diff options
-rw-r--r-- | engine/lib/access.php | 6 | ||||
-rw-r--r-- | engine/lib/admin.php | 19 | ||||
-rw-r--r-- | engine/lib/entities.php | 15 | ||||
-rw-r--r-- | engine/lib/users.php | 603 |
4 files changed, 324 insertions, 319 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php index c3f5b7f0a..0942c2e61 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -142,7 +142,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { } } - $ignore_access = elgg_is_ignore_access($user_id); + $ignore_access = elgg_check_access_overrides($user_id); if ($ignore_access == true) { $tmp_access_array[] = ACCESS_PRIVATE; @@ -799,7 +799,7 @@ function elgg_get_ignore_access() { * * @return bool */ -function elgg_is_ignore_access($user_guid = null) { +function elgg_check_access_overrides($user_guid = null) { if (!$user_guid || $user_guid <= 0) { $is_admin = false; } else { @@ -837,4 +837,4 @@ function access_init() { } // This function will let us know when 'init' has finished -register_elgg_event_handler('init','system','access_init',9999);
\ No newline at end of file +register_elgg_event_handler('init', 'system', 'access_init', 9999);
\ No newline at end of file diff --git a/engine/lib/admin.php b/engine/lib/admin.php index c598295be..1ba971347 100644 --- a/engine/lib/admin.php +++ b/engine/lib/admin.php @@ -111,13 +111,12 @@ function admin_settings_page_handler($page) { * @return true|null True if the current user is an admin. */ function admin_permissions($hook, $type, $returnval, $params) { - if (is_array($params) && !empty($params['user']) && $params['user'] instanceof ElggUser) { - - $admin = $params['user']->admin; - if ($admin) { - return true; - } + if (elgg_check_access_overrides()) { + return true; } + + // consult other hooks + return NULL; } /** @@ -164,9 +163,9 @@ function clear_admin_message($guid) { } /// Register init functions -register_elgg_event_handler('init','system','admin_init'); -register_elgg_event_handler('pagesetup','system','admin_pagesetup'); +register_elgg_event_handler('init', 'system', 'admin_init'); +register_elgg_event_handler('pagesetup', 'system', 'admin_pagesetup'); // Register a plugin hook for permissions -register_plugin_hook('permissions_check','all','admin_permissions'); -register_plugin_hook('container_permissions_check','all','admin_permissions');
\ No newline at end of file +register_plugin_hook('permissions_check', 'all', 'admin_permissions'); +register_plugin_hook('container_permissions_check', 'all', 'admin_permissions');
\ No newline at end of file diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 51d5cac25..211fbc05c 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1951,7 +1951,7 @@ function delete_entity($guid, $recursive = true) { $guid = (int)$guid; if ($entity = get_entity($guid)) { - if (trigger_elgg_event('delete',$entity->type,$entity)) { + if (trigger_elgg_event('delete', $entity->type, $entity)) { if ($entity->canEdit()) { // Delete contained owned and otherwise releated objects (depth first) @@ -2001,8 +2001,9 @@ function delete_entity($guid, $recursive = true) { break; } - if ($sub_table) + if ($sub_table) { delete_data("DELETE from $sub_table where guid={$guid}"); + } } return $res; @@ -2227,11 +2228,14 @@ function can_edit_entity($entity_guid, $user_guid = 0) { $return = true; } if ($container_entity = get_entity($entity->container_guid)) { - if ($container_entity->canEdit()) $return = true; + if ($container_entity->canEdit()) { + $return = true; + } } } - return trigger_plugin_hook('permissions_check', $entity->type,array('entity' => $entity, 'user' => $user), $return); + return trigger_plugin_hook('permissions_check', $entity->type, + array('entity' => $entity, 'user' => $user), $return); } else { return false; @@ -2964,7 +2968,8 @@ function recursive_delete_permissions_check($hook, $entity_type, $returnvalue, $ return true; } - return false; + // consult next function + return NULL; } /** diff --git a/engine/lib/users.php b/engine/lib/users.php index 3a65aac56..6aecdc669 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -3,7 +3,7 @@ /** * Elgg users * Functions to manage multiple or single users in an Elgg install - * + * * @package Elgg * @subpackage Core @@ -14,15 +14,15 @@ /// Map a username to a cached GUID $USERNAME_TO_GUID_MAP_CACHE = array(); - + /// Map a user code to a cached GUID $CODE_TO_GUID_MAP_CACHE = array(); /** * ElggUser - * + * * Representation of a "user" in the system. - * + * * @package Elgg * @subpackage Core */ @@ -30,15 +30,15 @@ implements Friendable { /** - * Initialise the attributes array. + * Initialise the attributes array. * This is vital to distinguish between metadata and base parameters. - * + * * Place your base parameters here. */ protected function initialise_attributes() { parent::initialise_attributes(); - + $this->attributes['type'] = "user"; $this->attributes['name'] = ""; $this->attributes['username'] = ""; @@ -50,87 +50,87 @@ $this->attributes['banned'] = "no"; $this->attributes['tables_split'] = 2; } - + /** * Construct a new user entity, optionally from a given id value. * - * @param mixed $guid If an int, load that GUID. + * @param mixed $guid If an int, load that GUID. * If a db row then will attempt to load the rest of the data. - * @throws Exception if there was a problem creating the user. + * @throws Exception if there was a problem creating the user. */ - function __construct($guid = null) - { + function __construct($guid = null) + { $this->initialise_attributes(); - + if (!empty($guid)) { // Is $guid is a DB row - either a entity row, or a user table row. - if ($guid instanceof stdClass) { + if ($guid instanceof stdClass) { // Load the rest if (!