API tools faq
paste
Guest User

Untitled

a guest
Jul 5th, 2018
98
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 15.61 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3.  * @version     $Id: controller.php 16385 2010-04-23 10:44:15Z ian $
  4.  * @package     Joomla
  5.  * @subpackage  Content
  6.  * @copyright   Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
  7.  * @license     GNU/GPL, see LICENSE.php
  8.  * Joomla! is free software. This version may have been modified pursuant to the
  9.  * GNU General Public License, and as distributed it includes or is derivative
  10.  * of works licensed under the GNU General Public License or other free or open
  11.  * source software licenses. See COPYRIGHT.php for copyright notices and
  12.  * details.
  13.  */
  14.  
  15. // Check to ensure this file is included in Joomla!
  16. defined('_JEXEC') or die( 'Restricted access' );
  17.  
  18. jimport('joomla.application.component.controller');
  19.  
  20. /**
  21.  * User Component Controller
  22.  *
  23.  * @package     Joomla
  24.  * @subpackage  Weblinks
  25.  * @since 1.5
  26.  */
  27. class UserController extends JController
  28. {
  29.     /**
  30.      * Method to display a view
  31.      *
  32.      * @access  public
  33.      * @since   1.5
  34.      */
  35.     function display()
  36.     {
  37.         parent::display();
  38.     }
  39.  
  40.     function edit()
  41.     {
  42.         global $mainframe, $option;
  43.  
  44.         $db     =& JFactory::getDBO();
  45.         $user   =& JFactory::getUser();
  46.  
  47.         if ( $user->get('guest')) {
  48.             JError::raiseError( 403, JText::_('Access Forbidden') );
  49.             return;
  50.         }
  51.  
  52.         JRequest::setVar('layout', 'form');
  53.  
  54.         parent::display();
  55.     }
  56.  
  57.     function save()
  58.     {
  59.         // Check for request forgeries
  60.         JRequest::checkToken() or jexit( 'Invalid Token' );
  61.  
  62.         $user    =& JFactory::getUser();
  63.         $userid = JRequest::getVar( 'id', 0, 'post', 'int' );
  64.  
  65.         // preform security checks
  66.         if ($user->get('id') == 0 || $userid == 0 || $userid <> $user->get('id')) {
  67.             JError::raiseError( 403, JText::_('Access Forbidden') );
  68.             return;
  69.         }
  70.  
  71.         //clean request
  72.         $post = JRequest::get( 'post' );
  73.        
  74.        
  75.         $post['username']   = JRequest::getVar('username', '', 'post', 'username');
  76.         $post['password']   = JRequest::getVar('password', '', 'post', 'string', JREQUEST_ALLOWRAW);
  77.         $post['password2']  = JRequest::getVar('password2', '', 'post', 'string', JREQUEST_ALLOWRAW);
  78.  
  79.             if ( $post['who'] == 1)          
  80.           {
  81.        
  82.             $post['orgpravo']=  null;
  83.             unset($post['name_company']);
  84.             unset($post['shpere']);
  85.             unset($post['street']);
  86.             unset($post['dom']);
  87.             unset($post['korp']);
  88.            
  89.                
  90.           }
  91.           else if ($post['who']== 2) {
  92.          
  93.          
  94.          
  95.          
  96.           }
  97.    
  98.         // get the redirect
  99.         $return = JURI::base();
  100.        
  101.         // do a password safety check
  102.         if(strlen($post['password']) || strlen($post['password2'])) { // so that "0" can be used as password e.g.
  103.             if($post['password'] != $post['password2']) {
  104.                 $msg    = JText::_('PASSWORDS_DO_NOT_MATCH');
  105.                 // something is wrong. we are redirecting back to edit form.
  106.                 // TODO: HTTP_REFERER should be replaced with a base64 encoded form field in a later release
  107.                 $return = str_replace(array('"', '<', '>', "'"), '', @$_SERVER['HTTP_REFERER']);
  108.                 if (empty($return) || !JURI::isInternal($return)) {
  109.                     $return = JURI::base();
  110.                 }
  111.                 $this->setRedirect($return, $msg, 'error');
  112.                 return false;
  113.             }
  114.         }
  115.        
  116.                
  117.  
  118.            
  119.        
  120.        
  121.  
