nilsteampassnet /
TeamPass
@@ -38,7 +38,7 @@ |
||
| 38 | 38 | "error" => '', |
| 39 | 39 | ); |
| 40 | 40 | |
| 41 | - }catch (Exception $e) { |
|
| 41 | + } catch (Exception $e) { |
|
| 42 | 42 | return false; |
| 43 | 43 | } |
| 44 | 44 | } |
@@ -2603,7 +2603,9 @@ |
||
| 2603 | 2603 | } |
| 2604 | 2604 | |
| 2605 | 2605 | foreach ($results as $adUser) { |
| 2606 | - if (isset($adUser[$SETTINGS['ldap_user_attribute']][0]) === false) continue; |
|
| 2606 | + if (isset($adUser[$SETTINGS['ldap_user_attribute']][0]) === false) { |
|
| 2607 | + continue; |
|
| 2608 | + } |
|
| 2607 | 2609 | // Build the list of all groups in AD |
| 2608 | 2610 | if (isset($adUser['memberof']) === true) { |
| 2609 | 2611 | foreach($adUser['memberof'] as $j => $adUserGroup) { |
@@ -74,7 +74,9 @@ discard block |
||
| 74 | 74 | if ($args['step'] === 'create_users_files_key') { |
| 75 | 75 | // Loop on all files for this item |
| 76 | 76 | // and encrypt them for each user |
| 77 | - if (WIP === true) provideLog('[DEBUG] '.print_r($args['files_keys'], true), $SETTINGS); |
|
| 77 | + if (WIP === true) { |
|
| 78 | + provideLog('[DEBUG] '.print_r($args['files_keys'], true), $SETTINGS); |
|
| 79 | + } |
|
| 78 | 80 | foreach($args['files_keys'] as $file) { |
| 79 | 81 | storeUsersShareKey( |
| 80 | 82 | prefixTable('sharekeys_items'), |
@@ -91,7 +93,9 @@ discard block |
||
| 91 | 93 | } elseif ($args['step'] === 'create_users_fields_key') { |
| 92 | 94 | // Loop on all encrypted fields for this item |
| 93 | 95 | // and encrypt them for each user |
| 94 | - if (WIP === true) provideLog('[DEBUG] '.print_r($args, true), $SETTINGS); |
|
| 96 | + if (WIP === true) { |
|
| 97 | + provideLog('[DEBUG] '.print_r($args, true), $SETTINGS); |
|
| 98 | + } |
|
| 95 | 99 | foreach($args['fields_keys'] as $field) { |
| 96 | 100 | storeUsersShareKey( |
| 97 | 101 | prefixTable('sharekeys_fields'), |
@@ -149,7 +149,9 @@ |
||
| 149 | 149 | } |
| 150 | 150 | $filePath = realpath($filePath); |
| 151 | 151 | |
| 152 | - if (WIP === true) error_log('downloadFile.php: filePath: ' . $filePath." - "); |
|
| 152 | + if (WIP === true) { |
|
| 153 | + error_log('downloadFile.php: filePath: ' . $filePath." - "); |
|
| 154 | + } |
|
| 153 | 155 | |
| 154 | 156 | if ($filePath && is_readable($filePath) && strpos($filePath, realpath($SETTINGS['path_to_upload_folder'])) === 0) { |
| 155 | 157 | header('Content-Description: File Transfer'); |
@@ -91,210 +91,210 @@ |
||
| 91 | 91 | switch ($post_type) { |
| 92 | 92 | //########################################################## |
| 93 | 93 | //CASE for creating a DB backup |
| 94 | -case 'perform_fix_pf_items-step1': |
|
| 95 | - // Check KEY |
|
| 96 | - if ($post_key !== $session->get('key')) { |
|
| 97 | - echo prepareExchangedData( |
|
| 98 | - array( |
|
| 99 | - 'error' => true, |
|
| 100 | - 'message' => $lang->get('key_is_not_correct'), |
|
| 101 | - ), |
|
| 102 | - 'encode' |
|
| 103 | - ); |
|
| 104 | - break; |
|
| 105 | - } |
|
| 106 | - // Is admin? |
|
