$status = SEC_authenticate($loginname, $passwd, $uid);
if ($status == USER_ACCOUNT_ACTIVE) {
$local_login = true;
}
} else {
$status = -2;
}
// begin distributed (3rd party) remote authentication method
} elseif (!empty($loginname) && $_CONF['user_login_method']['3rdparty'] && $_CONF['usersubmission'] == 0 && $service != '') {
COM_updateSpeedlimit('login');
//pass $loginname by ref so we can change it ;-)
$status = SEC_remoteAuthentication($loginname, $passwd, $service, $uid);
// end distributed (3rd party) remote authentication method
// begin OAuth authentication method(s)
} elseif ($_CONF['user_login_method']['oauth'] && isset($_GET['oauth_login'])) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) == 0 ? false : in_array($_GET['oauth_login'], $modules);
if (!$active_service) {
$status = -1;
COM_errorLog("OAuth login failed - there was no consumer available for the service:" . $_GET['oauth_login']);
} else {
$query = array_merge($_GET, $_POST);
$service = $query['oauth_login'];
COM_clearSpeedlimit($_CONF['login_speedlimit'], $service);
if (COM_checkSpeedlimit($service, $_CONF['login_attempts']) > 0) {
displayLoginErrorAndAbort(82, $LANG12[26], $LANG04[112]);
}
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$consumer = new OAuthConsumer($service);
$callback_url = $_CONF['site_url'] . '/users.php?oauth_login=' . $service;
$consumer->setRedirectURL($callback_url);
/**
* Displays a login form
*
* This is the version of the login form displayed in the content area of the
* page (not the side bar). It will present all options (remote authentication
* - including new registration link, etc.) according to the current
* configuration settings.
*
* @param array $use_options options to override default settings
* @return string HTML of the login form
*
*/
function SEC_loginForm($use_options = array())
{
global $_CONF, $_USER, $LANG01, $LANG04;
$retval = '';
$default_options = array('forgotpw_link' => true, 'hidden_fields' => '', 'oauth_login' => true, '3rdparty_login' => true, 'newreg_link' => true, 'verification_link' => false, 'plugin_vars' => true, 'prefill_user' => false, 'title' => $LANG04[65], 'message' => '', 'footer_message' => '', 'button_text' => $LANG04[80], 'form_action' => $_CONF['site_url'] . '/users.php');
$options = array_merge($default_options, $use_options);
$loginform = new Template($_CONF['path_layout'] . 'users');
$loginform->set_file('login', 'loginform.thtml');
$loginform->set_var('form_action', $options['form_action']);
$loginform->set_var('footer_message', $options['footer_message']);
$loginform->set_var('start_block_loginagain', COM_startBlock($options['title']));
$loginform->set_var('lang_message', $options['message']);
if ($options['newreg_link'] == false || $_CONF['disable_new_user_registration']) {
$loginform->set_var('lang_newreglink', '');
} else {
$loginform->set_var('lang_newreglink', $LANG04[123]);
}
$loginform->set_var('lang_username', $LANG04[2]);
$loginform->set_var('lang_password', $LANG01[57]);
if ($options['forgotpw_link']) {
$loginform->set_var('lang_forgetpassword', $LANG04[25]);
$forget = COM_createLink($LANG04[25], $_CONF['site_url'] . '/users.php?mode=getpassword', array('rel' => 'nofollow'));
$loginform->set_var('forgetpassword_link', $forget);
} else {
$loginform->set_var('lang_forgetpassword', '');
$loginform->set_var('forgetpassword_link', '');
}
$loginform->set_var('lang_login', $options['button_text']);
$loginform->set_var('end_block', COM_endBlock());
// 3rd party remote authentication.
$services = '';
if ($options['3rdparty_login'] && $_CONF['user_login_method']['3rdparty'] && $_CONF['usersubmission'] == 0) {
$modules = SEC_collectRemoteAuthenticationModules();
if (count($modules) > 0) {
if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) {
$select = '<input type="hidden" name="service" value="' . $modules[0] . '"/>' . $modules[0] . LB;
} else {
// Build select
$select = '<select name="service">';
if ($_CONF['user_login_method']['standard']) {
$select .= '<option value="">' . $_CONF['site_name'] . '</option>' . LB;
}
foreach ($modules as $service) {
$select .= '<option value="' . $service . '">' . $service . '</option>' . LB;
}
$select .= '</select>';
}
$loginform->set_file('services', 'services.thtml');
$loginform->set_var('lang_service', $LANG04[121]);
$loginform->set_var('select_service', $select);
$loginform->parse('output', 'services');
$services .= $loginform->finish($loginform->get_var('output'));
}
}
if (!empty($options['hidden_fields'])) {
// allow caller to (ab)use {services} for hidden fields
$services .= $options['hidden_fields'];
$loginform->set_var('hidden_fields', $options['hidden_fields']);
}
$loginform->set_var('services', $services);
// OAuth remote authentication.