  122.         // we don't want users to edit certain fields so we will unset them
  123.         unset($post['gid']);
  124.         unset($post['block']);
  125.         unset($post['usertype']);
  126.         unset($post['registerDate']);
  127.         unset($post['activation']);
  128.  
  129.         // store data
  130.         $model = $this->getModel('user');
  131.  
  132.         if ($model->store($post)) {
  133.             $msg    = JText::_( 'Your settings have been saved.' );
  134.         } else {
  135.             //$msg  = JText::_( 'Error saving your settings.' );
  136.             $msg    = $model->getError();
  137.         }
  138.  
  139.        
  140.         $this->setRedirect( $return, $msg );
  141.     }
  142.  
  143.     function cancel()
  144.     {
  145.         $this->setRedirect( 'index.php' );
  146.     }
  147.  
  148.     function login()
  149.     {
  150.         // Check for request forgeries
  151.         JRequest::checkToken('request') or jexit( 'Invalid Token' );
  152.  
  153.         global $mainframe;
  154.  
  155.         if ($return = JRequest::getVar('return', '', 'method', 'base64')) {
  156.             $return = base64_decode($return);
  157.             if (!JURI::isInternal($return)) {
  158.                 $return = '';
  159.             }
  160.         }
  161.  
  162.         $options = array();
  163.         $options['remember'] = JRequest::getBool('remember', false);
  164.         $options['return'] = $return;
  165.  
  166.         $credentials = array();
  167.         $credentials['username'] = JRequest::getVar('username', '', 'method', 'username');
  168.         $credentials['password'] = JRequest::getString('passwd', '', 'post', JREQUEST_ALLOWRAW);
  169.  
  170.         //preform the login action
  171.         $error = $mainframe->login($credentials, $options);
  172.  
  173.         if(!JError::isError($error))
  174.         {
  175.             // Redirect if the return url is not registration or login
  176.             if ( ! $return ) {
  177.                 $return = 'index.php?option=com_user';
  178.             }
  179.  
  180.             $mainframe->redirect( $return );
  181.         }
  182.         else
  183.         {
  184.             // Facilitate third party login forms
  185.             if ( ! $return ) {
  186.                 $return = 'index.php?option=com_user&view=login';
  187.             }
  188.  
  189.             // Redirect to a login form
  190.             $mainframe->redirect( $return );
  191.         }
  192.     }
  193.  
  194.     function logout()
  195.     {
  196.         global $mainframe;
  197.  
  198.         //preform the logout action
  199.         $error = $mainframe->logout();
  200.  
  201.         if(!JError::isError($error))
  202.         {
  203.             if ($return = JRequest::getVar('return', '', 'method', 'base64')) {
  204.                 $return = base64_decode($return);
  205.                 if (!JURI::isInternal($return)) {
  206.                     $return = '';
  207.                 }
  208.             }
  209.  
  210.             // Redirect if the return url is not registration or login
  211.             if ( $return && !( strpos( $return, 'com_user' )) ) {
  212.                 $mainframe->redirect( $return );
  213.             }
  214.         } else {
  215.             parent::display();
  216.         }
  217.     }
  218.  
  219.     /**
  220.      * Prepares the registration form
  221.      * @return void
  222.      */
  223.     function register()
  224.     {
  225.         $usersConfig = &JComponentHelper::getParams( 'com_users' );
  226.         if (!$usersConfig->get( 'allowUserRegistration' )) {
  227.             JError::raiseError( 403, JText::_( 'Access Forbidden' ));
  228.             return;
  229.         }
  230.  
  231.         $user   =& JFactory::getUser();
  232.  
  233.         if ( $user->get('guest')) {
  234.             JRequest::setVar('view', 'register');
  235.         } else {
  236.             $this->setredirect('index.php?option=com_user&task=edit',JText::_('You are already registered.'));
  237.         }
  238.  
  239.         parent::display();
  240.     }
  241.  
  242.     /**
  243.      * Save user registration and notify users and admins if required
  244.      * @return void
  245.      */
  246.     function register_save()
  247.     {
  248.         global $mainframe;
  249.  
  250.         // Check for request forgeries
  251.         JRequest::checkToken() or jexit( 'Invalid Token' );
  252.  
