0byt3m1n1
Path:
/
data
/
applications
/
aps.bak
/
b2evolution
/
2.4.1-2
/
standard
/
htdocs
/
inc
/
users
/
model
/
[
Home
]
File: _user.funcs.php
<?php /** * This file implements login/logout handling functions. * * This file is part of the evoCore framework - {@link http://evocore.net/} * See also {@link http://sourceforge.net/projects/evocms/}. * * @copyright (c)2003-2008 by Francois PLANQUE - {@link http://fplanque.net/} * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}. * * {@internal License choice * - If you have received this file as part of a package, please find the license.txt file in * the same folder or the closest folder above for complete license terms. * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/) * then you must choose one of the following licenses before using the file: * - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php * - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php * }} * * {@internal Open Source relicensing agreement: * Daniel HAHLER grants Francois PLANQUE the right to license * Daniel HAHLER's contributions to this file and the b2evolution project * under any OSI approved OSS license (http://www.opensource.org/licenses/). * }} * * @package evocore * * {@internal Below is a list of authors who have contributed to design/coding of this file: }} * @author cafelog (team) * @author blueyed: Daniel HAHLER. * @author fplanque: Francois PLANQUE. * @author jeffbearer: Jeff BEARER - {@link http://www.jeffbearer.com/}. * @author jupiterx: Jordan RUNNING. * * @version $Id: _user.funcs.php,v 1.7 2008/01/21 09:35:36 fplanque Exp $ */ if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' ); load_class('users/model/_group.class.php'); load_class('users/model/_user.class.php'); /** * Log the user out */ function logout() { global $current_User, $Session, $Plugins; $Plugins->trigger_event( 'Logout', array( 'User' => $current_User ) ); // Reset all global variables // Note: unset is bugguy on globals $current_User = NULL; // NULL, as we do isset() on it in several places! $Session->logout(); } /** * is_logged_in(-) */ function is_logged_in() { global $generating_static, $current_User; if( isset($generating_static) ) { // When generating static page, we should always consider we are not logged in. return false; } return is_object( $current_User ) && !empty( $current_User->ID ); } /** * Check if a password is ok for a login. * * @param string login * @param string password * @param boolean Is the password parameter already MD5()'ed? * @return boolean */ function user_pass_ok( $login, $pass, $pass_is_md5 = false ) { $UserCache = & get_Cache( 'UserCache' ); $User = & $UserCache->get_by_login( $login ); if( !$User ) { return false; } // echo 'got data for: ', $User->login; return $User->check_password( $pass, $pass_is_md5 ); } /** * Template tag: Output link to login */ function user_login_link( $before = '', $after = '', $link_text = '', $link_title = '#' ) { if( is_logged_in() ) return false; if( $link_text == '' ) $link_text = T_('Log in'); if( $link_title == '#' ) $link_title = T_('Log in if you have an account...'); $r = $before; $r .= '<a href="'.get_login_url().'" title="'.$link_title.'">'; $r .= $link_text; $r .= '</a>'; $r .= $after; echo $r; } /** * Get url to login * * @return string */ function get_login_url() { global $htsrv_url_sensitive, $edited_Blog, $generating_static; if( !isset($generating_static) ) { // We are not generating a static page here: $redirect = regenerate_url( '', '', '', '&' ); } elseif( isset($edited_Blog) ) // fp> this is a shady test!! :/ { // We are generating a static page $redirect = $edited_Blog->get('url'); // was dynurl } else { // We are in a weird situation $redirect = ''; } if( ! empty($redirect) ) { $redirect = '?redirect_to='.rawurlencode( url_rel_to_same_host( $redirect, $htsrv_url_sensitive ) ); } return $htsrv_url_sensitive.'login.php'.$redirect; } /** * Template tag: Output a link to new user registration * @param string * @param string * @param string * @param boolean Display the link, if the user is already logged in? (this is used by the login form) */ function user_register_link( $before = '', $after = '', $link_text = '', $link_title = '#', $disp_when_logged_in = false ) { echo get_user_register_link( $before, $after, $link_text, $link_title, $disp_when_logged_in ); } /** * Template tag: Get a link to new user registration * @param string * @param string * @param string * @param boolean Display the link, if the user is already logged in? (this is used by the login form) * @param string Where to redirect * @return string */ function get_user_register_link( $before = '', $after = '', $link_text = '', $link_title = '#', $disp_when_logged_in = false, $redirect = null ) { global $htsrv_url_sensitive, $Settings, $edited_Blog, $generating_static; if( is_logged_in() && ! $disp_when_logged_in ) { // Do not display, when already logged in: return false; } if( ! $Settings->get('newusers_canregister')) { // We won't let him register return false; } if( $link_text == '' ) $link_text = T_('Register...'); if( $link_title == '#' ) $link_title = T_('Register to open an account...'); if( ! isset($redirect) ) { if( !isset($generating_static) ) { // We are not generating a static page here: $redirect = regenerate_url( '', '', '', '&' ); } elseif( isset($edited_Blog) ) { // We are generating a static page $redirect = $edited_Blog->get('url'); // was dynurl } else { // We are in a weird situation $redirect = ''; } } if( ! empty($redirect) ) { $redirect = '?redirect_to='.rawurlencode( url_rel_to_same_host( $redirect, $htsrv_url_sensitive ) ); } $r = $before; $r .= '<a href="'.$htsrv_url_sensitive.'register.php'.$redirect.'" title="'.$link_title.'">'; $r .= $link_text; $r .= '</a>'; $r .= $after; return $r; } /** * Template tag: Output a link to logout */ function user_logout_link( $before = '', $after = '', $link_text = '', $link_title = '#', $params = array() ) { echo get_user_logout_link( $before, $after, $link_text, $link_title, $params ); } /** * Template tag: Get a link to logout * * @param string * @param string * @param string link text can include %s for current user login * @return string */ function get_user_logout_link( $before = '', $after = '', $link_text = '', $link_title = '#', $params = array() ) { global $admin_url, $baseurl, $htsrv_url_sensitive, $current_User, $is_admin_page, $Blog; if( ! is_logged_in() ) { return false; } if( $link_text == '' ) $link_text = T_('Logout'); if( $link_title == '#' ) $link_title = T_('Logout from your account'); if( $is_admin_page ) { if( isset( $Blog ) ) { // Go to the home page of the blog that was being edited: $redirect_to = $Blog->get( 'url' ); } else { // We were not editing a blog... // return to global home: $redirect_to = url_rel_to_same_host( $baseurl, $htsrv_url_sensitive); // Alternative: return to the login page (fp> a basic user would be pretty lost on that login page) // $redirect_to = url_rel_to_same_host($admin_url, $htsrv_url_sensitive); } } else { // Return to current blog page: $redirect_to = url_rel_to_same_host(regenerate_url('','','','&'), $htsrv_url_sensitive); } $r = $before; $r .= '<a href="'.$htsrv_url_sensitive.'login.php?action=logout&redirect_to='.rawurlencode($redirect_to).'"'; $r .= get_field_attribs_as_string( $params, false ); $r .= ' title="'.$link_title.'">'; $r .= sprintf( $link_text, $current_User->login ); $r .= '</a>'; $r .= $after; return $r; } /** * Template tag: Output a link to the backoffice. * * Usually provided in skins in order for newbies to find the admin interface more easily... * * @param string To be displayed before the link. * @param string To be displayed after the link. * @param string The page/controller to link to inside of {@link $admin_url} * @param string Text for the link. * @param string Title for the link. */ function user_admin_link( $before = '', $after = '', $link_text = '', $link_title = '#', $not_visible = '' ) { echo get_user_admin_link( $before, $after, $link_text, $link_title, $not_visible ); } /** * Template tag: Get a link to the backoffice. * * Usually provided in skins in order for newbies to find the admin interface more easily... * * @param string To be displayed before the link. * @param string To be displayed after the link. * @param string The page/controller to link to inside of {@link $admin_url} * @param string Text for the link. * @param string Title for the link. * @return string */ function get_user_admin_link( $before = '', $after = '', $link_text = '', $link_title = '#', $not_visible = '' ) { global $admin_url, $blog, $current_User; if( is_logged_in() && ! $current_User->check_perm( 'admin', 'visible' ) ) { // If user should NOT see admin link: return $not_visible; } if( $link_text == '' ) $link_text = T_('Admin'); if( $link_title == '#' ) $link_title = T_('Go to the back-office...'); // add the blog param to $page if it is not already in there if( !empty( $blog ) ) { $url = url_add_param( $admin_url, 'blog='.$blog ); } else { $url = $admin_url; } $r = $before; $r .= '<a href="'.$url.'" title="'.$link_title.'">'; $r .= $link_text; $r .= '</a>'; $r .= $after; return $r; } /** * Template tag: Display a link to user profile */ function user_profile_link( $before = '', $after = '', $link_text = '', $link_title = '#' ) { echo get_user_profile_link( $before, $after, $link_text, $link_title ); } /** * Template tag: Get a link to user profile * * @return string|false */ function get_user_profile_link( $before = '', $after = '', $link_text = '', $link_title = '#' ) { global $current_User, $Blog, $is_admin_page, $admin_url; if( ! is_logged_in() ) { return false; } if( $link_text == '' ) { $link_text = T_('Profile'); } else { $link_text = str_replace( '%s', $current_User->login, $link_text ); } if( $link_title == '#' ) $link_title = T_('Edit your profile'); if( $is_admin_page || empty( $Blog ) ) { $url = $admin_url.'