public function __construct($method, &$username, &$userpass)
{
$this->e107 = e107::getInstance();
$newvals = array();
if ($method == 'none') {
$this->loginResult = AUTH_NOCONNECT;
return;
}
require_once e_PLUGIN . 'alt_auth/' . $method . '_auth.php';
$_login = new auth_login();
if (isset($_login->Available) && $_login->Available === FALSE) {
// Relevant auth method not available (e.g. PHP extension not loaded)
$this->loginResult = AUTH_NOT_AVAILABLE;
return;
}
$login_result = $_login->login($username, $userpass, $newvals, FALSE);
if ($login_result === AUTH_SUCCESS) {
require_once e_HANDLER . 'user_handler.php';
require_once e_HANDLER . 'validator_class.php';
if (MAGIC_QUOTES_GPC == FALSE) {
$username = mysql_real_escape_string($username);
}
$username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username);
$username = substr($username, 0, e107::getPref('loginname_maxlength'));
$aa_sql = e107::getDb('aa');
$userMethods = new UserHandler();
$db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass, $username)));
$xFields = array();
// Possible extended user fields
// See if any of the fields need processing before save
if (isset($_login->copyMethods) && count($_login->copyMethods)) {
foreach ($newvals as $k => $v) {
if (isset($_login->copyMethods[$k])) {
$newvals[$k] = $this->translate($_login->copyMethods[$k], $v);
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth convert", $k . ': ' . $v . '=>' . $newvals[$k], FALSE, LOG_TO_ROLLING);
}
}
}
}
foreach ($newvals as $k => $v) {
if (strpos($k, 'x_') === 0) {
// Extended field
$k = substr($k, 2);
$xFields['user_' . $k] = $v;
} else {
// Normal user table
if (strpos($k, 'user_' !== 0)) {
$k = 'user_' . $k;
}
// translate the field names (but latest handlers don't need translation)
$db_vals[$k] = $v;
}
}
$ulogin = new userlogin();
if (count($xFields)) {
// We're going to have to do something with extended fields as well - make sure there's an object
require_once e_HANDLER . 'user_extended_class.php';
$ue = new e107_user_extended();
$q = $qry = "SELECT u.user_id,u." . implode(',u.', array_keys($db_vals)) . ", ue.user_extended_id, ue." . implode(',ue.', array_keys($xFields)) . " FROM `#user` AS u\n\t\t\t\t\t\tLEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id\n\t\t\t\t\t\tWHERE " . $ulogin->getLookupQuery($username, FALSE, 'u.');
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Query: {$qry}[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
} else {
$qry = "SELECT * FROM `#user` WHERE " . $ulogin->getLookupQuery($username, FALSE);
}
if ($aa_sql->db_Select_gen($qry)) {
// Existing user - get current data, see if any changes
$row = $aa_sql->db_Fetch(MYSQL_ASSOC);
foreach ($db_vals as $k => $v) {
if ($row[$k] == $v) {
unset($db_vals[$k]);
}
}
if (count($db_vals)) {
$newUser = array();
$newUser['data'] = $db_vals;
validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser);
$newUser['WHERE'] = '`user_id`=' . $row['user_id'];
$aa_sql->db_Update('user', $newUser);
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data update: " . print_r($newUser, TRUE), FALSE, LOG_TO_ROLLING);
}
}
foreach ($xFields as $k => $v) {
if ($row[$k] == $v) {
unset($xFields[$k]);
}
}
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data read: " . print_r($row, TRUE) . "[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd read: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (count($xFields)) {
$xArray = array();
$xArray['data'] = $xFields;
if ($row['user_extended_id']) {
$ue->addFieldTypes($xArray);
// Add in the data types for storage
$xArray['WHERE'] = '`user_extended_id`=' . intval($row['user_id']);
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd update: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
$aa_sql->db_Update('user_extended', $xArray);
} else {
// Never been an extended user fields record for this user
$xArray['data']['user_extended_id'] = $row['user_id'];
$ue->addDefaultFields($xArray);
// Add in the data types for storage, plus any default values
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Write new extended record" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
$aa_sql->db_Insert('user_extended', $xArray);
}
}
} else {
// Just add a new user
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Add new user: "******"[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (!isset($db_vals['user_name'])) {
$db_vals['user_name'] = $username;
}
if (!isset($db_vals['user_loginname'])) {
$db_vals['user_loginname'] = $username;
}
if (!isset($db_vals['user_join'])) {
$db_vals['user_join'] = time();
}
$db_vals['user_class'] = e107::getPref('initial_user_classes');
if (!isset($db_vals['user_signature'])) {
$db_vals['user_signature'] = '';
}
if (!isset($db_vals['user_prefs'])) {
