/**
* Get list of pages that user can access
*
* IS THE SAME FUNCTION OF USERS LIBRARY !!!!
*/
function sumo_get_user_accesspoints($id = NULL, $html = FALSE)
{
if ($id) {
global $SUMO, $language;
$user_data = sumo_get_user_info($id, 'id', FALSE);
$num_groups = count($user_data['group']);
$group_query = '';
if (!in_array('sumo', $user_data['group'])) {
$group_query = " WHERE ";
for ($g = 0; $g < $num_groups; $g++) {
$group_query .= "usergroup='" . $user_data['group'][$g] . "' OR \n\t\t\t\t\t\t\t usergroup LIKE '" . $user_data['group'][$g] . ";%' OR\n\t\t\t\t\t\t\t usergroup LIKE '%;" . $user_data['group'][$g] . ";%'";
if ($g < $num_groups - 1) {
$group_query .= " OR ";
}
}
}
$query = "SELECT * FROM " . SUMO_TABLE_ACCESSPOINTS . " \n\t\t\t\t " . $group_query . " \n\t\t\t\t ORDER BY name";
$rs = $SUMO['DB']->Execute($query);
$ap = array();
while ($tab = $rs->FetchRow()) {
$ap[] = $tab;
}
// html output
if ($html) {
if (in_array('sumo', $user_data['group'])) {
return $language['AllAccessPoints'];
}
$list = '';
$num_ap = count($ap);
if ($num_ap > 0) {
$list = "<table cellspacing='0' class='tab'>\n" . " <tr>\n" . " <td class='tab-title'>" . $language['Page'] . "</td>\n" . " <td class='tab-title'>" . $language['Path'] . "</td>\n" . " </tr>\n";
for ($p = 0; $p < $num_ap; $p++) {
$style = sumo_alternate_str('tab-row-on', 'tab-row-off');
// Format group string to display it
$group = preg_replace("/sumo:7/", "<b><font color='#BB0000'>sumo:7</font></b>", $ap[$p]['usergroup']);
$group = preg_replace("/sumo:/", "<font color='#BB0000'>sumo</font>:", $group);
$group = str_replace(';', '; ', $group);
$group = strlen(strip_tags($group)) > 50 ? substr($group, 0, 50) . '...' : $group;
// Format path string to display it
$path = strlen($ap[$p]['path']) > 50 ? substr($ap[$p]['path'], 0, 50) . '...' : $ap[$p]['path'];
$path = "<a href='" . $ap[$p]['path'] . "' target='_blank'>" . $path . "</a>";
$name = sumo_get_accesspoint_name($ap[$p]['name'], $_COOKIE['language']);
$list .= "<tr>\n" . " <td class='" . $style . "'>" . $name . "</td>\n" . " <td class='" . $style . "'>" . $path . "</td>\n" . "</tr>\n";
}
$list .= "</table>";
}
$ap = $list;
}
return $ap;
} else {
return FALSE;
}
}
/**
* ADD registration request (set action=1) and wait user confirm
*
* @author Alberto Basso
*/
function sumo_request_pwdlost()
{
global $SUMO, $sumo_lang_login, $sumo_reg_data;
$new_pwd = sumo_get_rand_string(8);
$reg_code = sumo_get_simple_rand_string(40);
$user = sumo_get_user_info($sumo_reg_data['reg_email'], 'email');
sumo_delete_user_temp();
// Delete old temp users
sumo_delete_user_temp($sumo_reg_data['reg_email'], 9);
// delete all previous requests
$query = "INSERT INTO " . SUMO_TABLE_USERS_TEMP . " \r\n\t\t\t (username, action, email, language, password, reg_group, reg_code, time)\r\n\t\t\t VALUES (\r\n\t\t\t\t '" . $user['user'] . "', 2, \r\n\t\t\t\t '" . $sumo_reg_data['reg_email'] . "', \r\n\t\t\t\t '" . $user['language'] . "', \r\n\t\t\t\t '" . sha1($new_pwd) . "', \r\n\t '" . $SUMO['page']['reg_group'] . "', \r\n\t '" . $sumo_reg_data['reg_email'] . "', \r\n\t\t\t\t '" . $reg_code . "',\r\n\t\t\t\t " . $SUMO['server']['time'] . "\r\n\t\t\t\t )";
$SUMO['DB']->Execute($query);
$link = $_SERVER['HTTPS'] ? 'https://' : 'http://';
$link .= $_SERVER["HTTP_HOST"] . $_SERVER["PHP_SELF"] . '?sumo_action=changepwd®_code=' . $reg_code;
$name = sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']);
