function webLoginSendNewPassword($email, $uid, $pwd, $ufn)
{
global $modx, $site_url;
$mailto = $modx->config['mailto'];
$websignupemail_message = $modx->config['websignupemail_message'];
$emailsubject = $modx->config['emailsubject'];
$emailsender = $modx->config['emailsender'];
$site_name = $modx->config['site_name'];
$site_start = $modx->config['site_start'];
$message = sprintf($websignupemail_message, $uid, $pwd);
// use old method
// replace placeholders
$message = str_replace("[+uid+]", $uid, $message);
$message = str_replace("[+pwd+]", $pwd, $message);
$message = str_replace("[+ufn+]", $ufn, $message);
$message = str_replace("[+sname+]", $site_name, $message);
$message = str_replace("[+semail+]", $emailsender, $message);
$message = str_replace("[+surl+]", $site_url, $message);
if (!ini_get('safe_mode')) {
$sent = mail($email, $emailsubject, $message, "From: " . $emailsender . "\r\n" . "X-Mailer: Content Manager - PHP/" . phpversion(), "-f {$emailsender}");
} else {
$sent = mail($email, $emailsubject, $message, "From: " . $emailsender . "\r\n" . "X-Mailer: Content Manager - PHP/" . phpversion());
}
if (!$sent) {
webLoginAlert("Error while sending mail to {$mailto}", 1);
}
return true;
}
function webLoginSendNewPassword($email, $uid, $pwd, $ufn)
{
global $modx, $site_url;
$mailto = $modx->config['mailto'];
$websignupemail_message = $modx->config['websignupemail_message'];
$emailsubject = $modx->config['emailsubject'];
$emailsender = $modx->config['emailsender'];
$site_name = $modx->config['site_name'];
$site_start = $modx->config['site_start'];
$message = sprintf($websignupemail_message, $uid, $pwd);
// use old method
// replace placeholders
$message = str_replace("[+uid+]", $uid, $message);
$message = str_replace("[+pwd+]", $pwd, $message);
$message = str_replace("[+ufn+]", $ufn, $message);
$message = str_replace("[+sname+]", $site_name, $message);
$message = str_replace("[+semail+]", $emailsender, $message);
$message = str_replace("[+surl+]", $site_url, $message);
$sent = $modx->sendmail($email, $message);
//ignore mail errors in this cas
if (!$sent) {
webLoginAlert("Error while sending mail to {$mailto}", 1);
}
return true;
}
return;
}
// create the user account
$sql = "INSERT INTO " . $modx->getFullTableName("web_users") . " (username, password) \n VALUES('" . $username . "', md5('" . $password . "'));";
$rs = $modx->db->query($sql);
if (!$rs) {
$output = webLoginAlert("An error occured while attempting to save the user.") . $tpl;
return;
}
// now get the id
$key = $modx->db->getInsertId();
// save user attributes
$sql = "INSERT INTO " . $modx->getFullTableName("web_user_attributes") . " (internalKey, fullname, email, zip, state, country) \n VALUES({$key}, '{$fullname}', '{$email}', '{$zip}', '{$state}', '{$country}');";
$rs = $modx->db->query($sql);
if (!$rs) {
$output = webLoginAlert("An error occured while attempting to save the user's attributes.") . $tpl;
return;
}
// add user to web groups
if (count($groups) > 0) {
$ds = $modx->dbQuery("SELECT id FROM " . $modx->getFullTableName("webgroup_names") . " WHERE name IN ('" . implode("','", $groups) . "')");
if (!$ds) {
return $modx->webAlert('An error occured while attempting to update user\'s web groups');
} else {
while ($row = $modx->fetchRow($ds)) {
$wg = $row["id"];
$modx->dbQuery("REPLACE INTO " . $modx->getFullTableName("web_groups") . " (webgroup,webuser) VALUES('{$wg}','{$key}')");
}
}
}
// invoke OnWebSaveUser event
return;
}
}
// invoke OnWebAuthentication event
$rt = $modx->invokeEvent("OnWebAuthentication", array("userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "savedpassword" => $dbasePassword, "rememberme" => $rememberme));
// check if plugin authenticated the user
if (!$rt || is_array($rt) && !in_array(TRUE, $rt)) {
// check user password - local authentication
if ($dbasePassword != md5($givenPassword)) {
$output = webLoginAlert("Incorrect username or password entered!");
$newloginerror = 1;
}
}
if (isset($modx->config['use_captcha']) && $modx->config['use_captcha'] == 1 && isset($_POST['cmdwebsignup'])) {
if ($_SESSION['veriword'] != $captcha_code) {
$output = webLoginAlert("The security code you entered didn't validate! Please try to login again!");
$newloginerror = 1;
}
}
if (isset($newloginerror) && $newloginerror == 1) {
$failedlogins += $newloginerror;
if ($failedlogins >= $modx->config['failed_login_attempts']) {
//increment the failed login counter, and block until!
