Exemple #1
0
function session($user, $pass)
{
    $user_file = 'config/users/' . $user . '.ini';
    if (!file_exists($user_file)) {
        return $str = '<li>Username not found in our record.</li>';
    }
    $user_enc = user('encryption', $user);
    $user_pass = user('password', $user);
    $user_role = user('role', $user);
    if ($user_enc == "password_hash") {
        if (password_verify($pass, $user_pass)) {
            if (password_needs_rehash($user_pass, PASSWORD_DEFAULT)) {
                update_user($user, $pass, $user_role);
            }
            $_SESSION[config("site.url")]['user'] = $user;
            header('location: admin');
        } else {
            return $str = '<li>Your username and password mismatch.</li>';
        }
    } else {
        if (old_password_verify($pass, $user_enc, $user_pass)) {
            update_user($user, $pass, $user_role);
            $_SESSION[config("site.url")]['user'] = $user;
            header('location: admin');
        } else {
            return $str = '<li>Your username and password mismatch.</li>';
        }
    }
}
Exemple #2
0
function admin_test_main()
{
    // Create user
    echo '<br><h3>Creating User.</h3><br>';
    $user_1 = user_1();
    user\add_user($user_1);
    echo '<br><h3>User created!</h3><br>';
    // Verify
    $user_1_db = user\authenticate_user($user_1['email_address'], $user_1['password']);
    $user_1_id = $user_1_db['id'];
    echo "<br><h3>User ID: {$user_1_id}</h3><br>";
    // Update user
    echo "<br><h3>Updating User.</h3><br>";
    $user_1_db['email_address'] = '*****@*****.**';
    $user_1_db['last_name'] = 'Two';
    update_user($user_1_db);
    echo "<br><h3>User Updated!</h3><br>";
    // Verify
    $user_2_db = user\authenticate_user('*****@*****.**', $user_1['password']);
    $new_last_name = $user_2_db['last_name'];
    echo "<br><h3>New User Last Name: {$user_2_db}";
    // Delete user
    echo "<br><h3>Deleting User.</h3><br>";
    delete_user(array("user_id" => $user_1_id));
    echo "<br><h3>User deleted!</h3><br>";
}
Exemple #3
0
function set_cookie($data)
{
    //задаем cookie с уникальным идентификатором польз-ля
    setcookie('user_id', $data['user_id'], time() + 3600 * 24 * 30);
    //задаем cookie с хэш-строкой польз-ля
    $hash_str = hash_gen(10);
    update_user($data['user_id'], $hash_str);
    setcookie('user_hash', $hash_str, time() + 3600 * 24 * 30);
    header('Location: index.php');
    exit;
}
Exemple #4
0
function recover($mode, $email)
{
    $mode = sanitize($mode);
    $email = sanitize($email);
    $user_data = user_data(user_id_from_email($email), 'first_name', 'username');
    if ($mode == 'username') {
        email($email, 'Your username recvory', "Hello" . $user_data['first_name'] . ",\n\nYour username is:" . $user_data['username'] . "\n\n-stumbleupon");
    } else {
        if ($mode == 'password') {
            $generated_password = substr(md5(rand(999, 999999)), 0, 8);
            change_password($user_data['user_id'], $generated_password);
            update_user($user_data['user_data'], array('password_recover' => '1'));
            email($email, 'Your password recvory', "Hello" . $user_data['first_name'] . ",\n\nYour New Password is:" . $generated_password . "\n\n-StumbleUpon");
        }
    }
}
 public function index()
 {
     $root = array();
     $root['return'] = 1;
     $email = addslashes($GLOBALS['request']['email']);
     //用户名或邮箱
     $pwd = addslashes($GLOBALS['request']['pwd']);
     //密码
     $user_info = user_check($email, $pwd);
     $user_id = intval($user_info['id']);
     if (!$user_info) {
         $root['status'] = 0;
         $root['message'] = "用户已失效,无法升级";
         output($root);
     } else {
         $upd_user_name = addslashes($GLOBALS['request']['upd_user_name']);
         $upd_password = addslashes($GLOBALS['request']['upd_password']);
         $user_data = array('id' => $user_id, 'user_name' => $upd_user_name, 'user_pwd' => $upd_password, 'email' => $upd_user_name);
         $res = update_user($user_id, $user_data);
         //print_r($res);
         if ($res['status'] == 1) {
             $root['status'] = 1;
             $root['uid'] = $user_id;
             $root['user_name'] = $upd_user_name;
             $root['password'] = md5($upd_password);
             $root['is_account'] = 1;
             output($root);
         } else {
             $error = $res['data'];
             if (!$error['field_show_name']) {
                 $error['field_show_name'] = $GLOBALS['lang']['USER_TITLE_' . strtoupper($error['field_name'])];
             }
             if ($error['error'] == EMPTY_ERROR) {
                 $error_msg = sprintf($GLOBALS['lang']['EMPTY_ERROR_TIP'], $error['field_show_name']);
             }
             if ($error['error'] == FORMAT_ERROR) {
                 $error_msg = sprintf($GLOBALS['lang']['FORMAT_ERROR_TIP'], $error['field_show_name']);
             }
             if ($error['error'] == EXIST_ERROR) {
                 $error_msg = sprintf($GLOBALS['lang']['EXIST_ERROR_TIP'], $error['field_show_name']);
             }
             $root['status'] = 0;
             $root['message'] = $error_msg;
             output($root);
         }
     }
 }
Exemple #6
0
/**
 * Updates a user.
