} } else { $RegistrationCode = md5(uniqid(rand())); $IsChecked = $nc_core->get_settings('premoderation', 'auth') || $nc_core->get_settings('confirm', 'auth') ? 0 : 1; $groups = explode(",", $nc_core->get_settings('group', 'auth')); $mainGroup = intval(min((array) $groups)); // execute core action $nc_core->event->execute("addUserPrep", 0); $resMsg = $db->query("INSERT INTO `User`\n \t\t\t(" . $fieldString . "`Password`, `PermissionGroup_ID`, `Checked`, `Created`, `RegistrationCode`" . ($nc_core->get_settings('confirm', 'auth') ? ", `Confirmed`" : "") . ", Catalogue_ID)\n \t\t\tVALUES\n \t\t\t(" . $valueString . " " . $nc_core->MYSQL_ENCRYPT . "('" . $Password . "'), '" . $mainGroup . "', '" . $IsChecked . "', \"" . date("Y-m-d H:i:s") . "\", '" . $RegistrationCode . "'" . ($nc_core->get_settings('confirm', 'auth') ? ",'0'" : "") . ", " . $catalogue . ")"); $msgID = $db->insert_id; // execute core action $nc_core->event->execute("addUser", $msgID); //add user to group if ($msgID) { foreach ((array) $groups as $group_id) { nc_usergroup_add_to_group($msgID, $group_id); } } $ConfirmationLink = "http://" . $HTTP_HOST . $SUB_FOLDER . $HTTP_ROOT_PATH . "modules/auth/confirm.php?id=" . $msgID . "&code=" . $RegistrationCode; } if (!$message) { $message = $msgID; } if ($filetable_lastid) { $resMsgArr = array(); foreach ($filetable_lastid as $id) { $resMsgArr[] = $id; } if (!empty($resMsgArr)) { $resMsg = $db->query("UPDATE `Filetable` SET `Message_ID` = '" . $message . "' WHERE ID IN (" . join(", ", $resMsgArr) . ")"); }
function ActionUserCompleted($action_file, $type) { global $nc_core, $db, $ROOT_FOLDER, $admin_mode, $perm; global $systemTableID, $systemTableName, $systemMessageID; global $FILES_FOLDER, $INCLUDE_FOLDER; global $DIRCHMOD, $FILECHMOD, $AUTHORIZE_BY; $params = array('Checked', 'InsideAdminAccess', 'PermissionGroupID', 'Catalogue_ID', 'Password1', 'Password2', 'UserID', 'posting'); foreach ($params as $v) { global ${$v}; } $st = new nc_Component(0, 3); foreach ($st->get_fields() as $v) { $name = 'f_' . $v['name']; global ${$name}; if ($v['type'] == 6) { global ${$name . "_old"}; global ${"f_KILL" . $v['id']}; } if ($v['type'] == 8) { global ${$name . "_day"}; global ${$name . "_month"}; global ${$name . "_year"}; global ${$name . "_hours"}; global ${$name . "_minutes"}; global ${$name . "_seconds"}; } } $UserID = intval($UserID); $Checked = intval($Checked); $ret = 0; // возврщаемое значение (текст ошибки или 0) require_once $INCLUDE_FOLDER . "s_files.inc.php"; $is_there_any_files = getFileCount(0, $systemTableID); $user_table_mode = true; if ($type == 1) { $action = "add"; } else { $action = "change"; $message = $UserID; } $Priority += 0; nc_check_availability_candidates_for_delete_in_multifile_and_delete(); nc_rename_multifile(); require $ROOT_FOLDER . "message_fields.php"; if ($posting == 0) { return $warnText; } require $ROOT_FOLDER . "message_put.php"; if (empty($PermissionGroupID)) { return CONTROL_USER_FUNC_GROUP_ERROR; } // значение, которое пойдет в таблицу User // для совместимости со старыми версиями $mainPermissionGroupID = intval(min($PermissionGroupID)); $groups_with_more_rights = $perm->GetGroupWithMoreRights(); //нельзя добавить в группу с большими правами $add_groups_with_more_rights = array_intersect($PermissionGroupID, $groups_with_more_rights); if (!empty($add_groups_with_more_rights)) { return $warnText = NETCAT_MODERATION_ERROR_NORIGHT; } eval("\$Login = \$f_{$AUTHORIZE_BY};"); if ($type == 1) { $Password = $Password1; for ($i = 0; $i < $fldCount; $i++) { if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $fieldString .= "`" . $fld[$i] . "`,"; $valueString .= ${$fld[$i] . 'NewValue'} . ","; } } $insert = "INSERT INTO User ( " . $fieldString; $insert .= "PermissionGroup_ID, Catalogue_ID, Password, Checked, Created,InsideAdminAccess) values ( " . $valueString; $insert .= "'" . $mainPermissionGroupID . "', "; if (isset($_POST['Catalogue_ID'])) { $insert .= +$_POST['Catalogue_ID'] . ", "; } else { $insert .= "0, "; } $insert .= $nc_core->MYSQL_ENCRYPT . "('" . $Password . "'),'{$Checked}','" . date("Y-m-d H:i:s") . "', '" . (int) $InsideAdminAccess . "')"; // execute core action $nc_core->event->execute("addUserPrep", 0); $Result = $db->query($insert); $UserID = $db->insert_id; $message = $UserID; if ($Result) { // execute core action $nc_core->event->execute("addUser", $message); nc_print_status(CONTROL_USER_NEW_ADDED, 'ok'); foreach ($PermissionGroupID as $v) { nc_usergroup_add_to_group($UserID, $v); } } else { return CONTROL_USER_NEW_NOTADDED . "<br/>" . sprintf(NETCAT_ERROR_SQL, $db->last_query, $db->last_error); } } if ($type == 2) { $cur_checked = $db->get_var("SELECT `Checked` FROM `User` WHERE `User_ID` = '" . $UserID . "'"); $update = "update User set "; for ($i = 0; $i < $fldCount; $i++) { if ($fldTypeOfEdit[$i] == 3 || $fldTypeOfEdit[$i] == 2 && !nc_field_check_admin_perm()) { continue; } // поле недоступно никому или доступно администратору но нет прав администратора if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $update .= $fld[$i] . "=" . ${$fld[$i] . 'NewValue'} . ","; } else { $update .= $fld[$i] . "=" . ($fldValue[$i] ? $fldValue[$i] : "NULL") . ","; } } $update .= "Checked=\"" . $Checked . "\","; $update .= "PermissionGroup_ID=\"" . $mainPermissionGroupID . "\","; $update .= "InsideAdminAccess=" . (int) $InsideAdminAccess; if (isset($_POST['Catalogue_ID'])) { $update .= ", Catalogue_ID=" . (int) $_POST['Catalogue_ID']; } $update .= " where User_ID=" . $UserID; // execute core action $nc_core->event->execute("updateUserPrep", $UserID); if ($cur_checked != $Checked) { $nc_core->event->execute($Checked ? "checkUserPrep" : "uncheckUserPrep", $UserID); } $Result = $db->query($update); // execute core action $nc_core->event->execute("updateUser", $UserID); $db->query("DELETE FROM `User_Group` WHERE `User_ID`='" . intval($UserID) . "'"); foreach ($PermissionGroupID as $v) { nc_usergroup_add_to_group($UserID, $v, 0); } // произошла смена состояния пользователя if ($cur_checked != $Checked) { $nc_core->event->execute($Checked ? "checkUser" : "uncheckUser", $UserID); } } if (is_array($SQL_multifield)) { nc_multifield_sql_exec($message, $SQL_multifield); } // Обновление в таблице с файлами if (!empty($filetable_lastid)) { $db->query("UPDATE `Filetable` SET `Message_ID`='" . $message . "' WHERE ID IN (" . join(',', $filetable_lastid) . ")"); } // create dir @mkdir($FILES_FOLDER . "u/", $DIRCHMOD); /* * */ for ($i = 0; $i < count($tmpFile); $i++) { eval("\$tmpNewFile[\$i] = \"" . $tmpNewFile[$i] . "\";"); @rename($FILES_FOLDER . $tmpFile[$i], $FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i]); @chmod($FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i], $FILECHMOD); } // привязка токена $nc_token_login = $nc_core->input->fetch_get_post('nc_token_login'); $nc_token_key = $nc_core->input->fetch_get_post('nc_token_key'); if ($nc_token_login && $nc_token_key && $UserID) { $db->query("INSERT INTO `Auth_Token`\n SET `Login` = '" . $db->escape($nc_token_login) . "',\n `PublicKey` = '" . $db->escape($nc_token_key) . "',\n `User_ID` = '" . $UserID . "' "); } $nc_token_destroy = $nc_core->input->fetch_get_post('nc_token_destroy'); if ($nc_token_destroy) { $nc_auth_token = new nc_auth_token(); $nc_auth_token->delete_by_id($nc_token_destroy); } return 0; }