function index()
{
Loader::loadModel('User');
$oUser = new User();
$oUser->setValue('name', 'Hello World');
$this->view->data = $oUser->getValue('name');
$this->view->admin_constant = Constants::USERGROUP_ADMIN;
$this->view->fruits = array('banana', 'bonana');
}
public function myAction()
{
$currentUser = Zend_Auth::getInstance()->getStorage()->read();
$userPosts = new UserPosts($currentUser['id']);
$this->view->posts = array();
foreach ($userPosts as $postId) {
$post = new Post($postId);
$postData = $post->getValue();
$user = new User($postData['userId']);
$userData = $user->getValue();
$this->view->posts[] = array('post' => $postData, 'user' => $userData);
}
}
if (!$gCurrentUser->approveUsers()) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
// pruefen, ob Modul aufgerufen werden darf
if ($gPreferences['registration_mode'] == 0) {
$gMessage->show($gL10n->get('SYS_MODULE_DISABLED'));
}
// create user objects
$registrationUser = new UserRegistration($gDb, $gProfileFields, $getNewUserId);
if ($getUserId > 0) {
$user = new User($gDb, $gProfileFields, $getUserId);
}
if ($getMode === 1 || $getMode === 2) {
// User-Account einem existierenden Mitglied zuordnen
// Daten kopieren, aber nur, wenn noch keine Logindaten existieren
if ($user->getValue('usr_login_name') === '' && $user->getValue('usr_password') === '') {
$user->setValue('EMAIL', $registrationUser->getValue('EMAIL'));
$user->setValue('usr_login_name', $registrationUser->getValue('usr_login_name'));
$user->setPassword($registrationUser->getValue('usr_password'));
}
try {
// zuerst den neuen Usersatz loeschen, dann den alten Updaten,
// damit kein Duplicate-Key wegen dem Loginnamen entsteht
$registrationUser->notSendEmail();
$registrationUser->delete();
$user->save();
} catch (AdmException $e) {
// exception is thrown when email couldn't be send
// so save user data and then show error
$user->save();
$gMessage->setForwardUrl($gNavigation->getPreviousUrl());
require_once '../../system/login_valid.php';
require_once 'roles_functions.php';
// Initialize and check the parameters
$getUserId = admFuncVariableIsValid($_GET, 'user_id', 'int');
$getRoleId = admFuncVariableIsValid($_GET, 'rol_id', 'int');
$getMemberId = admFuncVariableIsValid($_GET, 'mem_id', 'int');
$getMode = admFuncVariableIsValid($_GET, 'mode', 'int');
// in ajax mode only return simple text on error
if ($getMode === 7) {
$gMessage->showHtmlTextOnly(true);
}
// create user object
$user = new User($gDb, $gProfileFields, $getUserId);
if ($getMode === 1) {
// Export vCard of user
$filename = $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME');
// for IE the filename must have special chars in hexadecimal
if (preg_match('/MSIE/', $_SERVER['HTTP_USER_AGENT'])) {
$filename = urlencode($filename);
}
header('Content-Type: text/x-vcard; charset=iso-8859-1');
header('Content-Disposition: attachment; filename="' . $filename . '.vcf"');
// necessary for IE, because without it the download with SSL has problems
header('Cache-Control: private');
header('Pragma: public');
// create vcard and check if user is allowed to edit profile, so he can see more data
echo $user->getVCard($gCurrentUser->hasRightEditProfile($user));
} elseif ($getMode === 2) {
// Cancel membership of role
$member = new TableMembers($gDb, $getMemberId);
$role = new TableRoles($gDb, $member->getValue('mem_rol_id'));
public function indexAction()
{
$this->view->users = array();
$users = new Users();
// just for example, better use multiget
foreach ($users as $userId) {
$user = new User($userId);
$this->view->users[] = $user->getValue();
}
$this->_setUsersIFollow();
}
$receiverName = $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME');
