Exemple #1
0
 /**
  * Function to remove a user from Joomla
  */
 function removeUsers($cid)
 {
     global $database, $acl, $my, $vmLogger, $VM_LANG;
     if (!is_array($cid)) {
         $cid = array($cid);
     }
     if (count($cid)) {
         $obj = new mosUser($database);
         foreach ($cid as $id) {
             // check for a super admin ... can't delete them
             //TODO: Find out the group name of the User to be deleted
             //				$groups 	= $acl->get_object_groups( 'users', $id, 'ARO' );
             //				$this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) );
             $obj->load($id);
             $this_group = strtolower($obj->get('usertype'));
             if ($this_group == 'super administrator') {
                 $vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_SUPERADMIN'));
                 return false;
             } else {
                 if ($id == $my->id) {
                     $vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_YOURSELF'));
                     return false;
                 } else {
                     if ($this_group == 'administrator' && $my->gid == 24) {
                         $vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_ADMIN'));
                         return false;
                     } else {
                         $obj->delete($id);
                         $err = $obj->getError();
                         if ($err) {
                             $vmLogger->err($err);
                             return false;
                         }
                         return true;
                     }
                 }
             }
         }
     }
 }
Exemple #2
0
function saveRegistration($option)
{
    global $database, $my, $acl;
    global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
    global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
    if ($mosConfig_allowUserRegistration == "0") {
        mosNotAuth();
        return;
    }
    $row = new mosUser($database);
    if (!$row->bind($_POST, "usertype")) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    mosMakeHtmlSafe($row);
    $row->id = 0;
    $row->usertype = '';
    $row->gid = $acl->get_group_id('Registered', 'ARO');
    if ($mosConfig_useractivation == "1") {
        $row->activation = md5(mosMakePassword());
        $row->block = "1";
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $pwd = $row->password;
    $row->password = md5($row->password);
    $row->registerDate = date("Y-m-d H:i:s");
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->checkin();
    $name = $row->name;
    $email = $row->email;
    $username = $row->username;
    $subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
    $subject = html_entity_decode($subject, ENT_QUOTES);
    if ($mosConfig_useractivation == "1") {
        $message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
    } else {
        $message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
    }
    $message = html_entity_decode($message, ENT_QUOTES);
    // Send email to user
    if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
        $adminName2 = $mosConfig_fromname;
        $adminEmail2 = $mosConfig_mailfrom;
    } else {
        $database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='superadministrator'");
        $rows = $database->loadObjectList();
        $row2 = $rows[0];
        $adminName2 = $row2->name;
        $adminEmail2 = $row2->email;
    }
    mosMail($adminEmail2, $adminName2, $email, $subject, $message);
    // Send notification to all administrators
    $subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
    $message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
    $subject2 = html_entity_decode($subject2, ENT_QUOTES);
    $message2 = html_entity_decode($message2, ENT_QUOTES);
    // get superadministrators id
    $admins = $acl->get_group_objects(25, 'ARO');
    foreach ($admins['users'] as $id) {
        $database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'");
        $rows = $database->loadObjectList();
        $row = $rows[0];
        if ($row->sendEmail) {
            mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
        }
    }
    if ($mosConfig_useractivation == "1") {
        echo _REG_COMPLETE_ACTIVATE;
    } else {
        echo _REG_COMPLETE;
    }
}
 /**
  * Returns a reference to the global {@link JUser} object, 
  * only creating it if it doesn't already exist.
  * 
  * @param int $id An user identifier
  * @return JUser
  */
 public static function getUser($id = null)
 {
     if (JCOMMENTS_JVERSION == '1.0') {
         if (!is_null($id)) {
             global $database;
             $user = new mosUser($database);
             $user->load($id);
         } else {
             global $mainframe;
             $user = $mainframe->getUser();
         }
     } else {
         $user = JFactory::getUser($id);
     }
     return $user;
 }
/**
 * Check if users are of lower permissions than current user (if not super-admin) and if the user himself is not included
 *
 * @param array of userId $cid
 * @param string $actionName to insert in message.
 * @return string of error if error, otherwise null
 * Added 1.0.11
 */
function checkUserPermissions($cid, $actionName, $allowActionToMyself = false)
{
    global $database, $acl, $my;
    $msg = null;
    if (is_array($cid) && count($cid)) {
        $obj = new mosUser($database);
        foreach ($cid as $id) {
            if ($id != 0) {
                $obj->load($id);
                $groups = $acl->get_object_groups('users', $id, 'ARO');
                $this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
            } else {
                $this_group = 'Registered';
                // minimal user group
                $obj->gid = $acl->get_group_id($this_group, 'ARO');
            }
            if (!$allowActionToMyself && $id == $my->id) {
                $msg .= 'Não pode ' . $actionName . ' seu próprio nome!';
            } else {
                if ($obj->gid == $my->gid && !in_array($my->gid, array(24, 25)) || $obj->gid && !in_array($obj->gid, getGIDSChildren($my->gid))) {
                    $msg .= 'Não pode ' . $actionName . ' a `' . $this_group . '`. Apenas usuários com um nível de grupo superior têm esta permissão. ';
                }
            }
        }
    }
    return $msg;
}
Exemple #5
0
$query = "SELECT COUNT(*) FROM #__users WHERE block = '0' {$where}";
$database->setQuery($query);
$total = $database->loadResult();
$limit = jTipsGetParam($_REQUEST, 'limit', $jTips['NumMax']);
$pageNav = new mosPageNav($total, $offset, $limit);
$tpl->pageNav = $pageNav;
$direction = jTipsGetParam($_REQUEST, 'filter_order_Dir', 'asc');
if (empty($direction)) {
    $direction = 'asc';
}
$orderby = jTipsGetParam($_REQUEST, 'filter_order', 'name');
if (empty($orderby)) {
    $orderby = 'name';
}
// BUG 319 - creating users that don't require activation, or creating a user by admin leaves an activation code
//$query = "SELECT id FROM #__users WHERE activation = '' ORDER BY $orderby $direction";
$query = "SELECT id FROM #__users WHERE block = '0' {$where} ORDER BY {$orderby} {$direction}";
$database->setQuery($query, $pageNav->limitstart, $pageNav->limit);
$list = (array) $database->loadResultArray();
$users = array();
foreach ($list as $id) {
    if (isJoomla15()) {
        $JoomlaUser = new JUser();
    } else {
        $JoomlaUser = new mosUser($database);
    }
    $JoomlaUser->load($id);
