function searchUsers($get)
{
/***
*
***/
global $udb, $login_status;
$q = $udb->sanitize($get['q']);
$response = array('search' => $q);
$search = array('username' => $q, 'name' => $q, 'dblink' => $q);
$cols = array('username', 'name', 'dblink', "email_verified", "alternate_email_verified", "admin_flag", "alternate_email");
if (!empty($get['cols'])) {
if (checkUserColumnExists($get['cols'], false)) {
# Replace the defaults
$colList = explode(',', $get['cols']);
$search = array();
foreach ($colList as $col) {
$col = trim($col);
# If the column exists, we don't have to sanitize it
# $col = $db->sanitize($col);
$search[$col] = $q;
$cols[] = $col;
}
} else {
$response['notice'] = 'Invalid columns; defaults used';
$response["detail"] = checkUserColumnExists($get["cols"], false, true);
}
}
$response['status'] = true;
$result = $udb->getQueryResults($search, $cols, 'OR', true, true);
$suFlag = $login_status['detail']['userdata']['su_flag'];
$isSu = boolstr($suFlag);
$adminFlag = $login_status['detail']['userdata']['admin_flag'];
$isAdmin = boolstr($adminFlag);
foreach ($result as $k => $entry) {
$clean = array('email' => $entry['username'], 'uid' => $entry['dblink'], "has_verified_email" => boolstr($entry["email_verified"]) || boolstr($entry["alternate_email_verified"]));
if ($isAdmin) {
$clean["is_admin"] = boolstr($entry["admin_flag"]);
$clean["alternate_email"] = $entry["alternate_email"];
$tmpUser = new UserFunctions($clean["email"]);
$clean["unrestricted"] = $tmpUser->meetsRestrictionCriteria();
}
$nameXml = $entry['name'];
$xml = new Xml();
$xml->setXml($nameXml);
$clean['first_name'] = htmlspecialchars_decode($xml->getTagContents('fname'));
$clean['last_name'] = htmlspecialchars_decode($xml->getTagContents('lname'));
$clean['full_name'] = htmlspecialchars_decode($xml->getTagContents('name'));
$clean['handle'] = $xml->getTagContents('dname');
$result[$k] = $clean;
}
$response['result'] = $result;
$response['count'] = sizeof($result);
returnAjax($response);
}
$altPhone = "<p>Congratulations! Your phone number is verified.</p>";
} catch (Exception $e) {
$needPhone = false;
$deferredJS .= "console.warn('An exception was thrown checking for SMS-ability:','" . $e->getMessage() . "');\n";
$altPhone = "<p>You don't have a phone number registered with us. Please go to account settings and add a phone number.</p>";
}
$verifyphone_link = $needPhone ? "<li><a href='?q=verify'>Verify Phone</a></li>" : null;
$phone_verify_form = $needPhone ? $phone_verify_template : $altPhone;
} catch (Exception $e) {
# There have been no cookies set.
$logged_in = false;
$twofactor = "Please log in.";
}
if ($logged_in) {
$xml->setXml($_COOKIE[$cookieperson]);
$full_name = $xml->getTagContents("<name>");
$first_name = $xml->getTagContents("<fname>");
$display_name = $xml->getTagContents("<dname>");
if (empty($first_name)) {
$first_name = $_COOKIE[$cookieperson];
}
} else {
if ($captive_login) {
header("Refresh: 0; url={$baseurl}");
$deferredJS .= "\nwindow.location.href=\"{$baseurl}\";";
}
}
// $random = "<li><a href='#' id='totp_help'>Help with Two-Factor Authentication</a></li>";
try {
$has2fa = strbool($user->has2FA());
} catch (Exception $e) {
public function writeToUser($data, $col, $validation_data = null, $replace = true, $alert_forbidden_column = true)
{
/***
* Write data to a user column.
*
* @param string $data the data to be written
* @param string $col the database column to be written to
* @param array $validation_data data to verify access to the
* user. An array of "password"=>$password or manually provided
* cookie data with $this->linkColumn as the key. If this isn't
* provided, cookies are used.
* @param bool $replace whether to replace existing
* data. Otherwise, it appends. Default: true.
