Esempio n. 1
0
/**
* Saves user to the database
*
* @param    int     $uid            user id
* @param    string  $usernmae       (short) username
* @param    string  $fullname       user's full name
* @param    string  $email          user's email address
* @param    string  $regdate        date the user registered with the site
* @param    string  $homepage       user's homepage URL
* @param    array   $groups         groups the user belongs to
* @param    string  $delete_photo   delete user's photo if == 'on'
* @return   string                  HTML redirect or error message
*
*/
function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3)
{
    global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
    $retval = '';
    $userChanged = false;
    if ($_USER_VERBOSE) {
        COM_errorLog("**** entering saveusers****", 1);
        COM_errorLog("group size at beginning = " . count($groups), 1);
    }
    $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
    // If remote service then assume blank password
    if (!empty($service)) {
        $passwd = '';
        $passwd_conf = '';
    }
    $passwd_changed = true;
    if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') {
        $passwd_changed = false;
    }
    if ($passwd_changed && $passwd != $passwd_conf) {
        // passwords don't match
        return edituser($uid, 67);
    }
    $nameAndEmailOkay = true;
    if (empty($username)) {
        $nameAndEmailOkay = false;
    } elseif (empty($email)) {
        if (empty($uid)) {
            $nameAndEmailOkay = false;
            // new users need an email address
        } else {
            if (empty($service)) {
                $nameAndEmailOkay = false;
                // not a remote user - needs email
            }
        }
    }
    if ($nameAndEmailOkay) {
        if (!empty($email) && !COM_isEmail($email)) {
            return edituser($uid, 52);
        }
        $uname = DB_escapeString($username);
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
        } else {
            if (!empty($service)) {
                $uservice = DB_escapeString($service);
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's username to one that already exists
            return edituser($uid, 51);
        }
        $emailaddr = DB_escapeString($email);
        $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
        } else {
            $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
            if ($old_email == $email) {
                // email address didn't change so don't care
                $ucount = 0;
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's email to one that already exists
            return edituser($uid, 56);
        }
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($username, $email);
            if (!empty($ret)) {
                // need a numeric return value - otherwise use default message
                if (!is_numeric($ret['number'])) {
                    $ret['number'] = 400;
                }
                return edituser($uid, $ret['number']);
            }
        }
        if (empty($uid)) {
            if (empty($passwd)) {
                // no password? create one ...
                $passwd = SEC_generateRandomPassword();
            }
            $uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage);
            if ($uid > 1) {
                DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
            }
        } else {
            $fullname = DB_escapeString($fullname);
            $homepage = DB_escapeString($homepage);
            $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}");
            if (!empty($curphoto) && $delete_photo == 'on') {
                USER_deletePhoto($curphoto);
                $curphoto = '';
            }
            if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
                $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
                if ($curusername != $username) {
                    // user has been renamed - rename the photo, too
                    $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
                    $imgpath = $_CONF['path_images'] . 'userphotos/';
                    if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
                        $retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
                        return $retval;
                    }
                    $curphoto = $newphoto;
                }
            }
            $curphoto = DB_escapeString($curphoto);
            DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}");
            if ($passwd_changed && !empty($passwd)) {
                SEC_updateUserPassword($passwd, $uid);
            }
            if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
                CUSTOM_userSave($uid);
            }
            if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) {
                USER_createAndSendPassword($username, $email, $uid);
            }
            if ($userstatus == USER_ACCOUNT_DISABLED) {
                SESS_endUserSession($uid);
            }
            $userChanged = true;
        }
        // check that the user is allowed to change group assignments
        if (is_array($groups) && SEC_hasRights('group.assign')) {
            if (!SEC_inGroup('Root')) {
                $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
                if (in_array($rootgrp, $groups)) {
                    COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
                    echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
                    exit;
                }
            }
            // make sure the Remote Users group is in $groups
            if (SEC_inGroup('Remote Users', $uid)) {
                $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
                if (!in_array($remUsers, $groups)) {
                    $groups[] = $remUsers;
                }
            }
            if ($_USER_VERBOSE) {
                COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
            }
            // remove user from all groups that the User Admin is a member of
            $UserAdminGroups = SEC_getUserGroups();
            $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
            DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
            // make sure to add user to All Users and Logged-in Users groups
            $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
            if (!in_array($allUsers, $groups)) {
                $groups[] = $allUsers;
            }
            $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
            if (!in_array($logUsers, $groups)) {
                $groups[] = $logUsers;
            }
            foreach ($groups as $userGroup) {
                if (in_array($userGroup, $UserAdminGroups)) {
                    if ($_USER_VERBOSE) {
                        COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
                    }
                    $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
                    DB_query($sql);
                }
            }
        }
        if ($userChanged) {
            PLG_userInfoChanged($uid);
        }
        $errors = DB_error();
        if (empty($errors)) {
            echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
        } else {
            $retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php');
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
            echo $retval;
            exit;
        }
    } else {
        $retval .= COM_showMessageText($LANG28[10]);
        if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) {
            $retval .= edituser($uid);
        } else {
            $retval .= edituser();
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1]));
        COM_output($retval);
        exit;
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("***************leaving saveusers*****************", 1);
    }
    return $retval;
}
Esempio n. 2
0
/**
* Saves the user's information back to the database
*
* @param    array   $A  User's data
* @return   string      HTML error message or meta redirect
*
*/
function saveuser($A)
{
    global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
    if ($_US_VERBOSE) {
        COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
    }
    $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
    if ($reqid != $A['uid']) {
        DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
        COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    if (!isset($A['cooktime'])) {
        // If not set or possibly removed from template - set to default
        $A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
    } else {
        $A['cooktime'] = COM_applyFilter($A['cooktime'], true);
    }
    // If empty or invalid - set to user default
    // So code after this does not fail the user password required test
    if ($A['cooktime'] < 0) {
        // note that == 0 is allowed!
