function userSave($option, $uid)
{
global $database, $my, $mosConfig_frontend_userparams;
$user_id = intval(mosGetParam($_POST, 'id', 0));
// do some security checks
if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
mosNotAuth();
return;
}
// simple spoof check security
josSpoofCheck();
$row = new mosUser($database);
$row->load((int) $user_id);
$orig_password = $row->password;
$orig_username = $row->username;
if (!$row->bind($_POST, 'gid usertype')) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->name = trim($row->name);
$row->email = trim($row->email);
$row->username = trim($row->username);
mosMakeHtmlSafe($row);
if (isset($_POST['password']) && $_POST['password'] != '') {
if (isset($_POST['verifyPass']) && $_POST['verifyPass'] == $_POST['password']) {
$row->password = trim($row->password);
$salt = mosMakePassword(16);
$crypt = md5($row->password . $salt);
$row->password = $crypt . ':' . $salt;
} else {
echo "<script> alert(\"" . addslashes(_PASS_MATCH) . "\"); window.history.go(-1); </script>\n";
exit;
}
} else {
// Restore 'original password'
$row->password = $orig_password;
}
if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) {
// save params
$params = mosGetParam($_POST, 'params', '');
if (is_array($params)) {
$txt = array();
foreach ($params as $k => $v) {
$txt[] = "{$k}={$v}";
}
$row->params = implode("\n", $txt);
}
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// check if username has been changed
if ($orig_username != $row->username) {
// change username value in session table
$query = "UPDATE #__session" . "\n SET username = "******"\n WHERE username = "******"\n AND userid = " . (int) $my->id . "\n AND gid = " . (int) $my->gid . "\n AND guest = 0";
$database->setQuery($query);
$database->query();
}
mosRedirect('index.php', _USER_DETAILS_SAVE);
}
/**
* The function from com_registration!
* Registers a user into Mambo/Joomla
*
* @return boolean True when the registration process was successful, False when not
*/
function saveRegistration()
{
global $database, $acl, $vmLogger, $mosConfig_useractivation, $mosConfig_allowUserRegistration, $mosConfig_live_site;
if ($mosConfig_allowUserRegistration == '0') {
mosNotAuth();
return false;
}
$row = new mosUser($database);
if (!$row->bind($_POST, 'usertype')) {
$error = vmHtmlEntityDecode($row->getError());
$vmLogger->err($error);
echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n";
return false;
}
mosMakeHtmlSafe($row);
$usergroup = 'Registered';
$row->id = 0;
$row->usertype = $usergroup;
$row->gid = $acl->get_group_id($usergroup, 'ARO');
if ($mosConfig_useractivation == '1') {
$row->activation = md5(vmGenRandomPassword());
$row->block = '1';
}
if (!$row->check()) {
$error = vmHtmlEntityDecode($row->getError());
$vmLogger->err($error);
echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n";
return false;
}
$pwd = $row->password;
$row->password = md5($row->password);
$row->registerDate = date('Y-m-d H:i:s');
if (!$row->store()) {
$error = vmHtmlEntityDecode($row->getError());
$vmLogger->err($error);
echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n";
return false;
}
$row->checkin();
$name = $row->name;
$email = $row->email;
$username = $row->username;
$component = vmIsJoomla(1.5) ? 'com_user' : 'com_registration';
$activation_link = $mosConfig_live_site . "/index.php?option={$component}&task=activate&activation=" . $row->activation;
// Send the registration email
$this->_sendMail($name, $email, $username, $pwd, $activation_link);
return true;
}
function saveRegistration()
{
global $database, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
if ($mosConfig_allowUserRegistration == 0) {
mosNotAuth();
return;
}
// simple spoof check security
josSpoofCheck();
$row = new mosUser($database);
if (!$row->bind($_POST, 'usertype')) {
mosErrorAlert($row->getError());
}
$row->name = trim($row->name);
$row->email = trim($row->email);
$row->username = trim($row->username);
$row->password = trim($row->password);
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = '';
$row->gid = $acl->get_group_id('Registered', 'ARO');
if ($mosConfig_useractivation == 1) {
$row->activation = md5(mosMakePassword());
$row->block = '1';
}
if (!$row->check()) {
echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n";
