0)) { $curUser = getFormData($db,$signinSettings['SIGNINFORMID'], $loggedUid); // TODO: check last change password if (isset($curUser['field_'.$signinSettings['PWDFLAGFIELDID']]) && ($curUser['field_'.$signinSettings['PWDFLAGFIELDID']] == '1')) { $aux = siGetMaskPage($db, 'pwdchange'); if ($aux != '' && $aux != $pagename.".php") { header("Location: ".$aux); return false; } } } return true; } } if (!function_exists('siGetMaskPage')) { function siGetMaskPage($db, $mask) { $res = false; $filterArg = []; $filterBind = []; $querytxt = "SELECT M.mask, SP.name "; $querytxt .= "FROM mod_users_masks AS M "; $querytxt .= "INNER JOIN system_pages AS SP ON SP.id = M.pageid "; $querytxt .= "WHERE "; if (is_array($mask)) { for ($i=0;$i0) $querytxt .= " OR "; $querytxt .= "M.mask = ? "; $filterArg[] = $mask[$i]; $filterBind[] = 's'; } if ($pQuery = mysqlQuery($db, $querytxt, $filterArg, $filterBind)) { while ($pQuery && $aRow=mysqlFetchRow($db, $pQuery)) { $res[$aRow[0]] = $aRow[1].".php"; } } } else { $querytxt .= "M.mask = ?"; if (($pQuery = mysqlQuery($db, $querytxt, [$mask], 's')) && ($aRow=mysqlFetchRow($db, $pQuery))) $res = $aRow[1].".php"; } return $res; } } if (!function_exists('siLoadTexts')) { function siLoadTexts($db,$langid) { $querytxt = "SELECT id,textcontent "; $querytxt .= "FROM mod_users_def_text "; $querytxt .= "WHERE langid = ? "; $texts = array(); if ($pQuery = mysqlQuery($db, $querytxt, [$langid], 'i')) { while ($pQuery && $row=mysqlFetchRow($db, $pQuery)) { $texts[$row[0]] = $row[1]; } } return $texts; } } if (!function_exists('siLoadSettings')) { function siLoadSettings($db) { $querytxt = "SELECT name, value FROM mod_users_settings"; $res = array(); if ($pQuery = mysqlQuery($db, $querytxt)) { while ($pQuery && $row=mysqlFetchRow($db, $pQuery)) { $res[$row[0]] = $row[1]; } } return $res; } } if (!function_exists('siGetLevels')) { function siGetLevels($db, $indexed=true) { $res = false; $querytxt = "SELECT * FROM mod_users_levels "; $querytxt .= "ORDER BY accesslevel DESC "; if ($pQuery = mysqlQuery($db, $querytxt)) { while ($pQuery && $row=mysqlFetchAssoc($db, $pQuery)) { if ($indexed) $res[$row['levelid']] = $row; else $res[] = $row; } } return $res; } } if (!function_exists('siGetFormTypeLevels')) { function siGetFormTypeLevels($db, $maxlevel = -1) { $res = false; $filterArg = []; $filterBind = []; $querytxt = "SELECT levelid, levelid, levelname FROM mod_users_levels "; if ($maxlevel >= 0) { $querytxt .= "WHERE accesslevel >= ? "; $filterArg[] = $maxlevel; $filterBind[] = 'i'; } $querytxt .= "ORDER BY accesslevel DESC "; if ($pQuery = mysqlQuery($db, $querytxt, $filterArg, $filterBind)) { while ($pQuery && $row=mysqlFetchRow($db, $pQuery)) { $res[] = $row; } } return $res; } } if (!function_exists('siGetLevel')) { function siGetLevel($db, $levelid) { $res = false; $querytxt = "SELECT * FROM mod_users_levels WHERE levelid = ? "; if (($pQuery = mysqlQuery($db, $querytxt, [$levelid], 'i')) && ($row=mysqlFetchAssoc($db, $pQuery))) $res = $row; return $res; } } if (!function_exists('siGetCustomAccess')) { function siGetCustomAccess($db, $id) { $res = false; $querytxt = "SELECT * FROM mod_users_custom_permissions WHERE id = ? "; if (($pQuery = mysqlQuery($db, $querytxt, [$id], 'i')) && ($row=mysqlFetchAssoc($db, $pQuery))) $res = $row; return $res; } } if (!function_exists('siGetCustomPermissions')) { function siGetCustomPermissions($db) { $res = []; $querytxt = "SELECT * FROM mod_users_custom_permissions ORDER BY name ASC "; if ($pQuery = mysqlQuery($db, $querytxt)) { while ($pQuery && $row=mysqlFetchAssoc($db, $pQuery)) { $res[] = $row; } } return $res; } } if (!function_exists('siGetLevelsPermissions')) { function siGetLevelsPermissions($db, $user, $levelid=0) { $res = []; $filterArg = []; $filterBind = []; $querytxt = "SELECT * FROM mod_users_levels_permission "; if ($levelid>0) { $querytxt .