function logout($VAR)
{
global $C_debug, $C_translate;
$db =& DB();
# get the account id (for DB mapping):
$q = "SELECT account_id FROM " . AGILE_DB_PREFIX . "session WHERE\n\t\t\t id = '" . SESS . "' AND\n\t\t\t site_id = '" . DEFAULT_SITE . "'";
$result = $db->Execute($q);
$account_id = $result->fields['account_id'];
# logout the current session by editing the database record
$q = "UPDATE " . AGILE_DB_PREFIX . "session SET logged='0'\n\t\t\t WHERE id = '" . SESS . "' AND\n\t\t\t site_id = '" . DEFAULT_SITE . "'";
$result = $db->Execute($q);
# delete any session caches!
$q = 'DELETE FROM ' . AGILE_DB_PREFIX . 'session_auth_cache WHERE
session_id = ' . $db->qstr(SESS) . ' AND
site_id = ' . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
# logout success:
$C_debug->alert($C_translate->translate('logout_success', '', ''));
####################################################################
### Do any db_mapping
####################################################################
$sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'module WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
name = ' . $db->qstr('db_mapping') . ' AND
status = ' . $db->qstr("1");
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
$db_map->logout($account_id);
}
}
function update_account_groups($VAR)
{
global $C_auth;
$ii = 0;
@($groups = $VAR['groups']);
@($account = $VAR['account_admin_id']);
# admin accounts groups cannot be altered
# user cannot modify their own groups
if ($account == "1" || SESS_ACCOUNT == $account) {
return false;
}
### Drop the current groups for this account:
# generate the full query
$dba =& DB();
$q = "DELETE FROM " . AGILE_DB_PREFIX . "account_group\n\t\t\t WHERE\n\t\t\t service_id IS NULL AND\n\t\t\t account_id = " . $dba->qstr($account) . " AND \n\t\t\t site_id = " . $dba->qstr(DEFAULT_SITE);
# execute the query
$result = $dba->Execute($q);
#loop through the array to add each account_group record
for ($i = 0; $i < count($groups); $i++) {
# verify the admin adding this account is authorized
# for this group themselves, otherwise skip
if ($C_auth->auth_group_by_id($groups[$i])) {
# add the account to the selected groups...
$dba =& DB();
# determine the record id:
$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');
# determine the expiration
if (!empty($VAR['account_admin_date_expire'])) {
include_once PATH_CORE . 'validate.inc.php';
$validate = new CORE_validate();
$expire = $validate->DateToEpoch(DEFAULT_DATE_FORMAT, $VAR['account_admin_date_expire']);
} else {
$expire = 0;
}
# generate the full query
$q = "INSERT INTO " . AGILE_DB_PREFIX . "account_group\n\t\t\t\t\t SET\n\t\t\t\t\t id = " . $dba->qstr($this->new_id) . ",\n\t\t\t\t\t date_orig = " . $dba->qstr(time()) . ",\n\t\t\t\t\t date_expire = " . $dba->qstr($expire) . ",\n\t\t\t\t\t group_id = " . $dba->qstr($groups[$i]) . ",\n\t\t\t\t\t account_id = " . $dba->qstr($account) . ",\n\t\t\t\t\t active = " . $dba->qstr('1') . ",\n\t\t\t\t\t site_id = " . $dba->qstr(DEFAULT_SITE);
# execute the query
$result = $dba->Execute($q);
$ii++;
# error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('account_admin.inc.php', 'update_account_groups', $dba->ErrorMsg());
