/**
* Return an array with available groups for user
*/
function sumo_get_user_available_group($username = '', $html = FALSE)
{
global $SUMO;
if (!$username) {
$username = $SUMO['user']['user'];
}
if (sumo_validate_data(array(array('username', $username, 1)))) {
$query = "SELECT usergroup FROM " . SUMO_TABLE_USERS . "\n\t\t\t\t WHERE username='******'";
$rs = $SUMO['DB']->Execute($query);
$tab = $rs->FetchRow();
$group_level = explode(";", $tab[0]);
if ($html) {
return sumo_get_user_grouplevel($group_level);
} else {
for ($g = 0; $g < count($group_level); $g++) {
$group_data = explode(":", $group_level[$g]);
$group_name = $group_data[0];
$group_value = $group_data[1];
if ($group_name == 'sumo') {
$query = "SELECT usergroup FROM " . SUMO_TABLE_GROUPS . "\n\t\t\t\t\t\t\t ORDER BY usergroup";
$rs = $SUMO['DB']->CacheExecute(3600, $query);
$group_level = array();
$group_level[] = 'sumo:' . $group_value;
while ($tab = $rs->FetchRow()) {
$group_level[] = $tab[0] . ":7";
}
break;
}
}
return $group_level;
}
} else {
return FALSE;
}
}
/**
* Validate data
*
* See sumo_validate_data_<module name> for specific validation
* into library module
*
* @author Alberto Basso <*****@*****.**>
*/
function sumo_validate_data($data = array(), $message = FALSE)
{
$elements = count($data);
$err = FALSE;
if ($elements > 0) {
for ($d = 0; $d < $elements; $d++) {
if ($data[$d][2] || !$data[$d][2] && $data[$d][1]) {
switch ($data[$d][0]) {
// the "user" can be also an e-mail address
case 'username':
if (!preg_match('/^[a-z0-9' . SUMO_REGEXP_ALLOWED_CHARS . ']{3,100}$/i', $data[$d][1]) && !sumo_validate_email($data[$d][1])) {
$err = 'W00006C';
}
break;
case 'name':
if (!preg_match("/^[a-z" . SUMO_REGEXP_ALLOWED_CHARS . "\\&\\;\\\\'\\ ]{1,49}\$/i", $data[$d][1])) {
$err = 'W00022C';
}
break;
case 'password':
if (!preg_match('/^[\\.a-z0-9]{40}$/i', $data[$d][1])) {
$err = 'W00011C';
}
// for sha1 string
break;
case 'email':
if (!sumo_validate_email($data[$d][1])) {
$err = 'W00007C';
}
break;
case 'active':
if (!preg_match('/^[0-1]{1}$/', $data[$d][1])) {
$err = 'W00018C';
}
break;
case 'ip':
$ip = sumo_get_iprange($data[$d][1]);
for ($i = 0; $i < count($ip); $i++) {
if (!sumo_validate_ip($ip[$i])) {
$err = 'W00016C';
}
break;
}
break;
case 'usergroup':
if (!sumo_validate_group($data[$d][1])) {
$err = 'W00017C';
}
break;
case 'datasource_id':
$ds = sumo_get_datasource_info($data[$d][1], false);
if (empty($ds)) {
$err = 'W00023C';
}
break;
case 'hostname':
if (!preg_match('/[a-z0-9\\.\\_\\-]{3,255}$/i', $data[$d][1])) {
$err = 'W00025C';
}
break;
case 'port':
if ($data[$d][1] < 1 || $data[$d][1] > 65535) {
$err = 'W00026C';
}
break;
case 'ldap_base':
if (!preg_match('/^[a-z0-9\\.\\,\\:\\;\\_\\-\\=\\\\/\\+\\*\\ ' . SUMO_REGEXP_ALLOWED_CHARS . ']{4,255}$/i', $data[$d][1])) {
$err = 'W00027C';
}
break;
case 'new_password':
if (!sumo_validate_data(array(array('password', $data[$d][1][0])))) {
$err = 'W00011C';
}
if ($data[$d][1][0] != $data[$d][1][1]) {
$err = 'W00024C';
}
break;
// Joomla
// Joomla
case 'new_password2':
if ($data[$d][1][0] != $data[$d][1][1]) {
$err = 'W00024C';
}
break;
case 'day_limit':
