function session($user, $pass)
{
$user_file = 'config/users/' . $user . '.ini';
if (!file_exists($user_file)) {
return $str = '<li>Username not found in our record.</li>';
}
$user_enc = user('encryption', $user);
$user_pass = user('password', $user);
$user_role = user('role', $user);
if ($user_enc == "password_hash") {
if (password_verify($pass, $user_pass)) {
if (password_needs_rehash($user_pass, PASSWORD_DEFAULT)) {
update_user($user, $pass, $user_role);
}
$_SESSION[config("site.url")]['user'] = $user;
header('location: admin');
} else {
return $str = '<li>Your username and password mismatch.</li>';
}
} else {
if (old_password_verify($pass, $user_enc, $user_pass)) {
update_user($user, $pass, $user_role);
$_SESSION[config("site.url")]['user'] = $user;
header('location: admin');
} else {
return $str = '<li>Your username and password mismatch.</li>';
}
}
}
function admin_test_main()
{
// Create user
echo '<br><h3>Creating User.</h3><br>';
$user_1 = user_1();
user\add_user($user_1);
echo '<br><h3>User created!</h3><br>';
// Verify
$user_1_db = user\authenticate_user($user_1['email_address'], $user_1['password']);
$user_1_id = $user_1_db['id'];
echo "<br><h3>User ID: {$user_1_id}</h3><br>";
// Update user
echo "<br><h3>Updating User.</h3><br>";
$user_1_db['email_address'] = '*****@*****.**';
$user_1_db['last_name'] = 'Two';
update_user($user_1_db);
echo "<br><h3>User Updated!</h3><br>";
// Verify
$user_2_db = user\authenticate_user('*****@*****.**', $user_1['password']);
$new_last_name = $user_2_db['last_name'];
echo "<br><h3>New User Last Name: {$user_2_db}";
// Delete user
echo "<br><h3>Deleting User.</h3><br>";
delete_user(array("user_id" => $user_1_id));
echo "<br><h3>User deleted!</h3><br>";
}
function set_cookie($data)
{
//задаем cookie с уникальным идентификатором польз-ля
setcookie('user_id', $data['user_id'], time() + 3600 * 24 * 30);
//задаем cookie с хэш-строкой польз-ля
$hash_str = hash_gen(10);
update_user($data['user_id'], $hash_str);
setcookie('user_hash', $hash_str, time() + 3600 * 24 * 30);
header('Location: index.php');
exit;
}
function recover($mode, $email)
{
$mode = sanitize($mode);
$email = sanitize($email);
$user_data = user_data(user_id_from_email($email), 'first_name', 'username');
if ($mode == 'username') {
email($email, 'Your username recvory', "Hello" . $user_data['first_name'] . ",\n\nYour username is:" . $user_data['username'] . "\n\n-stumbleupon");
} else {
if ($mode == 'password') {
$generated_password = substr(md5(rand(999, 999999)), 0, 8);
change_password($user_data['user_id'], $generated_password);
update_user($user_data['user_data'], array('password_recover' => '1'));
email($email, 'Your password recvory', "Hello" . $user_data['first_name'] . ",\n\nYour New Password is:" . $generated_password . "\n\n-StumbleUpon");
}
}
}
public function index()
{
$root = array();
$root['return'] = 1;
$email = addslashes($GLOBALS['request']['email']);
//用户名或邮箱
$pwd = addslashes($GLOBALS['request']['pwd']);
//密码
$user_info = user_check($email, $pwd);
$user_id = intval($user_info['id']);
if (!$user_info) {
$root['status'] = 0;
$root['message'] = "用户已失效,无法升级";
output($root);
} else {
$upd_user_name = addslashes($GLOBALS['request']['upd_user_name']);
$upd_password = addslashes($GLOBALS['request']['upd_password']);
$user_data = array('id' => $user_id, 'user_name' => $upd_user_name, 'user_pwd' => $upd_password, 'email' => $upd_user_name);
$res = update_user($user_id, $user_data);
//print_r($res);
if ($res['status'] == 1) {
$root['status'] = 1;
$root['uid'] = $user_id;
$root['user_name'] = $upd_user_name;
$root['password'] = md5($upd_password);
$root['is_account'] = 1;
output($root);
} else {
$error = $res['data'];
if (!$error['field_show_name']) {
$error['field_show_name'] = $GLOBALS['lang']['USER_TITLE_' . strtoupper($error['field_name'])];
}
if ($error['error'] == EMPTY_ERROR) {
$error_msg = sprintf($GLOBALS['lang']['EMPTY_ERROR_TIP'], $error['field_show_name']);
}
if ($error['error'] == FORMAT_ERROR) {
$error_msg = sprintf($GLOBALS['lang']['FORMAT_ERROR_TIP'], $error['field_show_name']);
}
if ($error['error'] == EXIST_ERROR) {
$error_msg = sprintf($GLOBALS['lang']['EXIST_ERROR_TIP'], $error['field_show_name']);
}
$root['status'] = 0;
$root['message'] = $error_msg;
output($root);
}
}
}
/**
* Updates a user.
