/** * Return an array with available groups for user */ function sumo_get_user_available_group($username = '', $html = FALSE) { global $SUMO; if (!$username) { $username = $SUMO['user']['user']; } if (sumo_validate_data(array(array('username', $username, 1)))) { $query = "SELECT usergroup FROM " . SUMO_TABLE_USERS . "\n\t\t\t\t WHERE username='******'"; $rs = $SUMO['DB']->Execute($query); $tab = $rs->FetchRow(); $group_level = explode(";", $tab[0]); if ($html) { return sumo_get_user_grouplevel($group_level); } else { for ($g = 0; $g < count($group_level); $g++) { $group_data = explode(":", $group_level[$g]); $group_name = $group_data[0]; $group_value = $group_data[1]; if ($group_name == 'sumo') { $query = "SELECT usergroup FROM " . SUMO_TABLE_GROUPS . "\n\t\t\t\t\t\t\t ORDER BY usergroup"; $rs = $SUMO['DB']->CacheExecute(3600, $query); $group_level = array(); $group_level[] = 'sumo:' . $group_value; while ($tab = $rs->FetchRow()) { $group_level[] = $tab[0] . ":7"; } break; } } return $group_level; } } else { return FALSE; } }
/** * Validate data * * See sumo_validate_data_<module name> for specific validation * into library module * * @author Alberto Basso <*****@*****.**> */ function sumo_validate_data($data = array(), $message = FALSE) { $elements = count($data); $err = FALSE; if ($elements > 0) { for ($d = 0; $d < $elements; $d++) { if ($data[$d][2] || !$data[$d][2] && $data[$d][1]) { switch ($data[$d][0]) { // the "user" can be also an e-mail address case 'username': if (!preg_match('/^[a-z0-9' . SUMO_REGEXP_ALLOWED_CHARS . ']{3,100}$/i', $data[$d][1]) && !sumo_validate_email($data[$d][1])) { $err = 'W00006C'; } break; case 'name': if (!preg_match("/^[a-z" . SUMO_REGEXP_ALLOWED_CHARS . "\\&\\;\\\\'\\ ]{1,49}\$/i", $data[$d][1])) { $err = 'W00022C'; } break; case 'password': if (!preg_match('/^[\\.a-z0-9]{40}$/i', $data[$d][1])) { $err = 'W00011C'; } // for sha1 string break; case 'email': if (!sumo_validate_email($data[$d][1])) { $err = 'W00007C'; } break; case 'active': if (!preg_match('/^[0-1]{1}$/', $data[$d][1])) { $err = 'W00018C'; } break; case 'ip': $ip = sumo_get_iprange($data[$d][1]); for ($i = 0; $i < count($ip); $i++) { if (!sumo_validate_ip($ip[$i])) { $err = 'W00016C'; } break; } break; case 'usergroup': if (!sumo_validate_group($data[$d][1])) { $err = 'W00017C'; } break; case 'datasource_id': $ds = sumo_get_datasource_info($data[$d][1], false); if (empty($ds)) { $err = 'W00023C'; } break; case 'hostname': if (!preg_match('/[a-z0-9\\.\\_\\-]{3,255}$/i', $data[$d][1])) { $err = 'W00025C'; } break; case 'port': if ($data[$d][1] < 1 || $data[$d][1] > 65535) { $err = 'W00026C'; } break; case 'ldap_base': if (!preg_match('/^[a-z0-9\\.\\,\\:\\;\\_\\-\\=\\\\/\\+\\*\\ ' . SUMO_REGEXP_ALLOWED_CHARS . ']{4,255}$/i', $data[$d][1])) { $err = 'W00027C'; } break; case 'new_password': if (!sumo_validate_data(array(array('password', $data[$d][1][0])))) { $err = 'W00011C'; } if ($data[$d][1][0] != $data[$d][1][1]) { $err = 'W00024C'; } break; // Joomla // Joomla case 'new_password2': if ($data[$d][1][0] != $data[$d][1][1]) { $err = 'W00024C'; } break; case 'day_limit': if (!preg_match('/^[0-9]{1,4}$/', $data[$d][1])) { $err = 'W00020C'; } break; case 'language': if (!in_array($data[$d][1], sumo_get_available_languages())) { $err = 'W00021C'; } break; case 'id': // INT = 256^4-1 if ($data[$d][1] < 1 || $data[$d][1] > 4294967296) { $err = 'W00029C'; } break; default: $err = 'W00019C'; break; } if ($err) { break; } } } if ($message) { return !$err ? array(TRUE, '') : array(FALSE, sumo_get_message($err)); } else { return !$err ? TRUE : FALSE; } } else { return FALSE; } }
$sumo_template = 'confirm_registration'; $_SESSION['reg_password'] = $sumo_reg_data['reg_password']; } else { $sumo_message = $validate[1]; session_destroy(); } } else { $sumo_message = sumo_get_message('W00013C'); session_destroy(); } break; case 'REGCONFIRMED': $sumo_template = 'registration'; if ($SUMO['config']['accounts']['registration']['enabled']) { $data = array(array('username', $sumo_reg_data['reg_user'], 1), array('email', $sumo_reg_data['reg_email'], 1), array('password', $_SESSION['reg_password'], 1)); $validate = sumo_validate_data($data, TRUE); if ($validate[0]) { if (sumo_verify_user_exist($sumo_reg_data['reg_user'])) { $sumo_message = sumo_get_message('W00008C'); } elseif (sumo_verify_email_exist($sumo_reg_data['reg_email'])) { $sumo_message = sumo_get_message('W00009C'); } else { $sumo_message = sumo_get_message('I00007C'); $sumo_template = 'message'; sumo_request_register(); } } else { $sumo_message = $validate[1]; } } else { $sumo_template = 'message';
// If new group exist add it if ($_POST['newgroup']) { $_POST['group'] = sumo_get_normalized_group($_POST['newgroup'] . ";" . $_POST['group']); } // password (SUMO, Joomla) switch ($tab['datasource_type']) { case 'MySQLUsers': case 'Joomla15': $pwd_verify = 'new_password2'; break; default: $pwd_verify = 'new_password'; break; } $data = array(array('id', $_GET['id'], 1), array('username', $_POST['user'], 1), array('name', $_POST['firstname']), array('name', $_POST['lastname']), array('active', $_POST['active']), array('email', $_POST['email']), array('language', $_POST['language']), array('datasource_id', $_POST['datasource_id'], 1), array('usergroup', $_POST['group']), array('ip', $_POST['ip']), array('day_limit', $_POST['day_limit']), array($pwd_verify, array($_POST['new_password'], $_POST['renew_password']))); $validate = sumo_validate_data($data, true); // verify if current user is sumo to change administrator account if ($_POST['user'] == 'sumo' && $SUMO['user']['user'] != 'sumo') { $validate = array(false, $language['CannotModifyAccount']); } // Verify submittedd groups with current user group if ($validate[0]) { $submitted_group_level = sumo_get_grouplevel($_POST['group']); $submitted_group = sumo_get_grouplevel($_POST['group'], true); $available_group = sumo_get_available_group(); for ($g = 0; $g < count($submitted_group); $g++) { if (!in_array($submitted_group[$g], $available_group) && $submitted_group[$g]) { $validate = array(false, sumo_get_message('GroupNotAvailable', $submitted_group[$g])); break; } if (!in_array('sumo', $SUMO['user']['group']) || $submitted_group[$g] == 'sumo') {