Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: save.php 2065 2014-01-02 13:28:12Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/users/save.php $
14
 * @lastmodified    $Date: 2014-01-02 14:28:12 +0100 (Thu, 02 Jan 2014) $
15
 *
16
 */
17

    
18
/* -------------------------------------------------------- */
19
// Must include code to stop this file being accessed directly
20
if(!defined('WB_URL')) {
21
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23
}
24
/* -------------------------------------------------------- */
25

    
26
	function save_user($admin, &$aActionRequest)
27
	{
28
        // Create a javascript back link
29
//        $js_back = ADMIN_URL.'/users/index.php';
30
        unset($aActionRequest['save']);
31

    
32
        $aActionRequest['modify']= 'change';
33
		$database = WbDatabase::getInstance();
34
		$mLang = Translate::getInstance();
35
        $bRetVal = 0;
36
    	$iMinPassLength = 6;
37

    
38
        if( !$admin->checkFTAN() )
39
        {
40
        	msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_ACCESS);
41
            return $bRetVal;
42
        }
43

    
44
        // Check if user id is a valid number and doesnt equal 1
45
        if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) {
46
        	msgQueue::add('::'.$mLang->MESSAGE_GENERIC_NOT_UPGRADED);
47
            return $bRetVal;
48
        } else {
49
        	$user_id = intval($aActionRequest['user_id']);
50
        }
51

    
52
		if( ($user_id < 2 ) )
53
		{
54
			// if($admin_header) { $admin->print_header(); }
55
        	msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_OFFENSE);
56
            return $bRetVal;
57
		}
58
		// Get existing values
59
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ;
60
        $sql .= 'WHERE user_id = '.$user_id.' ';
61
        $sql .=   'AND user_id != 1 ';
62

    
63
        if($oRes = $database->query($sql)){
64
            $olduser = $oRes->fetchRow(MYSQL_ASSOC);
65
        }
66

    
67
        // Gather details entered
68
        if($admin->is_group_match($admin->get_groups_id(), '1' )){
69
            $groups_id = (isset($aActionRequest['groups'])) ? implode(",", $admin->add_slashes($aActionRequest['groups'])) : '';
70
        } else {
71
            $groups_id = $olduser['group_id'];
72
        }
73
        // there will be an additional ',' when "Please Choose" was selected, too
74
        $groups_id = trim($groups_id, ',');
75
        $active = intval(strip_tags($admin->StripCodeFromText($aActionRequest['active'][0])));
76
        $username_fieldname = strip_tags($admin->StripCodeFromText($aActionRequest['username_fieldname']));
77
        $username = strtolower(strip_tags($admin->StripCodeFromText($aActionRequest[$username_fieldname])));
78
        $password = strip_tags($admin->StripCodeFromText($aActionRequest['password']));
79
        $password2 = strip_tags($admin->StripCodeFromText($aActionRequest['password2']));
80
        $display_name = strip_tags($admin->StripCodeFromText($aActionRequest['display_name']));
81
        $email = strip_tags($admin->StripCodeFromText($aActionRequest['email']));
82
        $home_folder = strip_tags($admin->StripCodeFromText($aActionRequest['home_folder']));
83

    
84
        // Check values
85
        if($groups_id == "") {
86
        	msgQueue::add($mLang->MESSAGE_USERS_NO_GROUP);
87
        } else {
88
            $aGroups_id = explode(',', $groups_id);
89
            //if user is in administrator-group, get this group else just get the first one
90
            if($admin->is_group_match($groups_id,'1')) { $group_id = 1; } else { $group_id = intval($aGroups_id[0]); }
91
        }
92

    
93
//$admin->is_group_match($admin->get_groups_id(), '1' )
94
        if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
95
        {
96
        	msgQueue::add( $mLang->MESSAGE_USERS_NAME_INVALID_CHARS);
97
        }
98

    
99
        if($password != "") {
100
        	if(strlen($password) < $iMinPassLength ) {
101
        		msgQueue::add($mLang->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
102
        	}
103

    
104
			$pattern = '/[^'.$admin->password_chars.']/';
105
			if (preg_match($pattern, $password)) {
106
				msgQueue::add($mLang->MESSAGE_PREFERENCES_INVALID_CHARS);
107
        	}
108