?ctrl=users&user_ID='.$current_User->ID; } else { $url = url_add_param( $Blog->gen_blogurl(), 'disp=profile&redirect_to='.rawurlencode( url_rel_to_same_host(regenerate_url('','','','&'), $Blog->gen_blogurl()) ) ); } $r = $before .'<a href="'.$url.'" title="'.$link_title.'">' .sprintf( $link_text, $current_User->login ) .'</a>' .$after; return $r; } /** * Template tag: Provide a link to subscription screen */ function user_subs_link( $before = '', $after = '', $link_text = '', $link_title = '#' ) { global $current_User, $Blog, $is_admin_page; if( ! is_logged_in() || $is_admin_page ) { return false; } if( empty( $Blog ) || ! $Blog->get_setting( 'allow_subscriptions' ) ) { return false; } if( $link_text == '' ) $link_text = T_('Subscribe'); if( $link_title == '#' ) $link_title = T_('Subscribe to email notifications'); echo $before; echo '<a href="'.url_add_param( $Blog->gen_blogurl(), 'disp=subs&redirect_to='.rawurlencode( url_rel_to_same_host(regenerate_url('','','','&'), $Blog->gen_blogurl())) ) .'" title="', $link_title, '">'; printf( $link_text, $current_User->login ); echo '</a>'; echo $after; } /** * Template tag: Display the user's preferred name * * Used in result lists. * * @param integer user ID */ function user_preferredname( $user_ID ) { $UserCache = & get_Cache( 'UserCache' ); if( !empty( $user_ID ) && ($User = & $UserCache->get_by_ID( $user_ID )) ) { $User->disp('preferredname'); } } /** * Check profile parameters and add errors through {@link param_error()}. * * @param array associative array. * Either array( $value, $input_name ) or just $value; * ($input_name gets used for associating it to a form fieldname) * - 'login': check for non-empty * - 'nickname': check for non-empty * - 'icq': must be a number * - 'email': mandatory, must be well formed * - 'url': must be well formed, in allowed scheme, not blacklisted * - 'pass1' / 'pass2': passwords (twice), must be the same and not == login (if given) * - 'pass_required': false/true (default is true) * @param User|NULL A user to use for additional checks (password != login/nick). */ function profile_check_params( $params, $User = NULL ) { global $Messages, $Settings; foreach( $params as $k => $v ) { // normalize params: if( $k != 'pass_required' && ! is_array($v) ) { $params[$k] = array($v, $k); } } // checking login has been typed: if( isset($params['login']) && empty($params['login'][0]) ) { param_error( 'login', T_('Please enter a login.') ); } // checking the nickname has been typed if( isset($params['nickname']) && empty($params['nickname'][0]) ) { param_error($params['nickname'][1], T_('Please enter a nickname (can be the same as your login).') ); } // if the ICQ UIN has been entered, check to see if it has only numbers if( !empty($params['icq'][0]) ) { if( !preg_match( '#^[0-9]+$#', $params['icq'][0]) ) { param_error( $params['icq'][1], T_('The ICQ UIN can only be a number, no letters allowed.') ); } } // checking e-mail address if( isset($params['email'][0]) ) { if( empty($params['email'][0]) ) { param_error( $params['email'][1], T_('Please enter an e-mail address.') ); } elseif( !is_email($params['email'][0]) ) { param_error( $params['email'][1], T_('The email address is invalid.') ); } } // Checking URL: if( isset($params['url']) ) { if( $error = validate_url( $params['url'][0], 'commenting' ) ) { param_error( $params['url'][1], T_('Supplied URL is invalid: ').$error ); } } // Check passwords: $pass_required = isset( $params['pass_required'] ) ? $params['pass_required'] : true; if( isset($params['pass1'][0]) && isset($params['pass2'][0]) ) { if( $pass_required || !empty($params['pass1'][0]) || !empty($params['pass2'][0]) ) { // Password is required or was given // checking the password has been typed twice if( empty($params['pass1'][0]) || empty($params['pass2'][0]) ) { param_error( $params['pass2'][1], T_('Please enter your password twice.') ); } // checking the password has been typed twice the same: if( $params['pass1'][0] !== $params['pass2'][0] ) { param_error( $params['pass1'][1], T_('You typed two different passwords.') ); } elseif( strlen($params['pass1'][0]) < $Settings->get('user_minpwdlen') ) { param_error( $params['pass1'][1], sprintf( T_('The minimum password length is %d characters.'), $Settings->get('user_minpwdlen')) ); } elseif( isset($User) && $params['pass1'][0] == $User->get('login') ) { param_error( $params['pass1'][1], T_('The password must be different from your login.') ); } elseif( isset($User) && $params['pass1'][0] == $User->get('nickname') ) { param_error( $params['pass1'][1], T_('The password must be different from your nickname.') ); } } } } ?>