$message = sumo_get_message('I00104M', array($user['user'], $sumo_reg_data['reg_email'], date($SUMO['config']['server']['date_format'] . " " . $SUMO['config']['server']['time_format'], $SUMO['server']['time']), "\"" . $name . "\"", intval($SUMO['config']['accounts']['registration']['life']), $link, $new_pwd));
// Send e-mail to confirm
if (!$SUMO['config']['server']['admin']['email']) {
sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE);
} else {
$m = new Mail();
$m->From($SUMO['config']['server']['admin']['email']);
$m->To($sumo_reg_data['reg_email']);
$m->Subject($sumo_lang_login['PasswordLost']);
$m->Body($message, SUMO_CHARSET);
$m->Priority(3);
$m->Send();
}
}
<?php
/**
* SUMO MODULE: Users | Delete User Image
*
* @version 0.3.4
* @link http://sumoam.sourceforge.net SUMO Access Manager
* @author Alberto Basso <*****@*****.**>
* @copyright Copyright © 2003-2009, Alberto Basso
* @package SUMO
* @category Console
*/
$tab = sumo_get_user_info($_GET['id'], 'id', FALSE);
if (sumo_verify_permissions(4, $tab['group'])) {
if ($SUMO['user']['id'] == $_GET['id'] || $SUMO['user']['user'] == 'sumo') {
$validate[0] = '';
// If id not exist
if (!$tab['id']) {
$tpl['MESSAGE:H'] = sumo_get_message('W00001C', $_GET['id']);
} else {
sumo_delete_user_image($_GET['id']);
}
if ($validate[0]) {
$tpl['MESSAGE:M'] = $validate[1];
}
$tpl['GET:UpdateForm'] = "<form action='?module=users&action=editimg&id=" . $tab['id'] . "' " . "name='UpdateUserImg' method='POST' enctype='multipart/form-data'>";
$tpl['IMG:User'] = "******" . $tab['id'] . "' alt='" . $tab['username'] . "' class='user'>";
$tpl['PUT:UserImage'] = "<input type='hidden' name='MAX_FILE_SIZE' value='30720'>" . "<input type='file' size='20' class='file' name='user_image' >";
$tpl['GET:DeleteForm'] = "<form action='?module=users&action=deleteimg&id=" . $tab['id'] . "' name='DeleteUserImg' method='POST'>\n" . "<input type='submit' class='button' value='" . $language['Delete'] . "'>\n" . "</form>";
// Note: not using sumo_show_window() function
// because for this event a window is external
<?php
/**
* SUMO MODULE: Users | View
*
* @version 0.3.5
* @link http://sumoam.sourceforge.net SUMO Access Manager
* @author Alberto Basso <*****@*****.**>
* @copyright Copyright © 2003-2009, Alberto Basso
* @package SUMO
* @category Console
*/
$tab = sumo_get_user_info($_GET['id'], 'id', false);
if (sumo_verify_permissions(4, $tab['group'])) {
$num_groups = count($tab['group']);
if ($num_groups > 1) {
$update = sumo_update_user_group($_GET['id'], $_GET['group']);
if ($update) {
$tpl['MESSAGE:L'] = $language['UserUpdated'];
} else {
$tpl['MESSAGE:H'] = $language['UserNotUpdated'];
}
} else {
$validate[0] = false;
$tpl['MESSAGE:M'] = $language['AtLeastOneGroup'];
}
require "action.edit.php";
} else {
$action_error = true;
$tpl['MESSAGE:H'] = $language['AccessDenied'];
}
$tpl['LINK:AddUser'] = sumo_get_action_icon("users", "new", "users.content", "?module=users&action=new&decoration=false");
$tpl['LINK:EditUser'] = sumo_get_action_icon("users", "edit");
// Verify image support for refection effects
if (function_exists('imagecreatefromjpeg') && function_exists('imagecreatefrompng') && function_exists('imagecreatefromgif')) {
$tpl['IMG:User'] . "<br><img src='services.php?module=users&service=image&cmd=GET_USER_REFLECTION&id=" . $tab['id'] . "&fade=6&height=30%'>";
}
// Create sub module (to hide or show only if necessary)
// Set sub module visibility
// NOTE: Use REQUEST method because when delete a group
// the command came from a link
