/** * This function allows the administrator to import batches of users * * TODO: This function should first display the users that are to be imported, * together with the invalid users and the reason of invalidity. Each valid line * should have a checkbox that allows selection of final to be imported users. * After clicking an extra button, the actual import should take place. This will * prevent problems in case the list formatting is incorrect. * * @return string HTML with success or error message * */ function importusers() { global $_CONF, $_TABLES, $LANG04, $LANG28; // Setting this to true will cause import to print processing status to // webpage and to the error.log file $verbose_import = true; $retval = ''; // Bulk import implies admin authorisation: $_CONF['usersubmission'] = 0; // First, upload the file require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); $upload->setPath($_CONF['path_data']); $upload->setAllowedMimeTypes(array('text/plain' => '.txt')); $upload->setFileNames('user_import_file.txt'); if ($upload->uploadFiles()) { // Good, file got uploaded, now install everything $thefile = current($_FILES); $filename = $_CONF['path_data'] . 'user_import_file.txt'; if (!file_exists($filename)) { // empty upload form $retval = COM_refresh($_CONF['site_admin_url'] . '/user.php?mode=importform'); return $retval; } } else { // A problem occurred, print debug information $retval = COM_showMessageText($upload->printErrors(false), $LANG28[24]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22])); return $retval; } $users = file($filename); $retval .= COM_startBlock($LANG28[31], '', COM_getBlockTemplate('_admin_block', 'header')); // Following variables track import processing statistics $successes = 0; $failures = 0; foreach ($users as $line) { $line = rtrim($line); if (empty($line)) { continue; } list($full_name, $u_name, $email) = explode("\t", $line); $full_name = strip_tags($full_name); $u_name = COM_applyFilter($u_name); $email = COM_applyFilter($email); if ($verbose_import) { $retval .= "<br" . XHTML . "><b>Working on username={$u_name}, fullname={$full_name}, and email={$email}</b><br" . XHTML . ">\n"; COM_errorLog("Working on username={$u_name}, fullname={$full_name}, and email={$email}", 1); } // prepare for database $userName = trim($u_name); $fullName = trim($full_name); $emailAddr = trim($email); if (COM_isEmail($email)) { // email is valid form $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($userName)); $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($emailAddr)); if ($ucount == 0 && $ecount == 0) { // user doesn't already exist - pass in optional true for $batchimport parm $uid = USER_createAccount($userName, $emailAddr, '', $fullName, '', '', '', true); $result = USER_createAndSendPassword($userName, $emailAddr, $uid); if ($result) { $successes++; if ($verbose_import) { $retval .= "<br" . XHTML . "> Account for <b>{$u_name}</b> created successfully.<br" . XHTML . ">\n"; COM_errorLog("Account for {$u_name} created successfully", 1); } } else { // user creation failed $retval .= "<br" . XHTML . ">ERROR: There was a problem creating the account for <b>{$u_name}</b>.<br" . XHTML . ">\n"; COM_errorLog("ERROR: here was a problem creating the account for {$u_name}.", 1); } } else { if ($verbose_import) { $retval .= "<br" . XHTML . "><b>{$u_name}</b> or <b>{$email}</b> already exists, account not created.<br" . XHTML . ">\n"; // user already exists COM_errorLog("{$u_name},{$email}: username or email already exists, account not created", 1); } $failures++; } // end if $ucount == 0 && ecount == 0 } else { if ($verbose_import) { $retval .= "<br" . XHTML . "><b>{$email}</b> is not a valid email address, account not created<br" . XHTML . ">\n"; // malformed email COM_errorLog("{$email} is not a valid email address, account not created", 1); } $failures++; } // end if COM_isEmail($email) } // end foreach unlink($filename); $retval .= '<p>' . sprintf($LANG28[32], $successes, $failures); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[24])); return $retval; }
