Beispiel #1
0
/**
 * Get list of pages that user can access
 * 
 * IS THE SAME FUNCTION OF USERS LIBRARY !!!!
 */
function sumo_get_user_accesspoints($id = NULL, $html = FALSE)
{
    if ($id) {
        global $SUMO, $language;
        $user_data = sumo_get_user_info($id, 'id', FALSE);
        $num_groups = count($user_data['group']);
        $group_query = '';
        if (!in_array('sumo', $user_data['group'])) {
            $group_query = " WHERE ";
            for ($g = 0; $g < $num_groups; $g++) {
                $group_query .= "usergroup='" . $user_data['group'][$g] . "' OR \n\t\t\t\t\t\t\t     usergroup LIKE '" . $user_data['group'][$g] . ";%' OR\n\t\t\t\t\t\t\t     usergroup LIKE '%;" . $user_data['group'][$g] . ";%'";
                if ($g < $num_groups - 1) {
                    $group_query .= " OR ";
                }
            }
        }
        $query = "SELECT * FROM " . SUMO_TABLE_ACCESSPOINTS . " \n\t\t\t\t " . $group_query . " \n\t\t\t\t  ORDER BY name";
        $rs = $SUMO['DB']->Execute($query);
        $ap = array();
        while ($tab = $rs->FetchRow()) {
            $ap[] = $tab;
        }
        // html output
        if ($html) {
            if (in_array('sumo', $user_data['group'])) {
                return $language['AllAccessPoints'];
            }
            $list = '';
            $num_ap = count($ap);
            if ($num_ap > 0) {
                $list = "<table cellspacing='0' class='tab'>\n" . " <tr>\n" . "  <td class='tab-title'>" . $language['Page'] . "</td>\n" . "  <td class='tab-title'>" . $language['Path'] . "</td>\n" . " </tr>\n";
                for ($p = 0; $p < $num_ap; $p++) {
                    $style = sumo_alternate_str('tab-row-on', 'tab-row-off');
                    // Format group string to display it
                    $group = preg_replace("/sumo:7/", "<b><font color='#BB0000'>sumo:7</font></b>", $ap[$p]['usergroup']);
                    $group = preg_replace("/sumo:/", "<font color='#BB0000'>sumo</font>:", $group);
                    $group = str_replace(';', '; ', $group);
                    $group = strlen(strip_tags($group)) > 50 ? substr($group, 0, 50) . '...' : $group;
                    // Format path string to display it
                    $path = strlen($ap[$p]['path']) > 50 ? substr($ap[$p]['path'], 0, 50) . '...' : $ap[$p]['path'];
                    $path = "<a href='" . $ap[$p]['path'] . "' target='_blank'>" . $path . "</a>";
                    $name = sumo_get_accesspoint_name($ap[$p]['name'], $_COOKIE['language']);
                    $list .= "<tr>\n" . " <td class='" . $style . "'>" . $name . "</td>\n" . " <td class='" . $style . "'>" . $path . "</td>\n" . "</tr>\n";
                }
                $list .= "</table>";
            }
            $ap = $list;
        }
        return $ap;
    } else {
        return FALSE;
    }
}
Beispiel #2
0
/**
 * ADD registration request (set action=1) and wait user confirm
 * 
 * @author Alberto Basso
 */
function sumo_request_pwdlost()
{
    global $SUMO, $sumo_lang_login, $sumo_reg_data;
    $new_pwd = sumo_get_rand_string(8);
    $reg_code = sumo_get_simple_rand_string(40);
    $user = sumo_get_user_info($sumo_reg_data['reg_email'], 'email');
    sumo_delete_user_temp();
    // Delete old temp users
    sumo_delete_user_temp($sumo_reg_data['reg_email'], 9);
    // delete all previous requests
    $query = "INSERT INTO " . SUMO_TABLE_USERS_TEMP . " \r\n\t\t\t  (username, action, email, language, password, reg_group, reg_code, time)\r\n\t\t\t  VALUES (\r\n\t\t\t\t  '" . $user['user'] . "', 2, \r\n\t\t\t\t  '" . $sumo_reg_data['reg_email'] . "', \r\n\t\t\t\t  '" . $user['language'] . "', \r\n\t\t\t\t  '" . sha1($new_pwd) . "', \r\n\t              '" . $SUMO['page']['reg_group'] . "', \r\n\t              '" . $sumo_reg_data['reg_email'] . "', \r\n\t\t\t\t  '" . $reg_code . "',\r\n\t\t\t\t   " . $SUMO['server']['time'] . "\r\n\t\t\t\t   )";