$this->load($guid->guid)) - throw new IOException(sprintf(elgg_echo('IOException:FailedToLoadGUID'), get_class(), $guid->guid)); + throw new IOException(sprintf(elgg_echo('IOException:FailedToLoadGUID'), get_class(), $guid->guid)); } - + // See if this is a username else if (is_string($guid)) - { + { $guid = get_user_by_username($guid); foreach ($guid->attributes as $key => $value) - $this->attributes[$key] = $value; - + $this->attributes[$key] = $value; + } - + // Is $guid is an ElggUser? Use a copy constructor else if ($guid instanceof ElggUser) - { - foreach ($guid->attributes as $key => $value) - $this->attributes[$key] = $value; + { + foreach ($guid->attributes as $key => $value) + $this->attributes[$key] = $value; } - + // Is this is an ElggEntity but not an ElggUser = ERROR! else if ($guid instanceof ElggEntity) throw new InvalidParameterException(elgg_echo('InvalidParameterException:NonElggUser')); - + // We assume if we have got this far, $guid is an int - else if (is_numeric($guid)) { + else if (is_numeric($guid)) { if (!$this->load($guid)) IOException(sprintf(elgg_echo('IOException:FailedToLoadGUID'), get_class(), $guid)); } - + else throw new InvalidParameterException(elgg_echo('InvalidParameterException:UnrecognisedValue')); } } - + /** * Override the load function. * This function will ensure that all data is loaded (were possible), so * if only part of the ElggUser is loaded, it'll load the rest. - * + * * @param int $guid - * @return true|false + * @return true|false */ protected function load($guid) - { + { // Test to see if we have the generic stuff - if (!parent::load($guid)) + if (!parent::load($guid)) return false; // Check the type if ($this->attributes['type']!='user') throw new InvalidClassException(sprintf(elgg_echo('InvalidClassException:NotValidElggStar'), $guid, get_class())); - + // Load missing data $row = get_user_entity_as_row($guid); - if (($row) && (!$this->isFullyLoaded())) $this->attributes['tables_loaded'] ++; // If $row isn't a cached copy then increment the counter - + if (($row) && (!$this->isFullyLoaded())) $this->attributes['tables_loaded'] ++; // If $row isn't a cached copy then increment the counter + // Now put these into the attributes array as core values $objarray = (array) $row; - foreach($objarray as $key => $value) + foreach($objarray as $key => $value) $this->attributes[$key] = $value; - + return true; } - + /** * Saves this user to the database. * @return true|false @@ -140,11 +140,11 @@ // Save generic stuff if (!parent::save()) return false; - + // Now save specific stuff return create_user_entity($this->get('guid'), $this->get('name'), $this->get('username'), $this->get('password'), $this->get('salt'), $this->get('email'), $this->get('language'), $this->get('code')); } - + /** * User specific override of the entity delete method. * @@ -155,30 +155,30 @@ // Delete owned data clear_annotations_by_owner($this->guid); clear_metadata_by_owner($this->guid); - + // Delete entity return parent::delete(); } - + /** * Ban this user. * * @param string $reason Optional reason */ public function ban($reason = "") { return ban_user($this->guid, $reason); } - + /** * Unban this user. */ public function unban() { return unban_user($this->guid); } - + /** * Is this user banned or not? * * @return bool */ public function isBanned() { return $this->banned == 'yes'; } - + /** * Get sites that this user is a member of * @@ -190,7 +190,7 @@ // return get_site_users($this->getGUID(), $subtype, $limit, $offset); return get_user_sites($this->getGUID(), $subtype, $limit, $offset); } - + /** * Add this user to a particular site * @@ -198,10 +198,10 @@ * @return true|false */ function addToSite($site_guid) { - // return add_site_user($this->getGUID(), $site_guid); + // return add_site_user($this->getGUID(), $site_guid); return add_site_user($site_guid, $this->getGUID()); } - + /** * Remove this user from a particular site * @@ -212,7 +212,7 @@ //return remove_site_user($this->getGUID(), $site_guid); return remove_site_user($site_guid, $this->getGUID()); } - + /** * Adds a user to this user's friends list * @@ -220,7 +220,7 @@ * @return true|false Depending on success */ function addFriend($friend_guid) { return user_add_friend($this->getGUID(), $friend_guid); } - + /** * Removes a user from this user's friends list * @@ -228,14 +228,14 @@ * @return true|false Depending on