e107::redirect();
exit;
}
if ((!ADMIN || !getperms("4")) && e_QUERY && e_QUERY != "update") {
header('location:' . e_BASE . 'usersettings.php');
exit;
}
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_user.php');
// Generic user-related language defines
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_usersettings.php');
require_once e_HANDLER . 'ren_help.php';
require_once e_HANDLER . 'user_extended_class.php';
// require_once (e_HANDLER.'user_handler.php');
require_once e_HANDLER . 'validator_class.php';
$ue = new e107_user_extended();
$userMethods = e107::getUserSession();
require_once e_HANDLER . 'ren_help.php';
if (deftrue('BOOTSTRAP') === 3) {
$template = e107::getCoreTemplate('usersettings', '', true, true);
// always merge
$USERSETTINGS_MESSAGE = "{MESSAGE}";
$USERSETTINGS_MESSAGE_CAPTION = LAN_OK;
$USERSETTINGS_EDIT_CAPTION = LAN_USET_39;
// 'Update User Settings'
$USERSETTINGS_EDIT = $template['edit'];
$usersettings_shortcodes = e107::getScBatch('usersettings');
$usersettings_shortcodes->wrapper('usersettings/edit');
} else {
include_once e107::coreTemplatePath('usersettings');
//correct way to load a core template.
e107::scStyle($sc_style);
/**
* XUP Signup Method (falls-back to XUP login when existing user is detected).
* May be used as a simple XUP login link for existing and non-existing users.
*/
public function signup($redirectUrl = true, $loginAfterSuccess = true, $emailAfterSuccess = true)
{
if (!e107::getPref('social_login_active', false)) {
throw new Exception("Signup failed! This feature is disabled.", 100);
// TODO lan
}
if (!$this->getProvider()) {
throw new Exception("Signup failed! Wrong provider.", 2);
// TODO lan
}
if ($redirectUrl) {
if (true === $redirectUrl) {
$redirectUrl = SITEURL;
} elseif (strpos($redirectUrl, 'http://') !== 0 && strpos($redirectUrl, 'https://') !== 0) {
$redirectUrl = e107::getUrl()->create($redirectUrl);
}
}
if (e107::getUser()->isUser()) {
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return false;
// throw new Exception( "Signup failed! User already signed in. ", 1); // TODO lan
}
$this->adapter = $this->hybridauth->authenticate($this->getProvider());
$profile = $this->adapter->getUserProfile();
// returned back, if success...
if ($profile->identifier) {
$sql = e107::getDb();
$userMethods = e107::getUserSession();
$plainPwd = $userMethods->generateRandomString('************');
// auto plain passwords
// TODO - auto login name, shouldn't be used if system set to user_email login...
$userdata['user_loginname'] = $this->getProvider() . $userMethods->generateUserLogin(e107::getPref('predefinedLoginName', '_..#..#..#'));
$userdata['user_email'] = $sql->escape($profile->emailVerified ? $profile->emailVerified : $profile->email);
$userdata['user_name'] = $sql->escape($profile->displayName);
$userdata['user_login'] = $userdata['user_name'];
$userdata['user_customtitle'] = '';
// not used
$userdata['user_password'] = $userMethods->HashPassword($plainPwd, $userdata['user_loginname']);
// pwd
$userdata['user_sess'] = '';
//
$userdata['user_image'] = $profile->photoURL;
// avatar
$userdata['user_signature'] = '';
// not used
$userdata['user_hideemail'] = 1;
// hide it by default
$userdata['user_xup'] = $sql->escape($this->userId());
$pref = e107::pref('core');
if (!empty($pref['initial_user_classes'])) {
$userdata['user_class'] = $pref['initial_user_classes'];
} elseif (!empty($pref['user_new_period'])) {
$userdata['user_class'] = e_UC_NEWUSER;
} else {
$userdata['user_class'] = '';
}
// print_a($userdata);
// user_name, user_xup, user_email and user_loginname shouldn't match
$insert = !empty($userdata['user_email']) ? "OR user_email='" . $userdata['user_email'] . "' " : "";
if ($sql->count("user", "(*)", "user_xup='" . $sql->escape($this->userId()) . "' " . $insert . " OR user_loginname='{$userdata['user_loginname']}' OR user_name='{$userdata['user_name']}'")) {
// $this->login($redirectUrl); // auto-login
e107::getUser()->loginProvider($this->userId());
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return false;
// throw new Exception( "Signup failed! User already exists. Please use 'login' instead.", 3);
}
if (empty($userdata['user_email']) && e107::getPref('disable_emailcheck', 0) == 0) {
throw new Exception("Signup failed! Can't access user email - registration without an email is impossible." . print_a($userdata, true), 4);
// TODO lan
}
// other fields
$now = time();
$userdata['user_id'] = null;
$userdata['user_join'] = $now;
$userdata['user_lastvisit'] = 0;
$userdata['user_currentvisit'] = 0;
$userdata['user_comments'] = 0;
$userdata['user_ip'] = e107::getIPHandler()->getIP(FALSE);
$userdata['user_ban'] = USER_VALIDATED;
$userdata['user_prefs'] = '';
$userdata['user_visits'] = 0;
$userdata['user_admin'] = 0;
$userdata['user_perms'] = '';
$userdata['user_realm'] = '';
$userdata['user_pwchange'] = $now;
$user = e107::getSystemUser(0, false);
$user->setData($userdata);
$user->getExtendedModel();
// init
//$user->setEditor(e107::getSystemUser(1, false));
$user->save(true);
// user model error
if ($user->hasError()) {
throw new Exception($user->renderMessages(), 5);
}
### Successful signup!
//$user->set('provider', $this->getProvider());
$userdata = $user->getData();
$userdata['provider'] = $this->getProvider();
// e107::getEvent()->trigger('userveri', $userdata); // Trigger New verified user.
e107::getEvent()->trigger('user_xup_signup', $userdata);
$ret = e107::getEvent()->trigger('usersupprov', $userdata);
// XXX - it's time to pass objects instead of array?
if (true === $ret) {
return $this;
}
// send email
if ($emailAfterSuccess) {
$user->set('user_password', $plainPwd)->email('signup');
}
e107::getUser()->setProvider($this);
// auto login
if ($loginAfterSuccess) {
e107::getUser()->loginProvider($this->userId());
// if not proper after-login, return true so user can see login screen
}
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return true;
}
return false;
}
/**
* Admin auth check
* @param string $authname, entered name
* @param string $authpass, entered pass
* @param object $authresponse [optional]
* @return boolean if fail, else result array
*/
public function authcheck($authname, $authpass, $authresponse = '')
{
global $pref;
$tp = e107::getParser();
$sql_auth = e107::getDb('sql_auth');
$user_info = e107::getUserSession();
$reason = '';
$authname = $tp->toDB(preg_replace("/\\sOR\\s|\\=|\\#/", "", trim($authname)));
$authpass = trim($authpass);
if ($authpass == '' || $authname == '') {
$reason = 'np';
}
if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) {
$reason = 'lu';
}
if (!$reason) {
if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) {
$row = $sql_auth->db_Fetch();
} elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) {
$row = $sql_auth->db_Fetch();
$authname = $row['user_loginname'];
} else {
$reason = 'iu';
}
}
if (!$reason && $row['user_id']) {
$session = e107::getSession();
if ($authresponse && $session->is('challenge') && $authresponse != $session->get('challenge')) {
// Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted)
if (($pass_result = $user_info->CheckCHAP($session->get('challenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) {
return ${$row};
}
} else {
// Plaintext password
if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) {
return $row;
}
}
}
return array("authfail", "reason" => $reason);
}
return deftrue('LAN_FPW_101', "Not to worry. Just enter your email address below and we'll send you an instruction email for recovery.");
}
}
if ($pref['membersonly_enabled']) {
$sc = array('FPW_LOGIN_LOGO' => file_exists(THEME . "images/login_logo.png") ? "<img src='" . THEME_ABS . "images/login_logo.png' alt='' />\n" : "<img src='" . e_IMAGE_ABS . "logo.png' alt='' />\n");
if (deftrue('BOOTSTRAP')) {
$FPW_TABLE_HEADER = e107::getCoreTemplate('fpw', 'header');
$FPW_TABLE_FOOTER = e107::getCoreTemplate('fpw', 'footer');
} else {
require_once e107::coreTemplatePath('fpw');
//correct way to load a core template.
}
$HEADER = $tp->simpleParse($FPW_TABLE_HEADER, $sc);
$FOOTER = $tp->simpleParse($FPW_TABLE_FOOTER, $sc);
}
$user_info = e107::getUserSession();
require_once HEADERF;
function fpw_error($txt)
{
if (deftrue('BOOTSTRAP')) {
e107::getMessage()->addError($txt);
e107::getRender()->tablerender(LAN_03, e107::getMessage()->render());
require_once FOOTERF;
exit;
}
e107::getRender()->tablerender(LAN_03, "<div class='fpw-page'>" . $txt . "</div>", 'fpw');
require_once FOOTERF;
exit;
}
//the separator character used
define('FPW_SEPARATOR', '#');
function setCronPwd()
{
//global $pref;
$userMethods = e107::getUserSession();
$newpwd = $userMethods->generateRandomString('*^*#.**^*');
$newpwd = sha1($newpwd . time());
e107::getConfig()->set('e_cron_pwd', $newpwd)->save(false);
return true;
}
public function tryProviderSession($deniedAs)
{
// don't allow if main admin browse front-end or there is already user session
if (!$deniedAs && $this->getSessionDataAs() || null !== $this->_session_data || !e107::getPref('social_login_active', false)) {
return $this;
}
try {
// detect all currently connected providers
$hybrid = e107::getHybridAuth();
// init the auth class
$connected = Hybrid_Auth::getConnectedProviders();
} catch (Exception $e) {
e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage(), 'default', true);
$session = e107::getSession();
$session->set('HAuthError', true);
$connected = false;
}
// no active session found
if (!$connected) {
return $this;
}
// query DB
$sql = e107::getDb();
$where = array();
foreach ($connected as $providerId) {
$adapter = Hybrid_Auth::getAdapter($providerId);
if (!$adapter->getUserProfile()->identifier) {
continue;
}
$id = $providerId . '_' . $adapter->getUserProfile()->identifier;
$where[] = "user_xup='" . $sql->escape($id) . "'";
}
$where = implode(' OR ', $where);
if ($sql->db_Select('user', 'user_id, user_password, user_xup', $where)) {
$user = $sql->db_Fetch();
e107::getUserSession()->makeUserCookie($user);
$this->setSessionData();
}
return $this;
}
public function __construct()
{
$this->e107 = e107::getInstance();
$this->userIP = e107::getIPHandler()->getIP();
$this->userMethods = e107::getUserSession();
}
/**
* Send an activation email to all unactivated users older than so many hours.
* @param bool $resetPasswords
* @param int $age in hours. ie. older than 24 hours will be sent an email.
*/
function resend_to_all($resetPasswords = false, $age = 24, $class = '')
{
global $sql, $pref;
$tp = e107::getParser();
$sql = e107::getDb();
$sql2 = e107::getDb('toall');
$emailLogin = e107::getPref('allowEmailLogin');
e107::lan('core', 'signup');
$ageOpt = intval($age) . " hours ago";
$age = strtotime($ageOpt);
// $query = "SELECT u.*, ue.* FROM `#user` AS u LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id WHERE u.user_ban = 2 AND u.user_email != '' AND u.user_join < ".$age." ORDER BY u.user_id DESC";
$query = "SELECT u.* FROM `#user` AS u WHERE u.user_ban = 2 AND u.user_email != '' AND u.user_join < " . $age . " ";
if (!empty($class)) {
$query .= " AND FIND_IN_SET( " . intval($class) . ", u.user_class) ";
}
$query .= " ORDER BY u.user_id DESC";
$sql->gen($query);
$recipients = array();
$usr = e107::getUserSession();
while ($row = $sql->fetch()) {
if ($resetPasswords === true) {
$rawPassword = $usr->generateRandomString('********');
$sessKey = e_user_model::randomKey();
$updateQry = array('user_sess' => $sessKey, 'user_password' => $usr->HashPassword($rawPassword, $row['user_loginname']), 'WHERE' => 'user_id = ' . $row['user_id'] . " LIMIT 1");
if (!$sql2->update('user', $updateQry)) {
e107::getMessage()->addError("Error updating user's password. #" . $row['user_id'] . " : " . $row['user_email']);
e107::getMessage()->addDebug(print_a($updateQry, true));
// break;
} else {
e107::getMessage()->addInfo("Updated " . $row['user_id'] . " : " . $row['user_email']);
}
$row['user_sess'] = $sessKey;
} else {
$rawPassword = '******';
}
$activationUrl = SITEURL . "signup.php?activate." . $row['user_id'] . "." . $row['user_sess'];
$recipients[] = array('mail_recipient_id' => $row['user_id'], 'mail_recipient_name' => $row['user_name'], 'mail_recipient_email' => $row['user_email'], 'mail_target_info' => array('USERID' => $row['user_id'], 'LOGINNAME' => intval($emailLogin) === 1 ? $row['user_email'] : $row['user_loginname'], 'PASSWORD' => $rawPassword, 'DISPLAYNAME' => $tp->toDB($row['user_name']), 'SUBJECT' => LAN_SIGNUP_98, 'USERNAME' => $row['user_name'], 'USERLASTVISIT' => $row['user_lastvisit'], 'ACTIVATION_LINK' => '<a href="' . $activationUrl . '">' . $activationUrl . '</a>', 'ACTIVATION_URL' => $activationUrl, 'DATE_SHORT' => $tp->toDate(time(), 'short'), 'DATE_LONG' => $tp->toDate(time(), 'long'), 'SITEURL' => SITEURL));
// echo $row['user_id']." ".$row['user_sess']." ".$row['user_name']." ".$row['user_email']."<br />";
}
$siteadminemail = e107::getPref('siteadminemail');
$siteadmin = e107::getPref('siteadmin');
$mailer = e107::getBulkEmail();
// Create the mail body
$mailData = array('mail_total_count' => count($recipients), 'mail_content_status' => MAIL_STATUS_TEMP, 'mail_create_app' => 'core', 'mail_title' => 'RESEND ACTIVATION', 'mail_subject' => LAN_SIGNUP_98, 'mail_sender_email' => e107::getPref('replyto_email', $siteadminemail), 'mail_sender_name' => e107::getPref('replyto_name', $siteadmin), 'mail_notify_complete' => 0, 'mail_body' => 'null', 'template' => 'signup', 'mail_send_style' => 'signup');
$mailer->sendEmails('signup', $mailData, $recipients, array('mail_force_queue' => 1));
$totalMails = count($recipients);
$url = e_ADMIN . "mailout.php?mode=pending&action=list";
e107::getMessage()->addSuccess("Total emails added to <a href='" . $url . "'>mail queue</a>: " . $totalMails);
}
/**
* Handle a bounce report.
* @param string $bounceString - the string from header X-e107-id
* @param string $emailAddress - optional email address string for checks
* @return boolean - TRUE on success, FALSE on failure
*/
public function markBounce($bounceString, $emailAddress = '')
{
$bounceString = trim($bounceString);
$bounceInfo = array('mail_bounce_string' => $bounceString, 'mail_recipient_email' => $emailAddress);
// Ready for event data
$errors = array();
// Log all errors, at least until proven
$vals = explode('/', $bounceString);
// Should get one or four fields
if ($this->debugMode) {
echo "<h4>Bounce String</h4>";
print_a($bounceString);
echo "<h4>Vals</h4>";
print_a($vals);
}
if (!is_numeric($vals[0])) {
$errors[] = 'Bad user ID: ' . $vals[0];
}
$uid = intval($vals[0]);
// User ID (zero is valid)
if (count($vals) == 4) {
if (!is_numeric($vals[1])) {
$errors[] = 'Bad body record: ' . $vals[1];
}
if (!is_numeric($vals[2])) {
$errors[] = 'Bad recipient record: ' . $vals[2];
}
$vals[0] = intval($vals[0]);
$vals[1] = intval($vals[1]);
$vals[2] = intval($vals[2]);
$vals[3] = trim($vals[3]);
$hash = $vals[0] . '/' . $vals[1] . '/' . $vals[2] . '/';
if (md5($hash) != $vals[3]) {
$errors[] = 'Bad md5';
$errors[] = print_r($vals, true);
$errors[] = 'hash:' . md5($hash);
}
if (empty($errors)) {
$this->checkDB(1);
// Look up in mailer DB if no errors so far
if (false === $this->db->gen("SELECT mr.`mail_recipient_id`, mr.`mail_recipient_email`, mr.`mail_recipient_name`, mr.mail_target_info, \n\t\t\t\t\tmc.mail_create_date, mc.mail_start_send, mc.mail_end_send, mc.`mail_title`, mc.`mail_subject`, mc.`mail_creator`, mc.`mail_other` FROM `#mail_recipients` AS mr \n\t\t\t\t\tLEFT JOIN `#mail_content` as mc ON mr.`mail_detail_id` = mc.`mail_source_id`\n\t\t\t\t\t\tWHERE mr.`mail_target_id` = {$vals[2]} AND mc.`mail_source_id` = {$vals[1]}")) {
// Invalid mailer record
$errors[] = 'Not found in DB: ' . $vals[1] . '/' . $vals[2];
}
$row = $this->db->fetch(MYSQL_ASSOC);
$row = $this->dbToBoth($row);
$bounceInfo = $row;
if ($emailAddress && $emailAddress != $row['mail_recipient_email']) {
$errors[] = 'Email address mismatch: ' . $emailAddress . '/' . $row['mail_recipient_email'];
}
if ($uid != $row['mail_recipient_id']) {
$errors[] = 'User ID mismatch: ' . $uid . '/' . $row['mail_recipient_id'];
}
if (count($errors) == 0) {
$bounceInfo['mail_source_id'] = $vals[1];
$bounceInfo['mail_target_id'] = $vals[2];
$bounceInfo['mail_recipient_id'] = $uid;
$bounceInfo['mail_recipient_name'] = $row['mail_recipient_name'];
if (!$this->db->update('mail_content', '`mail_bounce_count` = `mail_bounce_count` + 1 WHERE `mail_source_id` = ' . $vals[1])) {
e107::getAdminLog()->add('Unable to increment bounce-count on mail_source_id=' . $vals[1], $bounceInfo, E_LOG_FATAL, 'BOUNCE', LOG_TO_ROLLING);
}
if (!$this->db->update('mail_recipients', '`mail_status` = ' . MAIL_STATUS_BOUNCED . ' WHERE `mail_target_id` = ' . $vals[2])) {
e107::getAdminLog()->add('Unable to update recipient mail_status to bounce on mail_target_id = ' . $vals[2], $bounceInfo, E_LOG_FATAL, 'BOUNCE', LOG_TO_ROLLING);
}
$addons = array_keys($row['mail_selectors']);
// trigger e_mailout.php addons. 'bounce' method.
foreach ($addons as $plug) {
if ($plug == 'core') {
require_once e_HANDLER . 'user_handler.php';
if ($err = userHandler::userStatusUpdate('bounce', $uid, $emailAddress)) {
}
$errors[] = $err;
} else {
if ($cls = e107::getAddon($plug, 'e_mailout')) {
if (e107::callMethod($cls, 'bounce', $bounceInfo) === false) {
e107::getAdminLog()->add($plug . ' bounce process failed', $bounceInfo, E_LOG_FATAL, 'BOUNCE', LOG_TO_ROLLING);
}
}
}
}
}
// echo e107::getMessage()->render();
// print_a($bounceInfo);
}
} elseif (count($vals) != 1 && count($vals) != 4) {
$errors[] = 'Bad element count: ' . count($vals);
} elseif (!empty($uid) || !empty($emailAddress)) {
// require_once(e_HANDLER.'user_handler.php');
$err = e107::getUserSession()->userStatusUpdate('bounce', $uid, $emailAddress);
if ($err) {
$errors[] = $err;
}
}
if (!empty($errors)) {
$logErrors = $bounceInfo;
$logErrors['user_id'] = $uid;
$logErrors['mailshot'] = $vals[1];
$logErrors['mailshot_recipient'] = $vals[2];
$logErrors['errors'] = $errors;
$logErrors['email'] = $emailAddress;
$logErrors['bounceString'] = $bounceString;
$logString = $bounceString . ' (' . $emailAddress . ')[!br!]' . implode('[!br!]', $errors) . implode('[!br!]', $bounceInfo);
// e107::getAdminLog()->e_log_event(10,-1,'BOUNCE','Bounce receive error',$logString, FALSE,LOG_TO_ROLLING);
e107::getAdminLog()->add('Bounce receive error', $logErrors, E_LOG_WARNING, 'BOUNCE', LOG_TO_ROLLING);
return $errors;
} else {
// e107::getAdminLog()->e_log_event(10,-1,'BOUNCE','Bounce received/logged',$bounceInfo, FALSE,LOG_TO_ROLLING);
e107::getAdminLog()->add('Bounce received/logged', $bounceInfo, E_LOG_INFORMATIVE, 'BOUNCE', LOG_TO_ROLLING);
}
e107::getEvent()->trigger('mailbounce', $bounceInfo);
return false;
}
function addUser()
{
$e107cache = e107::getCache();
$userMethods = e107::getUserSession();
$mes = e107::getMessage();
$sql = e107::getDb();
$e_event = e107::getEvent();
global $admin_log;
if (!$_POST['ac'] == md5(ADMINPWCHANGE)) {
exit;
}
$e107cache->clear('online_menu_member_total');
$e107cache->clear('online_menu_member_newest');
$error = false;
if (isset($_POST['generateloginname'])) {
$_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']);
}
/*
if (isset ($_POST['generatepassword']))
{
$_POST['password1'] = $userMethods->generateRandomString('**********');
// 10-char password should be enough
$_POST['password2'] = $_POST['password1'];
}
*/
$_POST['password2'] = $_POST['password1'];
// Now validate everything
$allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true);
// Do basic validation
validatorClass::checkMandatory('user_name,user_loginname', $allData);
// Check for missing fields (email done in userValidation() )
validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0);
// Do basic DB-related checks
$userMethods->userValidation($allData);
// Do user-specific DB checks
if (!isset($allData['errors']['user_password'])) {
// No errors in password - keep it outside the main data array
$savePassword = $allData['data']['user_password'];
unset($allData['data']['user_password']);
// Delete the password value in the output array
}
unset($_POST['password1']);
// Restrict the scope of this
unset($_POST['password2']);
if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) {
if ($allData['data']['user_name'] != $allData['data']['user_loginname']) {
$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT;
}
}
if (count($allData['errors'])) {
// require_once (e_HANDLER."message_handler.php");
$temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
// message_handler('P_ALERT',$temp);
$mes->addError($temp);
$error = true;
}
// Always save some of the entered data - then we can redisplay on error
$user_data =& $allData['data'];
if (!$error) {
if (varset($_POST['perms'])) {
$allData['data']['user_admin'] = 1;
$allData['data']['user_perms'] = implode('.', $_POST['perms']);
}
$message = '';
$user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']);
$user_data['user_join'] = time();
if ($userMethods->needEmailPassword()) {
// Save separate password encryption for use with email address
$user_data['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $user_data['user_email'])));
}
$userMethods->userClassUpdate($allData['data'], 'userall');
// Set any initial classes
$userMethods->addNonDefaulted($user_data);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData);
//FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later)
$allData['data']['user_realm'] = '';
if ($sql->db_Insert('user', $allData)) {
// Add to admin log
$admin_log->log_event('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE);
// Add to user audit trail
$admin_log->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']);
$e_event->trigger('userfull', $user_data);
// send everything available for user data - bit sparse compared with user-generated signup
if (isset($_POST['sendconfemail'])) {
// Send confirmation email to user
require_once e_HANDLER . 'mail.php';
include_once e107::coreTemplatePath('email', 'front');
//correct way to load a core template.
if (!isset($QUICKADDUSER_TEMPLATE)) {
$QUICKADDUSER_TEMPLATE = USRLAN_185 . USRLAN_186;
}
$var_search = array('{SITEURL}', '{LOGIN}', '{USERNAME}', '{PASSWORD}', '{EMAIL}');
$var_replace = array(SITEURL, $user_data['user_name'], $user_data['user_login'], $savePassword, $user_data['user_email']);
$e_message = str_replace($var_search, $var_replace, $QUICKADDUSER_TEMPLATE);
if (sendemail($user_data['user_email'], USRLAN_187 . SITEURL, $e_message, $user_data['user_login'], '', '')) {
$message = USRLAN_188 . '<br /><br />';
} else {
$message = USRLAN_189 . '<br /><br />';
}
}
$message .= str_replace('--NAME--', $user_data['user_name'], USRLAN_174);
if (isset($_POST['generateloginname'])) {
$message .= '<br /><br />' . USRLAN_173 . ': ' . $user_data['user_login'];
}
if (isset($_POST['generatepassword'])) {
$message .= '<br /><br />' . USRLAN_172 . ': ' . $savePassword;
}
unset($user_data);
// Don't recycle the data once the user's been accepted without error
}
$mes->addSuccess($message);
} else {
}
// $mes = e107::getMessage();
}
/**
* Admin auth check
* @param string $authname, entered name
* @param string $authpass, entered pass
* @param object $authresponse [optional]
* @return boolean if fail, else result array
*/
public function authcheck($authname, $authpass, $authresponse = '')
{
$pref = e107::getPref();
$tp = e107::getParser();
$sql_auth = e107::getDb('sql_auth');
$user_info = e107::getUserSession();
$reason = '';
$authname = $tp->toDB(preg_replace("/\\sOR\\s|\\=|\\#/", "", trim($authname)));
$authpass = trim($authpass);
if ($authpass == '' && $authresponse == '' || $authname == '') {
$reason = 'np';
}
if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) {
$reason = 'lu';
}
if (!$reason) {
if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) {
$row = $sql_auth->db_Fetch();
} elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) {
$row = $sql_auth->db_Fetch();
$authname = $row['user_loginname'];
} else {
$reason = 'iu';
}
}
if (!$reason && $row['user_id']) {
$session = e107::getSession();
if ($authresponse && $session->is('prevchallenge') && $authresponse != $session->get('prevchallenge')) {
// Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted)
/*
$title = 'Login via admin';
$extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password'];
$text = 'CHAP: '.$username.' ('.$extra_text.')';
$title = e107::getParser()->toDB($title);
$text = e107::getParser()->toDB($text);
e107::getAdminLog()->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING);
$logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp);
*/
if (($pass_result = $user_info->CheckCHAP($session->get('prevchallenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) {
return $row;
}
} else {
// Plaintext password
/*
$title = 'Login via admin';
$extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password'];
$text = 'STD: '.$username.' ('.$extra_text.')';
$title = e107::getParser()->toDB($title);
$text = e107::getParser()->toDB($text);
e107::getAdminLog()->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING);
// $logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp);
*/
if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) {
return $row;
}
}
}
return array("authfail", "reason" => $reason);
}
