/**
* Login validation function
*
* Username and encoded password is compare to db entries in the jos_users
* table. A successful validation updates the current session record with
* the users details.
*/
function login($username = null, $passwd = null, $remember = 0, $userid = NULL)
{
global $acl, $_VERSION;
$bypost = 0;
$valid_remember = false;
// if no username and password passed from function, then function is being called from login module/component
if (!$username || !$passwd) {
$username = stripslashes(strval(mosGetParam($_POST, 'username', '')));
$passwd = stripslashes(strval(mosGetParam($_POST, 'passwd', '')));
$bypost = 1;
// extra check to ensure that Joomla! sessioncookie exists
if (!$this->_session->session_id) {
mosErrorAlert(_ALERT_ENABLED);
return;
}
josSpoofCheck(NULL, 1);
}
$row = null;
if (!$username || !$passwd) {
mosErrorAlert(_LOGIN_INCOMPLETE);
exit;
} else {
if ($remember && strlen($username) == 32 && $userid) {
// query used for remember me cookie
$harden = mosHash(@$_SERVER['HTTP_USER_AGENT']);
$query = "SELECT id, name, username, password, usertype, block, gid" . "\n FROM #__users" . "\n WHERE id = " . (int) $userid;
$this->_db->setQuery($query);
$this->_db->loadObject($user);
list($hash, $salt) = explode(':', $user->password);
$check_username = md5($user->username . $harden);
$check_password = md5($hash . $harden);
if ($check_username == $username && $check_password == $passwd) {
$row = $user;
$valid_remember = true;
}
} else {
// query used for login via login module
$query = "SELECT id, name, username, password, usertype, block, gid" . "\n FROM #__users" . "\n WHERE username = "******"DELETE FROM #__session" . "\n WHERE session_id != " . $this->_db->Quote($session->session_id) . "\n AND username = "******"\n AND userid = " . (int) $row->id . "\n AND gid = " . (int) $row->gid . "\n AND guest = 0";
$this->_db->setQuery($query);
$this->_db->query();
}
// update user visit data
$currentDate = date("Y-m-d\\TH:i:s");
$query = "UPDATE #__users" . "\n SET lastvisitDate = " . $this->_db->Quote($currentDate) . "\n WHERE id = " . (int) $session->userid;
$this->_db->setQuery($query);
if (!$this->_db->query()) {
die($this->_db->stderr(true));
}
// set remember me cookie if selected
$remember = strval(mosGetParam($_POST, 'remember', ''));
if ($remember == 'yes') {
// cookie lifetime of 365 days
$lifetime = time() + 365 * 24 * 60 * 60;
$remCookieName = mosMainFrame::remCookieName_User();
$remCookieValue = mosMainFrame::remCookieValue_User($row->username) . mosMainFrame::remCookieValue_Pass($hash) . $row->id;
setcookie($remCookieName, $remCookieValue, $lifetime, '/');
}
mosCache::cleanCache();
} else {
if ($bypost) {
mosErrorAlert(_LOGIN_INCORRECT);
} else {
$this->logout();
mosRedirect('index.php');
}
exit;
}
}
}
<td><?php
echo T_('Your E-mail');
?>
</td>
<td align="center"><input class="inputbox" type="text" name="adminEmail" value="<?php
echo "{$adminEmail}";
?>
" size="50" /></td>
</tr>
<tr>
<td><?php
echo T_('Admin password');
?>
</td>
<td align="center"><input class="inputbox" type="text" name="adminPassword" value="<?php
echo mosMakePassword(8);
?>
" size="50"/></td>
</tr>
<tr>
<?php
$mode = 0;
$flags = 0644;
if ($filePerms != '') {
$mode = 1;
$flags = octdec($filePerms);
}
// if
?>
<td colspan="2">
<fieldset><legend><?php
function userSave($option, $uid)
{
global $database, $my, $mosConfig_frontend_userparams;
$user_id = intval(mosGetParam($_POST, 'id', 0));
// do some security checks
if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
mosNotAuth();
return;
}
// simple spoof check security
josSpoofCheck();
$row = new mosUser($database);
$row->load((int) $user_id);
$orig_password = $row->password;
$orig_username = $row->username;
if (!$row->bind($_POST, 'gid usertype')) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->name = trim($row->name);
$row->email = trim($row->email);
$row->username = trim($row->username);
mosMakeHtmlSafe($row);
if (isset($_POST['password']) && $_POST['password'] != '') {
if (isset($_POST['verifyPass']) && $_POST['verifyPass'] == $_POST['password']) {
$row->password = trim($row->password);
$salt = mosMakePassword(16);
$crypt = md5($row->password . $salt);
$row->password = $crypt . ':' . $salt;
} else {
echo "<script> alert(\"" . addslashes(_PASS_MATCH) . "\"); window.history.go(-1); </script>\n";
exit;
}
} else {
// Restore 'original password'
$row->password = $orig_password;
}
if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) {