        $A['cooktime'] = $_USER['cookietimeout'];
    }
    // to change the password, email address, or cookie timeout,
    // we need the user's current password
    $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
    if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
        if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) {
            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
        } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($A['username'], $A['email']);
            if (!empty($ret)) {
                // Need a numeric return for the default message handler
                // - if not numeric use default message
                if (!is_numeric($ret['number'])) {
                    $ret['number'] = 400;
                }
                return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
            }
        }
    } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
        $ret = CUSTOM_userCheck($A['username'], $A['email']);
        if (!empty($ret)) {
            // Need a numeric return for the default message handler
            // - if not numeric use default message
            if (!is_numeric($ret['number'])) {
                $ret['number'] = 400;
            }
            return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
        }
    }
    // no need to filter the password as it's encoded anyway
    if ($_CONF['allow_username_change'] == 1) {
        $A['new_username'] = COM_applyFilter($A['new_username']);
        if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
            $A['new_username'] = addslashes($A['new_username']);
            if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
                if ($_CONF['allow_user_photo'] == 1) {
                    $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
                    if (!empty($photo)) {
                        $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
                        $imgpath = $_CONF['path_images'] . 'userphotos/';
                        if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
                            $display = COM_siteHeader('menu', $LANG04[21]);
                            $display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
                            $display .= COM_siteFooter();
                            return $display;
                        }
                        DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']);
                    }
                }
                DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
            } else {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
            }
        }
    }
    // a quick spam check with the unfiltered field contents
    $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
    $result = PLG_checkforSpam($profile, $_CONF['spamx']);
    if ($result > 0) {
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
    }
    $A['email'] = COM_applyFilter($A['email']);
    $A['email_conf'] = COM_applyFilter($A['email_conf']);
    $A['homepage'] = COM_applyFilter($A['homepage']);
    // basic filtering only
    $A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
    $A['location'] = strip_tags(COM_stripslashes($A['location']));
    $A['sig'] = strip_tags(COM_stripslashes($A['sig']));
    $A['about'] = strip_tags(COM_stripslashes($A['about']));
    $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
    if (!COM_isEmail($A['email'])) {
        return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
    } else {
        if ($A['email'] !== $A['email_conf']) {
            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
        } else {
            if (emailAddressExists($A['email'], $_USER['uid'])) {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
            } else {
                if (!empty($A['passwd'])) {
                    if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) {
                        $passwd = SEC_encryptPassword($A['passwd']);
                        DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']);
                        if ($A['cooktime'] > 0) {
                            $cooktime = $A['cooktime'];
                        } else {
                            $cooktime = -1000;
                        }
                        SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
                    } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
                        return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
                    } elseif ($A['passwd'] != $A['passwd_conf']) {
                        return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
                    }
                }
                if ($_US_VERBOSE) {
                    COM_errorLog('cooktime = ' . $A['cooktime'], 1);
                }
                if ($A['cooktime'] <= 0) {
                    $cooktime = 1000;
                    SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
                } else {
                    SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
                }
                if ($_CONF['allow_user_photo'] == 1) {
                    $delete_photo = '';
                    if (isset($A['delete_photo'])) {
                        $delete_photo = $A['delete_photo'];
                    }
                    $filename = handlePhotoUpload($delete_photo);
                }
                if (!empty($A['homepage'])) {
                    $pos = MBYTE_strpos($A['homepage'], ':');
                    if ($pos === false) {
                        $A['homepage'] = 'http://' . $A['homepage'];
                    } else {
                        $prot = substr($A['homepage'], 0, $pos + 1);
                        if ($prot != 'http:' && $prot != 'https:') {
                            $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
                        }
                    }
                    $A['homepage'] = addslashes($A['homepage']);
                }
                $A['fullname'] = addslashes($A['fullname']);
                $A['email'] = addslashes($A['email']);
                $A['location'] = addslashes($A['location']);
                $A['sig'] = addslashes($A['sig']);
                $A['about'] = addslashes($A['about']);
                $A['pgpkey'] = addslashes($A['pgpkey']);
                if (!empty($filename)) {
                    if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
                        $filename = '';
                    }
                }
                DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
                DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