$visibility['AccountDetails'] = $_REQUEST['AccountDetails_visibility'] ? true : false;
$visibility['SecurityOptions'] = $_REQUEST['SecurityOptions_visibility'] ? true : false;
$tpl['LINK:AccountDetails'] = sumo_get_action_link('ModifyUsers', 'AccountDetails', $visibility['AccountDetails']);
$tpl['LINK:SecurityOptions'] = sumo_get_action_link('ModifyUsers', 'SecurityOptions', $visibility['SecurityOptions']);
// Owner
$owner = sumo_get_user_info($tab['owner_id'], 'id', false);
$tpl['GET:AccountCreatedBy'] = htmlspecialchars($owner['lastname'] . " " . $owner['firstname'], ENT_QUOTES) . " (" . "<a href='javascript:sumo_ajax_get(\"users.content\",\"?module=users&action=view&id=" . $owner['id'] . "&decoration=false\");'>" . $owner['user'] . "</a>)";
// Status
$tpl['GET:Status'] = $tab['active'] ? "<font class='status-green'>" . $language['Active'] . "</font>" : "<font class='status-red'>" . $language['Suspended'] . "</font>";
// If it's not current user
// Only for sumo group
if ($SUMO['user']['user'] != $tab['username'] && (in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $tab['owner_id'])) {
$tpl['PUT:DayLimit'] = "<input type='text' size='5' name='day_limit' value='" . $tab['day_limit'] . "' />";
// Change status
if ($tab['active']) {
$tpl['PUT:Status'] = "<select name='active'>\n<option value='1'>" . $language['Enable'] . "</option>\n<option value='0'>" . $language['Disable'] . "</option>\n</select>";
} else {
$tpl['PUT:Status'] = "<select name='active'>\n<option value='0'>" . $language['Disable'] . "</option>\n<option value='1'>" . $language['Enable'] . "</option>\n</select>";
}
} else {
$tpl['PUT:DayLimit'] = $tab['day_limit'] ? $tab['day_limit'] : $language['Unlimited'];
/**
* Delete user
*
* @return boolean
* @author Alberto Basso <*****@*****.**>
*/
function sumo_delete_user($id = 0)
{
$id = intval($id);
if ($id > 0) {
global $SUMO;
$user = sumo_get_user_info($id, 'id', FALSE);
$SUMO['DB']->CacheFlush("SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t\t\t WHERE id=" . $id);
$SUMO['DB']->CacheFlush("SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t\t\t WHERE username='******'username'] . "'");
$query0 = "SELECT * FROM " . SUMO_TABLE_USERS . "\n \t WHERE id=" . $id;
$query1 = "DELETE FROM " . SUMO_TABLE_USERS . "\n\t\t\tWHERE id=" . $id . "\n\t\t\tAND username<>'sumo'\n\t\t\tAND id<>" . $SUMO['user']['id'];
$query2 = "DELETE FROM " . SUMO_TABLE_USERS_IMAGES . "\n\t\t\tWHERE id_user="******"\n\t\t\tAND id_user<>1\n\t\t\tAND id_user<>" . $SUMO['user']['id'];
$query3 = "DELETE FROM " . SUMO_TABLE_USERS_TEMP . "\n\t\t WHERE username='******'user'] . "'";
$query4 = "DELETE FROM " . SUMO_TABLE_SESSIONS . "\n\t \t\tWHERE id_user="******"\n\t \t\tAND username<>'sumo'\n\t \t\tAND id_user<>" . $SUMO['user']['id'];
$SUMO['DB']->Execute($query1);
$SUMO['DB']->Execute($query2);
$SUMO['DB']->Execute($query3);
$SUMO['DB']->Execute($query4);
// verify if deleted:
$rs = $SUMO['DB']->Execute($query0);
// if deleted:
if ($rs->PO_RecordCount() == 0) {
// if exist user data file delete it
$data_file = SUMO_PATH . '/tmp/profiles/' . $user['username'] . '.ini';
if (file_exists($data_file)) {
unlink($data_file);
}
sumo_write_log('I00003X', array($user['username'], $id, $SUMO['user']['user']), '0,1', 3, 'system', FALSE);
return TRUE;
} else {
return FALSE;
}
} else {
return FALSE;
}
}
$tpl['GET:Expire'] = $tab['day_limit'] != NULL ? sumo_get_human_date($tab['day_limit'] * 86400 + $SUMO['server']['time'], FALSE) : $language['Never'];
