Alternc  latest
Alternc logiel libre pour l'hébergement
 All Classes Namespaces Files Functions Variables Pages
m_mem Class Reference

This class manage user sessions in the web desktop. More...

Public Member Functions

 alternc_password_policy ()
 Password kind used in this class (hook for admin class) More...
 
 hook_menu ()
 hook called by the m_menu class to add menu to the left of the panel More...
 
 checkright ()
 Check that the current user is an admnistrator. More...
 
 login ($username, $password, $restrictip=0, $authip_token=false)
 Start a session in the web desktop. More...
 
 setid ($id)
 Start a session as another user from an administrator account. More...
 
 resetlast ()
 After a successful connection, reset the user's last connection date. More...
 
 authip_token ($bis=false)
 
 authip_tokencheck ($t)
 
 checkid ($show_msg=true)
 Check that the current session is correct (valid cookie) If necessary, and if we received username & password fields, create a new session for the user. More...
 
 su ($uid)
 Change the identity of the user temporarily (SUDO) More...
 
 unsu ()
 Goes back to the original identity (of an admin, usually) More...
 
 del_session ()
 Ends a session on the panel (logout) More...
 
 passwd ($oldpass, $newpass, $newpass2)
 Change the password of the current user. More...
 
 adminpref ($admlist)
 Change the administrator preferences of an admin account. More...
 
 send_pass ($login)
 Send a mail with a password to an account Note : We can ask for a password only once a day TODO : Translate this mail into the localization program. More...
 
 ChangeMail1 ($newmail)
 Change the email of an account (first step: sending of a Cookie) TODO : insert this mail string into the localization system. More...
 
 ChangeMail2 ($COOKIE, $KEY, $uid)
 Change the email of a member (second step, Cookie + key change) More...
 
 set_help_param ($show)
 Change the help parameter. More...
 
 get_help_param ()
 tell if the help parameter is set More...
 
 show_help ($file, $force=false)
 show (echo) a contextual help More...
 
 get_creator_by_uid ($uid)
 
 alternc_export_conf ()
 Exports all the personal user related information for an account. More...
 
 session_tempo_params_get ($v)
 
 session_tempo_params_set ($k, $v, $ecrase=false)
 

Public Attributes

 $olduid = 0
 Original uid for the temporary uid swapping (for administrators) More...
 
 $user
 This array contains the Tableau contenant les champs de la table "membres" du membre courant. More...
 
 $local
 contains all the fields of the "local" table for an account in AlternC. More...
 

Detailed Description

This class manage user sessions in the web desktop.

This class manage user sessions and administration in AlternC.

Definition at line 28 of file m_mem.php.

Member Function Documentation

m_mem::adminpref (   $admlist)

Change the administrator preferences of an admin account.

Parameters
integer$admlistvisualisation mode of the account list (0=large 1=short)
Returns
boolean TRUE if the preferences has been changed, FALSE if not.

Definition at line 425 of file m_mem.php.

References $cuid, $db, and $msg.

425  {
426  global $db, $msg, $cuid;
427  $msg->log("mem", "admlist");
428  if (!$this->user["su"]) {
429  $msg->raise("ERROR", "mem", _("You must be a system administrator to do this."));
430  return false;
431  }
432  $db->query("UPDATE membres SET admlist= ? WHERE uid= ?;", array($admlist, $cuid));
433  $msg->init_msgs();
434  return true;
435  }
global $db
Definition: bootstrap.php:22
$msg
Definition: config.php:155
$cuid
Definition: bootstrap.php:43
m_mem::alternc_export_conf ( )

Exports all the personal user related information for an account.

private

Definition at line 621 of file m_mem.php.

References $db, $msg, and $user.

