/** * Add passwords for OAuth and OpenID users * */ function update_UsersFor180() { global $_CONF, $_TABLES; require_once $_CONF['path_system'] . 'lib-security.php'; $passwords = array(); $sql = "SELECT uid FROM {$_TABLES['users']} WHERE (remoteservice IS NOT NULL OR remoteservice != '') AND passwd = ''"; $result = DB_query($sql); $nrows = DB_numRows($result); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); /* Formerlly USER_changePassword */ $passwd['normal'] = rand(); $passwd['normal'] = md5($passwd['normal']); $passwd['normal'] = substr($passwd['normal'], 1, 8); $passwd['encrypted'] = SEC_encryptPassword($passwd['normal'], '', HashFunction::md5, 1); /* use default md5 only */ if ($A['uid'] > 1) { DB_change($_TABLES['users'], 'passwd', $passwd['encrypted'], 'uid', $A['uid']); } } }
/** * Check to see if we can authenticate this user with a remote server * * A user has not managed to login localy, but has an @ in their user * name and we have enabled distributed authentication. Firstly, try to * see if we have cached the module that we used to authenticate them * when they signed up (i.e. they've actualy changed their password * elsewhere and we need to synch.) If not, then try to authenticate * them with /every/ authentication module. If this suceeds, create * a user for them. * * @param string $loginname Their username * @param string $passwd The password entered * @param string $server The server portion of $username * @param string $uid OUTPUT parameter, pass it by ref to get uid back. * @return int user status, -1 for fail. */ function SEC_remoteAuthentication(&$loginname, $passwd, $service, &$uid) { global $_CONF, $_TABLES; /* First try a local cached login */ $remoteusername = DB_escapeString($loginname); $remoteservice = DB_escapeString($service); $result = DB_query("SELECT passwd, status, uid FROM {$_TABLES['users']} WHERE remoteusername='******' AND remoteservice='{$remoteservice}'"); $tmp = DB_error(); $nrows = DB_numRows($result); if ($tmp == 0 && $nrows == 1) { $U = DB_fetchArray($result); $uid = $U['uid']; $mypass = $U['passwd']; // also used to see if the user existed later. if ($mypass == SEC_encryptPassword($passwd)) { /* Valid password for cached user, return status */ return $U['status']; } } $service = COM_sanitizeFilename($service); $servicefile = $_CONF['path_system'] . 'classes/authentication/' . $service . '.auth.class.php'; if (file_exists($servicefile)) { require_once $servicefile; $authmodule = new $service(); if ($authmodule->authenticate($loginname, $passwd)) { /* check to see if they have logged in before: */ if (empty($mypass)) { // no such user, create them // Check to see if their remoteusername is unique locally $checkName = DB_getItem($_TABLES['users'], 'username', "username='******'"); if (!empty($checkName)) { // no, call custom function. if (function_exists('CUSTOM_uniqueRemoteUsername')) { $loginname = CUSTOM_uniqueRemoteUsername($loginname, $service); } } USER_createAccount($loginname, $authmodule->email, SEC_encryptPassword($passwd), $authmodule->fullname, $authmodule->homepage, $remoteusername, $remoteservice); $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$remoteservice}'"); // Store full remote account name: DB_query("UPDATE {$_TABLES['users']} SET remoteusername='******', remoteservice='{$remoteservice}', status=3 WHERE uid={$uid}"); // Add to remote users: $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Remote Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ('{$remote_grp}', {$uid})"); return 3; // Remote auth precludes usersubmission, // and integrates user activation, see? } else { // user existed, update local password: DB_change($_TABLES['users'], 'passwd', DB_escapeString(SEC_encryptPassword($passwd)), array('remoteusername', 'remoteservice'), array(DB_escapeString($remoteusername), DB_escapeString($remoteservice))); // and return their status return DB_getItem($_TABLES['users'], 'status', "remoteusername='******' AND remoteservice='{$remoteservice}'"); } } else { return -1; } } else { return -1; } }
/** * Create a new password and send it to the user * * @param string $username user's login name * @param string $useremail user's email address * @return boolean true = success, false = an error occured * */ function USER_createAndSendPassword($username, $useremail, $uid) { global $_CONF, $_TABLES, $LANG04; $passwd = rand(); $passwd = md5($passwd); $passwd = substr($passwd, 1, 8); $passwd2 = SEC_encryptPassword($passwd); DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid); if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) { $template = new Template($_CONF['path_data']); $template->set_file(array('mail' => 'welcome_email.txt')); $template->set_var('xhtml', XHTML); $template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}"); $template->set_var('site_url', $_CONF['site_url']); $template->set_var('site_name', $_CONF['site_name']); $template->set_var('site_slogan', $_CONF['site_slogan']); $template->set_var('lang_text1', $LANG04[15]); $template->set_var('lang_text2', $LANG04[14]); $template->set_var('lang_username', $LANG04[2]); $template->set_var('lang_password', $LANG04[4]); $template->set_var('username', $username); $template->set_var('password', $passwd); $template->set_var('name', COM_getDisplayName($uid)); $template->parse('output', 'mail'); $mailtext = $template->get_var('output'); } else { $mailtext = $LANG04[15] . "\n\n"; $mailtext .= $LANG04[2] . ": {$username}\n"; $mailtext .= $LANG04[4] . ": {$passwd}\n\n"; $mailtext .= $LANG04[14] . "\n\n"; $mailtext .= $_CONF['site_name'] . "\n"; $mailtext .= $_CONF['site_url'] . "\n"; } $subject = $_CONF['site_name'] . ': ' . $LANG04[16]; if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) { $mailfrom = $_CONF['noreply_mail']; $mailtext .= LB . LB . $LANG04[159]; } else { $mailfrom = $_CONF['site_mail']; } return COM_mail($useremail, $subject, $mailtext, $mailfrom); }
