aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/access.php6
-rw-r--r--engine/lib/admin.php19
-rw-r--r--engine/lib/entities.php15
-rw-r--r--engine/lib/users.php603
4 files changed, 324 insertions, 319 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php
index c3f5b7f0a..0942c2e61 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -142,7 +142,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
}
}
- $ignore_access = elgg_is_ignore_access($user_id);
+ $ignore_access = elgg_check_access_overrides($user_id);
if ($ignore_access == true) {
$tmp_access_array[] = ACCESS_PRIVATE;
@@ -799,7 +799,7 @@ function elgg_get_ignore_access() {
*
* @return bool
*/
-function elgg_is_ignore_access($user_guid = null) {
+function elgg_check_access_overrides($user_guid = null) {
if (!$user_guid || $user_guid <= 0) {
$is_admin = false;
} else {
@@ -837,4 +837,4 @@ function access_init() {
}
// This function will let us know when 'init' has finished
-register_elgg_event_handler('init','system','access_init',9999); \ No newline at end of file
+register_elgg_event_handler('init', 'system', 'access_init', 9999); \ No newline at end of file
diff --git a/engine/lib/admin.php b/engine/lib/admin.php
index c598295be..1ba971347 100644
--- a/engine/lib/admin.php
+++ b/engine/lib/admin.php
@@ -111,13 +111,12 @@ function admin_settings_page_handler($page) {
* @return true|null True if the current user is an admin.
*/
function admin_permissions($hook, $type, $returnval, $params) {
- if (is_array($params) && !empty($params['user']) && $params['user'] instanceof ElggUser) {
-
- $admin = $params['user']->admin;
- if ($admin) {
- return true;
- }
+ if (elgg_check_access_overrides()) {
+ return true;
}
+
+ // consult other hooks
+ return NULL;
}
/**
@@ -164,9 +163,9 @@ function clear_admin_message($guid) {
}
/// Register init functions
-register_elgg_event_handler('init','system','admin_init');
-register_elgg_event_handler('pagesetup','system','admin_pagesetup');
+register_elgg_event_handler('init', 'system', 'admin_init');
+register_elgg_event_handler('pagesetup', 'system', 'admin_pagesetup');
// Register a plugin hook for permissions
-register_plugin_hook('permissions_check','all','admin_permissions');
-register_plugin_hook('container_permissions_check','all','admin_permissions'); \ No newline at end of file
+register_plugin_hook('permissions_check', 'all', 'admin_permissions');
+register_plugin_hook('container_permissions_check', 'all', 'admin_permissions'); \ No newline at end of file
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 51d5cac25..211fbc05c 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -1951,7 +1951,7 @@ function delete_entity($guid, $recursive = true) {
$guid = (int)$guid;
if ($entity = get_entity($guid)) {
- if (trigger_elgg_event('delete',$entity->type,$entity)) {
+ if (trigger_elgg_event('delete', $entity->type, $entity)) {
if ($entity->canEdit()) {
// Delete contained owned and otherwise releated objects (depth first)
@@ -2001,8 +2001,9 @@ function delete_entity($guid, $recursive = true) {
break;
}
- if ($sub_table)
+ if ($sub_table) {
delete_data("DELETE from $sub_table where guid={$guid}");
+ }
}
return $res;
@@ -2227,11 +2228,14 @@ function can_edit_entity($entity_guid, $user_guid = 0) {
$return = true;
}
if ($container_entity = get_entity($entity->container_guid)) {
- if ($container_entity->canEdit()) $return = true;
+ if ($container_entity->canEdit()) {
+ $return = true;
+ }
}
}
- return trigger_plugin_hook('permissions_check', $entity->type,array('entity' => $entity, 'user' => $user), $return);
+ return trigger_plugin_hook('permissions_check', $entity->type,
+ array('entity' => $entity, 'user' => $user), $return);
} else {
return false;
@@ -2964,7 +2968,8 @@ function recursive_delete_permissions_check($hook, $entity_type, $returnvalue, $
return true;
}
- return false;
+ // consult next function
+ return NULL;
}
/**
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 3a65aac56..6aecdc669 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -3,7 +3,7 @@
/**
* Elgg users
* Functions to manage multiple or single users in an Elgg install
- *
+ *
* @package Elgg
* @subpackage Core
@@ -14,15 +14,15 @@
/// Map a username to a cached GUID
$USERNAME_TO_GUID_MAP_CACHE = array();
-
+
/// Map a user code to a cached GUID
$CODE_TO_GUID_MAP_CACHE = array();
/**
* ElggUser
- *
+ *
* Representation of a "user" in the system.
- *
+ *
* @package Elgg
* @subpackage Core
*/
@@ -30,15 +30,15 @@
implements Friendable
{
/**
- * Initialise the attributes array.
+ * Initialise the attributes array.
* This is vital to distinguish between metadata and base parameters.
- *
+ *
* Place your base parameters here.
*/
protected function initialise_attributes()
{
parent::initialise_attributes();
-
+
$this->attributes['type'] = "user";
$this->attributes['name'] = "";
$this->attributes['username'] = "";
@@ -50,87 +50,87 @@
$this->attributes['banned'] = "no";
$this->attributes['tables_split'] = 2;
}
-
+
/**
* Construct a new user entity, optionally from a given id value.
*
- * @param mixed $guid If an int, load that GUID.
+ * @param mixed $guid If an int, load that GUID.
* If a db row then will attempt to load the rest of the data.