621  {
622  global $db, $msg;
623  $msg->log("mem", "export");
624  $str = " <member>\n";
625  $users = $this->user;
626  $str.=" <uid>" . $users["uid"] . "</uid>\n";
627  $str.=" <login>" . $users["login"] . "</login>\n";
628  $str.=" <enabled>" . $users["enabled"] . "</enabled>\n";
629  $str.=" <su>" . $users["su"] . "</su>\n";
630  $str.=" <password>" . $users["pass"] . "</password>\n";
631  $str.=" <mail>" . $users["mail"] . "</mail>\n";
632  $str.=" <created>" . $users["created"] . "</created>\n";
633  $str.=" <lastip>" . $users["lastip"] . "</lastip>\n";
634  $str.=" <lastlogin>" . $users["lastlogin"] . "</lastlogin>\n";
635  $str.=" <lastfail>" . $users["lastfail"] . "</lastfail>\n";
636  $str.=" </member>\n";
637  return $str;
638  }
global $db
Definition: bootstrap.php:22
$user
This array contains the Tableau contenant les champs de la table "membres" du membre courant...
Definition: m_mem.php:36
$msg
Definition: config.php:155
m_mem::alternc_password_policy ( )

Password kind used in this class (hook for admin class)

Definition at line 48 of file m_mem.php.

48  {
49  return array("mem" => "AlternC's account password");
50  }
m_mem::authip_token (   $bis = false)

Definition at line 214 of file m_mem.php.

References $cuid, $db, and $i.

Referenced by authip_tokencheck().

214  {
215  global $db, $cuid;
216  $db->query("select pass from membres where uid= ?;", array($cuid));
217  $db->next_record();
218  $i = intval(time() / 3600);
219  if ($bis) {
220  ++$i;
221  }
222  return md5("$i--" . $db->f('pass'));
223  }
global $db
Definition: bootstrap.php:22
$i
$cuid
Definition: bootstrap.php:43
m_mem::authip_tokencheck (   $t)
Parameters
boolean$t

Definition at line 229 of file m_mem.php.

References $t, and authip_token().

Referenced by login().

229  {
230  return ($t == $this->authip_token() || $t == $this->authip_token(true));
231  }
foreach($domaines_user as $domaine) $t
authip_token($bis=false)
Definition: m_mem.php:214
m_mem::ChangeMail1 (   $newmail)

Change the email of an account (first step: sending of a Cookie) TODO : insert this mail string into the localization system.

Parameters
string$newmailNew mail we want to set for this account
Returns
boolean TRUE if the email with a link has been sent, FALSE if not

Definition at line 489 of file m_mem.php.

References $cuid, $db, $link, and $msg.

489  {
490  global $msg, $db, $L_HOSTING, $L_FQDN, $cuid;
491  $msg->log("mem", "changemail1", $newmail);
492  $db->query("SELECT * FROM membres WHERE uid= ? ;", array($cuid));
493  if (!$db->num_rows()) {
494  $msg->raise("ERROR", "mem", _("This account is locked, contact the administrator."));
495  return false;
496  }
497  $db->next_record();
498 
499  // un cookie de 20 caract�res pour le mail
500  $COOKIE = substr(md5(mt_rand().mt_rand()), 0, 20);
501  // et de 6 pour la cl� � entrer. ca me semble suffisant...
502  $KEY = substr(md5(mt_rand().mt_rand()), 0, 6);
503  $link = "https://$L_FQDN/mem_cm.php?usr=$cuid&cookie=$COOKIE&cle=$KEY";
504  $txt = sprintf(_("Hello,
505 
506 Someone (maybe you) requested an email's address modification of the account
507 %s on %s
508 To confirm your request, go to this url :
509 
510 %s
511 
512 (Warning : if this address is displayed on 2 lines, don't forgot to
513 take it on one line).
514 The panel will ask you the key given when the email address
515 modification was requested.
516 
517 If you didn't asked for this modification, it means that someone
518 did it instead of you. You can choose to ignore this message. If it happens
519 again, please contact your server's administrator.
520 
521 Cordially.
522 "), $db->f("login"), $L_HOSTING, $link);
523  mail($newmail, "Email modification request on $L_HOSTING", $txt, "From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
524 
525  $db->query("DELETE FROM chgmail WHERE uid= ? ;", array($cuid));
526  $db->query("INSERT INTO chgmail (cookie,ckey,uid,mail,ts) VALUES ( ?, ?, ?, ?, ?);", array($COOKIE, $KEY, $cuid, $newmail, time()));
527 
528  $lts = time() - 86400;
529  $db->query("DELETE FROM chgmail WHERE ts< ? ;", array($lts));
530  return $KEY;
531  }
$link
Definition: change.php:31
global $db
Definition: bootstrap.php:22
$msg
Definition: config.php:155
$cuid
Definition: bootstrap.php:43
m_mem::ChangeMail2 (   $COOKIE,
  $KEY,
  $uid 
)