/** * Saves user to the database * * @param int $uid user id * @return string HTML redirect or error message * */ function USER_save($uid) { global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE; $retval = ''; $userChanged = false; if ($_USER_VERBOSE) { COM_errorLog("**** entering USER_save()****", 1); } if ($_USER_VERBOSE) { COM_errorLog("group size at beginning = " . sizeof($groups), 1); } $uid = COM_applyFilter($_POST['uid'], true); if ($uid == 0) { $uid = ''; } $regdate = COM_applyFilter($_POST['regdate'], true); $username = trim($_POST['new_username']); $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80); $userstatus = COM_applyFilter($_POST['userstatus'], true); $oldstatus = COM_applyFilter($_POST['oldstatus'], true); $passwd = isset($_POST['newp']) ? trim($_POST['newp']) : ''; $passwd_conf = isset($_POST['newp_conf']) ? trim($_POST['newp_conf']) : ''; $cooktime = COM_applyFilter($_POST['cooktime'], true); $email = trim($_POST['email']); $email_conf = trim($_POST['email_conf']); $groups = $_POST['groups']; $homepage = trim($_POST['homepage']); $location = strip_tags(trim($_POST['location'])); $photo = isset($_POST['photo']) ? $_POST['photo'] : ''; $delete_photo = isset($_POST['delete_photo']) && $_POST['delete_photo'] == 'on' ? 1 : 0; $sig = trim($_POST['sig']); $about = trim($_POST['about']); $pgpkey = trim($_POST['pgpkey']); $language = isset($_POST['language']) ? trim(COM_applyFilter($_POST['language'])) : ''; $theme = isset($_POST['theme']) ? trim(COM_applyFilter($_POST['theme'])) : ''; $maxstories = COM_applyFilter($_POST['maxstories'], true); $tzid = COM_applyFilter($_POST['tzid']); $dfid = COM_applyFilter($_POST['dfid'], true); $search_fmt = COM_applyFilter($_POST['search_result_format']); $commentmode = COM_applyFilter($_POST['commentmode']); $commentorder = isset($_POST['commentorder']) && $_POST['commentorder'] == 'DESC' ? 'DESC' : 'ASC'; $commentlimit = COM_applyFilter($_POST['commentlimit'], true); $emailfromuser = isset($_POST['emailfromuser']) && $_POST['emailfromuser'] == 'on' ? 1 : 0; $emailfromadmin = isset($_POST['emailfromadmin']) && $_POST['emailfromadmin'] == 'on' ? 1 : 0; $noicons = isset($_POST['noicons']) && $_POST['noicons'] == 'on' ? 1 : 0; $noboxes = isset($_POST['noboxes']) && $_POST['noboxes'] == 'on' ? 1 : 0; $showonline = isset($_POST['showonline']) && $_POST['showonline'] == 'on' ? 1 : 0; $topic_order = isset($_POST['topic_order']) && $_POST['topic_order'] == 'ASC' ? 'ASC' : 'DESC'; $maxstories = COM_applyFilter($_POST['maxstories'], true); $newuser = COM_applyFilter($_POST['newuser'], true); $remoteuser = isset($_POST['remoteuser']) && $_POST['remoteuser'] == 'on' ? 1 : 0; $remoteusername = isset($_POST['remoteusername']) ? strip_tags(trim($_POST['remoteusername'])) : ''; $remoteservice = isset($_POST['remoteservice']) ? COM_applyFilter($_POST['remoteservice']) : ''; $social_services = SOC_followMeProfile($uid); foreach ($social_services as $service) { $service_input = $service['service'] . '_username'; $_POST[$service_input] = strip_tags($_POST[$service_input]); } if ($uid == 1) { return USER_list(); } if ($uid == '' || $uid < 2 || $newuser == 1) { if (empty($passwd) && $remoteuser == 0) { return USER_edit($uid, 504); } if (empty($email)) { return USER_edit($uid, 505); } } if ($username == '') { return USER_edit($uid, 506); } if (!USER_validateUsername($username)) { return USER_edit($uid, 512); } if ($email == '') { return USER_edit($uid, 507); } if ($passwd != $passwd_conf && $remoteuser == 0) { // passwords don't match return USER_edit($uid, 67); } if ($email != $email_conf) { return USER_edit($uid, 508); } // remote user checks if ($remoteuser == 1) { if ($remoteusername == '') { return USER_edit($uid, 513); } if ($remoteservice == '') { return USER_edit($uid, 514); } } $validEmail = true; if (empty($username)) { $validEmail = false; } elseif (empty($email)) { if (empty($uid)) { $validEmail = false; } else { $ws_user = DB_getItem($_TABLES['users'], 'remoteservice', "uid = " . intval($uid)); if (empty($ws_user)) { $validEmail = false; } } } if ($validEmail) { if (!empty($email) && !COM_isEmail($email)) { return USER_edit($uid, 52); } $uname = DB_escapeString($username); if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'"); } else { $uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}"); if ($uservice != '') { $uservice = DB_escapeString($uservice); $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'"); } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)"); } } if ($ucount > 0) { // Admin just changed a user's username to one that already exists return USER_edit($uid, 51); } $emailaddr = DB_escapeString($email); $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')"; if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote); } else { $old_email = DB_getItem($_TABLES['users'], 'email', "uid = {$uid}"); if ($old_email == $email) { // email address didn't change so don't care $ucount = 0; } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote); } } if ($ucount > 0) { // Admin just changed a user's email to one that already exists return USER_edit($uid, 56); } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // need a numeric return value - otherwise use default message if (!is_numeric($ret['number'])) { $ret['number'] = 97; } return USER_edit($uid, $ret['number']); } } // Let plugins have a chance to decide what to do before saving the user, return errors. $msg = PLG_itemPreSave('useredit', $username); if (!empty($msg)) { // need a numeric return value - otherwise use default message if (!is_numeric($msg)) { $msg = 97; } return USER_edit($uid, $msg); } if (empty($uid) || !empty($passwd)) { $passwd2 = SEC_encryptPassword($passwd); } else { $passwd2 = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}"); } // do we need to create the user? if (empty($uid)) { if (empty($passwd)) { // no password? create one ... $passwd = USER_createPassword(8); $passwd2 = SEC_encryptPassword($passwd); } if ($remoteuser == 1) { $uid = USER_createAccount($username, $email, '', $fullname, '', $remoteusername, $remoteservice, 1); } else { $uid = USER_createAccount($username, $email, $passwd2, $fullname, $homepage, '', '', 1); } if ($uid > 1) { DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}"); } if (isset($_POST['emailuser'])) { USER_createAndSendPassword($username, $email, $uid, $passwd); } if ($uid < 2) { return USER_edit('', 509); } $newuser = 1; } // at this point, we have a valid user... // Filter some of the text entry fields to ensure they don't cause problems... $fullname = strip_tags($fullname); $about = strip_tags($about); $pgpkey = strip_tags($pgpkey); $curphoto = USER_handlePhotoUpload($uid, $delete_photo); if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) { $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}"); if ($curusername != $username) { // user has been renamed - rename the photo, too $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG28[22]); $display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } $curphoto = $newphoto; } } // update users table $sql = "UPDATE {$_TABLES['users']} SET " . "username = '******'," . "fullname = '" . DB_escapeString($fullname) . "'," . "passwd = '" . DB_escapeString($passwd2) . "'," . "email = '" . DB_escapeString($email) . "'," . "homepage = '" . DB_escapeString($homepage) . "'," . "sig = '" . DB_escapeString($sig) . "'," . "photo = '" . DB_escapeString($curphoto) . "'," . "cookietimeout = {$cooktime}," . "theme = '" . DB_escapeString($theme) . "'," . "language = '" . DB_escapeString($language) . "'," . "status = {$userstatus} WHERE uid = {$uid};"; DB_query($sql); // update userprefs $sql = "UPDATE {$_TABLES['userprefs']} SET " . "noicons = {$noicons}," . "dfid = {$dfid}," . "tzid = '" . DB_escapeString($tzid) . "'," . "emailstories = 0," . "emailfromadmin = {$emailfromadmin}," . "emailfromuser = {$emailfromuser}," . "showonline = {$showonline}," . "search_result_format = '" . DB_escapeString($search_fmt) . "' WHERE uid={$uid};"; DB_query($sql); // userinfo table $sql = "UPDATE {$_TABLES['userinfo']} SET " . "about = '" . DB_escapeString($about) . "'," . "location = '" . DB_escapeString($location) . "'," . "pgpkey = '" . DB_escapeString($pgpkey) . "' WHERE uid={$uid};"; DB_query($sql); // userindex table $TIDS = @array_values($_POST['topics']); $AIDS = @array_values($_POST['selauthors']); $BOXES = @array_values($_POST['blocks']); $ETIDS = @array_values($_POST['dgtopics']); $allowed_etids = USER_buildTopicList(); $AETIDS = explode(' ', $allowed_etids); $tids = ''; if (sizeof($TIDS) > 0) { $tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS))); } $aids = ''; if (sizeof($AIDS) > 0) { foreach ($AIDS as $key => $val) { $AIDS[$key] = intval($val); } $aids = DB_escapeString(implode(' ', $AIDS)); } $selectedblocks = ''; $selectedBoxes = array(); if (count($BOXES) > 0) { foreach ($BOXES as $key => $val) { $BOXES[$key] = intval($val); } $boxes = DB_escapeString(implode(',', $BOXES)); $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})"); $numRows = DB_numRows($blockresult); for ($x = 1; $x <= $numRows; $x++) { $row = DB_fetchArray($blockresult); if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') { $selectedblocks .= $row['bid']; if ($x != $numRows) { $selectedblocks .= ' '; } } } } $etids = '-'; if (sizeof($ETIDS) > 0) { $etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS))); } else { $etids = '-'; } DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$uid},'{$tids}','{$aids}','{$selectedblocks}',{$noboxes},{$maxstories},'{$etids}'"); // usercomment DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$uid},'{$commentmode}','{$commentorder}'," . intval($commentlimit)); if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($uid); } if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && ($userstatus == USER_ACCOUNT_ACTIVE || $userstatus == USER_ACCOUNT_AWAITING_ACTIVATION || $userstatus == USER_ACCOUNT_AWAITING_VERIFICATION)) { USER_createAndSendPassword($username, $email, $uid); } if ($userstatus == USER_ACCOUNT_DISABLED) { SESS_endUserSession($uid); } $userChanged = true; // if groups is -1 then this user isn't allowed to change any groups so ignore if (is_array($groups) && SEC_hasRights('group.edit')) { if (!SEC_inGroup('Root')) { $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); if (in_array($rootgrp, $groups)) { COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } } // make sure the Remote Users group is in $groups if (SEC_inGroup('Remote Users', $uid)) { $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); if (!in_array($remUsers, $groups)) { $groups[] = $remUsers; } } if ($_USER_VERBOSE) { COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1); } // remove user from all groups that the User Admin is a member of $UserAdminGroups = SEC_getUserGroups(); $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup); // make sure to add user to All Users and Logged-in Users groups $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'"); if (!in_array($allUsers, $groups)) { $groups[] = $allUsers; } $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'"); if (!in_array($logUsers, $groups)) { $groups[] = $logUsers; } foreach ($groups as $userGroup) { if (in_array($userGroup, $UserAdminGroups)) { if ($_USER_VERBOSE) { COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})"; DB_query($sql); } } } // subscriptions $subscription_deletes = @array_values($_POST['subdelete']); if (is_array($subscription_deletes)) { foreach ($subscription_deletes as $subid) { DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid); } } foreach ($social_services as $service) { $service_input = $service['service'] . '_username'; $_POST[$service_input] = DB_escapeString($_POST[$service_input]); if ($_POST[$service_input] != '') { $sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) "; $sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');"; DB_query($sql, 1); } else { $sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid; DB_query($sql, 1); } } if ($newuser == 0) { PLG_profileSave('', $uid); } else { PLG_createUser($uid); } if ($userChanged) { PLG_userInfoChanged($uid); } CACHE_remove_instance('mbmenu'); $errors = DB_error(); if (empty($errors)) { echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21); } else { $retval .= COM_siteHeader('menu', $LANG28[22]); $retval .= COM_errorLog('Error in USER_save() in ' . $_CONF['site_admin_url'] . '/user.php'); $retval .= COM_siteFooter(); echo $retval; exit; } } else { $retval = COM_siteHeader('menu', $LANG28[1]); $retval .= COM_errorLog($LANG28[10]); if (DB_count($_TABLES['users'], 'uid', $uid) > 0) { $retval .= USER_edit($uid); } else { $retval .= USER_edit(); } $retval .= COM_siteFooter(); echo $retval; exit; } if ($_USER_VERBOSE) { COM_errorLog("***************leaving USER_save()*****************", 1); } return $retval; }
} } else { // this request doesn't make sense - ignore it $display = COM_refresh($_CONF['site_url']); } break; case 'setnewpwd': if (empty($_POST['passwd']) or $_POST['passwd'] != $_POST['passwd_conf']) { $display = COM_refresh($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . $_POST['uid'] . '&rid=' . $_POST['rid']); } else { $uid = COM_applyFilter($_POST['uid'], true); $reqid = COM_applyFilter($_POST['rid']); if (!empty($uid) && is_numeric($uid) && $uid > 0 && !empty($reqid) && strlen($reqid) == 16) { $valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $reqid)); if ($valid == 1) { $passwd = SEC_encryptPassword($_POST['passwd']); DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $uid); DB_delete($_TABLES['sessions'], 'uid', $uid); DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid); $display = COM_refresh($_CONF['site_url'] . '/users.php?msg=53'); } else { // request invalid or expired $display .= COM_siteHeader('menu', $LANG04[25]); $display .= COM_showMessage(54); $display .= getpasswordform(); $display .= COM_siteFooter(); } } else { // this request doesn't make sense - ignore it $display = COM_refresh($_CONF['site_url']); }