| 107 | - if ($session->get('user-admin') !== 1) { |
|
| 108 | - echo prepareExchangedData( |
|
| 109 | - array( |
|
| 110 | - 'error' => true, |
|
| 111 | - 'message' => $lang->get('error_not_allowed_to'), |
|
| 112 | - ), |
|
| 113 | - 'encode' |
|
| 114 | - ); |
|
| 115 | - break; |
|
| 116 | - } |
|
| 94 | + case 'perform_fix_pf_items-step1': |
|
| 95 | + // Check KEY |
|
| 96 | + if ($post_key !== $session->get('key')) { |
|
| 97 | + echo prepareExchangedData( |
|
| 98 | + array( |
|
| 99 | + 'error' => true, |
|
| 100 | + 'message' => $lang->get('key_is_not_correct'), |
|
| 101 | + ), |
|
| 102 | + 'encode' |
|
| 103 | + ); |
|
| 104 | + break; |
|
| 105 | + } |
|
| 106 | + // Is admin? |
|
| 107 | + if ($session->get('user-admin') !== 1) { |
|
| 108 | + echo prepareExchangedData( |
|
| 109 | + array( |
|
| 110 | + 'error' => true, |
|
| 111 | + 'message' => $lang->get('error_not_allowed_to'), |
|
| 112 | + ), |
|
| 113 | + 'encode' |
|
| 114 | + ); |
|
| 115 | + break; |
|
| 116 | + } |
|
| 117 | 117 | |
| 118 | - // decrypt and retrieve data in JSON format |
|
| 119 | - $dataReceived = prepareExchangedData( |
|
| 120 | - $post_data, |
|
| 121 | - 'decode' |
|
| 122 | - ); |
|
| 118 | + // decrypt and retrieve data in JSON format |
|
| 119 | + $dataReceived = prepareExchangedData( |
|
| 120 | + $post_data, |
|
| 121 | + 'decode' |
|
| 122 | + ); |
|
| 123 | 123 | |
| 124 | - $userId = filter_var($dataReceived['userId'], FILTER_SANITIZE_NUMBER_INT); |
|
| 124 | + $userId = filter_var($dataReceived['userId'], FILTER_SANITIZE_NUMBER_INT); |
|
| 125 | 125 | |
| 126 | - // Get user info |
|
| 127 | - $userInfo = DB::queryFirstRow( |
|
| 128 | - 'SELECT private_key, public_key, psk, encrypted_psk |
|
| 126 | + // Get user info |
|
| 127 | + $userInfo = DB::queryFirstRow( |
|
| 128 | + 'SELECT private_key, public_key, psk, encrypted_psk |
|
| 129 | 129 | FROM teampass_users |
| 130 | 130 | WHERE id = %i', |
| 131 | - $userId |
|
| 132 | - ); |
|
| 131 | + $userId |
|
| 132 | + ); |
|
| 133 | 133 | |
| 134 | - // Get user's private folders |
|
| 135 | - $userPFRoot = DB::queryFirstRow( |
|
| 136 | - 'SELECT id |
|
| 134 | + // Get user's private folders |
|
| 135 | + $userPFRoot = DB::queryFirstRow( |
|
| 136 | + 'SELECT id |
|
| 137 | 137 | FROM teampass_nested_tree |
| 138 | 138 | WHERE title = %i', |
| 139 | - $userId |
|
| 140 | - ); |
|
| 141 | - if (DB::count() === 0) { |
|
| 142 | - echo prepareExchangedData( |
|
| 143 | - array( |
|
| 144 | - 'error' => true, |
|
| 145 | - 'message' => 'User has no personal folders', |
|
| 146 | - ), |
|
| 147 | - 'encode' |
|
| 139 | + $userId |
|
| 148 | 140 | ); |
| 149 | - break; |
|
| 150 | - } |
|
| 151 | - $personalFolders = []; |
|
| 152 | - $tree = new NestedTree(prefixTable('nested_tree'), 'id', 'parent_id', 'title'); |
|
| 153 | - $tree->rebuild(); |
|
| 154 | - $folders = $tree->getDescendants($userPFRoot['id'], true); |
|
| 155 | - foreach ($folders as $folder) { |
|
| 156 | - array_push($personalFolders, $folder->id); |
