/**
* Function to remove a user from Joomla
*/
function removeUsers($cid)
{
global $database, $acl, $my, $vmLogger, $VM_LANG;
if (!is_array($cid)) {
$cid = array($cid);
}
if (count($cid)) {
$obj = new mosUser($database);
foreach ($cid as $id) {
// check for a super admin ... can't delete them
//TODO: Find out the group name of the User to be deleted
// $groups = $acl->get_object_groups( 'users', $id, 'ARO' );
// $this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) );
$obj->load($id);
$this_group = strtolower($obj->get('usertype'));
if ($this_group == 'super administrator') {
$vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_SUPERADMIN'));
return false;
} else {
if ($id == $my->id) {
$vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_YOURSELF'));
return false;
} else {
if ($this_group == 'administrator' && $my->gid == 24) {
$vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_ADMIN'));
return false;
} else {
$obj->delete($id);
$err = $obj->getError();
if ($err) {
$vmLogger->err($err);
return false;
}
return true;
}
}
}
}
}
}
function saveRegistration($option)
{
global $database, $my, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
if ($mosConfig_allowUserRegistration == "0") {
mosNotAuth();
return;
}
$row = new mosUser($database);
if (!$row->bind($_POST, "usertype")) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = '';
$row->gid = $acl->get_group_id('Registered', 'ARO');
if ($mosConfig_useractivation == "1") {
$row->activation = md5(mosMakePassword());
$row->block = "1";
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$pwd = $row->password;
$row->password = md5($row->password);
$row->registerDate = date("Y-m-d H:i:s");
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
$name = $row->name;
$email = $row->email;
$username = $row->username;
$subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
if ($mosConfig_useractivation == "1") {
$message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
} else {
$message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
}
$message = html_entity_decode($message, ENT_QUOTES);
// Send email to user
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
$database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='superadministrator'");
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get superadministrators id
$admins = $acl->get_group_objects(25, 'ARO');
foreach ($admins['users'] as $id) {
$database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'");
$rows = $database->loadObjectList();
$row = $rows[0];
if ($row->sendEmail) {
mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
}
}
if ($mosConfig_useractivation == "1") {
echo _REG_COMPLETE_ACTIVATE;
} else {
echo _REG_COMPLETE;
}
}
/**
* Returns a reference to the global {@link JUser} object,
* only creating it if it doesn't already exist.
*
* @param int $id An user identifier
* @return JUser
*/
public static function getUser($id = null)
{
if (JCOMMENTS_JVERSION == '1.0') {
if (!is_null($id)) {
global $database;
$user = new mosUser($database);
$user->load($id);
} else {
global $mainframe;
$user = $mainframe->getUser();
}
} else {
$user = JFactory::getUser($id);
}
return $user;
}
/**
* Check if users are of lower permissions than current user (if not super-admin) and if the user himself is not included
*
* @param array of userId $cid
* @param string $actionName to insert in message.
* @return string of error if error, otherwise null
* Added 1.0.11
*/
function checkUserPermissions($cid, $actionName, $allowActionToMyself = false)
{
global $database, $acl, $my;
$msg = null;
if (is_array($cid) && count($cid)) {
$obj = new mosUser($database);
foreach ($cid as $id) {
if ($id != 0) {
$obj->load($id);
$groups = $acl->get_object_groups('users', $id, 'ARO');
$this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
} else {
$this_group = 'Registered';
// minimal user group
$obj->gid = $acl->get_group_id($this_group, 'ARO');
}
if (!$allowActionToMyself && $id == $my->id) {
$msg .= 'Não pode ' . $actionName . ' seu próprio nome!';
} else {
if ($obj->gid == $my->gid && !in_array($my->gid, array(24, 25)) || $obj->gid && !in_array($obj->gid, getGIDSChildren($my->gid))) {
$msg .= 'Não pode ' . $actionName . ' a `' . $this_group . '`. Apenas usuários com um nível de grupo superior têm esta permissão. ';
}
}
}
}
return $msg;
}
$query = "SELECT COUNT(*) FROM #__users WHERE block = '0' {$where}";
$database->setQuery($query);
$total = $database->loadResult();
$limit = jTipsGetParam($_REQUEST, 'limit', $jTips['NumMax']);
$pageNav = new mosPageNav($total, $offset, $limit);
$tpl->pageNav = $pageNav;
$direction = jTipsGetParam($_REQUEST, 'filter_order_Dir', 'asc');
