public function orongoauthconfirm()
{
if (!isset($_SESSION["_orongoauth_confirm_uid"]) || !isset($_SESSION["_orongoauth_confirm_action"]) || !isset($_SESSION["_orongoauth_confirm_expire"])) {
$this->killConfirm();
throw new Exception("Nothing to confirm!");
}
#expire
if ($_SESSION["_orongoauth_confirm_expire"] < time()) {
$this->killConfirm();
throw new Exception("This action has been expired.");
}
$user = $this - userCheck();
#uid
if ($_SESSION["_orongoauth_confirm_uid"] != $user->getID()) {
$this->killConfirm();
throw new Exception("Invalid confirm user ID");
}
#action
switch ($_SESSION["_orongoauth_confirm_action"]) {
case 'update':
break;
default:
$this->killConfirm();
throw new Exception("Unknown confirm action!");
break;
}
}
function transaksi()
{
include "config.php";
$conn = connect_database();
if (userCheck($conn, $_POST['id'])) {
$kodealat = mysqli_real_escape_string($conn, $_POST["kode-alat"]);
$tanggal = date("Y-m-d", time());
if (isset($_POST["tanggal-pinjam"])) {
$tanggal = $_POST["tanggal-pinjam"];
}
if (!isAvailable($conn, $kodealat, $tanggal, $_POST["tanggal-kembali"])) {
echo "Maaf, alat pada hari tersebut tidak dapat dipinjam </br>";
} else {
if (strcmp($_POST["jenis"], "peminjaman") == 0) {
$sql = "INSERT INTO `peminjaman` (`id_user`, `id_alat`, `tanggal_rencana_pengembalian`) VALUES ('{$_POST['id']}','{$kodealat}','" . str_replace('T', ' ', $_POST["tanggal-kembali"]) . ":00')";
} else {
//booking
$sql = "INSERT INTO `booking` (`id_user`, `id_alat`, `tanggal_rencana_peminjaman`, `tanggal_rencana_pengembalian`) VALUES ('{$_POST['id']}','{$kodealat}','" . str_replace('T', ' ', $_POST["tanggal-pinjam"]) . ":00','" . str_replace('T', ' ', $_POST["tanggal-kembali"]) . ":00')";
}
if (mysqli_query($conn, $sql)) {
echo "Data anda berhasil disimpan</br>";
} else {
echo mysqli_error($conn);
}
}
} else {
//tidak ada user dengan id tersebut
echo "Maaf, user dengan ID sekian belum terdaftar. Mohon daftarkan diri Anda terlebih dahulu!";
}
echo '<a href="../index.php"> Kembali ke halaman Transaksi</a>';
}
function pageController()
{
$data = [];
$data['username'] = $_POST["uname"] ? $_POST["uname"] : " ";
$data['password'] = $_POST["passwd"] ? $_POST["passwd"] : " ";
$data['logincheck'] = userCheck($data['username'], $data['password']);
return $data;
}
function xoops_user_validate($username, $password, $validate)
{
global $xoopsModuleConfig, $xoopsConfig;
if ($xoopsModuleConfig['site_user_auth'] == 1) {
if ($ret = check_for_lock(basename(__FILE__), $username, $password)) {
return $ret;
}
if (!checkright(basename(__FILE__), $username, $password)) {
mark_for_lock(basename(__FILE__), $username, $password);
return array('ErrNum' => 9, "ErrDesc" => 'No Permission for plug-in');
}
}
if ($validate['passhash'] != '') {
if ($validate['passhash'] != sha1($validate['time'] - $validate['rand'] . $validate['uname'] . $validate['pass'])) {
return array("ERRNUM" => 4, "ERRTXT" => 'No Passhash');
}
} else {
return array("ERRNUM" => 4, "ERRTXT" => 'No Passhash');
}
return array('ERRNUM' => 1, 'RESULT' => userCheck($validate['uname'], $validate['email'], $validate['pass'], $validate['vpass']));
}
echo T_("Update");
?>
"/>
</li>
</ul>
</form>
<?php
// password update
if (!$authRealm) {
// password update
if (isset($_POST['changepw']) && !empty($_POST['oldpw']) && !empty($_POST['newpw']) && !empty($_POST['newpw2'])) {
// create user
if ($_POST['newpw'] !== $_POST['newpw2']) {
errorMessage(T_("Password change"), T_("New passwords don't match! Password unchanged."));
} elseif (!userCheck($auth['name'], $_POST['oldpw'])) {
errorMessage(T_("Password change"), T_("Old password doesn't match! Password unchanged."));
} else {
userUpd($auth['name'], $_POST['newpw']);
infoMessage(T_("Password change"), T_("Password successfully changed."));
}
}
?>
<form action="<?php
echo $ref;
?>
" method="post" onsubmit="validate(event);">
<ul>
<h3><?php
echo T_("Password");
?>
function saveuser($uid, $name, $uname, $email, $femail, $url, $pass, $vpass, $bio, $user_avatar, $user_icq, $user_occ, $user_from, $user_intrest, $user_sig, $user_viewemail, $user_aim, $user_yim, $user_msnm, $attach, $usend_email, $uis_visible, $user_lnl, $C1, $C2, $C3, $C4, $C5, $C6, $C7, $C8, $M1, $M2, $T1, $T2, $B1, $MAX_FILE_SIZE, $raz_avatar)
{
global $NPDS_Prefix;
global $user, $userinfo, $system, $minpass;
$cookie = cookiedecode($user);
$check = $cookie[1];
$result = sql_query("SELECT uid, email FROM " . $NPDS_Prefix . "users WHERE uname='{$check}'");
list($vuid, $vemail) = sql_fetch_row($result);
if ($check == $uname and $uid == $vuid) {
if (isset($pass) && "{$pass}" != "{$vpass}") {
message_error("<i class=\"fa fa-exclamation\"></i> " . translate("Both passwords are different. They need to be identical.") . "<br /><br />", "");
} elseif ($pass != "" && strlen($pass) < $minpass) {
message_error("<i class=\"fa fa-exclamation\"></i> " . translate("Sorry, your password must be at least") . " <strong>{$minpass}</strong> " . translate("characters long") . "<br /><br />", "");
} else {
$stop = userCheck("edituser", $email);
if (!$stop) {
if ($bio) {
$bio = FixQuotes(strip_tags($bio));
}
if ($attach) {
$t = 1;
} else {
$t = 0;
}
if ($user_viewemail) {
$a = 1;
} else {
$a = 0;
}
if ($usend_email) {
$u = 1;
} else {
$u = 0;
}
if ($uis_visible) {
$v = 0;
} else {
$v = 1;
}
if ($user_lnl) {
$w = 1;
} else {
$w = 0;
}
if ($url != "") {
if (!substr_count($url, "http://")) {
$url = "http://" . $url;
}
if (trim($url) == "http://") {
$url = "";
}
}
include_once "modules/upload/upload.conf.php";
global $avatar_size;
if (!$avatar_size) {
$avatar_size = "80*100";
}
$avatar_limit = explode("*", $avatar_size);
if ($DOCUMENTROOT != "") {
$rep = $DOCUMENTROOT;
} else {
global $DOCUMENT_ROOT;
if ($DOCUMENT_ROOT) {
$rep = $DOCUMENT_ROOT;
} else {
$rep = $_SERVER['DOCUMENT_ROOT'];
}
}
if ($B1 != "none") {
global $language;
include_once "modules/upload/lang/upload.lang-{$language}.php";
include_once "modules/upload/clsUpload.php";
$upload = new Upload();
$upload->maxupload_size = $MAX_FILE_SIZE;
$field1_filename = trim($upload->getFileName("B1"));
$suffix = strtoLower(substr(strrchr($field1_filename, '.'), 1));
if ($suffix == "gif" or $suffix == "jpg" or $suffix == "png") {
$field1_filename = removeHack(preg_replace('#[/\\\\:\\*\\?"<>|]#i', '', rawurldecode($field1_filename)));
$field1_filename = preg_replace('#\\.{2}|config.php|/etc#i', '', $field1_filename);
if ($field1_filename) {
if ($autorise_upload_p) {
$user_dir = $racine . "/users_private/" . $uname . "/";
if (!is_dir($rep . $user_dir)) {
@umask("0000");
