/** * Function to save User Information * into Joomla */ function saveUser(&$d) { global $database, $my, $_VERSION, $VM_LANG; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $aro_id = 'aro_id'; $group_id = 'group_id'; // Column names have changed since J! 1.5 if (vmIsJoomla('1.5', '>=')) { $aro_id = 'id'; $group_id = 'id'; } $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script type=\"text/javascript\">alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n"; } $isNew = !$row->id; $pwd = ''; // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = vmGenRandomPassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { if (!empty($_POST['password'])) { if ($row->password != @$_POST['password2']) { $d['error'] = vmHtmlEntityDecode($VM_LANG->_('REGWARN_VPASS2', false)); return false; } } $row->password = md5($row->password); } } // save usertype to usetype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE `{$group_id}` = {$row->gid}"; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; // save params $params = vmGet($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n"; return false; } if (!$row->store()) { echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n"; return false; } if ($isNew) { $newUserId = $row->id; } else { $newUserId = false; } $row->checkin(); $_SESSION['session_user_params'] = $row->params; // update the ACL if (!$isNew) { $query = "SELECT `{$aro_id}`" . "\n FROM #__core_acl_aro" . "\n WHERE value = '{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = {$row->gid}" . "\n WHERE aro_id = {$aro_id}"; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { // Send the notification emails $name = $row->name; $email = $row->email; $username = $row->username; $password = $pwd; $this->_sendMail($name, $email, $username, $password); } return $newUserId; }
function userSave($option, $uid) { global $database; $user_id = intval(mosGetParam($_POST, 'id', 0)); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } $row = new mosUser($database); $row->load($user_id); $row->orig_password = $row->password; if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (isset($_POST["password"]) && $_POST["password"] != "") { if (isset($_POST["verifyPass"]) && $_POST["verifyPass"] == $_POST["password"]) { $row->password = md5($_POST["password"]); } else { echo "<script> alert(\"" . _PASS_MATCH . "\"); window.history.go(-1); </script>\n"; exit; } } else { // Restore 'original password' $row->password = $row->orig_password; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } unset($row->orig_password); // prevent DB error!! if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } //extended stuff.... // save extended details include "administrator/components/com_user_extended/user_extended.class.php"; $rowExtended = new mosUser_Extended($database); if (!$rowExtended->bind($_POST)) { echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$rowExtended->check()) { echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$rowExtended->storeExtended($user_id)) { echo "<script> alert('" . $rowExtended->getError() . "'); window.history.go(-1); </script>\n"; exit; } mosRedirect("index.php?option={$option}", _USER_DETAILS_SAVE); }
function saveUser($option, $task) { global $database, $my, $acl; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // sanitize $row->id = intval($row->id); $row->gid = intval($row->gid); $isNew = !$row->id; $pwd = ''; // disallow super administrator blocking self $super_gid = $acl->get_group_id('super administrator'); if ($row->id == $my->id && $my->gid == $super_gid) { $row->block = 0; } // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $pwd = $row->password; $row->password = md5($pwd); } } // save usertype to usetype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = {$row->gid}"; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->checkin(); $loginfo = new mosLoginDetails($row->username, $pwd); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); // update the ACL if (!$isNew) { if ($pwd) { $mambothandler->trigger('userChange', array($loginfo)); } if ($row->block) { $mambothandler->trigger('userBlock', array($loginfo)); } else { $mambothandler->trigger('userUnblock', array($loginfo)); } $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'"; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { $mambothandler->trigger('userRegister', array($loginfo)); $mambothandler->trigger('userActivate', array($loginfo)); if ($row->block) { $mambothandler->trigger('userBlock', array($loginfo)); } $query = "SELECT email FROM #__users WHERE id={$my->id}"; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = T_('New User Details'); $message = sprintf(T_('Hello %s, You have been added as a user to %s by an Administrator. This email contains your username and password to log into the %s Username - %s Password - %s Please do not respond to this message as it is automatically generated and is for information purposes only'), $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email FROM #__users WHERE usertype='super administrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row = $rows[0]; $adminName = $row->name; $adminEmail = $row->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } switch ($task) { case 'apply': $msg = sprintf(T_('Successfully Saved changes to User: %s'), $row->name); mosRedirect('index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg); case 'save': default: $msg = sprintf(T_('Successfully Saved User: %s'), $row->name); mosRedirect('index2.php?option=com_users', $msg); break; } }
