if (!defined('ICMS_ROOT_PATH')) {
exit;
}
icms_loadLanguageFile('core', 'user');
$uname = !isset($_POST['uname']) ? '' : trim($_POST['uname']);
$pass = !isset($_POST['pass']) ? '' : trim($_POST['pass']);
/**
* Commented out for OpenID , we need to change it to make a better validation if OpenID is used
*/
/*if ($uname == '' || $pass == '') {
redirect_header(ICMS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
exit();
}*/
$member_handler = icms::handler('icms_member');
icms_loadLanguageFile('core', 'auth');
$icmsAuth =& icms_auth_Factory::getAuthConnection(icms_core_DataFilter::addSlashes($uname));
// uname&email hack GIJ
$uname4sql = addslashes(icms_core_DataFilter::stripSlashesGPC($uname));
$pass4sql = addslashes(icms_core_DataFilter::stripSlashesGPC($pass));
/*if (strstr( $uname , '@' )) {
// check by email if uname includes '@'
$criteria = new icms_db_criteria_Compo(new icms_db_criteria_Item('email', $uname4sql ));
$criteria->add(new icms_db_criteria_Item('pass', $pass4sql));
$user_handler = icms::handler('icms_member_user');
$users =& $user_handler->getObjects($criteria, false);
if (empty( $users ) || count( $users ) != 1 ) $user = false ;
else $user = $users[0] ;
unset( $users ) ;
} */
if (empty($user) || !is_object($user)) {
$user =& $icmsAuth->authenticate($uname4sql, $pass4sql);
include ICMS_ROOT_PATH . '/footer.php';
}
break;
case 'avatarchoose':
if (!icms::$security->check()) {
redirect_header('index.php', 3, _US_NOEDITRIGHT . "<br />" . implode('<br />', icms::$security->getErrors()));
}
if (!empty($uid)) {
$uid = (int) $uid;
}
if (empty($uid) || icms::$user->getVar('uid') != $uid) {
redirect_header('index.php', 3, _US_NOEDITRIGHT);
}
$avt_handler = icms::handler('icms_data_avatar');
if (!empty($user_avatar)) {
$user_avatar = icms_core_DataFilter::addSlashes(trim($user_avatar));
$criteria_avatar = new icms_db_criteria_Compo(new icms_db_criteria_Item('avatar_file', $user_avatar));
$criteria_avatar->add(new icms_db_criteria_Item('avatar_type', "S"));
$avatars =& $avt_handler->getObjects($criteria_avatar);
if (!is_array($avatars) || !count($avatars)) {
$user_avatar = 'blank.gif';
}
unset($avatars, $criteria_avatar);
}
$user_avatarpath = str_replace("\\", "/", realpath(ICMS_UPLOAD_PATH . '/' . $user_avatar));
if (0 === strpos($user_avatarpath, ICMS_UPLOAD_PATH) && is_file($user_avatarpath)) {
$oldavatar = icms::$user->getVar('user_avatar');
icms::$user->setVar('user_avatar', $user_avatar);
$member_handler = icms::handler('icms_member');
if (!$member_handler->insertUser(icms::$user)) {
/** Include the header that starts page rendering */
break;
}
}
}
if (!empty($_POST['url'])) {
$url = formatURL(trim($_POST['url']));
$criteria->add(new icms_db_criteria_Item('url', $url . '%', 'LIKE'));
}
if (!empty($_POST['user_from'])) {
$criteria->add(new icms_db_criteria_Item('user_from', '%' . icms_core_DataFilter::addSlashes(trim($_POST['user_from'])) . '%', 'LIKE'));
}
if (!empty($_POST['user_intrest'])) {
$criteria->add(new icms_db_criteria_Item('user_intrest', '%' . icms_core_DataFilter::addSlashes(trim($_POST['user_intrest'])) . '%', 'LIKE'));
}
if (!empty($_POST['user_occ'])) {