$tpl['GET:DataSourceType'] = $datasource['name'] ? "<a href='javascript:sumo_ajax_get(\"network\",\"?module=network&action=view_datasource&id=" . $datasource['id'] . "\");'>" . $datasource['name'] . "</a>" : '';
$tpl['GET:Email'] = "<a href='mailto:" . $tab['email'] . "' title='Send e-mail'>" . $tab['email'] . "</a>";
$tpl['LINK:AddUser'] = sumo_get_action_icon("", "new", "users.content", "?module=users&action=new&decoration=false");
$tpl['LINK:EditUser'] = sumo_get_action_icon("", "edit", "users.content", "?module=users&action=edit&id=" . $tab['id'] . "&decoration=false");
$tpl['IMG:User'] = "******" . $tab['id'] . "' alt='" . $tab['username'] . "' class='user'>";
$tpl['IMG:Language'] = "<img src='themes/" . $SUMO['page']['theme'] . "/images/flags/" . $tab['language'] . ".png' alt='" . ucwords($tab['language']) . "' class='flag'>";
// Verify image support for refection effects
if (function_exists('imagecreatefromjpeg') && function_exists('imagecreatefrompng') && function_exists('imagecreatefromgif')) {
$tpl['IMG:User'] . "<br><img src='services.php?module=users&service=image&cmd=GET_USER_REFLECTION&id=" . $tab['id'] . "&fade=6&height=30%'>";
}
// Create sub module (to hide or show only if necessary)
$tpl['LINK:AccountDetails'] = sumo_get_action_link('users.view', 'AccountDetails');
$tpl['LINK:SecurityOptions'] = sumo_get_action_link('users.view', 'SecurityOptions');
// Owner
$owner = sumo_get_user_info($tab['owner_id'], 'id', FALSE);
$tpl['GET:AccountCreatedBy'] = htmlspecialchars($owner['lastname'] . " " . $owner['firstname'], ENT_QUOTES) . " (" . "<a href='javascript:sumo_ajax_get(\"users.content\",\"?module=users&action=view&id=" . $owner['id'] . "&decoration=false\");'>" . $owner['user'] . "</a>)";
// Status
$tpl['GET:Status'] = $tab['active'] ? "<font class='status-green'>" . $language['Active'] . "</font>" : "<font class='status-red'>" . $language['Suspended'] . "</font>";
// Remove
if ((in_array('sumo', $SUMO['user']['group']) || sumo_verify_permissions(7, $tab['group']) || $SUMO['user']['id'] == $tab['owner_id']) && $tab['username'] != 'sumo' && $tab['username'] != $SUMO['user']['user']) {
$msg = sumo_get_simple_rand_string(4, "123456789");
$tpl['LINK:Remove'] = "<div class='sub-module-icon' " . "onmouseover='this.style.outline=\"1px solid #999999\";this.style.background=\"#FFFFFF\"' " . "onmouseout='this.style.outline=\"\";this.style.background=\"\"'>" . "<a href=\"javascript:sumo_show_message('msg{$msg}', '" . htmlspecialchars(sumo_get_message('AreYouSureDelete', array($tab['username'], htmlspecialchars($tab['firstname'], ENT_QUOTES), htmlspecialchars($tab['lastname'], ENT_QUOTES)))) . "', \n\t\t\t\t\t'h', 0,\n\t\t\t\t\t'" . base64_encode(sumo_get_form_req('', 'delete', 'id=' . $tab['id'])) . "',\n\t\t\t\t\t'" . base64_encode('') . "',\n\t\t\t\t\t'" . base64_encode("<input type='button' value='" . $language['Cancel'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "',\n\t\t\t\t\t'" . base64_encode("<input type='submit' value='" . $language['Ok'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "');\">" . "<img src='themes/" . $SUMO['page']['theme'] . "/images/modules/users/delete.png' vspace='4'><br>" . $language['Remove'] . "</a>" . "</div>";
} else {
$tpl['LINK:Remove'] = sumo_get_action_icon("users", "delete");
}
// Pwd expiration date
if ($SUMO['config']['accounts']['password']['life'] > 0 && $datasource['type'] == 'SUMO' && $tab['pwd_updated']) {