if (@mkdir($rep . $user_dir, 0777)) {
$fp = fopen($rep . $user_dir . "index.html", 'w');
fclose($fp);
} else {
$user_dir = $racine . "/users_private/";
}
}
} else {
$user_dir = $racine . "/users_private/";
}
if ($upload->saveAs($uname . "." . $suffix, $rep . $user_dir, "B1", true)) {
$old_user_avatar = $user_avatar;
$user_avatar = $user_dir . $uname . "." . $suffix;
$img_size = @getimagesize($rep . $user_avatar);
if ($img_size[0] > $avatar_limit[0] or $img_size[1] > $avatar_limit[1]) {
$raz_avatar = true;
}
if ($racine == "") {
$user_avatar = substr($user_avatar, 1);
}
}
}
}
}
if ($raz_avatar) {
if (strstr($user_avatar, "/users_private")) {
@unlink($rep . $user_avatar);
@unlink($rep . $old_user_avatar);
}
$user_avatar = "blank.gif";
}
if ($pass != '') {
cookiedecode($user);
if (!$system) {
$pass = crypt($pass, $pass);
}
sql_query("UPDATE " . $NPDS_Prefix . "users SET name='{$name}', email='{$email}', femail='" . removeHack($femail) . "', url='" . removeHack($url) . "', pass='******', bio='" . removeHack($bio) . "', user_avatar='{$user_avatar}', user_icq='" . removeHack($user_icq) . "', user_occ='" . removeHack($user_occ) . "', user_from='" . removeHack($user_from) . "', user_intrest='" . removeHack($user_intrest) . "', user_sig='" . removeHack($user_sig) . "', user_aim='" . removeHack($user_aim) . "', user_yim='" . removeHack($user_yim) . "', user_msnm='" . removeHack($user_msnm) . "', user_viewemail='{$a}', send_email='{$u}', is_visible='{$v}', user_lnl='{$w}' WHERE uid='{$uid}'");
$result = sql_query("SELECT uid, uname, pass, storynum, umode, uorder, thold, noscore, ublockon, theme FROM " . $NPDS_Prefix . "users WHERE uname='{$uname}' AND pass='******'");
if (sql_num_rows($result) == 1) {
$userinfo = sql_fetch_assoc($result);
docookie($userinfo['uid'], $userinfo['uname'], $userinfo['pass'], $userinfo['storynum'], $userinfo['umode'], $userinfo['uorder'], $userinfo['thold'], $userinfo['noscore'], $userinfo['ublockon'], $userinfo['theme'], $userinfo['commentmax'], "");
}
} else {
sql_query("UPDATE " . $NPDS_Prefix . "users SET name='{$name}', email='{$email}', femail='" . removeHack($femail) . "', url='" . removeHack($url) . "', bio='" . removeHack($bio) . "', user_avatar='{$user_avatar}', user_icq='" . removeHack($user_icq) . "', user_occ='" . removeHack($user_occ) . "', user_from='" . removeHack($user_from) . "', user_intrest='" . removeHack($user_intrest) . "', user_sig='" . removeHack($user_sig) . "', user_aim='" . removeHack($user_aim) . "', user_yim='" . removeHack($user_yim) . "', user_msnm='" . removeHack($user_msnm) . "', user_viewemail='{$a}', send_email='{$u}', is_visible='{$v}', user_lnl='{$w}' WHERE uid='{$uid}'");
}
sql_query("UPDATE " . $NPDS_Prefix . "users_status SET attachsig='{$t}' WHERE uid='{$uid}'");
$result = sql_query("SELECT uid FROM " . $NPDS_Prefix . "users_extend WHERE uid='{$uid}'");
if (sql_num_rows($result) == 1) {
sql_query("UPDATE " . $NPDS_Prefix . "users_extend SET C1='" . removeHack($C1) . "', C2='" . removeHack($C2) . "', C3='" . removeHack($C3) . "', C4='" . removeHack($C4) . "', C5='" . removeHack($C5) . "', C6='" . removeHack($C6) . "', C7='" . removeHack($C7) . "', C8='" . removeHack($C8) . "', M1='" . removeHack($M1) . "', M2='" . removeHack($M2) . "', T1='" . removeHack($T1) . "', T2='" . removeHack($T2) . "', B1='{$B1}' WHERE uid='{$uid}'");
} else {
$result = sql_query("INSERT INTO " . $NPDS_Prefix . "users_extend VALUES ('{$uid}','" . removeHack($C1) . "', '" . removeHack($C2) . "', '" . removeHack($C3) . "', '" . removeHack($C4) . "', '" . removeHack($C5) . "', '" . removeHack($C6) . "', '" . removeHack($C7) . "', '" . removeHack($C8) . "', '" . removeHack($M1) . "', '" . removeHack($M2) . "', '" . removeHack($T1) . "', '" . removeHack($T2) . "', '{$B1}')");
}
if ($pass != "") {
logout();
} else {
header("location: user.php?op=edituser");
}
} else {
message_error($stop, "");
}
}
} else {
Header("Location: index.php");
}
}
function register_check()
{
global $db, $user_cfg, $sec_code, $MAIN_CFG;
$username = Fix_Quotes($_POST['username'], 1);
$email = strtolower(Fix_Quotes($_POST['email'], 1));
$password = Fix_Quotes($_POST['password'], 1);
if ($password != Fix_Quotes($_POST['password_confirm'], 1)) {
cpg_error(_PASSDIFFERENT);
} else {
if (strlen($password) < $MAIN_CFG['member']['minpass'] && $password != '') {
cpg_error(_YOUPASSMUSTBE . ' <b>' . $MAIN_CFG['member']['minpass'] . '</b> ' . _CHARLONG);
}
}
$fields['username'] = $username;
$fields['email'] = $email;
$fields['password'] = $password;
$fields['coppa'] = $_POST['coppa'];
// Check the additional activated fields
$fieldlist = $valuelist = '';
$content = check_fields($fieldlist, $valuelist, $fields);
userCheck($username, $email);
echo '<form action="' . URL::index('&file=register') . '" method="post">
<table border="0" cellpadding="3" cellspacing="1" width="100%" class="forumline">
<tr>
<td class="row1" align="center">
' . $username . ', ' . _USERCHECKDATA . '<br /><br />
<table border="0" cellpadding="1" cellspacing="4">
<tr><td><b>' . _USERNAME . ':</b></td><td>' . $username . '</td></tr>
<tr><td><b>' . _EMAILADDRESS . ':</b></td><td>' . $email . '</td></tr>
<tr><td><b>' . _PASSWORD . ':</b></td><td><i>' . _MA_HIDDEN . '</i></td></tr>' . $content;
if ($sec_code & 4) {
echo '<tr>
<td class="row1"><span class="gen">' . _SECURITYCODE . ':</span></td>
<td class="row2">' . generate_secimg() . '</td></tr>
<tr>
<td class="row1"><span class="gen">' . _TYPESECCODE . ':</span></td>
<td class="row2"><input type="text" name="gfx_check" size="7" maxlength="6" /></td>
</tr>';
}
echo '</table><br />';
if (!$user_cfg['requireadmin']) {
echo $user_cfg['useactivate'] ? _YOUWILLRECEIVE : _YOUWILLRECEIVE2;
} else {
echo _WAITAPPROVAL;
}
$_SESSION['REGISTER'] = $fields;
echo '<input type="hidden" name="op" value="finish" /><br /><br />
<input type="submit" value="' . _FINISH . '" /> <a href="javascript:history.go(-1);"><input type="button" value="Back" onclick="history.go(-1)" /></a>
</td>
</tr>
</table>
</form>';
}
$('#post_content').val("Write Something you want to share ... ");
}
});
});
});
</script>
</head>
<body>
<?php
include_once 'DB.php';
include 'auth.php';
$db = Database::getInstance();
$conn = $db->getConnection();
$conn->select_db('cc');
$check = userCheck();
$user = $_COOKIE['user'];
if ($check) {
$query = "select user_id from tokens where token='" . normalizeString($_COOKIE['tokenID']) . "'";
$res = $conn->query($query);
$result = $res->fetch_assoc();
if ($res->num_rows === 1 and isset($result['user_id'])) {
$user = $result['user_id'];
