e107::redirect(); exit; } if ((!ADMIN || !getperms("4")) && e_QUERY && e_QUERY != "update") { header('location:' . e_BASE . 'usersettings.php'); exit; } include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_user.php'); // Generic user-related language defines include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_usersettings.php'); require_once e_HANDLER . 'ren_help.php'; require_once e_HANDLER . 'user_extended_class.php'; // require_once (e_HANDLER.'user_handler.php'); require_once e_HANDLER . 'validator_class.php'; $ue = new e107_user_extended(); $userMethods = e107::getUserSession(); require_once e_HANDLER . 'ren_help.php'; if (deftrue('BOOTSTRAP') === 3) { $template = e107::getCoreTemplate('usersettings', '', true, true); // always merge $USERSETTINGS_MESSAGE = "{MESSAGE}"; $USERSETTINGS_MESSAGE_CAPTION = LAN_OK; $USERSETTINGS_EDIT_CAPTION = LAN_USET_39; // 'Update User Settings' $USERSETTINGS_EDIT = $template['edit']; $usersettings_shortcodes = e107::getScBatch('usersettings'); $usersettings_shortcodes->wrapper('usersettings/edit'); } else { include_once e107::coreTemplatePath('usersettings'); //correct way to load a core template. e107::scStyle($sc_style);
/** * XUP Signup Method (falls-back to XUP login when existing user is detected). * May be used as a simple XUP login link for existing and non-existing users. */ public function signup($redirectUrl = true, $loginAfterSuccess = true, $emailAfterSuccess = true) { if (!e107::getPref('social_login_active', false)) { throw new Exception("Signup failed! This feature is disabled.", 100); // TODO lan } if (!$this->getProvider()) { throw new Exception("Signup failed! Wrong provider.", 2); // TODO lan } if ($redirectUrl) { if (true === $redirectUrl) { $redirectUrl = SITEURL; } elseif (strpos($redirectUrl, 'http://') !== 0 && strpos($redirectUrl, 'https://') !== 0) { $redirectUrl = e107::getUrl()->create($redirectUrl); } } if (e107::getUser()->isUser()) { if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return false; // throw new Exception( "Signup failed! User already signed in. ", 1); // TODO lan } $this->adapter = $this->hybridauth->authenticate($this->getProvider()); $profile = $this->adapter->getUserProfile(); // returned back, if success... if ($profile->identifier) { $sql = e107::getDb(); $userMethods = e107::getUserSession(); $plainPwd = $userMethods->generateRandomString('************'); // auto plain passwords // TODO - auto login name, shouldn't be used if system set to user_email login... $userdata['user_loginname'] = $this->getProvider() . $userMethods->generateUserLogin(e107::getPref('predefinedLoginName', '_..#..#..#')); $userdata['user_email'] = $sql->escape($profile->emailVerified ? $profile->emailVerified : $profile->email); $userdata['user_name'] = $sql->escape($profile->displayName); $userdata['user_login'] = $userdata['user_name']; $userdata['user_customtitle'] = ''; // not used $userdata['user_password'] = $userMethods->HashPassword($plainPwd, $userdata['user_loginname']); // pwd $userdata['user_sess'] = ''; // $userdata['user_image'] = $profile->photoURL; // avatar $userdata['user_signature'] = ''; // not used $userdata['user_hideemail'] = 1; // hide it by default $userdata['user_xup'] = $sql->escape($this->userId()); $pref = e107::pref('core'); if (!empty($pref['initial_user_classes'])) { $userdata['user_class'] = $pref['initial_user_classes']; } elseif (!empty($pref['user_new_period'])) { $userdata['user_class'] = e_UC_NEWUSER; } else { $userdata['user_class'] = ''; } // print_a($userdata); // user_name, user_xup, user_email and user_loginname shouldn't match $insert = !empty($userdata['user_email']) ? "OR user_email='" . $userdata['user_email'] . "' " : ""; if ($sql->count("user", "(*)", "user_xup='" . $sql->escape($this->userId()) . "' " . $insert . " OR user_loginname='{$userdata['user_loginname']}' OR user_name='{$userdata['user_name']}'")) { // $this->login($redirectUrl); // auto-login e107::getUser()->loginProvider($this->userId()); if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return false; // throw new Exception( "Signup failed! User already exists. Please use 'login' instead.", 3); } if (empty($userdata['user_email']) && e107::getPref('disable_emailcheck', 