Ejemplo n.º 1
0
function userSave($option, $uid)
{
    global $database;
    $user_id = intval(mosGetParam($_POST, 'id', 0));
    // do some security checks
    if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
        mosNotAuth();
        return;
    }
    $row = new mosUser($database);
    $row->load($user_id);
    $row->orig_password = $row->password;
    if (!$row->bind($_POST)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    if (isset($_POST["password"]) && $_POST["password"] != "") {
        if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
            $row->password = md5($_POST["password"]);
        } else {
            echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n";
            exit;
        }
    } else {
        // Restore 'original password'
        $row->password = $row->orig_password;
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    unset($row->orig_password);
    // prevent DB error!!
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    //extended stuff....
    // save extended details
    include "administrator/components/com_user_extended/user_extended.class.php";
    $rowExtended = new mosUser_Extended($database);
    if (!$rowExtended->bind($_POST)) {
        echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    if (!$rowExtended->check()) {
        echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    if (!$rowExtended->storeExtended($user_id)) {
        echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE);
}
Ejemplo n.º 2
0
 /**
  * Function to save User Information
  * into Joomla
  */
 function saveUser(&$d)
 {
     global $database, $my, $_VERSION, $VM_LANG;
     global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
     $aro_id = 'aro_id';
     $group_id = 'group_id';
     // Column names have changed since J! 1.5
     if (vmIsJoomla('1.5', '>=')) {
         $aro_id = 'id';
         $group_id = 'id';
     }
     $row = new mosUser($database);
     if (!$row->bind($_POST)) {
         echo "<script type=\"text/javascript\">alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n";
     }
     $isNew = !$row->id;
     $pwd = '';
     // MD5 hash convert passwords
     if ($isNew) {
         // new user stuff
         if ($row->password == '') {
             $pwd = vmGenRandomPassword();
             $row->password = md5($pwd);
         } else {
             $pwd = $row->password;
             $row->password = md5($row->password);
         }
         $row->registerDate = date('Y-m-d H:i:s');
     } else {
         // existing user stuff
         if ($row->password == '') {
             // password set to null if empty
             $row->password = null;
         } else {
             if (!empty($_POST['password'])) {
                 if ($row->password != @$_POST['password2']) {
                     $d['error'] = vmHtmlEntityDecode($VM_LANG->_('REGWARN_VPASS2', false));
                     return false;
                 }
             }
             $row->password = md5($row->password);
         }
     }
     // save usertype to usetype column
     $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE `{$group_id}` = {$row->gid}";
     $database->setQuery($query);
     $usertype = $database->loadResult();
     $row->usertype = $usertype;
     // save params
     $params = vmGet($_POST, 'params', '');
     if (is_array($params)) {
         $txt = array();
         foreach ($params as $k => $v) {
             $txt[] = "{$k}={$v}";
         }
         $row->params = implode("\n", $txt);
     }
     if (!$row->check()) {
         echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n";
         return false;
     }
     if (!$row->store()) {
         echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n";
         return false;
     }
     if ($isNew) {
         $newUserId = $row->id;
     } else {
         $newUserId = false;
     }
     $row->checkin();
     $_SESSION['session_user_params'] = $row->params;
     // update the ACL
     if (!$isNew) {
         $query = "SELECT `{$aro_id}`" . "\n FROM #__core_acl_aro" . "\n WHERE value = '{$row->id}'";
         $database->setQuery($query);
         $aro_id = $database->loadResult();
         $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = {$row->gid}" . "\n WHERE aro_id = {$aro_id}";
         $database->setQuery($query);
         $database->query() or die($database->stderr());
     }
     // for new users, email username and password
     if ($isNew) {
         // Send the notification emails
         $name = $row->name;
         $email = $row->email;
         $username = $row->username;
         $password = $pwd;
         $this->_sendMail($name, $email, $username, $password);
     }
     return $newUserId;
 }
Ejemplo n.º 3
0
function saveUser($option, $task)
{
    global $database, $my, $acl;
    global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
    $row = new mosUser($database);
    if (!$row->bind($_POST)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    // sanitize
    $row->id = intval($row->id);
    $row->gid = intval($row->gid);
    $isNew = !$row->id;
    $pwd = '';
    // disallow super administrator blocking self
    $super_gid = $acl->get_group_id('super administrator');
