function handle_user_password_change($user_id, $HTTP_VARS, &$errors)
{
$user_r = fetch_user_r($user_id);
if (is_not_empty_array($user_r)) {
// If at least one password specified, we will try to perform update.
if (strlen($HTTP_VARS['pwd']) > 0 || strlen($HTTP_VARS['confirmpwd']) > 0) {
if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') !== FALSE || is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) {
if ($HTTP_VARS['pwd'] != $HTTP_VARS['confirmpwd']) {
$error = get_opendb_lang_var('passwds_do_not_match');
} else {
if (strlen($HTTP_VARS['pwd']) == 0) {
$error = get_opendb_lang_var('passwd_not_specified');
} else {
if (update_user_passwd($user_id, $HTTP_VARS['pwd'])) {
return TRUE;
} else {
$error = db_error();
return FALSE;
}
}
}
} else {
return FALSE;
}
} else {
$error = get_opendb_lang_var('passwd_not_specified');
return FALSE;
}
} else {
return FALSE;
}
}
} else {
if (is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
return TRUE;
} else {
if ($address_type_r['borrow_address_ind'] == 'Y' && is_owner_and_borrower(get_opendb_session_var('user_id'), $HTTP_VARS['uid']) || is_owner_and_borrower($HTTP_VARS['uid'], get_opendb_session_var('user_id'))) {
return TRUE;
} else {
return FALSE;
}
}
}
}
if (is_site_enabled()) {
if (is_opendb_valid_session()) {
if (is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
$user_r = fetch_user_r($HTTP_VARS['uid']);
if (is_array($user_r)) {
$page_title = get_opendb_lang_var('user_profile_for_user_name', array('user_id' => $user_r['user_id'], 'fullname' => $user_r['fullname']));
echo _theme_header($page_title);
echo '<h2>' . $page_title . '</h2>';
if ($user_r['active_ind'] != 'Y') {
echo "<p class=\"userDeactivatedNotice\">" . get_opendb_lang_var('user_deactivated') . "</p>";
}
echo "<table>";
echo format_field(get_opendb_lang_var('userid'), $user_r['user_id']);
echo format_field(get_opendb_lang_var('user_role'), $user_r['role_description']);
echo format_field(get_opendb_lang_var('fullname'), $user_r['fullname']);
if ($user_r['user_id'] === get_opendb_session_var('user_id') || is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
echo format_field(get_opendb_lang_var('email'), $user_r['email_addr']);
}
echo "\n</table>";
function perform_newpassword($HTTP_VARS, &$errors)
{
if (!is_user_valid($HTTP_VARS['uid'])) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not exist', array($HTTP_VARS['uid']));
// make user look successful to prevent mining for valid userids
return TRUE;
} else {
if (!is_user_active($HTTP_VARS['uid'])) {
// Do not allow new password operation for 'deactivated' user.
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User is not active', array($HTTP_VARS['uid']));
return FALSE;
} else {
if (!is_user_granted_permission(PERM_CHANGE_PASSWORD, $HTTP_VARS['uid'])) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not have permission to change password', array($HTTP_VARS['uid']));
return FALSE;
} else {
if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') === FALSE && !is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: Password change is disabled', array($HTTP_VARS['uid']));
return FALSE;
} else {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User requested to be emailed a new password', array($HTTP_VARS['uid']));
$user_r = fetch_user_r($HTTP_VARS['uid']);
$user_passwd = generate_password(8);
// only send if valid user (email)
if (strlen($user_r['email_addr']) > 0) {
$pass_result = update_user_passwd($HTTP_VARS['uid'], $user_passwd);
if ($pass_result === TRUE) {
$subject = get_opendb_lang_var('lost_password');
$message = get_opendb_lang_var('to_user_email_intro', 'fullname', $user_r['fullname']) . "\n\n" . get_opendb_lang_var('new_passwd_email') . "\n\n" . get_opendb_lang_var('userid') . ": " . $HTTP_VARS['uid'] . "\n" . get_opendb_lang_var('password') . ": " . $user_passwd;
if (opendb_user_email($user_r['user_id'], NULL, $subject, $message, $errors)) {
return TRUE;
} else {
return "EMAIL_NOT_SENT";
}
}
} else {
$errors[] = "User '" . $HTTP_VARS['uid'] . "' does not have a valid email address.";
return FALSE;
}
}
}
}
}
}
/**
* Email to be sent from one OpenDb user to another
*
* @from_userid can be null, and in this case, the from address will be the configured no-reply address for
* the psuedo administrator.
