| [ Index ] |
PHP Cross Reference of Joomla 1.5.26 DE |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @version $Id: controller.php 16385 2010-04-23 10:44:15Z ian $ 4 * @package Joomla 5 * @subpackage Content 6 * @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. 7 * @license GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant to the 9 * GNU General Public License, and as distributed it includes or is derivative 10 * of works licensed under the GNU General Public License or other free or open 11 * source software licenses. See COPYRIGHT.php for copyright notices and 12 * details. 13 */ 14 15 // Check to ensure this file is included in Joomla! 16 defined('_JEXEC') or die( 'Restricted access' ); 17 18 jimport('joomla.application.component.controller'); 19 20 /** 21 * User Component Controller 22 * 23 * @package Joomla 24 * @subpackage Weblinks 25 * @since 1.5 26 */ 27 class UserController extends JController 28 { 29 /** 30 * Method to display a view 31 * 32 * @access public 33 * @since 1.5 34 */ 35 function display() 36 { 37 parent::display(); 38 } 39 40 function edit() 41 { 42 global $mainframe, $option; 43 44 $db =& JFactory::getDBO(); 45 $user =& JFactory::getUser(); 46 47 if ( $user->get('guest')) { 48 JError::raiseError( 403, JText::_('Access Forbidden') ); 49 return; 50 } 51 52 JRequest::setVar('layout', 'form'); 53 54 parent::display(); 55 } 56 57 function save() 58 { 59 // Check for request forgeries 60 JRequest::checkToken() or jexit( 'Invalid Token' ); 61 62 $user =& JFactory::getUser(); 63 $userid = JRequest::getVar( 'id', 0, 'post', 'int' ); 64 65 // preform security checks 66 if ($user->get('id') == 0 || $userid == 0 || $userid <> $user->get('id')) { 67 JError::raiseError( 403, JText::_('Access Forbidden') ); 68 return; 69 } 70 71 //clean request 72 $post = JRequest::get( 'post' ); 73 $post['username'] = JRequest::getVar('username', '', 'post', 'username'); 74 $post['password'] = JRequest::getVar('password', '', 'post', 'string', JREQUEST_ALLOWRAW); 75 $post['password2'] = JRequest::getVar('password2', '', 'post', 'string', JREQUEST_ALLOWRAW); 76 77 // get the redirect 78 $return = JURI::base(); 79 80 // do a password safety check 81 if(strlen($post['password']) || strlen($post['password2'])) { // so that "0" can be used as password e.g. 82 if($post['password'] != $post['password2']) { 83 $msg = JText::_('PASSWORDS_DO_NOT_MATCH'); 84 // something is wrong. we are redirecting back to edit form. 85 // TODO: HTTP_REFERER should be replaced with a base64 encoded form field in a later release 86 $return = str_replace(array('"', '<', '>', "'"), '', @$_SERVER['HTTP_REFERER']); 87 if (empty($return) || !JURI::isInternal($return)) { 88 $return = JURI::base(); 89 } 90 $this->setRedirect($return, $msg, 'error'); 91 return false; 92 } 93 } 94 95 // we don't want users to edit certain fields so we will unset them 96 unset($post['gid']); 97 unset($post['block']); 98 unset($post['usertype']); 99 unset($post['registerDate']); 100 unset($post['activation']); 101 102 // store data 103 $model = $this->getModel('user'); 104 105 if ($model->store($post)) { 106 $msg = JText::_( 'Your settings have been saved.' ); 107 } else { 108 //$msg = JText::_( 'Error saving your settings.' ); 109 $msg = $model->getError(); 110 } 111 112 113 $this->setRedirect( $return, $msg ); 114 } 115 116 function cancel() 117 { 118 $this->setRedirect( 'index.php' ); 119 } 120 121 function login() 122 { 123 // Check for request forgeries 124 JRequest::checkToken('request') or jexit( 'Invalid Token' ); 125 126 global $mainframe; 127 128 if ($return = JRequest::getVar('return', '', 'method', 'base64')) { 129 $return = base64_decode($return); 130 if (!JURI::isInternal($return)) { 131 $return = ''; 132 } 133 } 134 135 $options = array(); 136 $options['remember'] = JRequest::getBool('remember', false); 137 $options['return'] = $return; 138 139 $credentials = array(); 140 $credentials['username'] = JRequest::getVar('username', '', 'method', 'username'); 141 $credentials['password'] = JRequest::getString('passwd', '', 