$db_vals['user_prefs'] = '';
}
if (!isset($db_vals['user_perms'])) {
$db_vals['user_perms'] = '';
}
$userMethods->userClassUpdate($db_vals, 'userall');
$newUser = array();
$newUser['data'] = $db_vals;
$userMethods->addNonDefaulted($newUser);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser);
$newID = $aa_sql->db_Insert('user', $newUser);
if ($newID !== FALSE) {
if (count($xFields)) {
$xFields['user_extended_id'] = $newID;
$xArray = array();
$xArray['data'] = $xFields;
$ue->addDefaultFields($xArray);
// Add in the data types for storage, plus any default values
$result = $aa_sql->db_Insert('user_extended', $xArray);
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), 'DEBUG', 'Alt auth login', "Add extended: UID={$newID} result={$result}", FALSE, LOG_TO_ROLLING);
}
}
} else {
// Error adding user to database - possibly a conflict on unique fields
$this->e107->admin_log->e_log_event(10, __FILE__ . '|' . __FUNCTION__ . '@' . __LINE__, 'ALT_AUTH', 'Alt auth login', 'Add user fail: DB Error ' . $aa_sql->getLastErrorText() . "[!br!]" . print_r($db_vals, TRUE), FALSE, LOG_TO_ROLLING);
$this->loginResult = LOGIN_DB_ERROR;
return;
}
}
$this->loginResult = LOGIN_CONTINUE;
return;
} else {
// Failure modes
switch ($login_result) {
case AUTH_NOCONNECT:
if (varset(e107::getPref('auth_noconn'), TRUE)) {
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$username = md5('xx_noconn_xx');
$this->loginResult = LOGIN_ABORT;
return;
case AUTH_BADPASSWORD:
if (varset(e107::getPref('auth_badpassword'), TRUE)) {
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$userpass = md5('xx_badpassword_xx');
$this->loginResult = LOGIN_ABORT;
// Not going to magically be able to log in!
return;
}
}
$this->loginResult = LOGIN_ABORT;
// catch-all just in case
return;
}
$changedData['WHERE'] = 'user_id=' . $inp;
validatorClass::addFieldTypes($userMethods->userVettingInfo, $changedData);
// print_a($changedData);
if (FALSE === $sql->db_Update('user', $changedData)) {
$message .= '<br />' . LAN_USET_43;
} else {
if (isset($changedUserData['user_password']) && !$adminEdit) {
// echo "Make new cookie<br />";
$userMethods->makeUserCookie(array('user_id' => $udata['user_id'], 'user_password' => $changedUserData['user_password']), FALSE);
// Can't handle autologin ATM
}
}
}
// Save extended field values
if (isset($changedEUFData['data']) && count($changedEUFData['data'])) {
$ue->addFieldTypes($changedEUFData);
// Add in the data types for storage
$changedEUFData['WHERE'] = '`user_extended_id` = ' . $inp;
//print_a($changedEUFData);
if (false === $sql->retrieve('user_extended', 'user_extended_id', 'user_extended_id=' . $inp)) {
// ***** Next line creates a record which presumably should be there anyway, so could generate an error if no test first
$sql->db_Select_gen("INSERT INTO #user_extended (user_extended_id, user_hidden_fields) values ('" . $inp . "', '')");
//print_a('New extended fields added: '.$inp.'<br />');
}
if (false === $sql->db_Update('user_extended', $changedEUFData)) {
$message .= '<br />Error updating EUF';
}
}
// Now see if we need to log anything. First check the options and class membership
// (Normally we would leave logging decision to the log class. But this one's a bit more complicated)
$user_logging_opts = e107::getConfig()->get('user_audit_opts');
}
// The user_class, user_perms, user_prefs, user_realm fields don't have default value,
// so we put apropriate ones, otherwise - broken DB Insert
$allData['data']['user_class'] = '';
$allData['data']['user_perms'] = '';
$allData['data']['user_prefs'] = '';
$allData['data']['user_realm'] = '';
if (empty($allData['data']['user_signature'])) {
$allData['data']['user_signature'] = '';
// as above - default required in MYsQL strict mode.
}
// Actually write data to DB
validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData);
$nid = $sql->insert('user', $allData);
if (isset($eufVals['data']) && count($eufVals['data'])) {
$usere->addFieldTypes($eufVals);
// Add in the data types for storage
$eufVals['WHERE'] = '`user_extended_id` = ' . intval($nid);
//$usere->addDefaultFields($eufVals); // Add in defaults for anything not explicitly set (commented out for now - will slightly modify behaviour)
$sql->gen("INSERT INTO `#user_extended` (user_extended_id) values ('{$nid}')");
$sql->update('user_extended', $eufVals);
}
if (SIGNUP_DEBUG) {
$admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Signup new user", array_merge($allData['data'], $eufVals), FALSE, LOG_TO_ROLLING);
}
// Log to user audit log if enabled
$signup_data['user_id'] = $nid;
$signup_data['signup_key'] = $u_key;
$signup_data['user_realname'] = $tp->toDB($_POST['realname']);
$admin_log->user_audit(USER_AUDIT_SIGNUP, $signup_data);
if (!$nid) {
