/** * Verify user password * * @global resource $SUMO * @author Alberto Basso <*****@*****.**> */ function sumo_verify_password() { global $SUMO; if ($SUMO['page']['pwd_encrypt'] && !$SUMO['page']['http_auth']) { return $_SESSION['user']['password'] === sumo_get_hex_hmac_sha1($SUMO['connection']['security_string'], $SUMO['user']['password']) ? true : false; } else { if ($SUMO['user']['datasource_type'] == 'SUMO') { return sha1($_SESSION['user']['password']) === $SUMO['user']['password'] ? true : false; } else { if ($SUMO['user']['datasource_type'] == 'Unix') { return crypt($_SESSION['user']['password'], $SUMO['user']['password']) == $SUMO['user']['password'] ? true : false; } else { // Encryption type switch ($SUMO['user']['datasource_type']) { case 'md5': return md5($_SESSION['user']['password']) === $SUMO['user']['password'] ? true : false; break; case 'crypt': return crypt($_SESSION['user']['password'], $SUMO['user']['password']) == $SUMO['user']['password'] ? true : false; break; case 'crc32': return sprintf("%u", crc32($_SESSION['user']['password'])) === $SUMO['user']['password'] ? true : false; break; case 'sha1': return sha1($_SESSION['user']['password']) === $SUMO['user']['password'] ? true : false; break; default: return $_SESSION['user']['password'] === $SUMO['user']['password'] ? true : false; break; } } } } }
/** * Update user data */ function sumo_update_user_data($data = array()) { if (!empty($data)) { global $SUMO; $id = intval($data['id']); $day_limit = intval($data['day_limit']); $active = $data['active'] !== '' ? intval($data['active']) : FALSE; $firstname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['firstname'])); $lastname = ucwords(preg_replace('/[\\s\\,]+/', ' ', $data['lastname'])); $ip = str_replace(";;", ";", str_replace(",", ";", preg_replace('/[\\s\\,]+/', ';', $data['ip']))); $email = strtolower($data['email']); $language = $data['language']; $sumogroup = sumo_verify_sumogroup($data['usergroup']); $group = $sumogroup ? $sumogroup : $data['usergroup']; $group = sumo_get_normalized_group($group); if ($day_limit > 0) { $daylimit[0] = 'day_limit=' . $day_limit . ', '; $daylimit[1] = 'day_limit=' . $day_limit . ' AND '; } else { $daylimit[0] = 'day_limit=NULL, '; $daylimit[1] = 'day_limit IS NULL AND '; } // Get user data $userdata = sumo_get_user_info($id, 'id', FALSE); $sumouser = sumo_get_user_info($SUMO['user']['user']); $datasource = sumo_get_datasource_info($data['datasource_id'], FALSE); // Change password if ($data['password'] && ($SUMO['user']['id'] == $id || $SUMO['user']['id'] == $userdata['owner_id'] || $SUMO['user']['user'] == 'sumo')) { switch ($datasource['type']) { case 'Unix': case 'SUMO': $record['password'] = "******" . $data['password'] . "'"; sumo_update_password_date($id, $data['password']); break; case 'MySQLUsers': require SUMO_PATH . '/libs/lib.datasource.mysql_users.php'; $sumo_update_password($userdata['username'], $data['password']); break; case 'Joomla15': require SUMO_PATH . '/libs/lib.datasource.joomla15.php'; $sumo_update_password($userdata['username'], $data['password']); break; default: $record['password'] = ""; break; } } if ($group) { $record['usergroup'] = "usergroup='{$group}'"; } // group if ($sumouser['id'] != $id) { $record['active'] = "active=" . $active; } // active // verify if user can change some parameters... if ($SUMO['user']['id'] == $id || in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) { $firstname = get_magic_quotes_gpc() ? $firstname : addslashes($firstname); $lastname = get_magic_quotes_gpc() ? $lastname : addslashes($lastname); $record['firstname'] = "firstname='" . $firstname . "'"; $record['lastname'] = "lastname='" . $lastname . "'"; $record['email'] = "email='{$email}'"; $record['language'] = "language='{$language}'"; } else { $record['firstname'] = ""; $record['lastname'] = ""; $record['email'] = ""; $record['language'] = ""; } //... to change IP address if (in_array('sumo', $SUMO['user']['group']) || $SUMO['user']['id'] == $userdata['owner_id']) { $record['ip'] = "ip='" . $ip . "'"; } else { $record['ip'] = ""; } // Data source $record['datasource_id'] = "datasource_id=" . $data['datasource_id']; // modified $record['modified'] = "modified=" . $SUMO['server']['time']; // Create fields for query $new_record = array_values($record); for ($r = 0; $r < count($new_record); $r++) { if ($new_record[$r]) { $records[$r] = $new_record[$r]; } } $update = implode(', ', $records); $select = implode(' AND ', $records); // create query for update $query = "UPDATE " . SUMO_TABLE_USERS . "\n\t\t SET " . $daylimit[0] . " " . $update . "\n\t\t WHERE id=" . $id; $SUMO['DB']->Execute($query); if ($select || $day_limit[1]) { $select = $select . " AND "; } // verify query success $query = "SELECT * FROM " . SUMO_TABLE_USERS . "\n\t\t WHERE " . $daylimit[1] . "\n\t\t " . $select . "\n\t\t id=" . $id; $rs = $SUMO['DB']->Execute($query); $tab = $rs->FetchRow(); $upd = $rs->PO_RecordCount(); // if updated: if ($upd == 1) { $SUMO['DB']->CacheFlush(); if ($record['password']) { // ...to change current session password if ($id == $SUMO['user']['id']) { $_SESSION['user']['password'] = sumo_get_hex_hmac_sha1($SUMO['connection']['security_string'], $data['password']); $_SESSION['pwd_changed'] = $SUMO['server']['time']; } else { sumo_delete_session(NULL, NULL, $data['user']); } } sumo_write_log('I01000X', array($tab['username'], $SUMO['user']['user']), 3, 3, 'system', FALSE); // Send user notify if ($SUMO['config']['accounts']['notify']['updates'] && $email) { if (!$SUMO['config']['server']['admin']['email']) { sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE); } else { $object = sumo_get_message("I00001M", $SUMO['server']['name']); $message = sumo_get_message("I00106M", array($firstname . " " . $lastname, $SUMO['server']['name'], $SUMO['user']['user'])); $m = new Mail(); $m->From($SUMO['config']['server']['admin']['email']); $m->To($email); $m->Subject($object); $m->Body($message, SUMO_CHARSET); $m->Priority(1); $m->Send(); } } return TRUE; } else { return FALSE; } } else { return FALSE; } }