首页 发现 帮助
登录
nightflyza
/
Ubilling
镜像自地址 https://github.com/nightflyza/Ubilling.git
关注 1
点赞 1
派生 0
文件 工单管理 Wiki
目录树: 52836cd5c5
分支列表 标签列表
Ubilling
/
modules
/
system
/
user-classes.php

user-classes.php 25 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647 
  1. <?php
    2. 

  2. 

  3. ////////////////////////////////////////////////////////////////////////////////
    4. 

  4. //   Copyright (C) ReloadCMS Development Team                                 //
    5. 

  5. //   http://reloadcms.sf.net                                                  //
    6. 

  6. //                                                                            //
    7. 

  7. //   This program is distributed in the hope that it will be useful,          //
    8. 

  8. //   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
    9. 

  9. //   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
    10. 

  10. //                                                                            //
    11. 

  11. //   This product released under GNU General Public License v2                //
    12. 

  12. ////////////////////////////////////////////////////////////////////////////////
    13. 

  13. 

  14. class rcms_access {
    15. 

  15. 

  16.     var $rights_database = array();
    17. 

  17.     var $rights = array();
    18. 

  18.     var $root = false;
    19. 

  19.     var $level = 0;
    20. 

  20. 

  21.     function initialiseAccess($rights, $level) {
    22. 

  22.         $this->rights = array();
    23. 

  23.         $this->root = false;
    24. 

  24.         if ($rights !== '*') {
    25. 

  25.             preg_match_all('/\|(.*?)\|/', $rights, $rights_r);
    26. 

  26.             foreach ($rights_r[1] as $right) {
    27. 

  27.                 $this->rights[$right] = (empty($this->rights_database[$right])) ? ' ' : $this->rights_database[$right];
    28. 

  28.             }
    29. 

  29.         } else {
    30. 

  30.             $this->root = true;
    31. 

  31.         }
    32. 

  32.         $this->level = $level;
    33. 

  33.         return true;
    34. 

  34.     }
    35. 

  35. 

  36.     /**
    37. 

  37.      * @param string $right
    38. 

  38.      * @return boolean
    39. 

  39.      * @desc Check if user have specified right
    40. 

  40.      */
    41. 

  41.     function checkForRight($right = '-any-', $username = '') {
    42. 

  42.         if (empty($username)) {
    43. 

  43.             $rights = &$this->rights;
    44. 

  44.             $root = &$this->root;
    45. 

  45.         } else {
    46. 

  46.             if (!$this->getRightsForUser($username, $rights, $root, $level)) {
    47. 

  47.                 return false;
    48. 

  48.             }
    49. 

  49.         }
    50. 

  50.         return $root || ($right == '-any-' && !empty($rights)) || !empty($rights[$right]);
    51. 

  51.     }
    52. 

  52. 

  53.     function getRightsForUser($username, &$rights, &$root, &$level) {
    54. 

  54.         if (!($userdata = $this->getUserData($username)))
    55. 

  55.             return false;
    56. 

  56.         if (!empty($this->config['registered_accesslevel'])) {
    57. 

  57.             $level = (int) $this->config['registered_accesslevel'];
    58. 

  58.             if (!isset($userdata['accesslevel']) || $level > $userdata['accesslevel']) {
    59. 

  59.                 $userdata['accesslevel'] = $level;
    60. 

  60.             }
    61. 

  61.         }
    62. 

  62.         $rights = array();
    63. 

  63.         $root = false;
    64. 

  64.         if ($userdata['admin'] !== '*') {
    65. 

  65.             preg_match_all('/\|(.*?)\|/', $userdata['admin'], $rights_r);
    66. 

  66.             foreach ($rights_r[1] as $right) {
    67. 

  67.                 $rights[$right] = (empty($this->rights_database[$right])) ? ' ' : $this->rights_database[$right];
    68. 

  68.             }
    69. 

  69.         } else {
    70. 

  70.             $root = true;
    71. 

  71.         }
    72. 

  72.         $level = (int) @$userdata['accesslevel'];
    73. 

  73.         return true;
    74. 

  74.     }
    75. 

  75. 

  76.     function setRightsForUser($username, $rights, $root = false, $level = 0) {
    77. 

  77.         if (empty($rights))
    78. 

  78.             $rights = array();
    79. 

  79.         if (!empty($this->config['registered_accesslevel'])) {
    80. 

  80.             $reg_level = (int) $this->config['registered_accesslevel'];
    81. 

