Example #1
0
function user_update($username, $reg, $password, $confirm, $email, $userdata, $admin = false)
{
    global $system, $lang, $userfields;
    // For security reasons we must extract basename from username
    $username = basename($username);
    // If our mode is registration...
    if ($reg) {
        // If there is user with name you trying to register we exiting with error
        if (is_file(USERS_PATH . $username)) {
            return 6;
        }
        // If your username isn't valid we also exiting with error
        if (empty($username) || preg_replace("/[\\d\\w]+/i", '', $username) != '') {
            return 14;
        }
        // And finally if password doesn't equal to it's confirmation we exiting with error
        if (empty($password) || empty($confirm) || $password != $confirm) {
            return 12;
        }
        // We must count number our users
        $count = count(rcms_scandir(USERS_PATH));
        // If our user is first - we must set him an admin rights
        $_userdata['admin'] = $count == 0 ? '*' : ' ';
        // Also we must set a md5 hash of user's password to userdata
        $_userdata['password'] = md5($password);
        $_userdata['username'] = $username;
    } else {
        // If we updating profile we must check if user is exists
        if (!is_file(USERS_PATH . $username)) {
            return 16;
        }
        // If new password must be set we must check it's confirmation
        if (!empty($password) && !empty($confirm) && $password != $confirm) {
            return 12;
        }
        // So we must load old user's profile
        $_userdata = load_user_info($username);
        // And set new password if needed
        $_userdata['password'] = empty($password) ? $_userdata['password'] : md5($password);
        $_userdata['username'] = $username;
    }
    // Check e-mail address and set it to profile
    if (empty($email) || !rcms_is_valid_email($email)) {
        return 11;
    } else {
        $_userdata['email'] = $email;
    }
    if (!$reg) {
        user_remove_from_cache($username, $cache);
    }
    if (!user_check_email_in_cache($username, $email, $cache)) {
        return 21;
    }
    // Parse some system fields
    $userdata['nickname'] = empty($userdata['nickname']) ? $username : $userdata['nickname'];
    if (!user_check_nick_in_cache($username, $userdata['nickname'], $cache)) {
        return 20;
    }
    $userdata['hideemail'] = empty($userdata['hideemail']) ? '0' : '1';
    $userdata['tz'] = (double) @$userdata['tz'];
    $userdata['userlevel'] = (int) @$userdata['userlevel'];
    // Get list of system fields and ...
    foreach ($userfields[0] as $field => $acc) {
        // ... if we have right to change value of this field...
        if ($admin || $reg && $acc <= USERS_ALLOW_SET || $acc == USERS_ALLOW_CHANGE) {
            // If this field isn't set we must set it to default value (when registering new)
            if (!isset($userdata[$field]) && $reg) {
                $userdata[$field] = @$userfields[1][$field];
            }
            // ... we will change it if it is set :)
            if (isset($userdata[$field])) {
                $_userdata[$field] = strip_tags(trim($userdata[$field]));
            }
        }
    }
    // Do same actions for additional fields
    foreach ($system->data['apf'] as $field => $desc) {
        $_userdata[$field] = strip_tags(trim($userdata[$field]));
    }
    // Save new profile data
    if (!file_write_contents(USERS_PATH . $username, serialize($_userdata))) {
        return 10;
    }
    // Register user's nick and e-mail in cache
    user_register_in_cache($username, $userdata['nickname'], $email, $cache);
    // If activation is turned off we successfully exiting
    if (!$reg || !@$system->config['regconf'] || $count == 0) {
        return $reg ? 1 : 2;
    } else {
        // If activation is on we sending message to user and exiting
        $site_url = parse_url($system->config['site_url']);
        $key = user_set_unconfirmed($username);
        $link = $system->config['site_url'] . '/index.php?activate=' . $username . '&key=' . $key;
        rcms_send_mail($email, 'activation@' . $site_url['host'], $lang['users']['actreqsender'], $lang['options']['encoding'], $lang['users']['actreqsubj'], $lang['users']['actreqtext'] . $link);
        return 4;
    }
}
Example #2
0
 function updateUser($username, $nickname, $password, $confirm, $email, $userdata, $admin = false)
 {
     $nickname = empty($nickname) ? $username : mb_substr(strip_tags($nickname), 0, 50);
     if (empty($username) || preg_replace("/[\\d\\w]+/i", '', $username) != '') {
         $this->results['profileupdate'] = __('Invalid username');
         return false;
     }
     if ($username == 'guest') {
         return false;
     }
     if (!$this->is_user($username)) {
         $this->results['profileupdate'] = __('There is no user with this name');
         return false;
     }
     user_remove_from_cache($username, $cache);
     if (!($_userdata = $this->getUserData($username))) {
         $this->results['profileupdate'] = __('Cannot open profile');
         return false;
     }
     if (!user_check_nick_in_cache($username, $nickname, $cache)) {
         $this->results['profileupdate'] = __('User with this nickname already exists');
         return false;
     }
     if (empty($email) || !rcms_is_valid_email($email)) {
         $this->results['profileupdate'] = __('Invalid e-mail address');
         return false;
     }
     if (!user_check_email_in_cache($username, $email, $cache)) {
         $this->results['profileupdate'] = __('This e-mail address already registered');
         return false;
     }
     if (!empty($password) && !empty($confirm) && $password != $confirm) {
         $this->results['profileupdate'] = __('Password doesnot match it\'s confirmation');
         return false;
     }
     // Also we must set a md5 hash of user's password to userdata
     $_userdata['password'] = empty($password) ? $_userdata['password'] : md5($password);
     $_userdata['nickname'] = $nickname;
     $_userdata['email'] = $email;
     // Parse some system fields
     $userdata['hideemail'] = empty($userdata['hideemail']) ? '0' : '1';
     $userdata['tz'] = (double) $userdata['tz'];
     $userdata['accesslevel'] = (int) @$userdata['accesslevel'];
     foreach ($this->profile_fields as $field => $acc) {
         if ($admin && $acc < USERS_DISALLOW_CHANGE_ALL || $acc <= USERS_ALLOW_SET || $acc == USERS_ALLOW_CHANGE) {
             if (!isset($userdata[$field])) {
                 $userdata[$field] = $this->profile_defaults[$field];
             } else {
                 $_userdata[$field] = strip_tags(trim($userdata[$field]));
             }
         }
     }
     foreach ($this->data['apf'] as $field => $desc) {
         $_userdata[$field] = strip_tags(trim($userdata[$field]));
     }
     if (!$this->save_user($username, $_userdata)) {
         $this->results['profileupdate'] = __('Cannot save profile');
         return false;
     }
     user_register_in_cache($username, $nickname, $email, $cache);
     $this->results['profileupdate'] = __('Profile updated');
     if ($this->user['username'] == $username) {
         $this->user = $_userdata;
     }
     rcms_log_put(__('Notification'), $this->user['username'], 'Updated userinfo for ' . $username);
     return true;
 }