- * @throws Exception if there was a problem creating the user.
+ * @throws Exception if there was a problem creating the user.
*/
- function __construct($guid = null)
- {
+ function __construct($guid = null)
+ {
$this->initialise_attributes();
-
+
if (!empty($guid))
{
// Is $guid is a DB row - either a entity row, or a user table row.
- if ($guid instanceof stdClass) {
+ if ($guid instanceof stdClass) {
// Load the rest
if (!$this->load($guid->guid))
- throw new IOException(sprintf(elgg_echo('IOException:FailedToLoadGUID'), get_class(), $guid->guid));
+ throw new IOException(sprintf(elgg_echo('IOException:FailedToLoadGUID'), get_class(), $guid->guid));
}
-
+
// See if this is a username
else if (is_string($guid))
- {
+ {
$guid = get_user_by_username($guid);
foreach ($guid->attributes as $key => $value)
- $this->attributes[$key] = $value;
-
+ $this->attributes[$key] = $value;
+
}
-
+
// Is $guid is an ElggUser? Use a copy constructor
else if ($guid instanceof ElggUser)
- {
- foreach ($guid->attributes as $key => $value)
- $this->attributes[$key] = $value;
+ {
+ foreach ($guid->attributes as $key => $value)
+ $this->attributes[$key] = $value;
}
-
+
// Is this is an ElggEntity but not an ElggUser = ERROR!
else if ($guid instanceof ElggEntity)
throw new InvalidParameterException(elgg_echo('InvalidParameterException:NonElggUser'));
-
+
// We assume if we have got this far, $guid is an int
- else if (is_numeric($guid)) {
+ else if (is_numeric($guid)) {
if (!$this->load($guid)) IOException(sprintf(elgg_echo('IOException:FailedToLoadGUID'), get_class(), $guid));
}
-
+
else
throw new InvalidParameterException(elgg_echo('InvalidParameterException:UnrecognisedValue'));
}
}
-
+
/**
* Override the load function.
* This function will ensure that all data is loaded (were possible), so
* if only part of the ElggUser is loaded, it'll load the rest.
- *
+ *
* @param int $guid
- * @return true|false
+ * @return true|false
*/
protected function load($guid)
- {
+ {
// Test to see if we have the generic stuff
- if (!parent::load($guid))
+ if (!parent::load($guid))
return false;
// Check the type
if ($this->attributes['type']!='user')
throw new InvalidClassException(sprintf(elgg_echo('InvalidClassException:NotValidElggStar'), $guid, get_class()));
-
+
// Load missing data
$row = get_user_entity_as_row($guid);
- if (($row) && (!$this->isFullyLoaded())) $this->attributes['tables_loaded'] ++; // If $row isn't a cached copy then increment the counter
-
+ if (($row) && (!$this->isFullyLoaded())) $this->attributes['tables_loaded'] ++; // If $row isn't a cached copy then increment the counter
+
// Now put these into the attributes array as core values
$objarray = (array) $row;
- foreach($objarray as $key => $value)
+ foreach($objarray as $key => $value)
$this->attributes[$key] = $value;
-
+
return true;
}
-
+
/**
* Saves this user to the database.
* @return true|false
@@ -140,11 +140,11 @@
// Save generic stuff
if (!parent::save())
return false;
-
+
// Now save specific stuff
return create_user_entity($this->get('guid'), $this->get('name'), $this->get('username'), $this->get('password'), $this->get('salt'), $this->get('email'), $this->get('language'), $this->get('code'));
}
-
+
/**
* User specific override of the entity delete method.
*
@@ -155,30 +155,30 @@
// Delete owned data
clear_annotations_by_owner($this->guid);
clear_metadata_by_owner($this->guid);
-
+
// Delete entity
return parent::delete();
}
-
+
/**
* Ban this user.
*
* @param string $reason Optional reason
*/
public function ban($reason = "") { return ban_user($this->guid, $reason); }
-
+
/**
* Unban this user.
*/
public function unban() { return unban_user($this->guid); }
-
+
/**
* Is this user banned or not?
*
* @return bool
*/
public function isBanned() { return $this->banned == 'yes'; }
-
+
/**
* Get sites that this user is a member of
*
@@ -190,7 +190,7 @@
// return get_site_users($this->getGUID(), $subtype, $limit, $offset);
return get_user_sites($this->getGUID(), $subtype, $limit, $offset);
}
-
+
/**
* Add this user to a particular site
*
@@ -198,10 +198,10 @@
* @return true|false
*/
function addToSite($site_guid) {
- // return add_site_user($this->getGUID(), $site_guid);
+ // return add_site_user($this->getGUID(), $site_guid);
return add_site_user($site_guid, $this->getGUID());
}
-
+
/**
* Remove this user from a particular site
*
@@ -212,7 +212,7 @@
//return remove_site_user($this->getGUID(), $site_guid);
return remove_site_user($site_guid, $this->getGUID());
}
-
+
/**
* Adds a user to this user's friends list
*
@@ -220,7 +220,7 @@
* @return true|false Depending on success
*/
function addFriend($friend_guid) { return user_add_friend($this->getGUID(), $friend_guid); }
-
+
/**
* Removes a user from this user's friends list
*
@@ -228,14 +228,14 @@
* @return true|false Depending on success
*/
function removeFriend($friend_guid) { return user_remove_friend($this->getGUID(), $friend_guid); }
-
+
/**
* Determines whether or not this user is a friend of the currently logged in user
*
* @return true|false
*/
function isFriend() { return user_is_friend(get_loggedin_userid(), $this->getGUID()); }
-
+
/**
* Determines whether this user is friends with another user
*
@@ -243,7 +243,7 @@
* @return true|false
*/
function isFriendsWith($user_guid) { return user_is_friend($this->getGUID(), $user_guid); }
-
+
/**
* Determines whether or not this user is on another user's friends list
*
@@ -251,7 +251,7 @@
* @return true|false
*/
function isFriendOf($user_guid) { return user_is_friend($user_guid, $this->getGUID()); }
-
+
/**
* Retrieves a list of this user's friends
*
@@ -261,7 +261,7 @@
* @return array|false Array of ElggUsers, or false, depending on success
*/
function getFriends($subtype = "", $limit = 10, $offset = 0) { return get_user_friends($this->getGUID(), $subtype, $limit, $offset); }
-
+
/**
* Retrieves a list of people who have made this user a friend
*
@@ -271,7 +271,7 @@
* @return array|false Array of ElggUsers, or false, depending on success
*/
function getFriendsOf($subtype = "", $limit = 10, $offset = 0) { return get_user_friends_of($this->getGUID(), $subtype, $limit, $offset); }
-
+
/**
* Get an array of ElggObjects owned by this user.