    
109
        	if(($password != $password2) ) {
110
        		msgQueue::add($mLang->MESSAGE_USERS_PASSWORD_MISMATCH);
111
        	}
112
        }
113
// check that display_name is unique in whoole system (prevents from User-faking)
114
    	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
115
    	$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"';
116
    	if( $database->get_one($sql) > 0 ){
117
            msgQueue::add($mLang->MESSAGE_USERS_USERNAME_TAKEN.' ('.$mLang->TEXT_DISPLAY_NAME.')');
118
            msgQueue::add($mLang->MESSAGE_MEDIA_CANNOT_RENAME);
119
        }
120
//
121
		if( ($admin->get_user_id() != '1' ) )
122
		{
123
            if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) {
124
                msgQueue::add( $mLang->TEXT_ERROR.' '.$mLang->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
125
            }
126
		}
127

    
128
    	$display_name = ( $display_name == '' ? $olduser['display_name'] : $display_name );
129

    
130
        if($email != "")
131
        {
132
        	if($admin->validate_email($email) == false)
133
            {
134
                msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
135
        	}
136
        } else { // e-mail must be present
137
        	msgQueue::add($mLang->MESSAGE_SIGNUP_NO_EMAIL);
138
        }
139

    
140
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '.
141
                'WHERE `email` LIKE \''.$email.'\' '.
142
                  'AND `user_id` <> '.(int)$user_id;
143
        // Check if the email already exists
144
        if( ($iFoundUser = $database->get_one($sql)) != null ) {
145
            if($iFoundUser) {
146
            	if(isset($mLang->MESSAGE_USERS_EMAIL_TAKEN))
147
                {
148
            		msgQueue::add($mLang->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
149
            	} else {
150
            		msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
151
            	}
152
            }
153
        }
154

    
155
        $bRetVal = $user_id;
156

    
157
// no error then save
158
        if( !msgQueue::getError() )
159
        {
160
            if($admin->is_group_match($groups_id,'1')) { $group_id = 1; $groups_id = '1'; }
161
          // Prevent from renaming user to "admin"
162
            if($username != 'admin') {
163
            	$username_code = ", username = '$username'";
164
            } else {
165
            	$username_code = '';
166
            }
167

    
168
            if(defined('HOME_FOLDERS') && HOME_FOLDERS) {
169

    
170
                // Include the WB functions file
171
                if(!function_exists('media_filename')) { require(WB_PATH.'/framework/functions.php'); }
172

    
173
                // Remove bad characters
174
                $sHomeFolder = WB_PATH.MEDIA_DIRECTORY.'/home/'.( media_filename($username) );
175
                if ( sizeof(createFolderProtectFile( $sHomeFolder )) )
176
                {
177
    //            	msgQueue::add($mLang->MESSAGE_MEDIA_DIR_NOT_MADE);
178
                }
179
            }
180

    
181
			$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET ';
182
            // Update the database
183
            if($password == "") {
184
                $sql .= '`group_id`     = '.intval($group_id).', '.
185
                        '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.
186
                        '`username` = \''.$database->escapeString($username).'\', '.
187
                        '`active` = '.intval($active).', '.
188
                        '`display_name` = \''.$database->escapeString($display_name).'\', '.
189
                        '`home_folder` = \''.$database->escapeString($home_folder).'\', '.
190
                        '`email` = \''.$database->escapeString($email).'\' '.
191
                        'WHERE `user_id` = '.intval($user_id).'';
192

    
193
            } else {
194

    
195
                $sql .= '`group_id`     = '.intval($group_id).', '.
196
                        '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.
197
                        '`username` = \''.$database->escapeString($username).'\', '.
198
                        '`password` = \''.md5($password).'\', '.
199
                        '`active` = '.intval($active).', '.
200
                        '`display_name` = \''.$database->escapeString($display_name).'\', '.
201
                        '`home_folder` = \''.$database->escapeString($home_folder).'\', '.
202
                        '`email` = \''.$database->escapeString($email).'\' '.
203
                        'WHERE `user_id` = '.intval($user_id).'';
204

    
205
            }
206
            if($database->query($sql)) {
207
            	msgQueue::add($mLang->MESSAGE_USERS_SAVED, true);
208
                $bRetVal = $user_id;
209
            }
210
            if($database->is_error()) {
211
               msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
212
            }
213
       } else {
214
            	msgQueue::add($mLang->MESSAGE_GENERIC_NOT_UPGRADED);
215
       }
216

    
217
//        return $admin->getIDKEY($user_id);
218
//if($admin_header) { $admin->print_header(); }
219
        return $bRetVal;
220
    }
(5-5/7)