|
| 157 | - } |
|
| 158 | - |
|
| 159 | - //Show done |
|
| 160 | - echo prepareExchangedData( |
|
| 161 | - array( |
|
| 162 | - 'error' => false, |
|
| 163 | - 'message' => 'Personal Folders found: ', |
|
| 164 | - 'personalFolders' => json_encode($personalFolders), |
|
| 165 | - ), |
|
| 166 | - 'encode' |
|
| 167 | - ); |
|
| 168 | - break; |
|
| 141 | + if (DB::count() === 0) { |
|
| 142 | + echo prepareExchangedData( |
|
| 143 | + array( |
|
| 144 | + 'error' => true, |
|
| 145 | + 'message' => 'User has no personal folders', |
|
| 146 | + ), |
|
| 147 | + 'encode' |
|
| 148 | + ); |
|
| 149 | + break; |
|
| 150 | + } |
|
| 151 | + $personalFolders = []; |
|
| 152 | + $tree = new NestedTree(prefixTable('nested_tree'), 'id', 'parent_id', 'title'); |
|
| 153 | + $tree->rebuild(); |
|
| 154 | + $folders = $tree->getDescendants($userPFRoot['id'], true); |
|
| 155 | + foreach ($folders as $folder) { |
|
| 156 | + array_push($personalFolders, $folder->id); |
|
| 157 | + } |
|
| 169 | 158 | |
| 170 | -case 'perform_fix_pf_items-step2': |
|
| 171 | - // Check KEY |
|
| 172 | - if ($post_key !== $session->get('key')) { |
|
| 159 | + //Show done |
|
| 173 | 160 | echo prepareExchangedData( |
| 174 | 161 | array( |
| 175 | - 'error' => true, |
|
| 176 | - 'message' => $lang->get('key_is_not_correct'), |
|
| 162 | + 'error' => false, |
|
| 163 | + 'message' => 'Personal Folders found: ', |
|
| 164 | + 'personalFolders' => json_encode($personalFolders), |
|
| 177 | 165 | ), |
| 178 | 166 | 'encode' |
| 179 | 167 | ); |
| 180 | 168 | break; |
| 181 | - } |
|
| 182 | - // Is admin? |
|
| 183 | - if ($session->get('user-admin') !== 1) { |
|
| 184 | - echo prepareExchangedData( |
|
| 185 | - array( |
|
| 186 | - 'error' => true, |
|
| 187 | - 'message' => $lang->get('error_not_allowed_to'), |
|
| 188 | - ), |
|
| 189 | - 'encode' |
|
| 190 | - ); |
|
| 191 | - break; |
|
| 192 | - } |
|
| 193 | 169 | |
| 194 | - // decrypt and retrieve data in JSON format |
|
| 195 | - $dataReceived = prepareExchangedData( |
|
| 196 | - $post_data, |
|
| 197 | - 'decode' |
|
| 198 | - ); |
|
| 170 | + case 'perform_fix_pf_items-step2': |
|
| 171 | + // Check KEY |
|
| 172 | + if ($post_key !== $session->get('key')) { |
|
| 173 | + echo prepareExchangedData( |
|
| 174 | + array( |
|
| 175 | + 'error' => true, |
|
| 176 | + 'message' => $lang->get('key_is_not_correct'), |
|
| 177 | + ), |
|
| 178 | + 'encode' |
|
| 179 | + ); |
|
| 180 | + break; |
|
| 181 | + } |
|
| 182 | + // Is admin? |
|
| 183 | + if ($session->get('user-admin') !== 1) { |
|
| 184 | + echo prepareExchangedData( |
|
| 185 | + array( |
|
| 186 | + 'error' => true, |
|
| 187 | + 'message' => $lang->get('error_not_allowed_to'), |
|
| 188 | + ), |
|
| 189 | + 'encode' |
|
| 190 | + ); |
|
| 191 | + break; |
|
| 192 | + } |
|
| 193 | + |
|
| 194 | + // decrypt and retrieve data in JSON format |
|
| 195 | + $dataReceived = prepareExchangedData( |
|
| 196 | + $post_data, |
|
| 197 | + 'decode' |
|
| 198 | + ); |
|
| 199 | 199 | |