}
}
}
### Add default group
if ($ii == 0) {
# add the account to the selected groups...
$dba =& DB();
# determine the record id:
$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');
# generate the full query
$q = "INSERT INTO " . AGILE_DB_PREFIX . "account_group\n\t\t\t\t\tSET\n\t\t\t\t\tid = " . $dba->qstr($this->new_id) . ",\n\t\t\t\t\tdate_orig = " . $dba->qstr(time()) . ",\n\t\t\t\t\tdate_expire = " . $dba->qstr(@$expire) . ",\n\t\t\t\t\tgroup_id = " . $dba->qstr(DEFAULT_GROUP) . ",\n\t\t\t\t\taccount_id = " . $dba->qstr($account) . ",\n\t\t\t\t\tactive = " . $dba->qstr('1') . ",\n\t\t\t\t\tsite_id = " . $dba->qstr(DEFAULT_SITE);
$result = $dba->Execute($q);
if ($result === false) {
global $C_debug;
$C_debug->error('account_admin.inc.php', 'update_account_groups', $dba->ErrorMsg());
}
}
### Remove the user's session_auth_cache so it is regenerated on user's next pageview
$db =& DB();
$q = "SELECT id FROM " . AGILE_DB_PREFIX . "session WHERE\n\t\t\t account_id = " . $db->qstr($account) . " AND\n\t\t\t site_id = " . $db->qstr(DEFAULT_SITE);
$rss = $db->Execute($q);
while (!$rss->EOF) {
$q = "DELETE FROM " . AGILE_DB_PREFIX . "session_auth_cache WHERE\n\t\t\t\t session_id = " . $db->qstr($rss->fields['id']) . " AND \n\t\t\t\t site_id \t = " . $db->qstr(DEFAULT_SITE);
$db->Execute($q);
$rss->MoveNext();
}
### Do any db_mapping
global $C_list;
if ($C_list->is_installed('db_mapping')) {
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
$db_map->account_group_sync($account);
}
}
function account_group_sync($account_id)
{
if ($this->map['group_type'] == 'db') {
$db_map = new db_mapping();
return $db_map->MAP_account_group_sync_db($account_id, $this);
} elseif ($this->map['group_type'] == 'status') {
$db_map = new db_mapping();
return $db_map->MAP_account_group_sync_status($account_id, $this);
} elseif ($this->map['group_type'] == 'db-status') {
$db_map = new db_mapping();
return $db_map->MAP_account_group_sync_db_status($account_id, $this);
} else {
return false;
}
}
function account_group_sync($account_id)
{
$db_map = new db_mapping();
return $db_map->MAP_account_group_sync_db_status($account_id, $this);
}
function account_group_sync($account_id)
{
$db_map = new db_mapping();
$db_map->MAP_account_group_sync_db_status($account_id);
### Get the local account details
$db =& DB();
$sql = 'SELECT username,email FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($account_id);
$result = $db->Execute($sql);
if ($result === false) {
global $C_debug;
$C_debug->error('Mambo_4_5.php', 'account_group_sync:1', $db->ErrorMsg());
return;
}
$user = $result->fields['username'];
$email = $result->fields['email'];
### Get the remote account id, username, and group ID:
$dbm = new db_mapping();
$db2 = $dbm->DB_connect(false, $this->map['map']);
eval('@$db_prefix = DB2_PREFIX' . strtoupper($this->map['map']) . ';');
$sql = "SELECT id,gid,username FROM " . $db_prefix . "" . $this->map['account_map_field'] . ' WHERE ' . $this->map['account_fields']['username']['map_field'] . " = " . $db2->qstr($user);
$result = $db2->Execute($sql);
if ($result === false) {
global $C_debug;
$C_debug->error('Mambo_4_5.php', 'account_group_sync:2', $db2->ErrorMsg());
return;
}
$id = $result->fields['id'];
$user = $result->fields['username'];
$gid = $result->fields['gid'];
# Clear old values:
$sql = "DELETE FROM " . $db_prefix . "core_acl_aro WHERE value = {$id}";
$result = $db2->Execute($sql);
# add the core_acl_aro record
$sql = "INSERT INTO " . $db_prefix . "core_acl_aro SET \n section_value \t= 'users',\n value\t\t\t= {$id},\n name\t\t\t= " . $db2->qstr($user);
$result = $db2->Execute($sql);
# Get the ID just inserted:
$sql = "SELECT aro_id FROM " . $db_prefix . "core_acl_aro WHERE value = {$id}";
$result = $db2->Execute($sql);
$aro_id = $result->fields['aro_id'];
$sql = "DELETE FROM " . $db_prefix . "core_acl_groups_aro_map WHERE aro_id = {$aro_id}";
$result = $db2->Execute($sql);
if ($gid > 0 && $aro_id > 0) {
# add the core_acl_groups_aro_map record
$sql = "INSERT INTO " . $db_prefix . "core_acl_groups_aro_map SET \n\t \t\t\tgroup_id\t\t= {$gid},\n\t \t\t\taro_id\t\t\t= {$aro_id}";
$result = $db2->Execute($sql);
# unblock
$sql = "UPDATE " . $db_prefix . $this->map['account_map_field'] . "\n\t SET block = 0\n\t WHERE id = {$id}";
$result = $db2->Execute($sql);
} else {
/*
This member gets access to nothing.
Mambo doesn't have a group we can grant the users
that allows them only public access articles. Lame.
