function logout($VAR) { global $C_debug, $C_translate; $db =& DB(); # get the account id (for DB mapping): $q = "SELECT account_id FROM " . AGILE_DB_PREFIX . "session WHERE\n\t\t\t id = '" . SESS . "' AND\n\t\t\t site_id = '" . DEFAULT_SITE . "'"; $result = $db->Execute($q); $account_id = $result->fields['account_id']; # logout the current session by editing the database record $q = "UPDATE " . AGILE_DB_PREFIX . "session SET logged='0'\n\t\t\t WHERE id = '" . SESS . "' AND\n\t\t\t site_id = '" . DEFAULT_SITE . "'"; $result = $db->Execute($q); # delete any session caches! $q = 'DELETE FROM ' . AGILE_DB_PREFIX . 'session_auth_cache WHERE session_id = ' . $db->qstr(SESS) . ' AND site_id = ' . $db->qstr(DEFAULT_SITE); $db->Execute($q); # logout success: $C_debug->alert($C_translate->translate('logout_success', '', '')); #################################################################### ### Do any db_mapping #################################################################### $sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'module WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND name = ' . $db->qstr('db_mapping') . ' AND status = ' . $db->qstr("1"); $result = $db->Execute($sql); if ($result->RecordCount() > 0) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); $db_map->logout($account_id); } }
function update_account_groups($VAR) { global $C_auth; $ii = 0; @($groups = $VAR['groups']); @($account = $VAR['account_admin_id']); # admin accounts groups cannot be altered # user cannot modify their own groups if ($account == "1" || SESS_ACCOUNT == $account) { return false; } ### Drop the current groups for this account: # generate the full query $dba =& DB(); $q = "DELETE FROM " . AGILE_DB_PREFIX . "account_group\n\t\t\t WHERE\n\t\t\t service_id IS NULL AND\n\t\t\t account_id = " . $dba->qstr($account) . " AND \n\t\t\t site_id = " . $dba->qstr(DEFAULT_SITE); # execute the query $result = $dba->Execute($q); #loop through the array to add each account_group record for ($i = 0; $i < count($groups); $i++) { # verify the admin adding this account is authorized # for this group themselves, otherwise skip if ($C_auth->auth_group_by_id($groups[$i])) { # add the account to the selected groups... $dba =& DB(); # determine the record id: $this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id'); # determine the expiration if (!empty($VAR['account_admin_date_expire'])) { include_once PATH_CORE . 'validate.inc.php'; $validate = new CORE_validate(); $expire = $validate->DateToEpoch(DEFAULT_DATE_FORMAT, $VAR['account_admin_date_expire']); } else { $expire = 0; } # generate the full query $q = "INSERT INTO " . AGILE_DB_PREFIX . "account_group\n\t\t\t\t\t SET\n\t\t\t\t\t id = " . $dba->qstr($this->new_id) . ",\n\t\t\t\t\t date_orig = " . $dba->qstr(time()) . ",\n\t\t\t\t\t date_expire = " . $dba->qstr($expire) . ",\n\t\t\t\t\t group_id = " . $dba->qstr($groups[$i]) . ",\n\t\t\t\t\t account_id = " . $dba->qstr($account) . ",\n\t\t\t\t\t active = " . $dba->qstr('1') . ",\n\t\t\t\t\t site_id = " . $dba->qstr(DEFAULT_SITE); # execute the query $result = $dba->Execute($q); $ii++; # error reporting: if ($result === false) { global $C_debug; $C_debug->error('account_admin.inc.php', 'update_account_groups', $dba->ErrorMsg()); } } } ### Add default group if ($ii == 0) { # add the account to the selected groups... $dba =& DB(); # determine the record id: $this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id'); # generate the full query $q = "INSERT INTO " . AGILE_DB_PREFIX . "account_group\n\t\t\t\t\tSET\n\t\t\t\t\tid = " . $dba->qstr($this->new_id) . ",\n\t\t\t\t\tdate_orig = " . $dba->qstr(time()) . ",\n\t\t\t\t\tdate_expire = " . $dba->qstr(@$expire) . ",\n\t\t\t\t\tgroup_id = " . $dba->qstr(DEFAULT_GROUP) . ",\n\t\t\t\t\taccount_id = " . $dba->qstr($account) . ",\n\t\t\t\t\tactive = " . $dba->qstr('1') . ",\n\t\t\t\t\tsite_id = " . $dba->qstr(DEFAULT_SITE); $result = $dba->Execute($q); if ($result === false) { global $C_debug; $C_debug->error('account_admin.inc.php', 'update_account_groups', $dba->ErrorMsg()); } } ### Remove the user's session_auth_cache so it is regenerated on user's next pageview $db =& DB(); $q = "SELECT id FROM " . AGILE_DB_PREFIX . "session WHERE\n\t\t\t account_id = " . $db->qstr($account) . " AND\n\t\t\t site_id = " . $db->qstr(DEFAULT_SITE); $rss = $db->Execute($q); while (!