function qa_log_in_external_user($source, $identifier, $fields) { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } require_once QA_INCLUDE_DIR . 'db/users.php'; $users = qa_db_user_login_find($source, $identifier); $countusers = count($users); if ($countusers > 1) { qa_fatal_error('External login mapped to more than one user'); } // should never happen if ($countusers) { // user exists so log them in qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source); } else { // create and log in user require_once QA_INCLUDE_DIR . 'app/users-edit.php'; qa_db_user_login_sync(true); $users = qa_db_user_login_find($source, $identifier); // check again after table is locked if (count($users) == 1) { qa_db_user_login_sync(false); qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source); } else { $handle = qa_handle_make_valid(@$fields['handle']); if (strlen(@$fields['email'])) { // remove email address if it will cause a duplicate $emailusers = qa_db_user_find_by_email($fields['email']); if (count($emailusers)) { qa_redirect('login', array('e' => $fields['email'], 'ee' => '1')); unset($fields['email']); unset($fields['confirmed']); } } $userid = qa_create_new_user((string) @$fields['email'], null, $handle, isset($fields['level']) ? $fields['level'] : QA_USER_LEVEL_BASIC, @$fields['confirmed']); qa_db_user_login_add($userid, $source, $identifier); qa_db_user_login_sync(false); $profilefields = array('name', 'location', 'website', 'about'); foreach ($profilefields as $fieldname) { if (strlen(@$fields[$fieldname])) { qa_db_user_profile_set($userid, $fieldname, $fields[$fieldname]); } } if (strlen(@$fields['avatar'])) { qa_set_user_avatar($userid, $fields['avatar']); } qa_set_logged_in_user($userid, $handle, false, $source); } } }
} else { $errors = array(); if ($haspassword && strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck'])) { $errors['oldpassword'] = qa_lang('users/password_wrong'); } $useraccount['password'] = $inoldpassword; $errors = $errors + qa_password_validate($innewpassword1, $useraccount); // array union if ($innewpassword1 != $innewpassword2) { $errors['newpassword2'] = qa_lang('users/password_mismatch'); } if (empty($errors)) { qa_db_user_set_password($userid, $innewpassword1); qa_db_user_set($userid, 'sessioncode', ''); // stop old 'Remember me' style logins from still working qa_set_logged_in_user($userid, $useraccount['handle'], false, $useraccount['sessionsource']); // reinstate this specific session qa_report_event('u_password', $userid, $useraccount['handle'], qa_cookie_get()); qa_redirect('account', array('state' => 'password-changed')); } } } // Prepare content for theme $qa_content = qa_content_prepare(); $qa_content['title'] = qa_lang_html('profile/my_account_title'); $qa_content['error'] = @$errors['page']; $qa_content['form_profile'] = array('tags' => 'enctype="multipart/form-data" method="post" action="' . qa_self_html() . '"', 'style' => 'wide', 'fields' => array('duration' => array('type' => 'static', 'label' => qa_lang_html('users/member_for'), 'value' => qa_time_to_string(qa_opt('db_time') - $useraccount['created'])), 'type' => array('type' => 'static', 'label' => qa_lang_html('users/member_type'), 'value' => qa_html(qa_user_level_string($useraccount['level'])), 'note' => $isblocked ? qa_lang_html('users/user_blocked') : null), 'handle' => array('label' => qa_lang_html('users/handle_label'), 'tags' => 'name="handle"', 'value' => qa_html(isset($inhandle) ? $inhandle : $useraccount['handle']), 'error' => qa_html(@$errors['handle']), 'type' => $changehandle && !$isblocked ? 'text' : 'static'), 'email' => array('label' => qa_lang_html('users/email_label'), 'tags' => 'name="email"', 'value' => qa_html(isset($inemail) ? $inemail : $useraccount['email']), 'error' => isset($errors['email']) ? qa_html($errors['email']) : ($doconfirms && !$isconfirmed ? qa_insert_login_links(qa_lang_html('users/email_please_confirm')) : null), 'type' => $isblocked ? 