/** * Login validation function * * Username and encoded password is compare to db entries in the jos_users * table. A successful validation updates the current session record with * the users details. */ function login($username = null, $passwd = null, $remember = 0, $userid = NULL) { global $acl, $_VERSION; $bypost = 0; $valid_remember = false; // if no username and password passed from function, then function is being called from login module/component if (!$username || !$passwd) { $username = stripslashes(strval(mosGetParam($_POST, 'username', ''))); $passwd = stripslashes(strval(mosGetParam($_POST, 'passwd', ''))); $bypost = 1; // extra check to ensure that Joomla! sessioncookie exists if (!$this->_session->session_id) { mosErrorAlert(_ALERT_ENABLED); return; } josSpoofCheck(NULL, 1); } $row = null; if (!$username || !$passwd) { mosErrorAlert(_LOGIN_INCOMPLETE); exit; } else { if ($remember && strlen($username) == 32 && $userid) { // query used for remember me cookie $harden = mosHash(@$_SERVER['HTTP_USER_AGENT']); $query = "SELECT id, name, username, password, usertype, block, gid" . "\n FROM #__users" . "\n WHERE id = " . (int) $userid; $this->_db->setQuery($query); $this->_db->loadObject($user); list($hash, $salt) = explode(':', $user->password); $check_username = md5($user->username . $harden); $check_password = md5($hash . $harden); if ($check_username == $username && $check_password == $passwd) { $row = $user; $valid_remember = true; } } else { // query used for login via login module $query = "SELECT id, name, username, password, usertype, block, gid" . "\n FROM #__users" . "\n WHERE username = "******"DELETE FROM #__session" . "\n WHERE session_id != " . $this->_db->Quote($session->session_id) . "\n AND username = "******"\n AND userid = " . (int) $row->id . "\n AND gid = " . (int) $row->gid . "\n AND guest = 0"; $this->_db->setQuery($query); $this->_db->query(); } // update user visit data $currentDate = date("Y-m-d\\TH:i:s"); $query = "UPDATE #__users" . "\n SET lastvisitDate = " . $this->_db->Quote($currentDate) . "\n WHERE id = " . (int) $session->userid; $this->_db->setQuery($query); if (!$this->_db->query()) { die($this->_db->stderr(true)); } // set remember me cookie if selected $remember = strval(mosGetParam($_POST, 'remember', '')); if ($remember == 'yes') { // cookie lifetime of 365 days $lifetime = time() + 365 * 24 * 60 * 60; $remCookieName = mosMainFrame::remCookieName_User(); $remCookieValue = mosMainFrame::remCookieValue_User($row->username) . mosMainFrame::remCookieValue_Pass($hash) . $row->id; setcookie($remCookieName, $remCookieValue, $lifetime, '/'); } mosCache::cleanCache(); } else { if ($bypost) { mosErrorAlert(_LOGIN_INCORRECT); } else { $this->logout(); mosRedirect('index.php'); } exit; } } }
<td><?php echo T_('Your E-mail'); ?> </td> <td align="center"><input class="inputbox" type="text" name="adminEmail" value="<?php echo "{$adminEmail}"; ?> " size="50" /></td> </tr> <tr> <td><?php echo T_('Admin password'); ?> </td> <td align="center"><input class="inputbox" type="text" name="adminPassword" value="<?php echo mosMakePassword(8); ?> " size="50"/></td> </tr> <tr> <?php $mode = 0; $flags = 0644; if ($filePerms != '') { $mode = 1; $flags = octdec($filePerms); } // if ?> <td colspan="2"> <fieldset><legend><?php
function userSave($option, $uid) { global $database, $my, $mosConfig_frontend_userparams; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } // simple spoof check security josSpoofCheck(); $row = new mosUser($database); $row->load((int) $user_id); $orig_password = $row->password; $orig_username = $row->username; if (!$row->bind($_POST, 'gid usertype')) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); mosMakeHtmlSafe($row); if (isset($_POST['password']) && $_POST['password'] != '') { if (isset($_POST['verifyPass']) && $_POST['verifyPass'] == $_POST['password']) { $row->password = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; } else { echo "<script> alert(\"" . addslashes(_PASS_MATCH) . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $orig_password; } if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) { // save params $params = mosGetParam($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // check if username has been changed if ($orig_username != $row->username) { // change username value in session table $query = "UPDATE #__session" . "\n SET username = "******"\n WHERE username = "******"\n AND userid = " . (int) $my->id . "\n AND gid = " . (int) $my->gid . "\n AND guest = 0"; $database->setQuery($query); $database->query(); } mosRedirect('index.php', _USER_DETAILS_SAVE); }