*
@@ -289,7 +289,7 @@
* @param int $offset Any indexing offset
*/
public function getFriendsObjects($subtype = "", $limit = 10, $offset = 0) { return get_user_friends_objects($this->getGUID(), $subtype, $limit, $offset); }
-
+
/**
* Counts the number of ElggObjects owned by this user
*
@@ -309,7 +309,7 @@
* @return unknown
*/
public function getCollections($subtype="", $limit = 10, $offset = 0) { return get_user_collections($this->getGUID(), $subtype, $limit, $offset); }
-
+
/**
* If a user's owner is blank, return its own GUID as the owner
*
@@ -318,12 +318,12 @@
function getOwner() {
if ($this->owner_guid == 0)
return $this->getGUID();
-
+
return $this->owner_guid;
}
-
+
// EXPORTABLE INTERFACE ////////////////////////////////////////////////////////////
-
+
/**
* Return an array of fields which can be exported.
*/
@@ -339,20 +339,20 @@
/**
* Return the user specific details of a user by a row.
- *
+ *
* @param int $guid
*/
function get_user_entity_as_row($guid)
{
global $CONFIG;
-
+
/*$row = retrieve_cached_entity_row($guid);
if ($row)
{
// We have already cached this object, so retrieve its value from the cache
if (isset($CONFIG->debug) && $CONFIG->debug == true)
error_log("** Retrieving sub part of GUID:$guid from cache");
-
+
return $row;
}
else
@@ -360,17 +360,17 @@
// Object not cached, load it.
if (isset($CONFIG->debug) && $CONFIG->debug == true)
error_log("** Sub part of GUID:$guid loaded from DB");
-
+
$guid = (int)$guid;
-
+
return get_data_row("SELECT * from {$CONFIG->dbprefix}users_entity where guid=$guid");
//}
}
-
+
/**
* Create or update the extras table for a given user.
* Call create_entity first.
- *
+ *
* @param int $guid
* @param string $name
* @param string $description
@@ -379,16 +379,16 @@
function create_user_entity($guid, $name, $username, $password, $salt, $email, $language, $code)
{
global $CONFIG;
-
- $guid = (int)$guid;
- $name = sanitise_string($name);
- $username = sanitise_string($username);
+
+ $guid = (int)$guid;
+ $name = sanitise_string($name);
+ $username = sanitise_string($username);
$password = sanitise_string($password);
$salt = sanitise_string($salt);
$email = sanitise_string($email);
$language = sanitise_string($language);
$code = sanitise_string($code);
-
+
$row = get_entity_as_row($guid);
if ($row)
{
@@ -420,12 +420,12 @@
}
}
}
-
+
}
-
+
return false;
}
-
+
/**
* Disables all of a user's entities
*
@@ -445,9 +445,9 @@
}
}
return false;
-
+
}
-
+
/**
* Ban a user
*
@@ -457,27 +457,27 @@
function ban_user($user_guid, $reason = "")
{
global $CONFIG;
-
+
$user_guid = (int)$user_guid;
$reason = sanitise_string($reason);
-
+
$user = get_entity($user_guid);
-
+
if (($user) && ($user->canEdit()) && ($user instanceof ElggUser))
{
if (trigger_elgg_event('ban', 'user', $user)) {
// Add reason
if ($reason)
create_metadata($user_guid, 'ban_reason', $reason,'', 0, ACCESS_PUBLIC);
-
+
// Set ban flag
return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='yes' where guid=$user_guid");
}
- }
+ }
return false;
}
-
+
/**
* Unban a user.
*
@@ -486,11 +486,11 @@
function unban_user($user_guid)
{
global $CONFIG;
-
+
$user_guid = (int)$user_guid;
-
+
$user = get_entity($user_guid);
-
+
if (($user) && ($user->canEdit()) && ($user instanceof ElggUser))
{
if (trigger_elgg_event('unban', 'user', $user)) {
@@ -498,21 +498,21 @@
return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='no' where guid=$user_guid");
}
}
-
+
return false;
}
-
+
/**
* THIS FUNCTION IS DEPRECATED.
- *
- * Delete a user's extra data.
- *
+ *
+ * Delete a user's extra data.