'static' : 'text'), 'messages' => array('label' => qa_lang_html('users/private_messages'), 'tags' => 'name="messages"', 'type' => 'checkbox', 'value' => !($useraccount['flags'] & QA_USER_FLAGS_NO_MESSAGES), 'note' => qa_lang_html('users/private_messages_explanation')), 'wall' => array('label' => qa_lang_html('users/wall_posts'), 'tags' => 'name="wall"', 'type' => 'checkbox', 'value' => !($useraccount['flags'] & QA_USER_FLAGS_NO_WALL_POSTS), 'note' => qa_lang_html('users/wall_posts_explanation')), 'mailings' => array('label' => qa_lang_html('users/mass_mailings'), 'tags' => 'name="mailings"', 'type' => 'checkbox', 'value' => !($useraccount['flags'] & QA_USER_FLAGS_NO_MAILINGS), 'note' => qa_lang_html('users/mass_mailings_explanation')), 'avatar' => null), 'buttons' => array('save' => array('tags' => 'onclick="qa_show_waiting_after(this, false);"', 'label' => qa_lang_html('users/save_profile'))), 'hidden' => array('dosaveprofile' => '1', 'code' => qa_get_form_security_code('account'))); if (qa_get_state() == 'profile-saved') { $qa_content['form_profile']['ok'] = qa_lang_html('users/profile_saved'); } if (!qa_opt('allow_private_messages')) {
$inremember = qa_post_text('remember'); $errors = array(); if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($inemailhandle); } else { $matchusers = qa_db_user_find_by_handle($inemailhandle); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login and redirect require_once QA_INCLUDE_DIR . 'qa-app-users.php'; qa_set_logged_in_user($inuserid, $userinfo['handle'], $inremember ? true : false); $topath = qa_get('to'); if (isset($topath)) { qa_redirect_raw(qa_path_to_root() . $topath); } elseif ($passwordsent) { qa_redirect('account'); } else { qa_redirect('welcome'); } } else { $errors['password'] = qa_lang('users/password_wrong'); } } else { $errors['emailhandle'] = qa_lang('users/user_not_found'); } } else {
function check_merge(&$useraccount, &$mylogins, $tolink) { global $qa_cached_logged_in_user, $qa_logged_in_userid_checked; $userid = $findid = $useraccount['userid']; $findemail = $useraccount['oemail']; // considering this is an openid user, so use the openid email if (empty($findemail)) { $findemail = $useraccount['email']; // fallback } if ($tolink) { // user is logged in with $userid but wants to merge $findid $findemail = null; $findid = $tolink['userid']; } else { if (qa_get('confirm') == 2 || qa_post_text('confirm') == 2) { // bogus confirm page, stop right here qa_redirect('logins'); } } // find other un-linked accounts with the same email $otherlogins = qa_db_user_login_find_other__open($findid, $findemail, $userid); if (qa_clicked('domerge') && !empty($otherlogins)) { // if cancel was requested, just redirect if ($_POST['domerge'] == 0) { $tourl = qa_post_text('to'); if (!empty($tourl)) { qa_redirect($tourl); } else { qa_redirect($tolink ? 'logins' : ''); } } // a request to merge (link) multiple accounts was made require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php'; $recompute = false; $email = null; $baseid = $_POST["base{$_POST['domerge']}"]; // POST[base1] or POST[base2] // see which account was selected, if any if ($baseid != 0) { // just in case foreach ($otherlogins as $login) { // see if this is the currently logged in account $loginid = $login['details']['userid']; $is_current = $loginid == $userid; // see if this user was selected for merge if (isset($_POST["user_{$loginid}"]) || $is_current) { if ($baseid != $loginid) { // this account should be deleted as it's different from the selected base id if (!empty($login['logins'])) { // update all associated logins qa_db_user_login_sync(true); qa_db_user_login_replace_userid__open($loginid, $baseid); qa_db_user_login_sync(false); } // delete old user but keep the email qa_delete_user($loginid); $recompute = true; if (empty($email)) { $email = $login['details']['email']; } if (empty($email)) { $email = $login['details']['oemail']; } } } } } // recompute the stats, if needed if ($recompute) { require_once QA_INCLUDE_DIR . 