'post', JREQUEST_ALLOWRAW); 142 143 //preform the login action 144 $error = $mainframe->login($credentials, $options); 145 146 if(!JError::isError($error)) 147 { 148 // Redirect if the return url is not registration or login 149 if ( ! $return ) { 150 $return = 'index.php?option=com_user'; 151 } 152 153 $mainframe->redirect( $return ); 154 } 155 else 156 { 157 // Facilitate third party login forms 158 if ( ! $return ) { 159 $return = 'index.php?option=com_user&view=login'; 160 } 161 162 // Redirect to a login form 163 $mainframe->redirect( $return ); 164 } 165 } 166 167 function logout() 168 { 169 global $mainframe; 170 171 //preform the logout action 172 $error = $mainframe->logout(); 173 174 if(!JError::isError($error)) 175 { 176 if ($return = JRequest::getVar('return', '', 'method', 'base64')) { 177 $return = base64_decode($return); 178 if (!JURI::isInternal($return)) { 179 $return = ''; 180 } 181 } 182 183 // Redirect if the return url is not registration or login 184 if ( $return && !( strpos( $return, 'com_user' )) ) { 185 $mainframe->redirect( $return ); 186 } 187 } else { 188 parent::display(); 189 } 190 } 191 192 /** 193 * Prepares the registration form 194 * @return void 195 */ 196 function register() 197 { 198 $usersConfig = &JComponentHelper::getParams( 'com_users' ); 199 if (!$usersConfig->get( 'allowUserRegistration' )) { 200 JError::raiseError( 403, JText::_( 'Access Forbidden' )); 201 return; 202 } 203 204 $user =& JFactory::getUser(); 205 206 if ( $user->get('guest')) { 207 JRequest::setVar('view', 'register'); 208 } else { 209 $this->setredirect('index.php?option=com_user&task=edit',JText::_('You are already registered.')); 210 } 211 212 parent::display(); 213 } 214 215 /** 216 * Save user registration and notify users and admins if required 217 * @return void 218 */ 219 function register_save() 220 { 221 global $mainframe; 222 223 // Check for request forgeries 224 JRequest::checkToken() or jexit( 'Invalid Token' ); 225 226 // Get required system objects 227 $user = clone(JFactory::getUser()); 228 $pathway =& $mainframe->getPathway(); 229 $config =& JFactory::getConfig(); 230 $authorize =& JFactory::getACL(); 231 $document =& JFactory::getDocument(); 232 233 // If user registration is not allowed, show 403 not authorized. 234 $usersConfig = &JComponentHelper::getParams( 'com_users' ); 235 if ($usersConfig->get('allowUserRegistration') == '0') { 236 JError::raiseError( 403, JText::_( 'Access Forbidden' )); 237 return; 238 } 239 240 // Initialize new usertype setting 241 $newUsertype = $usersConfig->get( 'new_usertype' ); 242 if (!$newUsertype) { 243 $newUsertype = 'Registered'; 244 } 245 246 // Bind the post array to the user object 247 if (!$user->bind( JRequest::get('post'), 'usertype' )) { 248 JError::raiseError( 500, $user->getError()); 249 } 250 251 // Set some initial user values 252 $user->set('id', 0); 253 $user->set('usertype', $newUsertype); 254 $user->set('gid', $authorize->get_group_id( '', $newUsertype, 'ARO' )); 255 256 $date =& JFactory::getDate(); 257 $user->set('registerDate', $date->toMySQL()); 258 259 // If user activation is turned on, we need to set the activation information 260 $useractivation = $usersConfig->get( 'useractivation' ); 261 if ($useractivation == '1') 262 { 263 jimport('joomla.user.helper'); 264 $user->set('activation', JUtility::getHash( JUserHelper::genRandomPassword()) ); 265 $user->set('block', '1'); 266 } 267 268 // If there was an error with registration, set the message and display form 269 if ( !