    $users[] = $JoomlaUser;
}
$tpl->users = $users;
$tpl->display();
Exemple #6
0
function userSave($option, $uid)
{
    global $database, $my, $mosConfig_frontend_userparams;
    $user_id = intval(mosGetParam($_POST, 'id', 0));
    // do some security checks
    if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
        mosNotAuth();
        return;
    }
    // simple spoof check security
    josSpoofCheck();
    $row = new mosUser($database);
    $row->load((int) $user_id);
    $orig_password = $row->password;
    $orig_username = $row->username;
    if (!$row->bind($_POST, 'gid usertype')) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->name = trim($row->name);
    $row->email = trim($row->email);
    $row->username = trim($row->username);
    mosMakeHtmlSafe($row);
    if (isset($_POST['password']) && $_POST['password'] != '') {
        if (isset($_POST['verifyPass']) && $_POST['verifyPass'] == $_POST['password']) {
            $row->password = trim($row->password);
            $salt = mosMakePassword(16);
            $crypt = md5($row->password . $salt);
            $row->password = $crypt . ':' . $salt;
        } else {
            echo "<script> alert(\"" . addslashes(_PASS_MATCH) . "\"); window.history.go(-1); </script>\n";
            exit;
        }
    } else {
        // Restore 'original password'
        $row->password = $orig_password;
    }
    if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) {
        // save params
        $params = mosGetParam($_POST, 'params', '');
        if (is_array($params)) {
            $txt = array();
            foreach ($params as $k => $v) {
                $txt[] = "{$k}={$v}";
            }
            $row->params = implode("\n", $txt);
        }
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    // check if username has been changed
    if ($orig_username != $row->username) {
        // change username value in session table
        $query = "UPDATE #__session" . "\n SET username = "******"\n WHERE username = "******"\n AND userid = " . (int) $my->id . "\n AND gid = " . (int) $my->gid . "\n AND guest = 0";
        $database->setQuery($query);
        $database->query();
    }
    mosRedirect('index.php', _USER_DETAILS_SAVE);
}
Exemple #7
0
function userSave($option, $uid)
{
    global $database;
    $user_id = intval(mosGetParam($_POST, 'id', 0));
    // do some security checks
    if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
        mosNotAuth();
        return;
    }
    $row = new mosUser($database);
    $row->load($user_id);
    $row->orig_password = $row->password;
    if (!$row->bind($_POST, "gid usertype")) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    mosMakeHtmlSafe($row);
    if (isset($_POST["password"]) && $_POST["password"] != "") {
        if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
            $row->password = md5($_POST["password"]);
        } else {
            echo "<script> alert(\"" . T_('Passwords do not match') . "\"); window.history.go(-1); </script>\n";
            exit;
        }
    } else {
        // Restore 'original password'
        $row->password = $row->orig_password;
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    unset($row->orig_password);
    // prevent DB error!!
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $loginfo = new mosLoginDetails($row->username, $_POST['password']);
    $mambothandler =& mosMambotHandler::getInstance();
    $mambothandler->loadBotGroup('authenticator');
    $mambothandler->trigger('userChange', array($loginfo));
    mosRedirect("index.php?option={$option}", T_('Your settings have been saved.'));
}
Exemple #8
0
 /**
  * The function from com_registration!
  * Registers a user into Mambo/Joomla
  *
  * @return boolean True when the registration process was successful, False when not
  */
 function saveRegistration()
 {
     global $database, $acl, $vmLogger, $mosConfig_useractivation, $mosConfig_allowUserRegistration, $mosConfig_live_site;
     if ($mosConfig_allowUserRegistration == '0') {
         mosNotAuth();
         return false;
     }
     $row = new mosUser($database);
     if (!$row->bind($_POST, 'usertype')) {
         $error = vmHtmlEntityDecode($row->getError());
         $vmLogger->err($error);
         echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n";
         return false;
     }
     mosMakeHtmlSafe($row);
     $usergroup = 'Registered';
     $row->id = 0;
     $row->usertype = $usergroup;
     $row->gid = $acl->get_group_id($usergroup, 'ARO');
     if ($mosConfig_useractivation == '1') {
         $row->activation = md5(vmGenRandomPassword());
         $row->block = '1';
     }
     if (!$row->check()) {
         $error = vmHtmlEntityDecode($row->getError());
         $vmLogger->err($error);
         echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n";
         return false;
     }
     $pwd = $row->password;
     $row->password = md5($row->password);
     $row->registerDate = date('Y-m-d H:i:s');
     if (!$row->store()) {
         $error = vmHtmlEntityDecode($row->getError());
         $vmLogger->err($error);
         echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n";
         return false;
     }
     $row->checkin();
     $name = $row->name;
     $email = $row->email;
     $username = $row->username;
     $component = vmIsJoomla(1.5) ? 'com_user' : 'com_registration';
     $activation_link = $mosConfig_live_site . "/index.php?option={$component}&task=activate&activation=" . $row->activation;
     // Send the registration email
     $this->_sendMail($name, $email, $username, $pwd, $activation_link);
     return true;
 }
Exemple #9
0
function dofreePDF($database)
{
    global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset, $mosConfig_hideCreateDate, $mosConfig_hideAuthor, $mosConfig_hideModifyDate;
    $id = intval(mosGetParam($_REQUEST, 'id', 1));
    // Access check
    global $gid;
    $now = date('Y-m-d H:i:s', time() + $mosConfig_offset * 60 * 60);
    $query = "SELECT COUNT(a.id)" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope='content'" . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" . "\n LEFT JOIN #__content_rating AS v ON a.id = v.content_id" . "\n LEFT JOIN #__groups AS g ON a.access = g.id" . "\n WHERE a.id='" . $id . "' " . "\n AND (a.state = '1' OR a.state = '-1')" . "\n AND (publish_up = '0000-00-00 00:00:00' OR publish_up <= '{$now}')" . "\n AND (publish_down = '0000-00-00 00:00:00' OR publish_down >= '{$now}')" . "\n AND a.access <= " . intval($gid);
    $database->setQuery($query);
    if (!$database->loadResult()) {
        exit(T_('You are not authorized to view this resource.'));
    }
    include 'includes/class.ezpdf.php';
    $row = new mosContent($database);
    $row->load($id);
    //Find Author Name
    $users_rows = new mosUser($database);
    $users_rows->load($row->created_by);
    $row->author = $users_rows->name;
    $row->usertype = $users_rows->usertype;
    // Ugly but needed to get rid of all the stuff the PDF class cant handle
    $row->fulltext = str_replace('<p>', "\n\n", $row->fulltext);
    $row->fulltext = str_replace('<P>', "\n\n", $row->fulltext);
    $row->fulltext = str_replace('<br />', "\n", $row->fulltext);
    $row->fulltext = str_replace('<br>', "\n", $row->fulltext);
    $row->fulltext = str_replace('<BR />', "\n", $row->fulltext);
    $row->fulltext = str_replace('<BR>', "\n", $row->fulltext);
    $row->fulltext = str_replace('<li>', "\n - ", $row->fulltext);
    $row->fulltext = str_replace('<LI>', "\n - ", $row->fulltext);