$message = new TableMessage($gDb, $row['msg_id']);
++$key;
$messageAdministration = $part1 . $key . '&name=' . urlencode($message->getValue('msg_subject')) . '&database_id=' . $message->getValue('msg_id') . $part2;
$table->addRowByArray(array('<a class="admidio-icon-link" ' . $href . $message->getValue('msg_id') . '">
<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/pm.png" alt="' . $gL10n->get('PMS_MESSAGE') . '" title="' . $gL10n->get('PMS_MESSAGE') . '" />', '<a ' . $href . $message->getValue('msg_id') . '">' . $message->getValue('msg_subject') . '</a>', $receiverName, $message->getValue('msg_timestamp'), $messageAdministration), 'row_message_' . $key, array('style' => 'font-weight: bold'));
}
}
// find all read or own PM messages
$statement = $modulemessages->msgGetUser($gCurrentUser->getValue('usr_id'));
if (isset($statement)) {
while ($row = $statement->fetch()) {
if ($row['msg_usr_id_sender'] == $gCurrentUser->getValue('usr_id')) {
$user = new User($gDb, $gProfileFields, $row['msg_usr_id_receiver']);
} else {
$user = new User($gDb, $gProfileFields, $row['msg_usr_id_sender']);
}
$receiverName = $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME');
$message = new TableMessage($gDb, $row['msg_id']);
++$key;
$messageAdministration = $part1 . $key . '&name=' . urlencode($message->getValue('msg_subject')) . '&database_id=' . $message->getValue('msg_id') . $part2;
$table->addRowByArray(array('<a class="admidio-icon-link" ' . $href . $message->getValue('msg_id') . '">
<img class="admidio-icon-info" src="' . THEME_PATH . '/icons/pm.png" alt="' . $gL10n->get('PMS_MESSAGE') . '" title="' . $gL10n->get('PMS_MESSAGE') . '" />', '<a ' . $href . $message->getValue('msg_id') . '">' . $message->getValue('msg_subject') . '</a>', $receiverName, $message->getValue('msg_timestamp'), $messageAdministration), 'row_message_' . $key);
}
}
// special settings for the table
$table->setDatatablesOrderColumns(array(array(4, 'desc')));
// add table to the form
$page->addHtml($table->show(false));
// add form to html page and show page
$page->show();
$emailTemplate = str_replace('#receiver#', $receiverName, $emailTemplate);
// prepare body of email with note of sender and homepage
$email->setSenderInText($postName, $receiverName);
// set Text
$email->setText($emailTemplate);
// finally send the mail
$sendResult = $email->sendEmail();
} else {
// if $postTo is not an Array, it is send from the hidden field.
if (!is_array($postTo)) {
$postTo = array($postTo);
}
// get user data from Database
$user = new User($gDb, $gProfileFields, $postTo[0]);
// check if it is allowed to send to this user
if (!$gCurrentUser->editUsers() && !isMember($user->getValue('usr_id')) || $user->getValue('usr_id') === '') {
$gMessage->show($gL10n->get('SYS_USER_ID_NOT_FOUND'));
}
// check if receiver of message has valid login
if ($user->getValue('usr_login_name') === '') {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_TO')));
}
// save page in navigation - to have a check for a navigation back.
$gNavigation->addUrl(CURRENT_URL);
if ($getMsgId == 0) {
$PMId2 = 1;
$sql = "INSERT INTO " . TBL_MESSAGES . " (msg_type, msg_subject, msg_usr_id_sender, msg_usr_id_receiver, msg_timestamp, msg_read)\n VALUES ('" . $getMsgType . "', '" . $postSubjectSQL . "', '" . $gCurrentUser->getValue('usr_id') . "', '" . $postTo[0] . "', CURRENT_TIMESTAMP, '1')";
$gDb->query($sql);
$getMsgId = $gDb->lastInsertId();
} else {
$PMId2 = $message->countMessageParts() + 1;
***********************************************************************************************
*/
require_once '../../system/common.php';
