function get_user_data($id) { $db = new pdo_db(); $query = "select address, city, phone1, state, zip from mdl_user where id={$id}"; $result = $db->query($query); while ($row = $result->fetch(PDO::FETCH_ASSOC)) { $user = new stdClass(); foreach ($row as $key => $value) { $user->{$key} = $value; } } return $user; }
/** * method to emulate the SQL_CALC_FOUND_ROWS placeholder for mysql * * this is really yucky. we create a new instance of the database class, * rewrite the query to use a count(*) syntax without the LIMIT * run the rewritten query, grab the recordset with the number of rows in it * and write it to a special variable in the common abstraction object * then delete the SQL_CALC_FOUND_ROWS keyword from the base query and * pass back to the main process. */ private function handleSqlCount() { if (stripos($this->_query, 'SQL_CALC_FOUND_ROWS') === false) { //do nothing } else { global $wpdb; //echo "handling count rows<br/>"; //first strip the code $this->_query = $this->istrreplace('SQL_CALC_FOUND_ROWS', ' ', $this->_query); //echo "prepped query for main use = ". $this->_query ."<br/>"; $unLimitedQuery = preg_replace('/\\bLIMIT\\s*.*/imsx', '', $this->_query); $unLimitedQuery = $this->transform2Count($unLimitedQuery); //echo "prepped query for count use is $unLimitedQuery<br/>"; $_wpdb = new pdo_db(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST, DB_TYPE); $result = $_wpdb->query($unLimitedQuery); $wpdb->dbh->foundRowsResult = $_wpdb->last_result; //echo "number of records stored is $rowcount<br/>"; } }
/** * This function processes a user's submitted token to validate the request to set a new password. * If the user's token is validated, they are prompted to set a new password. * @param string $token the one-use identifier which should verify the password reset request as being valid. * @return void */ function core_login_process_password_set($token) { global $DB, $CFG, $OUTPUT, $PAGE, $SESSION; require_once $CFG->dirroot . '/user/lib.php'; $pwresettime = isset($CFG->pwresettime) ? $CFG->pwresettime : 1800; $sql = "SELECT u.*, upr.token, upr.timerequested, upr.id as tokenid\n FROM {user} u\n JOIN {user_password_resets} upr ON upr.userid = u.id\n WHERE upr.token = ?"; $user = $DB->get_record_sql($sql, array($token)); $forgotpasswordurl = "{$CFG->httpswwwroot}/login/forgot_password.php"; if (empty($user) or $user->timerequested < time() - $pwresettime - DAYSECS) { // There is no valid reset request record - not even a recently expired one. // (suspicious) // Direct the user to the forgot password page to request a password reset. echo $OUTPUT->header(); notice(get_string('noresetrecord'), $forgotpasswordurl); die; // Never reached. } if ($user->timerequested < time() - $pwresettime) { // There is a reset record, but it's expired. // Direct the user to the forgot password page to request a password reset. $pwresetmins = floor($pwresettime / MINSECS); echo $OUTPUT->header(); notice(get_string('resetrecordexpired', '', $pwresetmins), $forgotpasswordurl); die; // Never reached. } if ($user->auth === 'nologin' or !is_enabled_auth($user->auth)) { // Bad luck - user is not able to login, do not let them set password. echo $OUTPUT->header(); print_error('forgotteninvalidurl'); die; // Never reached. } // Check this isn't guest user. if (isguestuser($user)) { print_error('cannotresetguestpwd'); } // Token is correct, and unexpired. $mform = new login_set_password_form(null, $user, 'post', '', 'autocomplete="yes"'); $data = $mform->get_data(); if (empty($data)) { // User hasn't submitted form, they got here directly from email link. // Next, display the form. $setdata = new stdClass(); $setdata->username = $user->username; $setdata->username2 = $user->username; $setdata->token = $user->token; $mform->set_data($setdata); $PAGE->verify_https_required(); echo $OUTPUT->header(); echo $OUTPUT->box(get_string('setpasswordinstructions'), 'generalbox boxwidthnormal boxaligncenter'); $mform->display(); echo $OUTPUT->footer(); return; } else { // User has submitted form. // Delete this token so it can't be used again. $DB->delete_records('user_password_resets', array('id' => $user->tokenid)); $userauth = get_auth_plugin($user->auth); if (!$userauth->user_update_password($user, $data->password)) { print_error('errorpasswordupdate', 'auth'); } else { $db = new pdo_db(); $query = "update mdl_user set purepwd='{$data->password}' where username='******'"; $db->query($query); } user_add_password_history($user->id, $data->password); if (!empty($CFG->passwordchangelogout)) { \core\session\manager::kill_user_sessions($user->id, session_id()); } // Reset login lockout (if present) before a new password is set. login_unlock_account($user); // Clear any requirement to change passwords. unset_user_preference('auth_forcepasswordchange', $user); unset_user_preference('create_password', $user); if (!empty($user->lang)) { // Unset previous session language - use user preference instead. unset($SESSION->lang); } complete_user_login($user); // Triggers the login event. \core\session\manager::apply_concurrent_login_limit($user->id, session_id()); $urltogo = core_login_get_return_url(); unset($SESSION->wantsurl); redirect($urltogo, get_string('passwordset'), 1); } }
$draftitemid = 0; $filemanagercontext = $editoroptions['context']; $filemanageroptions = array('maxbytes' => $CFG->maxbytes, 'subdirs' => 0, 'maxfiles' => 1, 'accepted_types' => 'web_image'); file_prepare_draft_area($draftitemid, $filemanagercontext->id, 'user', 'newicon', 0, $filemanageroptions); $user->imagefile = $draftitemid; // Create form. $userform = new user_editadvanced_form(new moodle_url($PAGE->url, array('returnto' => $returnto)), array('editoroptions' => $editoroptions, 'filemanageroptions' => $filemanageroptions, 'user' => $user)); if ($usernew = $userform->get_data()) { //print_r($usernew); //die(); $usercreated = false; // Update pure pwd field if any if ($usernew->newpassword != '') { $db = new pdo_db(); $query = "update mdl_user set purepwd='{$usernew->newpassword}' " . "where id={$usernew->id}"; $db->query($query); } // end if $usernew->newpassword!='' // Update address field if (empty($usernew->auth)) { // User editing self. $authplugin = get_auth_plugin($user->auth); unset($usernew->auth); // Can not change/remove. } else { $authplugin = get_auth_plugin($usernew->auth); } $usernew->timemodified = time(); $createpassword = false; if ($usernew->id == -1) { unset($usernew->id);