if ($update_req) { $SUMO['connection'] = sumo_get_connection_info(); if (!$SUMO['connection']) { sumo_create_connection(); } else { // Count errors requests if ($SUMO['connection']['requests'] < $SUMO['config']['security']['max_login_attempts']) { sumo_update_security_string(); //...for refresh page if ($_SESSION['user']['password'] && $_SESSION['user']['user']) { sumo_update_request(); } } else { // ...too much attempts sumo_delete_connection(); sumo_delete_session(); sumo_add_banned(); } } } // Create SSO if ($sumo_access == 'LOGIN' && SUMO_SESSIONS_REPLICA) { sumo_create_session_id(); } // Display Login or Message box if ($sumo_access != 'CONTINUE' && $sumo_access != 'LOGIN') { $SUMO['connection'] = sumo_get_connection_info(); // HTTP Basic Authentication if (!empty($SUMO['page']['http_auth'])) { $sumo_template = 'message'; $sumo_message = $sumo_access == 'LOGOUT' ? sumo_get_message('I00006C') : sumo_get_message('W00100C');
/** * Update user data */ function sumo_update_user_data($data = array()) { if (!empty($data)) { global $SUMO; $id = intval($data['id']); $day_limit = intval($data['day_limit']); $active = $data['active'] !== '' ? intval($data['active']) : FALSE; $firstname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['firstname'])); $lastname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['lastname'])); $ip = str_replace(";;", ";", str_replace(",", ";", preg_replace('/[\\s\\,]+/', ';', $data['ip']))); $email = strtolower($data['email']); $language = $data['language']; $sumogroup = sumo_verify_sumogroup($data['usergroup']); $group = $sumogroup ? $sumogroup : $data['usergroup']; $group = sumo_get_normalized_group($group); if ($day_limit > 0) { $daylimit[0] = 'day_limit=' . $day_limit . ', '; $daylimit[1] = 'day_limit=' . $day_limit . ' AND '; } else { $daylimit[0] = 'day_limit=NULL, '; $daylimit[1] = 'day_limit IS NULL AND '; } // Get user data $userdata = sumo_get_user_info($id, 'id', FALSE); $sumouser = sumo_get_user_info($SUMO['user']['user']); $datasource = sumo_get_datasource_info($data['datasource_id'], FALSE); // Change password if ($data['password'] && ($SUMO['user']['id'] == $id || $SUMO['user']['id'] == $userdata['owner_id'] || $SUMO['user']['user'] == 'sumo')) { switch ($datasource['type']) { case 'Unix': case 'SUMO': $record['password'] = "******" . $data['password'] . "'"; sumo_update_password_date($id, $data['password']); break; case 'MySQLUsers': require SUMO_PATH . '/libs/lib.datasource.mysql_users.php'; $sumo_update_password($userdata['username'], $data['password']); break; case 'Joomla15': require SUMO_PATH . '/libs/lib.datasource.joomla15.php'; $sumo_update_password($userdata['username'], $data['password']); break; default: $record['password'] = ""; break; } } if ($group) { $record['usergroup'] = "usergroup='{$group}'"; } // group if ($sumouser['id'] != $id) { $record['active'] = "active=" . $active; } // active // verify if user can change some parameters... if ($SUMO['user']['id'] == $id || in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) { $firstname = get_magic_quotes_gpc() ? $firstname : addslashes($firstname); $lastname = get_magic_quotes_gpc() ? $lastname : addslashes($lastname); $record['firstname'] = "firstname='" . $firstname . "'"; $record['lastname'] = "lastname='" . $lastname . "'"; $record['email'] = "email='{$email}'"; $record['language'] = "language='{$language}'"; } else { $record['firstname'] = ""; $record['lastname'] = ""; $record['email'] = ""; $record['language'] = ""; } //... to change IP address if (in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) { $record['ip'] = "ip='" . $ip . "'"; } else { $record['ip'] = ""; } // Data source $record['datasource_id'] = "datasource_id=" . $data['datasource_id']; // modified $record['modified'] = "modified=" . $SUMO['server']['time']; // Create fields for query $new_record = array_values($record); for ($r = 0; $r < count($new_record); $r++) { if ($new_record[$r]) { $records[$r] = $new_record[$r]; } } $update = implode(', ', $records); $select = implode(' AND ', $records); // create query for update $query = "UPDATE " . SUMO_TABLE_USERS . "\n\t\t SET " . $daylimit[0] . " " . $update . "\n\t\t WHERE id=" . $id; $SUMO['DB']->Execute($query); if ($select || $day_limit[1]) { $select = $select . " AND "; } // verify query success $query = "SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t WHERE " . $daylimit[1] . "\n\t\t " . $select . "\n\t\t id=" . $id; $rs = $SUMO['DB']->Execute($query); $tab = $rs->FetchRow(); $upd = $rs->PO_RecordCount(); // if updated: if ($upd == 1) { $SUMO['DB']->CacheFlush(); if ($record['password']) { // ...to change current session password if ($id == $SUMO['user']['id']) { $_SESSION['user']['password'] = sumo_get_hex_hmac_sha1($SUMO['connection']['security_string'], $data['password']); $_SESSION['pwd_changed'] = $SUMO['server']['time']; } else { sumo_delete_session(NULL, NULL, $data['user']); } } sumo_write_log('I01000X', array($tab['username'], $SUMO['user']['user']), 3, 3, 'system', FALSE); // Send user notify if ($SUMO['config']['accounts']['notify']['updates'] && $email) { if (!$SUMO['config']['server']['admin']['email']) { sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE); } else { $object = sumo_get_message("I00001M", $SUMO['server']['name']); $message = sumo_get_message("I00106M", array($firstname . " " . $lastname, $SUMO['server']['name'], $SUMO['user']['user'])); $m = new Mail(); $m->From($SUMO['config']['server']['admin']['email']); $m->To($email); $m->Subject($object); $m->Body($message, SUMO_CHARSET); $m->Priority(1); $m->Send(); } } return TRUE; } else { return FALSE; } } else { return FALSE; } }