| [ Index ] |
|
Code source de Joomla 1.0.13 |
1 <?php 2 /** 3 * @version $Id: user.php 7813 2007-06-29 06:04:09Z louis $ 4 * @package Joomla 5 * @subpackage Users 6 * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved. 7 * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant 9 * to the GNU General Public License, and as distributed it includes or 10 * is derivative of works licensed under the GNU General Public License or 11 * other free or open source software licenses. 12 * See COPYRIGHT.php for copyright notices and details. 13 */ 14 15 // no direct access 16 defined( '_VALID_MOS' ) or die( 'Restricted access' ); 17 18 // Editor usertype check 19 $access = new stdClass(); 20 $access->canEdit = $acl->acl_check( 'action', 'edit', 'users', $my->usertype, 'content', 'all' ); 21 $access->canEditOwn = $acl->acl_check( 'action', 'edit', 'users', $my->usertype, 'content', 'own' ); 22 23 require_once ( $mainframe->getPath( 'front_html' ) ); 24 25 switch( $task ) { 26 case 'UserDetails': 27 userEdit( $option, $my->id, _UPDATE ); 28 break; 29 30 case 'saveUserEdit': 31 // check to see if functionality restricted for use as demo site 32 if ( $_VERSION->RESTRICT == 1 ) { 33 mosRedirect( 'index.php?mosmsg=Functionality Restricted' ); 34 } else { 35 userSave( $option, $my->id ); 36 } 37 break; 38 39 case 'CheckIn': 40 CheckIn( $my->id, $access, $option ); 41 break; 42 43 case 'cancel': 44 mosRedirect( 'index.php' ); 45 break; 46 47 default: 48 HTML_user::frontpage(); 49 break; 50 } 51 52 function userEdit( $option, $uid, $submitvalue) { 53 global $database, $mainframe; 54 global $mosConfig_absolute_path; 55 56 // security check to see if link exists in a menu 57 $link = 'index.php?option=com_user&task=UserDetails'; 58 $query = "SELECT id" 59 . "\n FROM #__menu" 60 . "\n WHERE link LIKE '%$link%'" 61 . "\n AND published = 1" 62 ; 63 $database->setQuery( $query ); 64 $exists = $database->loadResult(); 65 if ( !$exists ) { 66 mosNotAuth(); 67 return; 68 } 69 70 require_once ( $mosConfig_absolute_path .'/administrator/components/com_users/users.class.php' ); 71 72 if ($uid == 0) { 73 mosNotAuth(); 74 return; 75 } 76 $row = new mosUser( $database ); 77 $row->load( (int)$uid ); 78 $row->orig_password = $row->password; 79 80 $row->name = trim( $row->name ); 81 $row->email = trim( $row->email ); 82 $row->username = trim( $row->username ); 83 84 $file = $mainframe->getPath( 'com_xml', 'com_users' ); 85 $params =& new mosUserParameters( $row->params, $file, 'component' ); 86 87 HTML_user::userEdit( $row, $option, $submitvalue, $params ); 88 } 89 90 function userSave( $option, $uid) { 91 global $database, $my, $mosConfig_frontend_userparams; 92 93 $user_id = intval( mosGetParam( $_POST, 'id', 0 )); 94 95 // do some security checks 96 if ($uid == 0 || $user_id == 0 || $user_id != $uid) { 97 mosNotAuth(); 98 return; 99 } 100 101 // simple spoof check security 102 josSpoofCheck(); 103 104 $row = new mosUser( $database ); 105 $row->load( (int)$user_id ); 106 107 $orig_password = $row->password; 108 $orig_username = $row->username; 109 110 if (!$row->bind( $_POST, 'gid usertype' )) { 111 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 112 exit(); 113 } 114 115 $row->name = trim($row->name); 116 $row->email = trim($row->email); 117 $row->username = trim($row->username); 118 119 mosMakeHtmlSafe($row); 120 121 if (isset($_POST['password']) && $_POST['password'] != '') { 122 if (isset($_POST['verifyPass']) && ($_POST['verifyPass'] == $_POST['password'])) { 123 $row->password = trim($row->password); 124 $salt = mosMakePassword(16); 125 $crypt = md5($row->password.$salt); 126 $row->password = $crypt.':'.$salt; 127 } else { 128 echo "<script> alert(\"".addslashes( _PASS_MATCH )."