if ($options['oauth_login'] && $_CONF['user_login_method']['oauth']) {
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) == 0) {
$loginform->set_var('oauth_login', '');
} else {
$html_oauth = '';
foreach ($modules as $service) {
$loginform->set_file('oauth_login', '../loginform_oauth.thtml');
$loginform->set_var('oauth_service', $service);
$loginform->set_var('oauth_service_display', ucwords($service));
// for sign in image
$loginform->set_var('oauth_sign_in_image', $_CONF['site_url'] . '/images/login-with-' . $service . '.png');
$loginform->parse('output', 'oauth_login');
$html_oauth .= $loginform->finish($loginform->get_var('output'));
}
$loginform->set_var('oauth_login', $html_oauth);
}
} else {
$loginform->set_var('oauth_login', '');
}
if ($options['verification_link']) {
$loginform->set_var('lang_verification', $LANG04[169]);
$verify = COM_createLink($LANG04[25], $_CONF['site_url'] . '/users.php?mode=getnewtoken', array('rel' => 'nofollow'));
$loginform->set_var('verification_link', $verify);
} else {
$loginform->set_var('lang_verification', '');
$loginform->set_var('verification_link', '');
}
if ($options['prefill_user'] && isset($_USER['username']) && $_USER['username'] != '') {
$loginform->set_var('loginname', $_USER['username']);
$loginform->set_var('focus', 'passwd');
} else {
$loginform->set_var('loginname', '');
$loginform->set_var('focus', 'loginname');
}
if ($options['plugin_vars']) {
PLG_templateSetVars('loginform', $loginform);
}
$loginform->parse('output', 'login');
$retval .= $loginform->finish($loginform->get_var('output'));
return $retval;
}
/**
* Displays a login form
* This is the version of the login form displayed in the content area of the
* page (not the side bar). It will present all options (remote authentication
* - including OpenID, new registration link, etc.) according to the current
* configuration settings.
*
* @param array $use_config options to override some of the defaults
* @return string HTML of the login form
*/
function SEC_loginForm($use_config = array())
{
global $_CONF, $LANG01, $LANG04, $_SCRIPTS;
$retval = '';
$have_remote_login = false;
$default_config = array('hide_forgotpw_link' => false, 'hidden_fields' => '', 'no_oauth_login' => false, 'no_3rdparty_login' => false, 'no_openid_login' => false, 'no_newreg_link' => false, 'no_plugin_vars' => false, 'title' => $LANG04[65], 'message' => $LANG04[66], 'button_text' => $LANG04[80]);
$config = array_merge($default_config, $use_config);
$loginform = COM_newTemplate($_CONF['path_layout'] . 'users');
$loginform->set_file('login', 'loginform.thtml');
$loginform->set_var('start_block_loginagain', COM_startBlock($config['title']));
$loginform->set_var('lang_message', $config['message']);
if ($config['no_newreg_link'] || $_CONF['disable_new_user_registration']) {
$loginform->set_var('lang_newreglink', '');
} else {
$loginform->set_var('lang_newreglink', $LANG04[123]);
}
$loginform->set_var('lang_username', $LANG04[2]);
$loginform->set_var('lang_password', $LANG01[57]);
if ($config['hide_forgotpw_link']) {
$loginform->set_var('lang_forgetpassword', '');
$loginform->set_var('forgetpassword_link', '');
} else {
$loginform->set_var('lang_forgetpassword', $LANG04[25]);
$forget = COM_createLink($LANG04[25], $_CONF['site_url'] . '/users.php?mode=getpassword', array('rel' => 'nofollow'));
$loginform->set_var('forgetpassword_link', $forget);
}
$loginform->set_var('lang_login', $config['button_text']);
$loginform->set_var('lang_remote_login', $LANG04[167]);
$loginform->set_var('lang_remote_login_desc', $LANG04[168]);
$loginform->set_var('end_block', COM_endBlock());
// 3rd party remote authentification.