| 200 | - $userId = filter_var($dataReceived['userId'], FILTER_SANITIZE_NUMBER_INT); |
|
| 201 | - $personalFolders = filter_var($dataReceived['personalFolders'], FILTER_SANITIZE_FULL_SPECIAL_CHARS); |
|
| 200 | + $userId = filter_var($dataReceived['userId'], FILTER_SANITIZE_NUMBER_INT); |
|
| 201 | + $personalFolders = filter_var($dataReceived['personalFolders'], FILTER_SANITIZE_FULL_SPECIAL_CHARS); |
|
| 202 | 202 | |
| 203 | - // Delete all private items with sharekeys |
|
| 204 | - $pfiSharekeys = DB::queryFirstColumn( |
|
| 205 | - 'select s.increment_id |
|
| 203 | + // Delete all private items with sharekeys |
|
| 204 | + $pfiSharekeys = DB::queryFirstColumn( |
|
| 205 | + 'select s.increment_id |
|
| 206 | 206 | from teampass_sharekeys_items as s |
| 207 | 207 | INNER JOIN teampass_items AS i ON (i.id = s.object_id) |
| 208 | 208 | WHERE s.user_id = %i AND i.perso = 1 AND i.id_tree IN %ls', |
| 209 | - $userId, |
|
| 210 | - $personalFolders |
|
| 211 | - ); |
|
| 212 | - $pfiSharekeysCount = DB::count(); |
|
| 213 | - if ($pfiSharekeysCount > 0) { |
|
| 214 | - DB::delete( |
|
| 215 | - "teampass_sharekeys_items", |
|
| 216 | - "increment_id IN %ls", |
|
| 217 | - $pfiSharekeys |
|
| 209 | + $userId, |
|
| 210 | + $personalFolders |
|
| 218 | 211 | ); |
| 219 | - } |
|
| 212 | + $pfiSharekeysCount = DB::count(); |
|
| 213 | + if ($pfiSharekeysCount > 0) { |
|
| 214 | + DB::delete( |
|
| 215 | + "teampass_sharekeys_items", |
|
| 216 | + "increment_id IN %ls", |
|
| 217 | + $pfiSharekeys |
|
| 218 | + ); |
|
| 219 | + } |
|
| 220 | 220 | |
| 221 | 221 | |
| 222 | - //Show done |
|
| 223 | - echo prepareExchangedData( |
|
| 224 | - array( |
|
| 225 | - 'error' => false, |
|
| 226 | - 'message' => '<br>Number of Sharekeys for private items DELETED: ', |
|
| 227 | - 'nbDeleted' => $pfiSharekeysCount, |
|
| 228 | - 'personalFolders' => json_encode($personalFolders), |
|
| 229 | - ), |
|
| 230 | - 'encode' |
|
| 231 | - ); |
|
| 232 | - break; |
|
| 233 | - |
|
| 234 | -case 'perform_fix_pf_items-step3': |
|
| 235 | - // Check KEY |
|
| 236 | - if ($post_key !== $session->get('key')) { |
|
| 222 | + //Show done |
|
| 237 | 223 | echo prepareExchangedData( |
| 238 | 224 | array( |
| 239 | - 'error' => true, |
|
| 240 | - 'message' => $lang->get('key_is_not_correct'), |
|
| 225 | + 'error' => false, |
|
| 226 | + 'message' => '<br>Number of Sharekeys for private items DELETED: ', |
|
| 227 | + 'nbDeleted' => $pfiSharekeysCount, |
|
| 228 | + 'personalFolders' => json_encode($personalFolders), |
|
| 241 | 229 | ), |
| 242 | 230 | 'encode' |
| 243 | 231 | ); |
| 244 | 232 | break; |
| 245 | - } |
|
| 246 | - // Is admin? |
|
| 247 | - if ($session->get('user-admin') !== 1) { |
|
| 248 | - echo prepareExchangedData( |
|
| 249 | - array( |
|
| 250 | - 'error' => true, |
|
| 251 | - 'message' => $lang->get('error_not_allowed_to'), |
|
| 252 | - ), |
|
| 253 | - 'encode' |
|
| 254 | - ); |
|
| 255 | - break; |
|
| 256 | - } |
|
| 257 | 233 | |
