function saveRegistration() { global $database, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == 0) { mosNotAuth(); return; } // simple spoof check security josSpoofCheck(); $row = new mosUser($database); if (!$row->bind($_POST, 'usertype')) { mosErrorAlert($row->getError()); } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); $row->password = trim($row->password); mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = ''; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == 1) { $row->activation = md5(mosMakePassword()); $row->block = '1'; } if (!$row->check()) { echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; $row->registerDate = date('Y-m-d H:i:s'); if (!$row->store()) { echo "<script> alert('" . html_entity_decode($row->getError()) . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); $name = trim($row->name); $email = trim($row->email); $username = trim($row->username); $subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); if ($mosConfig_useractivation == 1) { $message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); } else { $message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site); } $message = html_entity_decode($message, ENT_QUOTES); // check if Global Config `mailfrom` and `fromname` values exist if ($mosConfig_mailfrom != '' && $mosConfig_fromname != '') { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { // use email address and name of first superadmin for use in email sent to user $query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE LOWER( usertype ) = 'superadministrator'" . "\n OR LOWER( usertype ) = 'super administrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } // Send email to user mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get email addresses of all admins and superadmins set to recieve system emails $query = "SELECT email, sendEmail" . "\n FROM #__users" . "\n WHERE ( gid = 24 OR gid = 25 )" . "\n AND sendEmail = 1" . "\n AND block = 0"; $database->setQuery($query); $admins = $database->loadObjectList(); foreach ($admins as $admin) { // send email to admin & super admin set to recieve system emails mosMail($adminEmail2, $adminName2, $admin->email, $subject2, $message2); } if ($mosConfig_useractivation == 1) { echo _REG_COMPLETE_ACTIVATE; } else { echo _REG_COMPLETE; } }
function userSave($option, $uid) { global $database, $my, $mosConfig_frontend_userparams; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } // simple spoof check security josSpoofCheck(); $row = new mosUser($database); $row->load((int) $user_id); $orig_password = $row->password; $orig_username = $row->username; if (!$row->bind($_POST, 'gid usertype')) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); mosMakeHtmlSafe($row); if (isset($_POST['password']) && $_POST['password'] != '') { if (isset($_POST['verifyPass']) && $_POST['verifyPass'] == $_POST['password']) { $row->password = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; } else { echo "<script> alert(\"" . addslashes(_PASS_MATCH) . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $orig_password; } if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) { // save params $params = mosGetParam($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // check if username has been changed if ($orig_username != $row->username) { // change username value in session table $query = "UPDATE #__session" . "\n SET username = "******"\n WHERE username = "******"\n AND userid = " . (int) $my->id . "\n AND gid = " . (int) $my->gid . "\n AND guest = 0"; $database->setQuery($query); $database->query(); } mosRedirect('index.php', _USER_DETAILS_SAVE); }
function userSave($option, $uid) { global $database; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } $row = new mosUser($database); $row->load($user_id); $row->orig_password = $row->password; if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (isset($_POST["password"]) && $_POST["password"] != "") { if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) { $row->password = md5($_POST["password"]); } else { echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $row->orig_password; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } unset($row->orig_password); // prevent DB error!! if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } //extended stuff.... // save extended details include "administrator/components/com_user_extended/user_extended.class.php"; $rowExtended = new mosUser_Extended($database); if (!$rowExtended->bind($_POST)) { echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$rowExtended->check()) { echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$rowExtended->storeExtended($user_id)) { echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE); }
