if (!defined('ICMS_ROOT_PATH')) { exit; } icms_loadLanguageFile('core', 'user'); $uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']); $pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']); /** * Commented out for OpenID , we need to change it to make a better validation if OpenID is used */ /*if ($uname == '' || $pass == '') { redirect_header(ICMS_URL.'/user.php', 1, _US_INCORRECTLOGIN); exit(); }*/ $member_handler = icms::handler('icms_member'); icms_loadLanguageFile('core', 'auth'); $icmsAuth =& icms_auth_Factory::getAuthConnection(icms_core_DataFilter::addSlashes($uname)); // uname&email hack GIJ $uname4sql = addslashes(icms_core_DataFilter::stripSlashesGPC($uname)); $pass4sql = addslashes(icms_core_DataFilter::stripSlashesGPC($pass)); /*if (strstr( $uname , '@' )) { // check by email if uname includes '@' $criteria = new icms_db_criteria_Compo(new icms_db_criteria_Item('email', $uname4sql )); $criteria->add(new icms_db_criteria_Item('pass', $pass4sql)); $user_handler = icms::handler('icms_member_user'); $users =& $user_handler->getObjects($criteria, false); if (empty( $users ) || count( $users ) != 1 ) $user = false ; else $user = $users[0] ; unset( $users ) ; } */ if (empty($user) || !is_object($user)) { $user =& $icmsAuth->authenticate($uname4sql, $pass4sql);
include ICMS_ROOT_PATH . '/footer.php'; } break; case 'avatarchoose': if (!icms::$security->check()) { redirect_header('index.php', 3, _US_NOEDITRIGHT . "<br />" . implode('<br />', icms::$security->getErrors())); } if (!empty($uid)) { $uid = (int) $uid; } if (empty($uid) || icms::$user->getVar('uid') != $uid) { redirect_header('index.php', 3, _US_NOEDITRIGHT); } $avt_handler = icms::handler('icms_data_avatar'); if (!empty($user_avatar)) { $user_avatar = icms_core_DataFilter::addSlashes(trim($user_avatar)); $criteria_avatar = new icms_db_criteria_Compo(new icms_db_criteria_Item('avatar_file', $user_avatar)); $criteria_avatar->add(new icms_db_criteria_Item('avatar_type', "S")); $avatars =& $avt_handler->getObjects($criteria_avatar); if (!is_array($avatars) || !count($avatars)) { $user_avatar = 'blank.gif'; } unset($avatars, $criteria_avatar); } $user_avatarpath = str_replace("\\", "/", realpath(ICMS_UPLOAD_PATH . '/' . $user_avatar)); if (0 === strpos($user_avatarpath, ICMS_UPLOAD_PATH) && is_file($user_avatarpath)) { $oldavatar = icms::$user->getVar('user_avatar'); icms::$user->setVar('user_avatar', $user_avatar); $member_handler = icms::handler('icms_member'); if (!$member_handler->insertUser(icms::$user)) { /** Include the header that starts page rendering */
break; } } } if (!empty($_POST['url'])) { $url = formatURL(trim($_POST['url'])); $criteria->add(new icms_db_criteria_Item('url', $url . '%', 'LIKE')); } if (!empty($_POST['user_from'])) { $criteria->add(new icms_db_criteria_Item('user_from', '%' . icms_core_DataFilter::addSlashes(trim($_POST['user_from'])) . '%', 'LIKE')); } if (!empty($_POST['user_intrest'])) { $criteria->add(new icms_db_criteria_Item('user_intrest', '%' . icms_core_DataFilter::addSlashes(trim($_POST['user_intrest'])) . '%', 'LIKE')); } if (!empty($_POST['user_occ'])) { $criteria->add(new icms_db_criteria_Item('user_occ', '%' . icms_core_DataFilter::addSlashes(trim($_POST['user_occ'])) . '%', 'LIKE')); } foreach (array("last_login", "user_regdate") as $var) { if (!empty($_POST["{$var}_more"]) && is_numeric($_POST["{$var}_more"])) { $time = time() - 60 * 60 * 24 * (int) trim($_POST["{$var}_more"]); if ($time > 0) { $criteria->add(new icms_db_criteria_Item($var, $time, '<=')); } } if (!empty($_POST["{$var}_less"]) && is_numeric($_POST["{$var}_less"])) { $time = time() - 60 * 60 * 24 * (int) trim($_POST["{$var}_less"]); if ($time > 0) { $criteria->add(new icms_db_criteria_Item($var, $time, '>=')); } } }