exit;
}
$pwd = $row->password;
$salt = mosMakePassword(16);
$crypt = md5($row->password . $salt);
$row->password = $crypt . ':' . $salt;
$row->registerDate = date('Y-m-d H:i:s');
if (!$row->store()) {
echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
$name = trim($row->name);
$email = trim($row->email);
$username = trim($row->username);
$subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
if ($mosConfig_useractivation == 1) {
$message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
} else {
$message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
}
$message = html_entity_decode($message, ENT_QUOTES);
// check if Global Config `mailfrom` and `fromname` values exist
if ($mosConfig_mailfrom != '' && $mosConfig_fromname != '') {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
// use email address and name of first superadmin for use in email sent to user
$query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE LOWER( usertype ) = 'superadministrator'" . "\n OR LOWER( usertype ) = 'super administrator'";
$database->setQuery($query);
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
// Send email to user
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get email addresses of all admins and superadmins set to recieve system emails
$query = "SELECT email, sendEmail" . "\n FROM #__users" . "\n WHERE ( gid = 24 OR gid = 25 )" . "\n AND sendEmail = 1" . "\n AND block = 0";
$database->setQuery($query);
$admins = $database->loadObjectList();
foreach ($admins as $admin) {
// send email to admin & super admin set to recieve system emails
mosMail($adminEmail2, $adminName2, $admin->email, $subject2, $message2);
}
if ($mosConfig_useractivation == 1) {
echo _REG_COMPLETE_ACTIVATE;
} else {
echo _REG_COMPLETE;
}
}
function saveRegistration($option)
{
global $database, $my, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
if ($mosConfig_allowUserRegistration == "0") {
mosNotAuth();
return;
}
$row = new mosUser($database);
if (!$row->bind($_POST, "usertype")) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = '';
$row->gid = $acl->get_group_id('Registered', 'ARO');
if ($mosConfig_useractivation == "1") {
$row->activation = md5(mosMakePassword());
$row->block = "1";
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$pwd = $row->password;
$row->password = md5($row->password);
$row->registerDate = date("Y-m-d H:i:s");
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
$name = $row->name;
$email = $row->email;
$username = $row->username;
$subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
if ($mosConfig_useractivation == "1") {
$message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
} else {
$message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
}
$message = html_entity_decode($message, ENT_QUOTES);
// Send email to user
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
$database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='superadministrator'");
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get superadministrators id
$admins = $acl->get_group_objects(25, 'ARO');
foreach ($admins['users'] as $id) {
$database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'");
$rows = $database->loadObjectList();
$row = $rows[0];
if ($row->sendEmail) {
mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
}
}
if ($mosConfig_useractivation == "1") {
echo _REG_COMPLETE_ACTIVATE;
} else {
echo _REG_COMPLETE;
}
}
function userSave($option, $uid)
{
global $database;
$user_id = intval(mosGetParam($_POST, 'id', 0));
// do some security checks
if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
mosNotAuth();
return;
}
$row = new mosUser($database);
$row->load($user_id);
$row->orig_password = $row->password;
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (isset($_POST["password"]) && $_POST["password"] != "") {
if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
$row->password = md5($_POST["password"]);
} else {
echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n";
exit;
}
} else {
// Restore 'original password'
$row->password = $row->orig_password;
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
unset($row->orig_password);
// prevent DB error!!
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
//extended stuff....
