Ejemplo n.º 1
0
function phorum_htmlpurifier_migrate_sigs($offset)
{
    global $PHORUM;
    if (!$offset) {
        return;
    }
    // bail out quick if $offset == 0
    // theoretically, we could get rid of this multi-request
    // doo-hickery if safe mode is off
    @set_time_limit(0);
    // attempt to let this run
    $increment = $PHORUM['mod_htmlpurifier']['migrate-sigs-increment'];
    require_once dirname(__FILE__) . '/../migrate.php';
    // migrate signatures
    // do this in batches so we don't run out of time/space
    $end = $offset + $increment;
    $user_ids = array();
    for ($i = $offset; $i < $end; $i++) {
        $user_ids[] = $i;
    }
    $userinfos = phorum_db_user_get_fields($user_ids, 'signature');
    foreach ($userinfos as $i => $user) {
        if (empty($user['signature'])) {
            continue;
        }
        $sig = $user['signature'];
        // perform standard Phorum processing on the sig
        $sig = str_replace(array("&", "<", ">"), array("&amp;", "&lt;", "&gt;"), $sig);
        $sig = preg_replace("/<((http|https|ftp):\\/\\/[a-z0-9;\\/\\?:@=\\&\$\\-_\\.\\+!*'\\(\\),~%]+?)>/i", "\$1", $sig);
        // prepare fake data to pass to migration function
        $fake_data = array(array("author" => "", "email" => "", "subject" => "", 'body' => $sig));
        list($fake_message) = phorum_htmlpurifier_migrate($fake_data);
        $user['signature'] = $fake_message['body'];
        if (!phorum_api_user_save($user)) {
            exit('Error while saving user data');
        }
    }
    unset($userinfos);
    // free up memory
    // query for highest ID in database
    $type = $PHORUM['DBCONFIG']['type'];
    $sql = "select MAX(user_id) from {$PHORUM['user_table']}";
    $row = phorum_db_interact(DB_RETURN_ROW, $sql);
    $top_id = (int) $row[0];
    $offset += $increment;
    if ($offset > $top_id) {
        // test for end condition
        echo 'Migration finished';
        $PHORUM['mod_htmlpurifier']['migrate-sigs'] = FALSE;
        phorum_htmlpurifier_commit_settings();
        return TRUE;
    }
    $host = $_SERVER['HTTP_HOST'];
    $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
    $extra = 'admin.php?module=modsettings&mod=htmlpurifier&migrate-sigs=' . $offset;
    // relies on output buffering to work
    header("Location: http://{$host}{$uri}/{$extra}");
    exit;
}
Ejemplo n.º 2
0
    echo "migrating users ...{$CONVERT['lbr']}";
    flush();
    $group_perms = phorum_convert_getUserGroups($oldlink);
    $res = phorum_convert_selectUsers($oldlink);
    if (!$res) {
        echo "No users found, All done now.{$CONVERT['lbr']}";
        flush();
        exit;
    }
    // there are users...