/** * Saves the user's information back to the database * * @A array User's data * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = " . (int) $_USER['uid']); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', (int) $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (isset($_POST['merge'])) { if (COM_applyFilter($_POST['remoteuid'], true) != $_USER['uid']) { echo COM_refresh($_CONF['site_url'] . '/usersettings.php?mode=edit'); } USER_mergeAccounts(); } // If not set or possibly removed from template - initialize variable if (!isset($A['cooktime'])) { $A['cooktime'] = 0; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $account_type = DB_getItem($_TABLES['users'], 'account_type', "uid = {$_USER['uid']}"); $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}"); if ($service == '') { $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}"); if (!empty($A['newp']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { if (empty($A['passwd']) || !SEC_check_hash($A['passwd'], $current_password)) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret)) { $ret['number'] = 97; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message hander - if not numeric use default message // - if not numeric use default message if (!is_numeric($ret)) { $ret = 97; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret}"); } } } // Let plugins have a chance to decide what to do before saving the user, return errors. $msg = PLG_itemPreSave('useredit', $A['username']); if (!empty($msg)) { // need a numeric return value - otherwise use default message if (!is_numeric($msg)) { $msg = 97; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$msg}"); } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = $A['new_username']; if (!empty($A['new_username']) && USER_validateUsername($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = DB_escapeString($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = " . (int) $_USER['uid']); if (!empty($photo) && strstr($photo, $_USER['username']) !== false) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $_USER['uid'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; @rename($imgpath . $photo, $imgpath . $newphoto); DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", (int) $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", (int) $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>'; // this is a hack, for some reason remoteservice links made SPAMX SLV check barf if (empty($service)) { $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br />'; } $profile .= $A['location'] . '<br />' . $A['sig'] . '<br />' . $A['about'] . '<br />' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = COM_truncate(trim(USER_sanitizeName($A['fullname'])), 80); $A['location'] = strip_tags($A['location']); $A['sig'] = strip_tags($A['sig']); $A['about'] = strip_tags($A['about']); $A['pgpkey'] = strip_tags($A['pgpkey']); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { if ($service == '') { if (!empty($A['newp'])) { $A['newp'] = trim($A['newp']); $A['newp_conf'] = trim($A['newp_conf']); if ($A['newp'] == $A['newp_conf'] && SEC_check_hash($A['passwd'], $current_password)) { $passwd = SEC_encryptPassword($A['newp']); DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", (int) $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; $token_ttl = $A['cooktime']; } else { $cooktime = 0; $token_ttl = 14400; } $ltToken = SEC_createTokenGeneral('ltc', $token_ttl); SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime); } elseif (!SEC_check_hash($A['passwd'], $current_password)) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['newp'] != $A['newp_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } } else { // Cookie if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = 0; } $ltToken = SEC_createTokenGeneral('ltc', $cooktime); SEC_setCookie($_CONF['cookie_password'], $ltToken, time() + $cooktime); } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cookie_timeout = 0; $token_ttl = 14400; } else { $cookie_timeout = time() + $A['cooktime']; $token_ttl = $A['cooktime']; } SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); DB_query("DELETE FROM {$_TABLES['tokens']} WHERE owner_id=" . (int) $_USER['uid'] . " AND urlfor='ltc'"); if ($cookie_timeout > 0) { $ltToken = SEC_createTokenGeneral('ltc', $token_ttl); SEC_setCookie($_CONF['cookie_password'], $ltToken, $cookie_timeout, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } else { SEC_setCookie($_CONF['cookie_password'], '', -10000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = DB_escapeString($A['homepage']); } $A['fullname'] = DB_escapeString($A['fullname']); $A['email'] = DB_escapeString($A['email']); $A['location'] = DB_escapeString($A['location']); $A['sig'] = DB_escapeString($A['sig']); $A['about'] = DB_escapeString($A['about']); $A['pgpkey'] = DB_escapeString($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout=" . (int) $A['cooktime'] . ",photo='" . DB_escapeString($filename) . "' WHERE uid=" . (int) $_USER['uid']); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid=" . (int) $_USER['uid']); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged((int) $_USER['uid']); // at this point, the user information has been saved, but now we're going to check to see if // the user has requested resynchronization with their remoteservice account $msg = 5; // default msg = Your account information has been successfully saved if (isset($A['resynch'])) { if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) { $modules = SEC_collectRemoteOAuthModules(); $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules); if (!$active_service) { $status = -1; $msg = 115; // Remote service has been disabled. } else { require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; $service = substr($_USER['remoteservice'], 6); $consumer = new OAuthConsumer($service); $callback_url = $_CONF['site_url']; $consumer->setRedirectURL($callback_url); $user = $consumer->authenticate_user(); $consumer->doSynch($user); } } if ($msg != 5) { $msg = 114; // Account saved but re-synch failed. COM_errorLog($MESSAGE[$msg]); } } PLG_profileExtrasSave(); PLG_profileSave(); if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg); } } } }
SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); PLG_loginUser($_USER['uid']); // Now that we handled session cookies, handle longterm cookie if (!isset($_COOKIE[$_CONF['cookie_name']]) || !isset($_COOKIE['password'])) { // Either their cookie expired or they are new $cooktime = COM_getUserCookieTimeout(); if ($VERBOSE) { COM_errorLog("Trying to set permanent cookie with time of {$cooktime}", 1); } if ($cooktime > 0) { // They want their cookie to persist for some amount of time so set it now if ($VERBOSE) { COM_errorLog('Trying to set permanent cookie', 1); } SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime); SEC_setCookie($_CONF['cookie_password'], SEC_encryptPassword($passwd), time() + $cooktime); } } else { $userid = $_COOKIE[$_CONF['cookie_name']]; if (empty($userid) || $userid == 'deleted') { unset($userid); } else { $userid = COM_applyFilter($userid, true); if ($userid > 1) { if ($VERBOSE) { COM_errorLog('NOW trying to set permanent cookie', 1); COM_errorLog('Got ' . $userid . ' from perm cookie in users.php', 1); } // Create new session $userdata = SESS_getUserDataFromId($userid); $_USER = $userdata;
/** * Update User Password * Updates the users password for current hash algorithm and stretch site settings. * If not password is specified, a random password will be generated. * * @param string $password Password to encrypt * @param int $uid User id to update * @return int 0 for success, non-zero indicates error. */ function SEC_updateUserPassword(&$password = '', $uid = '') { global $_TABLES, $_CONF, $_USER; // if no password is specified, generate a random one if (empty($password)) { $password = SEC_generateRandomPassword(); } // if $uid is empty, assume current user if (empty($uid)) { $uid = $_USER['uid']; } // validate $uid nonempty and valid user (anonymous, uid = 1, not valid) if (empty($uid) || $uid < 1) { return -1; } // update the database with the new password using algorithm and stretch from $_CONF $salt = SEC_generateSalt(); $newhash = SEC_encryptPassword($password, $salt, $_CONF['pass_alg'], $_CONF['pass_stretch']); $query = 'UPDATE ' . $_TABLES['users'] . " SET passwd = '{$newhash}', " . "salt = '{$salt}', algorithm ='" . $_CONF['pass_alg'] . "', " . 'stretch = ' . $_CONF['pass_stretch'] . " WHERE uid = {$uid}"; DB_query($query); // return success return 0; }
/** * Create a new password and send it to the user * * @param string $username user's login name * @param string $useremail user's email address * @param int $uid user id of user * @param string $passwd user's password (optional) * @return bool true = success, false = an error occured * */ function USER_createAndSendPassword($username, $useremail, $uid, $passwd = '') { global $_CONF, $_SYSTEM, $_TABLES, $LANG04; if (!isset($_SYSTEM['verification_token_ttl'])) { $_SYSTEM['verification_token_ttl'] = 86400; } $activation_link = ''; $uid = (int) $uid; $storedPassword = DB_getItem($_TABLES['users'], 'passwd', 'uid=' . $uid); $userStatus = DB_getItem($_TABLES['users'], 'status', 'uid=' . $uid); if ($passwd == '' && substr($storedPassword, 0, 4) == '$H$9') { // no need to update password } else { if ($passwd == '') { $passwd = USER_createPassword(8); } $passwd2 = SEC_encryptPassword($passwd); DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid); } if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) { $template = new Template($_CONF['path_data']); $template->set_file(array('mail' => 'welcome_email.txt')); $template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}"); $template->set_var('site_url', $_CONF['site_url']); $template->set_var('site_name', $_CONF['site_name']); $template->set_var('site_slogan', $_CONF['site_slogan']); $template->set_var('lang_text1', $LANG04[15]); $template->set_var('lang_text2', $LANG04[14]); $template->set_var('lang_username', $LANG04[2]); $template->set_var('lang_password', $LANG04[4]); $template->set_var('username', $username); $template->set_var('password', $passwd); $template->set_var('name', COM_getDisplayName($uid)); $template->parse('output', 'mail'); $mailtext = $template->get_var('output'); } else { if ($userStatus == USER_ACCOUNT_AWAITING_VERIFICATION) { $verification_id = USER_createActivationToken($uid, $username); $activation_link = $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid; $mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n"; $mailtext .= $LANG04[170] . "\n\n"; $mailtext .= "----------------------------\n"; $mailtext .= $LANG04[2] . ': ' . $username . "\n"; $mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n"; $mailtext .= "----------------------------\n\n"; $mailtext .= sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600) . "\n\n"; $mailtext .= $activation_link . "\n\n"; $mailtext .= $LANG04[173] . "\n\n"; $mailtext .= $LANG04[174] . "\n\n"; $mailtext .= "--\n"; $mailtext .= $_CONF['site_name'] . "\n"; $mailtext .= $_CONF['site_url'] . "\n"; } else { $mailtext = $LANG04[168] . $_CONF['site_name'] . ".\n\n"; $mailtext .= $LANG04[170] . "\n\n"; $mailtext .= "----------------------------\n"; $mailtext .= $LANG04[2] . ': ' . $username . "\n"; if ($passwd != '') { $mailtext .= $LANG04[4] . ": {$passwd}\n"; } $mailtext .= $LANG04[171] . ': ' . $_CONF['site_url'] . "\n"; $mailtext .= "----------------------------\n\n"; $mailtext .= $LANG04[14] . "\n\n"; $mailtext .= "--\n"; $mailtext .= $_CONF['site_name'] . "\n"; $mailtext .= $_CONF['site_url'] . "\n"; } } $subject = $_CONF['site_name'] . ': ' . $LANG04[16]; if ($_CONF['site_mail'] !== $_CONF['noreply_mail']) { $mailfrom = $_CONF['noreply_mail']; global $LANG_LOGIN; $mailtext .= LB . LB . $LANG04[159]; } else { $mailfrom = $_CONF['site_mail']; } $to = array(); $from = array(); $from = COM_formatEmailAddress($_CONF['site_name'], $mailfrom); $to = COM_formatEmailAddress($username, $useremail); $subject = COM_undoSpecialChars(strip_tags($subject)); return COM_mail($to, $subject, $mailtext, $from, false); }
/** * Saves user to the database * * @param int $uid user id * @param string $usernmae (short) user name * @param string $fullname user's full name * @param string $email user's email address * @param string $regdate date the user registered with the site * @param string $homepage user's homepage URL * @param array $groups groups the user belongs to * @param string $delete_photo delete user's photo if == 'on' * @return string HTML redirect or error message * */ function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3) { global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE; $retval = ''; $userChanged = false; if ($_USER_VERBOSE) { COM_errorLog("**** entering saveusers****", 1); } if ($_USER_VERBOSE) { COM_errorLog("group size at beginning = " . count($groups), 1); } if ($passwd != $passwd_conf) { // passwords don't match return edituser($uid, 67); } $nameAndEmailOkay = true; if (empty($username)) { $nameAndEmailOkay = false; } elseif (empty($email)) { if (empty($uid)) { $nameAndEmailOkay = false; // new users need an email address } else { $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}"); if (empty($service)) { $nameAndEmailOkay = false; // not a remote user - needs email } } } if ($nameAndEmailOkay) { if (!empty($email) && !COM_isEmail($email)) { return edituser($uid, 52); } $uname = addslashes($username); if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'"); } else { $uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}"); if ($uservice != '') { $uservice = addslashes($uservice); $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'"); } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)"); } } if ($ucount > 0) { // Admin just changed a user's username to one that already exists return edituser($uid, 51); } $emailaddr = addslashes($email); $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')"; if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote); } else { $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'"); if ($old_email == $email) { // email address didn't change so don't care $ucount = 0; } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote); } } if ($ucount > 0) { // Admin just changed a user's email to one that already exists return edituser($uid, 56); } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // need a numeric return value - otherwise use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return edituser($uid, $ret['number']); } } if (empty($uid) || !empty($passwd)) { $passwd = SEC_encryptPassword($passwd); } else { $passwd = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}"); } if (empty($uid)) { if (empty($passwd)) { // no password? create one ... $passwd = rand(); $passwd = md5($passwd); $passwd = substr($passwd, 1, 8); $passwd = SEC_encryptPassword($passwd); } $uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage); if ($uid > 1) { DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}"); } } else { $fullname = addslashes($fullname); $homepage = addslashes($homepage); $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}"); if (!empty($curphoto) && $delete_photo == 'on') { USER_deletePhoto($curphoto); $curphoto = ''; } if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) { $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}"); if ($curusername != $username) { // user has been renamed - rename the photo, too $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG28[22]); $display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } $curphoto = $newphoto; } } $curphoto = addslashes($curphoto); DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', passwd = '{$passwd}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}"); if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($uid); } if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) { USER_createAndSendPassword($username, $email, $uid); } if ($userstatus == USER_ACCOUNT_DISABLED) { SESS_endUserSession($uid); } $userChanged = true; } // check that the user is allowed to change group assignments if (is_array($groups) && SEC_hasRights('group.assign')) { if (!SEC_inGroup('Root')) { $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); if (in_array($rootgrp, $groups)) { COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } } // make sure the Remote Users group is in $groups if (SEC_inGroup('Remote Users', $uid)) { $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); if (!in_array($remUsers, $groups)) { $groups[] = $remUsers; } } if ($_USER_VERBOSE) { COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1); } // remove user from all groups that the User Admin is a member of $UserAdminGroups = SEC_getUserGroups(); $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup); // make sure to add user to All Users and Logged-in Users groups $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'"); if (!in_array($allUsers, $groups)) { $groups[] = $allUsers; } $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'"); if (!in_array($logUsers, $groups)) { $groups[] = $logUsers; } foreach ($groups as $userGroup) { if (in_array($userGroup, $UserAdminGroups)) { if ($_USER_VERBOSE) { COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})"; DB_query($sql); } } } if ($userChanged) { PLG_userInfoChanged($uid); } $errors = DB_error(); if (empty($errors)) { echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21); } else { $retval .= COM_siteHeader('menu', $LANG28[22]); $retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php'); $retval .= COM_siteFooter(); echo $retval; exit; } } else { $retval = COM_siteHeader('menu', $LANG28[1]); $retval .= COM_showMessageText($LANG28[10]); if (DB_count($_TABLES['users'], 'uid', $uid) > 0) { $retval .= edituser($uid); } else { $retval .= edituser(); } $retval .= COM_siteFooter(); COM_output($retval); exit; } if ($_USER_VERBOSE) { COM_errorLog("***************leaving saveusers*****************", 1); } return $retval; }
/** * Create a new password and set in DB if User Id supplied * * @param int $uid id of the user * @return array ['normal'] = human readable password, ['encrypted'] = encrypted password * */ function USER_createPassword($uid = 0) { global $_TABLES; $passwd['normal'] = rand(); $passwd['normal'] = md5($passwd['normal']); $passwd['normal'] = substr($passwd['normal'], 1, 8); $passwd['encrypted'] = SEC_encryptPassword($passwd['normal']); if ($uid > 1) { DB_change($_TABLES['users'], 'passwd', $passwd['encrypted'], 'uid', $uid); } return $passwd; }
/** * Create a new password and send it to the user * * @param string $username user's login name * @param string $useremail user's email address * @param int $uid user id of user * @param string $passwd user's password (optional) * @return bool true = success, false = an error occured * */ function USER_createAndSendPassword($username, $useremail, $uid, $passwd = '') { global $_CONF, $_SYSTEM, $_TABLES, $LANG04; if (!isset($_SYSTEM['verification_token_ttl'])) { $_SYSTEM['verification_token_ttl'] = 86400; } $activation_link = ''; $uid = (int) $uid; $storedPassword = DB_getItem($_TABLES['users'], 'passwd', 'uid=' . $uid); $userStatus = DB_getItem($_TABLES['users'], 'status', 'uid=' . $uid); if ($passwd == '' && substr($storedPassword, 0, 4) == '$H$9') { // no need to update password } else { if ($passwd == '') { $passwd = USER_createPassword(8); } $passwd2 = SEC_encryptPassword($passwd); DB_change($_TABLES['users'], 'passwd', "{$passwd2}", 'uid', $uid); } if (file_exists($_CONF['path_data'] . 'welcome_email.txt')) { $template = new Template($_CONF['path_data']); $template->set_file(array('mail' => 'welcome_email.txt')); $template->set_var('auth_info', "{$LANG04['2']}: {$username}\n{$LANG04['4']}: {$passwd}"); $template->set_var('site_url', $_CONF['site_url']); $template->set_var('site_name', $_CONF['site_name']); $template->set_var('site_slogan', $_CONF['site_slogan']); $template->set_var('lang_text1', $LANG04[15]); $template->set_var('lang_text2', $LANG04[14]); $template->set_var('lang_username', $LANG04[2]); $template->set_var('lang_password', $LANG04[4]); $template->set_var('username', $username); $template->set_var('password', $passwd); $template->set_var('name', COM_getDisplayName($uid)); $template->parse('output', 'mail'); $mailtext = $template->get_var('output'); } else { $T = new Template($_CONF['path_layout'] . 