public function __construct($method, &$username, &$userpass) { $this->e107 = e107::getInstance(); $newvals = array(); if ($method == 'none') { $this->loginResult = AUTH_NOCONNECT; return; } require_once e_PLUGIN . 'alt_auth/' . $method . '_auth.php'; $_login = new auth_login(); if (isset($_login->Available) && $_login->Available === FALSE) { // Relevant auth method not available (e.g. PHP extension not loaded) $this->loginResult = AUTH_NOT_AVAILABLE; return; } $login_result = $_login->login($username, $userpass, $newvals, FALSE); if ($login_result === AUTH_SUCCESS) { require_once e_HANDLER . 'user_handler.php'; require_once e_HANDLER . 'validator_class.php'; if (MAGIC_QUOTES_GPC == FALSE) { $username = mysql_real_escape_string($username); } $username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username); $username = substr($username, 0, e107::getPref('loginname_maxlength')); $aa_sql = e107::getDb('aa'); $userMethods = new UserHandler(); $db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass, $username))); $xFields = array(); // Possible extended user fields // See if any of the fields need processing before save if (isset($_login->copyMethods) && count($_login->copyMethods)) { foreach ($newvals as $k => $v) { if (isset($_login->copyMethods[$k])) { $newvals[$k] = $this->translate($_login->copyMethods[$k], $v); if (AA_DEBUG1) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth convert", $k . ': ' . $v . '=>' . $newvals[$k], FALSE, LOG_TO_ROLLING); } } } } foreach ($newvals as $k => $v) { if (strpos($k, 'x_') === 0) { // Extended field $k = substr($k, 2); $xFields['user_' . $k] = $v; } else { // Normal user table if (strpos($k, 'user_' !== 0)) { $k = 'user_' . $k; } // translate the field names (but latest handlers don't need translation) $db_vals[$k] = $v; } } $ulogin = new userlogin(); if (count($xFields)) { // We're going to have to do something with extended fields as well - make sure there's an object require_once e_HANDLER . 'user_extended_class.php'; $ue = new e107_user_extended(); $q = $qry = "SELECT u.user_id,u." . implode(',u.', array_keys($db_vals)) . ", ue.user_extended_id, ue." . implode(',ue.', array_keys($xFields)) . " FROM `#user` AS u\n\t\t\t\t\t\tLEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id\n\t\t\t\t\t\tWHERE " . $ulogin->getLookupQuery($username, FALSE, 'u.'); if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Query: {$qry}[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } } else { $qry = "SELECT * FROM `#user` WHERE " . $ulogin->getLookupQuery($username, FALSE); } if ($aa_sql->db_Select_gen($qry)) { // Existing user - get current data, see if any changes $row = $aa_sql->db_Fetch(MYSQL_ASSOC); foreach ($db_vals as $k => $v) { if ($row[$k] == $v) { unset($db_vals[$k]); } } if (count($db_vals)) { $newUser = array(); $newUser['data'] = $db_vals; validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser); $newUser['WHERE'] = '`user_id`=' . $row['user_id']; $aa_sql->db_Update('user', $newUser); if (AA_DEBUG1) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data update: " . print_r($newUser, TRUE), FALSE, LOG_TO_ROLLING); } } foreach ($xFields as $k => $v) { if ($row[$k] == $v) { unset($xFields[$k]); } } if (AA_DEBUG1) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data read: " . print_r($row, TRUE) . "[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd read: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } if (count($xFields)) { $xArray = array(); $xArray['data'] = $xFields; if ($row['user_extended_id']) { $ue->addFieldTypes($xArray); // Add in the data types for storage $xArray['WHERE'] = '`user_extended_id`=' . intval($row['user_id']); if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd update: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } $aa_sql->db_Update('user_extended', $xArray); } else { // Never been an extended user fields record for this user $xArray['data']['user_extended_id'] = $row['user_id']; $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Write new extended record" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } $aa_sql->db_Insert('user_extended', $xArray); } } } else { // Just add a new user if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Add new user: "******"[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING); } if (!isset($db_vals['user_name'])) { $db_vals['user_name'] = $username; } if (!isset($db_vals['user_loginname'])) { $db_vals['user_loginname'] = $username; } if (!isset($db_vals['user_join'])) { $db_vals['user_join'] = time(); } $db_vals['user_class'] = e107::getPref('initial_user_classes'); if (!isset($db_vals['user_signature'])) { $db_vals['user_signature'] = ''; } if (!isset($db_vals['user_prefs'])) { $db_vals['user_prefs'] = ''; } if (!isset($db_vals['user_perms'])) { $db_vals['user_perms'] = ''; } $userMethods->userClassUpdate($db_vals, 'userall'); $newUser = array(); $newUser['data'] = $db_vals; $userMethods->addNonDefaulted($newUser); validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser); $newID = $aa_sql->db_Insert('user', $newUser); if ($newID !== FALSE) { if (count($xFields)) { $xFields['user_extended_id'] = $newID; $xArray = array(); $xArray['data'] = $xFields; $ue->addDefaultFields($xArray); // Add in the data types for storage, plus any default values $result = $aa_sql->db_Insert('user_extended', $xArray); if (AA_DEBUG) { $this->e107->admin_log->e_log_event(10, debug_backtrace(), 'DEBUG', 'Alt auth login', "Add extended: UID={$newID} result={$result}", FALSE, LOG_TO_ROLLING); } } } else { // Error adding user to database - possibly a conflict on unique fields $this->e107->admin_log->e_log_event(10, __FILE__ . '|' . __FUNCTION__ . '@' . __LINE__, 'ALT_AUTH', 'Alt auth login', 'Add user fail: DB Error ' . $aa_sql->getLastErrorText() . "[!br!]" . print_r($db_vals, TRUE), FALSE, LOG_TO_ROLLING); $this->loginResult = LOGIN_DB_ERROR; return; } } $this->loginResult = LOGIN_CONTINUE; return; } else { // Failure modes switch ($login_result) { case AUTH_NOCONNECT: if (varset(e107::getPref('auth_noconn'), TRUE)) { $this->loginResult = LOGIN_TRY_OTHER; return; } $username = md5('xx_noconn_xx'); $this->loginResult = LOGIN_ABORT; return; case AUTH_BADPASSWORD: if (varset(e107::getPref('auth_badpassword'), TRUE)) { $this->loginResult = LOGIN_TRY_OTHER; return; } $userpass = md5('xx_badpassword_xx'); $this->loginResult = LOGIN_ABORT; // Not going to magically be able to log in! return; } } $this->loginResult = LOGIN_ABORT; // catch-all just in case return; }
} $redirect->redirect($to); } unset($_POST); } if ($error) { // require_once (e_HANDLER.'message_handler.php'); $temp = array(); if (count($extraErrors)) { $temp[] = implode('<br />', $extraErrors); } if (count($allData['errors'])) { $temp[] = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo); } if (vartrue($eufVals['errors'])) { $temp[] = '<br />' . validatorClass::makeErrorList($eufVals, 'USER_ERR_', '%n - %x - %t: %v', '<br />', NULL); } // message_handler('P_ALERT', implode('<br />', $temp)); $errorMsg = implode('<br />', $temp); if (deftrue('BOOTSTRAP')) { echo e107::getMessage()->addError($errorMsg)->render(); } else { $ns->tablerender($caption, $message); } // $adref = $_POST['adminreturn']; } // --- User data has been updated here if appropriate --- $testSessionMessage = e107::getMessage()->get(E_MESSAGE_SUCCESS, 'default', true); // only success in the session if ($testSessionMessage) { $message = implode('<br />', $testSessionMessage);
