function webLoginSendNewPassword($email, $uid, $pwd, $ufn) { global $modx, $site_url; $mailto = $modx->config['mailto']; $websignupemail_message = $modx->config['websignupemail_message']; $emailsubject = $modx->config['emailsubject']; $emailsender = $modx->config['emailsender']; $site_name = $modx->config['site_name']; $site_start = $modx->config['site_start']; $message = sprintf($websignupemail_message, $uid, $pwd); // use old method // replace placeholders $message = str_replace("[+uid+]", $uid, $message); $message = str_replace("[+pwd+]", $pwd, $message); $message = str_replace("[+ufn+]", $ufn, $message); $message = str_replace("[+sname+]", $site_name, $message); $message = str_replace("[+semail+]", $emailsender, $message); $message = str_replace("[+surl+]", $site_url, $message); if (!ini_get('safe_mode')) { $sent = mail($email, $emailsubject, $message, "From: " . $emailsender . "\r\n" . "X-Mailer: Content Manager - PHP/" . phpversion(), "-f {$emailsender}"); } else { $sent = mail($email, $emailsubject, $message, "From: " . $emailsender . "\r\n" . "X-Mailer: Content Manager - PHP/" . phpversion()); } if (!$sent) { webLoginAlert("Error while sending mail to {$mailto}", 1); } return true; }
function webLoginSendNewPassword($email, $uid, $pwd, $ufn) { global $modx, $site_url; $mailto = $modx->config['mailto']; $websignupemail_message = $modx->config['websignupemail_message']; $emailsubject = $modx->config['emailsubject']; $emailsender = $modx->config['emailsender']; $site_name = $modx->config['site_name']; $site_start = $modx->config['site_start']; $message = sprintf($websignupemail_message, $uid, $pwd); // use old method // replace placeholders $message = str_replace("[+uid+]", $uid, $message); $message = str_replace("[+pwd+]", $pwd, $message); $message = str_replace("[+ufn+]", $ufn, $message); $message = str_replace("[+sname+]", $site_name, $message); $message = str_replace("[+semail+]", $emailsender, $message); $message = str_replace("[+surl+]", $site_url, $message); $sent = $modx->sendmail($email, $message); //ignore mail errors in this cas if (!$sent) { webLoginAlert("Error while sending mail to {$mailto}", 1); } return true; }
return; } // create the user account $sql = "INSERT INTO " . $modx->getFullTableName("web_users") . " (username, password) \n VALUES('" . $username . "', md5('" . $password . "'));"; $rs = $modx->db->query($sql); if (!$rs) { $output = webLoginAlert("An error occured while attempting to save the user.") . $tpl; return; } // now get the id $key = $modx->db->getInsertId(); // save user attributes $sql = "INSERT INTO " . $modx->getFullTableName("web_user_attributes") . " (internalKey, fullname, email, zip, state, country) \n VALUES({$key}, '{$fullname}', '{$email}', '{$zip}', '{$state}', '{$country}');"; $rs = $modx->db->query($sql); if (!$rs) { $output = webLoginAlert("An error occured while attempting to save the user's attributes.") . $tpl; return; } // add user to web groups if (count($groups) > 0) { $ds = $modx->dbQuery("SELECT id FROM " . $modx->getFullTableName("webgroup_names") . " WHERE name IN ('" . implode("','", $groups) . "')"); if (!$ds) { return $modx->webAlert('An error occured while attempting to update user\'s web groups'); } else { while ($row = $modx->fetchRow($ds)) { $wg = $row["id"]; $modx->dbQuery("REPLACE INTO " . $modx->getFullTableName("web_groups") . " (webgroup,webuser) VALUES('{$wg}','{$key}')"); } } } // invoke OnWebSaveUser event
