/**
* Triggered on loc_begin_index
*
* Perform user logout after registration if account locked and redirection to profile page is password renewal is set
*/
function PP_Init()
{
global $conf, $user;
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$conf_PP = unserialize($conf['PasswordPolicy']);
// Perfoming redirection for locked accounts
// -----------------------------------------
if (!is_a_guest() and $user['username'] != "16" and $user['username'] != "18") {
// Perform user logout if user account is locked
if (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true' and PP_UsrBlock_Verif($user['username']) and !is_admin() and !is_webmaster()) {
invalidate_user_cache();
logout_user();
if ($conf['guest_access']) {
redirect(make_index_url() . '?PP_msg=locked', 0);
} else {
redirect(get_root_url() . 'identification.php?PP_msg=locked', 0);
}
}
}
// Performing redirection to profile page for password reset
// ---------------------------------------------------------
if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') {
$query = '
SELECT user_id, status
FROM ' . USER_INFOS_TABLE . '
WHERE user_id = ' . $user['id'] . '
;';
$data = pwg_db_fetch_assoc(pwg_query($query));
if ($data['status'] != "webmaster" and $data['status'] != "generic") {
if (PP_check_pwdreset($user['id'])) {
redirect(PHPWG_ROOT_PATH . 'profile.php');
}
}
}
}
$tabsheet->assign();
include_once LOCALEDIT_PATH . 'include/' . $page['tab'] . '.inc.php';
// +-----------------------------------------------------------------------+
// | Load backup file
// +-----------------------------------------------------------------------+
if (isset($_POST['restore'])) {
$content_file = file_get_contents(get_bak_file($edited_file));
$page['infos'][] = l10n('locfiledit_bak_loaded1');
$page['infos'][] = l10n('locfiledit_bak_loaded2');
}
// +-----------------------------------------------------------------------+
// | Save file
// +-----------------------------------------------------------------------+
if (isset($_POST['submit'])) {
check_pwg_token();
if (!is_webmaster()) {
$page['errors'][] = l10n('locfiledit_webmaster_only');
} else {
$content_file = stripslashes($_POST['text']);
if (get_extension($edited_file) == 'php') {
$content_file = eval_syntax($content_file);
}
if ($content_file === false) {
$page['errors'][] = l10n('locfiledit_syntax_error');
} else {
if ($page['tab'] == 'plug' and !is_dir(PHPWG_PLUGINS_PATH . 'PersonalPlugin')) {
@mkdir(PHPWG_PLUGINS_PATH . "PersonalPlugin");
}
if (file_exists($edited_file)) {
@copy($edited_file, get_bak_file($edited_file));
$page['infos'][] = l10n('locfiledit_saved_bak', substr(get_bak_file($edited_file), 2));
/**
* API method
* Updates users
* @param mixed[] $params
* @option int[] user_id
* @option string username (optional)
* @option string password (optional)
* @option string email (optional)
* @option string status (optional)
* @option int level (optional)
* @option string language (optional)
* @option string theme (optional)
* @option int nb_image_page (optional)
* @option int recent_period (optional)
* @option bool expand (optional)
* @option bool show_nb_comments (optional)
* @option bool show_nb_hits (optional)
* @option bool enabled_high (optional)
*/
function ws_users_setInfo($params, &$service)
{
if (get_pwg_token() != $params['pwg_token']) {
return new PwgError(403, 'Invalid security token');
}
global $conf, $user;
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$updates = $updates_infos = array();
$update_status = null;
if (count($params['user_id']) == 1) {
if (get_username($params['user_id'][0]) === false) {
return new PwgError(WS_ERR_INVALID_PARAM, 'This user does not exist.');
}
if (!empty($params['username'])) {
$user_id = get_userid($params['username']);
if ($user_id and $user_id != $params['user_id'][0]) {
return new PwgError(WS_ERR_INVALID_PARAM, l10n('this login is already used'));
}
if ($params['username'] != strip_tags($params['username'])) {
return new PwgError(WS_ERR_INVALID_PARAM, l10n('html tags are not allowed in login'));
}
$updates[$conf['user_fields']['username']] = $params['username'];
}
if (!empty($params['email'])) {