*/
function opendb_user_email($to_userid, $from_userid, $subject, $message, &$errors, $append_site_to_subject = TRUE)
{
$to_userid = trim($to_userid);
if (is_user_permitted_to_receive_email($to_userid)) {
$to_user_r = fetch_user_r($to_userid);
$to_email_addr = trim($to_user_r['email_addr']);
$to_name = trim($to_user_r['fullname']);
$from_userid = trim($from_userid);
if (is_user_valid($from_userid)) {
$from_user_r = fetch_user_r($from_userid);
$from_email_addr = trim($from_user_r['email_addr']);
$from_name = trim($from_user_r['fullname']);
} else {
if (strlen($from_userid) == 0) {
$from_email_addr = trim(get_opendb_config_var('email', 'noreply_address'));
$from_name = trim(get_opendb_lang_var('noreply'));
} else {
//if(is_valid_email_addr($from_userid))
$from_email_addr = $from_userid;
}
}
if (!is_valid_email_addr($to_email_addr)) {
$errors[] = get_opendb_lang_var('invalid_to_address');
return FALSE;
}
if (!is_valid_email_addr($from_email_addr)) {
$errors[] = get_opendb_lang_var('invalid_from_address');
return FALSE;
}
$subject = trim(stripslashes($subject));
if (strlen($subject) == 0) {
$errors[] = get_opendb_lang_var('invalid_subject');
return FALSE;
}
if ($append_site_to_subject) {
$subject .= " [" . get_opendb_config_var('site', 'title') . "]";
}
$message = trim(stripslashes($message));
$message .= get_email_footer();
if (sendEmail($to_email_addr, $to_name, $from_email_addr, $from_name, $subject, $message, $errors)) {
// insert email function will set this to NULL if from user provided!
insert_email($to_userid, $from_userid != $from_email_addr ? $from_userid : NULL, $from_email_addr, $subject, $message);
return TRUE;
}
}
//else
return FALSE;
}
function send_email_to_userids($user_id_rs, $from_userid, $subject, $message, &$errors)
{
if (strlen($subject) == 0) {
$errors[] = get_opendb_lang_var('invalid_subject');
return FALSE;
}
reset($user_id_rs);
while (list(, $user_id) = each($user_id_rs)) {
$touser_r = fetch_user_r($user_id);
if (is_not_empty_array($touser_r)) {
if (opendb_user_email($touser_r['user_id'], $from_userid, $subject, $message, $errors)) {
$success[] = $touser_r['fullname'] . " (" . $user_id . ")";
} else {
$failures[] = array(user => $touser_r['fullname'] . " (" . $user_id . ")", error => $errors);
}
$errors = NULL;
}
}
if (is_not_empty_array($success)) {
echo "<p class=\"success\">" . get_opendb_lang_var('message_sent_to') . ": <ul>";
while (list(, $touser) = each($success)) {
echo "<li class=\"smsuccess\">" . $touser . "</li>";
}
echo "</ul></p>";
}
if (is_not_empty_array($failures)) {
echo "<p class=\"error\">" . get_opendb_lang_var('message_not_sent_to') . ": <ul>";
while (list(, $failure_r) = each($failures)) {
echo "<li class=\\smerror\">" . $failure_r['user'] . format_error_block($failure_r['error']) . "</li>";
}
echo "</ul></p>";
}
return TRUE;
}
function register_user_login($user_id, $doRememberMe = FALSE, $isRememberMeLogin = FALSE)
{
$time = time();
$_SESSION['login_time'] = $time;
$_SESSION['last_access_time'] = $time;
$user_r = fetch_user_r($user_id);
$_SESSION['user_id'] = $user_id;
if ($doRememberMe) {
$_SESSION['remember_me'] = 'true';
}
if ($isRememberMeLogin) {
$_SESSION['login_method'] = 'remember_me';
} else {
$_SESSION['login_method'] = 'normal';
}
// Now register security hash, so we can compare.
$_SESSION['hash_check'] = get_opendb_config_var('site', 'security_hash');
// Get the previous last visit so we can use in whats new page.
$_SESSION['login_lastvisit'] = fetch_user_lastvisit($user_id);
// Not much we can do if it does not update.
update_user_lastvisit($user_id);
}
function has_role_permission($role_name)
{
$user_r = fetch_user_r(get_opendb_session_var('user_id'));
if ($user_r['user_role'] == null) {
// Explicitly set role name to public access by default.
$user_r['user_role'] = get_public_access_rolename();
}
$role_r = fetch_role_r($role_name);
if ($role_r['priority'] == null || $role_r['priority'] == '') {
// Explicitly set permission to lowest value by default.
$role_r['priority'] = 0;
}
$user_role_r = fetch_role_r($user_r['user_role']);
if ($role_r['priority'] <= $user_role_r['priority']) {
return true;
} else {
return false;
}
}
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// This must be first - includes config.php
require_once "./include/begin.inc.php";
include_once "./lib/database.php";
include_once "./lib/auth.php";
include_once "./lib/logging.php";
include_once "./lib/widgets.php";
include_once "./lib/http.php";
include_once "./lib/importcache.php";
if (is_user_admin_changed_user()) {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'Administrator logging out change user');
$user_r = fetch_user_r(get_opendb_session_var('admin_user_id'));
register_opendb_session_var('user_id', get_opendb_session_var('admin_user_id'));
unregister_opendb_session_var('admin_user_id');
opendb_redirect('index.php');
} else {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User logged out');
if (strlen(get_opendb_session_var('user_id')) > 0) {
import_cache_delete_for_user(get_opendb_session_var('user_id'));
}
@session_destroy();
$params = session_get_cookie_params();
setcookie(session_name(), '', 0, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
remove_opendb_remember_me();
opendb_redirect('index.php');
}
// Cleanup after begin.inc.php