |
|
| 982 | + $_SESSION['read_only_folders'], |
|
| 983 | + $_SESSION['personal_visible_groups'] |
|
| 984 | 984 | ); |
| 985 | 985 | |
| 986 | 986 | // get list of all folders |
@@ -993,7 +993,7 @@ discard block |
||
| 993 | 993 | // Can user access this subfolder? |
| 994 | 994 | |
| 995 | 995 | if (in_array($node->id, $array_all_visible_folders) === false) { |
| 996 | - continue; |
|
| 996 | + continue; |
|
| 997 | 997 | } |
| 998 | 998 | |
| 999 | 999 | // get info about current node |
@@ -2085,7 +2085,7 @@ discard block |
||
| 2085 | 2085 | $debug_ldap .= "LDAP connection : ".($ldapconn ? "Connected" : "Failed")."<br/>"; |
| 2086 | 2086 | |
| 2087 | 2087 | if ($ldapconn) { |
| 2088 | - $debug_ldap .= "DN : ".$dataReceived[0]['ldap_bind_dn']." -- ".$dataReceived[0]['ldap_bind_passwd']."<br/>"; |
|
| 2088 | + $debug_ldap .= "DN : ".$dataReceived[0]['ldap_bind_dn']." -- ".$dataReceived[0]['ldap_bind_passwd']."<br/>"; |
|
| 2089 | 2089 | ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); |
| 2090 | 2090 | ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); |
| 2091 | 2091 | $ldapbind = ldap_bind($ldapconn, $dataReceived[0]['ldap_bind_dn'], $dataReceived[0]['ldap_bind_passwd']); |
@@ -2112,7 +2112,7 @@ discard block |
||
| 2112 | 2112 | ); |
| 2113 | 2113 | |
| 2114 | 2114 | $debug_ldap .= 'Search filter (group): '.$filter_group."<br/>". |
| 2115 | - 'Results : '.str_replace("\n","<br>", print_r(ldap_get_entries($ldapconn, $result_group), true))."<br/>"; |
|
| 2115 | + 'Results : '.str_replace("\n","<br>", print_r(ldap_get_entries($ldapconn, $result_group), true))."<br/>"; |
|
| 2116 | 2116 | |
| 2117 | 2117 | if ($result_group) { |
| 2118 | 2118 | $entries = ldap_get_entries($ldapconn, $result_group); |
@@ -2120,11 +2120,11 @@ discard block |
||
| 2120 | 2120 | if ($entries['count'] > 0) { |
| 2121 | 2121 | // Now check if group fits |
| 2122 | 2122 | for ($i=0; $i<$entries['count']; $i++) { |
| 2123 | - $parsr=ldap_explode_dn($entries[$i]['dn'], 0); |
|
| 2124 | - if (str_replace(array('CN=','cn='), '', $parsr[0]) === $SETTINGS['ldap_usergroup']) { |
|
| 2123 | + $parsr=ldap_explode_dn($entries[$i]['dn'], 0); |
|
| 2124 | + if (str_replace(array('CN=','cn='), '', $parsr[0]) === $SETTINGS['ldap_usergroup']) { |
|
| 2125 | 2125 | $GroupRestrictionEnabled = true; |
| 2126 | 2126 | break; |
| 2127 | - } |
|
| 2127 | + } |
|
| 2128 | 2128 | } |
| 2129 | 2129 | |
| 2130 | 2130 | } |
@@ -321,26 +321,26 @@ discard block |
||
| 321 | 321 | $dataReceived = prepareExchangedData($sentData, "decode"); |
| 322 | 322 | |
| 323 | 323 | // prepare variables |
| 324 | - if (isset($SETTINGS['enable_http_request_login']) === true |
|
| 324 | + if (isset($SETTINGS['enable_http_request_login']) === true |
|
| 325 | 325 | && $SETTINGS['enable_http_request_login'] === '1' |
| 326 | 326 | && isset($_SERVER['PHP_AUTH_USER']) === true |
| 327 | 327 | && !(isset($SETTINGS['maintenance_mode']) === true |
| 328 | 328 | && $SETTINGS['maintenance_mode'] === '1') |
| 329 | 329 | ) { |
| 330 | 330 | if (strpos($_SERVER['PHP_AUTH_USER'], '@') !== false) { |
| 331 | - $username = explode("@", $_SERVER['PHP_AUTH_USER'])[0]; |
|
