/** * Function to remove a user from Joomla */ function removeUsers($cid) { global $database, $acl, $my, $vmLogger, $VM_LANG; if (!is_array($cid)) { $cid = array($cid); } if (count($cid)) { $obj = new mosUser($database); foreach ($cid as $id) { // check for a super admin ... can't delete them //TODO: Find out the group name of the User to be deleted // $groups = $acl->get_object_groups( 'users', $id, 'ARO' ); // $this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) ); $obj->load($id); $this_group = strtolower($obj->get('usertype')); if ($this_group == 'super administrator') { $vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_SUPERADMIN')); return false; } else { if ($id == $my->id) { $vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_YOURSELF')); return false; } else { if ($this_group == 'administrator' && $my->gid == 24) { $vmLogger->err($VM_LANG->_('VM_USER_DELETE_ERR_ADMIN')); return false; } else { $obj->delete($id); $err = $obj->getError(); if ($err) { $vmLogger->err($err); return false; } return true; } } } } } }
function saveRegistration($option) { global $database, $my, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == "0") { mosNotAuth(); return; } $row = new mosUser($database); if (!$row->bind($_POST, "usertype")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = ''; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == "1") { $row->activation = md5(mosMakePassword()); $row->block = "1"; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date("Y-m-d H:i:s"); if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); if ($mosConfig_useractivation == "1") { $message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); } else { $message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site); } $message = html_entity_decode($message, ENT_QUOTES); // Send email to user if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { $database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='superadministrator'"); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get superadministrators id $admins = $acl->get_group_objects(25, 'ARO'); foreach ($admins['users'] as $id) { $database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'"); $rows = $database->loadObjectList(); $row = $rows[0]; if ($row->sendEmail) { mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2); } } if ($mosConfig_useractivation == "1") { echo _REG_COMPLETE_ACTIVATE; } else { echo _REG_COMPLETE; } }
/** * Returns a reference to the global {@link JUser} object, * only creating it if it doesn't already exist. * * @param int $id An user identifier * @return JUser */ public static function getUser($id = null) { if (JCOMMENTS_JVERSION == '1.0') { if (!is_null($id)) { global $database; $user = new mosUser($database); $user->load($id); } else { global $mainframe; $user = $mainframe->getUser(); } } else { $user = JFactory::getUser($id); } return $user; }
/** * Check if users are of lower permissions than current user (if not super-admin) and if the user himself is not included * * @param array of userId $cid * @param string $actionName to insert in message. * @return string of error if error, otherwise null * Added 1.0.11 */ function checkUserPermissions($cid, $actionName, $allowActionToMyself = false) { global $database, $acl, $my; $msg = null; if (is_array($cid) && count($cid)) { $obj = new mosUser($database); foreach ($cid as $id) { if ($id != 0) { $obj->load($id); $groups = $acl->get_object_groups('users', $id, 'ARO'); $this_group = strtolower($acl->get_group_name($groups[0], 'ARO')); } else { $this_group = 'Registered'; // minimal user group $obj->gid = $acl->get_group_id($this_group, 'ARO'); } if (!$allowActionToMyself && $id == $my->id) { $msg .= 'Não pode ' . $actionName . ' seu próprio nome!'; } else { if ($obj->gid == $my->gid && !in_array($my->gid, array(24, 25)) || $obj->gid && !in_array($obj->gid, getGIDSChildren($my->gid))) { $msg .= 'Não pode ' . $actionName . ' a `' . $this_group . '`. Apenas usuários com um nível de grupo superior têm esta permissão. '; } } } } return $msg; }
