function qa_log_in_external_user($source, $identifier, $fields)
{
if (qa_to_override(__FUNCTION__)) {
$args = func_get_args();
return qa_call_override(__FUNCTION__, $args);
}
require_once QA_INCLUDE_DIR . 'db/users.php';
$users = qa_db_user_login_find($source, $identifier);
$countusers = count($users);
if ($countusers > 1) {
qa_fatal_error('External login mapped to more than one user');
}
// should never happen
if ($countusers) {
// user exists so log them in
qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source);
} else {
// create and log in user
require_once QA_INCLUDE_DIR . 'app/users-edit.php';
qa_db_user_login_sync(true);
$users = qa_db_user_login_find($source, $identifier);
// check again after table is locked
if (count($users) == 1) {
qa_db_user_login_sync(false);
qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source);
} else {
$handle = qa_handle_make_valid(@$fields['handle']);
if (strlen(@$fields['email'])) {
// remove email address if it will cause a duplicate
$emailusers = qa_db_user_find_by_email($fields['email']);
if (count($emailusers)) {
qa_redirect('login', array('e' => $fields['email'], 'ee' => '1'));
unset($fields['email']);
unset($fields['confirmed']);
}
}
$userid = qa_create_new_user((string) @$fields['email'], null, $handle, isset($fields['level']) ? $fields['level'] : QA_USER_LEVEL_BASIC, @$fields['confirmed']);
qa_db_user_login_add($userid, $source, $identifier);
qa_db_user_login_sync(false);
$profilefields = array('name', 'location', 'website', 'about');
foreach ($profilefields as $fieldname) {
if (strlen(@$fields[$fieldname])) {
qa_db_user_profile_set($userid, $fieldname, $fields[$fieldname]);
}
}
if (strlen(@$fields['avatar'])) {
qa_set_user_avatar($userid, $fields['avatar']);
}
qa_set_logged_in_user($userid, $handle, false, $source);
}
}
}
} else {
$errors = array();
if ($haspassword && strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck'])) {
$errors['oldpassword'] = qa_lang('users/password_wrong');
}
$useraccount['password'] = $inoldpassword;
$errors = $errors + qa_password_validate($innewpassword1, $useraccount);
// array union
if ($innewpassword1 != $innewpassword2) {
$errors['newpassword2'] = qa_lang('users/password_mismatch');
}
if (empty($errors)) {
qa_db_user_set_password($userid, $innewpassword1);
qa_db_user_set($userid, 'sessioncode', '');
// stop old 'Remember me' style logins from still working
qa_set_logged_in_user($userid, $useraccount['handle'], false, $useraccount['sessionsource']);
// reinstate this specific session
qa_report_event('u_password', $userid, $useraccount['handle'], qa_cookie_get());
qa_redirect('account', array('state' => 'password-changed'));
}
}
}
// Prepare content for theme
$qa_content = qa_content_prepare();
$qa_content['title'] = qa_lang_html('profile/my_account_title');
$qa_content['error'] = @$errors['page'];
$qa_content['form_profile'] = array('tags' => 'enctype="multipart/form-data" method="post" action="' . qa_self_html() . '"', 'style' => 'wide', 'fields' => array('duration' => array('type' => 'static', 'label' => qa_lang_html('users/member_for'), 'value' => qa_time_to_string(qa_opt('db_time') - $useraccount['created'])), 'type' => array('type' => 'static', 'label' => qa_lang_html('users/member_type'), 'value' => qa_html(qa_user_level_string($useraccount['level'])), 'note' => $isblocked ? qa_lang_html('users/user_blocked') : null), 'handle' => array('label' => qa_lang_html('users/handle_label'), 'tags' => 'name="handle"', 'value' => qa_html(isset($inhandle) ? $inhandle : $useraccount['handle']), 'error' => qa_html(@$errors['handle']), 'type' => $changehandle && !$isblocked ? 'text' : 'static'), 'email' => array('label' => qa_lang_html('users/email_label'), 'tags' => 'name="email"', 'value' => qa_html(isset($inemail) ? $inemail : $useraccount['email']), 'error' => isset($errors['email']) ? qa_html($errors['email']) : ($doconfirms && !$isconfirmed ? qa_insert_login_links(qa_lang_html('users/email_please_confirm')) : null), 'type' => $isblocked ? 'static' : 'text'), 'messages' => array('label' => qa_lang_html('users/private_messages'), 'tags' => 'name="messages"', 'type' => 'checkbox', 'value' => !($useraccount['flags'] & QA_USER_FLAGS_NO_MESSAGES), 'note' => qa_lang_html('users/private_messages_explanation')), 'wall' => array('label' => qa_lang_html('users/wall_posts'), 'tags' => 'name="wall"', 'type' => 'checkbox', 'value' => !