/**
* Add passwords for OAuth and OpenID users
*
*/
function update_UsersFor180()
{
global $_CONF, $_TABLES;
require_once $_CONF['path_system'] . 'lib-security.php';
$passwords = array();
$sql = "SELECT uid FROM {$_TABLES['users']} WHERE (remoteservice IS NOT NULL OR remoteservice != '') AND passwd = ''";
$result = DB_query($sql);
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
/* Formerlly USER_changePassword */
$passwd['normal'] = rand();
$passwd['normal'] = md5($passwd['normal']);
$passwd['normal'] = substr($passwd['normal'], 1, 8);
$passwd['encrypted'] = SEC_encryptPassword($passwd['normal'], '', HashFunction::md5, 1);
/* use default md5 only */
if ($A['uid'] > 1) {
DB_change($_TABLES['users'], 'passwd', $passwd['encrypted'], 'uid', $A['uid']);
}
}
}
/**
* Check to see if we can authenticate this user with a remote server
*
* A user has not managed to login localy, but has an @ in their user
* name and we have enabled distributed authentication. Firstly, try to
* see if we have cached the module that we used to authenticate them
* when they signed up (i.e. they've actualy changed their password
* elsewhere and we need to synch.) If not, then try to authenticate
* them with /every/ authentication module. If this suceeds, create
* a user for them.
*
* @param string $loginname Their username
* @param string $passwd The password entered
* @param string $server The server portion of $username
* @param string $uid OUTPUT parameter, pass it by ref to get uid back.
* @return int user status, -1 for fail.
*/
function SEC_remoteAuthentication(&$loginname, $passwd, $service, &$uid)
{
global $_CONF, $_TABLES;
/* First try a local cached login */
$remoteusername = DB_escapeString($loginname);
$remoteservice = DB_escapeString($service);
$result = DB_query("SELECT passwd, status, uid FROM {$_TABLES['users']} WHERE remoteusername='******' AND remoteservice='{$remoteservice}'");
$tmp = DB_error();
$nrows = DB_numRows($result);
if ($tmp == 0 && $nrows == 1) {
$U = DB_fetchArray($result);
$uid = $U['uid'];
$mypass = $U['passwd'];
// also used to see if the user existed later.
if ($mypass == SEC_encryptPassword($passwd)) {
/* Valid password for cached user, return status */
return $U['status'];
}
}
$service = COM_sanitizeFilename($service);
$servicefile = $_CONF['path_system'] . 'classes/authentication/' . $service . '.auth.class.php';
if (file_exists($servicefile)) {
require_once $servicefile;
$authmodule = new $service();
if ($authmodule->authenticate($loginname, $passwd)) {
/* check to see if they have logged in before: */
if (empty($mypass)) {
// no such user, create them
// Check to see if their remoteusername is unique locally
$checkName = DB_getItem($_TABLES['users'], 'username', "username='******'");
if (!empty($checkName)) {
// no, call custom function.
if (function_exists('CUSTOM_uniqueRemoteUsername')) {
$loginname = CUSTOM_uniqueRemoteUsername($loginname, $service);
}
}
USER_createAccount($loginname, $authmodule->email, SEC_encryptPassword($passwd), $authmodule->fullname, $authmodule->homepage, $remoteusername, $remoteservice);
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$remoteservice}'");
// Store full remote account name:
DB_query("UPDATE {$_TABLES['users']} SET remoteusername='******', remoteservice='{$remoteservice}', status=3 WHERE uid={$uid}");
// Add to remote users:
$remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Remote Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ('{$remote_grp}', {$uid})");
return 3;
// Remote auth precludes usersubmission,
// and integrates user activation, see?
} else {
// user existed, update local password:
DB_change($_TABLES['users'], 'passwd', DB_escapeString(SEC_encryptPassword($passwd)), array('remoteusername', 'remoteservice'), array(DB_escapeString($remoteusername), DB_escapeString($remoteservice)));
// and return their status
return DB_getItem($_TABLES['users'], 'status', "remoteusername='******' AND remoteservice='{$remoteservice}'");
}
} else {
return -1;
}
} else {
return -1;
}
}
/**
* Create a new password and send it to the user
*
* @param string $username user's login name
* @param string $useremail user's email address
* @return boolean true = success, false = an error occured
*
*/
function USER_createAndSendPassword($username, $useremail, $uid)
{
global $_CONF, $_TABLES, $LANG04;
$passwd = rand();
$passwd = md5($passwd);
$passwd = substr($passwd, 1, 8);
$passwd2 = SEC_encryptPassword($passwd);
DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid);
if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) {
$template = new Template($_CONF['path_data']);
$template->set_file(array('mail' => 'welcome_email.txt'));
$template->set_var('xhtml', XHTML);
$template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}");
$template->set_var('site_url', $_CONF['site_url']);
$template->set_var('site_name', $_CONF['site_name']);
$template->set_var('site_slogan', $_CONF['site_slogan']);
$template->set_var('lang_text1', $LANG04[15]);
$template->set_var('lang_text2', $LANG04[14]);
$template->set_var('lang_username', $LANG04[2]);
$template->set_var('lang_password', $LANG04[4]);
$template->set_var('username', $username);
$template->set_var('password', $passwd);
$template->set_var('name', COM_getDisplayName($uid));
$template->parse('output', 'mail');
$mailtext = $template->get_var('output');
} else {
$mailtext = $LANG04[15] . "\n\n";
$mailtext .= $LANG04[2] . ": {$username}\n";
$mailtext .= $LANG04[4] . ": {$passwd}\n\n";
$mailtext .= $LANG04[14] . "\n\n";
$mailtext .= $_CONF['site_name'] . "\n";
$mailtext .= $_CONF['site_url'] . "\n";
}
$subject = $_CONF['site_name'] . ': ' . $LANG04[16];
if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) {
$mailfrom = $_CONF['noreply_mail'];
$mailtext .= LB . LB . $LANG04[159];
} else {
$mailfrom = $_CONF['site_mail'];
}
return COM_mail($useremail, $subject, $mailtext, $mailfrom);
}
/**
* Saves user to the database
*
* @param int $uid user id
* @return string HTML redirect or error message
*
*/
function USER_save($uid)
{
global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