if (empty($direction)) {
$direction = 'asc';
}
$orderby = jTipsGetParam($_REQUEST, 'filter_order', 'name');
if (empty($orderby)) {
$orderby = 'name';
}
// BUG 319 - creating users that don't require activation, or creating a user by admin leaves an activation code
//$query = "SELECT id FROM #__users WHERE activation = '' ORDER BY $orderby $direction";
$query = "SELECT id FROM #__users WHERE block = '0' {$where} ORDER BY {$orderby} {$direction}";
$database->setQuery($query, $pageNav->limitstart, $pageNav->limit);
$list = (array) $database->loadResultArray();
$users = array();
foreach ($list as $id) {
if (isJoomla15()) {
$JoomlaUser = new JUser();
} else {
$JoomlaUser = new mosUser($database);
}
$JoomlaUser->load($id);
$users[] = $JoomlaUser;
}
$tpl->users = $users;
$tpl->display();
function userSave($option, $uid)
{
global $database, $my, $mosConfig_frontend_userparams;
$user_id = intval(mosGetParam($_POST, 'id', 0));
// do some security checks
if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
mosNotAuth();
return;
}
// simple spoof check security
josSpoofCheck();
$row = new mosUser($database);
$row->load((int) $user_id);
$orig_password = $row->password;
$orig_username = $row->username;
if (!$row->bind($_POST, 'gid usertype')) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->name = trim($row->name);
$row->email = trim($row->email);
$row->username = trim($row->username);
mosMakeHtmlSafe($row);
if (isset($_POST['password']) && $_POST['password'] != '') {
if (isset($_POST['verifyPass']) && $_POST['verifyPass'] == $_POST['password']) {
$row->password = trim($row->password);
$salt = mosMakePassword(16);
$crypt = md5($row->password . $salt);
$row->password = $crypt . ':' . $salt;
} else {
echo "<script> alert(\"" . addslashes(_PASS_MATCH) . "\"); window.history.go(-1); </script>\n";
exit;
}
} else {
// Restore 'original password'
$row->password = $orig_password;
}
if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) {
// save params
$params = mosGetParam($_POST, 'params', '');
if (is_array($params)) {
$txt = array();
foreach ($params as $k => $v) {
$txt[] = "{$k}={$v}";
}
$row->params = implode("\n", $txt);
}
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
// check if username has been changed
if ($orig_username != $row->username) {
// change username value in session table
$query = "UPDATE #__session" . "\n SET username = "******"\n WHERE username = "******"\n AND userid = " . (int) $my->id . "\n AND gid = " . (int) $my->gid . "\n AND guest = 0";
$database->setQuery($query);
$database->query();
}
mosRedirect('index.php', _USER_DETAILS_SAVE);
}
function userSave($option, $uid)
{
global $database;
$user_id = intval(mosGetParam($_POST, 'id', 0));
// do some security checks
if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
mosNotAuth();
return;
}
$row = new mosUser($database);
$row->load($user_id);
$row->orig_password = $row->password;
if (!$row->bind($_POST, "gid usertype")) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
if (isset($_POST["password"]) && $_POST["password"] != "") {
if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
$row->password = md5($_POST["password"]);
} else {
echo "<script> alert(\"" . T_('Passwords do not match') . "\"); window.history.go(-1); </script>\n";
exit;
}
} else {
// Restore 'original password'
$row->password = $row->orig_password;
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
unset($row->orig_password);
// prevent DB error!!
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$loginfo = new mosLoginDetails($row->username, $_POST['password']);
$mambothandler =& mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
$mambothandler->trigger('userChange', array($loginfo));
mosRedirect("index.php?option={$option}", T_('Your settings have been saved.'));
}
/**
* The function from com_registration!
* Registers a user into Mambo/Joomla
*
* @return boolean True when the registration process was successful, False when not
*/
function saveRegistration()
{
global $database, $acl, $vmLogger, $mosConfig_useractivation, $mosConfig_allowUserRegistration, $mosConfig_live_site;
if ($mosConfig_allowUserRegistration == '0') {
mosNotAuth();
return false;
}
$row = new mosUser($database);
if (!$row->bind($_POST, 'usertype')) {
$error = vmHtmlEntityDecode($row->getError());
$vmLogger->err($error);
echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n";
return false;
}
mosMakeHtmlSafe($row);
$usergroup = 'Registered';
$row->id = 0;
$row->usertype = $usergroup;
$row->gid = $acl->get_group_id($usergroup, 'ARO');
if ($mosConfig_useractivation == '1') {
$row->activation = md5(vmGenRandomPassword());