?>
<div class="main-body">
<div class="col-lg-12 col-md-12 col-sm-12">
<?php
include 'include/nav-header.php';
?>
<div class="col-lg-3 col-md-3 sidebar">
<ul class="nav nav-pills nav-stacked">
}
$user->setVar('pass', md5($password));
} elseif ($user->isNew()) {
$errors[] = _PROFILE_MA_NOPASSWORD;
}
if ($xoopsUser->isAdmin()) {
//admins can set level (activated/deactivated) for users
$user->setVar('level', intval($_POST['level']));
}
}
$user->setVar('uname', $_POST['uname']);
$user->setVar('loginname', $_POST['loginname']);
$user->setVar('rank', intval($_POST['rank']));
$user->setVar('name', $_POST['name']);
include_once '../include/functions.php';
$stop = userCheck($user);
if ($stop != "") {
$errors[] = $stop;
}
// Dynamic fields
$profile_handler =& xoops_gethandler('profile');
// Get fields
$fields =& $profile_handler->loadFields();
// Get ids of fields that can be edited
$gperm_handler =& xoops_gethandler('groupperm');
$editable_fields = $gperm_handler->getItemIds('profile_edit', $xoopsUser->getGroups(), $xoopsModule->getVar('mid'));
foreach (array_keys($fields) as $i) {
$fieldname = $fields[$i]->getVar('field_name');
if (in_array($fields[$i]->getVar('fieldid'), $editable_fields) && isset($_REQUEST[$fieldname])) {
$user->setVar($fieldname, $_REQUEST[$fieldname]);
}
} else {
if ($_POST['mode'] == 'addConf') {
if ($CPG_SESS['admin']['page'] != 'users') {
cpg_error(_ERROR_BAD_LINK, _SEC_ERROR);
}
$username = Fix_Quotes($_POST['username'], 1);
$email = Fix_Quotes($_POST['email'], 1);
$password = Fix_Quotes($_POST['password'], 1);
if ($password != Fix_Quotes($_POST['password_confirm'], 1)) {
cpg_error(_PASSDIFFERENT);
} else {
if (strlen($password) < $MAIN_CFG['member']['minpass'] && $password != '') {
cpg_error(_YOUPASSMUSTBE . ' <b>' . $MAIN_CFG['member']['minpass'] . '</b> ' . _CHARLONG);
}
}
userCheck($_POST['username'], $_POST['email']);
$fieldlist = $valuelist = '';
check_fields($fieldlist, $valuelist, $fields);
if (empty($password)) {
$password = make_pass(8, 5);
}
$result = $db->sql_query('INSERT INTO ' . $user_prefix . '_users (username, user_email, user_password, user_regdate, user_avatar' . $fieldlist . ') ' . "VALUES ('{$username}', '{$email}', '" . md5($password) . "', '" . time() . "', '" . $MAIN_CFG['avatar']['default'] . "'" . $valuelist . ')');
$message = _WELCOMETO . " {$MAIN_CFG['global']['sitename']}!\n\n" . _YOUUSEDEMAIL . " ({$email}) " . _TOREGISTER . " {$MAIN_CFG['global']['sitename']}.\n\n " . _FOLLOWINGMEM . "\n" . _USERNAME . ": {$username}\n" . _PASSWORD . ": {$password}";
send_mail($dummy, $message, 0, _ACTIVATIONSUB, $email, $username);
URL::redirect(URL::admin());
} else {
if ($_POST['mode'] == 'promoteConf') {
if ($CPG_SESS['admin']['page'] != 'users') {
cpg_error(_ERROR_BAD_LINK, _SEC_ERROR);
}
if (can_admin()) {
function finishNewUser($username, $user_email, $user_password, $user_password2, $usertype, $gradyear, $company, $designation, $fullname, $specialization, $random_num, $gfx_check)
{
//FIX:DOMSNITT
global $stop, $EditedMessage, $adminmail, $sitename, $Default_Theme, $user_prefix, $db, $storyhome, $module_name, $nukeurl;
include "header.php";
include "config.php";
userCheck($username, $user_email);
$user_regdate = date("M d, Y");
if (!isset($stop)) {
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
if (extension_loaded("gd") and $code != $gfx_check and ($gfx_chk == 3 or $gfx_chk == 4 or $gfx_chk == 6 or $gfx_chk == 7)) {
Header("Location: modules.php?name={$module_name}");
die;
}
mt_srand((double) microtime() * 1000000);
$maxran = 1000000;
$check_num = mt_rand(0, $maxran);
$check_num = md5($check_num);
$time = time();
$finishlink = "{$nukeurl}/modules.php?name={$module_name}&op=activate&username={$username}&check_num={$check_num}";
$new_password = md5($user_password);
$username = check_html($username, nohtml);
$user_email = check_html($user_email, nohtml);
//FIX:DOMSNITT
$fullname = check_html($fullname, nohtml);
$company = check_html($company, nohtml);
$designation = check_html($designation, nohtml);
#$result = $db->sql_query("INSERT INTO ".$user_prefix."_users_temp (user_id, username, user_email, user_password, user_regdate, check_num, time) VALUES (NULL, '$username', '$user_email', '$new_password', '$user_regdate', '$check_num', '$time')");
$result = $db->sql_query("INSERT INTO " . $user_prefix . "_users_temp (user_id, username, user_email, user_password, user_regdate, check_num, time,usertype,gradyear,company,designation,fullname,specialization) VALUES (NULL, '{$username}', '{$user_email}', '{$new_password}', '{$user_regdate}', '{$check_num}', '{$time}','{$usertype}',{$gradyear},'{$company}','{$designation}','{$fullname}','{$specialization}')");
//END-OF-FIX
if (!$result) {
echo "" . _ERROR . "<br>";
} else {
//FIX:DOMSNITT
// start - HACK: AutoActivate
global $language;
$row = $db->sql_fetchrow($db->sql_query("SELECT AutoActivateMode from " . $prefix . "_config"));
$AutoActivateMode = intval($row['AutoActivateMode']);
if ($AutoActivateMode) {
$past = time() - 86400;
$db->sql_query("DELETE FROM " . $user_prefix . "_users_temp WHERE time < {$past}");
$sql = "SELECT * FROM " . $user_prefix . "_users_temp WHERE username='******' AND check_num='{$check_num}'";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
$row = $db->sql_fetchrow($result);
if ($check_num == $row[check_num]) {
$db->sql_query("INSERT INTO " . $user_prefix . "_users (user_id, username, user_email, user_password, user_avatar, user_regdate, user_lang) VALUES (NULL, '{$row['username']}', '{$row['user_email']}', '{$row['user_password']}', 'gallery/blank.gif', '{$row['user_regdate']}', '{$language}')");
$db->sql_query("DELETE FROM " . $user_prefix . "_users_temp WHERE username='******' AND check_num='{$check_num}'");
title("" . _ACTIVATIONYES . "");
echo "<center><b>{$row['username']}:</b> " . _ACTMSG . "</center>";
} else {
title("" . _ACTIVATIONERROR . "");
echo "<center>" . _ACTERROR1 . "</center>";
}
} else {
title("" . _ACTIVATIONERROR . "");
echo "<center>" . _ACTERROR2 . "</center>";
die;
}
} else {
// end - HACK: AutoActivate
//END-OF-FIX
$message = "" . _WELCOMETO . " {$sitename}!\n\n" . _YOUUSEDEMAIL . " ({$user_email}) " . _TOREGISTER . " {$sitename}.\n\n " . _TOFINISHUSER . "\n\n {$finishlink}\n\n " . _FOLLOWINGMEM . "\n\n" . _UNICKNAME . " {$username}\n" . _UPASSWORD . " {$user_password}";
$subject = "" . _ACTIVATIONSUB . "";
$from = "{$adminmail}";
mail($user_email, $subject, $message, "From: {$from}\nX-Mailer: PHP/" . phpversion());
title("{$sitename}: " . _USERREGLOGIN . "");
OpenTable();