/** * The function from com_registration! * Registers a user into Mambo/Joomla * * @return boolean True when the registration process was successful, False when not */ function saveRegistration() { global $database, $acl, $vmLogger, $mosConfig_useractivation, $mosConfig_allowUserRegistration, $mosConfig_live_site; if ($mosConfig_allowUserRegistration == '0') { mosNotAuth(); return false; } $row = new mosUser($database); if (!$row->bind($_POST, 'usertype')) { $error = vmHtmlEntityDecode($row->getError()); $vmLogger->err($error); echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n"; return false; } mosMakeHtmlSafe($row); $usergroup = 'Registered'; $row->id = 0; $row->usertype = $usergroup; $row->gid = $acl->get_group_id($usergroup, 'ARO'); if ($mosConfig_useractivation == '1') { $row->activation = md5(vmGenRandomPassword()); $row->block = '1'; } if (!$row->check()) { $error = vmHtmlEntityDecode($row->getError()); $vmLogger->err($error); echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n"; return false; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date('Y-m-d H:i:s'); if (!$row->store()) { $error = vmHtmlEntityDecode($row->getError()); $vmLogger->err($error); echo "<script type=\"text/javascript\"> alert('" . $error . "');</script>\n"; return false; } $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $component = vmIsJoomla(1.5) ? 'com_user' : 'com_registration'; $activation_link = $mosConfig_live_site . "/index.php?option={$component}&task=activate&activation=" . $row->activation; // Send the registration email $this->_sendMail($name, $email, $username, $pwd, $activation_link); return true; }
/** * Function to save User Information * into Joomla */ function saveUser(&$d) { global $database, $my, $_VERSION, $VM_LANG; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $aro_id = 'aro_id'; $group_id = 'group_id'; // Column names have changed since J! 1.5 if (vmIsJoomla('1.5', '>=')) { $aro_id = 'id'; $group_id = 'id'; } $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script type=\"text/javascript\">alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n"; } $isNew = !$row->id; $pwd = ''; // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = vmGenRandomPassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { if (!empty($_POST['password'])) { if ($row->password != @$_POST['password2']) { $d['error'] = vmHtmlEntityDecode($VM_LANG->_('REGWARN_VPASS2', false)); return false; } } $row->password = md5($row->password); } } // save usertype to usetype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE `{$group_id}` = {$row->gid}"; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; // save params $params = vmGet($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n"; return false; } if (!$row->store()) { echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n"; return false; } if ($isNew) { $newUserId = $row->id; } else { $newUserId = false; } $row->checkin(); $_SESSION['session_user_params'] = $row->params; // update the ACL if (!$isNew) { $query = "SELECT `{$aro_id}`" . "\n FROM #__core_acl_aro" . "\n WHERE value = '{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = {$row->gid}" . "\n WHERE aro_id = {$aro_id}"; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { // Send the notification emails $name = $row->name; $email = $row->email; $username = $row->username; $password = $pwd; $this->_sendMail($name, $email, $username, $password); } return $newUserId; }
function saveRegistration($option) { global $database, $my, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == "0") { mosNotAuth(); return; } $row = new mosUser($database); if (!$row->bind($_POST, "usertype")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = ''; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == "1") { $row->activation = md5(mosMakePassword()); $row->block = "1"; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date("Y-m-d H:i:s"); if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $subject = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); if ($mosConfig_useractivation == "1") { $message = sprintf(_USEND_MSG_ACTIVATE, $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); } else { $message = sprintf(_USEND_MSG, $name, $mosConfig_sitename, $mosConfig_live_site); } $message = html_entity_decode($message, ENT_QUOTES); // Send email to user if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { $database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='superadministrator'"); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(_SEND_SUB, $name, $mosConfig_sitename); $message2 = sprintf(_ASEND_MSG, $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get superadministrators id $admins = $acl->get_group_objects(25, 'ARO'); foreach ($admins['users'] as $id) { $database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'"); $rows = $database->loadObjectList(); $row = $rows[0]; if ($row->sendEmail) { mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2); } } if ($mosConfig_useractivation == "1") { echo _REG_COMPLETE_ACTIVATE; } else { echo _REG_COMPLETE; } }
