}
$sql = "SELECT login.*, {$creditColumns}, {$createColumns} FROM {$server->loginDatabase}.login ";
$sql .= "LEFT OUTER JOIN {$server->loginDatabase}.{$creditsTable} AS credits ON login.account_id = credits.account_id ";
$sql .= "LEFT OUTER JOIN {$server->loginDatabase}.{$createTable} AS created ON login.account_id = created.account_id ";
$sql .= "WHERE login.sex != 'S' AND login.group_id >= 0 AND login.account_id = ? LIMIT 1";
$sth = $server->connection->getStatement($sql);
$sth->execute(array($accountID));
// Account object.
$account = $sth->fetch();
if ($account) {
$title = sprintf(Flux::message('AccountViewTitle2'), $account->userid);
}
} else {
$title = Flux::message('AccountViewTitle3');
}
$level = AccountLevel::getGroupLevel($account->group_id);
$banSuperior = $account && ($level > $session->account->group_level && $auth->allowedToBanHigherPower || $level <= $session->account->group_level);
$canTempBan = !$isMine && $banSuperior && $auth->allowedToTempBanAccount;
$canPermBan = !$isMine && $banSuperior && $auth->allowedToPermBanAccount;
$tempBanned = $account && $account->unban_time > 0;
$permBanned = $account && $account->state == 5;
$showTempBan = !$isMine && !$tempBanned && !$permBanned && $auth->allowedToTempBanAccount;
$showPermBan = !$isMine && !$permBanned && $auth->allowedToPermBanAccount;
$showUnban = !$isMine && ($tempBanned && $auth->allowedToTempUnbanAccount) || $permBanned && $auth->allowedToPermUnbanAccount;
if (count($_POST) && $account) {
$reason = (string) $params->get('reason');
if ($params->get('tempban') && ($tempBanDate = $params->get('tempban_date'))) {
if ($canTempBan) {
if ($server->loginServer->temporarilyBan($session->account->account_id, $reason, $account->account_id, $tempBanDate)) {
$formattedDate = $this->formatDateTime($tempBanDate);
$session->setMessageData("Account has been temporarily banned until {$formattedDate}.");
if (!$groupName || !($loginAthenaGroup = Flux::getServerGroupByName($groupName))) {
$loginAthenaGroup = $session->loginAthenaGroup;
}
$sql = "SELECT account_id, user_pass, group_id FROM {$loginAthenaGroup->loginDatabase}.login WHERE ";
if ($loginAthenaGroup->loginServer->config->getNoCase()) {
$sql .= 'LOWER(userid) = LOWER(?) ';
} else {
$sql .= 'BINARY userid = ? ';
}
$sql .= "AND email = ? AND state = 0 AND sex IN ('M', 'F') LIMIT 1";
$sth = $loginAthenaGroup->connection->getStatement($sql);
$sth->execute(array($userid, $email));
$row = $sth->fetch();
if ($row) {
$groups = AccountLevel::getArray();
if (AccountLevel::getGroupLevel($row->group_id) >= Flux::config('NoResetPassGroupLevel')) {
$errorMessage = Flux::message('ResetPassDisallowed');
} else {
$code = md5(rand() + $row->account_id);
$sql = "INSERT INTO {$loginAthenaGroup->loginDatabase}.{$resetPassTable} ";
$sql .= "(code, account_id, old_password, request_date, request_ip, reset_done) ";
$sql .= "VALUES (?, ?, ?, NOW(), ?, 0)";
$sth = $loginAthenaGroup->connection->getStatement($sql);
$res = $sth->execute(array($code, $row->account_id, $row->user_pass, $_SERVER['REMOTE_ADDR']));
if ($res) {
require_once 'Flux/Mailer.php';
$name = $loginAthenaGroup->serverName;
$link = $this->url('account', 'resetpw', array('_host' => true, 'code' => $code, 'account' => $row->account_id, 'login' => $name));
$mail = new Flux_Mailer();
$sent = $mail->send($email, 'Reset Password', 'resetpass', array('AccountUsername' => $userid, 'ResetLink' => htmlspecialchars($link)));
}
<?php
// Module variables are available in page menus.
