/** * Function to save User Information * into Joomla */ function saveUser(&$d) { global $database, $my, $_VERSION, $VM_LANG; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $aro_id = 'aro_id'; $group_id = 'group_id'; // Column names have changed since J! 1.5 if (vmIsJoomla('1.5', '>=')) { $aro_id = 'id'; $group_id = 'id'; } $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script type=\"text/javascript\">alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n"; } $isNew = !$row->id; $pwd = ''; // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = vmGenRandomPassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { if (!empty($_POST['password'])) { if ($row->password != @$_POST['password2']) { $d['error'] = vmHtmlEntityDecode($VM_LANG->_('REGWARN_VPASS2', false)); return false; } } $row->password = md5($row->password); } } // save usertype to usetype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE `{$group_id}` = {$row->gid}"; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; // save params $params = vmGet($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } if (!$row->check()) { echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n"; return false; } if (!$row->store()) { echo "<script type=\"text/javascript\"> alert('" . vmHtmlEntityDecode($row->getError()) . "');</script>\n"; return false; } if ($isNew) { $newUserId = $row->id; } else { $newUserId = false; } $row->checkin(); $_SESSION['session_user_params'] = $row->params; // update the ACL if (!$isNew) { $query = "SELECT `{$aro_id}`" . "\n FROM #__core_acl_aro" . "\n WHERE value = '{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = {$row->gid}" . "\n WHERE aro_id = {$aro_id}"; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { // Send the notification emails $name = $row->name; $email = $row->email; $username = $row->username; $password = $pwd; $this->_sendMail($name, $email, $username, $password); } return $newUserId; }
function saveUser($option, $task) { global $database, $my, $acl; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } // sanitize $row->id = intval($row->id); $row->gid = intval($row->gid); $isNew = !$row->id; $pwd = ''; // disallow super administrator blocking self $super_gid = $acl->get_group_id('super administrator'); if ($row->id == $my->id && $my->gid == $super_gid) { $row->block = 0; } // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $pwd = $row->password; $row->password = md5($pwd); } } // save usertype to usetype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = {$row->gid}"; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } $row->checkin(); $loginfo = new mosLoginDetails($row->username, $pwd); $mambothandler =& mosMambotHandler::getInstance(); $mambothandler->loadBotGroup('authenticator'); // update the ACL if (!$isNew) { if ($pwd) { $mambothandler->trigger('userChange', array($loginfo)); } if ($row->block) { $mambothandler->trigger('userBlock', array($loginfo)); } else { $mambothandler->trigger('userUnblock', array($loginfo)); } $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'"; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { $mambothandler->trigger('userRegister', array($loginfo)); $mambothandler->trigger('userActivate', array($loginfo)); if ($row->block) { $mambothandler->trigger('userBlock', array($loginfo)); } $query = "SELECT email FROM #__users WHERE id={$my->id}"; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = T_('New User Details'); $message = sprintf(T_('Hello %s, You have been added as a user to %s by an Administrator. This email contains your username and password to log into the %s Username - %s Password - %s Please do not respond to this message as it is automatically generated and is for information purposes only'), $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email FROM #__users WHERE usertype='super administrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row = $rows[0]; $adminName = $row->name; $adminEmail = $row->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } switch ($task) { case 'apply': $msg = sprintf(T_('Successfully Saved changes to User: %s'), $row->name); mosRedirect('index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg); case 'save': default: $msg = sprintf(T_('Successfully Saved User: %s'), $row->name); mosRedirect('index2.php?option=com_users', $msg); break; } }