$tpl['GET:PwdExpiration'] = sumo_get_human_date($tab['pwd_updated'] + $SUMO['config']['accounts']['password']['life'] * 86400);
$tpl['GET:PwdUpdated'] = sumo_get_human_date($tab['pwd_updated']);
} else {
}
// Auto optimize Sumo database
if (sumo_hits_count($SUMO['config']['database']['optimize_hits'], TRUE)) {
sumo_delete_old_users_temp();
sumo_delete_old_sessions();
sumo_delete_old_connections();
sumo_delete_old_log();
sumo_optimize_db();
}
// Filter all input data
$_GET = sumo_array_combine(array_keys($_GET), sumo_array_filter(array_values($_GET)));
$_POST = sumo_array_combine(array_keys($_POST), sumo_array_filter(array_values($_POST), 'POST'));
$_COOKIE = sumo_array_combine(array_keys($_COOKIE), sumo_array_filter(array_values($_COOKIE), 'COOKIE'));
// Get variables
require SUMO_PATH . '/inc/inc.get_variables.php';
$SUMO['user'] = sumo_get_user_info();
$SUMO['connection'] = sumo_get_connection_info();
// ...to remember 'security string' after login
if (empty($SUMO['connection']['security_string'])) {
$SUMO['connection']['security_string'] = $_SESSION['security_string'];
}
// Define and Load language,
// if exist language cookie load language set by user
require SUMO_PATH . '/inc/inc.load_language.php';
$sumo_access = NULL;
if ($sumo_action) {
$sumo_access = strtoupper($sumo_action);
} elseif (sumo_get_banned_ip($SUMO['client']['ip'])) {
$sumo_access = 'IPDISABLED';
} elseif (!sumo_verify_node()) {
$sumo_access = 'NODEDISABLED';
/**
* Update user data
*/
function sumo_update_user_data($data = array())
{
if (!empty($data)) {
global $SUMO;
$id = intval($data['id']);
$day_limit = intval($data['day_limit']);
$active = $data['active'] !== '' ? intval($data['active']) : FALSE;
$firstname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['firstname']));
$lastname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['lastname']));
$ip = str_replace(";;", ";", str_replace(",", ";", preg_replace('/[\\s\\,]+/', ';', $data['ip'])));
$email = strtolower($data['email']);
$language = $data['language'];
$sumogroup = sumo_verify_sumogroup($data['usergroup']);
$group = $sumogroup ? $sumogroup : $data['usergroup'];
$group = sumo_get_normalized_group($group);
if ($day_limit > 0) {
$daylimit[0] = 'day_limit=' . $day_limit . ', ';
$daylimit[1] = 'day_limit=' . $day_limit . ' AND ';
} else {
$daylimit[0] = 'day_limit=NULL, ';
$daylimit[1] = 'day_limit IS NULL AND ';
}
// Get user data
$userdata = sumo_get_user_info($id, 'id', FALSE);
$sumouser = sumo_get_user_info($SUMO['user']['user']);
$datasource = sumo_get_datasource_info($data['datasource_id'], FALSE);
// Change password
if ($data['password'] && ($SUMO['user']['id'] == $id || $SUMO['user']['id'] == $userdata['owner_id'] || $SUMO['user']['user'] == 'sumo')) {
switch ($datasource['type']) {
case 'Unix':
case 'SUMO':
$record['password'] = "******" . $data['password'] . "'";
sumo_update_password_date($id, $data['password']);
break;
case 'MySQLUsers':
require SUMO_PATH . '/libs/lib.datasource.mysql_users.php';
$sumo_update_password($userdata['username'], $data['password']);
break;
case 'Joomla15':
require SUMO_PATH . '/libs/lib.datasource.joomla15.php';
$sumo_update_password($userdata['username'], $data['password']);
break;
default:
$record['password'] = "";
break;
}
}
if ($group) {
$record['usergroup'] = "usergroup='{$group}'";
}
// group
if ($sumouser['id'] != $id) {
$record['active'] = "active=" . $active;
}
// active
// verify if user can change some parameters...