$row->block = '1';
}
if (!$row->check()) {
$error = vmHtmlEntityDecode($row->getError());
$vmLogger->err($error);
echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n";
return false;
}
$pwd = $row->password;
$row->password = md5($row->password);
$row->registerDate = date('Y-m-d H:i:s');
if (!$row->store()) {
$error = vmHtmlEntityDecode($row->getError());
$vmLogger->err($error);
echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n";
return false;
}
$row->checkin();
$name = $row->name;
$email = $row->email;
$username = $row->username;
$component = vmIsJoomla(1.5) ? 'com_user' : 'com_registration';
$activation_link = $mosConfig_live_site . "/index.php?option={$component}&task=activate&activation=" . $row->activation;
// Send the registration email
$this->_sendMail($name, $email, $username, $pwd, $activation_link);
return true;
}
function dofreePDF($database)
{
global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset, $mosConfig_hideCreateDate, $mosConfig_hideAuthor, $mosConfig_hideModifyDate;
$id = intval(mosGetParam($_REQUEST, 'id', 1));
// Access check
global $gid;
$now = date('Y-m-d H:i:s', time() + $mosConfig_offset * 60 * 60);
$query = "SELECT COUNT(a.id)" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope='content'" . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" . "\n LEFT JOIN #__content_rating AS v ON a.id = v.content_id" . "\n LEFT JOIN #__groups AS g ON a.access = g.id" . "\n WHERE a.id='" . $id . "' " . "\n AND (a.state = '1' OR a.state = '-1')" . "\n AND (publish_up = '0000-00-00 00:00:00' OR publish_up <= '{$now}')" . "\n AND (publish_down = '0000-00-00 00:00:00' OR publish_down >= '{$now}')" . "\n AND a.access <= " . intval($gid);
$database->setQuery($query);
if (!$database->loadResult()) {
exit(T_('You are not authorized to view this resource.'));
}
include 'includes/class.ezpdf.php';
$row = new mosContent($database);
$row->load($id);
//Find Author Name
$users_rows = new mosUser($database);
$users_rows->load($row->created_by);
$row->author = $users_rows->name;
$row->usertype = $users_rows->usertype;
// Ugly but needed to get rid of all the stuff the PDF class cant handle
$row->fulltext = str_replace('<p>', "\n\n", $row->fulltext);
$row->fulltext = str_replace('<P>', "\n\n", $row->fulltext);
$row->fulltext = str_replace('<br />', "\n", $row->fulltext);
$row->fulltext = str_replace('<br>', "\n", $row->fulltext);
$row->fulltext = str_replace('<BR />', "\n", $row->fulltext);
$row->fulltext = str_replace('<BR>', "\n", $row->fulltext);
$row->fulltext = str_replace('<li>', "\n - ", $row->fulltext);
$row->fulltext = str_replace('<LI>', "\n - ", $row->fulltext);
$row->fulltext = strip_tags($row->fulltext);
$row->fulltext = str_replace('{mosimage}', '', $row->fulltext);
$row->fulltext = str_replace('{mospagebreak}', '', $row->fulltext);
$row->fulltext = decodeHTML($row->fulltext);
$row->introtext = str_replace('<p>', "\n\n", $row->introtext);
$row->introtext = str_replace('<P>', "\n\n", $row->introtext);
$row->introtext = str_replace('<li>', "\n - ", $row->introtext);
$row->introtext = str_replace('<LI>', "\n - ", $row->introtext);
$row->introtext = strip_tags($row->introtext);
$row->introtext = str_replace('{mosimage}', '', $row->introtext);
$row->introtext = str_replace('{mospagebreak}', '', $row->introtext);
$row->introtext = decodeHTML($row->introtext);
$pdf =& new Cezpdf('a4', 'P');
//A4 Portrait
$pdf->ezSetCmMargins(2, 1.5, 1, 1);
$pdf->selectFont('./fonts/Helvetica.afm');
//choose font
$all = $pdf->openObject();
$pdf->saveState();
$pdf->setStrokeColor(0, 0, 0, 1);
// footer
$pdf->line(10, 40, 578, 40);
$pdf->line(10, 822, 578, 822);
$pdf->addText(30, 34, 6, $mosConfig_live_site . ' - ' . $mosConfig_sitename);
$pdf->addText(250, 34, 6, T_('Powered by Mambo'));
$pdf->addText(450, 34, 6, T_('Generated:') . date('j F, Y, H:i', time() + $mosConfig_offset * 60 * 60));
$pdf->restoreState();
$pdf->closeObject();
$pdf->addObject($all, 'all');
$pdf->ezSetDy(30);
$txt1 = $row->title;
$pdf->ezText($txt1, 14);
$txt2 = NULL;
$mod_date = NULL;
$create_date = NULL;
if (intval($row->modified) != 0) {
$mod_date = mosFormatDate($row->modified);
}
if (intval($row->created) != 0) {
$create_date = mosFormatDate($row->created);
}
if ($mosConfig_hideCreateDate == '0') {
$txt2 .= '(' . $create_date . ') - ';
}
if ($mosConfig_hideAuthor == "0") {
if ($row->author != '' && $mosConfig_hideAuthor == '0') {
if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') {
$txt2 .= T_('Written by') . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
} else {
$txt2 .= T_('Contributed by') . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
}
}
}
if ($mosConfig_hideModifyDate == "0") {
$txt2 .= ' - ' . T_('Last Updated') . ' (' . $mod_date . ') ';
}
$txt2 .= "\n\n";
$pdf->ezText($txt2, 8);
$txt3 = $row->introtext . "\n" . $row->fulltext;
$pdf->ezText($txt3, 10);
$pdf->ezStream();
}
function dofreePDF($database)
{
global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset, $mosConfig_hideCreateDate, $mosConfig_hideAuthor, $mosConfig_hideModifyDate;
$id = intval(mosGetParam($_REQUEST, 'id', 1));
include 'includes/class.ezpdf.php';
$row = new mosContent($database);
$row->load($id);
//Find Author Name
$users_rows = new mosUser($database);
$users_rows->load($row->created_by);
$row->author = $users_rows->name;
$row->usertype = $users_rows->usertype;
// Ugly but needed to get rid of all the stuff the PDF class cant handle
$row->fulltext = str_replace('<p>', "\n\n", $row->fulltext);
$row->fulltext = str_replace('<P>', "\n\n", $row->fulltext);
$row->fulltext = str_replace('<br />', "\n", $row->fulltext);
$row->fulltext = str_replace('<br>', "\n", $row->fulltext);
$row->fulltext = str_replace('<BR />', "\n", $row->fulltext);
$row->fulltext = str_replace('<BR>', "\n", $row->fulltext);
$row->fulltext = str_replace('<li>', "\n - ", $row->fulltext);
$row->fulltext = str_replace('<LI>', "\n - ", $row->fulltext);
$row->fulltext = strip_tags($row->fulltext);
$row->fulltext = str_replace('{mosimage}', '', $row->fulltext);
$row->fulltext = str_replace('{mospagebreak}', '', $row->fulltext);
$row->fulltext = decodeHTML($row->fulltext);
$row->introtext = str_replace('<p>', "\n\n", $row->introtext);
$row->introtext = str_replace('<P>', "\n\n", $row->introtext);
$row->introtext = str_replace('<li>', "\n - ", $row->introtext);
$row->introtext = str_replace('<LI>', "\n - ", $row->introtext);
$row->introtext = strip_tags($row->introtext);
$row->introtext = str_replace('{mosimage}', '', $row->introtext);
$row->introtext = str_replace('{mospagebreak}', '', $row->introtext);
$row->introtext = decodeHTML($row->introtext);
$pdf =& new Cezpdf('a4', 'P');
//A4 Portrait
$pdf->ezSetCmMargins(2, 1.5, 1, 1);
$pdf->selectFont('./fonts/Helvetica.afm');
//choose font
$all = $pdf->openObject();
$pdf->saveState();
$pdf->setStrokeColor(0, 0, 0, 1);
// footer
$pdf->line(10, 40, 578, 40);
$pdf->line(10, 822, 578, 822);
$pdf->addText(30, 34, 6, $mosConfig_live_site . ' - ' . $mosConfig_sitename);
$pdf->addText(250, 34, 6, 'Powered by Mambo');
$pdf->addText(450, 34, 6, 'Generated: ' . date('j F, Y, H:i', time() + $mosConfig_offset * 60 * 60));
$pdf->restoreState();
$pdf->closeObject();
$pdf->addObject($all, 'all');
$pdf->ezSetDy(30);
$txt1 = $row->title;
$pdf->ezText($txt1, 14);
$txt2 = NULL;
$mod_date = NULL;
$create_date = NULL;
if (intval($row->modified) != 0) {
$mod_date = mosFormatDate($row->modified);
}
if (intval($row->created) != 0) {
$create_date = mosFormatDate($row->created);
}
if ($mosConfig_hideCreateDate == '0') {
$txt2 .= '(' . $create_date . ') - ';
}
if ($mosConfig_hideAuthor == "0") {
if ($row->author != '' && $mosConfig_hideAuthor == '0') {
if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') {
$txt2 .= _WRITTEN_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
} else {
$txt2 .= _AUTHOR_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
}
}
}
if ($mosConfig_hideModifyDate == "0") {
$txt2 .= ' - ' . _LAST_UPDATED . ' (' . $mod_date . ') ';
}
$txt2 .= "\n\n";
$pdf->ezText($txt2, 8);
$txt3 = $row->introtext . "\n" . $row->fulltext;
$pdf->ezText($txt3, 10);
$pdf->ezStream();
}
function removeUsers($cid, $option)
{
global $database, $acl, $adminLanguage;
if (!is_array($cid) || count($cid) < 1) {
echo "<script> alert(\"" . $adminLanguage->A_COMP_CONTENT_SEL_DEL . "\"); window.history.go(-1);</script>\n";
exit;
}
$msg = '';
if (count($cid)) {
$obj = new mosUser($database);
foreach ($cid as $id) {
// check for a super admin ... can't delete them
$groups = $acl->get_object_groups('users', $id, 'ARO');
$this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
if ($this_group == 'super administrator') {
$msg .= $adminLanguage->A_COMP_USERS_CANNOT;
} else {
$obj->delete($id);
$msg .= $obj->getError();
}
}
}
$limit = intval(mosGetParam($_REQUEST, 'limit', 10));
$limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
mosRedirect('index2.php?option=' . $option, $msg);
}
function checkin( $oid = null ) {
$this->_mapUsers();
// Checks-in the row (on the CMSes where applicable):
if ( is_callable( array( $this->_cmsUser, 'checkin' ) ) ) {
return $this->_cmsUser->checkin();
} else {
return true;
}
}
function removeUsers($cid, $option)
{
global $database, $acl;
if (!is_array($cid) || count($cid) < 1) {
echo "<script> alert('Select an item to delete'); window.history.go(-1);</script>\n";
exit;
}
$msg = '';
if (count($cid)) {
$obj = new mosUser($database);
foreach ($cid as $id) {
// check for a super admin ... can't delete them
$groups = $acl->get_object_groups('users', $id, 'ARO');
$this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
if ($this_group == 'super administrator') {
$msg .= "You cannot delete a Super Administrator";
} else {
$obj->delete($id);
$msg .= $obj->getError();
$obj2 = new mosUser_extended($database);
$obj2->delete($id);
$msg .= $obj2->getError();
}
}
}
$limit = intval(mosGetParam($_REQUEST, 'limit', 10));
$limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
mosRedirect("index2.php?option={$option}", $msg);
}
function AuthorDateLine(&$row, &$params)
{
global $database;
$text = '';
if ($params->get('author')) {
// Display Author name
//Find Author Name
$users_rows = new mosUser($database);
$users_rows->load($row->created_by);
$row->author = $users_rows->name;
$row->usertype = $users_rows->usertype;
if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') {
$text .= "\n";
$text .= _WRITTEN_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
} else {
$text .= "\n";
$text .= _AUTHOR_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
}
}
if ($params->get('createdate') && $params->get('author')) {
// Display Separator
$text .= "\n";
}
if ($params->get('createdate')) {
// Display Created Date
if (intval($row->created)) {
$create_date = mosFormatDate($row->created);
$text .= $create_date;
}
}
if ($params->get('modifydate') && ($params->get('author') || $params->get('createdate'))) {
// Display Separator
$text .= "\n";
}
if ($params->get('modifydate')) {
// Display Modified Date
if (intval($row->modified)) {
$mod_date = mosFormatDate($row->modified);
$text .= _LAST_UPDATED . ' ' . $mod_date;
}
}
$text .= "\n\n";
return $text;
}
/**
* Check if users are of lower permissions than current user (if not super-admin) and if the user himself is not included
*
* @param array of userId $cid
* @param string $actionName to insert in message.
* @return string of error if error, otherwise null
* Added 1.0.11
*/
function checkUserPermissions($cid, $actionName, $allowActionToMyself = false)
{
global $database, $acl, $my;
$msg = null;
if (is_array($cid) && count($cid)) {
$obj = new mosUser($database);
foreach ($cid as $id) {
if ($id != 0) {
$obj->load($id);
$groups = $acl->get_object_groups('users', $id, 'ARO');
$this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
} else {
$this_group = 'Registered';
// minimal user group
$obj->gid = $acl->get_group_id($this_group, 'ARO');
}
if (!$allowActionToMyself && $id == $my->id) {
$msg .= 'You cannot ' . $actionName . ' Yourself!';
} else {
if ($obj->gid == $my->gid && !in_array($my->gid, array(24, 25)) || $obj->gid && !in_array($obj->gid, getGIDSChildren($my->gid))) {
$msg .= 'You cannot ' . $actionName . ' a `' . $this_group . '`. Only higher-level users have this power. ';
}
}
}
}
return $msg;
}
function UserView($option, $uid)
{
global $database;
if ($uid == 0) {
mosNotAuth();
return;
}
$user_id = intval(mosGetParam($_REQUEST, 'userid', 0));
if ($user_id == 0) {
$user_id = $uid;
}
// echo "<script>alert('$user_id');</script>";
include_once "administrator/components/com_user_extended/user_extended.class.php";
$row = new mosUser_Extended($database);
$row->load($user_id);
$urow = new mosUser($database);
$urow->load($user_id);
$u_name = $urow->name;
$u_username = $urow->username;
$u_email = $urow->email;
UserExtended_content::UserView($option, $row, $u_name, $u_username, $u_email);
}
function saveRegistration($option)
{
global $database, $my, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
if ($mosConfig_allowUserRegistration == '0') {
mosNotAuth();
return;
}
$row = new mosUser($database);
if (!$row->bind($_POST, 'usertype')) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = 'Registered';
$row->gid = $acl->get_group_id('Registered', 'ARO');
if ($mosConfig_useractivation == '1') {
$row->activation = md5(mosMakePassword());
$row->block = '1';
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$pwd = $row->password;
$row->password = md5($row->password);
$row->registerDate = date("Y-m-d H:i:s");
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
$name = $row->name;
$email = $row->email;
$username = $row->username;
$subject = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
$mambothandler =& mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
if ($mosConfig_useractivation == "1") {
$message = sprintf(T_('Hello %s,
Thank you for registering at %s. Your account has been created but, as a precaution, it must be activated by you before you can use it.
To activate the account click on the following link or copy and paste it in your browser:
%s
After activation you may login to %s using the following username and password:
Username - %s
Password - %s'), $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
$loginfo = new mosLoginDetails($username, $pwd);
$mambothandler->trigger('userRegister', array($loginfo));
} else {
$message = sprintf(T_("Hello %s,\n\nThank you for registering at %s.\n\nYou may now login to %s using the username and password you registered with."), $name, $mosConfig_sitename, $mosConfig_live_site);
$loginfo = new mosLoginDetails($username, $pwd);
$mambothandler->trigger('userRegister', array($loginfo));
$mambothandler->trigger('userActivate', array($loginfo));
}
$message = html_entity_decode($message, ENT_QUOTES);
// Send email to user
if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
$database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='super administrator'");
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename);
$message2 = sprintf(T_('Hello %s,
A new user has registered at %s.
This email contains their details:
Name - %s
e-mail - %s
Username - %s
Please do not respond to this message as it is automatically generated and is for information purposes only'), $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get superadministrators id
$admins = $acl->get_group_objects(25, 'ARO');
foreach ($admins['users'] as $id) {
$database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'");
$rows = $database->loadObjectList();
$row = $rows[0];
if ($row->sendEmail) {
mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
}
}
if ($mosConfig_useractivation == "1") {
echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />';
echo T_('Your account has been created and an activation link has been sent to the e-mail address you entered. Note that you must activate the account by clicking on the activation link before you can login.');
} else {
echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />';
echo T_('You may now login.');
}
}
function sendNotificationEmail($type)
{
jTipsLogger::_log('preparing to send ' . $type . ' notification email', 'INFO');
global $jTips, $database;
$subject = stripslashes($jTips["UserNotify" . $type . "Subject"]);
$message = stripslashes($jTips["UserNotify" . $type . "Message"]);
$from_name = $jTips['UserNotifyFromName'];
$from_email = $jTips['UserNotifyFromEmail'];
$variables = array();
$values = array();
foreach (get_object_vars($this) as $key => $val) {
if (is_string($key)) {
array_push($variables, $key);
$values[$key] = $val;
}
}
if (isJoomla15()) {
$user = new JUser();
} else {
$user = new mosUser($database);
}
$user->load($this->user_id);
foreach (get_object_vars($user) as $key => $val) {
if (is_string($key)) {
array_push($variables, $key);
$values[$key] = $val;
}
}
// find out which season this is for an add it to the avaialble variables
$query = "SELECT name FROM #__jtips_seasons WHERE id = '" . $this->season_id . "'";
$database->setQuery($query);
$season = $database->loadResult();
$values['competition'] = $season;
$values['season'] = $season;
$body = parseTemplate($message, $variables, $values);
jTipsLogger::_log('sending email: ' . $body, 'INFO');
if (jTipsMail($from_email, $from_name, $this->getUserField('email'), $subject, $body)) {
jTipsLogger::_log('notification email sent successfully', 'INFO');
return TRUE;
} else {
jTipsLogger::_log('sending notification email failed', 'ERROR');
return FALSE;
}
}
function removeUsers($cid, $option)
{
global $database, $acl, $my;
if (!is_array($cid) || count($cid) < 1) {
$msg = T_("Select an item to delete");
mosRedirect('index2.php?option=' . $option, $msg);
}
if (in_array($my->id, $cid)) {
$msg = T_("You cannot delete yourself!");
mosRedirect('index2.php?option=' . $option, $msg);
}
// count super/admin gids within $cid
$super_gid = $acl->get_group_id('super administrator');
$admin_gid = $acl->get_group_id('administrator');
$cids = implode(',', $cid);
$database->setQuery("SELECT COUNT(id) FROM #__users WHERE id IN ({$cids}) AND gid IN ({$super_gid},{$admin_gid})");
if ($database->getErrorMsg()) {
echo $database->stderr();
return;
}
$admin_count = (int) $database->loadResult();
// disallow deleting administrators / super administrators if not super administrator
if ($admin_count && $my->gid !== $super_gid) {
$msg = T_("You cannot delete another `Administrator` only `Super Administrators` have this power");
mosRedirect('index2.php?option=' . $option, $msg);
}
if (count($cid)) {
$obj = new mosUser($database);
$deleted = array();
foreach ($cid as $id) {
$obj->delete($id);
$deleted[] = $id;
$msg = $obj->getError();
}
if (count($deleted)) {
$mambothandler =& mosMambotHandler::getInstance();
$mambothandler->loadBotGroup('authenticator');
$cids = implode(',', $deleted);
$query = "SELECT username FROM #__users WHERE id IN ({$cids})";
$database->setQuery($query);
$results = $database->loadResultArray();
if ($results) {
foreach ($results as $result) {
$loginfo = new mosLoginDetails($result->username);
$mambothandler->trigger('userDelete', array($loginfo));
}
}
}
}
mosRedirect('index2.php?option=' . $option, $msg);
}
function saveRegistration()
{
global $database, $acl;
global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
if ($mosConfig_allowUserRegistration == 0) {
mosNotAuth();
return;
}
// simple spoof check security
josSpoofCheck();
$row = new mosUser($database);
if (!$row->bind($_POST, 'usertype')) {
mosErrorAlert($row->getError());
}
$row->name = trim($row->name);
$row->email = trim($row->email);
$row->username = trim($row->username);
$row->password = trim($row->password);
mosMakeHtmlSafe($row);
$row->id = 0;
$row->usertype = '';
$row->gid = $acl->get_group_id('Registered', 'ARO');
if ($mosConfig_useractivation == 1) {
$row->activation = md5(mosMakePassword());
$row->block = '1';
}
if (!$row->check()) {
echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n";
exit;
}
$pwd = $row->password;
$salt = mosMakePassword(16);
$crypt = md5($row->password . $salt);
$row->password = $crypt . ':' . $salt;
$row->registerDate = date('Y-m-d H:i:s');
if (!$row->store()) {
echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n";
exit;
}
$row->checkin();
$name = trim($row->name);
$email = trim($row->email);
$username = trim($row->username);
$subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$subject = html_entity_decode($subject, ENT_QUOTES);
if ($mosConfig_useractivation == 1) {
$message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
} else {
$message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
}
$message = html_entity_decode($message, ENT_QUOTES);
// check if Global Config `mailfrom` and `fromname` values exist
if ($mosConfig_mailfrom != '' && $mosConfig_fromname != '') {
$adminName2 = $mosConfig_fromname;
$adminEmail2 = $mosConfig_mailfrom;
} else {
// use email address and name of first superadmin for use in email sent to user
$query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE LOWER( usertype ) = 'superadministrator'" . "\n OR LOWER( usertype ) = 'super administrator'";
$database->setQuery($query);
$rows = $database->loadObjectList();
$row2 = $rows[0];
$adminName2 = $row2->name;
$adminEmail2 = $row2->email;
}
// Send email to user
mosMail($adminEmail2, $adminName2, $email, $subject, $message);
// Send notification to all administrators
$subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
$message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
$subject2 = html_entity_decode($subject2, ENT_QUOTES);
$message2 = html_entity_decode($message2, ENT_QUOTES);
// get email addresses of all admins and superadmins set to recieve system emails
$query = "SELECT email, sendEmail" . "\n FROM #__users" . "\n WHERE ( gid = 24 OR gid = 25 )" . "\n AND sendEmail = 1" . "\n AND block = 0";
$database->setQuery($query);
$admins = $database->loadObjectList();
foreach ($admins as $admin) {
// send email to admin & super admin set to recieve system emails
mosMail($adminEmail2, $adminName2, $admin->email, $subject2, $message2);
}
if ($mosConfig_useractivation == 1) {
echo _REG_COMPLETE_ACTIVATE;
} else {
echo _REG_COMPLETE;
}
}
$gettext->bindtextdomain($lang, $configuration->rootPath() . '/language');
$gettext->bind_textdomain_codeset($lang, $charset);
$gettext->textdomain($lang);
#$gettext =& phpgettext(); dump($gettext);
if ($adminside) {
// Start ACL
require_once $configuration->rootPath() . '/includes/gacl.class.php';
require_once $configuration->rootPath() . '/includes/gacl_api.class.php';
$acl = new gacl_api();
// Handle special admin side options
$option = strtolower(mosGetParam($_REQUEST, 'option', 'com_admin'));
$domain = substr($option, 4);
session_name(md5(mamboCore::get('mosConfig_live_site')));
session_start();
// restore some session variables
$my = new mosUser();
$my->getSession();
if (mosSession::validate($my)) {
mosSession::purge();
} else {
mosSession::purge();
$my = null;
}
if (!$my and $option == 'login') {
$option = 'admin';
require_once $configuration->rootPath() . '/includes/authenticator.php';
$authenticator =& mamboAuthenticator::getInstance();
$my = $authenticator->loginAdmin($acl);
} elseif ($option == 'logout') {