  81.             if ($level === '') {
    82. 

  82.                 $userdata['accesslevel'] = $reg_level;
    83. 

  83.             }
    84. 

  84.         }
    85. 

  85.         if ($root) {
    86. 

  86.             $rights_string = '*';
    87. 

  87.         } else {
    88. 

  88.             $rights_string = '';
    89. 

  89.             if (is_array($rights)) {
    90. 

  90.                 foreach ($rights as $right => $cond) {
    91. 

  91.                     if ($cond)
    92. 

  92.                         $rights_string .= '|' . $right . '|';
    93. 

  93.                 }
    94. 

  94.             }
    95. 

  95.         }
    96. 

  96.         user_change_field($username, 'admin', $rights_string);
    97. 

  97.         user_change_field($username, 'accesslevel', $level);
    98. 

  98.         return true;
    99. 

  99.     }
    100. 

  100. }
    101. 

  101. 

  102. class rcms_user_cache {
    103. 

  103. 

  104.     var $cache_filename = 'users.cache.dat';
    105. 

  105.     var $cache = array();
    106. 

  106. 

  107.     public function __construct() {
    108. 

  108.         if (!is_file(DATA_PATH . $this->cache_filename)) {
    109. 

  109.             $this->cache = array();
    110. 

  110.         } else {
    111. 

  111.             if (!($this->cache = @unserialize(@file_get_contents(DATA_PATH . 'users.cache.dat')))) {
    112. 

  112.                 $this->cache = array();
    113. 

  113.             }
    114. 

  114.         }
    115. 

  115.     }
    116. 

  116. 

  117.     function save() {
    118. 

  118.         file_write_contents(DATA_PATH . $this->cache_filename, serialize($this->cache));
    119. 

  119.     }
    120. 

  120. 

  121.     function registerUser($username, $usernick, $email) {
    122. 

  122.         $this->cache['nicks'][$username] = $usernick;
    123. 

  123.         $this->cache['mails'][$username] = $email;
    124. 

  124.         $this->save();
    125. 

  125.         return true;
    126. 

  126.     }
    127. 

  127. 

  128.     function getUser($field, $value) {
    129. 

  129.         return array_search($value, $this->cache[$field]);
    130. 

  130.     }
    131. 

  131. 

  132.     function removeUser($username) {
    133. 

  133.         if (!empty($this->cache['nicks'][$username])) {
    134. 

  134.             $this->cache['nicks'][$username] = '';
    135. 

  135.             unset($this->cache['nicks'][$username]);
    136. 

  136.         }
    137. 

  137.         if (!empty($this->cache['mails'][$username])) {
    138. 

  138.             $this->cache['mails'][$username] = '';
    139. 

  139.             unset($this->cache['mails'][$username]);
    140. 

  140.         }
    141. 

  141.         $this->save();
    142. 

  142.         return true;
    143. 

  143.     }
    144. 

  144. 

  145.     function checkField($field, $value) {
    146. 

  146.         if (empty($this->cache[$field]))
    147. 

  147.             return true;
    148. 

  148.         return !in_array_i($value, $this->cache[$field]);
    149. 

  149.     }
    150. 

  150. }
    151. 

  151. 

  152. define('USERS_ALLOW_CHANGE', 0);
    153. 

  153. define('USERS_ALLOW_SET', 1);
    154. 

  154. define('USERS_DISALLOW_CHANGE', 2);
    155. 

  155. define('USERS_DISALLOW_CHANGE_ALL', 3);
    156. 

  156. 

  157. class rcms_user extends rcms_access {
    158. 

  158. 

  159.     var $profile_fields = array();
    160. 

  160.     var $profile_defaults = array();
    161. 

  161. 

  162.     /**
    163. 

  163.      * This property indicates if user is registered or just a guest
    164. 

  164.      *
    165. 

  165.      * @access public
    166. 

  166.      * @var boolean
    167. 

  167.      */
    168. 

  168.     var $logged_in = false;
    169. 

  169. 

  170.     /**
    171. 

  171.      * This array contain data from user's profile
    172. 

  172.      *
    173. 

  173.      * @access public
    174. 

  174.      * @var array
    175. 

  175.      */
    176. 

  176.     var $user = array();
    177. 

  177. 

  178.     /**
    179. 

  179.      * Name for user cookie
    180. 

  180.      *
    181. 

  181.      * @access private
    182. 

  182.      * @var string
    183. 