return; } } // invoke OnWebAuthentication event $rt = $modx->invokeEvent("OnWebAuthentication", array("userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "savedpassword" => $dbasePassword, "rememberme" => $rememberme)); // check if plugin authenticated the user if (!$rt || is_array($rt) && !in_array(TRUE, $rt)) { // check user password - local authentication if ($dbasePassword != md5($givenPassword)) { $output = webLoginAlert("Incorrect username or password entered!"); $newloginerror = 1; } } if (isset($modx->config['use_captcha']) && $modx->config['use_captcha'] == 1 && isset($_POST['cmdwebsignup'])) { if ($_SESSION['veriword'] != $captcha_code) { $output = webLoginAlert("The security code you entered didn't validate! Please try to login again!"); $newloginerror = 1; } } if (isset($newloginerror) && $newloginerror == 1) { $failedlogins += $newloginerror; if ($failedlogins >= $modx->config['failed_login_attempts']) { //increment the failed login counter, and block until! $modx->db->update(array('failedlogincount' => $failedlogins, 'blockeduntil' => time() + $modx->config['blocked_minutes'] * 60), $modx->getFullTableName('web_user_attributes'), "internalKey='{$internalKey}'"); } else { //increment the failed login counter $modx->db->update(array('failedlogincount' => $failedlogins), $modx->getFullTableName('web_user_attributes'), "internalKey='{$internalKey}'"); } session_destroy(); session_unset(); return;
} } else { $newpassmsg = "The new password is <b>" . htmlspecialchars($newpassword, ENT_QUOTES) . "</b>."; } // save new password to database $rt = $modx->changeWebUserPassword($oldpassword, md5($newpassword)); if ($rt !== true) { $output = webLoginAlert("An error occured while saving new password: {$rt}"); return; } // display change notification $tpl = $tpls[1]; $tpl = str_replace("[+newpassmsg+]", $newpassmsg, $tpl); $output .= $tpl; } else { $output = webLoginAlert("Incorrect password. Please try again.") . $tpl; return; } } } // Returns Default WebChangePwd tpl function getWebChangePwdtpl() { ob_start(); ?> <!-- #declare:separator <hr> --> <!-- login form section--> <form method="post" name="changepwdfrm" action="[+action+]" style="margin: 0px; padding: 0px;"> <table border="0" cellpadding="1" width="300"> <tr> <td><fieldset style="width:300px">
return; } // create the user account $sql = "INSERT INTO " . $modx->getFullTableName("web_users") . " (username, password) \r\n\r\n VALUES('" . $username . "', md5('" . $password . "'));"; $rs = $modx->db->query($sql); if (!$rs) { $output = webLoginAlert($langTXT[27], $alerttpl) . $tpl; return; } // now get the id $key = $modx->db->getInsertId(); // save user attributes $sql = "INSERT INTO " . $modx->getFullTableName("web_user_attributes") . " (internalKey, fullname, email, zip, state, country) \r\n\r\n VALUES({$key}, '{$fullname}', '{$email}', '{$zip}', '{$state}', '{$country}');"; $rs = $modx->db->query($sql); if (!$rs) { $output = webLoginAlert($langTXT[28], $alerttpl) . $tpl; return; } // add user to web groups if (count($groups) > 0) { $ds = $modx->dbQuery("SELECT id FROM " . $modx->getFullTableName("webgroup_names") . " WHERE name IN ('" . implode("','", $groups) . "')"); if (!$ds) { return $modx->webAlert('An error occured while attempting to update user\'s web groups'); } else { while ($row = $modx->fetchRow($ds)) { $wg = $row["id"]; $modx->dbQuery("REPLACE INTO " . $modx->getFullTableName("web_groups") . " (webgroup,webuser) VALUES('{$wg}','{$key}')"); } } } // invoke OnWebSaveUser event
if (!$rs2) { $output = webLoginAlert("Unable to update profile at this time!") . $tpl; return; } } $rs1 = $modx->db->update($fields, $modx->getFullTableName('web_user_attributes'), "internalKey = " . $uid); if (!$rs1) { $output = webLoginAlert("Unable to update profile at this time!") . $tpl; return; } if (!empty($_POST['password'])) { $output = $tpls[1]; $rt = webLoginSendNewPassword($email, $username, $password, $fullname); if ($rt !== true) { // an error occured $output = webLoginAlert("Unable to send email!") . $tpl; return; } } else { $output = $tpls[2]; } return; } function getWebProfiletpl() { ob_start(); ?> <!-- #declare:separator <hr> --> <!-- login form section--> <fieldset> <form method="post" name="webprofilefrm" action="[+action+]" style="margin: 0px; padding: 0px;">