*/
function author_save()
{
global $txp_user;
require_privs('admin.edit');
extract(psa(array('privs', 'name', 'RealName', 'email')));
$privs = assert_int($privs);
if (!is_valid_email($email)) {
author_list(array(gTxt('email_required'), E_ERROR));
return;
}
$rs = update_user($name, $email, $RealName);
if ($rs && ($txp_user === $name || change_user_group($name, $privs))) {
author_list(gTxt('author_updated', array('{name}' => $RealName)));
return;
}
author_list(array(gTxt('author_save_failed'), E_ERROR));
}
function recover($mode, $email)
{
$user_data = user_data(user_id_from_email($email), 'user_id', 'first_name', 'username');
if ($mode == 'username') {
// recover username
email($email, 'Your username', "Hello " . $user_data['first_name'] . ",\n\nYour username is: " . $user_data['username'] . "\n\n-sparklet");
} else {
if ($mode == 'password') {
// recover password
$generated_password = substr(md5(rand(999, 999999)), 0, 8);
// die($generated_password);
change_password($user_data['user_id'], $generated_password);
update_user($user_data['user_id'], array('password_recover' => '1'));
email($email, 'Your password recovery', "Hello " . $user_data['first_name'] . ",\n\nYour new password is: " . $generated_password . "\n\n-sparklet");
}
}
}
function recover($mode, $email)
{
$mode = sanitize($mode);
$email = sanitize($email);
$user_data = user_data(user_id_from_email($email), 'user_id', 'first_name');
if ($mode == 'username') {
email($email, 'Your username', " Hello " . $userdata['first_name'] . ",\n\nYour username is : " . $user_data['username'] . "\n\n-Utkal Placement");
} else {
if ($mode == 'password') {
$temp_password = substr(md5(rand(9999, 999999)), 0, 8);
change_password($user_data['user_id'], $temp_password);
update_user($user_data['user_id'], array('password_recover' => '1'));
email($email, 'Your password Recovery', " Hello " . $userdata['first_name'] . ",\n\nYour new password is : " . $temp_password . "\n\nPlease log in to change this.\n\n-Utkal Placement");
}
}
//$temp_pass= md5($temp_pass);
//mysql_query("UPDATE `users` SET `pass_temp` = '$temp_pass' WHERE `email` = '$email'");
}
function recover($mode, $email)
{
// recupereaza numele de utilizator sau parola - $mode poate lua valoarea de 'username' sau 'password'
include 'core/db/db_connection.php';
$mode = sanitize($mode);
$email = sanitize($email);
$user_data = user_data(get_user_id_from_email($email), 'user_id', 'first_name', 'username');
if ($mode == 'username') {
email($email, 'Your username', "\n\t\t\t\tHello " . $user_data['first_name'] . ", <br><br>\n\t\t\t\tYour username is " . $user_data['username'] . " <br><br>\n\t\t\t\t-worldtour team\n\t\t\t");
} else {
if ($mode == 'password') {
$generated_password = substr(md5(rand(777, 7777)), 0, 7);
// generam o parola random de 7 caractere pe care o criptam cu md5
change_password($user_data['user_id'], $generated_password);
update_user($user_data['user_id'], array('pwd_recovery' => '1'));
// folosim un 'flag' asupra contului pentru a forta utilizatorul sa-si schimbe parola generata de noi prima oara cand se logheaza
email($email, 'Password recovery', "\n\t\t\t\tHello " . $user_data['first_name'] . ", <br><br>\n\t\t\t\tYour new password is " . $generated_password . "<br><br>\n\t\t\t\tKindly note that this is a temporary password and you are required to change it on your first log in. <br><br>\n\t\t\t\t-worldtour team\n\t\t\t");
}
}
}
function save_user($entity)
{
if (!$entity->is_new()) {
return update_user($entity);
} else {
if ($entity->validate()) {
global $__db_conn;
$sql = "INSERT INTO user(created_at,updated_at,username,password,role) values (':created_at:',':updated_at:',':username:'******':password:'******':role:')";
$sql = str_replace(":created_at:", Date("Y-m-d"), $sql);
$sql = str_replace(":updated_at:", Date("Y-m-d"), $sql);
preg_match_all("/:([a-zA-Z_0-9]*):/", $sql, $matches);
foreach ($matches[1] as $attr) {
$sql = str_replace(":{$attr}:", $entity->{$attr}, $sql);
}
mysql_query($sql, $__db_conn);
$entity->id = mysql_insert_id($__db_conn);
return true;
} else {
return false;
}
}
}
foreach ($bill_access_list as $ac) {
if ($ac == $bill['bill_id']) {
$done = 1;
}
}
if (!$done) {
echo "<option value='" . $bill['bill_id'] . "'>" . $bill['bill_name'] . "</option>";
}
}