After studying mambo's group system in depth,
it makes no sense how something so complicated (6 tables?) can not
be used to control access to the articles?! Wit a CMS system, it is
all about the content and if you have groups, you should be able to
display/hide content based on the user's group membership.
However, with mambo, apparently you can set the articles so they can
be viewed by a) all users, (b) registered users, (c) Special.
Since I can find no way to map the users to option (c), and obviously
non-paying members will still be registered after their subscription
expires, our options are now to delete the user entirely (NO!)
or set the user to blocked (lesser of two evils but will cause confusion
since mambo will tell the user the login info they submitted is invalid)
Lets block the user and be done with it... Sigh...
*/
$sql = "UPDATE " . $db_prefix . $this->map['account_map_field'] . "\n\t SET block = 1\n\t WHERE id = {$id}";
$result = $db2->Execute($sql);
}
}
function verify($VAR)
{
global $C_debug, $C_translate, $smarty;
### Validate $verify is set...
if (!isset($VAR['verify']) || $VAR['verify'] == "") {
### Error: please use the form below ...
$smarty->assign('verify_results', false);
return;
}
@($verify = explode(':', $VAR['verify']));
### Validate the $verify string....
$db =& DB();
$sql = 'SELECT id,username,status FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr(@$verify[1]) . ' AND
date_orig = ' . $db->qstr(@$verify[0]);
$result = $db->Execute($sql);
if ($result->RecordCount() == 0) {
### Error: please use the form below ...
$smarty->assign('verify_results', false);
return;
}
### Check the status:
$status = $result->fields['status'];
$username = $result->fields['username'];
if ($status == "1") {
### Account already active!
$smarty->assign('verify_results', true);
return;
}
### Update the account status
$sql = 'UPDATE ' . AGILE_DB_PREFIX . 'account SET
status = ' . $db->qstr("1") . '
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr(@$verify[1]);
$result = $db->Execute($sql);
### Account now active!
$smarty->assign('verify_results', true);
### Return the success message:
$C_debug->alert($C_translate->translate('password_update_success', 'account', ''));
####################################################################
### Do any db_mapping
####################################################################
global $C_list;
/*
if($C_list->is_installed('db_mapping'))
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
$db_map->account_edit ( $VAR['verify'], $username );
}
*/
if ($C_list->is_installed('db_mapping')) {
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
$db_map->plaintext_password = false;
$db_map->account_add($verify[1]);
}
}
function MAP_account_logout($account_id, $MAP_this)
{
### Clear the session info in IBF
$dbm = new db_mapping();
$db = $dbm->DB_connect(false, $MAP_this->map['map']);
eval('@$db_prefix = DB2_PREFIX' . strtoupper($MAP_this->map['map']) . ';');
$sql = 'UPDATE ' . $db_prefix . 'sessions SET
member_name =' . $db->qstr('NULL') . ',
member_id =' . $db->qstr(0) . ',
login_type =' . $db->qstr(0) . ',
member_group =' . $db->qstr(2) . '
WHERE id =' . $db->qstr(SESS);
$result = $db->Execute($sql);
### error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('db_mapping.inc.php', 'Map_account_logout_delete_account_session', $db->ErrorMsg());
$smarty->assign('db_mapping_result', $db->ErrorMsg());
return;
}
### Clear the IBF cookies
setcookie("session_id", 0, 0, '/');
setcookie("member_id", 0, 0, '/');
setcookie("pass_hash", 0, 0, '/');
return;
}
function MAP_account_group_sync_db_status($account_id, $MAP_this)
{
### Get the local account details
$db =& DB();
$sql = 'SELECT username,email FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($account_id);
$result = $db->Execute($sql);
if ($result === false) {
global $C_debug;
$C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db->ErrorMsg());
return;
}
$user = $result->fields['username'];
$email = $result->fields['email'];
### Get the remote account id:
$dbm = new db_mapping();
$db2 = $dbm->DB_connect(false, $MAP_this->map['map']);
eval('@$db_prefix = DB2_PREFIX' . strtoupper($MAP_this->map['map']) . ';');