= "WHERE levelid = ? "; $filterArg[] = $levelid; $filterBind[] = 'i'; } if ($pQuery = mysqlQuery($db, $querytxt, $filterArg, $filterBind)) { while ($pQuery && $row=mysqlFetchAssoc($db, $pQuery)) { $res[] = $row; } } return $res; } } if (!function_exists('siSetLevelsPermission')) { function siSetLevelsPermission($db, $user, $typo, $levelid, $objectid, $permissionid, $value) { $res = false; $querytxt = "REPLACE mod_users_levels_permission SET typo = ?, levelid = ?, objectid = ?, access = ?, val = ? "; if (mysqlQuery($db, $querytxt, [$typo, $levelid, $objectid, $permissionid, $value], 'siiii')) { $res = $value; } return $res; } } if (!function_exists('siGetUser')) { function siGetUser($db, $userId) { if ($userId>0) { global $signinSettings; if (!$signinSettings) $signinSettings = siLoadSettings($db); if (!function_exists("getFormData")) include_once $_SERVER['DOCUMENT_ROOT']."/modules/formmanager/lib.php"; $data = getFormData($db, $signinSettings['SIGNINFORMID'], $userId); if (isset($data['field_'.$signinSettings['PASSWORDFIELDID']])) unset($data['field_'.$signinSettings['PASSWORDFIELDID']]); if ($data) { $data["permissions"] = []; $x = siGetLevelsPermissions($db, $data, $data['field_'.$signinSettings['LEVELFIELDID']]); foreach ($x as $value) { if ($value['val'] == 1) { $name = 'page.'.$value['objectid']; if ($value['typo'] == 'perm') { $p = siGetCustomAccess($db, $value['objectid']); $name = $p['code']; } $data["permissions"][$name][] = $value['access']; } } } return $data; } return false; } } if (!function_exists('siGetCurrentUser')) { function siGetCurrentUser($db) { return siGetUser($db, $_SESSION['loggedUserId']); } } if (!function_exists('siGetUsersList')) { function siGetUsersList($db, $whereconds='', $idx=false, $pxall=false, $orderidx=false, $orderdirdesc=true) { global $signinSettings; if (!$signinSettings) $signinSettings = siLoadSettings($db); if (!function_exists("getFormDataList")) include_once $_SERVER['DOCUMENT_ROOT']."/modules/formmanager/lib.php"; if (!($datax = getFormDataList($db,$signinSettings['SIGNINFORMID'], $whereconds, $idx, $pxall, $orderidx, $orderdirdesc))) $datax = []; foreach ($datax as $i=>$v) { if (isset($v['field_'.$signinSettings['PASSWORDFIELDID']])) unset($datax[$i]['field_'.$signinSettings['PASSWORDFIELDID']]); } return $datax; } } if (!function_exists('siGrantAccess')) { function siGrantAccess($db, $signinLevel, $userId=0) { if ($signinLevel == 0) return true; global $siCurrentUser, $signinSettings; if (!$signinSettings) $signinSettings = siLoadSettings($db); if ($signinSettings['LEVELFIELDID']>0) { if ($userId>0) $curUser = siGetUser($db, $userId); else if (!isset($siCurrentUser)) $curUser = siGetCurrentUser($db); else $curUser = $siCurrentUser; if (!$curUser) return false; if ($curUser['field_'.$signinSettings['LEVELFIELDID']] == $signinLevel) return true; $res = false; $querytxt = "SELECT IF(A.accesslevel>=B.accesslevel, 1, 0) FROM mod_users_levels AS A "; $querytxt .= "LEFT JOIN mod_users_levels AS B ON B.levelid = ? "; $querytxt .