    $count = 0;
    $userdata["date_added"] = time();
    $cur_time = time();
    while ($cur_user = phorum_convert_getNextUser($res)) {
        if (isset($cur_user['user_id'])) {
            phorum_api_user_save($cur_user, PHORUM_FLAG_RAW_PASSWORD);
            $user_groups = array();
            if (isset($group_perms[$cur_user['user_id']])) {
                $user_groups = $group_perms[$cur_user['user_id']];
            }
            if (count($user_groups)) {
                // setting the user's group-memberships
                phorum_db_user_save_groups($cur_user['user_id'], $user_groups);
            }
            $count++;
        }
    }
    unset($users);
    print "{$count} users converted{$CONVERT['lbr']}";
}
echo "{$CONVERT['lbr']}Done.{$CONVERT['lbr']}";
Ejemplo n.º 3
0
//   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
//                                                                            //
//   You should have received a copy of the Phorum License                    //
//   along with this program.                                                 //
////////////////////////////////////////////////////////////////////////////////
// don't allow this page to be loaded directly
if (!defined("PHORUM_ADMIN")) {
    exit;
}
if (count($_POST)) {
    if (!empty($_POST['phorum_admin_token']) && $_POST['phorum_admin_token'] == $PHORUM["user"]['settings_data']['admin_token'] && time() - PHORUM_ADMIN_TOKEN_TIMEOUT < $PHORUM["user"]['settings_data']['admin_token_time']) {
        if (!empty($_POST['cancel'])) {
            $PHORUM["user"]['settings_data']['admin_token'] = "";
            $tmp_user = array('user_id' => $PHORUM["user"]['user_id'], 'settings_data' => $PHORUM["user"]['settings_data']);
            phorum_api_user_save($tmp_user);
            phorum_api_redirect($PHORUM['http_path']);
        } elseif (!empty($_POST['continue'])) {
            if (!empty($_POST['target'])) {
                $url = phorum_admin_build_url($_POST['target'], TRUE);
            } else {
                $url = phorum_admin_build_url(NULL, TRUE);
            }
            phorum_api_redirect($url);
        }
        exit;
    }
}
// We have no token or our token expired.
// Generate a fresh token.
$admin_token_time = time();
Ejemplo n.º 4
0
        // clean up
        unset($user_data["module"]);
        unset($user_data["section"]);
        unset($user_data["password1"]);
        unset($user_data["password2"]);
        unset($user_data["submit"]);
        unset($user_data["phorum_admin_token"]);
        if (empty($error)) {
            $user_data = phorum_hook("admin_users_form_save", $user_data);
            if (isset($user_data["error"])) {
                $error = $user_data["error"];
                unset($user_data["error"]);
            }
        }
        if (empty($error)) {
            phorum_api_user_save($user_data);
            phorum_admin_okmsg("User Saved");
        }
    }
}
if ($error) {
    phorum_admin_error($error);
}
include_once "./include/admin/PhorumInputForm.php";
include_once "./include/profile_functions.php";
if (!defined("PHORUM_ORIGINAL_USER_CODE") || PHORUM_ORIGINAL_USER_CODE !== true) {
    echo "Phorum User Admin only works with the Phorum User System.";
    return;
}
if (!isset($_GET["edit"]) && !isset($_GET["add"]) && !isset($addUser_error) && !isset($_POST['section'])) {
    $users_url = phorum_admin_build_url(array('module=users'));
Ejemplo n.º 5
0
     }
 }
 // Authenticating the user failed? Let's check if the user
 // already exists at all.
 if (!$user_id) {
     $user = phorum_api_user_search('username', $_POST['admin_user']);
     if ($user) {
         phorum_admin_error("That user already exists in the database.");
         break;
     }
 }
 // The user does not yet exist. Create it now.
 if (!$user_id) {
     // add the user
     $user = array("user_id" => NULL, "username" => $_POST["admin_user"], "password" => $_POST["admin_pass"], "email" => $_POST["admin_email"], "active" => 1, "admin" => 1);
     if (!phorum_api_user_save($user)) {
         phorum_admin_error("There was an error adding the user.");
         break;
     }
 }
 // set the default http_path so we can continue.
 if (!empty($_SERVER["HTTP_REFERER"])) {
     $http_path = $_SERVER["HTTP_REFERER"];
 } elseif (!empty($_SERVER['HTTP_HOST'])) {
     $http_path = "http://" . $_SERVER['HTTP_HOST'];
     $http_path .= $_SERVER['PHP_SELF'];
 } else {
     $http_path = "http://" . $_SERVER['SERVER_NAME'];
     $http_path .= $_SERVER['PHP_SELF'];
 }
 $PHORUM['DB']->update_settings(array("http_path" => dirname($http_path)));
Ejemplo n.º 6
0
         $mail_data['mailmessage'] = wordwrap(str_replace(array('%title%', '%username%', '%verify_url%', '%login_url%'), array($PHORUM['title'], $user['username'], $verify_url, phorum_api_url(PHORUM_LOGIN_URL)), $PHORUM['DATA']['LANG']['VerifyRegEmailBody']), 72);
     } else {
         // Hide the deprecated language strings from the
         // amin language tool by not using the full syntax
         // for those.