$query = "SELECT COUNT(*) FROM #__users WHERE block = '0' {$where}"; $database->setQuery($query); $total = $database->loadResult(); $limit = jTipsGetParam($_REQUEST, 'limit', $jTips['NumMax']); $pageNav = new mosPageNav($total, $offset, $limit); $tpl->pageNav = $pageNav; $direction = jTipsGetParam($_REQUEST, 'filter_order_Dir', 'asc'); if (empty($direction)) { $direction = 'asc'; } $orderby = jTipsGetParam($_REQUEST, 'filter_order', 'name'); if (empty($orderby)) { $orderby = 'name'; } // BUG 319 - creating users that don't require activation, or creating a user by admin leaves an activation code //$query = "SELECT id FROM #__users WHERE activation = '' ORDER BY $orderby $direction"; $query = "SELECT id FROM #__users WHERE block = '0' {$where} ORDER BY {$orderby} {$direction}"; $database->setQuery($query, $pageNav->limitstart, $pageNav->limit); $list = (array) $database->loadResultArray(); $users = array(); foreach ($list as $id) { if (isJoomla15()) { $JoomlaUser = new JUser(); } else { $JoomlaUser = new mosUser($database); } $JoomlaUser->load($id); $users[] = $JoomlaUser; } $tpl->users = $users; $tpl->display();
function userSave($option, $uid) { global $database, $my, $mosConfig_frontend_userparams; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } // simple spoof check security josSpoofCheck(); $row = new mosUser($database); $row->load((int) $user_id); $orig_password = $row->password; $orig_username = $row->username; if (!$row->bind($_POST, 'gid usertype')) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); mosMakeHtmlSafe($row); if (isset($_POST['password']) && $_POST['password'] != '') { if (isset($_POST['verifyPass']) && $_POST['verifyPass'] == $_POST['password']) { $row->password = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; } else { echo "<script> alert(\"" . addslashes(_PASS_MATCH) . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $orig_password; } if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) { // save params $params = mosGetParam($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // check if username has been changed if ($orig_username != $row->username) { // change username value in session table $query = "UPDATE #__session" . "\n SET username = "******"\n WHERE username = "******"\n AND userid = " . (int) $my->id . "\n AND gid = " . (int) $my->gid . "\n AND guest = 0"; $database->setQuery($query); $database->query(); } mosRedirect('index.php', _USER_DETAILS_SAVE); }
function userSave($option, $uid) { global $database; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } $row = new mosUser($database); $row->load($user_id); $row->orig_password = $row->password; if (!$row->bind($_POST, "gid usertype")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); if (isset($_POST["password"]) && $_POST["password"] != "") { if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) { $row->password = md5($_POST["password"]); } else { echo "<script> alert(\"" . T_('Passwords do not match') . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $row->orig_password; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } unset($row->orig_password); // prevent DB error!! if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $loginfo = new mosLoginDetails($row->username, $_POST['password']); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); $mambothandler->trigger('userChange', array($loginfo)); mosRedirect("index.php?option={$option}", T_('Your settings have been saved.')); }
/** * The function from com_registration! * Registers a user into Mambo/Joomla * * @return boolean True when the registration process was successful, False when not */ function saveRegistration() { global $database, $acl, $vmLogger, $mosConfig_useractivation, $mosConfig_allowUserRegistration, $mosConfig_live_site; if ($mosConfig_allowUserRegistration == '0') { mosNotAuth(); return false; } $row = new mosUser($database); if (!$row->bind($_POST, 'usertype')) { $error = vmHtmlEntityDecode($row->getError()); $vmLogger->err($error); echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n"; return false; } mosMakeHtmlSafe($row); $usergroup = 'Registered'; $row->id = 0; $row->usertype = $usergroup; $row->gid = $acl->get_group_id($usergroup, 'ARO'); if ($mosConfig_useractivation == '1') { $row->activation = md5(vmGenRandomPassword()); $row->block = '1'; } if (!$row->check()) { $error = vmHtmlEntityDecode($row->getError()); $vmLogger->err($error); echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n"; return false; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date('Y-m-d H:i:s'); if (!$row->store()) { $error = vmHtmlEntityDecode($row->getError()); $vmLogger->err($error); echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n"; return false; } $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $component = vmIsJoomla(1.5) ? 'com_user' : 'com_registration'; $activation_link = $mosConfig_live_site . "/index.php?option={$component}&task=activate&activation=" . $row->activation; // Send the registration email $this->_sendMail($name, $email, $username, $pwd, $activation_link); return true; }
