function _process_activation() { global $FUNCS, $DB, $AUTH; $data = $_GET['key']; $data = str_replace(' ', '+', $data); list($user, $key, $expiry, $hash) = explode('|', $data); // check if link has not expired if (time() > $expiry) { return $FUNCS->raise_error($FUNCS->t('invalid_key')); } // next verify hash to make sure the data has not been tampered with. if ($data !== $AUTH->get_hash($user, $key, $expiry)) { return $FUNCS->raise_error($FUNCS->t('invalid_key')); } // finally check if activation key still exists for the user // get the user with this activation key $rs = $DB->select(K_TBL_USERS, array('id'), "name='" . $DB->sanitize($user) . "' AND activation_key='" . $DB->sanitize($key) . "'"); if (!count($rs)) { return $FUNCS->raise_error($FUNCS->t('invalid_key')); } else { $user = new KUser($rs[0]['id'], 1); $user->populate_fields(); $user->fields[4]->store_posted_changes(0); // enable user $access_level = $AUTH->user->access_level; $AUTH->user->access_level = K_ACCESS_LEVEL_AUTHENTICATED + 1; // to allow an unlogged visitor activate his account $errors = $user->save(); if ($errors) { return $FUNCS->raise_error('Activation failed'); } $AUTH->user->access_level = $access_level; } }
$errors = ''; if (isset($_POST['op']) && $_POST['op'] == 'save') { $_POST['f_k_access_level'] = intval($_POST['f_k_levels_list']); $_POST['f_k_disabled'] = isset($_POST['f_k_disabled_check']) ? 1 : 0; // HOOK: alter_edit_user_posted_data $skip = $FUNCS->dispatch_event('alter_edit_user_posted_data', array(&$user)); if (!$skip) { for ($x = 0; $x < count($user->fields); $x++) { $f =& $user->fields[$x]; $f->store_posted_changes($_POST['f_' . $f->name]); // get posted values into fields } } // HOOK: edit_user_presave $FUNCS->dispatch_event('edit_user_presave', array(&$user)); $errors = $user->save(); // HOOK: edit_user_saved $FUNCS->dispatch_event('edit_user_saved', array(&$user, &$errors)); if (!$errors) { // if the logged-in user is the same as the user account being edited, use the user object's name in nonce as it might have changed. $nonce = $FUNCS->create_nonce('update_user_' . $user->id, $AUTH->user->id == $user->id ? $user->name : $AUTH->user->name); header("Location: " . K_ADMIN_URL . K_ADMIN_PAGE . "?o=users&act=edit&id=" . $user->id . "&nonce=" . $nonce); exit; } } // start building content for output ob_start(); $err_div = '<div class="error" style="margin-bottom:10px; color:red; display:'; if ($errors) { $err_div .= "block\">"; $err_title = $errors > 1 ? 'ERRORS' : 'ERROR';