    $row->fulltext = strip_tags($row->fulltext);
    $row->fulltext = str_replace('{mosimage}', '', $row->fulltext);
    $row->fulltext = str_replace('{mospagebreak}', '', $row->fulltext);
    $row->fulltext = decodeHTML($row->fulltext);
    $row->introtext = str_replace('<p>', "\n\n", $row->introtext);
    $row->introtext = str_replace('<P>', "\n\n", $row->introtext);
    $row->introtext = str_replace('<li>', "\n - ", $row->introtext);
    $row->introtext = str_replace('<LI>', "\n - ", $row->introtext);
    $row->introtext = strip_tags($row->introtext);
    $row->introtext = str_replace('{mosimage}', '', $row->introtext);
    $row->introtext = str_replace('{mospagebreak}', '', $row->introtext);
    $row->introtext = decodeHTML($row->introtext);
    $pdf =& new Cezpdf('a4', 'P');
    //A4 Portrait
    $pdf->ezSetCmMargins(2, 1.5, 1, 1);
    $pdf->selectFont('./fonts/Helvetica.afm');
    //choose font
    $all = $pdf->openObject();
    $pdf->saveState();
    $pdf->setStrokeColor(0, 0, 0, 1);
    // footer
    $pdf->line(10, 40, 578, 40);
    $pdf->line(10, 822, 578, 822);
    $pdf->addText(30, 34, 6, $mosConfig_live_site . ' - ' . $mosConfig_sitename);
    $pdf->addText(250, 34, 6, T_('Powered by Mambo'));
    $pdf->addText(450, 34, 6, T_('Generated:') . date('j F, Y, H:i', time() + $mosConfig_offset * 60 * 60));
    $pdf->restoreState();
    $pdf->closeObject();
    $pdf->addObject($all, 'all');
    $pdf->ezSetDy(30);
    $txt1 = $row->title;
    $pdf->ezText($txt1, 14);
    $txt2 = NULL;
    $mod_date = NULL;
    $create_date = NULL;
    if (intval($row->modified) != 0) {
        $mod_date = mosFormatDate($row->modified);
    }
    if (intval($row->created) != 0) {
        $create_date = mosFormatDate($row->created);
    }
    if ($mosConfig_hideCreateDate == '0') {
        $txt2 .= '(' . $create_date . ') - ';
    }
    if ($mosConfig_hideAuthor == "0") {
        if ($row->author != '' && $mosConfig_hideAuthor == '0') {
            if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') {
                $txt2 .= T_('Written by') . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
            } else {
                $txt2 .= T_('Contributed by') . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
            }
        }
    }
    if ($mosConfig_hideModifyDate == "0") {
        $txt2 .= ' - ' . T_('Last Updated') . ' (' . $mod_date . ') ';
    }
    $txt2 .= "\n\n";
    $pdf->ezText($txt2, 8);
    $txt3 = $row->introtext . "\n" . $row->fulltext;
    $pdf->ezText($txt3, 10);
    $pdf->ezStream();
}
Exemple #10
0
Fichier : pdf.php Projet : cwcw/cms
function dofreePDF($database)
{
    global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset, $mosConfig_hideCreateDate, $mosConfig_hideAuthor, $mosConfig_hideModifyDate;
    $id = intval(mosGetParam($_REQUEST, 'id', 1));
    include 'includes/class.ezpdf.php';
    $row = new mosContent($database);
    $row->load($id);
    //Find Author Name
    $users_rows = new mosUser($database);
    $users_rows->load($row->created_by);
    $row->author = $users_rows->name;
    $row->usertype = $users_rows->usertype;
    // Ugly but needed to get rid of all the stuff the PDF class cant handle
    $row->fulltext = str_replace('<p>', "\n\n", $row->fulltext);
    $row->fulltext = str_replace('<P>', "\n\n", $row->fulltext);
    $row->fulltext = str_replace('<br />', "\n", $row->fulltext);
    $row->fulltext = str_replace('<br>', "\n", $row->fulltext);
    $row->fulltext = str_replace('<BR />', "\n", $row->fulltext);
    $row->fulltext = str_replace('<BR>', "\n", $row->fulltext);
    $row->fulltext = str_replace('<li>', "\n - ", $row->fulltext);
    $row->fulltext = str_replace('<LI>', "\n - ", $row->fulltext);
    $row->fulltext = strip_tags($row->fulltext);
    $row->fulltext = str_replace('{mosimage}', '', $row->fulltext);
    $row->fulltext = str_replace('{mospagebreak}', '', $row->fulltext);
    $row->fulltext = decodeHTML($row->fulltext);
    $row->introtext = str_replace('<p>', "\n\n", $row->introtext);
    $row->introtext = str_replace('<P>', "\n\n", $row->introtext);
    $row->introtext = str_replace('<li>', "\n - ", $row->introtext);
    $row->introtext = str_replace('<LI>', "\n - ", $row->introtext);
    $row->introtext = strip_tags($row->introtext);
    $row->introtext = str_replace('{mosimage}', '', $row->introtext);
    $row->introtext = str_replace('{mospagebreak}', '', $row->introtext);
    $row->introtext = decodeHTML($row->introtext);
    $pdf =& new Cezpdf('a4', 'P');
    //A4 Portrait
    $pdf->ezSetCmMargins(2, 1.5, 1, 1);
    $pdf->selectFont('./fonts/Helvetica.afm');
    //choose font
    $all = $pdf->openObject();
    $pdf->saveState();
    $pdf->setStrokeColor(0, 0, 0, 1);
    // footer
    $pdf->line(10, 40, 578, 40);
    $pdf->line(10, 822, 578, 822);
    $pdf->addText(30, 34, 6, $mosConfig_live_site . ' - ' . $mosConfig_sitename);
    $pdf->addText(250, 34, 6, 'Powered by Mambo');
    $pdf->addText(450, 34, 6, 'Generated: ' . date('j F, Y, H:i', time() + $mosConfig_offset * 60 * 60));
    $pdf->restoreState();
    $pdf->closeObject();
    $pdf->addObject($all, 'all');
    $pdf->ezSetDy(30);
    $txt1 = $row->title;
    $pdf->ezText($txt1, 14);
    $txt2 = NULL;
    $mod_date = NULL;
    $create_date = NULL;
    if (intval($row->modified) != 0) {
        $mod_date = mosFormatDate($row->modified);
    }
    if (intval($row->created) != 0) {
        $create_date = mosFormatDate($row->created);
    }
    if ($mosConfig_hideCreateDate == '0') {
        $txt2 .= '(' . $create_date . ') - ';
    }
    if ($mosConfig_hideAuthor == "0") {
        if ($row->author != '' && $mosConfig_hideAuthor == '0') {
            if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') {
                $txt2 .= _WRITTEN_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
            } else {
                $txt2 .= _AUTHOR_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
            }
        }
    }
    if ($mosConfig_hideModifyDate == "0") {
        $txt2 .= ' - ' . _LAST_UPDATED . ' (' . $mod_date . ') ';
    }
    $txt2 .= "\n\n";
    $pdf->ezText($txt2, 8);
    $txt3 = $row->introtext . "\n" . $row->fulltext;
    $pdf->ezText($txt3, 10);
    $pdf->ezStream();
}
Exemple #11
0
function removeUsers($cid, $option)
{
    global $database, $acl, $adminLanguage;
    if (!is_array($cid) || count($cid) < 1) {
        echo "<script> alert(\"" . $adminLanguage->A_COMP_CONTENT_SEL_DEL . "\"); window.history.go(-1);</script>\n";
        exit;
    }
    $msg = '';
    if (count($cid)) {
        $obj = new mosUser($database);
        foreach ($cid as $id) {
            // check for a super admin ... can't delete them
            $groups = $acl->get_object_groups('users', $id, 'ARO');
            $this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
            if ($this_group == 'super administrator') {
                $msg .= $adminLanguage->A_COMP_USERS_CANNOT;
            } else {
                $obj->delete($id);
                $msg .= $obj->getError();
            }
        }
    }
    $limit = intval(mosGetParam($_REQUEST, 'limit', 10));
    $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
    mosRedirect('index2.php?option=' . $option, $msg);
}
Exemple #12
0
	function checkin( $oid = null ) {
		$this->_mapUsers();
		// Checks-in the row (on the CMSes where applicable):
		if ( is_callable( array( $this->_cmsUser, 'checkin' ) ) ) {
			return $this->_cmsUser->checkin();
		} else {
			return true;
		}