= "WHERE A.levelid = ? "; if (($pQuery = mysqlQuery($db, $querytxt, [$signinLevel, $curUser['field_'.$signinSettings['LEVELFIELDID']]], 'ii')) && ($row=mysqlFetchRow($db, $pQuery))) $res = ($row[0] == '1'); return $res; } return false; } } if (!function_exists('siExecuteLogin')) { function siExecuteLogin($db, $langid, $signinSettings, $signinTexts, $uid, $pwd, $vcode) { if (!isset($signinSettings) || !isset($signinSettings['SIGNINFORMID']) || !($signinSettings['SIGNINFORMID'] > 0)) { $signinSettings = siLoadSettings($db); } $res = ["vcode" => false, "success"=>false, "cause"=>"Wrong configuration", "loggedUid" => 0]; if (!($signinSettings['SIGNINFORMID'] > 0)) return $res; $res["cause"] = "Wrong user"; $row = [0=>0, 1=>'', 2=>0, 3=>0, 4=>1, 5=>1]; $filterArg = []; $filterBind = []; if (isset($uid) && ($uid != '')) { $querytxt = "SELECT A.id, A.field_" . $signinSettings['PASSWORDFIELDID'] . ", "; if ($signinSettings['PWDFLAGFIELDID'] > 0) $querytxt .= "A.field_" . $signinSettings['PWDFLAGFIELDID'] . ", "; else $querytxt .= "0, "; if ($signinSettings['PAGELOGINFIELDID'] > 0) $querytxt .= "A.field_" . $signinSettings['PAGELOGINFIELDID'] . ", "; else $querytxt .= "0, "; if ($signinSettings['DISABLEDATEFIELDID'] > 0) { $querytxt .= "(A.field_" . $signinSettings['DISABLEDATEFIELDID'] . " is null OR "; $querytxt .= " A.field_" . $signinSettings['DISABLEDATEFIELDID'] . " = '0000/00/00' OR "; $querytxt .= " A.field_" . $signinSettings['DISABLEDATEFIELDID'] . " >= CURDATE()), "; } else $querytxt .= "1, "; $querytxt .= (isset($signinSettings['VERIFYCODEFIELDID']) && ($signinSettings['VERIFYCODEFIELDID'] > 0)) ? "A.field_" . $signinSettings['VERIFYCODEFIELDID'] . " IS NULL, " : "1, "; if ($signinSettings['DISABLEFIELDID'] > 0) { $querytxt .= " (A.field_" . $signinSettings['DISABLEFIELDID'] . " IS NOT NULL "; $querytxt .= " AND A.field_" . $signinSettings['DISABLEFIELDID'] . "=1) disabled "; } else $querytxt = "0 disabled "; $querytxt .= "FROM mod_form_data_" . $signinSettings['SIGNINFORMID'] . " AS A "; $querytxt .= "WHERE A.field_" . $signinSettings['USERNAMEFIELDID'] . " = ? "; $filterArg[] = $uid; $filterBind[] = 's'; $row = [0=>0, 1=>'', 2=>0, 3=>0, 4=>1, 5=>1, 6=>0]; if (($pQuery = mysqlQuery($db, $querytxt, $filterArg, $filterBind)) && ($park = mysqlFetchRow($db, $pQuery))) { $res['cause'] = "Wrong password"; if ($park[6] == 1) { $res['cause'] = "disabled"; $park = null; unset($park); } else $row = $park; } if (getRemoteIP()=="176.107.154.3") $res["sql"] = [$querytxt, $filterArg, $park, $row]; $aux = siGetMaskPage($db, 'vcode'); if (($row[5] == 0) && ($aux != '')) { $res['cause'] = "Verification required"; $res['redir'] = $aux; } elseif ($row[4] == 0) { $res['cause'] = "expired"; } if (siValidatePassword($pwd, $row[1])) { // TODO: check expiration password if (!isset($res['redir'])) { $res["loggedUid"] = $row[0]; unset($res['cause']); } } $aux = siGetMaskPage($db, 'pwdchange'); if (($row[2]==1) && ($aux != '')) $res['redir'] = $aux; } else { if ($signinSettings['SIGNINFORMID'] > 0 && isset($vcode) && $vcode != '') { $querytxt = "SELECT A.id, A.field_" . $signinSettings['VERIFYCODEFIELDID'] . ", "; if ($signinSettings['PWDFLAGFIELDID'] > 0) $querytxt .= "A.field_" . $signinSettings['PWDFLAGFIELDID'] . ", "; else $querytxt .= "0, "; if ($signinSettings['PAGELOGINFIELDID'] > 0) $querytxt .= "A.field_" . $signinSettings['PAGELOGINFIELDID'] . ", "; else $querytxt .= "0, "; if ($signinSettings['DISABLEDATEFIELDID'] > 0) { $querytxt .