Exemplo n.º 1
0
         cot_error(cot_rc('install_error_missing_file', array('file' => $file['config_sample'])));
     }
     if (!cot_error_found()) {
         $config_contents = file_get_contents($file['config']);
         cot_install_config_replace($config_contents, 'defaultlang', $rlang);
         cot_install_config_replace($config_contents, 'defaulttheme', $rtheme);
         cot_install_config_replace($config_contents, 'defaultscheme', $rscheme);
         cot_install_config_replace($config_contents, 'mainurl', $cfg['mainurl']);
         $new_site_id = cot_unique(32);
         cot_install_config_replace($config_contents, 'site_id', $new_site_id);
         $new_secret_key = cot_unique(32);
         cot_install_config_replace($config_contents, 'secret_key', $new_secret_key);
         file_put_contents($file['config'], $config_contents);
         $ruserpass['user_passsalt'] = cot_unique(16);
         $ruserpass['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
         $ruserpass['user_password'] = cot_hash($user['pass'], $ruserpass['user_passsalt'], $ruserpass['user_passfunc']);
         try {
             $db->insert($db_x . 'users', array('user_name' => $user['name'], 'user_password' => $ruserpass['user_password'], 'user_passsalt' => $ruserpass['user_passsalt'], 'user_passfunc' => $ruserpass['user_passfunc'], 'user_maingrp' => COT_GROUP_SUPERADMINS, 'user_country' => (string) $user['country'], 'user_email' => $user['email'], 'user_theme' => $rtheme, 'user_scheme' => $rscheme, 'user_lang' => $rlang, 'user_regdate' => time(), 'user_lastip' => $_SERVER['REMOTE_ADDR']));
             $user['id'] = $db->lastInsertId();
             $db->insert($db_x . 'groups_users', array('gru_userid' => (int) $user['id'], 'gru_groupid' => COT_GROUP_SUPERADMINS));
             $db->update($db_x . 'config', array('config_value' => $user['email']), "config_owner = 'core' AND config_name = 'adminemail'");
         } catch (PDOException $err) {
             cot_error(cot_rc('install_error_sql_script', array('msg' => $err->getMessage())));
         }
     }
     break;
 case 4:
     // Dependency check
     $install = true;
     foreach ($selected_modules as $ext) {
         $install &= cot_extension_dependencies_statisfied($ext, true, $selected_modules, $selected_plugins);
Exemplo n.º 2
0
     $rremember = true;
 }
 $login_param = !$cfg['useremailduplicate'] && cot_check_email($rusername) ? 'user_email' : 'user_name';
 if (!empty($v) && mb_strlen($v) == 32) {
     $validating = TRUE;
     $login_param = 'user_lostpass';
 }
 // Load salt and algo from db
 $sql = $db->query("SELECT user_passsalt, user_passfunc FROM {$db_users} WHERE {$login_param}=" . $db->quote($rusername));
 if ($sql->rowCount() == 0) {
     // If login has e-mail format, try to find it as user_name
     $sql = $db->query("SELECT user_passsalt, user_passfunc FROM {$db_users} WHERE user_name=" . $db->quote($rusername));
 }
 if ($sql->rowCount() == 1) {
     $hash_params = $sql->fetch();
     $rmdpass = cot_hash($rpassword, $hash_params['user_passsalt'], $hash_params['user_passfunc']);
     unset($hash_params);
 }
 /**
  * Sets user selection criteria for authentication. Override this string in your plugin
  * hooking into users.auth.check.query to provide other authentication methods.