function saveRegistration() { global $database, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == 0) { mosNotAuth(); return; } // simple spoof check security josSpoofCheck(); $row = new mosUser($database); if (!$row->bind($_POST, 'usertype')) { mosErrorAlert($row->getError()); } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); $row->password = trim($row->password); mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = ''; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == 1) { $row->activation = md5(mosMakePassword()); $row->block = '1'; } if (!$row->check()) { echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; $row->registerDate = date('Y-m-d H:i:s'); if (!$row->store()) { echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); $name = trim($row->name); $email = trim($row->email); $username = trim($row->username); $subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); if ($mosConfig_useractivation == 1) { $message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); } else { $message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site); } $message = html_entity_decode($message, ENT_QUOTES); // check if Global Config `mailfrom` and `fromname` values exist if ($mosConfig_mailfrom != '' && $mosConfig_fromname != '') { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { // use email address and name of first superadmin for use in email sent to user $query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE LOWER( usertype ) = 'superadministrator'" . "\n OR LOWER( usertype ) = 'super administrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } // Send email to user mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get email addresses of all admins and superadmins set to recieve system emails $query = "SELECT email, sendEmail" . "\n FROM #__users" . "\n WHERE ( gid = 24 OR gid = 25 )" . "\n AND sendEmail = 1" . "\n AND block = 0"; $database->setQuery($query); $admins = $database->loadObjectList(); foreach ($admins as $admin) { // send email to admin & super admin set to recieve system emails mosMail($adminEmail2, $adminName2, $admin->email, $subject2, $message2); } if ($mosConfig_useractivation == 1) { echo _REG_COMPLETE_ACTIVATE; } else { echo _REG_COMPLETE; } }
function saveRegistration($option) { global $database, $my, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == "0") { mosNotAuth(); return; } $row = new mosUser($database); if (!$row->bind($_POST, "usertype")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = ''; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == "1") { $row->activation = md5(mosMakePassword()); $row->block = "1"; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date("Y-m-d H:i:s"); if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } //// Begin UserExtended include "administrator/components/com_user_extended/user_extended.class.php"; $rowExtended = new mosUser_Extended($database); if (!$rowExtended->bind($_POST)) { echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$rowExtended->check()) { echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$rowExtended->storeExtended($row->id)) { echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n"; exit; } //// End UserExtended $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); if ($mosConfig_useractivation == "1") { $message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); } else { $message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site); } $message = html_entity_decode($message, ENT_QUOTES); // Send email to user if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { $database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='superadministrator'"); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get superadministrators id $admins = $acl->get_group_objects(25, 'ARO'); foreach ($admins['users'] as $id) { $database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'"); $rows = $database->loadObjectList(); $row = $rows[0]; if ($row->sendEmail) { mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2); } } if ($mosConfig_useractivation == "1") { echo _REG_COMPLETE_ACTIVATE; } else { echo _REG_COMPLETE; } }