         $lang = $PHORUM['DATA']['LANG'];
         $mail_data['mailmessage'] = wordwrap($lang['VerifyRegEmailBody1'], 72) . "\n\n{$verify_url}\n\n" . wordwrap($lang['VerifyRegEmailBody2'], 72);
     }
     phorum_api_mail($user['email'], $mail_data);
     $okmsg = $PHORUM['DATA']['LANG']['RegVerifyEmail'];
     $template = 'message';
     $hook_args = array('status' => 'new_verification', 'email' => $_POST['lostpass'], 'user' => $user, 'secret' => $regcode);
 } else {
     // Generate and store a new password for the user.
     $newpass = phorum_api_generate_password();
     phorum_api_user_save(array('user_id' => $uid, 'password_temp' => $newpass));
     // Mail the new password.
     $user = phorum_api_user_get($uid);
     $mail_data = array();
     // The mailmessage can be composed in two different ways.
     // This was done for backward compatibility for the language
     // files. Up to Phorum 5.2, we had LostPassEmailBody1 and
     // LostPassEmailBody2 for defining the lost password mail body.
     // In 5.3, we switched to a single variable LostPassEmailBody.
     // Eventually, the variable replacements need to be handled
     // by the mail API layer.
     if (isset($PHORUM['DATA']['LANG']['LostPassEmailBody'])) {
         $mail_data['mailmessage'] = wordwrap(str_replace(array('%title%', '%username%', '%password%', '%login_url%'), array($PHORUM['title'], $user['username'], $newpass, phorum_api_url(PHORUM_LOGIN_URL)), $PHORUM['DATA']['LANG']['LostPassEmailBody']), 72);
     } else {
         // Hide the deprecated language strings from the
         // amin language tool by not using the full syntax
Ejemplo n.º 7
0
/**
 * Check the authentication credentials for a user.
 *
 * @example user_login.php Handle a user forum login
 *
 * @param string $type
 *     The type of session for which authentication is run. This must be
 *     one of {@link PHORUM_FORUM_SESSION} or {@link PHORUM_ADMIN_SESSION}.
 *
 *     This parameter is mostly used for logging purposes and for giving
 *     mods a chance to handle user authentication for only a certain type
 *     of session. It is not used for denying authentication if for example
 *     a standard user tries to authenticate for the admin interface. Those
 *     restrictions are handled in a different part of the user API.
 *
 *     See the documentation for {@link phorum_api_user_session_create()}
 *     for more information on Phorum user sessions.
 *
 * @param string $username
 *     The username for the user.
 *
 * @param string $password
 *     The password for the user.
 *
 * @return mixed
 *     If the authentication credentials are correct, this function returns
 *     the user_id of the authenticated user. Otherwise, FALSE is returned.
 */
function phorum_api_user_authenticate($type, $username, $password)
{
    $PHORUM = $GLOBALS['PHORUM'];
    $user_id = NULL;
    /**
     * [hook]
     *     user_authenticate
     *
     * [description]
     *     This hooks gives modules a chance to handle the user
     *     authentication (for example to authenticate against an
     *     external source like an LDAP server).
     *
     * [category]
     *     User authentication and session handling
     *
     * [when]
     *     Just before Phorum runs its own user authentication.
     *
     * [input]
     *     An array containing the following fields:
     *     <ul>
     *     <li>type:
     *         either PHORUM_FORUM_SESSION or PHORUM_ADMIN_SESSION;</li>
     *     <li>username:
     *         the username of the user to authenticate;</li>
     *     <li>password:
     *         the password of the user to authenticate;</li>
     *     <li>user_id:
     *         Always NULL on input. This field implements the
     *         authentication state.</li>
     *     </ul>
     *
     * [output]
     *     The same array as the one that was used for the hook call
     *     argument, possibly with the user_id field updated. This field
     *     can be set to one of the following values by a module:
     *
     *     <ul>
     *     <li>NULL: let Phorum handle the authentication</li>
     *     <li>FALSE: the authentication credentials are rejected</li>
     *     <li>1234: the numerical user_id of the authenticated user</li>
     *     </ul>
     *
     * [example]
     *     <hookcode>
     *     function phorum_mod_foo_user_authenticate($auth)
     *     {
     *         // Only trust admin logins from IP addresses in 10.1.2.0/24.
