public function __construct($method, &$username, &$userpass)
{
$this->e107 = e107::getInstance();
$newvals = array();
if ($method == 'none') {
$this->loginResult = AUTH_NOCONNECT;
return;
}
require_once e_PLUGIN . 'alt_auth/' . $method . '_auth.php';
$_login = new auth_login();
if (isset($_login->Available) && $_login->Available === FALSE) {
// Relevant auth method not available (e.g. PHP extension not loaded)
$this->loginResult = AUTH_NOT_AVAILABLE;
return;
}
$login_result = $_login->login($username, $userpass, $newvals, FALSE);
if ($login_result === AUTH_SUCCESS) {
require_once e_HANDLER . 'user_handler.php';
require_once e_HANDLER . 'validator_class.php';
if (MAGIC_QUOTES_GPC == FALSE) {
$username = mysql_real_escape_string($username);
}
$username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username);
$username = substr($username, 0, e107::getPref('loginname_maxlength'));
$aa_sql = e107::getDb('aa');
$userMethods = new UserHandler();
$db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass, $username)));
$xFields = array();
// Possible extended user fields
// See if any of the fields need processing before save
if (isset($_login->copyMethods) && count($_login->copyMethods)) {
foreach ($newvals as $k => $v) {
if (isset($_login->copyMethods[$k])) {
$newvals[$k] = $this->translate($_login->copyMethods[$k], $v);
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth convert", $k . ': ' . $v . '=>' . $newvals[$k], FALSE, LOG_TO_ROLLING);
}
}
}
}
foreach ($newvals as $k => $v) {
if (strpos($k, 'x_') === 0) {
// Extended field
$k = substr($k, 2);
$xFields['user_' . $k] = $v;
} else {
// Normal user table
if (strpos($k, 'user_' !== 0)) {
$k = 'user_' . $k;
}
// translate the field names (but latest handlers don't need translation)
$db_vals[$k] = $v;
}
}
$ulogin = new userlogin();
if (count($xFields)) {
// We're going to have to do something with extended fields as well - make sure there's an object
require_once e_HANDLER . 'user_extended_class.php';
$ue = new e107_user_extended();
$q = $qry = "SELECT u.user_id,u." . implode(',u.', array_keys($db_vals)) . ", ue.user_extended_id, ue." . implode(',ue.', array_keys($xFields)) . " FROM `#user` AS u\n\t\t\t\t\t\tLEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id\n\t\t\t\t\t\tWHERE " . $ulogin->getLookupQuery($username, FALSE, 'u.');
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Query: {$qry}[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
} else {
$qry = "SELECT * FROM `#user` WHERE " . $ulogin->getLookupQuery($username, FALSE);
}
if ($aa_sql->db_Select_gen($qry)) {
// Existing user - get current data, see if any changes
$row = $aa_sql->db_Fetch(MYSQL_ASSOC);
foreach ($db_vals as $k => $v) {
if ($row[$k] == $v) {
unset($db_vals[$k]);
}
}
if (count($db_vals)) {
$newUser = array();
$newUser['data'] = $db_vals;
validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser);
$newUser['WHERE'] = '`user_id`=' . $row['user_id'];
$aa_sql->db_Update('user', $newUser);
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data update: " . print_r($newUser, TRUE), FALSE, LOG_TO_ROLLING);
}
}
foreach ($xFields as $k => $v) {
if ($row[$k] == $v) {
unset($xFields[$k]);
}
}
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data read: " . print_r($row, TRUE) . "[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd read: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (count($xFields)) {
$xArray = array();
$xArray['data'] = $xFields;
if ($row['user_extended_id']) {
$ue->addFieldTypes($xArray);
// Add in the data types for storage
$xArray['WHERE'] = '`user_extended_id`=' . intval($row['user_id']);
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd update: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
$aa_sql->db_Update('user_extended', $xArray);
} else {
// Never been an extended user fields record for this user
$xArray['data']['user_extended_id'] = $row['user_id'];
$ue->addDefaultFields($xArray);