$user->save() ) 270 { 271 JError::raiseWarning('', JText::_( $user->getError())); 272 $this->register(); 273 return false; 274 } 275 276 // Send registration confirmation mail 277 $password = JRequest::getString('password', '', 'post', JREQUEST_ALLOWRAW); 278 $password = preg_replace('/[\x00-\x1F\x7F]/', '', $password); //Disallow control chars in the email 279 UserController::_sendMail($user, $password); 280 281 // Everything went fine, set relevant message depending upon user activation state and display message 282 if ( $useractivation == 1 ) { 283 $message = JText::_( 'REG_COMPLETE_ACTIVATE' ); 284 } else { 285 $message = JText::_( 'REG_COMPLETE' ); 286 } 287 288 $this->setRedirect('index.php', $message); 289 } 290 291 function activate() 292 { 293 global $mainframe; 294 295 // Initialize some variables 296 $db =& JFactory::getDBO(); 297 $user =& JFactory::getUser(); 298 $document =& JFactory::getDocument(); 299 $pathway =& $mainframe->getPathWay(); 300 301 $usersConfig = &JComponentHelper::getParams( 'com_users' ); 302 $userActivation = $usersConfig->get('useractivation'); 303 $allowUserRegistration = $usersConfig->get('allowUserRegistration'); 304 305 // Check to see if they're logged in, because they don't need activating! 306 if ($user->get('id')) { 307 // They're already logged in, so redirect them to the home page 308 $mainframe->redirect( 'index.php' ); 309 } 310 311 if ($allowUserRegistration == '0' || $userActivation == '0') { 312 JError::raiseError( 403, JText::_( 'Access Forbidden' )); 313 return; 314 } 315 316 // create the view 317 require_once (JPATH_COMPONENT.DS.'views'.DS.'register'.DS.'view.html.php'); 318 $view = new UserViewRegister(); 319 320 $message = new stdClass(); 321 322 // Do we even have an activation string? 323 $activation = JRequest::getVar('activation', '', '', 'alnum' ); 324 $activation = $db->getEscaped( $activation ); 325 326 if (empty( $activation )) 327 { 328 // Page Title 329 $document->setTitle( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ) ); 330 // Breadcrumb 331 $pathway->addItem( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' )); 332 333 $message->title = JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ); 334 $message->text = JText::_( 'REG_ACTIVATE_NOT_FOUND' ); 335 $view->assign('message', $message); 336 $view->display('message'); 337 return; 338 } 339 340 // Lets activate this user 341 jimport('joomla.user.helper'); 342 if (JUserHelper::activateUser($activation)) 343 { 344 // Page Title 345 $document->setTitle( JText::_( 'REG_ACTIVATE_COMPLETE_TITLE' ) ); 346 // Breadcrumb 347 $pathway->addItem( JText::_( 'REG_ACTIVATE_COMPLETE_TITLE' )); 348 349 $message->title = JText::_( 'REG_ACTIVATE_COMPLETE_TITLE' ); 350 $message->text = JText::_( 'REG_ACTIVATE_COMPLETE' ); 351 } 352 else 353 { 354 // Page Title 355 $document->setTitle( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ) ); 356 // Breadcrumb 357 $pathway->addItem( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' )); 358 359 $message->title = JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ); 360 $message->text = JText::_( 'REG_ACTIVATE_NOT_FOUND' ); 361 } 362 363 $view->assign('message', $message); 364 $view->display('message'); 365 } 366 367 /** 368 * Password Reset Request Method 369 * 370 * @access public 371 */ 372 function requestreset() 373 { 374 // Check for request forgeries 375 JRequest::checkToken() or jexit( 'Invalid Token' ); 376 377 // Get the input 378 $email = JRequest::getVar('email', null, 'post', 'string'); 379 380 // Get the model 381 $model = &$this->getModel('Reset'); 382 383 // Request a reset 384 if ($model->requestReset($email) === false) 385 { 386 $message = JText::sprintf('PASSWORD_RESET_REQUEST_FAILED', $model->getError()); 387 $this->setRedirect('index.php?option=com_user&view=reset', $message); 388 return false; 389 } 390 391 $this->setRedirect('index.php?option=com_user&view=reset&layout=confirm'); 392 } 393 394 /** 395 * Password Reset Confirmation Method 396 * 397 * @access public 398 */ 399 function confirmreset() 400 { 401 // Check for request forgeries 402 JRequest::checkToken() or jexit( 'Invalid Token' ); 403 404 // Get the input 405 $token = JRequest::getVar('token', null, 'post', 'alnum'); 406 $username = JRequest::getVar('username', null, 'post'); 407 408 // Get the model 409 $model = &$this->getModel('Reset'); 410 411 // Verify the token 412 if ($model->confirmReset($token, $username) !== true) 413 { 414 $message = JText::sprintf('PASSWORD_RESET_CONFIRMATION_FAILED', $model->getError()); 415 $this->setRedirect('index.php?option=com_user&view=reset&layout=confirm', $message); 416 return false; 417 } 418 $this->setRedirect('index.php?option=com_user&view=reset&layout=complete'); 419 } 420 421 /** 422 * Password Reset Completion Method 423 * 424 * @access public 425 */ 426 function completereset() 427 { 428 // Check for request forgeries 429 JRequest::checkToken() or jexit( 'Invalid Token' ); 430 431 // Get the input 432 $password1 = JRequest::getVar('password1', null, 'post', 'string', JREQUEST_ALLOWRAW); 433 $password2 = JRequest::getVar('password2', null, 'post', 'string', JREQUEST_ALLOWRAW); 434 435 // Get the model 436 $model = &$this->getModel('Reset'); 437 438 // Reset the password 439 if ($model->completeReset($password1, $password2) === false) 440 { 441 $message = JText::sprintf('PASSWORD_RESET_FAILED', $model->getError()); 442 $this->setRedirect('index.php?option=com_user&view=reset&layout=complete', $message); 443 return false; 444 } 445 446 $message = JText::_('PASSWORD_RESET_SUCCESS'); 447 $this->setRedirect('index.php?option=com_user&view=login', $message); 448 } 449 450 /** 451 * Username Reminder Method 452 * 453 * @access public 454 */ 455 function remindusername() 456 { 457 // Check for request forgeries 458 JRequest::checkToken() or jexit( 'Invalid Token' ); 459 460 // Get the input 461 $email = JRequest::getVar('email', null, 'post', 'string'); 462 463 // Get the model 464 $model = &$this->getModel('Remind'); 465 466 // Send the reminder 467 if ($model->remindUsername($email) === false) 468 { 469 $message = JText::sprintf('USERNAME_REMINDER_FAILED', $model->getError()); 470 $this->setRedirect('index.php?option=com_user&view=remind', $message); 471 return false; 472 } 473 474 $message = JText::sprintf('USERNAME_REMINDER_SUCCESS', $email); 475 $this->setRedirect('index.php?option=com_user&view=login', $message); 476 } 477 478 function _sendMail(&$user, $password) 479 { 480 global $mainframe; 481 482 $db =& JFactory::getDBO(); 483 484 $name = $user->get('name'); 485 $email = $user->get('email'); 486 $username = $user->get('username'); 487 488 $usersConfig = &JComponentHelper::getParams( 'com_users' ); 489 $sitename = $mainframe->getCfg( 'sitename' ); 490 $useractivation = $usersConfig->get( 'useractivation' ); 491 $mailfrom = $mainframe->getCfg( 'mailfrom' ); 492 $fromname = $mainframe->getCfg( 'fromname' ); 493 $siteURL = JURI::base(); 494 495 $subject = sprintf ( JText::_( 'Account details for' ), $name, $sitename); 496 $subject = html_entity_decode($subject, ENT_QUOTES); 497 498 if ( $useractivation == 1 ){ 499 $message = sprintf ( JText::_( 'SEND_MSG_ACTIVATE' ), $name, $sitename, $siteURL."index.php?option=com_user&task=activate&activation=".$user->get('activation'), $siteURL, $username, $password); 500 } else { 501 $message = sprintf ( JText::_( 'SEND_MSG' ), $name, $sitename, $siteURL); 502 } 503 504 $message = html_entity_decode($message, ENT_QUOTES); 505 506 //get all super administrator 507 $query = 'SELECT name, email, sendEmail' . 508 ' FROM #__users' . 509 ' WHERE LOWER( usertype ) = "super administrator"'; 510 $db->setQuery( $query ); 511 $rows = $db->loadObjectList(); 512 513 // Send email to user 514 if ( ! $mailfrom || ! $fromname ) { 515 $fromname = $rows[0]->name; 516 $mailfrom = $rows[0]->email; 517 } 518 519 JUtility::sendMail($mailfrom, $fromname, $email, $subject, $message); 520 521 // Send notification to all administrators 522 $subject2 = sprintf ( JText::_( 'Account details for' ), $name, $sitename); 523 $subject2 = html_entity_decode($subject2, ENT_QUOTES); 524 525 // get superadministrators id 526 foreach ( $rows as $row ) 527 { 528 if ($row->sendEmail) 529 { 530 $message2 = sprintf ( JText::_( 'SEND_MSG_ADMIN' ), $row->name, $sitename, $name, $email, $username); 531 $message2 = html_entity_decode($message2, ENT_QUOTES); 532 JUtility::sendMail($mailfrom, $fromname, $row->email, $subject2, $message2); 533 } 534 } 535 } 536 } 537 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Mar 28 15:54:07 2012 | Cross-referenced by PHPXref 0.7.1 |