echo "<center><b>" . _ACCOUNTCREATED . "</b><br><br>";
echo "" . _YOUAREREGISTERED . "" . "<br><br>" . "" . _FINISHUSERCONF . "<br><br>" . "" . _THANKSUSER . " {$sitename}!</center>";
CloseTable();
//FIX:DOMSNITT
// start - HACK: AutoActivate
}
// end - HACK: AutoActivate
//END-OF-FIX
}
} else {
echo "{$stop}";
}
include "footer.php";
}
function xoops_create_user($username, $password, $user, $siteinfo)
{
xoops_load("userUtility");
global $xoopsModuleConfig, $xoopsConfig;
if ($xoopsModuleConfig['site_user_auth'] == 1) {
if ($ret = check_for_lock(basename(__FILE__), $username, $password)) {
return $ret;
}
if (!checkright(basename(__FILE__), $username, $password)) {
mark_for_lock(basename(__FILE__), $username, $password);
return array('ErrNum' => 9, "ErrDesc" => 'No Permission for plug-in');
}
}
return array("Username" => $username, "password" => $password, 'user' => $user, 'siteinfo' => $siteinfo);
if ($user['passhash'] != '') {
if ($user['passhash'] != sha1($user['time'] - $user['rand'] . $user['uname'] . $user['pass'])) {
return array("ERRNUM" => 4, "ERRTXT" => 'No Passhash');
}
} else {
return array("ERRNUM" => 4, "ERRTXT" => 'No Passhash');
}
foreach ($user as $k => $l) {
${$k} = $l;
}
include_once XOOPS_ROOT_PATH . '/class/auth/authfactory.php';
include_once XOOPS_ROOT_PATH . '/language/' . $xoopsConfig['language'] . '/auth.php';
$xoopsAuth =& XoopsAuthFactory::getAuthConnection($uname);
if (check_auth_class($xoopsAuth) == true) {
$result = $xoopsAuth->create_user($user_viewemail, $uname, $email, $url, $actkey, $pass, $timezone_offset, $user_mailok, $siteinfo);
return $result;
} else {
if (strlen(userCheck($uname, $email, $pass, $pass)) == 0) {
global $xoopsConfig;
$config_handler =& xoops_gethandler('config');
$xoopsConfigUser =& $config_handler->getConfigsByCat(XOOPS_CONF_USER);
$member_handler =& xoops_gethandler('member');
$newuser =& $member_handler->createUser();
$newuser->setVar('user_viewemail', $user_viewemail, true);
$newuser->setVar('uname', $uname, true);
$newuser->setVar('email', $email, true);
if ($url != '') {
$newuser->setVar('url', formatURL($url), true);
}
$newuser->setVar('user_avatar', 'blank.gif', true);
if (empty($actkey)) {
$actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
}
$newuser->setVar('actkey', $actkey, true);
$newuser->setVar('pass', md5($pass), true);
$newuser->setVar('timezone_offset', $timezone_offset, true);
$newuser->setVar('user_regdate', time(), true);
$newuser->setVar('uorder', $xoopsConfig['com_order'], true);
$newuser->setVar('umode', $xoopsConfig['com_mode'], true);
$newuser->setVar('user_mailok', $user_mailok, true);
$newuser->setVar('user_intrest', _US_USERREG . ' @ ' . $xoops_url, true);
if ($xoopsConfigUser['activation_type'] == 1) {
$newuser->setVar('level', 1, true);
}
if (!$member_handler->insertUser($newuser, true)) {
$return = array('state' => 1, "text" => _US_REGISTERNG);
} else {
$newid = $newuser->getVar('uid');
if (!$member_handler->addUserToGroup(XOOPS_GROUP_USERS, $newid)) {
$return = array('state' => 1, "text" => _US_REGISTERNG);
}
if ($xoopsConfigUser['activation_type'] == 1) {
$return = array('state' => 2, "user" => $uname);
}
// Sending notification email to user for self activation
if ($xoopsConfigUser['activation_type'] == 0) {
$xoopsMailer =& xoops_getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('register.tpl');
$xoopsMailer->assign('SITENAME', $siteinfo['sitename']);
$xoopsMailer->assign('ADMINMAIL', $siteinfo['adminmail']);
$xoopsMailer->assign('SITEURL', XOOPS_URL . "/");
$xoopsMailer->setToUsers(new XoopsUser($newid));
$xoopsMailer->setFromEmail($siteinfo['adminmail']);
$xoopsMailer->setFromName($siteinfo['sitename']);
$xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $uname));
if (!$xoopsMailer->send()) {
$return = array('state' => 1, "text" => _US_YOURREGMAILNG);
} else {
$return = array('state' => 1, "text" => _US_YOURREGISTERED);
}
// Sending notification email to administrator for activation
} elseif ($xoopsConfigUser['activation_type'] == 2) {
$xoopsMailer =& xoops_getMailer();
$xoopsMailer->useMail();
$xoopsMailer->setTemplate('adminactivate.tpl');
$xoopsMailer->assign('USERNAME', $uname);
$xoopsMailer->assign('USEREMAIL', $email);
if ($siteinfo['xoops_url'] == XOOPS_URL) {
$xoopsMailer->assign('USERACTLINK', $siteinfo['xoops_url'] . '/register.php?op=actv&id=' . $newid . '&actkey=' . $actkey);
}
} else {
$xoopsMailer->assign('USERACTLINK', $siteinfo['xoops_url'] . '/register.php?op=actv&uname=' . $uname . '&actkey=' . $actkey);
}
$xoopsMailer->assign('SITENAME', $siteinfo['sitename']);
$xoopsMailer->assign('ADMINMAIL', $siteinfo['adminmail']);
$xoopsMailer->assign('SITEURL', $siteinfo['xoops_url'] . "/");
$member_handler =& xoops_gethandler('member');
$xoopsMailer->setToGroups($member_handler->getGroup($xoopsConfigUser['activation_group']));
$xoopsMailer->setFromEmail($siteinfo['adminmail']);
$xoopsMailer->setFromName($siteinfo['sitename']);
$xoopsMailer->setSubject(sprintf(_US_USERKEYFOR, $uname));
if (!$xoopsMailer->send()) {
$return = array('state' => 1, "text" => _US_YOURREGMAILNG);
} else {
$return = array('state' => 1, "text" => _US_YOURREGISTERED2);
}
}
if ($xoopsConfigUser['new_user_notify'] == 1 && !empty($xoopsConfigUser['new_user_notify_group'])) {
$xoopsMailer =& xoops_getMailer();
$xoopsMailer->useMail();
$member_handler =& xoops_gethandler('member');
$xoopsMailer->setToGroups($member_handler->getGroup($xoopsConfigUser['new_user_notify_group']));
$xoopsMailer->setFromEmail($siteinfo['adminmail']);
$xoopsMailer->setFromName($siteinfo['sitename']);
$xoopsMailer->setSubject(sprintf(_US_NEWUSERREGAT, $xoopsConfig['sitename']));
$xoopsMailer->setBody(sprintf(_US_HASJUSTREG, $uname));
$xoopsMailer->send();
}
if (strpos(strtolower($_SERVER['HTTP_HOST']), 'xortify.com')) {
define('XORTIFY_API_LOCAL', 'http://xortify.chronolabs.coop/soap/');
define('XORTIFY_API_URI', 'http://xortify.chronolabs.coop/soap/');
} else {
define('XORTIFY_API_LOCAL', 'http://xortify.com/soap/');
define('XORTIFY_API_URI', 'http://xortify.com/soap/');
}
$soap_client = @new soapclient(NULL, array('location' => XORTIFY_API_LOCAL, 'uri' => XORTIFY_API_URI));
$result = @$soap_client->__soapCall('xoops_create_user', array("username" => $username, "password" => $password, "user" => $user, "siteinfo" => $siteinfo));
return array("ERRNUM" => 1, "RESULT" => $return);
} else {
return array("ERRNUM" => 1, "RESULT" => array('state' => 1, 'text' => userCheck($uname, $email, $pass, $pass)));
}
}
}
function addUser($var)
{
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