$modx->db->update(array('failedlogincount' => $failedlogins, 'blockeduntil' => time() + $modx->config['blocked_minutes'] * 60), $modx->getFullTableName('web_user_attributes'), "internalKey='{$internalKey}'");
} else {
//increment the failed login counter
$modx->db->update(array('failedlogincount' => $failedlogins), $modx->getFullTableName('web_user_attributes'), "internalKey='{$internalKey}'");
}
session_destroy();
session_unset();
return;
}
} else {
$newpassmsg = "The new password is <b>" . htmlspecialchars($newpassword, ENT_QUOTES) . "</b>.";
}
// save new password to database
$rt = $modx->changeWebUserPassword($oldpassword, md5($newpassword));
if ($rt !== true) {
$output = webLoginAlert("An error occured while saving new password: {$rt}");
return;
}
// display change notification
$tpl = $tpls[1];
$tpl = str_replace("[+newpassmsg+]", $newpassmsg, $tpl);
$output .= $tpl;
} else {
$output = webLoginAlert("Incorrect password. Please try again.") . $tpl;
return;
}
}
}
// Returns Default WebChangePwd tpl
function getWebChangePwdtpl()
{
ob_start();
?>
<!-- #declare:separator <hr> -->
<!-- login form section-->
<form method="post" name="changepwdfrm" action="[+action+]" style="margin: 0px; padding: 0px;">
<table border="0" cellpadding="1" width="300">
<tr>
<td><fieldset style="width:300px">
return;
}
// create the user account
$sql = "INSERT INTO " . $modx->getFullTableName("web_users") . " (username, password) \r\n\r\n VALUES('" . $username . "', md5('" . $password . "'));";
$rs = $modx->db->query($sql);
if (!$rs) {
$output = webLoginAlert($langTXT[27], $alerttpl) . $tpl;
return;
}
// now get the id
$key = $modx->db->getInsertId();
// save user attributes
$sql = "INSERT INTO " . $modx->getFullTableName("web_user_attributes") . " (internalKey, fullname, email, zip, state, country) \r\n\r\n VALUES({$key}, '{$fullname}', '{$email}', '{$zip}', '{$state}', '{$country}');";
$rs = $modx->db->query($sql);
if (!$rs) {
$output = webLoginAlert($langTXT[28], $alerttpl) . $tpl;
return;
}
// add user to web groups
if (count($groups) > 0) {
$ds = $modx->dbQuery("SELECT id FROM " . $modx->getFullTableName("webgroup_names") . " WHERE name IN ('" . implode("','", $groups) . "')");
if (!$ds) {
return $modx->webAlert('An error occured while attempting to update user\'s web groups');
} else {
while ($row = $modx->fetchRow($ds)) {
$wg = $row["id"];
$modx->dbQuery("REPLACE INTO " . $modx->getFullTableName("web_groups") . " (webgroup,webuser) VALUES('{$wg}','{$key}')");
}
}
}
// invoke OnWebSaveUser event
if (!$rs2) {
$output = webLoginAlert("Unable to update profile at this time!") . $tpl;
return;
}
}
$rs1 = $modx->db->update($fields, $modx->getFullTableName('web_user_attributes'), "internalKey = " . $uid);
if (!$rs1) {
$output = webLoginAlert("Unable to update profile at this time!") . $tpl;
return;
}
if (!empty($_POST['password'])) {
$output = $tpls[1];
$rt = webLoginSendNewPassword($email, $username, $password, $fullname);
if ($rt !== true) {
// an error occured
$output = webLoginAlert("Unable to send email!") . $tpl;
return;
}
} else {
$output = $tpls[2];
}
return;
}
function getWebProfiletpl()
{
ob_start();
?>
<!-- #declare:separator <hr> -->
<!-- login form section-->
<fieldset>
<form method="post" name="webprofilefrm" action="[+action+]" style="margin: 0px; padding: 0px;">
return;
}
// check password
if (strlen($password) < 6) {
$output = webLoginAlert("Password is too short!") . $tpl;
return;
} elseif ($password == "") {
$output = webLoginAlert("You didn't specify a password for this user!") . $tpl;
return;
}
} else {
$password = webLoginGeneratePassword();
}
// verify form code
if ($useCaptcha && $_SESSION['veriword'] != $formcode) {