require_once '../../system/login_valid.php';
// calculate default date from which the profile fields history should be shown
$filterDateFrom = new DateTimeExtended(DATE_NOW, 'Y-m-d');
$filterDateFrom->modify('-' . $gPreferences['members_days_field_history'] . ' day');
// Initialize and check the parameters
$getUserId = admFuncVariableIsValid($_GET, 'usr_id', 'int');
$getDateFrom = admFuncVariableIsValid($_GET, 'filter_date_from', 'date', array('defaultValue' => $filterDateFrom->format($gPreferences['system_date'])));
$getDateTo = admFuncVariableIsValid($_GET, 'filter_date_to', 'date', array('defaultValue' => DATE_NOW));
// create a user object from the user parameter
$user = new User($gDb, $gProfileFields, $getUserId);
// set headline of the script
if ($getUserId > 0) {
$headline = $gL10n->get('MEM_CHANGE_HISTORY_OF', $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME'));
} else {
$headline = $gL10n->get('MEM_CHANGE_HISTORY');
}
// Initialize local parameteres
$sqlConditions = '';
// if profile log is activated and current user is allowed to edit users
// then the profile field history will be shown otherwise show error
if ($gPreferences['profile_log_edit_fields'] == 0 || $getUserId === 0 && !$gCurrentUser->editUsers() || $getUserId > 0 && !$gCurrentUser->hasRightEditProfile($user)) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
// add page to navigation history
$gNavigation->addUrl(CURRENT_URL, $headline);
// filter_date_from and filter_date_to can have different formats
// now we try to get a default format for intern use and html output
$objDateFrom = DateTime::createFromFormat('Y-m-d', $getDateFrom);
$sql = "UPDATE " . TBL_MESSAGES_CONTENT . " SET msc_part_id = msc_part_id - 50 WHERE msc_msg_id = '" . $msg_id . "'";
$gDb->query($sql);
$postLines = $postLines - 50;
$MsgId = $MsgId - 50;
}
if ($postLines == $MsgId) {
$log['state'] = $postLines;
$log['text'] = false;
} else {
$text = array();
$sql = "SELECT msc_part_id, msc_usr_id, msc_message, msc_timestamp\n FROM " . TBL_MESSAGES_CONTENT . "\n WHERE msc_msg_id = '" . $msg_id . "'\n AND msc_part_id > " . $postLines . "\n ORDER BY msc_part_id";
$statement = $gDb->query($sql);
while ($row = $statement->fetch()) {
$user = new User($gDb, $gProfileFields, $row['msc_usr_id']);
$date = new DateTimeExtended($row['msc_timestamp'], 'Y-m-d H:i:s');
$text[] = '<time>' . $date->format($gPreferences['system_date'] . ' ' . $gPreferences['system_time']) . '</time><span>' . $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME') . '</span>' . $row['msc_message'];
}
$log['state'] = $MsgId;
$log['text'] = $text;
}
break;
case 'send':
$reg_exUrl = '/^(http|ftp)s?\\:\\/\\/[\\da-zA-Z\\-\\.]+\\.[a-zA-Z]{2,6}(\\/\\S*)?/';
if ($postMessage !== "\n") {
if (preg_match($reg_exUrl, $postMessage, $url)) {
$postMessage = preg_replace($reg_exUrl, '<a href="' . $url[0] . '" target="_blank">' . $url[0] . '</a>', $postMessage);
}
}
if ($MsgId == 0) {
$sql = "INSERT INTO " . TBL_MESSAGES . " (msg_type, msg_subject, msg_usr_id_sender, msg_usr_id_receiver, msg_timestamp, msg_read)\n VALUES ('CHAT', 'DUMMY', '1', '" . $MsgId . "', CURRENT_TIMESTAMP, '0')";
$gDb->query($sql);
$getNewUserId = admFuncVariableIsValid($_GET, 'new_user_id', 'numeric', array('requireValue' => true));
// nur Webmaster duerfen User zuordnen, ansonsten Seite verlassen
if ($gCurrentUser->approveUsers() == false) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
// pruefen, ob Modul aufgerufen werden darf
if ($gPreferences['registration_mode'] == 0) {
$gMessage->show($gL10n->get('SYS_MODULE_DISABLED'));
}
// set headline of the script
$headline = $gL10n->get('NWU_ASSIGN_REGISTRATION');
