| [ Index ] |
|
Code source de b2evolution 2.1.0-beta |
1 <?php 2 /** 3 * This file implements login/logout handling functions. 4 * 5 * This file is part of the evoCore framework - {@link http://evocore.net/} 6 * See also {@link http://sourceforge.net/projects/evocms/}. 7 * 8 * @copyright (c)2003-2007 by Francois PLANQUE - {@link http://fplanque.net/} 9 * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}. 10 * 11 * {@internal License choice 12 * - If you have received this file as part of a package, please find the license.txt file in 13 * the same folder or the closest folder above for complete license terms. 14 * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/) 15 * then you must choose one of the following licenses before using the file: 16 * - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php 17 * - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php 18 * }} 19 * 20 * {@internal Open Source relicensing agreement: 21 * Daniel HAHLER grants Francois PLANQUE the right to license 22 * Daniel HAHLER's contributions to this file and the b2evolution project 23 * under any OSI approved OSS license (http://www.opensource.org/licenses/). 24 * }} 25 * 26 * @package evocore 27 * 28 * {@internal Below is a list of authors who have contributed to design/coding of this file: }} 29 * @author cafelog (team) 30 * @author blueyed: Daniel HAHLER. 31 * @author fplanque: Francois PLANQUE. 32 * @author jeffbearer: Jeff BEARER - {@link http://www.jeffbearer.com/}. 33 * @author jupiterx: Jordan RUNNING. 34 * 35 * @version $Id: _user.funcs.php,v 1.3 2007/09/28 02:17:48 fplanque Exp $ 36 */ 37 if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' ); 38 39 load_class('users/model/_group.class.php'); 40 load_class('users/model/_user.class.php'); 41 42 43 /** 44 * Log the user out 45 */ 46 function logout() 47 { 48 global $current_User, $Session, $Plugins; 49 50 $Plugins->trigger_event( 'Logout', array( 'User' => $current_User ) ); 51 52 // Reset all global variables 53 // Note: unset is bugguy on globals 54 $current_User = NULL; // NULL, as we do isset() on it in several places! 55 56 $Session->logout(); 57 } 58 59 60 /** 61 * is_logged_in(-) 62 */ 63 function is_logged_in() 64 { 65 global $generating_static, $current_User; 66 67 if( isset($generating_static) ) 68 { // When generating static page, we should always consider we are not logged in. 69 return false; 70 } 71 72 return is_object( $current_User ) && !empty( $current_User->ID ); 73 } 74 75 76 /** 77 * Check if a password is ok for a login. 78 * 79 * @param string login 80 * @param string password 81 * @param boolean Is the password parameter already MD5()'ed? 82 * @return boolean 83 */ 84 function user_pass_ok( $login, $pass, $pass_is_md5 = false ) 85 { 86 $UserCache = & get_Cache( 'UserCache' ); 87 $User = & $UserCache->get_by_login( $login ); 88 if( !$User ) 89 { 90 return false; 91 } 92 // echo 'got data for: ', $User->login; 93 94 if( !$pass_is_md5 ) 95 { 96 $pass = md5( $pass ); 97 } 98 // echo 'pass: ', $pass, '/', $User->pass; 99 100 return ( $pass == $User->pass ); 101 } 102 103 104 /** 105 * Template tag: Output link to login 106 */ 107 function user_login_link( $before = '', $after = '', $link_text = '', $link_title = '#' ) 108 { 109 if( is_logged_in() ) return false; 110 111 if( $link_text == '' ) $link_text = T_('Log in'); 112 if( $link_title == '#' ) $link_title = T_('Log in if you have an account...'); 113 114 $r = $before; 115 $r .= '<a href="'.get_login_url().'" title="'.$link_title.'">'; 116 $r .= $link_text; 117 $r .= '</a>'; 118 $r .= $after; 119 120 echo $r; 121 } 122 123 124 /** 125 * Get url to login 126 * 127 * @return string 128 */ 129 function get_login_url() 130 { 131 global $htsrv_url_sensitive, $edited_Blog, $generating_static; 132 133 if( !isset($generating_static) ) 134 { // We are not generating a static page here: 135 $redirect = regenerate_url( '', '', '', '&' ); 136 } 137 elseif( isset($edited_Blog) ) // fp> this is a shady test!! :/ 138 { // We are generating a static page 139 $redirect = $edited_Blog->get('url'); // was dynurl 140 } 141 else 142 { // We are in a weird situation 143 $redirect = ''; 144 } 145 146 if( ! empty($redirect) ) 147 { 148 $redirect = '?redirect_to='.rawurlencode( url_rel_to_same_host( $redirect, $htsrv_url_sensitive ) ); 149 } 150 151 return $htsrv_url_sensitive.'login.php'.$redirect; 152 } 153 154 /** 155 * Template tag: Output a link to new user registration 156 * @param string 157 * @param string 158 * @param string 159 * @param boolean Display the link, if the user is already logged in? (this is used by the login form) 160 */ 161 function user_register_link( $before = '', $after = '', $link_text = '', $link_title = '#', $disp_when_logged_in = false ) 162 { 163 echo get_user_register_link( $before, $after, $link_text, $link_title, $disp_when_logged_in ); 164 } 165 166 167 /** 168 * Template tag: Get a link to new user registration 169 * @param string 170 * @param string 171 * @param string 172 * @param boolean Display the link, if the user is already logged in? (this is used by the login form) 173 * @return string 174 */ 175 function get_user_register_link( $before = '', $after = '', $link_text = '', $link_title = '#', $disp_when_logged_in = false ) 176 { 177 global $htsrv_url_sensitive, $Settings, $edited_Blog, $generating_static; 178 179 if( is_logged_in() && ! $disp_when_logged_in ) 180 { // Do not display, when already logged in: 181 return false; 182 } 183 184 if( ! $Settings->get('newusers_canregister')) 185 { // We won't let him register 186 return false; 187 } 188 189 if( $link_text == '' ) $link_text = T_('Register...'); 190 if( $link_title == '#' ) $link_title = T_('Register to open an account...'); 191 192 if( !isset($generating_static) ) 193 { // We are not generating a static page here: 194 $redirect = regenerate_url( '', '', '', '&' ); 195 } 196 elseif( isset($edited_Blog) ) 197 { // We are generating a static page 198 $redirect = $edited_Blog->get('url'); // was dynurl 199 } 200 else 201 { // We are in a weird situation 202 $redirect = ''; 203 } 204 205 if( ! empty($redirect) ) 206 { 207 $redirect = '?redirect_to='.rawurlencode( url_rel_to_same_host( $redirect, $htsrv_url_sensitive ) ); 208 } 209 210 $r = $before; 211 $r .= '<a href="'.$htsrv_url_sensitive.'register.php'.$redirect.'" title="'.$link_title.'">'; 212 $r .= $link_text; 213 $r .= '</a>'; 214 $r .= $after; 215 return $r; 216 } 217 218 219 /** 220 * Template tag: Output a link to logout 221 */ 222 function user_logout_link( $before = '', $after = '', $link_text = '', $link_title = '#', $params = array() ) 223 { 224 echo get_user_logout_link( $before, $after, $link_text, $link_title, $params ); 225 } 226 227 228 /** 229 * Template tag: Get a link to logout 230 * 231 * @param string 232 * @param string 233 * @param string link text can include %s for current user login 234 * @return string 235 */ 236 function get_user_logout_link( $before = '', $after = '', $link_text = '', $link_title = '#', $params = array() ) 237 { 238 global $admin_url, $baseurl, $htsrv_url_sensitive, $current_User, $is_admin_page, $Blog; 239 240 if( ! is_logged_in() ) 241 { 242 return false; 243 } 244 245 if( $link_text == '' ) $link_text = T_('Logout'); 246 if( $link_title == '#' ) $link_title = T_('Logout from your account'); 247 248 if( $is_admin_page ) 249 { 250 if( isset( $Blog ) ) 251 { // Go to the home page of the blog that was being edited: 252 $redirect_to = $Blog->get( 'url' ); 253 } 254 else 255 { // We were not editing a blog... 256 // return to global home: 257 $redirect_to = url_rel_to_same_host( $baseurl, $htsrv_url_sensitive); 258 // Alternative: return to the login page (fp> a basic user would be pretty lost on that login page) 259 // $redirect_to = url_rel_to_same_host($admin_url, $htsrv_url_sensitive); 260 } 261 262 } 263 else 264 { // Return to current blog page: 265 $redirect_to = url_rel_to_same_host(regenerate_url('','','','&'), $htsrv_url_sensitive); 266 } 267 268 $r = $before; 269 $r .= '<a href="'.$htsrv_url_sensitive.'login.php?action=logout&redirect_to='.rawurlencode($redirect_to).'"'; 270 $r .= get_field_attribs_as_string( $params, false ); 271 $r .= ' title="'.$link_title.'">'; 272 $r .= sprintf( $link_text, $current_User->login ); 273 $r .= '</a>'; 274 $r .= $after; 275 return $r; 276 } 277 278 279 /** 280 * Template tag: Output a link to the backoffice. 281 * 282 * Usually provided in skins in order for newbies to find the admin interface more easily... 283 * 284 * @param string To be displayed before the link. 285 * @param string To be displayed after the link. 286 * @param string The page/controller to link to inside of {@link $admin_url} 287 * @param string Text for the link. 288 * @param string Title for the link. 289 */ 290 function user_admin_link( $before = '', $after = '', $link_text = '', $link_title = '#', $not_visible = '' ) 291 { 292 echo get_user_admin_link( $before, $after, $link_text, $link_title, $not_visible ); 293 } 294 295 296 /** 297 * Template tag: Get a link to the backoffice. 298 * 299 * Usually provided in skins in order for newbies to find the admin interface more easily... 300 * 301 * @param string To be displayed before the link. 302 * @param string To be displayed after the link. 303 * @param string The page/controller to link to inside of {@link $admin_url} 304 * @param string Text for the link. 305 * @param string Title for the link. 306 * @return string 307 */ 308 function get_user_admin_link( $before = '', $after = '', $link_text = '', $link_title = '#', $not_visible = '' ) 309 { 310 global $admin_url, $blog, $current_User; 311 312 if( is_logged_in() && ! $current_User->check_perm( 'admin', 'visible' ) ) 313 { // If user should NOT see admin link: 314 return $not_visible; 315 } 316 317 if( $link_text == '' ) $link_text = T_('Admin'); 318 if( $link_title == '#' ) $link_title = T_('Go to the back-office...'); 319 // add the blog param to $page if it is not already in there 320 321 if( !empty( $blog ) ) 322 { 323 $url = url_add_param( $admin_url, 'blog='.$blog ); 324 } 325 else 326 { 327 $url = $admin_url; 328 } 329 330 $r = $before; 331 $r .= '<a href="'.$url.'" title="'.$link_title.'">'; 332 $r .= $link_text; 333 $r .= '</a>'; 334 $r .= $after; 335 return $r; 336 } 337 338 339 /** 340 * Template tag: Display a link to user profile 341 */ 342 function user_profile_link( $before = '', $after = '', $link_text = '', $link_title = '#' ) 343 { 344 echo get_user_profile_link( $before, $after, $link_text, $link_title ); 345 } 346 347 348 /** 349 * Template tag: Get a link to user profile 350 * 351 * @return string|false 352 */ 353 function get_user_profile_link( $before = '', $after = '', $link_text = '', $link_title = '#' ) 354 { 355 global $current_User, $Blog, $is_admin_page, $admin_url; 356 357 if( ! is_logged_in() ) 358 { 359 return false; 360 } 361 362 if( $link_text == '' ) 363 { 364 $link_text = T_('Profile'); 365 } 366 else 367 { 368 $link_text = str_replace( '%s', $current_User->login, $link_text ); 369 } 370 if( $link_title == '#' ) $link_title = T_('Edit your profile'); 371 372 if( $is_admin_page || empty( $Blog ) ) 373 { 374 $url = $admin_url.'?ctrl=users&user_ID='.$current_User->ID; 375 } 376 else 377 { 378 $url = url_add_param( $Blog->gen_blogurl(), 'disp=profile&redirect_to='.rawurlencode( url_rel_to_same_host(regenerate_url('','','','&'), $Blog->gen_blogurl()) ) ); 379 } 380 381 $r = $before 382 .'<a href="'.$url.'" title="'.$link_title.'">' 383 .sprintf( $link_text, $current_User->login ) 384 .'</a>' 385 .$after; 386 387 return $r; 388 } 389 390 391 /** 392 * Template tag: Provide a link to subscription screen 393 */ 394 function user_subs_link( $before = '', $after = '', $link_text = '', $link_title = '#' ) 395 { 396 global $current_User, $Blog, $is_admin_page; 397 398 if( ! is_logged_in() || $is_admin_page ) 399 { 400 return false; 401 } 402 403 if( empty( $Blog ) || ! $Blog->get_setting( 'allow_subscriptions' ) ) 404 { 405 return false; 406 } 407 408 if( $link_text == '' ) $link_text = T_('Subscribe'); 409 if( $link_title == '#' ) $link_title = T_('Subscribe to email notifications'); 410 411 echo $before; 412 echo '<a href="'.url_add_param( $Blog->gen_blogurl(), 'disp=subs&redirect_to='.rawurlencode( url_rel_to_same_host(regenerate_url('','','','&'), $Blog->gen_blogurl())) ) 413 .'" title="', $link_title, '">'; 414 printf( $link_text, $current_User->login ); 415 echo '</a>'; 416 echo $after; 417 } 418 419 420 /** 421 * Template tag: Display the user's preferred name 422 * 423 * Used in result lists. 424 * 425 * @param integer user ID 426 */ 427 function user_preferredname( $user_ID ) 428 { 429 $UserCache = & get_Cache( 'UserCache' ); 430 if( !empty( $user_ID ) 431 && ($User = & $UserCache->get_by_ID( $user_ID )) ) 432 { 433 $User->disp('preferredname'); 434 } 435 } 436 437 438 /** 439 * Check profile parameters and add errors through {@link param_error()}. 440 * 441 * @param array associative array. 442 * Either array( $value, $input_name ) or just $value; 443 * ($input_name gets used for associating it to a form fieldname) 444 * - 'login': check for non-empty 445 * - 'nickname': check for non-empty 446 * - 'icq': must be a number 447 * - 'email': mandatory, must be well formed 448 * - 'url': must be well formed, in allowed scheme, not blacklisted 449 * - 'pass1' / 'pass2': passwords (twice), must be the same and not == login (if given) 450 * - 'pass_required': false/true (default is true) 451 * @param User|NULL A user to use for additional checks (password != login/nick). 452 */ 453 function profile_check_params( $params, $User = NULL ) 454 { 455 global $Messages, $Settings, $comments_allowed_uri_scheme; 456 457 foreach( $params as $k => $v ) 458 { 459 // normalize params: 460 if( $k != 'pass_required' && ! is_array($v) ) 461 { 462 $params[$k] = array($v, $k); 463 } 464 } 465 466 // checking login has been typed: 467 if( isset($params['login']) && empty($params['login'][0]) ) 468 { 469 param_error( 'login', T_('Please enter a login.') ); 470 } 471 472 // checking the nickname has been typed 473 if( isset($params['nickname']) && empty($params['nickname'][0]) ) 474 { 475 param_error($params['nickname'][1], T_('Please enter a nickname (can be the same as your login).') ); 476 } 477 478 // if the ICQ UIN has been entered, check to see if it has only numbers 479 if( !empty($params['icq'][0]) ) 480 { 481 if( !preg_match( '#^[0-9]+$#', $params['icq'][0]) ) 482 { 483 param_error( $params['icq'][1], T_('The ICQ UIN can only be a number, no letters allowed.') ); 484 } 485 } 486 487 // checking e-mail address 488 if( isset($params['email'][0]) ) 489 { 490 if( empty($params['email'][0]) ) 491 { 492 param_error( $params['email'][1], T_('Please enter an e-mail address.') ); 493 } 494 elseif( !is_email($params['email'][0]) ) 495 { 496 param_error( $params['email'][1], T_('The email address is invalid.') ); 497 } 498 } 499 500 // Checking URL: 501 if( isset($params['url']) ) 502 { 503 if( $error = validate_url( $params['url'][0], $comments_allowed_uri_scheme ) ) 504 { 505 param_error( $params['url'][1], T_('Supplied URL is invalid: ').$error ); 506 } 507 } 508 509 // Check passwords: 510 511 $pass_required = isset( $params['pass_required'] ) ? $params['pass_required'] : true; 512 513 if( isset($params['pass1'][0]) && isset($params['pass2'][0]) ) 514 { 515 if( $pass_required || !empty($params['pass1'][0]) || !empty($params['pass2'][0]) ) 516 { // Password is required or was given 517 // checking the password has been typed twice 518 if( empty($params['pass1'][0]) || empty($params['pass2'][0]) ) 519 { 520 param_error( $params['pass2'][1], T_('Please enter your password twice.') ); 521 } 522 523 // checking the password has been typed twice the same: 524 if( $params['pass1'][0] !== $params['pass2'][0] ) 525 { 526 param_error( $params['pass1'][1], T_('You typed two different passwords.') ); 527 } 528 elseif( strlen($params['pass1'][0]) < $Settings->get('user_minpwdlen') ) 529 { 530 param_error( $params['pass1'][1], sprintf( T_('The minimum password length is %d characters.'), $Settings->get('user_minpwdlen')) ); 531 } 532 elseif( isset($User) && $params['pass1'][0] == $User->get('login') ) 533 { 534 param_error( $params['pass1'][1], T_('The password must be different from your login.') ); 535 } 536 elseif( isset($User) && $params['pass1'][0] == $User->get('nickname') ) 537 { 538 param_error( $params['pass1'][1], T_('The password must be different from your nickname.') ); 539 } 540 } 541 } 542 } 543 544 545 /* 546 * $Log: _user.funcs.php,v $ 547 * Revision 1.3 2007/09/28 02:17:48 fplanque 548 * Menu widgets 549 * 550 * Revision 1.2 2007/07/01 03:57:20 fplanque 551 * toolbar eveywhere 552 * 553 * Revision 1.1 2007/06/25 11:01:47 fplanque 554 * MODULES (refactored MVC) 555 * 556 * Revision 1.30 2007/05/28 15:18:31 fplanque 557 * cleanup 558 * 559 * Revision 1.29 2007/04/26 00:11:11 fplanque 560 * (c) 2007 561 * 562 * Revision 1.28 2007/03/25 13:19:17 fplanque 563 * temporarily disabled dynamic and static urls. 564 * may become permanent in favor of a caching mechanism. 565 * 566 * Revision 1.27 2007/03/06 12:23:38 fplanque 567 * bugfix 568 * 569 * Revision 1.26 2007/03/04 05:24:52 fplanque 570 * some progress on the toolbar menu 571 * 572 * Revision 1.25 2007/01/29 09:58:55 fplanque 573 * enhanced toolbar - experimental 574 * 575 * Revision 1.24 2007/01/28 17:53:09 fplanque 576 * changes for 2.0 skin structure 577 * 578 * Revision 1.23 2007/01/27 19:57:12 blueyed 579 * Use param_error() in profile_check_params() 580 * 581 * Revision 1.22 2007/01/20 00:38:39 blueyed 582 * todo 583 * 584 * Revision 1.21 2007/01/19 03:06:57 fplanque 585 * Changed many little thinsg in the login procedure. 586 * There may be new bugs, sorry. I tested this for several hours though. 587 * More refactoring to be done. 588 * 589 * Revision 1.20 2006/12/19 20:48:28 blueyed 590 * MFB: Use relative URL for "redirect_to" in get_user_profile_link(). See http://forums.b2evolution.net/viewtopic.php?p=48686#48686 591 * 592 * Revision 1.19 2006/12/16 01:30:46 fplanque 593 * Setting to allow/disable email subscriptions on a per blog basis 594 * 595 * Revision 1.18 2006/11/24 18:27:25 blueyed 596 * Fixed link to b2evo CVS browsing interface in file docblocks 597 * 598 * Revision 1.17 2006/10/23 22:19:02 blueyed 599 * Fixed/unified encoding of redirect_to param. Use just rawurlencode() and no funky & replacements 600 * 601 * Revision 1.16 2006/10/15 21:36:08 blueyed 602 * Use url_rel_to_same_host() for redirect_to params. 603 */ 604 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 23:58:50 2007 | par Balluche grâce à PHPXref 0.7 |
|
|