function userSave($option, $uid)
{
global $database;
$user_id = intval(mosGetParam($_POST, 'id', 0));
// do some security checks
if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
mosNotAuth();
return;
}
$row = new mosUser($database);
$row->load($user_id);
$row->orig_password = $row->password;
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (isset($_POST["password"]) && $_POST["password"] != "") {
if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
$row->password = md5($_POST["password"]);
} else {
echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n";
exit;
}
} else {
// Restore 'original password'
$row->password = $row->orig_password;
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
unset($row->orig_password);
// prevent DB error!!
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
//extended stuff....
// save extended details
include "administrator/components/com_user_extended/user_extended.class.php";
$rowExtended = new mosUser_Extended($database);
if (!$rowExtended->bind($_POST)) {
echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$rowExtended->check()) {
echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$rowExtended->storeExtended($user_id)) {
echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE);
}
/**
* Function to save User Information
* into Joomla
*/
function saveUser(&$d)
{
global $database, $my, $_VERSION, $VM_LANG;
global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
$aro_id = 'aro_id';
$group_id = 'group_id';
// Column names have changed since J! 1.5
if (vmIsJoomla('1.5', '>=')) {
$aro_id = 'id';
$group_id = 'id';
}
$row = new mosUser($database);
if (!$row->bind($_POST)) {
echo "<script type=\"text/javascript\">alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n";
}
$isNew = !$row->id;
$pwd = '';
// MD5 hash convert passwords
if ($isNew) {
// new user stuff
if ($row->password == '') {
$pwd = vmGenRandomPassword();
$row->password = md5($pwd);
} else {
$pwd = $row->password;
$row->password = md5($row->password);
}
$row->registerDate = date('Y-m-d H:i:s');
} else {
// existing user stuff
if ($row->password == '') {
// password set to null if empty
$row->password = null;
} else {
if (!empty($_POST['password'])) {
if ($row->password != @$_POST['password2']) {
$d['error'] = vmHtmlEntityDecode($VM_LANG->_('REGWARN_VPASS2', false));
return false;
}
}
$row->password = md5($row->password);
}
}
// save usertype to usetype column
$query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE `{$group_id}` = {$row->gid}";
$database->setQuery($query);
$usertype = $database->loadResult();
$row->usertype = $usertype;
// save params
$params = vmGet($_POST, 'params', '');
if (is_array($params)) {
$txt = array();
foreach ($params as $k => $v) {
$txt[] = "{$k}={$v}";
}
$row->params = implode("\n", $txt);
}
if (!$row->check()) {
echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n";
return false;
}
if (!$row->store()) {
echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n";
return false;
}
if ($isNew) {
$newUserId = $row->id;
} else {
$newUserId = false;
}
$row->checkin();
$_SESSION['session_user_params'] = $row->params;
// update the ACL
if (!$isNew) {
$query = "SELECT `{$aro_id}`" . "\n FROM #__core_acl_aro" . "\n WHERE value = '{$row->id}'";
$database->setQuery($query);
$aro_id = $database->loadResult();
$query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = {$row->gid}" . "\n WHERE aro_id = {$aro_id}";
$database->setQuery($query);
$database->query() or die($database->stderr());
}
// for new users, email username and password
if ($isNew) {
// Send the notification emails
$name = $row->name;
$email = $row->email;
$username = $row->username;
$password = $pwd;
$this->_sendMail($name, $email, $username, $password);
}
return $newUserId;
}
function saveUser($option, $task)
{
global $database, $my, $acl;
global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
$row = new mosUser($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// sanitize
$row->id = intval($row->id);
$row->gid = intval($row->gid);
$isNew = !$row->id;
$pwd = '';
// disallow super administrator blocking self