= "(A.field_" . $signinSettings['DISABLEDATEFIELDID'] . " is null OR "; $querytxt .= " A.field_" . $signinSettings['DISABLEDATEFIELDID'] . " = '0000/00/00' OR "; $querytxt .= " A.field_" . $signinSettings['DISABLEDATEFIELDID'] . " >= CURDATE()), "; } else $querytxt .= "1, "; $querytxt .= (isset($signinSettings['VERIFYCODEFIELDID']) && ($signinSettings['VERIFYCODEFIELDID'] > 0)) ? "A.field_" . $signinSettings['VERIFYCODEFIELDID'] . " IS NULL " : "1 "; $querytxt .= "FROM mod_form_data_" . $signinSettings['SIGNINFORMID'] . " AS A "; $querytxt .= "WHERE A.field_" . $signinSettings['VERIFYCODEFIELDID'] . " = ? "; $filterArg = [$vcode]; $filterBind = ['s']; if ($signinSettings['DISABLEFIELDID'] > 0) { $querytxt .= " AND (A.field_" . $signinSettings['DISABLEFIELDID'] . " is null "; $querytxt .= " OR A.field_" . $signinSettings['DISABLEFIELDID'] . "!=1)"; } if ($signinSettings['DISABLEDATEFIELDID'] > 0) { $querytxt .= " AND (A.field_" . $signinSettings['DISABLEDATEFIELDID'] . " is null OR "; $querytxt .= " A.field_" . $signinSettings['DISABLEDATEFIELDID'] . " = '0000/00/00' OR "; $querytxt .= " A.field_" . $signinSettings['DISABLEDATEFIELDID'] . " >= CURDATE())"; } $res['cause'] = "vCode invalid or not found"; if ($pQuery = mysqlQuery($db, $querytxt, $filterArg, $filterBind)) { $row = mysqlFetchRow($db, $pQuery); } if ($row[1] == $vcode) { if ($row[4] == 0) $res['cause'] = "expired"; else { $res["loggedUid"] = $row[0]; mysqlQuery($db, "UPDATE mod_form_data_" . $signinSettings['SIGNINFORMID'] . " SET field_" . $signinSettings['VERIFYCODEFIELDID'] . "=NULL WHERE id = ?", [$row[0]], 'i'); $currentForm = fmGetFormDef($db, $signinSettings['SIGNINFORMID']); if ($currentForm[1] != '') $res["redir"] = $currentForm[1] . ".php"; $curUser = getFormData($db, $signinSettings['SIGNINFORMID'], $res["loggedUid"]);; fmSendFormMail($db, $currentForm, $langid, $curUser); if (($data = fmGetFormAutoresponder($db, $currentForm[0], $langid)) !== FALSE) fmSendFormMail($db, $currentForm, $langid, $curUser, $data); } } } } siUpdateLastLogin($db, $res["loggedUid"]); if ($res["loggedUid"]>0) { $_SESSION["loggedUserId"] = $res["loggedUid"]; gdpr_activitylog($db, $res["loggedUid"], false, false, 'Login'); $res['success'] = true; $res['cause'] = null; unset($res['cause']); } else { $_SESSION["loggedUserId"] = NULL; // TODO: loggare accessi falliti gdpr_activitylog($db, 0, $currentForm[0], false, 'Login failed', $_POST); } if (!isset($res['redir'])) { $aux = siGetPageById($db, (isset($row[3]) && ($row[3] != '') && ($row[3] > 0)) ? $row[3] : $signinSettings['LOGINPAGEID']); if ($aux != '') $res['redir'] = $aux; } return $res; } } if (!function_exists('siUpdateLastLogin')) { function siUpdateLastLogin($db, $userId) { global $signinSettings; if (!$signinSettings) $signinSettings = siLoadSettings($db); if ($signinSettings['SIGNINFORMID']>0 && $signinSettings['LASTCONNFIELDID']>0) { $querytxt = "UPDATE mod_form_data_". $signinSettings['SIGNINFORMID'] ." "; $querytxt .= "SET field_". $signinSettings['LASTCONNFIELDID'] ." = NOW() "; $querytxt .= "WHERE id = ? "; mysqlQuery($db, $querytxt, [$userId], 'i'); return true; } return false; } } if (!function_exists('siSendPasswordResetLink')) { function siSendPasswordResetLink($db, $userid=0, $domain=false) { global $signinTexts, $signinSettings, $pagename, $langid; if (($userid==0) || !$signinTexts || !$signinSettings || !$domain) return false; $currentData = getFormData($db, $signinSettings['SIGNINFORMID'], $userid); $currentData['field_'.