exit;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Users::', $var['add_uname'] . "::", ACCESS_ADD)) {
include 'header.php';
echo _MODIFYUSERSADDNOAUTH;
include 'footer.php';
exit;
}
$add_pass = md5($var['add_pass']);
if (!($var['add_uname'] && $var['add_email'] && $var['add_pass'])) {
include "header.php";
GraphicAdmin();
OpenTable();
echo "<center><font class=\"pn-title\"><b>" . _USERADMIN . "</b></font></center>";
CloseTable();
OpenTable();
echo "<center><b><font class=\"pn-normal\">" . _NEEDTOCOMPLETE . "</b><br><br>" . "" . _GOBACK . "</font>";
CloseTable();
include "footer.php";
return;
}
userCheck($var);
if (!isset($stop)) {
if (empty($var['add_user_viewemail'])) {
$var['add_user_viewemail'] = 0;
}
$Default_Theme = pnConfigGetVar('Default_Theme');
$commentlimit = pnConfigGetVar('commentlimit');
$storynum = pnConfigGetVar('storyhome');
$timezoneoffset = pnConfigGetVar('timezone_offset');
$user_regdate = time();
$column =& $pntable['users_column'];
$existinguser = $dbconn->Execute("SELECT {$column['uname']} FROM {$pntable['users']} WHERE {$column['uname']}='" . $var['add_uname'] . "'");
if (!$existinguser->EOF) {
include 'header.php';
echo "<div align=center><font class=\"pn-title\">" . _USEREXIST . " <a href=\"admin.php?module=NS-User&op=modifyUser&chng_uid={$var['add_uname']} \">(" . pnVarPrepForDisplay($var['add_uname']) . ") " . "</a></font></div><br>";
echo "<font class=\"pn-normal\"><a href=\"admin.php?module=NS-User&op=main\">" . _ADDUSER . "</font></a>";
include 'footer.php';
} else {
$uid = $dbconn->GenId($pntable['users']);
$sql = "INSERT INTO {$pntable['users']} ({$column['uid']}, {$column['name']},\n\t\t\t\t\t\t {$column['uname']}, {$column['email']}, {$column['femail']}, {$column['url']},\n\t\t\t\t\t\t {$column['user_regdate']}, {$column['user_icq']}, {$column['user_aim']},\n\t\t\t\t\t\t {$column['user_yim']}, {$column['user_msnm']}, {$column['user_from']},\n\t\t\t\t\t\t {$column['user_occ']}, {$column['user_intrest']}, {$column['user_viewemail']},\n\t\t\t\t\t\t {$column['user_avatar']}, {$column['user_sig']}, {$column['pass']}, {$column['timezone_offset']})\n\t\t\t\t\t\t values (" . pnVarPrepForStore($uid) . ",'','" . $var['add_uname'] . "','" . $var['add_email'] . "','',\n\t\t\t\t\t\t '','" . pnVarPrepForStore($user_regdate) . "','','','','','','','','" . $var['add_user_viewemail'] . "','blank.gif',\n\t\t\t\t\t\t '','" . pnVarPrepForStore($add_pass) . "','" . pnVarPrepForStore($timezoneoffset) . "')";
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
echo $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg() . "<br>";
error_log("DB Error: " . $dbconn->ErrorMsg());
return;
}
// Add user to group
// get the generated id
$uid = $dbconn->PO_Insert_ID($pntable['users'], $column['uid']);
$column =& $pntable['groups_column'];
$result = $dbconn->Execute("SELECT {$column['gid']} FROM {$pntable['groups']} WHERE {$column['name']}='" . pnConfigGetVar('defaultgroup') . "'");
if ($dbconn->ErrorNo() != 0) {
echo $dbconn->ErrorNo() . "Get default group: " . $dbconn->ErrorMsg() . "<br>";
error_log($dbconn->ErrorNo() . "Get default group: " . $dbconn->ErrorMsg() . "<br>");
return;
}
if (!$result->EOF) {
list($gid) = $result->fields;
$result->Close();
$column =& $pntable['group_membership_column'];
$result = $dbconn->Execute("INSERT INTO {$pntable['group_membership']} ({$column['gid']}, {$column['uid']}) VALUES (" . pnVarPrepForStore($gid) . ", " . pnVarPrepForStore($uid) . ")");
if ($dbconn->ErrorNo() != 0) {
echo $dbconn->ErrorNo() . "Add to default group: " . $dbconn->ErrorMsg() . "<br>";
error_log($dbconn->ErrorNo() . "Add to default group: " . $dbconn->ErrorMsg() . "<br>");
return;
}
}
include 'header.php';
echo "<div align=center><font class=\"pn-title\">" . "<a href=\"admin.php?module=NS-User&op=modifyUser&chng_uid={$uid}\">" . pnVarPrepForDisplay(stripslashes($var['add_uname'])) . " (" . _USERID . " {$uid})</A> " . _ADDED . "</div></font><br>";
echo "<font class=\"pn-normal\"><a href=\"admin.php?module=NS-User&op=main\">" . _ADDUSER . "</font></a>";
include 'footer.php';
}
} else {
echo "{$stop}";
include 'footer.php';
}
}
/**
* Renvoie TRUE si l'utilisateur courant est administrateur
*/
function userIsAdmin()
{
if (!userCheck()) {
return false;
}
return userLogged()['user_is_admin'];
}
<?php
require_once "model/user.php";
require_once "model/other.php";
if (isset($_POST['user']) && isset($_POST['password'])) {
$user = $_POST['user'];
$password = $_POST['password'];
if (userCheck($user, $password)) {
$_SESSION["username"] = $user;
$_SESSION["userId"] = userId($user);
redirect();
} else {
echo "login error!";
}
} else {
require_once "views/login.php";
}
<?php
require_once 'global.php';
userCheck();
$post = isset($_GET['id']) ? $_GET['id'] : '';
if (isset($_GET['id'])) {
$id = $_GET['id'];
$sql = "DELETE FROM posts WHERE id = ?";
$results = $db->prepare($sql);
$results->bindValue(1, $id);
$results->execute();
header("Location: posts");
}
case 'boolean':
$allowed_requests[$key] = (bool) @$_POST[$key];
break;
case 'string':
$allowed_requests[$key] = get_magic_quotes_gpc() ? stripslashes($_POST[$key]) : $_POST[$key];
break;
}
}
//
// REGISTER STAGE
//
if (!empty($_POST['do_register'])) {
// check before register (uname, email, password)
$email4check = $allow_blank_email ? substr(md5(time()), -6) . '@example.com' : $allowed_requests['email'];
$allowed_requests['vpass'] = $allow_blank_vpass ? $allowed_requests['pass'] : $allowed_requests['vpass'];
$stop_reason = userCheck($allowed_requests['uname'], $email4check, $allowed_requests['pass'], $allowed_requests['vpass']);
}
if (!empty($_POST['do_register']) && empty($stop_reason_extras) && empty($stop_reason)) {
if ($xoopsConfigUser['reg_dispdsclmr'] && empty($allowed_requests['agree_disc'])) {
die(_US_UNEEDAGREE);
}
include XOOPS_ROOT_PATH . '/header.php';
$member_handler =& xoops_gethandler('member');
$newuser =& $member_handler->createUser();
if ($allow_blank_email) {
$newuser->initVar('email', XOBJ_DTYPE_TXTBOX, null, false, 60);
}
$newuser->setVar('user_viewemail', $allowed_requests['user_viewemail'], true);
$newuser->setVar('uname', $allowed_requests['uname'], true);
$newuser->setVar('email', $allowed_requests['email'], true);
$newuser->setVar('url', formatURL($allowed_requests['url']), true);
function importCsvValidate(&$importSet, $id_reqs, $regfid, $validateOverride = false)
{
if ($validateOverride) {
return true;
}
global $errors, $xoopsDB;
$output = "** <b>Validating</b><br><b>Csv</b>: " . $importSet[0][0] . "<br>" . "<b>Form</b>: <i>name</i>: " . $importSet[2] . ", <i>id</i>: " . $importSet[4] . "<br><ol>";
$links = count($importSet[6]);
$GLOBALS['formulize_ignoreColumnsOnImport'] = array();
for ($link = 0; $link < $links; $link++) {
if ($importSet[6][$link] == -1) {
// Created by, Creation date, Modified by, Modification date, plus profile form special columns
if (!($importSet[3][$link] == _formulize_DE_CALC_CREATOR || $importSet[3][$link] == _formulize_DE_CALC_CREATEDATE || $importSet[3][$link] == _formulize_DE_CALC_MODIFIER || $importSet[3][$link] == _formulize_DE_CALC_MODDATE || $importSet[3][$link] == _formulize_DE_IMPORT_USERNAME || $importSet[3][$link] == _formulize_DE_IMPORT_FULLNAME || $importSet[3][$link] == _formulize_DE_IMPORT_PASSWORD || $importSet[3][$link] == _formulize_DE_IMPORT_EMAIL || $importSet[3][$link] == _formulize_DE_IMPORT_REGCODE || $importSet[3][$link] == _formulize_DE_IMPORT_IDREQCOL || $importSet[3][$link] == _formulize_DE_IMPORT_NEWENTRYID)) {
print "<p>Warning: column <b>" . $importSet[3][$link] . "</b> was not found in form.</p>";
$GLOBALS['formulize_ignoreColumnsOnImport'][$link] = true;
}
}
}
$rowCount = 1;
$currentFilePosition = ftell($importSet[1]);
// a container for any entry id overrides that a user has set in the spreadsheet
$useTheseEntryIds = array();
while (!feof($importSet[1])) {
$row = fgetcsv($importSet[1], 99999);
if (is_array($row) and count($row) > 1) {
$rowCount++;
$links = count($importSet[6]);
for ($link = 0; $link < $links; $link++) {
if (isset($GLOBALS['formulize_ignoreColumnsOnImport'][$link])) {
continue;
}
if ($link == $link - 1) {
$cell_value = str_replace(chr(19) . chr(16), "", $row[$link]);
} else {
$cell_value = $row[$link];
}
if (isset($importSet[5][0][$importSet[6][$link]])) {
// if this is an element, then extract that element from the array
$element = $importSet[5][0][$importSet[6][$link]];
} else {
$element = array();
}
if ($cell_value == "") {
if ($importSet[6][$link] == -1) {
// this is not a found column in the form
// disallow profile metdata fields from being blank
if (!is_array($id_reqs) and $importSet[4] == $regfid) {
if ($link == $importSet[7]['username'] or $link == $importSet[7]['fullname'] or $link == $row[$importSet[7]['password']] or $link == $importSet[7]['email'] or $link == $importSet[7]['regcode']) {
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>Field cannot be blank</b></li>";
}
} elseif (is_array($id_reqs) and $link == $importSet[7]['idreqs']) {
$errors[] = "<li>line " . $rowCount . ",<br> <b>No ID number specified</b></li>";
}
}
// need to respect required setting
if (isset($element['ele_req'])) {
if ($element['ele_req']) {
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>This column requires a value</b> (cell was blank)</li>";
}
}
} else {
// check columns not present in form...
if ($importSet[6][$link] == -1) {
if ($importSet[3][$link] == _formulize_DE_CALC_CREATOR) {
$uid = getUserId($cell_value);
if ($uid == 0) {
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>user not found</b>: " . $cell_value . "</li>";
}
}
// check validity of account creation stuff
if (!is_array($id_reqs) and $importSet[4] == $regfid) {
include_once XOOPS_ROOT_PATH . "/modules/reg_codes/include/functions.php";
$stop = userCheck($row[$importSet[7]['username']], $row[$importSet[7]['email']], $row[$importSet[7]['password']], $row[$importSet[7]['password']], $row[$importSet[7]['regcode']]);
if ($stop) {
$errors[] = "<li>line " . $rowCount . ",<br> <b>Invalid Registration Data:</b> {$stop}</li>";
}
}
// check validity of the idreqs
if (is_array($id_reqs) and $link == $importSet[7]['idreqs']) {
if (!in_array($cell_value, $id_reqs)) {
$errors[] = "<li>line " . $rowCount . ",<br> <b>Invalid ID number specified</b></li>";
}
}
// check validity of entry ids if a special entry_ids column is included
// store the entry ids that are specified, and then we'll check for the existence of any of them after we're done looping
if (isset($importSet[7]['usethisentryid']) and $link == $importSet[7]['usethisentryid']) {
$useTheseEntryIds[] = $cell_value;
}
} else {
// check columns from form
switch ($element["ele_type"]) {
case "select":
if (isset($importSet[5][1][$link]) and !strstr($cell_value, ",") and (!is_numeric($cell_value) or $cell_value < 10000000)) {
// Linked element, but allow entries with commas to pass through unvalidated, and also allow through numeric values with no commas, if they are really big (assumption is big numbers are some kind of special entry_id reference, as in the case of UofT)
$linkElement = $importSet[5][1][$link];
$ele_value = unserialize($element["ele_value"]);
if ($ele_value[1]) {
// Multiple options
//echo "Multiple options<br>";
$items = explode("\n", $cell_value);
//$all_valid_options = getElementOptions($linkElement[0], $linkElement[1]);
list($all_valid_options, $all_valid_options_ids) = getElementOptions($linkElement[2]['ele_handle'], $linkElement[2]['id_form']);
foreach ($items as $item) {
$item_value = trim($item);
if (!in_array($item_value, $all_valid_options)) {
$foundit = false;
foreach ($all_valid_options as $thisoption) {
if (trim($item_value) == stripslashes(trim(trans($thisoption)))) {
// stripslashes is necessary only because the data contains slashes in the database (which it should not, so this should be removed when that is fixed)
$foundit = true;
break;
}
}
if (!$foundit) {
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>found</b>: " . $item_value . ", <b>was expecting</b>: " . stripslashes(implode(", ", $all_valid_options)) . "</li>";
}
}
}
} else {
// Single option
list($all_valid_options, $all_valid_options_ids) = getElementOptions($linkElement[2]['ele_handle'], $linkElement[2]['id_form']);
if (!in_array($cell_value, $all_valid_options)) {
foreach ($all_valid_options as $thisoption) {
if (trim($cell_value) == stripslashes(trim(trans($thisoption)))) {
// stripslashes is necessary only because the data contains slashes in the database (which it should not, so this should be removed when that is fixed)
break 2;
}
}
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>found</b>: " . $cell_value . ", <b>was expecting</b>: " . stripslashes(implode(", ", $all_valid_options)) . "</li>";
}
}
} elseif (!strstr($cell_value, ",") and (!is_numeric($cell_value) or $cell_value < 10000000)) {
// Not-Linked element
$ele_value = unserialize($element["ele_value"]);
// handle fullnames or usernames
$temparraykeys = array_keys($ele_value[2]);
if ($temparraykeys[0] === "{FULLNAMES}" or $temparraykeys[0] === "{USERNAMES}") {
// ADDED June 18 2005 to handle pulling in usernames for the user's group(s) -- updated for real live use September 6 2006
