| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | lib-user.php | 8 // | | 9 // | User-related functions needed in more than one place. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // +---------------------------------------------------------------------------+ 18 // | | 19 // | This program is free software; you can redistribute it and/or | 20 // | modify it under the terms of the GNU General Public License | 21 // | as published by the Free Software Foundation; either version 2 | 22 // | of the License, or (at your option) any later version. | 23 // | | 24 // | This program is distributed in the hope that it will be useful, | 25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 27 // | GNU General Public License for more details. | 28 // | | 29 // | You should have received a copy of the GNU General Public License | 30 // | along with this program; if not, write to the Free Software Foundation, | 31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 32 // | | 33 // +---------------------------------------------------------------------------+ 34 // 35 // $Id: lib-user.php,v 1.34 2006/09/18 10:04:42 dhaun Exp $ 36 37 if (strpos ($_SERVER['PHP_SELF'], 'lib-user.php') !== false) { 38 die ('This file can not be used on its own!'); 39 } 40 41 /** 42 * Delete a user account 43 * 44 * @param int $uid id of the user to delete 45 * @return boolean true = user deleted, false = an error occured 46 * 47 */ 48 function USER_deleteAccount ($uid) 49 { 50 global $_CONF, $_TABLES, $_USER; 51 52 // first some checks ... 53 if ((($uid == $_USER['uid']) && ($_CONF['allow_account_delete'] == 1)) || 54 SEC_hasRights ('user.delete')) { 55 if (SEC_inGroup ('Root', $uid)) { 56 if (!SEC_inGroup ('Root')) { 57 // can't delete a Root user without being in the Root group 58 COM_accessLog ("User {$_USER['uid']} just tried to delete Root user $uid with insufficient privileges."); 59 60 return false; 61 } else { 62 $rootgrp = DB_getItem ($_TABLES['groups'], 'grp_id', 63 "grp_name = 'Root'"); 64 $result = DB_query ("SELECT COUNT(DISTINCT {$_TABLES['users']}.uid) AS count FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1 AND {$_TABLES['users']}.uid = {$_TABLES['group_assignments']}.ug_uid AND ({$_TABLES['group_assignments']}.ug_main_grp_id = $rootgrp)"); 65 $A = DB_fetchArray ($result); 66 if ($A['count'] <= 1) { 67 // make sure there's at least 1 Root user left 68 COM_errorLog ("You can't delete the last user from the Root group.", 1); 69 return false; 70 } 71 } 72 } 73 } else { 74 // you can only delete your own account (if enabled) or you need 75 // proper permissions to do so (user.delete) 76 COM_accessLog ("User {$_USER['uid']} just tried to delete user $uid with insufficient privileges."); 77 78 return false; 79 } 80 81 // log the user out 82 SESS_endUserSession ($uid); 83 84 // Ok, now delete everything related to this user 85 86 // let plugins update their data for this user 87 PLG_deleteUser ($uid); 88 89 // Call custom account profile delete function if enabled and exists 90 if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userDelete')) { 91 CUSTOM_userDelete ($uid); 92 } 93 94 // remove from all security groups 95 DB_delete ($_TABLES['group_assignments'], 'ug_uid', $uid); 96 97 // remove user information and preferences 98 DB_delete ($_TABLES['userprefs'], 'uid', $uid); 99 DB_delete ($_TABLES['userindex'], 'uid', $uid); 100 DB_delete ($_TABLES['usercomment'], 'uid', $uid); 101 DB_delete ($_TABLES['userinfo'], 'uid', $uid); 102 103 // avoid having orphand stories/comments by making them anonymous posts 104 DB_query ("UPDATE {$_TABLES['comments']} SET uid = 1 WHERE uid = $uid"); 105 DB_query ("UPDATE {$_TABLES['stories']} SET uid = 1 WHERE uid = $uid"); 106 DB_query ("UPDATE {$_TABLES['stories']} SET owner_id = 1 WHERE owner_id = $uid"); 107 108 // delete story submissions 109 DB_delete ($_TABLES['storysubmission'], 'uid', $uid); 110 111 // delete user photo, if enabled & exists 112 if ($_CONF['allow_user_photo'] == 