public function updateconfig()
{
$this->checkCsrfToken();
// confirm the forms authorisation key
$this->throwForbiddenUnless(SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN));
// get current module variables
$vars = ModUtil::getVar($this->name);
// get module variables from form
$modvars = array();
$modvars['table_prefix'] = FormUtil::getPassedValue('table_prefix', 'phpbb_', 'POST');
$modvars['page_title'] = FormUtil::getPassedValue('page_title', '', 'POST');
$modvars['page_description'] = FormUtil::getPassedValue('page_description', '', 'POST');
$modvars['page_robots'] = FormUtil::getPassedValue('page_robots', '', 'POST');
// table prefix change
if ($vars['table_prefix'] && $vars['table_prefix'] != $modvars['table_prefix']) {
// table prefix is changed
$mandatoryinprefix = 'phpbb';
if (strpos($modvars['table_prefix'], $mandatoryinprefix) === false) {
return LogUtil::registerError($this->__('Error: table prefix must contain fragment <b>phpbb</b>.'));
}
// ok, let's change in db
$connection = Doctrine_Manager::getInstance()->getCurrentConnection();
$stmt = $connection->prepare("SHOW TABLES LIKE '%" . $vars['table_prefix'] . "_%'");
try {
$stmt->execute();
} catch (Exception $e) {
return LogUtil::registerError(__('Error: ') . $e->getMessage());
}
$items = $stmt->fetchAll(Doctrine_Core::FETCH_NUM);
$tablenames = ZphpBB2_Util::getTableNames();
foreach ($items as $item) {
$table_stem = ZphpBB2_Util::getTableStem($item[0], $vars['table_prefix']);
if (in_array($table_stem, $tablenames)) {
$stmt = $connection->prepare('RENAME TABLE ' . $item[0] . " TO " . $modvars['table_prefix'] . $table_stem);
try {
$stmt->execute();
} catch (Exception $e) {
return LogUtil::registerError(__('Error: ') . $e->getMessage());
}
}
}
}
// update module variables
$this->setVars($modvars);
// the module configuration has been updated successfuly
LogUtil::registerStatus($this->__('Done! Module configuration updated.'));
return System::redirect(ModUtil::url($this->name, 'admin', 'main'));
}
/**
* Delete module
*
* @return boolean true/false
*/
public function uninstall()
{
$table_prefix = ModUtil::getVar('ZphpBB2', 'table_prefix', 'phpbb_');
$tablenames = ZphpBB2_Util::getTableNames();
$connection = Doctrine_Manager::getInstance()->getCurrentConnection();
// str_replace is because _ is wildcard character, as %
$stmt = $connection->prepare("SHOW TABLES LIKE '" . str_replace('_', '\\_', $table_prefix) . "%'");
try {
$stmt->execute();
} catch (Exception $e) {
return LogUtil::registerError(__('Error: ') . $e->getMessage());
}
$items = $stmt->fetchAll(Doctrine_Core::FETCH_NUM);
foreach ($items as $item) {
$table_stem = ZphpBB2_Util::getTableStem($item[0], $table_prefix);
if (in_array($table_stem, $tablenames)) {
$stmt = $connection->prepare("DROP TABLE `" . $item[0] . "`");
try {
$stmt->execute();
} catch (Exception $e) {
return LogUtil::registerError(__('Error: ') . $e->getMessage());
}
}
}
// Unregister event handlers
EventUtil::unregisterPersistentModuleHandler('ZphpBB2', 'user.account.create', array('ZphpBB2_Listener_UsersSynch', 'createAccountListener'));
EventUtil::unregisterPersistentModuleHandler('ZphpBB2', 'user.account.update', array('ZphpBB2_Listener_UsersSynch', 'updateAccountListener'));
EventUtil::unregisterPersistentModuleHandler('ZphpBB2', 'user.account.delete', array('ZphpBB2_Listener_UsersSynch', 'deleteAccountListener'));
return true;
}
//
if ($mode == 'register' && ($userdata['session_logged_in'] || $username == $userdata['username'])) {
message_die(GENERAL_MESSAGE, $lang['Username_taken'], '', __LINE__, __FILE__);
}
//
// Did the user submit? In this case build a query to update the users profile in the DB
//
// Begin PNphpBB2 Module
if (isset($_POST['changeprofile'])) {
// Zikula change user info
System::redirect(ModUtil::url(System::getVar('profilemodule', ''), 'user', 'modify'));
}
if (isset($_POST['refreshprofile'])) {
$user_id = intval($_POST['user_id']);
// ZphpBB2 => Main user synchronization
if (ZphpBB2_Util::phpBBupdateAccountById($user_id)) {
$message = $lang['Profile_updated'] . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index") . '">', '</a>');
$template->assign_vars(array("META" => '<meta http-equiv="refresh" content="5;url=' . append_sid("profile&mode=editprofile") . '">'));
message_die(GENERAL_MESSAGE, $message);
}
// <= ZphpBB2
}
if (isset($_POST['getpnavatar'])) {
$user_id = intval($_POST['user_id']);
// Get Zikula Avatar
// ZphpBB2 =>
$userZkAttrib = UserUtil::getVar('__ATTRIBUTES__');
if ($userZkAttrib['avatar'] != "blank.gif") {
$sql = "UPDATE " . USERS_TABLE . " SET user_avatar = '" . DataUtil::formatForStore($userZkAttrib['avatar']) . "', user_avatar_type = 3 WHERE user_id = " . $user_id;
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
/**
* Updates user information in forum database.