// save params
$params = mosGetParam($_POST, 'params', '');
if (is_array($params)) {
$txt = array();
foreach ($params as $k => $v) {
$txt[] = "{$k}={$v}";
}
$row->params = implode("\n", $txt);
}
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// check if username has been changed
if ($orig_username != $row->username) {
// change username value in session table
$query = "UPDATE #__session" . "\n SET username = "******"\n WHERE username = "******"\n AND userid = " . (int) $my->id . "\n AND gid = " . (int) $my->gid . "\n AND guest = 0";
$database->setQuery($query);
$database->query();
}
mosRedirect('index.php', _USER_DETAILS_SAVE);
}
function saveRegistration()
{
global $database, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
if ($mosConfig_allowUserRegistration == 0) {
mosNotAuth();
return;
}
// simple spoof check security
josSpoofCheck();
$row = new mosUser($database);
if (!$row->bind($_POST, 'usertype')) {
mosErrorAlert($row->getError());
}
$row->name = trim($row->name);
$row->email = trim($row->email);
$row->username = trim($row->username);
$row->password = trim($row->password);
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = '';
$row->gid = $acl->get_group_id('Registered', 'ARO');
if ($mosConfig_useractivation == 1) {
$row->activation = md5(mosMakePassword());
$row->block = '1';
}
if (!$row->check()) {
echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n";
exit;
}
$pwd = $row->password;
$salt = mosMakePassword(16);
$crypt = md5($row->password . $salt);
$row->password = $crypt . ':' . $salt;
$row->registerDate = date('Y-m-d H:i:s');
if (!$row->store()) {
echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
$name = trim($row->name);
$email = trim($row->email);
$username = trim($row->username);
$subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
if ($mosConfig_useractivation == 1) {
$message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
} else {
$message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
}
$message = html_entity_decode($message, ENT_QUOTES);
// check if Global Config `mailfrom` and `fromname` values exist
if ($mosConfig_mailfrom != '' && $mosConfig_fromname != '') {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
// use email address and name of first superadmin for use in email sent to user
$query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE LOWER( usertype ) = 'superadministrator'" . "\n OR LOWER( usertype ) = 'super administrator'";
$database->setQuery($query);
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
// Send email to user
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get email addresses of all admins and superadmins set to recieve system emails
$query = "SELECT email, sendEmail" . "\n FROM #__users" . "\n WHERE ( gid = 24 OR gid = 25 )" . "\n AND sendEmail = 1" . "\n AND block = 0";
$database->setQuery($query);
$admins = $database->loadObjectList();
foreach ($admins as $admin) {
// send email to admin & super admin set to recieve system emails
mosMail($adminEmail2, $adminName2, $admin->email, $subject2, $message2);
}
if ($mosConfig_useractivation == 1) {
echo _REG_COMPLETE_ACTIVATE;
} else {
echo _REG_COMPLETE;
}
}
function saveRegistration($option)
{
global $database, $my, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
if ($mosConfig_allowUserRegistration == "0") {
mosNotAuth();
return;
}
$row = new mosUser($database);
if (!$row->bind($_POST, "usertype")) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = '';
$row->gid = $acl->get_group_id('Registered', 'ARO');
if ($mosConfig_useractivation == "1") {
$row->activation = md5(mosMakePassword());
$row->block = "1";
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$pwd = $row->password;
$row->password = md5($row->password);
$row->registerDate = date("Y-m-d H:i:s");
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
//// Begin UserExtended
include "administrator/components/com_user_extended/user_extended.class.php";
$rowExtended = new mosUser_Extended($database);
if (!$rowExtended->bind($_POST)) {
echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$rowExtended->check()) {
echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$rowExtended->storeExtended($row->id)) {
echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
//// End UserExtended
$row->checkin();
$name = $row->name;
$email = $row->email;
$username = $row->username;
$subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
if ($mosConfig_useractivation == "1") {
