/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { // Address global $emadr_address; param_string_not_empty('emadr_address', T_('Please enter email address.')); $emadr_address = utf8_strtolower(get_param('emadr_address')); param_check_email('emadr_address', true); if ($existing_emadr_ID = $this->dbexists('emadr_address', get_param('emadr_address'))) { // Check if a email address already exists with the same address global $admin_url; param_error('emadr_address', sprintf(T_('This email address already exists. Do you want to <a %s>edit the existing email address</a>?'), 'href="' . $admin_url . '?ctrl=email&tab=blocked&emadr_ID=' . $existing_emadr_ID . '"')); } $this->set_from_Request('address'); // Status $emadr_status = param('emadr_status', 'string', true); if (!empty($emadr_status)) { $this->set('status', $emadr_status); } // Sent count param('emadr_sent_count', 'integer', ''); param_check_number('emadr_sent_count', T_('The count must be a number.'), true); $this->set_from_Request('sent_count', 'emadr_sent_count', true); // Sent count since last error param('emadr_sent_last_returnerror', 'integer', ''); param_check_number('emadr_sent_last_returnerror', T_('The count must be a number.'), true); $this->set_from_Request('sent_last_returnerror', 'emadr_sent_last_returnerror', true); // Permanent errors count param('emadr_prmerror_count', 'integer', ''); param_check_number('emadr_prmerror_count', T_('The count must be a number.'), true); $this->set_from_Request('prmerror_count', 'emadr_prmerror_count', true); // Permanent errors count param('emadr_tmperror_count', 'integer', ''); param_check_number('emadr_tmperror_count', T_('The count must be a number.'), true); $this->set_from_Request('tmperror_count', 'emadr_tmperror_count', true); // Permanent errors count param('emadr_spamerror_count', 'integer', ''); param_check_number('emadr_spamerror_count', T_('The count must be a number.'), true); $this->set_from_Request('spamerror_count', 'emadr_spamerror_count', true); // Permanent errors count param('emadr_othererror_count', 'integer', ''); param_check_number('emadr_othererror_count', T_('The count must be a number.'), true); $this->set_from_Request('othererror_count', 'emadr_othererror_count', true); return !param_errors_detected(); }
$Messages->add(T_('You have to be logged in to request an account validation link.'), 'error'); $action = ''; break; } if (check_user_status('is_validated')) { // Activation not required (check this after login, so it does not get "announced") $action = ''; break; } param('req_validatemail_submit', 'integer', 0); // has the form been submitted $email = utf8_strtolower(param($dummy_fields['email'], 'string', $current_User->email)); // the email address is editable if ($req_validatemail_submit) { // Form has been submitted param_check_email($dummy_fields['email'], true); // check if user email was changed $email_changed = $current_User->get('email') != $email; // check if we really needs to send a new validation email if (!$email_changed) { // the email was not changed $last_activation_email_date = $UserSettings->get('last_activation_email', $current_User->ID); if (!empty($last_activation_email_date)) { // at least one validation email was sent // convert date to timestamp $last_activation_email_ts = mysql2timestamp($last_activation_email_date); $activate_requests_limit = $Settings->get('activate_requests_limit'); if ($servertimenow - $last_activation_email_ts < $activate_requests_limit) { // a validation email was sent to the same email address less then the x seconds, where x is the "Activation requests limit" value // get difference between local time and server time $time_difference = $Settings->get('time_difference');
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { global $DB, $Settings, $UserSettings, $GroupCache, $Messages, $action; global $current_User, $Session, $localtimenow; $is_new_user = $this->ID == 0; // ---- Login checking / START ---- $edited_user_login = param('edited_user_login', 'string'); if (empty($edited_user_login)) { // Empty login param_error('edited_user_login', T_('Please enter your login.')); } param_check_valid_login('edited_user_login'); $UserCache =& get_UserCache(); $UserLogin = $UserCache->get_by_login($edited_user_login); if ($UserLogin && $UserLogin->ID != $this->ID) { // The login is already registered $login_error_message = T_('This login already exists.'); if ($current_User->check_perm('users', 'edit')) { $login_error_message = sprintf(T_('This login «%s» already exists. Do you want to <a %s>edit the existing user</a>?'), $edited_user_login, 'href="' . get_user_settings_url('profile', $UserLogin->ID) . '"'); } param_error('edited_user_login', $login_error_message); } if (!param_has_error('edited_user_login')) { // We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes: $this->set_from_Request('login', 'edited_user_login', true, 'utf8_strtolower'); } // ---- Login checking / END ---- $is_identity_form = param('identity_form', 'boolean', false); $is_admin_form = param('admin_form', 'boolean', false); $has_full_access = $current_User->check_perm('users', 'edit'); $has_moderate_access = $current_User->check_perm('users', 'moderate'); // ******* Admin form or new user create ******* // // In both cases current user must have users edit permission! if (($is_admin_form || $is_identity_form && $is_new_user) && $has_moderate_access) { // level/group and email options are displayed on identity form only when creating a new user. if ($this->ID != 1) { // the admin user group can't be changed param_integer_range('edited_user_level', 0, 10, T_('User level must be between %d and %d.')); $this->set_from_Request('level', 'edited_user_level', true); $edited_user_Group = $GroupCache->get_by_ID(param('edited_user_grp_ID', 