$signinSettings['PASSWORDFIELDID']] = ''; $d=explode("/", $_SERVER['PHP_SELF']); $aux = siGetMaskPage($db,'reminder'); if ($aux=="") $aux = siGetMaskPage($db,'pwdchange'); if ($aux=="") $aux=$d[1].'.php'; $langdir=false; if (($query = mysqlQuery($db, "SELECT code FROM system_language WHERE id = ?", [$langid], 'i')) && ($row=mysqlfetchAssoc($db, $query))) $langdir=$row["code"]; if (!$langdir) if (($query = mysqlQuery($db, "SELECT value FROM system_variables WHERE name='defLangISO'")) && ($row=mysqlfetchAssoc($db, $query))) $langdir=$row["value"]; if (!$langdir) $langdir='eng'; $link=$domain.((substr($domain, -1)=='/')?'':'/').$langdir.'/'.$aux.'?resetCode='; $token = gen_uuid(); @mysqlQuery($db, "DELETE FROM mod_users_changepassword WHERE requestdate<(NOW() - INTERVAL 15 MINUTE) OR userid = ?", [$userid], 'i'); mysqlQuery($db, "INSERT INTO mod_users_changepassword SET userid = ?, token = ?, requestdate=NOW()", [$userid, $token], 'is'); if (strtoupper(substr(PHP_OS,0,3)=='WIN')) $eol="\r\n"; else if (strtoupper(substr(PHP_OS,0,3)=='MAC')) $eol="\r"; else $eol="\n"; if ($signinSettings['EMAILHTML'] == 1) $eol = "
".$eol; $msg = fmParseTemplate($db,$signinTexts['REMINDERMESSAGE'],array($signinSettings['SIGNINFORMID']),$currentData,$langid); if (file_exists(__DIR__."/../loyaltypoints/lib.php")) { @include_once __DIR__ ."/../loyaltypoints/lib.php"; $msg = lpParseTemplate($db, $msg, $langid); } if (strpos(" RESETLINK ",$signinTexts['REMINDERMESSAGE'])==-1) $msg .= $eol. $link.$token .$eol; else while (preg_match ("/<\[\@[ ]*RESETLINK[ ]*\@\]>/sm", $msg, $data)) { $msg = str_replace($data[0], $link.$token, $msg); } while (preg_match ("/<\[\@[ ]*RESET\.CODE[ ]*\@\]>/sm", $msg, $data)) { $msg = str_replace($data[0], $token, $msg); } if (strpos("<@[ TEXT-REMINDERTHANKS ]@>",$signinTexts['REMINDERMESSAGE']) == -1 && $signinTexts['REMINDERTHANKS']!='') $msg .= $eol.$signinTexts['REMINDERTHANKS'].$eol.$eol; $fromMail = $signinSettings['SENDERADDRESS']; $subject = $signinTexts['REMINDERSUBJECT']; if ($subject=='') $subject="[none]"; sendEmail($fromMail, $fromMail, $currentData['field_'.$signinSettings['REFEMAILFIELDID']], $currentData['field_'.$signinSettings['REFEMAILFIELDID']], $subject, (($signinSettings['EMAILHTML'] == 1)?false:$msg), (($signinSettings['EMAILHTML'] == 1)?$msg:false)); } } if (!function_exists('siGetUserLevelId')) { function siGetUserLevelId($db, $userid=0) { global $signinSettings, $siCurrentUser; if (!$signinSettings) $signinSettings = siLoadSettings($db); if ($signinSettings['LEVELFIELDID']>0) { if ($userid>0) $currentUser = siGetUser($db, $userid); else if (!isset($siCurrentUser)) $currentUser = siGetCurrentUser($db); else $currentUser = $siCurrentUser; if ($currentUser) return $currentUser['field_'.$signinSettings['LEVELFIELDID']]; } return false; } } if (!function_exists('siSaveUser')) { function siSaveUser($db, $langid, $data, $currentid=false, $signinSettings=false, $signinTexts=false, $uniqueFields=false, $disabledFields=false) { if (!$signinSettings) $signinSettings = siLoadSettings($db); if (!$signinTexts) $signinTexts = siLoadTexts($db, $langid); $currentForm=fmGetFormDef($db, $signinSettings['SIGNINFORMID']); if (!$uniqueFields) $uniqueFields = array( array('FIELDID'=> $signinSettings['USERNAMEFIELDID'], 'FIELDTYPE' => '0', 'ERROR' => $signinTexts['USEDUSERNAME']) ); if ($data['field_'.$signinSettings['USERNAMEFIELDID']]!='') $data['field_'.