Skip to content

Instantly share code, notes, and snippets.

@besstiolle

besstiolle/mayday.php

Last active December 10, 2015 23:38
Show Gist options
  • Save besstiolle/4510767 to your computer and use it in GitHub Desktop.
Save besstiolle/4510767 to your computer and use it in GitHub Desktop.
Download ZIP
FR ================================ Fichier d'urgence permettant de * S'attribuer des droits d'administrateur dans CmsMadeSimple même sans avoir accès à un phpmyadmin. * Changer un mot de passe de n'importe quel compte * Vider le cache de cmsmadesimple Par sécurité il est nécessaire de pouvoir ajouter une ligne dans le fichier config.php, ce qu…
Raw
mayday.php
<!DOCTYPE html>
<html lang="fr">
<head>
<title>Help me</title>
<style>
body{
background-color: #000;
}
#wrapper{
background-color: #E1E2F5;
border: 3px solid #FFFFFF;
margin: 10px auto;
padding: 20px;
width: 600px;
}
table{
border:1px solid #CCC;
}
p.error, p.warn, p.info{
font-family: Georgia;
padding: 5px;
text-align: center;
color: #000000;
border-radius: 100px;
}
p.error{
background-color: #F9B1B1;
border: 1px solid #A07676;
color: #621D1D;
}
p.warn{
background-color: #F9E8B1;
border: 1px solid #B2BB71;
}
p.info{
background-color: #B1F9CB;
border: 1px solid #71BB7F;
}
code{
background: none repeat scroll 0 0 #666565;
border: 1px dotted #E4E4E4;
color: #FFFFFF;
display: block;
padding: 10px;
}
</style>
</head>
<body>
<div id='wrapper'>
<div><img alt="follow me" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAcCAYAAAAAwr0iAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKNWlDQ1BzUkdCIElFQzYxOTY2LTIuMQAASMedlndUVNcWh8+9d3qhzTACUobeu8AA0nuTXkVhmBlgKAMOMzSxIaICEUVEmiJIUMSA0VAkVkSxEBRUsAckCCgxGEVULG9G1ouurLz38vL746xv7bP3ufvsvc9aFwCSpy+XlwZLAZDKE/CDPJzpEZFRdOwAgAEeYIApAExWRrpfsHsIEMnLzYWeIXICXwQB8HpYvAJw09AzgE4H/5+kWel8geiYABGbszkZLBEXiDglS5Auts+KmBqXLGYYJWa+KEERy4k5YZENPvsssqOY2ak8tojFOaezU9li7hXxtkwhR8SIr4gLM7mcLBHfErFGijCVK+I34thUDjMDABRJbBdwWIkiNhExiR8S5CLi5QDgSAlfcdxXLOBkC8SXcklLz+FzExIFdB2WLt3U2ppB9+RkpXAEAsMAJiuZyWfTXdJS05m8HAAW7/xZMuLa0kVFtjS1trQ0NDMy/apQ/3Xzb0rc20V6Gfi5ZxCt/4vtr/zSGgBgzIlqs/OLLa4KgM4tAMjd+2LTOACApKhvHde/ug9NPC+JAkG6jbFxVlaWEZfDMhIX9A/9T4e/oa++ZyQ+7o/y0F058UxhioAurhsrLSVNyKdnpDNZHLrhn4f4Hwf+dR4GQZx4Dp/DE0WEiaaMy0sQtZvH5gq4aTw6l/efmvgPw/6kxbkWidL4EVBjjIDUdSpAfu0HKAoRINH7xV3/o2+++DAgfnnhKpOLc//vN/1nwaXiJYOb8DnOJSiEzhLyMxf3xM8SoAEBSAIqkAfKQB3oAENgBqyALXAEbsAb+IMQEAlWAxZIBKmAD7JAHtgECkEx2An2gGpQBxpBM2gFx0EnOAXOg0vgGrgBboP7YBRMgGdgFrwGCxAEYSEyRIHkIRVIE9KHzCAGZA+5Qb5QEBQJxUIJEA8SQnnQZqgYKoOqoXqoGfoeOgmdh65Ag9BdaAyahn6H3sEITIKpsBKsBRvDDNgJ9oFD4FVwArwGzoUL4B1wJdwAH4U74PPwNfg2PAo/g+cQgBARGqKKGCIMxAXxR6KQeISPrEeKkAqkAWlFupE+5CYyiswgb1EYFAVFRxmibFGeqFAUC7UGtR5VgqpGHUZ1oHpRN1FjqFnURzQZrYjWR9ugvdAR6AR0FroQXYFuQrejL6JvoyfQrzEYDA2jjbHCeGIiMUmYtZgSzD5MG+YcZhAzjpnDYrHyWH2sHdYfy8QKsIXYKuxR7FnsEHYC+wZHxKngzHDuuCgcD5ePq8AdwZ3BDeEmcQt4Kbwm3gbvj2fjc/Cl+EZ8N/46fgK/QJAmaBPsCCGEJMImQiWhlXCR8IDwkkgkqhGtiYFELnEjsZJ4jHiZOEZ8S5Ih6ZFcSNEkIWkH6RDpHOku6SWZTNYiO5KjyALyDnIz+QL5EfmNBEXCSMJLgi2xQaJGokNiSOK5JF5SU9JJcrVkrmSF5AnJ65IzUngpLSkXKabUeqkaqZNSI1Jz0hRpU2l/6VTpEukj0lekp2SwMloybjJsmQKZgzIXZMYpCEWd4kJhUTZTGikXKRNUDFWb6kVNohZTv6MOUGdlZWSXyYbJZsvWyJ6WHaUhNC2aFy2FVko7ThumvVuitMRpCWfJ9iWtS4aWzMstlXOU48gVybXJ3ZZ7J0+Xd5NPlt8l3yn/UAGloKcQqJClsF/hosLMUupS26WspUVLjy+9pwgr6ikGKa5VPKjYrzinpKzkoZSuVKV0QWlGmabsqJykXK58RnlahaJir8JVKVc5q/KULkt3oqfQK+m99FlVRVVPVaFqveqA6oKatlqoWr5am9pDdYI6Qz1evVy9R31WQ0XDTyNPo0XjniZek6GZqLlXs09zXktbK1xrq1an1pS2nLaXdq52i/YDHbKOg84anQadW7oYXYZusu4+3Rt6sJ6FXqJejd51fVjfUp+rv09/0ABtYG3AM2gwGDEkGToZZhq2GI4Z0Yx8jfKNOo2eG2sYRxnvMu4z/mhiYZJi0mhy31TG1Ns037Tb9HczPTOWWY3ZLXOyubv5BvMu8xfL9Jdxlu1fdseCYuFnsdWix+KDpZUl37LVctpKwyrWqtZqhEFlBDBKGJet0dbO1husT1m/tbG0Edgct/nN1tA22faI7dRy7eWc5Y3Lx+3U7Jh29Xaj9nT7WPsD9qMOqg5MhwaHx47qjmzHJsdJJ12nJKejTs+dTZz5zu3O8y42Lutczrkirh6uRa4DbjJuoW7Vbo/c1dwT3FvcZz0sPNZ6nPNEe/p47vIc8VLyYnk1e816W3mv8+71IfkE+1T7PPbV8+X7dvvBft5+u/0erNBcwVvR6Q/8vfx3+z8M0A5YE/BjICYwILAm8EmQaVBeUF8wJTgm+Ejw6xDnkNKQ+6E6ocLQnjDJsOiw5rD5cNfwsvDRCOOIdRHXIhUiuZFdUdiosKimqLmVbiv3rJyItogujB5epb0qe9WV1QqrU1afjpGMYcaciEXHhsceiX3P9Gc2MOfivOJq42ZZLqy9rGdsR3Y5e5pjxynjTMbbxZfFTyXYJexOmE50SKxInOG6cKu5L5I8k+qS5pP9kw8lf0oJT2lLxaXGpp7kyfCSeb1pymnZaYPp+umF6aNrbNbsWTPL9+E3ZUAZqzK6BFTRz1S/UEe4RTiWaZ9Zk/kmKyzrRLZ0Ni+7P0cvZ3vOZK577rdrUWtZa3vyVPM25Y2tc1pXvx5aH7e+Z4P6hoINExs9Nh7eRNiUvOmnfJP8svxXm8M3dxcoFWwsGN/isaWlUKKQXziy1XZr3TbUNu62ge3m26u2fyxiF10tNimuKH5fwiq5+o3pN5XffNoRv2Og1LJ0/07MTt7O4V0Ouw6XSZfllo3v9tvdUU4vLyp/tSdmz5WKZRV1ewl7hXtHK30ru6o0qnZWva9OrL5d41zTVqtYu712fh9739B+x/2tdUp1xXXvDnAP3Kn3qO9o0GqoOIg5mHnwSWNYY9+3jG+bmxSaips+HOIdGj0cdLi32aq5+YjikdIWuEXYMn00+uiN71y/62o1bK1vo7UVHwPHhMeefh/7/fBxn+M9JxgnWn/Q/KG2ndJe1AF15HTMdiZ2jnZFdg2e9D7Z023b3f6j0Y+HTqmeqjkte7r0DOFMwZlPZ3PPzp1LPzdzPuH8eE9Mz/0LERdu9Qb2Dlz0uXj5kvulC31OfWcv210+dcXmysmrjKud1yyvdfRb9Lf/ZPFT+4DlQMd1q+tdN6xvdA8uHzwz5DB0/qbrzUu3vG5du73i9uBw6PCdkeiR0TvsO1N3U+6+uJd5b+H+xgfoB0UPpR5WPFJ81PCz7s9to5ajp8dcx/ofBz++P84af/ZLxi/vJwqekJ9UTKpMNk+ZTZ2adp++8XTl04ln6c8WZgp/lf619rnO8x9+c/ytfzZiduIF/8Wn30teyr889GrZq565gLlHr1NfL8wXvZF/c/gt423fu/B3kwtZ77HvKz/ofuj+6PPxwafUT5/+BQOY8/ximktCAAAACXBIWXMAAA7DAAAOwwHHb6hkAAAAGnRFWHRTb2Z0d2FyZQBQYWludC5ORVQgdjMuNS4xMDD0cqEAAANESURBVEhL7VZLaxNRFM67ebVJY5sW0pYQK7ZauxEqhUKhLiztRgTBbUWhdCF047YWQTdC1a5EcOPCPyAiuXMzkzZNWx+ICAoV3ftIcs+dRNpiG8+YBqeTmcykxY0YuCSEc+/33e9855xrs/1rn840P+ETYMpO2PQRES7FRDnc0B0HssWehjbsBcckORGkPOUkfNee5GU7gd/LQbgcENit4dV8kxLaleb9fqGwEF9ivTU4J9d/BJoE+OIgbLwREn2Z4qCHQN6RRFAFHJeNVL6VpfzvIPDKI8A7/L2DGA90z/el+Mjehs1mChetkIhLOYdXgNd2FXgVWPvtQDItKXh+fJkPRUR2+epH8O3HIDBePQiDd32U3RnJMn89ImEKo0aANUpgStwEvqMacotYGKs5NyLB2P7DoIy324jQ/IQRiQDl8+o9aun1iLkIk52EjeqeN5RlIScB0NuIzNeDApvqX4O2fZtJ4aZlAqjA0WW5fmq9AptXcqUvK5RdBDaxzF74KSx6BDbTmpKf1UuBVtHBbNHY4IkM7x5dy7UHKIhWTKUHXD8FUMaSTBh6KijI57FUSlgBWWcStrQm0isxs5yrSTqTfHtotRgyJJBYyvegQ3cq9Vyp6UYAzFLhE/hn09JG1z+xbCpDr+h5SJFffmhKICSVokjgvdltzNRRlNN2w05JnjQloAR4hHwU2+VTTEWlrx9yKUSwjM3lr7I7vcLiCD4dovAY+8JPqwTUN9beHpvcrKXbK0E9Ine7BfbpoKWoJewW+IdWmnNbJqAERqXCSBNRSvHPhDPLu55S2NS22yVe2/etsGkT2Rns3W/UY9ao+WhNVx3DOP3mrGAZxrjod2eHxM6GKbvvUs14c19AGf2z2JUBx6EIBNAPzQJM4wz4atUTimLYT+7aksxuGbw3nXP3rfBgiwjBgUwx7qXyhJfwe27CvxkPp9oSRZXkqARXLANXA7slCHdIfAHrv1R9z2ll1mvL1dzj228L9z46hiXcMLh6w6kMdPopm0UJX6LsdZoQvvNQah+FjRYKt2MSGE+5gzC6vrFtG14tRSMp+Rw6eQaH1JwNFz63b+Ab4Bo2qcl4GmIX3nLreT4Ikf97/rYCvwCU4KuRnfCtDQAAAABJRU5ErkJggg==" /> Suivez moi sur <a target='_blank' href='https://twitter.com/besstiolle'>Twitter</a></div>
<?php
$ts = time();
$allow = $ts + 2 * 60;
if(!file_exists('config.php')){
echo <<<HTML
<p class="error">il manque le fichier config.php pour fonctionner. Placez ce fichier mayday.php &agrave; ses côt&eacute;s</p>;
HTML;
}
include_once('config.php');
if(!isset($config['mayday']) || !is_numeric($config['mayday'])){
echo <<<HTML
<p class="error">Par mesure de s&eacute;curit&eacute;, veuillez ajouter la ligne suivante dans config.php : </p>
<code>\$config['mayday'] = '$allow';</code>
<p class="warn">Pensez toujours &agrave; supprimer le fichier mayday.php du r&eacute;pertoire &agrave; la fin de son utilisation</p>
</div></body></html>
HTML;
return;
}
if($config['mayday'] < $ts){
echo <<<HTML
<p class="error">Par mesure de s&eacute;curit&eacute;, votre session a expir&eacute;e. Veuillez ajouter/modifier la ligne suivante dans config.php : </p>
<code>\$config['mayday'] = '$allow';</code>
<p class="warn">Pensez toujours &agrave; supprimer le fichier mayday.php du r&eacute;pertoire &agrave; la fin de son utilisation</p>
</div></body></html>";
HTML;
return;
}
$remain = $config['mayday'] - $ts;
echo <<<HTML
<p class="warn">Par mesure de s&eacute;curit&eacute;, votre session va expirer dans <b>{$remain}s</b></p>
<p class="warn">Pensez toujours &agrave; supprimer le fichier mayday.php du r&eacute;pertoire &agrave; la fin de son utilisation</p>
HTML;
require_once(dirname(__FILE__).'/include.php');
$queryU ="SELECT u.user_id, u.username, u.admin_access FROM cms_users u";
$queryG ="SELECT g.group_id, g.group_name FROM cms_groups g";
$queryUG ="SELECT ug.group_id, ug.user_id FROM cms_user_groups ug";
if(function_exists('cmsms')){
$db = cmsms()->GetDb();