\"); window.history.go(-1); </script>\n"; 129 exit(); 130 } 131 } else { 132 // Restore 'original password' 133 $row->password = $orig_password; 134 } 135 136 if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) { 137 // save params 138 $params = mosGetParam( $_POST, 'params', '' ); 139 if (is_array( $params )) { 140 $txt = array(); 141 foreach ( $params as $k=>$v) { 142 $txt[] = "$k=$v"; 143 } 144 $row->params = implode( "\n", $txt ); 145 } 146 } 147 148 if (!$row->check()) { 149 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 150 exit(); 151 } 152 153 if (!$row->store()) { 154 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 155 exit(); 156 } 157 158 // check if username has been changed 159 if ( $orig_username != $row->username ) { 160 // change username value in session table 161 $query = "UPDATE #__session" 162 . "\n SET username = " . $database->Quote($row->username) 163 . "\n WHERE username = " . $database->Quote( $orig_username ) 164 . "\n AND userid = " . (int) $my->id 165 . "\n AND gid = " . (int) $my->gid 166 . "\n AND guest = 0" 167 ; 168 $database->setQuery( $query ); 169 $database->query(); 170 } 171 172 mosRedirect( 'index.php', _USER_DETAILS_SAVE ); 173 } 174 175 function CheckIn( $userid, $access, $option ){ 176 global $database; 177 global $mosConfig_db; 178 179 $nullDate = $database->getNullDate(); 180 if (!($access->canEdit || $access->canEditOwn || $userid > 0)) { 181 mosNotAuth(); 182 return; 183 } 184 185 // security check to see if link exists in a menu 186 $link = 'index.php?option=com_user&task=CheckIn'; 187 $query = "SELECT id" 188 . "\n FROM #__menu" 189 . "\n WHERE link LIKE '%$link%'" 190 . "\n AND published = 1" 191 ; 192 $database->setQuery( $query ); 193 $exists = $database->loadResult(); 194 if ( !$exists ) { 195 mosNotAuth(); 196 return; 197 } 198 199 $lt = mysql_list_tables($mosConfig_db); 200 $k = 0; 201 echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\">"; 202 while (list($tn) = mysql_fetch_array($lt)) { 203 // only check in the jos_* tables 204 if (strpos( $tn, $database->_table_prefix ) !== 0) { 205 continue; 206 } 207 $lf = mysql_list_fields($mosConfig_db, "$tn"); 208 $nf = mysql_num_fields($lf); 209 210 $checked_out = false; 211 $editor = false; 212 213 for ($i = 0; $i < $nf; $i++) { 214 $fname = mysql_field_name($lf, $i); 215 if ( $fname == "checked_out") { 216 $checked_out = true; 217 } else if ( $fname == "editor") { 218 $editor = true; 219 } 220 } 221 222 if ($checked_out) { 223 if ($editor) { 224 $query = "SELECT checked_out, editor" 225 . "\n FROM `$tn`" 226 . "\n WHERE checked_out > 0" 227 . "\n AND checked_out = " . (int) $userid 228 ; 229 $database->setQuery( $query ); 230 } else { 231 $query = "SELECT checked_out" 232 . "\n FROM `$tn`" 233 . "\n WHERE checked_out > 0" 234 . "\n AND checked_out = " . (int) $userid 235 ; 236 $database->setQuery( $query ); 237 } 238 $res = $database->query(); 239 $num = $database->getNumRows( $res ); 240 241 if ($editor) { 242 $query = "UPDATE `$tn`" 243 . "\n SET checked_out = 0, checked_out_time = " . $database->Quote( $nullDate ) . ", editor = NULL" 244 . "\n WHERE checked_out > 0" 245 . "\n AND checked_out = " . (int) $userid 246 ; 247 $database->setQuery( $query ); 248 } else { 249 $query = "UPDATE `$tn`" 250 . "\n SET checked_out = 0, checked_out_time = " . $database->Quote( $nullDate ) 251 . "\n WHERE checked_out > 0" 252 . "\n AND checked_out = " . (int) $userid 253 ; 254 $database->setQuery( $query ); 255 } 256 $res = $database->query(); 257 258 if ($res == 1) { 259 260 if ($num > 0) { 261 echo "\n<tr class=\"row$k\">"; 262 echo "\n <td width=\"250\">"; 263 echo _CHECK_TABLE; 264 echo " - $tn</td>"; 265 echo "\n <td>"; 266 echo _CHECKED_IN; 267 echo "<b>$num</b>"; 268 echo _CHECKED_IN_ITEMS; 269 echo "</td>"; 270 echo "\n</tr>"; 271 } 272 $k = 1 - $k; 273 } 274 } 275 } 276 ?> 277 <tr> 278 <td colspan="2"> 279 <b><?php echo _CONF_CHECKED_IN; ?></b> 280 </td> 281 </tr> 282 </table> 283 <?php 284 } 285 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 14:43:32 2007 | par Balluche grâce à PHPXref 0.7 |
|
|