    $SUMO['DB']->Execute($query);
    $link = $_SERVER['HTTPS'] ? 'https://' : 'http://';
    $link .= $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . '?sumo_action=changepwd&reg_code=' . $reg_code;
    $name = sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']);
    $message = sumo_get_message('I00104M', array($user['user'], $sumo_reg_data['reg_email'], date($SUMO['config']['server']['date_format'] . " " . $SUMO['config']['server']['time_format'], $SUMO['server']['time']), "\"" . $name . "\"", intval($SUMO['config']['accounts']['registration']['life']), $link, $new_pwd));
    // Send e-mail to confirm
    if (!$SUMO['config']['server']['admin']['email']) {
        sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE);
    } else {
        $m = new Mail();
        $m->From($SUMO['config']['server']['admin']['email']);
        $m->To($sumo_reg_data['reg_email']);
        $m->Subject($sumo_lang_login['PasswordLost']);
        $m->Body($message, SUMO_CHARSET);
        $m->Priority(3);
        $m->Send();
    }
}
Beispiel #3
0
<?php

/**
 * SUMO MODULE: Users | Delete User Image
 * 
 * @version    0.3.4
 * @link       http://sumoam.sourceforge.net SUMO Access Manager
 * @author     Alberto Basso <*****@*****.**>
 * @copyright  Copyright &copy; 2003-2009, Alberto Basso
 * @package    SUMO
 * @category   Console
 */
$tab = sumo_get_user_info($_GET['id'], 'id', FALSE);
if (sumo_verify_permissions(4, $tab['group'])) {
    if ($SUMO['user']['id'] == $_GET['id'] || $SUMO['user']['user'] == 'sumo') {
        $validate[0] = '';
        // If id not exist
        if (!$tab['id']) {
            $tpl['MESSAGE:H'] = sumo_get_message('W00001C', $_GET['id']);
        } else {
            sumo_delete_user_image($_GET['id']);
        }
        if ($validate[0]) {
            $tpl['MESSAGE:M'] = $validate[1];
        }
        $tpl['GET:UpdateForm'] = "<form action='?module=users&action=editimg&id=" . $tab['id'] . "' " . "name='UpdateUserImg' method='POST' enctype='multipart/form-data'>";
        $tpl['IMG:User'] = "******" . $tab['id'] . "' alt='" . $tab['username'] . "' class='user'>";
        $tpl['PUT:UserImage'] = "<input type='hidden' name='MAX_FILE_SIZE' value='30720'>" . "<input type='file' size='20' class='file' name='user_image' >";
        $tpl['GET:DeleteForm'] = "<form action='?module=users&action=deleteimg&id=" . $tab['id'] . "' name='DeleteUserImg' method='POST'>\n" . "<input type='submit' class='button' value='" . $language['Delete'] . "'>\n" . "</form>";
        // Note: not using sumo_show_window() function
        // because for this event a window is external
Beispiel #4
0
<?php

/**
 * SUMO MODULE: Users | View
 * 
 * @version    0.3.5
 * @link       http://sumoam.sourceforge.net SUMO Access Manager
 * @author     Alberto Basso <*****@*****.**>
 * @copyright  Copyright &copy; 2003-2009, Alberto Basso
 * @package    SUMO
 * @category   Console
 */
$tab = sumo_get_user_info($_GET['id'], 'id', false);
if (sumo_verify_permissions(4, $tab['group'])) {
    $num_groups = count($tab['group']);
    if ($num_groups > 1) {
        $update = sumo_update_user_group($_GET['id'], $_GET['group']);
        if ($update) {
            $tpl['MESSAGE:L'] = $language['UserUpdated'];
        } else {
            $tpl['MESSAGE:H'] = $language['UserNotUpdated'];
        }
    } else {
        $validate[0] = false;
        $tpl['MESSAGE:M'] = $language['AtLeastOneGroup'];
    }
    require "action.edit.php";
} else {
    $action_error = true;
    $tpl['MESSAGE:H'] = $language['AccessDenied'];
}
Beispiel #5
0
 $tpl['LINK:AddUser'] = sumo_get_action_icon("users", "new", "users.content", "?module=users&action=new&decoration=false");
 $tpl['LINK:EditUser'] = sumo_get_action_icon("users", "edit");
 // Verify image support for refection effects
 if (function_exists('imagecreatefromjpeg') && function_exists('imagecreatefrompng') && function_exists('imagecreatefromgif')) {