$queries[] = icms_core_DataFilter::addSlashes($q); } else { $ignored_queries[] = icms_core_DataFilter::addSlashes($q); } } if (count($queries) == 0) { redirect_header('search.php', 2, sprintf(_SR_KEYTOOSHORT, icms_conv_nr2local($icmsConfigSearch['keyword_min']))); exit; } } else { $query = trim($query); if (strlen($query) < $icmsConfigSearch['keyword_min']) { redirect_header('search.php', 2, sprintf(_SR_KEYTOOSHORT, icms_conv_nr2local($icmsConfigSearch['keyword_min']))); exit; } $queries = array(icms_core_DataFilter::addSlashes($query)); } } $xoopsTpl->assign("label_search_results", _SR_SEARCHRESULTS); // Keywords section. $xoopsTpl->assign("label_keywords", _SR_KEYWORDS . ':'); $keywords = array(); $ignored_keywords = array(); foreach ($queries as $q) { $keywords[] = htmlspecialchars(stripslashes($q), ENT_COMPAT, _CHARSET); } if (!empty($ignored_queries)) { $xoopsTpl->assign("label_ignored_keywords", sprintf(_SR_IGNOREDWORDS, $icmsConfigSearch['keyword_min'])); foreach ($ignored_queries as $q) { $ignored_keywords[] = htmlspecialchars(stripslashes($q), ENT_COMPAT, _CHARSET); }
break; case 'avatarchoose': if (!icms::$security->check()) { redirect_header('index.php', 3, _US_NOEDITRIGHT . "<br />" . implode('<br />', icms::$security->getErrors())); } $uid = 0; if (!empty($_POST['uid'])) { $uid = (int) $_POST['uid']; } if (empty($uid) || icms::$user->getVar('uid') != $uid) { redirect_header('index.php', 3, _US_NOEDITRIGHT); } $user_avatar = ''; $avt_handler = icms::handler('icms_data_avatar'); if (!empty($_POST['user_avatar'])) { $user_avatar = icms_core_DataFilter::addSlashes(trim($_POST['user_avatar'])); $criteria_avatar = new icms_db_criteria_Compo(new icms_db_criteria_Item('avatar_file', $user_avatar)); $criteria_avatar->add(new icms_db_criteria_Item('avatar_type', "S")); $avatars =& $avt_handler->getObjects($criteria_avatar); if (!is_array($avatars) || !count($avatars)) { $user_avatar = 'blank.gif'; } unset($avatars, $criteria_avatar); } $user_avatarpath = str_replace("\\", "/", realpath(ICMS_UPLOAD_PATH . '/' . $user_avatar)); if (0 === strpos($user_avatarpath, ICMS_UPLOAD_PATH) && is_file($user_avatarpath)) { $oldavatar = icms::$user->getVar('user_avatar'); icms::$user->setVar('user_avatar', $user_avatar); $member_handler = icms::handler('icms_member'); if (!$member_handler->insertUser(icms::$user)) { /** Include the header that starts page rendering */
$c_password = isset($_GET['c_password']) ? trim(StopXSS($_GET['c_password'])) : (isset($_POST['c_password']) ? trim(StopXSS($_POST['c_password'])) : $c_password); $password = isset($_GET['password']) ? trim(StopXSS($_GET['password'])) : (isset($_POST['password']) ? trim(StopXSS($_POST['password'])) : $password); $password2 = isset($_GET['password2']) ? trim(StopXSS($_GET['password2'])) : (isset($_POST['password2']) ? trim(StopXSS($_POST['password2'])) : $password2); global $icmsConfigUser; if ($email == '' || $username == '') { redirect_header('user.php', 2, _US_SORRYNOTFOUND); } elseif ($password == '' || $password2 == '') { redirect_header('user.php', 2, _US_SORRYMUSTENTERPASS); } if (isset($password) && $password !== $password2) { redirect_header('user.php', 2, _US_PASSNOTSAME); } elseif ($password !== '' && strlen($password) < $icmsConfigUser['minpass']) { redirect_header('user.php', 2, sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass'])); } $member_handler = icms::handler('icms_member'); $getuser =& $member_handler->getUsers(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes($email))); if (empty($getuser)) { redirect_header('user.php', 2, _US_SORRYNOTFOUND); } else { if (strtolower($getuser[0]->getVar('uname')) !== strtolower($username)) { redirect_header('user.php', 2, _US_SORRYUNAMENOTMATCHEMAIL); } else { $current_pass = $getuser[0]->getVar('pass'); $current_salt = $getuser[0]->getVar('salt'); $enc_type = $getuser[0]->getVar('enc_type'); $icmspass = new icms_core_Password(); $c_pass = $icmspass->encryptPass($c_password, $current_salt, $enc_type, 1); if ($c_pass !== $current_pass) { redirect_header('user.php', 2, _US_SORRYINCORRECTPASS); } $salt = $icmspass->createSalt();