function saveUser($task) { global $database, $my, $acl; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; josSpoofCheck(); $userIdPosted = mosGetParam($_POST, 'id'); if ($userIdPosted) { $msg = checkUserPermissions(array($userIdPosted), 'save', in_array($my->gid, array(24, 25))); if ($msg) { echo "<script type=\"text/javascript\"> alert('" . $msg . "'); window.history.go(-1);</script>\n"; exit; } } $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); // sanitise fields $row->id = (int) $row->id; // sanitise gid field $row->gid = (int) $row->gid; $isNew = !$row->id; $pwd = ''; // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $salt = mosMakePassword(16); $crypt = md5($pwd . $salt); $row->password = $crypt . ':' . $salt; } else { $pwd = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($pwd . $salt); $row->password = $crypt . ':' . $salt; } $row->registerDate = date('Y-m-d H:i:s'); } else { $original = new mosUser($database); $original->load((int) $row->id); // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; } // if group has been changed and where original group was a Super Admin if ($row->gid != $original->gid) { if ($original->gid == 25) { // count number of active super admins $query = "SELECT COUNT( id )" . "\n FROM #__users" . "\n WHERE gid = 25" . "\n AND block = 0"; $database->setQuery($query); $count = $database->loadResult(); if ($count <= 1) { // disallow change if only one Super Admin exists echo "<script> alert('You cannot change this users Group as it is the only active Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } } $user_group = strtolower($acl->get_group_name($original->gid, 'ARO')); if ($user_group == 'super administrator' && $my->gid != 25) { // disallow change of super-Admin by non-super admin echo "<script> alert('You cannot change this users Group as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } else { if ($my->gid == 24 && $original->gid == 24) { // disallow change of super-Admin by non-super admin echo "<script> alert('You cannot change the Group of another Administrator as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } } // ensure user can't add group higher than themselves done below } } /* // if user is made a Super Admin group and user is NOT a Super Admin if ( $row->gid == 25 && $my->gid != 25 ) { // disallow creation of Super Admin by non Super Admin users echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; exit(); } */ // Security check to avoid creating/editing user to higher level than himself: response to artf4529. if (!in_array($row->gid, getGIDSChildren($my->gid))) { // disallow creation of Super Admin by non Super Admin users echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; exit; } // save usertype to usertype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = " . (int) $row->gid; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; // save params $params = mosGetParam($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); // updates the current users param settings if ($my->id == $row->id) { //session_start(); $_SESSION['session_user_params'] = $row->params; session_write_close(); } // update the ACL if (!$isNew) { $query = "SELECT aro_id" . "\n FROM #__core_acl_aro" . "\n WHERE value = " . (int) $row->id; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = " . (int) $row->gid . "\n WHERE aro_id = " . (int) $aro_id; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { $query = "SELECT email" . "\n FROM #__users" . "\n WHERE id = " . (int) $my->id; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = _NEW_USER_MESSAGE_SUBJECT; $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE gid = 25"; $database->setQuery($query); $admins = $database->loadObjectList(); $admin = $admins[0]; $adminName = $admin->name; $adminEmail = $admin->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } if (!$isNew) { // if group has been changed if ($original->gid != $row->gid) { // delete user acounts active sessions logoutUser($row->id, 'com_users', 'change'); } } switch ($task) { case 'apply': $msg = 'Successfully Saved changes to User: '******'index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg); break; case 'save': default: $msg = 'Successfully Saved User: '******'index2.php?option=com_users', $msg); break; } }