'integer')); if ($has_full_access || $has_moderate_access && $edited_user_Group->get('level') < $current_User->get_Group()->get('level')) { $this->set_Group($edited_user_Group); } } param('edited_user_source', 'string', true); $this->set_from_Request('source', 'edited_user_source', true); // set email, without changing the user status $edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true)); param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.')); param_check_email('edited_user_email', true); $this->set_email($edited_user_email, false); if ($is_admin_form) { // Admin form $notification_sender_email = utf8_strtolower(param('notification_sender_email', 'string', true)); param_check_email('notification_sender_email'); if (!empty($notification_sender_email)) { // Change a value of setting $UserSettings->set('notification_sender_email', $notification_sender_email, $this->ID); } elseif ($UserSettings->get('notification_sender_email', $this->ID) != '') { // Delete a setting record from DB $UserSettings->delete('notification_sender_email', $this->ID); } $notification_sender_name = param('notification_sender_name', 'string', true); if (!empty($notification_sender_name)) { // Change a value of setting $UserSettings->set('notification_sender_name', $notification_sender_name, $this->ID); } elseif ($UserSettings->get('notification_sender_name', $this->ID) != '') { // Delete a setting record from DB $UserSettings->delete('notification_sender_name', $this->ID); } if ($has_full_access && !isset($this->dbchanges['user_email'])) { // If email address is not changed // Update status of email address in the T_email_address table $edited_email_status = param('edited_email_status', 'string'); $EmailAddressCache =& get_EmailAddressCache(); $EmailAddress =& $EmailAddressCache->get_by_name($this->get('email'), false, false); if (!$EmailAddress && $edited_email_status != 'unknown') { // Create new record in the T_email_address table $EmailAddress = new EmailAddress(); $EmailAddress->set('address', $this->get('email')); } if (!empty($EmailAddress)) { // Save status of an email address $EmailAddress->set('status', $edited_email_status); $EmailAddress->dbsave(); } } if ($current_User->check_perm('spamblacklist', 'edit')) { // User can edit IP ranges // Update status of IP range in DB $edited_iprange_status = param('edited_iprange_status', 'string'); $IPRangeCache =& get_IPRangeCache(); $IPRange =& $IPRangeCache->get_by_ip(int2ip($UserSettings->get('created_fromIPv4', $this->ID))); if (!$IPRange && !empty($edited_iprange_status)) { // IP range doesn't exist in DB, Create new record $ip_24bit_start = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.0', int2ip($UserSettings->get('created_fromIPv4', $this->ID)))); $ip_24bit_end = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.255', int2ip($UserSettings->get('created_fromIPv4', $this->ID)))); $IPRange = new IPRange(); $IPRange->set('IPv4start', $ip_24bit_start); $IPRange->set('IPv4end', $ip_24bit_end); $IPRange->set('user_count', 1); } if ($IPRange) { // Save status of IP range if ($IPRange->get('status') != 'blocked' && $edited_iprange_status == 'blocked') { // Status was changed to blocked, we should increase counter $IPRange->set('block_count', $IPRange->block_count + 1); } else { if ($IPRange->get('status') == 'blocked' && $edited_iprange_status != 'blocked') { // Status was changed from blocked to another, we should decrease counter $IPRange->set('block_count', $IPRange->block_count - 1); } } $IPRange->set('status', $edited_iprange_status, true); $IPRange->dbsave(); } } if ($current_User->check_perm('stats', 'edit')) { // User can edit Domains $DomainCache =& get_DomainCache(); // Update status of Domain in DB $edited_domain_status = param('edited_domain_status', 'string'); $user_domain = $UserSettings->get('user_domain', $this->ID); $Domain =& $DomainCache->get_by_name($user_domain, false, false); if (!$Domain && $edited_domain_status != 'unknown' && !empty($user_domain)) { // Domain doesn't exist in DB, Create new record $Domain = new Domain(); $Domain->set('name', $user_domain); } if ($Domain) { // Save status of Domain $Domain->set('status', $edited_domain_status, true); $Domain->dbsave(); } // Update status of Initial referer in DB load_funcs('sessions/model/_hitlog.funcs.php'); $edited_initial_referer_status = param('edited_initial_referer_status', 'string'); $initial_referer = $UserSettings->get('initial_referer', $this->ID); $initial_referer_domain = url_part($initial_referer, 'host'); $Domain =& get_Domain_by_url($initial_referer); if (!$Domain && $edited_initial_referer_status != 'unknown' && !empty($initial_referer_domain)) { // Domain doesn't exist in DB, Create new record $Domain = new Domain(); $Domain->set('name', $initial_referer_domain); } if ($Domain) { // Save status of Domain $Domain->set('status', $edited_initial_referer_status, true); $Domain->dbsave(); } } } } // ******* Identity form ******* // if ($is_identity_form) { $can_edit_users = $current_User->check_perm('users', 'edit'); $edited_user_perms = array('edited-user', 'edited-user-required'); global $edited_user_age_min, $edited_user_age_max; param('edited_user_age_min', 'string', true); param('edited_user_age_max', 'string', true); param_check_interval('edited_user_age_min', 'edited_user_age_max', T_('Age must be a number.'), T_('The first age must be lower than (or equal to) the second.')); if (!param_has_error('edited_user_age_min') && $Settings->get('minimum_age') > 0 && !empty($edited_user_age_min) && $edited_user_age_min < $Settings->get('minimum_age')) { // Limit user by minimum age param_error('edited_user_age_min', sprintf(T_('You must be at least %d years old to use this