private function processActivationLink() { global $userMethods; $sql = e107::getDb(); $tp = e107::getParser(); $ns = e107::getRender(); $log = e107::getLog(); $pref = e107::pref('core'); $qs = explode('.', e_QUERY); if ($qs[0] == 'activate' && (count($qs) == 3 || count($qs) == 4) && $qs[2]) { // FIXME TODO use generic multilanguage selection => e107::coreLan(); // return the message in the correct language. if (isset($qs[3]) && strlen($qs[3]) == 2) { require_once e_HANDLER . 'language_class.php'; $slng = new language(); $the_language = $slng->convert($qs[3]); if (is_readable(e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE)) { include e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE; } else { include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); } } else { include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); } e107::getCache()->clear("online_menu_totals"); if ($sql->select("user", "*", "user_sess='" . $tp->toDB($qs[2], true) . "' ")) { if ($row = $sql->fetch()) { $dbData = array(); $dbData['WHERE'] = " user_sess='" . $tp->toDB($qs[2], true) . "' "; $dbData['data'] = array('user_ban' => '0', 'user_sess' => ''); // Set initial classes, and any which the user can opt to join if ($init_class = $userMethods->userClassUpdate($row, 'userfull')) { //print_a($init_class); exit; $dbData['data']['user_class'] = $init_class; } $userMethods->addNonDefaulted($dbData); validatorClass::addFieldTypes($userMethods->userVettingInfo, $dbData); $newID = $sql->update('user', $dbData); if ($newID === false) { $log->e_log_event(10, debug_backtrace(), 'USER', 'Verification Fail', print_r($row, true), false, LOG_TO_ROLLING); $ns->tablerender(LAN_SIGNUP_75, LAN_SIGNUP_101); return false; } // Log to user audit log if enabled $log->user_audit(USER_AUDIT_EMAILACK, $row); e107::getEvent()->trigger('userveri', $row); // Legacy event e107::getEvent()->trigger('user_signup_activated', $row); e107::getEvent()->trigger('userfull', $row); // 'New' event if (varset($pref['autologinpostsignup'])) { require_once e_HANDLER . 'login.php'; $usr = new userlogin(); $usr->login($row['user_loginname'], md5($row['user_name'] . $row['user_password'] . $row['user_join']), 'signup', ''); } $text = "<div class='alert alert-success'>" . LAN_SIGNUP_74 . " <a href='index.php'>" . LAN_SIGNUP_22 . "</a> " . LAN_SIGNUP_23 . "<br />" . LAN_SIGNUP_24 . " " . SITENAME . "</div>"; $ns->tablerender(LAN_SIGNUP_75, $text); } } else { // Invalid activation code $log->e_log_event(10, debug_backtrace(), 'USER', 'Invalid Verification URL', print_r($qs, true), false, LOG_TO_ROLLING); echo e107::getMessage()->addError("Invalid URL")->render(); // header("location: ".e_BASE."index.php"); return false; } } }
if (isset($_POST['update_settings'])) { if ($_POST['ac'] == md5(ADMINPWCHANGE)) { $userData = array(); $userData['data'] = array(); if ($_POST['a_password'] != '' && $_POST['a_password2'] != '' && $_POST['a_password'] == $_POST['a_password2']) { $userData['data']['user_password'] = $sql->escape($userMethods->HashPassword($_POST['a_password'], $currentUser['user_loginname']), FALSE); unset($_POST['a_password']); unset($_POST['a_password2']); if (vartrue($pref['allowEmailLogin'])) { $user_prefs = e107::getArrayStorage()->unserialize($currentUser['user_prefs']); $user_prefs['email_password'] = $userMethods->HashPassword($new_pass, $email); $userData['data']['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs); } $userData['data']['user_pwchange'] = time(); $userData['WHERE'] = 'user_id=' . USERID; validatorClass::addFieldTypes($userMethods->userVettingInfo, $userData, $userMethods->otherFieldTypes); $check = $sql->update('user', $userData); if ($check) { e107::getLog()->add('ADMINPW_01', '', E_LOG_INFORMATIVE, ''); $userMethods->makeUserCookie(array('user_id' => USERID, 'user_password' => $userData['data']['user_password']), FALSE); // Can't handle autologin ATM $mes->addSuccess(UDALAN_3 . " " . ADMINNAME); e107::getEvent()->trigger('adpword'); //@deprecated $eventData = array('user_id' => USERID, 'user_pwchange' => $userData['data']['user_pwchange']); e107::getEvent()->trigger('admin_password_update', $eventData); $ns->tablerender(UDALAN_2, $mes->render()); } else { $mes->addError(UDALAN_1 . ' ' . LAN_UPDATED_FAILED); $ns->tablerender(LAN_UPDATED_FAILED, $mes->render()); }