echo "</select>\n </div>\n <button type='submit' class='btn btn-default' name='Submit' value='Add'>Add</button>\n </form>\n </div>";
} elseif ($vars['user_id'] && $vars['edit']) {
if (!empty($vars['new_level'])) {
if ($vars['can_modify_passwd'] == 'on') {
$vars['can_modify_passwd'] = '1';
}
update_user($vars['user_id'], $vars['new_realname'], $vars['new_level'], $vars['can_modify_passwd'], $vars['new_email']);
print_message("User has been updated");
}
if (can_update_users() == '1') {
$users_details = get_user($vars['user_id']);
if (!empty($users_details)) {
if (empty($vars['new_realname'])) {
$vars['new_realname'] = $users_details['realname'];
}
if (empty($vars['new_level'])) {
$vars['new_level'] = $users_details['level'];
}
if (empty($vars['can_modify_passwd'])) {
$vars['can_modify_passwd'] = $users_details['can_modify_passwd'];
} elseif ($vars['can_modify_passwd'] == 'on') {
$vars['can_modify_passwd'] = '1';
function handle_user_update(&$HTTP_VARS, &$errors)
{
$user_r = fetch_user_r($HTTP_VARS['user_id']);
if (is_not_empty_array($user_r)) {
if (validate_user_info($user_r, $HTTP_VARS, $address_attribs_provided, $errors)) {
if (update_user($HTTP_VARS['user_id'], $HTTP_VARS['fullname'], $HTTP_VARS['uid_language'], $HTTP_VARS['uid_theme'], $HTTP_VARS['email_addr'], $HTTP_VARS['user_role'])) {
return update_user_addresses($user_r, $address_provided_r, $HTTP_VARS, $errors);
} else {
$db_error = db_error();
$errors[] = array('error' => get_opendb_lang_var('user_not_updated', 'user_id', $HTTP_VARS['user_id']), 'detail' => $db_error);
return FALSE;
}
} else {
return FALSE;
}
} else {
$errors[] = array('error' => get_opendb_lang_var('user_not_found', 'user_id', $HTTP_VARS['user_id']));
return FALSE;
}
}
} else {
return false;
}
}
function get_action($code)
{
global $ACTIONS;
return isset($ACTIONS[$code]) ? $ACTIONS[$code] : null;
}
function delete_action($code)
{
global $ACTIONS;
if (isset($ACTIONS[$code])) {
unset($ACTIONS[$code]);
return true;
} else {
return false;
}
}
function update_action($par)
{
if (isset($par['code']) && delete_action($par['code'])) {
add_action($par);
}
}
add_action(array('code' => 'track_activity', 'rule' => 'public', 'category' => 'all', 'zone' => 'before_template', 'priority' => 1000, 'function' => function () {
if (check_login()) {
$ID = current_user('ID');
update_user($ID, array('last_activity' => date('c'), 'last_place' => BASE_URL . $_SERVER['REQUEST_URI']));
}
}));
// attributes associated with
// a user
// the caller wishes to update
// attributes associated with
// a user
case "update_user":
$uid = $_POST['ajax_uid'];
$fname = $_POST['ajax_fname'];
$lname = $_POST['ajax_lname'];
$email = $_POST['ajax_email'];
$active = $_POST['ajax_active'];
$new_passwd = "";
if (isset($_POST['ajax_newpasswd'])) {
$new_passwd = $_POST['ajax_newpasswd'];
}
update_user($uid, $new_passwd, $fname, $lname, $email, $active);
break;
// the caller wishes to add a new
// user to the db
// the caller wishes to add a new
// user to the db
case "add_user":
$uname = $_POST['ajax_uname'];
$passwd = $_POST['ajax_passwd'];
$fname = $_POST['ajax_fname'];
$lname = $_POST['ajax_lname'];
$email = $_POST['ajax_email'];
$active = $_POST['ajax_active'];
add_user($uname, $passwd, $fname, $lname, $email, $active);
// regenerate the user list
// and send back the new list
if (false !== strpos(Session::allowedSensors($login), $sensor_ip)) {
if ($sensors == "") {
$sensors = $sensor_ip;
} else {
$sensors .= "," . $sensor_ip;
}
}
}
foreach ($ACL_MAIN_MENU as $mainmenu => $menus) {
foreach ($menus as $key => $menu) {
if ($gacl->acl_check($mainmenu, $key, ACL_DEFAULT_USER_SECTION, $login)) {
$perm_id = $permids[$mainmenu][$key];
if ($perm_id > 0) {
$perms[$perm_id] = true;
}
}
}
}
$template_id = insert_template($conn, $login . "_gacl", $nets, $sensors, $perms);
if ($template_id > 0) {
echo "Template '" . $login . "_gacl' ID{$template_id} successfully inserted into 'acl_templates'\n";
if (update_user($conn, $login, $template_id)) {
echo "...asigned to user {$login}\n\n";
} else {
echo "...not asigned to user {$login}. An error has occured\n\n";
}
} else {
echo "Error creating template '" . $login . "_gacl'\n";
}
}
$db->close();
$data['surname'] = $this->input->post('surname');
if ($_POST['password'] != '') {
$data['password'] = md5($this->input->post('password'));
}
$data['role'] = $this->input->post('role');
// Have barcode?