$retval = '';
$userChanged = false;
if ($_USER_VERBOSE) {
COM_errorLog("**** entering USER_save()****", 1);
}
if ($_USER_VERBOSE) {
COM_errorLog("group size at beginning = " . sizeof($groups), 1);
}
$uid = COM_applyFilter($_POST['uid'], true);
if ($uid == 0) {
$uid = '';
}
$regdate = COM_applyFilter($_POST['regdate'], true);
$username = trim($_POST['new_username']);
$fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80);
$userstatus = COM_applyFilter($_POST['userstatus'], true);
$oldstatus = COM_applyFilter($_POST['oldstatus'], true);
$passwd = isset($_POST['newp']) ? trim($_POST['newp']) : '';
$passwd_conf = isset($_POST['newp_conf']) ? trim($_POST['newp_conf']) : '';
$cooktime = COM_applyFilter($_POST['cooktime'], true);
$email = trim($_POST['email']);
$email_conf = trim($_POST['email_conf']);
$groups = $_POST['groups'];
$homepage = trim($_POST['homepage']);
$location = strip_tags(trim($_POST['location']));
$photo = isset($_POST['photo']) ? $_POST['photo'] : '';
$delete_photo = isset($_POST['delete_photo']) && $_POST['delete_photo'] == 'on' ? 1 : 0;
$sig = trim($_POST['sig']);
$about = trim($_POST['about']);
$pgpkey = trim($_POST['pgpkey']);
$language = isset($_POST['language']) ? trim(COM_applyFilter($_POST['language'])) : '';
$theme = isset($_POST['theme']) ? trim(COM_applyFilter($_POST['theme'])) : '';
$maxstories = COM_applyFilter($_POST['maxstories'], true);
$tzid = COM_applyFilter($_POST['tzid']);
$dfid = COM_applyFilter($_POST['dfid'], true);
$search_fmt = COM_applyFilter($_POST['search_result_format']);
$commentmode = COM_applyFilter($_POST['commentmode']);
$commentorder = isset($_POST['commentorder']) && $_POST['commentorder'] == 'DESC' ? 'DESC' : 'ASC';
$commentlimit = COM_applyFilter($_POST['commentlimit'], true);
$emailfromuser = isset($_POST['emailfromuser']) && $_POST['emailfromuser'] == 'on' ? 1 : 0;
$emailfromadmin = isset($_POST['emailfromadmin']) && $_POST['emailfromadmin'] == 'on' ? 1 : 0;
$noicons = isset($_POST['noicons']) && $_POST['noicons'] == 'on' ? 1 : 0;
$noboxes = isset($_POST['noboxes']) && $_POST['noboxes'] == 'on' ? 1 : 0;
$showonline = isset($_POST['showonline']) && $_POST['showonline'] == 'on' ? 1 : 0;
$topic_order = isset($_POST['topic_order']) && $_POST['topic_order'] == 'ASC' ? 'ASC' : 'DESC';
$maxstories = COM_applyFilter($_POST['maxstories'], true);
$newuser = COM_applyFilter($_POST['newuser'], true);
$remoteuser = isset($_POST['remoteuser']) && $_POST['remoteuser'] == 'on' ? 1 : 0;
$remoteusername = isset($_POST['remoteusername']) ? strip_tags(trim($_POST['remoteusername'])) : '';
$remoteservice = isset($_POST['remoteservice']) ? COM_applyFilter($_POST['remoteservice']) : '';
$social_services = SOC_followMeProfile($uid);
foreach ($social_services as $service) {
$service_input = $service['service'] . '_username';
$_POST[$service_input] = strip_tags($_POST[$service_input]);
}
if ($uid == 1) {
return USER_list();
}
if ($uid == '' || $uid < 2 || $newuser == 1) {
if (empty($passwd) && $remoteuser == 0) {
return USER_edit($uid, 504);
}
if (empty($email)) {
return USER_edit($uid, 505);
}
}
if ($username == '') {
return USER_edit($uid, 506);
}
if (!USER_validateUsername($username)) {
return USER_edit($uid, 512);
}
if ($email == '') {
return USER_edit($uid, 507);
}
if ($passwd != $passwd_conf && $remoteuser == 0) {
// passwords don't match
return USER_edit($uid, 67);
}
if ($email != $email_conf) {
return USER_edit($uid, 508);
}
// remote user checks
if ($remoteuser == 1) {
if ($remoteusername == '') {
return USER_edit($uid, 513);
}
if ($remoteservice == '') {
return USER_edit($uid, 514);
}
}
$validEmail = true;
if (empty($username)) {
$validEmail = false;
} elseif (empty($email)) {
if (empty($uid)) {
$validEmail = false;
} else {
$ws_user = DB_getItem($_TABLES['users'], 'remoteservice', "uid = " . intval($uid));
if (empty($ws_user)) {
$validEmail = false;
}
}
}
if ($validEmail) {
if (!empty($email) && !COM_isEmail($email)) {
return USER_edit($uid, 52);
}
$uname = DB_escapeString($username);
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
} else {
$uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
if ($uservice != '') {
$uservice = DB_escapeString($uservice);
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
}
}
if ($ucount > 0) {
// Admin just changed a user's username to one that already exists
return USER_edit($uid, 51);
}
$emailaddr = DB_escapeString($email);
$exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
} else {
$old_email = DB_getItem($_TABLES['users'], 'email', "uid = {$uid}");
if ($old_email == $email) {
// email address didn't change so don't care
$ucount = 0;
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
}
}
if ($ucount > 0) {
// Admin just changed a user's email to one that already exists
return USER_edit($uid, 56);
}
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($username, $email);
if (!empty($ret)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 97;
}
return USER_edit($uid, $ret['number']);
}
}
// Let plugins have a chance to decide what to do before saving the user, return errors.
$msg = PLG_itemPreSave('useredit', $username);
if (!empty($msg)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($msg)) {
$msg = 97;
}
return USER_edit($uid, $msg);
}
if (empty($uid) || !empty($passwd)) {
$passwd2 = SEC_encryptPassword($passwd);
} else {
$passwd2 = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}");
}
// do we need to create the user?
if (empty($uid)) {
if (empty($passwd)) {
// no password? create one ...
$passwd = USER_createPassword(8);
$passwd2 = SEC_encryptPassword($passwd);
}
if ($remoteuser == 1) {
$uid = USER_createAccount($username, $email, '', $fullname, '', $remoteusername, $remoteservice, 1);
} else {
$uid = USER_createAccount($username, $email, $passwd2, $fullname, $homepage, '', '', 1);
}
if ($uid > 1) {
DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
}
if (isset($_POST['emailuser'])) {
USER_createAndSendPassword($username, $email, $uid, $passwd);
}
if ($uid < 2) {
return USER_edit('', 509);
}
$newuser = 1;
}
// at this point, we have a valid user...