/** * Check to see if we can authenticate this user with a remote server * A user has not managed to login localy, but has an @ in their user * name and we have enabled distributed authentication. Firstly, try to * see if we have cached the module that we used to authenticate them * when they signed up (i.e. they've actualy changed their password * elsewhere and we need to synch.) If not, then try to authenticate * them with /every/ authentication module. If this suceeds, create * a user for them. * * @param string $loginname Their username * @param string $passwd The password entered * @param string $service The service portion of $username * @param string $uid OUTPUT parameter, pass it by ref to get uid back. * @return int user status, -1 for fail. */ function SEC_remoteAuthentication(&$loginname, $passwd, $service, &$uid) { global $_CONF, $_TABLES; /* First try a local cached login */ $remoteusername = DB_escapeString($loginname); $remoteservice = DB_escapeString($service); $result = DB_query("SELECT passwd, status, uid FROM {$_TABLES['users']} WHERE remoteusername='******' AND remoteservice='{$remoteservice}'"); $tmp = DB_error(); $nrows = DB_numRows($result); if ($tmp == 0 && $nrows == 1) { $U = DB_fetchArray($result); $uid = $U['uid']; $mypass = $U['passwd']; // also used to see if the user existed later. if ($mypass == SEC_encryptPassword($passwd)) { /* Valid password for cached user, return status */ return $U['status']; } } $service = COM_sanitizeFilename($service); $servicefile = $_CONF['path_system'] . 'classes/authentication/' . $service . '.auth.class.php'; if (file_exists($servicefile)) { require_once $servicefile; $authmodule = new $service(); if ($authmodule->authenticate($loginname, $passwd)) { /* check to see if they have logged in before: */ if (empty($mypass)) { // no such user, create them // Check to see if their remoteusername is unique locally $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'"); if (!empty($checkName)) { // no, call custom function. if (function_exists('CUSTOM_uniqueRemoteUsername')) { $loginname = CUSTOM_uniqueRemoteUsername($loginname, $service); } } USER_createAccount($loginname, $authmodule->email, $passwd, $authmodule->fullname, $authmodule->homepage, $remoteusername, $remoteservice); $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$remoteservice}'"); // Store full remote account name: DB_query("UPDATE {$_TABLES['users']} SET remoteusername='******', remoteservice='{$remoteservice}', status=3 WHERE uid='{$uid}'"); // Add to remote users: $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ({$remote_grp}, {$uid})"); return 3; // Remote auth precludes usersubmission, // and integrates user activation, see? } else { // user existed, update local password: DB_change($_TABLES['users'], 'passwd', SEC_encryptPassword($passwd), array('remoteusername', 'remoteservice'), array($remoteusername, $remoteservice)); // and return their status return DB_getItem($_TABLES['users'], 'status', "remoteusername='******' AND remoteservice='{$remoteservice}'"); } } else { return -1; } } else { return -1; } }
function createuser() { global $_CONF, $_TABLES, $LANG01, $LANG04, $MESSAGE, $REMOTE_ADDR; $retval = ''; $retval = ''; $passwd = ''; $passwd_conf = ''; if ($_CONF['disable_new_user_registration']) { COM_setMsg($LANG04[122], 'error'); echo COM_refresh($_CONF['site_url']); } $email = isset($_POST['email']) ? COM_applyFilter($_POST['email']) : ''; $email_conf = isset($_POST['email_conf']) ? COM_applyFilter($_POST['email_conf']) : ''; $username = isset($_POST['username']) ? $_POST['username'] : ''; if (isset($_POST['passwd'])) { $passwd = trim($_POST['passwd']); } if (isset($_POST['passwd_conf'])) { $passwd_conf = trim($_POST['passwd_conf']); } $username = COM_truncate(trim($username), 48); if (!USER_validateUsername($username)) { $retval .= newuserform($LANG04[162]); return $retval; } $email = COM_truncate(trim($email), 96); $email_conf = trim($email_conf); if ($_CONF['registration_type'] == 1) { if (empty($passwd) || $passwd != $passwd_conf) { $retval .