Beispiel #1
0
/**
 * Verify user password
 *
 * @global resource $SUMO
 * @author Alberto Basso <*****@*****.**>
 */
function sumo_verify_password()
{
    global $SUMO;
    if ($SUMO['page']['pwd_encrypt'] && !$SUMO['page']['http_auth']) {
        return $_SESSION['user']['password'] === sumo_get_hex_hmac_sha1($SUMO['connection']['security_string'], $SUMO['user']['password']) ? true : false;
    } else {
        if ($SUMO['user']['datasource_type'] == 'SUMO') {
            return sha1($_SESSION['user']['password']) === $SUMO['user']['password'] ? true : false;
        } else {
            if ($SUMO['user']['datasource_type'] == 'Unix') {
                return crypt($_SESSION['user']['password'], $SUMO['user']['password']) == $SUMO['user']['password'] ? true : false;
            } else {
                // Encryption type
                switch ($SUMO['user']['datasource_type']) {
                    case 'md5':
                        return md5($_SESSION['user']['password']) === $SUMO['user']['password'] ? true : false;
                        break;
                    case 'crypt':
                        return crypt($_SESSION['user']['password'], $SUMO['user']['password']) == $SUMO['user']['password'] ? true : false;
                        break;
                    case 'crc32':
                        return sprintf("%u", crc32($_SESSION['user']['password'])) === $SUMO['user']['password'] ? true : false;
                        break;
                    case 'sha1':
                        return sha1($_SESSION['user']['password']) === $SUMO['user']['password'] ? true : false;
                        break;
                    default:
                        return $_SESSION['user']['password'] === $SUMO['user']['password'] ? true : false;
                        break;
                }
            }
        }
    }
}
Beispiel #2
0
/**
 * Update user data
 */
function sumo_update_user_data($data = array())
{
    if (!empty($data)) {
        global $SUMO;
        $id = intval($data['id']);
        $day_limit = intval($data['day_limit']);
        $active = $data['active'] !== '' ? intval($data['active']) : FALSE;
        $firstname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['firstname']));
        $lastname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['lastname']));
        $ip = str_replace(";;", ";", str_replace(",", ";", preg_replace('/[\\s\\,]+/', ';', $data['ip'])));
        $email = strtolower($data['email']);
        $language = $data['language'];
        $sumogroup = sumo_verify_sumogroup($data['usergroup']);
        $group = $sumogroup ? $sumogroup : $data['usergroup'];
        $group = sumo_get_normalized_group($group);
        if ($day_limit > 0) {
            $daylimit[0] = 'day_limit=' . $day_limit . ', ';
            $daylimit[1] = 'day_limit=' . $day_limit . ' AND ';
        } else {
            $daylimit[0] = 'day_limit=NULL, ';
            $daylimit[1] = 'day_limit IS NULL AND ';
        }
        // Get user data
        $userdata = sumo_get_user_info($id, 'id', FALSE);
        $sumouser = sumo_get_user_info($SUMO['user']['user']);
        $datasource = sumo_get_datasource_info($data['datasource_id'], FALSE);
        // Change password
        if ($data['password'] && ($SUMO['user']['id'] == $id || $SUMO['user']['id'] == $userdata['owner_id'] || $SUMO['user']['user'] == 'sumo')) {
            switch ($datasource['type']) {
                case 'Unix':
                case 'SUMO':
                    $record['password'] = "******" . $data['password'] . "'";
                    sumo_update_password_date($id, $data['password']);
                    break;
                case 'MySQLUsers':
                    require SUMO_PATH . '/libs/lib.datasource.mysql_users.php';
                    $sumo_update_password($userdata['username'], $data['password']);
                    break;
                case 'Joomla15':
                    require SUMO_PATH . '/libs/lib.datasource.joomla15.php';
                    $sumo_update_password($userdata['username'], $data['password']);
                    break;
                default:
                    $record['password'] = "";
                    break;
            }
        }
        if ($group) {
            $record['usergroup'] = "usergroup='{$group}'";
        }
        // group
        if ($sumouser['id'] != $id) {
            $record['active'] = "active=" . $active;
        }
        // active
        // verify if user can change some parameters...
        if ($SUMO['user']['id'] == $id || in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) {
            $firstname = get_magic_quotes_gpc() ? $firstname : addslashes($firstname);
            $lastname = get_magic_quotes_gpc() ? $lastname : addslashes($lastname);
            $record['firstname'] = "firstname='" . $firstname . "'";
            $record['lastname'] = "lastname='" . $lastname . "'";
            $record['email'] = "email='{$email}'";
            $record['language'] = "language='{$language}'";
        } else {
            $record['firstname'] = "";
            $record['lastname'] = "";
            $record['email'] = "";
            $record['language'] = "";
        }
        //... to change IP address
        if (in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) {
            $record['ip'] = "ip='" . $ip . "'";
        } else {
            $record['ip'] = "";
        }
        // Data source
        $record['datasource_id'] = "datasource_id=" . $data['datasource_id'];
        // modified
        $record['modified'] = "modified=" . $SUMO['server']['time'];
        // Create fields for query
        $new_record = array_values($record);
        for ($r = 0; $r < count($new_record); $r++) {
            if ($new_record[$r]) {
                $records[$r] = $new_record[$r];
            }
        }
        $update = implode(', ', $records);
        $select = implode(' AND ', $records);
        // create query for update
        $query = "UPDATE " . SUMO_TABLE_USERS . "\n\t\t  SET " . $daylimit[0] . " " . $update . "\n\t\t  WHERE id=" . $id;
        $SUMO['DB']->Execute($query);
        if ($select || $day_limit[1]) {
            $select = $select . " AND ";
        }
        // verify query success
        $query = "SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t  WHERE " . $daylimit[1] . "\n\t\t  " . $select . "\n\t\t  id=" . $id;
        $rs = $SUMO['DB']->Execute($query);
        $tab = $rs->FetchRow();
        $upd = $rs->PO_RecordCount();
        // if updated:
        if ($upd == 1) {
            $SUMO['DB']->CacheFlush();
            if ($record['password']) {
                // ...to change current session password
                if ($id == $SUMO['user']['id']) {
                    $_SESSION['user']['password'] = sumo_get_hex_hmac_sha1($SUMO['connection']['security_string'], $data['password']);
                    $_SESSION['pwd_changed'] = $SUMO['server']['time'];
                } else {
                    sumo_delete_session(NULL, NULL, $data['user']);
                }
            }
            sumo_write_log('I01000X', array($tab['username'], $SUMO['user']['user']), 3, 3, 'system', FALSE);
            // Send user notify
            if ($SUMO['config']['accounts']['notify']['updates'] && $email) {
                if (!$SUMO['config']['server']['admin']['email']) {
                    sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE);
                } else {
                    $object = sumo_get_message("I00001M", $SUMO['server']['name']);
                    $message = sumo_get_message("I00106M", array($firstname . " " . $lastname, $SUMO['server']['name'], $SUMO['user']['user']));
                    $m = new Mail();
                    $m->From($SUMO['config']['server']['admin']['email']);
                    $m->To($email);
                    $m->Subject($object);
                    $m->Body($message, SUMO_CHARSET);
                    $m->Priority(1);
                    $m->Send();
                }
            }
            return TRUE;
        } else {
            return FALSE;
        }
    } else {
        return FALSE;
    }
}