Change the email of a member (second step, Cookie + key change)

Parameters
string$COOKIECookie sent by mail
string$KEYcle shown on the screen
integer$uidUser id (we may not be connected)
Returns
boolean TRUE if the email has been changed, FALSE if not.

Definition at line 541 of file m_mem.php.

References $db, $msg, and $uid.

541  {
542  global $msg, $db;
543  $msg->log("mem", "changemail2", $uid);
544  $db->query("SELECT * FROM chgmail WHERE cookie= ? and ckey= ? and uid= ?;", array($COOKIE, $KEY, $uid));
545  if (!$db->num_rows()) {
546  $msg->raise("ERROR", "mem", _("The information you entered is incorrect."));
547  return false;
548  }
549  $db->next_record();
550 
551  // met a jour le compte :
552  $db->query("UPDATE membres SET mail= ? WHERE uid = ? ;", array($db->f("mail"), $uid));
553 
554  $db->query("DELETE FROM chgmail WHERE uid= ? ;", array($uid));
555  // Supprime les cookies de la veille :)
556  $lts = time() - 86400;
557  $db->query("DELETE FROM chgmail WHERE ts< ? ;", array($lts));
558  return true;
559  }
$uid
global $db
Definition: bootstrap.php:22
$msg
Definition: config.php:155
m_mem::checkid (   $show_msg = true)

Check that the current session is correct (valid cookie) If necessary, and if we received username & password fields, create a new session for the user.

This function MUST be called by each page to authenticate the user. and BEFORE sending any data (since a cookie can be sent)

Parameters
globalstring $session the session cookie
globalstring $username & $password the login / pass of the user
Returns
boolean TRUE if the session is OK, FALSE if it is not.

Definition at line 256 of file m_mem.php.

References $_REQUEST, $cuid, $db, $msg, get_remote_ip(), login(), and panel_islocked().

256  {
257  global $db, $msg, $cuid;
258 
259  // We may go here *twice* when login fails. We prevent this with a static variable;
260  static $already=false;
261  if ($already) return false;
262  $already=true;
263 
264  if (isset($_REQUEST["username"])) {
265  if (empty($_REQUEST['password'])) {
266  $msg->raise("ERROR", "mem", _("Missing password"));
267  return false;
268  }
269  if ($_REQUEST["username"] && $_REQUEST["password"]) {
270  return $this->login($_REQUEST["username"], $_REQUEST["password"], (isset($_REQUEST["restrictip"]) ? $_REQUEST["restrictip"] : 0));
271  }
272  } // end isset
273 
274  $_COOKIE["session"] = isset($_COOKIE["session"]) ? $_COOKIE["session"] : "";
275 
276  if (strlen($_COOKIE["session"]) != 32) {
277  if ($show_msg)
278  $msg->raise("ERROR", "mem", _("Identity lost or unknown, please login"));
279  return false;
280  }
281 
282  $ip = get_remote_ip();
283  $db->query("select uid, ? as me,ip from sessions where sid= ?;", array($ip, $_COOKIE["session"]));
284  if ($db->num_rows() == 0) {
285  if ($show_msg)
286  $msg->raise("ERROR", "mem", _("Identity lost or unknown, please login"));
287  return false;
288  }
289  $db->next_record();
290  $cuid = $db->f("uid");
291 
292  if (panel_islocked() && $cuid != 2000) {
293  $msg->raise("ALERT", "mem", _("This website is currently under maintenance, login is currently disabled."));
294  return false;
295  }
296 
297  $db->query("select * from membres where uid= ? ;", array($cuid));
298  $db->next_record();
299  $this->user = $db->Record;
300 
301  /* Fills $local */
302  $db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid));
303  if ($db->num_rows()) {
304  $db->next_record();
305  $this->local = $db->Record;
306  }
307  return true;
308  }
global $db
Definition: bootstrap.php:22
$msg
Definition: config.php:155
$_REQUEST["domain_id"]
$cuid
Definition: bootstrap.php:43
get_remote_ip()
Return the remote IP.
Definition: functions.php:134
login($username, $password, $restrictip=0, $authip_token=false)
Start a session in the web desktop.
Definition: m_mem.php:85
panel_islocked()
Definition: functions.php:1147
m_mem::checkright ( )