function saveUser($option) { global $database, $my; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = !$row->id; $pwd = ''; if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = md5($row->password); } } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // update the ACL if ($isNew) { } else { $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'"; $database->setQuery($query); $database->query() or die($database->stderr()); } $row->checkin(); if ($isNew) { $query = "SELECT email FROM #__users WHERE id={$my->id}"; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = _NEW_USER_MESSAGE_SUBJECT; $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email FROM #__users WHERE usertype='superadministrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row = $rows[0]; $adminName = $row->name; $adminEmail = $row->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); mosRedirect('index2.php?option=' . $option); }
/** * If table key (id) is NULL : inserts new rows * otherwise updates existing row in the database tables * * Can be overridden or overloaded by the child classes * * @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not. * @return boolean TRUE if successful otherwise FALSE */ function store( $updateNulls = false ) { global $_CB_framework, $_CB_database, $ueConfig; $this->id = (int) $this->id; if ( checkJversion() == 2 ) { $this->gids = ( is_array( $this->gids ) ? $this->gids : array( $this->gid ) ); $this->gid = (int) $_CB_framework->acl->getBackwardsCompatibleGid( $this->gids ); } else { $this->gid = (int) $this->gid; $this->gids = array( $this->gid ); } $isNew = ( $this->id == 0 ); $oldUsername = null; $oldGid = null; $oldBlock = null; //TOOD //FIXME Somehow the constructor does not get called in j1.6, so need to redo this here: if ( checkJversion() == 2 ) { $this->_cmsUserTableGid = 'usertype'; } if ( ! $isNew ) { // get actual username to update sessions in case: $sql = 'SELECT ' . $_CB_database->NameQuote( $this->_cmsUserTableUsername ) . ', ' . $_CB_database->NameQuote( $this->_cmsUserTableGid ) . ', ' . $_CB_database->NameQuote( 'block' ) . ' FROM ' . $_CB_database->NameQuote( $this->_cmsUserTable ) . ' WHERE ' . $_CB_database->NameQuote( $this->_cmsUserTableKey ) . ' = ' . (int) $this->user_id; $_CB_database->setQuery( $sql ); $oldEntry = null; if ( $_CB_database->loadObject( $oldEntry ) ) { $oldUsername = $oldEntry->username; if ( checkJversion() == 2 ) { $oldGids = array_values( (array) JFactory::getUser( $this->id )->groups ); $oldGid = (int) $_CB_framework->acl->getBackwardsCompatibleGid( $oldGids ); } else { $oldGid = (int) $oldEntry->gid; $oldGids = array( $oldEntry->gid ); } $oldBlock = $oldEntry->block; } } // insure usertype is in sync with gid: /* * This could be a better method: if ( checkJversion() == 1 ) { $gdataArray = $_CB_framework->acl->get_group_data( (int) $this->gid, 'ARO' ); if ( $gdataArray ) { $this->usertype = $gdataArray[3]; } else { user_error( sprintf( 'comprofilerUser::store: gacl:get_group_data: for user_id %d, name of group_id %d not found in acl groups table.', $this->id, $this->gid ), E_USER_WARNING ); $this->usertype = 'Registered'; } } else { $this->usertype = $_CB_framework->acl->get_group_name( (int) $gid, 'ARO' ); } */ if ( checkJversion() == 2 ) { $query = 'SELECT title AS name' . "\n FROM #__usergroups" . "\n WHERE id = " . (int) $this->gid ; } elseif ( checkJversion() == 1 ) { $query = 'SELECT name' . "\n FROM #__core_acl_aro_groups" . "\n WHERE id = " . (int) $this->gid ; } else { $query = 'SELECT name' . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = " . (int) $this->gid ; } $_CB_database->setQuery( $query ); $this->usertype = $_CB_database->loadResult(); // creates CMS and CB objects: $this->_mapUsers(); // remove the previous email set in bindSafely() and needed for checkSafely(): unset( $this->_original_email ); // stores first into CMS to get id of user if new: if ( is_callable( array( $this->_cmsUser, 'store' ) ) ) { $result = $this->_cmsUser->store( $updateNulls ); if ( ! $result ) { $this->_error = $this->_cmsUser->getError(); } } else { if ( checkJversion() == 2 ) { $this->_cmsUser->groups = $this->gids; } $result = $this->_cmsUser->save(); // Joomla 1.5 native if ( ! $result ) { $this->_error = $this->_cmsUser->getError(); if ( class_exists( 'JText' ) ) { $this->_error = JText::_( $this->_error ); } } } if ( $result ) { // synchronize id and user_id: if ( $isNew ) { if ( $this->_cmsUser->id == 0 ) { // this is only for mambo 4.5.0 backwards compatibility. 