Project

General

Profile

1 1347 Luisehahne
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6 1710 Luisehahne
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8 1347 Luisehahne
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11 1374 Luisehahne
 * @requirements    PHP 5.2.2 and higher
12 1347 Luisehahne
 * @version         $Id$
13
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
 */
17
18 1815 Luisehahne
/* -------------------------------------------------------- */
19
// Must include code to stop this file being accessed directly
20
if(!defined('WB_URL')) {
21
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
23 1804 Luisehahne
}
24 1815 Luisehahne
/* -------------------------------------------------------- */
25 1804 Luisehahne
26 2098 darkviper
	function save_user($admin, $aActionRequest)
27 1815 Luisehahne
	{
28
        // Create a javascript back link
29
//        $js_back = ADMIN_URL.'/users/index.php';
30
        unset($aActionRequest['save']);
31 1823 Luisehahne
32 1815 Luisehahne
        $aActionRequest['modify']= 'change';
33 2098 darkviper
		$oDb = WbDatabase::getInstance();
34
		$oTrans = Translate::getInstance();
35
        $oTrans->enableAddon('admin\\users');
36 1815 Luisehahne
        $bRetVal = 0;
37
    	$iMinPassLength = 6;
38 1804 Luisehahne
39 1815 Luisehahne
        if( !$admin->checkFTAN() )
40
        {
41 2098 darkviper
        	msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS);
42 1815 Luisehahne
            return $bRetVal;
43
        }
44 1347 Luisehahne
45 1815 Luisehahne
        // Check if user id is a valid number and doesnt equal 1
46
        if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) {
47 2098 darkviper
        	msgQueue::add('::'.$oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
48 1815 Luisehahne
            return $bRetVal;
49
        } else {
50
        	$user_id = intval($aActionRequest['user_id']);
51
        }
52 1425 Luisehahne
53 1815 Luisehahne
		if( ($user_id < 2 ) )
54
		{
55
			// if($admin_header) { $admin->print_header(); }
56 2098 darkviper
        	msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_OFFENSE);
57 1815 Luisehahne
            return $bRetVal;
58
		}
59
		// Get existing values
60 2098 darkviper
        $sql = 'SELECT * FROM `'.$oDb->TablePrefix.'users` '
61
             . 'WHERE `user_id`='.$user_id.' '
62
             . 'AND `user_id` != 1';
63
        if(($oRes = $oDb->doQuery($sql))) {
64 1815 Luisehahne
            $olduser = $oRes->fetchRow(MYSQL_ASSOC);
65
        }
66 1347 Luisehahne
67 1815 Luisehahne
        // Gather details entered
68
        if($admin->is_group_match($admin->get_groups_id(), '1' )){
69
            $groups_id = (isset($aActionRequest['groups'])) ? implode(",", $admin->add_slashes($aActionRequest['groups'])) : '';
70
        } else {
71
            $groups_id = $olduser['group_id'];
72
        }
73
        // there will be an additional ',' when "Please Choose" was selected, too
74
        $groups_id = trim($groups_id, ',');
75
        $active = intval(strip_tags($admin->StripCodeFromText($aActionRequest['active'][0])));
76
        $username_fieldname = strip_tags($admin->StripCodeFromText($aActionRequest['username_fieldname']));
77
        $username = strtolower(strip_tags($admin->StripCodeFromText($aActionRequest[$username_fieldname])));
78
        $password = strip_tags($admin->StripCodeFromText($aActionRequest['password']));
79
        $password2 = strip_tags($admin->StripCodeFromText($aActionRequest['password2']));
80
        $display_name = strip_tags($admin->StripCodeFromText($aActionRequest['display_name']));
81
        $email = strip_tags($admin->StripCodeFromText($aActionRequest['email']));
82
        $home_folder = strip_tags($admin->StripCodeFromText($aActionRequest['home_folder']));
83 1347 Luisehahne
84 1815 Luisehahne
        // Check values
85
        if($groups_id == "") {
86 2098 darkviper
        	msgQueue::add($oTrans->MESSAGE_USERS_NO_GROUP);
87 1815 Luisehahne
        } else {
88
            $aGroups_id = explode(',', $groups_id);
89
            //if user is in administrator-group, get this group else just get the first one
90
            if($admin->is_group_match($groups_id,'1')) { $group_id = 1; } else { $group_id = intval($aGroups_id[0]); }
91
        }
92 1710 Luisehahne
93 1815 Luisehahne
//$admin->is_group_match($admin->get_groups_id(), '1' )
94
        if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
95
        {
96 2098 darkviper
        	msgQueue::add( $oTrans->MESSAGE_USERS_NAME_INVALID_CHARS);
97 1815 Luisehahne
        }
98 1347 Luisehahne
99 1815 Luisehahne
        if($password != "") {
100
        	if(strlen($password) < $iMinPassLength ) {
101 2098 darkviper
        		msgQueue::add($oTrans->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
102 1815 Luisehahne
        	}
103 1347 Luisehahne
104 1815 Luisehahne
			$pattern = '/[^'.$admin->password_chars.']/';
105
			if (preg_match($pattern, $password)) {
106 2098 darkviper
				msgQueue::add($oTrans->MESSAGE_PREFERENCES_INVALID_CHARS);
107 1815 Luisehahne
        	}
108 1347 Luisehahne
109 1815 Luisehahne
        	if(($password != $password2) ) {
110 2098 darkviper
        		msgQueue::add($oTrans->MESSAGE_USERS_PASSWORD_MISMATCH);
111 1815 Luisehahne
        	}
112
        }
113
// check that display_name is unique in whoole system (prevents from User-faking)
114 2098 darkviper
    	$sql  = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` ';