// Filter some of the text entry fields to ensure they don't cause problems...
$fullname = strip_tags($fullname);
$about = strip_tags($about);
$pgpkey = strip_tags($pgpkey);
$curphoto = USER_handlePhotoUpload($uid, $delete_photo);
if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
$curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
if ($curusername != $username) {
// user has been renamed - rename the photo, too
$newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG28[22]);
$display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
$curphoto = $newphoto;
}
}
// update users table
$sql = "UPDATE {$_TABLES['users']} SET " . "username = '******'," . "fullname = '" . DB_escapeString($fullname) . "'," . "passwd = '" . DB_escapeString($passwd2) . "'," . "email = '" . DB_escapeString($email) . "'," . "homepage = '" . DB_escapeString($homepage) . "'," . "sig = '" . DB_escapeString($sig) . "'," . "photo = '" . DB_escapeString($curphoto) . "'," . "cookietimeout = {$cooktime}," . "theme = '" . DB_escapeString($theme) . "'," . "language = '" . DB_escapeString($language) . "'," . "status = {$userstatus} WHERE uid = {$uid};";
DB_query($sql);
// update userprefs
$sql = "UPDATE {$_TABLES['userprefs']} SET " . "noicons = {$noicons}," . "dfid = {$dfid}," . "tzid = '" . DB_escapeString($tzid) . "'," . "emailstories = 0," . "emailfromadmin = {$emailfromadmin}," . "emailfromuser = {$emailfromuser}," . "showonline = {$showonline}," . "search_result_format = '" . DB_escapeString($search_fmt) . "' WHERE uid={$uid};";
DB_query($sql);
// userinfo table
$sql = "UPDATE {$_TABLES['userinfo']} SET " . "about = '" . DB_escapeString($about) . "'," . "location = '" . DB_escapeString($location) . "'," . "pgpkey = '" . DB_escapeString($pgpkey) . "' WHERE uid={$uid};";
DB_query($sql);
// userindex table
$TIDS = @array_values($_POST['topics']);
$AIDS = @array_values($_POST['selauthors']);
$BOXES = @array_values($_POST['blocks']);
$ETIDS = @array_values($_POST['dgtopics']);
$allowed_etids = USER_buildTopicList();
$AETIDS = explode(' ', $allowed_etids);
$tids = '';
if (sizeof($TIDS) > 0) {
$tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS)));
}
$aids = '';
if (sizeof($AIDS) > 0) {
foreach ($AIDS as $key => $val) {
$AIDS[$key] = intval($val);
}
$aids = DB_escapeString(implode(' ', $AIDS));
}
$selectedblocks = '';
$selectedBoxes = array();
if (count($BOXES) > 0) {
foreach ($BOXES as $key => $val) {
$BOXES[$key] = intval($val);
}
$boxes = DB_escapeString(implode(',', $BOXES));
$blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})");
$numRows = DB_numRows($blockresult);
for ($x = 1; $x <= $numRows; $x++) {
$row = DB_fetchArray($blockresult);
if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') {
$selectedblocks .= $row['bid'];
if ($x != $numRows) {
$selectedblocks .= ' ';
}
}
}
}
$etids = '-';
if (sizeof($ETIDS) > 0) {
$etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS)));
} else {
$etids = '-';
}
DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$uid},'{$tids}','{$aids}','{$selectedblocks}',{$noboxes},{$maxstories},'{$etids}'");
// usercomment
DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$uid},'{$commentmode}','{$commentorder}'," . intval($commentlimit));
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($uid);
}
if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && ($userstatus == USER_ACCOUNT_ACTIVE || $userstatus == USER_ACCOUNT_AWAITING_ACTIVATION || $userstatus == USER_ACCOUNT_AWAITING_VERIFICATION)) {
USER_createAndSendPassword($username, $email, $uid);
}
if ($userstatus == USER_ACCOUNT_DISABLED) {
SESS_endUserSession($uid);
}
$userChanged = true;
// if groups is -1 then this user isn't allowed to change any groups so ignore
if (is_array($groups) && SEC_hasRights('group.edit')) {
if (!SEC_inGroup('Root')) {
$rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
if (in_array($rootgrp, $groups)) {
COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
// make sure the Remote Users group is in $groups
if (SEC_inGroup('Remote Users', $uid)) {
$remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
if (!in_array($remUsers, $groups)) {
$groups[] = $remUsers;
}
}
if ($_USER_VERBOSE) {
COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
}
// remove user from all groups that the User Admin is a member of
$UserAdminGroups = SEC_getUserGroups();
$whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
// make sure to add user to All Users and Logged-in Users groups
$allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
if (!in_array($allUsers, $groups)) {
$groups[] = $allUsers;
}
$logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
if (!in_array($logUsers, $groups)) {
$groups[] = $logUsers;
}
foreach ($groups as $userGroup) {
if (in_array($userGroup, $UserAdminGroups)) {
if ($_USER_VERBOSE) {
COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
DB_query($sql);
}
}
}
// subscriptions
$subscription_deletes = @array_values($_POST['subdelete']);
if (is_array($subscription_deletes)) {
foreach ($subscription_deletes as $subid) {
DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid);
}
}
foreach ($social_services as $service) {
$service_input = $service['service'] . '_username';
$_POST[$service_input] = DB_escapeString($_POST[$service_input]);
if ($_POST[$service_input] != '') {
$sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) ";
$sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');";
DB_query($sql, 1);
} else {
$sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid;
DB_query($sql, 1);
}
}
if ($newuser == 0) {
PLG_profileSave('', $uid);
} else {
PLG_createUser($uid);
}
if ($userChanged) {
PLG_userInfoChanged($uid);
}
CACHE_remove_instance('mbmenu');
$errors = DB_error();
if (empty($errors)) {
echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
} else {
$retval .= COM_siteHeader('menu', $LANG28[22]);
$retval .= COM_errorLog('Error in USER_save() in ' . $_CONF['site_admin_url'] . '/user.php');
$retval .= COM_siteFooter();
echo $retval;
exit;
}
} else {
$retval = COM_siteHeader('menu', $LANG28[1]);
$retval .= COM_errorLog($LANG28[10]);
if (DB_count($_TABLES['users'], 'uid', $uid) > 0) {
$retval .= USER_edit($uid);
} else {
$retval .= USER_edit();
}
$retval .= COM_siteFooter();
echo $retval;
exit;
}
if ($_USER_VERBOSE) {
COM_errorLog("***************leaving USER_save()*****************", 1);
}
return $retval;
}
}
} else {
// this request doesn't make sense - ignore it
$display = COM_refresh($_CONF['site_url']);
}
break;
case 'setnewpwd':
if (empty($_POST['passwd']) or $_POST['passwd'] != $_POST['passwd_conf']) {
$display = COM_refresh($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . $_POST['uid'] . '&rid=' . $_POST['rid']);
} else {
$uid = COM_applyFilter($_POST['uid'], true);
$reqid = COM_applyFilter($_POST['rid']);
if (!empty($uid) && is_numeric($uid) && $uid > 0 && !empty($reqid) && strlen($reqid) == 16) {
$valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $reqid));
if ($valid == 1) {
$passwd = SEC_encryptPassword($_POST['passwd']);
DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $uid);
DB_delete($_TABLES['sessions'], 'uid', $uid);
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid);
$display = COM_refresh($_CONF['site_url'] . '/users.php?msg=53');
} else {
