/** * Add passwords for OAuth and OpenID users * */ function update_UsersFor180() { global $_CONF, $_TABLES; require_once $_CONF['path_system'] . 'lib-security.php'; require_once $_CONF['path_system'] . 'lib-user.php'; $passwords = array(); $sql = "SELECT uid FROM {$_TABLES['users']} WHERE (remoteservice IS NOT NULL OR remoteservice != '') AND passwd = ''"; $result = DB_query($sql); $nrows = DB_numRows($result); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $passwords = USER_createPassword($A['uid']); } }
function doValidLogin($login) { global $_TABLES, $status, $uid; // Remote auth precludes usersubmission, // and integrates user activation, see?; $status = USER_ACCOUNT_ACTIVE; // PHP replaces "." with "_" $openid_identity = addslashes($this->query['openid_identity']); $openid_nickname = ''; if (isset($this->query['openid_sreg_nickname'])) { $openid_nickname = $this->query['openid_sreg_nickname']; } // Check if that account is already registered. $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'"); $tmp = DB_error(); $nrows = DB_numRows($result); if (!($tmp == 0) || !($nrows == 1)) { // First time login with this OpenID, creating account... if (empty($openid_nickname)) { $openid_nickname = $this->makeUsername($this->query['openid_identity']); } // we simply can't accept empty usernames ... if (empty($openid_nickname)) { COM_errorLog('Got an empty username for ' . $openid_identity); // not strictly correct - just to signal a failed login attempt $status = USER_ACCOUNT_DISABLED; $uid = 0; return; } // Ensure that remoteusername is unique locally. $openid_nickname = USER_uniqueUsername($openid_nickname); $openid_sreg_email = ''; if (isset($this->query['openid_sreg_email'])) { $openid_sreg_email = $this->query['openid_sreg_email']; } $openid_sreg_fullname = ''; if (isset($this->query['openid_sreg_fullname'])) { $openid_sreg_fullname = $this->query['openid_sreg_fullname']; } $passwords = USER_createPassword(); USER_createAccount($openid_nickname, $openid_sreg_email, $passwords['encrypted'], $openid_sreg_fullname, '', $this->query['openid_identity'], 'openid'); $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice = 'openid'"); // Store full remote account name: DB_query("UPDATE {$_TABLES['users']} SET remoteusername = '******', remoteservice = 'openid', status = 3 WHERE uid = {$uid}"); // Add to remote users: $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})"); } else { $result = DB_query("SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'"); list($uid, $status) = DB_fetchArray($result); } }
public function doAction($info) { global $_TABLES, $status, $uid, $_CONF; // COM_errorLog("doAction() method ------------------"); // remote auth precludes usersubmission, and integrates user activation $status = USER_ACCOUNT_ACTIVE; $users = $this->_getCreateUserInfo($info); $userinfo = $this->_getUpdateUserInfo($info); $passwords = USER_createPassword(); $users['passwd2'] = $passwords['encrypted']; $sql = "SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******'remoteusername']}' AND remoteservice = '{$users['remoteservice']}'"; // COM_errorLog("sql={$sql}"); $result = DB_query($sql); $tmp = DB_error(); // COM_errorLog("DB_error={$tmp}"); $nrows = DB_numRows($result); // COM_errorLog("DB_numRows={$nrows}"); if (empty($tmp) && $nrows == 1) { list($uid, $status) = DB_fetchArray($result); // COM_errorLog("user found! uid={$uid} status={$status}"); } else { // COM_errorLog("user not found - creating new account"); // initial login - create account $status = USER_ACCOUNT_ACTIVE; // COM_errorLog("checking remoteuser login name for uniqueness"); $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'loginname']}'"); if (!empty($checkName)) { if ($checkName == $users['loginname']) { if (function_exists('CUSTOM_uniqueRemoteUsername')) { // COM_errorLog("CUSTOM_uniqueRemoteUserName function exists, calling it"); $users['loginname'] = CUSTOM_uniqueRemoteUsername($users['loginname'], $users['remoteservice']); } else { // COM_errorLog("loginname is not unique, using USER_uniqueUsername() to create one"); $users['loginname'] = USER_uniqueUsername($users['loginname']); } } } $uid = USER_createAccount($users['loginname'], $users['email'], $users['passwd2'], $users['fullname'], $users['homepage'], $users['remoteusername'], $users['remoteservice']); // COM_errorLog("after creation, uid={$uid}"); // COM_errorLog("updating users[]"); if (is_array($users)) { $this->_DBupdate_users($uid, $users); } // COM_errorLog("updating userinfo[]"); if (is_array($userinfo)) { $this->_DBupdate_userinfo($uid, $userinfo); } // COM_errorLog("adding uid={$uid} to Remote Users group"); $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})"); // usercreate after trigger if (method_exists($this, '_after_trigger')) { $this->_after_trigger($uid, $users, $userinfo); } } }