($useraccount['flags'] & QA_USER_FLAGS_NO_WALL_POSTS), 'note' => qa_lang_html('users/wall_posts_explanation')), 'mailings' => array('label' => qa_lang_html('users/mass_mailings'), 'tags' => 'name="mailings"', 'type' => 'checkbox', 'value' => !($useraccount['flags'] & QA_USER_FLAGS_NO_MAILINGS), 'note' => qa_lang_html('users/mass_mailings_explanation')), 'avatar' => null), 'buttons' => array('save' => array('tags' => 'onclick="qa_show_waiting_after(this, false);"', 'label' => qa_lang_html('users/save_profile'))), 'hidden' => array('dosaveprofile' => '1', 'code' => qa_get_form_security_code('account')));
if (qa_get_state() == 'profile-saved') {
$qa_content['form_profile']['ok'] = qa_lang_html('users/profile_saved');
}
if (!qa_opt('allow_private_messages')) {
$inremember = qa_post_text('remember');
$errors = array();
if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($inemailhandle);
} else {
$matchusers = qa_db_user_find_by_handle($inemailhandle);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
// login and redirect
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
qa_set_logged_in_user($inuserid, $userinfo['handle'], $inremember ? true : false);
$topath = qa_get('to');
if (isset($topath)) {
qa_redirect_raw(qa_path_to_root() . $topath);
} elseif ($passwordsent) {
qa_redirect('account');
} else {
qa_redirect('welcome');
}
} else {
$errors['password'] = qa_lang('users/password_wrong');
}
} else {
$errors['emailhandle'] = qa_lang('users/user_not_found');
}
} else {
function check_merge(&$useraccount, &$mylogins, $tolink)
{
global $qa_cached_logged_in_user, $qa_logged_in_userid_checked;
$userid = $findid = $useraccount['userid'];
$findemail = $useraccount['oemail'];
// considering this is an openid user, so use the openid email
if (empty($findemail)) {
$findemail = $useraccount['email'];
// fallback
}
if ($tolink) {
// user is logged in with $userid but wants to merge $findid
$findemail = null;
$findid = $tolink['userid'];
} else {
if (qa_get('confirm') == 2 || qa_post_text('confirm') == 2) {
// bogus confirm page, stop right here
qa_redirect('logins');
}
}
// find other un-linked accounts with the same email
$otherlogins = qa_db_user_login_find_other__open($findid, $findemail, $userid);
if (qa_clicked('domerge') && !empty($otherlogins)) {
// if cancel was requested, just redirect
if ($_POST['domerge'] == 0) {
$tourl = qa_post_text('to');
if (!empty($tourl)) {
qa_redirect($tourl);
} else {
qa_redirect($tolink ? 'logins' : '');
}
}
// a request to merge (link) multiple accounts was made
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
$recompute = false;
$email = null;
$baseid = $_POST["base{$_POST['domerge']}"];
// POST[base1] or POST[base2]
// see which account was selected, if any
if ($baseid != 0) {
// just in case
foreach ($otherlogins as $login) {
// see if this is the currently logged in account
$loginid = $login['details']['userid'];
$is_current = $loginid == $userid;
// see if this user was selected for merge
if (isset($_POST["user_{$loginid}"]) || $is_current) {
if ($baseid != $loginid) {
// this account should be deleted as it's different from the selected base id
if (!empty($login['logins'])) {
// update all associated logins
qa_db_user_login_sync(true);
qa_db_user_login_replace_userid__open($loginid, $baseid);
qa_db_user_login_sync(false);
}
// delete old user but keep the email
qa_delete_user($loginid);
$recompute = true;
if (empty($email)) {
$email = $login['details']['email'];
}
if (empty($email)) {
$email = $login['details']['oemail'];
}
}
}
}
}
// recompute the stats, if needed
if ($recompute) {
require_once QA_INCLUDE_DIR . 'qa-db-points.php';
qa_db_userpointscount_update();
// check if the current account has been deleted
if ($userid != $baseid) {
$oldsrc = $useraccount['sessionsource'];
qa_set_logged_in_user($baseid, $useraccount['handle'], false, $oldsrc);
$useraccount = qa_db_user_find_by_id__open($baseid);
$userid = $baseid;
// clear some cached data
qa_db_flush_pending_result('loggedinuser');
$qa_logged_in_userid_checked = false;
unset($qa_cached_logged_in_user);
}
// also check the email address on the remaining user account
if (empty($useraccount['email']) && !empty($email)) {