// save extended details
include "administrator/components/com_user_extended/user_extended.class.php";
$rowExtended = new mosUser_Extended($database);
if (!$rowExtended->bind($_POST)) {
echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$rowExtended->check()) {
echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$rowExtended->storeExtended($user_id)) {
echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE);
}
function removeUsers($cid, $option)
{
global $database, $acl, $my;
if (!is_array($cid) || count($cid) < 1) {
$msg = T_("Select an item to delete");
mosRedirect('index2.php?option=' . $option, $msg);
}
if (in_array($my->id, $cid)) {
$msg = T_("You cannot delete yourself!");
mosRedirect('index2.php?option=' . $option, $msg);
}
// count super/admin gids within $cid
$super_gid = $acl->get_group_id('super administrator');
$admin_gid = $acl->get_group_id('administrator');
$cids = implode(',', $cid);
$database->setQuery("SELECT COUNT(id) FROM #__users WHERE id IN ({$cids}) AND gid IN ({$super_gid},{$admin_gid})");
if ($database->getErrorMsg()) {
echo $database->stderr();
return;
}
$admin_count = (int) $database->loadResult();
// disallow deleting administrators / super administrators if not super administrator
if ($admin_count && $my->gid !== $super_gid) {
$msg = T_("You cannot delete another `Administrator` only `Super Administrators` have this power");
mosRedirect('index2.php?option=' . $option, $msg);
}
if (count($cid)) {
$obj = new mosUser($database);
$deleted = array();
foreach ($cid as $id) {
$obj->delete($id);
$deleted[] = $id;
$msg = $obj->getError();
}
if (count($deleted)) {
$mambothandler =& mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
$cids = implode(',', $deleted);
$query = "SELECT username FROM #__users WHERE id IN ({$cids})";
$database->setQuery($query);
$results = $database->loadResultArray();
if ($results) {
foreach ($results as $result) {
$loginfo = new mosLoginDetails($result->username);
$mambothandler->trigger('userDelete', array($loginfo));
}
}
}
}
mosRedirect('index2.php?option=' . $option, $msg);
}
/**
* Function to remove a user from Joomla
*/
function removeUsers($cid)
{
global $database, $acl, $my, $vmLogger, $VM_LANG;
if (!is_array($cid)) {
$cid = array($cid);
}
if (count($cid)) {
$obj = new mosUser($database);
foreach ($cid as $id) {
// check for a super admin ... can't delete them
//TODO: Find out the group name of the User to be deleted
// $groups = $acl->get_object_groups( 'users', $id, 'ARO' );
// $this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) );
$obj->load($id);
$this_group = strtolower($obj->get('usertype'));
if ($this_group == 'super administrator') {
$vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_SUPERADMIN'));
return false;
} else {
if ($id == $my->id) {
$vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_YOURSELF'));
return false;
} else {
if ($this_group == 'administrator' && $my->gid == 24) {
$vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_ADMIN'));
return false;
} else {
$obj->delete($id);
$err = $obj->getError();
if ($err) {
$vmLogger->err($err);
return false;
}
return true;
}
}
}
}
}
}
function removeUsers($cid, $option)
{
global $database, $acl, $my;
josSpoofCheck();
if (!is_array($cid) || count($cid) < 1) {
echo "<script> alert('Select an item to delete'); window.history.go(-1);</script>\n";
exit;
}
$msg = checkUserPermissions($cid, 'delete');
if (!$msg && count($cid)) {
$obj = new mosUser($database);
foreach ($cid as $id) {
$obj->load($id);
$count = 2;
if ($obj->gid == 25) {
// count number of active super admins
$query = "SELECT COUNT( id )" . "\n FROM #__users" . "\n WHERE gid = 25" . "\n AND block = 0";
$database->setQuery($query);
$count = $database->loadResult();
}
if ($count <= 1 && $obj->gid == 25) {
// cannot delete Super Admin where it is the only one that exists
$msg = "You cannot delete this Super Administrator as it is the only active Super Administrator for your site";
} else {
// delete user
$obj->delete($id);
$msg = $obj->getError();
// delete user acounts active sessions
logoutUser($id, 'com_users', 'remove');
}
}
}
mosRedirect('index2.php?option=' . $option, $msg);
}
function saveRegistration($option)
{
global $database, $my, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
if ($mosConfig_allowUserRegistration == '0') {
mosNotAuth();
return;
}
$row = new mosUser($database);
if (!$row->bind($_POST, 'usertype')) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = 'Registered';
$row->gid = $acl->get_group_id('Registered', 'ARO');
if ($mosConfig_useractivation == '1') {
$row->activation = md5(mosMakePassword());
$row->block = '1';
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$pwd = $row->password;
$row->password = md5($row->password);
$row->registerDate = date("Y-m-d H:i:s");
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
$name = $row->name;
$email = $row->email;
$username = $row->username;
$subject = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
$mambothandler =& mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
if ($mosConfig_useractivation == "1") {
$message = sprintf(T_('Hello %s,
Thank you for registering at %s. Your account has been created but, as a precaution, it must be activated by you before you can use it.
To activate the account click on the following link or copy and paste it in your browser:
%s
After activation you may login to %s using the following username and password:
Username - %s
Password - %s'), $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
$loginfo = new mosLoginDetails($username, $pwd);
$mambothandler->trigger('userRegister', array($loginfo));
} else {
$message = sprintf(T_("Hello %s,\n\nThank you for registering at %s.\n\nYou may now login to %s using the username and password you registered with."), $name, $mosConfig_sitename, $mosConfig_live_site);
$loginfo = new mosLoginDetails($username, $pwd);
$mambothandler->trigger('userRegister', array($loginfo));
$mambothandler->trigger('userActivate', array($loginfo));
}
$message = html_entity_decode($message, ENT_QUOTES);
// Send email to user
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
$database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='super administrator'");
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename);
$message2 = sprintf(T_('Hello %s,
A new user has registered at %s.