// create user object for new user
$new_user = new User($gDb, $gProfileFields, $getNewUserId);
// search for users with similar names (SQL function SOUNDEX only available in MySQL)
if ($gPreferences['system_search_similar'] == 1 && $gDbType == 'mysql') {
$sql_similar_name = '( ( SUBSTRING(SOUNDEX(last_name.usd_value), 1, 4) LIKE SUBSTRING(SOUNDEX(\'' . $new_user->getValue('LAST_NAME') . '\'), 1, 4)
AND SUBSTRING(SOUNDEX(first_name.usd_value), 1, 4) LIKE SUBSTRING(SOUNDEX(\'' . $new_user->getValue('FIRST_NAME') . '\'), 1, 4) )
OR ( SUBSTRING(SOUNDEX(last_name.usd_value), 1, 4) LIKE SUBSTRING(SOUNDEX(\'' . $new_user->getValue('FIRST_NAME') . '\'), 1, 4)
AND SUBSTRING(SOUNDEX(first_name.usd_value), 1, 4) LIKE SUBSTRING(SOUNDEX(\'' . $new_user->getValue('LAST_NAME') . '\'), 1, 4) ) )';
} else {
$sql_similar_name = '( ( last_name.usd_value LIKE \'' . $new_user->getValue('LAST_NAME') . '\'
AND first_name.usd_value LIKE \'' . $new_user->getValue('FIRST_NAME') . '\')
OR ( last_name.usd_value LIKE \'' . $new_user->getValue('FIRST_NAME') . '\'
AND first_name.usd_value LIKE \'' . $new_user->getValue('LAST_NAME') . '\') )';
}
// alle User aus der DB selektieren, die denselben Vor- und Nachnamen haben
$sql = 'SELECT usr_id, usr_login_name, last_name.usd_value as last_name,
first_name.usd_value as first_name, address.usd_value as address,
zip_code.usd_value as zip_code, city.usd_value as city,
email.usd_value as email
FROM ' . TBL_USERS . '
if (strpos($receivers, '|') == true) {
$reciversplit = explode('|', $receivers);
foreach ($reciversplit as $value) {
if (strpos($value, ':') == true) {
$ReceiverName .= "; " . $modulemessages->msgGroupNameSplit($value);
} else {
$user = new User($gDb, $gProfileFields, $value);
$ReceiverName .= "; " . $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME');
}
}
} else {
if (strpos($receivers, ':') == true) {
$ReceiverName .= "; " . $modulemessages->msgGroupNameSplit($receivers);
} else {
$user = new User($gDb, $gProfileFields, $receivers);
$ReceiverName .= "; " . $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME');
}
}
$ReceiverName = '<div class="panel-footer">' . $gL10n->get('MSG_OPPOSITE') . ': ' . substr($ReceiverName, 2) . '</div>';
}
$date = new DateTimeExtended($row['msc_timestamp'], 'Y-m-d H:i:s');
$page->addHtml('
<div class="panel panel-default">
<div class="panel-heading">
<div class="row">
<div class="col-sm-8">
<img class="admidio-panel-heading-icon" src="' . THEME_PATH . '/icons/guestbook.png" alt="' . $sentUser . '" />' . $sentUser . '
</div>
<div class="col-sm-4 text-right">' . $date->format($gPreferences['system_date'] . ' ' . $gPreferences['system_time']) . '</div>
</div>
</div>
$emailTemplate = str_replace("#receiver#", $ReceiverName, $emailTemplate);
// prepare body of email with note of sender and homepage
$email->setSenderInText($postName, $postFrom, $ReceiverName);
// set Text
$email->setText($emailTemplate);
// finally send the mail
$sendResult = $email->sendEmail();
} else {
// if $postTo is not an Array, it is send from the hidden field.
if (!is_array($postTo)) {
$postTo = array($postTo);
}
// get user data from Database
$user = new User($gDb, $gProfileFields, $postTo[0]);
// check if it is allowed to send to this user
if ($gCurrentUser->editUsers() == false && isMember($user->getValue('usr_id')) == false || strlen($user->getValue('usr_id')) == 0) {
$gMessage->show($gL10n->get('SYS_USER_ID_NOT_FOUND'));
}
// check if receiver of message has valid login
if (strlen($user->getValue('usr_login_name')) == 0) {
$gMessage->show($gL10n->get('SYS_FIELD_EMPTY', $gL10n->get('SYS_TO')));
}
// save page in navigation - to have a check for a navigation back.