// request invalid or expired
$display .= COM_siteHeader('menu', $LANG04[25]);
$display .= COM_showMessage(54);
$display .= getpasswordform();
$display .= COM_siteFooter();
}
} else {
// this request doesn't make sense - ignore it
$display = COM_refresh($_CONF['site_url']);
}
/**
* Saves the user's information back to the database
*
* @A array User's data
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = " . (int) $_USER['uid']);
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', (int) $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (isset($_POST['merge'])) {
if (COM_applyFilter($_POST['remoteuid'], true) != $_USER['uid']) {
echo COM_refresh($_CONF['site_url'] . '/usersettings.php?mode=edit');
}
USER_mergeAccounts();
}
// If not set or possibly removed from template - initialize variable
if (!isset($A['cooktime'])) {
$A['cooktime'] = 0;
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$account_type = DB_getItem($_TABLES['users'], 'account_type', "uid = {$_USER['uid']}");
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
if ($service == '') {
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['newp']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['passwd']) || !SEC_check_hash($A['passwd'], $current_password)) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret)) {
$ret['number'] = 97;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message hander - if not numeric use default message
// - if not numeric use default message
if (!is_numeric($ret)) {
$ret = 97;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}");
}
}
}
// Let plugins have a chance to decide what to do before saving the user, return errors.
$msg = PLG_itemPreSave('useredit', $A['username']);
if (!empty($msg)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($msg)) {
$msg = 97;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$msg}");
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = $A['new_username'];
if (!empty($A['new_username']) && USER_validateUsername($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = DB_escapeString($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $_USER['uid']);
if (!empty($photo) && strstr($photo, $_USER['username']) !== false) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $_USER['uid'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
@rename($imgpath . $photo, $imgpath . $newphoto);
DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", (int) $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", (int) $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
// this is a hack, for some reason remoteservice links made SPAMX SLV check barf
if (empty($service)) {
$profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br />';
}
$profile .= $A['location'] . '<br />' . $A['sig'] . '<br />' . $A['about'] . '<br />' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = COM_truncate(trim(USER_sanitizeName($A['fullname'])), 80);
$A['location'] = strip_tags($A['location']);
$A['sig'] = strip_tags($A['sig']);
$A['about'] = strip_tags($A['about']);
$A['pgpkey'] = strip_tags($A['pgpkey']);
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
if ($service == '') {
if (!empty($A['newp'])) {
$A['newp'] = trim($A['newp']);
$A['newp_conf'] = trim($A['newp_conf']);
if ($A['newp'] == $A['newp_conf'] && SEC_check_hash($A['passwd'], $current_password)) {
$passwd = SEC_encryptPassword($A['newp']);
DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", (int) $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
$token_ttl = $A['cooktime'];
} else {
$cooktime = 0;
$token_ttl = 14400;
}
$ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
} elseif (!SEC_check_hash($A['passwd'], $current_password)) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['newp'] != $A['newp_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
} else {
// Cookie
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = 0;
}
$ltToken = SEC_createTokenGeneral('ltc', $cooktime);
SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime);
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cookie_timeout = 0;
$token_ttl = 14400;
} else {
$cookie_timeout = time() + $A['cooktime'];
$token_ttl = $A['cooktime'];
}
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='ltc'");
if ($cookie_timeout > 0) {
$ltToken = SEC_createTokenGeneral('ltc', $token_ttl);
SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
} else {
SEC_setCookie($_CONF['cookie_password'], '', -10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = DB_escapeString($A['homepage']);
}
$A['fullname'] = DB_escapeString($A['fullname']);
$A['email'] = DB_escapeString($A['email']);
$A['location'] = DB_escapeString($A['location']);
$A['sig'] = DB_escapeString($A['sig']);
$A['about'] = DB_escapeString($A['about']);
$A['pgpkey'] = DB_escapeString($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout=" . (int) $A['cooktime'] . ",photo='" . DB_escapeString($filename) . "' WHERE uid=" . (int) $_USER['uid']);
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid=" . (int) $_USER['uid']);
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged((int) $_USER['uid']);
// at this point, the user information has been saved, but now we're going to check to see if
// the user has requested resynchronization with their remoteservice account
$msg = 5;
// default msg = Your account information has been successfully saved
if (isset($A['resynch'])) {
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
if (!$active_service) {
$status = -1;
$msg = 115;
// Remote service has been disabled.
} else {
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$service = substr($_USER['remoteservice'], 6);
$consumer = new OAuthConsumer($service);
$callback_url = $_CONF['site_url'];
$consumer->setRedirectURL($callback_url);
$user = $consumer->authenticate_user();
$consumer->doSynch($user);
}
}
if ($msg != 5) {
$msg = 114;
// Account saved but re-synch failed.
COM_errorLog($MESSAGE[$msg]);
}
}
PLG_profileExtrasSave();
PLG_profileSave();
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg);
}
}
}
}
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
PLG_loginUser($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
if (!isset($_COOKIE[$_CONF['cookie_name']]) || !isset($_COOKIE['password'])) {
// Either their cookie expired or they are new
$cooktime = COM_getUserCookieTimeout();
if ($VERBOSE) {
COM_errorLog("Trying to set permanent cookie with time of {$cooktime}", 1);
}
if ($cooktime > 0) {
// They want their cookie to persist for some amount of time so set it now
if ($VERBOSE) {
COM_errorLog('Trying to set permanent cookie', 1);
}
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime);
SEC_setCookie($_CONF['cookie_password'], SEC_encryptPassword($passwd), time() + $cooktime);
}
} else {
$userid = $_COOKIE[$_CONF['cookie_name']];
if (empty($userid) || $userid == 'deleted') {
unset($userid);
} else {
$userid = COM_applyFilter($userid, true);
if ($userid > 1) {
if ($VERBOSE) {
COM_errorLog('NOW trying to set permanent cookie', 1);
COM_errorLog('Got ' . $userid . ' from perm cookie in users.php', 1);
}
// Create new session
$userdata = SESS_getUserDataFromId($userid);
$_USER = $userdata;
/**
* Update User Password
* Updates the users password for current hash algorithm and stretch site settings.