$criteria->add(new icms_db_criteria_Item('user_occ', '%' . icms_core_DataFilter::addSlashes(trim($_POST['user_occ'])) . '%', 'LIKE'));
}
foreach (array("last_login", "user_regdate") as $var) {
if (!empty($_POST["{$var}_more"]) && is_numeric($_POST["{$var}_more"])) {
$time = time() - 60 * 60 * 24 * (int) trim($_POST["{$var}_more"]);
if ($time > 0) {
$criteria->add(new icms_db_criteria_Item($var, $time, '<='));
}
}
if (!empty($_POST["{$var}_less"]) && is_numeric($_POST["{$var}_less"])) {
$time = time() - 60 * 60 * 24 * (int) trim($_POST["{$var}_less"]);
if ($time > 0) {
$criteria->add(new icms_db_criteria_Item($var, $time, '>='));
}
}
}
$queries[] = icms_core_DataFilter::addSlashes($q);
} else {
$ignored_queries[] = icms_core_DataFilter::addSlashes($q);
}
}
if (count($queries) == 0) {
redirect_header('search.php', 2, sprintf(_SR_KEYTOOSHORT, icms_conv_nr2local($icmsConfigSearch['keyword_min'])));
exit;
}
} else {
$query = trim($query);
if (strlen($query) < $icmsConfigSearch['keyword_min']) {
redirect_header('search.php', 2, sprintf(_SR_KEYTOOSHORT, icms_conv_nr2local($icmsConfigSearch['keyword_min'])));
exit;
}
$queries = array(icms_core_DataFilter::addSlashes($query));
}
}
$xoopsTpl->assign("label_search_results", _SR_SEARCHRESULTS);
// Keywords section.
$xoopsTpl->assign("label_keywords", _SR_KEYWORDS . ':');
$keywords = array();
$ignored_keywords = array();
foreach ($queries as $q) {
$keywords[] = htmlspecialchars(stripslashes($q), ENT_COMPAT, _CHARSET);
}
if (!empty($ignored_queries)) {
$xoopsTpl->assign("label_ignored_keywords", sprintf(_SR_IGNOREDWORDS, $icmsConfigSearch['keyword_min']));
foreach ($ignored_queries as $q) {
$ignored_keywords[] = htmlspecialchars(stripslashes($q), ENT_COMPAT, _CHARSET);
}
break;
case 'avatarchoose':
if (!icms::$security->check()) {
redirect_header('index.php', 3, _US_NOEDITRIGHT . "<br />" . implode('<br />', icms::$security->getErrors()));
}
$uid = 0;
if (!empty($_POST['uid'])) {
$uid = (int) $_POST['uid'];
}
if (empty($uid) || icms::$user->getVar('uid') != $uid) {
redirect_header('index.php', 3, _US_NOEDITRIGHT);
}
$user_avatar = '';
$avt_handler = icms::handler('icms_data_avatar');
if (!empty($_POST['user_avatar'])) {
$user_avatar = icms_core_DataFilter::addSlashes(trim($_POST['user_avatar']));
$criteria_avatar = new icms_db_criteria_Compo(new icms_db_criteria_Item('avatar_file', $user_avatar));
$criteria_avatar->add(new icms_db_criteria_Item('avatar_type', "S"));
$avatars =& $avt_handler->getObjects($criteria_avatar);
if (!is_array($avatars) || !count($avatars)) {
$user_avatar = 'blank.gif';
}
unset($avatars, $criteria_avatar);
}
$user_avatarpath = str_replace("\\", "/", realpath(ICMS_UPLOAD_PATH . '/' . $user_avatar));
if (0 === strpos($user_avatarpath, ICMS_UPLOAD_PATH) && is_file($user_avatarpath)) {
$oldavatar = icms::$user->getVar('user_avatar');
icms::$user->setVar('user_avatar', $user_avatar);
$member_handler = icms::handler('icms_member');
if (!$member_handler->insertUser(icms::$user)) {
/** Include the header that starts page rendering */
$c_password = isset($_GET['c_password']) ? trim(StopXSS($_GET['c_password'])) : (isset($_POST['c_password']) ? trim(StopXSS($_POST['c_password'])) : $c_password);