+ *
* @param int $guid
*/
function delete_user_entity($guid)
{
system_message(sprintf(elgg_echo('deprecatedfunction'), 'delete_user_entity'));
-
+
return 1; // Always return that we have deleted one row in order to not break existing code.
}
@@ -528,10 +528,10 @@
$user_guid = (int)$user_guid;
$limit = (int)$limit;
$offset = (int)$offset;
-
+
return get_entities_from_relationship("member_of_site", $user_guid, false, "site", "", 0, "time_created desc", $limit, $offset);
}
-
+
/**
* Adds a user to another user's friends list.
*
@@ -540,7 +540,7 @@
* @return true|false Depending on success
*/
function user_add_friend($user_guid, $friend_guid) {
- $user_guid = (int) $user_guid;
+ $user_guid = (int) $user_guid;
$friend_guid = (int) $friend_guid;
if ($user_guid == $friend_guid) return false;
if (!$friend = get_entity($friend_guid)) return false;
@@ -548,7 +548,7 @@
if ( (!($user instanceof ElggUser)) || (!($friend instanceof ElggUser)) ) return false;
return add_entity_relationship($user_guid, "friend", $friend_guid);
}
-
+
/**
* Removes a user from another user's friends list.
*
@@ -558,19 +558,19 @@
*/
function user_remove_friend($user_guid, $friend_guid) {
global $CONFIG;
-
- $user_guid = (int) $user_guid;
+
+ $user_guid = (int) $user_guid;
$friend_guid = (int) $friend_guid;
-
+
// perform cleanup for access lists.
$collections = get_user_access_collections($user_guid);
foreach ($collections as $collection) {
remove_user_from_access_collection($friend_guid, $collection->id);
}
-
+
return remove_entity_relationship($user_guid, "friend", $friend_guid);
}
-
+
/**
* Determines whether or not a user is another user's friend.
*
@@ -594,7 +594,7 @@
function get_user_friends($user_guid, $subtype = "", $limit = 10, $offset = 0) {
return get_entities_from_relationship("friend",$user_guid,false,"user",$subtype,0,"time_created desc",$limit,$offset);
}
-
+
/**
* Obtains the people who have made a given user a friend
*
@@ -623,7 +623,7 @@
$ntt = get_entities('object',$subtype, $user_guid, "time_created desc", $limit, $offset,false,0,$user_guid,$timelower, $timeupper);
return $ntt;
}
-
+
/**
* Counts the objects (optionally of a particular subtype) owned by a user
*
@@ -642,7 +642,7 @@
* Displays a list of user objects of a particular subtype, with navigation.
*
* @see elgg_view_entity_list
- *
+ *
* @param int $user_guid The GUID of the user
* @param string $subtype The object subtype
* @param int $limit The number of entities to display on a page
@@ -652,16 +652,16 @@
* @return string The list in a form suitable to display
*/
function list_user_objects($user_guid, $subtype = "", $limit = 10, $fullview = true, $viewtypetoggle = true, $pagination = true, $timelower = 0, $timeupper = 0) {
-
+
$offset = (int) get_input('offset');
$limit = (int) $limit;
$count = (int) count_user_objects($user_guid, $subtype,$timelower,$timeupper);
$entities = get_user_objects($user_guid, $subtype, $limit, $offset, $timelower, $timeupper);
-
+
return elgg_view_entity_list($entities, $count, $offset, $limit, $fullview, $viewtypetoggle, $pagination);
-
+
}
-
+
/**
* Obtains a list of objects owned by a user's friends
*
@@ -681,7 +681,7 @@
}
return false;
}
-
+
/**
* Counts the number of objects owned by a user's friends
*
@@ -704,7 +704,7 @@
* Displays a list of a user's friends' objects of a particular subtype, with navigation.
*
* @see elgg_view_entity_list
- *
+ *
* @param int $user_guid The GUID of the user
* @param string $subtype The object subtype
* @param int $limit The number of entities to display on a page
@@ -713,16 +713,16 @@
* @return string The list in a form suitable to display
*/
function list_user_friends_objects($user_guid, $subtype = "", $limit = 10, $fullview = true, $viewtypetoggle = true, $pagination = true) {
-
+
$offset = (int) get_input('offset');
$limit = (int) $limit;
$count = (int) count_user_friends_objects($user_guid, $subtype);
$entities = get_user_friends_objects($user_guid, $subtype, $limit, $offset);
-
+
return elgg_view_entity_list($entities, $count, $offset, $limit, $fullview, $viewtypetoggle, $pagination);
-
+
}
-
+
/**
* Get user objects by an array of metadata
*
@@ -735,33 +735,33 @@
* @return unknown
*/
function get_user_objects_by_metadata($user_guid, $subtype = "", $metadata = array(), $limit = 0, $offset = 0) {
-
+
return get_entities_from_metadata_multi($metadata,"object",$subtype,$user_guid,$limit,$offset);
-
+
}
-
+
/**
* Get a user object from a GUID.
- *
+ *
* This function returns an ElggUser from a given GUID.