$gNavigation->addUrl(CURRENT_URL);
if ($getMsgId == 0) {
$PMId2 = 1;
$sql = "INSERT INTO " . TBL_MESSAGES . " (msg_type, msg_subject, msg_usr_id_sender, msg_usr_id_receiver, msg_timestamp, msg_read)\r\n VALUES ('" . $getMsgType . "', '" . $postSubjectSQL . "', '" . $gCurrentUser->getValue('usr_id') . "', '" . $postTo[0] . "', CURRENT_TIMESTAMP, '1')";
$gDb->query($sql);
$getMsgId = $gDb->insert_id();
} else {
$PMId2 = $message->countMessageParts() + 1;
AND usr_valid = 1
AND LENGTH(usr_login_name) > 0
GROUP BY usr_id';
$result = $gDb->query($sql);
$count = $gDb->num_rows();
// show error if no user found or more than one user found
if ($count === 0) {
$gMessage->show($gL10n->get('SYS_LOSTPW_EMAIL_ERROR', $_POST['recipient_email']));
} elseif ($count > 1) {
$gMessage->show($gL10n->get('SYS_LOSTPW_SEVERAL_EMAIL', $_POST['recipient_email']));
}
$row = $gDb->fetch_array($result);
$user = new User($gDb, $gProfileFields, $row['usr_id']);
// create and save new password and activation id
$newPassword = substr(md5(time()), 0, 8);
$activationId = substr(md5(uniqid($user->getValue('EMAIL') . time())), 0, 10);
$user->setValue('usr_new_password', $newPassword);
$user->setValue('usr_activation_code', $activationId);
$sysmail = new SystemMail($gDb);
$sysmail->addRecipient($user->getValue('EMAIL'), $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME'));
$sysmail->setVariable(1, $newPassword);
$sysmail->setVariable(2, $g_root_path . '/adm_program/system/password_activation.php?usr_id=' . $user->getValue('usr_id') . '&aid=' . $activationId);
$sysmail->sendSystemMail('SYSMAIL_ACTIVATION_LINK', $user);
$user->saveChangesWithoutRights();
$user->save();
$gMessage->setForwardUrl($g_root_path . '/adm_program/system/login.php');
$gMessage->show($gL10n->get('SYS_LOSTPW_SEND', $_POST['recipient_email']));
} catch (AdmException $e) {
$e->showHtml();
}
} else {
/**
* Get the list of specific group members.
*
* @param int $groupID Group ID.
* @return array
*/
public function getMembers($groupID)
{
$result = [];
$members = $this->dbh->getColumn('user_user_groups', 'u_id', ['group_id' => $groupID]);
if (is_array($members)) {
foreach ($members as $memberID) {
$member = new User($memberID);
if ($member->getValue('u_is_active') == 1) {
$result[] = $member;
}
}
}
return $result;
}
* usr_id : id of user whose photo should be changed
* new_photo : 0 (Default) show current stored user photo
* 1 show uploaded photo of current session
*
*****************************************************************************/
require '../../system/common.php';
require '../../system/login_valid.php';
// Initialize and check the parameters
$getUserId = admFuncVariableIsValid($_GET, 'usr_id', 'numeric', array('requireValue' => true));
$getNewPhoto = admFuncVariableIsValid($_GET, 'new_photo', 'boolean');
// lokale Variablen der Uebergabevariablen initialisieren
$image = null;
$picpath = THEME_SERVER_PATH . '/images/no_profile_pic.png';
// read user data and show error if user doesn't exists
$user = new User($gDb, $gProfileFields, $getUserId);
if ($user->getValue('usr_id') == 0) {
$gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW'));
}
//Testen ob Recht besteht Profil einzusehn
if (!$gCurrentUser->hasRightViewProfile($user)) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
//Foto aus adm_my_files
if ($gPreferences['profile_photo_storage'] == 1 && $getNewPhoto == 0) {
if (file_exists(SERVER_PATH . '/adm_my_files/user_profile_photos/' . $getUserId . '.jpg')) {
$picpath = SERVER_PATH . '/adm_my_files/user_profile_photos/' . $getUserId . '.jpg';
}
$image = new Image($picpath);
} elseif ($gPreferences['profile_photo_storage'] == 0 && $getNewPhoto == 0) {
if (strlen($user->getValue('usr_photo')) != NULL) {
$image = new Image();
<?php
/**
***********************************************************************************************
* Show user photo
*
* @copyright 2004-2015 The Admidio Team
* @see http://www.admidio.org/
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License v2.0 only
*
* Parameters:
*
* usr_id : Id of the user whose photo should be shown
***********************************************************************************************
*/
require_once '../../system/common.php';
require_once '../../system/login_valid.php';