$super_gid = $acl->get_group_id('super administrator');
if ($row->id == $my->id && $my->gid == $super_gid) {
$row->block = 0;
}
// MD5 hash convert passwords
if ($isNew) {
// new user stuff
if ($row->password == '') {
$pwd = mosMakePassword();
$row->password = md5($pwd);
} else {
$pwd = $row->password;
$row->password = md5($row->password);
}
$row->registerDate = date('Y-m-d H:i:s');
} else {
// existing user stuff
if ($row->password == '') {
// password set to null if empty
$row->password = null;
} else {
$pwd = $row->password;
$row->password = md5($pwd);
}
}
// save usertype to usetype column
$query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = {$row->gid}";
$database->setQuery($query);
$usertype = $database->loadResult();
$row->usertype = $usertype;
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
$row->checkin();
$loginfo = new mosLoginDetails($row->username, $pwd);
$mambothandler =& mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
// update the ACL
if (!$isNew) {
if ($pwd) {
$mambothandler->trigger('userChange', array($loginfo));
}
if ($row->block) {
$mambothandler->trigger('userBlock', array($loginfo));
} else {
$mambothandler->trigger('userUnblock', array($loginfo));
}
$query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'";
$database->setQuery($query);
$aro_id = $database->loadResult();
$query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'";
$database->setQuery($query);
$database->query() or die($database->stderr());
}
// for new users, email username and password
if ($isNew) {
$mambothandler->trigger('userRegister', array($loginfo));
$mambothandler->trigger('userActivate', array($loginfo));
if ($row->block) {
$mambothandler->trigger('userBlock', array($loginfo));
}
$query = "SELECT email FROM #__users WHERE id={$my->id}";
$database->setQuery($query);
$adminEmail = $database->loadResult();
$subject = T_('New User Details');
$message = sprintf(T_('Hello %s,
You have been added as a user to %s by an Administrator.
This email contains your username and password to log into the %s
Username - %s
Password - %s
Please do not respond to this message as it is automatically generated and is for information purposes only'), $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd);
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName = $mosConfig_fromname;
$adminEmail = $mosConfig_mailfrom;
} else {
$query = "SELECT name, email FROM #__users WHERE usertype='super administrator'";
$database->setQuery($query);
$rows = $database->loadObjectList();
$row = $rows[0];
$adminName = $row->name;
$adminEmail = $row->email;
}
mosMail($adminEmail, $adminName, $row->email, $subject, $message);
}
switch ($task) {
case 'apply':
$msg = sprintf(T_('Successfully Saved changes to User: %s'), $row->name);
mosRedirect('index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg);
case 'save':
default:
$msg = sprintf(T_('Successfully Saved User: %s'), $row->name);
mosRedirect('index2.php?option=com_users', $msg);
break;
}
}
function saveUser($task)
{
global $database, $my, $acl;
global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
josSpoofCheck();
$userIdPosted = mosGetParam($_POST, 'id');
if ($userIdPosted) {
$msg = checkUserPermissions(array($userIdPosted), 'save', in_array($my->gid, array(24, 25)));
if ($msg) {
echo "<script type=\"text/javascript\"> alert('" . $msg . "'); window.history.go(-1);</script>\n";
exit;
}
}
$row = new mosUser($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->name = trim($row->name);
$row->email = trim($row->email);
$row->username = trim($row->username);
// sanitise fields
$row->id = (int) $row->id;
// sanitise gid field
$row->gid = (int) $row->gid;
$isNew = !$row->id;
$pwd = '';
// MD5 hash convert passwords
if ($isNew) {
// new user stuff
if ($row->password == '') {
$pwd = mosMakePassword();
$salt = mosMakePassword(16);
$crypt = md5($pwd . $salt);
$row->password = $crypt . ':' . $salt;
} else {
$pwd = trim($row->password);
$salt = mosMakePassword(16);
$crypt = md5($pwd . $salt);
$row->password = $crypt . ':' . $salt;
}
$row->registerDate = date('Y-m-d H:i:s');
} else {
$original = new mosUser($database);
$original->load((int) $row->id);