Check that the current user is an admnistrator.

Returns
boolean TRUE if we are super user, or FALSE if we are not.

Definition at line 72 of file m_mem.php.

72  {
73  return ($this->user["su"] == "1");
74  }
m_mem::del_session ( )

Ends a session on the panel (logout)

Returns
boolean TRUE if it's okay, FALSE if it's not.

Definition at line 357 of file m_mem.php.

References $cuid, $db, $hooks, $msg, $user, and get_remote_ip().

357  {
358  global $db, $user, $msg, $cuid, $hooks;
359  $_COOKIE["session"] = isset($_COOKIE["session"]) ? $_COOKIE["session"] : '';
360  setcookie("session", "", 0, "/");
361  setcookie("oldid", "", 0, "/");
362  if ($_COOKIE["session"] == "") {
363  return true;
364  }
365  if (strlen($_COOKIE["session"]) != 32) {
366  return false;
367  }
368  $ip = get_remote_ip();
369  $db->query("select uid, ? as me,ip from sessions where sid= ? ;", array($ip, $_COOKIE["session"]));
370  if ($db->num_rows() == 0) {
371  return false;
372  }
373  $db->next_record();
374  $cuid = $db->f("uid");
375  $db->query("delete from sessions where sid= ? ;", array($_COOKIE["session"]));
376 
377  $hooks->invoke("alternc_del_session");
378 
379  session_unset();
380  @session_destroy();
381  return true;
382  }
$hooks
Definition: bootstrap.php:74
global $db
Definition: bootstrap.php:22
$user
This array contains the Tableau contenant les champs de la table "membres" du membre courant...
Definition: m_mem.php:36
$msg
Definition: config.php:155
$cuid
Definition: bootstrap.php:43
get_remote_ip()
Return the remote IP.
Definition: functions.php:134
m_mem::get_creator_by_uid (   $uid)
Parameters
integer$uid

Definition at line 606 of file m_mem.php.

References $db, $msg, and $uid.

606  {
607  global $db, $msg;
608  $msg->log("dom", "get_creator_by_uid");
609  $db->query("select creator from membres where uid = ? ;", array($uid));
610  if (!$db->next_record()) {
611  return false;
612  }
613  return intval($db->f('creator'));
614  }
$uid
global $db
Definition: bootstrap.php:22
$msg
Definition: config.php:155
m_mem::get_help_param ( )

tell if the help parameter is set

Returns
boolean TRUE if the account want online help, FALSE if not.

Definition at line 577 of file m_mem.php.

577  {
578  return $this->user["show_help"];
579  }
m_mem::hook_menu ( )

hook called by the m_menu class to add menu to the left of the panel

Definition at line 56 of file m_mem.php.

