' . $ltr . ''; } else { // Output link to letter $OUT .= '' . $ltr . ''; } if ((($counter / getConfig('user_alpha')) == round($counter / getConfig('user_alpha'))) && ($counter > 0)) { $OUT .= ']
['; } elseif ( $counter != $num ) { $OUT .= '|'; } } // END - while // Prepare content $content = array ( 'colspan2' => $colspan, 'alpha_selection' => $OUT ); // Load template $OUT = loadTemplate('admin_list_user_alpha', true, $content); if ($return === true) { // Return generated code return $OUT; } else { // Output generated code outputHtml($OUT); } } // Add links for sorting function addSortLinks ($letter, $sortby, $colspan, $return=false) { $OUT = ''; if (!isGetRequestParameterSet('offset')) setGetRequestParameter('offset', 0); if (!isGetRequestParameterSet('page')) setGetRequestParameter('page' , 0); // Add page and offset $add = '&page=' . getRequestParameter('page') . '&offset=' . getRequestParameter('offset'); // Add status or mode if (isGetRequestParameterSet('status')) $add .= '&mode=' . getRequestParameter('status'); elseif (isGetRequestParameterSet('mode')) $add .= '&mode=' . getRequestParameter('mode'); // Makes order by links.. if ($letter == 'front') $letter = ''; // Prepare array with all possible sorters $list = array( 'userid' => '{--_USERID--}', 'family' => '{--FAMILY--}', 'email' => '{--EMAIL--}', 'REMOTE_ADDR' => '{--REMOTE_IP--}' ); // Add nickname if extension is installed if (isExtensionActive('nickname')) { $list['nickname'] = '{--NICKNAME--}'; } // END - if foreach ($list as $sort => $title) { if ($sortby == $sort) { $OUT .= '' . $title . '|'; } else { $OUT .= '' . $title . '|'; } } // END - foreach // Add list and colspan $content['list'] = substr($OUT, 0, -1); $content['colspan2'] = $colspan; // Load template $OUT = loadTemplate('admin_list_user_sort', true, $content); // Should we return or output? if ($return === true) { // Return code return $OUT; } else { // Output code outputHtml($OUT); } } // Add page navigation function addPageNavigation ($numPages, $offset, $showForm, $colspan, $return=false) { // @TODO These two constants are no longer used, maybe we reactivate this code? //if ($showForm === true) { // // Load form for changing number of lines // define('__FORM_HEADER', loadTemplate('admin_list_user_sort_form', true)); // define('__FORM_FOOTER', ' '); //} else { // // Empty row // define('__FORM_HEADER', ' '); // define('__FORM_FOOTER', ' '); //} $OUT = ''; for ($page = 1; $page <= $numPages; $page++) { if (($page == getRequestParameter('page')) || ((!isGetRequestParameterSet('page')) && ($page == 1))) { $OUT .= '-'; } else { if (!isGetRequestParameterSet('letter')) setGetRequestParameter('letter', ''); if (!isGetRequestParameterSet('sortby')) setGetRequestParameter('sortby', 'userid'); // Base link $OUT .= ''; } $OUT .= $page; if (($page == getRequestParameter('page')) || ((!isGetRequestParameterSet('page')) && ($page == 1))) { $OUT .= '-'; } else { $OUT .= ''; } if ($page < $numPages) $OUT .= '|'; } // END - for // Remember the list and colspan $content['list'] = $OUT; $content['colspan2'] = $colspan; // Load template $OUT = loadTemplate('admin_list_user_pagenav', true, $content); if ($return === true) { // Return code return $OUT; } else { // Output code outputHtml($OUT); } } // Create email link to user's account function generateUserEmailLink ($email, $mod = 'admin') { // Show contact link only if user is confirmed by default $locked = " AND `status`='CONFIRMED'"; // But admins shall always see it if (isAdmin()) $locked = ''; $result = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `email`='%s'" . $locked." LIMIT 1", array($email), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load userid list($userid) = SQL_FETCHROW($result); // Rewrite email address to contact link $email = '{%url=modules.php?module=' . $mod . '&what=user_contct&userid=' . bigintval($userid) . '%}'; } // END - if // Free memory SQL_FREERESULT($result); // Return rewritten (?) email address return $email; } // Selects a random user id as the new referal id if they have at least X confirmed mails in this run // @TODO Double-check configuration entry here function determineRandomReferalId () { // Default is zero refid $refid = null; // Is the extension version fine? if (isExtensionInstalledAndNewer('user', '0.3.4')) { // Get all user ids $totalUsers = countSumTotalData('CONFIRMED', 'user_data', 'userid', 'status', true, " AND `rand_confirmed` >= {?user_min_confirmed?