function saveUser($task) { global $database, $my, $acl; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; josSpoofCheck(); $userIdPosted = mosGetParam($_POST, 'id'); if ($userIdPosted) { $msg = checkUserPermissions(array($userIdPosted), 'save', in_array($my->gid, array(24, 25))); if ($msg) { echo "<script type=\"text/javascript\"> alert('" . $msg . "'); window.history.go(-1);</script>\n"; exit; } } $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->name = trim($row->name); $row->email = trim($row->email); $row->username = trim($row->username); // sanitise fields $row->id = (int) $row->id; // sanitise gid field $row->gid = (int) $row->gid; $isNew = !$row->id; $pwd = ''; // MD5 hash convert passwords if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $salt = mosMakePassword(16); $crypt = md5($pwd . $salt); $row->password = $crypt . ':' . $salt; } else { $pwd = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($pwd . $salt); $row->password = $crypt . ':' . $salt; } $row->registerDate = date('Y-m-d H:i:s'); } else { $original = new mosUser($database); $original->load((int) $row->id); // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = trim($row->password); $salt = mosMakePassword(16); $crypt = md5($row->password . $salt); $row->password = $crypt . ':' . $salt; } // if group has been changed and where original group was a Super Admin if ($row->gid != $original->gid) { if ($original->gid == 25) { // count number of active super admins $query = "SELECT COUNT( id )" . "\n FROM #__users" . "\n WHERE gid = 25" . "\n AND block = 0"; $database->setQuery($query); $count = $database->loadResult(); if ($count <= 1) { // disallow change if only one Super Admin exists echo "<script> alert('You cannot change this users Group as it is the only active Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } } $user_group = strtolower($acl->get_group_name($original->gid, 'ARO')); if ($user_group == 'super administrator' && $my->gid != 25) { // disallow change of super-Admin by non-super admin echo "<script> alert('You cannot change this users Group as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } else { if ($my->gid == 24 && $original->gid == 24) { // disallow change of super-Admin by non-super admin echo "<script> alert('You cannot change the Group of another Administrator as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; exit; } } // ensure user can't add group higher than themselves done below } } /* // if user is made a Super Admin group and user is NOT a Super Admin if ( $row->gid == 25 && $my->gid != 25 ) { // disallow creation of Super Admin by non Super Admin users echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; exit(); } */ // Security check to avoid creating/editing user to higher level than himself: response to artf4529. if (!in_array($row->gid, getGIDSChildren($my->gid))) { // disallow creation of Super Admin by non Super Admin users echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; exit; } // save usertype to usertype column $query = "SELECT name" . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = " . (int) $row->gid; $database->setQuery($query); $usertype = $database->loadResult(); $row->usertype = $usertype; // save params $params = mosGetParam($_POST, 'params', ''); if (is_array($params)) { $txt = array(); foreach ($params as $k => $v) { $txt[] = "{$k}={$v}"; } $row->params = implode("\n", $txt); } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $row->checkin(); // updates the current users param settings if ($my->id == $row->id) { //session_start(); $_SESSION['session_user_params'] = $row->params; session_write_close(); } // update the ACL if (!$isNew) { $query = "SELECT aro_id" . "\n FROM #__core_acl_aro" . "\n WHERE value = " . (int) $row->id; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = " . (int) $row->gid . "\n WHERE aro_id = " . (int) $aro_id; $database->setQuery($query); $database->query() or die($database->stderr()); } // for new users, email username and password if ($isNew) { $query = "SELECT email" . "\n FROM #__users" . "\n WHERE id = " . (int) $my->id; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = _NEW_USER_MESSAGE_SUBJECT; $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email" . "\n FROM #__users" . "\n WHERE gid = 25"; $database->setQuery($query); $admins = $database->loadObjectList(); $admin = $admins[0]; $adminName = $admin->name; $adminEmail = $admin->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } if (!$isNew) { // if group has been changed if ($original->gid != $row->gid) { // delete user acounts active sessions logoutUser($row->id, 'com_users', 'change'); } } switch ($task) { case 'apply': $msg = 'Successfully Saved changes to User: '******'index2.php?option=com_users&task=editA&hidemainmenu=1&id=' . $row->id, $msg); break; case 'save': default: $msg = 'Successfully Saved User: '******'index2.php?option=com_users', $msg); break; } }