'qa-db-points.php'; qa_db_userpointscount_update(); // check if the current account has been deleted if ($userid != $baseid) { $oldsrc = $useraccount['sessionsource']; qa_set_logged_in_user($baseid, $useraccount['handle'], false, $oldsrc); $useraccount = qa_db_user_find_by_id__open($baseid); $userid = $baseid; // clear some cached data qa_db_flush_pending_result('loggedinuser'); $qa_logged_in_userid_checked = false; unset($qa_cached_logged_in_user); } // also check the email address on the remaining user account if (empty($useraccount['email']) && !empty($email)) { // update the account if the email address is not used anymore $emailusers = qa_db_user_find_by_email($email); if (count($emailusers) == 0) { qa_db_user_set($userid, 'email', $email); $useraccount['email'] = $email; // to show on the page } } } $conf = qa_post_text('confirm'); $tourl = qa_post_text('to'); if ($conf) { $tourl = qa_post_text('to'); if (!empty($tourl)) { qa_redirect($tourl); } else { qa_redirect($tolink ? 'logins' : ''); } } // update the arrays $otherlogins = qa_db_user_login_find_other__open($userid, $findemail); $mylogins = qa_db_user_login_find_mine__open($userid); } // remove the current user id unset($otherlogins[$userid]); return $otherlogins; }
Description: Controller for logout page (not much to do) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ if (!defined('QA_VERSION')) { // don't allow this page to be requested directly from browser header('Location: ../'); exit; } if (QA_FINAL_EXTERNAL_USERS) { qa_fatal_error('User logout is handled by external code'); } if (qa_is_logged_in()) { qa_set_logged_in_user(null); } qa_redirect(''); // back to home page /* Omit PHP closing tag to help avoid accidental output */
function core_login($username, $password, $remember = false) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; $errors = array(); if (qa_opt('allow_login_email_only') || strpos($username, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($username); } else { $matchusers = qa_db_user_find_by_handle($username); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); if (strtolower(qa_db_calc_passcheck($password, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login require_once QA_INCLUDE_DIR . 'qa-app-users.php'; qa_set_logged_in_user($inuserid, $userinfo['handle'], $remember ? true : false); return $userinfo; } else { $this->error = new IXR_Error(1512, qa_lang('users/password_wrong')); } } else { $this->error = new IXR_Error(1512, qa_lang('users/user_not_found')); } } else { $this->error = new IXR_Error(1512, qa_lang('users/login_limit')); } qa_limits_increment(null, QA_LIMIT_LOGINS); // log on failure return false; }
qa_db_upgrade_query($query); } } $success .= 'The ' . $modulename . ' ' . $moduletype . ' module has completed database initialization.'; } if (qa_clicked('super')) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php'; $inemail = qa_post_text('email'); $inpassword = qa_post_text('password'); $inhandle = qa_post_text('handle'); $fielderrors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword)); if (empty($fielderrors)) { require_once QA_INCLUDE_DIR . 'qa-app-users.php'; $userid = qa_create_new_user($inemail, $inpassword, $inhandle, QA_USER_LEVEL_SUPER); qa_set_logged_in_user($userid, $inhandle); qa_set_option('feedback_email', $inemail); $success .= "Congratulations - Your Question2Answer site is ready to go!\n\nYou are logged in as the super administrator and can start changing settings.\n\nThank you for installing Question2Answer."; } } } if (is_resource(qa_db_connection(false)) && !@$pass_failure_from_install) { $check = qa_db_check_tables(); // see where the database is at switch ($check) { case 'none': if (@$pass_failure_errno == 1146) { // don't show error if we're in installation process $errorhtml = ''; } $errorhtml .= 'Welcome to Question2Answer. It\'s time to set up your database!';