/** * Saves user to the database * * @param int $uid user id * @return string HTML redirect or error message * */ function USER_save($uid) { global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE; $retval = ''; $userChanged = false; if ($_USER_VERBOSE) { COM_errorLog("**** entering USER_save()****", 1); } if ($_USER_VERBOSE) { COM_errorLog("group size at beginning = " . sizeof($groups), 1); } $uid = COM_applyFilter($_POST['uid'], true); if ($uid == 0) { $uid = ''; } $regdate = COM_applyFilter($_POST['regdate'], true); $username = trim($_POST['new_username']); $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80); $userstatus = COM_applyFilter($_POST['userstatus'], true); $oldstatus = COM_applyFilter($_POST['oldstatus'], true); $passwd = isset($_POST['newp']) ? trim($_POST['newp']) : ''; $passwd_conf = isset($_POST['newp_conf']) ? trim($_POST['newp_conf']) : ''; $cooktime = COM_applyFilter($_POST['cooktime'], true); $email = trim($_POST['email']); $email_conf = trim($_POST['email_conf']); $groups = $_POST['groups']; $homepage = trim($_POST['homepage']); $location = strip_tags(trim($_POST['location'])); $photo = isset($_POST['photo']) ? $_POST['photo'] : ''; $delete_photo = isset($_POST['delete_photo']) && $_POST['delete_photo'] == 'on' ? 1 : 0; $sig = trim($_POST['sig']); $about = trim($_POST['about']); $pgpkey = trim($_POST['pgpkey']); $language = isset($_POST['language']) ? trim(COM_applyFilter($_POST['language'])) : ''; $theme = isset($_POST['theme']) ? trim(COM_applyFilter($_POST['theme'])) : ''; $maxstories = COM_applyFilter($_POST['maxstories'], true); $tzid = COM_applyFilter($_POST['tzid']); $dfid = COM_applyFilter($_POST['dfid'], true); $search_fmt = COM_applyFilter($_POST['search_result_format']); $commentmode = COM_applyFilter($_POST['commentmode']); $commentorder = isset($_POST['commentorder']) && $_POST['commentorder'] == 'DESC' ? 'DESC' : 'ASC'; $commentlimit = COM_applyFilter($_POST['commentlimit'], true); $emailfromuser = isset($_POST['emailfromuser']) && $_POST['emailfromuser'] == 'on' ? 1 : 0; $emailfromadmin = isset($_POST['emailfromadmin']) && $_POST['emailfromadmin'] == 'on' ? 1 : 0; $noicons = isset($_POST['noicons']) && $_POST['noicons'] == 'on' ? 1 : 0; $noboxes = isset($_POST['noboxes']) && $_POST['noboxes'] == 'on' ? 1 : 0; $showonline = isset($_POST['showonline']) && $_POST['showonline'] == 'on' ? 1 : 0; $topic_order = isset($_POST['topic_order']) && $_POST['topic_order'] == 'ASC' ? 'ASC' : 'DESC'; $maxstories = COM_applyFilter($_POST['maxstories'], true); $newuser = COM_applyFilter($_POST['newuser'], true); $remoteuser = isset($_POST['remoteuser']) && $_POST['remoteuser'] == 'on' ? 1 : 0; $remoteusername = isset($_POST['remoteusername']) ? strip_tags(trim($_POST['remoteusername'])) : ''; $remoteservice = isset($_POST['remoteservice']) ? COM_applyFilter($_POST['remoteservice']) : ''; $social_services = SOC_followMeProfile($uid); foreach ($social_services as $service) { $service_input = $service['service'] . '_username'; $_POST[$service_input] = strip_tags($_POST[$service_input]); } if ($uid == 1) { return USER_list(); } if ($uid == '' || $uid < 2 || $newuser == 1) { if (empty($passwd) && $remoteuser == 0) { return USER_edit($uid, 504); } if (empty($email)) { return USER_edit($uid, 505); } } if ($username == '') { return USER_edit($uid, 506); } if (!USER_validateUsername($username)) { return USER_edit($uid, 512); } if ($email == '') { return USER_edit($uid, 507); } if ($passwd != $passwd_conf && $remoteuser == 0) { // passwords don't match return USER_edit($uid, 67); } if ($email != $email_conf) { return USER_edit($uid, 508); } // remote user checks if ($remoteuser == 1) { if ($remoteusername == '') { return USER_edit($uid, 513); } if ($remoteservice == '') { return USER_edit($uid, 514); } } $validEmail = true; if (empty($username)) { $validEmail = false; } elseif (empty($email)) { if (empty($uid)) { $validEmail = false; } else { $ws_user = DB_getItem($_TABLES['users'], 'remoteservice', "uid = " . intval($uid)); if (empty($ws_user)) { $validEmail = false; } } } if ($validEmail) { if (!empty($email) && !COM_isEmail($email)) { return USER_edit($uid, 52); } $uname = DB_escapeString($username); if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'"); } else { $uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}"); if ($uservice != '') { $uservice = DB_escapeString($uservice); $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'"); } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)"); } } if ($ucount > 0) { // Admin just changed a user's username to one that already exists return USER_edit($uid, 51); } $emailaddr = DB_escapeString($email); $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')"; if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote); } else { $old_email = DB_getItem($_TABLES['users'], 'email', "uid = {$uid}"); if ($old_email == $email) { // email address didn't change so don't care $ucount = 0; } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote); } } if ($ucount > 0) { // Admin just changed a user's email to one that already exists return USER_edit($uid, 56); } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // need a numeric return value - otherwise use default message if (!is_numeric($ret['number'])) { $ret['number'] = 97; } return USER_edit($uid, $ret['number']); } } // Let plugins have a chance to decide what to do before saving the user, return errors. $msg = PLG_itemPreSave('useredit', $username); if (!empty($msg)) { // need a numeric return value - otherwise use default message if (!is_numeric($msg)) { $msg = 97; } return USER_edit($uid, $msg); } if (empty($uid) || !empty($passwd)) { $passwd2 = SEC_encryptPassword($passwd); } else { $passwd2 = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}"); } // do we need to create the user? if (empty($uid)) { if (empty($passwd)) { // no password? create one ... $passwd = USER_createPassword(8); $passwd2 = SEC_encryptPassword($passwd); } if ($remoteuser == 1) { $uid = USER_createAccount($username, $email, '', $fullname, '', $remoteusername, $remoteservice, 1); } else { $uid = USER_createAccount($username, $email, $passwd2, $fullname, $homepage, '', '', 1); } if ($uid > 1) { DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}"); } if (isset($_POST['emailuser'])) { USER_createAndSendPassword($username, $email, $uid, $passwd); } if ($uid < 2) { return USER_edit('', 509); } $newuser = 1; } // at this point, we have a valid user... // Filter some of the text entry fields to ensure they don't cause problems... $fullname = strip_tags($fullname); $about = strip_tags($about); $pgpkey = strip_tags($pgpkey); $curphoto = USER_handlePhotoUpload($uid, $delete_photo); if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) { $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}"); if ($curusername != $username) { // user has been renamed - rename the photo, too $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG28[22]); $display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } $curphoto = $newphoto; } } // update users table $sql = "UPDATE {$_TABLES['users']} SET " . "username = '******'," . "fullname = '" . DB_escapeString($fullname) . "'," . "passwd = '" . DB_escapeString($passwd2) . "'," . "email = '" . DB_escapeString($email) . "'," . "homepage = '" . DB_escapeString($homepage) . "'," . "sig = '" . DB_escapeString($sig) . "'," . "photo = '" . DB_escapeString($curphoto) . "'," . "cookietimeout = {$cooktime}," . "theme = '" . DB_escapeString($theme) . "'," . "language = '" . DB_escapeString($language) . "'," . "status = {$userstatus} WHERE uid = {$uid};"; DB_query($sql); // update userprefs $sql = "UPDATE {$_TABLES['userprefs']} SET " . "noicons = {$noicons}," . "dfid = {$dfid}," . "tzid = '" . DB_escapeString($tzid) . "'," . "emailstories = 0," . "emailfromadmin = {$emailfromadmin}," . "emailfromuser = {$emailfromuser}," . "showonline = {$showonline}," . "search_result_format = '" . DB_escapeString($search_fmt) . "' WHERE uid={$uid};"; DB_query($sql); // userinfo table $sql = "UPDATE {$_TABLES['userinfo']} SET " . "about = '" . DB_escapeString($about) . "'," . "location = '" . DB_escapeString($location) . "'," . "pgpkey = '" . DB_escapeString($pgpkey) . "' WHERE uid={$uid};"; DB_query($sql); // userindex table $TIDS = @array_values($_POST['topics']); $AIDS = @array_values($_POST['selauthors']); $BOXES = @array_values($_POST['blocks']); $ETIDS = @array_values($_POST['dgtopics']); $allowed_etids = USER_buildTopicList(); $AETIDS = explode(' ', $allowed_etids); $tids = ''; if (sizeof($TIDS) > 0) { $tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS))); } $aids = ''; if (sizeof($AIDS) > 0) { foreach ($AIDS as $key => $val) { $AIDS[$key] = intval($val); } $aids = DB_escapeString(implode(' ', $AIDS)); } $selectedblocks = ''; $selectedBoxes = array(); if (count($BOXES) > 0) { foreach ($BOXES as $key => $val) { $BOXES[$key] = intval($val); } $boxes = DB_escapeString(implode(',', $BOXES)); $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})"); $numRows = DB_numRows($blockresult); for ($x = 1; $x <= $numRows; $x++) { $row = DB_fetchArray($blockresult); if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') { $selectedblocks .= $row['bid']; if ($x != $numRows) { $selectedblocks .= ' '; } } } } $etids = '-'; if (sizeof($ETIDS) > 0) { $etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS))); } else { $etids = '-'; } DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$uid},'{$tids}','{$aids}','{$selectedblocks}',{$noboxes},{$maxstories},'{$etids}'"); // usercomment DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$uid},'{$commentmode}','{$commentorder}'," . intval($commentlimit)); if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($uid); } if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && ($userstatus == USER_ACCOUNT_ACTIVE || $userstatus == USER_ACCOUNT_AWAITING_ACTIVATION || $userstatus == USER_ACCOUNT_AWAITING_VERIFICATION)) { USER_createAndSendPassword($username, $email, $uid); } if ($userstatus == USER_ACCOUNT_DISABLED) { SESS_endUserSession($uid); } $userChanged = true; // if groups is -1 then this user isn't allowed to change any groups so ignore if (is_array($groups) && SEC_hasRights('group.edit')) { if (!SEC_inGroup('Root')) { $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); if (in_array($rootgrp, $groups)) { COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } } // make sure the Remote Users group is in $groups if (SEC_inGroup('Remote Users', $uid)) { $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); if (!in_array($remUsers, $groups)) { $groups[] = $remUsers; } } if ($_USER_VERBOSE) { COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1); } // remove user from all groups that the User Admin is a member of $UserAdminGroups = SEC_getUserGroups(); $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup); // make sure to add user to All Users and Logged-in Users groups $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'"); if (!in_array($allUsers, $groups)) { $groups[] = $allUsers; } $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'"); if (!in_array($logUsers, $groups)) { $groups[] = $logUsers; } foreach ($groups as $userGroup) { if (in_array($userGroup, $UserAdminGroups)) { if ($_USER_VERBOSE) { COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})"; DB_query($sql); } } } // subscriptions $subscription_deletes = @array_values($_POST['subdelete']); if (is_array($subscription_deletes)) { foreach ($subscription_deletes as $subid) { DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid); } } foreach ($social_services as $service) { $service_input = $service['service'] . '_username'; $_POST[$service_input] = DB_escapeString($_POST[$service_input]); if ($_POST[$service_input] != '') { $sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) "; $sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');"; DB_query($sql, 1); } else { $sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid; DB_query($sql, 1); } } if ($newuser == 0) { PLG_profileSave('', $uid); } else { PLG_createUser($uid); } if ($userChanged) { PLG_userInfoChanged($uid); } CACHE_remove_instance('mbmenu'); $errors = DB_error(); if (empty($errors)) { echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21); } else { $retval .= COM_siteHeader('menu', $LANG28[22]); $retval .= COM_errorLog('Error in USER_save() in ' . $_CONF['site_admin_url'] . '/user.php'); $retval .= COM_siteFooter(); echo $retval; exit; } } else { $retval = COM_siteHeader('menu', $LANG28[1]); $retval .= COM_errorLog($LANG28[10]); if (DB_count($_TABLES['users'], 'uid', $uid) > 0) { $retval .= USER_edit($uid); } else { $retval .= USER_edit(); } $retval .= COM_siteFooter(); echo $retval; exit; } if ($_USER_VERBOSE) { COM_errorLog("***************leaving USER_save()*****************", 1); } return $retval; }