56  {
57  $obj = array(
58  'title' => _("Settings"),
59  'ico' => 'images/settings.png',
60  'link' => 'mem_param.php',
61  'pos' => 160,
62  );
63 
64  return $obj;
65  }
m_mem::login (   $username,
  $password,
  $restrictip = 0,
  $authip_token = false 
)

Start a session in the web desktop.

Check username and password. Note : If the user entered a bas password, the failure will be logged and told to the corresponding user on next successfull login.

Parameters
$usernamestring Username that want to get connected.
$passwordstring User Password.
Returns
boolean TRUE if the user has been successfully connected, or FALSE if an error occured.

Definition at line 85 of file m_mem.php.

References $_REQUEST, $authip, $cuid, $db, $msg, $password, $username, _md5cr(), authip_tokencheck(), get_remote_ip(), panel_islocked(), and resetlast().

Referenced by checkid().

85  {
86  global $db, $msg, $cuid, $authip;
87  $msg->log("mem", "login", $username);
88  if ($msg->has_msgs("ERROR")) return false;
89 
90  $db->query("select * from membres where login= ? ;", array($username));
91  if ($db->num_rows() == 0) {
92  $msg->raise("ERROR", "mem", _("User or password incorrect"));
93  return false;
94  }
95  $db->next_record();
96  if (_md5cr($password, $db->f("pass")) != $db->f("pass")) {
97  $db->query("UPDATE membres SET lastfail=lastfail+1 WHERE uid= ? ;", array($db->f("uid")));
98  $msg->raise("ERROR", "mem", _("User or password incorrect"));
99  return false;
100  }
101  if (!$db->f("enabled")) {
102  $msg->raise("ERROR", "mem", _("This account is locked, contact the administrator."));
103  return false;
104  }
105  $this->user = $db->Record;
106  $cuid = $db->f("uid");
107 
108  if (panel_islocked() && $cuid != 2000) {
109  $msg->raise("ALERT", "mem", _("This website is currently under maintenance, login is currently disabled."));
110  return false;
111  }
112 
113  // AuthIP
114  $allowed_ip = false;
115  if ($authip_token) {
116  $allowed_ip = $this->authip_tokencheck($authip_token);
117  }
118 
119  $aga = $authip->get_allowed('panel');
120  foreach ($aga as $k => $v) {
121  if ($authip->is_in_subnet(get_remote_ip(), $v['ip'], $v['subnet'])) {
122  $allowed = true;
123  }
124  }
125 
126  // Error if there is rules, the IP is not allowed and it's not in the whitelisted IP
127  if (sizeof($aga) > 1 && !$allowed_ip && !$authip->is_wl(get_remote_ip())) {
128  $msg->raise("ERROR", "mem", _("Your IP isn't allowed to connect"));
129  return false;
130  }
131  // End AuthIP
132 
133  if ($restrictip) {
134  $ip = get_remote_ip();
135  } else {
136  $ip = "";
137  }
138  /* Close sessions that are more than 2 days old. */
139  $db->query("DELETE FROM sessions WHERE DATE_ADD(ts,INTERVAL 2 DAY)<NOW();");
140  /* Delete old impersonation */
141  if (isset($_COOKIE["oldid"])) {
142  setcookie('oldid', '', 0, '/');
143  }
144  /* Open the session : */
145  $sess = md5(mt_rand().mt_rand().mt_rand());
146  $_REQUEST["session"] = $sess;
147  $db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid));
148  setcookie("session", $sess, 0, "/");
149  $msg->init_msgs();
150  /* Fill in $local */
151  $db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid));
152  if ($db->num_rows()) {
153  $db->next_record();
154  $this->local = $db->Record;
155  }
156  $this->resetlast();
157  return true;
158  }
authip_tokencheck($t)
Definition: m_mem.php:229
resetlast()
After a successful connection, reset the user's last connection date.
Definition: m_mem.php:204
global $db
Definition: bootstrap.php:22
_md5cr($pass, $salt="")
Hashe a password using proper crypto function.
Definition: functions.php:533
$msg
Definition: config.php:155
$_REQUEST["domain_id"]
$cuid
Definition: bootstrap.php:43
$authip
Definition: bootstrap.php:73
$password
Definition: bootstrap.php:85
global $username
Definition: change.php:59
get_remote_ip()
Return the remote IP.
Definition: functions.php:134
panel_islocked()
Definition: functions.php:1147
m_mem::passwd (   $oldpass,
  $newpass,
  $newpass2 
)