0) == 0) { throw new Exception("Signup failed! Can't access user email - registration without an email is impossible." . print_a($userdata, true), 4); // TODO lan } // other fields $now = time(); $userdata['user_id'] = null; $userdata['user_join'] = $now; $userdata['user_lastvisit'] = 0; $userdata['user_currentvisit'] = 0; $userdata['user_comments'] = 0; $userdata['user_ip'] = e107::getIPHandler()->getIP(FALSE); $userdata['user_ban'] = USER_VALIDATED; $userdata['user_prefs'] = ''; $userdata['user_visits'] = 0; $userdata['user_admin'] = 0; $userdata['user_perms'] = ''; $userdata['user_realm'] = ''; $userdata['user_pwchange'] = $now; $user = e107::getSystemUser(0, false); $user->setData($userdata); $user->getExtendedModel(); // init //$user->setEditor(e107::getSystemUser(1, false)); $user->save(true); // user model error if ($user->hasError()) { throw new Exception($user->renderMessages(), 5); } ### Successful signup! //$user->set('provider', $this->getProvider()); $userdata = $user->getData(); $userdata['provider'] = $this->getProvider(); // e107::getEvent()->trigger('userveri', $userdata); // Trigger New verified user. e107::getEvent()->trigger('user_xup_signup', $userdata); $ret = e107::getEvent()->trigger('usersupprov', $userdata); // XXX - it's time to pass objects instead of array? if (true === $ret) { return $this; } // send email if ($emailAfterSuccess) { $user->set('user_password', $plainPwd)->email('signup'); } e107::getUser()->setProvider($this); // auto login if ($loginAfterSuccess) { e107::getUser()->loginProvider($this->userId()); // if not proper after-login, return true so user can see login screen } if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return true; } return false; }
/** * Admin auth check * @param string $authname, entered name * @param string $authpass, entered pass * @param object $authresponse [optional] * @return boolean if fail, else result array */ public function authcheck($authname, $authpass, $authresponse = '') { global $pref; $tp = e107::getParser(); $sql_auth = e107::getDb('sql_auth'); $user_info = e107::getUserSession(); $reason = ''; $authname = $tp->toDB(preg_replace("/\\sOR\\s|\\=|\\#/", "", trim($authname))); $authpass = trim($authpass); if ($authpass == '' || $authname == '') { $reason = 'np'; } if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) { $reason = 'lu'; } if (!$reason) { if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); } elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); $authname = $row['user_loginname']; } else { $reason = 'iu'; } } if (!$reason && $row['user_id']) { $session = e107::getSession(); if ($authresponse && $session->is('challenge') && $authresponse != $session->get('challenge')) { // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted) if (($pass_result = $user_info->CheckCHAP($session->get('challenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return ${$row}; } } else { // Plaintext password if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return $row; } } } return array("authfail", "reason" => $reason); }
return deftrue('LAN_FPW_101', "Not to worry. Just enter your email address below and we'll send you an instruction email for recovery."); } } if ($pref['membersonly_enabled']) { $sc = array('FPW_LOGIN_LOGO' => file_exists(THEME . "images/login_logo.png") ? "<img src='" . THEME_ABS . "images/login_logo.png' alt='' />\n" : "<img src='" . e_IMAGE_ABS . "logo.png' alt='' />\n"); if (deftrue('BOOTSTRAP')) { $FPW_TABLE_HEADER = e107::getCoreTemplate('fpw', 'header'); $FPW_TABLE_FOOTER = e107::getCoreTemplate('fpw', 'footer'); } else { require_once e107::coreTemplatePath('fpw'); //correct way to load a core template. } $HEADER = $tp->simpleParse($FPW_TABLE_HEADER, $sc); $FOOTER = $tp->simpleParse($FPW_TABLE_FOOTER, $sc); } $user_info = e107::getUserSession(); require_once HEADERF; function fpw_error($txt) { if (deftrue('BOOTSTRAP')) { e107::getMessage()->addError($txt); e107::getRender()->tablerender(LAN_03, e107::getMessage()->render()); require_once FOOTERF; exit; } e107::getRender()->tablerender(LAN_03, "<div class='fpw-page'>" . $txt . "</div>", 'fpw'); require_once FOOTERF; exit; } //the separator character used define('FPW_SEPARATOR', '#');