// Add in the data types for storage, plus any default values
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Write new extended record" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
$aa_sql->db_Insert('user_extended', $xArray);
}
}
} else {
// Just add a new user
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Add new user: "******"[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (!isset($db_vals['user_name'])) {
$db_vals['user_name'] = $username;
}
if (!isset($db_vals['user_loginname'])) {
$db_vals['user_loginname'] = $username;
}
if (!isset($db_vals['user_join'])) {
$db_vals['user_join'] = time();
}
$db_vals['user_class'] = e107::getPref('initial_user_classes');
if (!isset($db_vals['user_signature'])) {
$db_vals['user_signature'] = '';
}
if (!isset($db_vals['user_prefs'])) {
$db_vals['user_prefs'] = '';
}
if (!isset($db_vals['user_perms'])) {
$db_vals['user_perms'] = '';
}
$userMethods->userClassUpdate($db_vals, 'userall');
$newUser = array();
$newUser['data'] = $db_vals;
$userMethods->addNonDefaulted($newUser);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser);
$newID = $aa_sql->db_Insert('user', $newUser);
if ($newID !== FALSE) {
if (count($xFields)) {
$xFields['user_extended_id'] = $newID;
$xArray = array();
$xArray['data'] = $xFields;
$ue->addDefaultFields($xArray);
// Add in the data types for storage, plus any default values
$result = $aa_sql->db_Insert('user_extended', $xArray);
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), 'DEBUG', 'Alt auth login', "Add extended: UID={$newID} result={$result}", FALSE, LOG_TO_ROLLING);
}
}
} else {
// Error adding user to database - possibly a conflict on unique fields
$this->e107->admin_log->e_log_event(10, __FILE__ . '|' . __FUNCTION__ . '@' . __LINE__, 'ALT_AUTH', 'Alt auth login', 'Add user fail: DB Error ' . $aa_sql->getLastErrorText() . "[!br!]" . print_r($db_vals, TRUE), FALSE, LOG_TO_ROLLING);
$this->loginResult = LOGIN_DB_ERROR;
return;
}
}
$this->loginResult = LOGIN_CONTINUE;
return;
} else {
// Failure modes
switch ($login_result) {
case AUTH_NOCONNECT:
if (varset(e107::getPref('auth_noconn'), TRUE)) {
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$username = md5('xx_noconn_xx');
$this->loginResult = LOGIN_ABORT;
return;
case AUTH_BADPASSWORD:
if (varset(e107::getPref('auth_badpassword'), TRUE)) {
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$userpass = md5('xx_badpassword_xx');
$this->loginResult = LOGIN_ABORT;
// Not going to magically be able to log in!
return;
}
}
$this->loginResult = LOGIN_ABORT;
// catch-all just in case
return;
}
}
$redirect->redirect($to);
}
unset($_POST);
}
if ($error) {
// require_once (e_HANDLER.'message_handler.php');
$temp = array();
if (count($extraErrors)) {
$temp[] = implode('<br />', $extraErrors);
}
if (count($allData['errors'])) {
$temp[] = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
}
if (vartrue($eufVals['errors'])) {
$temp[] = '<br />' . validatorClass::makeErrorList($eufVals, 'USER_ERR_', '%n - %x - %t: %v', '<br />', NULL);
}
// message_handler('P_ALERT', implode('<br />', $temp));
$errorMsg = implode('<br />', $temp);
if (deftrue('BOOTSTRAP')) {
echo e107::getMessage()->addError($errorMsg)->render();
} else {
$ns->tablerender($caption, $message);
}
// $adref = $_POST['adminreturn'];
}
// --- User data has been updated here if appropriate ---
$testSessionMessage = e107::getMessage()->get(E_MESSAGE_SUCCESS, 'default', true);
// only success in the session
if ($testSessionMessage) {
$message = implode('<br />', $testSessionMessage);
private function processActivationLink()
{
global $userMethods;
$sql = e107::getDb();
$tp = e107::getParser();
$ns = e107::getRender();
$log = e107::getLog();
$pref = e107::pref('core');
$qs = explode('.', e_QUERY);
if ($qs[0] == 'activate' && (count($qs) == 3 || count($qs) == 4) && $qs[2]) {
// FIXME TODO use generic multilanguage selection => e107::coreLan();
// return the message in the correct language.