$output = webLoginAlert("Incorrect form code. Please enter the correct code displayed by the image.") . $tpl;
return;
}
// create the user account
$key = $modx->db->insert(array('username' => $username, 'password' => md5($password)), $modx->getFullTableName("web_users"));
// save user attributes
$modx->db->insert(array('internalKey' => $key, 'fullname' => $fullname, 'email' => $email, 'zip' => $zip, 'state' => $state, 'country' => $country), $modx->getFullTableName("web_user_attributes"));
// add user to web groups
if (count($groups) > 0) {
$ds = $modx->db->select('id', $modx->getFullTableName("webgroup_names"), "name IN ('" . implode("','", $groups) . "')");
while ($wg = $modx->db->getValue($ds)) {
$modx->db->query("REPLACE INTO " . $modx->getFullTableName("web_groups") . " (webgroup,webuser) VALUES('{$wg}','{$key}')");
}
}
// invoke OnWebSaveUser event
$modx->invokeEvent("OnWebSaveUser", array("mode" => "new", "userid" => $key, "username" => $username, "userpassword" => $password, "useremail" => $email, "userfullname" => $fullname));
function login($user)
{
# process login - this function from http://modxcms.com/forums/index.php?topic=32390.20
# modified BAS (greenhatdesign/net) June 2011
/* add in required WebAuth etc functions */
# Set Snippet Paths
$snipPath = $modx->config['base_path'] . "assets/snippets/";
include_once $snipPath . "weblogin/weblogin.common.inc.php";
include_once $modx->config['base_path'] . "manager/includes/crypt.class.inc.php";
global $modx;
defined('IN_PARSER_MODE') or die;
$dbase = $modx->dbConfig['dbase'];
$table_prefix = $modx->dbConfig['table_prefix'];
//PASSWORDPOSTFIX: USER INTERVENTION REQUIRED HERE: - add in the postfix you want, make sure it's the same in WebLoginFB
$passwordpostfix = "12345";
//make this change in the WebLoginFB snippet also
$logindetails = array();
$logindetails['username'] = $user;
$logindetails['givenPass'] = $user . $passwordpostfix;
//needs to match that set in the main body
$rememberme = FALSE;
$username = $modx->db->escape(strip_tags($logindetails['username']));
$givenPassword = $modx->db->escape($logindetails['givenPass']);
// invoke OnBeforeWebLogin event
$modx->invokeEvent("OnBeforeWebLogin", array("username" => $username, "userpassword" => $givenPassword, "rememberme" => $rememberme));
$sql = "SELECT {$dbase}.`" . $table_prefix . "web_users`.*, {$dbase}.`" . $table_prefix . "web_user_attributes`.* FROM {$dbase}.`" . $table_prefix . "web_users`, {$dbase}.`" . $table_prefix . "web_user_attributes` WHERE BINARY {$dbase}.`" . $table_prefix . "web_users`.username = '******' and {$dbase}.`" . $table_prefix . "web_user_attributes`.internalKey={$dbase}.`" . $table_prefix . "web_users`.id;";
$ds = $modx->db->query($sql);
$limit = $modx->db->getRecordCount($ds);
if ($limit == 0 || $limit > 1) {
$output = webLoginAlert("Incorrect username or password entered!");
return;
}
$row = $modx->db->getRow($ds);
$internalKey = $row['internalKey'];
$dbasePassword = $row['password'];
$failedlogins = $row['failedlogincount'];
$blocked = $row['blocked'];
$blockeduntildate = $row['blockeduntil'];
$blockedafterdate = $row['blockedafter'];
$registeredsessionid = $row['sessionid'];
$role = $row['role'];
$lastlogin = $row['lastlogin'];
$nrlogins = $row['logincount'];
$fullname = $row['fullname'];
//$sessionRegistered = checkSession();
$email = $row['email'];
// load user settings
if ($internalKey) {
$result = $modx->db->query("SELECT setting_name, setting_value FROM " . $dbase . ".`" . $table_prefix . "web_user_settings` WHERE webuser='******'");
while ($row = $modx->fetchRow($result, 'both')) {
$modx->config[$row[0]] = $row[1];
}
}
if ($failedlogins >= $modx->config['failed_login_attempts'] && $blockeduntildate > time()) {
// blocked due to number of login errors.