= newuserform($MESSAGE[67]); return $retval; } } $fullname = ''; if (!empty($_POST['fullname'])) { $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80); } if (!isset($_CONF['disallow_domains'])) { $_CONF['disallow_domains'] = ''; } if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 48) { $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username)); $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email)); if ($ucount == 0 and $ecount == 0) { // For glFusion, it would be okay to create this user now. But check // with a custom userform first, if one exists. if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $msg = CUSTOM_userCheck($username, $email); if (!empty($msg)) { // no, it's not okay with the custom userform $retval = CUSTOM_userForm($msg); return $retval; } } // Let plugins have a chance to decide what to do before creating the user, return errors. $spamCheckData = array('username' => $username, 'email' => $email, 'ip' => $REMOTE_ADDR); $msg = PLG_itemPreSave('registration', $spamCheckData); if (!empty($msg)) { $retval .= newuserform($msg); return $retval; } if ($_CONF['registration_type'] == 1 && !empty($passwd)) { $encryptedPasswd = SEC_encryptPassword($passwd); } else { $encryptedPasswd = ''; } $uid = USER_createAccount($username, $email, $encryptedPasswd, $fullname); if ($_CONF['usersubmission'] == 1) { if (DB_getItem($_TABLES['users'], 'status', "uid = " . (int) $uid) == USER_ACCOUNT_AWAITING_APPROVAL) { echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48'); } else { $retval = emailpassword($username, $passwd, 1); } } else { $retval = emailpassword($username, $passwd); } return $retval; } else { $retval .= newuserform($LANG04[19]); } } else { if ($email !== $email_conf) { $msg = $LANG04[125]; $retval .= newuserform($msg); } else { // invalid username or email address if (empty($username) || strlen($username) > 48) { $msg = $LANG01[32]; // invalid username } else { $msg = $LANG04[18]; // invalid email address } $retval .= newuserform($msg); } } return $retval; }
function doValidLogin($login) { global $_TABLES, $status, $uid; // Remote auth precludes usersubmission, // and integrates user activation, see?; $status = USER_ACCOUNT_ACTIVE; // PHP replaces "." with "_" $openid_identity = addslashes($this->query['openid_identity']); $openid_nickname = ''; if (isset($this->query['openid_sreg_nickname'])) { $openid_nickname = $this->query['openid_sreg_nickname']; } // Check if that account is already registered. $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'"); $tmp = DB_error(); $nrows = DB_numRows($result); if (!($tmp == 0) || !($nrows == 1)) { // First time login with this OpenID, creating account... if (empty($openid_nickname)) { $openid_nickname = $this->makeUsername($this->query['openid_identity']); } // we simply can't accept empty usernames ... if (empty($openid_nickname)) { COM_errorLog('Got an empty username for ' . $openid_identity); // not strictly correct - just to signal a failed login attempt $status = USER_ACCOUNT_DISABLED; $uid = 0; return; } // Ensure that remoteusername is unique locally. $openid_nickname = USER_uniqueUsername($openid_nickname); $openid_sreg_email = ''; if (isset($this->query['openid_sreg_email'])) { $openid_sreg_email = $this->query['openid_sreg_email']; } $openid_sreg_fullname = ''; if (isset($this->query['openid_sreg_fullname'])) { $openid_sreg_fullname = $this->query['openid_sreg_fullname']; } USER_createAccount($openid_nickname, $openid_sreg_email, '', $openid_sreg_fullname, '', $this->query['openid_identity'], 'openid'); $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice = 'openid'"); // Store full remote account name: DB_query("UPDATE {$_TABLES['users']} SET remoteusername = '******', remoteservice = 'openid', status = 3 WHERE uid = {$uid}"); // Add to remote users: $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})"); } else { $result = DB_query("SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******' AND remoteservice = 'openid'"); list($uid, $status) = DB_fetchArray($result); } }
