| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | users.php | 8 // | | 9 // | User authentication module. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // +---------------------------------------------------------------------------+ 18 // | | 19 // | This program is free software; you can redistribute it and/or | 20 // | modify it under the terms of the GNU General Public License | 21 // | as published by the Free Software Foundation; either version 2 | 22 // | of the License, or (at your option) any later version. | 23 // | | 24 // | This program is distributed in the hope that it will be useful, | 25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 27 // | GNU General Public License for more details. | 28 // | | 29 // | You should have received a copy of the GNU General Public License | 30 // | along with this program; if not, write to the Free Software Foundation, | 31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 32 // | | 33 // +---------------------------------------------------------------------------+ 34 // 35 // $Id: users.php,v 1.150 2006/12/09 19:18:08 dhaun Exp $ 36 37 /** 38 * This file handles user authentication 39 * 40 * @author Tony Bibbs <tony@tonybibbs.com> 41 * @author Mark Limburg <mlimburg@users.sourceforge.net> 42 * @author Jason Whittenburg 43 * 44 */ 45 46 /** 47 * Geeklog common function library 48 */ 49 require_once ('lib-common.php'); 50 require_once ($_CONF['path_system'] . 'lib-user.php'); 51 $VERBOSE = false; 52 53 // Uncomment the line below if you need to debug the HTTP variables being passed 54 // to the script. This will sometimes cause errors but it will allow you to see 55 // the data being passed in a POST operation 56 57 // echo COM_debug($_POST); 58 59 /** 60 * Shows a profile for a user 61 * 62 * This grabs the user profile for a given user and displays it 63 * 64 * @param int $user User ID of profile to get 65 * @param int $msg Message to display (if != 0) 66 * @return string HTML for user profile page 67 * 68 */ 69 function userprofile ($user, $msg = 0) 70 { 71 global $_CONF, $_TABLES, $_USER, $LANG01, $LANG04, $LANG09, $LANG28, $LANG_LOGIN; 72 73 $retval = ''; 74 if (empty ($_USER['username']) && 75 (($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) { 76 $retval .= COM_siteHeader ('menu', $LANG_LOGIN[1]); 77 $retval .= COM_startBlock ($LANG_LOGIN[1], '', 78 COM_getBlockTemplate ('_msg_block', 'header')); 79 $login = new Template($_CONF['path_layout'] . 'submit'); 80 $login->set_file (array ('login'=>'submitloginrequired.thtml')); 81 $login->set_var ('login_message', $LANG_LOGIN[2]); 82 $login->set_var ('site_url', $_CONF['site_url']); 83 $login->set_var ('lang_login', $LANG_LOGIN[3]); 84 $login->set_var ('lang_newuser', $LANG_LOGIN[4]); 85 $login->parse ('output', 'login'); 86 $retval .= $login->finish ($login->get_var('output')); 87 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 88 $retval .= COM_siteFooter (); 89 90 return $retval; 91 } 92 93 $result = DB_query ("SELECT {$_TABLES['users']}.uid,username,fullname,regdate,homepage,about,location,pgpkey,photo,email,status FROM {$_TABLES['userinfo']},{$_TABLES['users']} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user"); 94 $nrows = DB_numRows ($result); 95 if ($nrows == 0) { // no such user 96 return COM_refresh ($_CONF['site_url'] . '/index.php'); 97 } 98 $A = DB_fetchArray ($result); 99 100 if ($A['status'] == USER_ACCOUNT_DISABLED && !SEC_hasRights ('user.edit')) { 101 COM_displayMessageAndAbort (30, '', 403, 'Forbidden'); 102 } 103 104 $display_name = COM_getDisplayName ($user, $A['username'], $A['fullname']); 105 106 $retval .= COM_siteHeader ('menu', $LANG04[1] . ' ' . $display_name); 107 if ($msg > 0) { 108 $retval .= COM_showMessage ($msg); 109 } 110 111 // format date/time to user preference 112 $curtime = COM_getUserDateTimeFormat ($A['regdate']); 113 $A['regdate'] = $curtime[0]; 114 115 $user_templates = new Template ($_CONF['path_layout'] . 'users'); 116 $user_templates->set_file (array ('profile' => 'profile.thtml', 117 'row' => 'commentrow.thtml', 118 'strow' => 'storyrow.thtml')); 119 $user_templates->set_var ('site_url', $_CONF['site_url']); 120 $user_templates->set_var ('start_block_userprofile', 121 COM_startBlock ($LANG04[1] . ' ' . $display_name)); 122 $user_templates->set_var ('end_block', COM_endBlock ()); 123 $user_templates->set_var ('lang_username', $LANG04[2]); 124 125 if ($_CONF['show_fullname'] == 1) { 126 if (empty ($A['fullname'])) { 127 $username = $A['username']; 128 $fullname = ''; 129 } else { 130 $username = $A['fullname']; 131 $fullname = $A['username']; 132 } 133 } else { 134 $username = $A['username']; 135 $fullname = $A['fullname']; 136 } 137 138 if ($A['status'] == USER_ACCOUNT_DISABLED) { 139 $username = sprintf ('<s title="%s">%s</s>', $LANG28[42], $username); 140 if (!empty ($fullname)) { 141 $fullname = sprintf ('<s title="%s">%s</s>', $LANG28[42], $fullname); 142 } 