if ($SUMO['user']['id'] == $id || in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) {
$firstname = get_magic_quotes_gpc() ? $firstname : addslashes($firstname);
$lastname = get_magic_quotes_gpc() ? $lastname : addslashes($lastname);
$record['firstname'] = "firstname='" . $firstname . "'";
$record['lastname'] = "lastname='" . $lastname . "'";
$record['email'] = "email='{$email}'";
$record['language'] = "language='{$language}'";
} else {
$record['firstname'] = "";
$record['lastname'] = "";
$record['email'] = "";
$record['language'] = "";
}
//... to change IP address
if (in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) {
$record['ip'] = "ip='" . $ip . "'";
} else {
$record['ip'] = "";
}
// Data source
$record['datasource_id'] = "datasource_id=" . $data['datasource_id'];
// modified
$record['modified'] = "modified=" . $SUMO['server']['time'];
// Create fields for query
$new_record = array_values($record);
for ($r = 0; $r < count($new_record); $r++) {
if ($new_record[$r]) {
$records[$r] = $new_record[$r];
}
}
$update = implode(', ', $records);
$select = implode(' AND ', $records);
// create query for update
$query = "UPDATE " . SUMO_TABLE_USERS . "\n\t\t SET " . $daylimit[0] . " " . $update . "\n\t\t WHERE id=" . $id;
$SUMO['DB']->Execute($query);
if ($select || $day_limit[1]) {
$select = $select . " AND ";
}
// verify query success
$query = "SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t WHERE " . $daylimit[1] . "\n\t\t " . $select . "\n\t\t id=" . $id;
$rs = $SUMO['DB']->Execute($query);
$tab = $rs->FetchRow();
$upd = $rs->PO_RecordCount();
// if updated:
if ($upd == 1) {
$SUMO['DB']->CacheFlush();
if ($record['password']) {
// ...to change current session password
if ($id == $SUMO['user']['id']) {
$_SESSION['user']['password'] = sumo_get_hex_hmac_sha1($SUMO['connection']['security_string'], $data['password']);
$_SESSION['pwd_changed'] = $SUMO['server']['time'];
} else {
sumo_delete_session(NULL, NULL, $data['user']);
}
}
sumo_write_log('I01000X', array($tab['username'], $SUMO['user']['user']), 3, 3, 'system', FALSE);
// Send user notify
if ($SUMO['config']['accounts']['notify']['updates'] && $email) {
if (!$SUMO['config']['server']['admin']['email']) {
sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE);
} else {
$object = sumo_get_message("I00001M", $SUMO['server']['name']);
$message = sumo_get_message("I00106M", array($firstname . " " . $lastname, $SUMO['server']['name'], $SUMO['user']['user']));
$m = new Mail();
$m->From($SUMO['config']['server']['admin']['email']);
$m->To($email);
$m->Subject($object);
$m->Body($message, SUMO_CHARSET);
$m->Priority(1);
$m->Send();
}
}
return TRUE;
} else {
return FALSE;
}
} else {
return FALSE;
}
}