function saveUser($option) { global $database, $my; global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = !$row->id; $pwd = ''; if ($isNew) { // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } $row->registerDate = date('Y-m-d H:i:s'); } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = md5($row->password); } } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // update the ACL if ($isNew) { } else { $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"; $database->setQuery($query); $aro_id = $database->loadResult(); $query = "UPDATE #__core_acl_groups_aro_map" . "\n SET group_id = '{$row->gid}'" . "\n WHERE aro_id = '{$aro_id}'"; $database->setQuery($query); $database->query() or die($database->stderr()); } $row->checkin(); if ($isNew) { $query = "SELECT email FROM #__users WHERE id={$my->id}"; $database->setQuery($query); $adminEmail = $database->loadResult(); $subject = _NEW_USER_MESSAGE_SUBJECT; $message = sprintf(_NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd); if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { $adminName = $mosConfig_fromname; $adminEmail = $mosConfig_mailfrom; } else { $query = "SELECT name, email FROM #__users WHERE usertype='superadministrator'"; $database->setQuery($query); $rows = $database->loadObjectList(); $row = $rows[0]; $adminName = $row->name; $adminEmail = $row->email; } mosMail($adminEmail, $adminName, $row->email, $subject, $message); } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); mosRedirect('index2.php?option=' . $option); }
function checkin( $oid = null ) { $this->_mapUsers(); // Checks-in the row (on the CMSes where applicable): if ( is_callable( array( $this->_cmsUser, 'checkin' ) ) ) { return $this->_cmsUser->checkin(); } else { return true; } }
function saveUser($option) { global $database, $my; global $mosConfig_live_site; $row = new mosUser($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } $isNew = !$row->id; $pwd = ''; if ($isNew) { //extended user stuff $row->user_id = $row->id; // new user stuff if ($row->password == '') { $pwd = mosMakePassword(); $row->password = md5($pwd); } else { $pwd = $row->password; $row->password = md5($row->password); } } else { // existing user stuff if ($row->password == '') { // password set to null if empty $row->password = null; } else { $row->password = md5($row->password); } } $row->registerDate = date("Y-m-d H:i:s"); if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->store()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } // update the ACL if ($isNew) { } else { $database->setQuery("SELECT aro_id FROM #__core_acl_aro WHERE value='{$row->id}'"); $aro_id = $database->loadResult(); $database->setQuery("UPDATE #__core_acl_groups_aro_map" . "\nSET group_id = '{$row->gid}'" . "\nWHERE aro_id = '{$aro_id}'"); $database->query() or die($database->stderr()); } $row->checkin(); if ($isNew) { $database->setQuery("SELECT email FROM #__users WHERE id={$my->id}"); $adminEmail = $database->loadResult(); $subject = "New User Details"; $message = "Hello {$row->name},\r \n \r \n"; $message .= "You have been added as a user to {$mosConfig_live_site} by an Administrator.\r \n"; $message .= "This email contains your username and password to log into the {$mosConfig_live_site} site:\r \n \r \n"; $message .= "Username - {$row->username}\r \n"; $message .= "Password - {$pwd}\r \n \r \n \r \n"; $message .= "Please do not respond to this message as it is automatically generated and is for information purposes only\r \n"; $headers .= "From: {$adminEmail}\r\n"; $headers .= "Reply-To: {$adminEmail}\r\n"; $headers .= "X-Priority: 3\r\n"; $headers .= "X-MSMail-Priority: Low\r\n"; $headers .= "X-Mailer: Mambo Open Source 4.5\r\n"; mail($row->email, $subject, $message, $headers); } $limit = intval(mosGetParam($_REQUEST, 'limit', 10)); $limitstart = intval(mosGetParam($_REQUEST, 'limitstart', 0)); $row = null; $row = new mosUser_Extended($database); if (!$row->bind($_POST)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-1); </script>\n"; exit; } if (!$row->check()) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } if (!$row->storeExtended(0)) { echo "<script> alert('" . $row->getError() . "'); window.history.go(-2); </script>\n"; exit; } mosRedirect("index2.php?option={$option}"); }