143 } 144 145 $user_templates->set_var ('username', $username); 146 $user_templates->set_var ('user_fullname', $fullname); 147 148 if (SEC_hasRights ('user.edit')) { 149 global $_IMAGE_TYPE, $LANG_ADMIN; 150 151 $edit_icon = '<img src="' . $_CONF['layout_url'] . '/images/edit.' 152 . $_IMAGE_TYPE . '" border="0" alt="' . $LANG_ADMIN['edit'] 153 . '" title="' . $LANG_ADMIN['edit'] . '">'; 154 $edit_link_url = '<a href="' . $_CONF['site_admin_url'] 155 . '/user.php?mode=edit&uid=' . $A['uid'] .'">' 156 . $edit_icon . '</a>'; 157 $user_templates->set_var ('edit_icon', $edit_icon); 158 $user_templates->set_var ('edit_link', $edit_link_url); 159 $user_templates->set_var ('user_edit', $edit_link_url); 160 } 161 162 if (isset ($A['photo']) && empty ($A['photo'])) { 163 $A['photo'] = '(none)'; // user does not have a photo 164 } 165 $photo = USER_getPhoto ($user, $A['photo'], $A['email'], -1); 166 $user_templates->set_var ('user_photo', $photo); 167 168 $user_templates->set_var ('lang_membersince', $LANG04[67]); 169 $user_templates->set_var ('user_regdate', $A['regdate']); 170 $user_templates->set_var ('lang_email', $LANG04[5]); 171 $user_templates->set_var ('user_id', $user); 172 $user_templates->set_var ('lang_sendemail', $LANG04[81]); 173 $user_templates->set_var ('lang_homepage', $LANG04[6]); 174 $user_templates->set_var ('user_homepage', COM_killJS ($A['homepage'])); 175 $user_templates->set_var ('lang_location', $LANG04[106]); 176 $user_templates->set_var ('user_location', strip_tags ($A['location'])); 177 $user_templates->set_var ('lang_bio', $LANG04[7]); 178 $user_templates->set_var ('user_bio', nl2br (stripslashes ($A['about']))); 179 $user_templates->set_var ('lang_pgpkey', $LANG04[8]); 180 $user_templates->set_var ('user_pgp', nl2br ($A['pgpkey'])); 181 $user_templates->set_var ('start_block_last10stories', 182 COM_startBlock ($LANG04[82] . ' ' . $display_name)); 183 $user_templates->set_var ('start_block_last10comments', 184 COM_startBlock($LANG04[10] . ' ' . $display_name)); 185 $user_templates->set_var ('start_block_postingstats', 186 COM_startBlock ($LANG04[83] . ' ' . $display_name)); 187 $user_templates->set_var ('lang_title', $LANG09[16]); 188 $user_templates->set_var ('lang_date', $LANG09[17]); 189 190 // for alternative layouts: use these as headlines instead of block titles 191 $user_templates->set_var ('headline_last10stories', $LANG04[82]); 192 $user_templates->set_var ('headline_last10comments', $LANG04[10]); 193 $user_templates->set_var ('headline_postingstats', $LANG04[83]); 194 195 $result = DB_query ("SELECT tid FROM {$_TABLES['topics']}" 196 . COM_getPermSQL ()); 197 $nrows = DB_numRows ($result); 198 $tids = array (); 199 for ($i = 0; $i < $nrows; $i++) { 200 $T = DB_fetchArray ($result); 201 $tids[] = $T['tid']; 202 } 203 $topics = "'" . implode ("','", $tids) . "'"; 204 205 // list of last 10 stories by this user 206 if (sizeof ($tids) > 0) { 207 $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND'); 208 $sql .= " ORDER BY unixdate DESC LIMIT 10"; 209 $result = DB_query ($sql); 210 $nrows = DB_numRows ($result); 211 } else { 212 $nrows = 0; 213 } 214 if ($nrows > 0) { 215 for ($i = 0; $i < $nrows; $i++) { 216 $C = DB_fetchArray ($result); 217 $user_templates->set_var ('cssid', ($i % 2) + 1); 218 $user_templates->set_var ('row_number', ($i + 1) . '.'); 219 $articleUrl = COM_buildUrl ($_CONF['site_url'] 220 . '/article.php?story=' . $C['sid']); 221 $user_templates->set_var ('article_url', $articleUrl); 222 $user_templates->set_var ('story_begin_href', 223 '<a href="' . $articleUrl . '">'); 224 $C['title'] = str_replace ('$', '$', $C['title']); 225 $user_templates->set_var ('story_title', 226 stripslashes ($C['title'])); 227 $user_templates->set_var ('story_end_href', '</a>'); 228 $storytime = COM_getUserDateTimeFormat ($C['unixdate']); 229 $user_templates->set_var ('story_date', $storytime[0]); 230 $user_templates->parse ('story_row', 'strow', true); 231 } 232 } else { 233 $user_templates->set_var ('story_row', 234 '<tr><td>' . $LANG01[37] . '</td></tr>'); 235 } 236 237 // list of last 10 comments by this user 238 $sidArray = array(); 239 if (sizeof ($tids) > 0) { 240 // first, get a list of all stories the current visitor has access to 241 $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND (tid IN ($topics))" . COM_getPermSQL ('AND'); 242 $result = DB_query($sql); 243 $numsids = DB_numRows($result); 244 for ($i = 1; $i <= $numsids; $i++) { 245 $S = DB_fetchArray ($result); 246 $sidArray[] = $S['sid']; 247 } 248 } 249 250 $sidList = implode("', '",$sidArray); 251 $sidList = "'$sidList'"; 252 253 // then, find all comments by the user in those stories 254 $sql = "SELECT sid,title,cid,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = $user) GROUP BY sid,title,cid,UNIX_TIMESTAMP(date)"; 255 256 // SQL NOTE: Using a HAVING clause is usually faster than a where if the 257 // field is part of the select 258 // if (!empty ($sidList)) { 259 // $sql .