                // Call custom registration save function if enabled and exists
                if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
                    CUSTOM_userSave($_USER['uid']);
                }
                PLG_userInfoChanged($_USER['uid']);
                if ($_US_VERBOSE) {
                    COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
                }
                return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $_USER['uid'] . '&amp;msg=5');
            }
        }
    }
}
Esempio n. 3
0
/**
* Saves user to the database
*
* @param    int     $uid            user id
* @return   string                  HTML redirect or error message
*
*/
function USER_save($uid)
{
    global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
    $retval = '';
    $userChanged = false;
    if ($_USER_VERBOSE) {
        COM_errorLog("**** entering USER_save()****", 1);
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("group size at beginning = " . sizeof($groups), 1);
    }
    $uid = COM_applyFilter($_POST['uid'], true);
    if ($uid == 0) {
        $uid = '';
    }
    $regdate = COM_applyFilter($_POST['regdate'], true);
    $username = trim($_POST['new_username']);
    $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80);
    $userstatus = COM_applyFilter($_POST['userstatus'], true);
    $oldstatus = COM_applyFilter($_POST['oldstatus'], true);
    $passwd = isset($_POST['newp']) ? trim($_POST['newp']) : '';
    $passwd_conf = isset($_POST['newp_conf']) ? trim($_POST['newp_conf']) : '';
    $cooktime = COM_applyFilter($_POST['cooktime'], true);
    $email = trim($_POST['email']);
    $email_conf = trim($_POST['email_conf']);
    $groups = $_POST['groups'];
    $homepage = trim($_POST['homepage']);
    $location = strip_tags(trim($_POST['location']));
    $photo = isset($_POST['photo']) ? $_POST['photo'] : '';
    $delete_photo = isset($_POST['delete_photo']) && $_POST['delete_photo'] == 'on' ? 1 : 0;
    $sig = trim($_POST['sig']);
    $about = trim($_POST['about']);
    $pgpkey = trim($_POST['pgpkey']);
    $language = isset($_POST['language']) ? trim(COM_applyFilter($_POST['language'])) : '';
    $theme = isset($_POST['theme']) ? trim(COM_applyFilter($_POST['theme'])) : '';
    $maxstories = COM_applyFilter($_POST['maxstories'], true);
    $tzid = COM_applyFilter($_POST['tzid']);
    $dfid = COM_applyFilter($_POST['dfid'], true);
    $search_fmt = COM_applyFilter($_POST['search_result_format']);
    $commentmode = COM_applyFilter($_POST['commentmode']);
    $commentorder = isset($_POST['commentorder']) && $_POST['commentorder'] == 'DESC' ? 'DESC' : 'ASC';
    $commentlimit = COM_applyFilter($_POST['commentlimit'], true);
    $emailfromuser = isset($_POST['emailfromuser']) && $_POST['emailfromuser'] == 'on' ? 1 : 0;
    $emailfromadmin = isset($_POST['emailfromadmin']) && $_POST['emailfromadmin'] == 'on' ? 1 : 0;
    $noicons = isset($_POST['noicons']) && $_POST['noicons'] == 'on' ? 1 : 0;
    $noboxes = isset($_POST['noboxes']) && $_POST['noboxes'] == 'on' ? 1 : 0;
    $showonline = isset($_POST['showonline']) && $_POST['showonline'] == 'on' ? 1 : 0;
    $topic_order = isset($_POST['topic_order']) && $_POST['topic_order'] == 'ASC' ? 'ASC' : 'DESC';
    $maxstories = COM_applyFilter($_POST['maxstories'], true);
    $newuser = COM_applyFilter($_POST['newuser'], true);
    $remoteuser = isset($_POST['remoteuser']) && $_POST['remoteuser'] == 'on' ? 1 : 0;
    $remoteusername = isset($_POST['remoteusername']) ? strip_tags(trim($_POST['remoteusername'])) : '';
    $remoteservice = isset($_POST['remoteservice']) ? COM_applyFilter($_POST['remoteservice']) : '';
    $social_services = SOC_followMeProfile($uid);
    foreach ($social_services as $service) {
        $service_input = $service['service'] . '_username';
        $_POST[$service_input] = strip_tags($_POST[$service_input]);
    }
    if ($uid == 1) {
        return USER_list();
    }
    if ($uid == '' || $uid < 2 || $newuser == 1) {
        if (empty($passwd) && $remoteuser == 0) {
            return USER_edit($uid, 504);
        }
        if (empty($email)) {
            return USER_edit($uid, 505);
        }
    }
    if ($username == '') {
        return USER_edit($uid, 506);
    }
    if (!USER_validateUsername($username)) {
        return USER_edit($uid, 512);
    }
    if ($email == '') {
        return USER_edit($uid, 507);
    }
    if ($passwd != $passwd_conf && $remoteuser == 0) {
        // passwords don't match
        return USER_edit($uid, 67);
    }
    if ($email != $email_conf) {
        return USER_edit($uid, 508);
    }
    // remote user checks
    if ($remoteuser == 1) {
        if ($remoteusername == '') {
            return USER_edit($uid, 513);
        }
        if ($remoteservice == '') {
            return USER_edit($uid, 514);
        }
    }
    $validEmail = true;
    if (empty($username)) {
        $validEmail = false;
    } elseif (empty($email)) {
        if (empty($uid)) {
            $validEmail = false;
        } else {
            $ws_user = DB_getItem($_TABLES['users'], 'remoteservice', "uid = " . intval($uid));
            if (empty($ws_user)) {
                $validEmail = false;
            }
        }
    }
    if ($validEmail) {
        if (!empty($email) && !COM_isEmail($email)) {
            return USER_edit($uid, 52);
        }
        $uname = DB_escapeString($username);
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
        } else {
            $uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
            if ($uservice != '') {
                $uservice = DB_escapeString($uservice);
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's username to one that already exists
            return USER_edit($uid, 51);
        }
        $emailaddr = DB_escapeString($email);
        $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
        } else {
            $old_email = DB_getItem($_TABLES['users'], 'email', "uid = {$uid}");
            if ($old_email == $email) {
                // email address didn't change so don't care
                $ucount = 0;
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's email to one that already exists
            return USER_edit($uid, 56);
        }
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($username, $email);
            if (!empty($ret)) {
                // need a numeric return value - otherwise use default message
                if (!is_numeric($ret['number'])) {
                    $ret['number'] = 97;
                }
                return USER_edit($uid, $ret['number']);
            }
        }
        // Let plugins have a chance to decide what to do before saving the user, return errors.
