/** * Process information given to new/edit account form * * @global array $SUPPORTED_LANGS Languages that are supported by the AUR * @param string $TYPE Either "edit" for editing or "new" for registering an account * @param string $A Form to use, either UpdateAccount or NewAccount * @param string $U The username for the account * @param string $T The account type for the user * @param string $S Whether or not the account is suspended * @param string $E The e-mail address for the user * @param string $H Whether or not the e-mail address should be hidden * @param string $P The password for the user * @param string $C The confirmed password for the user * @param string $R The real name of the user * @param string $L The language preference of the user * @param string $I The IRC nickname of the user * @param string $K The PGP fingerprint of the user * @param string $PK The list of public SSH keys * @param string $J The inactivity status of the user * @param string $UID The user ID of the modified account * @param string $N The username as present in the database * * @return array Boolean indicating success and message to be printed */ function process_account_form($TYPE, $A, $U = "", $T = "", $S = "", $E = "", $H = "", $P = "", $C = "", $R = "", $L = "", $I = "", $K = "", $PK = "", $J = "", $UID = 0, $N = "") { global $SUPPORTED_LANGS; $error = ''; $message = ''; if (is_ipbanned()) { $error = __('Account registration has been disabled ' . 'for your IP address, probably due ' . 'to sustained spam attacks. Sorry for the ' . 'inconvenience.'); } $dbh = DB::connect(); if (isset($_COOKIE['AURSID'])) { $editor_user = uid_from_sid($_COOKIE['AURSID']); } else { $editor_user = null; } if (empty($E) || empty($U)) { $error = __("Missing a required field."); } if ($TYPE != "new" && !$UID) { $error = __("Missing User ID"); } if (!$error && !valid_username($U)) { $length_min = config_get_int('options', 'username_min_len'); $length_max = config_get_int('options', 'username_max_len'); $error = __("The username is invalid.") . "<ul>\n" . "<li>" . __("It must be between %s and %s characters long", $length_min, $length_max) . "</li>" . "<li>" . __("Start and end with a letter or number") . "</li>" . "<li>" . __("Can contain only one period, underscore or hyphen.") . "</li>\n</ul>"; } if (!$error && $P && $C && $P != $C) { $error = __("Password fields do not match."); } if (!$error && $P != '' && !good_passwd($P)) { $length_min = config_get_int('options', 'passwd_min_len'); $error = __("Your password must be at least %s characters.", $length_min); } if (!$error && !valid_email($E)) { $error = __("The email address is invalid."); } if (!$error && $K != '' && !valid_pgp_fingerprint($K)) { $error = __("The PGP key fingerprint is invalid."); } if (!$error && !empty($PK)) { $ssh_keys = array_filter(array_map('trim', explode("\n", $PK))); $ssh_fingerprints = array(); foreach ($ssh_keys as &$ssh_key) { if (!valid_ssh_pubkey($ssh_key)) { $error = __("The SSH public key is invalid."); break; } $ssh_fingerprint = ssh_key_fingerprint($ssh_key); if (!$ssh_fingerprint) { $error = __("The SSH public key is invalid."); break; } $tokens = explode(" ", $ssh_key); $ssh_key = $tokens[0] . " " . $tokens[1]; $ssh_fingerprints[] = $ssh_fingerprint; } /* * Destroy last reference to prevent accidentally overwriting * an array element. */ unset($ssh_key); } if (isset($_COOKIE['AURSID'])) { $atype = account_from_sid($_COOKIE['AURSID']); if ($atype == "User" && $T > 1 || $atype == "Trusted User" && $T > 2) { $error = __("Cannot increase account permissions."); } } if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) { $error = __("Language is not currently supported."); } if (!$error) { /* * Check whether the user name is available. * TODO: Fix race condition. */ $q = "SELECT COUNT(*) AS CNT FROM Users "; $q .= "WHERE Username = "******"edit") { $q .= " AND ID != " . intval($UID); } $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if ($row[0]) { $error = __("The username, %s%s%s, is already in use.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); } } if (!$error) { /* * Check whether the e-mail address is available. * TODO: Fix race condition. */ $q = "SELECT COUNT(*) AS CNT FROM Users "; $q .= "WHERE Email = " . $dbh->quote($E); if ($TYPE == "edit") { $q .= " AND ID != " . intval($UID); } $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if ($row[0]) { $error = __("The address, %s%s%s, is already in use.", "<strong>", htmlspecialchars($E, ENT_QUOTES), "</strong>"); } } if (!