if (!preg_match('/^[0-9]{1,4}$/', $data[$d][1])) {
$err = 'W00020C';
}
break;
case 'language':
if (!in_array($data[$d][1], sumo_get_available_languages())) {
$err = 'W00021C';
}
break;
case 'id':
// INT = 256^4-1
if ($data[$d][1] < 1 || $data[$d][1] > 4294967296) {
$err = 'W00029C';
}
break;
default:
$err = 'W00019C';
break;
}
if ($err) {
break;
}
}
}
if ($message) {
return !$err ? array(TRUE, '') : array(FALSE, sumo_get_message($err));
} else {
return !$err ? TRUE : FALSE;
}
} else {
return FALSE;
}
}
$sumo_template = 'confirm_registration';
$_SESSION['reg_password'] = $sumo_reg_data['reg_password'];
} else {
$sumo_message = $validate[1];
session_destroy();
}
} else {
$sumo_message = sumo_get_message('W00013C');
session_destroy();
}
break;
case 'REGCONFIRMED':
$sumo_template = 'registration';
if ($SUMO['config']['accounts']['registration']['enabled']) {
$data = array(array('username', $sumo_reg_data['reg_user'], 1), array('email', $sumo_reg_data['reg_email'], 1), array('password', $_SESSION['reg_password'], 1));
$validate = sumo_validate_data($data, TRUE);
if ($validate[0]) {
if (sumo_verify_user_exist($sumo_reg_data['reg_user'])) {
$sumo_message = sumo_get_message('W00008C');
} elseif (sumo_verify_email_exist($sumo_reg_data['reg_email'])) {
$sumo_message = sumo_get_message('W00009C');
} else {
$sumo_message = sumo_get_message('I00007C');
$sumo_template = 'message';
sumo_request_register();
}
} else {
$sumo_message = $validate[1];
}
} else {
$sumo_template = 'message';
// If new group exist add it
if ($_POST['newgroup']) {
$_POST['group'] = sumo_get_normalized_group($_POST['newgroup'] . ";" . $_POST['group']);
}
// password (SUMO, Joomla)
switch ($tab['datasource_type']) {
case 'MySQLUsers':
case 'Joomla15':
$pwd_verify = 'new_password2';
break;
default:
$pwd_verify = 'new_password';
break;
}
$data = array(array('id', $_GET['id'], 1), array('username', $_POST['user'], 1), array('name', $_POST['firstname']), array('name', $_POST['lastname']), array('active', $_POST['active']), array('email', $_POST['email']), array('language', $_POST['language']), array('datasource_id', $_POST['datasource_id'], 1), array('usergroup', $_POST['group']), array('ip', $_POST['ip']), array('day_limit', $_POST['day_limit']), array($pwd_verify, array($_POST['new_password'], $_POST['renew_password'])));
$validate = sumo_validate_data($data, true);
// verify if current user is sumo to change administrator account
if ($_POST['user'] == 'sumo' && $SUMO['user']['user'] != 'sumo') {
$validate = array(false, $language['CannotModifyAccount']);
}
// Verify submittedd groups with current user group
if ($validate[0]) {
$submitted_group_level = sumo_get_grouplevel($_POST['group']);
$submitted_group = sumo_get_grouplevel($_POST['group'], true);
$available_group = sumo_get_available_group();
for ($g = 0; $g < count($submitted_group); $g++) {
if (!in_array($submitted_group[$g], $available_group) && $submitted_group[$g]) {
$validate = array(false, sumo_get_message('GroupNotAvailable', $submitted_group[$g]));
break;
}
if (!in_array('sumo', $SUMO['user']['group']) || $submitted_group[$g] == 'sumo') {
