function user_receive()
{
if (isset($_POST['user_update_settings'])) {
if (isset($_GET['user'])) {
if (user_get_admin($_SESSION[PREFIX . "user_id"]) && user_exists($_GET['user'])) {
$user_id = $_GET['user'];
}
} else {
$user_id = $_SESSION[PREFIX . "user_id"];
}
if (!$user_id) {
add_error("No valid user");
} else {
//Username
if (isset($_POST['username']) && $_POST['username'] != "") {
user_set_name($user_id, $_POST['username']);
}
//Email
if (isset($_POST['email']) && $_POST['email'] != "") {
user_set_email($user_id, $_POST['email']);
}
//password
if (isset($_POST['password']) && $_POST['password'] != "") {
user_set_password($user_id, $_POST['password']);
}
//Flattr id
if (isset($_POST['flattr_id']) && $_POST['flattr_id'] != "") {
flattr_set_flattrID($user_id, $_POST['flattr_id']);
}
//Flattr choice. Allways do this!
flattr_set_flattr_choice($user_id, $_POST['flattr_choice']);
}
} else {
if (isset($_POST['profile_save'])) {
$sql = "UPDATE " . PREFIX . "user SET description='" . sql_safe($_POST['description']) . "' WHERE id=" . sql_safe($_SESSION[PREFIX . 'user_id']) . ";";
if (mysql_query($sql)) {
add_message(_("Profile updated"));
} else {
add_error(sprintf(_("Profile update fail<br />SQL: %s<br />ERROR: %s"), $sql, mysql_error()));
}
}
}
}
# strip extra spaces from real name
$t_realname = string_normalize($f_realname);
if ($t_realname != user_get_field($t_user_id, 'realname')) {
# checks for problems with realnames
$t_username = user_get_field($t_user_id, 'username');
user_ensure_realname_unique($t_username, $t_realname);
user_set_realname($t_user_id, $t_realname);
$t_realname_updated = true;
}
# Update password if the two match and are not empty
if (!is_blank($f_password)) {
if ($f_password != $f_password_confirm) {
trigger_error(ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR);
} else {
if (!auth_does_password_match($t_user_id, $f_password)) {
user_set_password($t_user_id, $f_password);
$t_password_updated = true;
}
}
}
form_security_purge('account_update');
html_page_top(null, $t_redirect);
echo '<br /><div align="center">';
if ($t_email_updated) {
echo lang_get('email_updated') . '<br />';
}
if ($t_password_updated) {
echo lang_get('password_updated') . '<br />';
}
if ($t_realname_updated) {
echo lang_get('realname_updated') . '<br />';
/**
* Return true if the password for the user id given matches the given
* password (taking into account the global login method)
* @param int $p_user_id User id to check password against
* @param string $p_test_password Password
* @return bool indicating whether password matches given the user id
* @access public
*/
function auth_does_password_match($p_user_id, $p_test_password)
{
$t_configured_login_method = config_get('login_method');
if (LDAP == $t_configured_login_method) {
return ldap_authenticate($p_user_id, $p_test_password);
}
$t_password = user_get_field($p_user_id, 'password');
$t_login_methods = array(MD5, CRYPT, PLAIN);
foreach ($t_login_methods as $t_login_method) {
# pass the stored password in as the salt
if (auth_process_plain_password($p_test_password, $t_password, $t_login_method) == $t_password) {
# Do not support migration to PLAIN, since this would be a crazy thing to do.
# Also if we do, then a user will be able to login by providing the MD5 value
# that is copied from the database. See #8467 for more details.
if ($t_configured_login_method != PLAIN && $t_login_method == PLAIN) {
continue;
}
# Check for migration to another login method and test whether the password was encrypted
# with our previously insecure implemention of the CRYPT method
if ($t_login_method != $t_configured_login_method || CRYPT == $t_configured_login_method && utf8_substr($t_password, 0, 2) == utf8_substr($p_test_password, 0, 2)) {
user_set_password($p_user_id, $p_test_password, true);
}
return true;
}
}
return false;
}
user_ensure_realname_unique($f_username, $f_realname);
if ($f_password != $f_password_verify) {
trigger_error(ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR);
}
$f_email = email_append_domain($f_email);
email_ensure_not_disposable($f_email);
if (is_blank($f_password)) {
helper_ensure_confirmed(lang_get('empty_password_sure_msg'), lang_get('empty_password_button'));
}
lang_push(config_get('default_language'));
$t_admin_name = user_get_name(auth_get_current_user_id());
$t_cookie = user_create($f_username, $f_password, $f_email, $f_access_level, $f_protected, $f_enabled, $t_realname, $t_admin_name);
# set language back to user language
lang_pop();
$t_user_id = user_get_id_by_name($f_username);
user_set_password($t_user_id, $f_password, false);
$agilemantis_au->setAgileMantisUserRights($t_user_id, $_POST['participant'], $_POST['developer'], $_POST['administrator']);
header($agilemantis_au->forwardReturnToPage('agileuser.php'));
} else {
html_page_top(plugin_lang_get('manage_user_add_new_user'));
}
?>
<?php
if (user_get_name(auth_get_current_user_id()) == 'administrator') {
?>
<br>
<div align="center">
<form method="post" action="<?php
echo plugin_page("add_user.php");
?>
function auth_does_password_match($p_user_id, $p_test_password)
{
$t_configured_login_method = config_get('login_method');
if (LDAP == $t_configured_login_method) {
return ldap_authenticate($p_user_id, $p_test_password);
}
$t_password = user_get_field($p_user_id, 'password');
$t_login_methods = array(MD5, CRYPT, PLAIN);
foreach ($t_login_methods as $t_login_method) {
# pass the stored password in as the salt
if (auth_process_plain_password($p_test_password, $t_password, $t_login_method) == $t_password) {
# Check for migration to another login method and test whether the password was encrypted
# with our previously insecure implemention of the CRYPT method
if ($t_login_method != $t_configured_login_method || CRYPT == $t_configured_login_method && substr($t_password, 0, 2) == substr($p_test_password, 0, 2)) {
user_set_password($p_user_id, $p_test_password, true);
}
return true;
}
}
return false;
}