// update the account if the email address is not used anymore
$emailusers = qa_db_user_find_by_email($email);
if (count($emailusers) == 0) {
qa_db_user_set($userid, 'email', $email);
$useraccount['email'] = $email;
// to show on the page
}
}
}
$conf = qa_post_text('confirm');
$tourl = qa_post_text('to');
if ($conf) {
$tourl = qa_post_text('to');
if (!empty($tourl)) {
qa_redirect($tourl);
} else {
qa_redirect($tolink ? 'logins' : '');
}
}
// update the arrays
$otherlogins = qa_db_user_login_find_other__open($userid, $findemail);
$mylogins = qa_db_user_login_find_mine__open($userid);
}
// remove the current user id
unset($otherlogins[$userid]);
return $otherlogins;
}
Description: Controller for logout page (not much to do)
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
More about this license: http://www.question2answer.org/license.php
*/
if (!defined('QA_VERSION')) {
// don't allow this page to be requested directly from browser
header('Location: ../');
exit;
}
if (QA_FINAL_EXTERNAL_USERS) {
qa_fatal_error('User logout is handled by external code');
}
if (qa_is_logged_in()) {
qa_set_logged_in_user(null);
}
qa_redirect('');
// back to home page
/*
Omit PHP closing tag to help avoid accidental output
*/
function core_login($username, $password, $remember = false)
{
require_once QA_INCLUDE_DIR . 'qa-app-limits.php';
if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) {
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
require_once QA_INCLUDE_DIR . 'qa-db-selects.php';
$errors = array();
if (qa_opt('allow_login_email_only') || strpos($username, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($username);
} else {
$matchusers = qa_db_user_find_by_handle($username);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
if (strtolower(qa_db_calc_passcheck($password, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
// login
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
qa_set_logged_in_user($inuserid, $userinfo['handle'], $remember ? true : false);
return $userinfo;
} else {
$this->error = new IXR_Error(1512, qa_lang('users/password_wrong'));
}
} else {
$this->error = new IXR_Error(1512, qa_lang('users/user_not_found'));
}
} else {
$this->error = new IXR_Error(1512, qa_lang('users/login_limit'));
}
qa_limits_increment(null, QA_LIMIT_LOGINS);
// log on failure
return false;
}
qa_db_upgrade_query($query);
}
}
$success .= 'The ' . $modulename . ' ' . $moduletype . ' module has completed database initialization.';
}
if (qa_clicked('super')) {
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
$inemail = qa_post_text('email');
$inpassword = qa_post_text('password');
$inhandle = qa_post_text('handle');
$fielderrors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword));
if (empty($fielderrors)) {
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
$userid = qa_create_new_user($inemail, $inpassword, $inhandle, QA_USER_LEVEL_SUPER);
qa_set_logged_in_user($userid, $inhandle);
qa_set_option('feedback_email', $inemail);
$success .= "Congratulations - Your Question2Answer site is ready to go!\n\nYou are logged in as the super administrator and can start changing settings.\n\nThank you for installing Question2Answer.";
}
}
}
if (is_resource(qa_db_connection(false)) && !@$pass_failure_from_install) {
$check = qa_db_check_tables();
// see where the database is at
switch ($check) {
case 'none':
if (@$pass_failure_errno == 1146) {
// don't show error if we're in installation process
$errorhtml = '';
}
$errorhtml .= 'Welcome to Question2Answer. It\'s time to set up your database!';
qa_limits_increment(null, QA_LIMIT_LOGINS);
$errors = array();
if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) {
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_email($inemailhandle);
} else {
$matchusers = qa_db_user_find_by_handle($inemailhandle);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
// login and redirect
require_once QA_INCLUDE_DIR1 . 'app/users.php';
qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));
$topath = qa_get('to');
if (isset($topath)) {
qa_redirect_raw($root_url . $topath);
// path already provided as URL fragment
} elseif ($passwordsent) {
qa_redirect('account');
} else {
qa_redirect('');
}
} else {
$errors['password'] = qa_lang('users/password_wrong');
