/**
* Verify user password
*
* @global resource $SUMO
* @author Alberto Basso <*****@*****.**>
*/
function sumo_verify_password()
{
global $SUMO;
if ($SUMO['page']['pwd_encrypt'] && !$SUMO['page']['http_auth']) {
return $_SESSION['user']['password'] === sumo_get_hex_hmac_sha1($SUMO['connection']['security_string'], $SUMO['user']['password']) ? true : false;
} else {
if ($SUMO['user']['datasource_type'] == 'SUMO') {
return sha1($_SESSION['user']['password']) === $SUMO['user']['password'] ? true : false;
} else {
if ($SUMO['user']['datasource_type'] == 'Unix') {
return crypt($_SESSION['user']['password'], $SUMO['user']['password']) == $SUMO['user']['password'] ? true : false;
} else {
// Encryption type
switch ($SUMO['user']['datasource_type']) {
case 'md5':
return md5($_SESSION['user']['password']) === $SUMO['user']['password'] ? true : false;
break;
case 'crypt':
return crypt($_SESSION['user']['password'], $SUMO['user']['password']) == $SUMO['user']['password'] ? true : false;
break;
case 'crc32':
return sprintf("%u", crc32($_SESSION['user']['password'])) === $SUMO['user']['password'] ? true : false;
break;
case 'sha1':
return sha1($_SESSION['user']['password']) === $SUMO['user']['password'] ? true : false;
break;
default:
return $_SESSION['user']['password'] === $SUMO['user']['password'] ? true : false;
break;
}
}
}
}
}
/**
* Update user data
*/
function sumo_update_user_data($data = array())
{
if (!empty($data)) {
global $SUMO;
$id = intval($data['id']);
$day_limit = intval($data['day_limit']);
$active = $data['active'] !== '' ? intval($data['active']) : FALSE;
$firstname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['firstname']));
$lastname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['lastname']));
$ip = str_replace(";;", ";", str_replace(",", ";", preg_replace('/[\\s\\,]+/', ';', $data['ip'])));
$email = strtolower($data['email']);
$language = $data['language'];
$sumogroup = sumo_verify_sumogroup($data['usergroup']);
$group = $sumogroup ? $sumogroup : $data['usergroup'];
$group = sumo_get_normalized_group($group);
if ($day_limit > 0) {
$daylimit[0] = 'day_limit=' . $day_limit . ', ';
$daylimit[1] = 'day_limit=' . $day_limit . ' AND ';
} else {
$daylimit[0] = 'day_limit=NULL, ';
$daylimit[1] = 'day_limit IS NULL AND ';
}
// Get user data
$userdata = sumo_get_user_info($id, 'id', FALSE);
$sumouser = sumo_get_user_info($SUMO['user']['user']);
$datasource = sumo_get_datasource_info($data['datasource_id'], FALSE);
// Change password
if ($data['password'] && ($SUMO['user']['id'] == $id || $SUMO['user']['id'] == $userdata['owner_id'] || $SUMO['user']['user'] == 'sumo')) {
switch ($datasource['type']) {
case 'Unix':
case 'SUMO':
$record['password'] = "******" . $data['password'] . "'";
sumo_update_password_date($id, $data['password']);
break;
case 'MySQLUsers':
require SUMO_PATH . '/libs/lib.datasource.mysql_users.php';
$sumo_update_password($userdata['username'], $data['password']);
break;
case 'Joomla15':
require SUMO_PATH . '/libs/lib.datasource.joomla15.php';
$sumo_update_password($userdata['username'], $data['password']);
break;
default:
$record['password'] = "";
break;
}
}
if ($group) {
$record['usergroup'] = "usergroup='{$group}'";
}
// group
if ($sumouser['id'] != $id) {
$record['active'] = "active=" . $active;
}
// active
// verify if user can change some parameters...
if ($SUMO['user']['id'] == $id || in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) {
$firstname = get_magic_quotes_gpc() ? $firstname : addslashes($firstname);
$lastname = get_magic_quotes_gpc() ? $lastname : addslashes($lastname);
$record['firstname'] = "firstname='" . $firstname . "'";
$record['lastname'] = "lastname='" . $lastname . "'";
$record['email'] = "email='{$email}'";
$record['language'] = "language='{$language}'";
} else {
$record['firstname'] = "";
$record['lastname'] = "";
$record['email'] = "";
$record['language'] = "";
}
//... to change IP address
if (in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) {
$record['ip'] = "ip='" . $ip . "'";
} else {
$record['ip'] = "";
}
// Data source
$record['datasource_id'] = "datasource_id=" . $data['datasource_id'];
// modified
$record['modified'] = "modified=" . $SUMO['server']['time'];
// Create fields for query
$new_record = array_values($record);
for ($r = 0; $r < count($new_record); $r++) {
if ($new_record[$r]) {
$records[$r] = $new_record[$r];
}
}
$update = implode(', ', $records);
$select = implode(' AND ', $records);
// create query for update
$query = "UPDATE " . SUMO_TABLE_USERS . "\n\t\t SET " . $daylimit[0] . " " . $update . "\n\t\t WHERE id=" . $id;
$SUMO['DB']->Execute($query);
if ($select || $day_limit[1]) {
$select = $select . " AND ";
}
// verify query success
$query = "SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t WHERE " . $daylimit[1] . "\n\t\t " . $select . "\n\t\t id=" . $id;
$rs = $SUMO['DB']->Execute($query);
$tab = $rs->FetchRow();
$upd = $rs->PO_RecordCount();
// if updated:
if ($upd == 1) {
$SUMO['DB']->CacheFlush();
if ($record['password']) {
// ...to change current session password
if ($id == $SUMO['user']['id']) {
$_SESSION['user']['password'] = sumo_get_hex_hmac_sha1($SUMO['connection']['security_string'], $data['password']);
$_SESSION['pwd_changed'] = $SUMO['server']['time'];
} else {
sumo_delete_session(NULL, NULL, $data['user']);
}
}
sumo_write_log('I01000X', array($tab['username'], $SUMO['user']['user']), 3, 3, 'system', FALSE);
// Send user notify
if ($SUMO['config']['accounts']['notify']['updates'] && $email) {
if (!$SUMO['config']['server']['admin']['email']) {
sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE);
} else {
$object = sumo_get_message("I00001M", $SUMO['server']['name']);
$message = sumo_get_message("I00106M", array($firstname . " " . $lastname, $SUMO['server']['name'], $SUMO['user']['user']));
$m = new Mail();
$m->From($SUMO['config']['server']['admin']['email']);
$m->To($email);
$m->Subject($object);
$m->Body($message, SUMO_CHARSET);
$m->Priority(1);
$m->Send();
}
}
return TRUE;
} else {
return FALSE;
}
} else {
return FALSE;
}
}