$this->db->where('status', '1');
$this->db->where('email', $data['email']);
$this->db->where_not_in('id', $user['id']);
$query = $this->db->get('users')->result_array();
if ($query) {
alertbox('alert-danger', get_lang('E-mail address is registered.'));
$continue = false;
}
if ($continue) {
if (update_user($user['id'], $data)) {
alertbox('alert-success', get_lang('Operation is Successful'), '');
$user = get_user(array('id' => $user_id));
?>
<script>$(document).ready(function(){$('#page_title').html('<?php
echo $user['display_name'];
?>
'); });</script>
<?php
}
}
}
}
?>
$password = $pass1;
} else {
$password = '';
}
//* if Delete User Checked
if ($deleteuser) {
$success = delete_user($seluserid);
optimizemysqltable('users');
if ($success) {
action_success('User Delete Success!');
} else {
action_failure('User Delete Failure!');
}
unset($seluserid);
} elseif ($seluserid && $username && $fullname && $localityid) {
$success = update_user($seluserid, $username, $password, $fullname, $email, $localityid);
if ($success) {
optimizemysqltable('users');
action_success('User Update Success!');
} else {
action_failure('User Update Failure!');
}
} elseif ($username && $password && $fullname && $localityid) {
$nextid = nextautoid('users');
$success = insert_user($seluserid, $username, $password, $fullname, $email, $localityid);
if ($success) {
action_success('User Insert Success!');
$seluserid = $nextid;
optimizemysqltable('adminusers');
} else {
action_failure('User Insert Failure!');
protected function syncUserToFA($ldap, $username, $password, $primaryGroup)
{
// FIXME: these should probably be fetched from the configuration variables
// default user settings for LDAP-based users
$language = 'en_GB';
$profile = '';
$rep_popup = '1';
$pos = '1';
$isActive = '1';
$userArray = '';
// settings available from LDAP
$uid = $ldap->getAttribute('uid');
$name = $ldap->getAttribute('sn') . " " . $ldap->getAttribute('givenname');
$mobilephone = $ldap->getAttribute('mobile');
$email = $ldap->getAttribute('mail');
// connect to FA database
set_global_connection();
// get role ID from primary group
$map = $this->getConfigValue('group_role_map');
$userRole = $map[$primaryGroup];
// FIXME: should error if empty
$sql = "SELECT id FROM " . TB_PREF . "security_roles WHERE role = " . db_escape($userRole);
$query = db_query($sql, "could not get user role for {$userRole}");
$ret = db_fetch($query);
// FIXME: should error if empty
$role_id = $ret[0];
// check for existing user in FA
$user = get_user_by_login($username);
// if user exists
if ($user) {
// update FA user from LDAP
$dbid = $user[0];
// FIXME: LDAP attribute IDs could be supplied in config for site-specific LDAP compatibility
update_user($dbid, $uid, $name, $mobilephone, $email, $role_id, $language, $profile, $rep_popup, $pos);
// FIXME: update password hash? what about re-auth requests?
// else
} else {
// prepare to create FA user from LDAP
// FIXME: LDAP attribute IDs could be supplied in config for site-specific LDAP compatibility
add_user($uid, $name, md5($password), $mobilephone, $email, $role_id, $language, $profile, $rep_popup, $pos);
// endif
}
}
echo "Invalid First name<br/>";
} else {
if (!valid_name($lastname)) {
echo "Invalid Last name<br/>";
} else {
if (!valid_address($address)) {
echo "Invalid Address name<br/>";
} else {
if (!ctype_digit($mobile)) {
echo "Invalid Mobile Number<br/>";
} else {
update_user($user_id, 'FirstName', $firstname);
update_user($user_id, 'LastName', $lastname);
update_user($user_id, 'Address', $address);
update_user($user_id, 'Gender', $gender);
update_user($user_id, 'Mobile', $mobile);
}
}
}
}
}
?>
<?php
$student = get_user_details($_SESSION['user_id']);
$fakes = array();
$fakes['Password'] = true;
$fakes['ID'] = true;
$fakes['AccountType'] = true;
$fakes['Username'] = true;
$fakes['Email'] = true;
function edituser($dir)
{
// Edit User
$user = stripslashes($GLOBALS['__POST']["user"]);
$data = find_user($user, NULL);
if ($data == NULL) {
show_error($user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]);
}
if ($self = $user == $GLOBALS['__SESSION']["s_user"]) {
$dir = "";
}
if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") {
$nuser = stripslashes($GLOBALS['__POST']["nuser"]);
if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") {
show_error($GLOBALS["error_msg"]["miscfieldmissed"]);
}
if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") {
if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) {
show_error($GLOBALS["error_msg"]["miscnopassmatch"]);
}
$pass = md5(stripslashes($GLOBALS['__POST']["pass1"]));
} else {
$pass = $data[1];
}
if ($self) {
$GLOBALS['__POST']["active"] = 1;
}
$data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $GLOBALS['__POST']["permissions"], $GLOBALS['__POST']["active"]);
if (!update_user($user, $data)) {
show_error($user . ": " . $GLOBALS["error_msg"]["saveuser"]);
}
if ($self) {
activate_user($nuser, NULL);
}
header("location: " . make_link("admin", $dir, NULL));
return;
}
show_header($GLOBALS["messages"]["actadmin"] . ": " . sprintf($GLOBALS["messages"]["miscedituser"], $data[0]));
// Javascript functions:
include "./.include/js_admin3.php";
echo "<FORM name=\"edituser\" action=\"" . make_link("admin", $dir, NULL) . "&action2=edituser\" method=\"post\">\n";
echo "<INPUT type=\"hidden\" name=\"confirm\" value=\"true\"><INPUT type=\"hidden\" name=\"user\" value=\"" . $data[0] . "\">\n";