function dofreePDF($database) { global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset, $mosConfig_hideCreateDate, $mosConfig_hideAuthor, $mosConfig_hideModifyDate; $id = intval(mosGetParam($_REQUEST, 'id', 1)); // Access check global $gid; $now = date('Y-m-d H:i:s', time() + $mosConfig_offset * 60 * 60); $query = "SELECT COUNT(a.id)" . "\n FROM #__content AS a" . "\n LEFT JOIN #__categories AS cc ON cc.id = a.catid" . "\n LEFT JOIN #__sections AS s ON s.id = cc.section AND s.scope='content'" . "\n LEFT JOIN #__users AS u ON u.id = a.created_by" . "\n LEFT JOIN #__content_rating AS v ON a.id = v.content_id" . "\n LEFT JOIN #__groups AS g ON a.access = g.id" . "\n WHERE a.id='" . $id . "' " . "\n AND (a.state = '1' OR a.state = '-1')" . "\n AND (publish_up = '0000-00-00 00:00:00' OR publish_up <= '{$now}')" . "\n AND (publish_down = '0000-00-00 00:00:00' OR publish_down >= '{$now}')" . "\n AND a.access <= " . intval($gid); $database->setQuery($query); if (!$database->loadResult()) { exit(T_('You are not authorized to view this resource.')); } include 'includes/class.ezpdf.php'; $row = new mosContent($database); $row->load($id); //Find Author Name $users_rows = new mosUser($database); $users_rows->load($row->created_by); $row->author = $users_rows->name; $row->usertype = $users_rows->usertype; // Ugly but needed to get rid of all the stuff the PDF class cant handle $row->fulltext = str_replace('<p>', "\n\n", $row->fulltext); $row->fulltext = str_replace('<P>', "\n\n", $row->fulltext); $row->fulltext = str_replace('<br />', "\n", $row->fulltext); $row->fulltext = str_replace('<br>', "\n", $row->fulltext); $row->fulltext = str_replace('<BR />', "\n", $row->fulltext); $row->fulltext = str_replace('<BR>', "\n", $row->fulltext); $row->fulltext = str_replace('<li>', "\n - ", $row->fulltext); $row->fulltext = str_replace('<LI>', "\n - ", $row->fulltext); $row->fulltext = strip_tags($row->fulltext); $row->fulltext = str_replace('{mosimage}', '', $row->fulltext); $row->fulltext = str_replace('{mospagebreak}', '', $row->fulltext); $row->fulltext = decodeHTML($row->fulltext); $row->introtext = str_replace('<p>', "\n\n", $row->introtext); $row->introtext = str_replace('<P>', "\n\n", $row->introtext); $row->introtext = str_replace('<li>', "\n - ", $row->introtext); $row->introtext = str_replace('<LI>', "\n - ", $row->introtext); $row->introtext = strip_tags($row->introtext); $row->introtext = str_replace('{mosimage}', '', $row->introtext); $row->introtext = str_replace('{mospagebreak}', '', $row->introtext); $row->introtext = decodeHTML($row->introtext); $pdf =& new Cezpdf('a4', 'P'); //A4 Portrait $pdf->ezSetCmMargins(2, 1.5, 1, 1); $pdf->selectFont('./fonts/Helvetica.afm'); //choose font $all = $pdf->openObject(); $pdf->saveState(); $pdf->setStrokeColor(0, 0, 0, 1); // footer $pdf->line(10, 40, 578, 40); $pdf->line(10, 822, 578, 822); $pdf->addText(30, 34, 6, $mosConfig_live_site . ' - ' . $mosConfig_sitename); $pdf->addText(250, 34, 6, T_('Powered by Mambo')); $pdf->addText(450, 34, 6, T_('Generated:') . date('j F, Y, H:i', time() + $mosConfig_offset * 60 * 60)); $pdf->restoreState(); $pdf->closeObject(); $pdf->addObject($all, 'all'); $pdf->ezSetDy(30); $txt1 = $row->title; $pdf->ezText($txt1, 14); $txt2 = NULL; $mod_date = NULL; $create_date = NULL; if (intval($row->modified) != 0) { $mod_date = mosFormatDate($row->modified); } if (intval($row->created) != 0) { $create_date = mosFormatDate($row->created); } if ($mosConfig_hideCreateDate == '0') { $txt2 .= '(' . $create_date . ') - '; } if ($mosConfig_hideAuthor == "0") { if ($row->author != '' && $mosConfig_hideAuthor == '0') { if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') { $txt2 .= T_('Written by') . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author); } else { $txt2 .= T_('Contributed by') . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author); } } } if ($mosConfig_hideModifyDate == "0") { $txt2 .= ' - ' . T_('Last Updated') . ' (' . $mod_date . ') '; } $txt2 .= "\n\n"; $pdf->ezText($txt2, 8); $txt3 = $row->introtext . "\n" . $row->fulltext; $pdf->ezText($txt3, 10); $pdf->ezStream(); }