        $msg = PLG_itemPreSave('useredit', $username);
        if (!empty($msg)) {
            // need a numeric return value - otherwise use default message
            if (!is_numeric($msg)) {
                $msg = 97;
            }
            return USER_edit($uid, $msg);
        }
        if (empty($uid) || !empty($passwd)) {
            $passwd2 = SEC_encryptPassword($passwd);
        } else {
            $passwd2 = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}");
        }
        // do we need to create the user?
        if (empty($uid)) {
            if (empty($passwd)) {
                // no password? create one ...
                $passwd = USER_createPassword(8);
                $passwd2 = SEC_encryptPassword($passwd);
            }
            if ($remoteuser == 1) {
                $uid = USER_createAccount($username, $email, '', $fullname, '', $remoteusername, $remoteservice, 1);
            } else {
                $uid = USER_createAccount($username, $email, $passwd2, $fullname, $homepage, '', '', 1);
            }
            if ($uid > 1) {
                DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
            }
            if (isset($_POST['emailuser'])) {
                USER_createAndSendPassword($username, $email, $uid, $passwd);
            }
            if ($uid < 2) {
                return USER_edit('', 509);
            }
            $newuser = 1;
        }
        // at this point, we have a valid user...
        // Filter some of the text entry fields to ensure they don't cause problems...
        $fullname = strip_tags($fullname);
        $about = strip_tags($about);
        $pgpkey = strip_tags($pgpkey);
        $curphoto = USER_handlePhotoUpload($uid, $delete_photo);
        if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
            $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
            if ($curusername != $username) {
                // user has been renamed - rename the photo, too
                $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
                $imgpath = $_CONF['path_images'] . 'userphotos/';
                if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
                    $display = COM_siteHeader('menu', $LANG28[22]);
                    $display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
                    $display .= COM_siteFooter();
                    return $display;
                }
                $curphoto = $newphoto;
            }
        }
        // update users table
        $sql = "UPDATE {$_TABLES['users']} SET " . "username = '******'," . "fullname = '" . DB_escapeString($fullname) . "'," . "passwd   = '" . DB_escapeString($passwd2) . "'," . "email    = '" . DB_escapeString($email) . "'," . "homepage = '" . DB_escapeString($homepage) . "'," . "sig      = '" . DB_escapeString($sig) . "'," . "photo    = '" . DB_escapeString($curphoto) . "'," . "cookietimeout = {$cooktime}," . "theme    = '" . DB_escapeString($theme) . "'," . "language = '" . DB_escapeString($language) . "'," . "status   = {$userstatus} WHERE uid = {$uid};";
        DB_query($sql);
        // update userprefs
        $sql = "UPDATE {$_TABLES['userprefs']} SET " . "noicons = {$noicons}," . "dfid    = {$dfid}," . "tzid    = '" . DB_escapeString($tzid) . "'," . "emailstories = 0," . "emailfromadmin = {$emailfromadmin}," . "emailfromuser  = {$emailfromuser}," . "showonline = {$showonline}," . "search_result_format = '" . DB_escapeString($search_fmt) . "' WHERE uid={$uid};";
        DB_query($sql);
        // userinfo table
        $sql = "UPDATE {$_TABLES['userinfo']} SET " . "about      = '" . DB_escapeString($about) . "'," . "location   = '" . DB_escapeString($location) . "'," . "pgpkey     = '" . DB_escapeString($pgpkey) . "' WHERE uid={$uid};";
        DB_query($sql);
        // userindex table
        $TIDS = @array_values($_POST['topics']);
        $AIDS = @array_values($_POST['selauthors']);
        $BOXES = @array_values($_POST['blocks']);
        $ETIDS = @array_values($_POST['dgtopics']);
        $allowed_etids = USER_buildTopicList();
        $AETIDS = explode(' ', $allowed_etids);
        $tids = '';
        if (sizeof($TIDS) > 0) {
            $tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS)));
        }
        $aids = '';
        if (sizeof($AIDS) > 0) {
            foreach ($AIDS as $key => $val) {
                $AIDS[$key] = intval($val);
            }
            $aids = DB_escapeString(implode(' ', $AIDS));
        }
        $selectedblocks = '';
        $selectedBoxes = array();
        if (count($BOXES) > 0) {
            foreach ($BOXES as $key => $val) {
                $BOXES[$key] = intval($val);
            }
            $boxes = DB_escapeString(implode(',', $BOXES));
            $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})");
            $numRows = DB_numRows($blockresult);
            for ($x = 1; $x <= $numRows; $x++) {
                $row = DB_fetchArray($blockresult);
                if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') {
                    $selectedblocks .= $row['bid'];
                    if ($x != $numRows) {
                        $selectedblocks .= ' ';
                    }
                }
            }
        }
        $etids = '-';
        if (sizeof($ETIDS) > 0) {
            $etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS)));
        } else {
            $etids = '-';
        }
        DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$uid},'{$tids}','{$aids}','{$selectedblocks}',{$noboxes},{$maxstories},'{$etids}'");
        // usercomment
        DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$uid},'{$commentmode}','{$commentorder}'," . intval($commentlimit));
        if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
            CUSTOM_userSave($uid);
        }
        if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && ($userstatus == USER_ACCOUNT_ACTIVE || $userstatus == USER_ACCOUNT_AWAITING_ACTIVATION || $userstatus == USER_ACCOUNT_AWAITING_VERIFICATION)) {
            USER_createAndSendPassword($username, $email, $uid);
        }
        if ($userstatus == USER_ACCOUNT_DISABLED) {
            SESS_endUserSession($uid);
        }
        $userChanged = true;
        // if groups is -1 then this user isn't allowed to change any groups so ignore
        if (is_array($groups) && SEC_hasRights('group.edit')) {
            if (!SEC_inGroup('Root')) {
                $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
                if (in_array($rootgrp, $groups)) {
                    COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
                    echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
                    exit;
                }
            }
            // make sure the Remote Users group is in $groups
            if (SEC_inGroup('Remote Users', $uid)) {
                $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
                if (!in_array($remUsers, $groups)) {
                    $groups[] = $remUsers;
                }
            }
            if ($_USER_VERBOSE) {
                COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
            }
            // remove user from all groups that the User Admin is a member of
            $UserAdminGroups = SEC_getUserGroups();
            $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
            DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
            // make sure to add user to All Users and Logged-in Users groups
            $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
            if (!in_array($allUsers, $groups)) {
                $groups[] = $allUsers;
            }
            $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
            if (!in_array($logUsers, $groups)) {
                $groups[] = $logUsers;
            }
            foreach ($groups as $userGroup) {
                if (in_array($userGroup, $UserAdminGroups)) {
                    if ($_USER_VERBOSE) {
                        COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
                    }
                    $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
                    DB_query($sql);
                }
            }
        }
        // subscriptions
        $subscription_deletes = @array_values($_POST['subdelete']);
        if (is_array($subscription_deletes)) {
            foreach ($subscription_deletes as $subid) {
                DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid);
            }
        }
        foreach ($social_services as $service) {
            $service_input = $service['service'] . '_username';
            $_POST[$service_input] = DB_escapeString($_POST[$service_input]);
            if ($_POST[$service_input] != '') {
                $sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) ";
                $sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');";
                DB_query($sql, 1);
            } else {
                $sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid;
                DB_query($sql, 1);
            }
        }
        if ($newuser == 0) {
            PLG_profileSave('', $uid);
        } else {
            PLG_createUser($uid);
        }
        if ($userChanged) {
            PLG_userInfoChanged($uid);
        }
        CACHE_remove_instance('mbmenu');
        $errors = DB_error();
        if (empty($errors)) {
            echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
        } else {
            $retval .= COM_siteHeader('menu', $LANG28[22]);
            $retval .= COM_errorLog('Error in USER_save() in ' . $_CONF['site_admin_url'] . '/user.php');
            $retval .= COM_siteFooter();
            echo $retval;
            exit;
        }
    } else {
        $retval = COM_siteHeader('menu', $LANG28[1]);
        $retval .= COM_errorLog($LANG28[10]);
        if (DB_count($_TABLES['users'], 'uid', $uid) > 0) {
            $retval .= USER_edit($uid);
        } else {
            $retval .= USER_edit();
        }
        $retval .= COM_siteFooter();
        echo $retval;
        exit;
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("***************leaving USER_save()*****************", 1);
    }
    return $retval;
}
Esempio n. 4
0
/**
* Saves the user's information back to the database
*
* @param    array   $A  User's data
* @return   string      HTML error message or meta redirect
*
*/
function saveuser($A)
{
    global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
    if ($_US_VERBOSE) {
        COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
    }
    $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
    if ($reqid != $A['uid']) {
        DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
        COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    if (!isset($A['cooktime'])) {
        // If not set or possibly removed from template - set to default
        $A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
    } else {
        $A['cooktime'] = COM_applyFilter($A['cooktime'], true);
    }
    // If empty or invalid - set to user default
    // So code after this does not fail the user password required test
    if ($A['cooktime'] < 0) {
        // note that == 0 is allowed!