     *         if ($auth["type"] == PHORUM_ADMIN_SESSION) {
     *             if (substr($_SERVER['REMOTE_ADDR'],0,7) != '10.1.2.') {
     *                 $auth["user_id"] = FALSE;
     *                 return $auth;
     *             }
     *         }
     *
     *         // Let Phorum handle autentication for all users that
     *         // have a username starting with "bar" (not a really
     *         // useful feature, but it shows the use of the NULL
     *         // return value ;-).
     *         if (substr($auth["username"], 0, 3) == "bar") {
     *             $auth["user_id"] = NULL;
     *             return $auth;
     *         }
     *
     *         // Authenticate other logins against an external source. Here
     *         // we call some made up function for checking the password,
     *         // which returns the user_id for the authenticated user.
     *         $user_id = some_func_that_checks_pw(
     *             $auth["username"],
     *             $auth["password"]
     *         );
     *         $auth["user_id"] = empty($user_id) ? FALSE : $user_id;
     *         return $auth;
     *     }
     *     </hookcode>
     */
    if (isset($PHORUM['hooks']['user_authenticate'])) {
        // Run the hook.
        $authinfo = phorum_hook('user_authenticate', array('type' => $type, 'username' => $username, 'password' => $password, 'user_id' => NULL));
        // Authentication rejected by module.
        if ($authinfo['user_id'] === FALSE) {
            return FALSE;
        }
        // Check if the returned user_id is numerical, if the the module
        // did return a user_id.
        if ($authinfo['user_id'] !== NULL && !is_numeric($authinfo['user_id'])) {
            trigger_error('Hook user_check_login returned a non-numerical user_id "' . htmlspecialchars($authinfo['user_id']) . '" for the authenticated user. Phorum only supports numerical ' . 'user_id values.', E_USER_ERROR);
            return NULL;
        }
        $user_id = $authinfo['user_id'];
    }
    // No module handled the authentication?
    // Then we have to run the Phorum authentication.
    if ($user_id === NULL) {
        // Check the password.
        $user_id = phorum_db_user_check_login($username, md5($password));
        // Password check failed? Then try the temporary password (used for
        // the password reminder feature).
        $temporary_matched = FALSE;
        if ($user_id == 0) {
            $user_id = phorum_db_user_check_login($username, md5($password), TRUE);
            if ($user_id != 0) {
                $temporary_matched = TRUE;
            }
        }
        // If the temporary password matched, then synchronize the main
        // password with the temporary password. The temporary password
        // is kept the same. We also reset the long term session id, so
        // sessions in other browsers are reset along with the pasword
        // reset. For the active browser, a new session id will be generated
        // by the {@link phorum_api_user_session_create()} function.
        if ($temporary_matched) {
            phorum_api_user_save(array('user_id' => $user_id, 'password' => $password, 'sessid_lt' => ''));
        }
    }
    return $user_id ? $user_id : FALSE;
}
Ejemplo n.º 8
0
require_once dirname(__FILE__) . '/../include/api.php';
// Make sure that the output is not buffered.
phorum_api_buffer_clear();
if (!ini_get('safe_mode')) {
    set_time_limit(0);
    ini_set("memory_limit", "64M");
}
$count_total = $PHORUM['DB']->user_count();
$res = $PHORUM['DB']->user_get_all();
print "\nRebuilding display name information ...\n";
$size = strlen($count_total);
$count = 0;
while ($user = $PHORUM['DB']->fetch_row($res, DB_RETURN_ASSOC)) {
    // We save an empty user, to make sure that the display name in the
    // database is up-to-date. This will already run needed updates in
    // case the display name changed ...
    phorum_api_user_save(array("user_id" => $user["user_id"]));
    // ... but still we run the name updates here, so inconsistencies
    // are flattened out.