| 332 | - } elseif (strpos($_SERVER['PHP_AUTH_USER'], '\\') !== false) { |
|
| 333 | - $username = explode("\\", $_SERVER['PHP_AUTH_USER'])[1]; |
|
| 334 | - } else { |
|
| 335 | - $username = $_SERVER['PHP_AUTH_USER']; |
|
| 336 | - } |
|
| 337 | - $passwordClear = $_SERVER['PHP_AUTH_PW']; |
|
| 338 | - $pwdOldEncryption = encryptOld($_SERVER['PHP_AUTH_PW']); |
|
| 339 | - }else{ |
|
| 340 | - $passwordClear = htmlspecialchars_decode($dataReceived['pw']); |
|
| 341 | - $pwdOldEncryption = encryptOld(htmlspecialchars_decode($dataReceived['pw'])); |
|
| 342 | - $username = $antiXss->xss_clean(htmlspecialchars_decode($dataReceived['login'])); |
|
| 343 | - } |
|
| 331 | + $username = explode("@", $_SERVER['PHP_AUTH_USER'])[0]; |
|
| 332 | + } elseif (strpos($_SERVER['PHP_AUTH_USER'], '\\') !== false) { |
|
| 333 | + $username = explode("\\", $_SERVER['PHP_AUTH_USER'])[1]; |
|
| 334 | + } else { |
|
| 335 | + $username = $_SERVER['PHP_AUTH_USER']; |
|
| 336 | + } |
|
| 337 | + $passwordClear = $_SERVER['PHP_AUTH_PW']; |
|
| 338 | + $pwdOldEncryption = encryptOld($_SERVER['PHP_AUTH_PW']); |
|
| 339 | + }else{ |
|
| 340 | + $passwordClear = htmlspecialchars_decode($dataReceived['pw']); |
|
| 341 | + $pwdOldEncryption = encryptOld(htmlspecialchars_decode($dataReceived['pw'])); |
|
| 342 | + $username = $antiXss->xss_clean(htmlspecialchars_decode($dataReceived['login'])); |
|
| 343 | + } |
|
| 344 | 344 | $logError = ""; |
| 345 | 345 | $userPasswordVerified = false; |
| 346 | 346 | |
@@ -438,10 +438,10 @@ discard block |
||
| 438 | 438 | if (($SETTINGS['ldap_bind_dn'] === "" && $SETTINGS['ldap_bind_passwd'] === "") || $ldapbind === true) { |
| 439 | 439 | $filter = "(&(".$SETTINGS['ldap_user_attribute']."=".$username.")(objectClass=".$SETTINGS['ldap_object_class']."))"; |
| 440 | 440 | $result = ldap_search( |
| 441 | - $ldapconn, |
|
| 442 | - $SETTINGS['ldap_search_base'], |
|
| 443 | - $filter, |
|
| 444 | - array('dn', 'mail', 'givenname', 'sn') |
|
| 441 | + $ldapconn, |
|
| 442 | + $SETTINGS['ldap_search_base'], |
|
| 443 | + $filter, |
|
| 444 | + array('dn', 'mail', 'givenname', 'sn') |
|
| 445 | 445 | ); |
| 446 | 446 | if ($debugLdap == 1) { |
| 447 | 447 | fputs( |
@@ -488,11 +488,11 @@ discard block |
||
| 488 | 488 | if ($entries['count'] > 0) { |
| 489 | 489 | // Now check if group fits |
| 490 | 490 | for ($i=0; $i<$entries['count']; $i++) { |
| 491 | - $parsr=ldap_explode_dn($entries[$i]['dn'], 0); |
|
| 492 | - if (str_replace(array('CN=','cn='), '', $parsr[0]) === $SETTINGS['ldap_usergroup']) { |
|
| 491 | + $parsr=ldap_explode_dn($entries[$i]['dn'], 0); |
|
| 492 | + if (str_replace(array('CN=','cn='), '', $parsr[0]) === $SETTINGS['ldap_usergroup']) { |
|
| 493 | 493 | $GroupRestrictionEnabled = true; |
| 494 | 494 | break; |
| 495 | - } |
|
| 495 | + } |
|
| 496 | 496 | } |
| 497 | 497 | |
| 498 | 498 | } |
@@ -1642,7 +1642,7 @@ |
||
| 1642 | 1642 | |
| 1643 | 1643 | // Update session |
| 1644 | 1644 | if ($field === 'user_api_key') { |
| 1645 | - $_SESSION['user_settings']['api-key'] = $new_value; |
|
| 1645 | + $_SESSION['user_settings']['api-key'] = $new_value; |
|
| 1646 | 1646 | } |
| 1647 | 1647 | break; |
| 1648 | 1648 | } |
