/** * Triggered on loc_begin_index * * Perform user logout after registration if account locked and redirection to profile page is password renewal is set */ function PP_Init() { global $conf, $user; include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $conf_PP = unserialize($conf['PasswordPolicy']); // Perfoming redirection for locked accounts // ----------------------------------------- if (!is_a_guest() and $user['username'] != "16" and $user['username'] != "18") { // Perform user logout if user account is locked if (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true' and PP_UsrBlock_Verif($user['username']) and !is_admin() and !is_webmaster()) { invalidate_user_cache(); logout_user(); if ($conf['guest_access']) { redirect(make_index_url() . '?PP_msg=locked', 0); } else { redirect(get_root_url() . 'identification.php?PP_msg=locked', 0); } } } // Performing redirection to profile page for password reset // --------------------------------------------------------- if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') { $query = ' SELECT user_id, status FROM ' . USER_INFOS_TABLE . ' WHERE user_id = ' . $user['id'] . ' ;'; $data = pwg_db_fetch_assoc(pwg_query($query)); if ($data['status'] != "webmaster" and $data['status'] != "generic") { if (PP_check_pwdreset($user['id'])) { redirect(PHPWG_ROOT_PATH . 'profile.php'); } } } }
$tabsheet->assign(); include_once LOCALEDIT_PATH . 'include/' . $page['tab'] . '.inc.php'; // +-----------------------------------------------------------------------+ // | Load backup file // +-----------------------------------------------------------------------+ if (isset($_POST['restore'])) { $content_file = file_get_contents(get_bak_file($edited_file)); $page['infos'][] = l10n('locfiledit_bak_loaded1'); $page['infos'][] = l10n('locfiledit_bak_loaded2'); } // +-----------------------------------------------------------------------+ // | Save file // +-----------------------------------------------------------------------+ if (isset($_POST['submit'])) { check_pwg_token(); if (!is_webmaster()) { $page['errors'][] = l10n('locfiledit_webmaster_only'); } else { $content_file = stripslashes($_POST['text']); if (get_extension($edited_file) == 'php') { $content_file = eval_syntax($content_file); } if ($content_file === false) { $page['errors'][] = l10n('locfiledit_syntax_error'); } else { if ($page['tab'] == 'plug' and !is_dir(PHPWG_PLUGINS_PATH . 'PersonalPlugin')) { @mkdir(PHPWG_PLUGINS_PATH . "PersonalPlugin"); } if (file_exists($edited_file)) { @copy($edited_file, get_bak_file($edited_file)); $page['infos'][] = l10n('locfiledit_saved_bak', substr(get_bak_file($edited_file), 2));
/** * API method * Updates users * @param mixed[] $params * @option int[] user_id * @option string username (optional) * @option string password (optional) * @option string email (optional) * @option string status (optional) * @option int level (optional) * @option string language (optional) * @option string theme (optional) * @option int nb_image_page (optional) * @option int recent_period (optional) * @option bool expand (optional) * @option bool show_nb_comments (optional) * @option bool show_nb_hits (optional) * @option bool enabled_high (optional) */ function ws_users_setInfo($params, &$service) { if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } global $conf, $user; include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $updates = $updates_infos = array(); $update_status = null; if (count($params['user_id']) == 1) { if (get_username($params['user_id'][0]) === false) { return new PwgError(WS_ERR_INVALID_PARAM, 'This user does not exist.'); } if (!empty($params['username'])) { $user_id = get_userid($params['username']); if ($user_id and $user_id != $params['user_id'][0]) { return new PwgError(WS_ERR_INVALID_PARAM, l10n('this login is already used')); } if ($params['username'] != strip_tags($params['username'])) { return new PwgError(WS_ERR_INVALID_PARAM, l10n('html tags are not allowed in login')); } $updates[$conf['user_fields']['username']] = $params['username']; } if (!empty($params['email'])) { if (($error = validate_mail_address($params['user_id'][0], $params['email'])) != '') { return new PwgError(WS_ERR_INVALID_PARAM, $error); } $updates[$conf['user_fields']['email']] = $params['email']; } if (!empty($params['password'])) { $updates[$conf['user_fields']['password']] = $conf['password_hash']($params['password']); } } if (!empty($params['status'])) { if (in_array($params['status'], array('webmaster', 'admin')) and !is_webmaster()) { return new PwgError(403, 'Only webmasters can grant "webmaster/admin" status'); } if (!in_array($params['status'], array('guest', 'generic', 'normal', 'admin', 'webmaster'))) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status'); } $protected_users = array($user['id'], $conf['guest_id'], $conf['webmaster_id']); // an admin can't change status of other admin/webmaster if ('admin' == $user['status']) { $query = ' SELECT user_id FROM ' . USER_INFOS_TABLE . ' WHERE status IN (\'webmaster\', \'admin\') ;'; $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); } // status update query is separated from the rest as not applying to the same // set of users (current, guest and webmaster can't be changed) $params['user_id_for_status'] = array_diff($params['user_id'], $protected_users); $update_status = $params['status']; } if (!empty($params['level']) or @$params['level'] === 0) { if (!in_array($params['level'], $conf['available_permission_levels'])) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid level'); } $updates_infos['level'] = $params['level']; } if (!empty($params['language'])) { if (!in_array($params['language'], array_keys(get_languages()))) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid language'); } $updates_infos['language'] = $params['language']; } if (!empty($params['theme'])) { if (!in_array($params['theme'], array_keys(get_pwg_themes()))) { return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid theme'); } $updates_infos['theme'] = $params['theme']; } if (!empty($params['nb_image_page'])) { $updates_infos['nb_image_page'] = $params['nb_image_page']; } if (!empty($params['recent_period']) or @$params['recent_period'] === 0) { $updates_infos['recent_period'] = $params['recent_period']; } if (!empty($params['expand']) or @$params['expand'] === false) { $updates_infos['expand'] = boolean_to_string($params['expand']); } if (!empty($params['show_nb_comments']) or @$params['show_nb_comments'] === false) { $updates_infos['show_nb_comments'] = boolean_to_string($params['show_nb_comments']); } if (!empty($params['show_nb_hits']) or @$params['show_nb_hits'] === false) { $updates_infos['show_nb_hits'] = boolean_to_string($params['show_nb_hits']); } if (!empty($params['enabled_high']) or @$params['enabled_high'] === false) { $updates_infos['enabled_high'] = boolean_to_string($params['enabled_high']); } // perform updates single_update(USERS_TABLE, $updates, array($conf['user_fields']['id'] => $params['user_id'][0])); if (isset($update_status) and count($params['user_id_for_status']) > 0) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET status = "' . $update_status . '" WHERE user_id IN(' . implode(',', $params['user_id_for_status']) . ') ;'; pwg_query($query); } if (count($updates_infos) > 0) { $query = ' UPDATE ' . USER_INFOS_TABLE . ' SET '; $first = true; foreach ($updates_infos as $field => $value) { if (!$first) { $query .= ', '; } else { $first = false; } $query .= $field . ' = "' . $value . '"'; } $query .= ' WHERE user_id IN(' . implode(',', $params['user_id']) . ') ;'; pwg_query($query); } // manage association to groups if (!empty($params['group_id'])) { $query = ' DELETE FROM ' . USER_GROUP_TABLE . ' WHERE user_id IN (' . implode(',', $params['user_id']) . ') ;'; pwg_query($query); // we remove all provided groups that do not really exist $query = ' SELECT id FROM ' . GROUPS_TABLE . ' WHERE id IN (' . implode(',', $params['group_id']) . ') ;'; $group_ids = array_from_query($query, 'id'); // if only -1 (a group id that can't exist) is in the list, then no // group is associated if (count($group_ids) > 0) { $inserts = array(); foreach ($group_ids as $group_id) { foreach ($params['user_id'] as $user_id) { $inserts[] = array('user_id' => $user_id, 'group_id' => $group_id); } } mass_inserts(USER_GROUP_TABLE, array_keys($inserts[0]), $inserts); } } invalidate_user_cache(); return $service->invoke('pwg.users.getList', array('user_id' => $params['user_id'], 'display' => 'basics,' . implode(',', array_keys($updates_infos)))); }
