checkFilePermissions();
//
_upgradeToVersion1_04();
_upgradeToVersion1_06();
_upgradeToVersion1_07();
_upgradeToVersion1_08();
_upgradeToVersion1_10();
_upgradeSettings();
_upgradeAccounts();
_upgradeToVersion1_24();
_upgradeToVersion2_05();
_upgradeToVersion2_07();
_upgradeToVersion2_09();
//
_removeOldCacheFiles();
encryptAllPasswords();
// force encryption of all plaintext passwords
//
_notifyUpgradeComplete();
//
function showUpgradeErrors()
{
$upgradeErrors = '';
// check for accesslist schema
$schemaPath = DATA_DIR . '/schema/_accesslist.ini.php';
if (!file_exists($schemaPath)) {
$upgradeErrors .= "<b>Upgrade Notice:</b> You must upload the latest /data/schema/_accesslist.ini.php before upgrading!<br/>\n";
}
// check for settings schema
#$schemaPath = DATA_DIR.'/schema/_settings.ini.php';
#if (!file_exists($schemaPath)) {
function getCurrentUser(&$loginExpired = false)
{
$user = array();
$isValidLogin = false;
$updateLastLogin = true;
// check for cookie from last login session, and log user
list($loginExpired, $username, $passwordHash) = loginCookie_get();
// disallow logins with plaintext password hash
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
if ($action == 'loginSubmit' && !empty($_REQUEST['password']) && $passwordHash && $_REQUEST['password'] == $passwordHash) {
$passwordHash = '';
// blank out password
loginCookie_remove();
}
//
if ($username && $passwordHash) {
$userFound = mysql_get(accountsTable(), null, array('username' => $username));
$isValidLogin = $userFound && $passwordHash == getPasswordDigest($userFound['password']);
if ($isValidLogin) {
$user = $userFound;
}
// if this database password wasn't encrypted then encrypt ALL unencrypted passwords in database)
if (!isPasswordDigest($userFound['password'])) {
encryptAllPasswords();
}
}
// Plugin filters
list($isValidLogin, $user, $updateLastLogin) = applyFilters('login_isValidLogin', array($isValidLogin, $user, $updateLastLogin));
### on valid login...
if ($isValidLogin) {
// add user meta-field $user['isExpired']
if (@$user['expiresDate']) {
$expiresTime = strtotime($user['expiresDate']);
$user['isExpired'] = !$user['neverExpires'] && $expiresTime && $expiresTime < time();
}
// If in CMS: add user meta-field $user['accessList']
if (defined('IS_CMS_ADMIN')) {
$records = mysql_select('_accesslist', array('userNum' => $user['num']));
foreach ($records as $record) {
$user['accessList'][$record['tableName']]['accessLevel'] = $record['accessLevel'];
$user['accessList'][$record['tableName']]['maxRecords'] = $record['maxRecords'];
}
}
// update $user['lastLoginDate']
if ($updateLastLogin && array_key_exists('lastLoginDate', $user)) {
$secondsSinceLastUpdate = time() - strtotime($user['lastLoginDate']);
if ($secondsSinceLastUpdate >= 60) {
// To reduce db load, only update once a minute
mysql_update(accountsTable(), $user['num'], null, array('lastLoginDate=' => 'NOW()'));
}
}
}
### on INVALID login...
if ($username && !$isValidLogin) {
// 2.50 encrypt un-encrypted passwords - do this here so it will be called for website membership as well
if (!$isValidLogin) {
encryptAllPasswords();
}
// remove login cookie
loginCookie_remove();
}
// NOTE: You must check for 'isExpired' and 'disabled' in the code that calls this function!
return $isValidLogin ? $user : false;
}