	}
Exemple #13
0
function removeUsers($cid, $option)
{
    global $database, $acl;
    if (!is_array($cid) || count($cid) < 1) {
        echo "<script> alert('Select an item to delete'); window.history.go(-1);</script>\n";
        exit;
    }
    $msg = '';
    if (count($cid)) {
        $obj = new mosUser($database);
        foreach ($cid as $id) {
            // check for a super admin ... can't delete them
            $groups = $acl->get_object_groups('users', $id, 'ARO');
            $this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
            if ($this_group == 'super administrator') {
                $msg .= "You cannot delete a Super Administrator";
            } else {
                $obj->delete($id);
                $msg .= $obj->getError();
                $obj2 = new mosUser_extended($database);
                $obj2->delete($id);
                $msg .= $obj2->getError();
            }
        }
    }
    $limit = intval(mosGetParam($_REQUEST, 'limit', 10));
    $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0));
    mosRedirect("index2.php?option={$option}", $msg);
}
Exemple #14
0
function AuthorDateLine(&$row, &$params)
{
    global $database;
    $text = '';
    if ($params->get('author')) {
        // Display Author name
        //Find Author Name
        $users_rows = new mosUser($database);
        $users_rows->load($row->created_by);
        $row->author = $users_rows->name;
        $row->usertype = $users_rows->usertype;
        if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') {
            $text .= "\n";
            $text .= _WRITTEN_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
        } else {
            $text .= "\n";
            $text .= _AUTHOR_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author);
        }
    }
    if ($params->get('createdate') && $params->get('author')) {
        // Display Separator
        $text .= "\n";
    }
    if ($params->get('createdate')) {
        // Display Created Date
        if (intval($row->created)) {
            $create_date = mosFormatDate($row->created);
            $text .= $create_date;
        }
    }
    if ($params->get('modifydate') && ($params->get('author') || $params->get('createdate'))) {
        // Display Separator
        $text .= "\n";
    }
    if ($params->get('modifydate')) {
        // Display Modified Date
        if (intval($row->modified)) {
            $mod_date = mosFormatDate($row->modified);
            $text .= _LAST_UPDATED . ' ' . $mod_date;
        }
    }
    $text .= "\n\n";
    return $text;
}
Exemple #15
0
/**
 * Check if users are of lower permissions than current user (if not super-admin) and if the user himself is not included
 *
 * @param array of userId $cid
 * @param string $actionName to insert in message.
 * @return string of error if error, otherwise null
 * Added 1.0.11
 */
function checkUserPermissions($cid, $actionName, $allowActionToMyself = false)
{
    global $database, $acl, $my;
    $msg = null;
    if (is_array($cid) && count($cid)) {
        $obj = new mosUser($database);
        foreach ($cid as $id) {
            if ($id != 0) {
                $obj->load($id);
                $groups = $acl->get_object_groups('users', $id, 'ARO');
                $this_group = strtolower($acl->get_group_name($groups[0], 'ARO'));
            } else {
                $this_group = 'Registered';
                // minimal user group
                $obj->gid = $acl->get_group_id($this_group, 'ARO');
            }
            if (!$allowActionToMyself && $id == $my->id) {
                $msg .= 'You cannot ' . $actionName . ' Yourself!';
            } else {
                if ($obj->gid == $my->gid && !in_array($my->gid, array(24, 25)) || $obj->gid && !in_array($obj->gid, getGIDSChildren($my->gid))) {
                    $msg .= 'You cannot ' . $actionName . ' a `' . $this_group . '`. Only higher-level users have this power. ';
                }
            }
        }
    }
    return $msg;
}
Exemple #16
0
function UserView($option, $uid)
{
    global $database;
    if ($uid == 0) {
        mosNotAuth();
        return;
    }
    $user_id = intval(mosGetParam($_REQUEST, 'userid', 0));
    if ($user_id == 0) {
        $user_id = $uid;
    }
    //  echo "<script>alert('$user_id');</script>";
    include_once "administrator/components/com_user_extended/user_extended.class.php";
    $row = new mosUser_Extended($database);
    $row->load($user_id);
    $urow = new mosUser($database);
    $urow->load($user_id);
    $u_name = $urow->name;
    $u_username = $urow->username;
    $u_email = $urow->email;
    UserExtended_content::UserView($option, $row, $u_name, $u_username, $u_email);
}
Exemple #17
0
function saveRegistration($option)
{
    global $database, $my, $acl;
    global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
    global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
    if ($mosConfig_allowUserRegistration == '0') {
        mosNotAuth();
        return;
    }
    $row = new mosUser($database);
    if (!$row->bind($_POST, 'usertype')) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    mosMakeHtmlSafe($row);
    $row->id = 0;
    $row->usertype = 'Registered';
    $row->gid = $acl->get_group_id('Registered', 'ARO');
    if ($mosConfig_useractivation == '1') {
        $row->activation = md5(mosMakePassword());
        $row->block = '1';
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $pwd = $row->password;
    $row->password = md5($row->password);
    $row->registerDate = date("Y-m-d H:i:s");
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->checkin();
    $name = $row->name;
    $email = $row->email;
    $username = $row->username;
    $subject = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename);
    $subject = html_entity_decode($subject, ENT_QUOTES);
    $mambothandler =& mosMambotHandler::getInstance();
    $mambothandler->loadBotGroup('authenticator');
    if ($mosConfig_useractivation == "1") {
        $message = sprintf(T_('Hello %s,

