Index: trunk/core/units/users/users_event_handler.php =================================================================== diff -u -N -r5431 -r5514 --- trunk/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 5431) +++ trunk/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 5514) @@ -12,22 +12,22 @@ $permissions = Array( // admin 'OnSetPersistantVariable' => Array('self' => 'view'), // because setting to logged in user only - + // front 'OnRefreshForm' => Array('self' => true), - + 'OnForgotPassword' => Array('self' => true), 'OnResetPassword' => Array('self' => true), 'OnResetPasswordConfirmed' => Array('self' => true), - + 'OnSubscribeQuery' => Array('self' => true), 'OnSubscribeUser' => Array('self' => true), - + 'OnRecommend' => Array('self' => true), ); $this->permMapping = array_merge($this->permMapping, $permissions); } - + /** * Checks permissions of user * @@ -39,49 +39,49 @@ // permission is checked in OnLogin event directly return true; } - + if (!$this->Application->IsAdmin()) { $user_id = $this->Application->GetVar('u_id'); $items_info = $this->Application->GetVar($event->getPrefixSpecial(true)); - + if ($event->Name == 'OnCreate' && $user_id == -2) { // "Guest" can create new users return true; } - + if ($event->Name == 'OnUpdate' && $user_id > 0) { $user_dummy =& $this->Application->recallObject($event->Prefix.'.-item', null, Array('skip_autoload' => true)); foreach ($items_info as $id => $field_values) { if ($id != $user_id) { // registered users can update their record only return false; } - + $user_dummy->Load($id); $status_field = array_shift($this->Application->getUnitOption($event->Prefix, 'StatusField')); - + if ($user_dummy->GetDBField($status_field) != STATUS_ACTIVE) { // not active user is not allowed to update his record (he could not activate himself manually) return false; } - + if (isset($field_values[$status_field]) && $user_dummy->GetDBField($status_field) != $field_values[$status_field]) { // user can't change status by himself return false; } } return true; } - + if ($event->Name == 'OnUpdate' && $user_id <= 0) { // guests are not allowed to update their record, because they don't have it :) return false; } } - + return parent::CheckPermission($event); } - + function OnSessionExpire() { if( $this->Application->IsAdmin() ) { @@ -117,7 +117,7 @@ $email_as_login = $this->Application->ConfigValue('Email_As_Login'); list($login_field, $submit_field) = $email_as_login ? Array('Email', 'email') : Array('Login', 'login'); $login_value = $this->Application->GetVar($submit_field); - + if ($this->Application->IsAdmin() && ($login_value == 'root')) { // logging in "root" (admin only) $root_password = $this->Application->ConfigValue('RootPass'); @@ -130,13 +130,13 @@ $user_id = -1; $object->Load($user_id); $object->SetDBField('Login', $login_value); - + $session =& $this->Application->recallObject('Session'); $session->SetField('PortalUserId', $user_id); // $session->SetField('GroupList', implode(',', $groups) ); $this->Application->SetVar('u_id', $user_id); $this->Application->StoreVar('user_id', $user_id); - + $this->processLoginRedirect($event, $password); return true; } @@ -146,7 +146,7 @@ return false; } } - + /*$sql = 'SELECT PortalUserId FROM '.$object->TableName.' WHERE (%s = %s) AND (Password = MD5(%s))'; $user_id = $this->Conn->GetOne( sprintf($sql, $login_field, $this->Conn->qstr($login_value), $this->Conn->qstr($password) ) );*/ @@ -187,6 +187,7 @@ } else { + $object->SetID(-2); $object->SetError('ValidateLogin', 'invalid_password', 'lu_invalid_password'); $event->status = erFAIL; } @@ -214,7 +215,7 @@ } return $ret; } - + /** * Process all required data and redirect logged-in user * @@ -223,7 +224,7 @@ function processLoginRedirect(&$event, $password) { $object =& $event->getObject(); - + $next_template = $this->Application->GetVar('next_template'); if ($next_template == '_ses_redirect') { $location = $this->Application->BaseURL().$this->Application->RecallVar($next_template); @@ -235,7 +236,7 @@ else { header('Location: '.$location); } - + $session =& $this->Application->recallObject('Session'); $session->SaveData(); exit; @@ -244,15 +245,15 @@ if ($next_template) { $event->redirect = $next_template; } - + if ($this->Application->ConfigValue('UseJSRedirect')) { $event->SetRedirectParam('js_redirect', 1); } - + $sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize'); $sync_manager->performAction('LoginUser', $object->GetDBField('Login'), $password); } - + /** * Called when user logs in using old in-portal * @@ -262,7 +263,7 @@ { $sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize'); $sync_manager->performAction('LoginUser', $event->getEventParam('user'), $event->getEventParam('pass') ); - + if ($event->redirect && is_string($event->redirect)) { // some real template specified instead of true $this->Application->Redirect($event->redirect, $event->redirect_params); @@ -368,7 +369,7 @@ /** - * When creating user & user with such email exists then force to use OnUpdate insted of OnCreate + * When creating user & user with such email exists then force to use OnUpdate insted of ? * * @param kEvent $event */ @@ -603,7 +604,7 @@ $user_email = $this->Application->GetVar('subscriber_email'); if ( preg_match("/^[_a-zA-Z0-9-\.]+@[a-zA-Z0-9-\.]+\.[a-z]{2,4}$/", $user_email) ){ - + $object = &$this->Application->recallObject($this->Prefix.'.subscriber', null, Array('skip_autoload' => true)); $this->Application->StoreVar('SubscriberEmail', $user_email); @@ -997,7 +998,7 @@ $object->IgnoreValidation = true; $object->SetFieldsFromHash($fields); } - + /** * Sets persistant variable * @@ -1006,11 +1007,11 @@ function OnSetPersistantVariable(&$event) { $object =& $event->getObject(); - + $field = $this->Application->GetVar('field'); $value = $this->Application->GetVar('value'); $object->setPersistantVar($field, $value); - + $force_tab = $this->Application->GetVar('SetTab'); if ($force_tab) { $this->Application->StoreVar('force_tab', $force_tab);