    $user = phorum_api_user_get($user["user_id"]);
    $PHORUM['DB']->user_display_name_updates(array("user_id" => $user["user_id"], "display_name" => $user["display_name"]));
    $count++;
    $perc = floor($count / $count_total * 100);
    $barlen = floor(20 * ($perc / 100));
    $bar = "[";
    $bar .= str_repeat("=", $barlen);
    $bar .= str_repeat(" ", 20 - $barlen);
    $bar .= "]";
    printf("updating %{$size}d / %{$size}d  %s (%d%%)\r", $count, $count_total, $bar, $perc);
}
print "\n\n";
Ejemplo n.º 9
0
/**
 * A common function which is used to save the userdata from the post-data.
 * @param panel - The panel for which to save data.
 * @return array - An array containing $error and $okmsg.
 */
function phorum_controlcenter_user_save($panel)
{
    $PHORUM = $GLOBALS['PHORUM'];
    $error = "";
    $okmsg = "";
    // Setup the default userdata fields that can be changed
    // from the control panel interface.
    $userdata = array('signature' => NULL, 'hide_email' => NULL, 'hide_activity' => NULL, 'password' => NULL, 'password_temp' => NULL, 'tz_offset' => NULL, 'is_dst' => NULL, 'user_language' => NULL, 'threaded_list' => NULL, 'threaded_read' => NULL, 'email_notify' => NULL, 'show_signature' => NULL, 'pm_email_notify' => NULL, 'email' => NULL, 'email_temp' => NULL, 'user_template' => NULL, 'moderation_email' => NULL, 'real_name' => NULL);
    // Add custom profile fields as acceptable fields.
    foreach ($PHORUM["PROFILE_FIELDS"] as $id => $field) {
        if ($id === "num_fields" || !empty($field['deleted'])) {
            continue;
        }
        $userdata[$field["name"]] = NULL;
    }
    // Update userdata with $_POST information.
    foreach ($_POST as $key => $val) {
        if (array_key_exists($key, $userdata)) {
            $userdata[$key] = $val;
        }
    }
    // Remove unused profile fields.
    foreach ($userdata as $key => $val) {
        if (is_null($val)) {
            unset($userdata[$key]);
        }
    }
    // Set static userdata.
    $userdata["user_id"] = $PHORUM["user"]["user_id"];
    /**
     * [hook]
     *     cc_save_user
     *
     * [description]
     *     This hook works the same way as the <hook>before_register</hook>
     *     hook, so you can also use it for changing and checking the user data
     *     that will be saved in the database. There's one difference. If you
     *     want to check a custom field, you'll also need to check the panel
     *     which you are on, because this hook is called from multiple panels.
     *     The panel that you are on will be stored in the
     *     <literal>panel</literal> field of the user data.<sbr/>
     *     <sbr/>
     *     The example hook belows demonstrates code which could be used if you
     *     have added a custom field to the template for the option
     *     <literal>Edit My Profile</literal> in the control panel.
     *
     * [category]
     *     Control center
     *
     * [when]
     *     In <filename>control.php</filename>, right before data for a user is
     *     saved in the control panel.
     *
     * [input]
     *     An array containing the user data to save.
     *     <ul>
     *     <li>error:
     *         modules can fill this field with an error message to show.</li>
     *     </ul>
     *
     * [output]
     *     The same array as the one that was used for the hook call
     *     argument, possibly with the "error" field updated in it.
     *
     * [example]
     *     <hookcode>
     *     function phorum_mod_foo_cc_save_user ($data)
     *     {
     *         // Only check data for the panel "user".