* @param int $guid The GUID
- * @return ElggUser|false
+ * @return ElggUser|false
*/
function get_user($guid)
{
if (!empty($guid)) // Fixes "Exception thrown without stack frame" when db_select fails
$result = get_entity($guid);
-
+
if ((!empty($result)) && (!($result instanceof ElggUser)))
//throw new InvalidClassException(sprintf(elgg_echo('InvalidClassException:NotValidElggStar'), $guid, 'ElggUser'));
return false;
-
+
if (!empty($result))
return $result;
-
- return false;
+
+ return false;
}
-
+
/**
* Get user by username
*
@@ -771,23 +771,23 @@
function get_user_by_username($username)
{
global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE;
-
+
$username = sanitise_string($username);
$access = get_access_sql_suffix('e');
-
+
// Caching
if ( (isset($USERNAME_TO_GUID_MAP_CACHE[$username])) && (retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username])) )
return retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username]);
-
+
$row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.username='$username' and $access ");
if ($row) {
$USERNAME_TO_GUID_MAP_CACHE[$username] = $row->guid;
return new ElggUser($row);
- }
-
+ }
+
return false;
}
-
+
/**
* Get user by session code
*
@@ -797,24 +797,24 @@
function get_user_by_code($code)
{
global $CONFIG, $CODE_TO_GUID_MAP_CACHE;
-
+
$code = sanitise_string($code);
-
+
$access = get_access_sql_suffix('e');
-
+
// Caching
if ( (isset($CODE_TO_GUID_MAP_CACHE[$code])) && (retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code])) )
return retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code]);
-
+
$row = get_data_row("SELECT e.* from {$CONFIG->dbprefix}users_entity u join {$CONFIG->dbprefix}entities e on e.guid=u.guid where u.code='$code' and $access");
if ($row) {
$CODE_TO_GUID_MAP_CACHE[$code] = $row->guid;
return new ElggUser($row);
- }
-
+ }
+
return false;
}
-
+
/**
* Get an array of users from their
*
@@ -824,16 +824,16 @@
function get_user_by_email($email)
{
global $CONFIG;
-
+
$email = sanitise_string($email);
-
+
$access = get_access_sql_suffix('e');
-
+
$query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email' and $access";
-
+
return get_data($query, 'entity_row_to_elggstar');
}
-
+
/**
* Searches for a user based on a complete or partial name or username.
*
@@ -841,31 +841,31 @@
* @param int $limit Limit of the search.
* @param int $offset Offset.
* @param string $order_by The order.
- * @param boolean $count Whether to return the count of results or just the results.
+ * @param boolean $count Whether to return the count of results or just the results.
*/
function search_for_user($criteria, $limit = 10, $offset = 0, $order_by = "", $count = false)
{
global $CONFIG;
-
+
$criteria = sanitise_string($criteria);
$limit = (int)$limit;
$offset = (int)$offset;
$order_by = sanitise_string($order_by);
-
+
$access = get_access_sql_suffix("e");
-
+
if ($order_by == "") $order_by = "e.time_created desc";
-
+
if ($count) {
$query = "SELECT count(e.guid) as total ";
} else {
- $query = "SELECT e.* ";
+ $query = "SELECT e.* ";
}
$query .= "from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where ";
// $query .= " match(u.name,u.username) against ('$criteria') ";
$query .= "(u.name like \"%{$criteria}%\" or u.username like \"%{$criteria}%\")";
$query .= " and $access";
-
+
if (!$count) {
$query .= " order by $order_by limit $offset, $limit"; // Add order and limit
return get_data($query, "entity_row_to_elggstar");
@@ -876,29 +876,29 @@
}
return false;
}
-
+
/**
* Displays a list of user objects that have been searched for.
*
* @see elgg_view_entity_list
- *
+ *
* @param string $tag Search criteria
* @param int $limit The number of entities to display on a page
* @return string The list in a form suitable to display
*/
function list_user_search($tag, $limit = 10) {
-
+
$offset = (int) get_input('offset');
$limit = (int) $limit;
$count = (int) search_for_user($tag, 10, 0, '', true);
$entities = search_for_user($tag, $limit, $offset);
-
+
return elgg_view_entity_list($entities, $count, $offset, $limit, $fullview, false);
-
+
}
-
+
/**
- * A function that returns a maximum of $limit users who have done something within the last
+ * A function that returns a maximum of $limit users who have done something within the last
* $seconds seconds.
*
* @param int $seconds Number of seconds (default 600 = 10min)
@@ -908,20 +908,20 @@
function find_active_users($seconds = 600, $limit = 10, $offset = 0)
{
global $CONFIG;
-
+
$seconds = (int)$seconds;
$limit = (int)$limit;
$offset = (int)$offset;
-
+
$time = time() - $seconds;
$access = get_access_sql_suffix("e");
-
+
$query = "SELECT distinct e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid = u.guid where u.last_action >= {$time} and $access order by u.last_action desc limit {$offset},{$limit}";
-
+
return get_data($query, "entity_row_to_elggstar");
}
-
+
/**
* Generate and send a password request email to a given user's registered email address.
*
@@ -930,9 +930,9 @@
function send_new_password_request($user_guid)
{
global $CONFIG;
-
+
$user_guid = (int)$user_guid;
-
+
$user = get_entity($user_guid);
if ($user)
{
@@ -940,50 +940,50 @@
$code = generate_random_cleartext_password();
//create_metadata($user_guid, 'conf_code', $code,'', 0, ACCESS_PRIVATE);
set_private_setting($user_guid, 'passwd_conf_code', $code);
-
+
// generate link
$link = $CONFIG->site->url . "action/user/passwordreset?u=$user_guid&c=$code";
-
+
// generate email
$email = sprintf(elgg_echo('email:resetreq:body'), $user->name, $_SERVER['REMOTE_ADDR'], $link);
-
+
return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetreq:subject'), $email, NULL, 'email');
}
-
+
return false;
}
-
+
/**
- * Low level function to reset a given user's password.