1) { 113 $photo = DB_getItem ($_TABLES['users'], 'photo', "uid = $uid"); 114 USER_deletePhoto ($photo, false); 115 } 116 117 // in case the user owned any objects that require Admin access, assign 118 // them to the Root user with the lowest uid 119 $rootgroup = DB_getItem ($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); 120 $result = DB_query ("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = $rootgroup ORDER BY ug_uid LIMIT 1"); 121 $A = DB_fetchArray ($result); 122 $rootuser = $A['ug_uid']; 123 124 DB_query ("UPDATE {$_TABLES['blocks']} SET owner_id = $rootuser WHERE owner_id = $uid"); 125 DB_query ("UPDATE {$_TABLES['topics']} SET owner_id = $rootuser WHERE owner_id = $uid"); 126 127 // now delete the user itself 128 DB_delete ($_TABLES['users'], 'uid', $uid); 129 130 return true; 131 } 132 133 /** 134 * Create a new password and send it to the user 135 * 136 * @param string $username user's login name 137 * @param string $useremail user's email address 138 * @return bool true = success, false = an error occured 139 * 140 */ 141 function USER_createAndSendPassword ($username, $useremail, $uid) 142 { 143 global $_CONF, $_TABLES, $LANG04; 144 145 srand ((double) microtime () * 1000000); 146 $passwd = rand (); 147 $passwd = md5 ($passwd); 148 $passwd = substr ($passwd, 1, 8); 149 $passwd2 = md5 ($passwd); 150 DB_change ($_TABLES['users'], 'passwd', "$passwd2", 'uid', $uid); 151 152 if (file_exists ($_CONF['path_data'] . 'welcome_email.txt')) { 153 $template = new Template ($_CONF['path_data']); 154 $template->set_file (array ('mail' => 'welcome_email.txt')); 155 $template->set_var ('auth_info', 156 "$LANG04[2]: $username\n$LANG04[4]: $passwd"); 157 $template->set_var ('site_url', $_CONF['site_url']); 158 $template->set_var ('site_name', $_CONF['site_name']); 159 $template->set_var ('site_slogan', $_CONF['site_slogan']); 160 $template->set_var ('lang_text1', $LANG04[15]); 161 $template->set_var ('lang_text2', $LANG04[14]); 162 $template->set_var ('lang_username', $LANG04[2]); 163 $template->set_var ('lang_password', $LANG04[4]); 164 $template->set_var ('username', $username); 165 $template->set_var ('password', $passwd); 166 $template->set_var ('name', COM_getDisplayName ($uid)); 167 $template->parse ('output', 'mail'); 168 $mailtext = $template->get_var ('output'); 169 } else { 170 $mailtext = $LANG04[15] . "\n\n"; 171 $mailtext .= $LANG04[2] . ": $username\n"; 172 $mailtext .= $LANG04[4] . ": $passwd\n\n"; 173 $mailtext .= $LANG04[14] . "\n\n"; 174 $mailtext .= $_CONF['site_name'] . "\n"; 175 $mailtext .= $_CONF['site_url'] . "\n"; 176 } 177 $subject = $_CONF['site_name'] . ': ' . $LANG04[16]; 178 179 return COM_mail ($useremail, $subject, $mailtext); 180 } 181 182 /** 183 * Inform a user their account has been activated. 184 * 185 * @param string $username user's login name 186 * @param string $useremail user's email address 187 * @return bool true = success, false = an error occured 188 * 189 */ 190 function USER_sendActivationEmail ($username, $useremail) 191 { 192 global $_CONF, $_TABLES, $LANG04; 193 194 if (file_exists ($_CONF['path_data'] . 'activation_email.txt')) { 195 $template = new Template ($_CONF['path_data']); 196 $template->set_file (array ('mail' => 'activation_email.txt')); 197 $template->set_var ('site_url', $_CONF['site_url']); 198 $template->set_var ('site_name', $_CONF['site_name']); 199 $template->set_var ('site_slogan', $_CONF['site_slogan']); 200 $template->set_var ('lang_text1', $LANG04[15]); 201 $template->set_var ('lang_text2', $LANG04[14]); 202 $template->parse ('output', 'mail'); 203 $mailtext = $template->get_var ('output'); 204 } else { 205 $mailtext = str_replace("<username>", $username, $LANG04[118]) . "\n\n"; 206 $mailtext .= $_CONF['site_url'] ."\n\n"; 207 $mailtext .= $LANG04[119] . "\n\n"; 208 $mailtext .= $_CONF['site_url'] ."/users.php?mode=getpassword\n\n"; 209 $mailtext .= $_CONF['site_name'] . "\n"; 210 $mailtext .