function saveRegistration($option) { global $database, $my, $acl; global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation, $mosConfig_allowUserRegistration; global $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_mailfrom, $mosConfig_fromname; if ($mosConfig_allowUserRegistration == '0') { mosNotAuth(); return; } $row = new mosUser($database); if (!$row->bind($_POST, 'usertype')) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); $row->id = 0; $row->usertype = 'Registered'; $row->gid = $acl->get_group_id('Registered', 'ARO'); if ($mosConfig_useractivation == '1') { $row->activation = md5(mosMakePassword()); $row->block = '1'; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $pwd = $row->password; $row->password = md5($row->password); $row->registerDate = date("Y-m-d H:i:s"); if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); $name = $row->name; $email = $row->email; $username = $row->username; $subject = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename); $subject = html_entity_decode($subject, ENT_QUOTES); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); if ($mosConfig_useractivation == "1") { $message = sprintf(T_('Hello %s, Thank you for registering at %s. Your account has been created but, as a precaution, it must be activated by you before you can use it. To activate the account click on the following link or copy and paste it in your browser: %s After activation you may login to %s using the following username and password: Username - %s Password - %s'), $name, $mosConfig_sitename, $mosConfig_live_site . "/index.php?option=com_registration&task=activate&activation=" . $row->activation, $mosConfig_live_site, $username, $pwd); $loginfo = new mosLoginDetails($username, $pwd); $mambothandler->trigger('userRegister', array($loginfo)); } else { $message = sprintf(T_("Hello %s,\n\nThank you for registering at %s.\n\nYou may now login to %s using the username and password you registered with."), $name, $mosConfig_sitename, $mosConfig_live_site); $loginfo = new mosLoginDetails($username, $pwd); $mambothandler->trigger('userRegister', array($loginfo)); $mambothandler->trigger('userActivate', array($loginfo)); } $message = html_entity_decode($message, ENT_QUOTES); // Send email to user if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName2 = $mosConfig_fromname; $adminEmail2 = $mosConfig_mailfrom; } else { $database->setQuery("SELECT name, email FROM #__users" . "\n WHERE usertype='super administrator'"); $rows = $database->loadObjectList(); $row2 = $rows[0]; $adminName2 = $row2->name; $adminEmail2 = $row2->email; } mosMail($adminEmail2, $adminName2, $email, $subject, $message); // Send notification to all administrators $subject2 = sprintf(T_('Account details for %s at %s'), $name, $mosConfig_sitename); $message2 = sprintf(T_('Hello %s, A new user has registered at %s. This email contains their details: Name - %s e-mail - %s Username - %s Please do not respond to this message as it is automatically generated and is for information purposes only'), $adminName2, $mosConfig_sitename, $row->name, $email, $username); $subject2 = html_entity_decode($subject2, ENT_QUOTES); $message2 = html_entity_decode($message2, ENT_QUOTES); // get superadministrators id $admins = $acl->get_group_objects(25, 'ARO'); foreach ($admins['users'] as $id) { $database->setQuery("SELECT email, sendEmail FROM #__users" . "\n WHERE id='{$id}'"); $rows = $database->loadObjectList(); $row = $rows[0]; if ($row->sendEmail) { mosMail($adminEmail2, $adminName2, $row->email, $subject2, $message2); } } if ($mosConfig_useractivation == "1") { echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />'; echo T_('Your account has been created and an activation link has been sent to the e-mail address you entered. Note that you must activate the account by clicking on the activation link before you can login.'); } else { echo '<div class="componentheading">' . T_('Registration Complete') . '</div><br />'; echo T_('You may now login.'); } }
function saveUser($option, $task) { global $database, $my, $acl; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // sanitize $row->id = intval($row->id); $row->gid = intval($row->gid); $isNew = !$row->id; $pwd = ''; // disallow super administrator blocking self $super_gid = $acl->get_group_id('super administrator'); if ($row->id == $my->id && $my->gid == $super_gid) { $row->block = 0; } // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $pwd = $row->password; $row->password = md5($pwd); } } // save usertype to usetype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = {$row->gid}"; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->checkin(); $loginfo = new mosLoginDetails($row->username, $pwd); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); // update the ACL if (!