$signinSettings['USERNAMEFIELDID']] = str_replace(" ", "", $data['field_'.$signinSettings['USERNAMEFIELDID']]); $res = validateFormData($db, $currentForm, $langid, $uniqueFields, $disabledFields, $currentid, $data); if ($data['field_'.$signinSettings['PASSWORDFIELDID']]=='') unset($data['field_'.$signinSettings['PASSWORDFIELDID']]); else { if (($rez=siValidationPassword($db, $currentid, $data['field_'.$signinSettings['USERNAMEFIELDID']], $data['field_'.$signinSettings['PASSWORDFIELDID']], $signinSettings, $signinTexts))==true) { $data['old_field_'.$signinSettings['PASSWORDFIELDID']] = $data['field_'.$signinSettings['PASSWORDFIELDID']]; $data['field_'.$signinSettings['PASSWORDFIELDID']] = siEncryptPassword($data['field_'.$signinSettings['PASSWORDFIELDID']]); } } if (isset($rez["ERROR"])) $res['ERROR']=$rez['ERROR']; if ($res['ERROR'] === false) { if (!$currentid) { $vp=''; $vm="Click here: <[@ VCODE.FULLPAGE @]> or go here: <[@ VCODE.PAGE @]> and type the code: <[@ VCODE.CODE @]>"; if (isset($signinSettings['VERIFYCODEFIELDID']) && ($signinSettings['VERIFYCODEFIELDID']!='') && ($signinSettings['VERIFYCODEFIELDID']>0)) { $vCode = gen_uuid(); if ($query = mysqlQuery($db, "SELECT id FROM mod_form_data_".$currentForm[0]." WHERE field_".$signinSettings['VERIFYCODEFIELDID']." = ?", [$vCode], 's')) { while ($query && ($row=mysqlFetchRow($db, $query)) && ($row[0]>0)) { $vCode = gen_uuid(); $query = mysqlQuery($db, "SELECT id FROM mod_form_data_".$currentForm[0]." WHERE field_".$signinSettings['VERIFYCODEFIELDID']." = ?", [$vCode], 's'); } } $data['field_'.$signinSettings['VERIFYCODEFIELDID']] = $vCode; if (isset($signinTexts['VCODEMAIL']) && ($signinTexts['VCODEMAIL']!='')) $vm=$signinTexts['VCODEMAIL']; $park=siGetMaskPage($db, 'vcode'); if ($park) { $vp=$park; $langdir=false; if (($query = mysqlQuery($db, "SELECT code FROM system_language WHERE id = ?", [$langid], 'i')) && ($row=mysqlfetchAssoc($db, $query))) $langdir=$row["code"]; if (!$langdir) if (($query = mysqlQuery($db, "SELECT value FROM system_variables WHERE name='defLangISO'")) && ($row=mysqlfetchAssoc($db, $query))) $langdir=$row["value"]; if (!$langdir) $langdir='eng'; $mvp = $GLOBALS['main_url'].$langdir.'/'.$vp; $vm=str_replace("<[@ VCODE.CODE @]>", $vCode, $vm); $vm=str_replace("<[@ VCODE.PAGE @]>", $mvp, $vm); $vm=str_replace("<[@ VCODE.FULLPAGE @]>", $mvp.'?vCode='.$vCode, $vm); } } $dataId = saveNewFormData($db, $currentForm[0], $langid, $data); $currentData = getFormData($db, $currentForm[0], $dataId, $langid); if ($currentData['id']>0) { $currentid = $currentData["id"]; $res['id']=$currentData['id']*1; if (($vp!='') && isset($signinSettings['VCODESENDER']) && (strpos($signinSettings['VCODESENDER'], '@')>0) && ($vm!='')) { $subject = $signinTexts['VCODESUBJECT']; if ($subject=='') $subject="Account activation"; sendEmail($signinSettings['VCODESENDER'], $signinSettings['VCODESENDER'], $data['field_'.$signinSettings['REFEMAILFIELDID']], $data['field_'.$signinSettings['REFEMAILFIELDID']], $subject, (($signinSettings['VCODEMAILHTML'] == 1)?false:$vm), (($signinSettings['VCODEMAILHTML'] == 1)?$vm:false)); $res["redir"]=$vp; } else if (!isset($_POST["silent"])) { fmSendFormMail($db, $currentForm, $langid, $currentData); if (($data = fmGetFormAutoresponder($db, $currentForm[0], $langid))!==false) fmSendFormMail($db, $currentForm, $langid, $currentData, $data); } } else $res["ERROR"]="ERROR SAVING"; } else { saveFormDataFields($db,$currentForm[0],$currentid,$langid,$data); $res['id']=$currentid*1; } if ($res['ERROR'] === false) { if (isset($data['field_'.