$rss->EOF) { $q = "DELETE FROM " . AGILE_DB_PREFIX . "session_auth_cache WHERE\n\t\t\t\t session_id = " . $db->qstr($rss->fields['id']) . " AND \n\t\t\t\t site_id \t = " . $db->qstr(DEFAULT_SITE); $db->Execute($q); $rss->MoveNext(); } ### Do any db_mapping global $C_list; if ($C_list->is_installed('db_mapping')) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); $db_map->account_group_sync($account); } }
function account_group_sync($account_id) { if ($this->map['group_type'] == 'db') { $db_map = new db_mapping(); return $db_map->MAP_account_group_sync_db($account_id, $this); } elseif ($this->map['group_type'] == 'status') { $db_map = new db_mapping(); return $db_map->MAP_account_group_sync_status($account_id, $this); } elseif ($this->map['group_type'] == 'db-status') { $db_map = new db_mapping(); return $db_map->MAP_account_group_sync_db_status($account_id, $this); } else { return false; } }
function account_group_sync($account_id) { $db_map = new db_mapping(); return $db_map->MAP_account_group_sync_db_status($account_id, $this); }
function account_group_sync($account_id) { $db_map = new db_mapping(); $db_map->MAP_account_group_sync_db_status($account_id); ### Get the local account details $db =& DB(); $sql = 'SELECT username,email FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($account_id); $result = $db->Execute($sql); if ($result === false) { global $C_debug; $C_debug->error('Mambo_4_5.php', 'account_group_sync:1', $db->ErrorMsg()); return; } $user = $result->fields['username']; $email = $result->fields['email']; ### Get the remote account id, username, and group ID: $dbm = new db_mapping(); $db2 = $dbm->DB_connect(false, $this->map['map']); eval('@$db_prefix = DB2_PREFIX' . strtoupper($this->map['map']) . ';'); $sql = "SELECT id,gid,username FROM " . $db_prefix . "" . $this->map['account_map_field'] . ' WHERE ' . $this->map['account_fields']['username']['map_field'] . " = " . $db2->qstr($user); $result = $db2->Execute($sql); if ($result === false) { global $C_debug; $C_debug->error('Mambo_4_5.php', 'account_group_sync:2', $db2->ErrorMsg()); return; } $id = $result->fields['id']; $user = $result->fields['username']; $gid = $result->fields['gid']; # Clear old values: $sql = "DELETE FROM " . $db_prefix . "core_acl_aro WHERE value = {$id}"; $result = $db2->Execute($sql); # add the core_acl_aro record $sql = "INSERT INTO " . $db_prefix . "core_acl_aro SET \n section_value \t= 'users',\n value\t\t\t= {$id},\n name\t\t\t= " . $db2->qstr($user); $result = $db2->Execute($sql); # Get the ID just inserted: $sql = "SELECT aro_id FROM " . $db_prefix . "core_acl_aro WHERE value = {$id}"; $result = $db2->Execute($sql); $aro_id = $result->fields['aro_id']; $sql = "DELETE FROM " . $db_prefix . "core_acl_groups_aro_map WHERE aro_id = {$aro_id}"; $result = $db2->Execute($sql); if ($gid > 0 && $aro_id > 0) { # add the core_acl_groups_aro_map record $sql = "INSERT INTO " . $db_prefix . "core_acl_groups_aro_map SET \n\t \t\t\tgroup_id\t\t= {$gid},\n\t \t\t\taro_id\t\t\t= {$aro_id}"; $result = $db2->Execute($sql); # unblock $sql = "UPDATE " . $db_prefix . $this->map['account_map_field'] . "\n\t SET block = 0\n\t WHERE id = {$id}"; $result = $db2->Execute($sql); } else { /* This member gets access to nothing. Mambo doesn't have a group we can grant the users that allows them only public access articles. Lame. After studying mambo's group system in depth, it makes no sense how something so complicated (6 tables?) can not be used to control access to the articles?! Wit a CMS system, it is all about the content and if you have groups, you should be able to display/hide content based on the user's group membership. However, with mambo, apparently you can set the articles so they can be viewed by a) all users, (b) registered users, (c) Special. Since I can find no way to map the users to option (c), and obviously non-paying members will still be registered after their subscription expires, our options are now to delete the user entirely (NO!) or set the user to blocked (lesser of two evils but will cause confusion since mambo will tell the user the login info they submitted is invalid) Lets block the user and be done with it... Sigh... */ $sql = "UPDATE " . $db_prefix . $this->map['account_map_field'] . "\n\t SET block = 1\n\t WHERE id = {$id}"; $result = $db2->Execute($sql); } }