  253.         // Get required system objects
  254.         $user       = clone(JFactory::getUser());
  255.         $pathway    =& $mainframe->getPathway();
  256.         $config     =& JFactory::getConfig();
  257.         $authorize  =& JFactory::getACL();
  258.         $document   =& JFactory::getDocument();
  259.  
  260.         // If user registration is not allowed, show 403 not authorized.
  261.         $usersConfig = &JComponentHelper::getParams( 'com_users' );
  262.         if ($usersConfig->get('allowUserRegistration') == '0') {
  263.             JError::raiseError( 403, JText::_( 'Access Forbidden' ));
  264.             return;
  265.         }
  266.  
  267.         // Initialize new usertype setting
  268.         $newUsertype = $usersConfig->get( 'new_usertype' );
  269.         if (!$newUsertype) {
  270.             $newUsertype = 'Registered';
  271.         }
  272.  
  273.         // Bind the post array to the user object
  274.         if (!$user->bind( JRequest::get('post'), 'usertype' )) {
  275.             JError::raiseError( 500, $user->getError());
  276.         }
  277.  
  278.         // Set some initial user values
  279.         $user->set('id', 0);
  280.         $user->set('usertype', $newUsertype);
  281.         $user->set('gid', $authorize->get_group_id( '', $newUsertype, 'ARO' ));
  282.  
  283.         $date =& JFactory::getDate();
  284.         $user->set('registerDate', $date->toMySQL());
  285.  
  286.         // If user activation is turned on, we need to set the activation information
  287.         $useractivation = $usersConfig->get( 'useractivation' );
  288.         if ($useractivation == '1')
  289.         {
  290.             jimport('joomla.user.helper');
  291.             $user->set('activation', JUtility::getHash( JUserHelper::genRandomPassword()) );
  292.             $user->set('block', '1');
  293.         }
  294.  
  295.         // If there was an error with registration, set the message and display form
  296.         if ( !$user->save() )
  297.         {
  298.             JError::raiseWarning('', JText::_( $user->getError()));
  299.             $this->register();
  300.             return false;
  301.         }
  302.  
  303.         // Send registration confirmation mail
  304.         $password = JRequest::getString('password', '', 'post', JREQUEST_ALLOWRAW);
  305.         $password = preg_replace('/[\x00-\x1F\x7F]/', '', $password); //Disallow control chars in the email
  306.         UserController::_sendMail($user, $password);
  307.        
  308.        
  309.    
  310.        
  311.        
  312.  
  313.         // Everything went fine, set relevant message depending upon user activation state and display message
  314.         if ( $useractivation == 1 ) {
  315.             $message  = JText::_( 'REG_COMPLETE_ACTIVATE' );
  316.         } else {
  317.             $message = JText::_( 'REG_COMPLETE' );
  318.         }
  319.  
  320.         $this->setRedirect('index.php', $message);
  321.     }
  322.  
  323.     function activate()
  324.     {
  325.         global $mainframe;
  326.  
  327.         // Initialize some variables
  328.         $db         =& JFactory::getDBO();
  329.         $user       =& JFactory::getUser();
  330.         $document   =& JFactory::getDocument();
  331.         $pathway    =& $mainframe->getPathWay();
  332.  
  333.         $usersConfig = &JComponentHelper::getParams( 'com_users' );
  334.         $userActivation         = $usersConfig->get('useractivation');
  335.         $allowUserRegistration  = $usersConfig->get('allowUserRegistration');
  336.  
  337.         // Check to see if they're logged in, because they don't need activating!
  338.         if ($user->get('id')) {
  339.             // They're already logged in, so redirect them to the home page
  340.             $mainframe->redirect( 'index.php' );
  341.         }
  342.  
  343.         if ($allowUserRegistration == '0' || $userActivation == '0') {
  344.             JError::raiseError( 403, JText::_( 'Access Forbidden' ));
  345.             return;
  346.         }
  347.  
  348.         // create the view
  349.         require_once (JPATH_COMPONENT.DS.'views'.DS.'register'.DS.'view.html.php');
  350.         $view = new UserViewRegister();
  351.  
  352.         $message = new stdClass();
  353.  
  354.         // Do we even have an activation string?
  355.         $activation = JRequest::getVar('activation', '', '', 'alnum' );
  356.         $activation = $db->getEscaped( $activation );
  357.  