} $allData['data']['user_password'] = $userMethods->HashPassword($savePassword, $allData['data']['user_loginname']); if (varsettrue($pref['allowEmailLogin'])) { // Need to create separate password for email login $allData['data']['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email']))); } $allData['data']['user_join'] = time(); $allData['data']['user_ip'] = e107::getIPHandler()->getIP(FALSE); // The user_class, user_perms, user_prefs, user_realm fields don't have default value, // so we put apropriate ones, otherwise - broken DB Insert $allData['data']['user_class'] = ''; $allData['data']['user_perms'] = ''; $allData['data']['user_prefs'] = ''; $allData['data']['user_realm'] = ''; // Actually write data to DB validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData); $nid = $sql->db_Insert('user', $allData); if (isset($eufVals['data']) && count($eufVals['data'])) { $usere->addFieldTypes($eufVals); // Add in the data types for storage $eufVals['WHERE'] = '`user_extended_id` = ' . intval($nid); //$usere->addDefaultFields($eufVals); // Add in defaults for anything not explicitly set (commented out for now - will slightly modify behaviour) $sql->db_Select_gen("INSERT INTO `#user_extended` (user_extended_id) values ('{$nid}')"); $sql->db_Update('user_extended', $eufVals); } if (SIGNUP_DEBUG) { $admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Signup new user", array_merge($allData['data'], $eufVals), FALSE, LOG_TO_ROLLING); } // Log to user audit log if enabled $signup_data['user_id'] = $nid; $signup_data['signup_key'] = $u_key;
/** * Quick Add user submit trigger */ public function AddSubmitTrigger() { $e107cache = e107::getCache(); $userMethods = e107::getUserSession(); $mes = e107::getMessage(); $sql = e107::getDb(); $e_event = e107::getEvent(); $admin_log = e107::getAdminLog(); if (!$_POST['ac'] == md5(ADMINPWCHANGE)) { exit; } $e107cache->clear('online_menu_member_total'); $e107cache->clear('online_menu_member_newest'); $error = false; if (isset($_POST['generateloginname'])) { $_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']); } $_POST['password2'] = $_POST['password1'] = $_POST['password']; // Now validate everything $allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true); // Fix Display and user name if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) { if ($allData['data']['user_name'] != $allData['data']['user_loginname']) { $allData['data']['user_name'] = $allData['data']['user_loginname']; $mes->addWarning(str_replace('[x]', $allData['data']['user_loginname'], USRLAN_237)); //$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT; } } // Do basic validation validatorClass::checkMandatory('user_name, user_loginname', $allData); // Check for missing fields (email done in userValidation() ) validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0); // Do basic DB-related checks $userMethods->userValidation($allData); // Do user-specific DB checks if (!isset($allData['errors']['user_password'])) { // No errors in password - keep it outside the main data array $savePassword = $allData['data']['user_password']; // Delete the password value in the output array unset($allData['data']['user_password']); } // Restrict the scope of this unset($_POST['password2'], $_POST['password1']); if (count($allData['errors'])) { $temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo); $mes->addError($temp); $error = true; } // Always save some of the entered data - then we can redisplay on error $user_data =& $allData['data']; if ($error) { $this->setParam('user_data', $user_data); return; } if (varset($_POST['perms'])) { $allData['data']['user_admin'] = 1; $allData['data']['user_perms'] = implode('.', $_POST['perms']); } $user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']); $user_data['user_join'] = time(); if ($userMethods->needEmailPassword()) { // Save separate password encryption for use with email address $user_prefs = e107::getArrayStorage()->unserialize($user_data['user_prefs']); $user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $user_data['user_email']); $user_data['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs); unset($user_prefs); } $userMethods->userClassUpdate($allData['data'], 'userall'); //FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later) $allData['data']['user_realm'] = ''; // Set any initial classes $userMethods->addNonDefaulted($user_data); validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData); $userid = $sql->insert('user', $allData); if ($userid) { $sysuser = e107::getSystemUser(false, false); $sysuser->setData($allData['data']); $sysuser->setId($userid); $user_data['user_id'] = $userid; // Add to admin log e107::getLog()->add('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE); // Add to user audit trail e107::getLog()->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']); e107::getEvent()->trigger('userfull', $user_data); e107::getEvent()->trigger('admin_user_created', $user_data); // send everything available for user data - bit sparse compared with user-generated signup if (isset($_POST['sendconfemail'])) { $check = false; // Send confirmation email to user switch ((int) $_POST['sendconfemail']) { case 0: // activate, don't notify $check = -1; break; case 1: // activate and send password $check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => USRLAN_238)); break; case 2: // require activation and send password and activation link $sysuser->set('user_ban', 2)->set('user_sess', e_user_model::randomKey())->save(); $check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => SITEURL . "signup.php?activate." . $sysuser->getId() . "." . $sysuser->getValue('sess'))); break; } if ($check && $check !== -1) { $mes->addSuccess(USRLAN_188); } elseif (!$check) { $mes->addError(USRLAN_189); } } // $message = str_replace('--NAME--', htmlspecialchars($user_data['user_name'], ENT_QUOTES, CHARSET), USRLAN_174); $message = USRLAN_172; $mes->addSuccess($message)->addSuccess(USRLAN_128 . ': <strong>' . htmlspecialchars($user_data['user_loginname'], ENT_QUOTES, CHARSET) . '</strong>'); $mes->addSuccess(LAN_PASSWORD . ': <strong>' . htmlspecialchars($savePassword, ENT_QUOTES, CHARSET) . '</strong>'); return; } else { $mes->addError(LAN_CREATED_FAILED); $mes->addError($sql->getLastErrorText()); } }
function user_activate($userid) { global $sql, $e_event, $admin_log, $userMethods; $uid = intval($userid); if ($sql->db_Select("user", "*", "user_id='" . $uid . "' ")) { if ($row = $sql->db_Fetch()) { $dbData = array(); $dbData['WHERE'] = "user_id=" . $uid; $dbData['data'] = array('user_ban' => '0', 'user_sess' => ''); // Add in the initial classes as necessary if ($userMethods->userClassUpdate($row, 'userall')) { $dbData['data']['user_class'] = $row['user_class']; } $userMethods->addNonDefaulted($dbData); validatorClass::addFieldTypes($userMethods->userVettingInfo, $dbData); $sql->db_Update('user', $dbData); $admin_log->log_event('USET_10', str_replace(array('--UID--', '--NAME--'), array($row['user_id'], $row['user_name']), USRLAN_166), E_LOG_INFORMATIVE); $e_event->trigger('userfull', $row); // 'New' event $this->show_message(USRLAN_86 . " (#" . $userid . " : " . $row['user_name'] . ")"); if (!$action) { $action = "main"; } if (!$sub_action) { $sub_action = "user_id"; } if (!$id) { $id = "DESC"; } if ($pref['user_reg_veri'] == 2) { if ($sql->db_Select("user", "user_email, user_name", "user_id = '{$uid}'")) { $row = $sql->db_Fetch(); $message = USRLAN_114 . " " . $row['user_name'] . ",\n\n" . USRLAN_122 . " " . SITENAME . ".\n\n" . USRLAN_123 . "\n\n"; $message .= str_replace("{SITEURL}", SITEURL, USRLAN_139); require_once e_HANDLER . "mail.php"; if (sendemail($row['user_email'], USRLAN_113 . " " . SITENAME, $message)) { // echo str_replace("\n","<br>",$message); $this->show_message("Email sent to: " . $row['user_name']); } else { $this->show_message("Failed to send to: " . $row['user_name'], 'error'); } } } } } }