}"); // Do we have at least one? if ($totalUsers > 0) { // Then choose random number $randNum = mt_rand(0, ($totalUsers - 1)); // Look for random user $result = SQL_QUERY_ESC("SELECT `userid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `status`='CONFIRMED' AND `rand_confirmed` >= {?user_min_confirmed?} ORDER BY `rand_confirmed` DESC LIMIT %s, 1", array($randNum), __FUNCTION__, __LINE__); // Do we have one entry there? if (SQL_NUMROWS($result) == 1) { // Use that userid as new referal id list($refid) = SQL_FETCHROW($result); // Reset all users, this makes this random referal id more challenging SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `rand_confirmed`=0", array($refid), __FUNCTION__, __LINE__); } // END - if // Free result SQL_FREERESULT($result); } // END - if } // END - if // Return result return $refid; } // Do the user login function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.php?module=index&what=login&login=') { // Init variables $dmy = ''; $add = ''; $errorCode = '0'; $ext = ''; $isFound = false; // Init array $content = array( 'password' => '', 'userid' => '', 'last_online' => 0, 'last_login' => 0, 'hash' => '' ); // Check login data if ((isExtensionActive('nickname')) && (isNicknameUsed($userid))) { // Nickname entered fetchUserData($userid, 'nickname'); } elseif (isNicknameUsed($userid)) { // No nickname installed $errorCode = getCode('EXTENSION_PROBLEM'); $ext = 'nickname'; } else { // Direct userid entered $isFound = fetchUserData($userid); } // No error found? if (($errorCode == '0') && ($isFound === true)) { // Get user data array and set userid (e.g. important if we login with nickname) $content = getUserDataArray(); if (!empty($content['userid'])) $userid = bigintval($content['userid']); } // END - if // Is there an entry? if ((isUserDataValid()) && (getUserData('status') == 'CONFIRMED') && (!empty($content['userid']))) { // Check for old MD5 passwords if ((strlen(getUserData('password')) == 32) && (md5($passwd) == getUserData('password'))) { // Just set the hash to the password from DB... :) $content['hash'] = getUserData('password'); } else { // Hash password with improved way for comparsion $content['hash'] = generateHash($passwd, substr(getUserData('password'), 0, -40)); } // Does the password match the hash? if ($content['hash'] == getUserData('password')) { // New hashed password found so let's generate a new one $content['hash'] = generateHash($passwd); // ... and update database // @TODO Make this filter working: $ADDON = runFilterChain('post_login_update', $content); SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `password`='%s' WHERE `userid`=%s AND `status`='CONFIRMED' LIMIT 1", array($content['hash'], $userid), __FUNCTION__, __LINE__); // No login bonus by default $GLOBALS['bonus_payed'] = false; // Is bonus up-to-date? if (isExtensionInstalledAndNewer('bonus', '0.2.2')) { // Probe for last online timemark $probe = time() - getUserData('last_online'); if (getUserData('last_login') > 0) { // Use timestamp from last login $probe = time() - getUserData('last_login'); } // END - if // Is the timeout reached? if ($probe >= getConfig('login_timeout')) { // Add login bonus to user's account $add = ', `login_bonus`=`login_bonus`+{?login_bonus?}'; $GLOBALS['bonus_payed'] = true; // Subtract login bonus from userid's account or jackpot if ((isExtensionInstalledAndNewer('bonus', '0.3.5')) && (getBonusMode() != 'ADD')) { handleBonusPoints('login_bonus'); } // END - if } // END - if } // END - if // @TODO Make this filter working: $url = runFilterChain('do_login', array('content' => $content, 'addon' => $ADDON)); // Set member id setMemberId($userid); // Try to set session data (which shall normally always work!) //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . $userid . ',hash=' . $content['hash'] . '(' . strlen($content['hash']) . ')'); if ((setSession('userid', $userid )) && (setSession('u_hash', encodeHashForCookie($content['hash'])))) { // Update database records SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `total_logins`=`total_logins`+1" . $add . " WHERE `userid`=%s LIMIT 1", array($userid), __FUNCTION__, __LINE__); if (!SQL_HASZEROAFFECTED()) { // Is a success URL set? if (empty($successUrl)) { // Procedure to checking for login data if (($GLOBALS['bonus_payed'] === true) && (isExtensionActive('bonus'))) { // Bonus added (just displaying!) $url = 'modules.php?module=chk_login&mode=bonus'; } else { // Bonus not added $url = 'modules.php?module=chk_login&mode=login'; } } else { // Use this URL $url = $successUrl; } } else { // Cannot update counter! $errorCode = getCode('CNTR_FAILED'); } } else { // Cookies not setable! $errorCode = getCode('COOKIES_DISABLED'); } } elseif (isExtensionInstalledAndNewer('sql_patches', '0.6.1')) { // Update failure counter SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `userid`=%s LIMIT 1", array($userid), __FUNCTION__, __LINE__); // Wrong password! $errorCode = getCode('WRONG_PASS'); } } elseif ((isUserDataValid()) && (getUserData('status') != 'CONFIRMED')) { // Create an error code from given status $errorCode = generateErrorCodeFromUserStatus(getUserData('status')); // Set userid in session setSession('current_userid', getUserData('userid')); } elseif (!isUserDataValid()) { // User id not found $errorCode = getCode('WRONG_ID'); } else { // Unknown error $errorCode = getCode('UNKNOWN_ERROR'); } // Error code provided? if ($errorCode > 0) { // Then reconstruct the URL $url = $errorUrl . $errorCode; // Extension set? Then add it as well. if (!empty($ext)) { $url .= '&ext=' . $ext; } // END - if } // END - if // Return URL return $url; } // Try to send a new password for the given user account function doNewUserPassword ($email, $userid) { // Init result and error $errorCode = ''; $result = false; // Probe userid/nickname // @TODO We should try to rewrite this to fetchUserData() somehow if (!empty($email)) { // Email entered $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `email`='%s' OR `email`='%s' LIMIT 1", array($email, str_replace('.', '{DOT}', $email)), __FUNCTION__, __LINE__); } elseif ((isExtensionActive('nickname')) && (isNicknameOrUserid($userid))) { // Nickname entered $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `nickname`='%s' OR `userid`='%s' OR `email`='%s' LIMIT 1", array($userid, $userid, $email), __FUNCTION__, __LINE__); } elseif ((isValidUserId($userid)) && (empty($email))) { // Direct userid entered $result = SQL_QUERY_ESC("SELECT `userid`, `status` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", array(bigintval($userid)), __FUNCTION__, __LINE__); } else { // Userid not set! logDebugMessage(__FUNCTION__, __LINE__, 'Userid is not set! BUG!'); $errorCode = getCode('WRONG_ID'); } // Any entry found? if (SQL_NUMROWS($result) == 1) { // This data is valid, so we create a new pass... :-) list($userid, $status) = SQL_FETCHROW($result); if ($status == 'CONFIRMED') { // Ooppps, this was missing! ;-) We should update the database... $NEW_PASS = generatePassword(); SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `password`='%s' WHERE `userid`=%s LIMIT 1", array(generateHash($NEW_PASS), $userid), __FUNCTION__, __LINE__); // Prepare data and message for email $message = loadEmailTemplate('guest_new_password', array('new_pass' => $NEW_PASS, 'nickname' => $userid), $userid); // ... and send it away sendEmail($userid, '{--GUEST_NEW_PASSWORD--}', $message); // Output note to user displayMessage('{--GUEST_NEW_PASSWORD_SEND--}'); } else { // Account is locked or unconfirmed $errorCode = generateErrorCodeFromUserStatus($status); // Load URL redirectToUrl('modules.php?module=index&what=login&login='.$errorCode); } } else { // id or email is wrong displayMessage('{--GUEST_WRONG_ID_EMAIL--}'); } // Return the error code return $errorCode; } // Get timestamp for given stats type and data function getEpocheTimeFromUserStats ($statsType, $statsData, $userid = '0') { // Default timestamp is zero $data['inserted'] = '0'; // User id set? if ((isMemberIdSet()) && ($userid == '0')) { $userid = getMemberId(); } // END - if // Is the extension installed and updated? if ((!isExtensionActive('sql_patches')) || (isExtensionInstalledAndOlder('sql_patches', '0.5.6'))) { // Return zero here return $data['inserted']; } // END - if // Try to find the entry $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`inserted`) AS inserted FROM `{?