echo "<BR><TABLE width=\"450\">\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscusername"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type\"text\" name=\"nuser\" size=\"30\" value=\"";
echo $data[0] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscconfpass"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass1\" size=\"30\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscconfnewpass"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass2\" size=\"30\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscchpass"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"checkbox\" name=\"chpass\" value=\"true\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["mischomedir"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_dir\" size=\"30\" value=\"";
echo $data[2] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["mischomeurl"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_url\" size=\"30\" value=\"";
echo $data[3] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscshowhidden"] . ":</TD>";
echo "<TD align=\"right\"><SELECT name=\"show_hidden\">\n";
echo "<OPTION value=\"0\">" . $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>";
echo "<OPTION value=\"1\"" . ($data[4] ? " selected " : "") . ">";
echo $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>\n";
echo "</SELECT></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["mischidepattern"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"text\" name=\"no_access\" size=\"30\" value=\"";
echo $data[5] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscperms"] . ":</TD><TD align=\"right\"><SELECT name=\"permissions\">\n";
$permvalues = array(0, 1, 2, 3, 7);
for ($i = 0; $i < count($GLOBALS["messages"]["miscpermnames"]); ++$i) {
echo "<OPTION value=\"" . $permvalues[$i] . "\"" . ($permvalues[$i] == $data[6] ? " selected " : "") . ">";
echo $GLOBALS["messages"]["miscpermnames"][$i] . "</OPTION>\n";
}
echo "</SELECT></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscactive"] . ":</TD>";
echo "<TD align=\"right\"><SELECT name=\"active\"" . ($self ? " DISABLED " : "") . ">\n";
echo "<OPTION value=\"1\">" . $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>";
echo "<OPTION value=\"0\"" . ($data[7] ? "" : " selected ") . ">";
echo $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>\n";
echo "</SELECT></TD></TR>\n";
echo "<TR><TD colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"" . $GLOBALS["messages"]["btnsave"];
echo "\" onClick=\"return check_pwd();\">\n<input type=\"button\" value=\"";
echo $GLOBALS["messages"]["btncancel"] . "\" onClick=\"javascript:location='";
echo make_link("admin", $dir, NULL) . "';\"></TD></TR></FORM></TABLE><BR>\n";
}
/**
* Update Users
*
* @static
* @param array $users multidimensional array with Users data
* @return boolean
*/
public static function update($users)
{
$result = false;
DBstart(false);
foreach ($users as $user) {
$result = update_user($user['userid'], $user);
if (!$result) {
break;
}
}
$result = DBend($result);
if ($result) {
return true;
} else {
self::$error = array('error' => ZBX_API_ERROR_INTERNAL, 'data' => 'Internal zabbix error');
return false;
}
}
if (isset($_REQUEST['userid'])) {
show_error_message(S_CANNOT_UPDATE_USER_BOTH_PASSWORDS);
} else {
show_error_message(S_CANNOT_ADD_USER_BOTH_PASSWORDS_MUST);
}
} else {
if (isset($_REQUEST['password1']) && $_REQUEST['alias'] == ZBX_GUEST_USER && !zbx_empty($_REQUEST['password1'])) {
show_error_message(S_FOR_GUEST_PASSWORD_MUST_BE_EMPTY);
} else {
if (isset($_REQUEST['password1']) && $_REQUEST['alias'] != ZBX_GUEST_USER && zbx_empty($_REQUEST['password1'])) {
show_error_message(S_PASSWORD_SHOULD_NOT_BE_EMPTY);
} else {
if (isset($_REQUEST['userid'])) {
$action = AUDIT_ACTION_UPDATE;
DBstart();
$result = update_user($_REQUEST['userid'], $_REQUEST['name'], $_REQUEST['surname'], $_REQUEST['alias'], $_REQUEST['password1'], $_REQUEST['url'], get_request('autologin', 0), get_request('autologout', 0), $_REQUEST['lang'], $_REQUEST['theme'], $_REQUEST['refresh'], $_REQUEST['user_type'], $user_groups, $user_medias);
$result = DBend($result);
show_messages($result, S_USER_UPDATED, S_CANNOT_UPDATE_USER);
} else {
$action = AUDIT_ACTION_ADD;
DBstart();
$result = add_user($_REQUEST['name'], $_REQUEST['surname'], $_REQUEST['alias'], $_REQUEST['password1'], $_REQUEST['url'], get_request('autologin', 0), get_request('autologout', 0), $_REQUEST['lang'], $_REQUEST['theme'], $_REQUEST['refresh'], $_REQUEST['user_type'], $user_groups, $user_medias);
$result = DBend($result);
show_messages($result, S_USER_ADDED, S_CANNOT_ADD_USER);
}
if ($result) {
add_audit($action, AUDIT_RESOURCE_USER, 'User alias [' . $_REQUEST['alias'] . '] name [' . $_REQUEST['name'] . '] surname [' . $_REQUEST['surname'] . ']');
unset($_REQUEST['form']);
}
}
}
/**
* Allows creation of topics, stuck or closed, and posts
* @global array
* @global array
* @param string $topic post subject
* @param string $content post content
* @param integer $reply id of topic we are replying to
* @param boolean $sticky are we sticking it to the top?
* @param boolean $closed are we closing it?
* @return string|int
*/
function post($topic, $content, $reply = false, $sticky = false, $closed = false)
{
global $config, $user_data;
// The time. milliseconds / seconds may change.
$time = time();
// Its new right now.