  183.      */
    184. 

  184.     var $cookie_user = 'ubilling_user';
    185. 

  185.     var $users_cache = null;
    186. 

  186. 

  187.     /**
    188. 

  188.      * @return boolean
    189. 

  189.      * @param string $skipcheck Use this parameter to skip userdata checks
    190. 

  190.      * @desc This function is an internal private function for class rcms_system
    191. 

  191.       and must not be used externally. This function initialize user and
    192. 

  192.       load his profile to object.
    193. 

  193.      */
    194. 

  194.     function initializeUser($skipcheck = false) {
    195. 

  195.         $this->users_cache = new rcms_user_cache();
    196. 

  196. 

  197.         $this->data['apf'] = parse_ini_file(CONFIG_PATH . 'users.fields.ini');
    198. 

  198.         // Enter access levels for fields here
    199. 

  199.         $this->profile_fields = array(
    200. 

  200.             'hideemail' => USERS_ALLOW_CHANGE,
    201. 

  201.             'admin' => USERS_DISALLOW_CHANGE_ALL,
    202. 

  202.             'tz' => USERS_ALLOW_CHANGE,
    203. 

  203.             'accesslevel' => USERS_DISALLOW_CHANGE_ALL,
    204. 

  204.             'last_prr' => USERS_DISALLOW_CHANGE_ALL,
    205. 

  205.             'blocked' => USERS_DISALLOW_CHANGE
    206. 

  206.         );
    207. 

  207.         foreach ($this->data['apf'] as $field => $desc) {
    208. 

  208.             $this->profile_fields[$field] = USERS_ALLOW_CHANGE;
    209. 

  209.         }
    210. 

  210.         $this->profile_defaults = array('hideemail' => 0, 'admin' => ' ', 'tz' => 0, 'accesslevel' => 0, 'blocked' => 0, 'last_prr' => 0);
    211. 

  211. 

  212.         // Load default guest userdata
    213. 

  213.         $this->user = array('nickname' => __('Guest'), 'username' => 'guest', 'admin' => '', 'tz' => (int) @$this->config['default_tz'], 'accesslevel' => 0);
    214. 

  214.         $this->initialiseAccess($this->user['admin'], (int) @$userdata['accesslevel']);
    215. 

  215. 

  216.         // Ability for guests to enter nick
    217. 

  217.         $gst_nickTmp = @$_POST['gst_nick'];
    218. 

  218.         if (!empty($gst_nickTmp)) {
    219. 

  219.             $_POST['gst_nick'] = substr(trim($gst_nickTmp), 0, 32);
    220. 

  220.         }
    221. 

  221.         if (!empty($_POST['gst_nick']) && !$this->logged_in) {
    222. 

  222.             $this->user['nickname'] = $_POST['gst_nick'];
    223. 

  223.             setcookie('reloadcms_nick', $this->user['nickname']);
    224. 

  224.             $_COOKIE['reloadcms_nick'] = $this->user['nickname'];
    225. 

  225.         } elseif (!$this->logged_in && !empty($_COOKIE['reloadcms_nick'])) {
    226. 

  226.             $this->user['nickname'] = substr(trim($_COOKIE['reloadcms_nick']), 0, 32);
    227. 

  227.         }
    228. 

  228.         if (!$this->users_cache->checkField('nicks', $this->user['nickname'])) {
    229. 

  229.             $this->user['nickname'] = __('Guest');
    230. 

  230.             setcookie('reloadcms_nick', '', time() - 16000);
    231. 

  231.             unset($_COOKIE['reloadcms_nick']);
    232. 

  232.         }
    233. 

  233. 

  234.         // Secure the nickname
    235. 

  235.         $this->user['nickname'] = htmlspecialchars($this->user['nickname']);
    236. 

  236. 

  237.         // If user cookie is not present we exiting without error
    238. 

  238.         if (empty($_COOKIE[$this->cookie_user])) {
    239. 

  239.             $this->logged_in = false;
    240. 

  240.             return true;
    241. 

  241.         }
    242. 

  242. 

  243.         // So we have a cookie, let's extract data from it
    244. 

  244.         if (is_string($_COOKIE[$this->cookie_user])) {
    245. 

  245.             $cookie_data = explode(':', $_COOKIE[$this->cookie_user], 2);
    246. 

  246.         } else {
    247. 

  247.             $cookie_data=array();
    248. 

  248.         }
    249. 

  249. 

  250.         if (!$skipcheck) {
    251. 