$services = '';
if (!$config['no_3rdparty_login'] && $_CONF['user_login_method']['3rdparty'] && $_CONF['usersubmission'] == 0) {
$modules = SEC_collectRemoteAuthenticationModules();
if (count($modules) > 0) {
if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) {
$select = '<input type="hidden" name="service" value="' . $modules[0] . '"' . XHTML . '>' . $modules[0];
} else {
// Build select
$select = '<select name="service">';
if ($_CONF['user_login_method']['standard']) {
$select .= '<option value="">' . $_CONF['site_name'] . '</option>';
}
foreach ($modules as $service) {
$select .= '<option value="' . $service . '">' . $service . '</option>';
}
$select .= '</select>';
}
$loginform->set_file('services', 'services.thtml');
$loginform->set_var('lang_service', $LANG04[121]);
$loginform->set_var('select_service', $select);
$loginform->parse('output', 'services');
$services .= $loginform->finish($loginform->get_var('output'));
}
}
if (!empty($config['hidden_fields'])) {
// allow caller to (ab)use {services} for hidden fields
$services .= $config['hidden_fields'];
}
$loginform->set_var('services', $services);
// OpenID remote authentification.
if (!$config['no_openid_login'] && $_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$have_remote_login = true;
$_SCRIPTS->setJavascriptFile('login', '/javascript/login.js');
$loginform->set_file('openid_login', '../loginform_openid.thtml');
$loginform->set_var('lang_openid_login', $LANG01[128]);
$loginform->set_var('input_field_size', 40);
// for backward compatibility - not used any more
$app_url = isset($_SERVER['SCRIPT_URI']) ? $_SERVER['SCRIPT_URI'] : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
$loginform->set_var('app_url', $app_url);
$loginform->parse('output', 'openid_login');
$loginform->set_var('openid_login', $loginform->finish($loginform->get_var('output')));
} else {
$loginform->set_var('openid_login', '');
}
// OAuth remote authentification.
if (!$config['no_oauth_login'] && $_CONF['user_login_method']['oauth'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$have_remote_login = true;
$_SCRIPTS->setJavascriptFile('login', '/javascript/login.js');
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) == 0) {
$loginform->set_var('oauth_login', '');
} else {
$html_oauth = '';
// Grab oauth icons from theme
if ($_CONF['theme_oauth_icons']) {
$icon_path = $_CONF['layout_url'] . '/images/';
} else {
$icon_path = $_CONF['site_url'] . '/images/';
}
foreach ($modules as $service) {
$loginform->set_file('oauth_login', '../loginform_oauth.thtml');
$loginform->set_var('oauth_service', $service);
$loginform->set_var('lang_oauth_service', $LANG01[$service]);
// for sign in image
$loginform->set_var('oauth_sign_in_image', $icon_path . $service . '-login-icon.png');
$loginform->parse('output', 'oauth_login');
$html_oauth .= $loginform->finish($loginform->get_var('output'));
}
$loginform->set_var('oauth_login', $html_oauth);
}
} else {
$loginform->set_var('oauth_login', '');
}
if ($have_remote_login) {
$loginform->set_var('remote_login_class', 'remote-login-enabled');
}
if (!$config['no_plugin_vars']) {
PLG_templateSetVars('loginform', $loginform);
}
$loginform->parse('output', 'login');
$retval .= $loginform->finish($loginform->get_var('output'));
return $retval;
}
/**
* Shows the user their menu options
*
* This shows the average Joe User their menu options. This is the user block on the left side
*
* @param string $help Help file to show
* @param string $title Title of Menu
* @param string $position Side being shown on 'left', 'right'. Though blank works not likely.
* @see function COM_adminMenu
*
*/
function COM_userMenu($help = '', $title = '', $position = '')
{
global $_TABLES, $_CONF, $LANG01, $LANG04, $_BLOCK_TEMPLATE;
$retval = '';
if (!COM_isAnonUser()) {
$usermenu = COM_newTemplate($_CONF['path_layout']);
if (isset($_BLOCK_TEMPLATE['useroption'])) {
$templates = explode(',', $_BLOCK_TEMPLATE['useroption']);
$usermenu->set_file(array('option' => $templates[0], 'current' => $templates[1]));
} else {
$usermenu->set_file(array('option' => 'useroption.thtml', 'current' => 'useroption_off.thtml'));
}
$usermenu->set_var('block_name', str_replace('_', '-', 'user_block'));
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name='user_block'");
}
// what's our current URL?