        $A['cooktime'] = $_USER['cookietimeout'];
    }
    // to change the password, email address, or cookie timeout,
    // we need the user's current password
    $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
    if ($service == '') {
        if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
            // verify password
            if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
            } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
                $ret = CUSTOM_userCheck($A['username'], $A['email']);
                if (!empty($ret)) {
                    // Need a numeric return for the default message handler
                    // - if not numeric use default message
                    if (!is_numeric($ret['number'])) {
                        $ret['number'] = 400;
                    }
                    return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
                }
            }
        } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($A['username'], $A['email']);
            if (!empty($ret)) {
                // Need a numeric return for the default message handler
                // - if not numeric use default message
                if (!is_numeric($ret['number'])) {
                    $ret['number'] = 400;
                }
                return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
            }
        }
    } else {
        if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
            // re athenticate remote user again for these changes to take place
            // Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes
        }
    }
    // no need to filter the password as it's encoded anyway
    if ($_CONF['allow_username_change'] == 1) {
        $A['new_username'] = COM_applyFilter($A['new_username']);
        if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
            $A['new_username'] = DB_escapeString($A['new_username']);
            if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
                if ($_CONF['allow_user_photo'] == 1) {
                    $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
                    if (!empty($photo)) {
                        $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
                        $imgpath = $_CONF['path_images'] . 'userphotos/';
                        if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
                            $display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
                            $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21]));
                            return $display;
                        }
                        DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']);
                    }
                }
                DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
            } else {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
            }
        }
    }
    // a quick spam check with the unfiltered field contents
    $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
    // this is a hack, for some reason remoteservice links made SPAMX SLV check barf
    if (empty($service)) {
        $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>';
    }
    $profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
    $result = PLG_checkforSpam($profile, $_CONF['spamx']);
    if ($result > 0) {
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
    }
    $A['email'] = COM_applyFilter($A['email']);
    $A['email_conf'] = COM_applyFilter($A['email_conf']);
    $A['homepage'] = COM_applyFilter($A['homepage']);
    // basic filtering only
    $A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
    $A['location'] = strip_tags(COM_stripslashes($A['location']));
    $A['sig'] = strip_tags(COM_stripslashes($A['sig']));
    $A['about'] = strip_tags(COM_stripslashes($A['about']));
    $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
    if (!COM_isEmail($A['email'])) {
        return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
    } else {
        if ($A['email'] !== $A['email_conf']) {
            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
        } else {
            if (emailAddressExists($A['email'], $_USER['uid'])) {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
            } else {
                $passwd = '';
                if ($service == '') {
                    if (!empty($A['passwd'])) {
                        if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) {
                            SEC_updateUserPassword($A['passwd'], $_USER['uid']);
                            if ($A['cooktime'] > 0) {
                                $cooktime = $A['cooktime'];
                            } else {
                                $cooktime = -1000;
                            }
                            SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
                        } elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
                            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
                        } elseif ($A['passwd'] != $A['passwd_conf']) {
                            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
                        }
                    }
                } else {
                    // Cookie
                    if ($A['cooktime'] > 0) {
                        $cooktime = $A['cooktime'];
                    } else {
                        $cooktime = -1000;
                    }
                    SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
                }
                if ($_US_VERBOSE) {
                    COM_errorLog('cooktime = ' . $A['cooktime'], 1);
                }
                if ($A['cooktime'] <= 0) {
                    $cooktime = 1000;
                    SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
                } else {
                    SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
                }
                if ($_CONF['allow_user_photo'] == 1) {
                    $delete_photo = '';
                    if (isset($A['delete_photo'])) {
                        $delete_photo = $A['delete_photo'];
                    }
                    $filename = handlePhotoUpload($delete_photo);
                }
                if (!empty($A['homepage'])) {
                    $pos = MBYTE_strpos($A['homepage'], ':');
                    if ($pos === false) {
                        $A['homepage'] = 'http://' . $A['homepage'];
                    } else {
                        $prot = substr($A['homepage'], 0, $pos + 1);
                        if ($prot != 'http:' && $prot != 'https:') {
                            $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
                        }
                    }
                    $A['homepage'] = DB_escapeString($A['homepage']);
                }
                $A['fullname'] = DB_escapeString($A['fullname']);
                $A['email'] = DB_escapeString($A['email']);
                $A['location'] = DB_escapeString($A['location']);
                $A['sig'] = DB_escapeString($A['sig']);
                $A['about'] = DB_escapeString($A['about']);
                $A['pgpkey'] = DB_escapeString($A['pgpkey']);
                if (!empty($filename)) {
                    if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
                        $filename = '';
                    }
                }
                DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
                DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
                // Call custom registration save function if enabled and exists
                if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
                    CUSTOM_userSave($_USER['uid']);
                }
                PLG_userInfoChanged($_USER['uid']);
                // at this point, the user information has been saved, but now we're going to check to see if
                // the user has requested resynchronization with their remoteservice account
                $msg = 5;
                // default msg = Your account information has been successfully saved
                if (isset($A['resynch'])) {
                    if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
                        $modules = SEC_collectRemoteOAuthModules();
                        $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
                        if (!$active_service) {
                            $status = -1;
                            $msg = 115;
                            // Remote service has been disabled.