if (($error = validate_mail_address($params['user_id'][0], $params['email'])) != '') {
return new PwgError(WS_ERR_INVALID_PARAM, $error);
}
$updates[$conf['user_fields']['email']] = $params['email'];
}
if (!empty($params['password'])) {
$updates[$conf['user_fields']['password']] = $conf['password_hash']($params['password']);
}
}
if (!empty($params['status'])) {
if (in_array($params['status'], array('webmaster', 'admin')) and !is_webmaster()) {
return new PwgError(403, 'Only webmasters can grant "webmaster/admin" status');
}
if (!in_array($params['status'], array('guest', 'generic', 'normal', 'admin', 'webmaster'))) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid status');
}
$protected_users = array($user['id'], $conf['guest_id'], $conf['webmaster_id']);
// an admin can't change status of other admin/webmaster
if ('admin' == $user['status']) {
$query = '
SELECT
user_id
FROM ' . USER_INFOS_TABLE . '
WHERE status IN (\'webmaster\', \'admin\')
;';
$protected_users = array_merge($protected_users, query2array($query, null, 'user_id'));
}
// status update query is separated from the rest as not applying to the same
// set of users (current, guest and webmaster can't be changed)
$params['user_id_for_status'] = array_diff($params['user_id'], $protected_users);
$update_status = $params['status'];
}
if (!empty($params['level']) or @$params['level'] === 0) {
if (!in_array($params['level'], $conf['available_permission_levels'])) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid level');
}
$updates_infos['level'] = $params['level'];
}
if (!empty($params['language'])) {
if (!in_array($params['language'], array_keys(get_languages()))) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid language');
}
$updates_infos['language'] = $params['language'];
}
if (!empty($params['theme'])) {
if (!in_array($params['theme'], array_keys(get_pwg_themes()))) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid theme');
}
$updates_infos['theme'] = $params['theme'];
}
if (!empty($params['nb_image_page'])) {
$updates_infos['nb_image_page'] = $params['nb_image_page'];
}
if (!empty($params['recent_period']) or @$params['recent_period'] === 0) {
$updates_infos['recent_period'] = $params['recent_period'];
}
if (!empty($params['expand']) or @$params['expand'] === false) {
$updates_infos['expand'] = boolean_to_string($params['expand']);
}
if (!empty($params['show_nb_comments']) or @$params['show_nb_comments'] === false) {
$updates_infos['show_nb_comments'] = boolean_to_string($params['show_nb_comments']);
}
if (!empty($params['show_nb_hits']) or @$params['show_nb_hits'] === false) {
$updates_infos['show_nb_hits'] = boolean_to_string($params['show_nb_hits']);
}
if (!empty($params['enabled_high']) or @$params['enabled_high'] === false) {
$updates_infos['enabled_high'] = boolean_to_string($params['enabled_high']);
}
// perform updates
single_update(USERS_TABLE, $updates, array($conf['user_fields']['id'] => $params['user_id'][0]));
if (isset($update_status) and count($params['user_id_for_status']) > 0) {
$query = '
UPDATE ' . USER_INFOS_TABLE . ' SET
status = "' . $update_status . '"
WHERE user_id IN(' . implode(',', $params['user_id_for_status']) . ')
;';
pwg_query($query);
}
if (count($updates_infos) > 0) {
$query = '
UPDATE ' . USER_INFOS_TABLE . ' SET ';
$first = true;
foreach ($updates_infos as $field => $value) {
if (!$first) {
$query .= ', ';
} else {
$first = false;
}
$query .= $field . ' = "' . $value . '"';
}
$query .= '
WHERE user_id IN(' . implode(',', $params['user_id']) . ')
;';
pwg_query($query);
}
// manage association to groups
if (!empty($params['group_id'])) {
$query = '
DELETE
FROM ' . USER_GROUP_TABLE . '
WHERE user_id IN (' . implode(',', $params['user_id']) . ')
;';
pwg_query($query);
// we remove all provided groups that do not really exist
$query = '
SELECT
id
FROM ' . GROUPS_TABLE . '
WHERE id IN (' . implode(',', $params['group_id']) . ')
;';
$group_ids = array_from_query($query, 'id');
// if only -1 (a group id that can't exist) is in the list, then no
// group is associated
if (count($group_ids) > 0) {
$inserts = array();
