Ejemplo n.º 1
0
 /**
  * Adds a new member
  *
  * @static
  */
 function create($name, $realname, $password, $email, $url, $admin, $canlogin, $notes)
 {
     if (!isValidMailAddress($email)) {
         return _ERROR_BADMAILADDRESS;
     }
     if (!isValidDisplayName($name)) {
         return _ERROR_BADNAME;
     }
     if (MEMBER::exists($name)) {
         return _ERROR_NICKNAMEINUSE;
     }
     if (!$realname) {
         return _ERROR_REALNAMEMISSING;
     }
     if (!$password) {
         return _ERROR_PASSWORDMISSING;
     }
     # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
     # original eregi: !eregi("^https?://", $url)
     // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
     if (!preg_match('#^https?://#', $url)) {
         $url = 'http://' . $url;
     }
     // end if
     $name = sql_real_escape_string($name);
     $realname = sql_real_escape_string($realname);
     $password = sql_real_escape_string(md5($password));
     $email = sql_real_escape_string($email);
     $url = sql_real_escape_string($url);
     $admin = intval($admin);
     $canlogin = intval($canlogin);
     $notes = sql_real_escape_string($notes);
     if ($admin && !$canlogin) {
         return _ERROR;
     }
     $query = 'INSERT INTO ' . sql_table('member') . " (MNAME,MREALNAME,MPASSWORD,MEMAIL,MURL, MADMIN, MCANLOGIN, MNOTES) " . "VALUES ('{$name}','{$realname}','{$password}','{$email}','{$url}',{$admin}, {$canlogin}, '{$notes}')";
     sql_query($query);
     ACTIONLOG::add(INFO, _ACTIONLOG_NEWMEMBER . ' ' . $name);
     return 1;
 }
Ejemplo n.º 2
0
 /**
  * @todo document this
  */
 function action_changemembersettings()
 {
     global $member, $CONF, $manager;
     $memberid = intRequestVar('memberid');
     // check if allowed
     $member->getID() == $memberid or $member->isAdmin() or $this->disallow();
     $name = trim(strip_tags(postVar('name')));
     $realname = trim(strip_tags(postVar('realname')));
     $password = postVar('password');
     $repeatpassword = postVar('repeatpassword');
     $email = strip_tags(postVar('email'));
     $url = strip_tags(postVar('url'));
     # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0
     # original eregi: !eregi("^https?://", $url)
     // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it.
     if (!preg_match('#^https?://#', $url)) {
         $url = 'http://' . $url;
     }
     $admin = postVar('admin');
     $canlogin = postVar('canlogin');
     $notes = strip_tags(postVar('notes'));
     $deflang = postVar('deflang');
     $mem = MEMBER::createFromID($memberid);
     if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
         if (!isValidDisplayName($name)) {
             $this->error(_ERROR_BADNAME);
         }
         if ($name != $mem->getDisplayName() && MEMBER::exists($name)) {
             $this->error(_ERROR_NICKNAMEINUSE);
         }
         if ($password != $repeatpassword) {
             $this->error(_ERROR_PASSWORDMISMATCH);
         }
         if ($password && strlen($password) < 6) {
             $this->error(_ERROR_PASSWORDTOOSHORT);
         }
         if ($password) {
             $pwdvalid = true;
             $pwderror = '';
             $manager->notify('PrePasswordSet', array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid));
             if (!$pwdvalid) {
                 $this->error($pwderror);
             }
         }
     }
     if (!isValidMailAddress($email)) {
         $this->error(_ERROR_BADMAILADDRESS);
     }
     if (!$realname) {
         $this->error(_ERROR_REALNAMEMISSING);
     }
     if ($deflang != '' && !checkLanguage($deflang)) {
         $this->error(_ERROR_NOSUCHLANGUAGE);
     }
     // check if there will remain at least one site member with both the logon and admin rights
     // (check occurs when taking away one of these rights from such a member)
     if (!$admin && $mem->isAdmin() && $mem->canLogin() || !$canlogin && $mem->isAdmin() && $mem->canLogin()) {
         $r = sql_query('SELECT * FROM ' . sql_table('member') . ' WHERE madmin=1 and mcanlogin=1');
         if (sql_num_rows($r) < 2) {
             $this->error(_ERROR_ATLEASTONEADMIN);
         }
     }
     if ($CONF['AllowLoginEdit'] || $member->isAdmin()) {
         $mem->setDisplayName($name);
         if ($password) {
             $mem->setPassword($password);
         }
     }
     $oldEmail = $mem->getEmail();
     $mem->setRealName($realname);
     $mem->setEmail($email);
     $mem->setURL($url);
     $mem->setNotes($notes);
     $mem->setLanguage($deflang);
     // only allow super-admins to make changes to the admin status
     if ($member->isAdmin()) {
         $mem->setAdmin($admin);
         $mem->setCanLogin($canlogin);
     }
     $autosave = postVar('autosave');
     $mem->setAutosave($autosave);
     $mem->write();
     // store plugin options
     $aOptions = requestArray('plugoption');
     NucleusPlugin::_applyPluginOptions($aOptions);
     $manager->notify('PostPluginOptionsUpdate', array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem));
     // if email changed, generate new password
     if ($oldEmail != $mem->getEmail()) {
         $mem->sendActivationLink('addresschange', $oldEmail);
         // logout member
         $mem->newCookieKey();
         // only log out if the member being edited is the current member.
         if ($member->getID() == $memberid) {
             $member->logout();
         }
         $this->action_login(_MSG_ACTIVATION_SENT, 0);
         return;
     }
     if ($mem->getID() == $member->getID() && $mem->getDisplayName() != $member->getDisplayName()) {
         $mem->newCookieKey();
         $member->logout();
         $this->action_login(_MSG_LOGINAGAIN, 0);
     } else {
         $this->action_overview(_MSG_SETTINGSCHANGED);
     }
 }