| 258 | - // decrypt and retrieve data in JSON format |
|
| 259 | - $dataReceived = prepareExchangedData( |
|
| 260 | - $post_data, |
|
| 261 | - 'decode' |
|
| 262 | - ); |
|
| 234 | + case 'perform_fix_pf_items-step3': |
|
| 235 | + // Check KEY |
|
| 236 | + if ($post_key !== $session->get('key')) { |
|
| 237 | + echo prepareExchangedData( |
|
| 238 | + array( |
|
| 239 | + 'error' => true, |
|
| 240 | + 'message' => $lang->get('key_is_not_correct'), |
|
| 241 | + ), |
|
| 242 | + 'encode' |
|
| 243 | + ); |
|
| 244 | + break; |
|
| 245 | + } |
|
| 246 | + // Is admin? |
|
| 247 | + if ($session->get('user-admin') !== 1) { |
|
| 248 | + echo prepareExchangedData( |
|
| 249 | + array( |
|
| 250 | + 'error' => true, |
|
| 251 | + 'message' => $lang->get('error_not_allowed_to'), |
|
| 252 | + ), |
|
| 253 | + 'encode' |
|
| 254 | + ); |
|
| 255 | + break; |
|
| 256 | + } |
|
| 263 | 257 | |
| 264 | - $userId = filter_var($dataReceived['userId'], FILTER_SANITIZE_NUMBER_INT); |
|
| 265 | - $personalFolders = filter_var($dataReceived['personalFolders'], FILTER_SANITIZE_FULL_SPECIAL_CHARS); |
|
| 258 | + // decrypt and retrieve data in JSON format |
|
| 259 | + $dataReceived = prepareExchangedData( |
|
| 260 | + $post_data, |
|
| 261 | + 'decode' |
|
| 262 | + ); |
|
| 266 | 263 | |
| 267 | - // Update from items_old to items all the private itemsitems that have been converted to teampass_aes |
|
| 268 | - // Get all key back |
|
| 269 | - $items = DB::query( |
|
| 270 | - "SELECT id |
|
| 264 | + $userId = filter_var($dataReceived['userId'], FILTER_SANITIZE_NUMBER_INT); |
|
| 265 | + $personalFolders = filter_var($dataReceived['personalFolders'], FILTER_SANITIZE_FULL_SPECIAL_CHARS); |
|
| 266 | + |
|
| 267 | + // Update from items_old to items all the private itemsitems that have been converted to teampass_aes |
|
| 268 | + // Get all key back |
|
| 269 | + $items = DB::query( |
|
| 270 | + "SELECT id |
|
| 271 | 271 | FROM teampass_items |
| 272 | 272 | WHERE id_tree IN %ls AND encryption_type = %s", |
| 273 | - $personalFolders, |
|
| 274 | - "teampass_aes" |
|
| 275 | - ); |
|
| 276 | - //DB::debugMode(false); |
|
| 277 | - $nbItems = DB::count(); |
|
| 278 | - foreach ($items as $item) { |
|
| 279 | - $defusePwd = DB::queryFirstField("SELECT pw FROM teampass_items_old WHERE id = %i", $item['id']); |
|
| 280 | - DB::update( |
|
| 281 | - "teampass_items", |
|
| 282 | - ['pw' => $defusePwd, "encryption_type" => "defuse"], |
|
| 283 | - "id = %i", |
|
| 284 | - $item['id'] |
|
| 273 | + $personalFolders, |
|
| 274 | + "teampass_aes" |
|
| 285 | 275 | ); |
| 286 | - } |
|
| 276 | + //DB::debugMode(false); |
|
| 277 | + $nbItems = DB::count(); |
|
| 278 | + foreach ($items as $item) { |
|
| 279 | + $defusePwd = DB::queryFirstField("SELECT pw FROM teampass_items_old WHERE id = %i", $item['id']); |
|
| 280 | + DB::update( |
|
| 281 | + "teampass_items", |
|
| 282 | + ['pw' => $defusePwd, "encryption_type" => "defuse"], |
|
| 283 | + "id = %i", |
|
| 284 | + $item['id'] |
|
| 285 | + ); |