session_destroy();
session_unset();
$output = webLoginAlert("Due to too many failed logins, you have been blocked!");
return;
}
if ($failedlogins >= $modx->config['failed_login_attempts'] && $blockeduntildate < time()) {
// blocked due to number of login errors, but get to try again
$sql = "UPDATE {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='0', blockeduntil='" . (time() - 1) . "' where internalKey={$internalKey}";
$ds = $modx->db->query($sql);
}
if ($blocked == "1") {
// this user has been blocked by an admin, so no way he's loggin in!
session_destroy();
session_unset();
$output = webLoginAlert("You are blocked and cannot log in!");
return;
}
// blockuntil
if ($blockeduntildate > time()) {
// this user has a block until date
session_destroy();
session_unset();
$output = webLoginAlert("You are blocked and cannot log in! Please try again later.");
return;
}
// blockafter
if ($blockedafterdate > 0 && $blockedafterdate < time()) {
// this user has a block after date
session_destroy();
session_unset();
$output = webLoginAlert("You are blocked and cannot log in! Please try again later.");
return;
}
// allowed ip
if (isset($modx->config['allowed_ip'])) {
if (strpos($modx->config['allowed_ip'], $_SERVER['REMOTE_ADDR']) === false) {
$output = webLoginAlert("You are not allowed to login from this location.");
return;
}
}
// allowed days
if (isset($modx->config['allowed_days'])) {
$date = getdate();
$day = $date['wday'] + 1;
if (strpos($modx->config['allowed_days'], "{$day}") === false) {
$output = webLoginAlert("You are not allowed to login at this time. Please try again later.");
return;
}
}
// invoke OnWebAuthentication event
$rt = $modx->invokeEvent("OnWebAuthentication", array("userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "savedpassword" => $dbasePassword, "rememberme" => $rememberme));
// check if plugin authenticated the user
if (!$rt || is_array($rt) && !in_array(TRUE, $rt)) {
// check user password - local authentication
if ($dbasePassword != md5($givenPassword)) {
$output = webLoginAlert("Incorrect username or password entered!");
$newloginerror = 1;
}
}
if (isset($modx->config['use_captcha']) && $modx->config['use_captcha'] == 1) {
if ($_SESSION['veriword'] != $captcha_code) {
$output = webLoginAlert("The security code you entered didn't validate! Please try to login again!");
$newloginerror = 1;
}
}
if (isset($newloginerror) && $newloginerror == 1) {
$failedlogins += $newloginerror;
if ($failedlogins >= $modx->config['failed_login_attempts']) {
//increment the failed login counter, and block!
$sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='{$failedlogins}', blockeduntil='" . (time() + $modx->config['blocked_minutes'] * 60) . "' where internalKey={$internalKey}";
$ds = $modx->db->query($sql);
} else {
//increment the failed login counter
$sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='{$failedlogins}' where internalKey={$internalKey}";
$ds = $modx->db->query($sql);
}
session_destroy();
session_unset();
return;
}
$currentsessionid = session_id();
if (!isset($_SESSION['webValidated'])) {
$sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount=0, logincount=logincount+1, lastlogin=thislogin, thislogin="******", sessionid='{$currentsessionid}' where internalKey={$internalKey}";
$ds = $modx->db->query($sql);
}
$_SESSION['webShortname'] = $username;
$_SESSION['webFullname'] = $fullname;
$_SESSION['webEmail'] = $email;
$_SESSION['webValidated'] = 1;
$_SESSION['webInternalKey'] = $internalKey;
$_SESSION['webValid'] = base64_encode($givenPassword);
$_SESSION['webUser'] = base64_encode($username);
$_SESSION['webFailedlogins'] = $failedlogins;
$_SESSION['webLastlogin'] = $lastlogin;
$_SESSION['webnrlogins'] = $nrlogins;
$_SESSION['webUserGroupNames'] = '';
// reset user group names
// get user's document groups
$dg = '';
$i = 0;
$tblug = $dbase . ".`" . $table_prefix . "web_groups`";
$tbluga = $dbase . ".`" . $table_prefix . "webgroup_access`";
$sql = "SELECT uga.documentgroup\n FROM {$tblug} ug\n INNER JOIN {$tbluga} uga ON uga.webgroup=ug.webgroup\n WHERE ug.webuser ="******"HTTP_CLIENT_IP")) {
$ip = getenv("HTTP_CLIENT_IP");
} else {
if (getenv("HTTP_X_FORWARDED_FOR")) {
$ip = getenv("HTTP_X_FORWARDED_FOR");
} else {
if (getenv("REMOTE_ADDR")) {
$ip = getenv("REMOTE_ADDR");
} else {
$ip = "UNKNOWN";
}
}
}
$_SESSION['ip'] = $ip;
$itemid = isset($_REQUEST['id']) ? $_REQUEST['id'] : 'NULL';
$lasthittime = time();
$a = 998;
if ($a != 1) {
// web users are stored with negative id
$sql = "REPLACE INTO {$dbase}.`" . $table_prefix . "active_users` (internalKey, username, lasthit, action, id, ip) values(-" . $_SESSION['webInternalKey'] . ", '" . $_SESSION['webShortname'] . "', '" . $lasthittime . "', '" . $a . "', " . $itemid . ", '{$ip}')";
if (!($ds = $modx->db->query($sql))) {
$output = "error replacing into active users! SQL: " . $sql;
return;
}
}
}
// invoke OnWebLogin event
$modx->invokeEvent("OnWebLogin", array("userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "rememberme" => $rememberme));
// redirect
if (isset($_REQUEST['refurl']) && !empty($_REQUEST['refurl'])) {
// last accessed page
$targetPageId = urldecode($_REQUEST['refurl']);
if (strpos($targetPageId, 'q=') !== false) {
$urlPos = strpos($targetPageId, 'q=') + 2;
$alias = substr($targetPageId, $urlPos);
$aliasLength = strpos($alias, '&') ? strpos($alias, '&') : strlen($alias);
$alias = substr($alias, 0, $aliasLength);
$url = $modx->config['base_url'] . $alias;
} elseif (intval($targetPageId)) {
$url = $modx->makeUrl($targetPageId);
} else {
$url = urldecode($_REQUEST['refurl']);
}
$modx->sendRedirect($url);
}
return;
}
return;
}
}
// invoke OnWebAuthentication event
$rt = $modx->invokeEvent("OnWebAuthentication", array("userid" => $internalKey, "username" => $username, "userpassword" => $givenPassword, "savedpassword" => $dbasePassword, "rememberme" => $rememberme));
// check if plugin authenticated the user
if (!$rt || is_array($rt) && !in_array(TRUE, $rt)) {
// check user password - local authentication
if ($dbasePassword != md5($givenPassword)) {
$output = webLoginAlert($langTXT[14], $alerttpl);
$newloginerror = 1;
}
}
if (isset($modx->config['use_captcha']) && $modx->config['use_captcha'] == 1) {
if ($_SESSION['veriword'] != $captcha_code) {
$output = webLoginAlert($langTXT[15], $alerttpl);
$newloginerror = 1;
}
}
if (isset($newloginerror) && $newloginerror == 1) {
$failedlogins += $newloginerror;
if ($failedlogins >= $modx->config['failed_login_attempts']) {
//increment the failed login counter, and block!
$sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='{$failedlogins}', blockeduntil='" . (time() + $modx->config['blocked_minutes'] * 60) . "' where internalKey={$internalKey}";
$ds = $modx->db->query($sql);
} else {
//increment the failed login counter
$sql = "update {$dbase}.`" . $table_prefix . "web_user_attributes` SET failedlogincount='{$failedlogins}' where internalKey={$internalKey}";
$ds = $modx->db->query($sql);
}
session_destroy();