return; } // check password if (strlen($password) < 6) { $output = webLoginAlert("Password is too short!") . $tpl; return; } elseif ($password == "") { $output = webLoginAlert("You didn't specify a password for this user!") . $tpl; return; } } else { $password = webLoginGeneratePassword(); } // verify form code if ($useCaptcha && $_SESSION['veriword'] != $formcode) { $output = webLoginAlert("Incorrect form code. Please enter the correct code displayed by the image.") . $tpl; return; } // create the user account $key = $modx->db->insert(array('username' => $username, 'password' => md5($password)), $modx->getFullTableName("web_users")); // save user attributes $modx->db->insert(array('internalKey' => $key, 'fullname' => $fullname, 'email' => $email, 'zip' => $zip, 'state' => $state, 'country' => $country), $modx->getFullTableName("web_user_attributes")); // add user to web groups if (count($groups) > 0) { $ds = $modx->db->select('id', $modx->getFullTableName("webgroup_names"), "name IN ('" . implode("','", $groups) . "')"); while ($wg = $modx->db->getValue($ds)) { $modx->db->query("REPLACE INTO " . $modx->getFullTableName("web_groups") . " (webgroup,webuser) VALUES('{$wg}','{$key}')"); } } // invoke OnWebSaveUser event $modx->invokeEvent("OnWebSaveUser", array("mode" => "new", "userid" => $key, "username" => $username, "userpassword" => $password, "useremail" => $email, "userfullname" => $fullname));
function login($user) { # process login - this function from http://modxcms.com/forums/index.php?topic=32390.20 # modified BAS (greenhatdesign/net) June 2011 /* add in required WebAuth etc functions */ # Set Snippet Paths $snipPath = $modx->config['base_path'] . "assets/snippets/"; include_once $snipPath . "weblogin/weblogin.common.inc.php"; include_once $modx->config['base_path'] . "manager/includes/crypt.class.inc.php"; global $modx; defined('IN_PARSER_MODE') or die; $dbase = $modx->dbConfig['dbase']; $table_prefix = $modx->dbConfig['table_prefix']; //PASSWORDPOSTFIX: USER INTERVENTION REQUIRED HERE: - add in the postfix you want, make sure it's the same in WebLoginFB $passwordpostfix = "12345"; //make this change in the WebLoginFB snippet also $logindetails = array(); $logindetails['username'] = $user; $logindetails['givenPass'] = $user . $passwordpostfix; //needs to match that set in the main body $rememberme = FALSE; $username = $modx->db->escape(strip_tags($logindetails['username'])); $givenPassword = $modx->db->escape($logindetails['givenPass']); // invoke OnBeforeWebLogin event $modx->invokeEvent("OnBeforeWebLogin", array("username" => $username, "userpassword" => $givenPassword, "rememberme" => $rememberme)); $sql = "SELECT {$dbase}.`" . $table_prefix . "web_users`.*, {$dbase}.`" . $table_prefix . "web_user_attributes`.* FROM {$dbase}.`" . $table_prefix . "web_users`, {$dbase}.`" . $table_prefix . "web_user_attributes` WHERE BINARY {$dbase}.`" . $table_prefix . "web_users`.username = '******' and {$dbase}.`" . $table_prefix . "web_user_attributes`.internalKey={$dbase}.`" . $table_prefix . "web_users`.id;"; $ds = $modx->db->query($sql); $limit = $modx->db->getRecordCount($ds); if ($limit == 0 || $limit > 1) { $output = webLoginAlert("Incorrect username or password entered!"); return; } $row = $modx->db->getRow($ds); $internalKey = $row['internalKey']; $dbasePassword = $row['password']; $failedlogins = $row['failedlogincount']; $blocked = $row['blocked']; $blockeduntildate = $row['blockeduntil']; $blockedafterdate = $row['blockedafter']; $registeredsessionid = $row['sessionid']; $role = $row['role']; $lastlogin = $row['lastlogin']; $nrlogins = $row['logincount']; $fullname = $row['fullname']; //$sessionRegistered = checkSession(); $email = $row['email']; // load user settings if ($internalKey) { $result = $modx->db->query("SELECT setting_name, setting_value FROM " . $dbase . ".