= $_CONF['site_url'] . "\n"; 211 } 212 $subject = $_CONF['site_name'] . ': ' . $LANG04[120]; 213 214 return COM_mail ($useremail, $subject, $mailtext); 215 } 216 217 /** 218 * Create a new user 219 * 220 * Also calls the custom user registration (if enabled) and plugin functions. 221 * 222 * NOTE: Does NOT send out password emails. 223 * 224 * @param string $username user name (mandatory) 225 * @param string $email user's email address (mandatory) 226 * @param string $passwd password (optional, see above) 227 * @param string $fullname user's full name (optional) 228 * @param string $homepage user's home page (optional) 229 * @return int new user's ID 230 * 231 */ 232 function USER_createAccount ($username, $email, $passwd = '', $fullname = '', $homepage = '', $remoteusername = '', $service = '') 233 { 234 global $_CONF, $_TABLES; 235 236 $queueUser = false; 237 $username = addslashes ($username); 238 $email = addslashes ($email); 239 240 $regdate = strftime ('%Y-%m-%d %H:%M:%S', time ()); 241 $fields = 'username,email,regdate,cookietimeout'; 242 $values = "'$username','$email','$regdate','{$_CONF['default_perm_cookie_timeout']}'"; 243 244 if (!empty ($passwd)) { 245 $passwd = addslashes ($passwd); 246 $fields .= ',passwd'; 247 $values .= ",'$passwd'"; 248 } 249 if (!empty ($fullname)) { 250 $fullname = addslashes ($fullname); 251 $fields .= ',fullname'; 252 $values .= ",'$fullname'"; 253 } 254 if (!empty ($homepage)) { 255 $homepage = addslashes ($homepage); 256 $fields .= ',homepage'; 257 $values .= ",'$homepage'"; 258 } 259 if (($_CONF['usersubmission'] == 1) && !SEC_hasRights ('user.edit')) { 260 $queueUser = true; 261 if (!empty ($_CONF['allow_domains'])) { 262 if (USER_emailMatches ($email, $_CONF['allow_domains'])) { 263 $queueUser = false; 264 } 265 } 266 if ($queueUser) { 267 $fields .= ',status'; 268 $values .= ',' . USER_ACCOUNT_AWAITING_APPROVAL; 269 } 270 } else { 271 if (!empty($remoteusername)) { 272 $fields .= ',remoteusername'; 273 $values .= ",'$remoteusername'"; 274 } 275 if (!empty($service)) { 276 $fields .= ',remoteservice'; 277 $values .= ",'$service'"; 278 } 279 } 280 281 DB_query ("INSERT INTO {$_TABLES['users']} ($fields) VALUES ($values)"); 282 // Get the uid of the user, possibly given a service: 283 if ($remoteusername != '') 284 { 285 $uid = DB_getItem ($_TABLES['users'], 'uid', "remoteusername = '$remoteusername' AND remoteservice='$service'"); 286 } else { 287 $uid = DB_getItem ($_TABLES['users'], 'uid', "username = '$username' AND remoteservice IS NULL"); 288 } 289 290 // Add user to Logged-in group (i.e. members) and the All Users group 291 $normal_grp = DB_getItem ($_TABLES['groups'], 'grp_id', 292 "grp_name='Logged-in Users'"); 293 $all_grp = DB_getItem ($_TABLES['groups'], 'grp_id', 294 "grp_name='All Users'"); 295 DB_query ("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ($normal_grp, $uid)"); 296 DB_query ("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ($all_grp, $uid)"); 297 298 DB_query ("INSERT INTO {$_TABLES['userprefs']} (uid) VALUES ($uid)"); 299 if ($_CONF['emailstoriesperdefault'] == 1) { 300 DB_query ("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ($uid,'')"); 301 } else { 302 DB_query ("INSERT INTO {$_TABLES['userindex']} (uid,etids) VALUES ($uid, '-')"); 303 } 304 305 DB_query ("INSERT INTO {$_TABLES['usercomment']} (uid,commentmode,commentlimit) VALUES ($uid,'{$_CONF['comment_mode']}','{$_CONF['comment_limit']}')"); 306 DB_query ("INSERT INTO {$_TABLES['userinfo']} (uid) VALUES ($uid)"); 307 308 // call custom registration function and plugins 309 if ($_CONF['custom_registration'] && (function_exists ('CUSTOM_userCreate'))) { 310 CUSTOM_userCreate ($uid); 311 } 312 PLG_createUser ($uid); 313 314 // Notify the admin? 