function verify($VAR) { global $C_debug, $C_translate, $smarty; ### Validate $verify is set... if (!isset($VAR['verify']) || $VAR['verify'] == "") { ### Error: please use the form below ... $smarty->assign('verify_results', false); return; } @($verify = explode(':', $VAR['verify'])); ### Validate the $verify string.... $db =& DB(); $sql = 'SELECT id,username,status FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr(@$verify[1]) . ' AND date_orig = ' . $db->qstr(@$verify[0]); $result = $db->Execute($sql); if ($result->RecordCount() == 0) { ### Error: please use the form below ... $smarty->assign('verify_results', false); return; } ### Check the status: $status = $result->fields['status']; $username = $result->fields['username']; if ($status == "1") { ### Account already active! $smarty->assign('verify_results', true); return; } ### Update the account status $sql = 'UPDATE ' . AGILE_DB_PREFIX . 'account SET status = ' . $db->qstr("1") . ' WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr(@$verify[1]); $result = $db->Execute($sql); ### Account now active! $smarty->assign('verify_results', true); ### Return the success message: $C_debug->alert($C_translate->translate('password_update_success', 'account', '')); #################################################################### ### Do any db_mapping #################################################################### global $C_list; /* if($C_list->is_installed('db_mapping')) { include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' ); $db_map = new db_mapping; $db_map->account_edit ( $VAR['verify'], $username ); } */ if ($C_list->is_installed('db_mapping')) { include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); $db_map->plaintext_password = false; $db_map->account_add($verify[1]); } }
function MAP_account_logout($account_id, $MAP_this) { ### Clear the session info in IBF $dbm = new db_mapping(); $db = $dbm->DB_connect(false, $MAP_this->map['map']); eval('@$db_prefix = DB2_PREFIX' . strtoupper($MAP_this->map['map']) . ';'); $sql = 'UPDATE ' . $db_prefix . 'sessions SET member_name =' . $db->qstr('NULL') . ', member_id =' . $db->qstr(0) . ', login_type =' . $db->qstr(0) . ', member_group =' . $db->qstr(2) . ' WHERE id =' . $db->qstr(SESS); $result = $db->Execute($sql); ### error reporting: if ($result === false) { global $C_debug; $C_debug->error('db_mapping.inc.php', 'Map_account_logout_delete_account_session', $db->ErrorMsg()); $smarty->assign('db_mapping_result', $db->ErrorMsg()); return; } ### Clear the IBF cookies setcookie("session_id", 0, 0, '/'); setcookie("member_id", 0, 0, '/'); setcookie("pass_hash", 0, 0, '/'); return; }
function MAP_account_group_sync_db_status($account_id, $MAP_this) { ### Get the local account details $db =& DB(); $sql = 'SELECT username,email FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($account_id); $result = $db->Execute($sql); if ($result === false) { global $C_debug; $C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db->ErrorMsg()); return; } $user = $result->fields['username']; $email = $result->fields['email']; ### Get the remote account id: $dbm = new db_mapping(); $db2 = $dbm->DB_connect(false, $MAP_this->map['map']); eval('@$db_prefix = DB2_PREFIX' . strtoupper($MAP_this->map['map']) . ';'); $sql = "SELECT " . $MAP_this->map['account_fields']['id']['map_field'] . " FROM " . $db_prefix . "" . $MAP_this->map['account_map_field'] . ' WHERE ' . $MAP_this->map['account_fields']['username']['map_field'] . " = " . $db2->qstr($user); $result = $db2->Execute($sql); if ($result === false) { global $C_debug; $C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db2->ErrorMsg()); return; } $fld_remote_id = $MAP_this->map['account_fields']['id']['map_field']; $remote_account_id = $result->fields[$fld_remote_id]; ### Get the group_map array for this database map: if (!isset($this->group_arr)) { $db =& DB(); $sql = "SELECT group_map,group_rank FROM " . AGILE_DB_PREFIX . "db_mapping WHERE\n\t\t\t\t\tmap_file = " . $db->qstr($MAP_this->map['map']) . " AND\n\t\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE); $result = $db->Execute($sql); if ($result === false) { global $C_debug; $C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db->ErrorMsg()); return; } @($MAP_this->group_arr = unserialize($result->fields['group_map'])); @($MAP_this->group_rank = unserialize($result->fields['group_rank'])); } ### Determine the groups the selected account is authorize for: $db =& DB(); $sql = "SELECT group_id,date_start,date_expire FROM " . AGILE_DB_PREFIX . "account_group WHERE\n\t\t\t\taccount_id = " . $db->qstr($account_id) . " AND\n\t\t\t\tactive = " . $db->qstr(1) . " AND\n\t\t\t\tsite_id = " . $db->qstr(DEFAULT_SITE); $result = $db->Execute($sql); ### error reporting: if ($result === false) { global $C_debug; $C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db->ErrorMsg()); return; } if ($result->RecordCount() == 0) { return; } $MAP_this->status = 0; if ($result->RecordCount() == 0) { return; } $rank = 0; while (!$result->EOF) { $start = $result->fields['date_start']; $expire = $result->fields['date_expire']; $group = $result->fields['group_id']; ### Group access started and not expired: if (($expire >= time() || $expire == '' || $expire == '0') && ($start <= time() || $start == '' || $start == '0')) { ### Group is authorized: ### Get the associated remote group(s) this account needs ### to be added to: if (!empty($MAP_this->group_arr) && is_array($MAP_this->group_arr)) { reset($MAP_this->group_arr); foreach ($MAP_this->group_arr as $key => $val) { if ($key == $group) { ### what remote group(s) is this group mapped to? foreach ($val as $remote_group => $add) { if (!empty($add) && $MAP_this->group_rank[$key]['rank'] > $rank) { $MAP_this->status = $add; $rank = $MAP_this->group_rank[$key]['rank']; } } } } } } $result->MoveNext(); } ### Update the remote account: $dbm = new db_mapping(); $db2 = $dbm->DB_connect(false, $MAP_this->map['map']); eval('@$db_prefix = DB2_PREFIX' . strtoupper($MAP_this->map['map']) . ';'); $sql = "UPDATE " . $db_prefix . "" . $MAP_this->map['account_map_field'] . ' SET ' . $MAP_this->map['account_status_field'] . " = " . $db2->qstr($MAP_this->status) . " WHERE " . $MAP_this->map['account_fields']['id']['map_field'] . " = " . $db2->qstr($remote_account_id); $group_result = $db2->Execute($sql); if ($group_result === false) { global $C_debug; $C_debug->error('db_mapping.inc.php', 'MAP_account_group_sync_status', $db->ErrorMsg()); return; } return $remote_account_id; }
function dbmap() { global $C_list; if (!is_object($C_list)) { include_once PATH_CORE . 'list.inc.php'; $C_list = new CORE_list(); } if ($C_list->is_installed('db_mapping')) { # Update the db_mapping accounts include_once PATH_MODULES . 'db_mapping/db_mapping.inc.php'; $db_map = new db_mapping(); $db_map->account_group_sync($this->rs['account_id']); } }
function MAP_account_delete($account_id, $username, $MAP_this) { global $C_debug; ### Get the remote account id from the username $dbm = new db_mapping(); $db2 = $dbm->DB_connect(false, $MAP_this->map['map']); eval('@$db_prefix = DB2_PREFIX' . strtoupper($MAP_this->map['map']) . ';'); $sql = 'SELECT userid FROM ' . $db_prefix . 'user WHERE username = '******'vBulletin_3.php', 'MAP_account_delete (1)', $db2->ErrorMsg() . ' ' . $sql); return false; } $vb_user_id = $result->fields['userid']; # Suspend the user user: $sql = "UPDATE " . $db_prefix . "user SET usergroupid = '1' WHERE userid = " . $db2->qstr($vb_user_id); $result = $db2->Execute($sql); if ($result === false) { $C_debug->error('vBulletin_3.php', 'MAP_account_delete (2)', $db2->ErrorMsg() . ' ' . $sql); } }