115 1815 Luisehahne
    	$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"';
116 2098 darkviper
    	if( $oDb->getOne($sql) > 0 ){
117
            msgQueue::add($oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')');
118
            msgQueue::add($oTrans->MESSAGE_MEDIA_CANNOT_RENAME);
119 1815 Luisehahne
        }
120
//
121
		if( ($admin->get_user_id() != '1' ) )
122
		{
123
            if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) {
124 2098 darkviper
                msgQueue::add( $oTrans->TEXT_ERROR.' '.$oTrans->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
125 1815 Luisehahne
            }
126
		}
127 1347 Luisehahne
128 1815 Luisehahne
    	$display_name = ( $display_name == '' ? $olduser['display_name'] : $display_name );
129 1347 Luisehahne
130 1815 Luisehahne
        if($email != "")
131
        {
132
        	if($admin->validate_email($email) == false)
133
            {
134 2098 darkviper
                msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
135 1815 Luisehahne
        	}
136
        } else { // e-mail must be present
137 2098 darkviper
        	msgQueue::add($oTrans->MESSAGE_SIGNUP_NO_EMAIL);
138 1815 Luisehahne
        }
139
140 2098 darkviper
		$sql  = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` '.
141 1815 Luisehahne
                'WHERE `email` LIKE \''.$email.'\' '.
142
                  'AND `user_id` <> '.(int)$user_id;
143
        // Check if the email already exists
144 2098 darkviper
        if( ($iFoundUser = $oDb->getOne($sql)) != null ) {
145 1815 Luisehahne
            if($iFoundUser) {
146 2098 darkviper
            	if(isset($oTrans->MESSAGE_USERS_EMAIL_TAKEN))
147 1815 Luisehahne
                {
148 2098 darkviper
            		msgQueue::add($oTrans->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
149 1815 Luisehahne
            	} else {
150 2098 darkviper
            		msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
151 1815 Luisehahne
            	}
152
            }
153
        }
154
155
        $bRetVal = $user_id;
156
157
// no error then save
158
        if( !msgQueue::getError() )
159
        {
160
            if($admin->is_group_match($groups_id,'1')) { $group_id = 1; $groups_id = '1'; }
161
          // Prevent from renaming user to "admin"
162
            if($username != 'admin') {
163
            	$username_code = ", username = '$username'";
164
            } else {
165
            	$username_code = '';
166
            }
167
168 1823 Luisehahne
            if(defined('HOME_FOLDERS') && HOME_FOLDERS) {
169 1818 Luisehahne
170 1823 Luisehahne
                // Include the WB functions file
171
                if(!function_exists('media_filename')) { require(WB_PATH.'/framework/functions.php'); }
172
173
                // Remove bad characters
174
                $sHomeFolder = WB_PATH.MEDIA_DIRECTORY.'/home/'.( media_filename($username) );
175
                if ( sizeof(createFolderProtectFile( $sHomeFolder )) )
176
                {
177 2098 darkviper
    //            	msgQueue::add($oTrans->MESSAGE_MEDIA_DIR_NOT_MADE);
178 1823 Luisehahne
                }
179 1818 Luisehahne
            }
180
181 2098 darkviper
			$sql  = 'UPDATE `'.$oDb->TablePrefix.'users` SET ';
182 1815 Luisehahne
            // Update the database
183
            if($password == "") {
184 2098 darkviper
                $sql .= '`group_id` = '.intval($group_id).', '.
185
                        '`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
186
                        '`username` = \''.$oDb->escapeString($username).'\', '.
187 1815 Luisehahne
                        '`active` = '.intval($active).', '.
188 2098 darkviper
                        '`display_name` = \''.$oDb->escapeString($display_name).'\', '.
189
                        '`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
190
                        '`email` = \''.$oDb->escapeString($email).'\' '.
191 1815 Luisehahne
                        'WHERE `user_id` = '.intval($user_id).'';
192
193
            } else {
194
195 2098 darkviper
                $sql .= '`group_id` = '.intval($group_id).', '.
196
                        '`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
197
                        '`username` = \''.$oDb->escapeString($username).'\', '.
198 1815 Luisehahne
                        '`password` = \''.md5($password).'\', '.
199
                        '`active` = '.intval($active).', '.
200 2098 darkviper
                        '`display_name` = \''.$oDb->escapeString($display_name).'\', '.
201
                        '`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
202
                        '`email` = \''.$oDb->escapeString($email).'\' '.
203 1815 Luisehahne
                        'WHERE `user_id` = '.intval($user_id).'';
204
205
            }
206 2098 darkviper
            if($oDb->doQuery($sql)) {
207
            	msgQueue::add($oTrans->MESSAGE_USERS_SAVED, true);
208 1815 Luisehahne
                $bRetVal = $user_id;
209
            }
210 2098 darkviper
            if($oDb->isError()) {
211
               msgQueue::add( implode('<br />',explode(';',$oDb->getError())) );
212 1815 Luisehahne
            }
213
       } else {
214 2098 darkviper
            	msgQueue::add($oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
215 1815 Luisehahne
       }
216
217
//        return $admin->getIDKEY($user_id);
218
//if($admin_header) { $admin->print_header(); }
219
        return $bRetVal;
220
    }