Exemplo n.º 1
0
include "../include/resource_functions.php";
//for checking scr access
include "../include/search_functions.php";
include_once "../include/collections_functions.php";
include_once '../include/render_functions.php';
# External access support (authenticate only if no key provided, or if invalid access key provided)
$s = explode(" ", getvalescaped("search", ""));
$k = getvalescaped("k", "");
if ($k == "" || !check_access_key_collection(str_replace("!collection", "", $s[0]), $k)) {
    include "../include/authenticate.php";
}
if ($k == "") {
    #note current user collection for add/remove links if we haven't got it set already
    if (!isset($usercollection)) {
        if (isset($anonymous_login) && $username == $anonymous_login && isset($rs_session) && $anonymous_user_session_collection) {
            $sessioncollections = get_session_collections($rs_session, $userref, true);
            $usercollection = $sessioncollections[0];
            $collection_allow_creation = false;
            // Hide all links that allow creation of new collections
        } else {
            if (isset($user)) {
                $user = get_user($userref);
            }
            $usercollection = $user['current_collection'];
        }
    }
}
# Disable checkboxes for external users.
if ($k != "") {
    $use_checkboxes_for_selection = false;
}
Exemplo n.º 2
0
 function auto_create_user_account()
 {
     # Automatically creates a user account (which requires approval unless $auto_approve_accounts is true).
     global $applicationname, $user_email, $baseurl, $email_notify, $lang, $user_account_auto_creation_usergroup, $registration_group_select, $auto_approve_accounts, $auto_approve_domains, $customContents;
     # Work out which user group to set. Allow a hook to change this, if necessary.
     $altgroup = hook("auto_approve_account_switch_group");
     if ($altgroup !== false) {
         $usergroup = $altgroup;
     } else {
         $usergroup = $user_account_auto_creation_usergroup;
     }
     if ($registration_group_select) {
         $usergroup = getvalescaped("usergroup", "", true);
         # Check this is a valid selectable usergroup (should always be valid unless this is a hack attempt)
         if (sql_value("select allow_registration_selection value from usergroup where ref='{$usergroup}'", 0) != 1) {
             exit("Invalid user group selection");
         }
     }
     $newusername = escape_check(make_username(getval("name", "")));
     #check if account already exists
     $check = sql_value("select email value from user where email = '{$user_email}'", "");
     if ($check != "") {
         return $lang["useremailalreadyexists"];
     }
     # Prepare to create the user.
     $email = trim(getvalescaped("email", ""));
     $password = make_password();
     # Work out if we should automatically approve this account based on $auto_approve_accounts or $auto_approve_domains
     $approve = false;
     # Block immediate reset
     $bypassemail = false;
     if ($auto_approve_accounts == true) {
         $approve = true;
         $bypassemail = true;
         // We can send user  direct to password reset page
     } elseif (count($auto_approve_domains) > 0) {
         # Check e-mail domain.
         foreach ($auto_approve_domains as $domain => $set_usergroup) {
             // If a group is not specified the variables don't get set correctly so we need to correct this
             if (is_numeric($domain)) {
                 $domain = $set_usergroup;
                 $set_usergroup = "";
             }
             if (substr(strtolower($email), strlen($email) - strlen($domain) - 1) == "@" . strtolower($domain)) {
                 # E-mail domain match.
                 $approve = true;
                 # If user group is supplied, set this
                 if (is_numeric($set_usergroup)) {
                     $usergroup = $set_usergroup;
                 }
             }
         }
     }
     # Create the user
     sql_query("insert into user (username,password,fullname,email,usergroup,comments,approved) values ('" . $newusername . "','" . $password . "','" . getvalescaped("name", "") . "','" . $email . "','" . $usergroup . "','" . escape_check($customContents) . "'," . ($approve ? 1 : 0) . ")");
     $new = sql_insert_id();
     hook("afteruserautocreated", "all", array("new" => $new));
     if ($approve) {
         # Auto approving
         global $anonymous_login;
         if (isset($anonymous_login)) {
             global $rs_session;
             $rs_session = get_rs_session_id();
             if ($rs_session == false) {
                 break;
             }
             # Copy any anonymous session collections to the new user account
             if (!function_exists("get_session_collections")) {
                 include_once dirname(__FILE__) . "/../include/collections_functions.php";
             }
             global $username, $userref;
             $username = $anonymous_login;
             $userref = sql_value("SELECT ref value FROM user where username='******'", "");
             $sessioncollections = get_session_collections($rs_session, $userref, false);
             if (count($sessioncollections) > 0) {
                 foreach ($sessioncollections as $sessioncollection) {
                     update_collection_user($sessioncollection, $new);
                 }
                 sql_query("UPDATE user SET current_collection='{$sessioncollection}' WHERE ref='{$new}'");
             }
         }
         if ($bypassemail) {
             // No requirement to check anything else e.g. a valid email domain. We can take user direct to the password reset page to set the new account
             $password_reset_url_key = create_password_reset_key($newusername);
             redirect($baseurl . "?rp=" . $new . $password_reset_url_key);
             exit;
         } else {
             email_reset_link($email, true);
             redirect($baseurl . "/pages/done.php?text=user_request");
             exit;