} else {
$db = &$gCms->db;
}
$db_prefix = cms_db_prefix();
$dict = NewDataDictionary($db);
$resultU = $db->Execute($queryU);
$resultG = $db->Execute($queryG);
$resultUG = $db->Execute($queryUG);
$users = array();
while ($row = $resultU->FetchRow()) {
$users[$row['user_id']] = array(
'id' => $row['user_id'],
'name' => $row['username'],
'admin_access' => $row['admin_access'],
'groups' => array()
) ;
}
if(isset($_GET['a']) && $_GET['a'] == 'mdp' && isset($_GET['u']) && is_numeric($_GET['u'])){
$chaine = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@";
$pass = "";
for($u = 1; $u <= 8; $u++) {
$nb = strlen($chaine);
$nb = mt_rand(0,($nb-1));
$pass.=$chaine[$nb];
}
$sql = "update ".$db_prefix."users set password = (select md5(CONCAT(IFNULL((SELECT sitepref_value FROM ".$db_prefix."siteprefs WHERE sitepref_name = 'sitemask'),''),?))) where user_id = ?";
$result = $db->Execute($sql, array($pass,$_GET['u']));
if ($result === false) {
echo "<p class='error'>Echec de la mise &agrave; jour</p>";
die($db->ErrorMsg());
}
echo "<p class='info'>Mise &agrave; jour termin&eacute;e. Vous pouvez <a target='_blank' href='".$config['root_url']."/admin/index.php'>vous connecter</a> avec l'utilisateur <b>".$users[$_GET['u']]['name']."</b> et le mot de passe <b>$pass</b></p>";
echo "<p class='return'><a href='".$config['root_url']."/mayday.php?ts=$ts'>Revenir &agrave; l'accueil</a> du programme mayday</p>";
echo "</div></body></html>";
return;
}
if(isset($_GET['a']) && $_GET['a'] == 'adm' && isset($_GET['u']) && is_numeric($_GET['u'])){
$sql = "update ".$db_prefix."users set admin_access = 1 where user_id = ?";
$result = $db->Execute($sql, array($_GET['u']));
if ($result === false) {
echo "<p class='error'>Echec de la mise &agrave; jour de l'utilisateur</p>";
die($db->ErrorMsg());
}
$sql = "delete from ".$db_prefix."user_groups where user_id = ?";
$result = $db->Execute($sql, array($_GET['u']));
if ($result === false) {
echo "<p class='error'>Echec de la suppression groupe/utilisateur</p>";
die($db->ErrorMsg());
}
$sql = "insert into ".$db_prefix."user_groups (group_id, user_id, create_date, modified_date) values (1,?,?,?)";
$result = $db->Execute($sql, array($_GET['u'], $db->DBTimeStamp(time()), $db->DBTimeStamp(time())));
if ($result === false) {
echo "<p class='error'>Echec de la mise &agrave; jour groupe/utilisateur</p>";
die($db->ErrorMsg());
}
echo <<<HTML
<p class='info'>Mise &agrave; jour termin&eacute;e. L'utilisateur <b>{$users[$_GET['u']]['name']}</b> est maintenant administrateur du site. Vous pouvez maintenant <a target='_blank' href='{$config['root_url']}/admin/index.php'>vous reconnecter</a></p>