if (isset($qs[3]) && strlen($qs[3]) == 2) {
require_once e_HANDLER . 'language_class.php';
$slng = new language();
$the_language = $slng->convert($qs[3]);
if (is_readable(e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE)) {
include e_LANGUAGEDIR . $the_language . '/lan_' . e_PAGE;
} else {
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
}
} else {
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
}
e107::getCache()->clear("online_menu_totals");
if ($sql->select("user", "*", "user_sess='" . $tp->toDB($qs[2], true) . "' ")) {
if ($row = $sql->fetch()) {
$dbData = array();
$dbData['WHERE'] = " user_sess='" . $tp->toDB($qs[2], true) . "' ";
$dbData['data'] = array('user_ban' => '0', 'user_sess' => '');
// Set initial classes, and any which the user can opt to join
if ($init_class = $userMethods->userClassUpdate($row, 'userfull')) {
//print_a($init_class); exit;
$dbData['data']['user_class'] = $init_class;
}
$userMethods->addNonDefaulted($dbData);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $dbData);
$newID = $sql->update('user', $dbData);
if ($newID === false) {
$log->e_log_event(10, debug_backtrace(), 'USER', 'Verification Fail', print_r($row, true), false, LOG_TO_ROLLING);
$ns->tablerender(LAN_SIGNUP_75, LAN_SIGNUP_101);
return false;
}
// Log to user audit log if enabled
$log->user_audit(USER_AUDIT_EMAILACK, $row);
e107::getEvent()->trigger('userveri', $row);
// Legacy event
e107::getEvent()->trigger('user_signup_activated', $row);
e107::getEvent()->trigger('userfull', $row);
// 'New' event
if (varset($pref['autologinpostsignup'])) {
require_once e_HANDLER . 'login.php';
$usr = new userlogin();
$usr->login($row['user_loginname'], md5($row['user_name'] . $row['user_password'] . $row['user_join']), 'signup', '');
}
$text = "<div class='alert alert-success'>" . LAN_SIGNUP_74 . " <a href='index.php'>" . LAN_SIGNUP_22 . "</a> " . LAN_SIGNUP_23 . "<br />" . LAN_SIGNUP_24 . " " . SITENAME . "</div>";
$ns->tablerender(LAN_SIGNUP_75, $text);
}
} else {
// Invalid activation code
$log->e_log_event(10, debug_backtrace(), 'USER', 'Invalid Verification URL', print_r($qs, true), false, LOG_TO_ROLLING);
echo e107::getMessage()->addError("Invalid URL")->render();
// header("location: ".e_BASE."index.php");
return false;
}
}
}
if (isset($_POST['update_settings'])) {
if ($_POST['ac'] == md5(ADMINPWCHANGE)) {
$userData = array();
$userData['data'] = array();
if ($_POST['a_password'] != '' && $_POST['a_password2'] != '' && $_POST['a_password'] == $_POST['a_password2']) {
$userData['data']['user_password'] = $sql->escape($userMethods->HashPassword($_POST['a_password'], $currentUser['user_loginname']), FALSE);
unset($_POST['a_password']);
unset($_POST['a_password2']);
if (vartrue($pref['allowEmailLogin'])) {
$user_prefs = e107::getArrayStorage()->unserialize($currentUser['user_prefs']);
$user_prefs['email_password'] = $userMethods->HashPassword($new_pass, $email);
$userData['data']['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs);
}
$userData['data']['user_pwchange'] = time();
$userData['WHERE'] = 'user_id=' . USERID;
validatorClass::addFieldTypes($userMethods->userVettingInfo, $userData, $userMethods->otherFieldTypes);
$check = $sql->update('user', $userData);
if ($check) {
e107::getLog()->add('ADMINPW_01', '', E_LOG_INFORMATIVE, '');
$userMethods->makeUserCookie(array('user_id' => USERID, 'user_password' => $userData['data']['user_password']), FALSE);
// Can't handle autologin ATM
$mes->addSuccess(UDALAN_3 . " " . ADMINNAME);
e107::getEvent()->trigger('adpword');
//@deprecated
$eventData = array('user_id' => USERID, 'user_pwchange' => $userData['data']['user_pwchange']);
e107::getEvent()->trigger('admin_password_update', $eventData);
$ns->tablerender(UDALAN_2, $mes->render());
} else {
$mes->addError(UDALAN_1 . ' ' . LAN_UPDATED_FAILED);
$ns->tablerender(LAN_UPDATED_FAILED, $mes->render());
}
}
$allData['data']['user_password'] = $userMethods->HashPassword($savePassword, $allData['data']['user_loginname']);