     *         if ($data['panel'] != "user") return $data;
     *
     *         $myfield = trim($data['your_custom_field']);
     *         if (empty($myfield)) {
     *             $data['error'] = 'You need to fill in my custom field';
     *         }
     *
     *         return $data;
     *     }
     *     </hookcode>
     */
    if (isset($PHORUM["hooks"]["cc_save_user"])) {
        $userdata = phorum_hook("cc_save_user", $userdata);
    }
    // Set $error, in case the cc_save_user hook did set an error.
    if (isset($userdata['error'])) {
        $error = $userdata['error'];
        unset($userdata['error']);
        // Try to update the userdata in the database.
    } elseif (!phorum_api_user_save($userdata)) {
        // Updating the user failed.
        $error = $PHORUM["DATA"]["LANG"]["ErrUserAddUpdate"];
    } else {
        // Updating the user was successful.
        $okmsg = $PHORUM["DATA"]["LANG"]["ProfileUpdatedOk"];
        // Let the userdata be reloaded.
        phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $userdata["user_id"]);
        // If a new password was set, then reset all session id(s), so
        // other computers or browser will lose any active session that
        // they are running.
        if (isset($userdata["password"]) && $userdata["password"] != '') {
            phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_ALL);
        }
        // Copy data from the updated user back into the user template data.
        $formatted = phorum_api_user_format(array($GLOBALS['PHORUM']['user']));
        foreach ($formatted[0] as $key => $val) {
            $GLOBALS['PHORUM']['DATA']['USER'][$key] = $val;
        }
        // Copy data from the updated user back into the template data.
        // Leave PANEL and forum_id alone (these are injected into the
        // userdata in the template from this script).
        foreach ($GLOBALS["PHORUM"]["DATA"]["PROFILE"] as $key => $val) {
            if ($key == "PANEL" || $key == "forum_id") {
                continue;
            }
            if (isset($GLOBALS["PHORUM"]["user"][$key])) {
                $GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = $GLOBALS["PHORUM"]["user"][$key];
            } else {
                $GLOBALS["PHORUM"]["DATA"]["PROFILE"][$key] = "";
            }
        }
    }
    return array($error, $okmsg);
}
Ejemplo n.º 10
0
$mcount = (int) trim(fgets(STDIN));
print "\nHow many newflags do you want to set per user?\n";
print "> ";
$ncount = (int) trim(fgets(STDIN));
print "\n";
// Create random users.
$randomuserprefixes = array("CBiLL", "Gummi", "tomaz", "Oliver", "Bastian", "rheo", "iamback");
if ($ucount > 0) {
    print "Creating {$ucount} random user(s):\n\n";
    for ($i = 0; $i < $ucount; $i++) {
        $name = $randomuserprefixes[array_rand($randomuserprefixes)];
        $name .= rand(1, 9999999);
        $email = $name . '@example.com';
        $pass = "xxxxxxxx";
        $user = array("user_id" => NULL, "username" => $name, "password" => $pass, "email" => $email, "active" => PHORUM_USER_ACTIVE);
        phorum_api_user_save($user);
        print ".";
    }
    print "\n";
}
// Retrieve users which we can use to post with.
$users = phorum_api_user_list(PHORUM_GET_ACTIVE);
$user_ids = array_keys($users);
if (!count($user_ids)) {
    die("No users found that can be used for posting.\n");
}
// Retrieve forums to post in.