315 if (isset ($_CONF['notification']) && 316 in_array ('user', $_CONF['notification'])) { 317 if ($queueUser) { 318 $mode = 'inactive'; 319 } else { 320 $mode = 'active'; 321 } 322 USER_sendNotification ($username, $email, $uid, $mode); 323 } 324 325 return $uid; 326 } 327 328 /** 329 * Send an email notification when a new user registers with the site. 330 * 331 * @param username string User name of the new user 332 * @param email string Email address of the new user 333 * @param uid int User id of the new user 334 * @param mode string Mode user was added at. 335 * 336 */ 337 function USER_sendNotification ($username, $email, $uid, $mode='inactive') 338 { 339 global $_CONF, $_TABLES, $LANG01, $LANG04, $LANG08, $LANG28, $LANG29; 340 341 $mailbody = "$LANG04[2]: $username\n" 342 . "$LANG04[5]: $email\n" 343 . "$LANG28[14]: " . strftime ($_CONF['date']) . "\n\n"; 344 345 if ($mode == 'inactive') { 346 // user needs admin approval 347 $mailbody .= "$LANG01[10] <{$_CONF['site_admin_url']}/moderation.php>\n\n"; 348 } else { 349 // user has been created, or has activated themselves: 350 $mailbody .= "$LANG29[4] <{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}>\n\n"; 351 } 352 $mailbody .= "\n------------------------------\n"; 353 $mailbody .= "\n$LANG08[34]\n"; 354 $mailbody .= "\n------------------------------\n"; 355 356 $mailsubject = $_CONF['site_name'] . ' ' . $LANG29[40]; 357 COM_mail ($_CONF['site_mail'], $mailsubject, $mailbody); 358 } 359 360 /** 361 * Get a user's photo, either uploaded or from an external service 362 * 363 * @param int $uid User ID 364 * @param string $photo name of the user's uploaded image 365 * @param string $email user's email address (for gravatar.com) 366 * @param int $width preferred image width 367 * @return string <img> tag or empty string if no image available 368 * 369 * @note All parameters are optional and can be passed as 0 / empty string. 370 * 371 */ 372 function USER_getPhoto ($uid = 0, $photo = '', $email = '', $width = 0) 373 { 374 global $_CONF, $_TABLES, $_USER; 375 376 $userphoto = ''; 377 378 if ($_CONF['allow_user_photo'] == 1) { 379 380 if (($width == 0) && !empty ($_CONF['force_photo_width'])) { 381 $width = $_CONF['force_photo_width']; 382 } 383 384 // collect user's information with as few SQL requests as possible 385 if ($uid == 0) { 386 $uid = $_USER['uid']; 387 if (empty ($email)) { 388 $email = $_USER['email']; 389 } 390 if (!empty ($_USER['photo']) && 391 (empty ($photo) || ($photo == '(none)'))) { 392 $photo = $_USER['photo']; 393 } 394 } 395 if ((empty ($photo) || ($photo == '(none)')) || 396 (empty ($email) && $_CONF['use_gravatar'])) { 397 $result = DB_query ("SELECT email,photo FROM {$_TABLES['users']} WHERE uid = '$uid'"); 398 list($newemail, $newphoto) = DB_fetchArray ($result); 399 if (empty ($photo) || ($photo == '(none)')) { 400 $photo = $newphoto; 401 } 402 if (empty ($email)) { 403 $email = $newemail; 404 } 405 } 406 407 $img = ''; 408 if (empty ($photo) || ($photo == 'none')) { 409 // no photo - try gravatar.com, if allowed 410 if ($_CONF['use_gravatar']) { 411 $img = 'http://www.gravatar.com/avatar.php?gravatar_id=' 412 . md5 ($email); 413 if ($width > 0) { 414 $img .= '&size=' . $width; 415 } 416 if (!empty ($_CONF['gravatar_rating'])) { 417 $img .= '&rating=' . $_CONF['gravatar_rating']; 418 } 419 if (!empty ($_CONF['default_photo'])) { 420 $img .= '&default=' 421 . urlencode ($_CONF['default_photo']); 422 } 423 } 424 } else { 425 // check if images are inside or outside the document root 426 if (strstr ($_CONF['path_images'], $_CONF['path_html'])) { 427 $imgpath = substr ($_CONF['path_images'], 428 strlen ($_CONF['path_html'])); 429 $img = $_CONF['site_url'] . '/' . $imgpath . 'userphotos/' 430 . $photo; 431 } else { 432 $img = $_CONF['site_url'] 433 . '/getimage.php?mode=userphotos&image=' . $photo; 434 } 435 } 436 437 if (empty ($img) && !empty ($_CONF['default_photo'])) { 438 $img = $_CONF['default_photo']; 439 } 440 if (!empty ($img)) { 441 $userphoto = '<img src="' . $img . '"'; 442 if ($width > 0) { 443 $userphoto .= ' width="' . $width . '"'; 444 } 445 $userphoto .