service.'), $Settings->get('minimum_age'))); } $this->set_from_Request('age_min', 'edited_user_age_min', true); $this->set_from_Request('age_max', 'edited_user_age_max', true); $firstname_editing = $Settings->get('firstname_editing'); if (in_array($firstname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $firstname_editing != 'hidden' && $can_edit_users) { // User has a permissions to save Firstname param('edited_user_firstname', 'string', true); if ($firstname_editing == 'edited-user-required') { // First name is required if ($can_edit_users) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_firstname', T_('Please enter your first name.'), 'note'); } else { // Display an error message param_check_not_empty('edited_user_firstname', T_('Please enter your first name.')); } } $this->set_from_Request('firstname', 'edited_user_firstname', true); } $lastname_editing = $Settings->get('lastname_editing'); if (in_array($lastname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $lastname_editing != 'hidden' && $can_edit_users) { // User has a permissions to save Lastname param('edited_user_lastname', 'string', true); if ($lastname_editing == 'edited-user-required') { // Last name is required if ($can_edit_users) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_lastname', T_('Please enter last name.'), 'note'); } else { // Display an error message param_check_not_empty('edited_user_lastname', T_('Please enter last name.')); } } $this->set_from_Request('lastname', 'edited_user_lastname', true); } $nickname_editing = $Settings->get('nickname_editing'); if (in_array($nickname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $nickname_editing != 'hidden' && $can_edit_users) { // User has a permissions to save Nickname param('edited_user_nickname', 'string', true); if ($nickname_editing == 'edited-user-required') { // Nickname is required if ($can_edit_users) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_nickname', T_('Please enter your nickname.'), 'note'); } else { // Display an error message param_check_not_empty('edited_user_nickname', T_('Please enter your nickname.')); } } $this->set_from_Request('nickname', 'edited_user_nickname', true); } param('edited_user_gender', 'string', ''); if (param_check_gender('edited_user_gender', $Settings->get('registration_require_gender') == 'required')) { $this->set_from_Request('gender', 'edited_user_gender', true); } // ---- Locations / START ---- load_funcs('regional/model/_regional.funcs.php'); if (user_country_visible()) { // Save country $country_ID = param('edited_user_ctry_ID', 'integer', true); $country_is_required = $Settings->get('location_country') == 'required' && countries_exist(); if ($country_is_required && $can_edit_users && $country_ID == 0) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_ctry_ID', T_('Please select a country.'), 'note'); } else { // Display an error message param_check_number('edited_user_ctry_ID', T_('Please select a country.'), $country_is_required); } $this->set_from_Request('ctry_ID', 'edited_user_ctry_ID', true); } if (user_region_visible()) { // Save region $region_ID = param('edited_user_rgn_ID', 'integer', true); $region_is_required = $Settings->get('location_region') == 'required' && regions_exist($country_ID); if ($region_is_required && $can_edit_users && $region_ID == 0) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_rgn_ID', T_('Please select a region.'), 'note'); } else { // Display an error message param_check_number('edited_user_rgn_ID', T_('Please select a region'), $region_is_required); } $this->set_from_Request('rgn_ID', 'edited_user_rgn_ID', true); } if (user_subregion_visible()) { // Save subregion $subregion_ID = param('edited_user_subrg_ID', 'integer', true); $subregion_is_required = $Settings->get('location_subregion') == 'required' && subregions_exist($region_ID); if ($subregion_is_required && $can_edit_users && $subregion_ID == 0) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_subrg_ID', T_('Please select a sub-region.'), 'note'); } else { // Display an error message param_check_number('edited_user_subrg_ID', T_('Please select a sub-region.'), $subregion_is_required); } $this->set_from_Request('subrg_ID', 'edited_user_subrg_ID', true); } if (user_city_visible()) { // Save city $city_ID = param('edited_user_city_ID', 'integer', true); $city_is_required = $Settings->get('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID); if ($city_is_required && $can_edit_users && $city_ID == 0) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_city_ID', T_('Please select a city.'), 'note'); } else { // Display an error message param_check_number('edited_user_city_ID', T_('Please select a city.'), $city_is_required); } $this->set_from_Request('city_ID', 'edited_user_city_ID', true); } // ---- Locations / END ---- // ---- Organizations / START ---- $organizations = param('organizations', 'array:string'); $org_roles = param('org_roles', 'array:string'); $this->update_organizations($organizations, $org_roles); // ---- Organizations / END ---- // ---- Additional Fields / START ---- // Load all defined userfields for following checking of required fields $this->userfield_defs_load(); // EXPERIMENTAL user fields & EXISTING fields: // Get indices of existing userfields: $userfield_IDs = $DB->get_results(' SELECT uf_ID, uf_ufdf_ID FROM T_users__fields WHERE uf_user_ID = ' . $this->ID); foreach ($userfield_IDs as $userfield) { if (!isset($this->userfield_defs[$userfield->uf_ufdf_ID])) { // If user field definition doesn't exist in DB then delete field value of this user: $this->userfield_update($userfield->uf_ID, NULL); continue; } $field_type = $this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'text' ? 