Thank you for registering at %s. Your account has been created but, as a precaution, it must be activated by you before you can use it.
To activate the account click on the following link or copy and paste it in your browser:
%s

After activation you may login to %s using the following username and password:

Username - %s
Password - %s'), $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
        $loginfo = new mosLoginDetails($username, $pwd);
        $mambothandler->trigger('userRegister', array($loginfo));
    } else {
        $message = sprintf(T_("Hello %s,\n\nThank you for registering at %s.\n\nYou may now login to %s using the username and password you registered with."), $name, $mosConfig_sitename, $mosConfig_live_site);
        $loginfo = new mosLoginDetails($username, $pwd);
        $mambothandler->trigger('userRegister', array($loginfo));
        $mambothandler->trigger('userActivate', array($loginfo));
    }
    $message = html_entity_decode($message, ENT_QUOTES);
    // Send email to user
    if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
        $adminName2 = $mosConfig_fromname;
        $adminEmail2 = $mosConfig_mailfrom;
    } else {
        $database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='super administrator'");
        $rows = $database->loadObjectList();
        $row2 = $rows[0];
        $adminName2 = $row2->name;
        $adminEmail2 = $row2->email;
    }
    mosMail($adminEmail2, $adminName2, $email, $subject, $message);
    // Send notification to all administrators
    $subject2 = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename);
    $message2 = sprintf(T_('Hello %s,