function dofreePDF($database) { global $mosConfig_live_site, $mosConfig_sitename, $mosConfig_offset, $mosConfig_hideCreateDate, $mosConfig_hideAuthor, $mosConfig_hideModifyDate; $id = intval(mosGetParam($_REQUEST, 'id', 1)); include 'includes/class.ezpdf.php'; $row = new mosContent($database); $row->load($id); //Find Author Name $users_rows = new mosUser($database); $users_rows->load($row->created_by); $row->author = $users_rows->name; $row->usertype = $users_rows->usertype; // Ugly but needed to get rid of all the stuff the PDF class cant handle $row->fulltext = str_replace('<p>', "\n\n", $row->fulltext); $row->fulltext = str_replace('<P>', "\n\n", $row->fulltext); $row->fulltext = str_replace('<br />', "\n", $row->fulltext); $row->fulltext = str_replace('<br>', "\n", $row->fulltext); $row->fulltext = str_replace('<BR />', "\n", $row->fulltext); $row->fulltext = str_replace('<BR>', "\n", $row->fulltext); $row->fulltext = str_replace('<li>', "\n - ", $row->fulltext); $row->fulltext = str_replace('<LI>', "\n - ", $row->fulltext); $row->fulltext = strip_tags($row->fulltext); $row->fulltext = str_replace('{mosimage}', '', $row->fulltext); $row->fulltext = str_replace('{mospagebreak}', '', $row->fulltext); $row->fulltext = decodeHTML($row->fulltext); $row->introtext = str_replace('<p>', "\n\n", $row->introtext); $row->introtext = str_replace('<P>', "\n\n", $row->introtext); $row->introtext = str_replace('<li>', "\n - ", $row->introtext); $row->introtext = str_replace('<LI>', "\n - ", $row->introtext); $row->introtext = strip_tags($row->introtext); $row->introtext = str_replace('{mosimage}', '', $row->introtext); $row->introtext = str_replace('{mospagebreak}', '', $row->introtext); $row->introtext = decodeHTML($row->introtext); $pdf =& new Cezpdf('a4', 'P'); //A4 Portrait $pdf->ezSetCmMargins(2, 1.5, 1, 1); $pdf->selectFont('./fonts/Helvetica.afm'); //choose font $all = $pdf->openObject(); $pdf->saveState(); $pdf->setStrokeColor(0, 0, 0, 1); // footer $pdf->line(10, 40, 578, 40); $pdf->line(10, 822, 578, 822); $pdf->addText(30, 34, 6, $mosConfig_live_site . ' - ' . $mosConfig_sitename); $pdf->addText(250, 34, 6, 'Powered by Mambo'); $pdf->addText(450, 34, 6, 'Generated: ' . date('j F, Y, H:i', time() + $mosConfig_offset * 60 * 60)); $pdf->restoreState(); $pdf->closeObject(); $pdf->addObject($all, 'all'); $pdf->ezSetDy(30); $txt1 = $row->title; $pdf->ezText($txt1, 14); $txt2 = NULL; $mod_date = NULL; $create_date = NULL; if (intval($row->modified) != 0) { $mod_date = mosFormatDate($row->modified); } if (intval($row->created) != 0) { $create_date = mosFormatDate($row->created); } if ($mosConfig_hideCreateDate == '0') { $txt2 .= '(' . $create_date . ') - '; } if ($mosConfig_hideAuthor == "0") { if ($row->author != '' && $mosConfig_hideAuthor == '0') { if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') { $txt2 .= _WRITTEN_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author); } else { $txt2 .= _AUTHOR_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author); } } } if ($mosConfig_hideModifyDate == "0") { $txt2 .= ' - ' . _LAST_UPDATED . ' (' . $mod_date . ') '; } $txt2 .= "\n\n"; $pdf->ezText($txt2, 8); $txt3 = $row->introtext . "\n" . $row->fulltext; $pdf->ezText($txt3, 10); $pdf->ezStream(); }
function removeUsers($cid, $option) { global $database, $acl, $adminLanguage; if (!is_array($cid) || count($cid) < 1) { echo "<script> alert(\"" . $adminLanguage->A_COMP_CONTENT_SEL_DEL . "\"); window.history.go(-1);</script>\n"; exit; } $msg = ''; if (count($cid)) { $obj = new mosUser($database); foreach ($cid as $id) { // check for a super admin ... can't delete them $groups = $acl->get_object_groups('users', $id, 'ARO'); $this_group = strtolower($acl->get_group_name($groups[0], 'ARO')); if ($this_group == 'super administrator') { $msg .= $adminLanguage->A_COMP_USERS_CANNOT; } else { $obj->delete($id); $msg .= $obj->getError(); } } } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); mosRedirect('index2.php?option=' . $option, $msg); }