  251.             // If this cookie is invalid - we exiting destroying cookie and exiting with error
    252. 

  252.             if (sizeof($cookie_data) != 2) {
    253. 

  253.                 setcookie($this->cookie_user, '', time() - 3600);
    254. 

  254.                 return false;
    255. 

  255.             }
    256. 

  256.             // Now we must validate user's data
    257. 

  257.             if (!$this->checkUserData($cookie_data[0], $cookie_data[1], 'user_init', true, $this->user)) {
    258. 

  258.                 setcookie($this->cookie_user, '', time() - 3600);
    259. 

  259.                 $this->logged_in = false;
    260. 

  260.                 return false;
    261. 

  261.             }
    262. 

  262.         }
    263. 

  263. 

  264.         $userdata = $this->getUserData($cookie_data[0]);
    265. 

  265.         if ($userdata == false) {
    266. 

  266.             setcookie($this->cookie_user, '', time() - 3600);
    267. 

  267.             $this->logged_in = false;
    268. 

  268.             return false;
    269. 

  269.         }
    270. 

  270.         $this->user = $userdata;
    271. 

  271.         $this->logged_in = true;
    272. 

  272. 

  273.         if (!empty($this->config['registered_accesslevel'])) {
    274. 

  274.             $level = (int) $this->config['registered_accesslevel'];
    275. 

  275.             if (!isset($userdata['accesslevel'])) {
    276. 

  276.                 $this->user['accesslevel'] = $level;
    277. 

  277.             }
    278. 

  278.         }
    279. 

  279. 

  280.         // Initialise access levels
    281. 

  281.         $this->initialiseAccess($this->user['admin'], (int) @$this->user['accesslevel']);
    282. 

  282. 

  283.         // Secure the nickname
    284. 

  284.         $this->user['nickname'] = htmlspecialchars($this->user['nickname']);
    285. 

  285. 

  286.         return true;
    287. 

  287.     }
    288. 

  288. 

  289.     /**
    290. 

  290.      * @return boolean
    291. 

  291.      * @param string $username
    292. 

  292.      * @param string $password
    293. 

  293.      * @param string $report_to
    294. 

  294.      * @param boolean $hash
    295. 

  295.      * @param link $userdata
    296. 

  296.      * @desc This function is an internal private function for class rcms_system
    297. 

  297.       and must not be used externally. This function check user's data and
    298. 

  298.       validate his data file.
    299. 

  299.      */
    300. 

  300.     function checkUserData($username, $password, $report_to, $hash, &$userdata) {
    301. 

  301.         if (preg_replace("/[\d\w]+/i", "", $username) != "") {
    302. 

  302.             $this->results[$report_to] = __('Invalid username');
    303. 

  303.             return false;
    304. 

  304.         }
    305. 

  305.         // If login is not exists - we exiting with error
    306. 

  306.         if (!is_file(USERS_PATH . $username)) {
    307. 

  307.             $this->results[$report_to] = __('There are no user with this username');
    308. 

  308.             return false;
    309. 

  309.         }
    310. 

  310.         // So all is ok. Let's load userdata
    311. 

  311.         $result = $this->getUserData($username);
    312. 

  312.         // If userdata is invalid we must exit with error
    313. 

  313.         if (empty($result))
    314. 

  314.             return false;
    315. 

  315.         // If password is invalid - exit with error
    316. 

  316.         if ((!$hash && md5($password) !== $result['password']) || ($hash && $password !== $result['password'])) {
    317. 

  317.             $this->results[$report_to] = __('Invalid password');
    318. 

  318.             return false;
    319. 

  319.         }
    320. 

  320.         // If user is blocked - exit with error
    321. 

  321.         if (@$result['blocked']) {
    322. 

  322.             $this->results[$report_to] = __('This account has been blocked by administrator');
    323. 

  323.             return false;
    324. 

  324.         }
    325. 

  325.         $userdata = $result;
    326. 

  326.         return true;
    327. 

  327.     }
    328. 

  328. 

  329.     /**
    330. 

  330.      * @return boolean
    331. 

  331.      * @param string $username
    332. 

  332.      * @param string $password
    333. 

  333.      * @param boolean $remember
    334. 

  334.      * @desc This function check user's data and log in him.
    335. 

  335.      */
    336. 

  336.     function logInUser($username, $password, $remember) {
    337. 

  337.         $username = basename($username);
    338. 

  338.         if ($username == 'guest')
    339. 

