// create foreign keys and new index
$sql = 'alter table ' . $g_tbl_praefix . '_members add constraint ' . $g_tbl_praefix . '_FK_MEM_ROL foreign key (mem_rol_id)
references ' . $g_tbl_praefix . '_roles (rol_id) on delete restrict on update restrict';
$gDb->query($sql, false);
$sql = 'alter table ' . $g_tbl_praefix . '_members add constraint ' . $g_tbl_praefix . '_FK_MEM_USR foreign key (mem_usr_id)
references ' . $g_tbl_praefix . '_users (usr_id) on delete restrict on update restrict';
$gDb->query($sql, false);
$sql = 'create index IDX_' . $g_tbl_praefix . '_MEM_ROL_USR_ID on ' . TBL_MEMBERS . ' (mem_rol_id, mem_usr_id)';
$gDb->query($sql);
$sql = 'UPDATE ' . TBL_ROLES . ' SET rol_webmaster = 1
WHERE rol_name = \'' . $gL10n->get('SYS_WEBMASTER') . '\' ';
$gDb->query($sql);
// convert <br /> to a normal line feed
$emailText = preg_replace('/<br[[:space:]]*\\/?[[:space:]]*>/', chr(13) . chr(10), $gL10n->get('SYS_SYSMAIL_REFUSE_REGISTRATION'));
// create new system user
$systemUser = new TableUsers($gDb);
$systemUser->setValue('usr_login_name', $gL10n->get('SYS_SYSTEM'));
$systemUser->setValue('usr_valid', '0');
$systemUser->setValue('usr_timestamp_create', DATETIME_NOW);
$systemUser->save(false);
// no registered user -> UserIdCreate couldn't be filled
$sql = 'SELECT usf_id FROM ' . TBL_USER_FIELDS . ' WHERE usf_name_intern = \'LAST_NAME\'';
$pdoStatement = $gDb->query($sql);
$usfRow = $pdoStatement->fetch();
$sql = 'INSERT INTO ' . TBL_USER_DATA . ' (usd_usf_id, usd_usr_id, usd_value)
VALUES (' . $usfRow['usf_id'] . ', ' . $systemUser->getValue('usr_id') . ', \'' . $gL10n->get('SYS_SYSTEM') . '\')';
$gDb->query($sql);
$sql = 'UPDATE ' . TBL_MEMBERS . ' SET mem_usr_id_create = ' . $systemUser->getValue('usr_id') . '
, mem_timestamp_create = \'' . DATETIME_NOW . '\'';
$gDb->query($sql);
$sql = 'UPDATE ' . TBL_MEMBERS . ' SET mem_usr_id_create = ' . $systemUser->getValue('usr_id') . '
*
* @copyright 2004-2016 The Admidio Team
* @see http://www.admidio.org/
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License v2.0 only
*
* Parameters:
*
* aid .. Activation id for confirmation of new password
* usr_id .. Id of the user who wants a new password
***********************************************************************************************
*/
require_once 'common.php';
// Initialize and check the parameters
$getActivationId = admFuncVariableIsValid($_GET, 'aid', 'string', array('requireValue' => true));
$getUserId = admFuncVariableIsValid($_GET, 'usr_id', 'int', array('requireValue' => true));
// Systemmails und Passwort zusenden muessen aktiviert sein
if ($gPreferences['enable_system_mails'] != 1 || $gPreferences['enable_password_recovery'] != 1) {
$gMessage->show($gL10n->get('SYS_MODULE_DISABLED'));
}
$user = new TableUsers($gDb, $getUserId);
if ($user->getValue('usr_activation_code') === $getActivationId) {
// activate the new password
$user->setPassword($user->getValue('usr_new_password'), false, false);
$user->setPassword('', true, false);
$user->setValue('usr_activation_code', '');
$user->save();
$gMessage->setForwardUrl($g_root_path . '/adm_program/system/login.php', 2000);
$gMessage->show($gL10n->get('SYS_PWACT_PW_SAVED'));
} else {
$gMessage->show($gL10n->get('SYS_PWACT_CODE_INVALID'));
}
, (' . $cat_id_master_inf . ', \'NUMBER\', \'PRICE\', \'SYS_QUANTITY\', NULL, 0, 0, 0, 3, ' . $gCurrentUser->getValue('usr_id') . ',\'' . DATETIME_NOW . '\') ';
$db->query($sql);
if ($gDbType === 'postgresql') {
// soundex is not a default function in PostgreSQL
$sql = 'UPDATE ' . TBL_PREFERENCES . ' SET prf_value = \'0\'
WHERE prf_name LIKE \'system_search_similar\'';
$db->query($sql);
}
// create new organization
$gCurrentOrganization = new Organization($db, $_SESSION['orga_shortname']);
$gCurrentOrganization->setValue('org_longname', $_SESSION['orga_longname']);
$gCurrentOrganization->setValue('org_shortname', $_SESSION['orga_shortname']);
$gCurrentOrganization->setValue('org_homepage', $_SERVER['HTTP_HOST']);
$gCurrentOrganization->save();
// create user webmaster and assign roles
$webmaster = new TableUsers($db);
$webmaster->setValue('usr_login_name', $_SESSION['user_login']);
$webmaster->setPassword($_SESSION['user_password']);
$webmaster->setValue('usr_usr_id_create', $gCurrentUser->getValue('usr_id'));
$webmaster->setValue('usr_timestamp_create', DATETIME_NOW);
$webmaster->save(false);
// no registered user -> UserIdCreate couldn't be filled
// write all preferences from preferences.php in table adm_preferences
require_once 'db_scripts/preferences.php';
// set some specific preferences whose values came from user input of the installation wizard
$orga_preferences['email_administrator'] = $_SESSION['orga_email'];
$orga_preferences['system_language'] = $language;
// calculate the best cost value for your server performance
$benchmarkResults = PasswordHashing::costBenchmark();
$orga_preferences['system_hashing_cost'] = $benchmarkResults['cost'];
// create all necessary data for this organization
/**
* Set a new value for a column of the database table if the column has the prefix @b usr_
* otherwise the value of the profile field of the table adm_user_data will set.