if (varsettrue($pref['allowEmailLogin'])) {
// Need to create separate password for email login
$allData['data']['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $allData['data']['user_email'])));
}
$allData['data']['user_join'] = time();
$allData['data']['user_ip'] = e107::getIPHandler()->getIP(FALSE);
// The user_class, user_perms, user_prefs, user_realm fields don't have default value,
// so we put apropriate ones, otherwise - broken DB Insert
$allData['data']['user_class'] = '';
$allData['data']['user_perms'] = '';
$allData['data']['user_prefs'] = '';
$allData['data']['user_realm'] = '';
// Actually write data to DB
validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData);
$nid = $sql->db_Insert('user', $allData);
if (isset($eufVals['data']) && count($eufVals['data'])) {
$usere->addFieldTypes($eufVals);
// Add in the data types for storage
$eufVals['WHERE'] = '`user_extended_id` = ' . intval($nid);
//$usere->addDefaultFields($eufVals); // Add in defaults for anything not explicitly set (commented out for now - will slightly modify behaviour)
$sql->db_Select_gen("INSERT INTO `#user_extended` (user_extended_id) values ('{$nid}')");
$sql->db_Update('user_extended', $eufVals);
}
if (SIGNUP_DEBUG) {
$admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Signup new user", array_merge($allData['data'], $eufVals), FALSE, LOG_TO_ROLLING);
}
// Log to user audit log if enabled
$signup_data['user_id'] = $nid;
$signup_data['signup_key'] = $u_key;
/**
* Quick Add user submit trigger
*/
public function AddSubmitTrigger()
{
$e107cache = e107::getCache();
$userMethods = e107::getUserSession();
$mes = e107::getMessage();
$sql = e107::getDb();
$e_event = e107::getEvent();
$admin_log = e107::getAdminLog();
if (!$_POST['ac'] == md5(ADMINPWCHANGE)) {
exit;
}
$e107cache->clear('online_menu_member_total');
$e107cache->clear('online_menu_member_newest');
$error = false;
if (isset($_POST['generateloginname'])) {
$_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']);
}
$_POST['password2'] = $_POST['password1'] = $_POST['password'];
// Now validate everything
$allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true);
// Fix Display and user name
if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) {
if ($allData['data']['user_name'] != $allData['data']['user_loginname']) {
$allData['data']['user_name'] = $allData['data']['user_loginname'];
$mes->addWarning(str_replace('[x]', $allData['data']['user_loginname'], USRLAN_237));
//$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT;
}
}
// Do basic validation
validatorClass::checkMandatory('user_name, user_loginname', $allData);
// Check for missing fields (email done in userValidation() )
validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0);
// Do basic DB-related checks
$userMethods->userValidation($allData);
// Do user-specific DB checks
if (!isset($allData['errors']['user_password'])) {
// No errors in password - keep it outside the main data array
$savePassword = $allData['data']['user_password'];
// Delete the password value in the output array
unset($allData['data']['user_password']);
}
// Restrict the scope of this
unset($_POST['password2'], $_POST['password1']);
if (count($allData['errors'])) {
$temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo);
$mes->addError($temp);
$error = true;
}
// Always save some of the entered data - then we can redisplay on error
$user_data =& $allData['data'];
if ($error) {
$this->setParam('user_data', $user_data);
return;
}
if (varset($_POST['perms'])) {
$allData['data']['user_admin'] = 1;
$allData['data']['user_perms'] = implode('.', $_POST['perms']);
}
$user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']);
$user_data['user_join'] = time();
if ($userMethods->needEmailPassword()) {
// Save separate password encryption for use with email address
$user_prefs = e107::getArrayStorage()->unserialize($user_data['user_prefs']);
$user_prefs['email_password'] = $userMethods->HashPassword($savePassword, $user_data['user_email']);