$message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
} else {
$message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
}
$message = html_entity_decode($message, ENT_QUOTES);
// Send email to user
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
$database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='superadministrator'");
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get superadministrators id
$admins = $acl->get_group_objects(25, 'ARO');
foreach ($admins['users'] as $id) {
$database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'");
$rows = $database->loadObjectList();
$row = $rows[0];
if ($row->sendEmail) {
mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
}
}
if ($mosConfig_useractivation == "1") {
echo _REG_COMPLETE_ACTIVATE;
} else {
echo _REG_COMPLETE;
}
}
$config .= "\$mosConfig_multilingual_support = '0';\n";
$config .= "\$mosConfig_editor = 'tinymce';\n";
$config .= "\$mosConfig_admin_expired = '1';\n";
$config .= "\$mosConfig_frontend_login = '******';\n";
$config .= "\$mosConfig_frontend_userparams = '1';\n";
$config .= "\$mosConfig_itemid_compat = '0';\n";
$config .= "setlocale (LC_TIME, \$mosConfig_locale);\n";
$config .= "?>";
if ($canWrite && ($fp = fopen("../configuration.php", "w"))) {
fputs($fp, $config, strlen($config));
fclose($fp);
} else {
$canWrite = false;
}
// if
$salt = mosMakePassword(16);
$crypt = md5($adminPassword . $salt);
$cryptpass = $crypt . ':' . $salt;
$database = new database($DBhostname, $DBuserName, $DBpassword, $DBname, $DBPrefix);
$nullDate = $database->getNullDate();
// create the admin user
$installdate = date('Y-m-d H:i:s');
$query = "INSERT INTO `#__users` VALUES (62, 'Administrator', 'admin', '{$adminEmail}', '{$cryptpass}', 'Super Administrator', 0, 1, 25, '{$installdate}', '{$nullDate}', '', '')";
$database->setQuery($query);
$database->query();
// add the ARO (Access Request Object)
$query = "INSERT INTO `#__core_acl_aro` VALUES (10,'users','62',0,'Administrator',0)";
$database->setQuery($query);
$database->query();
// add the map between the ARO and the Group
$query = "INSERT INTO `#__core_acl_groups_aro_map` VALUES (25,'',10)";
function saveUser($option, $task)
{
global $database, $my, $acl;
global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
$row = new mosUser($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// sanitize
$row->id = intval($row->id);
$row->gid = intval($row->gid);
$isNew = !$row->id;
$pwd = '';
// disallow super administrator blocking self
$super_gid = $acl->get_group_id('super administrator');
if ($row->id == $my->id && $my->gid == $super_gid) {
$row->block = 0;
}
// MD5 hash convert passwords
if ($isNew) {
// new user stuff
if ($row->password == '') {
$pwd = mosMakePassword();
$row->password = md5($pwd);
} else {
$pwd = $row->password;
$row->password = md5($row->password);
}
$row->registerDate = date('Y-m-d H:i:s');
} else {
// existing user stuff
if ($row->password == '') {
// password set to null if empty
$row->password = null;
} else {
$pwd = $row->password;
$row->password = md5($pwd);
}
}
// save usertype to usetype column
$query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = {$row->gid}";
$database->setQuery($query);
$usertype = $database->loadResult();
$row->usertype = $usertype;
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
$row->checkin();
$loginfo = new mosLoginDetails($row->username, $pwd);
$mambothandler =& mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
// update the ACL
if (!$isNew) {
if ($pwd) {
$mambothandler->trigger('userChange', array($loginfo));
}
if ($row->block) {
$mambothandler->trigger('userBlock', array($loginfo));
} else {
$mambothandler->trigger('userUnblock', array($loginfo));
}
$query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'";
$database->setQuery($query);
$aro_id = $database->loadResult();
$query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'";
$database->setQuery($query);
$database->query() or die($database->stderr());
}
// for new users, email username and password
if ($isNew) {
$mambothandler->trigger('userRegister', array($loginfo));
$mambothandler->trigger('userActivate', array($loginfo));
if ($row->block) {
$mambothandler->trigger('userBlock', array($loginfo));
}
$query = "SELECT email FROM #__users WHERE id={$my->id}";
$database->setQuery($query);
$adminEmail = $database->loadResult();
$subject = T_('New User Details');
$message = sprintf(T_('Hello %s,
You have been added as a user to %s by an Administrator.