<p class='return'><a href='{$config['root_url']}/mayday.php?ts=$ts'>Revenir &agrave; l'accueil</a> du programme mayday</p>
</div></body></html>
HTML;
return;
}
function cleanDirectory($dirname){
$dir = opendir($dirname);
while($file = readdir($dir)) {
if($file != '.' && $file != '..' && !is_dir($dirname.$file) && $file != 'index.html')
{
unlink($dirname.$file);
}
}
closedir($dir);
}
if(isset($_GET['a']) && $_GET['a'] == 'vid'){
cleanDirectory('./tmp/cache/');
cleanDirectory('./tmp/templates_c/');
echo <<<HTML
<p class='info'>Vidage du cache termin&eacute;e.</p>
<p class='return'><a href='{$config['root_url']}/mayday.php?ts=$ts'>Revenir &agrave; l'accueil</a> du programme mayday</p>
</div></body></html>
HTML;
return;
}
$groups = array();
while ($row = $resultG->FetchRow()) {
$groups[$row['group_id']] = array(
'id' => $row['group_id'],
'name' => $row['group_name']
) ;
}
while ($row = $resultUG->FetchRow()) {
$users[$row['user_id']]['groups'][] = $groups[$row['group_id']];
}
?>
<h3>Manipulation de droits d'acc&egrave;s</h3>
<p>Ces options vont vous permettre de vous attribuer des droits d'administrateur et/ou modifier le mot de passe d'un compte admin</p>
<table>
<thead>
<tr>
<th>User_Id</th><th>Login</th><th>Membre de Groupe ?</th><th></th><th></th>
</tr>
</thead>
<tbody>
<?php
foreach($users as $user){
echo <<<HTML
<tr>
<td>{$user['id']}</td><td>{$user['name']}</td><td>
HTML;
foreach($user['groups'] as $group){
echo $group['name'].'[#'.$group['id'].'] ';
}
echo <<<HTML
</td>
<td><a href='mayday.php?a=mdp&amp;u={$user['id']}&amp;ts=$ts' onclick='return confirm("&Ecirc;tes vous certain de r&eacute;initialiser son mot de passe ?")'>R&eacute;initialiser le mot de passe</a></td>
<td><a href='mayday.php?a=adm&amp;u={$user['id']}&amp;ts=$ts' onclick='return confirm("&Ecirc;tes vous certain de vouloir passer cet utilisateur admin ?")'>Le passer admin</a></td>
<tr>
HTML;
}
?>
</tbody>
</table>
<h3>Vider le cache</h3>
<p>Peut r&eacute;soudre certains soucis rencontr&eacute;s lors de d&eacute;placements d'une installation d'un r&eacute;pertoire &agrave; un autre. Si le probl&egrave;me persiste : venez <a href='http://www.cmsmadesimple.fr/forum'>sur le forum</a></p>
<p><a href='mayday.php?a=vid'>vider le cache</a> de cmsmadesimple</p>
</body>
</html>
@besstiolle
Copy link
Author

petits ajouts de warning + texte pour insister sur le fait de supprimer le fichier en fin de manipulation.

@besstiolle
Copy link
Author

Permet maintenant de vider le cache de cmsmadesimple.
Correction sur l'utilisation de caractères non HTML

@besstiolle
Copy link
Author

update du code pour le rendre compatible avec des versions anciennes de cmsmadesimple.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment