/** * Store the new user and display all users again */ function new_user_save() { global $Pivot_Vars, $Cfg, $Users; // check against unauthorised direct access. check_csrf(); $userfields = get_userfields(1); if (CheckInput($Pivot_Vars['username'], 2, 0) == 1) { $userfields[0][2] = lang('userinfo', 'username_too_short'); $Piverr++; } elseif (CheckInput($Pivot_Vars['username'], 2, 0) == 0) { $userfields[0][2] = lang('userinfo', 'username_not_valid'); $Piverr++; } if (isset($Users[$Pivot_Vars['username']])) { $userfields[0][2] = lang('userinfo', 'username_in_use'); $Piverr++; } if (ltrim(rtrim(strtolower($Pivot_Vars['pass1']))) != ltrim(rtrim(strtolower($Pivot_Vars['pass2'])))) { $userfields[2][2] = lang('userinfo', 'pass_dont_match'); $Piverr++; } if (CheckInput($Pivot_Vars['pass1'], 4, 0) == 1) { $userfields[1][2] = lang('userinfo', 'pass_too_short'); $Piverr++; } if ($Piverr > 0) { $userfields[0][4] = $Pivot_Vars['username']; $userfields[3][6] = $Pivot_Vars['userlevel']; new_user(1, $userfields); } else { if ($Pivot_Vars['userlevel'] == 3 && $Pivot_Vars['confirmed'] != 1) { $vars = array('username', $Pivot_Vars['username'], 'pass1', $Pivot_Vars['pass1'], 'pass2', $Pivot_Vars['pass2'], 'email', $Pivot_Vars['email'], 'userlevel', $Pivot_Vars['userlevel']); ConfirmPage(lang('userinfo', 'c_admin_title'), $vars, sprintf(lang('userinfo', 'c_admin_message'), $Pivot_Vars['username'])); } elseif ($Pivot_Vars['userlevel'] < 3 || $Pivot_Vars['confirmed'] == 1) { $Users[$Pivot_Vars['username']]['pass'] = md5($Pivot_Vars['pass1']); $Users[$Pivot_Vars['username']]['email'] = $Pivot_Vars['email']; $Users[$Pivot_Vars['username']]['userlevel'] = $Pivot_Vars['userlevel']; $Users[$Pivot_Vars['username']]['language'] = $Pivot_Vars['language']; $Users[$Pivot_Vars['username']]['wysiwyg'] = $Pivot_Vars['wysiwyg']; $Users[$Pivot_Vars['username']]['username'] = $Pivot_Vars['username']; $Users[$Pivot_Vars['username']]['nick'] = $Pivot_Vars['username']; $Users[$Pivot_Vars['username']]['view'] = $Pivot_Vars['view']; $Cfg['users'] .= '|' . $Pivot_Vars['username']; // set the categories., $cats = cfg_cats(); foreach ($cats as $category) { $allowed_users = explode("|", $Cfg['cat-' . $category['name']]); if (isset($Pivot_Vars['allowed'][urlencode($category['name'])])) { // add the user (and ensure it's only added once) .. $allowed_users[] = $Pivot_Vars['username']; $allowed_users = array_unique($allowed_users); } else { // remove the user (in case the same name have been used and // assigned to this category before) if (in_array($Pivot_Vars['username'], $allowed_users)) { foreach ($allowed_users as $key => $user) { if ($user == $Pivot_Vars['username']) { unset($allowed_users[$key]); } } } } $Cfg['cat-' . $category['name']] = implode("|", $allowed_users); } SaveSettings(); see_users(); } } }
/** * Saves the user settings. * * @param int $admin */ function libsave_change_user($admin = 0) { global $Pivot_Vars, $Users, $Cfg, $Paths; // Sanitize passed variables to prevent people from inserting characters that // could be interpreted as dividers. foreach ($Pivot_Vars as $key => $val) { $Pivot_Vars[$key] = preg_replace("/[!|\n]/i", "", $Pivot_Vars[$key]); } $userfields = get_userfields($admin); $ufields = GetUserFields(); if ($admin == 1) { $theuser = $Pivot_Vars['username']; } else { $theuser = $Pivot_Vars['user']; } if ($Pivot_Vars['delete_user'] == 1 && $Users[$Pivot_Vars['user']]['userlevel'] >= 3) { if ($Pivot_Vars['confirmed'] == 1) { //delete him from the config file, nothing else. $tmp_arr = explode("|", $Cfg['users']); foreach ($tmp_arr as $candidate) { if ($candidate != $Pivot_Vars['username']) { $tmp_arr2[] = $candidate; } } $Cfg['users'] = implode("|", $tmp_arr2); unset($Users[$Pivot_Vars['username']]); unset($Cfg['user-' . $Pivot_Vars['username']]); see_users(); } else { $vars = array('username', $Pivot_Vars['username'], 'delete_user', 1); ConfirmPage(lang('ufield_main', 'del_title'), $vars, sprintf(lang('config', 'delete_user_confirm'), $Pivot_Vars['username'])); } } else { foreach ($ufields as $keyname => $intarr) { // Skipping fields that we aren't allowed to change if ($admin != 1 && $Users[$theuser]['userlevel'] < $ufields[$keyname]['minlevel']) { continue; } array_push($userfields, array($keyname, $ufields[$keyname]['disp'], '', $ufields[$keyname]['type'], $Users[$theuser][$keyname], $ufields[$keyname]['size'], $maxl)); if ($ufields[$keyname]['filter'] != '' && strlen($Pivot_Vars[$keyname]) > 0) { $tfunk = 'is' . $ufields[$keyname]['filter']; if (!$tfunk($Pivot_Vars[$keyname])) { $userfields[count($userfields) - 1][2] = 'hey, that input doesn\'t go along with the filter in place'; $Piverr++; } } } $arraycount = Count($userfields); if (strlen($Pivot_Vars['pass1']) + strlen($Pivot_Vars['pass2']) >= 1) { if (trim($Pivot_Vars['pass1']) != trim($Pivot_Vars['pass2'])) { $userfields[2][2] = lang('userinfo', 'pass_dont_match'); $Piverr++; } if (strlen($Pivot_Vars['pass1']) < 4) { $userfields[1][2] = lang('userinfo', 'pass_too_short'); $Piverr++; } if ($Pivot_Vars['pass1'] == $Pivot_Vars['username']) { $userfields[1][2] = lang('userinfo', 'pass_equal_name'); $Piverr++; } } if ($Piverr == 0) { // make sure the superadmin doesn't demote himsef/herself.. if ($Users[$theuser]['userlevel'] == 4) { $Pivot_Vars['userlevel'] = 4; } // get confirmation if user gets admin rights if ($Pivot_Vars['userlevel'] == 3 && $Users[$theuser]['userlevel'] < 3 && $Pivot_Vars['confirmed'] != 1) { $vars = array(); $arraycount = Count($userfields); for ($i = 0; $i < $arraycount; $i++) { array_push($vars, $userfields[$i][0], $Pivot_Vars[$userfields[$i][0]]); } ConfirmPage(lang('userinfo', 'c_admin_title'), $vars, sprintf(lang('userinfo', 'c_admin_message'), $theuser)); } else { //it's all good. if (strlen($Pivot_Vars['pass1']) >= 6) { $Users[$theuser]['pass'] = md5($Pivot_Vars['pass1']); if ($_COOKIE['mode'] == 'stayloggedin' && $Pivot_Vars['user'] == $theuser) { setcookie('pass', md5($Pivot_Vars['pass1']), time() + $Cfg['cookie_length'], $Paths['cookie_url']); } //change the session key too.. $Cfg['tempsessions'][$Pivot_Vars['session']][1] = md5($Pivot_Vars['pass1']); } for ($i = 0; $i < $arraycount; $i++) { if ($userfields[$i][0] != 'heading' && $userfields[$i][0] != 'pass1' && $userfields[$i][0] != 'pass2') { $Users[$theuser][$userfields[$i][0]] = $Pivot_Vars[$userfields[$i][0]]; } } // set the categories.. if ($Users[$Pivot_Vars['user']]['userlevel'] > 2) { foreach (explode("|", $Cfg['cats']) as $category) { $allowed_users = explode("|", $Cfg['cat-' . $category]); if (isset($Pivot_Vars['allowed'][urlencode($category)])) { // add the user.. if (!in_array($theuser, $allowed_users)) { $allowed_users[] = $theuser; } } else { // remove the user.. if (in_array($theuser, $allowed_users)) { foreach ($allowed_users as $key => $user) { if ($user == $theuser) { unset($allowed_users[$key]); } } } } $Cfg['cat-' . $category] = implode("|", $allowed_users); } } /** * Rather crude check to prevent corrupting the file: * if $Users[$theuser]['username'] is empty, we refuse to save. */ if ($Users[$theuser]['username'] != "") { debug("changes saved for " . $theuser); SaveSettings(); } else { // not right.. debug("Changes not saved.."); } //so we can reload the languages and such if ($admin == 1) { redirect('index.php?session=' . $Pivot_Vars['session'] . '&menu=admin&func=admin&do=seeusers'); die; } else { redirect('index.php?session=' . $Pivot_Vars['session'] . '&menu=userinfo&func=u_settings'); die; } } } else { //reshow the spage $Pivot_Vars['edituser'] = $Pivot_Vars['username']; //regroup the old settings. for ($i = 0; $i < $arraycount; $i++) { if ($userfields[$i][3] == 0) { $userfields[$i][4] = $Pivot_Vars[$userfields[$i][0]]; } elseif ($userfields[$i][3] == 3) { $userfields[$i][6] = $Pivot_Vars[$userfields[$i][0]]; } } } if ($Users[$theuser]['userlevel'] > 3) { //ARGHH!!!!!! $unf[0] = $userfields[4][6]; $unf[1] = 'disabled'; unset($userfields[4][6]); $userfields[4][6] = $unf; } if ($admin == 1) { change_user(1, $userfields); } else { u_settings_screen(1, $userfields); } } PutUserInfo(); }