require $configuration->rootPath() . '/administrator/logout.php';
exit;
/**
* Gets access levels of CMS for $user_id
*
* @param int $user_id
* @param boolean $recurse (DEPRECATED 1.8)
* @param boolean $cb1xNumbering (SINCE 1.8) DEFAULT: FALSE: (if $cb1xNumbering with CB 1.x's definition for standard levels 0,1,2)
* @return array of int
*/
function get_object_access($user_id, $recurse = false, $cb1xNumbering = true)
{
global $_CB_database;
if (checkJversion() == 2) {
$levels = $this->_acl->getAuthorisedViewLevels((int) $user_id);
// Keep backwards levels compatible: J1.6's 1 is CB 1.7-'s 0, 2 is 1, 3 is 2:
if ($cb1xNumbering) {
foreach ($levels as $k => $v) {
if ($v <= 3) {
--$levels[$k];
}
}
}
} else {
if (checkJversion() == 1) {
$user =& JFactory::getUser($user_id ? (int) $user_id : null);
$level = $user->get('aid', 0);
} else {
$user = new mosUser($_CB_database);
$user->load((int) $user_id);
$level = $user->gid;
}
$query = 'SELECT ' . $_CB_database->NameQuote('id') . "\n FROM " . $_CB_database->NameQuote('#__groups') . "\n WHERE " . $_CB_database->NameQuote('id') . " <= " . (int) $level . "\n ORDER BY " . $_CB_database->NameQuote('id');
$_CB_database->setQuery($query);
$levels = $_CB_database->loadResultArray();
if (!$cb1xNumbering) {
for ($i = 0, $n = count($levels); $i < $n; $i++) {
if (in_array($levels[$i], array(0, 1, 2))) {
++$levels[$i];
// J1.5's 0 is CB's 1, 1 is 2, 2 is 3.
}
}
}
// This makes sense only on J<1.6, thus it's only here:
if (!$recurse) {
$levels = array_slice($levels, -1);
}
}
return array_unique(cbArrayToInts($levels));
}
function get_object_access( $user_id, $recurse = false ) {
global $_CB_database;
$user_id = (int) $user_id;
if ( checkJversion() == 2 ) {
$levels = $this->_acl->getAuthorisedViewLevels( $user_id );
$return = ( $recurse ? $levels : array_slice( $levels, -1 ) );
} else {
if ( checkJversion() == 1 ) {
$user =& JFactory::getUser();
$user->load( $user_id );
$level = $user->get( 'aid', 0 );
} else {
$user = new mosUser( $_CB_database );
$user->load( $user_id );
$level = $user->gid;
}
$query = 'SELECT ' . $_CB_database->NameQuote( 'id' )
. "\n FROM " . $_CB_database->NameQuote( '#__groups' )
. "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " <= " . (int) $level
. "\n ORDER BY " . $_CB_database->NameQuote( 'id' );
$_CB_database->setQuery( $query );
$levels = $_CB_database->loadResultArray();
for ( $i = 0, $n = count( $levels ); $i < $n; $i++ ) {
$levels[$i] = (int) $levels[$i];
}
$return = ( $recurse ? $levels : array_slice( $levels, -1 ) );
}
return $return;
}
include_class('product');
if (!isset($ps_shopper_group)) {
$ps_shopper_group = new ps_shopper_group();
}
$user_id = intval(vmGet($_REQUEST, 'user_id'));
$cid = vmRequest::getVar('cid', array(0), '', 'array');
if (!empty($user_id)) {
$q = "SELECT * FROM #__users AS u LEFT JOIN #__{vm}_user_info AS ui ON id=user_id ";
$q .= "WHERE id={$user_id} ";
$q .= "AND (address_type='BT' OR address_type IS NULL ) ";
$q .= "AND gid <= " . $my->gid;
$db->query($q);
$db->next_record();
}
// Set up the CMS General User Information
$row = new mosUser($database);
$row->load((int) $user_id);
if ($user_id) {
$query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE user_id = " . (int) $row->id;
$database->setQuery($query);
$contact = $database->loadObjectList();
$row->name = trim($row->name);
$row->email = trim($row->email);
$row->username = trim($row->username);
$row->password = trim($row->password);
} else {
$contact = NULL;
$row->block = 0;
}
// check to ensure only super admins can edit super admin info
if ($my->gid < 25 && $row->gid == 25) {
function userSave($option, $uid)
{
global $database;
$user_id = intval(mosGetParam($_POST, 'id', 0));
// do some security checks
if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
mosNotAuth();
return;
}
$row = new mosUser($database);
$row->load($user_id);
$row->orig_password = $row->password;
if (!$row->bind($_POST, "gid usertype")) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosMakeHtmlSafe($row);
if (isset($_POST["password"]) && $_POST["password"] != "") {
if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
$row->password = md5($_POST["password"]);
} else {
echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n";
exit;
}
} else {
// Restore 'original password'
$row->password = $row->orig_password;
}
if (!$row->check()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
unset($row->orig_password);
// prevent DB error!!
if (!$row->store()) {
echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
exit;
}
mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE);
}