  339.             return false;
    340. 

  340.         if (!$this->logged_in && $this->checkUserData($username, $password, 'user_login', false, $userdata)) {
    341. 

  341.             rcms_log_put('Notification', $this->user['username'], 'Logged in as ' . $username);
    342. 

  342.             // OK... Let's allow user to log in :)
    343. 

  343.             setcookie($this->cookie_user, $username . ':' . $userdata['password'], ($remember) ? time() + 3600 * 24 * 365 : 0);
    344. 

  344.             $_COOKIE[$this->cookie_user] = $username . ':' . $userdata['password'];
    345. 

  345.             $this->initializeUser(true);
    346. 

  346.             return true;
    347. 

  347.         } else {
    348. 

  348.             if (!$this->logged_in) {
    349. 

  349.                 rcms_log_put('Notification', $this->user['username'], 'Attempted to log in as ' . $username);
    350. 

  350.             }
    351. 

  351.             return false;
    352. 

  352.         }
    353. 

  353.     }
    354. 

  354. 

  355.     /**
    356. 

  356.      * @return boolean
    357. 

  357.      * @desc This function log out user from system and destroys his cookie.
    358. 

  358.      */
    359. 

  359.     function logOutUser() {
    360. 

  360.         if ($this->logged_in) {
    361. 

  361.             //normal user logout
    362. 

  362.             if (!@$_COOKIE['ghost_user']) {
    363. 

  363.                 rcms_log_put('Notification', $this->user['username'], 'Logged out');
    364. 

  364.                 setcookie($this->cookie_user, '', time() - 3600);
    365. 

  365.                 $_COOKIE[$this->cookie_user] = '';
    366. 

  366.                 $this->initializeUser(false);
    367. 

  367.             } else {
    368. 

  368.                 //ghostmode logout
    369. 

  369.                 $this->deinitGhostMode();
    370. 

  370.             }
    371. 

  371.             return true;
    372. 

  372.         }
    373. 

  373.     }
    374. 

  374. 

  375.     /**
    376. 

  376.      * Deinits ghost mode for current ghost administrator
    377. 

  377.      * 
    378. 

  378.      * @return void
    379. 

  379.      */
    380. 

  380.     function deinitGhostMode() {
    381. 

  381.         global $system;
    382. 

  382.         if (@$_COOKIE['ghost_user']) {
    383. 

  383.             $myLogin = $this->user['username'];
    384. 

  384.             $ghostData = explode(':', $_COOKIE['ghost_user']);
    385. 

  385.             //cleanup ghostmode data
    386. 

  386.             setcookie('ghost_user', '', 0);
    387. 

  387.             $_COOKIE['ghost_user'] = '';
    388. 

  388. 

  389.             //login of another admin
    390. 

  390.             rcms_log_put('Notification', $ghostData[0], 'Ghost logged out as ' . $myLogin);
    391. 

  391.             setcookie('ubilling_user', $ghostData[0] . ':' . $ghostData[1], 0);
    392. 

  392.             $_COOKIE['ubilling_user'] = $ghostData[0] . ':' . $ghostData[1];
    393. 

  393.         }
    394. 

  394.     }
    395. 

  395. 

  396.     function registerUser($username, $nickname, $password, $confirm, $email, $userdata) {
    397. 

  397.         $username = basename($username);
    398. 

  398.         $nickname = empty($nickname) ? $username : substr(trim($nickname), 0, 32);
    399. 

  399. 

  400.         if (empty($username) || preg_replace("/[\d\w]+/i", '', $username) != '' || strlen($username) > 32 || $username == 'guest') {
    401. 

  401.             $this->results['registration'] = __('Invalid username');
    402. 

  402.             return false;
    403. 

  403.         }
    404. 

  404. 

  405.         if (is_file(USERS_PATH . $username)) {
    406. 

  406.             $this->results['registration'] = __('User with this username already exists');
    407. 

  407.             return false;
    408. 

  408.         }
    409. 

  409. 

  410.         if (!user_check_nick_in_cache($username, $nickname, $cache)) {
    411. 

  411.             $this->results['registration'] = __('User with this nickname already exists');
    412. 

  412.             return false;
    413. 

  413.         }
    414. 

  414. 

  415.         if (empty($email) || !rcms_is_valid_email($email)) {
    416. 

  416.             $this->results['registration'] = __('Invalid e-mail address');
    417. 

  417.             return false;
    418. 