A new user has registered at %s.
This email contains their details:

Name - %s
e-mail - %s
Username - %s

Please do not respond to this message as it is automatically generated and is for information purposes only'), $adminName2, $mosConfig_sitename, $row->name, $email, $username);
    $subject2 = html_entity_decode($subject2, ENT_QUOTES);
    $message2 = html_entity_decode($message2, ENT_QUOTES);
    // get superadministrators id
    $admins = $acl->get_group_objects(25, 'ARO');
    foreach ($admins['users'] as $id) {
        $database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'");
        $rows = $database->loadObjectList();
        $row = $rows[0];
        if ($row->sendEmail) {
            mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
        }
    }
    if ($mosConfig_useractivation == "1") {
        echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />';
        echo T_('Your account has been created and an activation link has been sent to the e-mail address you entered. Note that you must activate the account by clicking on the activation link before you can login.');
    } else {
        echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />';
        echo T_('You may now login.');
    }
}
Exemple #18
0
 function sendNotificationEmail($type)
 {
     jTipsLogger::_log('preparing to send ' . $type . ' notification email', 'INFO');
     global $jTips, $database;
     $subject = stripslashes($jTips["UserNotify" . $type . "Subject"]);
     $message = stripslashes($jTips["UserNotify" . $type . "Message"]);
     $from_name = $jTips['UserNotifyFromName'];
     $from_email = $jTips['UserNotifyFromEmail'];
     $variables = array();
     $values = array();
     foreach (get_object_vars($this) as $key => $val) {
         if (is_string($key)) {
             array_push($variables, $key);
             $values[$key] = $val;
         }
     }
     if (isJoomla15()) {
         $user = new JUser();
     } else {
         $user = new mosUser($database);
     }
     $user->load($this->user_id);
     foreach (get_object_vars($user) as $key => $val) {
         if (is_string($key)) {
             array_push($variables, $key);
             $values[$key] = $val;
         }
     }
     // find out which season this is for an add it to the avaialble variables
     $query = "SELECT name FROM #__jtips_seasons WHERE id = '" . $this->season_id . "'";
     $database->setQuery($query);
     $season = $database->loadResult();
     $values['competition'] = $season;
     $values['season'] = $season;
     $body = parseTemplate($message, $variables, $values);
     jTipsLogger::_log('sending email: ' . $body, 'INFO');
     if (jTipsMail($from_email, $from_name, $this->getUserField('email'), $subject, $body)) {
         jTipsLogger::_log('notification email sent successfully', 'INFO');
         return TRUE;
     } else {
         jTipsLogger::_log('sending notification email failed', 'ERROR');
         return FALSE;
     }
 }
Exemple #19
0
function removeUsers($cid, $option)
{
    global $database, $acl, $my;
    if (!is_array($cid) || count($cid) < 1) {
        $msg = T_("Select an item to delete");
        mosRedirect('index2.php?option=' . $option, $msg);
    }
    if (in_array($my->id, $cid)) {
        $msg = T_("You cannot delete yourself!");
        mosRedirect('index2.php?option=' . $option, $msg);
    }
    // count super/admin gids within $cid
    $super_gid = $acl->get_group_id('super administrator');
    $admin_gid = $acl->get_group_id('administrator');
    $cids = implode(',', $cid);
    $database->setQuery("SELECT COUNT(id) FROM #__users WHERE id IN ({$cids}) AND gid IN ({$super_gid},{$admin_gid})");
    if ($database->getErrorMsg()) {
        echo $database->stderr();
        return;
    }
    $admin_count = (int) $database->loadResult();
    // disallow deleting administrators / super administrators  if not super administrator
    if ($admin_count && $my->gid !== $super_gid) {
        $msg = T_("You cannot delete another `Administrator` only `Super Administrators` have this power");
        mosRedirect('index2.php?option=' . $option, $msg);
    }
    if (count($cid)) {
        $obj = new mosUser($database);
        $deleted = array();
        foreach ($cid as $id) {
            $obj->delete($id);
            $deleted[] = $id;
            $msg = $obj->getError();
        }
        if (count($deleted)) {
            $mambothandler =& mosMambotHandler::getInstance();
            $mambothandler->loadBotGroup('authenticator');
            $cids = implode(',', $deleted);
            $query = "SELECT username FROM #__users WHERE id IN ({$cids})";
            $database->setQuery($query);
            $results = $database->loadResultArray();
            if ($results) {
                foreach ($results as $result) {
                    $loginfo = new mosLoginDetails($result->username);
                    $mambothandler->trigger('userDelete', array($loginfo));
                }
            }
        }
    }
    mosRedirect('index2.php?option=' . $option, $msg);
}
function saveRegistration()
{
    global $database, $acl;
    global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration;
    global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname;
    if ($mosConfig_allowUserRegistration == 0) {
        mosNotAuth();
        return;
    }
    // simple spoof check security
    josSpoofCheck();
    $row = new mosUser($database);
    if (!$row->bind($_POST, 'usertype')) {
        mosErrorAlert($row->getError());
    }
    $row->name = trim($row->name);
    $row->email = trim($row->email);
    $row->username = trim($row->username);
    $row->password = trim($row->password);
    mosMakeHtmlSafe($row);
    $row->id = 0;
    $row->usertype = '';
    $row->gid = $acl->get_group_id('Registered', 'ARO');
    if ($mosConfig_useractivation == 1) {
        $row->activation = md5(mosMakePassword());
        $row->block = '1';