$thisUrl = COM_getCurrentURL();
$retval .= COM_startBlock($title, $help, COM_getBlockTemplate('user_block', 'header', $position));
// This function will show the user options for all installed plugins
// (if any)
$plugin_options = PLG_getUserOptions();
$nrows = count($plugin_options);
for ($i = 0; $i < $nrows; $i++) {
$plg = current($plugin_options);
$usermenu->set_var('option_label', $plg->adminlabel);
if (!empty($plg->numsubmissions)) {
$usermenu->set_var('option_count', '(' . $plg->numsubmissions . ')');
} else {
$usermenu->set_var('option_count', '');
}
$usermenu->set_var('option_url', $plg->adminurl);
if ($thisUrl == $plg->adminurl) {
$retval .= $usermenu->parse('item', 'current');
} else {
$retval .= $usermenu->parse('item', 'option');
}
next($plugin_options);
}
$url = $_CONF['site_url'] . '/usersettings.php';
$usermenu->set_var('option_label', $LANG01[48]);
$usermenu->set_var('option_count', '');
$usermenu->set_var('option_url', $url);
if ($thisUrl == $url) {
$retval .= $usermenu->parse('item', 'current');
} else {
$retval .= $usermenu->parse('item', 'option');
}
$url = $_CONF['site_url'] . '/users.php?mode=logout';
$usermenu->set_var('option_label', $LANG01[19]);
$usermenu->set_var('option_count', '');
$usermenu->set_var('option_url', $url);
$retval .= $usermenu->finish($usermenu->parse('item', 'option'));
$retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer', $position));
} else {
$retval .= COM_startBlock($LANG01[47], $help, COM_getBlockTemplate('user_block', 'header', $position));
$login = COM_newTemplate($_CONF['path_layout']);
$login->set_file('form', 'loginform.thtml');
$login->set_var('lang_username', $LANG01[21]);
$login->set_var('lang_password', $LANG01[57]);
$login->set_var('lang_forgetpassword', $LANG01[119]);
$login->set_var('lang_login', $LANG01[58]);
if ($_CONF['disable_new_user_registration']) {
$login->set_var('lang_signup', '');
} else {
$login->set_var('lang_signup', $LANG01[59]);
}
// 3rd party remote authentification.
if ($_CONF['user_login_method']['3rdparty'] && !$_CONF['usersubmission']) {
$modules = SEC_collectRemoteAuthenticationModules();
if (count($modules) == 0) {
$user_templates->set_var('services', '');
} else {
if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) {
$select = '<input type="hidden" name="service" value="' . $modules[0] . '"' . XHTML . '>' . $modules[0];
} else {
// Build select
$select = '<select name="service" id="service">';
if ($_CONF['user_login_method']['standard']) {
$select .= '<option value="">' . $_CONF['site_name'] . '</option>';
}
foreach ($modules as $service) {
$select .= '<option value="' . $service . '">' . $service . '</option>';
}
$select .= '</select>';
}
$login->set_file('services', 'blockservices.thtml');
$login->set_var('lang_service', $LANG04[121]);
$login->set_var('select_service', $select);
$login->parse('output', 'services');
$login->set_var('services', $login->finish($login->get_var('output')));
}
} else {
$login->set_var('services', '');
}
// OpenID remote authentification.
if ($_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$login->set_file('openid_login', 'loginform_openid.thtml');
$login->set_var('lang_openid_login', $LANG01[128]);
$login->set_var('input_field_size', 18);
$login->set_var('app_url', $_CONF['site_url'] . '/users.php');
$login->parse('output', 'openid_login');
$login->set_var('openid_login', $login->finish($login->get_var('output')));
} else {
$login->set_var('openid_login', '');
}
// OAuth remote authentification.
if ($_CONF['user_login_method']['oauth'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) == 0) {
$login->set_var('oauth_login', '');
} else {
$html_oauth = '';
foreach ($modules as $service) {
$login->set_file('oauth_login', 'loginform_oauth.thtml');
$login->set_var('oauth_service', $service);
// for sign in image
$login->set_var('oauth_sign_in_image', $_CONF['site_url'] . '/images/login-with-' . $service . '.png');
$login->set_var('oauth_sign_in_image_style', '');
$login->parse('output', 'oauth_login');
$html_oauth .= $login->finish($login->get_var('output'));
}
$login->set_var('oauth_login', $html_oauth);
}
} else {
$login->set_var('oauth_login', '');
}
PLG_templateSetVars('loginblock', $login);
$retval .= $login->finish($login->parse('output', 'form'));
$retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer', $position));
}
return $retval;
}
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
if ($service == '') {
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// verify password
if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} else {
if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// re athenticate remote user again for these changes to take place
// Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = DB_escapeString($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21]));
return $display;
}
DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
// this is a hack, for some reason remoteservice links made SPAMX SLV check barf
if (empty($service)) {
$profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>';
}
$profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
$passwd = '';
if ($service == '') {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) {
SEC_updateUserPassword($A['passwd'], $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
} else {
// Cookie
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = DB_escapeString($A['homepage']);
}
$A['fullname'] = DB_escapeString($A['fullname']);
$A['email'] = DB_escapeString($A['email']);
$A['location'] = DB_escapeString($A['location']);
$A['sig'] = DB_escapeString($A['sig']);
$A['about'] = DB_escapeString($A['about']);
$A['pgpkey'] = DB_escapeString($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
// at this point, the user information has been saved, but now we're going to check to see if
// the user has requested resynchronization with their remoteservice account
$msg = 5;
// default msg = Your account information has been successfully saved
if (isset($A['resynch'])) {
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
if (!$active_service) {
$status = -1;
$msg = 115;
// Remote service has been disabled.
