function login() { if (isset($_SESSION["s_user"])) { _debug("login(): session detected"); //if ( ! user_activate( $_SESSION["s_user"], $_SESSION["s_pass"] )) if (!user_activate($_SESSION["s_user"], base64_decode($_SESSION["s_pass"]))) { _debug("Failed to activate user " . $_SESSION['s_user']); logout(); } } else { if (isset($_POST["p_pass"])) { $p_pass = $_POST["p_pass"]; } else { $p_pass = ""; } if (isset($_POST["p_user"])) { _debug("login(): login authentication"); // Check Login //if ( ! user_activate( stripslashes( $_POST["p_user"] ), md5( stripslashes( $p_pass ) ) ) ) if (!user_activate(stripslashes($_POST["p_user"]), $p_pass)) { global $error_msg; show_error($error_msg["login_failed"] . ": " . $_POST["p_user"]); } // authentication sucessfull _debug("user '" . $_POST["p_user"] . "' successfully authenticated"); // set language $_SESSION['language'] = qx_request("lang", "en"); return; } else { // Ask for Login show_header($GLOBALS["messages"]["actlogin"]); echo "<CENTER><BR><TABLE width=\"300\"><TR><TD colspan=\"2\" class=\"header\" nowrap><B>"; echo $GLOBALS["messages"]["actloginheader"] . "</B></TD></TR>\n<FORM name=\"login\" action=\""; echo make_link("login", NULL, NULL) . "\" method=\"post\">\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscusername"] . ":</TD><TD align=\"right\">"; echo "<INPUT name=\"p_user\" type=\"text\" size=\"25\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscpassword"] . ":</TD><TD align=\"right\">"; echo "<INPUT name=\"p_pass\" type=\"password\" size=\"25\"></TD></TR>\n"; // NAS4Free Code //Select box and auto language detection array echo "<TR><TD>" . gettext("Detected Language:<br />(Change if needed)") . "</TD><TD align=\"right\">"; @(include "./_lang/_info.php"); // End NAS4Free Code echo "<TR><TD colspan=\"2\" align=\"right\"><INPUT type=\"submit\" value=\""; echo $GLOBALS["messages"]["btnlogin"] . "\"></TD></TR>\n</FORM></TABLE><BR></CENTER>\n"; ?> <script language="JavaScript1.2" type="text/javascript"> <!-- if(document.login) document.login.p_user.focus(); // --> </script><?php show_footer(); exit; } } }
/** * @return void * @param string $language_select_form * @param string $skin_select_form * @desc This function is a constructor for main reloadcms object. First parameter is result of user's language selection, second is result of skin selection. */ function rcms_system($language_select_form = '', $skin_select_form = '', $activation_name = '', $activation_key = '') { global $rights_db; $this->loadConfiguration(); $this->initializeLanguage($language_select_form); $this->initializeSkin($skin_select_form); $this->loadLanguage(); // Try to activate user if we get his info if (@$this->config['regconf'] && !empty($activation_name) && !empty($activation_key)) { if (!user_activate($activation_name, $activation_key)) { $this->results['activation'] = 18; } else { $this->results['activation'] = 19; } } // Also we must purge unconfirmed users if (@$this->config['regconf']) { user_purge_unconfirmed(); } // And finally initialize user $result = $this->initializeUser(); // and load his rights $this->loadRights(); }
case 'unactivated': if ($id && isset($_REQUEST['option'])) { require_once $site_file_root . 'includes/functions_user.php'; $sql = 'SELECT user_id, user_type, user_status FROM ' . USERS_TABLE . ' WHERE user_id = ' . $id; $result = $_CLASS['core_db']->query($sql); $row = $_CLASS['core_db'] > fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); if ($row['user_type'] != USER_NORMAL) { break; } switch ($_REQUEST['option']) { case 'activate': if ($row['user_status'] != STATUS_ACTIVE) { user_activate($id); } break; case 'delete': if (display_confirmation()) { $sql = 'SELECT user_id, user_type FROM ' . USERS_TABLE . ' WHERE user_id = ' . $id; $result = $_CLASS['core_db']->query($sql); $row = $_CLASS['core_db'] > fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); if ($row['user_type'] != USER_BOT) { break; } user_delete($id); trigger_error($_CLASS['core_user']->lang['BOT_DELETED']);