function setCronPwd() { //global $pref; $userMethods = e107::getUserSession(); $newpwd = $userMethods->generateRandomString('*^*#.**^*'); $newpwd = sha1($newpwd . time()); e107::getConfig()->set('e_cron_pwd', $newpwd)->save(false); return true; }
public function tryProviderSession($deniedAs) { // don't allow if main admin browse front-end or there is already user session if (!$deniedAs && $this->getSessionDataAs() || null !== $this->_session_data || !e107::getPref('social_login_active', false)) { return $this; } try { // detect all currently connected providers $hybrid = e107::getHybridAuth(); // init the auth class $connected = Hybrid_Auth::getConnectedProviders(); } catch (Exception $e) { e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage(), 'default', true); $session = e107::getSession(); $session->set('HAuthError', true); $connected = false; } // no active session found if (!$connected) { return $this; } // query DB $sql = e107::getDb(); $where = array(); foreach ($connected as $providerId) { $adapter = Hybrid_Auth::getAdapter($providerId); if (!$adapter->getUserProfile()->identifier) { continue; } $id = $providerId . '_' . $adapter->getUserProfile()->identifier; $where[] = "user_xup='" . $sql->escape($id) . "'"; } $where = implode(' OR ', $where); if ($sql->db_Select('user', 'user_id, user_password, user_xup', $where)) { $user = $sql->db_Fetch(); e107::getUserSession()->makeUserCookie($user); $this->setSessionData(); } return $this; }
public function __construct() { $this->e107 = e107::getInstance(); $this->userIP = e107::getIPHandler()->getIP(); $this->userMethods = e107::getUserSession(); }
/** * Send an activation email to all unactivated users older than so many hours. * @param bool $resetPasswords * @param int $age in hours. ie. older than 24 hours will be sent an email. */ function resend_to_all($resetPasswords = false, $age = 24, $class = '') { global $sql, $pref; $tp = e107::getParser(); $sql = e107::getDb(); $sql2 = e107::getDb('toall'); $emailLogin = e107::getPref('allowEmailLogin'); e107::lan('core', 'signup'); $ageOpt = intval($age) . " hours ago"; $age = strtotime($ageOpt); // $query = "SELECT u.*, ue.* FROM `#user` AS u LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id WHERE u.user_ban = 2 AND u.user_email != '' AND u.user_join < ".$age." ORDER BY u.user_id DESC"; $query = "SELECT u.* FROM `#user` AS u WHERE u.user_ban = 2 AND u.user_email != '' AND u.user_join < " . $age . " "; if (!empty($class)) { $query .= " AND FIND_IN_SET( " . intval($class) . ", u.user_class) "; } $query .= " ORDER BY u.user_id DESC"; $sql->gen($query); $recipients = array(); $usr = e107::getUserSession(); while ($row = $sql->fetch()) { if ($resetPasswords === true) { $rawPassword = $usr->generateRandomString('********'); $sessKey = e_user_model::randomKey(); $updateQry = array('user_sess' => $sessKey, 'user_password' => $usr->HashPassword($rawPassword, $row['user_loginname']), 'WHERE' => 'user_id = ' . $row['user_id'] . " LIMIT 1"); if (!$sql2->update('user', $updateQry)) { e107::getMessage()->addError("Error updating user's password. #" . $row['user_id'] . " : " . $row['user_email']); e107::getMessage()->addDebug(print_a($updateQry, true)); // break; } else { e107::getMessage()->addInfo("Updated " . $row['user_id'] . " : " . $row['user_email']); } $row['user_sess'] = $sessKey; } else { $rawPassword = '******'; } $activationUrl = SITEURL . "signup.php?activate." . $row['user_id'] . "." . $row['user_sess']; $recipients[] = array('mail_recipient_id' => $row['user_id'], 'mail_recipient_name' => $row['user_name'], 'mail_recipient_email' => $row['user_email'], 'mail_target_info' => array('USERID' => $row['user_id'], 'LOGINNAME' => intval($emailLogin) === 1 ? $row['user_email'] : $row['user_loginname'], 'PASSWORD' => $rawPassword, 'DISPLAYNAME' => $tp->toDB($row['user_name']), 'SUBJECT' => LAN_SIGNUP_98, 'USERNAME' => $row['user_name'], 'USERLASTVISIT' => $row['user_lastvisit'], 'ACTIVATION_LINK' => '<a href="' . $activationUrl . '">' . $activationUrl . '</a>', 'ACTIVATION_URL' => $activationUrl, 'DATE_SHORT' => $tp->toDate(time(), 'short'), 'DATE_LONG' => $tp->toDate(time(), 'long'), 'SITEURL' => SITEURL)); // echo $row['user_id']." ".$row['user_sess']." ".$row['user_name']." ".$row['user_email']."<br />"; } $siteadminemail = e107::getPref('siteadminemail'); $siteadmin = e107::getPref('siteadmin'); $mailer = e107::getBulkEmail(); // Create the mail body $mailData = array('mail_total_count' => count($recipients), 'mail_content_status' => MAIL_STATUS_TEMP, 'mail_create_app' => 'core', 'mail_title' => 'RESEND ACTIVATION', 'mail_subject' => LAN_SIGNUP_98, 'mail_sender_email' => e107::getPref('replyto_email', $siteadminemail), 'mail_sender_name' => e107::getPref('replyto_name', $siteadmin), 'mail_notify_complete' => 0, 'mail_body' => 'null', 'template' => 'signup', 'mail_send_style' => 'signup'); $mailer->sendEmails('signup', $mailData, $recipients, array('mail_force_queue' => 1)); $totalMails = count($recipients); $url = e_ADMIN . "mailout.php?mode=pending&action=list"; e107::getMessage()->addSuccess("Total emails added to <a href='" . $url . "'>mail queue</a>: " . $totalMails); }
/** * Handle a bounce report. * @param string $bounceString - the string from header X-e107-id * @param string $emailAddress - optional email address string for checks * @return boolean - TRUE on success, FALSE on failure */ public function markBounce($bounceString, $emailAddress = '') { $bounceString = trim($bounceString); $bounceInfo = array('mail_bounce_string' => $bounceString, 'mail_recipient_email' => $emailAddress); // Ready for event data $errors = array(); // Log all errors, at least until proven $vals = explode('/', $bounceString); // Should get one or four fields if ($this->debugMode) { echo "<h4>Bounce String</h4>"; print_a($bounceString); echo "<h4>Vals</h4>"; print_a($vals); } if (!is_numeric($vals[0])) { $errors[] = 'Bad user ID: ' . $vals[0]; } $uid = intval($vals[0]); // User ID (zero is valid) if (count($vals) == 4) { if (!is_numeric($vals[1])) { $errors[] = 'Bad body record: ' . $vals[1]; } if (!is_numeric($vals[2])) { $errors[] = 'Bad recipient record: ' . $vals[2]; } $vals[0] = intval($vals[0]); $vals[1] = intval($vals[1]); $vals[2] = intval($vals[2]); $vals[3] = trim($vals[3]); $hash = $vals[0] . '/' . $vals[1] . '/' . $vals[2] . '/'; if (md5($hash) != $vals[3]) { $errors[] = 'Bad md5'; $errors[] = print_r($vals, true); $errors[] = 'hash:' . md5($hash); } if (empty($errors)) { $this->checkDB(1); // Look up in mailer DB if no errors so far if (false === $this->db->gen("SELECT mr.`mail_recipient_id`, mr.`mail_recipient_email`, mr.`mail_recipient_name`, mr.mail_target_info, \n\t\t\t\t\tmc.mail_create_date, mc.mail_start_send, mc.mail_end_send, mc.`mail_title`, mc.`mail_subject`, mc.`mail_creator`, mc.`mail_other` FROM `#mail_recipients` AS mr \n\t\t\t\t\tLEFT JOIN `#mail_content` as mc ON mr.`mail_detail_id` = mc.`mail_source_id`\n\t\t\t\t\t\tWHERE mr.`mail_target_id` = {$vals[2]} AND mc.`mail_source_id` = {$vals[1]}")) { // Invalid mailer record $errors[] = 'Not found in DB: ' . $vals[1] . '/' . $vals[2]; } $row = $this->db->fetch(MYSQL_ASSOC); $row = $this->dbToBoth($row); $bounceInfo = $row; if ($emailAddress && $emailAddress != $row['mail_recipient_email']) { $errors[] = 'Email address mismatch: ' . $emailAddress . '/' . $row['mail_recipient_email']; } if ($uid != $row['mail_recipient_id']) { $errors[] = 'User ID mismatch: ' . $uid . '/' . $row['mail_recipient_id']; } if (count($errors) == 0) { $bounceInfo['mail_source_id'] = $vals[1]; $bounceInfo['mail_target_id'] = $vals[2]; $bounceInfo['mail_recipient_id'] = $uid; $bounceInfo['mail_recipient_name'] = $row['mail_recipient_name']; if (!$this->db->update('mail_content', '`mail_bounce_count` = `mail_bounce_count` + 1 WHERE `mail_source_id` = ' . $vals[1])) { e107::getAdminLog()->add('Unable to increment bounce-count on mail_source_id=' . $vals[1], $bounceInfo, E_LOG_FATAL, 'BOUNCE', LOG_TO_ROLLING); } if (!$this->db->update('mail_recipients', '`mail_status` = ' . MAIL_STATUS_BOUNCED . ' WHERE `mail_target_id` = ' . $vals[2])) { e107::getAdminLog()->add('Unable to update recipient mail_status to bounce on mail_target_id = ' . $vals[2], $bounceInfo, E_LOG_FATAL, 'BOUNCE', LOG_TO_ROLLING); } $addons = array_keys($row['mail_selectors']); // trigger e_mailout.php addons. 