  418.         }
    419. 

  419. 

  420.         if (!user_check_email_in_cache($username, $email, $cache)) {
    421. 

  421.             $this->results['registration'] = __('This e-mail address already registered');
    422. 

  422.             return false;
    423. 

  423.         }
    424. 

  424. 

  425.         if (!empty($this->config['regconf']))
    426. 

  426.             $password = $confirm = rcms_random_string(8);
    427. 

  427.         if (empty($password) || empty($confirm) || $password != $confirm) {
    428. 

  428.             $this->results['registration'] = __('Password doesnot match it\'s confirmation');
    429. 

  429.             return false;
    430. 

  430.         }
    431. 

  431. 

  432.         // If our user is first - we must set him an admin rights
    433. 

  433.         $_userdata['admin'] = (sizeof(rcms_scandir(USERS_PATH)) == 0) ? '*' : ' ';
    434. 

  434. 

  435.         // Also we must set a md5 hash of user's password to userdata
    436. 

  436.         $_userdata['password'] = md5($password);
    437. 

  437.         $_userdata['nickname'] = $nickname;
    438. 

  438.         $_userdata['username'] = $username;
    439. 

  439.         $_userdata['email'] = $email;
    440. 

  440. 

  441.         // Parse some system fields
    442. 

  442.         $userdata['hideemail'] = empty($userdata['hideemail']) ? '0' : '1';
    443. 

  443.         $userdata['tz'] = (float) @$userdata['tz'];
    444. 

  444. 

  445.         foreach ($this->profile_fields as $field => $acc) {
    446. 

  446.             if ($acc <= USERS_ALLOW_SET || $acc == USERS_ALLOW_CHANGE) {
    447. 

  447.                 if (!isset($userdata[$field])) {
    448. 

  448.                     $userdata[$field] = $this->profile_defaults[$field];
    449. 

  449.                 } else {
    450. 

  450.                     $_userdata[$field] = strip_tags(trim($userdata[$field]));
    451. 

  451.                 }
    452. 

  452.             }
    453. 

  453.         }
    454. 

  454.         foreach ($this->data['apf'] as $field => $desc) {
    455. 

  455.             $_userdata[$field] = strip_tags(trim($userdata[$field]));
    456. 

  456.         }
    457. 

  457. 

  458.         if (!file_write_contents(USERS_PATH . $username, serialize($_userdata))) {
    459. 

  459.             $this->results['registration'] = __('Cannot save profile');
    460. 

  460.             return false;
    461. 

  461.         }
    462. 

  462. 

  463.         user_register_in_cache($username, $nickname, $email, $cache);
    464. 

  464. 

  465.         if (!empty($this->config['regconf'])) {
    466. 

  466.             $site_url = parse_url($this->url);
    467. 

  467.             rcms_send_mail($email, 'no_reply@' . $site_url['host'], __('Password'), $this->config['encoding'], __('Your password at') . ' ' . $site_url['host'], __('Your username at') . ' ' . $site_url['host'] . ': ' . $username . "\r\n" . __('Your password at') . ' ' . $site_url['host'] . ': ' . $password);
    468. 

  468.         }
    469. 

  469. 

  470.         $this->results['registration'] = __('Registration complete. You can now login with your username and password.');
    471. 

  471.         rcms_log_put('Notification', $this->user['username'], 'Registered account ' . $username);
    472. 

  472.         return true;
    473. 

  473.     }
    474. 

  474. 

  475.     function updateUser($username, $nickname, $password, $confirm, $email, $userdata, $admin = false) {
    476. 

  476.         $username = basename($username);
    477. 

  477.         $nickname = empty($nickname) ? $username : substr(strip_tags($nickname), 0, 20);
    478. 

  478. 

  479.         if (empty($username) || preg_replace("/[\d\w]+/i", '', $username) != '') {
    480. 

  480.             $this->results['profileupdate'] = __('Invalid username');
    481. 

  481.             return false;
    482. 

  482.         }
    483. 

  483.         if ($username == 'guest')
    484. 

  484.             return false;
    485. 

  485. 

  486.         if (!is_file(USERS_PATH . $username)) {
    487. 

  487.             $this->results['profileupdate'] = __('There is no user with this name');
    488. 

  488.             return false;
    489. 

  489.         }
    490. 

  490. 

  491.         user_remove_from_cache($username, $cache);
    492. 

  492.         if (!($_userdata = $this->getUserData($username))) {
    493. 