'text' : 'string'; $uf_val = param('uf_' . $userfield->uf_ID, $field_type, ''); if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'list' && $uf_val == '---') { // Option list has a value '---' for empty value $uf_val = ''; } $uf_val = trim(strip_tags($uf_val)); if (empty($uf_val) && $this->userfield_defs[$userfield->uf_ufdf_ID][2] == 'require') { // Display error for empty required field if ($current_User->check_perm('users', 'edit')) { // Display a note message if user can edit all users param_add_message_to_Log('uf_' . $userfield->uf_ID, sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$userfield->uf_ufdf_ID][1]), 'note'); } else { // Display an error message param_error('uf_' . $userfield->uf_ID, T_('Please enter a value.')); } } else { // Update field if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'url') { // Check url fields param_check_url('uf_' . $userfield->uf_ID, 'commenting'); } if ($this->userfield_defs[$userfield->uf_ufdf_ID][4] == 'list') { // Option "Multiple values" == "List style" // Split by comma and save each phrase as separate field $uf_val = explode(',', $uf_val); foreach ($uf_val as $v => $val) { $val = trim($val); if ($v == 0) { // Update field with first value $this->userfield_update($userfield->uf_ID, $val); } else { if (!empty($val)) { // Add a new field for new values $this->userfield_add($userfield->uf_ufdf_ID, $val); } } } } else { // Forbidden & Allowed fields $this->userfield_update($userfield->uf_ID, $uf_val); } } } // Duplicate fields: if ($is_new_user) { $user_id = param('orig_user_ID', 'integer', 0); if ($user_id !== 0) { $userfield_IDs = $DB->get_results(' SELECT uf_ID, uf_ufdf_ID FROM T_users__fields WHERE uf_user_ID = ' . $user_id); foreach ($userfield_IDs as $userfield_ID) { $uf_val = param('uf_' . $userfield_ID->uf_ID, 'string', ''); $uf_type = $userfield_ID->uf_ufdf_ID; if (!empty($uf_val)) { $this->userfield_add($uf_type, $uf_val); } } } } $uf_new_fields = param('uf_new', 'array:array:string'); // Recommended & required fields (it still not saved in DB) $uf_add_fields = param('uf_add', 'array:array:string'); // Added fields // Add a new field: (JS is not enabled) if ($action == 'add_field') { // Button 'Add' new field is pressed $new_field_type = param('new_field_type', 'integer', 0); if (empty($new_field_type)) { // We cannot add a new field without type param_error('new_field_type', T_('Please select a field type.')); } else { // Save an adding field(in the array) to display it again if errors will be exist $new_field_type_exists = false; if ($this->userfield_defs[$new_field_type][4] == 'allowed' || $this->userfield_defs[$new_field_type][4] == 'list') { // This field can be duplicated global $add_field_types; $add_field_types = array($new_field_type); } else { // We should to solve we can add this field or don't if (!isset($uf_new_fields[$new_field_type]) && !isset($uf_add_fields[$new_field_type])) { // User is adding this field first time if (is_array($userfield_IDs) && count($userfield_IDs) > 0) { // User has fields that saved in DB foreach ($userfield_IDs as $userfield) { if ($userfield->uf_ufdf_ID == $new_field_type) { // New adding field already exists for current user in DB $new_field_type_exists = true; break; } } } if (!$new_field_type_exists) { // Field doesn't still exist for current user global $add_field_types; $add_field_types = array($new_field_type); } } else { // Field exists, no duplicates available $new_field_type_exists = true; } if ($new_field_type_exists) { // Field already is added for current user, we should display error about this param_error('new_field_type', T_('You already added this field, please select another.')); } } if (!$new_field_type_exists) { // Mark a new field to enter a value param_error('uf_add[' . $new_field_type . '][]', T_('Please enter a value in this new field.')); } } } // Save a New recommended & require fields AND Adding fields if (count($uf_new_fields) > 0 || count($uf_add_fields) > 0) { $uf_fields = array('new' => $uf_new_fields, 'add' => $uf_add_fields); foreach ($uf_fields as $uf_type => $uf_new_fields) { if ($uf_type == 'add') { // Save an adding fields to display it again if errors will be exist global $add_field_types; if (!isset($add_field_types)) { // Don't rewrite already existing array $add_field_types = array(); } } foreach ($uf_new_fields as $uf_new_id => $uf_new_vals) { foreach ($uf_new_vals as $uf_new_val) { if ($this->userfield_defs[$uf_new_id][0] == 'list' && $uf_new_val == '---') { // Option list has a value '---' for empty value $uf_new_val = ''; } $uf_new_val = trim(strip_tags($uf_new_val)); if ($uf_new_val != '') { // Insert a new field in DB if it is filled if ($this->userfield_defs[$uf_new_id][0] == 'url') { // Check url fields param_check_url('uf_' . $uf_type . '[' . $uf_new_id . '][]', 'commenting'); } if ($this->userfield_defs[$uf_new_id][4] == 'list') { // Option "Multiple values" == "List style" // Split by comma and save each phrase as separate field $uf_new_val = explode(',', $uf_new_val); foreach ($uf_new_val as $val) { $val = trim($val); if (!empty($val)) { // Exclude empty values(spaces) $this->userfield_add((int) $uf_new_id, $val); } } } else { // Forbidden & Allowed fields $this->userfield_add((int) $uf_new_id, $uf_new_val); } } elseif (empty($uf_new_val) && $this->userfield_defs[$uf_new_id][2] == 'require') { // Display error for empty required field & new adding field if ($current_User->check_perm('users', 'edit')) { // Display a note message if user can edit all users param_add_message_to_Log('uf_' . $uf_type . '[' . $uf_new_id . '][]', sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$uf_new_id][1]), 'note'); } else { // Display an error message param_error('uf_' . $uf_type . '[' . $uf_new_id . '][]', T_('Please enter a value.')); } } if ($uf_type == 'add') { // Save new added