  358.         if (empty( $activation ))
  359.         {
  360.             // Page Title
  361.             $document->setTitle( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ) );
  362.             // Breadcrumb
  363.             $pathway->addItem( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ));
  364.  
  365.             $message->title = JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' );
  366.             $message->text = JText::_( 'REG_ACTIVATE_NOT_FOUND' );
  367.             $view->assign('message', $message);
  368.             $view->display('message');
  369.             return;
  370.         }
  371.  
  372.         // Lets activate this user
  373.         jimport('joomla.user.helper');
  374.         if (JUserHelper::activateUser($activation))
  375.         {
  376.             // Page Title
  377.             $document->setTitle( JText::_( 'REG_ACTIVATE_COMPLETE_TITLE' ) );
  378.             // Breadcrumb
  379.             $pathway->addItem( JText::_( 'REG_ACTIVATE_COMPLETE_TITLE' ));
  380.  
  381.             $message->title = JText::_( 'REG_ACTIVATE_COMPLETE_TITLE' );
  382.             $message->text = JText::_( 'REG_ACTIVATE_COMPLETE' );
  383.         }
  384.         else
  385.         {
  386.             // Page Title
  387.             $document->setTitle( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ) );
  388.             // Breadcrumb
  389.             $pathway->addItem( JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' ));
  390.  
  391.             $message->title = JText::_( 'REG_ACTIVATE_NOT_FOUND_TITLE' );
  392.             $message->text = JText::_( 'REG_ACTIVATE_NOT_FOUND' );
  393.         }
  394.  
  395.         $view->assign('message', $message);
  396.         $view->display('message');
  397.     }
  398.  
  399.     /**
  400.      * Password Reset Request Method
  401.      *
  402.      * @access  public
  403.      */
  404.     function requestreset()
  405.     {
  406.         // Check for request forgeries
  407.         JRequest::checkToken() or jexit( 'Invalid Token' );
  408.  
  409.         // Get the input
  410.         $email      = JRequest::getVar('email', null, 'post', 'string');
  411.  
  412.         // Get the model
  413.         $model = &$this->getModel('Reset');
  414.  
  415.         // Request a reset
  416.         if ($model->requestReset($email) === false)
  417.         {
  418.             $message = JText::sprintf('PASSWORD_RESET_REQUEST_FAILED', $model->getError());
  419.             $this->setRedirect('index.php?option=com_user&view=reset', $message);
  420.             return false;
  421.         }
  422.  
  423.         $this->setRedirect('index.php?option=com_user&view=reset&layout=confirm');
  424.     }
  425.  
  426.     /**
  427.      * Password Reset Confirmation Method
  428.      *
  429.      * @access  public
  430.      */
  431.     function confirmreset()
  432.     {
  433.         // Check for request forgeries
  434.         JRequest::checkToken() or jexit( 'Invalid Token' );
  435.  
  436.         // Get the input
  437.         $token = JRequest::getVar('token', null, 'post', 'alnum');
  438.         $username = JRequest::getVar('username', null, 'post');
  439.  
  440.         // Get the model
  441.         $model = &$this->getModel('Reset');
  442.  
  443.         // Verify the token
  444.         if ($model->confirmReset($token, $username) !== true)
  445.         {
  446.             $message = JText::sprintf('PASSWORD_RESET_CONFIRMATION_FAILED', $model->getError());
  447.             $this->setRedirect('index.php?option=com_user&view=reset&layout=confirm', $message);
  448.             return false;
  449.         }
  450.         $this->setRedirect('index.php?option=com_user&view=reset&layout=complete');
  451.     }
  452.  
  453.     /**
  454.      * Password Reset Completion Method
  455.      *
  456.      * @access  public
  457.      */
  458.     function completereset()
  459.     {
  460.         // Check for request forgeries
  461.         JRequest::checkToken() or jexit( 'Invalid Token' );
  462.  
  463.         // Get the input
  464.         $password1 = JRequest::getVar('password1', null, 'post', 'string', JREQUEST_ALLOWRAW);
  465.         $password2 = JRequest::getVar('password2', null, 'post', 'string', JREQUEST_ALLOWRAW);
  466.  
  467.         // Get the model
  468.         $model = &$this->getModel('Reset');
  469.  