4.5.2.3 $row->store() updates id on insert $sql = 'SELECT ' . $_CB_database->NameQuote( $this->_cmsUserTableKey ) . ' FROM ' . $_CB_database->NameQuote( $this->_cmsUserTable ) . ' WHERE ' . $_CB_database->NameQuote( $this->_cmsUserTableUsername ) . ' = ' . $_CB_database->Quote( $this->username); $_CB_database->setQuery( $sql ); $this->_cmsUser->id = (int) $_CB_database->loadResult(); } $this->id = $this->_cmsUser->id; $this->_comprofilerUser->id = $this->_cmsUser->id; } if ( ( $this->confirmed == 0 ) && ( $this->cbactivation == '' ) && ( $ueConfig['reg_confirmation'] != 0 ) ) { $this->_setActivationCode(); } // stores CB user into comprofiler: if new, inserts, otherwise updates: if ( $this->user_id == 0 ) { $this->user_id = $this->_cmsUser->id; $this->_comprofilerUser->user_id = $this->user_id; $result = $this->_comprofilerUser->storeNew( $updateNulls ); } else { $result = $this->_comprofilerUser->store( $updateNulls ); } if ( ! $result ) { $this->_error = $this->_comprofilerUser->getError(); } } if ( $result ) { // update the ACL: if ( checkJversion() == 2 ) { $query = 'SELECT m.id AS aro_id, a.group_id FROM #__user_usergroup_map AS a' . "\n INNER JOIN #__usergroups AS m ON m.id= a.group_id" . "\n WHERE a.user_id = " . (int) $this->id ; } elseif ( checkJversion() == 1 ) { $query = 'SELECT a.id AS aro_id, m.group_id FROM #__core_acl_aro AS a' . "\n INNER JOIN #__core_acl_groups_aro_map AS m ON m.aro_id = a.id" . "\n WHERE a.value = " . (int) $this->id ; } else { $query = 'SELECT a.aro_id, m.group_id FROM #__core_acl_aro AS a' . "\n INNER JOIN #__core_acl_groups_aro_map AS m ON m.aro_id = a.aro_id" . "\n WHERE a.value = " . (int) $this->id ; } $_CB_database->setQuery( $query ); $aro_group = null; $result = $_CB_database->loadObject( $aro_group ); if ( $result && ( $aro_group->group_id != $this->gid ) ) { if ( checkJversion() == 2 ) { // $query = 'UPDATE #__user_usergroup_map' // . "\n SET group_id = " . (int) $this->gid // . "\n WHERE user_id = " . (int) $this->id // . ( $oldGid ? "\n AND group_id = " . (int) $oldGid : null ) // ; // $_CB_database->setQuery( $query ); // $result = $_CB_database->query(); } else { $query = 'UPDATE #__core_acl_groups_aro_map' . "\n SET group_id = " . (int) $this->gid . "\n WHERE aro_id = " . (int) $aro_group->aro_id ; $_CB_database->setQuery( $query ); $result = $_CB_database->query(); } } if ( $result && ( ! $isNew ) && ( ( $oldUsername != $this->username ) || ( $aro_group->group_id != $this->gid ) || ( $oldGid != $this->gid ) || ( ( $oldBlock == 0 ) && ( $this->block == 1 ) ) ) ) { // Update current sessions state if there is a change in gid or in username: if ( $this->block == 0 ) { $sessionGid = 1; if ( $_CB_framework->acl->is_group_child_of( $this->usertype, 'Registered', 'ARO' ) || $_CB_framework->acl->is_group_child_of( $this->usertype, 'Public Backend', 'ARO' ) ) { // Authors, Editors, Publishers and Super Administrators are part of the Special Group: $sessionGid = 2; } $query = 'UPDATE #__session ' . "\n SET usertype = " . $_CB_database->Quote( $this->usertype ); if ( checkJversion() <= 1 ) { $query .= ', gid = ' . (int) $sessionGid; } $query .= ', username = ' . $_CB_database->Quote( $this->username ) . "\n WHERE userid = " . (int) $this->id ; //TBD: here maybe jaclplus fields update if JACLplus installed.... $_CB_database->setQuery( $query ); $result = $_CB_database->query(); } else { // logout user now that user login has been blocked: if ( $_CB_framework->myId() == $this->id ) { $_CB_framework->logout(); } $_CB_database->setQuery( "DELETE FROM #__session WHERE userid = " . (int) $this->id ); //TBD: check if this is enough for J 1.5 $result = $_CB_database->query(); } } if ( ! $result ) { $this->_error = $_CB_database->stderr(); return false; } } return $result; }
function saveUser($option) { global $database, $my; global $mosConfig_live_site; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = !$row->id; $pwd = ''; if ($isNew) { //extended user stuff $row->user_id = $row->id; // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = md5($row->password); } } $row->registerDate = date("Y-m-d H:i:s"); if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // update the ACL if ($isNew) { } else { $database->setQuery("SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"); $aro_id = $database->loadResult(); $database->setQuery("UPDATE #__core_acl_groups_aro_map" . "\nSET group_id = '{$row->gid}'" . "\nWHERE aro_id = '{$aro_id}'"); $database->query() or die($database->stderr()); } $row->checkin(); if ($isNew) { $database->setQuery("SELECT email FROM #__users WHERE id={$my->id}"); $adminEmail = $database->loadResult(); $subject = "New User Details"; $message = "Hello {$row->name},\r \n \r \n"; $message .= "You have been added as a user to {$mosConfig_live_site} by an Administrator.\r \n"; $message .= "This email contains your username and password to log into the {$mosConfig_live_site} site:\r \n \r \n"; $message .= "Username - {$row->username}\r \n"; $message .= "Password - {$pwd}\r \n \r \n \r \n"; $message .= "Please do not respond to this message as it is automatically generated and is for information purposes only\r \n"; $headers .= "From: {$adminEmail}\r\n"; $headers .= "Reply-To: {$adminEmail}\r\n"; $headers .= "X-Priority: 3\r\n"; $headers .= "X-MSMail-Priority: Low\r\n"; $headers .= "X-Mailer: Mambo Open Source 4.5\r\n"; mail($row->email, $subject, $message, $headers); } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); $row = null; $row = new mosUser_Extended($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->storeExtended(0)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } mosRedirect("index2.php?option={$option}"); }