_MYSQL_PREFIX?}_user_stats_data` WHERE `userid`=%s AND `stats_type`='%s' AND `stats_data`='%s' LIMIT 1", array( bigintval($userid), $statsType, $statsData ), __FUNCTION__, __LINE__); // Is the entry there? if (SQL_NUMROWS($result) == 1) { // Get this stamp $data = SQL_FETCHARRAY($result); } // END - if // Free result SQL_FREERESULT($result); // Return stamp return $data['inserted']; } // Inserts user stats function insertUserStatsRecord ($userid, $statsType, $statsData) { // Is the extension installed and updated? if ((!isExtensionActive('sql_patches')) || (isExtensionInstalledAndOlder('sql_patches', '0.5.6'))) { // Return zero here return false; } // END - if // Does it exist? if ((!getEpocheTimeFromUserStats($statsType, $statsData, $userid)) && (!is_array($statsData))) { // Then insert it! SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_user_stats_data` (`userid`,`stats_type`,`stats_data`) VALUES (%s,'%s','%s')", array( bigintval($userid), $statsType, $statsData ), __FUNCTION__, __LINE__); } elseif (is_array($statsData)) { // Invalid data! logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . $userid . ',type=' . $statsType . ',data=' . gettype($statsData) . ': Invalid statistics data type!'); } } // Confirms a user account function doConfirmUserAccount ($hash) { // Init content $content = array( 'message' => '{--GUEST_CONFIRMED_FAILED--}', 'userid' => 0, ); // Initialize the user id $userid = '0'; // Search for an unconfirmed or confirmed account $result = SQL_QUERY_ESC("SELECT `userid`, `email`, `refid` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `user_hash`='%s' AND (`status`='UNCONFIRMED' OR `status`='CONFIRMED') LIMIT 1", array($hash), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Ok, he want's to confirm now so we load some data list($userid, $email, $refid) = SQL_FETCHROW($result); // Fetch user data if (!fetchUserData($userid)) { // Not found, should not happen debug_report_bug(__FILE__, __LINE__, 'User account ' . $userid . ' not found.'); } // END - if // Load all data and add points $content = getUserDataArray(); // Unlock his account (but only when it is on UNCONFIRMED!) SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `status`='CONFIRMED', `ref_payout`={?ref_payout?}, `user_hash`=NULL WHERE `user_hash`='%s' AND `status`='UNCONFIRMED' LIMIT 1", array($hash), __FILE__, __LINE__); // Was it updated? if (!SQL_HASZEROAFFECTED()) { // Send email if updated $message = loadEmailTemplate('guest_user_confirmed', $content, bigintval($userid)); // And send him right away the confirmation mail sendEmail($email, '{--GUEST_THANX_CONFIRM--}', $message); // Maybe he got "referaled"? if (($refid > 0) && ($refid != $userid)) { // Select the referal userid if (fetchUserData($refid)) { // Update ref counter... updateReferalCounter($refid); // If version matches add ref bonus to refid's account if ((isExtensionInstalledAndNewer('bonus', '0.4.4')) && (isBonusRallyeActive())) { // Add points (directly only!) SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `bonus_ref`=`bonus_ref`+{?bonus_ref?} WHERE `userid`=%s LIMIT 1", array(bigintval($refid)), __FILE__, __LINE__); // Subtract points from system handleBonusPoints(getConfig('bonus_ref')); } // END - if // Add one-time referal bonus over referal system or directly // @TODO Try to rewrite the following unset() unset($GLOBALS['ref_level']); addPointsThroughReferalSystem('referal_bonus', $refid, getPointsRef(), true, bigintval($userid), getConfig('reg_points_mode')); } // END - if } // END - if if (isExtensionActive('rallye')) { // Add user to rallye (or not?) addUserToReferalRallye(bigintval($userid)); } // END - if // Account confirmed! if (isExtensionActive('lead')) { // Set special lead cookie setSession('lead_userid', bigintval($userid)); // Lead-Code mode enabled