This email contains their details:
Name - %s
e-mail - %s
Username - %s
Please do not respond to this message as it is automatically generated and is for information purposes only'), $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get superadministrators id
$admins = $acl->get_group_objects(25, 'ARO');
foreach ($admins['users'] as $id) {
$database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'");
$rows = $database->loadObjectList();
$row = $rows[0];
if ($row->sendEmail) {
mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
}
}
if ($mosConfig_useractivation == "1") {
echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />';
echo T_('Your account has been created and an activation link has been sent to the e-mail address you entered. Note that you must activate the account by clicking on the activation link before you can login.');
} else {
echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />';
echo T_('You may now login.');
}
}
function userSave($option, $uid)
{
global $database;
$user_id = intval(mosGetParam($_POST, 'id', 0));
// do some security checks
if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
mosNotAuth();
return;
}
$row = new mosUser($database);
$row->load($user_id);
$row->orig_password = $row->password;
if (!$row->bind($_POST, "gid usertype")) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
if (isset($_POST["password"]) && $_POST["password"] != "") {
if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
$row->password = md5($_POST["password"]);
} else {
echo "<script> alert(\"" . T_('Passwords do not match') . "\"); window.history.go(-1); </script>\n";
exit;
}
} else {
// Restore 'original password'
$row->password = $row->orig_password;
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
unset($row->orig_password);
// prevent DB error!!
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$loginfo = new mosLoginDetails($row->username, $_POST['password']);
$mambothandler =& mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
$mambothandler->trigger('userChange', array($loginfo));
mosRedirect("index.php?option={$option}", T_('Your settings have been saved.'));
}
function removeUsers($cid, $option)
{
global $database, $acl, $adminLanguage;
if (!is_array($cid) || count($cid) < 1) {
echo "<script> alert(\"" . $adminLanguage->A_COMP_CONTENT_SEL_DEL . "\"); window.history.go(-1);</script>\n";
exit;
}
$msg = '';
if (count($cid)) {
$obj = new mosUser($database);
foreach ($cid as $id) {
// check for a super admin ... can't delete them
$groups = $acl->get_object_groups('users', $id, 'ARO');
$this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
if ($this_group == 'super administrator') {
$msg .= $adminLanguage->A_COMP_USERS_CANNOT;
} else {
$obj->delete($id);
$msg .= $obj->getError();
}
}
}
$limit = intval(mosGetParam($_REQUEST, 'limit', 10));
$limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
mosRedirect('index2.php?option=' . $option, $msg);
}
/**
* If table key (id) is NULL : inserts new rows
* otherwise updates existing row in the database tables
*
* Can be overridden or overloaded by the child classes
*
* @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not.
* @return boolean TRUE if successful otherwise FALSE
*/
function store( $updateNulls = false ) {
global $_CB_framework, $_CB_database, $ueConfig;
$this->id = (int) $this->id;
if ( checkJversion() == 2 ) {
$this->gids = ( is_array( $this->gids ) ? $this->gids : array( $this->gid ) );
$this->gid = (int) $_CB_framework->acl->getBackwardsCompatibleGid( $this->gids );
} else {
$this->gid = (int) $this->gid;
$this->gids = array( $this->gid );
}
$isNew = ( $this->id == 0 );
$oldUsername = null;
$oldGid = null;
$oldBlock = null;
//TOOD //FIXME Somehow the constructor does not get called in j1.6, so need to redo this here:
if ( checkJversion() == 2 ) {
$this->_cmsUserTableGid = 'usertype';
}
if ( ! $isNew ) {
// get actual username to update sessions in case:
$sql = 'SELECT ' . $_CB_database->NameQuote( $this->_cmsUserTableUsername )