$sql = "SELECT " . $MAP_this->map['account_fields']['id']['map_field'] . " FROM " . $db_prefix . "" . $MAP_this->map['account_map_field'] . ' WHERE ' . $MAP_this->map['account_fields']['username']['map_field'] . " = " . $db2->qstr($user);
$result = $db2->Execute($sql);
if ($result === false) {
global $C_debug;
$C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db2->ErrorMsg());
return;
}
$fld_remote_id = $MAP_this->map['account_fields']['id']['map_field'];
$remote_account_id = $result->fields[$fld_remote_id];
### Get the group_map array for this database map:
if (!isset($this->group_arr)) {
$db =& DB();
$sql = "SELECT group_map,group_rank FROM " . AGILE_DB_PREFIX . "db_mapping WHERE\n\t\t\t\t\tmap_file = " . $db->qstr($MAP_this->map['map']) . " AND\n\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($sql);
if ($result === false) {
global $C_debug;
$C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db->ErrorMsg());
return;
}
@($MAP_this->group_arr = unserialize($result->fields['group_map']));
@($MAP_this->group_rank = unserialize($result->fields['group_rank']));
}
### Determine the groups the selected account is authorize for:
$db =& DB();
$sql = "SELECT group_id,date_start,date_expire FROM " . AGILE_DB_PREFIX . "account_group WHERE\n\t\t\t\taccount_id = " . $db->qstr($account_id) . " AND\n\t\t\t\tactive = " . $db->qstr(1) . " AND\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($sql);
### error reporting:
if ($result === false) {
global $C_debug;
$C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db->ErrorMsg());
return;
}
if ($result->RecordCount() == 0) {
return;
}
$MAP_this->status = 0;
if ($result->RecordCount() == 0) {
return;
}
$rank = 0;
while (!$result->EOF) {
$start = $result->fields['date_start'];
$expire = $result->fields['date_expire'];
$group = $result->fields['group_id'];
### Group access started and not expired:
if (($expire >= time() || $expire == '' || $expire == '0') && ($start <= time() || $start == '' || $start == '0')) {
### Group is authorized:
### Get the associated remote group(s) this account needs
### to be added to:
if (!empty($MAP_this->group_arr) && is_array($MAP_this->group_arr)) {
reset($MAP_this->group_arr);
foreach ($MAP_this->group_arr as $key => $val) {
if ($key == $group) {
### what remote group(s) is this group mapped to?
foreach ($val as $remote_group => $add) {
if (!empty($add) && $MAP_this->group_rank[$key]['rank'] > $rank) {
$MAP_this->status = $add;
$rank = $MAP_this->group_rank[$key]['rank'];
}
}
}
}
}
}
$result->MoveNext();
}
### Update the remote account:
$dbm = new db_mapping();
$db2 = $dbm->DB_connect(false, $MAP_this->map['map']);
eval('@$db_prefix = DB2_PREFIX' . strtoupper($MAP_this->map['map']) . ';');
$sql = "UPDATE " . $db_prefix . "" . $MAP_this->map['account_map_field'] . ' SET ' . $MAP_this->map['account_status_field'] . " = " . $db2->qstr($MAP_this->status) . " WHERE " . $MAP_this->map['account_fields']['id']['map_field'] . " = " . $db2->qstr($remote_account_id);
$group_result = $db2->Execute($sql);
if ($group_result === false) {
global $C_debug;
$C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db->ErrorMsg());
return;
}
return $remote_account_id;
}
function dbmap()
{
global $C_list;
if (!is_object($C_list)) {
include_once PATH_CORE . 'list.inc.php';
$C_list = new CORE_list();
}
if ($C_list->is_installed('db_mapping')) {
# Update the db_mapping accounts
include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php';
$db_map = new db_mapping();
$db_map->account_group_sync($this->rs['account_id']);
}
}
function MAP_account_delete($account_id, $username, $MAP_this)
{
global $C_debug;
### Get the remote account id from the username
$dbm = new db_mapping();
$db2 = $dbm->DB_connect(false, $MAP_this->map['map']);
eval('@$db_prefix = DB2_PREFIX' . strtoupper($MAP_this->map['map']) . ';');
$sql = 'SELECT userid FROM ' . $db_prefix . 'user
WHERE username = '******'vBulletin_3.php', 'MAP_account_delete (1)', $db2->ErrorMsg() . ' ' . $sql);
return false;
}
$vb_user_id = $result->fields['userid'];
# Suspend the user user:
$sql = "UPDATE " . $db_prefix . "user SET usergroupid = '1' WHERE userid = " . $db2->qstr($vb_user_id);
$result = $db2->Execute($sql);
if ($result === false) {
$C_debug->error('vBulletin_3.php', 'MAP_account_delete (2)', $db2->ErrorMsg() . ' ' . $sql);
}
}