$signinSettings['PASSWORDFIELDID']])) { @mysqlQuery($db, "INSERT INTO mod_users_oldpasswords SET userid = ?, pswd = ?, requestdate=NOW()", [$currentid, (substr($data['field_'.$signinSettings['PASSWORDFIELDID']], 0, 4) == "$2y$")?$data['field_'.$signinSettings['PASSWORDFIELDID']]:siEncryptPassword($data['field_'.$signinSettings['PASSWORDFIELDID']])], 'is'); } } } return $res; } } // ******************* PASSWORD UTILS if (!function_exists('siNotNull')) { function siNotNull($value) { if (is_array($value)) return (sizeof($value) > 0) ; else return (($value != '') && (strtolower($value) != 'null') && (strlen(trim($value)) > 0)); } } if (!function_exists('siValidatePassword')) { function siValidatePassword($plain, $saved) { if (siNotNull($plain) && siNotNull($saved)) { if (substr($saved, 0, 4) == "$2y$") { return password_verify($plain, $saved); } else { // split apart the hash / salt $stack = explode(':', $saved); if (strlen($stack[0]) == 32) { if (sizeof($stack) != 2) return false; if (md5($stack[1] . $plain) == $stack[0]) return true; } } } return false; } } if (!function_exists('siValidationPassword')) { function siValidationPassword($db, $uid, $uname, $pid, $signinSettings, $signinTexts) { $res = true; $min = isset($signinSettings["PSWD-MINLEN"]) && is_numeric($signinSettings["PSWD-MINLEN"]) ? (int)$signinSettings["PSWD-MINLEN"] : 0; if (!(siNotNull($pid) && (strlen($pid)>=$min))) $res = ["ERROR" => str_replace("X", $min, $signinTexts["PIDMINLEN"])]; if ($res==true) { $min = isset($signinSettings["PSWD-MINLOWER"]) && is_numeric($signinSettings["PSWD-MINLOWER"]) ? (int)$signinSettings["PSWD-MINLOWER"] : 0; if ($min!=(int)$min) $min=0; if (($min>0) && (preg_match_all('@[a-z]@', $pid, $m) < $min)) $res = ["ERROR" => str_replace("X", $min, $signinTexts["PIDMINLOWER"])]; } if ($res==true) { $min = isset($signinSettings["PSWD-MINUPPER"]) && is_numeric($signinSettings["PSWD-MINUPPER"]) ? (int)$signinSettings["PSWD-MINUPPER"] : 0; if ($min!=(int)$min) $min=0; if (($min>0) && (preg_match_all('@[A-Z]@', $pid, $m) < $min)) $res = ["ERROR" => str_replace("X", $min, $signinTexts["PIDMINUPPER"])]; } if ($res==true) { $min = isset($signinSettings["PSWD-MINNUM"]) && is_numeric($signinSettings["PSWD-MINNUM"]) ? (int)$signinSettings["PSWD-MINNUM"] : 0; if ($min!=(int)$min) $min=0; if (($min>0) && (preg_match_all('@[0-9]@', $pid, $m) < $min)) $res = ["ERROR" => str_replace("X", $min, $signinTexts["PIDMINNUM"])]; } if ($res==true) { $min = isset($signinSettings["PSWD-MINSYM"]) && is_numeric($signinSettings["PSWD-MINSYM"]) ? (int)$signinSettings["PSWD-MINSYM"] : 0; if ($min!=(int)$min) $min=0; if (($min>0) && (preg_match_all('@[^a-zA-Z0-9]@', $pid, $m) < $min)) $res = ["ERROR" => str_replace("X", $min, $signinTexts["PIDMINSYM"])]; } if ($res==true) { $min = isset($signinSettings["PSWD-MAXEQ"]) && is_numeric($signinSettings["PSWD-MAXEQ"]) ? (int)$signinSettings["PSWD-MAXEQ"] : 0; if ($min != (int)$min) $min = 0; // Trova la lunghezza massima di caratteri consecutivi uguali con regexp $maxConsecutive = 1; if (preg_match_all('/(.)\1+/', $pid, $matches, PREG_OFFSET_CAPTURE)) { foreach ($matches[0] as $match) { $length = strlen($match[0]); if ($length > $maxConsecutive) { $maxConsecutive = $length; } } } if (($min > 0) && ($maxConsecutive > $min)) { $res = ["ERROR" => str_replace("X", $min, $signinTexts["PIDMAXEQ"])]; } } if ($res==true) { $min = isset($signinSettings["PSWD-MAXDAYCHANGE"]) && is_numeric($signinSettings["PSWD-MAXDAYCHANGE"]) ? (int)$signinSettings["PSWD-MAXDAYCHANGE"] : 0; if ($min!