function checkin( $oid = null ) { $this->_mapUsers(); // Checks-in the row (on the CMSes where applicable): if ( is_callable( array( $this->_cmsUser, 'checkin' ) ) ) { return $this->_cmsUser->checkin(); } else { return true; } }
function removeUsers($cid, $option) { global $database, $acl; if (!is_array($cid) || count($cid) < 1) { echo "<script> alert('Select an item to delete'); window.history.go(-1);</script>\n"; exit; } $msg = ''; if (count($cid)) { $obj = new mosUser($database); foreach ($cid as $id) { // check for a super admin ... can't delete them $groups = $acl->get_object_groups('users', $id, 'ARO'); $this_group = strtolower($acl->get_group_name($groups[0], 'ARO')); if ($this_group == 'super administrator') { $msg .= "You cannot delete a Super Administrator"; } else { $obj->delete($id); $msg .= $obj->getError(); $obj2 = new mosUser_extended($database); $obj2->delete($id); $msg .= $obj2->getError(); } } } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); mosRedirect("index2.php?option={$option}", $msg); }
function AuthorDateLine(&$row, &$params) { global $database; $text = ''; if ($params->get('author')) { // Display Author name //Find Author Name $users_rows = new mosUser($database); $users_rows->load($row->created_by); $row->author = $users_rows->name; $row->usertype = $users_rows->usertype; if ($row->usertype == 'administrator' || $row->usertype == 'superadministrator') { $text .= "\n"; $text .= _WRITTEN_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author); } else { $text .= "\n"; $text .= _AUTHOR_BY . ' ' . ($row->created_by_alias ? $row->created_by_alias : $row->author); } } if ($params->get('createdate') && $params->get('author')) { // Display Separator $text .= "\n"; } if ($params->get('createdate')) { // Display Created Date if (intval($row->created)) { $create_date = mosFormatDate($row->created); $text .= $create_date; } } if ($params->get('modifydate') && ($params->get('author') || $params->get('createdate'))) { // Display Separator $text .= "\n"; } if ($params->get('modifydate')) { // Display Modified Date if (intval($row->modified)) { $mod_date = mosFormatDate($row->modified); $text .= _LAST_UPDATED . ' ' . $mod_date; } } $text .= "\n\n"; return $text; }
/** * Check if users are of lower permissions than current user (if not super-admin) and if the user himself is not included * * @param array of userId $cid * @param string $actionName to insert in message. * @return string of error if error, otherwise null * Added 1.0.11 */ function checkUserPermissions($cid, $actionName, $allowActionToMyself = false) { global $database, $acl, $my; $msg = null; if (is_array($cid) && count($cid)) { $obj = new mosUser($database); foreach ($cid as $id) { if ($id != 0) { $obj->load($id); $groups = $acl->get_object_groups('users', $id, 'ARO'); $this_group = strtolower($acl->get_group_name($groups[0], 'ARO')); } else { $this_group = 'Registered'; // minimal user group $obj->gid = $acl->get_group_id($this_group, 'ARO'); } if (!$allowActionToMyself && $id == $my->id) { $msg .= 'You cannot ' . $actionName . ' Yourself!'; } else { if ($obj->gid == $my->gid && !in_array($my->gid, array(24, 25)) || $obj->gid && !in_array($obj->gid, getGIDSChildren($my->gid))) { $msg .= 'You cannot ' . $actionName . ' a `' . $this_group . '`. Only higher-level users have this power. '; } } } } return $msg; }
function UserView($option, $uid) { global $database; if ($uid == 0) { mosNotAuth(); return; } $user_id = intval(mosGetParam($_REQUEST, 'userid', 0)); if ($user_id == 0) { $user_id = $uid; } // echo "<script>alert('$user_id');</script>"; include_once "administrator/components/com_user_extended/user_extended.class.php"; $row = new mosUser_Extended($database); $row->load($user_id); $urow = new mosUser($database); $urow->load($user_id); $u_name = $urow->name; $u_username = $urow->username; $u_email = $urow->email; UserExtended_content::UserView($option, $row, $u_name, $u_username, $u_email); }
