} $sql = "SELECT login.*, {$creditColumns}, {$createColumns} FROM {$server->loginDatabase}.login "; $sql .= "LEFT OUTER JOIN {$server->loginDatabase}.{$creditsTable} AS credits ON login.account_id = credits.account_id "; $sql .= "LEFT OUTER JOIN {$server->loginDatabase}.{$createTable} AS created ON login.account_id = created.account_id "; $sql .= "WHERE login.sex != 'S' AND login.group_id >= 0 AND login.account_id = ? LIMIT 1"; $sth = $server->connection->getStatement($sql); $sth->execute(array($accountID)); // Account object. $account = $sth->fetch(); if ($account) { $title = sprintf(Flux::message('AccountViewTitle2'), $account->userid); } } else { $title = Flux::message('AccountViewTitle3'); } $level = AccountLevel::getGroupLevel($account->group_id); $banSuperior = $account && ($level > $session->account->group_level && $auth->allowedToBanHigherPower || $level <= $session->account->group_level); $canTempBan = !$isMine && $banSuperior && $auth->allowedToTempBanAccount; $canPermBan = !$isMine && $banSuperior && $auth->allowedToPermBanAccount; $tempBanned = $account && $account->unban_time > 0; $permBanned = $account && $account->state == 5; $showTempBan = !$isMine && !$tempBanned && !$permBanned && $auth->allowedToTempBanAccount; $showPermBan = !$isMine && !$permBanned && $auth->allowedToPermBanAccount; $showUnban = !$isMine && ($tempBanned && $auth->allowedToTempUnbanAccount) || $permBanned && $auth->allowedToPermUnbanAccount; if (count($_POST) && $account) { $reason = (string) $params->get('reason'); if ($params->get('tempban') && ($tempBanDate = $params->get('tempban_date'))) { if ($canTempBan) { if ($server->loginServer->temporarilyBan($session->account->account_id, $reason, $account->account_id, $tempBanDate)) { $formattedDate = $this->formatDateTime($tempBanDate); $session->setMessageData("Account has been temporarily banned until {$formattedDate}.");
if (!$groupName || !($loginAthenaGroup = Flux::getServerGroupByName($groupName))) { $loginAthenaGroup = $session->loginAthenaGroup; } $sql = "SELECT account_id, user_pass, group_id FROM {$loginAthenaGroup->loginDatabase}.login WHERE "; if ($loginAthenaGroup->loginServer->config->getNoCase()) { $sql .= 'LOWER(userid) = LOWER(?) '; } else { $sql .= 'BINARY userid = ? '; } $sql .= "AND email = ? AND state = 0 AND sex IN ('M', 'F') LIMIT 1"; $sth = $loginAthenaGroup->connection->getStatement($sql); $sth->execute(array($userid, $email)); $row = $sth->fetch(); if ($row) { $groups = AccountLevel::getArray(); if (AccountLevel::getGroupLevel($row->group_id) >= Flux::config('NoResetPassGroupLevel')) { $errorMessage = Flux::message('ResetPassDisallowed'); } else { $code = md5(rand() + $row->account_id); $sql = "INSERT INTO {$loginAthenaGroup->loginDatabase}.{$resetPassTable} "; $sql .= "(code, account_id, old_password, request_date, request_ip, reset_done) "; $sql .= "VALUES (?, ?, ?, NOW(), ?, 0)"; $sth = $loginAthenaGroup->connection->getStatement($sql); $res = $sth->execute(array($code, $row->account_id, $row->user_pass, $_SERVER['REMOTE_ADDR'])); if ($res) { require_once 'Flux/Mailer.php'; $name = $loginAthenaGroup->serverName; $link = $this->url('account', 'resetpw', array('_host' => true, 'code' => $code, 'account' => $row->account_id, 'login' => $name)); $mail = new Flux_Mailer(); $sent = $mail->send($email, 'Reset Password', 'resetpass', array('AccountUsername' => $userid, 'ResetLink' => htmlspecialchars($link))); }