Change the password of the current user.

Parameters
string$oldpassOld password
string$newpassNew password
string$newpass2New password (again)
Returns
boolean TRUE if the password has been change, FALSE if not.

Definition at line 392 of file m_mem.php.

References $cuid, $db, $login, $msg, and _md5cr().

392  {
393  global $db, $msg, $cuid, $admin;
394  $msg->log("mem", "passwd");
395  if (!$this->user["canpass"]) {
396  $msg->raise("ERROR", "mem", _("You are not allowed to change your password."));
397  return false;
398  }
399  if ($this->user["pass"] != _md5cr($oldpass, $this->user["pass"])) {
400  $msg->raise("ERROR", "mem", _("The old password is incorrect"));
401  return false;
402  }
403  if ($newpass != $newpass2) {
404  $msg->raise("ERROR", "mem", _("The new passwords are differents, please retry"));
405  return false;
406  }
407  $db->query("SELECT login FROM membres WHERE uid= ? ;", array($cuid));
408  $db->next_record();
409  $login = $db->Record["login"];
410  if (!$admin->checkPolicy("mem", $login, $newpass)) {
411  return false; // The error has been raised by checkPolicy()
412  }
413  $newpass = _md5cr($newpass);
414  $db->query("UPDATE membres SET pass= ? WHERE uid= ?;", array($newpass, $cuid));
415  $msg->init_msgs();
416  return true;
417  }
$login
global $db
Definition: bootstrap.php:22
_md5cr($pass, $salt="")
Hashe a password using proper crypto function.
Definition: functions.php:533
$msg
Definition: config.php:155
$cuid
Definition: bootstrap.php:43
m_mem::resetlast ( )

After a successful connection, reset the user's last connection date.

Definition at line 204 of file m_mem.php.

References $cuid, $db, and get_remote_ip().

Referenced by login().

204  {
205  global $db, $cuid;
206  $ip = getenv("REMOTE_HOST");
207  if (!$ip) {
208  $ip = get_remote_ip();
209  }
210  $db->query("UPDATE membres SET lastlogin=NOW(), lastfail=0, lastip= ? WHERE uid= ?;", array($ip, $cuid));
211  }
global $db
Definition: bootstrap.php:22
$cuid
Definition: bootstrap.php:43
get_remote_ip()
Return the remote IP.
Definition: functions.php:134
m_mem::send_pass (   $login)

Send a mail with a password to an account Note : We can ask for a password only once a day TODO : Translate this mail into the localization program.

TODO : Check this function's !

Returns
boolean TRUE if the password has been sent, FALSE if not.

Definition at line 445 of file m_mem.php.

References $db, $login, and $msg.