=(int)$min) $min=0; if (($min<1) || ($uid==0) || (($q=mysqlQuery($db, "SELECT count(*) c FROM mod_users_oldpasswords WHERE DATE(requestdate)=CURDATE() AND userid = ?", [$uid], 'i')) && ($m=mysqlFetchAssoc($db, $q)) && ($m["c"]<$min))) ; else $res = ["ERROR" => str_replace("X", $min, $signinTexts["PIDMAXCHANGE"])]; } if ($res==true) { $min = isset($signinSettings["PSWD-LASTUSED"]) && is_numeric($signinSettings["PSWD-LASTUSED"]) ? (int)$signinSettings["PSWD-LASTUSED"] : 0; if ($min!=(int)$min) $min=0; $found=false; if (!(($min<1) || ($uid==0))) if ($q=mysqlQuery($db, "SELECT pswd FROM mod_users_oldpasswords WHERE userid = ? ORDER BY requestdate desc LIMIT ?", [$uid, $min], 'ii')) while ($m=mysqlFetchAssoc($db, $q)) { if (siValidatePassword($pid, $m["pswd"])) $found = true; } if ($found) $res = ["ERROR" => str_replace("X", $min, $signinTexts["PIDLASTUSED"])]; } if ($res==true) { if (stripos($pid, $uname)!==false) $res = ["ERROR" => $signinTexts["PIDCONTAINSUSER"]]; } if ($res==true) { $found=false; $m=explode(" ", $signinSettings["PSWD-FORBIDDENWORDS"]); $i=0; while (!$found && ($i $signinTexts["PIDCANNOTCONTAIN"].$m[$i-1]]; } // if ($_SERVER["REMOTE_ADDR"]=="176.107.154.3") {var_dump(strlen($pid), $min,$res,$pid);die();} return $res; } } if (!function_exists('siEncryptPassword')) { function siEncryptPassword($plain, $cost=14) { /* $password = ''; for ($i=0; $i<10; $i++) $password .= siRand(); $salt = substr(md5($password), 0, 2); $password = md5($salt . $plain) . ':' . $salt; */ $password = password_hash($plain, PASSWORD_BCRYPT, ["cost" => $cost]); return $password; } } if (!function_exists('siRand')) { function siRand($min = null, $max = null) { static $seeded; if (!isset($seeded)) { mt_srand((double)microtime()*1000000); $seeded = true; } if (isset($min) && isset($max)) { if ($min >= $max) return $min; else return mt_rand($min, $max); } else return mt_rand(); } } if (!function_exists('siCreateRandomPassword')) { function siCreateRandomPassword($db, $length = 10) { global $signinSettings, $signinTexts; $res = ""; for ($i=1; $i<=$length; $i++) { $x = rand(0,4); if ($x == 0) $res .= chr(rand(97,122)); else if ($x == 1) $res .= chr(rand(65,90)); else if ($x == 2) $res .= chr(rand(34,43)); // no 45 else if ($x == 3) $res .= chr(rand(47,57)); // no 45 else $res .= rand(0,9); } // $res = str_replace("'", '$', str_replace("%", '^', str_replace('"', "=", $res))); return (siValidationPassword($db, 0, '', $res, $signinSettings, $signinTexts)===true)?$res:siCreateRandomPassword($db, $length); } } if (!function_exists('siLogout')) { function siLogout($db) { if (isset($_SESSION["loggedUserId"])) gdpr_activitylog($db, $_SESSION["loggedUserId"], false, false, 'Logout'); else gdpr_activitylog($db, false, false, false, 'Logout (session expired)'); unset($_SESSION['loggedUserId']); $sessionCart = NULL; unset($sessionCart); unset($_SESSION['sessionCart']); $_SESSION = array(); $cookie_par = session_get_cookie_params(); $cookie_par['expires'] = time() - 86400; if (version_compare(phpversion(), '7.3.0', '<')) { setcookie(session_name(), session_id(), $cookie_par['expires'], $cookie_par['path'], $cookie_par['domain'], $cookie_par['secure'], $cookie_par['httponly']); } else setcookie(session_name(), session_id(), $cookie_par); session_destroy(); } }