<?php // Module variables are available in page menus. // However, access group_id checking must be done directly from the page menu. // Minimal access checking such as $auth->actionAllowed('moduleName', 'actionName') should be performed. $groups = AccountLevel::getArray(); $pageMenu = array(); if ((AccountLevel::getGroupLevel($account->group_id) <= $session->account->group_level || $auth->allowedToEditHigherPower) && $auth->actionAllowed('account', 'edit')) { $pageMenu[Flux::message('ModifyAccountLink')] = $this->url('account', 'edit', array('id' => $account->account_id)); } return $pageMenu;
/** * Initialize session data. * * @param bool $force * @return bool * @access private */ private function initialize($force = false) { $keysToInit = array('username', 'serverName', 'athenaServerName', 'securityCode'); foreach ($keysToInit as $key) { if ($force || !$this->{$key}) { $method = ucfirst($key); $method = "set{$method}Data"; $this->{$method}(null); } } $loggedIn = true; if (!$this->username) { $loggedIn = false; $cfgAthenaServerName = Flux::config('DefaultCharMapServer'); $cfgLoginAthenaGroup = Flux::config('DefaultLoginGroup'); if (Flux::getServerGroupByName($cfgLoginAthenaGroup)) { $this->setServerNameData($cfgLoginAthenaGroup); } else { $defaultServerName = current(array_keys(Flux::$loginAthenaGroupRegistry)); $this->setServerNameData($defaultServerName); } } if ($this->serverName && ($this->loginAthenaGroup = Flux::getServerGroupByName($this->serverName))) { $this->loginServer = $this->loginAthenaGroup->loginServer; if (!$loggedIn && $cfgAthenaServerName && $this->getAthenaServer($cfgAthenaServerName)) { $this->setAthenaServerNameData($cfgAthenaServerName); } if (!$this->athenaServerName || (!$loggedIn && !$this->getAthenaServer($cfgAthenaServerName) || !$this->getAthenaServer($this->athenaServerName))) { $this->setAthenaServerNameData(current($this->getAthenaServerNames())); } } // Get new account data every request. if ($this->loginAthenaGroup && $this->username && ($account = $this->getAccount($this->loginAthenaGroup, $this->username))) { $this->account = $account; $this->account->group_level = AccountLevel::getGroupLevel($account->group_id); // Automatically log out of account when detected as banned. $permBan = $account->state == 5 && !Flux::config('AllowPermBanLogin'); $tempBan = $account->unban_time > 0 && $account->unban_time < time() && !Flux::config('AllowTempBanLogin'); if ($permBan || $tempBan) { $this->logout(); } } else { $this->account = new Flux_DataObject(null, array('group_level' => AccountLevel::UNAUTH)); } //if (!$this->isLoggedIn()) { // $this->setServerNameData(null); // $this->setAthenaServerNameData(null); //} if (!is_array($this->cart)) { $this->setCartData(array()); } if ($this->account->account_id && $this->loginAthenaGroup) { if (!array_key_exists($this->loginAthenaGroup->serverName, $this->cart)) { $this->cart[$this->loginAthenaGroup->serverName] = array(); } foreach ($this->getAthenaServerNames() as $athenaServerName) { $athenaServer = $this->getAthenaServer($athenaServerName); $cartArray =& $this->cart[$this->loginAthenaGroup->serverName]; $accountID = $this->account->account_id; if (!array_key_exists($accountID, $cartArray)) { $cartArray[$accountID] = array(); } if (!array_key_exists($athenaServerName, $cartArray[$accountID])) { $cartArray[$accountID][$athenaServerName] = new Flux_ItemShop_Cart(); } $cartArray[$accountID][$athenaServerName]->setAccount($this->account); $athenaServer->setCart($cartArray[$accountID][$athenaServerName]); } } return true; }