    if ($row->id == $my->id && $my->gid == $super_gid) {
        $row->block = 0;
    }
    // MD5 hash convert passwords
    if ($isNew) {
        // new user stuff
        if ($row->password == '') {
            $pwd = mosMakePassword();
            $row->password = md5($pwd);
        } else {
            $pwd = $row->password;
            $row->password = md5($row->password);
        }
        $row->registerDate = date('Y-m-d H:i:s');
    } else {
        // existing user stuff
        if ($row->password == '') {
            // password set to null if empty
            $row->password = null;
        } else {
            $pwd = $row->password;
            $row->password = md5($pwd);
        }
    }
    // save usertype to usetype column
    $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = {$row->gid}";
    $database->setQuery($query);
    $usertype = $database->loadResult();
    $row->usertype = $usertype;
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
        exit;
    }
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
        exit;
    }
    $row->checkin();
    $loginfo = new mosLoginDetails($row->username, $pwd);
    $mambothandler =& mosMambotHandler::getInstance();
    $mambothandler->loadBotGroup('authenticator');
    // update the ACL
    if (!$isNew) {
        if ($pwd) {
            $mambothandler->trigger('userChange', array($loginfo));
        }
        if ($row->block) {
            $mambothandler->trigger('userBlock', array($loginfo));
        } else {
            $mambothandler->trigger('userUnblock', array($loginfo));
        }
        $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'";
        $database->setQuery($query);
        $aro_id = $database->loadResult();
        $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'";
        $database->setQuery($query);
        $database->query() or die($database->stderr());
    }
    // for new users, email username and password
    if ($isNew) {
        $mambothandler->trigger('userRegister', array($loginfo));
        $mambothandler->trigger('userActivate', array($loginfo));
        if ($row->block) {
            $mambothandler->trigger('userBlock', array($loginfo));
        }
        $query = "SELECT email FROM #__users WHERE id={$my->id}";
        $database->setQuery($query);
        $adminEmail = $database->loadResult();
        $subject = T_('New User Details');
        $message = sprintf(T_('Hello %s,


You have been added as a user to %s by an Administrator.

This email contains your username and password to log into the %s

Username - %s
Password - %s


Please do not respond to this message as it is automatically generated and is for information purposes only'), $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd);
        if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
            $adminName = $mosConfig_fromname;
            $adminEmail = $mosConfig_mailfrom;
        } else {
            $query = "SELECT name, email FROM #__users WHERE usertype='super administrator'";
            $database->setQuery($query);
            $rows = $database->loadObjectList();
            $row = $rows[0];
            $adminName = $row->name;
            $adminEmail = $row->email;
        }
        mosMail($adminEmail, $adminName, $row->email, $subject, $message);
    }
    switch ($task) {
        case 'apply':
            $msg = sprintf(T_('Successfully Saved changes to User: %s'), $row->name);
            mosRedirect('index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg);
        case 'save':
        default:
            $msg = sprintf(T_('Successfully Saved User: %s'), $row->name);
            mosRedirect('index2.php?option=com_users', $msg);
            break;
    }
}
Ejemplo n.º 4
0
function saveUser($task)
{
    global $database, $my, $acl;
    global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
    josSpoofCheck();
    $userIdPosted = mosGetParam($_POST, 'id');
    if ($userIdPosted) {
        $msg = checkUserPermissions(array($userIdPosted), 'save', in_array($my->gid, array(24, 25)));
        if ($msg) {
            echo "<script type=\"text/javascript\"> alert('" . $msg . "'); window.history.go(-1);</script>\n";
            exit;
        }
    }
    $row = new mosUser($database);
    if (!$row->bind($_POST)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->name = trim($row->name);
    $row->email = trim($row->email);
    $row->username = trim($row->username);
    // sanitise fields
    $row->id = (int) $row->id;
    // sanitise gid field
    $row->gid = (int) $row->gid;
    $isNew = !$row->id;
    $pwd = '';
    // MD5 hash convert passwords
    if ($isNew) {
        // new user stuff
        if ($row->password == '') {
            $pwd = mosMakePassword();
            $salt = mosMakePassword(16);
            $crypt = md5($pwd . $salt);
            $row->password = $crypt . ':' . $salt;
        } else {
            $pwd = trim($row->password);
            $salt = mosMakePassword(16);
            $crypt = md5($pwd . $salt);
            $row->password = $crypt . ':' . $salt;
        }
        $row->registerDate = date('Y-m-d H:i:s');
    } else {
        $original = new mosUser($database);
        $original->load((int) $row->id);
