/**
* Update User Password
* Updates the users password for current hash algorithm and stretch site settings.
* If not password is specified, a random password will be generated.
*
* @param string $password Password to encrypt
* @param int $uid User id to update
* @return int 0 for success, non-zero indicates error.
*/
function SEC_updateUserPassword(&$password = '', $uid = '')
{
global $_TABLES, $_CONF, $_USER;
// if no password is specified, generate a random one
if (empty($password)) {
$password = SEC_generateRandomPassword();
}
// if $uid is empty, assume current user
if (empty($uid)) {
$uid = $_USER['uid'];
}
// validate $uid nonempty and valid user (anonymous, uid = 1, not valid)
if (empty($uid) || $uid < 1) {
return -1;
}
// update the database with the new password using algorithm and stretch from $_CONF
$salt = SEC_generateSalt();
$newhash = SEC_encryptPassword($password, $salt, $_CONF['pass_alg'], $_CONF['pass_stretch']);
$query = 'UPDATE ' . $_TABLES['users'] . " SET passwd = '{$newhash}', " . "salt = '{$salt}', algorithm ='" . $_CONF['pass_alg'] . "', " . 'stretch = ' . $_CONF['pass_stretch'] . " WHERE uid = {$uid}";
DB_query($query);
// return success
return 0;
}
/**
* Create a new user
* Also calls the custom user registration (if enabled) and plugin functions.
* NOTE: Does NOT send out password emails.
*
* @param string $username username (mandatory)
* @param string $email user's email address (mandatory)
* @param string $passwd password (optional, see above)
* @param string $fullname user's full name (optional)
* @param string $homepage user's home page (optional)
* @param string $remoteUserName
* @param string $service
* @param boolean $batchImport set to true when called from importuser() in admin/users.php (optional)
* @return int new user's ID
*/
function USER_createAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteUserName = '', $service = '', $batchImport = false)
{
global $_CONF, $_TABLES;
$queueUser = false;
$username = DB_escapeString($username);
$email = DB_escapeString($email);
$regdate = strftime('%Y-%m-%d %H:%M:%S', time());
$fields = 'username,email,regdate,cookietimeout';
$values = "'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'";
if (!empty($passwd)) {
// Since no uid exists yet we can't use SEC_updateUserPassword and must handle things manually
$salt = SEC_generateSalt();
$passwd = SEC_encryptPassword($passwd, $salt, $_CONF['pass_alg'], $_CONF['pass_stretch']);
$fields .= ',passwd,salt,algorithm,stretch';
$values .= ",'{$passwd}','{$salt}','" . $_CONF['pass_alg'] . "','" . $_CONF['pass_stretch'] . "'";
}
if (!empty($fullname)) {
$fullname = DB_escapeString($fullname);
$fields .= ',fullname';
$values .= ",'{$fullname}'";
}
if (!empty($homepage)) {
$homepage = DB_escapeString($homepage);
$fields .= ',homepage';
$values .= ",'{$homepage}'";
}
if ($_CONF['usersubmission'] == 1 && !SEC_hasRights('user.edit')) {
$queueUser = true;
if (!empty($_CONF['allow_domains'])) {
if (USER_emailMatches($email, $_CONF['allow_domains'])) {
$queueUser = false;
}
}
if ($queueUser) {
$fields .= ',status';
$values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL;
}
} else {
if (!empty($remoteUserName)) {
$fields .= ',remoteusername';
$values .= ",'{$remoteUserName}'";
}
if (!empty($service)) {
$fields .= ',remoteservice';
$values .= ",'{$service}'";
}
}
DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})");
// Get the uid of the user, possibly given a service:
if ($remoteUserName != '') {
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$service}'");
} else {
$uid = DB_getItem($_TABLES['users'], 'uid', "username = '******' AND remoteservice IS NULL");
}
// Add user to Logged-in group (i.e. members) and the All Users group
$normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'");
$all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$normal_grp}, {$uid})");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$all_grp}, {$uid})");
// any default groups?
$result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_default = 1");
$num_groups = DB_numRows($result);
for ($i = 0; $i < $num_groups; $i++) {
list($def_grp) = DB_fetchArray($result);
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$def_grp}, {$uid})");
}
DB_query("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ({$uid})");
if ($_CONF['emailstoriesperdefault'] == 1) {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')");
} else {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')");
}
DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentorder,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_order']}','{$_CONF['comment_limit']}')");
DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})");
// call custom registration function and plugins
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) {
CUSTOM_userCreate($uid, $batchImport);
}
PLG_createUser($uid);
// Notify the admin?
if (isset($_CONF['notification']) && in_array('user', $_CONF['notification'])) {
$mode = $queueUser ? 'inactive' : 'active';
$username = COM_getDisplayName($uid, $username, $fullname, $remoteUserName, $service);
USER_sendNotification($username, $email, $uid, $mode);
}
return $uid;
}