} else {
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$service = substr($_USER['remoteservice'], 6);
$consumer = new OAuthConsumer($service);
$callback_url = $_CONF['site_url'];
$consumer->setRedirectURL($callback_url);
$user = $consumer->authenticate_user();
$consumer->doSynch($user);
}
}
if ($msg != 5) {
$msg = 114;
// Account saved but re-synch failed.
COM_errorLog($MESSAGE[$msg]);
}
}
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg);
}
}
}
}
function USER_accountPanel($U, $newuser = 0)
{
global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG_MYACCOUNT, $LANG04, $LANG28;
$uid = $U['uid'];
// set template
$userform = new Template($_CONF['path_layout'] . 'admin/user/');
$userform->set_file('user', 'accountpanel.thtml');
// get users display name
$display_name = COM_getDisplayName($uid);
// define all the language constants...
$userform->set_var(array('lang_name_legend' => $LANG04[128], 'lang_userid' => $LANG28[2], 'lang_regdate' => $LANG28[14], 'lang_lastlogin' => $LANG28[35], 'lang_username' => $LANG04[2], 'lang_fullname' => $LANG04[3], 'lang_user_status' => $LANG28[46], 'lang_password_email_legend' => $LANG04[129], 'lang_password_help_title' => $LANG04[146], 'lang_enter_current_password' => $LANG04[127], 'lang_password_help' => $LANG04[147], 'lang_old_password' => $LANG04[110], 'lang_password' => $LANG04[4], 'lang_password_conf' => $LANG04[108], 'lang_cooktime' => $LANG04[68], 'lang_email' => $LANG04[5], 'lang_email_conf' => $LANG04[124], 'lang_deleteaccount' => $LANG04[156], 'lang_deleteoption' => $LANG04[156], 'lang_button_delete' => $LANG04[96]));
if (empty($uid) || $uid < 2) {
$userform->set_var('lang_email_password', $LANG04[28]);
}
if (!empty($uid) && $uid > 1) {
$curtime = COM_getUserDateTimeFormat($U['regdate']);
$lastlogin = DB_getItem($_TABLES['userinfo'], 'lastlogin', "uid = '{$uid}'");
$lasttime = COM_getUserDateTimeFormat($lastlogin);
} else {
$U['uid'] = '';
$uid = '';
$curtime = COM_getUserDateTimeFormat();
$lastlogin = '';
$lasttime = '';
$A['status'] = USER_ACCOUNT_ACTIVE;
$newuser = 1;
}
if ($U['uid'] == '') {
$userform->set_var('user_id', $LANG28[15]);
} else {
$userform->set_var('user_id', $U['uid']);
}
$userform->set_var('regdate_timestamp', $curtime[1]);
$userform->set_var('user_regdate', $curtime[0]);
if (empty($lastlogin)) {
$userform->set_var('user_lastlogin', $LANG28[36]);
} else {
$userform->set_var('user_lastlogin', $lasttime[0]);
}
$userform->set_var('user_name', $U['username']);
$userform->set_var('fullname_value', @htmlspecialchars($U['fullname'], ENT_NOQUOTES, COM_getEncodingt()));
$remote_user_display = 'none';
$remote_user_checked = '';
$pwd_disabled = '';
$remote_user_edit = 0;
if ($_CONF['user_login_method']['3rdparty'] || $_CONF['user_login_method']['oauth']) {
// && $U['account_type'] & REMOTE_USER /*$allow_remote_user */) {
$modules = array();
if ($U['account_type'] & REMOTE_USER) {
$remote_user_checked = ' checked="checked"';
$pwd_disabled = ' disabled="disabled"';
$remote_user_display = '';
if (isset($U['uid']) && $U['uid'] > 2) {
$remote_user_edit = 1;
}
}
if ($_CONF['user_login_method']['3rdparty']) {
$modules = SEC_collectRemoteAuthenticationModules();
}
$service_select = '<select name="remoteservice" id="remoteservice"';
if ($remote_user_edit == 1) {
$service_select .= ' disabled="disabled"';
}
$service_select .= '>' . LB;
if (count($modules) > 0) {
foreach ($modules as $service) {
$service_select .= '<option value="' . $service . '"' . ($U['remoteservice'] == $service ? ' selected="selected"' : '') . '>' . $service . '</option>' . LB;
}
}
if ($_CONF['user_login_method']['oauth']) {
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) > 0) {
foreach ($modules as $service) {
$service_select .= '<option value="' . 'oauth.' . $service . '"' . ($U['remoteservice'] == 'oauth.' . $service ? ' selected="selected"' : '') . '>' . $service . '</option>' . LB;
}
}
}
$service_select .= '</select>' . LB;
$userform->set_var('remoteusername', @htmlspecialchars($U['remoteusername'], ENT_NOQUOTES, COM_getEncodingt()));
$userform->set_var('remoteservice_select', $service_select);
$userform->set_var('remote_user_checked', $remote_user_checked);
$userform->set_var('remote_user_display', $remote_user_display);