* If not password is specified, a random password will be generated.
*
* @param string $password Password to encrypt
* @param int $uid User id to update
* @return int 0 for success, non-zero indicates error.
*/
function SEC_updateUserPassword(&$password = '', $uid = '')
{
global $_TABLES, $_CONF, $_USER;
// if no password is specified, generate a random one
if (empty($password)) {
$password = SEC_generateRandomPassword();
}
// if $uid is empty, assume current user
if (empty($uid)) {
$uid = $_USER['uid'];
}
// validate $uid nonempty and valid user (anonymous, uid = 1, not valid)
if (empty($uid) || $uid < 1) {
return -1;
}
// update the database with the new password using algorithm and stretch from $_CONF
$salt = SEC_generateSalt();
$newhash = SEC_encryptPassword($password, $salt, $_CONF['pass_alg'], $_CONF['pass_stretch']);
$query = 'UPDATE ' . $_TABLES['users'] . " SET passwd = '{$newhash}', " . "salt = '{$salt}', algorithm ='" . $_CONF['pass_alg'] . "', " . 'stretch = ' . $_CONF['pass_stretch'] . " WHERE uid = {$uid}";
DB_query($query);
// return success
return 0;
}
/**
* Create a new password and send it to the user
*
* @param string $username user's login name
* @param string $useremail user's email address
* @param int $uid user id of user
* @param string $passwd user's password (optional)
* @return bool true = success, false = an error occured
*
*/
function USER_createAndSendPassword($username, $useremail, $uid, $passwd = '')
{
global $_CONF, $_SYSTEM, $_TABLES, $LANG04;
if (!isset($_SYSTEM['verification_token_ttl'])) {
$_SYSTEM['verification_token_ttl'] = 86400;
}
$activation_link = '';
$uid = (int) $uid;
$storedPassword = DB_getItem($_TABLES['users'], 'passwd', 'uid=' . $uid);
$userStatus = DB_getItem($_TABLES['users'], 'status', 'uid=' . $uid);
if ($passwd == '' && substr($storedPassword, 0, 4) == '$H$9') {
// no need to update password
} else {
if ($passwd == '') {
$passwd = USER_createPassword(8);
}
$passwd2 = SEC_encryptPassword($passwd);
DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid);
}
if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) {
$template = new Template($_CONF['path_data']);
$template->set_file(array('mail' => 'welcome_email.txt'));
$template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}");
$template->set_var('site_url', $_CONF['site_url']);
$template->set_var('site_name', $_CONF['site_name']);
$template->set_var('site_slogan', $_CONF['site_slogan']);
$template->set_var('lang_text1', $LANG04[15]);
$template->set_var('lang_text2', $LANG04[14]);
$template->set_var('lang_username', $LANG04[2]);
$template->set_var('lang_password', $LANG04[4]);
$template->set_var('username', $username);
$template->set_var('password', $passwd);
$template->set_var('name', COM_getDisplayName($uid));
$template->parse('output', 'mail');
$mailtext = $template->get_var('output');
} else {
if ($userStatus == USER_ACCOUNT_AWAITING_VERIFICATION) {
$verification_id = USER_createActivationToken($uid, $username);
$activation_link = $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid;
$mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n";
$mailtext .= $LANG04[170] . "\n\n";
$mailtext .= "----------------------------\n";
$mailtext .= $LANG04[2] . ': ' . $username . "\n";
$mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n";
$mailtext .= "----------------------------\n\n";
$mailtext .= sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600) . "\n\n";
$mailtext .= $activation_link . "\n\n";
$mailtext .= $LANG04[173] . "\n\n";
$mailtext .= $LANG04[174] . "\n\n";
$mailtext .= "--\n";
$mailtext .= $_CONF['site_name'] . "\n";
$mailtext .= $_CONF['site_url'] . "\n";
} else {
$mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n";
$mailtext .= $LANG04[170] . "\n\n";
$mailtext .= "----------------------------\n";
$mailtext .= $LANG04[2] . ': ' . $username . "\n";
if ($passwd != '') {
$mailtext .= $LANG04[4] . ": {$passwd}\n";
}
$mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n";
$mailtext .= "----------------------------\n\n";
$mailtext .= $LANG04[14] . "\n\n";
$mailtext .= "--\n";
$mailtext .= $_CONF['site_name'] . "\n";
$mailtext .= $_CONF['site_url'] . "\n";
}
}
$subject = $_CONF['site_name'] . ': ' . $LANG04[16];
if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) {
$mailfrom = $_CONF['noreply_mail'];
global $LANG_LOGIN;
$mailtext .= LB . LB . $LANG04[159];
} else {
$mailfrom = $_CONF['site_mail'];
}
$to = array();
$from = array();
$from = COM_formatEmailAddress($_CONF['site_name'], $mailfrom);
$to = COM_formatEmailAddress($username, $useremail);
$subject = COM_undoSpecialChars(strip_tags($subject));
return COM_mail($to, $subject, $mailtext, $from, false);
}
/**
* Saves user to the database
*
* @param int $uid user id
* @param string $usernmae (short) user name
* @param string $fullname user's full name
* @param string $email user's email address
* @param string $regdate date the user registered with the site
* @param string $homepage user's homepage URL
* @param array $groups groups the user belongs to
* @param string $delete_photo delete user's photo if == 'on'
* @return string HTML redirect or error message
*
*/
function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3)
{
global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
$retval = '';
$userChanged = false;
if ($_USER_VERBOSE) {
COM_errorLog("**** entering saveusers****", 1);
}
if ($_USER_VERBOSE) {
COM_errorLog("group size at beginning = " . count($groups), 1);
}
if ($passwd != $passwd_conf) {
// passwords don't match
return edituser($uid, 67);
}
$nameAndEmailOkay = true;
if (empty($username)) {
$nameAndEmailOkay = false;
} elseif (empty($email)) {
if (empty($uid)) {
$nameAndEmailOkay = false;
// new users need an email address
} else {
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
if (empty($service)) {
$nameAndEmailOkay = false;
// not a remote user - needs email
}
}
}
if ($nameAndEmailOkay) {
if (!empty($email) && !COM_isEmail($email)) {
return edituser($uid, 52);
}
$uname = addslashes($username);
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
} else {
$uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
if ($uservice != '') {
$uservice = addslashes($uservice);
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
}
}
if ($ucount > 0) {
// Admin just changed a user's username to one that already exists
return edituser($uid, 51);
}
$emailaddr = addslashes($email);
$exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
} else {
$old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
if ($old_email == $email) {
// email address didn't change so don't care
$ucount = 0;
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
}
}
if ($ucount > 0) {
// Admin just changed a user's email to one that already exists
return edituser($uid, 56);
}
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($username, $email);
if (!empty($ret)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return edituser($uid, $ret['number']);
}
}
if (empty($uid) || !empty($passwd)) {
$passwd = SEC_encryptPassword($passwd);
} else {
$passwd = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}");
}
if (empty($uid)) {
if (empty($passwd)) {
// no password? create one ...