field, it used on the _user_identity.form $add_field_types[] = $uf_new_id; } } } } } // ---- Additional Fields / END ---- // update profileupdate_date, because a publicly visible user property was changed $this->set_profileupdate_date(); } // ******* Password form ******* // $is_password_form = param('password_form', 'boolean', false); if ($is_password_form || $is_new_user) { $reqID = param('reqID', 'string', ''); global $edited_user_pass1, $edited_user_pass2; $edited_user_pass1 = param('edited_user_pass1', 'string', true); $edited_user_pass2 = param('edited_user_pass2', 'string', true); // Remove the invalid chars from password vars $edited_user_pass1 = preg_replace('/[<>&]/', '', $edited_user_pass1); $edited_user_pass2 = preg_replace('/[<>&]/', '', $edited_user_pass2); if ($is_new_user || !empty($reqID) && $reqID == $Session->get('core.changepwd.request_id')) { // current password is not required: // - new user creating process // - password change requested by email if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'))) { // We can set password $this->set_password($edited_user_pass2); } } else { // ******* Password edit form ****** // $current_user_pass = param('current_user_pass', 'string', true); if ($this->ID != $current_User->ID) { // Set the messages when admin changes a password of other user $checkpwd_params = array('msg_pass_new' => T_('Please enter new password.'), 'msg_pass_twice' => T_('Please enter new password twice.')); } else { // Use default messages $checkpwd_params = array(); } if (!strlen($current_user_pass)) { param_error('current_user_pass', T_('Please enter your current password.')); param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params); } else { if ($has_full_access && $this->ID != $current_User->ID) { // Admin is changing a password of other user, Check a password of current admin $pass_to_check = $current_User->pass; $current_user_salt = $current_User->salt; } else { // User is changing own pasword $pass_to_check = $this->pass; $current_user_salt = $this->salt; } if ($pass_to_check == md5($current_user_salt . $current_user_pass, true)) { if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params)) { // We can set password $this->set_password($edited_user_pass2); } } else { param_error('current_user_pass', T_('Your current password is incorrect.')); param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params); } } } } // Used in Preferences & Notifications forms $has_messaging_perm = $this->check_perm('perm_messaging', 'reply'); // ******* Preferences form ******* // $is_preferences_form = param('preferences_form', 'boolean', false); if ($is_preferences_form) { // Other preferences param('edited_user_locale', 'string', true); $this->set_from_Request('locale', 'edited_user_locale', true); // Session timeout $edited_user_timeout_sessions = param('edited_user_timeout_sessions', 'string', NULL); if (isset($edited_user_timeout_sessions) && ($current_User->ID == $this->ID || $current_User->check_perm('users', 'edit'))) { switch ($edited_user_timeout_sessions) { case 'default': $UserSettings->set('timeout_sessions', NULL, $this->ID); break; case 'custom': $UserSettings->set('timeout_sessions', param_duration('timeout_sessions'), $this->ID); break; } } $UserSettings->set('show_online', param('edited_user_showonline', 'integer', 0), $this->ID); } // ******* Notifications form ******* // $is_subscriptions_form = param('subscriptions_form', 'boolean', false); if ($is_subscriptions_form) { if ($action == 'subscribe') { // Do only subscribe to new blog (Don't update the user's settings from the same form) // A selected blog to subscribe $subscribe_blog_ID = param('subscribe_blog', 'integer', 0); // Get checkbox values: $sub_items = param('sub_items_new', 'integer', 0); $sub_comments = param('sub_comments_new', 'integer', 0); // Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something if ($subscribe_blog_ID && ($sub_items || $sub_comments)) { // We need to record values: $DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments ) VALUES ( ' . $DB->quote($subscribe_blog_ID) . ', ' . $DB->quote($this->ID) . ', ' . $DB->quote($sub_items) . ', ' . $DB->quote($sub_comments) . ' )'); $Messages->add(T_('Subscriptions have been changed.'), 'success'); } else { // Display an error message to inform user about incorrect actions $Messages->add(T_('Please select at least one setting to subscribe on the selected blog.'), 'error'); } } else { // Update user's settings // Email communication $edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true)); param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.')); param_check_email('edited_user_email', true); $this->set_email($edited_user_email); // set messaging options if ($has_messaging_perm) { $UserSettings->set('enable_PM', param('PM', 'integer', 0), $this->ID); } $emails_msgform = $Settings->get('emails_msgform'); if ($emails_msgform == 'userset' || $emails_msgform == 'adminset' && $current_User->check_perm('users', 'edit')) { // enable email option is displayed only if user can set or if admin can set and current User is an administrator $UserSettings->set('enable_email', param('email', 'integer', 0), $this->ID); } // Email format $UserSettings->set('email_format', param('edited_user_email_format', 'string', 'auto'), $this->ID); // set notification options if ($has_messaging_perm) { // update 'notify messages' only if user has messaging rights and this option was displayed $UserSettings->set('notify_messages', param('edited_user_notify_messages', 'integer', 0), $this->ID); $UserSettings->set('notify_unread_messages', param('edited_user_notify_unread_messages', 'integer', 0), $this->ID); } if ($this->check_role('post_owner')) { // update 'notify_published_comments' only