// existing user stuff
if ($row->password == '') {
// password set to null if empty
$row->password = null;
} else {
$row->password = trim($row->password);
$salt = mosMakePassword(16);
$crypt = md5($row->password . $salt);
$row->password = $crypt . ':' . $salt;
}
// if group has been changed and where original group was a Super Admin
if ($row->gid != $original->gid) {
if ($original->gid == 25) {
// count number of active super admins
$query = "SELECT COUNT( id )" . "\n FROM #__users" . "\n WHERE gid = 25" . "\n AND block = 0";
$database->setQuery($query);
$count = $database->loadResult();
if ($count <= 1) {
// disallow change if only one Super Admin exists
echo "<script> alert('You cannot change this users Group as it is the only active Super Administrator for your site'); window.history.go(-1); </script>\n";
exit;
}
}
$user_group = strtolower($acl->get_group_name($original->gid, 'ARO'));
if ($user_group == 'super administrator' && $my->gid != 25) {
// disallow change of super-Admin by non-super admin
echo "<script> alert('You cannot change this users Group as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n";
exit;
} else {
if ($my->gid == 24 && $original->gid == 24) {
// disallow change of super-Admin by non-super admin
echo "<script> alert('You cannot change the Group of another Administrator as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n";
exit;
}
}
// ensure user can't add group higher than themselves done below
}
}
/*
// if user is made a Super Admin group and user is NOT a Super Admin
if ( $row->gid == 25 && $my->gid != 25 ) {
// disallow creation of Super Admin by non Super Admin users
echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n";
exit();
}
*/
// Security check to avoid creating/editing user to higher level than himself: response to artf4529.
if (!in_array($row->gid, getGIDSChildren($my->gid))) {
// disallow creation of Super Admin by non Super Admin users
echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n";
exit;
}
// save usertype to usertype column
$query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = " . (int) $row->gid;
$database->setQuery($query);
$usertype = $database->loadResult();
$row->usertype = $usertype;
// save params
$params = mosGetParam($_POST, 'params', '');
if (is_array($params)) {
$txt = array();
foreach ($params as $k => $v) {
$txt[] = "{$k}={$v}";
}
$row->params = implode("\n", $txt);
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
// updates the current users param settings
if ($my->id == $row->id) {
//session_start();
$_SESSION['session_user_params'] = $row->params;
session_write_close();
}
// update the ACL
if (!$isNew) {
$query = "SELECT aro_id" . "\n FROM #__core_acl_aro" . "\n WHERE value = " . (int) $row->id;
$database->setQuery($query);
$aro_id = $database->loadResult();
$query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = " . (int) $row->gid . "\n WHERE aro_id = " . (int) $aro_id;
$database->setQuery($query);
$database->query() or die($database->stderr());
}
// for new users, email username and password
if ($isNew) {
$query = "SELECT email" . "\n FROM #__users" . "\n WHERE id = " . (int) $my->id;
$database->setQuery($query);
$adminEmail = $database->loadResult();
$subject = _NEW_USER_MESSAGE_SUBJECT;
$message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd);
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName = $mosConfig_fromname;
$adminEmail = $mosConfig_mailfrom;
} else {
$query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE gid = 25";
$database->setQuery($query);
$admins = $database->loadObjectList();
$admin = $admins[0];
$adminName = $admin->name;
$adminEmail = $admin->email;
}
mosMail($adminEmail, $adminName, $row->email, $subject, $message);
}
if (!$isNew) {
// if group has been changed
if ($original->gid != $row->gid) {
// delete user acounts active sessions
logoutUser($row->id, 'com_users', 'change');
}
}
switch ($task) {
case 'apply':
$msg = 'Successfully Saved changes to User: '******'index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg);
break;
case 'save':
default:
$msg = 'Successfully Saved User: '******'index2.php?option=com_users', $msg);