*
* @param array with user information.
*
* @return boolean
*/
public static function updateAccount($userObj)
{
if (is_array($userObj) && $userObj['uid'] > 0) {
// We need some board config information to create board user_error
$board_config = ZphpBB2_Util::getBoardConfig();
$user_is_admin = SecurityUtil::checkPermission('ZphpBB2::', '::', ACCESS_ADMIN) ? 1 : 0;
$connection = Doctrine_Manager::getInstance()->getCurrentConnection();
$table_users = self::getTableUsers();
// check for new user
$stmt = $connection->prepare("SELECT * FROM " . $table_users . " WHERE user_id=" . $userObj['uid']);
try {
$stmt->execute();
} catch (Exception $e) {
return LogUtil::registerError('Error: Could not get data from users table. ' . $e->getMessage());
}
if ($stmt->rowCount() == 0) {
// New forum user
// Wrap adding new user in transaction
$connection->beginTransaction();
try {
// new user - add in forum database
$sql = "INSERT INTO " . $table_users . " (";
$sql .= "user_id, user_active, username, user_password, ";
$sql .= "user_regdate, user_viewemail, user_attachsig, user_allowsmile, ";
$sql .= "user_allowhtml, user_allowbbcode, user_allow_viewonline, user_notify, user_notify_pm, user_popup_pm, user_dateformat, ";
$sql .= "user_lang, user_style, user_level, user_allow_pm";
$sql .= ") VALUES (";
$sql .= "'" . $userObj['uid'] . "', '1', '" . DataUtil::formatForStore($userObj['uname']) . "', '" . DataUtil::formatForStore($userObj['pass']) . "', ";
$sql .= time() . ", 0, " . $board_config['allow_sig'] . ", " . $board_config['allow_smilies'] . ", ";
$sql .= $board_config['allow_html'] . ", " . $board_config['allow_bbcode'] . ", 1, 0, 1, 1, '" . $board_config['default_dateformat'] . "', ";
$sql .= "'" . $board_config['default_lang'] . "', " . $board_config['default_style'] . ", " . $user_is_admin . ", 1";
$sql .= ")";
$stmt = $connection->prepare($sql);
$stmt->execute();
// Insert in group table
$sql = "INSERT INTO " . self::getTablePrefix() . "groups (group_name, group_description, group_single_user, group_moderator)";
$sql .= " VALUES ('', 'Personal User', 1, 0)";
$stmt = $connection->prepare($sql);
$stmt->execute();
$group_id = $connection->lastInsertId('group_id');
// Insert in user_group table
$sql = "INSERT INTO " . self::getTablePrefix() . "user_group (user_id, group_id, user_pending) VALUES (" . $userObj['uid'] . ", " . $group_id . ", 0)";
$stmt = $connection->prepare($sql);
$stmt->execute();
// end transaction
$connection->commit();
} catch (Exception $e) {
// error, rollback the transaction
$connection->rollback();
return LogUtil::registerError('Error: Could not insert data for new user. ' . $e->getMessage());
}
// Get inserted row
$stmt = $connection->prepare("SELECT * FROM " . $table_users . " WHERE user_id=" . $userObj['uid']);
try {
$stmt->execute();
} catch (Exception $e) {
return LogUtil::registerError('Error: Could not get data from users table. ' . $e->getMessage());
}
$result = $stmt->fetchAll(Doctrine_Core::FETCH_ASSOC);
$userObjOld = $result[0];
} else {
// Existing user
$result = $stmt->fetchAll(Doctrine_Core::FETCH_ASSOC);
$userObjOld = $result[0];
}
// Update data
$sql = "UPDATE " . $table_users . " SET ";
$sql .= "user_id = " . DataUtil::formatForStore($userObj['uid']) . ", ";
if (isset($userObj['uname'])) {
$sql .= "username = '******'uname']) . "', ";
}
if (isset($userObj['pass'])) {
$sql .= "user_password = '******'pass']) . "', ";
}
if (isset($userObj['email'])) {
$sql .= "user_email = '" . DataUtil::formatForStore($userObj['email']) . "', ";
}
if (isset($userObj['activated'])) {
$sql .= "user_active = '" . DataUtil::formatForStore($userObj['activated']) . "', ";
}
// Data optionally coming from Profile module
if (isset($userObj['__ATTRIBUTES__']['icq'])) {