/** * edit user */ function edituser($dir) { // Determine the user name from the post data $user = stripslashes($GLOBALS['__POST']["user"]); // try to find the user $data = user_find($user, NULL); if ($data == NULL) { show_error($user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]); } if ($self = $user == $GLOBALS['__SESSION']["s_user"]) { $dir = ""; } if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") { $nuser = stripslashes($GLOBALS['__POST']["nuser"]); if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") { show_error($GLOBALS["error_msg"]["miscfieldmissed"]); } if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") { if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) { show_error($GLOBALS["error_msg"]["miscnopassmatch"]); } $pass = md5(stripslashes($GLOBALS['__POST']["pass1"])); } else { $pass = $data[1]; } if ($self) { $GLOBALS['__POST']["active"] = 1; } // determine the user permissions $permissions = _eval_permissions(); // determine the new user data $data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $permissions, $GLOBALS['__POST']["active"]); if (!user_update($user, $data)) { show_error($user . ": " . $GLOBALS["error_msg"]["saveuser"]); } if ($self) { user_activate($nuser, NULL); } header("location: " . make_link("admin", $dir, NULL)); return; } show_header($GLOBALS["messages"]["actadmin"] . ": " . sprintf($GLOBALS["messages"]["miscedituser"], $data[0])); // Javascript functions: include "./_include/js_admin3.php"; echo "<CENTER><FORM name=\"edituser\" action=\"" . make_link("admin", $dir, NULL) . "&action2=edituser\" method=\"post\">\n"; echo "<INPUT type=\"hidden\" name=\"confirm\" value=\"true\"><INPUT type=\"hidden\" name=\"user\" value=\"" . $data[0] . "\">\n"; echo "<BR><TABLE width=\"450\">\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscusername"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type\"text\" name=\"nuser\" size=\"30\" value=\""; echo $data[0] . "\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscconfpass"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass1\" size=\"30\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscconfnewpass"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass2\" size=\"30\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscchpass"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"checkbox\" name=\"chpass\" value=\"true\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["mischomedir"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_dir\" size=\"30\" value=\""; echo $data[2] . "\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["mischomeurl"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_url\" size=\"30\" value=\""; echo $data[3] . "\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscshowhidden"] . ":</TD>"; echo "<TD align=\"right\"><SELECT name=\"show_hidden\">\n"; echo "<OPTION value=\"0\">" . $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>"; echo "<OPTION value=\"1\"" . ($data[4] ? " selected " : "") . ">"; echo $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>\n"; echo "</SELECT></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["mischidepattern"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"text\" name=\"no_access\" size=\"30\" value=\""; echo $data[5] . "\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscperms"] . ":</TD>\n"; // print out the extended permission table of the user permission echo "<TD align=\"right\">\n"; admin_print_permissions($data[0]); echo "</TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscactive"] . ":</TD>"; echo "<TD align=\"right\"><SELECT name=\"active\"" . ($self ? " DISABLED " : "") . ">\n"; echo "<OPTION value=\"1\">" . $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>"; echo "<OPTION value=\"0\"" . ($data[7] ? "" : " selected ") . ">"; echo $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>\n"; echo "</SELECT></TD></TR>\n"; echo "<TR><TD colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"" . $GLOBALS["messages"]["btnsave"]; echo "\" onClick=\"return check_pwd();\">\n<input type=\"button\" value=\""; echo $GLOBALS["messages"]["btncancel"] . "\" onClick=\"javascript:location='"; echo make_link("admin", $dir, NULL) . "';\"></TD></TR></FORM></TABLE><BR></BR>\n"; }