$isNew) { if ($pwd) { $mambothandler->trigger('userChange', array($loginfo)); } if ($row->block) { $mambothandler->trigger('userBlock', array($loginfo)); } else { $mambothandler->trigger('userUnblock', array($loginfo)); } $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'"; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { $mambothandler->trigger('userRegister', array($loginfo)); $mambothandler->trigger('userActivate', array($loginfo)); if ($row->block) { $mambothandler->trigger('userBlock', array($loginfo)); } $query = "SELECT email FROM #__users WHERE id={$my->id}"; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = T_('New User Details'); $message = sprintf(T_('Hello %s, You have been added as a user to %s by an Administrator. This email contains your username and password to log into the %s Username - %s Password - %s Please do not respond to this message as it is automatically generated and is for information purposes only'), $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email FROM #__users WHERE usertype='super administrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row = $rows[0]; $adminName = $row->name; $adminEmail = $row->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } switch ($task) { case 'apply': $msg = sprintf(T_('Successfully Saved changes to User: %s'), $row->name); mosRedirect('index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg); case 'save': default: $msg = sprintf(T_('Successfully Saved User: %s'), $row->name); mosRedirect('index2.php?option=com_users', $msg); break; } }
function saveUser($task) { global $database, $my, $acl; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; josSpoofCheck(); $userIdPosted = mosGetParam($_POST, 'id'); if ($userIdPosted) { $msg = checkUserPermissions(array($userIdPosted), 'save', in_array($my->gid, array(24, 25))); if ($msg) { echo "<script type=\"text/javascript\"> alert('" . $msg . "'); window.history.go(-1);</script>\n"; exit; } } $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); // sanitise fields $row->id = (int) $row->id; // sanitise gid field $row->gid = (int) $row->gid; $isNew = !$row->id; $pwd = ''; // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $salt = mosMakePassword(16); $crypt = md5($pwd . $salt); $row->password = $crypt . ':' . $salt; } else { $pwd = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($pwd . $salt); $row->password = $crypt . ':' . $salt; } $row->registerDate = date('Y-m-d H:i:s'); } else { $original = new mosUser($database); $original->load((int) $row->id); // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; } // if group has been changed and where original group was a Super Admin if ($row->gid != $original->gid) { if ($original->gid == 25) { // count number of active super admins $query = "SELECT COUNT( id )" . "\n FROM #__users" . "\n WHERE gid = 25" . "\n AND block = 0"; $database->setQuery($query); $count = $database->loadResult(); if ($count <= 1) { // disallow change if only one Super Admin exists echo "<script> alert('You cannot change this users Group as it is the only active Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } } $user_group = strtolower($acl->get_group_name($original->gid, 'ARO')); if ($user_group == 'super administrator' && $my->gid != 25) { // disallow change of super-Admin by non-super admin echo "<script> alert('You cannot change this users Group as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } else { if ($my->gid == 24 && $original->gid == 24) { // disallow change of super-Admin by non-super admin echo "<script> alert('You cannot change the Group of another Administrator as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } } // ensure user can't add group higher than themselves done below } } /* // if user is made a Super Admin group and user is NOT a Super Admin if ( $row->gid == 25 && $my->gid != 25 ) { // disallow creation of Super Admin by non Super Admin users echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; exit(); } */ // Security check to avoid creating/editing user to higher level than himself: response to artf4529. if (!in_array($row->gid, getGIDSChildren($my->gid))) { // disallow creation of Super Admin by non Super Admin users echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; exit; } // save usertype to usertype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = " . (int) $row->gid; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; // save params $params = mosGetParam($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); // updates the current users param settings if ($my->id == $row->id) { //session_start(); $_SESSION['session_user_params'] = $row->params; session_write_close(); } // update the ACL if (!$isNew) { $query = "SELECT aro_id" . "\n FROM #__core_acl_aro" . "\n WHERE value = " . (int) $row->id; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = " . (int) $row->gid . "\n WHERE aro_id = " . (int) $aro_id; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { $query = "SELECT email" . "\n FROM #__users" . "\n WHERE id = " . (int) $my->id; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = _NEW_USER_MESSAGE_SUBJECT; $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE gid = 25"; $database->setQuery($query); $admins = $database->loadObjectList(); $admin = $admins[0]; $adminName = $admin->name; $adminEmail = $admin->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } if (!$isNew) { // if group has been changed if ($original->gid != $row->gid) { // delete user acounts active sessions logoutUser($row->id, 'com_users', 'change'); } } switch ($task) { case 'apply': $msg = 'Successfully Saved changes to User: '******'index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg); break; case 'save': default: $msg = 'Successfully Saved User: '******'index2.php?option=com_users', $msg); break; } }