redirectToUrl('lead-confirm.php'); } else { $content['message'] = '{--GUEST_CONFIRMED_DONE--}'; $content['userid'] = bigintval($userid); } } elseif (isExtensionActive('lead')) { // Set special lead cookie setSession('lead_userid', bigintval($userid)); // Lead-Code mode enabled redirectToUrl('lead-confirm.php'); } else { // Nobody was found unter this hash key... or our new member want's to confirm twice? $content['message'] = '{--GUEST_CONFIRMED_TWICE--}'; } } else { // Nobody was found unter this hash key... or our new member want's to confirm twice? $content['message'] = '{--GUEST_CONFIRMED_TWICE--}'; } // Load template displayMessage($content['message']); } // Does resend the user's confirmation link for given email address function doResendUserConfirmationLink ($email) { // Email address not registered is default message $message = '{--EMAIL_404--}'; // Confirmation link requested if (fetchUserData($email, 'email')) { // Email address found $content = getUserDataArray(); // Is the account unconfirmed? if ($content['status'] == 'UNCONFIRMED') { // Load email template $message = loadEmailTemplate('guest_request_confirm', array('hash' => $content['user_hash']), $content['userid']); // Send email sendEmail($email, '{--GUEST_REQUEST_CONFIRM_LINK_SUBJECT--}', $message); } // END - if // Create message based on the status $message = getConfirmationMessageFromUserStatus($content['status']); } // END - if // Output message displayMessage($message); } // Get a message (somewhat translation) from user status for confirmation link. // This is different to translateUserStatus() in text messages. function getConfirmationMessageFromUserStatus ($status) { // Default is 'UNKNOWN' $message = '{%message,GUEST_LOGIN_ID_UNKNOWN_STATUS=' . $status . '%}'; // Which status is it? switch ($status) { case 'UNCONFIRMED': // Account is unconfirmed // And set message $message = '{--GUEST_CONFIRM_LINK_SENT--}'; break; case 'CONFIRMED': // Account already confirmed $message = '{--GUEST_LOGIN_ID_CONFIRMED--}'; break; case 'LOCKED': // Account is locked $message = '{--GUEST_LOGIN_ID_LOCKED--}'; break; default: // This should not happen debug_report_bug(__FUNCTION__, __LINE__, 'Unknown user status ' . $status . ' detected.'); break; } // END - switch // Return message return $message; } // Expression call-back function for fetching user data function doExpressionUser ($data) { // Use current userid by default $functionName = 'getMemberId()'; // User-related data, so is there a userid? if (!empty($data['matches'][4][$data['key']])) { // Do we have a userid or $userid? if ($data['matches'][4][$data['key']] == '$userid') { // Use dynamic call $functionName = "getFetchedUserData('userid', \$userid, '" . $data['callback'] . "')"; } elseif (!empty($data['matches'][4][$data['key']])) { // User data found $functionName = "getFetchedUserData('userid', " . $data['matches'][4][$data['key']] . ", '" . $data['callback'] . "')"; } } elseif ((!empty($data['callback'])) && (isUserDataValid())) { // "Call-back" alias column for current logged in user's data $functionName = "getUserData('" . $data['callback'] . "')"; } // Do we have another function to run (e.g. translations) if (!empty($data['extra_func'])) { // Surround the original function call with it $functionName = $data['extra_func'] . '(' . $functionName . ')'; } // END - if // Generate replacer $replacer = '{DQUOTE} . ' . $functionName . ' . {DQUOTE}'; // Now replace the code $code = replaceExpressionCode($data, $replacer); // Return replaced code return $code; } // Template call-back function for list_user admin function function doTemplateAdminListUserTitle ($template, $dummy = false) { // Init title with "all accounts" $code = '{--ADMIN_LIST_ALL_ACCOUNTS--}'; // Do we have a 'status' or 'mode' set? if (isGetRequestParameterSet('status')) { // Set title according to the 'status' $code = sprintf("{--ADMIN_LIST_STATUS_%s_ACCOUNTS--}", strtoupper(getRequestParameter('status'))); } elseif (isGetRequestParameterSet('mode')) { // Set title according to the "mode" $code = sprintf("{--ADMIN_LIST_MODE_%s_ACCOUNTS--}", strtoupper(getRequestParameter('mode'))); } // Return the code return $code; } // [EOF] ?>