445  {
446  global $msg, $db, $L_HOSTING, $L_FQDN;
447  $msg->log("mem", "send_pass");
448  $db->query("SELECT * FROM membres WHERE login= ? ;", array($login));
449  if (!$db->num_rows()) {
450  $msg->raise("ERROR", "mem", _("This account is locked, contact the administrator."));
451  return false;
452  }
453  $db->next_record();
454  if (time() - $db->f("lastaskpass") < 86400) {
455  $msg->raise("ERROR", "mem", _("The new passwords are differents, please retry"));
456  return false;
457  }
458  $txt = sprintf(_("Hello,
459 
460 You requested the modification of your password for your
461 account %s on %s
462 Here are your username and password to access the panel :
463 
464 --------------------------------------
465 
466 Username : %s
467 Password : %s
468 
469 --------------------------------------
470 
471 Note : if you didn't requested that modification, it means that
472 someone did it instead of you. You can choose to ignore this message.
473 If it happens again, please contact your server's Administrator.
474 
475 Cordially.
476 "), $login, $L_HOSTING, $db->f("login"), $db->f("pass"));
477  mail($db->f("mail"), "Your password on $L_HOSTING", $txt, "From: postmaster@$L_FQDN\nReply-to: postmaster@$L_FQDN");
478  $db->query("UPDATE membres SET lastaskpass= ? WHERE login= ? ;", array(time(), $login));
479  return true;
480  }
$login
global $db
Definition: bootstrap.php:22
$msg
Definition: config.php:155
m_mem::session_tempo_params_get (   $v)

Definition at line 640 of file m_mem.php.

References $uid.

640  {
641  global $uid;
642  if (empty($_COOKIE['session'])) {
643  return false;
644  }
645  $sid = $_COOKIE['session'];
646  if (empty($_SESSION[$sid . '-' . $uid])) { // si pas de session de params tempo
647  return false;
648  }
649  $j = $_SESSION[$sid . '-' . $uid];
650  $j = json_decode($j, true);
651  if (!empty($j[$v])) { // si on a bien qque chose a retourner :)
652  return $j[$v];
653  }
654  return false;
655  }
$uid
m_mem::session_tempo_params_set (   $k,
  $v,
  $ecrase = false 
)

Definition at line 657 of file m_mem.php.

References $p, and $uid.

657  {
658  global $uid;
659  if (empty($_COOKIE['session'])) {
660  return false;
661  }
662  $sid = $_COOKIE['session'];
663  $p = Array();
664  if (!empty($_SESSION[$sid . '-' . $uid])) {
665  $p = json_decode($_SESSION[$sid . '-' . $uid], true);
666  }
667  if (!$ecrase && (isset($p[$k]) && is_array($p[$k])) && is_array($v)) {
668  $v = array_merge($p[$k], $v); // overwrite entry with the same name
669  }
670 
671  $p[$k] = $v;
672  $_SESSION[$sid . '-' . $uid] = json_encode($p);
673  return true;
674  }
$uid
$p
Definition: bro_editor.php:46
m_mem::set_help_param (   $show)

Change the help parameter.

Parameters
integer$showShall we (1) or not (0) show the online help

Definition at line 566 of file m_mem.php.

References $cuid, $db, and $msg.

566  {
567  global $db, $msg, $cuid;
568  $msg->log("mem", "set_help_param", $show);
569  $db->query("UPDATE membres SET show_help= ? WHERE uid= ? ;", array($show, $cuid));
570  }
global $db
Definition: bootstrap.php:22
$msg
Definition: config.php:155
$cuid
Definition: bootstrap.php:43
m_mem::setid (   $id)

Start a session as another user from an administrator account.

This function is not the same as su. setid connect the current user in the destination account (for good), and su allow any user to become another account for some commands only. (del_user, add_user ...) and allow to bring back admin rights with unsu

Parameters
$idinteger User id where we will connect to.
Returns
boolean TRUE if the user has been successfully connected, FALSE else.

Definition at line 170 of file m_mem.php.

References $_REQUEST, $cuid, $db, $id, $msg, and get_remote_ip().