'bounce' method. foreach ($addons as $plug) { if ($plug == 'core') { require_once e_HANDLER . 'user_handler.php'; if ($err = userHandler::userStatusUpdate('bounce', $uid, $emailAddress)) { } $errors[] = $err; } else { if ($cls = e107::getAddon($plug, 'e_mailout')) { if (e107::callMethod($cls, 'bounce', $bounceInfo) === false) { e107::getAdminLog()->add($plug . ' bounce process failed', $bounceInfo, E_LOG_FATAL, 'BOUNCE', LOG_TO_ROLLING); } } } } } // echo e107::getMessage()->render(); // print_a($bounceInfo); } } elseif (count($vals) != 1 && count($vals) != 4) { $errors[] = 'Bad element count: ' . count($vals); } elseif (!empty($uid) || !empty($emailAddress)) { // require_once(e_HANDLER.'user_handler.php'); $err = e107::getUserSession()->userStatusUpdate('bounce', $uid, $emailAddress); if ($err) { $errors[] = $err; } } if (!empty($errors)) { $logErrors = $bounceInfo; $logErrors['user_id'] = $uid; $logErrors['mailshot'] = $vals[1]; $logErrors['mailshot_recipient'] = $vals[2]; $logErrors['errors'] = $errors; $logErrors['email'] = $emailAddress; $logErrors['bounceString'] = $bounceString; $logString = $bounceString . ' (' . $emailAddress . ')[!br!]' . implode('[!br!]', $errors) . implode('[!br!]', $bounceInfo); // e107::getAdminLog()->e_log_event(10,-1,'BOUNCE','Bounce receive error',$logString, FALSE,LOG_TO_ROLLING); e107::getAdminLog()->add('Bounce receive error', $logErrors, E_LOG_WARNING, 'BOUNCE', LOG_TO_ROLLING); return $errors; } else { // e107::getAdminLog()->e_log_event(10,-1,'BOUNCE','Bounce received/logged',$bounceInfo, FALSE,LOG_TO_ROLLING); e107::getAdminLog()->add('Bounce received/logged', $bounceInfo, E_LOG_INFORMATIVE, 'BOUNCE', LOG_TO_ROLLING); } e107::getEvent()->trigger('mailbounce', $bounceInfo); return false; }
function addUser() { $e107cache = e107::getCache(); $userMethods = e107::getUserSession(); $mes = e107::getMessage(); $sql = e107::getDb(); $e_event = e107::getEvent(); global $admin_log; if (!$_POST['ac'] == md5(ADMINPWCHANGE)) { exit; } $e107cache->clear('online_menu_member_total'); $e107cache->clear('online_menu_member_newest'); $error = false; if (isset($_POST['generateloginname'])) { $_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']); } /* if (isset ($_POST['generatepassword'])) { $_POST['password1'] = $userMethods->generateRandomString('**********'); // 10-char password should be enough $_POST['password2'] = $_POST['password1']; } */ $_POST['password2'] = $_POST['password1']; // Now validate everything $allData = validatorClass::validateFields($_POST, $userMethods->userVettingInfo, true); // Do basic validation validatorClass::checkMandatory('user_name,user_loginname', $allData); // Check for missing fields (email done in userValidation() ) validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0); // Do basic DB-related checks $userMethods->userValidation($allData); // Do user-specific DB checks if (!isset($allData['errors']['user_password'])) { // No errors in password - keep it outside the main data array $savePassword = $allData['data']['user_password']; unset($allData['data']['user_password']); // Delete the password value in the output array } unset($_POST['password1']); // Restrict the scope of this unset($_POST['password2']); if (!check_class($pref['displayname_class'], $allData['data']['user_class'])) { if ($allData['data']['user_name'] != $allData['data']['user_loginname']) { $allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT; } } if (count($allData['errors'])) { // require_once (e_HANDLER."message_handler.php"); $temp = validatorClass::makeErrorList($allData, 'USER_ERR_', '%n - %x - %t: %v', '<br />', $userMethods->userVettingInfo); // message_handler('P_ALERT',$temp); $mes->addError($temp); $error = true; } // Always save some of the entered data - then we can redisplay on error $user_data =& $allData['data']; if (!