success */ function removeFriend($friend_guid) { return user_remove_friend($this->getGUID(), $friend_guid); } - + /** * Determines whether or not this user is a friend of the currently logged in user * * @return true|false */ function isFriend() { return user_is_friend(get_loggedin_userid(), $this->getGUID()); } - + /** * Determines whether this user is friends with another user * @@ -243,7 +243,7 @@ * @return true|false */ function isFriendsWith($user_guid) { return user_is_friend($this->getGUID(), $user_guid); } - + /** * Determines whether or not this user is on another user's friends list * @@ -251,7 +251,7 @@ * @return true|false */ function isFriendOf($user_guid) { return user_is_friend($user_guid, $this->getGUID()); } - + /** * Retrieves a list of this user's friends * @@ -261,7 +261,7 @@ * @return array|false Array of ElggUsers, or false, depending on success */ function getFriends($subtype = "", $limit = 10, $offset = 0) { return get_user_friends($this->getGUID(), $subtype, $limit, $offset); } - + /** * Retrieves a list of people who have made this user a friend * @@ -271,7 +271,7 @@ * @return array|false Array of ElggUsers, or false, depending on success */ function getFriendsOf($subtype = "", $limit = 10, $offset = 0) { return get_user_friends_of($this->getGUID(), $subtype, $limit, $offset); } - + /** * Get an array of ElggObjects owned by this user. * @@ -289,7 +289,7 @@ * @param int $offset Any indexing offset */ public function getFriendsObjects($subtype = "", $limit = 10, $offset = 0) { return get_user_friends_objects($this->getGUID(), $subtype, $limit, $offset); } - + /** * Counts the number of ElggObjects owned by this user * @@ -309,7 +309,7 @@ * @return unknown */ public function getCollections($subtype="", $limit = 10, $offset = 0) { return get_user_collections($this->getGUID(), $subtype, $limit, $offset); } - + /** * If a user's owner is blank, return its own GUID as the owner * @@ -318,12 +318,12 @@ function getOwner() { if ($this->owner_guid == 0) return $this->getGUID(); - + return $this->owner_guid; } - + // EXPORTABLE INTERFACE //////////////////////////////////////////////////////////// - + /** * Return an array of fields which can be exported. */ @@ -339,20 +339,20 @@ /** * Return the user specific details of a user by a row. - * + * * @param int $guid */ function get_user_entity_as_row($guid) { global $CONFIG; - + /*$row = retrieve_cached_entity_row($guid); if ($row) { // We have already cached this object, so retrieve its value from the cache if (isset($CONFIG->debug) && $CONFIG->debug == true) error_log("** Retrieving sub part of GUID:$guid from cache"); - + return $row; } else @@ -360,17 +360,17 @@ // Object not cached, load it. if (isset($CONFIG->debug) && $CONFIG->debug == true) error_log("** Sub part of GUID:$guid loaded from DB"); - + $guid = (int)$guid; - + return get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where guid=$guid"); //} } - + /** * Create or update the extras table for a given user. * Call create_entity first. - * + * * @param int $guid * @param string $name * @param string $description @@ -379,16 +379,16 @@ function create_user_entity($guid, $name, $username, $password, $salt, $email, $language, $code) { global $CONFIG; - - $guid = (int)$guid; - $name = sanitise_string($name); - $username = sanitise_string($username); + + $guid = (int)$guid; + $name = sanitise_string($name); + $username = sanitise_string($username); $password = sanitise_string($password); $salt = sanitise_string($salt); $email = sanitise_string($email); $language = sanitise_string($language); $code = sanitise_string($code); - + $row = get_entity_as_row($guid); if ($row) { @@ -420,12 +420,12 @@ } } } - + } - + return false; } - + /** * Disables all of a user's entities * @@ -445,9 +445,9 @@ } } return false; - + } - + /** * Ban a user * @@ -457,27 +457,27 @@ function ban_user($user_guid, $reason = "") { global $CONFIG; - + $user_guid = (int)$user_guid; $reason = sanitise_string($reason); - + $user = get_entity($user_guid); - + if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { if (trigger_elgg_event('ban', 'user', $user)) { // Add reason if ($reason) create_metadata($user_guid, 'ban_reason', $reason,'', 0, ACCESS_PUBLIC); - + // Set ban flag return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='yes' where guid=$user_guid"); } - } + } return false; } - + /** * Unban a user. * @@ -486,11 +486,11 @@ function unban_user($user_guid) { global $CONFIG; - + $user_guid = (int)$user_guid; - + $user = get_entity($user_guid); - + if (($user) && ($user->canEdit()) && ($user instanceof ElggUser)) { if (trigger_elgg_event('unban', 'user', $user)) { @@ -498,21 +498,21 @@ return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='no' where guid=$user_guid"); } } - + return false; } - + /** * THIS FUNCTION IS DEPRECATED. - * - * Delete a user's extra data. - * + * + * Delete a user's extra data. + * * @param int $guid */ function delete_user_entity($guid) { system_message(sprintf(elgg_echo('deprecatedfunction'), 'delete_user_entity')); - + return 1; // Always return that we have deleted one row in order to not break existing code. } @@ -528,10 +528,10 @@ $user_guid = (int)$user_guid; $limit = (int)$limit; $offset = (int)$offset; - + return get_entities_from_relationship("member_of_site", $user_guid, false, "site", "", 0, "time_created desc", $limit, $offset); } - + /** * Adds a user to another user's friends list. * @@ -540,7 +540,7 @@ * @return true|false Depending on success */ function user_add_friend($user_guid, $friend_guid) { - $user_guid = (int) $user_guid; + $user_guid = (int) $user_guid; $friend_guid = (int) $friend_guid; if ($user_guid == $friend_guid) return false; if (!