     $tpl['IMG:User'] . "<br><img src='services.php?module=users&service=image&cmd=GET_USER_REFLECTION&id=" . $tab['id'] . "&fade=6&height=30%'>";
 }
 // Create sub module (to hide or show only if necessary)
 // Set sub module visibility
 // NOTE: Use REQUEST method because when delete a group
 // the command came from a link
 $visibility['AccountDetails'] = $_REQUEST['AccountDetails_visibility'] ? true : false;
 $visibility['SecurityOptions'] = $_REQUEST['SecurityOptions_visibility'] ? true : false;
 $tpl['LINK:AccountDetails'] = sumo_get_action_link('ModifyUsers', 'AccountDetails', $visibility['AccountDetails']);
 $tpl['LINK:SecurityOptions'] = sumo_get_action_link('ModifyUsers', 'SecurityOptions', $visibility['SecurityOptions']);
 // Owner
 $owner = sumo_get_user_info($tab['owner_id'], 'id', false);
 $tpl['GET:AccountCreatedBy'] = htmlspecialchars($owner['lastname'] . " " . $owner['firstname'], ENT_QUOTES) . " (" . "<a href='javascript:sumo_ajax_get(\"users.content\",\"?module=users&action=view&id=" . $owner['id'] . "&decoration=false\");'>" . $owner['user'] . "</a>)";
 // Status
 $tpl['GET:Status'] = $tab['active'] ? "<font class='status-green'>" . $language['Active'] . "</font>" : "<font class='status-red'>" . $language['Suspended'] . "</font>";
 // If it's not current user
 // Only for sumo group
 if ($SUMO['user']['user'] != $tab['username'] && (in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $tab['owner_id'])) {
     $tpl['PUT:DayLimit'] = "<input type='text' size='5' name='day_limit' value='" . $tab['day_limit'] . "' />";
     // Change status
     if ($tab['active']) {
         $tpl['PUT:Status'] = "<select name='active'>\n<option value='1'>" . $language['Enable'] . "</option>\n<option value='0'>" . $language['Disable'] . "</option>\n</select>";
     } else {
         $tpl['PUT:Status'] = "<select name='active'>\n<option value='0'>" . $language['Disable'] . "</option>\n<option value='1'>" . $language['Enable'] . "</option>\n</select>";
     }
 } else {
     $tpl['PUT:DayLimit'] = $tab['day_limit'] ? $tab['day_limit'] : $language['Unlimited'];
Beispiel #6
0
/**
 * Delete user
 *
 * @return boolean
 * @author Alberto Basso <*****@*****.**>
 */
function sumo_delete_user($id = 0)
{
    $id = intval($id);
    if ($id > 0) {
        global $SUMO;
        $user = sumo_get_user_info($id, 'id', FALSE);
        $SUMO['DB']->CacheFlush("SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t\t\t     WHERE id=" . $id);
        $SUMO['DB']->CacheFlush("SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t\t\t     WHERE username='******'username'] . "'");
        $query0 = "SELECT * FROM " . SUMO_TABLE_USERS . "\n        \t       WHERE id=" . $id;
        $query1 = "DELETE FROM " . SUMO_TABLE_USERS . "\n\t\t\tWHERE id=" . $id . "\n\t\t\tAND username<>'sumo'\n\t\t\tAND id<>" . $SUMO['user']['id'];
        $query2 = "DELETE FROM " . SUMO_TABLE_USERS_IMAGES . "\n\t\t\tWHERE id_user="******"\n\t\t\tAND id_user<>1\n\t\t\tAND id_user<>" . $SUMO['user']['id'];
        $query3 = "DELETE FROM " . SUMO_TABLE_USERS_TEMP . "\n\t\t       WHERE username='******'user'] . "'";
        $query4 = "DELETE FROM " . SUMO_TABLE_SESSIONS . "\n\t    \t\tWHERE id_user="******"\n\t    \t\tAND username<>'sumo'\n\t    \t\tAND id_user<>" . $SUMO['user']['id'];
        $SUMO['DB']->Execute($query1);
        $SUMO['DB']->Execute($query2);
        $SUMO['DB']->Execute($query3);
        $SUMO['DB']->Execute($query4);
        // verify if deleted:
        $rs = $SUMO['DB']->Execute($query0);
        // if deleted:
        if ($rs->PO_RecordCount() == 0) {
            // if exist user data file delete it
            $data_file = SUMO_PATH . '/tmp/profiles/' . $user['username'] . '.ini';
            if (file_exists($data_file)) {
                unlink($data_file);
            }
            sumo_write_log('I00003X', array($user['username'], $id, $SUMO['user']['user']), '0,1', 3, 'system', FALSE);
            return TRUE;
        } else {