$config .= "\$mosConfig_multilingual_support = '0';\n"; $config .= "\$mosConfig_editor = 'tinymce';\n"; $config .= "\$mosConfig_admin_expired = '1';\n"; $config .= "\$mosConfig_frontend_login = '******';\n"; $config .= "\$mosConfig_frontend_userparams = '1';\n"; $config .= "\$mosConfig_itemid_compat = '0';\n"; $config .= "setlocale (LC_TIME, \$mosConfig_locale);\n"; $config .= "?>"; if ($canWrite && ($fp = fopen("../configuration.php", "w"))) { fputs($fp, $config, strlen($config)); fclose($fp); } else { $canWrite = false; } // if $salt = mosMakePassword(16); $crypt = md5($adminPassword . $salt); $cryptpass = $crypt . ':' . $salt; $database = new database($DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix); $nullDate = $database->getNullDate(); // create the admin user $installdate = date('Y-m-d H:i:s'); $query = "INSERT INTO `#__users` VALUES (62, 'Administrator', 'admin', '{$adminEmail}', '{$cryptpass}', 'Super Administrator', 0, 1, 25, '{$installdate}', '{$nullDate}', '', '')"; $database->setQuery($query); $database->query(); // add the ARO (Access Request Object) $query = "INSERT INTO `#__core_acl_aro` VALUES (10,'users','62',0,'Administrator',0)"; $database->setQuery($query); $database->query(); // add the map between the ARO and the Group $query = "INSERT INTO `#__core_acl_groups_aro_map` VALUES (25,'',10)";
function saveUser($option, $task) { global $database, $my, $acl; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // sanitize $row->id = intval($row->id); $row->gid = intval($row->gid); $isNew = !$row->id; $pwd = ''; // disallow super administrator blocking self $super_gid = $acl->get_group_id('super administrator'); if ($row->id == $my->id && $my->gid == $super_gid) { $row->block = 0; } // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $pwd = $row->password; $row->password = md5($pwd); } } // save usertype to usetype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = {$row->gid}"; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->checkin(); $loginfo = new mosLoginDetails($row->username, $pwd); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); // update the ACL if (!$isNew) { if ($pwd) { $mambothandler->trigger('userChange', array($loginfo)); } if ($row->block) { $mambothandler->trigger('userBlock', array($loginfo)); } else { $mambothandler->trigger('userUnblock', array($loginfo)); } $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'"; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { $mambothandler->trigger('userRegister', array($loginfo)); $mambothandler->trigger('userActivate', array($loginfo)); if ($row->block) { $mambothandler->trigger('userBlock', array($loginfo)); } $query = "SELECT email FROM #__users WHERE id={$my->id}"; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = T_('New User Details'); $message = sprintf(T_('Hello %s, You have been added as a user to %s by an Administrator. This email contains your username and password to log into the %s Username - %s Password - %s Please do not respond to this message as it is automatically generated and is for information purposes only'), $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email FROM #__users WHERE usertype='super administrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row = $rows[0]; $adminName = $row->name; $adminEmail = $row->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } switch ($task) { case 'apply': $msg = sprintf(T_('Successfully Saved changes to User: %s'), $row->name); mosRedirect('index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg); case 'save': default: $msg = sprintf(T_('Successfully Saved User: %s'), $row->name); mosRedirect('index2.php?option=com_users', $msg); break; } }
function saveRegistration($option) { global $database, $my, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == '0') { mosNotAuth(); return; } $row = new mosUser($database); if (!$row->bind($_POST, 'usertype')) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = 'Registered'; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == '1') { $row->activation = md5(mosMakePassword()); $row->block = '1'; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date("Y-m-d H:i:s"); if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $subject = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); if ($mosConfig_useractivation == "1") { $message = sprintf(T_('Hello %s, Thank you for registering at %s. Your account has been created but, as a precaution, it must be activated by you before you can use it. To activate the account click on the following link or copy and paste it in your browser: %s After activation you may login to %s using the following username and password: Username - %s Password - %s'), $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); $loginfo = new mosLoginDetails($username, $pwd); $mambothandler->trigger('userRegister', array($loginfo)); } else { $message = sprintf(T_("Hello %s,\n\nThank you for registering at %s.