$friend = get_entity($friend_guid)) return false; @@ -548,7 +548,7 @@ if ( (!($user instanceof ElggUser)) || (!($friend instanceof ElggUser)) ) return false; return add_entity_relationship($user_guid, "friend", $friend_guid); } - + /** * Removes a user from another user's friends list. * @@ -558,19 +558,19 @@ */ function user_remove_friend($user_guid, $friend_guid) { global $CONFIG; - - $user_guid = (int) $user_guid; + + $user_guid = (int) $user_guid; $friend_guid = (int) $friend_guid; - + // perform cleanup for access lists. $collections = get_user_access_collections($user_guid); foreach ($collections as $collection) { remove_user_from_access_collection($friend_guid, $collection->id); } - + return remove_entity_relationship($user_guid, "friend", $friend_guid); } - + /** * Determines whether or not a user is another user's friend. * @@ -594,7 +594,7 @@ function get_user_friends($user_guid, $subtype = "", $limit = 10, $offset = 0) { return get_entities_from_relationship("friend",$user_guid,false,"user",$subtype,0,"time_created desc",$limit,$offset); } - + /** * Obtains the people who have made a given user a friend * @@ -623,7 +623,7 @@ $ntt = get_entities('object',$subtype, $user_guid, "time_created desc", $limit, $offset,false,0,$user_guid,$timelower, $timeupper); return $ntt; } - + /** * Counts the objects (optionally of a particular subtype) owned by a user * @@ -642,7 +642,7 @@ * Displays a list of user objects of a particular subtype, with navigation. * * @see elgg_view_entity_list - * + * * @param int $user_guid The GUID of the user * @param string $subtype The object subtype * @param int $limit The number of entities to display on a page @@ -652,16 +652,16 @@ * @return string The list in a form suitable to display */ function list_user_objects($user_guid, $subtype = "", $limit = 10, $fullview = true, $viewtypetoggle = true, $pagination = true, $timelower = 0, $timeupper = 0) { - + $offset = (int) get_input('offset'); $limit = (int) $limit; $count = (int) count_user_objects($user_guid, $subtype,$timelower,$timeupper); $entities = get_user_objects($user_guid, $subtype, $limit, $offset, $timelower, $timeupper); - + return elgg_view_entity_list($entities, $count, $offset, $limit, $fullview, $viewtypetoggle, $pagination); - + } - + /** * Obtains a list of objects owned by a user's friends * @@ -681,7 +681,7 @@ } return false; } - + /** * Counts the number of objects owned by a user's friends * @@ -704,7 +704,7 @@ * Displays a list of a user's friends' objects of a particular subtype, with navigation. * * @see elgg_view_entity_list - * + * * @param int $user_guid The GUID of the user * @param string $subtype The object subtype * @param int $limit The number of entities to display on a page @@ -713,16 +713,16 @@ * @return string The list in a form suitable to display */ function list_user_friends_objects($user_guid, $subtype = "", $limit = 10, $fullview = true, $viewtypetoggle = true, $pagination = true) { - + $offset = (int) get_input('offset'); $limit = (int) $limit; $count = (int) count_user_friends_objects($user_guid, $subtype); $entities = get_user_friends_objects($user_guid, $subtype, $limit, $offset); - + return elgg_view_entity_list($entities, $count, $offset, $limit, $fullview, $viewtypetoggle, $pagination); - + } - + /** * Get user objects by an array of metadata * @@ -735,33 +735,33 @@ * @return unknown */ function get_user_objects_by_metadata($user_guid, $subtype = "", $metadata = array(), $limit = 0, $offset = 0) { - + return get_entities_from_metadata_multi($metadata,"object",$subtype,$user_guid,$limit,$offset); - + } - + /** * Get a user object from a GUID. - * + * * This function returns an ElggUser from a given GUID. * @param int $guid The GUID - * @return ElggUser|false + * @return ElggUser|false */ function get_user($guid) { if (!empty($guid)) // Fixes "Exception thrown without stack frame" when db_select fails $result = get_entity($guid); - + if ((!empty($result)) && (!($result instanceof ElggUser))) //throw new InvalidClassException(sprintf(elgg_echo('InvalidClassException:NotValidElggStar'), $guid, 'ElggUser')); return false; - + if (!empty($result)) return $result; - - return false; + + return false; } - + /** * Get user by username * @@ -771,23 +771,23 @@ function get_user_by_username($username) { global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE; - + $username = sanitise_string($username); $access = get_access_sql_suffix('e'); - + // Caching if ( (isset($USERNAME_TO_GUID_MAP_CACHE[$username])) && (retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username])) ) return retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username]); - + $row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.username='$username' and $access "); if ($row) { $USERNAME_TO_GUID_MAP_CACHE[$username] = $row->guid; return new ElggUser($row); - } - + } + return false; } - + /** * Get user by session code * @@ -797,24 +797,24 @@ function get_user_by_code($code) { global $CONFIG, $CODE_TO_GUID_MAP_CACHE; - + $code = sanitise_string($code); - + $access = get_access_sql_suffix('e'); - + // Caching if ( (isset($CODE_TO_GUID_MAP_CACHE[$code])) && (retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code])) ) return retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code]); - + $row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.code='$code' and $access"); if ($row) { $CODE_TO_GUID_MAP_CACHE[$code] = $row->guid; return new ElggUser($row); - } - + } + return false; } - + /** * Get an array of users from their * @@ -824,16 +824,16 @@ function get_user_by_email($email) { global $CONFIG; - + $email = sanitise_string($email); - + $access = get_access_sql_suffix('e'); - + $query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email' and $access"; - + return get_data($query, 'entity_row_to_elggstar'); } - + /** * Searches for a user based on a complete or partial name or username. * @@ -841,31 +841,31 @@ * @param int $limit Limit of the search. * @param int $offset Offset. * @param string $order_by The order. - * @param boolean $count Whether to return the count of results or just the results. + * @param boolean $count Whether to return the count of results or just the results. */ function search_for_user($criteria, $limit = 10, $offset = 0, $order_by = "", $count = false) { global $CONFIG; - + $criteria = sanitise_string($criteria); $limit = (int)$limit; $offset = (int)$offset; $order_by = sanitise_string($order_by); - + $access = get_access_sql_suffix("e"); - + if ($order_by == "") $order_by = "e.time_created desc"; - + if ($count) { $query = "SELECT count(e.guid) as total "; } else { - $query = "SELECT e.* "; + $query = "SELECT e.* "; } $query .= "from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where "; // $query .= " match(u.name,u.username) against ('$criteria') "; $query .= "(u.name like \"%{$criteria}%\" or u.username like \"%{$criteria}%\")"; $query .= " and $access"; - + if (!$count) { $query .= " order by $order_by limit $offset, $limit"; // Add order and limit return get_data($query, "entity_row_to_elggstar"); @@ -876,29 +876,29 @@ } return false; } - + /** * Displays a list of user objects that have been searched for. * * @see elgg_view_entity_list - * + * * @param string $tag Search criteria * @param int $limit The number of entities to display on a page * @return string The list in a form suitable to display */ function list_user_search($tag, $limit = 10) { - + $offset = (int) get_input('offset'); $limit = (int) $limit; $count = (int) search_for_user($tag, 10, 0, '', true); $entities = search_for_user($tag, $limit, $offset); - + return elgg_view_entity_list($entities, $count, $offset, $limit, $fullview, false); - + } - + /** - * A function that returns a maximum of $limit users who have done something within the last + * A function that returns a maximum of $limit users who have done something within the last * $seconds seconds. * * @param int $seconds Number of seconds (default 600 = 10min) @@ -908,20 +908,20 @@ function find_active_users($seconds = 600, $limit = 10, $offset = 0) { global $CONFIG; - + $seconds = (int)$seconds; $limit = (int)$limit; $offset = (int)$offset; - + $time = time() - $seconds; $access = get_access_sql_suffix("e"); - + $query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid = u.guid where u.last_action >= {$time} and $access order by u.last_action desc limit {$offset},{$limit}"; - + return get_data($query, "entity_row_to_elggstar"); } - + /** * Generate and send a password request email to a given user's registered email address. * @@ -930,9 +930,9 @@ function send_new_password_request($user_guid) { global $CONFIG; - + $user_guid = (int)$user_guid; - + $user = get_entity($user_guid); if ($user) { @@ -940,50 +940,50 @@ $code = generate_random_cleartext_password(); //create_metadata($user_guid, 'conf_code', $code,'', 0, ACCESS_PRIVATE); set_private_setting($user_guid, 'passwd_conf_code', $code); - + // generate link $link = $CONFIG->site->url . "action/user/passwordreset?u=$user_guid&c=$code"; - + // generate email $email = sprintf(elgg_echo('email:resetreq:body'), $user->name, $_SERVER['REMOTE_ADDR'], $link); - + return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetreq:subject'), $email, NULL, 'email'); } - + return false; } - + /** - * Low level function to reset a given user's password. - * + * Low level function to reset a given user's password. + * * This can only be called from execute_new_password_request(). - * + * * @param int $user_guid The user. * @param string $password password text (which will then be converted into a hash and stored) */ function force_user_password_reset($user_guid, $password) { global $CONFIG; - + if (call_gatekeeper('execute_new_password_request', __FILE__)) { $user = get_entity($user_guid); - + if ($user) { $salt = generate_random_cleartext_password(); // Reset the salt $user->salt = $salt; - + $hash = generate_user_password($user, $password); - + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash', salt='$salt' where guid=$user_guid"); } } - + return false; } - + /** * Validate and execute a password reset for a user. * @@ -993,28 +993,28 @@ function execute_new_password_request($user_guid, $conf_code) { global $CONFIG; - + $user_guid = (int)$user_guid; - + $user = get_entity($user_guid); if (($user) && (get_private_setting($user_guid, 'passwd_conf_code') == $conf_code)) { $password = generate_random_cleartext_password(); - + if (force_user_password_reset($user_guid, $password)) { //remove_metadata($user_guid, 'conf_code'); remove_private_setting($user_guid, 'passwd_conf_code'); - + $email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password); - + return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email'); } } - + return false; } - + /** * Set the validation status for a user. * @@ -1025,7 +1025,7 @@ function set_user_validation_status($user_guid, $status, $method = '') { if (!$status) $method = ''; - + if ($status) { if ( @@ -1038,7 +1038,7 @@ { $validated = get_metadata_byname($user_guid, 'validated'); $validated_method = get_metadata_byname($user_guid, 'validated_method'); - + if ( ($validated) && ($validated_method) && @@ -1047,15 +1047,15 @@ ) return true; } - + return false; } - + /** * Trigger an event requesting that a user guid be validated somehow - either by email address or some other way. * * This event invalidates any existing values and returns - * + * * @param unknown_type $user_guid */ function request_user_validation($user_guid) @@ -1066,13 +1066,13 @@ { // invalidate any existing validations set_user_validation_status($user_guid, false); - + // request validation trigger_elgg_event('validate', 'user', $user); - + } } - + /** * Validates an email address. * @@ -1082,16 +1082,16 @@ function is_email_address($address) { // TODO: Make this better! - - if (strpos($address, '@')=== false) + + if (strpos($address, '@')=== false) return false; - + if (strpos($address, '.')=== false) return false; - + return true; } - + /** * Simple function that will generate a random clear text password suitable for feeding into generate_user_password(). * @@ -1102,10 +1102,10 @@ { return substr(md5(microtime() . rand()), 0, 8); } - + /** * Generate a password for a user, currently uses MD5. - * + * * Later may introduce salting etc. * * @param ElggUser $user The user this is being generated for. @@ -1115,10 +1115,10 @@ { return md5($password . $user->salt); } - + /** * Simple function which ensures that a username contains only valid characters. - * + * * This should only permit chars that are valid on the file system as well. * * @param string $username @@ -1127,17 +1127,17 @@ function validate_username($username) { global $CONFIG; - + // Basic, check length if (!isset($CONFIG->minusername)) { $CONFIG->minusername = 4; } - + if (strlen($username) < $CONFIG->minusername) throw new RegistrationException(elgg_echo('registration:usernametooshort')); - + // Blacklist for bad characters (partially nicked from mediawiki) - + $blacklist = '/[' . '\x{0080}-\x{009f}' . # iso-8859-1 control chars '\x{00a0}' . # non-breaking space @@ -1146,22 +1146,22 @@ '\x{3000}' . # ideographic space '\x{e000}-\x{f8ff}' . # private use ']/u'; - + if ( - preg_match($blacklist, $username) + preg_match($blacklist, $username) ) throw new RegistrationException(elgg_echo('registration:invalidchars')); - + // Belts and braces TODO: Tidy into main unicode $blacklist2 = '/\\"\'*& ?#%^(){}[]~?<>;|¬`@-+='; for ($n=0; $n < strlen($blacklist2); $n++) if (strpos($username, $blacklist2[$n])!==false) throw new RegistrationException(elgg_echo('registration:invalidchars')); - + $result = true; return trigger_plugin_hook('registeruser:validate:username', 'all', array('username' => $username), $result); } - + /** * Simple validation of a password. * @@ -1171,11 +1171,11 @@ function validate_password($password) { if (strlen($password)<6) throw new RegistrationException(elgg_echo('registration:passwordtooshort')); - + $result = true; return trigger_plugin_hook('registeruser:validate:password', 'all', array('password' => $password), $result); } - + /** * Simple validation of a email. * @@ -1186,12 +1186,12 @@ function validate_email_address($address) { if (!is_email_address($address)) throw new RegistrationException(elgg_echo('registration:notemail')); - + // Got here, so lets try a hook (defaulting to ok) $result = true; return