function check($str) { static $group = null; if (!empty($str)) { $user = JCommentsFactory::getUser(); $list = explode(',', $str); if ($group === null) { if (JCOMMENTS_JVERSION == '1.0') { if ($user->id) { $acl = new gacl_api(); $aroGroup = $acl->getAroGroup($user->id); $group = $aroGroup->group_id ? $aroGroup->group_id : 29; } else { $group = 29; } } else { if (JCOMMENTS_JVERSION == '1.5') { $group = $user->id ? $user->gid : 29; } else { if (JCOMMENTS_JVERSION == '1.7') { if ($user->id) { $db = JFactory::getDbo(); // get highest group $query = $db->getQuery(true)->select('a.id')->from('#__user_usergroup_map AS map')->leftJoin('#__usergroups AS a ON a.id = map.group_id')->where('map.user_id = ' . (int) $user->id)->order('a.lft desc'); $db->setQuery($query, 0, 1); $group = $db->loadResult(); } else { $group = JComponentHelper::getParams('com_users')->get('guest_usergroup', 1); } } } } } if (in_array($group, $list)) { return 1; } } return 0; }
if (isset($_REQUEST['uid'])) { $uid = intval(trim($_REQUEST['uid'])); } else { if (isset($_REQUEST['dnd_uid'])) { $uid = intval(trim($_REQUEST['dnd_uid'])); } else { $uid = '0'; } } $my = $mainframe->getUser(); session_start(); $database->setQuery("SELECT id, gid, username, usertype FROM #__users WHERE id={$uid}"); $row = null; if ($database->loadObject($row)) { // fudge the group stuff $grp = $acl->getAroGroup($row->id); $row->gid = 1; if ($acl->is_group_child_of($grp->name, 'Registered', 'ARO') || $acl->is_group_child_of($grp->name, 'Public Backend', 'ARO')) { // fudge Authors, Editors, Publishers and Super Administrators into the Special Group $row->gid = 2; } $row->usertype = $grp->name; $my->id = intval($row->id); $my->username = $row->username; $my->usertype = $row->usertype; $my->gid = intval($row->gid); } // Create zOOm Image Gallery object require_once $mosConfig_absolute_path . '/components/com_zoom/lib/zoom.class.php'; require_once $mosConfig_absolute_path . '/components/com_zoom/lib/toolbox.class.php'; require_once $mosConfig_absolute_path . '/components/com_zoom/lib/ftplib.class.php';
if (!$pass) { echo "<script>alert('" . $adminLanguage->A_ALERT_ENTER_PASSWORD . "'); document.location.href='index.php';</script>\n"; } else { $pass = md5($pass); } $database->setQuery("SELECT COUNT(*)" . "\nFROM #__users" . "\nWHERE (usertype='administrator' OR usertype='superadministrator')"); $count = intval($database->loadResult()); if ($count < 1) { echo "<script>alert(\"" . _LOGIN_NOADMINS . "\"); window.history.go(-1); </script>\n"; exit; } $database->setQuery("SELECT * FROM #__users WHERE username='******' AND block='0'"); $my = null; $database->loadObject($my); /** find the user group (or groups in the future) */ $grp = $acl->getAroGroup($my->id); $my->gid = $grp->group_id; $my->usertype = $grp->name; if ($my->id) { if (strcmp($my->password, $pass) || !$acl->acl_check('administration', 'login', 'users', $my->usertype)) { echo "<script>alert('" . $adminLanguage->A_ALERT_INCORRECT . "'); document.location.href='index.php';</script>\n"; exit; } session_name('mosadmin'); session_start(); $logintime = time(); $session_id = md5("{$my->id}{$my->username}{$my->usertype}{$logintime}"); $database->setQuery("INSERT INTO #__session" . "\nSET time='{$logintime}', session_id='{$session_id}', " . "userid='{$my->id}', usertype='{$my->usertype}', username='******'"); if (!$database->query()) { echo $database->stderr(); }