\n\nYou may now login to %s using the username and password you registered with."), $name, $mosConfig_sitename, $mosConfig_live_site); $loginfo = new mosLoginDetails($username, $pwd); $mambothandler->trigger('userRegister', array($loginfo)); $mambothandler->trigger('userActivate', array($loginfo)); } $message = html_entity_decode($message, ENT_QUOTES); // Send email to user if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { $database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='super administrator'"); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename); $message2 = sprintf(T_('Hello %s, A new user has registered at %s. This email contains their details: Name - %s e-mail - %s Username - %s Please do not respond to this message as it is automatically generated and is for information purposes only'), $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get superadministrators id $admins = $acl->get_group_objects(25, 'ARO'); foreach ($admins['users'] as $id) { $database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'"); $rows = $database->loadObjectList(); $row = $rows[0]; if ($row->sendEmail) { mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2); } } if ($mosConfig_useractivation == "1") { echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />'; echo T_('Your account has been created and an activation link has been sent to the e-mail address you entered. Note that you must activate the account by clicking on the activation link before you can login.'); } else { echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />'; echo T_('You may now login.'); } }
function saveUser($task) { global $database, $my, $acl; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; josSpoofCheck(); $userIdPosted = mosGetParam($_POST, 'id'); if ($userIdPosted) { $msg = checkUserPermissions(array($userIdPosted), 'save', in_array($my->gid, array(24, 25))); if ($msg) { echo "<script type=\"text/javascript\"> alert('" . $msg . "'); window.history.go(-1);</script>\n"; exit; } } $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); // sanitise fields $row->id = (int) $row->id; // sanitise gid field $row->gid = (int) $row->gid; $isNew = !$row->id; $pwd = ''; // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $salt = mosMakePassword(16); $crypt = md5($pwd . $salt); $row->password = $crypt . ':' . $salt; } else { $pwd = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($pwd . $salt); $row->password = $crypt . ':' . $salt; } $row->registerDate = date('Y-m-d H:i:s'); } else { $original = new mosUser($database); $original->load((int) $row->id); // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; } // if group has been changed and where original group was a Super Admin if ($row->gid != $original->gid) { if ($original->gid == 25) { // count number of active super admins $query = "SELECT COUNT( id )" . "\n FROM #__users" . "\n WHERE gid = 25" . "\n AND block = 0"; $database->setQuery($query); $count = $database->loadResult(); if ($count <= 1) { // disallow change if only one Super Admin exists echo "<script> alert('You cannot change this users Group as it is the only active Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } } $user_group = strtolower($acl->get_group_name($original->gid, 'ARO')); if ($user_group == 'super administrator' && $my->gid != 25) { // disallow change of super-Admin by non-super admin echo "<script> alert('You cannot change this users Group as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } else { if ($my->gid == 24 && $original->gid == 24) { // disallow change of super-Admin by non-super admin echo "<script> alert('You cannot change the Group of another Administrator as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } } // ensure user can't add group higher than themselves done below } } /* // if user is made a Super Admin group and user is NOT a Super Admin if ( $row->gid == 25 && $my->gid != 25 ) { // disallow creation of Super Admin by non Super Admin users echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; exit(); } */ // Security check to avoid creating/editing user to higher level than himself: response to artf4529. if (!in_array($row->gid, getGIDSChildren($my->gid))) { // disallow creation of Super Admin by non Super Admin users echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; exit; } // save usertype to usertype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = " . (int) $row->gid; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; // save params $params = mosGetParam($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); // updates the current users param settings if ($my->id == $row->id) { //session_start(); $_SESSION['session_user_params'] = $row->params; session_write_close(); } // update the ACL if (!