- *
+ * Low level function to reset a given user's password.
+ *
* This can only be called from execute_new_password_request().
- *
+ *
* @param int $user_guid The user.
* @param string $password password text (which will then be converted into a hash and stored)
*/
function force_user_password_reset($user_guid, $password)
{
global $CONFIG;
-
+
if (call_gatekeeper('execute_new_password_request', __FILE__))
{
$user = get_entity($user_guid);
-
+
if ($user)
{
$salt = generate_random_cleartext_password(); // Reset the salt
$user->salt = $salt;
-
+
$hash = generate_user_password($user, $password);
-
+
return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash', salt='$salt' where guid=$user_guid");
}
}
-
+
return false;
}
-
+
/**
* Validate and execute a password reset for a user.
*
@@ -993,28 +993,28 @@
function execute_new_password_request($user_guid, $conf_code)
{
global $CONFIG;
-
+
$user_guid = (int)$user_guid;
-
+
$user = get_entity($user_guid);
if (($user) && (get_private_setting($user_guid, 'passwd_conf_code') == $conf_code))
{
$password = generate_random_cleartext_password();
-
+
if (force_user_password_reset($user_guid, $password))
{
//remove_metadata($user_guid, 'conf_code');
remove_private_setting($user_guid, 'passwd_conf_code');
-
+
$email = sprintf(elgg_echo('email:resetpassword:body'), $user->name, $password);
-
+
return notify_user($user->guid, $CONFIG->site->guid, elgg_echo('email:resetpassword:subject'), $email, NULL, 'email');
}
}
-
+
return false;
}
-
+
/**
* Set the validation status for a user.
*
@@ -1025,7 +1025,7 @@
function set_user_validation_status($user_guid, $status, $method = '')
{
if (!$status) $method = '';
-
+
if ($status)
{
if (
@@ -1038,7 +1038,7 @@
{
$validated = get_metadata_byname($user_guid, 'validated');
$validated_method = get_metadata_byname($user_guid, 'validated_method');
-
+
if (
($validated) &&
($validated_method) &&
@@ -1047,15 +1047,15 @@
)
return true;
}
-
+
return false;
}
-
+
/**
* Trigger an event requesting that a user guid be validated somehow - either by email address or some other way.
*
* This event invalidates any existing values and returns
- *
+ *
* @param unknown_type $user_guid
*/
function request_user_validation($user_guid)
@@ -1066,13 +1066,13 @@
{
// invalidate any existing validations
set_user_validation_status($user_guid, false);
-
+
// request validation
trigger_elgg_event('validate', 'user', $user);
-
+
}
}
-
+
/**
* Validates an email address.
*
@@ -1082,16 +1082,16 @@
function is_email_address($address)
{
// TODO: Make this better!
-
- if (strpos($address, '@')=== false)
+
+ if (strpos($address, '@')=== false)
return false;
-
+
if (strpos($address, '.')=== false)
return false;
-
+
return true;
}
-
+
/**
* Simple function that will generate a random clear text password suitable for feeding into generate_user_password().
*
@@ -1102,10 +1102,10 @@
{
return substr(md5(microtime() . rand()), 0, 8);
}
-
+
/**
* Generate a password for a user, currently uses MD5.
- *
+ *
* Later may introduce salting etc.
*
* @param ElggUser $user The user this is being generated for.
@@ -1115,10 +1115,10 @@
{
return md5($password . $user->salt);
}
-
+
/**
* Simple function which ensures that a username contains only valid characters.
- *
+ *
* This should only permit chars that are valid on the file system as well.
*
* @param string $username
@@ -1127,17 +1127,17 @@
function validate_username($username)
{
global $CONFIG;
-
+
// Basic, check length
if (!isset($CONFIG->minusername)) {
$CONFIG->minusername = 4;
}
-
+
if (strlen($username) < $CONFIG->minusername)
throw new RegistrationException(elgg_echo('registration:usernametooshort'));
-
+
// Blacklist for bad characters (partially nicked from mediawiki)
-
+
$blacklist = '/[' .
'\x{0080}-\x{009f}' . # iso-8859-1 control chars
'\x{00a0}' . # non-breaking space
@@ -1146,22 +1146,22 @@
'\x{3000}' . # ideographic space
'\x{e000}-\x{f8ff}' . # private use
']/u';
-
+
if (
- preg_match($blacklist, $username)
+ preg_match($blacklist, $username)
)
throw new RegistrationException(elgg_echo('registration:invalidchars'));
-
+
// Belts and braces TODO: Tidy into main unicode
$blacklist2 = '/\\"\'*& ?#%^(){}[]~?<>;|¬`@-+=';
for ($n=0; $n < strlen($blacklist2); $n++)
if (strpos($username, $blacklist2[$n])!==false)
throw new RegistrationException(elgg_echo('registration:invalidchars'));
-
+
$result = true;
return trigger_plugin_hook('registeruser:validate:username', 'all', array('username' => $username), $result);
}
-
+
/**
* Simple validation of a password.
*
@@ -1171,11 +1171,11 @@
function validate_password($password)
{
if (strlen($password)<6) throw new RegistrationException(elgg_echo('registration:passwordtooshort'));
-
+
$result = true;
return trigger_plugin_hook('registeruser:validate:password', 'all', array('password' => $password), $result);
}
-
+
/**
* Simple validation of a email.