                        } else {
                            require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
                            $service = substr($_USER['remoteservice'], 6);
                            $consumer = new OAuthConsumer($service);
                            $callback_url = $_CONF['site_url'];
                            $consumer->setRedirectURL($callback_url);
                            $user = $consumer->authenticate_user();
                            $consumer->doSynch($user);
                        }
                    }
                    if ($msg != 5) {
                        $msg = 114;
                        // Account saved but re-synch failed.
                        COM_errorLog($MESSAGE[$msg]);
                    }
                }
                if ($_US_VERBOSE) {
                    COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
                }
                return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $_USER['uid'] . '&amp;msg=' . $msg);
            }
        }
    }
}
Esempio n. 5
0
/**
* Saves the user's information back to the database
*
* @A        array       User's data
*
*/
function saveuser($A)
{
    global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
    if ($_US_VERBOSE) {
        COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
    }
    $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = " . (int) $_USER['uid']);
    if ($reqid != $A['uid']) {
        DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', (int) $_USER['uid']);
        COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
        return COM_refresh($_CONF['site_url'] . '/index.php');
    }
    if (isset($_POST['merge'])) {
        if (COM_applyFilter($_POST['remoteuid'], true) != $_USER['uid']) {
            echo COM_refresh($_CONF['site_url'] . '/usersettings.php?mode=edit');
        }
        USER_mergeAccounts();
    }
    // If not set or possibly removed from template - initialize variable
    if (!isset($A['cooktime'])) {
        $A['cooktime'] = 0;
    } else {
        $A['cooktime'] = COM_applyFilter($A['cooktime'], true);
    }
    // If empty or invalid - set to user default
    // So code after this does not fail the user password required test
    if ($A['cooktime'] < 0) {
        // note that == 0 is allowed!
        $A['cooktime'] = $_USER['cookietimeout'];
    }
    // to change the password, email address, or cookie timeout,
    // we need the user's current password
    $account_type = DB_getItem($_TABLES['users'], 'account_type', "uid = {$_USER['uid']}");
    $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
    if ($service == '') {
        $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
        if (!empty($A['newp']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
            if (empty($A['passwd']) || !SEC_check_hash($A['passwd'], $current_password)) {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
            } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
                $ret = CUSTOM_userCheck($A['username'], $A['email']);
                if (!empty($ret)) {
                    // Need a numeric return for the default message handler
                    // - if not numeric use default message
                    if (!is_numeric($ret)) {
                        $ret['number'] = 97;
                    }
                    return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
                }
            }
        } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($A['username'], $A['email']);
            if (!empty($ret)) {
                // Need a numeric return for the default message hander - if not numeric use default message
                // - if not numeric use default message
                if (!is_numeric($ret)) {
                    $ret = 97;
                }
                return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
            }
        }
    }
    // Let plugins have a chance to decide what to do before saving the user, return errors.
    $msg = PLG_itemPreSave('useredit', $A['username']);
    if (!empty($msg)) {
        // need a numeric return value - otherwise use default message
        if (!is_numeric($msg)) {
            $msg = 97;
        }
        return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$msg}");
    }
    // no need to filter the password as it's encoded anyway
    if ($_CONF['allow_username_change'] == 1) {
        $A['new_username'] = $A['new_username'];
        if (!empty($A['new_username']) && USER_validateUsername($A['new_username']) && $A['new_username'] != $_USER['username']) {
            $A['new_username'] = DB_escapeString($A['new_username']);
            if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
                if ($_CONF['allow_user_photo'] == 1) {
                    $photo = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $_USER['uid']);
                    if (!empty($photo) && strstr($photo, $_USER['username']) !== false) {
                        $newphoto = preg_replace('/' . $_USER['username'] . '/', $_USER['uid'], $photo, 1);
                        $imgpath = $_CONF['path_images'] . 'userphotos/';
                        @rename($imgpath . $photo, $imgpath . $newphoto);
                        DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", (int) $_USER['uid']);
                    }
                }
                DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", (int) $_USER['uid']);
            } else {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
            }
        }
    }
    // a quick spam check with the unfiltered field contents
    $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
    // this is a hack, for some reason remoteservice links made SPAMX SLV check barf
    if (empty($service)) {
        $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br />';
    }
    $profile .= $A['location'] . '<br />' . $A['sig'] . '<br />' . $A['about'] . '<br />' . $A['pgpkey'] . '</p>';
    $result = PLG_checkforSpam($profile, $_CONF['spamx']);
    if ($result > 0) {
        COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
    }
    $A['email'] = COM_applyFilter($A['email']);
    $A['email_conf'] = COM_applyFilter($A['email_conf']);
    $A['homepage'] = COM_applyFilter($A['homepage']);
    // basic filtering only
    $A['fullname'] = COM_truncate(trim(USER_sanitizeName($A['fullname'])), 80);
    $A['location'] = strip_tags($A['location']);
    $A['sig'] = strip_tags($A['sig']);
    $A['about'] = strip_tags($A['about']);
    $A['pgpkey'] = strip_tags($A['pgpkey']);
    if (!COM_isEmail($A['email'])) {
        return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
    } else {
        if ($A['email'] !== $A['email_conf']) {
            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