function saveRegistration($option) { global $database, $my, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == '0') { mosNotAuth(); return; } $row = new mosUser($database); if (!$row->bind($_POST, 'usertype')) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = 'Registered'; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == '1') { $row->activation = md5(mosMakePassword()); $row->block = '1'; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date("Y-m-d H:i:s"); if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $subject = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); if ($mosConfig_useractivation == "1") { $message = sprintf(T_('Hello %s, Thank you for registering at %s. Your account has been created but, as a precaution, it must be activated by you before you can use it. To activate the account click on the following link or copy and paste it in your browser: %s After activation you may login to %s using the following username and password: Username - %s Password - %s'), $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); $loginfo = new mosLoginDetails($username, $pwd); $mambothandler->trigger('userRegister', array($loginfo)); } else { $message = sprintf(T_("Hello %s,\n\nThank you for registering at %s.\n\nYou may now login to %s using the username and password you registered with."), $name, $mosConfig_sitename, $mosConfig_live_site); $loginfo = new mosLoginDetails($username, $pwd); $mambothandler->trigger('userRegister', array($loginfo)); $mambothandler->trigger('userActivate', array($loginfo)); } $message = html_entity_decode($message, ENT_QUOTES); // Send email to user if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { $database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='super administrator'"); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename); $message2 = sprintf(T_('Hello %s, A new user has registered at %s. This email contains their details: Name - %s e-mail - %s Username - %s Please do not respond to this message as it is automatically generated and is for information purposes only'), $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get superadministrators id $admins = $acl->get_group_objects(25, 'ARO'); foreach ($admins['users'] as $id) { $database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'"); $rows = $database->loadObjectList(); $row = $rows[0]; if ($row->sendEmail) { mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2); } } if ($mosConfig_useractivation == "1") { echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />'; echo T_('Your account has been created and an activation link has been sent to the e-mail address you entered. Note that you must activate the account by clicking on the activation link before you can login.'); } else { echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />'; echo T_('You may now login.'); } }
function sendNotificationEmail($type) { jTipsLogger::_log('preparing to send ' . $type . ' notification email', 'INFO'); global $jTips, $database; $subject = stripslashes($jTips["UserNotify" . $type . "Subject"]); $message = stripslashes($jTips["UserNotify" . $type . "Message"]); $from_name = $jTips['UserNotifyFromName']; $from_email = $jTips['UserNotifyFromEmail']; $variables = array(); $values = array(); foreach (get_object_vars($this) as $key => $val) { if (is_string($key)) { array_push($variables, $key); $values[$key] = $val; } } if (isJoomla15()) { $user = new JUser(); } else { $user = new mosUser($database); } $user->load($this->user_id); foreach (get_object_vars($user) as $key => $val) { if (is_string($key)) { array_push($variables, $key); $values[$key] = $val; } } // find out which season this is for an add it to the avaialble variables $query = "SELECT name FROM #__jtips_seasons WHERE id = '" . $this->season_id . "'"; $database->setQuery($query); $season = $database->loadResult(); $values['competition'] = $season; $values['season'] = $season; $body = parseTemplate($message, $variables, $values); jTipsLogger::_log('sending email: ' . $body, 'INFO'); if (jTipsMail($from_email, $from_name, $this->getUserField('email'), $subject, $body)) { jTipsLogger::_log('notification email sent successfully', 'INFO'); return TRUE; } else { jTipsLogger::_log('sending notification email failed', 'ERROR'); return FALSE; } }
