Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: save.php 2098 2014-02-11 01:37:03Z darkviper $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/users/save.php $
14
 * @lastmodified    $Date: 2014-02-11 02:37:03 +0100 (Tue, 11 Feb 2014) $
15
 *
16
 */
17

    
18
/* -------------------------------------------------------- */
19
// Must include code to stop this file being accessed directly
20
if(!defined('WB_URL')) {
21
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23
}
24
/* -------------------------------------------------------- */
25

    
26
	function save_user($admin, $aActionRequest)
27
	{
28
        // Create a javascript back link
29
//        $js_back = ADMIN_URL.'/users/index.php';
30
        unset($aActionRequest['save']);
31

    
32
        $aActionRequest['modify']= 'change';
33
		$oDb = WbDatabase::getInstance();
34
		$oTrans = Translate::getInstance();
35
        $oTrans->enableAddon('admin\\users');
36
        $bRetVal = 0;
37
    	$iMinPassLength = 6;
38

    
39
        if( !$admin->checkFTAN() )
40
        {
41
        	msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS);
42
            return $bRetVal;
43
        }
44

    
45
        // Check if user id is a valid number and doesnt equal 1
46
        if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) {
47
        	msgQueue::add('::'.$oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
48
            return $bRetVal;
49
        } else {
50
        	$user_id = intval($aActionRequest['user_id']);
51
        }
52

    
53
		if( ($user_id < 2 ) )
54
		{
55
			// if($admin_header) { $admin->print_header(); }
56
        	msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_OFFENSE);
57
            return $bRetVal;
58
		}
59
		// Get existing values
60
        $sql = 'SELECT * FROM `'.$oDb->TablePrefix.'users` '
61
             . 'WHERE `user_id`='.$user_id.' '
62
             . 'AND `user_id` != 1';
63
        if(($oRes = $oDb->doQuery($sql))) {
64
            $olduser = $oRes->fetchRow(MYSQL_ASSOC);
65
        }
66

    
67
        // Gather details entered
68
        if($admin->is_group_match($admin->get_groups_id(), '1' )){
69
            $groups_id = (isset($aActionRequest['groups'])) ? implode(",", $admin->add_slashes($aActionRequest['groups'])) : '';
70
        } else {
71
            $groups_id = $olduser['group_id'];
72
        }
73
        // there will be an additional ',' when "Please Choose" was selected, too
74
        $groups_id = trim($groups_id, ',');
75
        $active = intval(strip_tags($admin->StripCodeFromText($aActionRequest['active'][0])));
76
        $username_fieldname = strip_tags($admin->StripCodeFromText($aActionRequest['username_fieldname']));
77
        $username = strtolower(strip_tags($admin->StripCodeFromText($aActionRequest[$username_fieldname])));
78
        $password = strip_tags($admin->StripCodeFromText($aActionRequest['password']));
79
        $password2 = strip_tags($admin->StripCodeFromText($aActionRequest['password2']));
80
        $display_name = strip_tags($admin->StripCodeFromText($aActionRequest['display_name']));
81
        $email = strip_tags($admin->StripCodeFromText($aActionRequest['email']));
82
        $home_folder = strip_tags($admin->StripCodeFromText($aActionRequest['home_folder']));
83

    
84
        // Check values
85
        if($groups_id == "") {
86
        	msgQueue::add($oTrans->MESSAGE_USERS_NO_GROUP);
87
        } else {
88
            $aGroups_id = explode(',', $groups_id);
89
            //if user is in administrator-group, get this group else just get the first one
90
            if($admin->is_group_match($groups_id,'1')) { $group_id = 1; } else { $group_id = intval($aGroups_id[0]); }
91
        }
92

    
93
//$admin->is_group_match($admin->get_groups_id(), '1' )
94
        if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
95
        {
96
        	msgQueue::add( $oTrans->MESSAGE_USERS_NAME_INVALID_CHARS);
97
        }
98

    
99
        if($password != "") {
100
        	if(strlen($password) < $iMinPassLength ) {
101
        		msgQueue::add($oTrans->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
102
        	}
103

    
104
			$pattern = '/[^'.$admin->password_chars.']/';
105
			if (preg_match($pattern, $password)) {
106
				msgQueue::add($oTrans->MESSAGE_PREFERENCES_INVALID_CHARS);
107
        	}
108

    
109
        	if(($password != $password2) ) {
110
        		msgQueue::add($oTrans->MESSAGE_USERS_PASSWORD_MISMATCH);
111
        	}
112
        }
113
// check that display_name is unique in whoole system (prevents from User-faking)
114
    	$sql  = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` ';
115
    	$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"';
116
    	if( $oDb->getOne($sql) > 0 ){
117
            msgQueue::add($oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')');
118
            msgQueue::add($oTrans->MESSAGE_MEDIA_CANNOT_RENAME);
119
        }
120
//
121
		if( ($admin->get_user_id() != '1' ) )
122
		{
123
            if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) {
124
                msgQueue::add( $oTrans->TEXT_ERROR.' '.$oTrans->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
125
            }
126
		}
127

    
128
    	$display_name = ( $display_name == '' ? $olduser['display_name'] : $display_name );
129

    
130
        if($email != "")
131
        {
132
        	if($admin->validate_email($email) == false)
133
            {
134
                msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
135
        	}
136
        } else { // e-mail must be present
137
        	msgQueue::add($oTrans->MESSAGE_SIGNUP_NO_EMAIL);
138
        }
139

    
140
		$sql  = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` '.
141
                'WHERE `email` LIKE \''.$email.'\' '.
142
                  'AND `user_id` <> '.(int)$user_id;
143
        // Check if the email already exists
144
        if( ($iFoundUser = $oDb->getOne($sql)) != null ) {
145
            if($iFoundUser) {
146
            	if(isset($oTrans->MESSAGE_USERS_EMAIL_TAKEN))
147
                {
148
            		msgQueue::add($oTrans->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
149
            	} else {
150
            		msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
151
            	}
152
            }
153
        }
154

    
155
        $bRetVal = $user_id;
156

    
157
// no error then save
158
        if( !msgQueue::getError() )
159
        {
160
            if($admin->is_group_match($groups_id,'1')) { $group_id = 1; $groups_id = '1'; }
161
          // Prevent from renaming user to "admin"
162
            if($username != 'admin') {
163
            	$username_code = ", username = '$username'";
164
            } else {
165
            	$username_code = '';
166
            }
167

    
168
            if(defined('HOME_FOLDERS') && HOME_FOLDERS) {
169

    
170
                // Include the WB functions file
171
                if(!function_exists('media_filename')) { require(WB_PATH.'/framework/functions.php'); }
172

    
173
                // Remove bad characters
174
                $sHomeFolder = WB_PATH.MEDIA_DIRECTORY.'/home/'.( media_filename($username) );
175
                if ( sizeof(createFolderProtectFile( $sHomeFolder )) )
176
                {
177
    //            	msgQueue::add($oTrans->MESSAGE_MEDIA_DIR_NOT_MADE);
178
                }
179
            }
180

    
181
			$sql  = 'UPDATE `'.$oDb->TablePrefix.'users` SET ';
182
            // Update the database
183
            if($password == "") {
184
                $sql .= '`group_id` = '.intval($group_id).', '.
185
                        '`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
186
                        '`username` = \''.$oDb->escapeString($username).'\', '.
187
                        '`active` = '.intval($active).', '.
188
                        '`display_name` = \''.$oDb->escapeString($display_name).'\', '.
189
                        '`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
190
                        '`email` = \''.$oDb->escapeString($email).'\' '.
191
                        'WHERE `user_id` = '.intval($user_id).'';
192

    
193
            } else {
194

    
195
                $sql .= '`group_id` = '.intval($group_id).', '.
196
                        '`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
197
                        '`username` = \''.$oDb->escapeString($username).'\', '.
198
                        '`password` = \''.md5($password).'\', '.
199
                        '`active` = '.intval($active).', '.
200
                        '`display_name` = \''.$oDb->escapeString($display_name).'\', '.
201
                        '`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
202
                        '`email` = \''.$oDb->escapeString($email).'\' '.
203
                        'WHERE `user_id` = '.intval($user_id).'';
204

    
205
            }
206
            if($oDb->doQuery($sql)) {
207
            	msgQueue::add($oTrans->MESSAGE_USERS_SAVED, true);
208
                $bRetVal = $user_id;
209
            }
210
            if($oDb->isError()) {
211
               msgQueue::add( implode('<br />',explode(';',$oDb->getError())) );
212
            }
213
       } else {
214
            	msgQueue::add($oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
215
       }
216

    
217
//        return $admin->getIDKEY($user_id);
218
//if($admin_header) { $admin->print_header(); }
219
        return $bRetVal;
220
    }
(5-5/7)