trigger_plugin_hook('registeruser:validate:email', 'all', array('email' => $address), $result); } - + /** * Registers a user, returning false if the username already exists * @@ -1200,58 +1200,59 @@ * @param string $name The user's display name * @param string $email Their email address * @param bool $allow_multiple_emails Allow the same email address to be registered multiple times? - * @param int $friend_guid Optionally, GUID of a user this user will friend once fully registered + * @param int $friend_guid Optionally, GUID of a user this user will friend once fully registered * @return int|false The new user's GUID; false on failure */ function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') { - + // Load the configuration global $CONFIG; - + $username = trim($username); - $password = trim($password); + // no need to trim password. + $password = $password; $name = trim($name); $email = trim($email); - + // A little sanity checking if (empty($username) || empty($password) || empty($name) || empty($email)) { return false; - } - + } + // See if it exists and is disabled $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); - + // Validate email address if (!validate_email_address($email)) throw new RegistrationException(elgg_echo('registration:emailnotvalid')); - + // Validate password if (!validate_password($password)) throw new RegistrationException(elgg_echo('registration:passwordnotvalid')); - + // Validate the username if (!validate_username($username)) throw new RegistrationException(elgg_echo('registration:usernamenotvalid')); - + // Check to see if $username exists already if ($user = get_user_by_username($username)) { //return false; throw new RegistrationException(elgg_echo('registration:userexists')); } - + // If we're not allowed multiple emails then see if this address has been used before if ((!$allow_multiple_emails) && (get_user_by_email($email))) { throw new RegistrationException(elgg_echo('registration:dupeemail')); } - + access_show_hidden_entities($access_status); - + // Check to see if we've registered the first admin yet. // If not, this is the first admin user! $admin = datalist_get('admin_registered'); - + // Otherwise ... $user = new ElggUser(); $user->username = $username; @@ -1259,11 +1260,11 @@ $user->name = $name; $user->access_id = ACCESS_PUBLIC; $user->salt = generate_random_cleartext_password(); // Note salt generated before password! - $user->password = generate_user_password($user, $password); + $user->password = generate_user_password($user, $password); $user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created. $user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created. $user->save(); - + // If $friend_guid has been set, make mutual friends if ($friend_guid) { if ($friend_user = get_user($friend_guid)) { @@ -1273,7 +1274,7 @@ } } } - + global $registering_admin; if (!$admin) { $user->admin = true; @@ -1282,13 +1283,13 @@ } else { $registering_admin = false; } - + // Turn on email notifications by default set_user_notification_setting($user->getGUID(), 'email', true); - + return $user->getGUID(); } - + /** * Generates a unique invite code for a user * @@ -1296,14 +1297,14 @@ * @return string Invite code */ function generate_invite_code($username) { - + $secret = datalist_get('__site_secret__'); return md5($username . $secret); - + } - + /** - * Adds collection submenu items + * Adds collection submenu items * */ function collections_submenu_items() { @@ -1312,13 +1313,13 @@ add_submenu_item(elgg_echo('friends:collections'), $CONFIG->wwwroot . "pg/collections/" . $user->username); add_submenu_item(elgg_echo('friends:collections:add'),$CONFIG->wwwroot."pg/collections/add"); } - + /** * Page handler for friends * */ function friends_page_handler($page_elements) { - + if (isset($page_elements[0]) && $user = get_user_by_username($page_elements[0])) { set_page_owner($user->getGUID()); } @@ -1326,15 +1327,15 @@ collections_submenu_items(); } require_once(dirname(dirname(dirname(__FILE__))) . "/friends/index.php"); - + } - + /** * Page handler for friends of * */ function friends_of_page_handler($page_elements) { - + if (isset($page_elements[0]) && $user = get_user_by_username($page_elements[0])) { set_page_owner($user->getGUID()); } @@ -1342,20 +1343,20 @@ collections_submenu_items(); } require_once(dirname(dirname(dirname(__FILE__))) . "/friends/of.php"); - + } - + /** * Page handler for friends of * */ function collections_page_handler($page_elements) { - + if (isset($page_elements[0])) { if ($page_elements[0] == "add") { set_page_owner($_SESSION['guid']); collections_submenu_items(); - require_once(dirname(dirname(dirname(__FILE__))) . "/friends/add.php"); + require_once(dirname(dirname(dirname(__FILE__))) . "/friends/add.php"); } else { if ($user = get_user_by_username($page_elements[0])) { set_page_owner($user->getGUID()); @@ -1366,9 +1367,9 @@ } } } - + } - + /** * Page handler for dashboard */ @@ -1382,34 +1383,34 @@ * @param int $user_guid The user GUID */ function