$password = isset($_GET['password']) ? trim(StopXSS($_GET['password'])) : (isset($_POST['password']) ? trim(StopXSS($_POST['password'])) : $password);
$password2 = isset($_GET['password2']) ? trim(StopXSS($_GET['password2'])) : (isset($_POST['password2']) ? trim(StopXSS($_POST['password2'])) : $password2);
global $icmsConfigUser;
if ($email == '' || $username == '') {
redirect_header('user.php', 2, _US_SORRYNOTFOUND);
} elseif ($password == '' || $password2 == '') {
redirect_header('user.php', 2, _US_SORRYMUSTENTERPASS);
}
if (isset($password) && $password !== $password2) {
redirect_header('user.php', 2, _US_PASSNOTSAME);
} elseif ($password !== '' && strlen($password) < $icmsConfigUser['minpass']) {
redirect_header('user.php', 2, sprintf(_US_PWDTOOSHORT, $icmsConfigUser['minpass']));
}
$member_handler = icms::handler('icms_member');
$getuser =& $member_handler->getUsers(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes($email)));
if (empty($getuser)) {
redirect_header('user.php', 2, _US_SORRYNOTFOUND);
} else {
if (strtolower($getuser[0]->getVar('uname')) !== strtolower($username)) {
redirect_header('user.php', 2, _US_SORRYUNAMENOTMATCHEMAIL);
} else {
$current_pass = $getuser[0]->getVar('pass');
$current_salt = $getuser[0]->getVar('salt');
$enc_type = $getuser[0]->getVar('enc_type');
$icmspass = new icms_core_Password();
$c_pass = $icmspass->encryptPass($c_password, $current_salt, $enc_type, 1);
if ($c_pass !== $current_pass) {
redirect_header('user.php', 2, _US_SORRYINCORRECTPASS);
}
$salt = $icmspass->createSalt();
printf(_MD_PROFILE_ACTVMAILOK, $thisuser->getVar('uname'));
}
} else {
redirect_header(ICMS_URL . '/user.php', 3, _MD_PROFILE_ACTLOGIN);
}
} else {
redirect_header(ICMS_URL . '/index.php', 3, _MD_PROFILE_ACTFAILED);
}
} elseif (!isset($_REQUEST['submit']) || !isset($_REQUEST['email']) || trim($_REQUEST['email']) == "") {
$form = new icms_form_Theme('', 'form', 'activate.php');
$form->addElement(new icms_form_elements_Text(_MD_PROFILE_EMAIL, 'email', 25, 255));
$form->addElement(new icms_form_elements_Button('', 'submit', _SUBMIT, 'submit'));
$form->display();
} else {
$member_handler = icms::handler('icms_member');
$getuser = $member_handler->getUsers(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes(trim($_REQUEST['email']))));
if (count($getuser) == 0) {
redirect_header(ICMS_URL, 2, _MD_PROFILE_SORRYNOTFOUND);
}
if ($getuser[0]->isActive()) {
redirect_header(ICMS_URL, 2, sprintf(_MD_PROFILE_USERALREADYACTIVE, $getuser[0]->getVar('email')));
}
if ($getuser[0]->isDisabled()) {
redirect_header(ICMS_URL, 2, sprintf(_MD_PROFILE_USERDISABLED, $getuser[0]->getVar('email')));
}
$icmsMailer = new icms_messaging_Handler();
$icmsMailer->useMail();
$icmsMailer->setTemplate('register.tpl');
$icmsMailer->setTemplateDir(ICMS_ROOT_PATH . '/modules/' . icms::$module->getVar('dirname') . '/language/' . $icmsConfig['language'] . '/mail_template/');
$icmsMailer->assign('SITENAME', $icmsConfig['sitename']);
$icmsMailer->assign('ADMINMAIL', $icmsConfig['adminmail']);
/**
* @deprecated Use addSlashes, instead
* @todo Remove in version 1.4 - there are no other occurrences in the core
* Enter description here ...