$user_data['user_prefs'] = e107::getArrayStorage()->serialize($user_prefs);
unset($user_prefs);
}
$userMethods->userClassUpdate($allData['data'], 'userall');
//FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later)
$allData['data']['user_realm'] = '';
// Set any initial classes
$userMethods->addNonDefaulted($user_data);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData);
$userid = $sql->insert('user', $allData);
if ($userid) {
$sysuser = e107::getSystemUser(false, false);
$sysuser->setData($allData['data']);
$sysuser->setId($userid);
$user_data['user_id'] = $userid;
// Add to admin log
e107::getLog()->add('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE);
// Add to user audit trail
e107::getLog()->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']);
e107::getEvent()->trigger('userfull', $user_data);
e107::getEvent()->trigger('admin_user_created', $user_data);
// send everything available for user data - bit sparse compared with user-generated signup
if (isset($_POST['sendconfemail'])) {
$check = false;
// Send confirmation email to user
switch ((int) $_POST['sendconfemail']) {
case 0:
// activate, don't notify
$check = -1;
break;
case 1:
// activate and send password
$check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => USRLAN_238));
break;
case 2:
// require activation and send password and activation link
$sysuser->set('user_ban', 2)->set('user_sess', e_user_model::randomKey())->save();
$check = $sysuser->email('quickadd', array('user_password' => $savePassword, 'mail_subject' => USRLAN_187 . SITENAME, 'activation_url' => SITEURL . "signup.php?activate." . $sysuser->getId() . "." . $sysuser->getValue('sess')));
break;
}
if ($check && $check !== -1) {
$mes->addSuccess(USRLAN_188);
} elseif (!$check) {
$mes->addError(USRLAN_189);
}
}
// $message = str_replace('--NAME--', htmlspecialchars($user_data['user_name'], ENT_QUOTES, CHARSET), USRLAN_174);
$message = USRLAN_172;
$mes->addSuccess($message)->addSuccess(USRLAN_128 . ': <strong>' . htmlspecialchars($user_data['user_loginname'], ENT_QUOTES, CHARSET) . '</strong>');
$mes->addSuccess(LAN_PASSWORD . ': <strong>' . htmlspecialchars($savePassword, ENT_QUOTES, CHARSET) . '</strong>');
return;
} else {
$mes->addError(LAN_CREATED_FAILED);
$mes->addError($sql->getLastErrorText());
}
}
function user_activate($userid)
{
global $sql, $e_event, $admin_log, $userMethods;
$uid = intval($userid);
if ($sql->db_Select("user", "*", "user_id='" . $uid . "' ")) {
if ($row = $sql->db_Fetch()) {
$dbData = array();
$dbData['WHERE'] = "user_id=" . $uid;
$dbData['data'] = array('user_ban' => '0', 'user_sess' => '');
// Add in the initial classes as necessary
if ($userMethods->userClassUpdate($row, 'userall')) {
$dbData['data']['user_class'] = $row['user_class'];
}
$userMethods->addNonDefaulted($dbData);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $dbData);
$sql->db_Update('user', $dbData);
$admin_log->log_event('USET_10', str_replace(array('--UID--', '--NAME--'), array($row['user_id'], $row['user_name']), USRLAN_166), E_LOG_INFORMATIVE);
$e_event->trigger('userfull', $row);
// 'New' event
$this->show_message(USRLAN_86 . " (#" . $userid . " : " . $row['user_name'] . ")");
if (!$action) {
$action = "main";
}
if (!$sub_action) {
$sub_action = "user_id";
}
if (!$id) {
$id = "DESC";
}
if ($pref['user_reg_veri'] == 2) {
if ($sql->db_Select("user", "user_email, user_name", "user_id = '{$uid}'")) {
$row = $sql->db_Fetch();
$message = USRLAN_114 . " " . $row['user_name'] . ",\n\n" . USRLAN_122 . " " . SITENAME . ".\n\n" . USRLAN_123 . "\n\n";
$message .= str_replace("{SITEURL}", SITEURL, USRLAN_139);
require_once e_HANDLER . "mail.php";
if (sendemail($row['user_email'], USRLAN_113 . " " . SITENAME, $message)) {
// echo str_replace("\n","<br>",$message);
$this->show_message("Email sent to: " . $row['user_name']);
} else {
$this->show_message("Failed to send to: " . $row['user_name'], 'error');
}
}
}
}
}
}