function removeUsers($cid, $option) { global $database, $acl, $my; if (!is_array($cid) || count($cid) < 1) { $msg = T_("Select an item to delete"); mosRedirect('index2.php?option=' . $option, $msg); } if (in_array($my->id, $cid)) { $msg = T_("You cannot delete yourself!"); mosRedirect('index2.php?option=' . $option, $msg); } // count super/admin gids within $cid $super_gid = $acl->get_group_id('super administrator'); $admin_gid = $acl->get_group_id('administrator'); $cids = implode(',', $cid); $database->setQuery("SELECT COUNT(id) FROM #__users WHERE id IN ({$cids}) AND gid IN ({$super_gid},{$admin_gid})"); if ($database->getErrorMsg()) { echo $database->stderr(); return; } $admin_count = (int) $database->loadResult(); // disallow deleting administrators / super administrators if not super administrator if ($admin_count && $my->gid !== $super_gid) { $msg = T_("You cannot delete another `Administrator` only `Super Administrators` have this power"); mosRedirect('index2.php?option=' . $option, $msg); } if (count($cid)) { $obj = new mosUser($database); $deleted = array(); foreach ($cid as $id) { $obj->delete($id); $deleted[] = $id; $msg = $obj->getError(); } if (count($deleted)) { $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); $cids = implode(',', $deleted); $query = "SELECT username FROM #__users WHERE id IN ({$cids})"; $database->setQuery($query); $results = $database->loadResultArray(); if ($results) { foreach ($results as $result) { $loginfo = new mosLoginDetails($result->username); $mambothandler->trigger('userDelete', array($loginfo)); } } } } mosRedirect('index2.php?option=' . $option, $msg); }
function saveRegistration() { global $database, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == 0) { mosNotAuth(); return; } // simple spoof check security josSpoofCheck(); $row = new mosUser($database); if (!$row->bind($_POST, 'usertype')) { mosErrorAlert($row->getError()); } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); $row->password = trim($row->password); mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = ''; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == 1) { $row->activation = md5(mosMakePassword()); $row->block = '1'; } if (!$row->check()) { echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; $row->registerDate = date('Y-m-d H:i:s'); if (!$row->store()) { echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); $name = trim($row->name); $email = trim($row->email); $username = trim($row->username); $subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); if ($mosConfig_useractivation == 1) { $message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); } else { $message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site); } $message = html_entity_decode($message, ENT_QUOTES); // check if Global Config `mailfrom` and `fromname` values exist if ($mosConfig_mailfrom != '' && $mosConfig_fromname != '') { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { // use email address and name of first superadmin for use in email sent to user $query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE LOWER( usertype ) = 'superadministrator'" . "\n OR LOWER( usertype ) = 'super administrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } // Send email to user mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get email addresses of all admins and superadmins set to recieve system emails $query = "SELECT email, sendEmail" . "\n FROM #__users" . "\n WHERE ( gid = 24 OR gid = 25 )" . "\n AND sendEmail = 1" . "\n AND block = 0"; $database->setQuery($query); $admins = $database->loadObjectList(); foreach ($admins as $admin) { // send email to admin & super admin set to recieve system emails mosMail($adminEmail2, $adminName2, $admin->email, $subject2, $message2); } if ($mosConfig_useractivation == 1) { echo _REG_COMPLETE_ACTIVATE; } else { echo _REG_COMPLETE; } }
$gettext->bindtextdomain($lang, $configuration->rootPath() . '/language'); $gettext->bind_textdomain_codeset($lang, $charset); $gettext->textdomain($lang); #$gettext =& phpgettext(); dump($gettext); if ($adminside) { // Start ACL require_once $configuration->rootPath() . '/includes/gacl.class.php'; require_once $configuration->rootPath() . '/includes/gacl_api.class.php'; $acl = new gacl_api(); // Handle special admin side options $option = strtolower(mosGetParam($_REQUEST, 'option', 'com_admin')); $domain = substr($option, 4); session_name(md5(mamboCore::get('mosConfig_live_site'))); session_start(); // restore some session variables $my = new mosUser(); $my->getSession(); if (mosSession::validate($my)) { mosSession::purge(); } else { mosSession::purge(); $my = null; } if (!$my and $option == 'login') { $option = 'admin'; require_once $configuration->rootPath() . '/includes/authenticator.php'; $authenticator =& mamboAuthenticator::getInstance(); $my = $authenticator->loginAdmin($acl); } elseif ($option == 'logout') { require $configuration->rootPath() . '/administrator/logout.php'; exit;