. ', ' . $_CB_database->NameQuote( $this->_cmsUserTableGid )
. ', ' . $_CB_database->NameQuote( 'block' )
. ' FROM ' . $_CB_database->NameQuote( $this->_cmsUserTable ) . ' WHERE ' . $_CB_database->NameQuote( $this->_cmsUserTableKey ) . ' = ' . (int) $this->user_id;
$_CB_database->setQuery( $sql );
$oldEntry = null;
if ( $_CB_database->loadObject( $oldEntry ) ) {
$oldUsername = $oldEntry->username;
if ( checkJversion() == 2 ) {
$oldGids = array_values( (array) JFactory::getUser( $this->id )->groups );
$oldGid = (int) $_CB_framework->acl->getBackwardsCompatibleGid( $oldGids );
} else {
$oldGid = (int) $oldEntry->gid;
$oldGids = array( $oldEntry->gid );
}
$oldBlock = $oldEntry->block;
}
}
// insure usertype is in sync with gid:
/*
* This could be a better method:
if ( checkJversion() == 1 ) {
$gdataArray = $_CB_framework->acl->get_group_data( (int) $this->gid, 'ARO' );
if ( $gdataArray ) {
$this->usertype = $gdataArray[3];
} else {
user_error( sprintf( 'comprofilerUser::store: gacl:get_group_data: for user_id %d, name of group_id %d not found in acl groups table.', $this->id, $this->gid ), E_USER_WARNING );
$this->usertype = 'Registered';
}
} else {
$this->usertype = $_CB_framework->acl->get_group_name( (int) $gid, 'ARO' );
}
*/
if ( checkJversion() == 2 ) {
$query = 'SELECT title AS name'
. "\n FROM #__usergroups"
. "\n WHERE id = " . (int) $this->gid
;
} elseif ( checkJversion() == 1 ) {
$query = 'SELECT name'
. "\n FROM #__core_acl_aro_groups"
. "\n WHERE id = " . (int) $this->gid
;
} else {
$query = 'SELECT name'
. "\n FROM #__core_acl_aro_groups"
. "\n WHERE group_id = " . (int) $this->gid
;
}
$_CB_database->setQuery( $query );
$this->usertype = $_CB_database->loadResult();
// creates CMS and CB objects:
$this->_mapUsers();
// remove the previous email set in bindSafely() and needed for checkSafely():
unset( $this->_original_email );
// stores first into CMS to get id of user if new:
if ( is_callable( array( $this->_cmsUser, 'store' ) ) ) {
$result = $this->_cmsUser->store( $updateNulls );
if ( ! $result ) {
$this->_error = $this->_cmsUser->getError();
}
} else {
if ( checkJversion() == 2 ) {
$this->_cmsUser->groups = $this->gids;
}
$result = $this->_cmsUser->save(); // Joomla 1.5 native
if ( ! $result ) {
$this->_error = $this->_cmsUser->getError();
if ( class_exists( 'JText' ) ) {
$this->_error = JText::_( $this->_error );
}
}
}
if ( $result ) {
// synchronize id and user_id:
if ( $isNew ) {
if ( $this->_cmsUser->id == 0 ) {
// this is only for mambo 4.5.0 backwards compatibility. 4.5.2.3 $row->store() updates id on insert
$sql = 'SELECT ' . $_CB_database->NameQuote( $this->_cmsUserTableKey ) . ' FROM ' . $_CB_database->NameQuote( $this->_cmsUserTable ) . ' WHERE ' . $_CB_database->NameQuote( $this->_cmsUserTableUsername ) . ' = ' . $_CB_database->Quote( $this->username);
$_CB_database->setQuery( $sql );
$this->_cmsUser->id = (int) $_CB_database->loadResult();
}
$this->id = $this->_cmsUser->id;
$this->_comprofilerUser->id = $this->_cmsUser->id;
}
if ( ( $this->confirmed == 0 ) && ( $this->cbactivation == '' ) && ( $ueConfig['reg_confirmation'] != 0 ) ) {
$this->_setActivationCode();
}
// stores CB user into comprofiler: if new, inserts, otherwise updates:
if ( $this->user_id == 0 ) {
$this->user_id = $this->_cmsUser->id;
$this->_comprofilerUser->user_id = $this->user_id;
$result = $this->_comprofilerUser->storeNew( $updateNulls );
} else {
$result = $this->_comprofilerUser->store( $updateNulls );
}
if ( ! $result ) {
$this->_error = $this->_comprofilerUser->getError();
}
}
if ( $result ) {
// update the ACL:
if ( checkJversion() == 2 ) {
$query = 'SELECT m.id AS aro_id, a.group_id FROM #__user_usergroup_map AS a'
. "\n INNER JOIN #__usergroups AS m ON m.id= a.group_id"
. "\n WHERE a.user_id = " . (int) $this->id
;
} elseif ( checkJversion() == 1 ) {
$query = 'SELECT a.id AS aro_id, m.group_id FROM #__core_acl_aro AS a'
. "\n INNER JOIN #__core_acl_groups_aro_map AS m ON m.aro_id = a.id"
. "\n WHERE a.value = " . (int) $this->id
;
} else {