This email contains your username and password to log into the %s
Username - %s
Password - %s
Please do not respond to this message as it is automatically generated and is for information purposes only'), $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd);
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName = $mosConfig_fromname;
$adminEmail = $mosConfig_mailfrom;
} else {
$query = "SELECT name, email FROM #__users WHERE usertype='super administrator'";
$database->setQuery($query);
$rows = $database->loadObjectList();
$row = $rows[0];
$adminName = $row->name;
$adminEmail = $row->email;
}
mosMail($adminEmail, $adminName, $row->email, $subject, $message);
}
switch ($task) {
case 'apply':
$msg = sprintf(T_('Successfully Saved changes to User: %s'), $row->name);
mosRedirect('index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg);
case 'save':
default:
$msg = sprintf(T_('Successfully Saved User: %s'), $row->name);
mosRedirect('index2.php?option=com_users', $msg);
break;
}
}
function saveRegistration($option)
{
global $database, $my, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
if ($mosConfig_allowUserRegistration == '0') {
mosNotAuth();
return;
}
$row = new mosUser($database);
if (!$row->bind($_POST, 'usertype')) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = 'Registered';
$row->gid = $acl->get_group_id('Registered', 'ARO');
if ($mosConfig_useractivation == '1') {
$row->activation = md5(mosMakePassword());
$row->block = '1';
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$pwd = $row->password;
$row->password = md5($row->password);
$row->registerDate = date("Y-m-d H:i:s");
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
$name = $row->name;
$email = $row->email;
$username = $row->username;
$subject = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
$mambothandler =& mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
if ($mosConfig_useractivation == "1") {
$message = sprintf(T_('Hello %s,
Thank you for registering at %s. Your account has been created but, as a precaution, it must be activated by you before you can use it.
To activate the account click on the following link or copy and paste it in your browser:
%s
After activation you may login to %s using the following username and password:
Username - %s
Password - %s'), $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
$loginfo = new mosLoginDetails($username, $pwd);
$mambothandler->trigger('userRegister', array($loginfo));
} else {
$message = sprintf(T_("Hello %s,\n\nThank you for registering at %s.\n\nYou may now login to %s using the username and password you registered with."), $name, $mosConfig_sitename, $mosConfig_live_site);
$loginfo = new mosLoginDetails($username, $pwd);
$mambothandler->trigger('userRegister', array($loginfo));
$mambothandler->trigger('userActivate', array($loginfo));
}
$message = html_entity_decode($message, ENT_QUOTES);
// Send email to user
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
$database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='super administrator'");
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename);
$message2 = sprintf(T_('Hello %s,
A new user has registered at %s.
This email contains their details:
Name - %s
e-mail - %s
Username - %s
Please do not respond to this message as it is automatically generated and is for information purposes only'), $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get superadministrators id
$admins = $acl->get_group_objects(25, 'ARO');
foreach ($admins['users'] as $id) {
$database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'");
$rows = $database->loadObjectList();
$row = $rows[0];
if ($row->sendEmail) {
mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
}
}
if ($mosConfig_useractivation == "1") {
echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />';
echo T_('Your account has been created and an activation link has been sent to the e-mail address you entered. Note that you must activate the account by clicking on the activation link before you can login.');
} else {
echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />';
echo T_('You may now login.');
}
}
function saveUser($task)
{
global $database, $my, $acl;
global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
josSpoofCheck();
$userIdPosted = mosGetParam($_POST, 'id');
if ($userIdPosted) {
$msg = checkUserPermissions(array($userIdPosted), 'save', in_array($my->gid, array(24, 25)));
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . $msg . "'); window.history.go(-1);</script>\n";
exit;
}
}
$row = new mosUser($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->name = trim($row->name);
$row->email = trim($row->email);
$row->username = trim($row->username);
// sanitise fields
$row->id = (int) $row->id;
// sanitise gid field
$row->gid = (int) $row->gid;
$isNew = !$row->id;
$pwd = '';
// MD5 hash convert passwords
if ($isNew) {
// new user stuff
if ($row->password == '') {
$pwd = mosMakePassword();
$salt = mosMakePassword(16);
$crypt = md5($pwd . $salt);
$row->password = $crypt . ':' . $salt;
} else {
$pwd = trim($row->password);
$salt = mosMakePassword(16);
$crypt = md5($pwd . $salt);
$row->password = $crypt . ':' . $salt;
}
$row->registerDate = date('Y-m-d H:i:s');
} else {
$original = new mosUser($database);
$original->load((int) $row->id);
// existing user stuff
if ($row->password == '') {
// password set to null if empty
$row->password = null;
} else {
$row->password = trim($row->password);
$salt = mosMakePassword(16);
$crypt = md5($row->password . $salt);
$row->password = $crypt . ':' . $salt;
}
// if group has been changed and where original group was a Super Admin
if ($row->gid != $original->gid) {
if ($original->gid == 25) {
// count number of active super admins
$query = "SELECT COUNT( id )" . "\n FROM #__users" . "\n WHERE gid = 25" . "\n AND block = 0";
$database->setQuery($query);
$count = $database->loadResult();
if ($count <= 1) {
// disallow change if only one Super Admin exists
echo "<script> alert('You cannot change this users Group as it is the only active Super Administrator for your site'); window.history.go(-1); </script>\n";
exit;
}
}
$user_group = strtolower($acl->get_group_name($original->gid, 'ARO'));
if ($user_group == 'super administrator' && $my->gid != 25) {
// disallow change of super-Admin by non-super admin
echo "<script> alert('You cannot change this users Group as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n";
exit;
} else {
if ($my->gid == 24 && $original->gid == 24) {
// disallow change of super-Admin by non-super admin
echo "<script> alert('You cannot change the Group of another Administrator as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n";
exit;
}
}
// ensure user can't add group higher than themselves done below
}
}
/*
// if user is made a Super Admin group and user is NOT a Super Admin
if ( $row->gid == 25 && $my->gid != 25 ) {
// disallow creation of Super Admin by non Super Admin users
echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n";
exit();
}
*/
// Security check to avoid creating/editing user to higher level than himself: response to artf4529.
if (!in_array($row->gid, getGIDSChildren($my->gid))) {
// disallow creation of Super Admin by non Super Admin users
echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n";
exit;
}
// save usertype to usertype column
$query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = " . (int) $row->gid;
$database->setQuery($query);
$usertype = $database->loadResult();
$row->usertype = $usertype;
// save params
$params = mosGetParam($_POST, 'params', '');
if (is_array($params)) {
$txt = array();
foreach ($params as $k => $v) {
$txt[] = "{$k}={$v}";
}
$row->params = implode("\n", $txt);
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
// updates the current users param settings
if ($my->id == $row->id) {
//session_start();
$_SESSION['session_user_params'] = $row->params;
session_write_close();
}
// update the ACL
if (!$isNew) {
$query = "SELECT aro_id" . "\n FROM #__core_acl_aro" . "\n WHERE value = " . (int) $row->id;
$database->setQuery($query);
$aro_id = $database->loadResult();
$query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = " . (int) $row->gid . "\n WHERE aro_id = " . (int) $aro_id;
$database->setQuery($query);
$database->query() or die($database->stderr());
}
// for new users, email username and password
if ($isNew) {
$query = "SELECT email" . "\n FROM #__users" . "\n WHERE id = " . (int) $my->id;
$database->setQuery($query);
$adminEmail = $database->loadResult();
$subject = _NEW_USER_MESSAGE_SUBJECT;
$message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd);
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName = $mosConfig_fromname;
$adminEmail = $mosConfig_mailfrom;
} else {
$query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE gid = 25";
$database->setQuery($query);
$admins = $database->loadObjectList();
$admin = $admins[0];
$adminName = $admin->name;
$adminEmail = $admin->email;
}
mosMail($adminEmail, $adminName, $row->email, $subject, $message);
}
if (!$isNew) {
// if group has been changed
if ($original->gid != $row->gid) {
// delete user acounts active sessions
logoutUser($row->id, 'com_users', 'change');
}
}
switch ($task) {
case 'apply':
$msg = 'Successfully Saved changes to User: '******'index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg);
break;
case 'save':
default:
$msg = 'Successfully Saved User: '******'index2.php?option=com_users', $msg);
break;
}
}
$config .= "\$mosConfig_register_globals = '1';\n";
$config .= "\$mosConfig_list_limit = '50';\n";
$config .= "\$mosConfig_caching = '0';\n";
$config .= "\$mosConfig_cachepath = '{$configArray['absolutePath']}/cache';\n";
$config .= "\$mosConfig_cachetime = '900';\n";
$config .= "\$mosConfig_mailer = 'mail';\n";
$config .= "\$mosConfig_mailfrom = '{$adminEmail}';\n";
$config .= "\$mosConfig_fromname = '{$configArray['sitename']}';\n";
$config .= "\$mosConfig_sendmail = '/usr/sbin/sendmail';\n";
$config .= "\$mosConfig_smtpauth = '0';\n";
$config .= "\$mosConfig_smtpuser = '';\n";
$config .= "\$mosConfig_smtppass = '';\n";
$config .= "\$mosConfig_smtphost = 'localhost';\n";
$config .= "\$mosConfig_back_button = '0';\n";
$config .= "\$mosConfig_item_navigation = '0';\n";
$config .= "\$mosConfig_secret = '" . mosMakePassword(16) . "';\n";
$config .= "\$mosConfig_pagetitles = '1';\n";
$config .= "\$mosConfig_readmore = '1';\n";
$config .= "\$mosConfig_hits = '1';\n";
$config .= "\$mosConfig_icons = '1';\n";
$config .= "\$mosConfig_favicon = 'favicon.ico';\n";
$config .= "\$mosConfig_fileperms = '" . $configArray['filePerms'] . "';\n";
$config .= "\$mosConfig_dirperms = '" . $configArray['dirPerms'] . "';\n";
$config .= "\$mosConfig_helpurl = 'http://docs.mambo-foundation.org';\n";
$config .= "\$mosConfig_mbf_content = '0';\n";
$config .= "setlocale (LC_TIME, \$mosConfig_locale);\n";
$config .= "?>";
if ($canWrite && ($fp = fopen("../configuration.php", "w"))) {
fputs($fp, $config, strlen($config));
fclose($fp);
} else {
<IMG SRC="images/menu/textmenu_member.gif" BORDER="0">
<?php
$forget = $_POST['forget'];
function mosMakePassword($length)
{
$salt = "abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ123456789";
$len = strlen($salt);
$makepass = "";
mt_srand(10000000 * (double) microtime());
for ($i = 0; $i < $length; $i++) {
$makepass .= $salt[mt_rand(0, $len - 1)];
}
return $makepass;
}
$Pass = mosMakePassword(8);
if (!empty($forget)) {
$db->connectdb(DB_NAME, DB_USERNAME, DB_PASSWORD);
//ÃкºÊÁÒªÔ¡àÊÃÔÁ maxsite 1.10 ¾Ñ²¹Òâ´Â www.narongrit.net
$emails = $_POST['emails'];
$result = mysql_query("select user from " . TB_MEMBER . " where email='{$emails}' ") or die("Err Database");
$numrow = mysql_num_rows($result);
if ($numrow == 0) {
$status = "<center><font size='3' face='MS Sans Serif'><b>No {$emails} on Web</b></font></center>";
} else {
$result = mysql_query("select * from " . TB_MEMBER . " where email='{$emails}' ");
$dbarr = mysql_fetch_array($result);
$email = $dbarr['email'];
$name = $dbarr['name'];
$user = $dbarr['user'];
$password = $Pass;
function saveUser($option)
{
global $database, $my;
global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
$row = new mosUser($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$isNew = !$row->id;
$pwd = '';
if ($isNew) {
// new user stuff
if ($row->password == '') {
$pwd = mosMakePassword();
$row->password = md5($pwd);
} else {
$pwd = $row->password;
$row->password = md5($row->password);
}
$row->registerDate = date('Y-m-d H:i:s');
} else {
// existing user stuff
if ($row->password == '') {
// password set to null if empty
$row->password = null;
} else {
$row->password = md5($row->password);
}
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
// update the ACL
if ($isNew) {
} else {
$query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'";
$database->setQuery($query);
$aro_id = $database->loadResult();
$query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'";
$database->setQuery($query);
$database->query() or die($database->stderr());
}
$row->checkin();
if ($isNew) {
$query = "SELECT email FROM #__users WHERE id={$my->id}";
$database->setQuery($query);
$adminEmail = $database->loadResult();
$subject = _NEW_USER_MESSAGE_SUBJECT;
$message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd);
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName = $mosConfig_fromname;
$adminEmail = $mosConfig_mailfrom;
} else {