$new = true;
// Pre-Parse
$topic = clean_input(strip_repeat($topic));
$content = htmlentities($content);
$content = field_clean(stripslashes($content), true);
if ($_SESSION['logged_in']) {
if (!$reply) {
if ($topic == "") {
return lang_parse('error_no_given', array(lang('subject')));
}
} else {
if ($topic == "") {
$topic = "re:";
}
}
if (!alpha($topic, 'alpha-extra')) {
return lang_parse('error_invalid_chars', array(lang('subject')));
}
if (is_string(length($content, $config['message_minimum_length'], $config['message_max_length']))) {
return lang_parse('error_subject_length', array($config['subject_max_length'], $config['subject_minimum_length']));
}
if ($content != "") {
if (!is_string(length($content, $config['message_minimum_length'], $config['message_max_length']))) {
// Are we replying or is it new?
if ($reply) {
if (is_numeric($reply)) {
if (topic($reply, 'id')) {
$new = false;
// topic data
$topic_data = topic($reply, '*');
// is it closed?
if ($topic_data['closed'] && !$user_data['admin']) {
return lang('error_topic_closed');
}
} else {
return lang('error_topic_missing');
}
} else {
return lang_parse('error_invalid_given', array(lang('topic') . " " . lang('id')));
}
}
// Sticky
$sticky = $sticky ? '1' : '0';
// Closed
$closed = $closed ? '1' : '0';
// Parsing
$content = htmlentities($content);
// Time Lapse
if (!$user_data['admin']) {
if (!$new) {
$time_between = time() - $config['post_reply_time_limit'];
} else {
$time_between = time() - $config['post_topic_time_limit'];
}
// Last post by this user?
$query = "SELECT `time` FROM `forum` WHERE `starter_id` = '{$user_data['id']}' AND `time` > {$time_between}";
// Fetch users last post
$result = mysql_query($query);
// is there a result?
if (mysql_num_rows($result) > 0) {
return lang('error_flood_detection');
}
}
// So we don't have leftovers.
unset($query, $result);
// Guess we can go ahead and add you~
$query = "INSERT INTO `forum` (`subject`,`message`,`reply`,`starter_id`,`host`,`time`,`updated`,`sticky`,`closed`) VALUES ('%s','%s',%d,%d,'%s','%s','%s','%s','%s')";
$query = sprintf($query, mysql_clean($topic), mysql_clean($content), $new ? 0 : $reply, $user_data['id'], mysql_clean(gethostname()), $time, $time, $sticky, $closed);
// Insert into mysql and retrieve id.
$result = mysql_query($query);
echo mysql_error();
if ($result) {
// the id from the previous query
$id = mysql_insert_id();
// users new post count
$new_post_count = $user_data['posts'] + 1;
// update user post count
update_user($user_data['id'], false, 'posts', $new_post_count);
// Start sending back information
if ($new) {
return $id;
} else {
// How many replies?
$replies = intval(get_replies($reply));
// Lets update it
$replies = $replies + 1;
// Woooo~ Last id for redirecting~
$page_numbers = $replies / 20 - 1;
$n = ceil($page_numbers);
if ($n == -1) {
$n = 0;
} else {
$n = abs($n);
}
// Update
$query = "UPDATE `forum` SET `updated`='{$time}', `replies`='{$replies}' WHERE id = '{$reply}'";
// Update
$result = mysql_query($query);
// Return last page number for redirect!
return $n;
}
} else {
return lang('error_unknown');
}
} else {
return lang_parse('error_message_length', array($config['message_max_length'], $config['message_minimum_length']));
}
} else {
return lang_parse('error_no_given', array(lang('message')));
}
} else {
return lang('error_not_logged');
}
}
if ($_username && $_username == $item['username']) {
$user_status = 3;
}
if ($user_status == 3 && $item['username']) {
$member = userinfo($item['username']);
}
$contact = strip_nr(ob_template('contact', 'chip'), true);
echo 'Inner("contact", \'' . $contact . '\');';
echo 'Inner("hits", \'' . $item['hits'] . '\');';
$update = '';
if ($item['totime'] && $item['totime'] < $DT_TIME && $item['status'] == 3) {
$update .= ",status=4";
}
if ($member) {
unset($item['areaid']);
$update_user = update_user($member, $item);
if ($update_user) {
$db->query("UPDATE {$table} SET " . substr($update_user, 1) . " WHERE username='******'");
}
}
include DT_ROOT . '/include/update.inc.php';
if ($MOD['show_html'] && $task_item && $DT_TIME - @filemtime(DT_ROOT . '/' . $MOD['moduledir'] . '/' . $item['linkurl']) > $task_item) {
tohtml('show', $module);
}
} else {
if ($html == 'list') {
$catid or exit;
if ($MOD['list_html'] && $task_list && $CAT) {
$num = 1;
$totalpage = max(ceil($CAT['item'] / $MOD['pagesize']), 1);
$demo = DT_ROOT . '/' . $MOD['moduledir'] . '/' . listurl($CAT, '{DEMO}');
<?php
$id = generate_id();
$now = time();
$expires = $now + intval($_POST['ttl']);
$attachment = empty($_POST['attachment']) ? null : $_POST['attachment'];
$grid->db->insert('message', array('id' => $id, 'user_id' => $grid->user->id, 'content' => $params['content'], 'parent_id' => 0, 'server_id' => $grid->meta['server_id'], 'file_id' => $attachment, 'expires' => $expires, 'created' => $now, 'updated' => $now));
blink_leds($params['content']);
update_user();
if (!empty($attachment)) {
attach_file($id, $attachment);
}
$container = get_container();
$url = empty($container) ? GRID_URL . 'forum' : GRID_URL . "c/{$container->id}";
if (!empty($container)) {
$grid->db->update('message', array('parent_id' => "c/{$container->id}"), $id);
$grid->db->update('container', array('updated' => $now), $container->id);
}
$this->redirect($url);
exit;
<div class="page-header">
<h3>Update User Profile <small>Control Panel</small></h3>
<div id="crumb">
<ol class="breadcrumb">
<li><a href="#">User account</a></li>
<li class="active">Update User Profile</li>