*
@@ -1186,12 +1186,12 @@
function validate_email_address($address)
{
if (!is_email_address($address)) throw new RegistrationException(elgg_echo('registration:notemail'));
-
+
// Got here, so lets try a hook (defaulting to ok)
$result = true;
return trigger_plugin_hook('registeruser:validate:email', 'all', array('email' => $address), $result);
}
-
+
/**
* Registers a user, returning false if the username already exists
*
@@ -1200,58 +1200,59 @@
* @param string $name The user's display name
* @param string $email Their email address
* @param bool $allow_multiple_emails Allow the same email address to be registered multiple times?
- * @param int $friend_guid Optionally, GUID of a user this user will friend once fully registered
+ * @param int $friend_guid Optionally, GUID of a user this user will friend once fully registered
* @return int|false The new user's GUID; false on failure
*/
function register_user($username, $password, $name, $email, $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') {
-
+
// Load the configuration
global $CONFIG;
-
+
$username = trim($username);
- $password = trim($password);
+ // no need to trim password.
+ $password = $password;
$name = trim($name);
$email = trim($email);
-
+
// A little sanity checking
if (empty($username)
|| empty($password)
|| empty($name)
|| empty($email)) {
return false;
- }
-
+ }
+
// See if it exists and is disabled
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
-
+
// Validate email address
if (!validate_email_address($email)) throw new RegistrationException(elgg_echo('registration:emailnotvalid'));
-
+
// Validate password
if (!validate_password($password)) throw new RegistrationException(elgg_echo('registration:passwordnotvalid'));
-
+
// Validate the username
if (!validate_username($username)) throw new RegistrationException(elgg_echo('registration:usernamenotvalid'));
-
+
// Check to see if $username exists already
if ($user = get_user_by_username($username)) {
//return false;
throw new RegistrationException(elgg_echo('registration:userexists'));
}
-
+
// If we're not allowed multiple emails then see if this address has been used before
if ((!$allow_multiple_emails) && (get_user_by_email($email)))
{
throw new RegistrationException(elgg_echo('registration:dupeemail'));
}
-
+
access_show_hidden_entities($access_status);
-
+
// Check to see if we've registered the first admin yet.
// If not, this is the first admin user!
$admin = datalist_get('admin_registered');
-
+
// Otherwise ...
$user = new ElggUser();
$user->username = $username;
@@ -1259,11 +1260,11 @@
$user->name = $name;
$user->access_id = ACCESS_PUBLIC;
$user->salt = generate_random_cleartext_password(); // Note salt generated before password!
- $user->password = generate_user_password($user, $password);
+ $user->password = generate_user_password($user, $password);
$user->owner_guid = 0; // Users aren't owned by anyone, even if they are admin created.
$user->container_guid = 0; // Users aren't contained by anyone, even if they are admin created.
$user->save();
-
+
// If $friend_guid has been set, make mutual friends
if ($friend_guid) {
if ($friend_user = get_user($friend_guid)) {
@@ -1273,7 +1274,7 @@
}
}
}
-
+
global $registering_admin;
if (!$admin) {
$user->admin = true;
@@ -1282,13 +1283,13 @@
} else {
$registering_admin = false;
}
-
+
// Turn on email notifications by default
set_user_notification_setting($user->getGUID(), 'email', true);
-
+
return $user->getGUID();
}
-
+
/**
* Generates a unique invite code for a user
*
@@ -1296,14 +1297,14 @@
* @return string Invite code
*/
function generate_invite_code($username) {
-
+
$secret = datalist_get('__site_secret__');
return md5($username . $secret);
-
+
}
-
+
/**
- * Adds collection submenu items
+ * Adds collection submenu items
*
*/
function collections_submenu_items() {
@@ -1312,13 +1313,13 @@
add_submenu_item(elgg_echo('friends:collections'), $CONFIG->wwwroot . "pg/collections/" . $user->username);
add_submenu_item(elgg_echo('friends:collections:add'),$CONFIG->wwwroot."pg/collections/add");
}
-
+
/**
* Page handler for friends
*
*/
function friends_page_handler($page_elements) {
-
+
if (isset($page_elements[0]) && $user = get_user_by_username($page_elements[0])) {
set_page_owner($user->getGUID());
}
@@ -1326,15 +1327,15 @@
collections_submenu_items();
}
require_once(dirname(dirname(dirname(__FILE__))) . "/friends/index.php");
-
+
}
-
+
/**
* Page handler for friends of
*
*/
function friends_of_page_handler($page_elements) {
-
+
if (isset($page_elements[0]) && $user = get_user_by_username($page_elements[0])) {
set_page_owner($user->getGUID());
}
@@ -1342,20 +1343,20 @@
collections_submenu_items();
}
require_once(dirname(dirname(dirname(__FILE__))) . "/friends/of.php");
-
+
}
-
+
/**
* Page handler for friends of
*
*/
function collections_page_handler($page_elements) {
-
+
if (isset($page_elements[0])) {
if ($page_elements[0] == "add") {
set_page_owner($_SESSION['guid']);
collections_submenu_items();
- require_once(dirname(dirname(dirname(__FILE__))) . "/friends/add.php");
+ require_once(dirname(dirname(dirname(__FILE__))) . "/friends/add.php");
} else {
if ($user = get_user_by_username($page_elements[0])) {
set_page_owner($user->getGUID());
@@ -1366,9 +1367,9 @@
}
}
}
-
+
}
-
+
/**
* Page handler for dashboard
*/
@@ -1382,34 +1383,34 @@
* @param int $user_guid The user GUID
*/
function set_last_action($user_guid) {
-
+
$user_guid = (int) $user_guid;
global $CONFIG;
$time = time();
-
+
execute_delayed_write_query("UPDATE {$CONFIG->dbprefix}users_entity set prev_last_action = last_action, last_action = {$time} where guid = {$user_guid}");
-
+
}
-
+
/**
* Sets the last logon time of the given user to right now.