/** * Create a new password and send it to the user * * @param string $username user's login name * @param string $useremail user's email address * @param int $uid user id of user * @param string $passwd user's password (optional) * @return bool true = success, false = an error occured * */ function USER_createAndSendPassword($username, $useremail, $uid, $passwd = '') { global $_CONF, $_SYSTEM, $_TABLES, $LANG04; if (!isset($_SYSTEM['verification_token_ttl'])) { $_SYSTEM['verification_token_ttl'] = 86400; } $activation_link = ''; $uid = (int) $uid; $storedPassword = DB_getItem($_TABLES['users'], 'passwd', 'uid=' . $uid); $userStatus = DB_getItem($_TABLES['users'], 'status', 'uid=' . $uid); if ($passwd == '' && substr($storedPassword, 0, 4) == '$H$9') { // no need to update password } else { if ($passwd == '') { $passwd = USER_createPassword(8); } $passwd2 = SEC_encryptPassword($passwd); DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid); } if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) { $template = new Template($_CONF['path_data']); $template->set_file(array('mail' => 'welcome_email.txt')); $template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}"); $template->set_var('site_url', $_CONF['site_url']); $template->set_var('site_name', $_CONF['site_name']); $template->set_var('site_slogan', $_CONF['site_slogan']); $template->set_var('lang_text1', $LANG04[15]); $template->set_var('lang_text2', $LANG04[14]); $template->set_var('lang_username', $LANG04[2]); $template->set_var('lang_password', $LANG04[4]); $template->set_var('username', $username); $template->set_var('password', $passwd); $template->set_var('name', COM_getDisplayName($uid)); $template->parse('output', 'mail'); $mailtext = $template->get_var('output'); } else { if ($userStatus == USER_ACCOUNT_AWAITING_VERIFICATION) { $verification_id = USER_createActivationToken($uid, $username); $activation_link = $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid; $mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n"; $mailtext .= $LANG04[170] . "\n\n"; $mailtext .= "----------------------------\n"; $mailtext .= $LANG04[2] . ': ' . $username . "\n"; $mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n"; $mailtext .= "----------------------------\n\n"; $mailtext .= sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600) . "\n\n"; $mailtext .= $activation_link . "\n\n"; $mailtext .= $LANG04[173] . "\n\n"; $mailtext .= $LANG04[174] . "\n\n"; $mailtext .= "--\n"; $mailtext .= $_CONF['site_name'] . "\n"; $mailtext .= $_CONF['site_url'] . "\n"; } else { $mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n"; $mailtext .= $LANG04[170] . "\n\n"; $mailtext .= "----------------------------\n"; $mailtext .= $LANG04[2] . ': ' . $username . "\n"; if ($passwd != '') { $mailtext .= $LANG04[4] . ": {$passwd}\n"; } $mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n"; $mailtext .= "----------------------------\n\n"; $mailtext .= $LANG04[14] . "\n\n"; $mailtext .= "--\n"; $mailtext .= $_CONF['site_name'] . "\n"; $mailtext .= $_CONF['site_url'] . "\n"; } } $subject = $_CONF['site_name'] . ': ' . $LANG04[16]; if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) { $mailfrom = $_CONF['noreply_mail']; global $LANG_LOGIN; $mailtext .= LB . LB . $LANG04[159]; } else { $mailfrom = $_CONF['site_mail']; } $to = array(); $from = array(); $from = COM_formatEmailAddress($_CONF['site_name'], $mailfrom); $to = COM_formatEmailAddress($username, $useremail); $subject = COM_undoSpecialChars(strip_tags($subject)); return COM_mail($to, $subject, $mailtext, $from, false); }
/** * Create a new password and send it to the user * * @param string $username user's login name * @param string $useremail user's email address * @return boolean true = success, false = an error occured * */ function USER_createAndSendPassword($username, $useremail, $uid) { global $_CONF, $LANG04; $passwords = USER_createPassword($uid); $passwd = $passwords['normal']; if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) { $template = COM_newTemplate($_CONF['path_data']); $template->set_file(array('mail' => 'welcome_email.txt')); $template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}"); $template->set_var('site_name', $_CONF['site_name']); $template->set_var('site_slogan', $_CONF['site_slogan']); $template->set_var('lang_text1', $LANG04[15]); $template->set_var('lang_text2', $LANG04[14]); $template->set_var('lang_username', $LANG04[2]); $template->set_var('lang_password', $LANG04[4]); $template->set_var('username', $username); $template->set_var('password', $passwd); $template->set_var('name', COM_getDisplayName($uid)); $template->parse('output', 'mail'); $mailtext = $template->get_var('output'); } else { $mailtext = $LANG04[15] . "\n\n"; $mailtext .