'email/'); $T->set_file(array('html_msg' => 'newuser_template_html.thtml', 'text_msg' => 'newuser_template_text.thtml')); if ($userStatus == USER_ACCOUNT_AWAITING_VERIFICATION) { $verification_id = USER_createActivationToken($uid, $username); $T->set_var(array('url' => $_CONF['site_url'] . '/users.php?mode=verify&vid=' . $verification_id . '&u=' . $uid, 'lang_site_or_password' => $LANG04[171], 'site_link_url' => $_CONF['site_url'], 'lang_activation' => sprintf($LANG04[172], $_SYSTEM['verification_token_ttl'] / 3600), 'lang_button_text' => $LANG04[203])); } else { $T->set_var(array('url' => $_CONF['site_url'] . '/usersettings.php', 'lang_site_or_password' => $LANG04[4], 'site_link_url' => '', 'lang_activation' => $LANG04[14], 'lang_button_text' => 'Change Password', 'passwd' => $passwd)); } $T->set_var(array('title' => $_CONF['site_name'] . ': ' . $LANG04[16], 'site_name' => $_CONF['site_name'], 'username' => $username)); $T->parse('output', 'html_msg'); $mailhtml = $T->finish($T->get_var('output')); $T->parse('output', 'text_msg'); $mailtext = $T->finish($T->get_var('output')); } $msgData['htmlmessage'] = $mailhtml; $msgData['textmessage'] = $mailtext; $msgData['subject'] = $_CONF['site_name'] . ': ' . $LANG04[16]; $to = array(); $from = array(); $from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['noreply_mail']); $to = COM_formatEmailAddress('', $useremail); // $msgData['from']['name'] = $_CONF['site_name']; // $msgData['from']['email'] = $_CONF['noreply_mail']; // $msgData['to']['email'] = $useremail; // $msgData['to']['name'] = $username; // return COM_emailNotification($msgData); return COM_mail($to, $msgData['subject'], $msgData['htmlmessage'], $from, true, 0, '', $msgData['textmessage']); }
function encryptPassword($password) { global $_TABLES; $version = preg_replace('/[^0-9.]/', '', VERSION); if (version_compare($version, '2.0.0', '<')) { $retval = SEC_encryptPassword($password); } else { $salt = DB_getItem($_TABLES['users'], 'salt', "uid = 2"); $algorithm = DB_getItem($_TABLES['conf_values'], 'value', "name = 'pass_alg'"); $stretch = DB_getItem($_TABLES['conf_values'], 'value', "name = 'pass_stretch'"); $algorithm = unserialize($algorithm); $stretch = unserialize($stretch); $retval = SEC_encryptPassword($password, $salt, $algorithm, $stretch); } return $retval; }
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}"); if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = addslashes($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG04[21]); $display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) { $passwd = SEC_encryptPassword($A['passwd']); DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = addslashes($A['homepage']); } $A['fullname'] = addslashes($A['fullname']); $A['email'] = addslashes($A['email']); $A['location'] = addslashes($A['location']); $A['sig'] = addslashes($A['sig']); $A['about'] = addslashes($A['about']); $A['pgpkey'] = addslashes($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5'); } } } }
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}"); if ($service == '') { $current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}"); if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } else { if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { // re athenticate remote user again for these changes to take place // Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = addslashes($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_siteHeader('menu', $LANG04[21]); $display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display .= COM_siteFooter(); return $display; } DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>'; // this is a hack, for some reason remoteservice links made SPAMX SLV check barf if (empty($service)) { $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>'; } $profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { $passwd = ''; if ($service == '') { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) { $passwd = SEC_encryptPassword($A['passwd']); DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } } else { // Cookie if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = addslashes($A['homepage']); } $A['fullname'] = addslashes($A['fullname']); $A['email'] = addslashes($A['email']); $A['location'] = addslashes($A['location']); $A['sig'] = addslashes($A['sig']); $A['about'] = addslashes($A['about']); $A['pgpkey'] = addslashes($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); $msg = 5; // Re Sync data if needed if (isset($A['resynch'])) { if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) { $modules = SEC_collectRemoteOAuthModules(); $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules); if (!$active_service) { $status = -1; $msg = 115; // Remote service has been disabled. } else { $query[] = ''; $callback_url = $_CONF['site_url'] . '/usersettings.php?mode=synch&oauth_login='******'oauth.facebook') { // facebook does resynch during refresh return COM_refresh($callback_url); } else { // all other services use reauth/callback method // send request to OAuth Service for user information require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; $consumer = new OAuthConsumer($service); $url = $consumer->find_identity_info($callback_url, $query); if (empty($url)) { $msg = 110; // Can not get URL for authentication.' } else { header('Location: ' . $url); exit; } } } } if ($msg != 5) { $msg = 114; // Account saved but re-synch failed. } } if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg); } } } }
/** * Check for accounts that still use the default password * * NOTE: If one of our users is also using "password" as their password, this * test will also detect that, as it checks all accounts. * * @return string text explaining the result of the test * */ function checkDefaultPassword() { global $_TABLES, $LANG_SECTEST, $failed_tests; $retval = ''; // check to see if any account still has 'password' as its password. $pwdRoot = 0; $pwdUser = 0; $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE passwd='" . SEC_encryptPassword('password') . "'"); $numPwd = DB_numRows($result); if ($numPwd > 0) { for ($i = 0; $i < $numPwd; $i++) { list($uid) = DB_fetchArray($result); if (SEC_inGroup('Root', $uid)) { $pwdRoot++; } else { $pwdUser++; } } } if ($pwdRoot > 0) { $retval .= '<li>' . sprintf($LANG_SECTEST['fix_password'], $pwdRoot) . '</li>'; $failed_tests++; } else { $retval .= '<li>' . $LANG_SECTEST['password_okay'] . '</li>'; } return $retval; }
