dump($r); $role = 'writer'; $r = user_set_role($user_id, $role); dump($r); $r = user_get_role($user_id); dump($r); $role = array('writer', 'moderator'); $r = user_set_role($user_id, $role); dump($r); $r = user_get_role($user_id); dump($r); $login = $name; $r = user_login($login, $password); dump($r); $newpassword = '******'; $r = user_set_newpassword($user_id, $newpassword); dump($r); $login = $mail; $r = user_login($login, $newpassword); dump($r); $r = user_check_name($name); dump($r); $r = user_check_name($name, $user_id); dump($r); $r = user_check_mail($mail); dump($r); $r = user_check_mail($mail, $user_id); dump($r); $r = user_search('foo bar'); dump($r); $r = user_search('foo', 1);
function remindme($lang) { $with_name = true; $with_captcha = true; $action = 'init'; if (isset($_POST['remindme_send'])) { $action = 'remindme'; } $login = $confirmed = $code = $token = false; if (!empty($_SESSION['login'])) { $login = $_SESSION['login']; } else { if (!empty($_SESSION['user']['name'])) { $login = $_SESSION['user']['name']; } else { if (!empty($_SESSION['user']['mail'])) { $login = $_SESSION['user']['mail']; } } } switch ($action) { case 'remindme': if (isset($_POST['remindme_login'])) { $login = strtolower(strflat(readarg($_POST['remindme_login']))); } if (isset($_POST['remindme_confirmed'])) { $confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false; } if (isset($_POST['remindme_code'])) { $code = readarg($_POST['remindme_code']); } if (isset($_POST['remindme_token'])) { $token = readarg($_POST['remindme_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_login = false; $bad_login = false; $missing_confirmation = false; $email_sent = false; $user_page = false; $internal_error = false; $contact_page = false; switch ($action) { case 'remindme': if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$login) { $missing_login = true; } else { if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) { $bad_login = true; } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'remindme': if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) { break; } require_once 'models/user.inc'; $user_id = user_find($login); if (!$user_id) { $bad_login = true; require_once 'log.php'; write_log('password.err', substr($login, 0, 40)); break; } $user = user_get($user_id); if (!$user) { $internal_error = true; break; } if (!$user['user_active'] or $user['user_banned']) { $bad_login = true; break; } require_once 'newpassword.php'; $newpassword = newpassword(); if (!user_set_newpassword($user_id, $newpassword)) { $internal_error = true; break; } require_once 'emailcrypto.php'; global $sitename, $webmaster; $to = $user['user_mail']; $subject = translate('email:new_password_subject', $lang); $msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang); if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) { $internal_error = true; } else { $email_sent = $to; } $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } else { if ($email_sent) { $user_page = url('user', $lang); } } $_SESSION['remindme_token'] = $token = token_id(); $errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('email_sent', 'user_page'); $output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos')); return $output; }
function useredit($lang, $user_id) { global $system_languages, $supported_roles; $is_admin = user_has_role('administrator'); $is_owner = $user_id == user_profile('id'); $with_name = true; $with_status = ($user_id != 1 and $is_admin); $with_delete = ($user_id != 1 and $is_admin and !$is_owner); $with_newpassword = false; // ($user_id != 1 and $is_owner); $with_locale = count($system_languages) > 1 ? true : false; $with_role = ($user_id != 1 and $is_admin); $with_timezone = ($user_id != 1 and $is_admin); $with_website = true; $with_info = false; $confirmed = false; $action = 'init'; if (isset($_POST['useredit_modify'])) { $action = 'modify'; } if ($with_newpassword) { if (isset($_POST['useredit_change'])) { $action = 'change'; } } if ($with_delete) { if (isset($_POST['useredit_delete'])) { $action = 'delete'; } else { if (isset($_POST['useredit_confirmdelete'])) { $action = 'delete'; $confirmed = true; } else { if (isset($_POST['useredit_cancel'])) { $action = 'cancel'; } } } } $user_name = $user_mail = $user_locale = $user_timezone = false; $user_website = false; $user_active = $user_banned = false; $user_accessed = false; $user_role = false; $user_newpassword = false; $user_lastname = $user_firstname = false; $token = false; switch ($action) { case 'init': case 'reset': $r = user_get($user_id); if ($r) { extract($r); /* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */ } $user_newpassword = false; if ($with_info) { $r = user_get_info($user_id); if ($r) { extract($r); /* user_lastname, user_firstname */ } } if ($with_role) { $user_role = user_get_role($user_id); } break; case 'modify': case 'change': case 'delete': case 