printf(_MD_PROFILE_ACTVMAILOK, $thisuser->getVar('uname')); } } else { redirect_header(ICMS_URL . '/user.php', 3, _MD_PROFILE_ACTLOGIN); } } else { redirect_header(ICMS_URL . '/index.php', 3, _MD_PROFILE_ACTFAILED); } } elseif (!isset($_REQUEST['submit']) || !isset($_REQUEST['email']) || trim($_REQUEST['email']) == "") { $form = new icms_form_Theme('', 'form', 'activate.php'); $form->addElement(new icms_form_elements_Text(_MD_PROFILE_EMAIL, 'email', 25, 255)); $form->addElement(new icms_form_elements_Button('', 'submit', _SUBMIT, 'submit')); $form->display(); } else { $member_handler = icms::handler('icms_member'); $getuser = $member_handler->getUsers(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes(trim($_REQUEST['email'])))); if (count($getuser) == 0) { redirect_header(ICMS_URL, 2, _MD_PROFILE_SORRYNOTFOUND); } if ($getuser[0]->isActive()) { redirect_header(ICMS_URL, 2, sprintf(_MD_PROFILE_USERALREADYACTIVE, $getuser[0]->getVar('email'))); } if ($getuser[0]->isDisabled()) { redirect_header(ICMS_URL, 2, sprintf(_MD_PROFILE_USERDISABLED, $getuser[0]->getVar('email'))); } $icmsMailer = new icms_messaging_Handler(); $icmsMailer->useMail(); $icmsMailer->setTemplate('register.tpl'); $icmsMailer->setTemplateDir(ICMS_ROOT_PATH . '/modules/' . icms::$module->getVar('dirname') . '/language/' . $icmsConfig['language'] . '/mail_template/'); $icmsMailer->assign('SITENAME', $icmsConfig['sitename']); $icmsMailer->assign('ADMINMAIL', $icmsConfig['adminmail']);
/** * @deprecated Use addSlashes, instead * @todo Remove in version 1.4 - there are no other occurrences in the core * Enter description here ... * @param $text */ function oopsAddSlashes($text) { icms_core_Debug::setDeprecated('icms_core_DataFilter::addSlashes', sprintf(_CORE_REMOVE_IN_VERSION, '1.4')); return icms_core_DataFilter::addSlashes($text); }
/** * Create a new XOOPS user from the provided FormulizeUser data * @param user_data FormulizeUser The user data * @return boolean Whether the user was successfully created */ static function createUser($user_data) { self::init(); if ($user_data->get('uid') == -1) { throw new Exception('Formulize::createUser() - The supplied user doesn\'t have an ID.'); } //Create a XOOPS user from the provided FormulizeUser data $member_handler = xoops_gethandler('member'); $newUser = $member_handler->createUser(); $newUser->setVar('uname', $user_data->get('uname')); $newUser->setVar('login_name', $user_data->get('login_name')); $newUser->setVar('email', $user_data->get('email')); //Use the default timezone offset from ImpressCMS $newUser->setVar('timezone_offset', $user_data->get('timezone_offset')); $newUser->setVar('notify_method', $user_data->get('notify_method')); //email $newUser->setVar('level', $user_data->get('level')); //active, can login if ($member_handler->insertUser($newUser, true)) { // new user account was created; create a mapping record for the new account id and the external id return self::createResourceMapping(self::USER_RESOURCE, $user_data->get('uid'), $newUser->getVar('uid')); } else { // user record could not be created, perhaps because it already exists, so try to load it from the database by email address $getuser =& $member_handler->getUsers(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes($user_data->get('email')))); if (!empty($getuser)) { // we found an existing user with the same email address, so create a resource mapping return self::createResourceMapping(self::USER_RESOURCE, $user_data->get('uid'), $getuser[0]->getVar('uid')); } } return false; // could not create a new account and an account with the email addres does not exist }
foreach ($_POST as $k => $v) { ${$k} = StopXSS($v); } } if (!empty($_GET)) { foreach ($_GET as $k => $v) { ${$k} = StopXSS($v); } } $email = isset($_GET['email']) ? trim(filter_input(INPUT_GET, 'email')) : (isset($_POST['email']) ? trim(filter_input(INPUT_POST, 'email')) : $email); if ($email == '') { redirect_header('user.php', 2, _US_SORRYNOTFOUND); } $member_handler = icms::handler('icms_member'); $criteria = new icms_db_criteria_Compo(); $criteria->add(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes($email))); $criteria->add(new icms_db_criteria_Item('level', '-1', '!=')); $getuser =& $member_handler->getUsers($criteria); if (empty($getuser)) { $msg = _US_SORRYNOTFOUND; redirect_header('user.php', 2, $msg); } else { $icmspass = new icms_core_Password(); $code = isset($_GET['code']) ? trim(filter_input(INPUT_GET, 'code')) : ''; $areyou = substr($getuser[0]->getVar('pass'), 0, 5); $enc_type = (int) $icmsConfigUser['enc_type']; if ($code != '' && $areyou == $code) { $newpass = $icmspass->createSalt(8); $salt = $icmspass->createSalt(); $pass = $icmspass->encryptPass($newpass, $salt, $icmsConfigUser['enc_type']); $xoopsMailer = new icms_messaging_Handler();