  493.             $this->results['profileupdate'] = __('Cannot open profile');
    494. 

  494.             return false;
    495. 

  495.         }
    496. 

  496. 

  497.         if (!user_check_nick_in_cache($username, $nickname, $cache)) {
    498. 

  498.             $this->results['profileupdate'] = __('User with this nickname already exists');
    499. 

  499.             return false;
    500. 

  500.         }
    501. 

  501. 

  502.         if (empty($email) || !rcms_is_valid_email($email)) {
    503. 

  503.             $this->results['profileupdate'] = __('Invalid e-mail address');
    504. 

  504.             return false;
    505. 

  505.         }
    506. 

  506. 

  507.         if (!user_check_email_in_cache($username, $email, $cache)) {
    508. 

  508.             $this->results['profileupdate'] = __('This e-mail address already registered');
    509. 

  509.             return false;
    510. 

  510.         }
    511. 

  511. 

  512.         if (!empty($password) && !empty($confirm) && $password != $confirm) {
    513. 

  513.             $this->results['profileupdate'] = __('Password doesnot match it\'s confirmation');
    514. 

  514.             return false;
    515. 

  515.         }
    516. 

  516. 

  517.         // Also we must set a md5 hash of user's password to userdata
    518. 

  518.         $_userdata['password'] = (empty($password)) ? $_userdata['password'] : md5($password);
    519. 

  519.         $_userdata['nickname'] = $nickname;
    520. 

  520.         $_userdata['email'] = $email;
    521. 

  521. 

  522.         // Parse some system fields
    523. 

  523.         $userdata['hideemail'] = empty($userdata['hideemail']) ? '0' : '1';
    524. 

  524.         $userdata['tz'] = (float) $userdata['tz'];
    525. 

  525.         $userdata['accesslevel'] = (int) @$userdata['accesslevel'];
    526. 

  526. 

  527.         foreach ($this->profile_fields as $field => $acc) {
    528. 

  528.             if (($admin && $acc < USERS_DISALLOW_CHANGE_ALL) || $acc <= USERS_ALLOW_SET || $acc == USERS_ALLOW_CHANGE) {
    529. 

  529.                 if (!isset($userdata[$field])) {
    530. 

  530.                     $userdata[$field] = $this->profile_defaults[$field];
    531. 

  531.                 } else {
    532. 

  532.                     $_userdata[$field] = strip_tags(trim($userdata[$field]));
    533. 

  533.                 }
    534. 

  534.             }
    535. 

  535.         }
    536. 

  536.         foreach ($this->data['apf'] as $field => $desc) {
    537. 

  537.             $_userdata[$field] = strip_tags(trim($userdata[$field]));
    538. 

  538.         }
    539. 

  539. 

  540.         if (!file_write_contents(USERS_PATH . $username, serialize($_userdata))) {
    541. 

  541.             $this->results['profileupdate'] = __('Cannot save profile');
    542. 

  542.             return false;
    543. 

  543.         }
    544. 

  544. 

  545.         user_register_in_cache($username, $nickname, $email, $cache);
    546. 

  546.         $this->results['profileupdate'] = __('Profile updated');
    547. 

  547.         if ($this->user['username'] == $username) {
    548. 

  548.             $this->user = $_userdata;
    549. 

  549.         }
    550. 

  550.         rcms_log_put('Notification', $this->user['username'], 'Updated userinfo for ' . $username);
    551. 

  551.         return true;
    552. 

  552.     }
    553. 

  553. 

  554.     function recoverPassword($username, $email) {
    555. 

  555.         $username = basename($username);
    556. 

  556.         if (!($data = $this->getUserData($username))) {
    557. 

  557.             $this->results['passrec'] = __('Cannot open profile');
    558. 

  558.             return false;
    559. 

  559.         }
    560. 

  560.         if ($email != $data['email']) {
    561. 

  561.             $this->results['passrec'] = __('Your e-mail doesn\'t match e-mail in profile');
    562. 

  562.             return false;
    563. 

  563.         }
    564. 

  564.         $new_password = rcms_random_string(8);
    565. 

  565.         $site_url = parse_url($this->url);
    566. 

  566.         $time = time();
    567. 

  567.         if (!empty($data['last_prr']) && !empty($this->config['pr_flood']) && (int) $time <= ((int) $data['last_prr'] + (int) $this->config['pr_flood'])) {
    568. 

  568.             $this->results['passrec'] = __('Too many requests in limited period of time. Try later.');
    569. 