$forums = $PHORUM['DB']->get_forums(0, NULL, 0);
$forum_ids = array();
foreach ($forums as $id => $forum) {
    if ($forum["folder_flag"]) {
Ejemplo n.º 11
0
 function testUserApiSave()
 {
     $user_id = phorum_api_user_search('username', 'testuser' . $this->sharedFixture, '=');
     $gotten_user = phorum_api_user_get($user_id, true);
     // now for saving the user
     $gotten_user['real_name'] = 'foo';
     $ret = phorum_api_user_save($gotten_user);
     $this->assertGreaterThan(0, $ret, 'Saved changed user.');
     $mod_user2 = array('user_id' => $gotten_user['user_id'], 'real_name' => 'test');
     // and saving it raw too
     $ret = phorum_api_user_save_raw($mod_user2);
     $this->assertTrue($ret, 'Saved changed user (raw).');
 }
Ejemplo n.º 12
0
         case "last_active_forum":
         case "hide_activity":
         case "show_signature":
         case "email_notify":
         case "pm_email_notify":
         case "tz_offset":
         case "is_dst":
         case "moderation_email":
             $new_user[$field] = (int) $value;
             break;
     }
 }
 if (isset($user->password)) {
     phorum_api_user_save($new_user, PHORUM_FLAG_RAW_PASSWORD);
 } else {
     phorum_api_user_save($new_user);
 }
 if (!empty($permissions)) {
     $perm = 0;
     if (isset($permissions->read)) {
         $perm = $perm | PHORUM_USER_ALLOW_READ;
     }
     if (isset($permissions->reply)) {
         $perm = $perm | PHORUM_USER_ALLOW_REPLY;
     }
     if (isset($permissions->edit)) {
         $perm = $perm | PHORUM_USER_ALLOW_EDIT;
     }
     if (isset($permissions->new)) {
         $perm = $perm | PHORUM_USER_ALLOW_NEW_TOPIC;
     }
Ejemplo n.º 13
0
/**
 * A common function which is used to save the userdata from the post-data.
 * @param panel - The panel for which to save data.
 * @return array - An array containing $error and $okmsg.
 */
function phorum_controlcenter_user_save($panel)
{
    global $PHORUM;
    $error = "";
    $okmsg = "";
    // Setup the default userdata fields that can be changed
    // from the control panel interface.
    $userdata = array('signature' => NULL, 'hide_email' => NULL, 'hide_activity' => NULL, 'tz_offset' => NULL, 'is_dst' => NULL, 'user_language' => NULL, 'threaded_list' => NULL, 'threaded_read' => NULL, 'email_notify' => NULL, 'show_signature' => NULL, 'pm_email_notify' => NULL, 'user_template' => NULL, 'moderation_email' => NULL, 'real_name' => NULL);
    // Password related fields can only be updated from the password panel.
    if ($panel == 'password') {
        $userdata['password'] = NULL;
        $userdata['password_temp'] = NULL;
    }
    // E-mail address related fields can only be updated from the email panel.
    if ($panel == 'email') {
        $userdata['email'] = NULL;
        $userdata['email_temp'] = NULL;
    }
    // E-mail address related fields can only be updated from the email panel.
    if ($panel == 'email') {
        $userdata['email'] = NULL;
        $userdata['email_temp'] = NULL;
    }
    // Add custom profile fields as acceptable fields.
    foreach ($PHORUM["CUSTOM_FIELDS"][PHORUM_CUSTOM_FIELD_USER] as $id => $field) {
        if ($id === "num_fields" || !empty($field['deleted'])) {
            continue;
        }
        $userdata[$field["name"]] = NULL;
    }
    // Update userdata with $_POST information.
    foreach ($_POST as $key => $val) {
        if (array_key_exists($key, $userdata)) {
            $userdata[$key] = $val;
        }
    }
    // Remove unused profile fields.
    foreach ($userdata as $key => $val) {
        if (is_null($val)) {
            unset($userdata[$key]);
        }
    }
    // Set static userdata.
    $userdata["user_id"] = $PHORUM["user"]["user_id"];
    // Run a hook, so module writers can update and check the userdata.
    if (isset($PHORUM["hooks"]["cc_save_user"])) {
        $userdata = phorum_api_hook("cc_save_user", $userdata);
    }
    // Set $error, in case the cc_save_user hook did set an error.
    if (isset($userdata['error'])) {
        $error = $userdata['error'];
        unset($userdata['error']);
        // Try to update the userdata in the database.
    } elseif (!phorum_api_user_save($userdata)) {
        // Updating the user failed.
        $error = $PHORUM["DATA"]["LANG"]["ErrUserAddUpdate"];
    } else {
        // Updating the user was successful.
