Beispiel #1
0
    }
    $sql = "SELECT login.*, {$creditColumns}, {$createColumns} FROM {$server->loginDatabase}.login ";
    $sql .= "LEFT OUTER JOIN {$server->loginDatabase}.{$creditsTable} AS credits ON login.account_id = credits.account_id ";
    $sql .= "LEFT OUTER JOIN {$server->loginDatabase}.{$createTable} AS created ON login.account_id = created.account_id ";
    $sql .= "WHERE login.sex != 'S' AND login.group_id >= 0 AND login.account_id = ? LIMIT 1";
    $sth = $server->connection->getStatement($sql);
    $sth->execute(array($accountID));
    // Account object.
    $account = $sth->fetch();
    if ($account) {
        $title = sprintf(Flux::message('AccountViewTitle2'), $account->userid);
    }
} else {
    $title = Flux::message('AccountViewTitle3');
}
$level = AccountLevel::getGroupLevel($account->group_id);
$banSuperior = $account && ($level > $session->account->group_level && $auth->allowedToBanHigherPower || $level <= $session->account->group_level);
$canTempBan = !$isMine && $banSuperior && $auth->allowedToTempBanAccount;
$canPermBan = !$isMine && $banSuperior && $auth->allowedToPermBanAccount;
$tempBanned = $account && $account->unban_time > 0;
$permBanned = $account && $account->state == 5;
$showTempBan = !$isMine && !$tempBanned && !$permBanned && $auth->allowedToTempBanAccount;
$showPermBan = !$isMine && !$permBanned && $auth->allowedToPermBanAccount;
$showUnban = !$isMine && ($tempBanned && $auth->allowedToTempUnbanAccount) || $permBanned && $auth->allowedToPermUnbanAccount;
if (count($_POST) && $account) {
    $reason = (string) $params->get('reason');
    if ($params->get('tempban') && ($tempBanDate = $params->get('tempban_date'))) {
        if ($canTempBan) {
            if ($server->loginServer->temporarilyBan($session->account->account_id, $reason, $account->account_id, $tempBanDate)) {
                $formattedDate = $this->formatDateTime($tempBanDate);
                $session->setMessageData("Account has been temporarily banned until {$formattedDate}.");
Beispiel #2
0
 if (!$groupName || !($loginAthenaGroup = Flux::getServerGroupByName($groupName))) {
     $loginAthenaGroup = $session->loginAthenaGroup;
 }
 $sql = "SELECT account_id, user_pass, group_id FROM {$loginAthenaGroup->loginDatabase}.login WHERE ";
 if ($loginAthenaGroup->loginServer->config->getNoCase()) {
     $sql .= 'LOWER(userid) = LOWER(?) ';
 } else {
     $sql .= 'BINARY userid = ? ';
 }
 $sql .= "AND email = ? AND state = 0 AND sex IN ('M', 'F') LIMIT 1";
 $sth = $loginAthenaGroup->connection->getStatement($sql);
 $sth->execute(array($userid, $email));
 $row = $sth->fetch();
 if ($row) {
     $groups = AccountLevel::getArray();
     if (AccountLevel::getGroupLevel($row->group_id) >= Flux::config('NoResetPassGroupLevel')) {
         $errorMessage = Flux::message('ResetPassDisallowed');
     } else {
         $code = md5(rand() + $row->account_id);
         $sql = "INSERT INTO {$loginAthenaGroup->loginDatabase}.{$resetPassTable} ";
         $sql .= "(code, account_id, old_password, request_date, request_ip, reset_done) ";
         $sql .= "VALUES (?, ?, ?, NOW(), ?, 0)";
         $sth = $loginAthenaGroup->connection->getStatement($sql);
         $res = $sth->execute(array($code, $row->account_id, $row->user_pass, $_SERVER['REMOTE_ADDR']));
         if ($res) {
             require_once 'Flux/Mailer.php';
             $name = $loginAthenaGroup->serverName;
             $link = $this->url('account', 'resetpw', array('_host' => true, 'code' => $code, 'account' => $row->account_id, 'login' => $name));
             $mail = new Flux_Mailer();
             $sent = $mail->send($email, 'Reset Password', 'resetpass', array('AccountUsername' => $userid, 'ResetLink' => htmlspecialchars($link)));
         }
Beispiel #3
0
<?php

// Module variables are available in page menus.