$userform->set_var('remoteuserenable', '1');
$userform->set_var('lang_remoteuser', $LANG04[163]);
$userform->set_var('lang_remoteusername', $LANG04[164]);
$userform->set_var('lang_remoteservice', $LANG04[165]);
$userform->set_var('lang_remoteuserdata', $LANG04[166]);
$userform->set_var('remote_user_disabled', ' disabled="disabled"');
if (!($U['account_type'] & LOCAL_USER)) {
$userform->set_var('pwd_disabled', $pwd_disabled);
}
if (!($U['account_type'] & REMOTE_USER)) {
$userform->set_var('remoteuserenable', '');
}
} else {
$userform->set_var('remoteuserenable', '');
$userform->set_var('remoteusername', '');
$userform->set_var('remoteservice_select', '');
$userform->set_var('remote_user_checked', $remote_user_checked);
$userform->set_var('remote_user_display', $remote_user_display);
$userform->set_var('remote_user_disabled', ' disabled="disabled"');
}
$selection = '<select id="cooktime" name="cooktime">' . LB;
$selection .= COM_optionList($_TABLES['cookiecodes'], 'cc_value,cc_descr', $U['cookietimeout'], 0);
$selection .= '</select>';
$userform->set_var('cooktime_selector', $selection);
$userform->set_var('email_value', @htmlspecialchars($U['email'], ENT_NOQUOTES, COM_getEncodingt()));
$statusarray = array(USER_ACCOUNT_AWAITING_ACTIVATION => $LANG28[43], USER_ACCOUNT_AWAITING_VERIFICATION => $LANG28[16], USER_ACCOUNT_ACTIVE => $LANG28[45]);
$allow_ban = true;
if (!empty($uid)) {
if ($U['uid'] == $_USER['uid']) {
$allow_ban = false;
// do not allow to ban yourself
} else {
if (SEC_inGroup('Root', $U['uid'])) {
// editing a Root user?
$count_root_sql = "SELECT COUNT(ug_uid) AS root_count FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = 1 GROUP BY ug_uid;";
$count_root_result = DB_query($count_root_sql);
$C = DB_fetchArray($count_root_result);
// how many are left?
if ($C['root_count'] < 2) {
$allow_ban = false;
// prevent banning the last root user
}
}
}
}
if ($allow_ban) {
$statusarray[USER_ACCOUNT_DISABLED] = $LANG28[42];
}
if ($_CONF['usersubmission'] == 1 && !empty($uid)) {
$statusarray[USER_ACCOUNT_AWAITING_APPROVAL] = $LANG28[44];
}
asort($statusarray);
$statusselect = '<select name="userstatus" id="userstatus">';
foreach ($statusarray as $key => $value) {
$statusselect .= '<option value="' . $key . '"';
if ($key == $U['status']) {
$statusselect .= ' selected="selected"';
}
$statusselect .= '>' . $value . '</option>' . LB;
}
$statusselect .= '</select><input type="hidden" name="oldstatus" value="' . $U['status'] . '"/>';
$userform->set_var('user_status', $statusselect);
if (!empty($uid) && $uid > 1) {
$userform->set_var('plugin_namepass_name', PLG_profileEdit($uid, 'namepass', 'name'));
$userform->set_var('plugin_namepass_pwdemail', PLG_profileEdit($uid, 'namepass', 'pwdemail'));
}
$retval = $userform->finish($userform->parse('output', 'user'));
return $retval;
}
/**
* Saves the user's information back to the database
*
* @A array User's data
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = " . (int) $_USER['uid']);
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', (int) $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (isset($_POST['merge'])) {
if (COM_applyFilter($_POST['remoteuid'], true) != $_USER['uid']) {
echo COM_refresh($_CONF['site_url'] . '/usersettings.php?mode=edit');
}
USER_mergeAccounts();
}
// If not set or possibly removed from template - initialize variable
if (!isset($A['cooktime'])) {
$A['cooktime'] = 0;
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$account_type = DB_getItem($_TABLES['users'], 'account_type', "uid = {$_USER['uid']}");
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
if ($service == '') {
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['newp']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['passwd']) || !SEC_check_hash($A['passwd'], $current_password)) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret)) {
$ret['number'] = 97;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message hander - if not numeric use default message
// - if not numeric use default message
if (!is_numeric($ret)) {
$ret = 97;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
}
}
}
// Let plugins have a chance to decide what to do before saving the user, return errors.