$passwd = rand();
$passwd = md5($passwd);
$passwd = substr($passwd, 1, 8);
$passwd = SEC_encryptPassword($passwd);
}
$uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage);
if ($uid > 1) {
DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
}
} else {
$fullname = addslashes($fullname);
$homepage = addslashes($homepage);
$curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}");
if (!empty($curphoto) && $delete_photo == 'on') {
USER_deletePhoto($curphoto);
$curphoto = '';
}
if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
$curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
if ($curusername != $username) {
// user has been renamed - rename the photo, too
$newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG28[22]);
$display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
$curphoto = $newphoto;
}
}
$curphoto = addslashes($curphoto);
DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', passwd = '{$passwd}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}");
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($uid);
}
if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) {
USER_createAndSendPassword($username, $email, $uid);
}
if ($userstatus == USER_ACCOUNT_DISABLED) {
SESS_endUserSession($uid);
}
$userChanged = true;
}
// check that the user is allowed to change group assignments
if (is_array($groups) && SEC_hasRights('group.assign')) {
if (!SEC_inGroup('Root')) {
$rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
if (in_array($rootgrp, $groups)) {
COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
// make sure the Remote Users group is in $groups
if (SEC_inGroup('Remote Users', $uid)) {
$remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
if (!in_array($remUsers, $groups)) {
$groups[] = $remUsers;
}
}
if ($_USER_VERBOSE) {
COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
}
// remove user from all groups that the User Admin is a member of
$UserAdminGroups = SEC_getUserGroups();
$whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
// make sure to add user to All Users and Logged-in Users groups
$allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
if (!in_array($allUsers, $groups)) {
$groups[] = $allUsers;
}
$logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
if (!in_array($logUsers, $groups)) {
$groups[] = $logUsers;
}
foreach ($groups as $userGroup) {
if (in_array($userGroup, $UserAdminGroups)) {
if ($_USER_VERBOSE) {
COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
DB_query($sql);
}
}
}
if ($userChanged) {
PLG_userInfoChanged($uid);
}
$errors = DB_error();
if (empty($errors)) {
echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
} else {
$retval .= COM_siteHeader('menu', $LANG28[22]);
$retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php');
$retval .= COM_siteFooter();
echo $retval;
exit;
}
} else {
$retval = COM_siteHeader('menu', $LANG28[1]);
$retval .= COM_showMessageText($LANG28[10]);
if (DB_count($_TABLES['users'], 'uid', $uid) > 0) {
$retval .= edituser($uid);
} else {
$retval .= edituser();
}
$retval .= COM_siteFooter();
COM_output($retval);
exit;
}
if ($_USER_VERBOSE) {
COM_errorLog("***************leaving saveusers*****************", 1);
}
return $retval;
}
/**
* Create a new password and set in DB if User Id supplied
*
* @param int $uid id of the user
* @return array ['normal'] = human readable password, ['encrypted'] = encrypted password
*
*/
function USER_createPassword($uid = 0)
{
global $_TABLES;
$passwd['normal'] = rand();
$passwd['normal'] = md5($passwd['normal']);
$passwd['normal'] = substr($passwd['normal'], 1, 8);
$passwd['encrypted'] = SEC_encryptPassword($passwd['normal']);
if ($uid > 1) {
DB_change($_TABLES['users'], 'passwd', $passwd['encrypted'], 'uid', $uid);
}
return $passwd;
}
/**
* Create a new password and send it to the user
*
* @param string $username user's login name
* @param string $useremail user's email address
* @param int $uid user id of user
* @param string $passwd user's password (optional)
* @return bool true = success, false = an error occured
*
*/
function USER_createAndSendPassword($username, $useremail, $uid, $passwd = '')
{
global $_CONF, $_SYSTEM, $_TABLES, $LANG04;
if (!isset($_SYSTEM['verification_token_ttl'])) {
$_SYSTEM['verification_token_ttl'] = 86400;
}
$activation_link = '';
$uid = (int) $uid;
$storedPassword = DB_getItem($_TABLES['users'], 'passwd', 'uid=' . $uid);
$userStatus = DB_getItem($_TABLES['users'], 'status', 'uid=' . $uid);
if ($passwd == '' && substr($storedPassword, 0, 4) == '$H$9') {
// no need to update password
} else {
if ($passwd == '') {
$passwd = USER_createPassword(8);
}
$passwd2 = SEC_encryptPassword($passwd);
DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid);
}
if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) {
$template = new Template($_CONF['path_data']);
$template->set_file(array('mail' => 'welcome_email.txt'));
$template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}");
$template->set_var('site_url', $_CONF['site_url']);
$template->set_var('site_name', $_CONF['site_name']);
$template->set_var('site_slogan', $_CONF['site_slogan']);
$template->set_var('lang_text1', $LANG04[15]);
$template->set_var('lang_text2', $LANG04[14]);
$template->set_var('lang_username', $LANG04[2]);
$template->set_var('lang_password', $LANG04[4]);
$template->set_var('username', $username);
$template->set_var('password', $passwd);
$template->set_var('name', COM_getDisplayName($uid));
$template->parse('output', 'mail');
$mailtext = $template->get_var('output');
} else {
$T = new Template($_CONF['path_layout'] . 'email/');
$T->set_file(array('html_msg' => 'newuser_template_html.thtml', 'text_msg' => 'newuser_template_text.thtml'));
if ($userStatus == USER_ACCOUNT_AWAITING_VERIFICATION) {
$verification_id = USER_createActivationToken($uid, $username);