function activate() { global $_CLASS; $user_id = get_variable('user_id', 'GET', 0, 'integer'); $key = get_variable('key', 'GET', false); if (!$user_id || !$key) { trigger_error('CANT_ACTIVATED'); } $sql = 'SELECT username, user_status, user_group, user_new_password, user_new_password_encoding, user_act_key FROM ' . USERS_TABLE . " WHERE user_id = {$user_id} AND user_type = " . USER_NORMAL; $result = $_CLASS['core_db']->sql_query($sql); $row = $_CLASS['core_db']->sql_fetchrow($result); $_CLASS['core_db']->sql_freeresult($result); if (!$row) { trigger_error('NO_USER'); } if ($row['user_status'] != USER_UNACTIVATED && !$row['user_new_password']) { trigger_error($row['user_status'] == USER_ACTIVE ? 'ALREADY_ACTIVATED' : 'CANT_ACTIVATED'); } if ($row['user_act_key'] != $key) { trigger_error('WRONG_ACTIVATION_KEY'); } $sql_ary = array('user_act_key' => null, 'user_new_password' => null, 'user_new_password_encoding' => null); if ($row['user_status'] != USER_UNACTIVATED) { $sql_ary += array('user_password' => $row['user_new_password'], 'user_password_encoding' => $row['user_new_password_encoding']); } else { include_once $site_file_root . 'includes/functions_user.php'; user_activate($user_id); set_core_config('user', 'newest_user_id', $row['user_id'], false); set_core_config('user', 'newest_username', $row['username'], false); } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $row['user_id']; $result = $_CLASS['core_db']->sql_query($sql); }
function activate() { global $_CLASS, $_CORE_CONFIG; $user_id = get_variable('user_id', 'GET', false, 'integer'); $key = get_variable('key', 'GET', false); if (!$user_id || !$key) { trigger_error('CANT_ACTIVATED'); } $sql = 'SELECT username, user_status, user_group, user_new_password, user_new_password_encoding, user_act_key FROM ' . USERS_TABLE . " WHERE user_id = {$user_id} AND user_type = " . USER_NORMAL; $result = $_CLASS['core_db']->query($sql); $row = $_CLASS['core_db']->fetch_row_assoc($result); $_CLASS['core_db']->free_result($result); if (!$row) { trigger_error('NO_USER'); } settype($row['user_status'], 'int'); if ($row['user_status'] !== STATUS_PENDING && !$row['user_new_password']) { trigger_error($row['user_status'] === STATUS_ACTIVE ? 'ALREADY_ACTIVATED' : 'CANT_ACTIVATED'); } if ($row['user_act_key'] !== $key) { trigger_error('WRONG_ACTIVATION_KEY'); } $sql_ary = array('user_act_key' => null, 'user_new_password' => null, 'user_new_password_encoding' => null); if ($row['user_status'] === STATUS_PENDING) { include_once SITE_FILE_ROOT . 'includes/functions_user.php'; user_activate($user_id); set_core_config('user', 'newest_user_id', $row['user_id'], false); set_core_config('user', 'newest_username', $row['username'], false); set_core_config('user', 'total_users', $_CORE_CONFIG['user']['total_users'] + 1, false); } else { $sql_ary += array('user_password' => $row['user_new_password'], 'user_password_encoding' => $row['user_new_password_encoding']); } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $_CLASS['core_db']->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . $user_id; $result = $_CLASS['core_db']->query($sql); $message = $row['user_status'] === STATUS_PENDING ? $_CLASS['core_user']->get_lang('ACCOUNT_ACTIVE') : $_CLASS['core_user']->get_lang('PASSWORD_ACTIVATED'); trigger_error($message . '<br /><br />' . sprintf($_CLASS['core_user']->get_lang('RETURN_INDEX'), '<a href="' . generate_link() . '">', '</a>')); }
/** This function determines if a user has been authenticated or not. */ function login_ok() { if (!isset($GLOBALS['__SESSION']["s_user"])) { return false; } return user_activate($GLOBALS['__SESSION']["s_user"], $GLOBALS['__SESSION']["s_pass"]); }
$Id$ */ if (VIPERAL !== 'Admin') { die; } if (isset($_REQUEST['user_mode']) && $_CLASS['core_auth']->admin_power('users') && display_confirmation()) { require_once SITE_FILE_ROOT . 'includes/functions_user.php'; $user_id = get_variable('id', 'REQUEST', false, 'integer'); if ($user_id) { switch ($_REQUEST['user_mode']) { case 'remove': user_delete($user_id); break; case 'activate': user_activate($user_id); break; } } } if (is_null($cms_news = $_CLASS['core_cache']->get('cms_news'))) { $cms_news = array(); load_class(SITE_FILE_ROOT . 'includes/core_rss.php', 'core_rss'); if ($_CLASS['core_rss']->get_rss('http://www.php.net/news.rss', 3)) { while ($data = $_CLASS['core_rss']->get_rss_data()) { if (!empty($data['title'])) { $cms_news[] = $data; } } } $_CLASS['core_cache']->put('cms_news', $cms_news, 43200);