/** * API method * Ignore an update * @param mixed[] $params * @option string type (optional) * @option string id (optional) * @option bool reset * @option string pwg_token */ function ws_extensions_ignoreupdate($params, $service) { global $conf; define('IN_ADMIN', true); include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; if (!is_webmaster()) { return new PwgError(401, 'Access denied'); } if (get_pwg_token() != $params['pwg_token']) { return new PwgError(403, 'Invalid security token'); } $conf['updates_ignored'] = unserialize($conf['updates_ignored']); // Reset ignored extension if ($params['reset']) { if (!empty($params['type']) and isset($conf['updates_ignored'][$params['type']])) { $conf['updates_ignored'][$params['type']] = array(); } else { $conf['updates_ignored'] = array('plugins' => array(), 'themes' => array(), 'languages' => array()); } conf_update_param('updates_ignored', pwg_db_real_escape_string(serialize($conf['updates_ignored']))); unset($_SESSION['extensions_need_update']); return true; } if (empty($params['id']) or empty($params['type']) or !in_array($params['type'], array('plugins', 'themes', 'languages'))) { return new PwgError(403, 'Invalid parameters'); } // Add or remove extension from ignore list if (!in_array($params['id'], $conf['updates_ignored'][$params['type']])) { $conf['updates_ignored'][$params['type']][] = $params['id']; } conf_update_param('updates_ignored', pwg_db_real_escape_string(serialize($conf['updates_ignored']))); unset($_SESSION['extensions_need_update']); return true; }
/** * Triggered on login_success * * Triggers scheduled tasks at login * Redirects a visitor (except for admins, webmasters and generic statuses) to his profile.php page (Thx to LucMorizur) * */ function UAM_LoginTasks() { global $conf, $user; include_once PHPWG_ROOT_PATH . 'admin/include/functions.php'; $conf_UAM = unserialize($conf['UserAdvManager']); // Performing GhostTracker scheduled tasks // --------------------------------------- if (isset($conf_UAM['GTAUTO']) and $conf_UAM['GTAUTO'] == 'true') { UAM_GT_ScheduledTasks(); } // Performing User validation scheduled tasks // ------------------------------------------ if (isset($conf_UAM['CONFIRM_MAIL']) and $conf_UAM['CONFIRM_MAIL'] == 'true' and (isset($conf_UAM['USRAUTO']) and $conf_UAM['USRAUTO'] == 'true')) { UAM_USR_ScheduledTasks(); } // Avoid login into private galleries until registration confirmation is done if (isset($conf_UAM['REJECTCONNECT']) and $conf_UAM['REJECTCONNECT'] == 'false' or isset($conf_UAM['REJECTCONNECT']) and $conf_UAM['REJECTCONNECT'] == 'true' and UAM_UsrReg_Verif($user['id']) or !is_admin() and !is_webmaster()) { // Performing redirection to profile page on first login // ----------------------------------------------------- if (isset($conf_UAM['REDIRTOPROFILE']) and $conf_UAM['REDIRTOPROFILE'] == 'true') { $query = ' SELECT user_id, status FROM ' . USER_INFOS_TABLE . ' WHERE user_id = ' . $user['id'] . ' ;'; $data = pwg_db_fetch_assoc(pwg_query($query)); if ($data['status'] != "admin" and $data['status'] != "webmaster" and $data['status'] != "generic") { $user_idsOK = array(); if (!UAM_check_profile($user['id'], $user_idsOK)) { redirect(PHPWG_ROOT_PATH . 'profile.php'); } } } } elseif (isset($conf_UAM['REJECTCONNECT']) and $conf_UAM['REJECTCONNECT'] == 'true' and !UAM_UsrReg_Verif($user['id']) and !is_admin() and !is_webmaster()) { // Logged-in user cleanup, session destruction and redirected to custom page // ------------------------------------------------------------------------- invalidate_user_cache(); logout_user(); if ($conf['guest_access']) { redirect(make_index_url() . '?UAM_msg=rejected', 0); } else { redirect(get_root_url() . 'identification.php?UAM_msg=rejected', 0); } } }