    }
    if (!$row->check()) {
        echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $pwd = $row->password;
    $salt = mosMakePassword(16);
    $crypt = md5($row->password . $salt);
    $row->password = $crypt . ':' . $salt;
    $row->registerDate = date('Y-m-d H:i:s');
    if (!$row->store()) {
        echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n";
        exit;
    }
    $row->checkin();
    $name = trim($row->name);
    $email = trim($row->email);
    $username = trim($row->username);
    $subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
    $subject = html_entity_decode($subject, ENT_QUOTES);
    if ($mosConfig_useractivation == 1) {
        $message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd);
    } else {
        $message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site);
    }
    $message = html_entity_decode($message, ENT_QUOTES);
    // check if Global Config `mailfrom` and `fromname` values exist
    if ($mosConfig_mailfrom != '' && $mosConfig_fromname != '') {
        $adminName2 = $mosConfig_fromname;
        $adminEmail2 = $mosConfig_mailfrom;
    } else {
        // use email address and name of first superadmin for use in email sent to user
        $query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE LOWER( usertype ) = 'superadministrator'" . "\n OR LOWER( usertype ) = 'super administrator'";
        $database->setQuery($query);
        $rows = $database->loadObjectList();
        $row2 = $rows[0];
        $adminName2 = $row2->name;
        $adminEmail2 = $row2->email;
    }
    // Send email to user
    mosMail($adminEmail2, $adminName2, $email, $subject, $message);
    // Send notification to all administrators
    $subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename);
    $message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username);
    $subject2 = html_entity_decode($subject2, ENT_QUOTES);
    $message2 = html_entity_decode($message2, ENT_QUOTES);
    // get email addresses of all admins and superadmins set to recieve system emails
    $query = "SELECT email, sendEmail" . "\n FROM #__users" . "\n WHERE ( gid = 24 OR gid = 25 )" . "\n AND sendEmail = 1" . "\n AND block = 0";
    $database->setQuery($query);
    $admins = $database->loadObjectList();
    foreach ($admins as $admin) {
        // send email to admin & super admin set to recieve system emails
        mosMail($adminEmail2, $adminName2, $admin->email, $subject2, $message2);
    }
    if ($mosConfig_useractivation == 1) {
        echo _REG_COMPLETE_ACTIVATE;
    } else {
        echo _REG_COMPLETE;
    }
}
Exemple #21
0
$gettext->bindtextdomain($lang, $configuration->rootPath() . '/language');
$gettext->bind_textdomain_codeset($lang, $charset);
$gettext->textdomain($lang);
#$gettext =& phpgettext(); dump($gettext);
if ($adminside) {
    // Start ACL
    require_once $configuration->rootPath() . '/includes/gacl.class.php';
    require_once $configuration->rootPath() . '/includes/gacl_api.class.php';
    $acl = new gacl_api();
    // Handle special admin side options
    $option = strtolower(mosGetParam($_REQUEST, 'option', 'com_admin'));
    $domain = substr($option, 4);
    session_name(md5(mamboCore::get('mosConfig_live_site')));
    session_start();
    // restore some session variables
    $my = new mosUser();
    $my->getSession();
    if (mosSession::validate($my)) {
        mosSession::purge();
    } else {
        mosSession::purge();
        $my = null;
    }
    if (!$my and $option == 'login') {
        $option = 'admin';
        require_once $configuration->rootPath() . '/includes/authenticator.php';
        $authenticator =& mamboAuthenticator::getInstance();
        $my = $authenticator->loginAdmin($acl);
    } elseif ($option == 'logout') {
        require $configuration->rootPath() . '/administrator/logout.php';
        exit;
 /**
  * Gets access levels of CMS for $user_id
  * 
  * @param  int      $user_id
  * @param  boolean  $recurse		(DEPRECATED 1.8)
  * @param  boolean  $cb1xNumbering  (SINCE 1.8)      DEFAULT: FALSE: (if $cb1xNumbering with CB 1.x's definition for standard levels 0,1,2)
  * @return array of int
  */
 function get_object_access($user_id, $recurse = false, $cb1xNumbering = true)
 {
     global $_CB_database;
     if (checkJversion() == 2) {
         $levels = $this->_acl->getAuthorisedViewLevels((int) $user_id);
         // Keep backwards levels compatible: J1.6's 1 is CB 1.7-'s 0, 2 is 1, 3 is 2:
         if ($cb1xNumbering) {
             foreach ($levels as $k => $v) {
                 if ($v <= 3) {
                     --$levels[$k];
                 }
             }
         }
     } else {
         if (checkJversion() == 1) {
             $user =& JFactory::getUser($user_id ? (int) $user_id : null);
             $level = $user->get('aid', 0);
         } else {
             $user = new mosUser($_CB_database);
             $user->load((int) $user_id);
             $level = $user->gid;
         }
         $query = 'SELECT ' . $_CB_database->NameQuote('id') . "\n FROM " . $_CB_database->NameQuote('#__groups') . "\n WHERE " . $_CB_database->NameQuote('id') . " <= " . (int) $level . "\n ORDER BY " . $_CB_database->NameQuote('id');
         $_CB_database->setQuery($query);
         $levels = $_CB_database->loadResultArray();
         if (!$cb1xNumbering) {
             for ($i = 0, $n = count($levels); $i < $n; $i++) {
                 if (in_array($levels[$i], array(0, 1, 2))) {
                     ++$levels[$i];
                     // J1.5's 0 is CB's 1, 1 is 2, 2 is 3.
                 }
             }
         }
         // This makes sense only on J<1.6, thus it's only here:
         if (!$recurse) {
             $levels = array_slice($levels, -1);
         }
     }
     return array_unique(cbArrayToInts($levels));
 }
Exemple #23
0
	function get_object_access( $user_id, $recurse = false ) {
		global $_CB_database;