qa_limits_increment(null, QA_LIMIT_LOGINS); $errors = array(); if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($inemailhandle); } else { $matchusers = qa_db_user_find_by_handle($inemailhandle); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login and redirect require_once QA_INCLUDE_DIR1 . 'app/users.php'; qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember)); $topath = qa_get('to'); if (isset($topath)) { qa_redirect_raw($root_url . $topath); // path already provided as URL fragment } elseif ($passwordsent) { qa_redirect('account'); } else { qa_redirect(''); } } else { $errors['password'] = qa_lang('users/password_wrong'); } } else { $errors['emailhandle'] = qa_lang('users/user_not_found'); }
// handles can't contain @ symbols $matchusers = qa_db_user_find_by_handle($inemailhandle); } else { $matchusers = qa_db_user_find_by_email($inemailhandle); } if (count($matchusers) == 1) { // if matches more than one (should be impossible), don't log in $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); // verify user is registered for the category / course if (mp_db_users_verify_permission($userinfo['userid'], $incategory) != 0) { // user is allowed to access the category, now check password if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login and redirect require_once QA_INCLUDE_DIR . 'qa-app-users.php'; qa_set_logged_in_user($inuserid, $userinfo['handle'], $inremember ? true : false, null, $incategory); $topath = qa_get('to'); if (isset($topath)) { qa_redirect_raw($qa_root_url_relative . $topath); } elseif ($passwordsent) { qa_redirect('account'); } else { qa_redirect(''); } } else { $errors['password'] = qa_lang('users/password_wrong'); } } else { $errors['category'] = 'Your userid is not registered for this category'; } } else {
require_once QA_INCLUDE_DIR . 'mp-db-users.php'; $inemail = qa_post_text('email'); $inpassword = qa_post_text('password'); $inhandle = qa_post_text('handle'); $errors = array_merge(qa_handle_email_validate($inhandle, $inemail), qa_password_validate($inpassword)); if (qa_opt('captcha_on_register')) { qa_captcha_validate($_POST, $errors); } if (empty($errors)) { // register and redirect $userid = qa_create_new_user($inemail, $inpassword, $inhandle); // register user to course $categoryid = 6; mp_register_user($userid, $categoryid); //qa_set_logged_in_user($userid, $inhandle, null, null); qa_set_logged_in_user($userid, $inhandle, null, null, $categoryid); $topath = qa_get('to'); if (isset($topath)) { qa_redirect_raw($qa_root_url_relative . $topath); } else { qa_redirect(''); } } } // Prepare content for theme $qa_content = qa_content_prepare(); $qa_content['title'] = qa_lang_html('users/register_title'); $qa_content['form'] = array('tags' => 'METHOD="POST" ACTION="' . qa_self_html() . '"', 'style' => 'tall', 'fields' => array('handle' => array('label' => qa_lang_html('users/handle_label'), 'tags' => 'NAME="handle" ID="handle"', 'value' => qa_html(@$inhandle), 'error' => qa_html(@$errors['handle'])), 'password' => array('type' => 'password', 'label' => qa_lang_html('users/password_label'), 'tags' => 'NAME="password" ID="password"', 'value' => qa_html(@$inpassword), 'error' => qa_html(@$errors['password'])), 'email' => array('label' => qa_lang_html('users/email_label'), 'tags' => 'NAME="email" ID="email"', 'value' => qa_html(@$inemail), 'note' => qa_opt('email_privacy'), 'error' => qa_html(@$errors['email']))), 'buttons' => array('register' => array('label' => qa_lang_html('users/register_button'))), 'hidden' => array('doregister' => '1')); if (qa_opt('captcha_on_register')) { qa_set_up_captcha_field($qa_content, $qa_content['form']['fields'], @$errors); }