= " AND (sid in ($sidList))"; 260 // } 261 if (!empty ($sidList)) { 262 $sql .= " HAVING sid in ($sidList)"; 263 } 264 $sql .= " ORDER BY unixdate DESC LIMIT 10"; 265 266 $result = DB_query($sql); 267 $nrows = DB_numRows($result); 268 if ($nrows > 0) { 269 for ($i = 0; $i < $nrows; $i++) { 270 $C = DB_fetchArray ($result); 271 $user_templates->set_var ('cssid', ($i % 2) + 1); 272 $user_templates->set_var ('row_number', ($i + 1) . '.'); 273 $user_templates->set_var ('comment_begin_href', 274 '<a href="' . $_CONF['site_url'] . 275 '/comment.php?mode=view&cid=' . $C['cid']. '">'); 276 $C['title'] = str_replace ('$', '$', $C['title']); 277 $user_templates->set_var ('comment_title', 278 stripslashes ($C['title'])); 279 $user_templates->set_var ('comment_end_href', '</a>'); 280 $commenttime = COM_getUserDateTimeFormat ($C['unixdate']); 281 $user_templates->set_var ('comment_date', $commenttime[0]); 282 $user_templates->parse ('comment_row', 'row', true); 283 } 284 } else { 285 $user_templates->set_var('comment_row','<tr><td>' . $LANG01[29] . '</td></tr>'); 286 } 287 288 // posting stats for this user 289 $user_templates->set_var ('lang_number_stories', $LANG04[84]); 290 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL ('AND'); 291 $result = DB_query($sql); 292 $N = DB_fetchArray ($result); 293 $user_templates->set_var ('number_stories', COM_numberFormat ($N['count'])); 294 $user_templates->set_var ('lang_number_comments', $LANG04[85]); 295 $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['comments']} WHERE (uid = $user)"; 296 if (!empty ($sidList)) { 297 $sql .= " AND (sid in ($sidList))"; 298 } 299 $result = DB_query ($sql); 300 $N = DB_fetchArray ($result); 301 $user_templates->set_var ('number_comments', COM_numberFormat($N['count'])); 302 $user_templates->set_var ('lang_all_postings_by', 303 $LANG04[86] . ' ' . $display_name); 304 305 // Call custom registration function if enabled and exists 306 if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userDisplay') ) { 307 $user_templates->set_var ('customfields', CUSTOM_userDisplay ($user)); 308 } 309 PLG_profileVariablesDisplay ($user, $user_templates); 310 311 $user_templates->parse ('output', 'profile'); 312 $retval .= $user_templates->finish ($user_templates->get_var ('output')); 313 314 $retval .= PLG_profileBlocksDisplay ($user); 315 $retval .= COM_siteFooter (); 316 317 return $retval; 318 } 319 320 /** 321 * Emails password to a user 322 * 323 * This will email the given user their password. 324 * 325 * @param string $username Username for which to get and email password 326 * @param int $msg Message number of message to show when done 327 * @return string Optionally returns the HTML for the default form if the user info can't be found 328 * 329 */ 330 function emailpassword ($username, $msg = 0) 331 { 332 global $_CONF, $_TABLES, $LANG04; 333 334 $retval = ''; 335 336 $username = addslashes ($username); 337 // don't retrieve any remote users! 338 $result = DB_query ("SELECT uid,email,status FROM {$_TABLES['users']} WHERE username = '$username' AND ((remoteservice is null) OR (remoteservice = ''))"); 339 $nrows = DB_numRows ($result); 340 if ($nrows == 1) { 341 $A = DB_fetchArray ($result); 342 if (($_CONF['usersubmission'] == 1) && ($A['status'] == USER_ACCOUNT_AWAITING_APPROVAL)) 343 { 344 return COM_refresh ($_CONF['site_url'] . '/index.php?msg=48'); 345 } 346 347 USER_createAndSendPassword ($username, $A['email'], $A['uid']); 348 349 if ($msg) { 350 $retval = COM_refresh ("{$_CONF['site_url']}/index.php?msg=$msg"); 351 } else { 352 $retval = COM_refresh ("{$_CONF['site_url']}/index.php?msg=1"); 353 } 354 } else { 355 $retval = COM_siteHeader ('menu', $LANG04[17]) 356 . defaultform ($LANG04[17]) 357 . COM_siteFooter (); 358 } 359 360 return $retval; 361 } 362 363 /** 364 * User request for a new password - send email with a link and request id 365 * 366 * @param username string name of user who requested the new password 367 * @param msg int index of message to display (if any) 368 * @return string form or meta redirect 369 * 370 */ 371 function requestpassword ($username, $msg = 0) 372 { 373 global $_CONF, $_TABLES, $LANG04; 374 375 $retval = ''; 376 377 // no remote users! 378 $result = DB_query ("SELECT uid,email,passwd,status FROM {$_TABLES['users']} WHERE username = '$username' AND ((remoteservice IS NULL) OR (remoteservice=''))"); 379 $nrows = DB_numRows ($result); 380 if ($nrows == 1) { 381 $A = DB_fetchArray ($result); 382 if (($_CONF['usersubmission'] == 1) && ($A['status'] == USER_ACCOUNT_AWAITING_APPROVAL)) { 383 return COM_refresh ($_CONF['site_url'] . '/index.php?msg=48'); 384 } 385 $reqid = substr (md5 (uniqid (rand (), 1)), 1, 16); 386 DB_change ($_TABLES['users'], 'pwrequestid', "$reqid", 387 'uid', $A['uid']); 388 389 $mailtext = sprintf ($LANG04[88], $username); 390 $mailtext .