/** * Adds new user * * @param array $ruser User data array * @param string $email Email address * @param string $name User name; defaults to $email if omitted * @param string $password Password; randomly generated if omitted * @param string $maingrp Custom main grp * @param float $sendemail Send email if need activation * @return int New user ID or false * @global CotDB $db */ function cot_add_user($ruser, $email = null, $name = null, $password = null, $maingrp = null, $sendemail = true) { global $cfg, $cot_extrafields, $db, $db_users, $db_groups_users, $db_x, $L, $R, $sys, $uploadfiles, $usr; $ruser['user_email'] = !empty($email) ? $email : $ruser['user_email']; $ruser['user_name'] = !empty($name) ? $name : $ruser['user_name']; $ruser['user_password'] = !empty($password) ? $password : $ruser['user_password']; empty($ruser['user_password']) && ($ruser['user_password'] = cot_randomstring()); empty($ruser['user_name']) && ($ruser['user_name'] = $ruser['user_email']); $password = $ruser['user_password']; $user_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_name = ? LIMIT 1", array($ruser['user_name']))->fetch(); $email_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_email = ? LIMIT 1", array($ruser['user_email']))->fetch(); if (!cot_check_email($ruser['user_email']) || $user_exists || !$cfg['useremailduplicate'] && $email_exists) { return false; } $ruser['user_gender'] = in_array($ruser['user_gender'], array('M', 'F')) ? $ruser['user_gender'] : 'U'; $ruser['user_country'] = mb_strlen($ruser['user_country']) < 4 ? $ruser['user_country'] : ''; $ruser['user_timezone'] = !$ruser['user_timezone'] ? 'GMT' : $ruser['user_timezone']; $ruser['user_maingrp'] = $db->countRows($db_users) == 0 ? 5 : $cfg['users']['regnoactivation'] ? 4 : 2; $ruser['user_maingrp'] = (int) $maingrp > 0 ? $maingrp : $ruser['user_maingrp']; $ruser['user_passsalt'] = cot_unique(16); $ruser['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc']; $ruser['user_password'] = cot_hash($ruser['user_password'], $ruser['user_passsalt'], $ruser['user_passfunc']); $ruser['user_birthdate'] = is_null($ruser['user_birthdate']) || $ruser['user_birthdate'] > $sys['now'] ? '0000-00-00' : cot_stamp2date($ruser['user_birthdate']); $ruser['user_lostpass'] = md5(microtime()); cot_shield_update(20, "Registration"); $ruser['user_hideemail'] = 1; $ruser['user_theme'] = $cfg['defaulttheme']; $ruser['user_scheme'] = $cfg['defaultscheme']; $ruser['user_lang'] = empty($ruser['user_lang']) ? $cfg['defaultlang'] : $ruser['user_lang']; $ruser['user_regdate'] = (int) $sys['now']; $ruser['user_logcount'] = 0; $ruser['user_lastip'] = empty($ruser['user_lastip']) ? $usr['ip'] : $ruser['user_lastip']; $ruser['user_token'] = cot_unique(16); if (!$db->insert($db_users, $ruser)) { return; } $userid = $db->lastInsertId(); $db->insert($db_groups_users, array('gru_userid' => (int) $userid, 'gru_groupid' => (int) $ruser['user_maingrp'])); cot_extrafield_movefiles(); /* === Hook for the plugins === */ foreach (cot_getextplugins('users.adduser.done') as $pl) { include $pl; } /* ===== */ if ($ruser['user_maingrp'] == 2 && $sendemail) { if ($cfg['users']['regrequireadmin']) { $subject = $L['aut_regrequesttitle']; $body = sprintf($L['aut_regrequest'], $ruser['user_name']); $body .= "\n\n" . $L['aut_contactadmin']; cot_mail($ruser['user_email'], $subject, $body); $subject = $L['aut_regreqnoticetitle']; $inactive = $cfg['mainurl'] . '/' . cot_url('users', 'gm=2&s=regdate&w=desc', '', true); $body = sprintf($L['aut_regreqnotice'], $ruser['user_name'], $inactive); cot_mail($cfg['adminemail'], $subject, $body); } else { $subject = $L['Registration']; $activate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=1', '', true); $deactivate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=0', '', true); $body = sprintf($L['aut_emailreg'], $ruser['user_name'], $activate, $deactivate); $body .= "\n\n" . $L['aut_contactadmin']; cot_mail($ruser['user_email'], $subject, $body); } } return $userid; }
$rmdpass = $row['user_password']; $rusername = $row['user_name']; $ruserid = $row['user_id']; $rusermail = $row['user_email']; if ($row['user_maingrp'] == 2) { $env['status'] = '403 Forbidden'; cot_log("Password recovery failed, user inactive : " . $rusername); cot_redirect(cot_url('message', 'msg=152', '', true)); } if ($row['user_maingrp'] == 3) { $env['status'] = '403 Forbidden'; cot_log("Password recovery failed, user banned : " . $rusername); cot_redirect(cot_url('message', 'msg=153&num=' . $row['user_banexpire'], '', true)); } $validationkey = md5(microtime()); $newpass = cot_randomstring(); $ruserpass = array(); $ruserpass['user_passsalt'] = cot_unique(16); $ruserpass['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc']; $ruserpass['user_password'] = cot_hash($newpass, $ruserpass['user_passsalt'], $ruserpass['user_passfunc']); $ruserpass['user_lostpass'] = $validationkey; $sql = $db->update($db_users, $ruserpass, "user_id={$ruserid}"); $rsubject = $L['pasrec_title']; $rbody = $L['Hi'] . " " . $rusername . ",\n\n" . $L['pasrec_email2'] . "\n\n" . $newpass . "\n\n" . $L['aut_contactadmin']; cot_mail($rusermail, $rsubject, $rbody); $msg = 'auth'; } else { $env['status'] = '403 Forbidden'; cot_shield_update(7, "Log in"); cot_log("Pass recovery failed, user : " . $rusername); cot_redirect(cot_url('message', 'msg=151', '', true));