$error && count($ssh_keys) > 0) { /* * Check whether any of the SSH public keys is already in use. * TODO: Fix race condition. */ $q = "SELECT Fingerprint FROM SSHPubKeys "; $q .= "WHERE Fingerprint IN ("; $q .= implode(',', array_map(array($dbh, 'quote'), $ssh_fingerprints)); $q .= ")"; if ($TYPE == "edit") { $q .= " AND UserID != " . intval($UID); } $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if ($row) { $error = __("The SSH public key, %s%s%s, is already in use.", "<strong>", htmlspecialchars($row[0], ENT_QUOTES), "</strong>"); } } if ($error) { $message = "<ul class='errorlist'><li>" . $error . "</li></ul>\n"; return array(false, $message); } if ($TYPE == "new") { /* Create an unprivileged user. */ $salt = generate_salt(); if (empty($P)) { $send_resetkey = true; $email = $E; } else { $send_resetkey = false; $P = salted_hash($P, $salt); } $U = $dbh->quote($U); $E = $dbh->quote($E); $P = $dbh->quote($P); $salt = $dbh->quote($salt); $R = $dbh->quote($R); $L = $dbh->quote($L); $I = $dbh->quote($I); $K = $dbh->quote(str_replace(" ", "", $K)); $q = "INSERT INTO Users (AccountTypeID, Suspended, "; $q .= "InactivityTS, Username, Email, Passwd, Salt, "; $q .= "RealName, LangPreference, IRCNick, PGPKey) "; $q .= "VALUES (1, 0, 0, {$U}, {$E}, {$P}, {$salt}, {$R}, {$L}, "; $q .= "{$I}, {$K})"; $result = $dbh->exec($q); if (!$result) { $message = __("Error trying to create account, %s%s%s.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); return array(false, $message); } $uid = $dbh->lastInsertId(); account_set_ssh_keys($uid, $ssh_keys, $ssh_fingerprints); $message = __("The account, %s%s%s, has been successfully created.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); $message .= "<p>\n"; if ($send_resetkey) { send_resetkey($email, true); $message .= __("A password reset key has been sent to your e-mail address."); $message .= "</p>\n"; } else { $message .= __("Click on the Login link above to use your account."); $message .= "</p>\n"; } } else { /* Modify an existing account. */ $q = "SELECT InactivityTS FROM Users WHERE "; $q .= "ID = " . intval($UID); $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if ($row[0] && $J) { $inactivity_ts = $row[0]; } elseif ($J) { $inactivity_ts = time(); } else { $inactivity_ts = 0; } $q = "UPDATE Users SET "; $q .= "Username = "******", AccountTypeID = " . intval($T); } if ($S) { /* Ensure suspended users can't keep an active session */ delete_user_sessions($UID); $q .= ", Suspended = 1"; } else { $q .= ", Suspended = 0"; } $q .= ", Email = " . $dbh->quote($E); if ($H) { $q .= ", HideEmail = 1"; } else { $q .= ", HideEmail = 0"; } if ($P) { $salt = generate_salt(); $hash = salted_hash($P, $salt); $q .= ", Passwd = '{$hash}', Salt = '{$salt}'"; } $q .= ", RealName = " . $dbh->quote($R); $q .= ", LangPreference = " . $dbh->quote($L); $q .= ", IRCNick = " . $dbh->quote($I); $q .= ", PGPKey = " . $dbh->quote(str_replace(" ", "", $K)); $q .= ", InactivityTS = " . $inactivity_ts; $q .= " WHERE ID = " . intval($UID); $result = $dbh->exec($q); $ssh_key_result = account_set_ssh_keys($UID, $ssh_keys, $ssh_fingerprints); if ($result === false || $ssh_key_result === false) { $message = __("No changes were made to the account, %s%s%s.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); } else { $message = __("The account, %s%s%s, has been successfully modified.", "<strong>", htmlspecialchars($U, ENT_QUOTES), "</strong>"); } } return array(true, $message); }
if (empty($this->request['confirmed'])) { $this->prompt_for_confirm($lang['DELETE_USER_POSTS_CONFIRM']); } if (IS_ADMIN) { post_delete('user', $user_id); $this->response['info'] = $lang['USER_DELETED_POSTS']; } else { $this->ajax_die($lang['NOT_ADMIN']); } break; case 'user_activate': if (empty($this->request['confirmed'])) { $this->prompt_for_confirm($lang['DEACTIVATE_CONFIRM']); } DB()->query("UPDATE " . BB_USERS . " SET user_active = '1' WHERE user_id = " . $user_id); $this->response['info'] = $lang['USER_ACTIVATE_ON']; break; case 'user_deactivate': if ($userdata['user_id'] == $user_id) { $this->ajax_die($lang['USER_DEACTIVATE_ME']); } if (empty($this->request['confirmed'])) { $this->prompt_for_confirm($lang['ACTIVATE_CONFIRM']); } DB()->query("UPDATE " . BB_USERS . " SET user_active = '0' WHERE user_id = " . $user_id); delete_user_sessions($user_id); $this->response['info'] = $lang['USER_ACTIVATE_OFF']; break; } $this->response['mode'] = $mode; $this->response['url'] = html_entity_decode(make_url('/') . PROFILE_URL . $user_id);