// Special form template that will be replaced to current skin on ajax response $Form->fieldstart = '#fieldstart#'; $Form->fieldend = '#fieldend#'; $Form->labelclass = '#labelclass#'; $Form->labelstart = '#labelstart#'; $Form->labelend = '#labelend#'; $Form->inputstart = '#inputstart#'; $Form->inputend = '#inputend#'; $org_suffix .= ' ' . get_icon('add', 'imgtag', array('class' => 'add_org', 'style' => 'cursor:pointer')); $org_suffix .= ' ' . get_icon('minus', 'imgtag', array('class' => 'remove_org', 'style' => 'cursor:pointer')); $Form->select_input_object('organizations[]', 0, $OrganizationCache, T_('Organization'), array('allow_none' => $first_org ? true : false, 'field_suffix' => $org_suffix)); break; case 'autocomplete_usernames': // Get usernames by first chars for autocomplete jQuery plugin & TinyMCE autocomplete plugin $q = param('q', 'string', ''); if (!is_valid_login($q) || evo_strlen($q) < 4) { // Restrict a wrong request debug_die('Wrong request'); } // Add backslash for special char of sql operator LIKE $q = str_replace('_', '\\_', $q); if (utf8_strlen($q) == 0) { // Don't search logins with empty request $usernames = array(); } else { $SQL = new SQL(); $SQL->SELECT('user_login'); $SQL->FROM('T_users'); $SQL->WHERE('user_login LIKE ' . $DB->quote($q . '%')); $SQL->WHERE_and('user_status = "activated" OR user_status = "autoactivated"'); $SQL->ORDER_BY('user_login');
?> <!DOCTYPE html> <html> <head> <style> body{ background-color:#efefef; text-align:center; } </style> </head> <body> <div style = "margin:0 auto;margin-top:32px;margin-bottom:32px;width:100%;"> <?php require_once '../scripts/functions.php'; $un = $_SESSION['username']; $em = get_email($_SESSION['username']); $op = $_POST['oldpass1']; $np = $_POST['newpass1']; error_reporting(0); if (!is_valid_login($em, $op)) { echo "Your information could not be validated."; } else { change_password($em, $np); echo "Password successfully changed."; } ?> </div> <a href="javascript: self.close()">[x] close this window</a> </body> </html>
/** * Get user media directory subpath, e.g. users/{login}/ or users/usr_{user ID}/ */ function get_media_subpath() { if (is_valid_login($this->login, true)) { // Valid ASCII login, use it as is return 'users/' . $this->login . '/'; } else { // Non-ASCII login return 'users/usr_' . $this->ID . '/'; } }
/** * Check if the value is a valid login (in terms of allowed chars) * * @param string param name * @return boolean true if OK */ function param_check_valid_login($var) { global $Settings; if (empty($GLOBALS[$var])) { // empty variable is OK return T_('Please choose a username.'); } $check = is_valid_login($GLOBALS[$var]); if (!$check || $check === 'usr') { if ($check === 'usr') { // Special case, the login is valid however we forbid it's usage. $msg = T_('Logins cannot start with "usr_", this prefix is reserved for system use.'); } elseif (!isset($Settings) || $Settings->get('strict_logins')) { $msg = T_('Logins can only contain letters, digits and the following characters: _ .'); } else { $msg = sprintf(T_('Logins cannot contain whitespace and the following characters: %s'), '\', ", >, <, @'); } param_error($var, $msg); return false; } return true; }