  569.             $data['last_prr'] = time();
    570. 

  570.             if (!file_write_contents(USERS_PATH . $username, serialize($data))) {
    571. 

  571.                 $this->results['passrec'] .= '<br />' . __('Cannot save profile');
    572. 

  572.             }
    573. 

  573.             rcms_log_put('Notification', $this->user['username'], 'Attempted to recover password for ' . $username);
    574. 

  574.             return false;
    575. 

  575.         }
    576. 

  576. 

  577.         if (rcms_send_mail($email, 'no_reply@' . $site_url['host'], __('Password'), $this->config['encoding'], __('Your new password at') . ' ' . $site_url['host'], __('Your username at') . ' ' . $site_url['host'] . ': ' . $username . "\r\n" . __('Your new password at') . ' ' . $site_url['host'] . ': ' . $new_password)) {
    578. 

  578.             $data['password'] = md5($new_password);
    579. 

  579.             $data['last_prr'] = $time;
    580. 

  580.             if (!file_write_contents(USERS_PATH . $username, serialize($data))) {
    581. 

  581.                 $this->results['passrec'] = __('Cannot save profile');
    582. 

  582.                 return false;
    583. 

  583.             }
    584. 

  584.             $this->results['passrec'] = __('New password has been sent to your e-mail');
    585. 

  585.             rcms_log_put('Notification', $this->user['username'], 'Recovered password for ' . $username);
    586. 

  586.             return true;
    587. 

  587.         } else {
    588. 

  588.             rcms_log_put('Notification', $this->user['username'], 'Recovered password for ' . $username . '" (BUT E-MAIL WAS NOT SENT)');
    589. 

  589.             $this->results['passrec'] = __('Cannot send e-mail');
    590. 

  590.             return false;
    591. 

  591.         }
    592. 

  592.     }
    593. 

  593. 

  594.     function getUserData($username) {
    595. 

  595.         $result = @unserialize(@file_get_contents(USERS_PATH . basename($username)));
    596. 

  596.         if (empty($result))
    597. 

  597.             return false;
    598. 

  598.         else
    599. 

  599.             return $result;
    600. 

  600.     }
    601. 

  601. 

  602.     function getUserList($expr = '*', $id_field = '') {
    603. 

  603.         $return = array();
    604. 

  604.         $users = rcms_scandir(USERS_PATH, $expr);
    605. 

  605.         foreach ($users as $user) {
    606. 

  606.             if ($data = $this->getUserData($user)) {
    607. 

  607.                 if (!empty($id_field) && !empty($data[$id_field])) {
    608. 

  608.                     $return[$data[$id_field]] = $data;
    609. 

  609.                 } else {
    610. 

  610.                     $return[] = $data;
    611. 

  611.                 }
    612. 

  612.             }
    613. 

  613.         }
    614. 

  614.         return $return;
    615. 

  615.     }
    616. 

  616. 

  617.     function changeProfileField($username, $field, $value) {
    618. 

  618.         $username = basename($username);
    619. 

  619.         if (!($userdata = $this->getUserData($username)))
    620. 

  620.             return false;
    621. 

  621.         $userdata[$field] = $value;
    622. 

  622.         if (!file_write_contents(USERS_PATH . $username, serialize($userdata)))
    623. 

  623.             return false;
    624. 

  624.         return true;
    625. 

  625.     }
    626. 

  626. 

  627.     function deleteUser($username) {
    628. 

  628.         $username = basename($username);
    629. 

  629.         if (!rcms_delete_files(USERS_PATH . $username))
    630. 

  630.             return false;
    631. 

  631.         user_remove_from_cache($username, $cache);
    632. 

  632.         return true;
    633. 

  633.     }
    634. 

  634. 

  635.     function createLink($user, $nick, $target = '') {
    636. 

  636.         if (!empty($target))
    637. 

  637.             $target = ' target="' . $target . '"';
    638. 

  638.         if ($user != 'guest') {
    639. 

  639.             return '<a href="' . RCMS_ROOT_PATH . '?module=user.list&amp;user=' . $user . '"' . $target . '>' . strip_tags($nick) . '</a>';
    640. 

  640.         } elseif (!empty($nick)) {
    641. 

  641.             return $nick;
    642. 

  642.         } else {
    643. 

  643.             return __('Guest');
    644. 

  644.         }
    645. 

  645.     }
    646. 

  646. }
    647. 

  647.