$isNew) { $query = "SELECT aro_id" . "\n FROM #__core_acl_aro" . "\n WHERE value = " . (int) $row->id; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = " . (int) $row->gid . "\n WHERE aro_id = " . (int) $aro_id; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { $query = "SELECT email" . "\n FROM #__users" . "\n WHERE id = " . (int) $my->id; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = _NEW_USER_MESSAGE_SUBJECT; $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE gid = 25"; $database->setQuery($query); $admins = $database->loadObjectList(); $admin = $admins[0]; $adminName = $admin->name; $adminEmail = $admin->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } if (!$isNew) { // if group has been changed if ($original->gid != $row->gid) { // delete user acounts active sessions logoutUser($row->id, 'com_users', 'change'); } } switch ($task) { case 'apply': $msg = 'Successfully Saved changes to User: '******'index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg); break; case 'save': default: $msg = 'Successfully Saved User: '******'index2.php?option=com_users', $msg); break; } }
$config .= "\$mosConfig_register_globals = '1';\n"; $config .= "\$mosConfig_list_limit = '50';\n"; $config .= "\$mosConfig_caching = '0';\n"; $config .= "\$mosConfig_cachepath = '{$configArray['absolutePath']}/cache';\n"; $config .= "\$mosConfig_cachetime = '900';\n"; $config .= "\$mosConfig_mailer = 'mail';\n"; $config .= "\$mosConfig_mailfrom = '{$adminEmail}';\n"; $config .= "\$mosConfig_fromname = '{$configArray['sitename']}';\n"; $config .= "\$mosConfig_sendmail = '/usr/sbin/sendmail';\n"; $config .= "\$mosConfig_smtpauth = '0';\n"; $config .= "\$mosConfig_smtpuser = '';\n"; $config .= "\$mosConfig_smtppass = '';\n"; $config .= "\$mosConfig_smtphost = 'localhost';\n"; $config .= "\$mosConfig_back_button = '0';\n"; $config .= "\$mosConfig_item_navigation = '0';\n"; $config .= "\$mosConfig_secret = '" . mosMakePassword(16) . "';\n"; $config .= "\$mosConfig_pagetitles = '1';\n"; $config .= "\$mosConfig_readmore = '1';\n"; $config .= "\$mosConfig_hits = '1';\n"; $config .= "\$mosConfig_icons = '1';\n"; $config .= "\$mosConfig_favicon = 'favicon.ico';\n"; $config .= "\$mosConfig_fileperms = '" . $configArray['filePerms'] . "';\n"; $config .= "\$mosConfig_dirperms = '" . $configArray['dirPerms'] . "';\n"; $config .= "\$mosConfig_helpurl = 'http://docs.mambo-foundation.org';\n"; $config .= "\$mosConfig_mbf_content = '0';\n"; $config .= "setlocale (LC_TIME, \$mosConfig_locale);\n"; $config .= "?>"; if ($canWrite && ($fp = fopen("../configuration.php", "w"))) { fputs($fp, $config, strlen($config)); fclose($fp); } else {
<IMG SRC="images/menu/textmenu_member.gif" BORDER="0"> <?php $forget = $_POST['forget']; function mosMakePassword($length) { $salt = "abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ123456789"; $len = strlen($salt); $makepass = ""; mt_srand(10000000 * (double) microtime()); for ($i = 0; $i < $length; $i++) { $makepass .= $salt[mt_rand(0, $len - 1)]; } return $makepass; } $Pass = mosMakePassword(8); if (!empty($forget)) { $db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD); //ÃкºÊÁÒªÔ¡àÊÃÔÁ maxsite 1.10 ¾Ñ²¹Òâ´Â www.narongrit.net $emails = $_POST['emails']; $result = mysql_query("select user from " . TB_MEMBER . " where email='{$emails}' ") or die("Err Database"); $numrow = mysql_num_rows($result); if ($numrow == 0) { $status = "<center><font size='3' face='MS Sans Serif'><b>No {$emails} on Web</b></font></center>"; } else { $result = mysql_query("select * from " . TB_MEMBER . " where email='{$emails}' "); $dbarr = mysql_fetch_array($result); $email = $dbarr['email']; $name = $dbarr['name']; $user = $dbarr['user']; $password = $Pass;