public function doAction($info) { global $_TABLES, $status, $uid, $_CONF; // COM_errorLog("doAction() method ------------------"); // remote auth precludes usersubmission, and integrates user activation $status = USER_ACCOUNT_ACTIVE; $users = $this->_getCreateUserInfo($info); $userinfo = $this->_getUpdateUserInfo($info); $passwords = USER_createPassword(); $users['passwd2'] = $passwords['encrypted']; $sql = "SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******'remoteusername']}' AND remoteservice = '{$users['remoteservice']}'"; // COM_errorLog("sql={$sql}"); $result = DB_query($sql); $tmp = DB_error(); // COM_errorLog("DB_error={$tmp}"); $nrows = DB_numRows($result); // COM_errorLog("DB_numRows={$nrows}"); if (empty($tmp) && $nrows == 1) { list($uid, $status) = DB_fetchArray($result); // COM_errorLog("user found! uid={$uid} status={$status}"); } else { // COM_errorLog("user not found - creating new account"); // initial login - create account $status = USER_ACCOUNT_ACTIVE; // COM_errorLog("checking remoteuser login name for uniqueness"); $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'loginname']}'"); if (!empty($checkName)) { if ($checkName == $users['loginname']) { if (function_exists('CUSTOM_uniqueRemoteUsername')) { // COM_errorLog("CUSTOM_uniqueRemoteUserName function exists, calling it"); $users['loginname'] = CUSTOM_uniqueRemoteUsername($users['loginname'], $users['remoteservice']); } else { // COM_errorLog("loginname is not unique, using USER_uniqueUsername() to create one"); $users['loginname'] = USER_uniqueUsername($users['loginname']); } } } $uid = USER_createAccount($users['loginname'], $users['email'], $users['passwd2'], $users['fullname'], $users['homepage'], $users['remoteusername'], $users['remoteservice']); // COM_errorLog("after creation, uid={$uid}"); // COM_errorLog("updating users[]"); if (is_array($users)) { $this->_DBupdate_users($uid, $users); } // COM_errorLog("updating userinfo[]"); if (is_array($userinfo)) { $this->_DBupdate_userinfo($uid, $userinfo); } // COM_errorLog("adding uid={$uid} to Remote Users group"); $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})"); // usercreate after trigger if (method_exists($this, '_after_trigger')) { $this->_after_trigger($uid, $users, $userinfo); } } }
public function doAction($info) { global $_TABLES, $LANG04, $status, $uid, $_CONF, $checkMerge; $users = $this->_getCreateUserInfo($info); $userinfo = $this->_getUpdateUserInfo($info); $sql = "SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******'remoteusername']) . "' AND remoteservice = '" . DB_escapeString($users['remoteservice']) . "'"; $result = DB_query($sql); $tmp = DB_error(); $nrows = DB_numRows($result); if (empty($tmp) && $nrows == 1) { // existing user... list($uid, $status) = DB_fetchArray($result); $checkMerge = false; } else { if ($_CONF['disable_new_user_registration']) { echo COM_siteHeader(); echo $LANG04[122]; echo COM_siteFooter(); exit; } // initial login - create account $loginname = $users['loginname']; $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'"); if (!empty($checkName)) { if (function_exists('CUSTOM_uniqueRemoteUsername')) { $loginname = CUSTOM_uniqueRemoteUsername(loginname, $remoteservice); } if (strcasecmp($checkName, $loginname) == 0) { $loginname = USER_uniqueUsername($loginname); } } $users['loginname'] = $loginname; $uid = USER_createAccount($users['loginname'], $users['email'], '', $users['fullname'], $users['homepage'], $users['remoteusername'], $users['remoteservice']); if (is_array($users)) { $this->_DBupdate_users($uid, $users); } if (is_array($userinfo)) { $this->_DBupdate_userinfo($uid, $userinfo); } $status = DB_getItem($_TABLES['users'], 'status', 'uid=' . (int) $uid); $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})"); if (isset($users['socialuser'])) { $social_result = DB_query("SELECT * FROM {$_TABLES['social_follow_services']} WHERE service_name='" . DB_escapeString($users['socialservice']) . "' AND enabled=1"); if (DB_numRows($social_result) > 0) { $social_row = DB_fetchArray($social_result); $sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) "; $sql .= " VALUES (" . (int) $social_row['ssid'] . "," . $uid . ",'" . $users['socialuser'] . "');"; DB_query($sql, 1); } } if (isset($users['email']) && $users['email'] != '') { $sql = "SELECT * FROM {$_TABLES['users']} WHERE account_type = " . LOCAL_USER . " AND email='" . DB_escapeString($users['email']) . "' AND uid > 1"; $result = DB_query($sql); $numRows = DB_numRows($result); if ($numRows == 1) { $row = DB_fetchArray($result); $remoteUID = $uid; $localUID = $row['uid']; USER_mergeAccountScreen($remoteUID, $localUID); } } } }