        // existing user stuff
        if ($row->password == '') {
            // password set to null if empty
            $row->password = null;
        } else {
            $row->password = trim($row->password);
            $salt = mosMakePassword(16);
            $crypt = md5($row->password . $salt);
            $row->password = $crypt . ':' . $salt;
        }
        // if group has been changed and where original group was a Super Admin
        if ($row->gid != $original->gid) {
            if ($original->gid == 25) {
                // count number of active super admins
                $query = "SELECT COUNT( id )" . "\n FROM #__users" . "\n WHERE gid = 25" . "\n AND block = 0";
                $database->setQuery($query);
                $count = $database->loadResult();
                if ($count <= 1) {
                    // disallow change if only one Super Admin exists
                    echo "<script> alert('You cannot change this users Group as it is the only active Super Administrator for your site'); window.history.go(-1); </script>\n";
                    exit;
                }
            }
            $user_group = strtolower($acl->get_group_name($original->gid, 'ARO'));
            if ($user_group == 'super administrator' && $my->gid != 25) {
                // disallow change of super-Admin by non-super admin
                echo "<script> alert('You cannot change this users Group as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n";
                exit;
            } else {
                if ($my->gid == 24 && $original->gid == 24) {
                    // disallow change of super-Admin by non-super admin
                    echo "<script> alert('You cannot change the Group of another Administrator as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n";
                    exit;
                }
            }
            // ensure user can't add group higher than themselves done below
        }
    }
    /*
    // if user is made a Super Admin group and user is NOT a Super Admin
    if ( $row->gid == 25 && $my->gid != 25 ) {
    	// disallow creation of Super Admin by non Super Admin users
    	echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n";
    	exit();
    }
    */
    // Security check to avoid creating/editing user to higher level than himself: response to artf4529.
    if (!in_array($row->gid, getGIDSChildren($my->gid))) {
        // disallow creation of Super Admin by non Super Admin users
        echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n";
        exit;
    }
    // save usertype to usertype column
    $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = " . (int) $row->gid;
    $database->setQuery($query);
    $usertype = $database->loadResult();
    $row->usertype = $usertype;
    // save params
    $params = mosGetParam($_POST, 'params', '');
    if (is_array($params)) {
        $txt = array();
        foreach ($params as $k => $v) {
            $txt[] = "{$k}={$v}";
        }
        $row->params = implode("\n", $txt);
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->checkin();
    // updates the current users param settings
    if ($my->id == $row->id) {
        //session_start();
        $_SESSION['session_user_params'] = $row->params;
        session_write_close();
    }
    // update the ACL
    if (!$isNew) {
        $query = "SELECT aro_id" . "\n FROM #__core_acl_aro" . "\n WHERE value = " . (int) $row->id;
        $database->setQuery($query);
        $aro_id = $database->loadResult();
        $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = " . (int) $row->gid . "\n WHERE aro_id = " . (int) $aro_id;
        $database->setQuery($query);
        $database->query() or die($database->stderr());
    }
    // for new users, email username and password
    if ($isNew) {
        $query = "SELECT email" . "\n FROM #__users" . "\n WHERE id = " . (int) $my->id;
        $database->setQuery($query);
        $adminEmail = $database->loadResult();
        $subject = _NEW_USER_MESSAGE_SUBJECT;
        $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd);
        if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
            $adminName = $mosConfig_fromname;
            $adminEmail = $mosConfig_mailfrom;
        } else {
            $query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE gid = 25";
            $database->setQuery($query);
            $admins = $database->loadObjectList();
            $admin = $admins[0];
            $adminName = $admin->name;
            $adminEmail = $admin->email;
        }
        mosMail($adminEmail, $adminName, $row->email, $subject, $message);
    }
    if (!$isNew) {
        // if group has been changed
        if ($original->gid != $row->gid) {
            // delete user acounts active sessions
            logoutUser($row->id, 'com_users', 'change');
        }
    }
    switch ($task) {
        case 'apply':
            $msg = 'Successfully Saved changes to User: '******'index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg);
            break;
        case 'save':
        default:
            $msg = 'Successfully Saved User: '******'index2.php?option=com_users', $msg);
            break;
    }
}
Ejemplo n.º 5
0