$sql .= "user_icq = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['icq']) . "', ";
}
if (isset($userObj['__ATTRIBUTES__']['yim'])) {
$sql .= "user_yim = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['yim']) . "', ";
}
if (isset($userObj['__ATTRIBUTES__']['aim'])) {
$sql .= "user_aim = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['aim']) . "', ";
}
if (isset($userObj['__ATTRIBUTES__']['msnm'])) {
$sql .= "user_msnm = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['msnm']) . "', ";
}
if (isset($userObj['__ATTRIBUTES__']['url'])) {
$url = "http://" . preg_replace("'http://'i", '', $userObj['__ATTRIBUTES__']['url']);
$sql .= "user_website = '" . DataUtil::formatForStore($url) . "', ";
}
if (isset($userObj['__ATTRIBUTES__']['signature'])) {
$sql .= "user_sig = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['signature']) . "', ";
}
if (isset($userObj['__ATTRIBUTES__']['city'])) {
$sql .= "user_from = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['city']) . "', ";
}
if (isset($userObj['__ATTRIBUTES__']['occupation'])) {
$sql .= "user_occ = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['occupation']) . "', ";
}
if (isset($userObj['__ATTRIBUTES__']['interests'])) {
$sql .= "user_interests = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['interests']) . "', ";
}
if (isset($userObj['__ATTRIBUTES__']['tzoffset'])) {
$sql .= "user_timezone = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['tzoffset'] - 12) . "', ";
}
// Avatars are not synchronized yet
/*if (isset($userObj['__ATTRIBUTES__']['avatar'])) {
$sql .= "user_avatar = '" . DataUtil::formatForStore($userObj['__ATTRIBUTES__']['avatar']) . "', ";
$sql .= "user_avatar_type = 3, ";
}*/
// Update user rights
if (isset($userObjOld['user_level'])) {
$user_is_admin = $user_is_admin == 0 && $userObjOld['user_level'] != 0 ? $user_is_admin = $userObjOld['user_level'] : $user_is_admin;
$sql .= "user_level = " . $user_is_admin . ", ";
}
$sql = rtrim($sql, ' ,');
$sql .= " WHERE user_id=" . $userObj['uid'];
$stmt = $connection->prepare($sql);
try {
$stmt->execute();
} catch (Exception $e) {
return LogUtil::registerError('Error: Could not update data for the user.' . $e->getMessage());
}
// Update group tables
if (stripslashes($userObjOld['username']) != UserUtil::getVar('uname')) {
$sql = "UPDATE " . self::getTablePrefix() . "groups SET group_name = '" . DataUtil::formatForStore($userObj['uname']) . "' WHERE group_name = '" . $userObjOld['username'] . "'";
$stmt = $connection->prepare($sql);
try {
$stmt->execute();
} catch (Exception $e) {
return LogUtil::registerError('Error: Could not update groups table. ' . $e->getMessage());
}
}
return true;
}
return false;
}
function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_autologin = 0, $admin = 0)
{
global $db, $board_config;
global $SID;
$cookiename = $board_config['cookie_name'];
$cookiepath = $board_config['cookie_path'];
$cookiedomain = $board_config['cookie_domain'];
$cookiesecure = $board_config['cookie_secure'];
if (isset($_COOKIE[$cookiename . '_sid']) || isset($_COOKIE[$cookiename . '_data'])) {
$session_id = isset($_COOKIE[$cookiename . '_sid']) ? $_COOKIE[$cookiename . '_sid'] : '';
$sessiondata = isset($_COOKIE[$cookiename . '_data']) ? unserialize(stripslashes($_COOKIE[$cookiename . '_data'])) : array();
$sessionmethod = SESSION_METHOD_COOKIE;
} else {
$sessiondata = array();
$session_id = isset($_GET['sid']) ? $_GET['sid'] : '';
$sessionmethod = SESSION_METHOD_GET;
}
//
if (!preg_match('/^[A-Za-z0-9]*$/', $session_id)) {
$session_id = '';
}
$page_id = (int) $page_id;
$last_visit = 0;
$current_time = time();
// Begin PNphpBB2 Module
/*
//
// Are auto-logins allowed?