set_last_action($user_guid) { - + $user_guid = (int) $user_guid; global $CONFIG; $time = time(); - + execute_delayed_write_query("UPDATE {$CONFIG->dbprefix}users_entity set prev_last_action = last_action, last_action = {$time} where guid = {$user_guid}"); - + } - + /** * Sets the last logon time of the given user to right now. * * @param int $user_guid The user GUID */ function set_last_login($user_guid) { - + $user_guid = (int) $user_guid; global $CONFIG; $time = time(); - + execute_delayed_write_query("UPDATE {$CONFIG->dbprefix}users_entity set prev_last_login = last_login, last_login = {$time} where guid = {$user_guid}"); - + } - + /** * A permissions plugin hook that grants access to users if they are newly created - allows * for email activation. - * + * * TODO: Do this in a better way! * * @param unknown_type $hook @@ -1430,96 +1431,96 @@ )) && (!isloggedin())) return true; - + } - + return $returnvalue; } - + /** * Sets up user-related menu items * */ function users_pagesetup() { - + // Load config global $CONFIG; - + //add submenu options - if (get_context() == "friends" || - get_context() == "friendsof" || + if (get_context() == "friends" || + get_context() == "friendsof" || get_context() == "collections") { add_submenu_item(elgg_echo('friends'),$CONFIG->wwwroot."pg/friends/" . page_owner_entity()->username); add_submenu_item(elgg_echo('friends:of'),$CONFIG->wwwroot."pg/friendsof/" . page_owner_entity()->username); } - + } - + /** * Users initialisation function, which establishes the page handler * */ function users_init() { - + // Load config global $CONFIG; - + // Set up menu for logged in users if (isloggedin()) { $user = get_loggedin_user(); add_menu(elgg_echo('friends'), $CONFIG->wwwroot . "pg/friends/" . $user->username); } - + register_page_handler('friends','friends_page_handler'); register_page_handler('friendsof','friends_of_page_handler'); register_page_handler('collections','collections_page_handler'); register_page_handler('dashboard','dashboard_page_handler'); register_action("register",true); - register_action("useradd",true); + register_action("useradd",true); register_action("friends/add"); - register_action("friends/remove"); + register_action("friends/remove"); register_action('friends/addcollection'); register_action('friends/deletecollection'); - register_action('friends/editcollection'); - register_action("user/spotlight"); + register_action('friends/editcollection'); + register_action("user/spotlight"); register_action("usersettings/save"); - + register_action("user/passwordreset"); register_action("user/requestnewpassword"); - + // User name change extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1); //register_action("user/name"); - + // User password change extend_elgg_settings_page('user/settings/password', 'usersettings/user', 1); //register_action("user/password"); - + // Add email settings extend_elgg_settings_page('user/settings/email', 'usersettings/user', 1); //register_action("email/save"); - + // Add language settings extend_elgg_settings_page('user/settings/language', 'usersettings/user', 1); - + // Add default access settings extend_elgg_settings_page('user/settings/default_access', 'usersettings/user', 1); - + //register_action("user/language"); - + // Register the user type register_entity_type('user',''); - + register_plugin_hook('usersettings:save','user','users_settings_save'); register_plugin_hook('search','all','search_list_users_by_name'); - - + + // Handle a special case for newly created users when the user is not logged in // TODO: handle this better! register_plugin_hook('permissions_check','all','new_user_enable_permissions_check'); } - + /** * Returns a formatted list of users suitable for injecting into search. * @@ -1530,37 +1531,37 @@ $threshold = 4; $object = get_input('object'); - + if (!get_input('offset') && (empty($object) || $object == 'user')) if ($users = search_for_user($tag,$threshold)) { - + $countusers = search_for_user($tag,0,0,"",true); - + $return = elgg_view('user/search/startblurb',array('count' => $countusers, 'tag' => $tag)); foreach($users as $user) { $return .= elgg_view_entity($user); } $return .= elgg_view('user/search/finishblurb',array('count' => $countusers, 'threshold' => $threshold, 'tag' => $tag)); return $return; - + } - + } - + function users_settings_save() { - + global $CONFIG; include($CONFIG->path . "actions/user/name.php"); include($CONFIG->path . "actions/user/password.php"); include($CONFIG->path . "actions/email/save.php"); include($CONFIG->path . "actions/user/language.php"); include($CONFIG->path . "actions/user/default_access.php"); - + } - + //register actions ************************************************************* - - register_elgg_event_handler('init','system','users_init',0); - register_elgg_event_handler('pagesetup','system','users_pagesetup',0); - + + register_elgg_event_handler('init','system','users_init',0); + register_elgg_event_handler('pagesetup','system','users_pagesetup',0); + ?>
\ No newline at end of file |