* @return
***/
$vmeta = false;
$error = false;
if (empty($data) || empty($col)) {
return array('status' => false, 'error' => 'Bad request');
}
$validated = false;
if (is_array($validation_data)) {
if (array_key_exists($this->linkColumn, $validation_data) && !empty($validation_data[$this->linkColumn])) {
// confirm with validateUser();
$validated = $this->validateUser($validation_data[$this->linkColumn], $validation_data['hash'], $validation_data['secret']);
$method = 'Confirmation token';
$where_col = $this->linkColumn;
$user = $validation_data[$this->linkColumn];
} elseif (array_key_exists('password', $validation_data)) {
# confirm with lookupUser();
# If TOTP is enabled, this lookup will always fail ...
$vmeta = $this->lookupUser($validation_data['username'], $validation_data['password']);
$validated = $vmeta[0];
if ($validated) {
$this->getUser(array('username' => $validation_data['username']));
}
$method = 'Password';
} elseif (array_key_exists('application_verification', $validation_data)) {
# The user is accessing through an app. Check the
# verification chain.
$status = $this->verifyApp($validation_data['application_verification']);
if ($status['status'] !== true) {
// array("status"=>false,"error"=>"Bad application verification","human_error"=>"There was a problem verifying the application","app_error_code"=>106);
return $status;
}
} else {
return array('status' => false, 'error' => 'Bad validation data');
}
} else {
$validated = $this->validateUser();
$method = 'Cookie';
}
if ($validated) {
$userdata = $this->getUser();
$where_col = $this->linkColumn;
$user = $userdata[$where_col];
if (empty($user)) {
return array('status' => false, 'error' => 'Problem assigning user');
}
// write it to the db
// replace or append based on flag
$real_col = $this->sanitize($col, true);
if (!$replace) {
# pull the existing data ...
$l = $this->openDB();
$prequery = "SELECT `{$real_col}` FROM `" . $this->getTable() . "` WHERE `{$where_col}`='{$user}'";
# Look for relevent JSON entries or XML entries and replace them
$r = mysqli_query($l, $prequery);
$row = mysqli_fetch_row($r);
$d = $row[0];
$jd = json_decode($d, true);
if ($jd == null) {
# XML -- only takes one tag in!!
$xml_data = explode('</', $data);
$tag = array_pop($xml_data);
$tag = $this->sanitize(substr($tag, 0, -1));
$tag = '<' . $tag . '>';
$xml = new Xml();
$xml->setXml($data);
$tag_data = $xml->getTagContents($tag);
$clean_tag_data = $this->sanitize($tag_data);
$new_data = $xml->updateTag($tag, $clean_tag_data);
} else {
$jn = json_decode($data, true);
foreach ($jn as $k => $v) {
$ck = $this->sanitize($k);
$cv = $this->sanitize($v);
$jd[$ck] = $cv;
}
$new_data = json_encode($jd);
}
$real_data = mysqli_real_escape_string($l, $new_data);
} else {
$real_data = $this->sanitize($data);
}
if (empty($real_data)) {
return array('status' => false, 'error' => 'Invalid input data (sanitization error)');
}
$query = 'UPDATE `' . $this->getTable() . "` SET `{$real_col}`=\"" . $real_data . "\" WHERE `{$where_col}`='{$user}'";
$l = $this->openDB();
mysqli_query($l, 'BEGIN');
$r = mysqli_query($l, $query);
$finish_query = $r ? 'COMMIT' : 'ROLLBACK';
if ($finish_query == 'ROLLBACK') {
$error = mysqli_error($l);
}
$r2 = mysqli_query($l, $finish_query);
return array('status' => $r, 'data' => $data, 'col' => $col, 'action' => $finish_query, 'result' => $r2, 'method' => $method, 'error' => $error);
} else {
return array('status' => false, 'error' => 'Bad validation', 'method' => $method, 'validated_meta' => $vmeta, 'working_data' => $validation_data, 'link_col' => $this->linkColumn);
}
#,"validated_details_token"=>$this->validateUser($validation_data[$this->linkColumn],$validation_data['hash'],$validation_data['secret'],true));
}