// However, access group_id checking must be done directly from the page menu.
// Minimal access checking such as $auth->actionAllowed('moduleName', 'actionName') should be performed.
$groups = AccountLevel::getArray();
$pageMenu = array();
if ((AccountLevel::getGroupLevel($account->group_id) <= $session->account->group_level || $auth->allowedToEditHigherPower) && $auth->actionAllowed('account', 'edit')) {
$pageMenu[Flux::message('ModifyAccountLink')] = $this->url('account', 'edit', array('id' => $account->account_id));
}
return $pageMenu;
/**
* Initialize session data.
*
* @param bool $force
* @return bool
* @access private
*/
private function initialize($force = false)
{
$keysToInit = array('username', 'serverName', 'athenaServerName', 'securityCode');
foreach ($keysToInit as $key) {
if ($force || !$this->{$key}) {
$method = ucfirst($key);
$method = "set{$method}Data";
$this->{$method}(null);
}
}
$loggedIn = true;
if (!$this->username) {
$loggedIn = false;
$cfgAthenaServerName = Flux::config('DefaultCharMapServer');
$cfgLoginAthenaGroup = Flux::config('DefaultLoginGroup');
if (Flux::getServerGroupByName($cfgLoginAthenaGroup)) {
$this->setServerNameData($cfgLoginAthenaGroup);
} else {
$defaultServerName = current(array_keys(Flux::$loginAthenaGroupRegistry));
$this->setServerNameData($defaultServerName);
}
}
if ($this->serverName && ($this->loginAthenaGroup = Flux::getServerGroupByName($this->serverName))) {
$this->loginServer = $this->loginAthenaGroup->loginServer;
if (!$loggedIn && $cfgAthenaServerName && $this->getAthenaServer($cfgAthenaServerName)) {
$this->setAthenaServerNameData($cfgAthenaServerName);
}
if (!$this->athenaServerName || (!$loggedIn && !$this->getAthenaServer($cfgAthenaServerName) || !$this->getAthenaServer($this->athenaServerName))) {
$this->setAthenaServerNameData(current($this->getAthenaServerNames()));
}
}
// Get new account data every request.
if ($this->loginAthenaGroup && $this->username && ($account = $this->getAccount($this->loginAthenaGroup, $this->username))) {
$this->account = $account;
$this->account->group_level = AccountLevel::getGroupLevel($account->group_id);
// Automatically log out of account when detected as banned.
$permBan = $account->state == 5 && !Flux::config('AllowPermBanLogin');
$tempBan = $account->unban_time > 0 && $account->unban_time < time() && !Flux::config('AllowTempBanLogin');
if ($permBan || $tempBan) {
$this->logout();
}
} else {
$this->account = new Flux_DataObject(null, array('group_level' => AccountLevel::UNAUTH));
}
//if (!$this->isLoggedIn()) {
// $this->setServerNameData(null);
// $this->setAthenaServerNameData(null);
//}
if (!is_array($this->cart)) {
$this->setCartData(array());
}
if ($this->account->account_id && $this->loginAthenaGroup) {
if (!array_key_exists($this->loginAthenaGroup->serverName, $this->cart)) {
$this->cart[$this->loginAthenaGroup->serverName] = array();
}
foreach ($this->getAthenaServerNames() as $athenaServerName) {
$athenaServer = $this->getAthenaServer($athenaServerName);
$cartArray =& $this->cart[$this->loginAthenaGroup->serverName];
$accountID = $this->account->account_id;
if (!array_key_exists($accountID, $cartArray)) {
$cartArray[$accountID] = array();
}
if (!array_key_exists($athenaServerName, $cartArray[$accountID])) {
$cartArray[$accountID][$athenaServerName] = new Flux_ItemShop_Cart();
}
$cartArray[$accountID][$athenaServerName]->setAccount($this->account);
$athenaServer->setCart($cartArray[$accountID][$athenaServerName]);
}
}
return true;
}