}
} else {
$errors['emailhandle'] = qa_lang('users/user_not_found');
}
// handles can't contain @ symbols
$matchusers = qa_db_user_find_by_handle($inemailhandle);
} else {
$matchusers = qa_db_user_find_by_email($inemailhandle);
}
if (count($matchusers) == 1) {
// if matches more than one (should be impossible), don't log in
$inuserid = $matchusers[0];
$userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
// verify user is registered for the category / course
if (mp_db_users_verify_permission($userinfo['userid'], $incategory) != 0) {
// user is allowed to access the category, now check password
if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) {
// login and redirect
require_once QA_INCLUDE_DIR . 'qa-app-users.php';
qa_set_logged_in_user($inuserid, $userinfo['handle'], $inremember ? true : false, null, $incategory);
$topath = qa_get('to');
if (isset($topath)) {
qa_redirect_raw($qa_root_url_relative . $topath);
} elseif ($passwordsent) {
qa_redirect('account');
} else {
qa_redirect('');
}
} else {
$errors['password'] = qa_lang('users/password_wrong');
}
} else {
$errors['category'] = 'Your userid is not registered for this category';
}
} else {
require_once QA_INCLUDE_DIR . 'mp-db-users.php';
$inemail = qa_post_text('email');
$inpassword = qa_post_text('password');
$inhandle = qa_post_text('handle');
$errors = array_merge(qa_handle_email_validate($inhandle, $inemail), qa_password_validate($inpassword));
if (qa_opt('captcha_on_register')) {
qa_captcha_validate($_POST, $errors);
}
if (empty($errors)) {
// register and redirect
$userid = qa_create_new_user($inemail, $inpassword, $inhandle);
// register user to course
$categoryid = 6;
mp_register_user($userid, $categoryid);
//qa_set_logged_in_user($userid, $inhandle, null, null);
qa_set_logged_in_user($userid, $inhandle, null, null, $categoryid);
$topath = qa_get('to');
if (isset($topath)) {
qa_redirect_raw($qa_root_url_relative . $topath);
} else {
qa_redirect('');
}
}
}
// Prepare content for theme
$qa_content = qa_content_prepare();
$qa_content['title'] = qa_lang_html('users/register_title');
$qa_content['form'] = array('tags' => 'METHOD="POST" ACTION="' . qa_self_html() . '"', 'style' => 'tall', 'fields' => array('handle' => array('label' => qa_lang_html('users/handle_label'), 'tags' => 'NAME="handle" ID="handle"', 'value' => qa_html(@$inhandle), 'error' => qa_html(@$errors['handle'])), 'password' => array('type' => 'password', 'label' => qa_lang_html('users/password_label'), 'tags' => 'NAME="password" ID="password"', 'value' => qa_html(@$inpassword), 'error' => qa_html(@$errors['password'])), 'email' => array('label' => qa_lang_html('users/email_label'), 'tags' => 'NAME="email" ID="email"', 'value' => qa_html(@$inemail), 'note' => qa_opt('email_privacy'), 'error' => qa_html(@$errors['email']))), 'buttons' => array('register' => array('label' => qa_lang_html('users/register_button'))), 'hidden' => array('doregister' => '1'));
if (qa_opt('captcha_on_register')) {
qa_set_up_captcha_field($qa_content, $qa_content['form']['fields'], @$errors);
}
function qa_log_in_external_user($source, $identifier, $fields)
{
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
$users = qa_db_user_login_find($source, $identifier);
$countusers = count($users);
if ($countusers > 1) {
qa_fatal_error('External login mapped to more than one user');
}
// should never happen
if ($countusers) {
// user exists so log them in
qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], false, $source);
} else {
// create and log in user
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
$handle = qa_handle_make_valid(@$fields['handle']);
$userid = qa_create_new_user((string) @$fields['email'], null, $handle, isset($fields['level']) ? $fields['level'] : QA_USER_LEVEL_BASIC, @$fields['confirmed']);
qa_db_user_login_add($userid, $source, $identifier);
$profilefields = array('name', 'location', 'website', 'about');
foreach ($profilefields as $fieldname) {
if (strlen(@$fields[$fieldname])) {
qa_db_user_profile_set($userid, $fieldname, $fields[$fieldname]);
}
}
if (strlen(@$fields['avatar'])) {
qa_set_user_avatar($userid, $fields['avatar']);
}
qa_set_logged_in_user($userid, $handle, false, $source);
}
}
/**
* Overrides the default mechanism of logging in from external sources.
*
* Adds a different way of tracking the sessions and performs some
* additional tasks when creating an user account (setting new fields,
* extra checks, etc).
*/
function qa_log_in_external_user($source, $identifier, $fields)
{
require_once QA_INCLUDE_DIR . 'qa-db-users.php';
$remember = qa_opt('open_login_remember') ? true : false;
$users = qa_db_user_login_find($source, $identifier);
$countusers = count($users);
if ($countusers > 1) {
qa_fatal_error('External login mapped to more than one user');
}
// should never happen
/*
* To allow for more than one account from the same openid/openauth provider to be
* linked to an Q2A user, we need to override the way session source is stored
* Supposing userid 01 is linked to 2 yahoo accounts, the session source will be
* something like 'yahoo-xyz' when logging in with the first yahoo account and
* 'yahoo-xyt' when logging in with the other.
*/
$aggsource = qa_open_login_get_new_source($source, $identifier);
// prepare some data
if (empty($fields['handle'])) {
$ohandle = ucfirst($source);
} else {
$ohandle = preg_replace('/[\\@\\+\\/]/', ' ', $fields['handle']);
}
$oemail = null;
if (strlen(@$fields['email']) && $fields['confirmed']) {
// only if email is confirmed
$oemail = $fields['email'];
}
if ($countusers) {
// user exists so log them in
//always update email and handle
if ($oemail) {
qa_db_user_login_set__open($source, $identifier, 'oemail', $oemail);
}
qa_db_user_login_set__open($source, $identifier, 'ohandle', $ohandle);
qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], $remember, $aggsource);
} else {
// create and log in user
require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php';
qa_db_user_login_sync(true);
$users = qa_db_user_login_find($source, $identifier);
// check again after table is locked
if (count($users) == 1) {
//always update email and handle
if ($oemail) {
qa_db_user_login_set__open($source, $identifier, 'oemail', $oemail);
}
qa_db_user_login_set__open($source, $identifier, 'ohandle', $ohandle);
qa_db_user_login_sync(false);
qa_set_logged_in_user($users[0]['userid'], $users[0]['handle'], $remember, $aggsource);
} else {
$handle = qa_handle_make_valid(@$fields['handle']);
// check if email address already exists
$emailusers = array();
if (strlen(@$fields['email']) && $fields['confirmed']) {
// only if email is confirmed
$emailusers = qa_db_user_find_by_email_or_oemail__open($fields['email']);
if (count($emailusers)) {
// unset regular email to prevent duplicates
unset($fields['email']);
}
}
$userid = qa_create_new_user((string) @$fields['email'], null, $handle, isset($fields['level']) ? $fields['level'] : QA_USER_LEVEL_BASIC, @$fields['confirmed']);
qa_db_user_set($userid, 'oemail', $oemail);
qa_db_user_login_add($userid, $source, $identifier);
qa_db_user_login_set__open($source, $identifier, 'oemail', $oemail);
qa_db_user_login_set__open($source, $identifier, 'ohandle', $ohandle);
qa_db_user_login_sync(false);
$profilefields = array('name', 'location', 'website', 'about');
foreach ($profilefields as $fieldname) {
if (strlen(@$fields[$fieldname])) {
qa_db_user_profile_set($userid, $fieldname, $fields[$fieldname]);
}
}
if (strlen(@$fields['avatar'])) {
qa_set_user_avatar($userid, $fields['avatar']);
}
qa_set_logged_in_user($userid, $handle, $remember, $aggsource);
return count($emailusers);
}
}
return 0;
}
