canEdit = $acl->acl_check( 'action', 'edit', 'users', $my->usertype, 'content', 'all' ); $access->canEditOwn = $acl->acl_check( 'action', 'edit', 'users', $my->usertype, 'content', 'own' ); require_once ( $mainframe->getPath( 'front_html' ) ); switch( $task ) { case 'saveUpload': // check to see if functionality restricted for use as demo site if ( $_VERSION->RESTRICT == 1 ) { mosRedirect( 'index.php?mosmsg=Functionality Restricted' ); } else { saveUpload( $mosConfig_dbprefix, $uid, $option, $userfile, $userfile_name, $type, $existingImage ); } break; case 'UserDetails': userEdit( $option, $my->id, _UPDATE ); break; case 'saveUserEdit': // check to see if functionality restricted for use as demo site if ( $_VERSION->RESTRICT == 1 ) { mosRedirect( 'index.php?mosmsg=Functionality Restricted' ); } else { userSave( $option, $my->id ); } break; case 'CheckIn': CheckIn( $my->id, $access, $option ); break; case 'cancel': mosRedirect( 'index.php' ); break; default: HTML_user::frontpage(); break; } function saveUpload( $_dbprefix, $uid, $option, $userfile, $userfile_name, $type, $existingImage ) { global $database; if ($uid == 0) { mosNotAuth(); return; } $base_Dir = 'images/stories/'; $checksize = filesize($userfile); if ($checksize > 50000) { header('Content-type: text/html; charset=UTF-8'); echo "\n"; } else { if (file_exists($base_Dir.$userfile_name)) { $message=_UP_EXISTS; eval ("\$message = \"$message\";"); print "\n"; } else { if ((!strcasecmp(substr($userfile_name,-4),".gif")) || (!strcasecmp(substr($userfile_name,-4),".jpg"))) { if (!move_uploaded_file($userfile, $base_Dir.$userfile_name)) { echo _UP_COPY_FAIL." $userfile_name"; } else { echo ""; if ($type=="news") { $op="UserNews"; } elseif ($type=="articles") { $op="UserArticle"; } if ($existingImage!="") { if (file_exists($base_Dir.$existingImage)) { //delete the exisiting file unlink($base_Dir.$existingImage); } } echo ""; echo ""; echo ""; echo ""; echo ""; } } else { header('Content-type: text/html; charset=UTF-8'); echo "\n"; } } } } function userEdit( $option, $uid, $submitvalue) { global $database, $mainframe; global $mosConfig_absolute_path; // security check to see if link exists in a menu $link = 'index.php?option=com_user&task=UserDetails'; $query = "SELECT id" . "\n FROM #__menu" . "\n WHERE link LIKE '%$link%'" . "\n AND published = 1" ; $database->setQuery( $query ); $exists = $database->loadResult(); if ( !$exists ) { mosNotAuth(); return; } require_once( $mosConfig_absolute_path .'/administrator/components/com_users/users.class.php' ); if ($uid == 0) { mosNotAuth(); return; } $row = new mosUser( $database ); $row->load( (int)$uid ); $row->orig_password = $row->password; $file = $mainframe->getPath( 'com_xml', 'com_users' ); $params =& new mosUserParameters( $row->params, $file, 'component' ); HTML_user::userEdit( $row, $option, $submitvalue, $params ); } function userSave( $option, $uid) { global $database, $my, $mosConfig_frontend_userparams; $user_id = intval( mosGetParam( $_POST, 'id', 0 )); // do some security checks if ($uid == 0 || $user_id == 0 || $user_id != $uid) { mosNotAuth(); return; } // simple spoof check security josSpoofCheck(); $row = new mosUser( $database ); $row->load( (int)$user_id ); $orig_password = $row->password; $orig_username = $row->username; if (!$row->bind( $_POST, 'gid usertype' )) { echo "\n"; exit(); } mosMakeHtmlSafe($row); if (isset($_POST['password']) && $_POST['password'] != '') { if (isset($_POST['verifyPass']) && ($_POST['verifyPass'] == $_POST['password'])) { $row->password = md5( $row->password ); } else { echo "\n"; exit(); } } else { // Restore 'original password' $row->password = $orig_password; } if ($mosConfig_frontend_userparams == '1' || $mosConfig_frontend_userparams == 1 || $mosConfig_frontend_userparams == NULL) { // save params $params = mosGetParam( $_POST, 'params', '' ); if (is_array( $params )) { $txt = array(); foreach ( $params as $k=>$v) { $txt[] = "$k=$v"; } $row->params = implode( "\n", $txt ); } } if (!$row->check()) { echo "\n"; exit(); } if (!$row->store()) { echo "\n"; exit(); } // check if username has been changed if ( $orig_username != $row->username ) { // change username value in session table $query = "UPDATE #__session" . "\n SET username = '$row->username'" . "\n WHERE username = '$orig_username'" . "\n AND userid = $my->id" . "\n AND gid = $my->gid" . "\n AND guest = 0" ; $database->setQuery( $query ); $database->query(); } mosRedirect( 'index.php', _USER_DETAILS_SAVE ); } function CheckIn( $userid, $access, $option ){ global $database; global $mosConfig_db; $nullDate = $database->getNullDate(); if (!($access->canEdit || $access->canEditOwn || $userid > 0)) { mosNotAuth(); return; } // security check to see if link exists in a menu $link = 'index.php?option=com_user&task=CheckIn'; $query = "SELECT id" . "\n FROM #__menu" . "\n WHERE link LIKE '%$link%'" . "\n AND published = 1" ; $database->setQuery( $query ); $exists = $database->loadResult(); if ( !$exists ) { mosNotAuth(); return; } $lt = mysql_list_tables($mosConfig_db); $k = 0; echo ""; while (list($tn) = mysql_fetch_array($lt)) { // only check in the jos_* tables if (strpos( $tn, $database->_table_prefix ) !== 0) { continue; } $lf = mysql_list_fields($mosConfig_db, "$tn"); $nf = mysql_num_fields($lf); $checked_out = false; $editor = false; for ($i = 0; $i < $nf; $i++) { $fname = mysql_field_name($lf, $i); if ( $fname == "checked_out") { $checked_out = true; } else if ( $fname == "editor") { $editor = true; } } if ($checked_out) { if ($editor) { $query = "SELECT checked_out, editor" . "\n FROM $tn" . "\n WHERE checked_out > 0" . "\n AND checked_out = $userid" ; $database->setQuery( $query ); } else { $query = "SELECT checked_out" . "\n FROM $tn" . "\n WHERE checked_out > 0" . "\n AND checked_out = $userid" ; $database->setQuery( $query ); } $res = $database->query(); $num = $database->getNumRows( $res ); if ($editor) { $query = "UPDATE $tn" . "\n SET checked_out = 0, checked_out_time = '$nullDate', editor = NULL" . "\n WHERE checked_out > 0" ; $database->setQuery( $query ); } else { $query = "UPDATE $tn" . "\n SET checked_out = 0, checked_out_time = '$nullDate'" . "\n WHERE checked_out > 0" ; $database->setQuery( $query ); } $res = $database->query(); if ($res == 1) { if ($num > 0) { echo "\n"; echo "\n "; echo "\n "; echo "\n"; } $k = 1 - $k; } } } ?>

"; echo _CHECK_TABLE; echo " - $tn	"; echo _CHECKED_IN; echo "$num"; echo _CHECKED_IN_ITEMS; echo "