$T->set_var(array('url' => $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid, 'lang_site_or_password' => $LANG04[171], 'site_link_url' => $_CONF['site_url'], 'lang_activation' => sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600), 'lang_button_text' => $LANG04[203]));
} else {
$T->set_var(array('url' => $_CONF['site_url'] . '/usersettings.php', 'lang_site_or_password' => $LANG04[4], 'site_link_url' => '', 'lang_activation' => $LANG04[14], 'lang_button_text' => 'Change Password', 'passwd' => $passwd));
}
$T->set_var(array('title' => $_CONF['site_name'] . ': ' . $LANG04[16], 'site_name' => $_CONF['site_name'], 'username' => $username));
$T->parse('output', 'html_msg');
$mailhtml = $T->finish($T->get_var('output'));
$T->parse('output', 'text_msg');
$mailtext = $T->finish($T->get_var('output'));
}
$msgData['htmlmessage'] = $mailhtml;
$msgData['textmessage'] = $mailtext;
$msgData['subject'] = $_CONF['site_name'] . ': ' . $LANG04[16];
$to = array();
$from = array();
$from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['noreply_mail']);
$to = COM_formatEmailAddress('', $useremail);
// $msgData['from']['name'] = $_CONF['site_name'];
// $msgData['from']['email'] = $_CONF['noreply_mail'];
// $msgData['to']['email'] = $useremail;
// $msgData['to']['name'] = $username;
// return COM_emailNotification($msgData);
return COM_mail($to, $msgData['subject'], $msgData['htmlmessage'], $from, true, 0, '', $msgData['textmessage']);
}
function encryptPassword($password)
{
global $_TABLES;
$version = preg_replace('/[^0-9.]/', '', VERSION);
if (version_compare($version, '2.0.0', '<')) {
$retval = SEC_encryptPassword($password);
} else {
$salt = DB_getItem($_TABLES['users'], 'salt', "uid = 2");
$algorithm = DB_getItem($_TABLES['conf_values'], 'value', "name = 'pass_alg'");
$stretch = DB_getItem($_TABLES['conf_values'], 'value', "name = 'pass_stretch'");
$algorithm = unserialize($algorithm);
$stretch = unserialize($stretch);
$retval = SEC_encryptPassword($password, $salt, $algorithm, $stretch);
}
return $retval;
}
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = addslashes($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG04[21]);
$display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) {
$passwd = SEC_encryptPassword($A['passwd']);
DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = addslashes($A['homepage']);
}
$A['fullname'] = addslashes($A['fullname']);
$A['email'] = addslashes($A['email']);
$A['location'] = addslashes($A['location']);
$A['sig'] = addslashes($A['sig']);
$A['about'] = addslashes($A['about']);
$A['pgpkey'] = addslashes($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5');
}
}
}
}
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}");
if ($service == '') {
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} else {
if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
// re athenticate remote user again for these changes to take place
// Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = addslashes($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG04[21]);
$display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>';
// this is a hack, for some reason remoteservice links made SPAMX SLV check barf
if (empty($service)) {
$profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>';
}
$profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
$passwd = '';
if ($service == '') {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) {
$passwd = SEC_encryptPassword($A['passwd']);
DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
} else {
// Cookie
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = addslashes($A['homepage']);
}
$A['fullname'] = addslashes($A['fullname']);
$A['email'] = addslashes($A['email']);
$A['location'] = addslashes($A['location']);
$A['sig'] = addslashes($A['sig']);
$A['about'] = addslashes($A['about']);
$A['pgpkey'] = addslashes($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
$msg = 5;
// Re Sync data if needed
if (isset($A['resynch'])) {
if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) {
$modules = SEC_collectRemoteOAuthModules();
$active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules);
if (!$active_service) {
$status = -1;
$msg = 115;
// Remote service has been disabled.
} else {
$query[] = '';
$callback_url = $_CONF['site_url'] . '/usersettings.php?mode=synch&oauth_login='******'oauth.facebook') {
// facebook does resynch during refresh
return COM_refresh($callback_url);
} else {
// all other services use reauth/callback method
// send request to OAuth Service for user information
require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php';
$consumer = new OAuthConsumer($service);
$url = $consumer->find_identity_info($callback_url, $query);
if (empty($url)) {
$msg = 110;
// Can not get URL for authentication.'
} else {
header('Location: ' . $url);
exit;
}
}
}
}
if ($msg != 5) {
$msg = 114;
// Account saved but re-synch failed.
}
}
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg);
}
}
}
}
/**
* Check for accounts that still use the default password
*
* NOTE: If one of our users is also using "password" as their password, this
* test will also detect that, as it checks all accounts.
*
* @return string text explaining the result of the test
*
*/
function checkDefaultPassword()
{
global $_TABLES, $LANG_SECTEST, $failed_tests;
$retval = '';
// check to see if any account still has 'password' as its password.
$pwdRoot = 0;
$pwdUser = 0;
$result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE passwd='" . SEC_encryptPassword('password') . "'");
$numPwd = DB_numRows($result);
if ($numPwd > 0) {
for ($i = 0; $i < $numPwd; $i++) {
list($uid) = DB_fetchArray($result);
if (SEC_inGroup('Root', $uid)) {
$pwdRoot++;
} else {
$pwdUser++;
}
}
}
if ($pwdRoot > 0) {
$retval .= '<li>' . sprintf($LANG_SECTEST['fix_password'], $pwdRoot) . '</li>';
$failed_tests++;
} else {
$retval .= '<li>' . $LANG_SECTEST['password_okay'] . '</li>';
}
return $retval;
}
/**
* Create a new user
* Also calls the custom user registration (if enabled) and plugin functions.
* NOTE: Does NOT send out password emails.
*
* @param string $username username (mandatory)
* @param string $email user's email address (mandatory)
* @param string $passwd password (optional, see above)
* @param string $fullname user's full name (optional)
* @param string $homepage user's home page (optional)
* @param string $remoteUserName
* @param string $service
* @param boolean $batchImport set to true when called from importuser() in admin/users.php (optional)
* @return int new user's ID
*/
function USER_createAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteUserName = '', $service = '', $batchImport = false)
{
global $_CONF, $_TABLES;
$queueUser = false;
$username = DB_escapeString($username);
$email = DB_escapeString($email);
$regdate = strftime('%Y-%m-%d %H:%M:%S', time());
$fields = 'username,email,regdate,cookietimeout';
$values = "'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'";
if (!empty($passwd)) {
// Since no uid exists yet we can't use SEC_updateUserPassword and must handle things manually
$salt = SEC_generateSalt();
$passwd = SEC_encryptPassword($passwd, $salt, $_CONF['pass_alg'], $_CONF['pass_stretch']);
$fields .= ',passwd,salt,algorithm,stretch';
$values .= ",'{$passwd}','{$salt}','" . $_CONF['pass_alg'] . "','" . $_CONF['pass_stretch'] . "'";
}
if (!empty($fullname)) {
$fullname = DB_escapeString($fullname);
$fields .= ',fullname';
$values .= ",'{$fullname}'";
}
if (!empty($homepage)) {
$homepage = DB_escapeString($homepage);
$fields .= ',homepage';
$values .= ",'{$homepage}'";
}
if ($_CONF['usersubmission'] == 1 && !SEC_hasRights('user.edit')) {
$queueUser = true;
if (!empty($_CONF['allow_domains'])) {
if (USER_emailMatches($email, $_CONF['allow_domains'])) {
$queueUser = false;
}
}
if ($queueUser) {
$fields .= ',status';
$values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL;
}
} else {
if (!empty($remoteUserName)) {
$fields .= ',remoteusername';
$values .= ",'{$remoteUserName}'";
}
if (!empty($service)) {
$fields .= ',remoteservice';
$values .= ",'{$service}'";
}
}
DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})");
// Get the uid of the user, possibly given a service:
if ($remoteUserName != '') {
$uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$service}'");
} else {
$uid = DB_getItem($_TABLES['users'], 'uid', "username = '******' AND remoteservice IS NULL");
}
// Add user to Logged-in group (i.e. members) and the All Users group
$normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'");
$all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$normal_grp}, {$uid})");
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$all_grp}, {$uid})");
// any default groups?
$result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_default = 1");
$num_groups = DB_numRows($result);
for ($i = 0; $i < $num_groups; $i++) {
list($def_grp) = DB_fetchArray($result);
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$def_grp}, {$uid})");
}
DB_query("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ({$uid})");
if ($_CONF['emailstoriesperdefault'] == 1) {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')");
} else {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')");
}
DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentorder,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_order']}','{$_CONF['comment_limit']}')");
DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})");
// call custom registration function and plugins
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) {
CUSTOM_userCreate($uid, $batchImport);
}
PLG_createUser($uid);
// Notify the admin?
if (isset($_CONF['notification']) && in_array('user', $_CONF['notification'])) {
$mode = $queueUser ? 'inactive' : 'active';
$username = COM_getDisplayName($uid, $username, $fullname, $remoteUserName, $service);
USER_sendNotification($username, $email, $uid, $mode);
}
return $uid;
}
function _userSetnewpwd()
{
global $_CONF, $_TABLES, $_USER, $LANG04;
$retval = '';
if (empty($_POST['passwd']) || $_POST['passwd'] != $_POST['passwd_conf']) {
echo COM_refresh($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . COM_applyFilter($_POST['uid'], true) . '&rid=' . COM_applyFilter($_POST['rid']));
} else {
$uid = COM_applyFilter($_POST['uid'], true);
$reqid = COM_sanitizeID(COM_applyFilter($_POST['rid']));
if (!empty($uid) && is_numeric($uid) && $uid > 1 && !empty($reqid) && strlen($reqid) == 16) {
$uid = (int) $uid;
$safereqid = DB_escapeString($reqid);
$valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $safereqid));
if ($valid == 1) {
$passwd = SEC_encryptPassword($_POST['passwd']);
DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", $uid);
DB_delete($_TABLES['sessions'], 'uid', $uid);
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid);
echo COM_refresh($_CONF['site_url'] . '/users.php?msg=53');
} else {
// request invalid or expired
$retval .= COM_showMessage(54, '', '', 1, 'error');
$retval .= getpasswordform();
}
} else {
// this request doesn't make sense - ignore it
echo COM_refresh($_CONF['site_url']);
}
}
}
function fnccreateAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $uid = "")
{
global $_CONF, $_TABLES;
$batchimport = true;
//一括処理
$ret = true;
$username = addslashes($username);
$email = addslashes($email);
$fullname = addslashes($fullname);
$homepage = addslashes($homepage);
//UIDを取得する
if ($uid == 0) {
$w = DB_getItem($_TABLES['users'], "max(uid)", "1=1");
if ($w == "") {
$w = 0;
}
$uid = $w + 1;
}
$regdate = strftime('%Y-%m-%d %H:%M:%S', time());
$fields = 'uid,username,email,regdate,cookietimeout';
$values = "{$uid},'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'";
//パスワードを更新する
if (!empty($passwd)) {
$passwd = addslashes($passwd);
$fields .= ',passwd';
$values .= ",'{$passwd}'";
} else {
srand((double) microtime() * 1000000);
//擬似乱数の発生系列を変更する
$passwd1 = rand();
$passwd1 = md5($passwd1);
$passwd1 = substr($passwd1, 1, 8);
$passwd2 = SEC_encryptPassword($passwd1);
$fields .= ',passwd';
$values .= ",'{$passwd2}'";
}
//フルネーム
if (!empty($fullname)) {
$fullname = addslashes($fullname);
$fields .= ',fullname';
$values .= ",'{$fullname}'";
}
//ホームページ
if (!empty($homepage)) {
$homepage = addslashes($homepage);
$fields .= ',homepage';
$values .= ",'{$homepage}'";
}
// DB users 追加
DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})");
// Add user to Logged-in group (i.e. members) and the All Users group
$normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'");
$all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'");
DB_query("INSERT INTO {$_TABLES['group_assignments']}\n (ug_main_grp_id,ug_uid) VALUES ({$normal_grp}, {$uid})");
DB_query("INSERT INTO {$_TABLES['group_assignments']}\n (ug_main_grp_id,ug_uid) VALUES ({$all_grp}, {$uid})");
// DB userprefs 追加
DB_query("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ({$uid})");
// デイリーダイジェスト 新規ユーザのデフォルトにより更新
if ($_CONF['emailstoriesperdefault'] == 1) {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')");
} else {
DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')");
}
//DB usercomment 追加
DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_limit']}')");
//DB userinfo 追加
DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})");
// call custom registration function and plugins
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) {
CUSTOM_userCreate($uid, $batchimport);
}
PLG_createUser($uid);
return $ret;
}