170  {
171  global $db, $msg, $cuid, $mysql, $quota;
172  $msg->log("mem", "setid", $id);
173  $db->query("select * from membres where uid= ? ;", array($id));
174  if ($db->num_rows() == 0) {
175  $msg->raise("ERROR", "mem", _("User or password incorrect"));
176  return false;
177  }
178  $db->next_record();
179  $this->user = $db->Record;
180  $cuid = $db->f("uid");
181  // And recreate the $db->dbus
182  $mysql->reload_dbus();
183 
184  $ip = get_remote_ip();
185  $sess = md5(mt_rand().mt_rand().mt_rand());
186  $_REQUEST["session"] = $sess;
187  $db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid));
188  setcookie("session", $sess, 0, "/");
189  $msg->init_msgs();
190  /* Fill in $local */
191  $db->query("SELECT * FROM local WHERE uid= ? ;", array($cuid));
192  if ($db->num_rows()) {
193  $db->next_record();
194  $this->local = $db->Record;
195  }
196  $quota->getquota('', true);
197  return true;
198  }
global $db
Definition: bootstrap.php:22
$msg
Definition: config.php:155
$_REQUEST["domain_id"]
$cuid
Definition: bootstrap.php:43
if(!isset($is_include)) if(!$key &&!$crt) $id
get_remote_ip()
Return the remote IP.
Definition: functions.php:134
m_mem::show_help (   $file,
  $force = false 
)

show (echo) a contextual help

Parameters
integer$fileFile number in the help system to show
Returns
boolean TRUE if the help has been shown, FALSE if not.

Definition at line 587 of file m_mem.php.

References $force.

587  {
588  if ($this->user["show_help"] || $force) {
589  $hlp = _("hlp_$file");
590  if ($hlp != "hlp_$file") {
591  $hlp = preg_replace(
592  "#HELPID_([0-9]*)#", "<a href=\"javascript:help(\\1);\"><img src=\"/aide/help.png\" width=\"17\" height=\"17\" style=\"vertical-align: middle;\" alt=\"" . _("Help") . "\" /></a>", $hlp);
593  echo "<p class=\"hlp\">" . $hlp . "</p>";
594  return true;
595  }
596  return false;
597  } else {
598  return true;
599  }
600  }
m_mem::su (   $uid)

Change the identity of the user temporarily (SUDO)

Parameters
globalstring $uid User that we want to impersonate
Returns
boolean TRUE if it's okay, FALSE if it's not.

Definition at line 316 of file m_mem.php.

References $cuid, $db, $msg, and $uid.

Referenced by unsu().

316  {
317  global $cuid, $db, $msg, $mysql;
318  if (!$this->olduid) {
319  $this->olduid = $cuid;
320  }
321  $db->query("select * from membres where uid= ? ;", array($uid));
322  if ($db->num_rows() == 0) {
323  $msg->raise("ERROR", "mem", _("User or password incorrect"));
324  return false;
325  }
326  $db->next_record();
327  $this->user = $db->Record;
328  $cuid = $db->f("uid");
329 
330  // And recreate the $db->dbus
331  $mysql->reload_dbus();
332  return true;
333  }
$uid
global $db
Definition: bootstrap.php:22
$msg
Definition: config.php:155
$cuid
Definition: bootstrap.php:43
m_mem::unsu ( )

Goes back to the original identity (of an admin, usually)

Returns
boolean TRUE if it's okay, FALSE if it's not.

Definition at line 340 of file m_mem.php.

References su().

340  {
341  global $mysql;
342  if (!$this->olduid) {
343  return false;
344  }
345  $this->su($this->olduid);
346  $this->olduid = 0;
347  // And recreate the $db->dbus
348  $mysql->reload_dbus();
349  return true;
350  }
su($uid)
Change the identity of the user temporarily (SUDO)
Definition: m_mem.php:316

Member Data Documentation

m_mem::$local

contains all the fields of the "local" table for an account in AlternC.

they are specific to the hosting provider

Definition at line 42 of file m_mem.php.

m_mem::$olduid = 0

Original uid for the temporary uid swapping (for administrators)

Definition at line 31 of file m_mem.php.

m_mem::$user

This array contains the Tableau contenant les champs de la table "membres" du membre courant.

Definition at line 36 of file m_mem.php.

Referenced by alternc_export_conf(), and del_session().


The documentation for this class was generated from the following file: