/** * Adds a new member * * @static */ function create($name, $realname, $password, $email, $url, $admin, $canlogin, $notes) { if (!isValidMailAddress($email)) { return _ERROR_BADMAILADDRESS; } if (!isValidDisplayName($name)) { return _ERROR_BADNAME; } if (MEMBER::exists($name)) { return _ERROR_NICKNAMEINUSE; } if (!$realname) { return _ERROR_REALNAMEMISSING; } if (!$password) { return _ERROR_PASSWORDMISSING; } # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 # original eregi: !eregi("^https?://", $url) // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it. if (!preg_match('#^https?://#', $url)) { $url = 'http://' . $url; } // end if $name = sql_real_escape_string($name); $realname = sql_real_escape_string($realname); $password = sql_real_escape_string(md5($password)); $email = sql_real_escape_string($email); $url = sql_real_escape_string($url); $admin = intval($admin); $canlogin = intval($canlogin); $notes = sql_real_escape_string($notes); if ($admin && !$canlogin) { return _ERROR; } $query = 'INSERT INTO ' . sql_table('member') . " (MNAME,MREALNAME,MPASSWORD,MEMAIL,MURL, MADMIN, MCANLOGIN, MNOTES) " . "VALUES ('{$name}','{$realname}','{$password}','{$email}','{$url}',{$admin}, {$canlogin}, '{$notes}')"; sql_query($query); ACTIONLOG::add(INFO, _ACTIONLOG_NEWMEMBER . ' ' . $name); return 1; }
/** * @todo document this */ function action_changemembersettings() { global $member, $CONF, $manager; $memberid = intRequestVar('memberid'); // check if allowed $member->getID() == $memberid or $member->isAdmin() or $this->disallow(); $name = trim(strip_tags(postVar('name'))); $realname = trim(strip_tags(postVar('realname'))); $password = postVar('password'); $repeatpassword = postVar('repeatpassword'); $email = strip_tags(postVar('email')); $url = strip_tags(postVar('url')); # replaced eregi() below with preg_match(). ereg* functions are deprecated in PHP 5.3.0 # original eregi: !eregi("^https?://", $url) // begin if: sometimes user didn't prefix the URL with http:// or https://, this cause a malformed URL. Let's fix it. if (!preg_match('#^https?://#', $url)) { $url = 'http://' . $url; } $admin = postVar('admin'); $canlogin = postVar('canlogin'); $notes = strip_tags(postVar('notes')); $deflang = postVar('deflang'); $mem = MEMBER::createFromID($memberid); if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { if (!isValidDisplayName($name)) { $this->error(_ERROR_BADNAME); } if ($name != $mem->getDisplayName() && MEMBER::exists($name)) { $this->error(_ERROR_NICKNAMEINUSE); } if ($password != $repeatpassword) { $this->error(_ERROR_PASSWORDMISMATCH); } if ($password && strlen($password) < 6) { $this->error(_ERROR_PASSWORDTOOSHORT); } if ($password) { $pwdvalid = true; $pwderror = ''; $manager->notify('PrePasswordSet', array('password' => $password, 'errormessage' => &$pwderror, 'valid' => &$pwdvalid)); if (!$pwdvalid) { $this->error($pwderror); } } } if (!isValidMailAddress($email)) { $this->error(_ERROR_BADMAILADDRESS); } if (!$realname) { $this->error(_ERROR_REALNAMEMISSING); } if ($deflang != '' && !checkLanguage($deflang)) { $this->error(_ERROR_NOSUCHLANGUAGE); } // check if there will remain at least one site member with both the logon and admin rights // (check occurs when taking away one of these rights from such a member) if (!$admin && $mem->isAdmin() && $mem->canLogin() || !$canlogin && $mem->isAdmin() && $mem->canLogin()) { $r = sql_query('SELECT * FROM ' . sql_table('member') . ' WHERE madmin=1 and mcanlogin=1'); if (sql_num_rows($r) < 2) { $this->error(_ERROR_ATLEASTONEADMIN); } } if ($CONF['AllowLoginEdit'] || $member->isAdmin()) { $mem->setDisplayName($name); if ($password) { $mem->setPassword($password); } } $oldEmail = $mem->getEmail(); $mem->setRealName($realname); $mem->setEmail($email); $mem->setURL($url); $mem->setNotes($notes); $mem->setLanguage($deflang); // only allow super-admins to make changes to the admin status if ($member->isAdmin()) { $mem->setAdmin($admin); $mem->setCanLogin($canlogin); } $autosave = postVar('autosave'); $mem->setAutosave($autosave); $mem->write(); // store plugin options $aOptions = requestArray('plugoption'); NucleusPlugin::_applyPluginOptions($aOptions); $manager->notify('PostPluginOptionsUpdate', array('context' => 'member', 'memberid' => $memberid, 'member' => &$mem)); // if email changed, generate new password if ($oldEmail != $mem->getEmail()) { $mem->sendActivationLink('addresschange', $oldEmail); // logout member $mem->newCookieKey(); // only log out if the member being edited is the current member. if ($member->getID() == $memberid) { $member->logout(); } $this->action_login(_MSG_ACTIVATION_SENT, 0); return; } if ($mem->getID() == $member->getID() && $mem->getDisplayName() != $member->getDisplayName()) { $mem->newCookieKey(); $member->logout(); $this->action_login(_MSG_LOGINAGAIN, 0); } else { $this->action_overview(_MSG_SETTINGSCHANGED); } }