= $LANG04[2] . ": {$username}\n"; $mailtext .= $LANG04[4] . ": {$passwd}\n\n"; $mailtext .= $LANG04[14] . "\n\n"; $mailtext .= $_CONF['site_name'] . "\n"; $mailtext .= $_CONF['site_url'] . "\n"; } $subject = $_CONF['site_name'] . ': ' . $LANG04[16]; if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) { $mailfrom = $_CONF['noreply_mail']; $mailtext .= LB . LB . $LANG04[159]; } else { $mailfrom = $_CONF['site_mail']; } return COM_mail($useremail, $subject, $mailtext, $mailfrom); }
/** * Create a new password and send it to the user * * @param string $username user's login name * @param string $useremail user's email address * @param int $uid user id of user * @param string $passwd user's password (optional) * @return bool true = success, false = an error occured * */ function USER_createAndSendPassword($username, $useremail, $uid, $passwd = '') { global $_CONF, $_SYSTEM, $_TABLES, $LANG04; if (!isset($_SYSTEM['verification_token_ttl'])) { $_SYSTEM['verification_token_ttl'] = 86400; } $activation_link = ''; $uid = (int) $uid; $storedPassword = DB_getItem($_TABLES['users'], 'passwd', 'uid=' . $uid); $userStatus = DB_getItem($_TABLES['users'], 'status', 'uid=' . $uid); if ($passwd == '' && substr($storedPassword, 0, 4) == '$H$9') { // no need to update password } else { if ($passwd == '') { $passwd = USER_createPassword(8); } $passwd2 = SEC_encryptPassword($passwd); DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid); } if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) { $template = new Template($_CONF['path_data']); $template->set_file(array('mail' => 'welcome_email.txt')); $template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}"); $template->set_var('site_url', $_CONF['site_url']); $template->set_var('site_name', $_CONF['site_name']); $template->set_var('site_slogan', $_CONF['site_slogan']); $template->set_var('lang_text1', $LANG04[15]); $template->set_var('lang_text2', $LANG04[14]); $template->set_var('lang_username', $LANG04[2]); $template->set_var('lang_password', $LANG04[4]); $template->set_var('username', $username); $template->set_var('password', $passwd); $template->set_var('name', COM_getDisplayName($uid)); $template->parse('output', 'mail'); $mailtext = $template->get_var('output'); } else { $T = new Template($_CONF['path_layout'] . 'email/'); $T->set_file(array('html_msg' => 'newuser_template_html.thtml', 'text_msg' => 'newuser_template_text.thtml')); if ($userStatus == USER_ACCOUNT_AWAITING_VERIFICATION) { $verification_id = USER_createActivationToken($uid, $username); $T->set_var(array('url' => $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid, 'lang_site_or_password' => $LANG04[171], 'site_link_url' => $_CONF['site_url'], 'lang_activation' => sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600), 'lang_button_text' => $LANG04[203])); } else { $T->set_var(array('url' => $_CONF['site_url'] . '/usersettings.php', 'lang_site_or_password' => $LANG04[4], 'site_link_url' => '', 'lang_activation' => $LANG04[14], 'lang_button_text' => 'Change Password', 'passwd' => $passwd)); } $T->set_var(array('title' => $_CONF['site_name'] . ': ' . $LANG04[16], 'site_name' => $_CONF['site_name'], 'username' => $username)); $T->parse('output', 'html_msg'); $mailhtml = $T->finish($T->get_var('output')); $T->parse('output', 'text_msg'); $mailtext = $T->finish($T->get_var('output')); } $msgData['htmlmessage'] = $mailhtml; $msgData['textmessage'] = $mailtext; $msgData['subject'] = $_CONF['site_name'] . ': ' . $LANG04[16]; $to = array(); $from = array(); $from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['noreply_mail']); $to = COM_formatEmailAddress('', $useremail); // $msgData['from']['name'] = $_CONF['site_name']; // $msgData['from']['email'] = $_CONF['noreply_mail']; // $msgData['to']['email'] = $useremail; // $msgData['to']['name'] = $username; // return COM_emailNotification($msgData); return COM_mail($to, $msgData['subject'], $msgData['htmlmessage'], $from, true, 0, '', $msgData['textmessage']); }