// However, access group_id checking must be done directly from the page menu.
// Minimal access checking such as $auth->actionAllowed('moduleName', 'actionName') should be performed.
$groups = AccountLevel::getArray();
$pageMenu = array();
if ((AccountLevel::getGroupLevel($account->group_id) <= $session->account->group_level || $auth->allowedToEditHigherPower) && $auth->actionAllowed('account', 'edit')) {
    $pageMenu[Flux::message('ModifyAccountLink')] = $this->url('account', 'edit', array('id' => $account->account_id));
}
return $pageMenu;
Beispiel #4
0
 /**
  * Initialize session data.
  *
  * @param bool $force
  * @return bool
  * @access private
  */
 private function initialize($force = false)
 {
     $keysToInit = array('username', 'serverName', 'athenaServerName', 'securityCode');
     foreach ($keysToInit as $key) {
         if ($force || !$this->{$key}) {
             $method = ucfirst($key);
             $method = "set{$method}Data";
             $this->{$method}(null);
         }
     }
     $loggedIn = true;
     if (!$this->username) {
         $loggedIn = false;
         $cfgAthenaServerName = Flux::config('DefaultCharMapServer');
         $cfgLoginAthenaGroup = Flux::config('DefaultLoginGroup');
         if (Flux::getServerGroupByName($cfgLoginAthenaGroup)) {
             $this->setServerNameData($cfgLoginAthenaGroup);
         } else {
             $defaultServerName = current(array_keys(Flux::$loginAthenaGroupRegistry));
             $this->setServerNameData($defaultServerName);
         }
     }
     if ($this->serverName && ($this->loginAthenaGroup = Flux::getServerGroupByName($this->serverName))) {
         $this->loginServer = $this->loginAthenaGroup->loginServer;
         if (!$loggedIn && $cfgAthenaServerName && $this->getAthenaServer($cfgAthenaServerName)) {
             $this->setAthenaServerNameData($cfgAthenaServerName);
         }
         if (!$this->athenaServerName || (!$loggedIn && !$this->getAthenaServer($cfgAthenaServerName) || !$this->getAthenaServer($this->athenaServerName))) {
             $this->setAthenaServerNameData(current($this->getAthenaServerNames()));
         }
     }
     // Get new account data every request.
     if ($this->loginAthenaGroup && $this->username && ($account = $this->getAccount($this->loginAthenaGroup, $this->username))) {
         $this->account = $account;
         $this->account->group_level = AccountLevel::getGroupLevel($account->group_id);
         // Automatically log out of account when detected as banned.
         $permBan = $account->state == 5 && !Flux::config('AllowPermBanLogin');
         $tempBan = $account->unban_time > 0 && $account->unban_time < time() && !Flux::config('AllowTempBanLogin');
         if ($permBan || $tempBan) {
             $this->logout();
         }
     } else {
         $this->account = new Flux_DataObject(null, array('group_level' => AccountLevel::UNAUTH));
     }
     //if (!$this->isLoggedIn()) {
     //	$this->setServerNameData(null);
     //	$this->setAthenaServerNameData(null);
     //}
     if (!is_array($this->cart)) {
         $this->setCartData(array());
     }
     if ($this->account->account_id && $this->loginAthenaGroup) {
         if (!array_key_exists($this->loginAthenaGroup->serverName, $this->cart)) {
             $this->cart[$this->loginAthenaGroup->serverName] = array();
         }
         foreach ($this->getAthenaServerNames() as $athenaServerName) {
             $athenaServer = $this->getAthenaServer($athenaServerName);
             $cartArray =& $this->cart[$this->loginAthenaGroup->serverName];
             $accountID = $this->account->account_id;
             if (!array_key_exists($accountID, $cartArray)) {
                 $cartArray[$accountID] = array();
             }
             if (!array_key_exists($athenaServerName, $cartArray[$accountID])) {
                 $cartArray[$accountID][$athenaServerName] = new Flux_ItemShop_Cart();
             }
             $cartArray[$accountID][$athenaServerName]->setAccount($this->account);
             $athenaServer->setCart($cartArray[$accountID][$athenaServerName]);
         }
     }
     return true;
 }