</ol>
</div>
</div>
<?php
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
echo "Details has been updated";
} else {
if (empty($_POST) == false && empty($errors) == true) {
$update_data = array('first_name' => $_POST['first_name'], 'last_name' => $_POST['last_name'], 'email' => $_POST['email'], 'allow_email' => $_POST['allow_email'] == 'on' ? 1 : 0);
update_user($update_data);
header('location:settings.php?success');
exit;
} else {
if (empty($errors) == false) {
echo output_errors($errors);
}
}
?>
<form action="" method="post" class="form-horizontal">
<div class="form-group">
<label for="inputEmail3" class="col-sm-2 control-label">First Name </label>
<div class="col-sm-9">
<input type="text" class="form-control" name="first_name" value="<?php
echo $user_data['first_name'];
}
switch ($op) {
case 'edit':
$user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1;
if (USER_ID == $user_id) {
cpg_die(ERROR, $lang_usermgr_php['err_edit_self'], __FILE__, __LINE__);
}
$cpg_udb->edit_users($user_id);
pageheader($lang_usermgr_php['title']);
edit_user($user_id);
pagefooter();
break;
case 'update':
$user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1;
$cpg_udb->edit_users($user_id);
update_user($user_id);
cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
pageheader($lang_usermgr_php['title']);
list_users();
pagefooter();
break;
case 'new_user':
pageheader($lang_usermgr_php['title']);
edit_user('new_user');
pagefooter();
break;
case 'groups_alb_access':
//show what albums user groups can see
pageheader($lang_usermgr_php['groups_alb_access']);
list_groups_alb_access();
pagefooter();
/**
* Update some users information
* @global object $DB
* @param array|struct $params - need to be define as struct for XMLRPC
* @subparam string $params:user->username
* @subparam string $params:user->newusername
* @subparam string $params:user->firstname
* @return boolean result true if success
*/
static function update_users($params)
{
global $DB, $USER;
if (has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM))) {
$updatesuccessfull = true;
foreach ($params as $userparams) {
if (array_key_exists('username', $userparams)) {
$username = clean_param($userparams['username'], PARAM_NOTAGS);
}
$user = $DB->get_record('user', array('username' => $username, 'mnethostid' => 1));
if (empty($user)) {
throw new moodle_exception('wscouldnotupdatenoexistinguser');
}
if (array_key_exists('email', $userparams)) {
$user->email = clean_param($userparams['email'], PARAM_NOTAGS);
}
if (array_key_exists('description', $userparams)) {
$user->description = clean_param($userparams['description'], PARAM_TEXT);
}
if (array_key_exists('newusername', $userparams)) {
$user->username = clean_param($userparams['newusername'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('auth', $userparams)) {
$user->auth = clean_param($userparams['auth'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('confirmed', $userparams)) {
$user->confirmed = clean_param($userparams['confirmed'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('firstname', $userparams)) {
$user->firstname = clean_param($userparams['firstname'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('lastname', $userparams)) {
$user->lastname = clean_param($userparams['lastname'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('emailstop', $userparams)) {
$user->emailstop = clean_param($userparams['emailstop'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('lang', $userparams)) {
$user->lang = clean_param($userparams['lang'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('theme', $userparams)) {
$user->theme = clean_param($userparams['theme'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('timezone', $userparams)) {
$user->timezone = clean_param($userparams['timezone'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('city', $userparams)) {
$user->city = clean_param($userparams['city'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('country', $userparams)) {
$user->country = clean_param($userparams['country'], PARAM_ALPHANUMEXT);
}
if (array_key_exists('mailformat', $userparams)) {
$user->mailformat = clean_param($userparams['mailformat'], PARAM_ALPHANUMEXT);
}
try {
if (!update_user($user)) {
$updatesuccessfull = false;
}
} catch (dml_write_exception $e) {
throw new moodle_exception('wscouldnotupdateuserindb');
}
}
return $updatesuccessfull;
} else {
throw new moodle_exception('wscouldnotupdateusernopermission');
}
}
$errors[] = 'That email address is already in use.';
}
}
}
}
?>
<h1>Settings</h1>
<?php
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
echo 'Your details have been updated.';
} else {
if (empty($_POST) === false && empty($errors) === true) {
$update_data = array('first_name' => $_POST['first_name'], 'last_name' => $_POST['last_name'], 'email' => $_POST['email'], 'allow_email' => $_POST['allow_email'] == 'on' ? 1 : 0);
update_user($session_user_id, $update_data);
echo '<meta HTTP-EQUIV="REFRESH" content="0; url=settings.php?success">';
echo 'Your details have been updated.';
exit;
} else {
if (empty($errors) === false) {
echo output_errors($errors);
}
}
if (isset($_FILES['profile']) === true) {
if (empty($_FILES['profile']['name']) === true) {
echo 'Upload a Profile Picture<br>';
} else {
$allowed = array('jpg', 'jpg', 'gif', 'png');
$file_name = $_FILES['profile']['name'];
//file name
/**
* Add the users to the system. Make sure that they have to change their
* password on next login also.