public function doAction($info) { global $_TABLES, $status, $uid, $_CONF; // remote auth precludes usersubmission, and integrates user activation $status = USER_ACCOUNT_ACTIVE; $users = $this->_getCreateUserInfo($info); $userinfo = $this->_getUpdateUserInfo($info); $sql = "SELECT uid,status FROM {$_TABLES['users']} WHERE remoteusername = '******'remoteusername']) . "' AND remoteservice = '" . DB_escapeString($users['remoteservice']) . "'"; $result = DB_query($sql); $tmp = DB_error(); $nrows = DB_numRows($result); if (empty($tmp) && $nrows == 1) { list($uid, $status) = DB_fetchArray($result); } else { // initial login - create account $status = USER_ACCOUNT_ACTIVE; $loginname = $users['loginname']; $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'"); if (!empty($checkName)) { if (function_exists('CUSTOM_uniqueRemoteUsername')) { $loginname = CUSTOM_uniqueRemoteUsername(loginname, $remoteservice); } if (strcasecmp($checkName, $loginname) == 0) { $loginname = USER_uniqueUsername($loginname); } } $users['loginname'] = $loginname; $uid = USER_createAccount($users['loginname'], $users['email'], '', $users['fullname'], $users['homepage'], $users['remoteusername'], $users['remoteservice']); if (is_array($users)) { $this->_DBupdate_users($uid, $users); } if (is_array($userinfo)) { $this->_DBupdate_userinfo($uid, $userinfo); } $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$remote_grp}, {$uid})"); } }
/** * Creates a user * Creates a user with the give username and email address * * @param string $username username to create user for * @param string $email email address to assign to user * @param string $email_conf confirmation email address check * @return string HTML for the form again if error occurs, otherwise nothing. */ function createuser($username, $email, $email_conf) { global $_CONF, $_TABLES, $LANG01, $LANG04; $retval = ''; $username = trim($username); $email = trim($email); $email_conf = trim($email_conf); if (!isset($_CONF['disallow_domains'])) { $_CONF['disallow_domains'] = ''; } if (COM_isEmail($email) && !empty($username) && $email === $email_conf && !USER_emailMatches($email, $_CONF['disallow_domains']) && strlen($username) <= 16) { $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($username)); $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($email)); if ($ucount == 0 && $ecount == 0) { // For Geeklog, it would be okay to create this user now. But check // with a custom userform first, if one exists. if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // no, it's not okay with the custom userform $retval = COM_createHTMLDocument(CUSTOM_userForm($ret['string'])); return $retval; } } // Let plugins have a chance to decide what to do before creating the user, return errors. $msg = PLG_itemPreSave('registration', $username); if (!empty($msg)) { if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($msg); } else { $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); return $retval; } $uid = USER_createAccount($username, $email); if ($_CONF['usersubmission'] == 1) { if (DB_getItem($_TABLES['users'], 'status', "uid = {$uid}") == USER_ACCOUNT_AWAITING_APPROVAL) { COM_redirect($_CONF['site_url'] . '/index.php?msg=48'); } else { $retval = emailpassword($username, 1); } } else { $retval = emailpassword($username, 1); } return $retval; } else { if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($LANG04[19]); } else { $retval .= newuserform($LANG04[19]); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } } elseif ($email !== $email_conf) { $msg = $LANG04[125]; if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($msg); } else { $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } else { // invalid username or email address if (empty($username) || strlen($username) > 16) { $msg = $LANG01[32]; // invalid username } else { $msg = $LANG04[18]; // invalid email address } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { $retval .= CUSTOM_userForm($msg); } else { $retval .= newuserform($msg); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG04[22])); } return $retval; }