*
* @param int $user_guid The user GUID
*/
function set_last_login($user_guid) {
-
+
$user_guid = (int) $user_guid;
global $CONFIG;
$time = time();
-
+
execute_delayed_write_query("UPDATE {$CONFIG->dbprefix}users_entity set prev_last_login = last_login, last_login = {$time} where guid = {$user_guid}");
-
+
}
-
+
/**
* A permissions plugin hook that grants access to users if they are newly created - allows
* for email activation.
- *
+ *
* TODO: Do this in a better way!
*
* @param unknown_type $hook
@@ -1430,96 +1431,96 @@
))
&& (!isloggedin()))
return true;
-
+
}
-
+
return $returnvalue;
}
-
+
/**
* Sets up user-related menu items
*
*/
function users_pagesetup() {
-
+
// Load config
global $CONFIG;
-
+
//add submenu options
- if (get_context() == "friends" ||
- get_context() == "friendsof" ||
+ if (get_context() == "friends" ||
+ get_context() == "friendsof" ||
get_context() == "collections") {
add_submenu_item(elgg_echo('friends'),$CONFIG->wwwroot."pg/friends/" . page_owner_entity()->username);
add_submenu_item(elgg_echo('friends:of'),$CONFIG->wwwroot."pg/friendsof/" . page_owner_entity()->username);
}
-
+
}
-
+
/**
* Users initialisation function, which establishes the page handler
*
*/
function users_init() {
-
+
// Load config
global $CONFIG;
-
+
// Set up menu for logged in users
if (isloggedin()) {
$user = get_loggedin_user();
add_menu(elgg_echo('friends'), $CONFIG->wwwroot . "pg/friends/" . $user->username);
}
-
+
register_page_handler('friends','friends_page_handler');
register_page_handler('friendsof','friends_of_page_handler');
register_page_handler('collections','collections_page_handler');
register_page_handler('dashboard','dashboard_page_handler');
register_action("register",true);
- register_action("useradd",true);
+ register_action("useradd",true);
register_action("friends/add");
- register_action("friends/remove");
+ register_action("friends/remove");
register_action('friends/addcollection');
register_action('friends/deletecollection');
- register_action('friends/editcollection');
- register_action("user/spotlight");
+ register_action('friends/editcollection');
+ register_action("user/spotlight");
register_action("usersettings/save");
-
+
register_action("user/passwordreset");
register_action("user/requestnewpassword");
-
+
// User name change
extend_elgg_settings_page('user/settings/name', 'usersettings/user', 1);
//register_action("user/name");
-
+
// User password change
extend_elgg_settings_page('user/settings/password', 'usersettings/user', 1);
//register_action("user/password");
-
+
// Add email settings
extend_elgg_settings_page('user/settings/email', 'usersettings/user', 1);
//register_action("email/save");
-
+
// Add language settings
extend_elgg_settings_page('user/settings/language', 'usersettings/user', 1);
-
+
// Add default access settings
extend_elgg_settings_page('user/settings/default_access', 'usersettings/user', 1);
-
+
//register_action("user/language");
-
+
// Register the user type
register_entity_type('user','');
-
+
register_plugin_hook('usersettings:save','user','users_settings_save');
register_plugin_hook('search','all','search_list_users_by_name');
-
-
+
+
// Handle a special case for newly created users when the user is not logged in
// TODO: handle this better!
register_plugin_hook('permissions_check','all','new_user_enable_permissions_check');
}
-
+
/**
* Returns a formatted list of users suitable for injecting into search.
*
@@ -1530,37 +1531,37 @@
$threshold = 4;
$object = get_input('object');
-
+
if (!get_input('offset') && (empty($object) || $object == 'user'))
if ($users = search_for_user($tag,$threshold)) {
-
+
$countusers = search_for_user($tag,0,0,"",true);
-
+
$return = elgg_view('user/search/startblurb',array('count' => $countusers, 'tag' => $tag));
foreach($users as $user) {
$return .= elgg_view_entity($user);
}
$return .= elgg_view('user/search/finishblurb',array('count' => $countusers, 'threshold' => $threshold, 'tag' => $tag));
return $return;
-
+
}
-
+
}
-
+
function users_settings_save() {
-
+
global $CONFIG;
include($CONFIG->path . "actions/user/name.php");
include($CONFIG->path . "actions/user/password.php");
include($CONFIG->path . "actions/email/save.php");
include($CONFIG->path . "actions/user/language.php");
include($CONFIG->path . "actions/user/default_access.php");
-
+
}
-
+
//register actions *************************************************************
-
- register_elgg_event_handler('init','system','users_init',0);
- register_elgg_event_handler('pagesetup','system','users_pagesetup',0);
-
+
+ register_elgg_event_handler('init','system','users_init',0);
+ register_elgg_event_handler('pagesetup','system','users_pagesetup',0);
+
?> \ No newline at end of file