|
| 286 | + } |
|
| 287 | 287 | |
| 288 | 288 | |
| 289 | - //Show done |
|
| 290 | - echo prepareExchangedData( |
|
| 291 | - array( |
|
| 292 | - 'error' => false, |
|
| 293 | - 'message' => '<br>Number of items reseted to Defuse: ', |
|
| 294 | - 'nbItems' => $nbItems, |
|
| 295 | - 'personalFolders' => json_encode($personalFolders), |
|
| 296 | - ), |
|
| 297 | - 'encode' |
|
| 298 | - ); |
|
| 299 | - break; |
|
| 289 | + //Show done |
|
| 290 | + echo prepareExchangedData( |
|
| 291 | + array( |
|
| 292 | + 'error' => false, |
|
| 293 | + 'message' => '<br>Number of items reseted to Defuse: ', |
|
| 294 | + 'nbItems' => $nbItems, |
|
| 295 | + 'personalFolders' => json_encode($personalFolders), |
|
| 296 | + ), |
|
| 297 | + 'encode' |
|
| 298 | + ); |
|
| 299 | + break; |
|
| 300 | 300 | } |
| 301 | 301 | \ No newline at end of file |
@@ -58,7 +58,9 @@ |
||
| 58 | 58 | $get['state'] = filter_var($_GET['state'], FILTER_SANITIZE_SPECIAL_CHARS); |
| 59 | 59 | $get['session_state'] = filter_var($_GET['session_state'], FILTER_SANITIZE_SPECIAL_CHARS); |
| 60 | 60 | |
| 61 | - if (WIP === true) error_log('---- OAUTH2 START ----'); |
|
| 61 | + if (WIP === true) { |
|
| 62 | + error_log('---- OAUTH2 START ----'); |
|
| 63 | + } |
|
| 62 | 64 | |
| 63 | 65 | // Création d'une instance du contrôleur |
| 64 | 66 | $OAuth2 = new OAuth2Controller($SETTINGS); |
@@ -401,12 +401,13 @@ |
||
| 401 | 401 | <select class="form-control" id="profile-user-timezone"> |
| 402 | 402 | <?php foreach ($zones as $key => $zone): ?> |
| 403 | 403 | <option value="<?php echo $key; ?>"<?php |
| 404 | - if ($session->has('user-timezone')) |
|
| 405 | - if($session->get('user-timezone') === $key) |
|
| 404 | + if ($session->has('user-timezone')) { |
|
| 405 | + if($session->get('user-timezone') === $key) |
|
| 406 | 406 | echo ' selected'; |
| 407 | - elseif ($session->get('user-timezone') === 'not_defined') |
|
| 408 | - if (isset($SETTINGS['timezone']) && $SETTINGS['timezone'] === $key) |
|
| 407 | + } elseif ($session->get('user-timezone') === 'not_defined') { |
|
| 408 | + if (isset($SETTINGS['timezone']) && $SETTINGS['timezone'] === $key) |
|
| 409 | 409 | echo ' selected'; |
| 410 | + } |
|
| 410 | 411 | ?>><?php echo $zone; ?></option> |
| 411 | 412 | <?php endforeach; ?> |
| 412 | 413 | </select> |
@@ -149,8 +149,7 @@ |
||
| 149 | 149 | </div> |
| 150 | 150 | <?php |
| 151 | 151 | } |
| 152 | -} |
|
| 153 | -catch (Exception $e) { |
|
| 152 | +} catch (Exception $e) { |
|
| 154 | 153 | if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) { |
| 155 | 154 | error_log('TEAMPASS Error - tasks page - '.$e->getMessage()); |
| 156 | 155 | } |
@@ -222,8 +222,7 @@ |
||
| 222 | 222 | </div> |
| 223 | 223 | <?php |
| 224 | 224 | } |
| 225 | -} |
|
| 226 | -catch (Exception $e) { |
|
| 225 | +} catch (Exception $e) { |
|
| 227 | 226 | if (defined('LOG_TO_SERVER') && LOG_TO_SERVER === true) { |
| 228 | 227 | error_log('TEAMPASS Error - admin page - '.$e->getMessage()); |
| 229 | 228 | } |