* If the user log is activated than the change of the value will be logged in @b adm_user_log.
* The value is only saved in the object. You must call the method @b save to store the new value to the database
* @param string $columnName The name of the database column whose value should get a new value or the
* internal unique profile field name
* @param mixed $newValue The new value that should be stored in the database field
* @param bool $checkValue The value will be checked if it's valid. If set to @b false than the value will
* not be checked.
* @return bool Returns @b true if the value is stored in the current object and @b false if a check failed
* @par Examples
* @code // set data of adm_users column
* $gCurrentUser->getValue('usr_login_name', 'Admidio');
* // reads data of adm_user_fields
* $gCurrentUser->getValue('EMAIL', '*****@*****.**'); @endcode
*/
public function setValue($columnName, $newValue, $checkValue = true)
{
global $gCurrentUser, $gPreferences;
$returnCode = true;
$oldFieldValue = $this->mProfileFieldsData->getValue($columnName, 'database');
if (strpos($columnName, 'usr_') !== 0) {
// user data from adm_user_fields table
// only to a update if value has changed
if (strcmp($newValue, $oldFieldValue) !== 0) {
// Disabled fields can only be edited by users with the right "edit_users" except on registration.
// Here is no need to check hidden fields because we check on save() method that only users who
// can edit the profile are allowed to save and change data.
if ($this->mProfileFieldsData->getProperty($columnName, 'usf_disabled') == 0 || $this->mProfileFieldsData->getProperty($columnName, 'usf_disabled') == 1 && $gCurrentUser->hasRightEditProfile($this, false) || $gCurrentUser->getValue('usr_id') == 0 && $this->getValue('usr_id') == 0) {
$returnCode = $this->mProfileFieldsData->setValue($columnName, $newValue);
}
}
} else {
// users data from adm_users table
$returnCode = parent::setValue($columnName, $newValue);
}
$newFieldValue = $this->mProfileFieldsData->getValue($columnName, 'database');
// Nicht alle Aenderungen werden geloggt. Ausnahmen:
// usr_id ist Null, wenn der User neu angelegt wird. Das wird bereits dokumentiert.
// Felder, die mit usr_ beginnen, werden nicht geloggt
// Falls die Feldwerte sich nicht geaendert haben, wird natuerlich ebenfalls nicht geloggt
if ($gPreferences['profile_log_edit_fields'] == 1 && $this->getValue('usr_id') != 0 && strpos($columnName, 'usr_') === false && $newFieldValue !== $oldFieldValue && $returnCode === true) {
$logEntry = new TableAccess($this->db, TBL_USER_LOG, 'usl');
$logEntry->setValue('usl_usr_id', $this->getValue('usr_id'));
$logEntry->setValue('usl_usf_id', $this->mProfileFieldsData->getProperty($columnName, 'usf_id'));
$logEntry->setValue('usl_value_old', $oldFieldValue);
$logEntry->setValue('usl_value_new', $newFieldValue);
$logEntry->setValue('usl_comm', '');
$logEntry->save();
}
return $returnCode;
}
* Activate new password
*
* Copyright : (c) 2004 - 2015 The Admidio Team
* Homepage : http://www.admidio.org
* License : GNU Public License 2 http://www.gnu.org/licenses/gpl-2.0.html
*
* Parameters:
*
* aid .. Activation id for confirmation of new password
* usr_id .. Id of the user who wants a new password
*****************************************************************************/
require_once 'common.php';
// Initialize and check the parameters
$getActivationId = admFuncVariableIsValid($_GET, 'aid', 'string', array('requireValue' => true));
$getUserId = admFuncVariableIsValid($_GET, 'usr_id', 'numeric', array('requireValue' => true));
// Systemmails und Passwort zusenden muessen aktiviert sein
if ($gPreferences['enable_system_mails'] != 1 || $gPreferences['enable_password_recovery'] != 1) {
$gMessage->show($gL10n->get('SYS_MODULE_DISABLED'));
}
$user = new TableUsers($gDb, $getUserId);
if ($user->getValue('usr_activation_code') == $getActivationId) {
// activate the new password
$user->setValue('usr_password', $user->getValue('usr_new_password'));
$user->setValue('usr_new_password', '');
$user->setValue('usr_activation_code', '');
$user->save();
$gMessage->setForwardUrl($g_root_path . '/adm_program/system/login.php', 2000);
$gMessage->show($gL10n->get('SYS_PWACT_PW_SAVED'));
} else {
$gMessage->show($gL10n->get('SYS_PWACT_CODE_INVALID'));
}