 */
function author_save()
{
    global $txp_user;
    require_privs('admin.edit');
    extract(psa(array('privs', 'name', 'RealName', 'email')));
    $privs = assert_int($privs);
    if (!is_valid_email($email)) {
        author_list(array(gTxt('email_required'), E_ERROR));
        return;
    }
    $rs = update_user($name, $email, $RealName);
    if ($rs && ($txp_user === $name || change_user_group($name, $privs))) {
        author_list(gTxt('author_updated', array('{name}' => $RealName)));
        return;
    }
    author_list(array(gTxt('author_save_failed'), E_ERROR));
}
function recover($mode, $email)
{
    $user_data = user_data(user_id_from_email($email), 'user_id', 'first_name', 'username');
    if ($mode == 'username') {
        // recover username
        email($email, 'Your username', "Hello " . $user_data['first_name'] . ",\n\nYour username is: " . $user_data['username'] . "\n\n-sparklet");
    } else {
        if ($mode == 'password') {
            // recover password
            $generated_password = substr(md5(rand(999, 999999)), 0, 8);
            // die($generated_password);
            change_password($user_data['user_id'], $generated_password);
            update_user($user_data['user_id'], array('password_recover' => '1'));
            email($email, 'Your password recovery', "Hello " . $user_data['first_name'] . ",\n\nYour new password is: " . $generated_password . "\n\n-sparklet");
        }
    }
}
Exemple #8
0
function recover($mode, $email)
{
    $mode = sanitize($mode);
    $email = sanitize($email);
    $user_data = user_data(user_id_from_email($email), 'user_id', 'first_name');
    if ($mode == 'username') {
        email($email, 'Your username', " Hello " . $userdata['first_name'] . ",\n\nYour username is : " . $user_data['username'] . "\n\n-Utkal Placement");
    } else {
        if ($mode == 'password') {
            $temp_password = substr(md5(rand(9999, 999999)), 0, 8);
            change_password($user_data['user_id'], $temp_password);
            update_user($user_data['user_id'], array('password_recover' => '1'));
            email($email, 'Your password Recovery', " Hello " . $userdata['first_name'] . ",\n\nYour new password is : " . $temp_password . "\n\nPlease log in to change this.\n\n-Utkal Placement");
        }
    }
    //$temp_pass= md5($temp_pass);
    //mysql_query("UPDATE `users` SET `pass_temp` = '$temp_pass' WHERE `email` = '$email'");
}
function recover($mode, $email)
{
    // recupereaza numele de utilizator sau parola - $mode poate lua valoarea de 'username' sau 'password'
    include 'core/db/db_connection.php';
    $mode = sanitize($mode);
    $email = sanitize($email);
    $user_data = user_data(get_user_id_from_email($email), 'user_id', 'first_name', 'username');
    if ($mode == 'username') {
        email($email, 'Your username', "\n\t\t\t\tHello " . $user_data['first_name'] . ", <br><br>\n\t\t\t\tYour username is " . $user_data['username'] . " <br><br>\n\t\t\t\t-worldtour team\n\t\t\t");
    } else {
        if ($mode == 'password') {
            $generated_password = substr(md5(rand(777, 7777)), 0, 7);
            // generam o parola random de 7 caractere pe care o criptam cu md5
            change_password($user_data['user_id'], $generated_password);
            update_user($user_data['user_id'], array('pwd_recovery' => '1'));
            // folosim un 'flag' asupra contului pentru a forta utilizatorul sa-si schimbe parola generata de noi prima oara cand se logheaza
            email($email, 'Password recovery', "\n\t\t\t\tHello " . $user_data['first_name'] . ", <br><br>\n\t\t\t\tYour new password is " . $generated_password . "<br><br>\n\t\t\t\tKindly note that this is a temporary password and you are required to change it on your first log in. <br><br>\n\t\t\t\t-worldtour team\n\t\t\t");
        }
    }
}
Exemple #10
0
function save_user($entity)
{
    if (!$entity->is_new()) {
        return update_user($entity);
    } else {
        if ($entity->validate()) {
            global $__db_conn;
            $sql = "INSERT INTO user(created_at,updated_at,username,password,role) values (':created_at:',':updated_at:',':username:'******':password:'******':role:')";
            $sql = str_replace(":created_at:", Date("Y-m-d"), $sql);
            $sql = str_replace(":updated_at:", Date("Y-m-d"), $sql);
            preg_match_all("/:([a-zA-Z_0-9]*):/", $sql, $matches);
            foreach ($matches[1] as $attr) {
                $sql = str_replace(":{$attr}:", $entity->{$attr}, $sql);
            }
            mysql_query($sql, $__db_conn);
            $entity->id = mysql_insert_id($__db_conn);
            return true;
        } else {
            return false;
        }
    }
}
         foreach ($bill_access_list as $ac) {
             if ($ac == $bill['bill_id']) {
                 $done = 1;
             }
         }
         if (!$done) {
             echo "<option value='" . $bill['bill_id'] . "'>" . $bill['bill_name'] . "</option>";
         }
     }
     echo "</select>\n          </div>\n          <button type='submit' class='btn btn-default' name='Submit' value='Add'>Add</button>\n        </form>\n        </div>";
 } elseif ($vars['user_id'] && $vars['edit']) {
     if (!empty($vars['new_level'])) {
         if ($vars['can_modify_passwd'] == 'on') {
             $vars['can_modify_passwd'] = '1';
         }
         update_user($vars['user_id'], $vars['new_realname'], $vars['new_level'], $vars['can_modify_passwd'], $vars['new_email']);
         print_message("User has been updated");
     }
     if (can_update_users() == '1') {
         $users_details = get_user($vars['user_id']);
         if (!empty($users_details)) {
             if (empty($vars['new_realname'])) {
                 $vars['new_realname'] = $users_details['realname'];
             }
             if (empty($vars['new_level'])) {
                 $vars['new_level'] = $users_details['level'];
             }
             if (empty($vars['can_modify_passwd'])) {
                 $vars['can_modify_passwd'] = $users_details['can_modify_passwd'];
             } elseif ($vars['can_modify_passwd'] == 'on') {
                 $vars['can_modify_passwd'] = '1';
Exemple #12
0
function handle_user_update(&$HTTP_VARS, &$errors)
{
    $user_r = fetch_user_r($HTTP_VARS['user_id']);
    if (is_not_empty_array($user_r)) {
        if (validate_user_info($user_r, $HTTP_VARS, $address_attribs_provided, $errors)) {
            if (update_user($HTTP_VARS['user_id'], $HTTP_VARS['fullname'], $HTTP_VARS['uid_language'], $HTTP_VARS['uid_theme'], $HTTP_VARS['email_addr'], $HTTP_VARS['user_role'])) {
                return update_user_addresses($user_r, $address_provided_r, $HTTP_VARS, $errors);
            } else {
                $db_error = db_error();
                $errors[] = array('error' => get_opendb_lang_var('user_not_updated', 'user_id', $HTTP_VARS['user_id']), 'detail' => $db_error);
                return FALSE;
            }
        } else {
            return FALSE;
        }
    } else {
        $errors[] = array('error' => get_opendb_lang_var('user_not_found', 'user_id', $HTTP_VARS['user_id']));
        return FALSE;
    }
}
    } else {
        return false;
    }
}
function get_action($code)
{
    global $ACTIONS;
    return isset($ACTIONS[$code]) ? $ACTIONS[$code] : null;
}
function delete_action($code)
{
    global $ACTIONS;
    if (isset($ACTIONS[$code])) {
        unset($ACTIONS[$code]);
        return true;
    } else {
        return false;
    }
}
function update_action($par)
{
    if (isset($par['code']) && delete_action($par['code'])) {
        add_action($par);
    }
}
add_action(array('code' => 'track_activity', 'rule' => 'public', 'category' => 'all', 'zone' => 'before_template', 'priority' => 1000, 'function' => function () {
    if (check_login()) {
        $ID = current_user('ID');
        update_user($ID, array('last_activity' => date('c'), 'last_place' => BASE_URL . $_SERVER['REQUEST_URI']));
    }
}));
     // attributes associated with
     // a user
 // the caller wishes to update
 // attributes associated with
 // a user
 case "update_user":
     $uid = $_POST['ajax_uid'];
     $fname = $_POST['ajax_fname'];
     $lname = $_POST['ajax_lname'];
     $email = $_POST['ajax_email'];
     $active = $_POST['ajax_active'];
     $new_passwd = "";
     if (isset($_POST['ajax_newpasswd'])) {
         $new_passwd = $_POST['ajax_newpasswd'];
     }
     update_user($uid, $new_passwd, $fname, $lname, $email, $active);
     break;
     // the caller wishes to add a new
     // user to the db
 // the caller wishes to add a new
 // user to the db
 case "add_user":
     $uname = $_POST['ajax_uname'];
     $passwd = $_POST['ajax_passwd'];
     $fname = $_POST['ajax_fname'];
     $lname = $_POST['ajax_lname'];
     $email = $_POST['ajax_email'];
     $active = $_POST['ajax_active'];
     add_user($uname, $passwd, $fname, $lname, $email, $active);
     // regenerate the user list
     // and send back the new list
        if (false !== strpos(Session::allowedSensors($login), $sensor_ip)) {
            if ($sensors == "") {
                $sensors = $sensor_ip;
            } else {
                $sensors .= "," . $sensor_ip;
            }
        }
    }
    foreach ($ACL_MAIN_MENU as $mainmenu => $menus) {
        foreach ($menus as $key => $menu) {
            if ($gacl->acl_check($mainmenu, $key, ACL_DEFAULT_USER_SECTION, $login)) {
                $perm_id = $permids[$mainmenu][$key];
                if ($perm_id > 0) {
                    $perms[$perm_id] = true;
                }
            }
        }
    }
    $template_id = insert_template($conn, $login . "_gacl", $nets, $sensors, $perms);
    if ($template_id > 0) {
        echo "Template '" . $login . "_gacl' ID{$template_id} successfully inserted into 'acl_templates'\n";
        if (update_user($conn, $login, $template_id)) {
            echo "...asigned to user {$login}\n\n";
        } else {
            echo "...not asigned to user {$login}. An error has occured\n\n";
        }
    } else {
        echo "Error creating template '" . $login . "_gacl'\n";
    }
}
$db->close();
Exemple #16
0
            $data['surname'] = $this->input->post('surname');
            if ($_POST['password'] != '') {
                $data['password'] = md5($this->input->post('password'));
            }
            $data['role'] = $this->input->post('role');
            // Have barcode?