/** * Gets access levels of CMS for $user_id * * @param int $user_id * @param boolean $recurse (DEPRECATED 1.8) * @param boolean $cb1xNumbering (SINCE 1.8) DEFAULT: FALSE: (if $cb1xNumbering with CB 1.x's definition for standard levels 0,1,2) * @return array of int */ function get_object_access($user_id, $recurse = false, $cb1xNumbering = true) { global $_CB_database; if (checkJversion() == 2) { $levels = $this->_acl->getAuthorisedViewLevels((int) $user_id); // Keep backwards levels compatible: J1.6's 1 is CB 1.7-'s 0, 2 is 1, 3 is 2: if ($cb1xNumbering) { foreach ($levels as $k => $v) { if ($v <= 3) { --$levels[$k]; } } } } else { if (checkJversion() == 1) { $user =& JFactory::getUser($user_id ? (int) $user_id : null); $level = $user->get('aid', 0); } else { $user = new mosUser($_CB_database); $user->load((int) $user_id); $level = $user->gid; } $query = 'SELECT ' . $_CB_database->NameQuote('id') . "\n FROM " . $_CB_database->NameQuote('#__groups') . "\n WHERE " . $_CB_database->NameQuote('id') . " <= " . (int) $level . "\n ORDER BY " . $_CB_database->NameQuote('id'); $_CB_database->setQuery($query); $levels = $_CB_database->loadResultArray(); if (!$cb1xNumbering) { for ($i = 0, $n = count($levels); $i < $n; $i++) { if (in_array($levels[$i], array(0, 1, 2))) { ++$levels[$i]; // J1.5's 0 is CB's 1, 1 is 2, 2 is 3. } } } // This makes sense only on J<1.6, thus it's only here: if (!$recurse) { $levels = array_slice($levels, -1); } } return array_unique(cbArrayToInts($levels)); }
function get_object_access( $user_id, $recurse = false ) { global $_CB_database; $user_id = (int) $user_id; if ( checkJversion() == 2 ) { $levels = $this->_acl->getAuthorisedViewLevels( $user_id ); $return = ( $recurse ? $levels : array_slice( $levels, -1 ) ); } else { if ( checkJversion() == 1 ) { $user =& JFactory::getUser(); $user->load( $user_id ); $level = $user->get( 'aid', 0 ); } else { $user = new mosUser( $_CB_database ); $user->load( $user_id ); $level = $user->gid; } $query = 'SELECT ' . $_CB_database->NameQuote( 'id' ) . "\n FROM " . $_CB_database->NameQuote( '#__groups' ) . "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " <= " . (int) $level . "\n ORDER BY " . $_CB_database->NameQuote( 'id' ); $_CB_database->setQuery( $query ); $levels = $_CB_database->loadResultArray(); for ( $i = 0, $n = count( $levels ); $i < $n; $i++ ) { $levels[$i] = (int) $levels[$i]; } $return = ( $recurse ? $levels : array_slice( $levels, -1 ) ); } return $return; }
include_class('product'); if (!isset($ps_shopper_group)) { $ps_shopper_group = new ps_shopper_group(); } $user_id = intval(vmGet($_REQUEST, 'user_id')); $cid = vmRequest::getVar('cid', array(0), '', 'array'); if (!empty($user_id)) { $q = "SELECT * FROM #__users AS u LEFT JOIN #__{vm}_user_info AS ui ON id=user_id "; $q .= "WHERE id={$user_id} "; $q .= "AND (address_type='BT' OR address_type IS NULL ) "; $q .= "AND gid <= " . $my->gid; $db->query($q); $db->next_record(); } // Set up the CMS General User Information $row = new mosUser($database); $row->load((int) $user_id); if ($user_id) { $query = "SELECT *" . "\n FROM #__contact_details" . "\n WHERE user_id = " . (int) $row->id; $database->setQuery($query); $contact = $database->loadObjectList(); $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); $row->password = trim($row->password); } else { $contact = NULL; $row->block = 0; } // check to ensure only super admins can edit super admin info if ($my->gid < 25 && $row->gid == 25) {
function userSave($option, $uid) { global $database; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } $row = new mosUser($database); $row->load($user_id); $row->orig_password = $row->password; if (!$row->bind($_POST, "gid usertype")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); if (isset($_POST["password"]) && $_POST["password"] != "") { if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) { $row->password = md5($_POST["password"]); } else { echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $row->orig_password; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } unset($row->orig_password); // prevent DB error!! if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE); }