`" . $table_prefix . "web_user_settings` WHERE webuser='******'"); while ($row = $modx->fetchRow($result, 'both')) { $modx->config[$row[0]] = $row[1]; } } if ($failedlogins >= $modx->config['failed_login_attempts'] && $blockeduntildate > time()) { // blocked due to number of login errors. session_destroy(); session_unset(); $output = webLoginAlert("Due to too many failed logins, you have been blocked!"); return; } if ($failedlogins >= $modx->config['failed_login_attempts'] && $blockeduntildate < time()) { // blocked due to number of login errors, but get to try again $sql = "UPDATE {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='0', blockeduntil='" . (time() - 1) . "' where internalKey={$internalKey}"; $ds = $modx->db->query($sql); } if ($blocked == "1") { // this user has been blocked by an admin, so no way he's loggin in! session_destroy(); session_unset(); $output = webLoginAlert("You are blocked and cannot log in!"); return; } // blockuntil if ($blockeduntildate > time()) { // this user has a block until date session_destroy(); session_unset(); $output = webLoginAlert("You are blocked and cannot log in! Please try again later."); return; } // blockafter if ($blockedafterdate > 0 && $blockedafterdate < time()) { // this user has a block after date session_destroy(); session_unset(); $output = webLoginAlert("You are blocked and cannot log in! Please try again later."); return; } // allowed ip if (isset($modx->config['allowed_ip'])) { if (strpos($modx->config['allowed_ip'], $_SERVER['REMOTE_ADDR']) === false) { $output = webLoginAlert("You are not allowed to login from this location."); return; } } // allowed days if (isset($modx->config['allowed_days'])) { $date = getdate(); $day = $date['wday'] + 1; if (strpos($modx->config['allowed_days'], "{$day}") === false) { $output = webLoginAlert("You are not allowed to login at this time. Please try again later."); return; } } // invoke OnWebAuthentication event $rt = $modx->invokeEvent("OnWebAuthentication", array("userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "savedpassword" => $dbasePassword, "rememberme" => $rememberme)); // check if plugin authenticated the user if (!$rt || is_array($rt) && !in_array(TRUE, $rt)) { // check user password - local authentication if ($dbasePassword != md5($givenPassword)) { $output = webLoginAlert("Incorrect username or password entered!"); $newloginerror = 1; } } if (isset($modx->config['use_captcha']) && $modx->config['use_captcha'] == 1) { if ($_SESSION['veriword'] != $captcha_code) { $output = webLoginAlert("The security code you entered didn't validate! Please try to login again!"); $newloginerror = 1; } } if (isset($newloginerror) && $newloginerror == 1) { $failedlogins += $newloginerror; if ($failedlogins >= $modx->config['failed_login_attempts']) { //increment the failed login counter, and block! $sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='{$failedlogins}', blockeduntil='" . (time() + $modx->config['blocked_minutes'] * 60) . "' where internalKey={$internalKey}"; $ds = $modx->db->query($sql); } else { //increment the failed login counter $sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='{$failedlogins}' where internalKey={$internalKey}"; $ds = $modx->db->query($sql); } session_destroy(); session_unset(); return; } $currentsessionid = session_id(); if (!isset($_SESSION['webValidated'])) { $sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount=0, logincount=logincount+1, lastlogin=thislogin, thislogin="******", sessionid='{$currentsessionid}' where