// If allow_autologin is not set or is true then they are
// (same behaviour as old 2.0.x session code)
//
if (isset($board_config['allow_autologin']) && !$board_config['allow_autologin'])
{
$enable_autologin = $sessiondata['autologinid'] = false;
}
//
// First off attempt to join with the autologin value if we have one
// If not, just use the user_id value
//
$userdata = array();
if ($user_id != ANONYMOUS)
{
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '' && $user_id)
{
$sql = 'SELECT u.*
FROM ' . USERS_TABLE . ' u, ' . SESSIONS_KEYS_TABLE . ' k
WHERE u.user_id = ' . (int) $user_id . "
AND u.user_active = 1
AND k.user_id = u.user_id
AND k.key_id = '" . md5($sessiondata['autologinid']) . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$enable_autologin = $login = 1;
}
else if (!$auto_create)
{
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id;
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id . '
AND user_active = 1';
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
$login = 1;
}
}
//
// At this point either $userdata should be populated or
// one of the below is true
// * Key didn't match one in the DB
// * User does not exist
// * User is inactive
//
if (!sizeof($userdata) || !is_array($userdata) || !$userdata)
{
$sessiondata['autologinid'] = '';
$sessiondata['userid'] = $user_id = ANONYMOUS;
$enable_autologin = $login = 0;
$sql = 'SELECT *
FROM ' . USERS_TABLE . '
WHERE user_id = ' . (int) $user_id;
if (!($result = $db->sql_query($sql)))
{
message_die(CRITICAL_ERROR, 'Error doing DB query userdata row fetch', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
*/
if (UserUtil::isLoggedIn()) {
$user_id = UserUtil::getVar('uid');
// Does the user have admin rights?
$admin = SecurityUtil::checkPermission('ZphpBB2::', '::', ACCESS_ADMIN) ? 1 : 0;
// ZphpBB2 => Main user synchronization
ZphpBB2_Util::phpBBupdateAccountById($user_id);
// <= ZphpBB2
} else {
$user_id = ANONYMOUS;
// -1
}
$sql = "SELECT * \n FROM " . USERS_TABLE . " \n WHERE user_id = {$user_id}";
if (!($result = $db->sql_query($sql))) {
message_die(CRITICAL_ERROR, 'Could not obtain lastvisit data from user table', '', __LINE__, __FILE__, $sql);
}
$userdata = $db->sql_fetchrow($result);
if ($user_id != ANONYMOUS) {
if ($auto_create) {
if ($userdata['user_active']) {
// We have to login automagically
$login = 1;
} else {
// Autologin is not set. Don't login, set as anonymous user
$login = 0;
$user_id = $userdata['user_id'] = ANONYMOUS;
$sql = 'SELECT * FROM ' . USERS_TABLE . ' WHERE user_id = ' . ANONYMOUS;
$result = $db->sql_query($sql);
$userdata = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
}
} else {
$login = 1;
}
} else {
$login = 0;
}
// End PNphpBB2 Module
//
// Initial ban check against user id, IP and email address
//
preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);
$sql = "SELECT ban_ip, ban_userid, ban_email \n FROM " . BANLIST_TABLE . " \n WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')\n OR ban_userid = {$user_id}";
if ($user_id != ANONYMOUS) {
$sql .= " OR ban_email LIKE '" . str_replace("\\'", "''", $userdata['user_email']) . "' \n OR ban_email LIKE '" . substr(str_replace("\\'", "''", $userdata['user_email']), strpos(str_replace("\\'", "''", $userdata['user_email']), "@")) . "'";
}
if (!($result = $db->sql_query($sql))) {
message_die(CRITICAL_ERROR, 'Could not obtain ban information', '', __LINE__, __FILE__, $sql);
}
if ($ban_info = $db->sql_fetchrow($result)) {
if ($ban_info['ban_ip'] || $ban_info['ban_userid'] || $ban_info['ban_email']) {
message_die(CRITICAL_MESSAGE, 'You_been_banned');