'cancel': if ($with_info) { if (isset($_POST['useredit_lastname'])) { $user_lastname = readarg($_POST['useredit_lastname']); } if (isset($_POST['useredit_firstname'])) { $user_firstname = readarg($_POST['useredit_firstname']); } } if (isset($_POST['useredit_name'])) { $user_name = strtolower(strflat(readarg($_POST['useredit_name']))); } if (isset($_POST['useredit_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['useredit_mail']))); } if (isset($_POST['useredit_website'])) { $user_website = strtolower(strflat(readarg($_POST['useredit_website']))); } if (isset($_POST['useredit_timezone'])) { $user_timezone = readarg($_POST['useredit_timezone']); } if (isset($_POST['useredit_locale'])) { $user_locale = readarg($_POST['useredit_locale']); } if ($with_role) { if (isset($_POST['useredit_role'])) { $user_role = readarg($_POST['useredit_role']); } } if ($with_status) { if (isset($_POST['useredit_active'])) { $user_active = readarg($_POST['useredit_active']) == 'on'; } if (isset($_POST['useredit_banned'])) { $user_banned = readarg($_POST['useredit_banned']) == 'on'; } if (isset($_POST['useredit_accessed'])) { $user_accessed = (int) readarg($_POST['useredit_accessed']); } } if ($with_newpassword) { if (isset($_POST['useredit_newpassword'])) { $user_newpassword = readarg($_POST['useredit_newpassword']); } } if (isset($_POST['useredit_token'])) { $token = readarg($_POST['useredit_token']); } break; default: break; } $bad_token = false; $missing_lastname = false; $missing_firstname = false; $missing_name = false; $bad_name = false; $duplicated_name = false; $missing_mail = false; $bad_mail = false; $duplicated_mail = false; $bad_role = false; $bad_website = false; $missing_locale = false; $bad_locale = false; $bad_timezone = false; $missing_newpassword = false; $bad_newpassword = false; $account_modified = false; $password_changed = false; $internal_error = false; $contact_page = false; switch ($action) { case 'modify': if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) { $bad_token = true; } if ($with_info) { if (!$user_lastname) { $missing_lastname = true; } if (!$user_firstname) { $missing_firstname = true; } } if ($with_name and !$user_name) { $missing_name = true; } if ($user_name) { if (!validate_user_name($user_name)) { $bad_name = true; } else { if (!user_check_name($user_name, $user_id)) { $duplicated_name = true; } } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail)) { $bad_mail = true; } else { if (!user_check_mail($user_mail, $user_id)) { $duplicated_mail = true; } } } if ($user_role) { foreach ($user_role as $role) { if (!validate_role($role)) { $bad_role = true; break; } } } if ($user_website) { if (!validate_website($user_website)) { $bad_website = true; } else { $user_website = normalize_website($user_website); } } if ($user_timezone) { if (!validate_timezone($user_timezone)) { $bad_timezone = true; } } if ($with_locale and !$user_locale) { $missing_locale = true; } if ($user_locale) { if (!validate_locale($user_locale)) { $bad_locale = true; } } break; case 'change': if (!$user_newpassword) { $missing_newpassword = true; } else { if (!validate_password($user_newpassword)) { $bad_newpassword = true; } } break; default: break; } $confirm_delete = false; switch ($action) { case 'modify': if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) { break; } $r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone); if (!$r) { $internal_error = true; break; } if ($is_owner) { $_SESSION['user']['name'] = $user_name; $_SESSION['user']['mail'] = $user_mail; $_SESSION['user']['website'] = $user_website; $_SESSION['user']['locale'] = $user_locale; $_SESSION['user']['timezone'] = $user_timezone; } if ($with_info) { $r = user_set_info($user_id, $user_lastname, $user_firstname); if (!$r) { $internal_error = true; break; } if ($is_owner) { $_SESSION['user']['lastname'] = $user_lastname; $_SESSION['user']['firstname'] = $user_firstname; } } if ($with_role) { $r = user_set_role($user_id, $user_role); if (!$r) { $internal_error = true; break; } } if ($with_status) { $r = user_set_status($user_id, $user_active, $user_banned); if (!$r) { $internal_error = true; break; } } $account_modified = true; break; case 'change': if ($missing_newpassword or $bad_newpassword) { break; } $r = user_set_newpassword($user_id, $user_newpassword); if (!$r) { $internal_error = true; break; } $password_changed = true; break; case 'delete': if (!$confirmed) { $confirm_delete = true; break; } $r = user_delete($user_id); if (!$r) { $internal_error = true; break; } return false; default: break; } $user_newpassword = false; if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['useredit_token'] = $token = token_id(); $errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page'); $infos = compact('account_modified', 'password_changed'); $output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete')); return $output; }