/** * Save article * * @param string $bid * @return void */ public function update($bid) { // load dictionaries $this->dict->get_words(); // get article id $mod = new Article_model(); $item = $mod->get_by_bid($bid); // check permission AdmUtils_helper::chklevel($_SESSION['xuid'], 'articles', $item->id, 2); // only if there are differences if ($item->content != $_POST['content']) { // tinymce $post = array('bid' => $bid, 'id_area' => $item->id_area, 'lang' => $item->lang, 'code_context' => $item->code_context, 'id_page' => $item->id_page, 'date_in' => time(), 'xkeys' => $item->xkeys, 'name' => $item->name, 'content' => $_POST['content'], 'excerpt' => 0, 'author' => $_SESSION['mail'], 'module' => $item->module, 'param' => $item->param, 'id_editor' => $_SESSION['xuid'], 'xon' => AUTOREFRESH); // insert new article's version $result = $mod->insert($post); if ($result[1]) { // add permission $perm = new Permission_model(); // privs permissions $array[] = array('action' => 'insert', 'id_what' => $result[0], 'id_user' => $_SESSION['xuid'], 'level' => 4); $res = $perm->pexec('articles', $array, $item->id_area); } // set message X4Utils_helper::set_msg($result); echo $_SESSION['msg']; unset($_SESSION['msg']); } else { echo ''; } }
/** * Reset password * send an email with new credentials * * @param integer $id User ID * @param string $md5 Encrypted verification code * @return void */ public function reset($id, $md5) { $mod = new X4Auth_model('users'); $user = $mod->get_by_id($id, 'users', 'last_in, password, mail, username'); if ($user) { // user exists if (md5($user->last_in . SITE . $user->password) == $md5 && time() - strtotime($user->last_in) < 604800) { $new_pwd = X4Text_helper::random_string(6); $result = $mod->reset($user->mail, $new_pwd); if ($result) { // load dictionary $this->dict->get_wordarray(array('login', 'pwd_recovery')); $src = array('XXXUSERNAMEXXX', 'XXXPASSWORDXXX'); $rpl = array($user->username, $new_pwd); $view = new X4View_core(X4Utils_helper::set_tpl('mail')); $view->subject = SERVICE . ' - ' . _RECOVERY_SUBJECT; $view->message = str_replace($src, $rpl, _RECOVERY_BODY_RESET); // build msg $body = $view->__toString(); $msg = mb_convert_encoding($body, 'ISO-8859-1', 'auto'); // recipients $to = array(array('mail' => $user->mail, 'name' => $user->username)); $check = X4Mailer_helper::mailto(MAIL, true, $view->subject, $msg, $to, array()); X4Utils_helper::set_msg($check, _RECOVERY_PWD_OK, _MSG_ERROR); header('Location: ' . BASE_URL . 'login/recovery'); die; } // log if (LOGS) { $mod->logger($user->id, 1, 'users', 'recovery password completed for ' . $user->mail); } } else { if (LOGS) { $mod->logger($user->id, 1, 'users', 'recovery password failed for ' . $user->mail); } } } else { if (LOGS) { $mod->logger($user->id, 1, 'users', 'recovery password attempt from unknown id ' . $id); } } X4Utils_helper::set_msg(false, '', _RECOVERY_PWD_ERROR); header('Location: ' . BASE_URL . 'login/recovery'); die; }