            return FALSE;
        }
    } else {
        return FALSE;
    }
}
Beispiel #7
0
 $tpl['GET:Expire'] = $tab['day_limit'] != NULL ? sumo_get_human_date($tab['day_limit'] * 86400 + $SUMO['server']['time'], FALSE) : $language['Never'];
 $tpl['GET:DataSourceType'] = $datasource['name'] ? "<a href='javascript:sumo_ajax_get(\"network\",\"?module=network&action=view_datasource&id=" . $datasource['id'] . "\");'>" . $datasource['name'] . "</a>" : '';
 $tpl['GET:Email'] = "<a href='mailto:" . $tab['email'] . "' title='Send e-mail'>" . $tab['email'] . "</a>";
 $tpl['LINK:AddUser'] = sumo_get_action_icon("", "new", "users.content", "?module=users&action=new&decoration=false");
 $tpl['LINK:EditUser'] = sumo_get_action_icon("", "edit", "users.content", "?module=users&action=edit&id=" . $tab['id'] . "&decoration=false");
 $tpl['IMG:User'] = "******" . $tab['id'] . "' alt='" . $tab['username'] . "' class='user'>";
 $tpl['IMG:Language'] = "<img src='themes/" . $SUMO['page']['theme'] . "/images/flags/" . $tab['language'] . ".png' alt='" . ucwords($tab['language']) . "' class='flag'>";
 // Verify image support for refection effects
 if (function_exists('imagecreatefromjpeg') && function_exists('imagecreatefrompng') && function_exists('imagecreatefromgif')) {
     $tpl['IMG:User'] . "<br><img src='services.php?module=users&service=image&cmd=GET_USER_REFLECTION&id=" . $tab['id'] . "&fade=6&height=30%'>";
 }
 // Create sub module (to hide or show only if necessary)
 $tpl['LINK:AccountDetails'] = sumo_get_action_link('users.view', 'AccountDetails');
 $tpl['LINK:SecurityOptions'] = sumo_get_action_link('users.view', 'SecurityOptions');
 // Owner
 $owner = sumo_get_user_info($tab['owner_id'], 'id', FALSE);
 $tpl['GET:AccountCreatedBy'] = htmlspecialchars($owner['lastname'] . " " . $owner['firstname'], ENT_QUOTES) . " (" . "<a href='javascript:sumo_ajax_get(\"users.content\",\"?module=users&action=view&id=" . $owner['id'] . "&decoration=false\");'>" . $owner['user'] . "</a>)";
 // Status
 $tpl['GET:Status'] = $tab['active'] ? "<font class='status-green'>" . $language['Active'] . "</font>" : "<font class='status-red'>" . $language['Suspended'] . "</font>";
 // Remove
 if ((in_array('sumo', $SUMO['user']['group']) || sumo_verify_permissions(7, $tab['group']) || $SUMO['user']['id'] == $tab['owner_id']) && $tab['username'] != 'sumo' && $tab['username'] != $SUMO['user']['user']) {
     $msg = sumo_get_simple_rand_string(4, "123456789");
     $tpl['LINK:Remove'] = "<div class='sub-module-icon' " . "onmouseover='this.style.outline=\"1px solid #999999\";this.style.background=\"#FFFFFF\"' " . "onmouseout='this.style.outline=\"\";this.style.background=\"\"'>" . "<a href=\"javascript:sumo_show_message('msg{$msg}', '" . htmlspecialchars(sumo_get_message('AreYouSureDelete', array($tab['username'], htmlspecialchars($tab['firstname'], ENT_QUOTES), htmlspecialchars($tab['lastname'], ENT_QUOTES)))) . "', \n\t\t\t\t\t'h', 0,\n\t\t\t\t\t'" . base64_encode(sumo_get_form_req('', 'delete', 'id=' . $tab['id'])) . "',\n\t\t\t\t\t'" . base64_encode('') . "',\n\t\t\t\t\t'" . base64_encode("<input type='button' value='" . $language['Cancel'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "',\n\t\t\t\t\t'" . base64_encode("<input type='submit' value='" . $language['Ok'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "');\">" . "<img src='themes/" . $SUMO['page']['theme'] . "/images/modules/users/delete.png' vspace='4'><br>" . $language['Remove'] . "</a>" . "</div>";
 } else {
     $tpl['LINK:Remove'] = sumo_get_action_icon("users", "delete");
 }
 // Pwd expiration date
 if ($SUMO['config']['accounts']['password']['life'] > 0 && $datasource['type'] == 'SUMO' && $tab['pwd_updated']) {
     $tpl['GET:PwdExpiration'] = sumo_get_human_date($tab['pwd_updated'] + $SUMO['config']['accounts']['password']['life'] * 86400);
     $tpl['GET:PwdUpdated'] = sumo_get_human_date($tab['pwd_updated']);
 } else {
Beispiel #8