            $this->db->where('status', '1');
            $this->db->where('email', $data['email']);
            $this->db->where_not_in('id', $user['id']);
            $query = $this->db->get('users')->result_array();
            if ($query) {
                alertbox('alert-danger', get_lang('E-mail address is registered.'));
                $continue = false;
            }
            if ($continue) {
                if (update_user($user['id'], $data)) {
                    alertbox('alert-success', get_lang('Operation is Successful'), '');
                    $user = get_user(array('id' => $user_id));
                    ?>
                <script>$(document).ready(function(){$('#page_title').html('<?php 
                    echo $user['display_name'];
                    ?>
'); });</script>
                <?php 
                }
            }
        }
    }
    ?>

     $password = $pass1;
 } else {
     $password = '';
 }
 //* if Delete User Checked
 if ($deleteuser) {
     $success = delete_user($seluserid);
     optimizemysqltable('users');
     if ($success) {
         action_success('User Delete Success!');
     } else {
         action_failure('User Delete Failure!');
     }
     unset($seluserid);
 } elseif ($seluserid && $username && $fullname && $localityid) {
     $success = update_user($seluserid, $username, $password, $fullname, $email, $localityid);
     if ($success) {
         optimizemysqltable('users');
         action_success('User Update Success!');
     } else {
         action_failure('User Update Failure!');
     }
 } elseif ($username && $password && $fullname && $localityid) {
     $nextid = nextautoid('users');
     $success = insert_user($seluserid, $username, $password, $fullname, $email, $localityid);
     if ($success) {
         action_success('User Insert Success!');
         $seluserid = $nextid;
         optimizemysqltable('adminusers');
     } else {
         action_failure('User Insert Failure!');
 protected function syncUserToFA($ldap, $username, $password, $primaryGroup)
 {
     // FIXME: these should probably be fetched from the configuration variables
     // default user settings for LDAP-based users
     $language = 'en_GB';
     $profile = '';
     $rep_popup = '1';
     $pos = '1';
     $isActive = '1';
     $userArray = '';
     // settings available from LDAP
     $uid = $ldap->getAttribute('uid');
     $name = $ldap->getAttribute('sn') . " " . $ldap->getAttribute('givenname');
     $mobilephone = $ldap->getAttribute('mobile');
     $email = $ldap->getAttribute('mail');
     // connect to FA database
     set_global_connection();
     // get role ID from primary group
     $map = $this->getConfigValue('group_role_map');
     $userRole = $map[$primaryGroup];
     // FIXME: should error if empty
     $sql = "SELECT id FROM " . TB_PREF . "security_roles WHERE role = " . db_escape($userRole);
     $query = db_query($sql, "could not get user role for {$userRole}");
     $ret = db_fetch($query);
     // FIXME: should error if empty
     $role_id = $ret[0];
     // check for existing user in FA
     $user = get_user_by_login($username);
     // if user exists
     if ($user) {
         // update FA user from LDAP
         $dbid = $user[0];
         // FIXME: LDAP attribute IDs could be supplied in config for site-specific LDAP compatibility
         update_user($dbid, $uid, $name, $mobilephone, $email, $role_id, $language, $profile, $rep_popup, $pos);
         // FIXME: update password hash?  what about re-auth requests?
         // else
     } else {
         // prepare to create FA user from LDAP
         // FIXME: LDAP attribute IDs could be supplied in config for site-specific LDAP compatibility
         add_user($uid, $name, md5($password), $mobilephone, $email, $role_id, $language, $profile, $rep_popup, $pos);
         // endif
     }
 }
        echo "Invalid First name<br/>";
    } else {
        if (!valid_name($lastname)) {
            echo "Invalid Last name<br/>";
        } else {
            if (!valid_address($address)) {
                echo "Invalid Address name<br/>";
            } else {
                if (!ctype_digit($mobile)) {
                    echo "Invalid Mobile Number<br/>";
                } else {
                    update_user($user_id, 'FirstName', $firstname);
                    update_user($user_id, 'LastName', $lastname);
                    update_user($user_id, 'Address', $address);
                    update_user($user_id, 'Gender', $gender);
                    update_user($user_id, 'Mobile', $mobile);
                }
            }
        }
    }
}
?>

<?php 
$student = get_user_details($_SESSION['user_id']);
$fakes = array();
$fakes['Password'] = true;
$fakes['ID'] = true;
$fakes['AccountType'] = true;
$fakes['Username'] = true;
$fakes['Email'] = true;
function edituser($dir)
{
    // Edit User
    $user = stripslashes($GLOBALS['__POST']["user"]);
    $data = find_user($user, NULL);
    if ($data == NULL) {
        show_error($user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]);
    }
    if ($self = $user == $GLOBALS['__SESSION']["s_user"]) {
        $dir = "";
    }
    if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") {
        $nuser = stripslashes($GLOBALS['__POST']["nuser"]);
        if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") {
            show_error($GLOBALS["error_msg"]["miscfieldmissed"]);
        }
        if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") {
            if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) {
                show_error($GLOBALS["error_msg"]["miscnopassmatch"]);
            }
            $pass = md5(stripslashes($GLOBALS['__POST']["pass1"]));
        } else {
            $pass = $data[1];
        }
        if ($self) {
            $GLOBALS['__POST']["active"] = 1;
        }
        $data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $GLOBALS['__POST']["permissions"], $GLOBALS['__POST']["active"]);
        if (!update_user($user, $data)) {
            show_error($user . ": " . $GLOBALS["error_msg"]["saveuser"]);
        }
        if ($self) {
            activate_user($nuser, NULL);
        }
        header("location: " . make_link("admin", $dir, NULL));
        return;
    }
    show_header($GLOBALS["messages"]["actadmin"] . ": " . sprintf($GLOBALS["messages"]["miscedituser"], $data[0]));
    // Javascript functions:
    include "./.include/js_admin3.php";
    echo "<FORM name=\"edituser\" action=\"" . make_link("admin", $dir, NULL) . "&action2=edituser\" method=\"post\">\n";
    echo "<INPUT type=\"hidden\" name=\"confirm\" value=\"true\"><INPUT type=\"hidden\" name=\"user\" value=\"" . $data[0] . "\">\n";
    echo "<BR><TABLE width=\"450\">\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["miscusername"] . ":</TD>\n";
    echo "<TD align=\"right\"><INPUT type\"text\" name=\"nuser\" size=\"30\" value=\"";
    echo $data[0] . "\"></TD></TR>\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["miscconfpass"] . ":</TD>\n";
    echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass1\" size=\"30\"></TD></TR>\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["miscconfnewpass"] . ":</TD>\n";
    echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass2\" size=\"30\"></TD></TR>\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["miscchpass"] . ":</TD>\n";
    echo "<TD align=\"right\"><INPUT type=\"checkbox\" name=\"chpass\" value=\"true\"></TD></TR>\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["mischomedir"] . ":</TD>\n";
    echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_dir\" size=\"30\" value=\"";
    echo $data[2] . "\"></TD></TR>\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["mischomeurl"] . ":</TD>\n";
    echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_url\" size=\"30\" value=\"";
    echo $data[3] . "\"></TD></TR>\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["miscshowhidden"] . ":</TD>";
    echo "<TD align=\"right\"><SELECT name=\"show_hidden\">\n";
    echo "<OPTION value=\"0\">" . $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>";
    echo "<OPTION value=\"1\"" . ($data[4] ? " selected " : "") . ">";
    echo $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>\n";
    echo "</SELECT></TD></TR>\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["mischidepattern"] . ":</TD>\n";
    echo "<TD align=\"right\"><INPUT type=\"text\" name=\"no_access\" size=\"30\" value=\"";
    echo $data[5] . "\"></TD></TR>\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["miscperms"] . ":</TD><TD align=\"right\"><SELECT name=\"permissions\">\n";
    $permvalues = array(0, 1, 2, 3, 7);
    for ($i = 0; $i < count($GLOBALS["messages"]["miscpermnames"]); ++$i) {
        echo "<OPTION value=\"" . $permvalues[$i] . "\"" . ($permvalues[$i] == $data[6] ? " selected " : "") . ">";
        echo $GLOBALS["messages"]["miscpermnames"][$i] . "</OPTION>\n";
    }
    echo "</SELECT></TD></TR>\n";
    echo "<TR><TD>" . $GLOBALS["messages"]["miscactive"] . ":</TD>";
    echo "<TD align=\"right\"><SELECT name=\"active\"" . ($self ? " DISABLED " : "") . ">\n";
    echo "<OPTION value=\"1\">" . $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>";
    echo "<OPTION value=\"0\"" . ($data[7] ? "" : " selected ") . ">";
    echo $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>\n";
    echo "</SELECT></TD></TR>\n";
    echo "<TR><TD colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"" . $GLOBALS["messages"]["btnsave"];
    echo "\" onClick=\"return check_pwd();\">\n<input type=\"button\" value=\"";
    echo $GLOBALS["messages"]["btncancel"] . "\" onClick=\"javascript:location='";
    echo make_link("admin", $dir, NULL) . "';\"></TD></TR></FORM></TABLE><BR>\n";
}
Exemple #21
0
 /**
  * Update Users
  *
  * @static
  * @param array $users multidimensional array with Users data
  * @return boolean
  */
 public static function update($users)
 {
     $result = false;
     DBstart(false);
     foreach ($users as $user) {
         $result = update_user($user['userid'], $user);
         if (!$result) {
             break;
         }
     }
     $result = DBend($result);
     if ($result) {
         return true;
     } else {
         self::$error = array('error' => ZBX_API_ERROR_INTERNAL, 'data' => 'Internal zabbix error');
         return false;
     }
 }
Exemple #22
0
     if (isset($_REQUEST['userid'])) {
         show_error_message(S_CANNOT_UPDATE_USER_BOTH_PASSWORDS);
     } else {
         show_error_message(S_CANNOT_ADD_USER_BOTH_PASSWORDS_MUST);
     }
 } else {
     if (isset($_REQUEST['password1']) && $_REQUEST['alias'] == ZBX_GUEST_USER && !zbx_empty($_REQUEST['password1'])) {
         show_error_message(S_FOR_GUEST_PASSWORD_MUST_BE_EMPTY);
     } else {
         if (isset($_REQUEST['password1']) && $_REQUEST['alias'] != ZBX_GUEST_USER && zbx_empty($_REQUEST['password1'])) {
             show_error_message(S_PASSWORD_SHOULD_NOT_BE_EMPTY);
         } else {
             if (isset($_REQUEST['userid'])) {
                 $action = AUDIT_ACTION_UPDATE;
                 DBstart();
                 $result = update_user($_REQUEST['userid'], $_REQUEST['name'], $_REQUEST['surname'], $_REQUEST['alias'], $_REQUEST['password1'], $_REQUEST['url'], get_request('autologin', 0), get_request('autologout', 0), $_REQUEST['lang'], $_REQUEST['theme'], $_REQUEST['refresh'], $_REQUEST['user_type'], $user_groups, $user_medias);
                 $result = DBend($result);
                 show_messages($result, S_USER_UPDATED, S_CANNOT_UPDATE_USER);
             } else {
                 $action = AUDIT_ACTION_ADD;
                 DBstart();
                 $result = add_user($_REQUEST['name'], $_REQUEST['surname'], $_REQUEST['alias'], $_REQUEST['password1'], $_REQUEST['url'], get_request('autologin', 0), get_request('autologout', 0), $_REQUEST['lang'], $_REQUEST['theme'], $_REQUEST['refresh'], $_REQUEST['user_type'], $user_groups, $user_medias);
                 $result = DBend($result);
                 show_messages($result, S_USER_ADDED, S_CANNOT_ADD_USER);
             }
             if ($result) {
                 add_audit($action, AUDIT_RESOURCE_USER, 'User alias [' . $_REQUEST['alias'] . '] name [' . $_REQUEST['name'] . '] surname [' . $_REQUEST['surname'] . ']');
                 unset($_REQUEST['form']);
             }
         }
     }
Exemple #23
0
/**
 * Allows creation of topics, stuck or closed, and posts
 * @global array
 * @global array
 * @param string $topic post subject
 * @param string $content post content
 * @param integer $reply id of topic we are replying to
 * @param boolean $sticky are we sticking it to the top?
 * @param boolean $closed are we closing it?
 * @return string|int
 */
function post($topic, $content, $reply = false, $sticky = false, $closed = false)
{
    global $config, $user_data;
    // The time. milliseconds / seconds may change.
    $time = time();
    // Its new right now.
    $new = true;
    // Pre-Parse
    $topic = clean_input(strip_repeat($topic));
    $content = htmlentities($content);
    $content = field_clean(stripslashes($content), true);
    if ($_SESSION['logged_in']) {
        if (!$reply) {
            if ($topic == "") {
                return lang_parse('error_no_given', array(lang('subject')));
            }
        } else {
            if ($topic == "") {
                $topic = "re:";
            }
        }
        if (!alpha($topic, 'alpha-extra')) {
            return lang_parse('error_invalid_chars', array(lang('subject')));
        }
        if (is_string(length($content, $config['message_minimum_length'], $config['message_max_length']))) {
            return lang_parse('error_subject_length', array($config['subject_max_length'], $config['subject_minimum_length']));
        }
        if ($content != "") {
            if (!is_string(length($content, $config['message_minimum_length'], $config['message_max_length']))) {
                // Are we replying or is it new?
                if ($reply) {
                    if (is_numeric($reply)) {
                        if (topic($reply, 'id')) {
                            $new = false;
                            // topic data
                            $topic_data = topic($reply, '*');
                            // is it closed?
                            if ($topic_data['closed'] && !$user_data['admin']) {
                                return lang('error_topic_closed');
                            }
                        } else {
                            return lang('error_topic_missing');
                        }
                    } else {
                        return lang_parse('error_invalid_given', array(lang('topic') . " " . lang('id')));
                    }
                }
                // Sticky
                $sticky = $sticky ? '1' : '0';
                // Closed
                $closed = $closed ? '1' : '0';
                // Parsing
                $content = htmlentities($content);
                // Time Lapse
                if (!$user_data['admin']) {
                    if (!$new) {
                        $time_between = time() - $config['post_reply_time_limit'];
                    } else {
                        $time_between = time() - $config['post_topic_time_limit'];
                    }
                    // Last post by this user?
                    $query = "SELECT `time` FROM `forum` WHERE `starter_id` = '{$user_data['id']}' AND `time` > {$time_between}";
                    // Fetch users last post
                    $result = mysql_query($query);
                    // is there a result?
                    if (mysql_num_rows($result) > 0) {
                        return lang('error_flood_detection');
                    }
                }
                // So we don't have leftovers.
                unset($query, $result);
                // Guess we can go ahead and add you~
                $query = "INSERT INTO `forum` (`subject`,`message`,`reply`,`starter_id`,`host`,`time`,`updated`,`sticky`,`closed`) VALUES ('%s','%s',%d,%d,'%s','%s','%s','%s','%s')";
                $query = sprintf($query, mysql_clean($topic), mysql_clean($content), $new ? 0 : $reply, $user_data['id'], mysql_clean(gethostname()), $time, $time, $sticky, $closed);
                // Insert into mysql and retrieve id.
                $result = mysql_query($query);
                echo mysql_error();
                if ($result) {
                    // the id from the previous query
                    $id = mysql_insert_id();
                    // users new post count
                    $new_post_count = $user_data['posts'] + 1;
                    // update user post count
                    update_user($user_data['id'], false, 'posts', $new_post_count);
                    // Start sending back information
                    if ($new) {
                        return $id;
                    } else {
                        // How many replies?
                        $replies = intval(get_replies($reply));
                        // Lets update it
                        $replies = $replies + 1;
                        // Woooo~ Last id for redirecting~
                        $page_numbers = $replies / 20 - 1;
                        $n = ceil($page_numbers);
                        if ($n == -1) {
                            $n = 0;
                        } else {
                            $n = abs($n);
                        }
                        // Update
                        $query = "UPDATE `forum` SET `updated`='{$time}', `replies`='{$replies}' WHERE id = '{$reply}'";
                        // Update
                        $result = mysql_query($query);
                        // Return last page number for redirect!
                        return $n;
                    }
                } else {
                    return lang('error_unknown');
                }
            } else {
                return lang_parse('error_message_length', array($config['message_max_length'], $config['message_minimum_length']));
            }
        } else {
            return lang_parse('error_no_given', array(lang('message')));
        }
    } else {
        return lang('error_not_logged');
    }
}
Exemple #24
0
    if ($_username && $_username == $item['username']) {
        $user_status = 3;
    }
    if ($user_status == 3 && $item['username']) {
        $member = userinfo($item['username']);
    }
    $contact = strip_nr(ob_template('contact', 'chip'), true);
    echo 'Inner("contact", \'' . $contact . '\');';
    echo 'Inner("hits", \'' . $item['hits'] . '\');';
    $update = '';
    if ($item['totime'] && $item['totime'] < $DT_TIME && $item['status'] == 3) {
        $update .= ",status=4";
    }
    if ($member) {
        unset($item['areaid']);
        $update_user = update_user($member, $item);
        if ($update_user) {
            $db->query("UPDATE {$table} SET " . substr($update_user, 1) . " WHERE username='******'");
        }
    }
    include DT_ROOT . '/include/update.inc.php';
    if ($MOD['show_html'] && $task_item && $DT_TIME - @filemtime(DT_ROOT . '/' . $MOD['moduledir'] . '/' . $item['linkurl']) > $task_item) {
        tohtml('show', $module);
    }
} else {
    if ($html == 'list') {
        $catid or exit;
        if ($MOD['list_html'] && $task_list && $CAT) {
            $num = 1;
            $totalpage = max(ceil($CAT['item'] / $MOD['pagesize']), 1);
            $demo = DT_ROOT . '/' . $MOD['moduledir'] . '/' . listurl($CAT, '{DEMO}');
Exemple #25
0
<?php

$id = generate_id();
$now = time();
$expires = $now + intval($_POST['ttl']);
$attachment = empty($_POST['attachment']) ? null : $_POST['attachment'];
$grid->db->insert('message', array('id' => $id, 'user_id' => $grid->user->id, 'content' => $params['content'], 'parent_id' => 0, 'server_id' => $grid->meta['server_id'], 'file_id' => $attachment, 'expires' => $expires, 'created' => $now, 'updated' => $now));
blink_leds($params['content']);
update_user();
if (!empty($attachment)) {
    attach_file($id, $attachment);
}
$container = get_container();
$url = empty($container) ? GRID_URL . 'forum' : GRID_URL . "c/{$container->id}";
if (!empty($container)) {
    $grid->db->update('message', array('parent_id' => "c/{$container->id}"), $id);
    $grid->db->update('container', array('updated' => $now), $container->id);
}
$this->redirect($url);
exit;
					<div class="page-header">
						<h3>Update User Profile <small>Control Panel</small></h3>
						<div id="crumb">
						<ol class="breadcrumb">
						  <li><a href="#">User account</a></li>
						  <li class="active">Update User Profile</li>
						</ol>
						</div>
					</div>
						<?php 
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
    echo "Details has been updated";
} else {
    if (empty($_POST) == false && empty($errors) == true) {
        $update_data = array('first_name' => $_POST['first_name'], 'last_name' => $_POST['last_name'], 'email' => $_POST['email'], 'allow_email' => $_POST['allow_email'] == 'on' ? 1 : 0);
        update_user($update_data);
        header('location:settings.php?success');
        exit;
    } else {
        if (empty($errors) == false) {
            echo output_errors($errors);
        }
    }
    ?>
									<form action="" method="post" class="form-horizontal">
														
														  <div class="form-group">
														    <label for="inputEmail3" class="col-sm-2 control-label">First Name &nbsp;&nbsp; </label>
														    <div class="col-sm-9">
														      <input type="text" class="form-control" name="first_name" value="<?php 
    echo $user_data['first_name'];
}
switch ($op) {
    case 'edit':
        $user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1;
        if (USER_ID == $user_id) {
            cpg_die(ERROR, $lang_usermgr_php['err_edit_self'], __FILE__, __LINE__);
        }
        $cpg_udb->edit_users($user_id);
        pageheader($lang_usermgr_php['title']);
        edit_user($user_id);
        pagefooter();
        break;
    case 'update':
        $user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1;
        $cpg_udb->edit_users($user_id);
        update_user($user_id);
        cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
        pageheader($lang_usermgr_php['title']);
        list_users();
        pagefooter();
        break;
    case 'new_user':
        pageheader($lang_usermgr_php['title']);
        edit_user('new_user');
        pagefooter();
        break;
    case 'groups_alb_access':
        //show what albums user groups can see
        pageheader($lang_usermgr_php['groups_alb_access']);
        list_groups_alb_access();
        pagefooter();
 /**
  * Update some users information
  * @global object $DB
  * @param array|struct $params - need to be define as struct for XMLRPC
  * @subparam string $params:user->username
  * @subparam string $params:user->newusername
  * @subparam string $params:user->firstname
  * @return boolean result true if success
  */
 static function update_users($params)
 {
     global $DB, $USER;
     if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM))) {
         $updatesuccessfull = true;
         foreach ($params as $userparams) {
             if (array_key_exists('username', $userparams)) {
                 $username = clean_param($userparams['username'], PARAM_NOTAGS);
             }
             $user = $DB->get_record('user', array('username' => $username, 'mnethostid' => 1));
             if (empty($user)) {
                 throw new moodle_exception('wscouldnotupdatenoexistinguser');
             }
             if (array_key_exists('email', $userparams)) {
                 $user->email = clean_param($userparams['email'], PARAM_NOTAGS);
             }
             if (array_key_exists('description', $userparams)) {
                 $user->description = clean_param($userparams['description'], PARAM_TEXT);
             }
             if (array_key_exists('newusername', $userparams)) {
                 $user->username = clean_param($userparams['newusername'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('auth', $userparams)) {
                 $user->auth = clean_param($userparams['auth'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('confirmed', $userparams)) {
                 $user->confirmed = clean_param($userparams['confirmed'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('firstname', $userparams)) {
                 $user->firstname = clean_param($userparams['firstname'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('lastname', $userparams)) {
                 $user->lastname = clean_param($userparams['lastname'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('emailstop', $userparams)) {
                 $user->emailstop = clean_param($userparams['emailstop'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('lang', $userparams)) {
                 $user->lang = clean_param($userparams['lang'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('theme', $userparams)) {
                 $user->theme = clean_param($userparams['theme'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('timezone', $userparams)) {
                 $user->timezone = clean_param($userparams['timezone'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('city', $userparams)) {
                 $user->city = clean_param($userparams['city'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('country', $userparams)) {
                 $user->country = clean_param($userparams['country'], PARAM_ALPHANUMEXT);
             }
             if (array_key_exists('mailformat', $userparams)) {
                 $user->mailformat = clean_param($userparams['mailformat'], PARAM_ALPHANUMEXT);
             }
             try {
                 if (!update_user($user)) {
                     $updatesuccessfull = false;
                 }
             } catch (dml_write_exception $e) {
                 throw new moodle_exception('wscouldnotupdateuserindb');
             }
         }
         return $updatesuccessfull;
     } else {
         throw new moodle_exception('wscouldnotupdateusernopermission');
     }
 }
Exemple #29
0
                $errors[] = 'That email address is already in use.';
            }
        }
    }
}
?>

<h1>Settings</h1>

<?php 
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
    echo 'Your details have been updated.';
} else {
    if (empty($_POST) === false && empty($errors) === true) {
        $update_data = array('first_name' => $_POST['first_name'], 'last_name' => $_POST['last_name'], 'email' => $_POST['email'], 'allow_email' => $_POST['allow_email'] == 'on' ? 1 : 0);
        update_user($session_user_id, $update_data);
        echo '<meta HTTP-EQUIV="REFRESH" content="0; url=settings.php?success">';
        echo 'Your details have been updated.';
        exit;
    } else {
        if (empty($errors) === false) {
            echo output_errors($errors);
        }
    }
    if (isset($_FILES['profile']) === true) {
        if (empty($_FILES['profile']['name']) === true) {
            echo 'Upload a Profile Picture<br>';
        } else {
            $allowed = array('jpg', 'jpg', 'gif', 'png');
            $file_name = $_FILES['profile']['name'];
            //file name
Exemple #30
0
/**
 * Add the users to the system. Make sure that they have to change their
 * password on next login also.