foreach ($group_ids as $group_id) {
foreach ($params['user_id'] as $user_id) {
$inserts[] = array('user_id' => $user_id, 'group_id' => $group_id);
}
}
mass_inserts(USER_GROUP_TABLE, array_keys($inserts[0]), $inserts);
}
}
invalidate_user_cache();
return $service->invoke('pwg.users.getList', array('user_id' => $params['user_id'], 'display' => 'basics,' . implode(',', array_keys($updates_infos))));
}
/**
* API method
* Ignore an update
* @param mixed[] $params
* @option string type (optional)
* @option string id (optional)
* @option bool reset
* @option string pwg_token
*/
function ws_extensions_ignoreupdate($params, $service)
{
global $conf;
define('IN_ADMIN', true);
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
if (!is_webmaster()) {
return new PwgError(401, 'Access denied');
}
if (get_pwg_token() != $params['pwg_token']) {
return new PwgError(403, 'Invalid security token');
}
$conf['updates_ignored'] = unserialize($conf['updates_ignored']);
// Reset ignored extension
if ($params['reset']) {
if (!empty($params['type']) and isset($conf['updates_ignored'][$params['type']])) {
$conf['updates_ignored'][$params['type']] = array();
} else {
$conf['updates_ignored'] = array('plugins' => array(), 'themes' => array(), 'languages' => array());
}
conf_update_param('updates_ignored', pwg_db_real_escape_string(serialize($conf['updates_ignored'])));
unset($_SESSION['extensions_need_update']);
return true;
}
if (empty($params['id']) or empty($params['type']) or !in_array($params['type'], array('plugins', 'themes', 'languages'))) {
return new PwgError(403, 'Invalid parameters');
}
// Add or remove extension from ignore list
if (!in_array($params['id'], $conf['updates_ignored'][$params['type']])) {
$conf['updates_ignored'][$params['type']][] = $params['id'];
}
conf_update_param('updates_ignored', pwg_db_real_escape_string(serialize($conf['updates_ignored'])));
unset($_SESSION['extensions_need_update']);
return true;
}
/**
* Triggered on login_success
*
* Triggers scheduled tasks at login
* Redirects a visitor (except for admins, webmasters and generic statuses) to his profile.php page (Thx to LucMorizur)
*
*/
function UAM_LoginTasks()
{
global $conf, $user;
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$conf_UAM = unserialize($conf['UserAdvManager']);
// Performing GhostTracker scheduled tasks
// ---------------------------------------
if (isset($conf_UAM['GTAUTO']) and $conf_UAM['GTAUTO'] == 'true') {
UAM_GT_ScheduledTasks();
}
// Performing User validation scheduled tasks
// ------------------------------------------
if (isset($conf_UAM['CONFIRM_MAIL']) and $conf_UAM['CONFIRM_MAIL'] == 'true' and (isset($conf_UAM['USRAUTO']) and $conf_UAM['USRAUTO'] == 'true')) {
UAM_USR_ScheduledTasks();
}
// Avoid login into private galleries until registration confirmation is done
if (isset($conf_UAM['REJECTCONNECT']) and $conf_UAM['REJECTCONNECT'] == 'false' or isset($conf_UAM['REJECTCONNECT']) and $conf_UAM['REJECTCONNECT'] == 'true' and UAM_UsrReg_Verif($user['id']) or !is_admin() and !is_webmaster()) {
// Performing redirection to profile page on first login
// -----------------------------------------------------
if (isset($conf_UAM['REDIRTOPROFILE']) and $conf_UAM['REDIRTOPROFILE'] == 'true') {
$query = '
SELECT user_id, status
FROM ' . USER_INFOS_TABLE . '
WHERE user_id = ' . $user['id'] . '
;';
$data = pwg_db_fetch_assoc(pwg_query($query));
if ($data['status'] != "admin" and $data['status'] != "webmaster" and $data['status'] != "generic") {
$user_idsOK = array();
if (!UAM_check_profile($user['id'], $user_idsOK)) {
redirect(PHPWG_ROOT_PATH . 'profile.php');
}
}
}
} elseif (isset($conf_UAM['REJECTCONNECT']) and $conf_UAM['REJECTCONNECT'] == 'true' and !UAM_UsrReg_Verif($user['id']) and !is_admin() and !is_webmaster()) {
// Logged-in user cleanup, session destruction and redirected to custom page
// -------------------------------------------------------------------------
invalidate_user_cache();
logout_user();
if ($conf['guest_access']) {
redirect(make_index_url() . '?UAM_msg=rejected', 0);
} else {
redirect(get_root_url() . 'identification.php?UAM_msg=rejected', 0);
}
}
}