*/
function uploadcsv_submit(Pieform $form, $values)
{
global $USER, $SESSION, $CSVDATA, $FORMAT, $UPDATES;
$formatkeylookup = array_flip($FORMAT);
$authinstance = (int) $values['authinstance'];
$authrecord = get_record('auth_instance', 'id', $authinstance);
$authobj = AuthFactory::create($authinstance);
$institution = new Institution($authobj->institution);
$maxusers = $institution->maxuseraccounts;
if (!empty($maxusers)) {
$members = count_records_sql('
SELECT COUNT(*) FROM {usr} u INNER JOIN {usr_institution} i ON u.id = i.usr
WHERE i.institution = ? AND u.deleted = 0', array($institution->name));
if ($members + count($CSVDATA) > $maxusers) {
$SESSION->add_error_msg(get_string('uploadcsvfailedusersexceedmaxallowed', 'admin'));
redirect('/admin/users/uploadcsv.php');
}
}
if ($values['updateusers']) {
log_info('Updating users from the CSV file');
} else {
log_info('Inserting users from the CSV file');
}
db_begin();
$addedusers = array();
$cfgsendemail = get_config('sendemail');
if (empty($values['emailusers'])) {
// Temporarily disable email sent during user creation, e.g. institution membership
$GLOBALS['CFG']->sendemail = false;
}
$key = 0;
$steps_total = $values['updateusers'] ? 5 : 4;
$steps_done = $steps_total - 3;
$num_lines = sizeof($CSVDATA);
foreach ($CSVDATA as $record) {
if (!($key % 25)) {
// This part has three times the weight of the other two steps.
set_progress_info('uploaduserscsv', $num_lines * $steps_done + $key * 3, $num_lines * $steps_total, get_string('committingchanges', 'admin'));
}
$key++;
$user = new StdClass();
foreach ($FORMAT as $field) {
if ($field == 'username' || $field == 'firstname' || $field == 'lastname' || $field == 'password' || $field == 'email' || $field == 'studentid' || $field == 'preferredname') {
$user->{$field} = $record[$formatkeylookup[$field]];
}
}
$user->authinstance = $authinstance;
if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) {
$user->quota = $values['quota'];
}
$profilefields = new StdClass();
$remoteuser = null;
foreach ($FORMAT as $field) {
if ($field == 'username' || $field == 'password') {
continue;
}
if ($field == 'remoteuser') {
if (!empty($record[$formatkeylookup[$field]])) {
$remoteuser = $record[$formatkeylookup[$field]];
}
continue;
}
$profilefields->{$field} = $record[$formatkeylookup[$field]];
}
if (!$values['updateusers'] || !isset($UPDATES[$user->username])) {
$user->passwordchange = (int) $values['forcepasswordchange'];
$user->id = create_user($user, $profilefields, $institution, $authrecord, $remoteuser, $values, true);
$addedusers[] = $user;
log_debug('added user ' . $user->username);
} else {
if (isset($UPDATES[$user->username])) {
$updated = update_user($user, $profilefields, $remoteuser, $values, true, true);
if (empty($updated)) {
// Nothing changed for this user
unset($UPDATES[$user->username]);
} else {
$UPDATES[$user->username] = $updated;
log_debug('updated user ' . $user->username . ' (' . implode(', ', array_keys($updated)) . ')');
}
}
}
set_time_limit(10);
}
db_commit();
// Reenable email
set_config('sendemail', $cfgsendemail);
// Only send e-mail to users after we're sure they have been inserted
// successfully
$straccountcreatedtext = $values['forcepasswordchange'] ? 'accountcreatedchangepasswordtext' : 'accountcreatedtext';
$straccountcreatedhtml = $values['forcepasswordchange'] ? 'accountcreatedchangepasswordhtml' : 'accountcreatedhtml';
if ($values['emailusers'] && $addedusers) {
foreach ($addedusers as $user) {
$failedusers = array();
try {
email_user($user, null, get_string('accountcreated', 'mahara', get_config('sitename')), get_string($straccountcreatedtext, 'mahara', $user->firstname, get_config('sitename'), $user->username, $user->password, get_config('wwwroot'), get_config('sitename')), get_string($straccountcreatedhtml, 'mahara', $user->firstname, get_config('wwwroot'), get_config('sitename'), $user->username, $user->password, get_config('wwwroot'), get_config('wwwroot'), get_config('sitename')));
} catch (EmailException $e) {
log_info($e->getMessage());
$failedusers[] = $user;
}
}
if ($failedusers) {
$message = get_string('uploadcsvsomeuserscouldnotbeemailed', 'admin') . "\n<ul>\n";
foreach ($failedusers as $user) {
$message .= '<li>' . full_name($user) . ' <' . hsc($user->email) . "></li>\n";
}
$message .= "</ul>\n";
$SESSION->add_info_msg($message, false);
}
}
log_info('Added ' . count($addedusers) . ' users, updated ' . count($UPDATES) . ' users.');
$SESSION->add_ok_msg(get_string('csvfileprocessedsuccessfully', 'admin'));
if ($UPDATES) {
$updatemsg = smarty_core();
$updatemsg->assign('added', count($addedusers));
$updatemsg->assign('updates', $UPDATES);
$SESSION->add_info_msg($updatemsg->fetch('admin/users/csvupdatemessage.tpl'), false);
} else {
$SESSION->add_ok_msg(get_string('numbernewusersadded', 'admin', count($addedusers)));
}
set_progress_done('uploaduserscsv');
redirect('/admin/users/uploadcsv.php');
}
