function _process_activation() { global $FUNCS, $DB, $AUTH; $data = $_GET['key']; $data = str_replace(' ', '+', $data); list($user, $key, $expiry, $hash) = explode('|', $data); // check if link has not expired if (time() > $expiry) { return $FUNCS->raise_error($FUNCS->t('invalid_key')); } // next verify hash to make sure the data has not been tampered with. if ($data !== $AUTH->get_hash($user, $key, $expiry)) { return $FUNCS->raise_error($FUNCS->t('invalid_key')); } // finally check if activation key still exists for the user // get the user with this activation key $rs = $DB->select(K_TBL_USERS, array('id'), "name='" . $DB->sanitize($user) . "' AND activation_key='" . $DB->sanitize($key) . "'"); if (!count($rs)) { return $FUNCS->raise_error($FUNCS->t('invalid_key')); } else { $user = new KUser($rs[0]['id'], 1); $user->populate_fields(); $user->fields[4]->store_posted_changes(0); // enable user $access_level = $AUTH->user->access_level; $AUTH->user->access_level = K_ACCESS_LEVEL_AUTHENTICATED + 1; // to allow an unlogged visitor activate his account $errors = $user->save(); if ($errors) { return $FUNCS->raise_error('Activation failed'); } $AUTH->user->access_level = $access_level; } }
if (!defined('K_ADMIN')) { die; } // cannot be loaded directly require_once K_COUCH_DIR . 'includes/ckeditor/ckeditor.php'; if (isset($_GET['act'][0])) { $user_id = isset($_GET['id']) && $FUNCS->is_non_zero_natural($_GET['id']) ? (int) $_GET['id'] : null; if ($_GET['act'] == 'edit' || $_GET['act'] == 'create') { if ($user_id || !$user_id && $_GET['act'] == 'create') { if ($_GET['act'] == 'create') { $FUNCS->validate_nonce('create_user'); } else { $FUNCS->validate_nonce('update_user_' . $user_id); } $user = new KUser($user_id, 1); $user->populate_fields(); // get values from database into fields $errors = ''; if (isset($_POST['op']) && $_POST['op'] == 'save') { $_POST['f_k_access_level'] = intval($_POST['f_k_levels_list']); $_POST['f_k_disabled'] = isset($_POST['f_k_disabled_check']) ? 1 : 0; // HOOK: alter_edit_user_posted_data $skip = $FUNCS->dispatch_event('alter_edit_user_posted_data', array(&$user)); if (!$skip) { for ($x = 0; $x < count($user->fields); $x++) { $f =& $user->fields[$x]; $f->store_posted_changes($_POST['f_' . $f->name]); // get posted values into fields } } // HOOK: edit_user_presave