function saveUser($option)
{
    global $database, $my;
    global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename;
    $row = new mosUser($database);
    if (!$row->bind($_POST)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $isNew = !$row->id;
    $pwd = '';
    if ($isNew) {
        // new user stuff
        if ($row->password == '') {
            $pwd = mosMakePassword();
            $row->password = md5($pwd);
        } else {
            $pwd = $row->password;
            $row->password = md5($row->password);
        }
        $row->registerDate = date('Y-m-d H:i:s');
    } else {
        // existing user stuff
        if ($row->password == '') {
            // password set to null if empty
            $row->password = null;
        } else {
            $row->password = md5($row->password);
        }
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
        exit;
    }
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
        exit;
    }
    // update the ACL
    if ($isNew) {
    } else {
        $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'";
        $database->setQuery($query);
        $aro_id = $database->loadResult();
        $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'";
        $database->setQuery($query);
        $database->query() or die($database->stderr());
    }
    $row->checkin();
    if ($isNew) {
        $query = "SELECT email FROM #__users WHERE id={$my->id}";
        $database->setQuery($query);
        $adminEmail = $database->loadResult();
        $subject = _NEW_USER_MESSAGE_SUBJECT;
        $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd);
        if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
            $adminName = $mosConfig_fromname;
            $adminEmail = $mosConfig_mailfrom;
        } else {
            $query = "SELECT name, email FROM #__users WHERE usertype='superadministrator'";
            $database->setQuery($query);
            $rows = $database->loadObjectList();
            $row = $rows[0];
            $adminName = $row->name;
            $adminEmail = $row->email;
        }
        mosMail($adminEmail, $adminName, $row->email, $subject, $message);
    }
    $limit = intval(mosGetParam($_REQUEST, 'limit', 10));
    $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
    mosRedirect('index2.php?option=' . $option);
}
Ejemplo n.º 6
0
function saveUser($option)
{
    global $database, $my;
    global $mosConfig_live_site;
    $row = new mosUser($database);
    if (!$row->bind($_POST)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $isNew = !$row->id;
    $pwd = '';
    if ($isNew) {
        //extended user stuff
        $row->user_id = $row->id;
        // new user stuff
        if ($row->password == '') {
            $pwd = mosMakePassword();
            $row->password = md5($pwd);
        } else {
            $pwd = $row->password;
            $row->password = md5($row->password);
        }
    } else {
        // existing user stuff
        if ($row->password == '') {
            // password set to null if empty
            $row->password = null;
        } else {
            $row->password = md5($row->password);
        }
    }
    $row->registerDate = date("Y-m-d H:i:s");
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
        exit;
    }
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
        exit;
    }
    // update the ACL
    if ($isNew) {
    } else {
        $database->setQuery("SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'");
        $aro_id = $database->loadResult();
        $database->setQuery("UPDATE #__core_acl_groups_aro_map" . "\nSET group_id = '{$row->gid}'" . "\nWHERE aro_id = '{$aro_id}'");
        $database->query() or die($database->stderr());
    }
    $row->checkin();
    if ($isNew) {
        $database->setQuery("SELECT email FROM #__users WHERE id={$my->id}");
        $adminEmail = $database->loadResult();
        $subject = "New User Details";
        $message = "Hello {$row->name},\r \n \r \n";
        $message .= "You have been added as a user to {$mosConfig_live_site} by an Administrator.\r \n";
        $message .= "This email contains your username and password to log into the {$mosConfig_live_site} site:\r \n \r \n";
        $message .= "Username - {$row->username}\r \n";
        $message .= "Password - {$pwd}\r \n \r \n \r \n";
        $message .= "Please do not respond to this message as it is automatically generated and is for information purposes only\r \n";
        $headers .= "From: {$adminEmail}\r\n";
        $headers .= "Reply-To: {$adminEmail}\r\n";
        $headers .= "X-Priority: 3\r\n";
        $headers .= "X-MSMail-Priority: Low\r\n";
        $headers .= "X-Mailer: Mambo Open Source 4.5\r\n";
        mail($row->email, $subject, $message, $headers);
    }
    $limit = intval(mosGetParam($_REQUEST, 'limit', 10));
    $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
    $row = null;
    $row = new mosUser_Extended($database);
    if (!$row->bind($_POST)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
        exit;
    }
    if (!$row->storeExtended(0)) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n";
        exit;
    }
    mosRedirect("index2.php?option={$option}");
}