if ($temparraykeys[0] === "{FULLNAMES}") {
$nametype = "name";
}
if ($temparraykeys[0] === "{USERNAMES}") {
$nametype = "uname";
}
if (!isset($fullnamelist)) {
$fullnamelistq = q("SELECT uid, {$nametype} FROM " . $xoopsDB->prefix("users"));
static $fullnamelist = array();
foreach ($fullnamelistq as $thisname) {
$fullnamelist[$thisname['uid']] = $thisname[$nametype];
}
}
if ($ele_value[1]) {
// multiple
$items = explode("\n", $cell_value);
} else {
$items = array(0 => $cell_value);
}
foreach ($items as $item) {
if (is_numeric($item)) {
if (!isset($fullnamelist[$item])) {
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>User Id</b>: " . $item . " <b>is not a valid id for a user</b></li>";
}
} else {
$uids = array_keys($fullnamelist, $item);
if (count($uids) == 0) {
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>Name</b>: " . $item . " <b>is not a valid name for a user</b></li>";
break;
}
}
}
break;
}
if ($ele_value[1]) {
// Multiple options
$options = $ele_value[2];
$items = explode("\n", $cell_value);
foreach ($items as $item) {
$item_value = trim($item);
if (!in_array($item_value, $options, true)) {
// last option causes strict matching by type
$foundit = false;
foreach ($options as $thisoption => $default_value) {
if (get_magic_quotes_gpc()) {
$thisoption = stripslashes($thisoption);
}
if (trim($item_value) == trim(trans($thisoption))) {
$foundit = true;
break;
}
}
if (!$foundit) {
for (reset($options); $key = key($options); next($options)) {
if (get_magic_quotes_gpc()) {
$key = stripslashes($key);
}
$result[] = $key;
}
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>found</b>: " . $item_value . ", <b>was expecting</b>: " . implode(", ", $result) . "</li>";
}
}
}
} else {
// Single option
$options = $ele_value[2];
if (!in_array($cell_value, $options, true)) {
// last option causes strict matching by type
// then do a check against the translated options
foreach ($options as $thisoption => $default_value) {
if (get_magic_quotes_gpc()) {
$thisoption = stripslashes($thisoption);
}
if (trim($cell_value) == trim(trans($thisoption))) {
break 2;
}
}
for (reset($options); $key = key($options); next($options)) {
if (get_magic_quotes_gpc()) {
$key = stripslashes($key);
}
$result[] = $key;
}
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>found</b>: " . $cell_value . ", <b>was expecting</b>: " . implode(", ", $result) . "</li>";
}
}
}
break;
case "checkbox":
$options = unserialize($element["ele_value"]);
$items = explode("\n", $cell_value);
foreach ($items as $item) {
$item_value = trim($item);
if (!in_array($item_value, $options, true)) {
// last option causes strict matching by type
$foundit = false;
$hasother = false;
foreach ($options as $thisoption => $default_value) {
if (get_magic_quotes_gpc()) {
$thisoption = stripslashes($thisoption);
}
if (trim($item_value) == trim(trans($thisoption))) {
$foundit = true;
}
if (preg_match('/\\{OTHER\\|+[0-9]+\\}/', $thisoption)) {
$hasother = true;
}
}
if (!$foundit and !$hasother) {
$keys_output = "";
for (reset($options); $key = key($options); next($options)) {
if (get_magic_quotes_gpc()) {
$key = stripslashes($key);
}
if ($keys_output != "") {
$keys_output .= ", ";
}
$keys_output .= $key;
}
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>found</b>: " . $item_value . ", <b>was expecting</b>: { " . $keys_output . " }</li>";
}
}
}
break;
case "radio":
$options = unserialize($element["ele_value"]);
if (!in_array($cell_value, $options, true)) {
// last option causes strict matching by type
// then do a check against the translated options
$foundit = false;
$hasother = false;
foreach ($options as $thisoption => $default_value) {
if (get_magic_quotes_gpc()) {
$thisoption = stripslashes($thisoption);
}
if (trim($cell_value) == trim(trans($thisoption))) {
$foundit = true;
}
if (preg_match('/\\{OTHER\\|+[0-9]+\\}/', $thisoption)) {
$hasother = true;
}
}
if (!$foundit and !$hasother) {
$keys_output = "";
for (reset($options); $key = key($options); next($options)) {
if (get_magic_quotes_gpc()) {
$key = stripslashes($key);
}
if ($keys_output != "") {
$keys_output .= ", ";
}
$keys_output .= $key;
}
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>found</b>: " . $cell_value . ", <b>was expecting</b>: { " . $keys_output . " }</li>";
}
}
break;
case "date":
$date_value = date("Y-m-d", strtotime($cell_value));
if ($date_value == "") {
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>found</b>: " . $cell_value . ", <b>was expecting</b>: YYYY-mm-dd</li>";
}
break;
case "yn":
if (is_numeric($cell_value)) {
if (!($cell_value == 1 || $cell_value == 2)) {
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>found</b>: " . $cell_value . ", <b>was expecting</b>: { 1, 2, " . _formulize_TEMP_QYES . ", " . _formulize_TEMP_QNO . " }</li>";
}
} else {
$yn_value = strtoupper($cell_value);
if (!($yn_value == strtoupper(_formulize_TEMP_QYES) || $yn_value == strtoupper(_formulize_TEMP_QNO))) {
// changed to use language constants
$errors[] = "<li>line " . $rowCount . ", column " . $importSet[3][$link] . ",<br> <b>found</b>: " . $cell_value . ", <b>was expecting</b>: { 1, 2, " . _formulize_TEMP_QYES . ", " . _formulize_TEMP_QNO . " }</li>";
}
}
break;
}
}
}
}
}
}
// check validity of any entry ids the user has set
if (count($useTheseEntryIds) > 0) {
global $xoopsDB;
$checkIdsSQL = "SELECT entry_id FROM " . $xoopsDB->prefix("formulize_" . $importSet[8]) . " WHERE entry_id IN (" . implode(",", $useTheseEntryIds) . ")";
$checkIdsRes = $xoopsDB->query($checkIdsSQL);
while ($checkIdsArray = $xoopsDB->fetchArray($checkIdsRes)) {
$errors[] = "<li><b>Entry id " . $checkIdsArray['entry_id'] . " is already in use.</b> You cannot import new data with an existing entry id.</li>";
}
}
fseek($importSet[1], $currentFilePosition);
echo $output . "</ol>";
return empty($errors) ? true : false;
}
echo '</form>';
} else {
echo '<span style="color:#ff0000;">' . $stop . '</span>';
echo '<br />' . _MD_XOONIPS_ACCOUNT_EXPLAIN_REQUIRED_MARK . '<br />' . "\n";
include 'include/registerform.php';
$reg_form->display();
}
include XOOPS_ROOT_PATH . '/footer.php';
break;
case 'finish':
if (!$xoopsGTicket->check(true, 'register_finish', false)) {
redirect_header(XOOPS_URL . '/', 3, $xoopsGTicket->getErrors());
exit;
}
include XOOPS_ROOT_PATH . '/header.php';
$stop = userCheck($uname, $email, $pass, $vpass);
$stop .= userCheckXooNIps($realname, $address, $company_name, $division, $tel, $country, $zipcode, $fax, $notice_mail);
if (empty($stop)) {
$member_handler =& xoops_gethandler('member');