$error) { if (varset($_POST['perms'])) { $allData['data']['user_admin'] = 1; $allData['data']['user_perms'] = implode('.', $_POST['perms']); } $message = ''; $user_data['user_password'] = $userMethods->HashPassword($savePassword, $user_data['user_login']); $user_data['user_join'] = time(); if ($userMethods->needEmailPassword()) { // Save separate password encryption for use with email address $user_data['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $user_data['user_email']))); } $userMethods->userClassUpdate($allData['data'], 'userall'); // Set any initial classes $userMethods->addNonDefaulted($user_data); validatorClass::addFieldTypes($userMethods->userVettingInfo, $allData); //FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later) $allData['data']['user_realm'] = ''; if ($sql->db_Insert('user', $allData)) { // Add to admin log $admin_log->log_event('USET_02', "UName: {$user_data['user_name']}; Email: {$user_data['user_email']}", E_LOG_INFORMATIVE); // Add to user audit trail $admin_log->user_audit(USER_AUDIT_ADD_ADMIN, $user_data, 0, $user_data['user_loginname']); $e_event->trigger('userfull', $user_data); // send everything available for user data - bit sparse compared with user-generated signup if (isset($_POST['sendconfemail'])) { // Send confirmation email to user require_once e_HANDLER . 'mail.php'; include_once e107::coreTemplatePath('email', 'front'); //correct way to load a core template. if (!isset($QUICKADDUSER_TEMPLATE)) { $QUICKADDUSER_TEMPLATE = USRLAN_185 . USRLAN_186; } $var_search = array('{SITEURL}', '{LOGIN}', '{USERNAME}', '{PASSWORD}', '{EMAIL}'); $var_replace = array(SITEURL, $user_data['user_name'], $user_data['user_login'], $savePassword, $user_data['user_email']); $e_message = str_replace($var_search, $var_replace, $QUICKADDUSER_TEMPLATE); if (sendemail($user_data['user_email'], USRLAN_187 . SITEURL, $e_message, $user_data['user_login'], '', '')) { $message = USRLAN_188 . '<br /><br />'; } else { $message = USRLAN_189 . '<br /><br />'; } } $message .= str_replace('--NAME--', $user_data['user_name'], USRLAN_174); if (isset($_POST['generateloginname'])) { $message .= '<br /><br />' . USRLAN_173 . ': ' . $user_data['user_login']; } if (isset($_POST['generatepassword'])) { $message .= '<br /><br />' . USRLAN_172 . ': ' . $savePassword; } unset($user_data); // Don't recycle the data once the user's been accepted without error } $mes->addSuccess($message); } else { } // $mes = e107::getMessage(); }
/** * Admin auth check * @param string $authname, entered name * @param string $authpass, entered pass * @param object $authresponse [optional] * @return boolean if fail, else result array */ public function authcheck($authname, $authpass, $authresponse = '') { $pref = e107::getPref(); $tp = e107::getParser(); $sql_auth = e107::getDb('sql_auth'); $user_info = e107::getUserSession(); $reason = ''; $authname = $tp->toDB(preg_replace("/\\sOR\\s|\\=|\\#/", "", trim($authname))); $authpass = trim($authpass); if ($authpass == '' && $authresponse == '' || $authname == '') { $reason = 'np'; } if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) { $reason = 'lu'; } if (!$reason) { if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); } elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); $authname = $row['user_loginname']; } else { $reason = 'iu'; } } if (!$reason && $row['user_id']) { $session = e107::getSession(); if ($authresponse && $session->is('prevchallenge') && $authresponse != $session->get('prevchallenge')) { // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted) /* $title = 'Login via admin'; $extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password']; $text = 'CHAP: '.$username.' ('.$extra_text.')'; $title = e107::getParser()->toDB($title); $text = e107::getParser()->toDB($text); e107::getAdminLog()->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING); $logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp); */ if (($pass_result = $user_info->CheckCHAP($session->get('prevchallenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return $row; } } else { // Plaintext password /* $title = 'Login via admin'; $extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password']; $text = 'STD: '.$username.' ('.$extra_text.')'; $title = e107::getParser()->toDB($title); $text = e107::getParser()->toDB($text); e107::getAdminLog()->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING); // $logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp); */ if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return $row; } } } return array("authfail", "reason" => $reason); }