        $okmsg = $PHORUM["DATA"]["LANG"]["ProfileUpdatedOk"];
        // Let the userdata be reloaded.
        phorum_api_user_set_active_user(PHORUM_FORUM_SESSION, $userdata["user_id"]);
        // If a new password was set, then reset all session id(s), so
        // other computers or browser will lose any active session that
        // they are running.
        if (isset($userdata["password"]) && $userdata["password"] != '') {
            phorum_api_user_session_create(PHORUM_FORUM_SESSION, PHORUM_SESSID_RESET_ALL);
        }
        // Copy data from the updated user back into the user template data.
        $formatted = phorum_api_format_users(array($PHORUM['user']));
        foreach ($formatted[0] as $key => $val) {
            $PHORUM['DATA']['USER'][$key] = $val;
        }
        // Copy data from the updated user back into the template data.
        // Leave PANEL and forum_id alone (these are injected into the
        // userdata in the template from this script).
        foreach ($PHORUM["DATA"]["PROFILE"] as $key => $val) {
            if ($key == "PANEL" || $key == "forum_id") {
                continue;
            }
            if (isset($PHORUM["user"][$key])) {
                if (is_array($val)) {
                    // array-data would be (most often) broken when html encoded
                    $PHORUM["DATA"]["PROFILE"][$key] = $PHORUM["user"][$key];
                } elseif (substr($key, 0, 9) == 'signature') {
                    // the signature needs special care - e.g. for the formatted sig
                    // Fake a message here so we can run the sig through format_message.
                    $fake_messages = array(array("author" => "", "email" => "", "subject" => "", "body" => $PHORUM["user"]["signature"]));
                    $fake_messages = phorum_format_messages($fake_messages);
                    $PHORUM["DATA"]["PROFILE"]["signature_formatted"] = $fake_messages[0]["body"];
                    // Format the user signature using standard message body formatting
                    // or  HTML escape it
                    $PHORUM["DATA"]["PROFILE"]["signature"] = htmlspecialchars($PHORUM["user"]["signature"], ENT_COMPAT, $PHORUM["DATA"]["HCHARSET"]);
                } else {
                    // same handling as when loading the page for the first time
                    $PHORUM["DATA"]["PROFILE"][$key] = htmlspecialchars($PHORUM["user"][$key], ENT_COMPAT, $PHORUM['DATA']['HCHARSET']);
                }
            } else {
                $PHORUM["DATA"]["PROFILE"][$key] = "";
            }
        }
    }
    return array($error, $okmsg);
}
Ejemplo n.º 14
0
  *         return $data;
  *     }
  *     </hookcode>
  */
 if (isset($PHORUM["hooks"]["before_register"])) {
     $userdata = phorum_hook("before_register", $userdata);
 }
 // Set $error, in case the before_register hook did set an error.
 if (isset($userdata['error'])) {
     $error = $userdata['error'];
     unset($userdata['error']);
 }
 if (empty($error)) {
     // Add the user to the database.
     $userdata["user_id"] = NULL;
     $user_id = phorum_api_user_save($userdata);
     if ($user_id) {
         // The user was added. Determine what message to show.
         if ($PHORUM["registration_control"] == PHORUM_REGISTER_INSTANT_ACCESS) {
             $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["RegThanks"];
         } elseif ($PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_EMAIL || $PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_BOTH) {
             $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["RegVerifyEmail"];
         } elseif ($PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_MODERATOR) {
             $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["RegVerifyMod"];
         }
         // Send a message to the new user in case email verification is required.
         if ($PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_BOTH || $PHORUM["registration_control"] == PHORUM_REGISTER_VERIFY_EMAIL) {
             $verify_url = phorum_get_url(PHORUM_REGISTER_URL, "approve=" . $userdata["password_temp"] . "{$user_id}");
             // make the link an anchor tag for AOL users
             if (preg_match("!aol\\.com\$!i", $userdata["email"])) {
                 $verify_url = "<a href=\"{$verify_url}\">{$verify_url}</a>";