$msg = PLG_itemPreSave('useredit', $A['username']);
if (!empty($msg)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($msg)) {
$msg = 97;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$msg}");
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = $A['new_username'];
if (!empty($A['new_username']) && USER_validateUsername($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = DB_escapeString($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $_USER['uid']);
if (!empty($photo) && strstr($photo, $_USER['username']) !== false) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $_USER['uid'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
@rename($imgpath . $photo, $imgpath . $newphoto);
DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", (int) $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", (int) $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
// this is a hack, for some reason remoteservice links made SPAMX SLV check barf
if (empty($service)) {
$profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br />';
}
$profile .= $A['location'] . '<br />' . $A['sig'] . '<br />' . $A['about'] . '<br />' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = COM_truncate(trim(USER_sanitizeName($A['fullname'])), 80);
$A['location'] = strip_tags($A['location']);
$A['sig'] = strip_tags($A['sig']);
$A['about'] = strip_tags($A['about']);
$A['pgpkey'] = strip_tags($A['pgpkey']);
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
if ($service == '') {
if (!empty($A['newp'])) {
$A['newp'] = trim($A['newp']);
$A['newp_conf'] = trim($A['newp_conf']);
if ($A['newp'] == $A['newp_conf'] && SEC_check_hash($A['passwd'], $current_password)) {
$passwd = SEC_encryptPassword($A['newp']);
DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", (int) $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
$token_ttl = $A['cooktime'];
} else {
$cooktime = 0;
$token_ttl = 14400;
}
$ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
} elseif (!SEC_check_hash($A['passwd'], $current_password)) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['newp'] != $A['newp_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
} else {
// Cookie
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = 0;
}
$ltToken = SEC_createTokenGeneral('ltc', $cooktime);
SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cookie_timeout = 0;
$token_ttl = 14400;
} else {
$cookie_timeout = time() + $A['cooktime'];
$token_ttl = $A['cooktime'];
}
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='ltc'");
if ($cookie_timeout > 0) {
$ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
} else {
SEC_setCookie($_CONF['cookie_password'], '', -10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = DB_escapeString($A['homepage']);
}
$A['fullname'] = DB_escapeString($A['fullname']);
$A['email'] = DB_escapeString($A['email']);
$A['location'] = DB_escapeString($A['location']);
$A['sig'] = DB_escapeString($A['sig']);
$A['about'] = DB_escapeString($A['about']);
$A['pgpkey'] = DB_escapeString($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout=" . (int) $A['cooktime'] . ",photo='" . DB_escapeString($filename) . "' WHERE uid=" . (int) $_USER['uid']);
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid=" . (int) $_USER['uid']);
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged((int) $_USER['uid']);
// at this point, the user information has been saved, but now we're going to check to see if
// the user has requested resynchronization with their remoteservice account
$msg = 5;
// default msg = Your account information has been successfully saved
if (isset($A['resynch'])) {
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
if (!$active_service) {
$status = -1;
$msg = 115;
// Remote service has been disabled.
} else {
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$service = substr($_USER['remoteservice'], 6);
$consumer = new OAuthConsumer($service);
$callback_url = $_CONF['site_url'];
$consumer->setRedirectURL($callback_url);
$user = $consumer->authenticate_user();
$consumer->doSynch($user);
}
}
if ($msg != 5) {
$msg = 114;
// Account saved but re-synch failed.