$query = 'SELECT a.aro_id, m.group_id FROM #__core_acl_aro AS a'
. "\n INNER JOIN #__core_acl_groups_aro_map AS m ON m.aro_id = a.aro_id"
. "\n WHERE a.value = " . (int) $this->id
;
}
$_CB_database->setQuery( $query );
$aro_group = null;
$result = $_CB_database->loadObject( $aro_group );
if ( $result && ( $aro_group->group_id != $this->gid ) ) {
if ( checkJversion() == 2 ) {
// $query = 'UPDATE #__user_usergroup_map'
// . "\n SET group_id = " . (int) $this->gid
// . "\n WHERE user_id = " . (int) $this->id
// . ( $oldGid ? "\n AND group_id = " . (int) $oldGid : null )
// ;
// $_CB_database->setQuery( $query );
// $result = $_CB_database->query();
} else {
$query = 'UPDATE #__core_acl_groups_aro_map'
. "\n SET group_id = " . (int) $this->gid
. "\n WHERE aro_id = " . (int) $aro_group->aro_id
;
$_CB_database->setQuery( $query );
$result = $_CB_database->query();
}
}
if ( $result && ( ! $isNew ) && ( ( $oldUsername != $this->username ) || ( $aro_group->group_id != $this->gid ) || ( $oldGid != $this->gid ) || ( ( $oldBlock == 0 ) && ( $this->block == 1 ) ) ) ) {
// Update current sessions state if there is a change in gid or in username:
if ( $this->block == 0 ) {
$sessionGid = 1;
if ( $_CB_framework->acl->is_group_child_of( $this->usertype, 'Registered', 'ARO' ) || $_CB_framework->acl->is_group_child_of( $this->usertype, 'Public Backend', 'ARO' ) ) {
// Authors, Editors, Publishers and Super Administrators are part of the Special Group:
$sessionGid = 2;
}
$query = 'UPDATE #__session '
. "\n SET usertype = " . $_CB_database->Quote( $this->usertype );
if ( checkJversion() <= 1 ) {
$query .= ', gid = ' . (int) $sessionGid;
}
$query .= ', username = ' . $_CB_database->Quote( $this->username )
. "\n WHERE userid = " . (int) $this->id
;
//TBD: here maybe jaclplus fields update if JACLplus installed....
$_CB_database->setQuery( $query );
$result = $_CB_database->query();
} else {
// logout user now that user login has been blocked:
if ( $_CB_framework->myId() == $this->id ) {
$_CB_framework->logout();
}
$_CB_database->setQuery( "DELETE FROM #__session WHERE userid = " . (int) $this->id ); //TBD: check if this is enough for J 1.5
$result = $_CB_database->query();
}
}
if ( ! $result ) {
$this->_error = $_CB_database->stderr();
return false;
}
}
return $result;
}
function removeUsers($cid, $option)
{
global $database, $acl;
if (!is_array($cid) || count($cid) < 1) {
echo "<script> alert('Select an item to delete'); window.history.go(-1);</script>\n";
exit;
}
$msg = '';
if (count($cid)) {
$obj = new mosUser($database);
foreach ($cid as $id) {
// check for a super admin ... can't delete them
$groups = $acl->get_object_groups('users', $id, 'ARO');
$this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
if ($this_group == 'super administrator') {
$msg .= "You cannot delete a Super Administrator";
} else {
$obj->delete($id);
$msg .= $obj->getError();
$obj2 = new mosUser_extended($database);
$obj2->delete($id);
$msg .= $obj2->getError();
}
}
}
$limit = intval(mosGetParam($_REQUEST, 'limit', 10));
$limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
mosRedirect("index2.php?option={$option}", $msg);
}
function userSave($option, $uid)
{
global $database;
$user_id = intval(mosGetParam($_POST, 'id', 0));
// do some security checks
if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
mosNotAuth();
return;
}
$row = new mosUser($database);
$row->load($user_id);
$row->orig_password = $row->password;
if (!$row->bind($_POST, "gid usertype")) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
if (isset($_POST["password"]) && $_POST["password"] != "") {
if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
$row->password = md5($_POST["password"]);
} else {
echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n";
exit;
}
} else {
// Restore 'original password'
$row->password = $row->orig_password;
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
unset($row->orig_password);
// prevent DB error!!
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE);
}