/** * Create a new user * Also calls the custom user registration (if enabled) and plugin functions. * NOTE: Does NOT send out password emails. * * @param string $username username (mandatory) * @param string $email user's email address (mandatory) * @param string $passwd password (optional, see above) * @param string $fullname user's full name (optional) * @param string $homepage user's home page (optional) * @param string $remoteUserName * @param string $service * @param boolean $batchImport set to true when called from importuser() in admin/users.php (optional) * @return int new user's ID */ function USER_createAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteUserName = '', $service = '', $batchImport = false) { global $_CONF, $_TABLES; $queueUser = false; $username = DB_escapeString($username); $email = DB_escapeString($email); $regdate = strftime('%Y-%m-%d %H:%M:%S', time()); $fields = 'username,email,regdate,cookietimeout'; $values = "'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'"; if (!empty($passwd)) { // Since no uid exists yet we can't use SEC_updateUserPassword and must handle things manually $salt = SEC_generateSalt(); $passwd = SEC_encryptPassword($passwd, $salt, $_CONF['pass_alg'], $_CONF['pass_stretch']); $fields .= ',passwd,salt,algorithm,stretch'; $values .= ",'{$passwd}','{$salt}','" . $_CONF['pass_alg'] . "','" . $_CONF['pass_stretch'] . "'"; } if (!empty($fullname)) { $fullname = DB_escapeString($fullname); $fields .= ',fullname'; $values .= ",'{$fullname}'"; } if (!empty($homepage)) { $homepage = DB_escapeString($homepage); $fields .= ',homepage'; $values .= ",'{$homepage}'"; } if ($_CONF['usersubmission'] == 1 && !SEC_hasRights('user.edit')) { $queueUser = true; if (!empty($_CONF['allow_domains'])) { if (USER_emailMatches($email, $_CONF['allow_domains'])) { $queueUser = false; } } if ($queueUser) { $fields .= ',status'; $values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL; } } else { if (!empty($remoteUserName)) { $fields .= ',remoteusername'; $values .= ",'{$remoteUserName}'"; } if (!empty($service)) { $fields .= ',remoteservice'; $values .= ",'{$service}'"; } } DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})"); // Get the uid of the user, possibly given a service: if ($remoteUserName != '') { $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '******' AND remoteservice='{$service}'"); } else { $uid = DB_getItem($_TABLES['users'], 'uid', "username = '******' AND remoteservice IS NULL"); } // Add user to Logged-in group (i.e. members) and the All Users group $normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'"); $all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$normal_grp}, {$uid})"); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$all_grp}, {$uid})"); // any default groups? $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_default = 1"); $num_groups = DB_numRows($result); for ($i = 0; $i < $num_groups; $i++) { list($def_grp) = DB_fetchArray($result); DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$def_grp}, {$uid})"); } DB_query("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ({$uid})"); if ($_CONF['emailstoriesperdefault'] == 1) { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')"); } else { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')"); } DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentorder,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_order']}','{$_CONF['comment_limit']}')"); DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})"); // call custom registration function and plugins if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) { CUSTOM_userCreate($uid, $batchImport); } PLG_createUser($uid); // Notify the admin? if (isset($_CONF['notification']) && in_array('user', $_CONF['notification'])) { $mode = $queueUser ? 'inactive' : 'active'; $username = COM_getDisplayName($uid, $username, $fullname, $remoteUserName, $service); USER_sendNotification($username, $email, $uid, $mode); } return $uid; }
function _userSetnewpwd() { global $_CONF, $_TABLES, $_USER, $LANG04; $retval = ''; if (empty($_POST['passwd']) || $_POST['passwd'] != $_POST['passwd_conf']) { echo COM_refresh($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . COM_applyFilter($_POST['uid'], true) . '&rid=' . COM_applyFilter($_POST['rid'])); } else { $uid = COM_applyFilter($_POST['uid'], true); $reqid = COM_sanitizeID(COM_applyFilter($_POST['rid'])); if (!empty($uid) && is_numeric($uid) && $uid > 1 && !empty($reqid) && strlen($reqid) == 16) { $uid = (int) $uid; $safereqid = DB_escapeString($reqid); $valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $safereqid)); if ($valid == 1) { $passwd = SEC_encryptPassword($_POST['passwd']); DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", $uid); DB_delete($_TABLES['sessions'], 'uid', $uid); DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid); echo COM_refresh($_CONF['site_url'] . '/users.php?msg=53'); } else { // request invalid or expired $retval .= COM_showMessage(54, '', '', 1, 'error'); $retval .= getpasswordform(); } } else { // this request doesn't make sense - ignore it echo COM_refresh($_CONF['site_url']); } } }
function fnccreateAccount($username, $email, $passwd = '', $fullname = '', $homepage = '', $uid = "") { global $_CONF, $_TABLES; $batchimport = true; //一括処理 $ret = true; $username = addslashes($username); $email = addslashes($email); $fullname = addslashes($fullname); $homepage = addslashes($homepage); //UIDを取得する if ($uid == 0) { $w = DB_getItem($_TABLES['users'], "max(uid)", "1=1"); if ($w == "") { $w = 0; } $uid = $w + 1; } $regdate = strftime('%Y-%m-%d %H:%M:%S', time()); $fields = 'uid,username,email,regdate,cookietimeout'; $values = "{$uid},'{$username}','{$email}','{$regdate}','{$_CONF['default_perm_cookie_timeout']}'"; //パスワードを更新する if (!empty($passwd)) { $passwd = addslashes($passwd); $fields .= ',passwd'; $values .= ",'{$passwd}'"; } else { srand((double) microtime() * 1000000); //擬似乱数の発生系列を変更する $passwd1 = rand(); $passwd1 = md5($passwd1); $passwd1 = substr($passwd1, 1, 8); $passwd2 = SEC_encryptPassword($passwd1); $fields .= ',passwd'; $values .= ",'{$passwd2}'"; } //フルネーム if (!empty($fullname)) { $fullname = addslashes($fullname); $fields .= ',fullname'; $values .= ",'{$fullname}'"; } //ホームページ if (!empty($homepage)) { $homepage = addslashes($homepage); $fields .= ',homepage'; $values .= ",'{$homepage}'"; } // DB users 追加 DB_query("INSERT INTO {$_TABLES['users']} ({$fields}) VALUES ({$values})"); // Add user to Logged-in group (i.e. members) and the All Users group $normal_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='Logged-in Users'"); $all_grp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='All Users'"); DB_query("INSERT INTO {$_TABLES['group_assignments']}\n (ug_main_grp_id,ug_uid) VALUES ({$normal_grp}, {$uid})"); DB_query("INSERT INTO {$_TABLES['group_assignments']}\n (ug_main_grp_id,ug_uid) VALUES ({$all_grp}, {$uid})"); // DB userprefs 追加 DB_query("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ({$uid})"); // デイリーダイジェスト 新規ユーザのデフォルトにより更新 if ($_CONF['emailstoriesperdefault'] == 1) { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid},'')"); } else { DB_query("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ({$uid}, '-')"); } //DB usercomment 追加 DB_query("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentlimit) VALUES ({$uid},'{$_CONF['comment_mode']}','{$_CONF['comment_limit']}')"); //DB userinfo 追加 DB_query("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ({$uid})"); // call custom registration function and plugins if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCreate')) { CUSTOM_userCreate($uid, $batchimport); } PLG_createUser($uid); return $ret; }