internalKey={$internalKey}"; $ds = $modx->db->query($sql); } $_SESSION['webShortname'] = $username; $_SESSION['webFullname'] = $fullname; $_SESSION['webEmail'] = $email; $_SESSION['webValidated'] = 1; $_SESSION['webInternalKey'] = $internalKey; $_SESSION['webValid'] = base64_encode($givenPassword); $_SESSION['webUser'] = base64_encode($username); $_SESSION['webFailedlogins'] = $failedlogins; $_SESSION['webLastlogin'] = $lastlogin; $_SESSION['webnrlogins'] = $nrlogins; $_SESSION['webUserGroupNames'] = ''; // reset user group names // get user's document groups $dg = ''; $i = 0; $tblug = $dbase . ".`" . $table_prefix . "web_groups`"; $tbluga = $dbase . ".`" . $table_prefix . "webgroup_access`"; $sql = "SELECT uga.documentgroup\n FROM {$tblug} ug\n INNER JOIN {$tbluga} uga ON uga.webgroup=ug.webgroup\n WHERE ug.webuser ="******"HTTP_CLIENT_IP")) { $ip = getenv("HTTP_CLIENT_IP"); } else { if (getenv("HTTP_X_FORWARDED_FOR")) { $ip = getenv("HTTP_X_FORWARDED_FOR"); } else { if (getenv("REMOTE_ADDR")) { $ip = getenv("REMOTE_ADDR"); } else { $ip = "UNKNOWN"; } } } $_SESSION['ip'] = $ip; $itemid = isset($_REQUEST['id']) ? $_REQUEST['id'] : 'NULL'; $lasthittime = time(); $a = 998; if ($a != 1) { // web users are stored with negative id $sql = "REPLACE INTO {$dbase}.`" . $table_prefix . "active_users` (internalKey, username, lasthit, action, id, ip) values(-" . $_SESSION['webInternalKey'] . ", '" . $_SESSION['webShortname'] . "', '" . $lasthittime . "', '" . $a . "', " . $itemid . ", '{$ip}')"; if (!($ds = $modx->db->query($sql))) { $output = "error replacing into active users! SQL: " . $sql; return; } } } // invoke OnWebLogin event $modx->invokeEvent("OnWebLogin", array("userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "rememberme" => $rememberme)); // redirect if (isset($_REQUEST['refurl']) && !empty($_REQUEST['refurl'])) { // last accessed page $targetPageId = urldecode($_REQUEST['refurl']); if (strpos($targetPageId, 'q=') !== false) { $urlPos = strpos($targetPageId, 'q=') + 2; $alias = substr($targetPageId, $urlPos); $aliasLength = strpos($alias, '&') ? strpos($alias, '&') : strlen($alias); $alias = substr($alias, 0, $aliasLength); $url = $modx->config['base_url'] . $alias; } elseif (intval($targetPageId)) { $url = $modx->makeUrl($targetPageId); } else { $url = urldecode($_REQUEST['refurl']); } $modx->sendRedirect($url); } return; }
return; } } // invoke OnWebAuthentication event $rt = $modx->invokeEvent("OnWebAuthentication", array("userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "savedpassword" => $dbasePassword, "rememberme" => $rememberme)); // check if plugin authenticated the user if (!$rt || is_array($rt) && !in_array(TRUE, $rt)) { // check user password - local authentication if ($dbasePassword != md5($givenPassword)) { $output = webLoginAlert($langTXT[14], $alerttpl); $newloginerror = 1; } } if (isset($modx->config['use_captcha']) && $modx->config['use_captcha'] == 1) { if ($_SESSION['veriword'] != $captcha_code) { $output = webLoginAlert($langTXT[15], $alerttpl); $newloginerror = 1; } } if (isset($newloginerror) && $newloginerror == 1) { $failedlogins += $newloginerror; if ($failedlogins >= $modx->config['failed_login_attempts']) { //increment the failed login counter, and block! $sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='{$failedlogins}', blockeduntil='" . (time() + $modx->config['blocked_minutes'] * 60) . "' where internalKey={$internalKey}"; $ds = $modx->db->query($sql); } else { //increment the failed login counter $sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='{$failedlogins}' where internalKey={$internalKey}"; $ds = $modx->db->query($sql); } session_destroy();