$query = "SELECT name, email FROM #__users WHERE usertype='superadministrator'";
$database->setQuery($query);
$rows = $database->loadObjectList();
$row = $rows[0];
$adminName = $row->name;
$adminEmail = $row->email;
}
mosMail($adminEmail, $adminName, $row->email, $subject, $message);
}
$limit = intval(mosGetParam($_REQUEST, 'limit', 10));
$limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
mosRedirect('index2.php?option=' . $option);
}
function saveUser($option)
{
global $database, $my;
global $mosConfig_live_site;
$row = new mosUser($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$isNew = !$row->id;
$pwd = '';
if ($isNew) {
//extended user stuff
$row->user_id = $row->id;
// new user stuff
if ($row->password == '') {
$pwd = mosMakePassword();
$row->password = md5($pwd);
} else {
$pwd = $row->password;
$row->password = md5($row->password);
}
} else {
// existing user stuff
if ($row->password == '') {
// password set to null if empty
$row->password = null;
} else {
$row->password = md5($row->password);
}
}
$row->registerDate = date("Y-m-d H:i:s");
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
// update the ACL
if ($isNew) {
} else {
$database->setQuery("SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'");
$aro_id = $database->loadResult();
$database->setQuery("UPDATE #__core_acl_groups_aro_map" . "\nSET group_id = '{$row->gid}'" . "\nWHERE aro_id = '{$aro_id}'");
$database->query() or die($database->stderr());
}
$row->checkin();
if ($isNew) {
$database->setQuery("SELECT email FROM #__users WHERE id={$my->id}");
$adminEmail = $database->loadResult();
$subject = "New User Details";
$message = "Hello {$row->name},\r \n \r \n";
$message .= "You have been added as a user to {$mosConfig_live_site} by an Administrator.\r \n";
$message .= "This email contains your username and password to log into the {$mosConfig_live_site} site:\r \n \r \n";
$message .= "Username - {$row->username}\r \n";
$message .= "Password - {$pwd}\r \n \r \n \r \n";
$message .= "Please do not respond to this message as it is automatically generated and is for information purposes only\r \n";
$headers .= "From: {$adminEmail}\r\n";
$headers .= "Reply-To: {$adminEmail}\r\n";
$headers .= "X-Priority: 3\r\n";
$headers .= "X-MSMail-Priority: Low\r\n";
$headers .= "X-Mailer: Mambo Open Source 4.5\r\n";
mail($row->email, $subject, $message, $headers);
}
$limit = intval(mosGetParam($_REQUEST, 'limit', 10));
$limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
$row = null;
$row = new mosUser_Extended($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
if (!$row->storeExtended(0)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
mosRedirect("index2.php?option={$option}");
}
$config .= "# information/renewal page. This will send by\n";
$config .= "# email if set.\n";
$config .= "# \$admin_file: Administration panel filename. \"admin\" by default for\n";
$config .= "# \t\t \"admin.php\". To improve security please rename the file\n";
$config .= "# \"admin.php\" and change the \$admin_file value to the\n";
$config .= "# new filename (without the extension .php)\n";
$config .= "######################################################################\n";
$config .= "\n";
$config .= "\$dbhost = \"{$configArray['DBhostname']}\";\n";
$config .= "\$dbuname = \"{$configArray['DBuserName']}\";\n";
$config .= "\$dbpass = \"{$configArray['DBpassword']}\";\n";
$config .= "\$dbname = \"{$configArray['DBname']}\";\n";
$config .= "\$prefix = \"nuke\";\n";
$config .= "\$user_prefix = \"nuke\";\n";
$config .= "\$dbtype = \"MySQL\";\n";
$skey = mosMakePassword(40);
$config .= "\$sitekey = \"{$skey}\";\n";
$config .= "\$subscription_url = \"\";\n";
$config .= "\$admin_file = \"admin\";\n";
$config .= "\n";
$config .= "/**********************************************************************/\n";
$config .= "/* You finished to configure the Database. Now you can change all */\n";
$config .= "/* you want in the Administration Section. To enter just launch */\n";
$config .= "/* your web browser pointing it to http://xxxxxx.xxx/admin.php */\n";
$config .= "/* (Change xxxxxx.xxx to your domain name, for example: phpnuke.org) */\n";
$config .= "/* */\n";
$config .= "/* Remember to go to Preferences section where you can configure your */\n";
$config .= "/* new site. In that menu you can change all you need to change. */\n";
$config .= "/* */\n";
$config .= "/* Congratulations! now you have an automated news portal! */\n";
$config .= "/* Thanks for choose PHP-Nuke: The Future of the Web */\n";