function qa_log_in_external_user($source, $identifier, $fields) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; $users = qa_db_user_login_find($source, $identifier); $countusers = count($users); if ($countusers > 1) { qa_fatal_error('External login mapped to more than one user'); } // should never happen if ($countusers) { // user exists so log them in qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source); } else { // create and log in user require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php'; $handle = qa_handle_make_valid(@$fields['handle']); $userid = qa_create_new_user((string) @$fields['email'], null, $handle, isset($fields['level']) ? $fields['level'] : QA_USER_LEVEL_BASIC, @$fields['confirmed']); qa_db_user_login_add($userid, $source, $identifier); $profilefields = array('name', 'location', 'website', 'about'); foreach ($profilefields as $fieldname) { if (strlen(@$fields[$fieldname])) { qa_db_user_profile_set($userid, $fieldname, $fields[$fieldname]); } } if (strlen(@$fields['avatar'])) { qa_set_user_avatar($userid, $fields['avatar']); } qa_set_logged_in_user($userid, $handle, false, $source); } }
/** * Overrides the default mechanism of logging in from external sources. * * Adds a different way of tracking the sessions and performs some * additional tasks when creating an user account (setting new fields, * extra checks, etc). */ function qa_log_in_external_user($source, $identifier, $fields) { require_once QA_INCLUDE_DIR . 'qa-db-users.php'; $remember = qa_opt('open_login_remember') ? true : false; $users = qa_db_user_login_find($source, $identifier); $countusers = count($users); if ($countusers > 1) { qa_fatal_error('External login mapped to more than one user'); } // should never happen /* * To allow for more than one account from the same openid/openauth provider to be * linked to an Q2A user, we need to override the way session source is stored * Supposing userid 01 is linked to 2 yahoo accounts, the session source will be * something like 'yahoo-xyz' when logging in with the first yahoo account and * 'yahoo-xyt' when logging in with the other. */ $aggsource = qa_open_login_get_new_source($source, $identifier); // prepare some data if (empty($fields['handle'])) { $ohandle = ucfirst($source); } else { $ohandle = preg_replace('/[\\@\\+\\/]/', ' ', $fields['handle']); } $oemail = null; if (strlen(@$fields['email']) && $fields['confirmed']) { // only if email is confirmed $oemail = $fields['email']; } if ($countusers) { // user exists so log them in //always update email and handle if ($oemail) { qa_db_user_login_set__open($source, $identifier, 'oemail', $oemail); } qa_db_user_login_set__open($source, $identifier, 'ohandle', $ohandle); qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], $remember, $aggsource); } else { // create and log in user require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php'; qa_db_user_login_sync(true); $users = qa_db_user_login_find($source, $identifier); // check again after table is locked if (count($users) == 1) { //always update email and handle if ($oemail) { qa_db_user_login_set__open($source, $identifier, 'oemail', $oemail); } qa_db_user_login_set__open($source, $identifier, 'ohandle', $ohandle); qa_db_user_login_sync(false); qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], $remember, $aggsource); } else { $handle = qa_handle_make_valid(@$fields['handle']); // check if email address already exists $emailusers = array(); if (strlen(@$fields['email']) && $fields['confirmed']) { // only if email is confirmed $emailusers = qa_db_user_find_by_email_or_oemail__open($fields['email']); if (count($emailusers)) { // unset regular email to prevent duplicates unset($fields['email']); } } $userid = qa_create_new_user((string) @$fields['email'], null, $handle, isset($fields['level']) ? $fields['level'] : QA_USER_LEVEL_BASIC, @$fields['confirmed']); qa_db_user_set($userid, 'oemail', $oemail); qa_db_user_login_add($userid, $source, $identifier); qa_db_user_login_set__open($source, $identifier, 'oemail', $oemail); qa_db_user_login_set__open($source, $identifier, 'ohandle', $ohandle); qa_db_user_login_sync(false); $profilefields = array('name', 'location', 'website', 'about'); foreach ($profilefields as $fieldname) { if (strlen(@$fields[$fieldname])) { qa_db_user_profile_set($userid, $fieldname, $fields[$fieldname]); } } if (strlen(@$fields['avatar'])) { qa_set_user_avatar($userid, $fields['avatar']); } qa_set_logged_in_user($userid, $handle, $remember, $aggsource); return count($emailusers); } } return 0; }