 */
function uploadcsv_submit(Pieform $form, $values)
{
    global $USER, $SESSION, $CSVDATA, $FORMAT, $UPDATES;
    $formatkeylookup = array_flip($FORMAT);
    $authinstance = (int) $values['authinstance'];
    $authrecord = get_record('auth_instance', 'id', $authinstance);
    $authobj = AuthFactory::create($authinstance);
    $institution = new Institution($authobj->institution);
    $maxusers = $institution->maxuseraccounts;
    if (!empty($maxusers)) {
        $members = count_records_sql('
            SELECT COUNT(*) FROM {usr} u INNER JOIN {usr_institution} i ON u.id = i.usr
            WHERE i.institution = ? AND u.deleted = 0', array($institution->name));
        if ($members + count($CSVDATA) > $maxusers) {
            $SESSION->add_error_msg(get_string('uploadcsvfailedusersexceedmaxallowed', 'admin'));
            redirect('/admin/users/uploadcsv.php');
        }
    }
    if ($values['updateusers']) {
        log_info('Updating users from the CSV file');
    } else {
        log_info('Inserting users from the CSV file');
    }
    db_begin();
    $addedusers = array();
    $cfgsendemail = get_config('sendemail');
    if (empty($values['emailusers'])) {
        // Temporarily disable email sent during user creation, e.g. institution membership
        $GLOBALS['CFG']->sendemail = false;
    }
    $key = 0;
    $steps_total = $values['updateusers'] ? 5 : 4;
    $steps_done = $steps_total - 3;
    $num_lines = sizeof($CSVDATA);
    foreach ($CSVDATA as $record) {
        if (!($key % 25)) {
            // This part has three times the weight of the other two steps.
            set_progress_info('uploaduserscsv', $num_lines * $steps_done + $key * 3, $num_lines * $steps_total, get_string('committingchanges', 'admin'));
        }
        $key++;
        $user = new StdClass();
        foreach ($FORMAT as $field) {
            if ($field == 'username' || $field == 'firstname' || $field == 'lastname' || $field == 'password' || $field == 'email' || $field == 'studentid' || $field == 'preferredname') {
                $user->{$field} = $record[$formatkeylookup[$field]];
            }
        }
        $user->authinstance = $authinstance;
        if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) {
            $user->quota = $values['quota'];
        }
        $profilefields = new StdClass();
        $remoteuser = null;
        foreach ($FORMAT as $field) {
            if ($field == 'username' || $field == 'password') {
                continue;
            }
            if ($field == 'remoteuser') {
                if (!empty($record[$formatkeylookup[$field]])) {
                    $remoteuser = $record[$formatkeylookup[$field]];
                }
                continue;
            }
            $profilefields->{$field} = $record[$formatkeylookup[$field]];
        }
        if (!$values['updateusers'] || !isset($UPDATES[$user->username])) {
            $user->passwordchange = (int) $values['forcepasswordchange'];
            $user->id = create_user($user, $profilefields, $institution, $authrecord, $remoteuser, $values, true);
            $addedusers[] = $user;
            log_debug('added user ' . $user->username);
        } else {
            if (isset($UPDATES[$user->username])) {
                $updated = update_user($user, $profilefields, $remoteuser, $values, true, true);
                if (empty($updated)) {
                    // Nothing changed for this user
                    unset($UPDATES[$user->username]);
                } else {
                    $UPDATES[$user->username] = $updated;
                    log_debug('updated user ' . $user->username . ' (' . implode(', ', array_keys($updated)) . ')');
                }
            }
        }
        set_time_limit(10);
    }
    db_commit();
    // Reenable email
    set_config('sendemail', $cfgsendemail);
    // Only send e-mail to users after we're sure they have been inserted
    // successfully
    $straccountcreatedtext = $values['forcepasswordchange'] ? 'accountcreatedchangepasswordtext' : 'accountcreatedtext';
    $straccountcreatedhtml = $values['forcepasswordchange'] ? 'accountcreatedchangepasswordhtml' : 'accountcreatedhtml';
    if ($values['emailusers'] && $addedusers) {
        foreach ($addedusers as $user) {
            $failedusers = array();
            try {
                email_user($user, null, get_string('accountcreated', 'mahara', get_config('sitename')), get_string($straccountcreatedtext, 'mahara', $user->firstname, get_config('sitename'), $user->username, $user->password, get_config('wwwroot'), get_config('sitename')), get_string($straccountcreatedhtml, 'mahara', $user->firstname, get_config('wwwroot'), get_config('sitename'), $user->username, $user->password, get_config('wwwroot'), get_config('wwwroot'), get_config('sitename')));
            } catch (EmailException $e) {
                log_info($e->getMessage());
                $failedusers[] = $user;
            }
        }
        if ($failedusers) {
            $message = get_string('uploadcsvsomeuserscouldnotbeemailed', 'admin') . "\n<ul>\n";
            foreach ($failedusers as $user) {
                $message .= '<li>' . full_name($user) . ' &lt;' . hsc($user->email) . "&gt;</li>\n";
            }
            $message .= "</ul>\n";
            $SESSION->add_info_msg($message, false);
        }
    }
    log_info('Added ' . count($addedusers) . ' users, updated ' . count($UPDATES) . ' users.');
    $SESSION->add_ok_msg(get_string('csvfileprocessedsuccessfully', 'admin'));
    if ($UPDATES) {
        $updatemsg = smarty_core();
        $updatemsg->assign('added', count($addedusers));
        $updatemsg->assign('updates', $UPDATES);
        $SESSION->add_info_msg($updatemsg->fetch('admin/users/csvupdatemessage.tpl'), false);
    } else {
        $SESSION->add_ok_msg(get_string('numbernewusersadded', 'admin', count($addedusers)));
    }
    set_progress_done('uploaduserscsv');
    redirect('/admin/users/uploadcsv.php');
}