$newuser =& $member_handler->createUser();
$newuser->setVar('user_viewemail', $user_viewemail, true);
// not gpc
$newuser->setVar('uname', $uname, true);
// not gpc
$newuser->setVar('email', $email, true);
// not gpc
if ($url != '') {
$newuser->setVar('url', formatURL($url), true);
// not gpc
}
$newuser->setVar('user_avatar', 'blank.gif', true);
}
echo '</div><br />';
$op = 'editprofile';
} else {
$member_handler =& xoops_gethandler('member');
$edituser =& $member_handler->getUser($uid);
if ($xoopsModuleConfig['allow_chgmail'] == 1) {
$edituser->setVar('email', $email);
}
$edituser->setVar('name', $myts->stripSlashesGPC(trim($_POST['name'])));
$edituser->setVar('uname', $myts->stripSlashesGPC(trim($_POST['uname'])));
if ($xoopsUser->isAdmin()) {
$edituser->setVar('rank', intval($_POST['rank']));
$edituser->setVar('loginname', $myts->stripSlashesGPC(trim($_POST['loginname'])));
}
$stop = userCheck($edituser);
if (!empty($stop)) {
echo "<span style='color:#ff0000;'>{$stop}</span>";
redirect_header('userinfo.php?uid=' . $uid, 2);
}
// Dynamic fields
$profile_handler =& xoops_gethandler('profile');
// Get fields
$fields =& $profile_handler->loadFields();
// Get ids of fields that can be edited
$gperm_handler =& xoops_gethandler('groupperm');
$editable_fields =& $gperm_handler->getItemIds('profile_edit', $xoopsUser->getGroups(), $xoopsModule->getVar('mid'));
foreach (array_keys($fields) as $i) {
if (in_array($fields[$i]->getVar('fieldid'), $editable_fields)) {
$edituser->setVar($fields[$i]->getVar('field_name'), $fields[$i]->getValueForSave($_REQUEST[$fields[$i]->getVar('field_name')]));
}
$reg_form =& getRegisterForm($newuser);
$reg_form->display();
}
break;
case 'finish':
if (!$GLOBALS['xoopsSecurity']->check()) {
echo implode('<br />', $GLOBALS['xoopsSecurity']->getErrors());
break;
}
$stop = '';
if ($xoopsModuleConfig['display_disclaimer'] != 0 && $xoopsModuleConfig['disclaimer'] != '') {
if (empty($agree_disc)) {
$stop .= _PROFILE_MA_UNEEDAGREE . '<br />';
}
}
$stop = userCheck($newuser);
if (empty($stop)) {
$newuser->setVar('pass', $_POST['pass']);
$newuser->setVar('user_avatar', 'blank.gif');
$actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);
$newuser->setVar('actkey', $actkey);
$newuser->setVar('user_regdate', time());
if ($xoopsModuleConfig['activation_type'] == 1) {
$newuser->setVar('level', 1);
}
$profile_handler =& xoops_gethandler('profile');
// Get fields
$fields =& $profile_handler->loadFields();
if (count($fields) > 0) {
foreach (array_keys($fields) as $i) {
$fieldname = $fields[$i]->getVar('field_name');
<?php
include_once 'include/view-helper.php';
// Les erreurs de remplisssement du formulaire
$errors = [];
// Empêche un utilisateur connecté d'accéder au formulaire
if (userCheck()) {
redirect('index.php');
}
// Verifie que les paramètres requis sont présents
if (verifyKeysIn($_POST, 'submit', 'name', 'pwd')) {
// Essaie de connecter l'utilisateur
$logged = userLogin($_POST['name'], $_POST['pwd']);
if ($logged) {
redirect('index.php');
} else {
$errors[] = 'Pseudo ou mot de passe incorrect';
}
}
head();
?>
<h1>Connexion</h1>
<?php
// Les éventuelles erreurs
if (count($errors) > 0) {
?>
<div class="errors">
<ul>
<?php
foreach ($errors as $error) {
echo '<li>' . $error . '</li>';
function finishNewUser($username, $user_email, $user_password, $random_num, $gfx_check)
{
global $stop, $EditedMessage, $adminmail, $sitename, $Default_Theme, $user_prefix, $db, $storyhome, $module_name, $nukeurl;
include "header.php";
include "config.php";
userCheck($username, $user_email);
$user_email = validate_mail($user_email);
$user_regdate = date("M d, Y");
$user_password = htmlspecialchars(stripslashes($user_password));
if (!isset($stop)) {
$datekey = date("F j");
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $random_num . $datekey));
$code = substr($rcode, 2, 6);
if (extension_loaded("gd") and $code != $gfx_check and ($gfx_chk == 3 or $gfx_chk == 4 or $gfx_chk == 6 or $gfx_chk == 7)) {
Header("Location: modules.php?name={$module_name}");
die;
}
mt_srand((double) microtime() * 1000000);
$maxran = 1000000;
$check_num = mt_rand(0, $maxran);
$check_num = md5($check_num);
$time = time();
$finishlink = "{$nukeurl}/modules.php?name={$module_name}&op=activate&username={$username}&check_num={$check_num}";
$new_password = md5($user_password);
$new_password = htmlspecialchars(stripslashes($new_password));
$username = substr(htmlspecialchars(str_replace("\\'", "'", trim($username))), 0, 25);
$username = rtrim($username, "\\");
$username = str_replace("'", "\\'", $username);
$user_email = filter($user_email, "nohtml", 1);
$result = $db->sql_query("INSERT INTO " . $user_prefix . "_users_temp (user_id, username, user_email, user_password, user_regdate, check_num, time) VALUES (NULL, '{$username}', '{$user_email}', '{$new_password}', '{$user_regdate}', '{$check_num}', '{$time}')");
if (!$result) {
echo "" . _ERROR . "<br>";
} else {
$message = "" . _WELCOMETO . " {$sitename}!\n\n" . _YOUUSEDEMAIL . " ({$user_email}) " . _TOREGISTER . " {$sitename}.\n\n " . _TOFINISHUSER . "\n\n {$finishlink}\n\n " . _FOLLOWINGMEM . "\n\n" . _UNICKNAME . " {$username}\n" . _UPASSWORD . " {$user_password}";
$subject = "" . _ACTIVATIONSUB . "";
$from = "{$adminmail}";
mail($user_email, $subject, $message, "From: {$from}\nX-Mailer: PHP/" . phpversion());
title("{$sitename}: " . _USERREGLOGIN . "");
OpenTable();
echo "<center><b>" . _ACCOUNTCREATED . "</b><br><br>";
echo "" . _YOUAREREGISTERED . "" . "<br><br>" . "" . _FINISHUSERCONF . "<br><br>" . "" . _THANKSUSER . " {$sitename}!</center>";
CloseTable();
}
} else {
echo "{$stop}";
}
include "footer.php";
}
<?php
$GLOBALS['URL'] = "localhost/CharityChainProject";
// The final URL of the website
if (!isset($GLOBALS['fileroot'])) {
$GLOBALS['fileroot'] = '/var/www/CharityChainProject';
//The absolute path to the root of the website
}
//this part at the top is used in response to AJAX requests and sends the requests to the proper functions
if (isset($_GET['option'])) {
$option = strtoupper($_GET['option']);
switch ($option) {
case 'VERIFY':
userCheck($_GET['userID']);
break;
case 'LOGIN':
userLogin($_GET['uname'], $_GET['pwd']);
break;
case 'SIGNUP':
userSignup($_GET['uname'], $_GET['pswd'], $_GET['email']);
break;
case 'CONFIRM':
tempToReal($_GET['confcode']);
break;
default:
echo "Fatal ERROR: Option flag not recognized";
break;
}
}
//The contentGen function takes an XML file, looks through it and returns the text between the corrisponding LOCATION_ID tags
function contentGen($LOCATION_ID)