         }
     } else {
         # Not auto approving.
         # Build a message to send to an admin notifying of unapproved user (same as email_user_request(),
         # but also adds the new user name to the mail)
         $message = $lang["userrequestnotification1"] . "\n\n" . $lang["name"] . ": " . getval("name", "") . "\n\n" . $lang["email"] . ": " . getval("email", "") . "\n\n" . $lang["comment"] . ": " . getval("userrequestcomment", "") . "\n\n" . $lang["ipaddress"] . ": '" . $_SERVER["REMOTE_ADDR"] . "'\n\n" . $customContents . "\n\n" . $lang["userrequestnotification3"] . "\n{$baseurl}?u=" . $new;
         send_mail($email_notify, $applicationname . ": " . $lang["requestuserlogin"] . " - " . getval("name", ""), $message, "", $user_email, "", "", getval("name", ""));
     }
     return true;
 }
Exemplo n.º 3
0
function setup_user($userdata)
{
    # Given an array of user data loaded from the user table, set up all necessary global variables for this user
    # including permissions, current collection, config overrides and so on.
    global $userpermissions, $usergroup, $usergroupname, $usergroupparent, $useremail, $userpassword, $userfullname, $userfixedtheme, $ip_restrict_group, $ip_restrict_user, $rs_session, $global_permissions, $userref, $username, $anonymous_user_session_collection, $global_permissions_mask, $user_preferences, $userrequestmode, $usersearchfilter, $usereditfilter, $userderestrictfilter, $hidden_collections, $userresourcedefaults, $userrequestmode, $request_adds_to_collection, $usercollection, $lang, $validcollection;
    # Hook to modify user permissions
    if (hook("userpermissions")) {
        $userdata["permissions"] = hook("userpermissions");
    }
    $userref = $userdata["ref"];
    $username = $userdata["username"];
    # Create userpermissions array for checkperm() function
    $userpermissions = array_diff(array_merge(explode(",", trim($global_permissions)), explode(",", trim($userdata["permissions"]))), explode(",", trim($global_permissions_mask)));
    $userpermissions = array_values($userpermissions);
    # Resquence array as the above array_diff() causes out of step keys.
    $usergroup = $userdata["usergroup"];
    $usergroupname = $userdata["groupname"];
    $usergroupparent = $userdata["parent"];
    $useremail = $userdata["email"];
    $userpassword = $userdata["password"];
    $userfullname = $userdata["fullname"];
    if (!isset($userfixedtheme)) {
        $userfixedtheme = $userdata["fixed_theme"];
    }
    # only set if not set in config.php
    $ip_restrict_group = trim($userdata["ip_restrict_group"]);
    $ip_restrict_user = trim($userdata["ip_restrict_user"]);
    if (isset($rs_session)) {
        if (!function_exists("get_user_collections")) {
            include_once "collections_functions.php";
        }
        // Get all the collections that relate to this session
        $sessioncollections = get_session_collections($rs_session, $userref, true);
        if ($anonymous_user_session_collection) {
            // Just get the first one if more
            $usercollection = $sessioncollections[0];
            $collection_allow_creation = false;
            // Hide all links that allow creation of new collections
        } else {
            // Unlikely scenario, but maybe we do allow anonymous users to change the selected collection for all other anonymous users
            $usercollection = $userdata["current_collection"];
        }
    } else {
        $usercollection = $userdata["current_collection"];
        // Check collection actually exists
        $validcollection = sql_value("select ref value from collection where ref='{$usercollection}'", 0);
        if ($validcollection == 0) {
            // Not a valid collection - switch to user's primary collection if there is one
            $usercollection = sql_value("select ref value from collection where user='******' and name like 'My Collection%' order by created asc limit 1", 0);
            if ($usercollection != 0) {
                # set this to be the user's current collection
                sql_query("update user set current_collection='{$usercollection}' where ref='{$userref}'");
            }
        }
        if ($usercollection == 0 || !is_numeric($usercollection)) {
            # Create a collection for this user
            global $lang;
            include_once "collections_functions.php";
            # Make sure collections functions are included before create_collection
            # The collection name is translated when displayed!
            $usercollection = create_collection($userref, "My Collection", 0, 1);
            # Do not translate this string!
            # set this to be the user's current collection
            sql_query("update user set current_collection='{$usercollection}' where ref='{$userref}'");
        }
    }
    $usersearchfilter = $userdata["search_filter"];
    $usereditfilter = $userdata["edit_filter"];
    $userderestrictfilter = $userdata["derestrict_filter"];
    $hidden_collections = explode(",", $userdata["hidden_collections"]);
    $userresourcedefaults = $userdata["resource_defaults"];
    $userrequestmode = trim($userdata["request_mode"]);
    $userpreferences = $user_preferences ? sql_query("SELECT user, `value` AS colour_theme FROM user_preferences WHERE user = '******' AND parameter = 'colour_theme';") : FALSE;
    $userpreferences = $userpreferences && isset($userpreferences[0]) ? $userpreferences[0] : FALSE;
    # Some alternative language choices for basket mode / e-commerce
    if ($userrequestmode == 2 || $userrequestmode == 3) {
        $lang["addtocollection"] = $lang["addtobasket"];
        $lang["action-addtocollection"] = $lang["addtobasket"];
        $lang["addtocurrentcollection"] = $lang["addtobasket"];
        $lang["requestaddedtocollection"] = $lang["buyitemaddedtocollection"];
        $lang["action-request"] = $lang["addtobasket"];
        $lang["managemycollections"] = $lang["viewpurchases"];
        $lang["mycollection"] = $lang["yourbasket"];
        $lang["action-removefromcollection"] = $lang["removefrombasket"];
        $lang["total-collections-0"] = $lang["total-orders-0"];
        $lang["total-collections-1"] = $lang["total-orders-1"];
        $lang["total-collections-2"] = $lang["total-orders-2"];
        # The request button (renamed "Buy" by the line above) should always add the item to the current collection.
        $request_adds_to_collection = true;
    }
    # Apply config override options
    $config_options = trim($userdata["config_options"]);
    if ($config_options != "") {
        // We need to get all globals as we don't know what may be referenced here
        extract($GLOBALS, EXTR_REFS | EXTR_SKIP);
        eval($config_options);
    }
}