COM_errorLog($MESSAGE[$msg]);
}
}
PLG_profileExtrasSave();
PLG_profileSave();
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg);
}
}
}
}
/**
* Shows the user their menu options
*
* This shows the average Joe User their menu options. This is the user block on the left side
*
* @param string $help Help file to show
* @param string $title Title of Menu
* @param string $position Side being shown on 'left', 'right'. Though blank works not likely.
* @see function COM_adminMenu
*
*/
function COM_userMenu($help = '', $title = '', $position = '')
{
global $_TABLES, $_USER, $_CONF, $LANG01, $LANG04, $LANG29, $_BLOCK_TEMPLATE;
$retval = '';
if (!COM_isAnonUser()) {
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name='user_block'");
}
// what's our current URL?
$thisUrl = COM_getCurrentURL();
$retval .= COM_startBlock($title, $help, COM_getBlockTemplate('user_block', 'header', $position), 'user_block');
$menuData = getUserMenu();
$retval .= '<div id="usermenu"><ul class="uk-list uk-list-space">';
foreach ($menuData as $item) {
$retval .= '<li><a href="' . $item['url'] . '">' . $item['label'] . '</a></li>';
}
$retval .= '</ul></div>';
$retval .= COM_endBlock(COM_getBlockTemplate('user_block', 'footer'));
} else {
$retval .= COM_startBlock($LANG01[47], $help, COM_getBlockTemplate('login_block', 'header', $position), 'login_block');
$login = new Template($_CONF['path_layout']);
$login->set_file('form', 'loginform.thtml');
$login->set_var('lang_username', $LANG01[21]);
$login->set_var('lang_password', $LANG01[57]);
$login->set_var('lang_forgetpassword', $LANG01[119]);
$login->set_var('lang_login', $LANG01[58]);
if ($_CONF['disable_new_user_registration'] == 1) {
$login->set_var('lang_signup', '');
} else {
$login->set_var('lang_signup', $LANG01[59]);
}
// 3rd party remote authentication.
if ($_CONF['user_login_method']['3rdparty'] && !$_CONF['usersubmission']) {
$modules = SEC_collectRemoteAuthenticationModules();
if (count($modules) == 0) {
$login->set_var('services', '');
} else {
if (!$_CONF['user_login_method']['standard'] && count($modules) == 1) {
$select = '<input type="hidden" name="service" value="' . $modules[0] . '"/>' . $modules[0];
} else {
// Build select
$select = '<select name="service" id="service">';
if ($_CONF['user_login_method']['standard']) {
$select .= '<option value="">' . $_CONF['site_name'] . '</option>';
}
foreach ($modules as $service) {
$select .= '<option value="' . $service . '">' . $service . '</option>';
}
$select .= '</select>';
}
$login->set_file('services', 'blockservices.thtml');
$login->set_var('lang_service', $LANG04[121]);
$login->set_var('select_service', $select);
$login->parse('output', 'services');
$login->set_var('services', $login->finish($login->get_var('output')));
}
} else {
$login->set_var('services', '');
}
// OpenID remote authentication.
if ($_CONF['user_login_method']['openid'] && $_CONF['usersubmission'] == 0 && !$_CONF['disable_new_user_registration']) {
$login->set_file('openid_login', 'loginform_openid.thtml');
$login->set_var('lang_openid_login', $LANG01[128]);
$login->set_var('input_field_size', 16);
$login->set_var('app_url', $_CONF['site_url'] . '/users.php');
$login->parse('output', 'openid_login');
$login->set_var('openid_login', $login->finish($login->get_var('output')));
} else {
$login->set_var('openid_login', '');
}
// OAuth remote authentication.
if ($_CONF['user_login_method']['oauth']) {
$modules = SEC_collectRemoteOAuthModules();
if (count($modules) == 0) {
$login->set_var('oauth_login', '');
} else {
$html_oauth = '';
foreach ($modules as $service) {
$login->set_file('oauth_login', 'loginform_oauth_block.thtml');
$login->set_var('oauth_service', $service);
// for sign in image
$login->set_var('oauth_sign_in_image', $_CONF['site_url'] . '/images/login-with-' . $service . '.png');
$login->set_var('oauth_sign_in_image_style', '');
$login->set_var('oauth_service_display', ucwords($service));
$login->parse('output', 'oauth_login');
$html_oauth .= $login->finish($login->get_var('output'));
}
$login->set_var('oauth_login', $html_oauth);
}
} else {
$login->set_var('oauth_login', '');
}
$retval .= $login->finish($login->parse('output', 'form'));
$retval .= COM_endBlock(COM_getBlockTemplate('login_block', 'footer', $position));
}
return $retval;
}
