public static function login($user) { $ticket = self::getTicketString(); if (!isset($ticket)) { $ticket = self::createTicket($user); } $_SESSION[SYS_SESSION_KEY]['user'] = $user; self::updateTicket($ticket, $user); expPermissions::load($user); }
public function update() { global $user, $db; // get the id of user we are editing, if there is one $id = empty($this->params['id']) ? null : $this->params['id']; if (($user->id == $id || $user->isAdmin()) && $this->params['userkey'] != expSession::get("userkey")) { expHistory::back(); } // make sure this user should be updating user accounts if (!$user->isLoggedIn() && SITE_ALLOW_REGISTRATION == 0) { flash('error', gt('This site does not allow user registrations')); expHistory::back(); } elseif (!$user->isAdmin() && ($user->isLoggedIn() && $user->id != $id)) { flash('error', gt('You do not have permission to edit this user account')); expHistory::back(); } // if this is a new user account we need to check the password. // the password fields wont come thru on an edit. Otherwise we will // just update the existing account. if (!empty($id)) { $u = new user($id); $u->update($this->params); if ($user->isAdmin()) { flash('message', gt('Account information for') . ' ' . $u->username . ' ' . gt('has been updated.')); } else { flash('message', gt('Thank you') . ' ' . $u->firstname . '. ' . gt('Your account information has been updated.')); } } else { $u = new user($this->params); $ret = $u->setPassword($this->params['pass1'], $this->params['pass2']); if ($ret != true) { expValidator::failAndReturnToForm($ret, $this->params); } $u->save(); if ($user->isAdmin()) { flash('message', gt('Created new user account for') . ' ' . $u->username); } else { user::login($u->username, $this->params['pass1']); flash('message', gt('Thank you') . ' ' . $u->firstname . '. ' . gt('Your new account has been created.')); } } // update the user profiles if (!empty($u->id)) { $this->params['user_id'] = $u->id; // get the active profile extensions and save them out $active_extensions = $db->selectObjects('profileextension', 'active=1'); foreach ($active_extensions as $pe) { if (is_file(BASE . $pe->classfile)) { include_once BASE . $pe->classfile; $ext = new $pe->classname(); $db->delete($ext->tablename, 'user_id=' . $u->id); $ext->update($this->params); } } } // if this is a new account then we will check to see if we need to send // a welcome message or admin notification of new accounts. if (empty($id)) { // Calculate Group Memeberships for newly created users. Any groups that // are marked as 'inclusive' automatically pick up new users. This is the part // of the code that goes out, finds those groups, and makes the new user a member // of them. $memb = null; $memb->member_id = $u->id; // Also need to process the groupcodes, for promotional signup $code_where = ''; if (isset($this->params['groupcode']) && $this->params['groupcode'] != '') { $code_where = " OR code='" . $this->params['groupcode'] . "'"; } foreach ($db->selectObjects('group', 'inclusive=1' . $code_where) as $g) { $memb->group_id = $g->id; $db->insertObject($memb, 'groupmembership'); } // if we added the user to any group than we need to reload their permissions expPermissions::load($u); //signup email stuff if (USER_REGISTRATION_SEND_WELCOME) { $msg = $u->firstname . ", \n\n"; $msg .= sprintf(USER_REGISTRATION_WELCOME_MSG, $u->firstname, $u->lastname, $u->username); $mail = new expMail(); $mail->quickSend(array('text_message' => $msg, 'to' => trim($u->email), 'from' => SMTP_FROMADDRESS, 'subject' => USER_REGISTRATION_WELCOME_SUBJECT)); flash('message', gt('A welcome email has been sent to') . ' ' . $u->email); } // send and email notification to the admin of the site. if (USER_REGISTRATION_SEND_NOTIF && !$user->isAdmin()) { $msg = "When: " . date("F j, Y, g:i a") . "\n\n"; $msg .= "Their name is: " . $u->firstname . " " . $u->lastname . "\n\n"; $mail = new expMail(); $mail->quickSend(array('text_message' => $msg, 'to' => trim(USER_REGISTRATION_ADMIN_EMAIL), 'from' => SMTP_FROMADDRESS, 'subject' => USER_REGISTRATION_NOTIF_SUBJECT)); } } expHistory::back(); }