function userSave($option, $uid) { global $database; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } $row = new mosUser($database); $row->load($user_id); $row->orig_password = $row->password; if (!$row->bind($_POST, "gid usertype")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); if (isset($_POST["password"]) && $_POST["password"] != "") { if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) { $row->password = md5($_POST["password"]); } else { echo "<script> alert(\"" . T_('Passwords do not match') . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $row->orig_password; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } unset($row->orig_password); // prevent DB error!! if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $loginfo = new mosLoginDetails($row->username, $_POST['password']); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); $mambothandler->trigger('userChange', array($loginfo)); mosRedirect("index.php?option={$option}", T_('Your settings have been saved.')); }
function saveUser($option) { global $database, $my; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = !$row->id; $pwd = ''; if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = md5($row->password); } } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // update the ACL if ($isNew) { } else { $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'"; $database->setQuery($query); $database->query() or die($database->stderr()); } $row->checkin(); if ($isNew) { $query = "SELECT email FROM #__users WHERE id={$my->id}"; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = _NEW_USER_MESSAGE_SUBJECT; $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email FROM #__users WHERE usertype='superadministrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row = $rows[0]; $adminName = $row->name; $adminEmail = $row->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); mosRedirect('index2.php?option=' . $option); }
function saveUser($option) { global $database, $my; global $mosConfig_live_site; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = !$row->id; $pwd = ''; if ($isNew) { //extended user stuff $row->user_id = $row->id; // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = md5($row->password); } } $row->registerDate = date("Y-m-d H:i:s"); if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // update the ACL if ($isNew) { } else { $database->setQuery("SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"); $aro_id = $database->loadResult(); $database->setQuery("UPDATE #__core_acl_groups_aro_map" . "\nSET group_id = '{$row->gid}'" . "\nWHERE aro_id = '{$aro_id}'"); $database->query() or die($database->stderr()); } $row->checkin(); if ($isNew) { $database->setQuery("SELECT email FROM #__users WHERE id={$my->id}"); $adminEmail = $database->loadResult(); $subject = "New User Details"; $message = "Hello {$row->name},\r \n \r \n"; $message .= "You have been added as a user to {$mosConfig_live_site} by an Administrator.\r \n"; $message .= "This email contains your username and password to log into the {$mosConfig_live_site} site:\r \n \r \n"; $message .= "Username - {$row->username}\r \n"; $message .= "Password - {$pwd}\r \n \r \n \r \n"; $message .= "Please do not respond to this message as it is automatically generated and is for information purposes only\r \n"; $headers .= "From: {$adminEmail}\r\n"; $headers .= "Reply-To: {$adminEmail}\r\n"; $headers .= "X-Priority: 3\r\n"; $headers .= "X-MSMail-Priority: Low\r\n"; $headers .= "X-Mailer: Mambo Open Source 4.5\r\n"; mail($row->email, $subject, $message, $headers); } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); $row = null; $row = new mosUser_Extended($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->storeExtended(0)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } mosRedirect("index2.php?option={$option}"); }
function userSave($option, $uid) { global $database; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } $row = new mosUser($database); $row->load($user_id); $row->orig_password = $row->password; if (!$row->bind($_POST, "gid usertype")) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosMakeHtmlSafe($row); if (isset($_POST["password"]) && $_POST["password"] != "") { if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) { $row->password = md5($_POST["password"]); } else { echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $row->orig_password; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } unset($row->orig_password); // prevent DB error!! if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE); }