if user has at least one post or user has right to create new post $UserSettings->set('notify_published_comments', param('edited_user_notify_publ_comments', 'integer', 0), $this->ID); } $is_comment_moderator = $this->check_role('comment_moderator'); if ($is_comment_moderator || $this->check_role('comment_editor')) { // update 'notify_comment_moderation' only if user is comment moderator/editor at least in one blog $UserSettings->set('notify_comment_moderation', param('edited_user_notify_cmt_moderation', 'integer', 0), $this->ID); } if ($this->check_perm('admin', 'restricted', false)) { // update 'notify_meta_comments' only if edited user has a permission to back-office $UserSettings->set('notify_meta_comments', param('edited_user_notify_meta_comments', 'integer', 0), $this->ID); } if ($is_comment_moderator) { // update 'send_cmt_moderation_reminder' only if user is comment moderator at least in one blog $UserSettings->set('send_cmt_moderation_reminder', param('edited_user_send_cmt_moderation_reminder', 'integer', 0), $this->ID); } if ($this->check_role('post_moderator')) { // update 'notify_post_moderation' and 'send_cmt_moderation_reminder' only if user is post moderator at least in one blog $UserSettings->set('notify_post_moderation', param('edited_user_notify_post_moderation', 'integer', 0), $this->ID); $UserSettings->set('send_pst_moderation_reminder', param('edited_user_send_pst_moderation_reminder', 'integer', 0), $this->ID); } if ($this->grp_ID == 1) { $UserSettings->set('send_activation_reminder', param('edited_user_send_activation_reminder', 'integer', 0), $this->ID); } if ($this->check_perm('users', 'edit')) { // edited user has permission to edit all users, save notification preferences $UserSettings->set('notify_new_user_registration', param('edited_user_notify_new_user_registration', 'integer', 0), $this->ID); $UserSettings->set('notify_activated_account', param('edited_user_notify_activated_account', 'integer', 0), $this->ID); $UserSettings->set('notify_closed_account', param('edited_user_notify_closed_account', 'integer', 0), $this->ID); $UserSettings->set('notify_reported_account', param('edited_user_notify_reported_account', 'integer', 0), $this->ID); $UserSettings->set('notify_changed_account', param('edited_user_notify_changed_account', 'integer', 0), $this->ID); } if ($this->check_perm('options', 'edit')) { // edited user has permission to edit options, save notification preferences $UserSettings->set('notify_cronjob_error', param('edited_user_notify_cronjob_error', 'integer', 0), $this->ID); } // Newsletter $UserSettings->set('newsletter_news', param('edited_user_newsletter_news', 'integer', 0), $this->ID); $UserSettings->set('newsletter_ads', param('edited_user_newsletter_ads', 'integer', 0), $this->ID); // Emails limit per day param_integer_range('edited_user_notification_email_limit', 0, 999, T_('Notificaiton email limit must be between %d and %d.')); $UserSettings->set('notification_email_limit', param('edited_user_notification_email_limit', 'integer', 0), $this->ID); param_integer_range('edited_user_newsletter_limit', 0, 999, T_('Newsletter limit must be between %d and %d.')); $UserSettings->set('newsletter_limit', param('edited_user_newsletter_limit', 'integer', 0), $this->ID); /** * Update the subscriptions: */ $subs_blog_IDs = param('subs_blog_IDs', 'string', true); $subs_item_IDs = param('subs_item_IDs', 'string', true); // Work the blogs: $subscription_values = array(); $unsubscribed = array(); $subs_blog_IDs = explode(',', $subs_blog_IDs); foreach ($subs_blog_IDs as $loop_blog_ID) { // Make sure no dirty hack is coming in here: $loop_blog_ID = intval($loop_blog_ID); // Get checkbox values: $sub_items = param('sub_items_' . $loop_blog_ID, 'integer', 0); $sub_comments = param('sub_comments_' . $loop_blog_ID, 'integer', 0); if ($sub_items || $sub_comments) { // We have a subscription for this blog $subscription_values[] = "( {$loop_blog_ID}, {$this->ID}, {$sub_items}, {$sub_comments} )"; } else { // No subscription here: $unsubscribed[] = $loop_blog_ID; } } // Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something if (count($subscription_values)) { // We need to record values: $DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments ) VALUES ' . implode(', ', $subscription_values)); } if (count($unsubscribed)) { // We need to make sure some values are cleared: $DB->query('DELETE FROM T_subscriptions WHERE sub_user_ID = ' . $this->ID . ' AND sub_coll_ID IN (' . implode(', ', $unsubscribed) . ')'); } // Individual post subscriptions if (!empty($subs_item_IDs)) { // user was subscribed to at least one post update notification $subs_item_IDs = explode(',', $subs_item_IDs); $unsubscribed = array(); foreach ($subs_item_IDs as $loop_item_ID) { if (!param('item_sub_' . $loop_item_ID, 'integer', 0)) { // user wants to unsubscribe from this post notifications $unsubscribed[] = $loop_item_ID; } } if (!empty($unsubscribed)) { // unsubscribe list is not empty, delete not wanted subscriptions $DB->query('DELETE FROM T_items__subscriptions WHERE isub_user_ID = ' . $this->ID . ' AND isub_item_ID IN (' . implode(', ', $unsubscribed) . ')'); } } } } // ******* Advanced form ******* // $is_advanced_form = param('advanced_form', 'boolean', false); if ($is_advanced_form) { $UserSettings->set('admin_skin', param('edited_user_admin_skin', 'string'), $this->ID); // Action icon params: param_integer_range('edited_user_action_icon_threshold', 1, 5, T_('The threshold must be between 1 and 5.')); $UserSettings->set('action_icon_threshold', param('edited_user_action_icon_threshold', 'integer', true), $this->ID); param_integer_range('edited_user_action_word_threshold', 1, 5, T_('The threshold must be between 1 and 