        } else {
            if (emailAddressExists($A['email'], $_USER['uid'])) {
                return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
            } else {
                if ($service == '') {
                    if (!empty($A['newp'])) {
                        $A['newp'] = trim($A['newp']);
                        $A['newp_conf'] = trim($A['newp_conf']);
                        if ($A['newp'] == $A['newp_conf'] && SEC_check_hash($A['passwd'], $current_password)) {
                            $passwd = SEC_encryptPassword($A['newp']);
                            DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", (int) $_USER['uid']);
                            if ($A['cooktime'] > 0) {
                                $cooktime = $A['cooktime'];
                                $token_ttl = $A['cooktime'];
                            } else {
                                $cooktime = 0;
                                $token_ttl = 14400;
                            }
                            $ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
                            SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
                        } elseif (!SEC_check_hash($A['passwd'], $current_password)) {
                            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
                        } elseif ($A['newp'] != $A['newp_conf']) {
                            return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
                        }
                    }
                } else {
                    // Cookie
                    if ($A['cooktime'] > 0) {
                        $cooktime = $A['cooktime'];
                    } else {
                        $cooktime = 0;
                    }
                    $ltToken = SEC_createTokenGeneral('ltc', $cooktime);
                    SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
                }
                if ($_US_VERBOSE) {
                    COM_errorLog('cooktime = ' . $A['cooktime'], 1);
                }
                if ($A['cooktime'] <= 0) {
                    $cookie_timeout = 0;
                    $token_ttl = 14400;
                } else {
                    $cookie_timeout = time() + $A['cooktime'];
                    $token_ttl = $A['cooktime'];
                }
                SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
                DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='ltc'");
                if ($cookie_timeout > 0) {
                    $ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
                    SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
                } else {
                    SEC_setCookie($_CONF['cookie_password'], '', -10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
                }
                if ($_CONF['allow_user_photo'] == 1) {
                    $delete_photo = '';
                    if (isset($A['delete_photo'])) {
                        $delete_photo = $A['delete_photo'];
                    }
                    $filename = handlePhotoUpload($delete_photo);
                }
                if (!empty($A['homepage'])) {
                    $pos = MBYTE_strpos($A['homepage'], ':');
                    if ($pos === false) {
                        $A['homepage'] = 'http://' . $A['homepage'];
                    } else {
                        $prot = substr($A['homepage'], 0, $pos + 1);
                        if ($prot != 'http:' && $prot != 'https:') {
                            $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
                        }
                    }
                    $A['homepage'] = DB_escapeString($A['homepage']);
                }
                $A['fullname'] = DB_escapeString($A['fullname']);
                $A['email'] = DB_escapeString($A['email']);
                $A['location'] = DB_escapeString($A['location']);
                $A['sig'] = DB_escapeString($A['sig']);
                $A['about'] = DB_escapeString($A['about']);
                $A['pgpkey'] = DB_escapeString($A['pgpkey']);
                if (!empty($filename)) {
                    if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
                        $filename = '';
                    }
                }
                DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout=" . (int) $A['cooktime'] . ",photo='" . DB_escapeString($filename) . "' WHERE uid=" . (int) $_USER['uid']);
                DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid=" . (int) $_USER['uid']);
                // Call custom registration save function if enabled and exists
                if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
                    CUSTOM_userSave($_USER['uid']);
                }
                PLG_userInfoChanged((int) $_USER['uid']);
                // at this point, the user information has been saved, but now we're going to check to see if
                // the user has requested resynchronization with their remoteservice account
                $msg = 5;
                // default msg = Your account information has been successfully saved
                if (isset($A['resynch'])) {
                    if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
                        $modules = SEC_collectRemoteOAuthModules();
                        $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
                        if (!$active_service) {
                            $status = -1;
                            $msg = 115;
                            // Remote service has been disabled.
                        } else {
                            require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
                            $service = substr($_USER['remoteservice'], 6);
                            $consumer = new OAuthConsumer($service);
                            $callback_url = $_CONF['site_url'];
                            $consumer->setRedirectURL($callback_url);
                            $user = $consumer->authenticate_user();
                            $consumer->doSynch($user);
                        }
                    }
                    if ($msg != 5) {
                        $msg = 114;
                        // Account saved but re-synch failed.
                        COM_errorLog($MESSAGE[$msg]);
                    }
                }
                PLG_profileExtrasSave();
                PLG_profileSave();
                if ($_US_VERBOSE) {
                    COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
                }
                return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&amp;uid=' . $_USER['uid'] . '&amp;msg=' . $msg);
            }
        }
    }
}