  470.         // Reset the password
  471.         if ($model->completeReset($password1, $password2) === false)
  472.         {
  473.             $message = JText::sprintf('PASSWORD_RESET_FAILED', $model->getError());
  474.             $this->setRedirect('index.php?option=com_user&view=reset&layout=complete', $message);
  475.             return false;
  476.         }
  477.  
  478.         $message = JText::_('PASSWORD_RESET_SUCCESS');
  479.         $this->setRedirect('index.php?option=com_user&view=login', $message);
  480.     }
  481.  
  482.     /**
  483.      * Username Reminder Method
  484.      *
  485.      * @access  public
  486.      */
  487.     function remindusername()
  488.     {
  489.         // Check for request forgeries
  490.         JRequest::checkToken() or jexit( 'Invalid Token' );
  491.  
  492.         // Get the input
  493.         $email = JRequest::getVar('email', null, 'post', 'string');
  494.  
  495.         // Get the model
  496.         $model = &$this->getModel('Remind');
  497.  
  498.         // Send the reminder
  499.         if ($model->remindUsername($email) === false)
  500.         {
  501.             $message = JText::sprintf('USERNAME_REMINDER_FAILED', $model->getError());
  502.             $this->setRedirect('index.php?option=com_user&view=remind', $message);
  503.             return false;
  504.         }
  505.  
  506.         $message = JText::sprintf('USERNAME_REMINDER_SUCCESS', $email);
  507.         $this->setRedirect('index.php?option=com_user&view=login', $message);
  508.     }
  509.  
  510.     function _sendMail(&$user, $password)
  511.     {
  512.         global $mainframe;
  513.  
  514.         $db     =& JFactory::getDBO();
  515.  
  516.         $name       = $user->get('name');
  517.         $email      = $user->get('email');
  518.         $username   = $user->get('username');
  519.  
  520.         $usersConfig    = &JComponentHelper::getParams( 'com_users' );
  521.         $sitename       = $mainframe->getCfg( 'sitename' );
  522.         $useractivation = $usersConfig->get( 'useractivation' );
  523.         $mailfrom       = $mainframe->getCfg( 'mailfrom' );
  524.         $fromname       = $mainframe->getCfg( 'fromname' );
  525.         $siteURL        = JURI::base();
  526.  
  527.         $subject    = sprintf ( JText::_( 'Account details for' ), $name, $sitename);
  528.         $subject    = html_entity_decode($subject, ENT_QUOTES);
  529.  
  530.         if ( $useractivation == 1 ){
  531.             $message = sprintf ( JText::_( 'SEND_MSG_ACTIVATE' ), $name, $sitename, $siteURL."index.php?option=com_user&task=activate&activation=".$user->get('activation'), $siteURL, $username, $password);
  532.         } else {
  533.             $message = sprintf ( JText::_( 'SEND_MSG' ), $name, $sitename, $siteURL);
  534.         }
  535.  
  536.         $message = html_entity_decode($message, ENT_QUOTES);
  537.  
  538.         //get all super administrator
  539.         $query = 'SELECT name, email, sendEmail' .
  540.                 ' FROM #__users' .
  541.                 ' WHERE LOWER( usertype ) = "super administrator"';
  542.         $db->setQuery( $query );
  543.         $rows = $db->loadObjectList();
  544.  
  545.         // Send email to user
  546.         if ( ! $mailfrom  || ! $fromname ) {
  547.             $fromname = $rows[0]->name;
  548.             $mailfrom = $rows[0]->email;
  549.         }
  550.  
  551.         JUtility::sendMail($mailfrom, $fromname, $email, $subject, $message);
  552.  
  553.         // Send notification to all administrators
  554.         $subject2 = sprintf ( JText::_( 'Account details for' ), $name, $sitename);
  555.         $subject2 = html_entity_decode($subject2, ENT_QUOTES);
  556.  
  557.         // get superadministrators id
  558.         foreach ( $rows as $row )
  559.         {
  560.             if ($row->sendEmail)
  561.             {
  562.                 $message2 = sprintf ( JText::_( 'SEND_MSG_ADMIN' ), $row->name, $sitename, $name, $email, $username);
  563.                 $message2 = html_entity_decode($message2, ENT_QUOTES);
  564.                 JUtility::sendMail($mailfrom, $fromname, $row->email, $subject2, $message2);
  565.             }
  566.         }
  567.     }
  568.  
  569.    
  570.     }
  571. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!