5.')); $UserSettings->set('action_word_threshold', param('edited_user_action_word_threshold', 'integer'), $this->ID); $UserSettings->set('display_icon_legend', param('edited_user_legend', 'integer', 0), $this->ID); // Set bozo validador activation $UserSettings->set('control_form_abortions', param('edited_user_bozo', 'integer', 0), $this->ID); // Focus on first $UserSettings->set('focus_on_first_input', param('edited_user_focusonfirst', 'integer', 0), $this->ID); // Results per page $edited_user_results_page_size = param('edited_user_results_page_size', 'integer', NULL); if (isset($edited_user_results_page_size)) { $UserSettings->set('results_per_page', $edited_user_results_page_size, $this->ID); } } if ($is_preferences_form || $is_identity_form && $is_new_user) { // Multiple session $multiple_sessions = $Settings->get('multiple_sessions'); if ($multiple_sessions != 'adminset_default_no' && $multiple_sessions != 'adminset_default_yes' || $current_User->check_perm('users', 'edit')) { $UserSettings->set('login_multiple_sessions', param('edited_user_set_login_multiple_sessions', 'integer', 0), $this->ID); } } return !param_errors_detected(); }
$email_text = str_replace(array("\n", "\r", '</p><p>', '<p>', '</p>', '<br>', '<br />', '<br/>'), array('', '', "\n\n", "\n\n", "\n\n", "\n", "\n", "\n"), $email_text); $email_text = strip_tags($email_text); $edited_EmailCampaign->set('email_text', $email_text); $action = 'edit'; $tab = param('current_tab', 'string'); break; case 'test': // Send test email // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('campaign'); // Check permission: $current_User->check_perm('emails', 'edit', true); // Test email address param('test_email_address', 'string', ''); param_string_not_empty('test_email_address', T_('Please enter test email address')); param_check_email('test_email_address', T_('Test email address is incorrect')); // Store test email address in Session $Session->set('test_campaign_email', $test_email_address); $Session->dbsave(); // Check campaign before sending $edited_EmailCampaign->check(true, 'test'); $action = 'edit'; $tab = param('current_tab', 'string'); if (param_errors_detected()) { // Some errors were detected in the campaign's fields or test email address break; } // Send one test email if (!$edited_EmailCampaign->send_email($current_User->ID, $test_email_address, 'test')) { // Sending is failed $Messages->add(T_('Sorry, the test email could not be sent.') . '<br />' . T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error');
} switch ($action) { case 'settings': // Update the email settings // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('emailsettings'); // Check permission: $current_User->check_perm('emails', 'edit', true); /** Email notifications **/ // Sender email address $sender_email = param('notification_sender_email', 'string', ''); param_check_email('notification_sender_email', true); $Settings->set('notification_sender_email', $sender_email); // Return path $return_path = param('notification_return_path', 'string', ''); param_check_email('notification_return_path', true); $Settings->set('notification_return_path', $return_path); // Sender name $sender_name = param('notification_sender_name', 'string', ''); param_check_not_empty('notification_sender_name'); $Settings->set('notification_sender_name', $sender_name); // Site short name $short_name = param('notification_short_name', 'string', ''); param_check_not_empty('notification_short_name'); $Settings->set('notification_short_name', $short_name); // Site long name $Settings->set('notification_long_name', param('notification_long_name', 'string', '')); // Site logo url $Settings->set('notification_logo', param('notification_logo', 'string', '')); /** Settings to decode the returned emails **/ param('repath_enabled', 'boolean', 0);
$Messages->add(T_('You have to be logged in to request an account validation link.'), 'error'); $action = ''; break; } if ($current_User->validated || !$Settings->get('newusers_mustvalidate')) { // validating emails is not activated/necessary (check this after login, so it gets not "announced") $action = ''; break; } param('req_validatemail_submit', 'integer', 0); // has the form been submitted param('email', 'string', $current_User->email); // the email address is editable if ($req_validatemail_submit) { // Form has been submitted param_check_email('email', true); // Call plugin event to allow catching input in general and validating own things from DisplayRegisterFormFieldset event $Plugins->trigger_event('ValidateAccountFormSent'); if ($Messages->count('error')) { break; } // Update user's email: $current_User->set_email($email); if ($current_User->dbupdate()) { $Messages->add(T_('Your profile has been updated.'), 'note'); } if ($current_User->send_validate_email($redirect_to)) { $Messages->add(sprintf(T_('An email has been sent to your email address (%s). Please click on the link therein to validate your account.'), $current_User->dget('email')), 'success'); } else { $Messages->add(T_('Sorry, the email with the link to validate and activate your password could not be sent.') . '<br />' . T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error'); }