0
}
// Auto optimize Sumo database
if (sumo_hits_count($SUMO['config']['database']['optimize_hits'], TRUE)) {
    sumo_delete_old_users_temp();
    sumo_delete_old_sessions();
    sumo_delete_old_connections();
    sumo_delete_old_log();
    sumo_optimize_db();
}
// Filter all input data
$_GET = sumo_array_combine(array_keys($_GET), sumo_array_filter(array_values($_GET)));
$_POST = sumo_array_combine(array_keys($_POST), sumo_array_filter(array_values($_POST), 'POST'));
$_COOKIE = sumo_array_combine(array_keys($_COOKIE), sumo_array_filter(array_values($_COOKIE), 'COOKIE'));
// Get variables
require SUMO_PATH . '/inc/inc.get_variables.php';
$SUMO['user'] = sumo_get_user_info();
$SUMO['connection'] = sumo_get_connection_info();
// ...to remember 'security string' after login
if (empty($SUMO['connection']['security_string'])) {
    $SUMO['connection']['security_string'] = $_SESSION['security_string'];
}
// Define and Load language,
// if exist language cookie load language set by user
require SUMO_PATH . '/inc/inc.load_language.php';
$sumo_access = NULL;
if ($sumo_action) {
    $sumo_access = strtoupper($sumo_action);
} elseif (sumo_get_banned_ip($SUMO['client']['ip'])) {
    $sumo_access = 'IPDISABLED';
} elseif (!sumo_verify_node()) {
    $sumo_access = 'NODEDISABLED';
Beispiel #9
0
/**
 * Update user data
 */
function sumo_update_user_data($data = array())
{
    if (!empty($data)) {
        global $SUMO;
        $id = intval($data['id']);
        $day_limit = intval($data['day_limit']);
        $active = $data['active'] !== '' ? intval($data['active']) : FALSE;
        $firstname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['firstname']));
        $lastname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['lastname']));
        $ip = str_replace(";;", ";", str_replace(",", ";", preg_replace('/[\\s\\,]+/', ';', $data['ip'])));
        $email = strtolower($data['email']);
        $language = $data['language'];
        $sumogroup = sumo_verify_sumogroup($data['usergroup']);
        $group = $sumogroup ? $sumogroup : $data['usergroup'];
        $group = sumo_get_normalized_group($group);
        if ($day_limit > 0) {
            $daylimit[0] = 'day_limit=' . $day_limit . ', ';
            $daylimit[1] = 'day_limit=' . $day_limit . ' AND ';
        } else {
            $daylimit[0] = 'day_limit=NULL, ';
            $daylimit[1] = 'day_limit IS NULL AND ';
        }
        // Get user data
        $userdata = sumo_get_user_info($id, 'id', FALSE);
        $sumouser = sumo_get_user_info($SUMO['user']['user']);
        $datasource = sumo_get_datasource_info($data['datasource_id'], FALSE);
        // Change password
        if ($data['password'] && ($SUMO['user']['id'] == $id || $SUMO['user']['id'] == $userdata['owner_id'] || $SUMO['user']['user'] == 'sumo')) {
            switch ($datasource['type']) {
                case 'Unix':
                case 'SUMO':
                    $record['password'] = "******" . $data['password'] . "'";
                    sumo_update_password_date($id, $data['password']);
                    break;
                case 'MySQLUsers':
                    require SUMO_PATH . '/libs/lib.datasource.mysql_users.php';
                    $sumo_update_password($userdata['username'], $data['password']);
                    break;
                case 'Joomla15':
                    require SUMO_PATH . '/libs/lib.datasource.joomla15.php';
                    $sumo_update_password($userdata['username'], $data['password']);
                    break;
                default:
                    $record['password'] = "";
                    break;
            }
        }
        if ($group) {
            $record['usergroup'] = "usergroup='{$group}'";
        }
        // group
        if ($sumouser['id'] != $id) {
            $record['active'] = "active=" . $active;
        }
        // active
        // verify if user can change some parameters...