= $_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . $A['uid'] . '&rid=' . $reqid . "\n\n"; 391 $mailtext .= $LANG04[89]; 392 $mailtext .= "{$_CONF['site_name']}\n"; 393 $mailtext .= "{$_CONF['site_url']}\n"; 394 395 $subject = $_CONF['site_name'] . ': ' . $LANG04[16]; 396 COM_mail ($A['email'], $subject, $mailtext); 397 398 if ($msg) { 399 $retval .= COM_refresh ($_CONF['site_url'] . "/index.php?msg=$msg"); 400 } else { 401 $retval .= COM_refresh ($_CONF['site_url'] . '/index.php'); 402 } 403 COM_updateSpeedlimit ('password'); 404 } else { 405 $retval .= COM_siteHeader ('menu', $LANG04[17]) 406 . defaultform ($LANG04[17]) . COM_siteFooter (); 407 } 408 409 return $retval; 410 } 411 412 /** 413 * Display a form where the user can enter a new password. 414 * 415 * @param uid int user id 416 * @param requestid string request id for password change 417 * @return string new password form 418 * 419 */ 420 function newpasswordform ($uid, $requestid) 421 { 422 global $_CONF, $_TABLES, $LANG04; 423 424 $pwform = new Template ($_CONF['path_layout'] . 'users'); 425 $pwform->set_file (array ('newpw' => 'newpassword.thtml')); 426 $pwform->set_var ('site_url', $_CONF['site_url']); 427 $pwform->set_var ('layout_url', $_CONF['layout_url']); 428 429 $pwform->set_var ('user_id', $uid); 430 $pwform->set_var ('user_name', DB_getItem ($_TABLES['users'], 'username', 431 "uid = '{$uid}'")); 432 $pwform->set_var ('request_id', $requestid); 433 434 $pwform->set_var ('lang_explain', $LANG04[90]); 435 $pwform->set_var ('lang_username', $LANG04[2]); 436 $pwform->set_var ('lang_newpassword', $LANG04[4]); 437 $pwform->set_var ('lang_newpassword_conf', $LANG04[108]); 438 $pwform->set_var ('lang_setnewpwd', $LANG04[91]); 439 440 $retval = COM_startBlock ($LANG04[92]); 441 $retval .= $pwform->finish ($pwform->parse ('output', 'newpw')); 442 $retval .= COM_endBlock (); 443 444 return $retval; 445 } 446 447 /** 448 * Creates a user 449 * 450 * Creates a user with the give username and email address 451 * 452 * @param string $username username to create user for 453 * @param string $email email address to assign to user 454 * @param string $email_conf confirmation email address check 455 * @return string HTML for the form again if error occurs, otherwise nothing. 456 * 457 */ 458 function createuser ($username, $email, $email_conf) 459 { 460 global $_CONF, $_TABLES, $LANG01, $LANG04; 461 462 $retval = ''; 463 464 $username = trim ($username); 465 $email = trim ($email); 466 $email_conf = trim ($email_conf); 467 468 if (!isset ($_CONF['disallow_domains'])) { 469 $_CONF['disallow_domains'] = ''; 470 } 471 472 if (COM_isEmail ($email) && !empty ($username) && ($email === $email_conf) 473 && !USER_emailMatches ($email, $_CONF['disallow_domains'])) { 474 475 $ucount = DB_count ($_TABLES['users'], 'username', 476 addslashes ($username)); 477 $ecount = DB_count ($_TABLES['users'], 'email', addslashes ($email)); 478 479 if ($ucount == 0 AND $ecount == 0) { 480 481 // For Geeklog, it would be okay to create this user now. But check 482 // with a custom userform first, if one exists. 483 if ($_CONF['custom_registration'] && 484 function_exists ('CUSTOM_userCheck')) { 485 $msg = CUSTOM_userCheck ($username, $email); 486 if (!empty ($msg)) { 487 // no, it's not okay with the custom userform 488 $retval = COM_siteHeader ('menu') 489 . CUSTOM_userForm ($msg) 490 . COM_siteFooter (); 491 492 return $retval; 493 } 494 } 495 496 // Let plugins have a chance to decide what to do before creating the user, return errors. 497 $msg = PLG_itemPreSave ('registration', $username); 498 if (!empty ($msg)) { 499 $retval .= COM_siteHeader ('menu', $LANG04[22]); 500 if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userForm')) { 501 $retval .= CUSTOM_userForm ($msg); 502 } else { 503 $retval .= newuserform ($msg); 504 } 505 $retval .= COM_siteFooter(); 506 507 return $retval; 508 } 509 510 $uid = USER_createAccount ($username, $email); 511 512 if ($_CONF['usersubmission'] == 1) { 513 if (DB_getItem ($_TABLES['users'], 'status', "uid = $uid") 514 == USER_ACCOUNT_AWAITING_APPROVAL) { 515 $retval = COM_refresh ($_CONF['site_url'] 516 . '/index.php?msg=48'); 517 } else { 518 $retval = emailpassword ($username, 1); 519 } 520 } else { 521 $retval = emailpassword ($username, 1); 522 } 523 524 return $retval; 525 } else { 526 $retval .= COM_siteHeader ('menu', $LANG04[22]); 527 if ($_CONF['custom_registration'] && 528 function_exists ('CUSTOM_userForm')) { 529 $retval .= CUSTOM_userForm ($LANG04[19]); 530 } else { 531 $retval .= newuserform ($LANG04[19]); 532 } 533 $retval .= COM_siteFooter (); 534 } 535 } else if ($email !== $email_conf) { 536 $msg = $LANG04[125]; 537 $retval .= COM_siteHeader ('menu', $LANG04[22]); 538 if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { 539 $retval .= CUSTOM_userForm ($msg); 540 } else { 541 $retval .= newuserform ($msg); 542 } 543 $retval .