case 'nil': // Do nothing break; case 'edit': $AdminUI->title = $AdminUI->title_titlearea = T_('Editing comment') . ' #' . $edited_Comment->ID; break; case 'update': // fp> TODO: $edited_Comment->load_from_Request( true ); if (!$edited_Comment->get_author_User()) { // If this is not a member comment param('newcomment_author', 'string', true); param('newcomment_author_email', 'string'); param('newcomment_author_url', 'string'); param_check_not_empty('newcomment_author', T_('Please enter and author name.'), ''); $edited_Comment->set('author', $newcomment_author); param_check_email('newcomment_author_email', false); $edited_Comment->set('author_email', $newcomment_author_email); param_check_url('newcomment_author_url', 'posting', ''); // Give posting permissions here $edited_Comment->set('author_url', $newcomment_author_url); } // Content: param('content', 'html'); param('post_autobr', 'integer', $comments_use_autobr == 'always' ? 1 : 0); param_check_html('content', T_('Invalid comment text.'), '#', $post_autobr); // Check this is backoffice content (NOT with comment rules) $edited_Comment->set('content', get_param('content')); if ($current_User->check_perm('edit_timestamp')) { // We use user date param_date('comment_issue_date', T_('Please enter a valid comment date.'), true); if (strlen(get_param('comment_issue_date'))) {
param('edited_user_firstname', 'string', true); param('edited_user_lastname', 'string', true); param('edited_user_nickname', 'string', true); param_check_not_empty('edited_user_nickname', T_('Please enter a nickname (can be the same as your login).')); param('edited_user_idmode', 'string', true); param('edited_user_locale', 'string', true); param('edited_user_email', 'string', true); param_check_not_empty('edited_user_email', T_('Please enter an e-mail address.')); param_check_email('edited_user_email', true); param('edited_user_url', 'string', true); param_check_url('edited_user_url', 'commenting'); param('edited_user_icq', 'string', true); param_check_number('edited_user_icq', T_('The ICQ UIN can only be a number, no letters allowed.')); param('edited_user_aim', 'string', true); param('edited_user_msn', 'string', true); param_check_email('edited_user_msn', false); param('edited_user_yim', 'string', true); param('edited_user_allow_msgform', 'integer', 0); param('edited_user_notify', 'integer', 0); param('edited_user_showonline', 'integer', 0); param('edited_user_set_login_multiple_sessions', 'integer', 0); param('edited_user_pass1', 'string', true); param('edited_user_pass2', 'string', true); if (!param_check_passwords('edited_user_pass1', 'edited_user_pass2', $edited_User->ID == 0)) { // passwords not the same or empty: empty them for the form $edited_user_pass1 = ''; $edited_user_pass2 = ''; } $edited_User->set('login', $edited_user_login); $edited_User->set('firstname', $edited_user_firstname); $edited_User->set('lastname', $edited_user_lastname);
/** * Check request for quick installation * Update basic config file from url params * * @return boolean|string TRUE on success, OR error messages */ function check_quick_install_request() { global $config_is_done, $db_config, $install_login, $install_password, $Messages; $admin_login = param('admin_login', 'string', ''); $admin_password = param('admin_password', 'string', ''); if (!empty($admin_login)) { // Try to use an admin login from request: if (param_check_valid_login('admin_login')) { // We can use this login name $install_login = $admin_login; } else { // Display an error message for impossible login name: $Messages->add(sprintf('ERROR: Impossible to use "%s" for the admin account. Using "admin" instead.', $admin_login)); } } if (!empty($admin_password) && param_check_passwords('admin_password', 'admin_password', false, 5)) { // Set admin password from request: $install_password = $admin_password; } if ($config_is_done) { // Config is already done, Don't use url params to update basic config file return true; } // DB Access: $db_user = param('db_user', 'string', ''); $db_password = param('db_password', 'raw', ''); $db_name = param('db_name', 'string', ''); $db_host = param('db_host', 'string', ''); $db_tableprefix = param('db_tableprefix', 'string', ''); // Admin e-mail: global $admin_email; $default_admin_email = $admin_email; $conf_admin_email = param('admin_email', 'string', '', false, true); if (!empty($conf_admin_email) || !empty($db_user) || !empty($db_password) || !empty($db_name) || !empty($db_host) || !empty($db_tableprefix)) { // Try to update basic config file ONLY when at least one of these params are defined if (empty($conf_admin_email) || !param_check_email('admin_email')) { // Use default admin email if it is empty from request $conf_admin_email = $default_admin_email; } // Base URL: global $baseurl, $admin_url, $dispatcher, $tableprefix; $baseurl = param('baseurl', 'string', '', false, true); if (empty($baseurl) || !preg_match('~https?://~', $baseurl)) { // Try to autogenerate base url if it is empty or wrong from request: $baseurl = 'http://' . (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'yourserver.com'); if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '80') { $baseurl .= ':' . $_SERVER['SERVER_PORT']; } list($ReqPath, $ReqURI) = get_ReqURI(); $baseurl .= preg_replace('#/install(/(index.php)?)?$#', '', $ReqPath) . '/'; } // Add a slash at the end if it is missed: $baseurl = trim($baseurl, '/') . '/'; // Update $admin_url to new value because it depends on $baseurl: $admin_url = $baseurl . $dispatcher; // Update $tableprefix to new from request: $tableprefix = $db_tableprefix; // Try to create basic config file: $basic_config_params = array('db_user' => $db_user, 'db_password' => $db_password, 'db_name' => $db_name, 'db_host' => $db_host, 'db_tableprefix' => $db_tableprefix, 'baseurl' => $baseurl, 'admin_email' => $conf_admin_email, 'print_messages' => false, 'quick_install' => true); if (update_basic_config_file($basic_config_params)) { // Basic config file has been created successfully // Update DB config to connect to DB correctly $db_config['user'] = $db_user; $db_config['password'] = $db_password; $db_config['name'] = $db_name; $db_config['host'] = $db_host; } else { // Failed on createing of basic config file return false; } } // Revert config admin email to original value: $admin_email = $default_admin_email; return true; }