= ' alt="" class="userphoto">'; 446 } 447 } 448 449 return $userphoto; 450 } 451 452 /** 453 * Delete a user's photo (i.e. the actual file) 454 * 455 * @param string $photo name of the photo (without the path) 456 * @param bool $abortonerror true: abort script on error, false: don't 457 * @return void 458 * 459 * @note Will silently ignore non-existing files. 460 * 461 */ 462 function USER_deletePhoto ($photo, $abortonerror = true) 463 { 464 global $_CONF, $LANG04; 465 466 if (!empty ($photo)) { 467 $filetodelete = $_CONF['path_images'] . 'userphotos/' . $photo; 468 if (file_exists ($filetodelete)) { 469 if (!@unlink ($filetodelete)) { 470 if ($abortonerror) { 471 $display = COM_siteHeader ('menu', $LANG04[21]) 472 . COM_errorLog ("Unable to remove file $photo") 473 . COM_siteFooter (); 474 echo $display; 475 exit; 476 } else { 477 // just log the problem, but don't abort 478 COM_errorLog ("Unable to remove file $photo"); 479 } 480 } 481 } 482 } 483 } 484 485 /** 486 * Add user to group if user does not belong to specified group 487 * 488 * This is part of the Geeklog user implementation. This function 489 * looks up whether a user belongs to a specified group and if not 490 * adds them to the group 491 * 492 * @param int $groupid Group we want to see if user belongs to and if not add to group 493 * @param int $uid ID for user to check if in group and if not add user. If empty current user. 494 * @return boolean true if user is added to group, otherwise false 495 * 496 */ 497 function USER_addGroup ($groupid, $uid = '') 498 { 499 global $_CONF, $_TABLES, $_USER; 500 501 // set $uid if $uid is empty 502 if (empty ($uid)) { 503 // bail for anonymous users 504 if (empty ($_USER['uid']) || ($_USER['uid'] == 1)) { 505 return false; 506 } else { 507 // If logged in set to current uid 508 $uid = $_USER['uid']; 509 } 510 } 511 512 if (($groupid < 1) || SEC_inGroup ($groupid, $uid)) { 513 return false; 514 } else { 515 DB_query ("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ('$groupid', $uid)"); 516 return true; 517 } 518 } 519 520 /** 521 * Delete from group if user belongs to specified group 522 * 523 * This is part of the Geeklog user implementation. This function 524 * looks up whether a user belongs to a specified group and if so 525 * removes them from the group 526 * 527 * @param int $groupid Group we want to see if user belongs to and if so delete user from group 528 * @param int $uid ID for user to delete. If empty current user. 529 * @return boolean true if user is removed from group, otherwise false 530 * 531 */ 532 function USER_delGroup ($groupid, $uid = '') 533 { 534 global $_CONF, $_TABLES, $_USER; 535 536 // set $uid if $uid is empty 537 if (empty ($uid)) { 538 // bail for anonymous users 539 if (empty ($_USER['uid']) || ($_USER['uid'] == 1)) { 540 return false; 541 } else { 542 // If logged in set to current uid 543 $uid = $_USER['uid']; 544 } 545 } 546 547 if (($groupid > 0) && SEC_inGroup ($groupid, $uid)) { 548 DB_query ("DELETE FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = $groupid AND ug_uid = $uid"); 549 return true; 550 } else { 551 return false; 552 } 553 } 554 555 /** 556 * Check email address against a list of domains 557 * 558 * Checks if the given email's domain part matches one of the entries in a 559 * comma-separated list of domain names (regular expressions are allowed). 560 * 561 * @param string $email email address to check 562 * @param string $domain_list list of domain names 563 * @return boolean true if match found, otherwise false 564 * 565 */ 566 function USER_emailMatches ($email, $domain_list) 567 { 568 $match_found = false; 569 570 if (!empty ($domain_list)) { 571 $domains = explode (',', $domain_list); 572 573 // Note: We should already have made sure that $email is a valid address 574 $email_domain = substr ($email, strpos ($email, '@') + 1); 575 576 foreach ($domains as $domain) { 577 if (preg_match ("#$domain#i", $email_domain)) { 578 $match_found = true; 579 break; 580 } 581 } 582 } 583 584 return $match_found; 585 } 586 587 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|