function saveUser($option) { global $database, $my; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = !$row->id; $pwd = ''; if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = md5($row->password); } } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // update the ACL if ($isNew) { } else { $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'"; $database->setQuery($query); $database->query() or die($database->stderr()); } $row->checkin(); if ($isNew) { $query = "SELECT email FROM #__users WHERE id={$my->id}"; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = _NEW_USER_MESSAGE_SUBJECT; $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email FROM #__users WHERE usertype='superadministrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row = $rows[0]; $adminName = $row->name; $adminEmail = $row->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); mosRedirect('index2.php?option=' . $option); }
function saveUser($option) { global $database, $my; global $mosConfig_live_site; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = !$row->id; $pwd = ''; if ($isNew) { //extended user stuff $row->user_id = $row->id; // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = md5($row->password); } } $row->registerDate = date("Y-m-d H:i:s"); if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // update the ACL if ($isNew) { } else { $database->setQuery("SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"); $aro_id = $database->loadResult(); $database->setQuery("UPDATE #__core_acl_groups_aro_map" . "\nSET group_id = '{$row->gid}'" . "\nWHERE aro_id = '{$aro_id}'"); $database->query() or die($database->stderr()); } $row->checkin(); if ($isNew) { $database->setQuery("SELECT email FROM #__users WHERE id={$my->id}"); $adminEmail = $database->loadResult(); $subject = "New User Details"; $message = "Hello {$row->name},\r \n \r \n"; $message .= "You have been added as a user to {$mosConfig_live_site} by an Administrator.\r \n"; $message .= "This email contains your username and password to log into the {$mosConfig_live_site} site:\r \n \r \n"; $message .= "Username - {$row->username}\r \n"; $message .= "Password - {$pwd}\r \n \r \n \r \n"; $message .= "Please do not respond to this message as it is automatically generated and is for information purposes only\r \n"; $headers .= "From: {$adminEmail}\r\n"; $headers .= "Reply-To: {$adminEmail}\r\n"; $headers .= "X-Priority: 3\r\n"; $headers .= "X-MSMail-Priority: Low\r\n"; $headers .= "X-Mailer: Mambo Open Source 4.5\r\n"; mail($row->email, $subject, $message, $headers); } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); $row = null; $row = new mosUser_Extended($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->storeExtended(0)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } mosRedirect("index2.php?option={$option}"); }
$config .= "# information/renewal page. This will send by\n"; $config .= "# email if set.\n"; $config .= "# \$admin_file: Administration panel filename. \"admin\" by default for\n"; $config .= "# \t\t \"admin.php\". To improve security please rename the file\n"; $config .= "# \"admin.php\" and change the \$admin_file value to the\n"; $config .= "# new filename (without the extension .php)\n"; $config .= "######################################################################\n"; $config .= "\n"; $config .= "\$dbhost = \"{$configArray['DBhostname']}\";\n"; $config .= "\$dbuname = \"{$configArray['DBuserName']}\";\n"; $config .= "\$dbpass = \"{$configArray['DBpassword']}\";\n"; $config .= "\$dbname = \"{$configArray['DBname']}\";\n"; $config .= "\$prefix = \"nuke\";\n"; $config .= "\$user_prefix = \"nuke\";\n"; $config .= "\$dbtype = \"MySQL\";\n"; $skey = mosMakePassword(40); $config .= "\$sitekey = \"{$skey}\";\n"; $config .= "\$subscription_url = \"\";\n"; $config .= "\$admin_file = \"admin\";\n"; $config .= "\n"; $config .= "/**********************************************************************/\n"; $config .= "/* You finished to configure the Database. Now you can change all */\n"; $config .= "/* you want in the Administration Section. To enter just launch */\n"; $config .= "/* your web browser pointing it to http://xxxxxx.xxx/admin.php */\n"; $config .= "/* (Change xxxxxx.xxx to your domain name, for example: phpnuke.org) */\n"; $config .= "/* */\n"; $config .= "/* Remember to go to Preferences section where you can configure your */\n"; $config .= "/* new site. In that menu you can change all you need to change. */\n"; $config .= "/* */\n"; $config .= "/* Congratulations! now you have an automated news portal! */\n"; $config .= "/* Thanks for choose PHP-Nuke: The Future of the Web */\n";