= COM_siteFooter(); 544 } else { // invalid username or email address 545 546 if (empty ($username)) { 547 $msg = $LANG01[32]; // invalid username 548 } else { 549 $msg = $LANG04[18]; // invalid email address 550 } 551 $retval .= COM_siteHeader ('menu', $LANG04[22]); 552 if ($_CONF['custom_registration'] && function_exists('CUSTOM_userForm')) { 553 $retval .= CUSTOM_userForm ($msg); 554 } else { 555 $retval .= newuserform ($msg); 556 } 557 $retval .= COM_siteFooter(); 558 } 559 560 return $retval; 561 } 562 563 /** 564 * Shows the user login form after failed attempts to either login or access a page 565 * requiring login. 566 * 567 * @return string HTML for login form 568 * 569 */ 570 function loginform ($hide_forgotpw_link = false, $statusmode = -1) 571 { 572 global $_CONF, $LANG04; 573 574 $retval = ''; 575 576 $user_templates = new Template ($_CONF['path_layout'] . 'users'); 577 $user_templates->set_file('login', 'loginform.thtml'); 578 $user_templates->set_var('site_url', $_CONF['site_url']); 579 if ($statusmode == 0) { 580 $user_templates->set_var('start_block_loginagain', COM_startBlock($LANG04[114])); 581 $user_templates->set_var('lang_message', $LANG04[115]); 582 } elseif ($statusmode == 2) { 583 $user_templates->set_var('start_block_loginagain', COM_startBlock($LANG04[116])); 584 $user_templates->set_var('lang_message', $LANG04[117]); 585 } else { 586 $user_templates->set_var('start_block_loginagain', COM_startBlock($LANG04[65])); 587 if ($_CONF['disable_new_user_registration']) { 588 $user_templates->set_var('lang_newreglink', ''); 589 } else { 590 $user_templates->set_var('lang_newreglink', $LANG04[123]); 591 } 592 $user_templates->set_var('lang_message', $LANG04[66]); 593 } 594 595 $user_templates->set_var('lang_username', $LANG04[2]); 596 $user_templates->set_var('lang_password', $LANG04[4]); 597 if ($hide_forgotpw_link) { 598 $user_templates->set_var('lang_forgetpassword', ''); 599 } else { 600 $user_templates->set_var('lang_forgetpassword', $LANG04[25]); 601 } 602 $user_templates->set_var('lang_login', $LANG04[80]); 603 $user_templates->set_var('end_block', COM_endBlock()); 604 if ($_CONF['remoteauthentication'] && !$_CONF['usersubmission']) { 605 /* Build select */ 606 $select = '<select name="service"><option value="">' . 607 $_CONF['site_name'] . '</option>'; 608 if (is_dir($_CONF['path_system'].'classes/authentication/')) { 609 610 $folder = opendir( $_CONF['path_system'].'classes/authentication/' ); 611 while (($filename = @readdir( $folder )) !== false) { 612 $strpos = strpos($filename, '.auth.class.php'); 613 if ($strpos) { 614 $service = substr($filename, 0, $strpos); 615 $select .= '<option value="'.$service.'">'.$service.'</option>'; 616 } 617 } 618 } 619 $select .= '</select>'; 620 $user_templates->set_file('services', 'services.thtml'); 621 $user_templates->set_var('lang_service', $LANG04[121]); 622 $user_templates->set_var('select_service', $select); 623 $user_templates->parse('output', 'services'); 624 $user_templates->set_var('services', $user_templates->finish($user_templates->get_var('output'))); 625 } else { 626 $user_templates->set_var('services', ''); 627 } 628 $user_templates->parse('output', 'login'); 629 $retval .= $user_templates->finish($user_templates->get_var('output')); 630 631 return $retval; 632 } 633 634 /** 635 * Shows the user registration form 636 * 637 * @param int $msg message number to show 638 * @param string $referrer page to send user to after registration 639 * @return string HTML for user registration page 640 */ 641 function newuserform ($msg = '') 642 { 643 global $_CONF, $LANG04; 644 645 $retval = ''; 646 647 if (!empty ($msg)) { 648 $retval .= COM_startBlock ($LANG04[21], '', 649 COM_getBlockTemplate ('_msg_block', 'header')) 650 . $msg 651 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 652 } 653 $user_templates = new Template($_CONF['path_layout'] . 'users'); 654 $user_templates->set_file('regform', 'registrationform.thtml'); 655 $user_templates->set_var('site_url', $_CONF['site_url']); 656 $user_templates->set_var('start_block', COM_startBlock($LANG04[22])); 657 $user_templates->set_var('lang_instructions', $LANG04[23]); 658 $user_templates->set_var('lang_username', $LANG04[2]); 659 $user_templates->set_var('lang_email', $LANG04[5]); 660 $user_templates->set_var('lang_email_conf', $LANG04[124]); 661 $user_templates->set_var('lang_warning', $LANG04[24]); 662 $user_templates->set_var('lang_register', $LANG04[27]); 663 PLG_templateSetVars ('registration', $user_templates); 664 $user_templates->set_var('end_block', COM_endBlock()); 665 666 $username = ''; 667 if (!empty ($_POST['username'])) { 668 $username = COM_applyFilter ($_POST['username']); 669 } 670 $user_templates->set_var ('username', $username); 671 672 $email = ''; 673 if (!empty ($_POST['email'])) { 674 $email = COM_applyFilter ($_POST['email']); 675 } 676 $user_templates->set_var ('email', $email); 677 678 $email_conf = ''; 679 if (!empty ($_POST['email_conf'])) { 680 $email_conf = COM_applyFilter ($_POST['email_conf']); 681 } 682 $user_templates->set_var ('email_conf', $email_conf); 683 684 685 $user_templates->parse('output', 'regform'); 686 $retval .= $user_templates->finish($user_templates->get_var('output')); 687 688 return $retval; 689 } 690 691 /** 692 * Shows the password retrieval form 693 * 694 * @return string HTML for form used to retrieve user's password 695 * 696 */ 697 function getpasswordform() 698 { 699 global $_CONF, $LANG04; 700 701 $retval = ''; 702 703 $user_templates = new Template($_CONF['path_layout'] . 'users'); 704 $user_templates->set_file('form', 'getpasswordform.thtml'); 705 $user_templates->set_var('site_url', $_CONF['site_url']); 706 $user_templates->set_var('start_block_forgetpassword', COM_startBlock($LANG04[25])); 707 $user_templates->set_var('lang_instructions', $LANG04[26]); 708 $user_templates->set_var('lang_username', $LANG04[2]); 709 $user_templates->set_var('lang_email', $LANG04[5]); 710 $user_templates->set_var('lang_emailpassword', $LANG04[28]); 711 $user_templates->set_var('end_block', COM_endBlock()); 712 $user_templates->parse('output', 'form'); 713 714 $retval .= $user_templates->finish($user_templates->get_var('output')); 715 716 return $retval; 717 } 718 719 /** 720 * Account does not exist - show both the login and register forms 721 * 722 * @param string $msg message to display if one is needed 723 * @return string HTML for form 724 * 725 */ 726 function defaultform ($msg) 727 { 728 global $LANG04; 729 730 $retval = ''; 731 732 if (!empty ($msg)) { 733 $retval .= COM_startBlock ($LANG04[21], '', 734 COM_getBlockTemplate ('_msg_block', 'header')) 735 . $msg 736 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 737 } 738 739 $retval .= loginform (true); 740 741 $retval .= newuserform (); 742 743 $retval .= getpasswordform (); 744 745 return $retval; 746 } 747 748 749 // MAIN 750 if (isset ($_REQUEST['mode'])) { 751 $mode = $_REQUEST['mode']; 752 } else { 753 $mode = ''; 754 } 755 756 $display = ''; 757 758 switch ($mode) { 759 case 'logout': 760 if (!empty ($_USER['uid']) AND $_USER['uid'] > 1) { 761 SESS_endUserSession ($_USER['uid']); 762 PLG_logoutUser ($_USER['uid']); 763 } 764 setcookie ($_CONF['cookie_session'], '', time() - 10000, 765 $_CONF['cookie_path'], $_CONF['cookiedomain'], 766 $_CONF['cookiesecure']); 767 setcookie ($_CONF['cookie_password'], '', time() - 10000, 768 $_CONF['cookie_path'], $_CONF['cookiedomain'], 769 $_CONF['cookiesecure']); 770 setcookie ($_CONF['cookie_name'], '', time() - 10000, 771 $_CONF['cookie_path'], $_CONF['cookiedomain'], 772 $_CONF['cookiesecure']); 773 $display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8'); 774 break; 775 776 case 'profile': 777 $uid = COM_applyFilter ($_GET['uid'], true); 778 if (is_numeric ($uid) && ($uid > 0)) { 779 $msg = 0; 780 if (isset ($_GET['msg'])) { 781 $msg = COM_applyFilter ($_GET['msg'], true); 782 } 783 $display .= userprofile ($uid, $msg); 784 } else { 785 $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); 786 } 787 break; 788 789 case 'user': 790 $username = COM_applyFilter ($_GET['username']); 791 if (!empty ($username)) { 792 $username = addslashes ($username); 793 $uid = DB_getItem ($_TABLES['users'], 'uid', "username = '$username'"); 794 if ($uid > 1) { 795 $display .= userprofile ($uid); 796 } else { 797 $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); 798 } 799 } else { 800 $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); 801 } 802 break; 803 804 case 'create': 805 if ($_CONF['disable_new_user_registration']) { 806 $display .= COM_siteHeader ('menu', $LANG04[22]); 807 $display .= COM_startBlock ($LANG04[22], '', 808 COM_getBlockTemplate ('_msg_block', 'header')) 809 . $LANG04[122] 810 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 811 $display .= COM_siteFooter (); 812 } else { 813 $email = COM_applyFilter ($_POST['email']); 814 $email_conf = COM_applyFilter ($_POST['email_conf']); 815 $display .= createuser(COM_applyFilter ($_POST['username']), $email, $email_conf); 816 } 817 break; 818 819 case 'getpassword': 820 $display .= COM_siteHeader ('menu', $LANG04[25]); 821 if ($_CONF['passwordspeedlimit'] == 0) { 822 $_CONF['passwordspeedlimit'] = 300; // 5 minutes 823 } 824 COM_clearSpeedlimit ($_CONF['passwordspeedlimit'], 'password'); 825 $last = COM_checkSpeedlimit ('password'); 826 if ($last > 0) { 827 $display .= COM_startBlock ($LANG12[26], '', 828 COM_getBlockTemplate ('_msg_block', 'header')) 829 . sprintf ($LANG04[93], $last, $_CONF['passwordspeedlimit']) 830 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 831 } else { 832 $display .= getpasswordform (); 833 } 834 $display .= COM_siteFooter (); 835 break; 836 837 case 'newpwd': 838 $uid = COM_applyFilter ($_GET['uid'], true); 839 $reqid = COM_applyFilter ($_GET['rid']); 840 if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) && 841 !empty ($reqid) && (strlen ($reqid) == 16)) { 842 $valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'), 843 array ($uid, $reqid)); 844 if ($valid == 1) { 845 $display .= COM_siteHeader ('menu', $LANG04[92]); 846 $display .= newpasswordform ($uid, $reqid); 847 $display .= COM_siteFooter (); 848 } else { // request invalid or expired 849 $display .= COM_siteHeader ('menu', $LANG04[25]); 850 $display .= COM_showMessage (54); 851 $display .= getpasswordform (); 852 $display .= COM_siteFooter (); 853 } 854 } else { 855 // this request doesn't make sense - ignore it 856 $display = COM_refresh ($_CONF['site_url']); 857 } 858 break; 859 860 case 'setnewpwd': 861 if ( (empty ($_POST['passwd'])) 862 or ($_POST['passwd'] != $_POST['passwd_conf']) ) { 863 $display = COM_refresh ($_CONF['site_url'] 864 . '/users.php?mode=newpwd&uid=' . $_POST['uid'] 865 . '&rid=' . $_POST['rid']); 866 } else { 867 $uid = COM_applyFilter ($_POST['uid'], true); 868 $reqid = COM_applyFilter ($_POST['rid']); 869 if (!empty ($uid) && is_numeric ($uid) && ($uid > 0) && 870 !empty ($reqid) && (strlen ($reqid) == 16)) { 871 $valid = DB_count ($_TABLES['users'], array ('uid', 'pwrequestid'), 872 array ($uid, $reqid)); 873 if ($valid == 1) { 874 $passwd = md5 ($_POST['passwd']); 875 DB_change ($_TABLES['users'], 'passwd', "$passwd", 876 "uid", $uid); 877 DB_delete ($_TABLES['sessions'], 'uid', $uid); 878 DB_change ($_TABLES['users'], 'pwrequestid', "NULL", 879 'uid', $uid); 880 $display = COM_refresh ($_CONF['site_url'] . '/users.php?msg=53'); 881 } else { // request invalid or expired 882 $display .= COM_siteHeader ('menu', $LANG04[25]); 883 $display .= COM_showMessage (54); 884 $display .= getpasswordform (); 885 $display .= COM_siteFooter (); 886 } 887 } else { 888 // this request doesn't make sense - ignore it 889 $display = COM_refresh ($_CONF['site_url']); 890 } 891 } 892 break; 893 894 case 'emailpasswd': 895 if ($_CONF['passwordspeedlimit'] == 0) { 896 $_CONF['passwordspeedlimit'] = 300; // 5 minutes 897 } 898 COM_clearSpeedlimit ($_CONF['passwordspeedlimit'], 'password'); 899 $last = COM_checkSpeedlimit ('password'); 900 if ($last > 0) { 901 $display .= COM_siteHeader ('menu', $LANG12[26]) 902 . COM_startBlock ($LANG12[26], '', 903 COM_getBlockTemplate ('_msg_block', 'header')) 904 . sprintf ($LANG04[93], $last, $_CONF['passwordspeedlimit']) 905 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')) 906 . COM_siteFooter (); 907 } else { 908 $username = COM_applyFilter ($_POST['username']); 909 $email = COM_applyFilter ($_POST['email']); 910 if (empty ($username) && !empty ($email)) { 911 $username = DB_getItem ($_TABLES['users'], 'username', 912 "email = '$email' AND ((remoteservice IS NULL) OR (remoteservice = ''))"); 913 } 914 if (!empty ($username)) { 915 $display .= requestpassword ($username, 55); 916 } else { 917 $display = COM_refresh ($_CONF['site_url'] 918 . '/users.php?mode=getpassword'); 919 } 920 } 921 break; 922 923 case 'new': 924 $display .= COM_siteHeader ('menu', $LANG04[22]); 925 if ($_CONF['disable_new_user_registration']) { 926 $display .= COM_startBlock ($LANG04[22], '', 927 COM_getBlockTemplate ('_msg_block', 'header')) 928 . $LANG04[122] 929 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 930 } else { 931 // Call custom registration and account record create function 932 // if enabled and exists 933 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userForm'))) { 934 $display .= CUSTOM_userForm(); 935 } else { 936 $display .= newuserform(); 937 } 938 } 939 $display .= COM_siteFooter(); 940 break; 941 942 default: 943 944 // prevent dictionary attacks on passwords 945 COM_clearSpeedlimit($_CONF['login_speedlimit'], 'login'); 946 if ( COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0 ) { 947 if ($_CONF['custom_registration'] AND function_exists('CUSTOM_loginErrorHandler')) { 948 // Typically this will be used if you have a custom main site page and need to control the login process 949 $msg=82; 950 $display .= CUSTOM_loginErrorHandler($msg); 951 } else { 952 $retval .= COM_siteHeader('menu', $LANG12[26]) 953 . COM_startBlock ($LANG12[26], '', COM_getBlockTemplate ('_msg_block', 'header')) 954 . $LANG04[112] 955 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')) 956 . COM_siteFooter (); 957 echo $retval; 958 exit(); 959 } 960 } 961 962 $loginname = ''; 963 if (isset ($_POST['loginname'])) { 964 $loginname = COM_applyFilter ($_POST['loginname']); 965 } 966 $passwd = ''; 967 if (isset ($_POST['passwd'])) { 968 $passwd = $_POST['passwd']; 969 } 970 $service = ''; 971 if (isset ($_POST['service'])) { 972 $service = COM_applyFilter($_POST['service']); 973 } 974 $uid = ''; 975 if (!empty($loginname) && !empty($passwd) && empty($service)) { 976 $status = SEC_authenticate($loginname, $passwd, $uid); 977 } elseif(( $_CONF['usersubmission'] == 0) && $_CONF['remoteauthentication'] && ($service != '')) { 978 /* Distributed Authentication */ 979 //pass $loginname by ref so we can change it ;-) 980 $status = SEC_remoteAuthentication($loginname, $passwd, $service, $uid); 981 } else { 982 $status = -1; 983 } 984 985 if ($status == USER_ACCOUNT_ACTIVE) { // logged in AOK. 986 DB_change($_TABLES['users'],'pwrequestid',"NULL",'uid',$uid); 987 $userdata = SESS_getUserDataFromId($uid); 988 $_USER=$userdata; 989 $sessid = SESS_newSession($_USER['uid'], $_SERVER['REMOTE_ADDR'], $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); 990 SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); 991 PLG_loginUser ($_USER['uid']); 992 993 // Now that we handled session cookies, handle longterm cookie 994 if (!isset($_COOKIE[$_CONF['cookie_name']]) || !isset($_COOKIE['password'])) { 995 // Either their cookie expired or they are new 996 $cooktime = COM_getUserCookieTimeout(); 997 if ($VERBOSE) { 998 COM_errorLog("Trying to set permanent cookie with time of $cooktime",1); 999 } 1000 if ($cooktime > 0) { 1001 // They want their cookie to persist for some amount of time so set it now 1002 if ($VERBOSE) { 1003 COM_errorLog('Trying to set permanent cookie',1); 1004 } 1005 setcookie ($_CONF['cookie_name'], $_USER['uid'], 1006 time() + $cooktime, $_CONF['cookie_path'], 1007 $_CONF['cookiedomain'], $_CONF['cookiesecure']); 1008 setcookie ($_CONF['cookie_password'], md5 ($passwd), 1009 time() + $cooktime, $_CONF['cookie_path'], 1010 $_CONF['cookiedomain'], $_CONF['cookiesecure']); 1011 } 1012 } else { 1013 $userid = $_COOKIE[$_CONF['cookie_name']]; 1014 if (empty ($userid) || ($userid == 'deleted')) { 1015 unset ($userid); 1016 } else { 1017 $userid = COM_applyFilter ($userid, true); 1018 if ($userid > 1) { 1019 if ($VERBOSE) { 1020 COM_errorLog ('NOW trying to set permanent cookie',1); 1021 COM_errorLog ('Got '.$userid.' from perm cookie in users.php',1); 1022 } 1023 // Create new session 1024 $userdata = SESS_getUserDataFromId ($userid); 1025 $_USER = $userdata; 1026 if ($VERBOSE) { 1027 COM_errorLog ('Got '.$_USER['username'].' for the username in user.php',1); 1028 } 1029 } 1030 } 1031 } 1032 1033 // Now that we have users data see if their theme cookie is set. 1034 // If not set it 1035 setcookie ($_CONF['cookie_theme'], $_USER['theme'], time() + 31536000, 1036 $_CONF['cookie_path'], $_CONF['cookiedomain'], 1037 $_CONF['cookiesecure']); 1038 1039 if (!empty ($_SERVER['HTTP_REFERER']) && (strstr ($_SERVER['HTTP_REFERER'], '/users.php') === false)) { 1040 $indexMsg = $_CONF['site_url'] . '/index.php?msg='; 1041 if (substr ($_SERVER['HTTP_REFERER'], 0, strlen ($indexMsg)) == $indexMsg) { 1042 $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); 1043 } else { 1044 // If user is trying to login - force redirect to index.php 1045 if (strstr ($_SERVER['HTTP_REFERER'], 'mode=login') === false) { 1046 $display .= COM_refresh ($_SERVER['HTTP_REFERER']); 1047 } else { 1048 $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); 1049 } 1050 } 1051 } else { 1052 $display .= COM_refresh ($_CONF['site_url'] . '/index.php'); 1053 } 1054 } else { 1055 // On failed login attempt, update speed limit 1056 COM_updateSpeedlimit('login'); 1057 1058 $display .= COM_siteHeader('menu'); 1059 1060 if (isset ($_REQUEST['msg'])) { 1061 $msg = COM_applyFilter ($_REQUEST['msg'], true); 1062 } else { 1063 $msg = 0; 1064 } 1065 if ($msg > 0) { 1066 $display .= COM_showMessage($msg); 1067 } 1068 1069 switch ($mode) { 1070 case 'create': 1071 // Got bad account info from registration process, show error 1072 // message and display form again 1073 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userForm'))) { 1074 $display .= CUSTOM_userForm (); 1075 } else { 1076 $display .= newuserform (); 1077 } 1078 break; 1079 default: 1080 // check to see if this was the last allowed attempt 1081 if ( COM_checkSpeedlimit('login', $_CONF['login_attempts']) > 0 ) { 1082 if ($_CONF['custom_registration'] AND function_exists('CUSTOM_loginErrorHandler')) { 1083 // Typically this will be used if you have a custom main site page and need to control the login process 1084 $msg = 82; 1085 $display .= CUSTOM_loginErrorHandler($msg); 1086 } else { 1087 $retval .= COM_siteHeader('menu', $LANG04[113]) 1088 . COM_startBlock ($LANG04[113], '', 1089 COM_getBlockTemplate ('_msg_block', 'header')) 1090 . $LANG04[112] 1091 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')) 1092 . COM_siteFooter (); 1093 echo $retval; 1094 exit(); 1095 } 1096 } else { // Show login form 1097 if( ($msg != 69) && ($msg != 70) ) { 1098 if ($_CONF['custom_registration'] AND function_exists('CUSTOM_loginErrorHandler')) { 1099 // Typically this will be used if you have a custom main site page and need to control the login process 1100 $display .= CUSTOM_loginErrorHandler($msg); 1101 } else { 1102 $display .= loginform(false, $status); 1103 } 1104 } 1105 } 1106 break; 1107 } 1108 1109 $display .= COM_siteFooter(); 1110 } 1111 break; 1112 } 1113 1114 echo $display; 1115 1116 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|