  */
 $user_select_condition = !$validating ? "user_password="******" AND {$login_param}=" . $db->quote($rusername) : "user_lostpass="******"SELECT user_id, user_name, user_token, user_regdate, user_maingrp, user_banexpire, user_theme, user_scheme, user_lang, user_sid, user_sidtime FROM {$db_users} WHERE {$user_select_condition}");
 /* 	Checking if we got any entries with the current login conditions,
 		only may fail when user name has e-mail format or user is not registered,
Exemplo n.º 3
0
/**
 * Adds new user
 *
 * @param array $ruser User data array
 * @param string $email Email address
 * @param string $name User name; defaults to $email if omitted
 * @param string $password Password; randomly generated if omitted
 * @param string $maingrp Custom main grp
 * @param float $sendemail Send email if need activation
 * @return int New user ID or false
 * @global CotDB $db
 */
function cot_add_user($ruser, $email = null, $name = null, $password = null, $maingrp = null, $sendemail = true)
{
    global $cfg, $cot_extrafields, $db, $db_users, $db_groups_users, $db_x, $L, $R, $sys, $uploadfiles, $usr;
    $ruser['user_email'] = !empty($email) ? $email : $ruser['user_email'];
    $ruser['user_name'] = !empty($name) ? $name : $ruser['user_name'];
    $ruser['user_password'] = !empty($password) ? $password : $ruser['user_password'];
    empty($ruser['user_password']) && ($ruser['user_password'] = cot_randomstring());
    empty($ruser['user_name']) && ($ruser['user_name'] = $ruser['user_email']);
    $password = $ruser['user_password'];
    $user_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_name = ? LIMIT 1", array($ruser['user_name']))->fetch();
    $email_exists = (bool) $db->query("SELECT user_id FROM {$db_users} WHERE user_email = ? LIMIT 1", array($ruser['user_email']))->fetch();
    if (!cot_check_email($ruser['user_email']) || $user_exists || !$cfg['useremailduplicate'] && $email_exists) {
        return false;
    }
    $ruser['user_gender'] = in_array($ruser['user_gender'], array('M', 'F')) ? $ruser['user_gender'] : 'U';
    $ruser['user_country'] = mb_strlen($ruser['user_country']) < 4 ? $ruser['user_country'] : '';
    $ruser['user_timezone'] = !$ruser['user_timezone'] ? 'GMT' : $ruser['user_timezone'];
    $ruser['user_maingrp'] = $db->countRows($db_users) == 0 ? 5 : $cfg['users']['regnoactivation'] ? 4 : 2;
    $ruser['user_maingrp'] = (int) $maingrp > 0 ? $maingrp : $ruser['user_maingrp'];
    $ruser['user_passsalt'] = cot_unique(16);
    $ruser['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
    $ruser['user_password'] = cot_hash($ruser['user_password'], $ruser['user_passsalt'], $ruser['user_passfunc']);
    $ruser['user_birthdate'] = is_null($ruser['user_birthdate']) || $ruser['user_birthdate'] > $sys['now'] ? '0000-00-00' : cot_stamp2date($ruser['user_birthdate']);
    $ruser['user_lostpass'] = md5(microtime());
    cot_shield_update(20, "Registration");
    $ruser['user_hideemail'] = 1;
    $ruser['user_theme'] = $cfg['defaulttheme'];
    $ruser['user_scheme'] = $cfg['defaultscheme'];
    $ruser['user_lang'] = empty($ruser['user_lang']) ? $cfg['defaultlang'] : $ruser['user_lang'];
    $ruser['user_regdate'] = (int) $sys['now'];
    $ruser['user_logcount'] = 0;
    $ruser['user_lastip'] = empty($ruser['user_lastip']) ? $usr['ip'] : $ruser['user_lastip'];
    $ruser['user_token'] = cot_unique(16);
    if (!$db->insert($db_users, $ruser)) {
        return;
    }
    $userid = $db->lastInsertId();
    $db->insert($db_groups_users, array('gru_userid' => (int) $userid, 'gru_groupid' => (int) $ruser['user_maingrp']));
    cot_extrafield_movefiles();
    /* === Hook for the plugins === */
    foreach (cot_getextplugins('users.adduser.done') as $pl) {
        include $pl;
    }
    /* ===== */
    if ($ruser['user_maingrp'] == 2 && $sendemail) {
        if ($cfg['users']['regrequireadmin']) {
            $subject = $L['aut_regrequesttitle'];
            $body = sprintf($L['aut_regrequest'], $ruser['user_name']);
            $body .= "\n\n" . $L['aut_contactadmin'];
            cot_mail($ruser['user_email'], $subject, $body);
            $subject = $L['aut_regreqnoticetitle'];
            $inactive = $cfg['mainurl'] . '/' . cot_url('users', 'gm=2&s=regdate&w=desc', '', true);
            $body = sprintf($L['aut_regreqnotice'], $ruser['user_name'], $inactive);
            cot_mail($cfg['adminemail'], $subject, $body);
        } else {
            $subject = $L['Registration'];
            $activate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=1', '', true);
            $deactivate = $cfg['mainurl'] . '/' . cot_url('users', 'm=register&a=validate&token=' . $ruser['user_token'] . '&v=' . $ruser['user_lostpass'] . '&y=0', '', true);
            $body = sprintf($L['aut_emailreg'], $ruser['user_name'], $activate, $deactivate);
            $body .= "\n\n" . $L['aut_contactadmin'];
            cot_mail($ruser['user_email'], $subject, $body);
        }
    }
    return $userid;
}
Exemplo n.º 4
0
     cot_error('aut_usernamealreadyindb', 'rusername');
 }
 if (!cot_check_email($ruser['user_email'])) {
     cot_error('aut_emailtooshort', 'ruseremail');
 }
 if ($ruser['user_email'] != $urr['user_email'] && $db->query("SELECT COUNT(*) FROM {$db_users} WHERE user_email = ?", array($ruser['user_email']))->fetchColumn() > 0) {
     cot_error('aut_emailalreadyindb', 'ruseremail');
 }
 if (!empty($rusernewpass) && mb_strlen($rusernewpass) < 4) {
     cot_error('aut_passwordtooshort', 'rusernewpass');
 }
 if (!cot_error_found()) {
     if (!empty($rusernewpass)) {
         $ruser['user_passsalt'] = cot_unique(16);
         $ruser['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
         $ruser['user_password'] = cot_hash($rusernewpass, $ruser['user_passsalt'], $ruser['user_passfunc']);
     }
     $ruser['user_name'] = $ruser['user_name'] == '' ? $urr['user_name'] : $ruser['user_name'];
     $ruser['user_birthdate'] = is_null($ruser['user_birthdate']) ? '0000-00-00' : cot_stamp2date($ruser['user_birthdate']);
     if (!$ruserbanned) {
         $ruser['user_banexpire'] = 0;
     }
     if ($ruserbanned && $ruser['user_banexpire'] > 0) {
         $ruser['user_banexpire'] += $sys['now'];
     }
     if ($ruser['user_name'] != $urr['user_name']) {
         $newname = $ruser['user_name'];
         $oldname = $urr['user_name'];
         if (cot_module_active('forums')) {
             require_once cot_incfile('forums', 'module');
             $db->update($db_forum_topics, array('ft_lastpostername' => $newname), 'ft_lastpostername = ?', array($oldname));
Exemplo n.º 5
0
     }
     if (!cot_error_found()) {
         $ruserpass = array();
         $ruserpass['user_passsalt'] = cot_unique(16);
         $ruserpass['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
         $ruserpass['user_password'] = cot_hash($rnewpass1, $ruserpass['user_passsalt'], $ruserpass['user_passfunc']);
         $db->update($db_users, $ruserpass, "user_id={$usr['id']}");
         unset($ruserpass);
         cot_message('Password_updated');
     }
 }
 if (!empty($ruseremail) && (!empty($rmailpass) || $cfg['users']['user_email_noprotection']) && $cfg['users']['useremailchange'] && $ruseremail != $urr['user_email']) {
     $sqltmp = $db->query("SELECT COUNT(*) FROM {$db_users} WHERE user_email='" . $db->prep($ruseremail) . "'");
     $res = $sqltmp->fetchColumn();
     if (!$cfg['users']['user_email_noprotection']) {
         $rmailpass = cot_hash($rmailpass, $urr['user_passsalt'], $urr['user_passfunc']);
         if ($rmailpass != $urr['user_password']) {
             cot_error('pro_wrongpass', 'rmailpass');
         }
     }
     if (!cot_check_email($ruseremail)) {
         cot_error('aut_emailtooshort', 'ruseremail');
     }
     if ($res > 0) {
         cot_error('aut_emailalreadyindb', 'ruseremail');
     }
     if (!cot_error_found()) {
         if (!$cfg['users']['user_email_noprotection']) {
             $validationkey = md5(microtime());
             $db->update($db_users, array('user_email' => $ruseremail, 'user_lostpass' => $validationkey, 'user_maingrp' => '-1', 'user_sid' => $urr['user_maingrp']), "user_id='" . $usr['id'] . "'");
             $rsubject = $L['aut_mailnoticetitle'];