* @param $text
*/
function oopsAddSlashes($text)
{
icms_core_Debug::setDeprecated('icms_core_DataFilter::addSlashes', sprintf(_CORE_REMOVE_IN_VERSION, '1.4'));
return icms_core_DataFilter::addSlashes($text);
}
/**
* Create a new XOOPS user from the provided FormulizeUser data
* @param user_data FormulizeUser The user data
* @return boolean Whether the user was successfully created
*/
static function createUser($user_data)
{
self::init();
if ($user_data->get('uid') == -1) {
throw new Exception('Formulize::createUser() - The supplied user doesn\'t have an ID.');
}
//Create a XOOPS user from the provided FormulizeUser data
$member_handler = xoops_gethandler('member');
$newUser = $member_handler->createUser();
$newUser->setVar('uname', $user_data->get('uname'));
$newUser->setVar('login_name', $user_data->get('login_name'));
$newUser->setVar('email', $user_data->get('email'));
//Use the default timezone offset from ImpressCMS
$newUser->setVar('timezone_offset', $user_data->get('timezone_offset'));
$newUser->setVar('notify_method', $user_data->get('notify_method'));
//email
$newUser->setVar('level', $user_data->get('level'));
//active, can login
if ($member_handler->insertUser($newUser, true)) {
// new user account was created; create a mapping record for the new account id and the external id
return self::createResourceMapping(self::USER_RESOURCE, $user_data->get('uid'), $newUser->getVar('uid'));
} else {
// user record could not be created, perhaps because it already exists, so try to load it from the database by email address
$getuser =& $member_handler->getUsers(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes($user_data->get('email'))));
if (!empty($getuser)) {
// we found an existing user with the same email address, so create a resource mapping
return self::createResourceMapping(self::USER_RESOURCE, $user_data->get('uid'), $getuser[0]->getVar('uid'));
}
}
return false;
// could not create a new account and an account with the email addres does not exist
}
foreach ($_POST as $k => $v) {
${$k} = StopXSS($v);
}
}
if (!empty($_GET)) {
foreach ($_GET as $k => $v) {
${$k} = StopXSS($v);
}
}
$email = isset($_GET['email']) ? trim(filter_input(INPUT_GET, 'email')) : (isset($_POST['email']) ? trim(filter_input(INPUT_POST, 'email')) : $email);
if ($email == '') {
redirect_header('user.php', 2, _US_SORRYNOTFOUND);
}
$member_handler = icms::handler('icms_member');
$criteria = new icms_db_criteria_Compo();
$criteria->add(new icms_db_criteria_Item('email', icms_core_DataFilter::addSlashes($email)));
$criteria->add(new icms_db_criteria_Item('level', '-1', '!='));
$getuser =& $member_handler->getUsers($criteria);
if (empty($getuser)) {
$msg = _US_SORRYNOTFOUND;
redirect_header('user.php', 2, $msg);
} else {
$icmspass = new icms_core_Password();
$code = isset($_GET['code']) ? trim(filter_input(INPUT_GET, 'code')) : '';
$areyou = substr($getuser[0]->getVar('pass'), 0, 5);
$enc_type = (int) $icmsConfigUser['enc_type'];
if ($code != '' && $areyou == $code) {
$newpass = $icmspass->createSalt(8);
$salt = $icmspass->createSalt();
$pass = $icmspass->encryptPass($newpass, $salt, $icmsConfigUser['enc_type']);
$xoopsMailer = new icms_messaging_Handler();