		$user_id			=	(int) $user_id;

		if ( checkJversion() == 2 ) {
			$levels 		=	$this->_acl->getAuthorisedViewLevels( $user_id );

			$return 		=	( $recurse ? $levels : array_slice( $levels, -1 ) );
		} else {
			if ( checkJversion() == 1 ) {
				$user		=&	JFactory::getUser();

				$user->load( $user_id );

				$level		=	$user->get( 'aid', 0 );
			} else {
				$user		=	new mosUser( $_CB_database );

				$user->load( $user_id );

				$level		=	$user->gid;
			}

			$query			=	'SELECT ' . $_CB_database->NameQuote( 'id' )
							.	"\n FROM " . $_CB_database->NameQuote( '#__groups' )
							.	"\n WHERE " . $_CB_database->NameQuote( 'id' ) . " <= " . (int) $level
							.	"\n ORDER BY " . $_CB_database->NameQuote( 'id' );
			$_CB_database->setQuery( $query );
			$levels			=	$_CB_database->loadResultArray();

			for ( $i = 0, $n = count( $levels ); $i < $n; $i++ ) {
				$levels[$i]	=	(int) $levels[$i];
			}

			$return 		=	( $recurse ? $levels : array_slice( $levels, -1 ) );
		}

		return $return;
	}
Exemple #24
0
include_class('product');
if (!isset($ps_shopper_group)) {
    $ps_shopper_group = new ps_shopper_group();
}
$user_id = intval(vmGet($_REQUEST, 'user_id'));
$cid = vmRequest::getVar('cid', array(0), '', 'array');
if (!empty($user_id)) {
    $q = "SELECT * FROM #__users AS u LEFT JOIN #__{vm}_user_info AS ui ON id=user_id ";
    $q .= "WHERE id={$user_id} ";
    $q .= "AND (address_type='BT' OR address_type IS NULL ) ";
    $q .= "AND gid <= " . $my->gid;
    $db->query($q);
    $db->next_record();
}
// Set up the CMS General User Information
$row = new mosUser($database);
$row->load((int) $user_id);
if ($user_id) {
    $query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE user_id = " . (int) $row->id;
    $database->setQuery($query);
    $contact = $database->loadObjectList();
    $row->name = trim($row->name);
    $row->email = trim($row->email);
    $row->username = trim($row->username);
    $row->password = trim($row->password);
} else {
    $contact = NULL;
    $row->block = 0;
}
// check to ensure only super admins can edit super admin info
if ($my->gid < 25 && $row->gid == 25) {
Exemple #25
0
function userSave($option, $uid)
{
    global $database;
    $user_id = intval(mosGetParam($_POST, 'id', 0));
    // do some security checks
    if ($uid == 0 || $user_id == 0 || $user_id != $uid) {
        mosNotAuth();
        return;
    }
    $row = new mosUser($database);
    $row->load($user_id);
    $row->orig_password = $row->password;
    if (!$row->bind($_POST, "gid usertype")) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    mosMakeHtmlSafe($row);
    if (isset($_POST["password"]) && $_POST["password"] != "") {
        if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) {
            $row->password = md5($_POST["password"]);
        } else {
            echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n";
            exit;
        }
    } else {
        // Restore 'original password'
        $row->password = $row->orig_password;
    }
    if (!$row->check()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    unset($row->orig_password);
    // prevent DB error!!
    if (!$row->store()) {
        echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n";
        exit;
    }
    mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE);
}