        if ($SUMO['user']['id'] == $id || in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) {
            $firstname = get_magic_quotes_gpc() ? $firstname : addslashes($firstname);
            $lastname = get_magic_quotes_gpc() ? $lastname : addslashes($lastname);
            $record['firstname'] = "firstname='" . $firstname . "'";
            $record['lastname'] = "lastname='" . $lastname . "'";
            $record['email'] = "email='{$email}'";
            $record['language'] = "language='{$language}'";
        } else {
            $record['firstname'] = "";
            $record['lastname'] = "";
            $record['email'] = "";
            $record['language'] = "";
        }
        //... to change IP address
        if (in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) {
            $record['ip'] = "ip='" . $ip . "'";
        } else {
            $record['ip'] = "";
        }
        // Data source
        $record['datasource_id'] = "datasource_id=" . $data['datasource_id'];
        // modified
        $record['modified'] = "modified=" . $SUMO['server']['time'];
        // Create fields for query
        $new_record = array_values($record);
        for ($r = 0; $r < count($new_record); $r++) {
            if ($new_record[$r]) {
                $records[$r] = $new_record[$r];
            }
        }
        $update = implode(', ', $records);
        $select = implode(' AND ', $records);
        // create query for update
        $query = "UPDATE " . SUMO_TABLE_USERS . "\n\t\t  SET " . $daylimit[0] . " " . $update . "\n\t\t  WHERE id=" . $id;
        $SUMO['DB']->Execute($query);
        if ($select || $day_limit[1]) {
            $select = $select . " AND ";
        }
        // verify query success
        $query = "SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t  WHERE " . $daylimit[1] . "\n\t\t  " . $select . "\n\t\t  id=" . $id;
        $rs = $SUMO['DB']->Execute($query);
        $tab = $rs->FetchRow();
        $upd = $rs->PO_RecordCount();
        // if updated:
        if ($upd == 1) {
            $SUMO['DB']->CacheFlush();
            if ($record['password']) {
                // ...to change current session password
                if ($id == $SUMO['user']['id']) {
                    $_SESSION['user']['password'] = sumo_get_hex_hmac_sha1($SUMO['connection']['security_string'], $data['password']);
                    $_SESSION['pwd_changed'] = $SUMO['server']['time'];
                } else {
                    sumo_delete_session(NULL, NULL, $data['user']);
                }
            }
            sumo_write_log('I01000X', array($tab['username'], $SUMO['user']['user']), 3, 3, 'system', FALSE);
            // Send user notify
            if ($SUMO['config']['accounts']['notify']['updates'] && $email) {
                if (!$SUMO['config']['server']['admin']['email']) {
                    sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE);
                } else {
                    $object = sumo_get_message("I00001M", $SUMO['server']['name']);
                    $message = sumo_get_message("I00106M", array($firstname . " " . $lastname, $SUMO['server']['name'], $SUMO['user']['user']));
                    $m = new Mail();
                    $m->From($SUMO['config']['server']['admin']['email']);
                    $m->To($email);
                    $m->Subject($object);
                    $m->Body($message, SUMO_CHARSET);
                    $m->Priority(1);
                    $m->Send();
                }
            }
            return TRUE;
        } else {
            return FALSE;
        }
    } else {
        return FALSE;
    }
}