break;
}
}
function saveUser($option)
{
global $database, $my;
global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
$row = new mosUser($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$isNew = !$row->id;
$pwd = '';
if ($isNew) {
// new user stuff
if ($row->password == '') {
$pwd = mosMakePassword();
$row->password = md5($pwd);
} else {
$pwd = $row->password;
$row->password = md5($row->password);
}
$row->registerDate = date('Y-m-d H:i:s');
} else {
// existing user stuff
if ($row->password == '') {
// password set to null if empty
$row->password = null;
} else {
$row->password = md5($row->password);
}
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
// update the ACL
if ($isNew) {
} else {
$query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'";
$database->setQuery($query);
$aro_id = $database->loadResult();
$query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'";
$database->setQuery($query);
$database->query() or die($database->stderr());
}
$row->checkin();
if ($isNew) {
$query = "SELECT email FROM #__users WHERE id={$my->id}";
$database->setQuery($query);
$adminEmail = $database->loadResult();
$subject = _NEW_USER_MESSAGE_SUBJECT;
$message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd);
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName = $mosConfig_fromname;
$adminEmail = $mosConfig_mailfrom;
} else {
$query = "SELECT name, email FROM #__users WHERE usertype='superadministrator'";
$database->setQuery($query);
$rows = $database->loadObjectList();
$row = $rows[0];
$adminName = $row->name;
$adminEmail = $row->email;
}
mosMail($adminEmail, $adminName, $row->email, $subject, $message);
}
$limit = intval(mosGetParam($_REQUEST, 'limit', 10));
$limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
mosRedirect('index2.php?option=' . $option);
}
function saveUser($option)
{
global $database, $my;
global $mosConfig_live_site;
$row = new mosUser($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$isNew = !$row->id;
$pwd = '';
if ($isNew) {
//extended user stuff
$row->user_id = $row->id;
// new user stuff
if ($row->password == '') {
$pwd = mosMakePassword();
$row->password = md5($pwd);
} else {
$pwd = $row->password;
$row->password = md5($row->password);
}
} else {
// existing user stuff
if ($row->password == '') {
// password set to null if empty
$row->password = null;
} else {
$row->password = md5($row->password);
}
}
$row->registerDate = date("Y-m-d H:i:s");
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
// update the ACL
if ($isNew) {
} else {
$database->setQuery("SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'");
$aro_id = $database->loadResult();
$database->setQuery("UPDATE #__core_acl_groups_aro_map" . "\nSET group_id = '{$row->gid}'" . "\nWHERE aro_id = '{$aro_id}'");
$database->query() or die($database->stderr());
}
$row->checkin();
if ($isNew) {
$database->setQuery("SELECT email FROM #__users WHERE id={$my->id}");
$adminEmail = $database->loadResult();
$subject = "New User Details";
$message = "Hello {$row->name},\r \n \r \n";
$message .= "You have been added as a user to {$mosConfig_live_site} by an Administrator.\r \n";
$message .= "This email contains your username and password to log into the {$mosConfig_live_site} site:\r \n \r \n";
$message .= "Username - {$row->username}\r \n";
$message .= "Password - {$pwd}\r \n \r \n \r \n";
$message .= "Please do not respond to this message as it is automatically generated and is for information purposes only\r \n";
$headers .= "From: {$adminEmail}\r\n";
$headers .= "Reply-To: {$adminEmail}\r\n";
$headers .= "X-Priority: 3\r\n";
$headers .= "X-MSMail-Priority: Low\r\n";
$headers .= "X-Mailer: Mambo Open Source 4.5\r\n";
mail($row->email, $subject, $message, $headers);
}
$limit = intval(mosGetParam($_REQUEST, 'limit', 10));
$limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
$row = null;
$row = new mosUser_Extended($database);
if (!$row->bind($_POST)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
if (!$row->storeExtended(0)) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
exit;
}
mosRedirect("index2.php?option={$option}");
}