}
}
//
// Create or update the session
//
// Begin PNphpBB2 Module
// -- Remove session_admin
// $sql = "UPDATE " . SESSIONS_TABLE . "
// SET session_user_id = $user_id, session_start = $current_time, session_time = $current_time, session_page = $page_id, session_logged_in = $login, session_admin = $admin
// WHERE session_id = '" . $session_id . "'
// AND session_ip = '$user_ip'";
$sql = "UPDATE " . SESSIONS_TABLE . "\n SET session_user_id = {$user_id}, session_start = {$current_time}, session_time = {$current_time}, session_page = {$page_id}, session_logged_in = {$login}\n WHERE session_id = '" . $session_id . "' \n AND session_ip = '{$user_ip}'";
// End PNphpBB2 Module
if (!$db->sql_query($sql) || !$db->sql_affectedrows()) {
$session_id = md5(dss_rand());
// Begin PNphpBB2 Module
// -- Remove session_admin
// $sql = "INSERT INTO " . SESSIONS_TABLE . "
// (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
// VALUES ('$session_id', $user_id, $current_time, $current_time, '$user_ip', $page_id, $login, $admin)";
$sql = "INSERT INTO " . SESSIONS_TABLE . "\n (session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in)\n VALUES ('{$session_id}', {$user_id}, {$current_time}, {$current_time}, '{$user_ip}', {$page_id}, {$login})";
// End PNphpBB2 Module
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error creating new session', '', __LINE__, __FILE__, $sql);
}
}
if ($user_id != ANONYMOUS) {
$last_visit = $userdata['user_session_time'] > 0 ? $userdata['user_session_time'] : $current_time;
// Begin PNphpBB2 Module
// if (!$admin)
// {
// End PNphpBB2 Module
$sql = "UPDATE " . USERS_TABLE . " \n SET user_session_time = {$current_time}, user_session_page = {$page_id}, user_lastvisit = {$last_visit}\n WHERE user_id = {$user_id}";
if (!$db->sql_query($sql)) {
message_die(CRITICAL_ERROR, 'Error updating last visit time', '', __LINE__, __FILE__, $sql);
}
// Begin PNphpBB2 Module
// }
// End PNphpBB2 Module
$userdata['user_lastvisit'] = $last_visit;
// Begin PNphpBB2 Module
/*
//
// Regenerate the auto-login key
//
if ($enable_autologin)
{
$auto_login_key = dss_rand() . dss_rand();
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '')
{
$sql = 'UPDATE ' . SESSIONS_KEYS_TABLE . "
SET last_ip = '$user_ip', key_id = '" . md5($auto_login_key) . "', last_login = $current_time
WHERE key_id = '" . md5($sessiondata['autologinid']) . "'";
}
else
{
$sql = 'INSERT INTO ' . SESSIONS_KEYS_TABLE . "(key_id, user_id, last_ip, last_login)
VALUES ('" . md5($auto_login_key) . "', $user_id, '$user_ip', $current_time)";
}
if ( !$db->sql_query($sql) )
{
message_die(CRITICAL_ERROR, 'Error updating session key', '', __LINE__, __FILE__, $sql);
}
$sessiondata['autologinid'] = $auto_login_key;
unset($auto_login_key);
}
else
{
$sessiondata['autologinid'] = '';
}
// $sessiondata['autologinid'] = (!$admin) ? (( $enable_autologin && $sessionmethod == SESSION_METHOD_COOKIE ) ? $auto_login_key : '') : $sessiondata['autologinid'];
*/
// End PNphpBB2 Module
$sessiondata['userid'] = $user_id;
}
$userdata['session_id'] = $session_id;
$userdata['session_ip'] = $user_ip;
$userdata['session_user_id'] = $user_id;
$userdata['session_logged_in'] = $login;
$userdata['session_page'] = $page_id;
$userdata['session_start'] = $current_time;
$userdata['session_time'] = $current_time;
// Begin PNphpBB2 Module
// $userdata['session_admin'] = $admin;
// $userdata['session_key'] = $sessiondata['autologinid'];
// End PNphpBB2 Module
setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
$SID = 'sid=' . $session_id;
return $userdata;
}