$getUserId = admFuncVariableIsValid($_GET, 'usr_id', 'numeric', array('requireValue' => true, 'directOutput' => true));
$user = new User($gDb, $gProfileFields, $getUserId);
$userPhoto = $user->getValue('usr_photo');
// if user has no photo or current user is not allowed to see photos then show default photo
if (strlen($userPhoto) == 0 || !$gCurrentUser->hasRightViewProfile($user)) {
header('Content-Type: image/png');
echo readfile(THEME_SERVER_PATH . '/images/no_profile_pic.png');
} else {
header('Content-Type: image/jpeg');
echo $userPhoto;
}
AND first_name.usd_value = \'' . $user->getValue('FIRST_NAME') . '\'
WHERE usr_valid = 1 ';
$result = $gDb->query($sql);
$rowDuplicateUser = $gDb->fetch_array($result);
if ($rowDuplicateUser['usr_id'] > 0) {
$duplicate_user = new User($gDb, $gProfileFields, $rowDuplicateUser['usr_id']);
}
if ($rowDuplicateUser['usr_id'] > 0) {
if ($_SESSION['user_import_mode'] == USER_IMPORT_DISPLACE) {
// delete all user data of profile fields
$duplicate_user->deleteUserFieldData();
}
if ($_SESSION['user_import_mode'] == USER_IMPORT_COMPLETE || $_SESSION['user_import_mode'] == USER_IMPORT_DISPLACE) {
// edit data of user, if user already exists
foreach ($importedFields as $key => $field_name_intern) {
if ($duplicate_user->getValue($field_name_intern) != $user->getValue($field_name_intern)) {
if ($gProfileFields->getProperty($field_name_intern, 'usf_type') == 'DATE') {
// the date must be formated
$duplicate_user->setValue($field_name_intern, $user->getValue($field_name_intern, $gPreferences['system_date']));
} elseif ($field_name_intern == 'COUNTRY') {
// we need the iso-code and not the name of the country
$duplicate_user->setValue($field_name_intern, $gL10n->getCountryByName($user->getValue($field_name_intern)));
} elseif ($gProfileFields->getProperty($field_name_intern, 'usf_type') == 'DROPDOWN' || $gProfileFields->getProperty($field_name_intern, 'usf_type') == 'RADIO_BUTTON') {
// get number and not value of entry
$duplicate_user->setValue($field_name_intern, $user->getValue($field_name_intern, 'database'));
} else {
$duplicate_user->setValue($field_name_intern, $user->getValue($field_name_intern));
}
}
}
$user = $duplicate_user;
if ($gCurrentUser->approveUsers() == false) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
// pruefen, ob Modul aufgerufen werden darf
if ($gPreferences['registration_mode'] == 0) {
$gMessage->show($gL10n->get('SYS_MODULE_DISABLED'));
}
// create user objects
$registrationUser = new UserRegistration($gDb, $gProfileFields, $getNewUserId);
if ($getUserId > 0) {
$user = new User($gDb, $gProfileFields, $getUserId);
}
if ($getMode == 1 || $getMode == 2) {
// User-Account einem existierenden Mitglied zuordnen
// Daten kopieren, aber nur, wenn noch keine Logindaten existieren
if (strlen($user->getValue('usr_login_name')) == 0 && strlen($user->getValue('usr_password')) == 0) {
$user->setValue('EMAIL', $registrationUser->getValue('EMAIL'));
$user->setValue('usr_login_name', $registrationUser->getValue('usr_login_name'));
$user->setValue('usr_password', $registrationUser->getValue('usr_password'));
}
try {
// zuerst den neuen Usersatz loeschen, dann den alten Updaten,
// damit kein Duplicate-Key wegen dem Loginnamen entsteht
$registrationUser->notSendEmail();
$registrationUser->delete();
$user->save();
} catch (AdmException $e) {
// exception is thrown when email couldn't be send
// so save user data and then show error
$user->save();
$gMessage->setForwardUrl($gNavigation->getPreviousUrl());
*
*****************************************************************************/
require_once '../../system/common.php';
require_once '../../system/login_valid.php';
// Initialize and check the parameters
$getUserId = admFuncVariableIsValid($_GET, 'usr_id', 'numeric');
$getNewUser = admFuncVariableIsValid($_GET, 'new_user', 'numeric');
$getInline = admFuncVariableIsValid($_GET, 'inline', 'boolean');
$html = '';
// if user is allowed to assign at least one role then allow access
if (!$gCurrentUser->assignRoles()) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
$user = new User($gDb, $gProfileFields, $getUserId);
// set headline of the script
$headline = $gL10n->get('ROL_ROLE_ASSIGNMENT', $user->getValue('FIRST_NAME'), $user->getValue('LAST_NAME'));
if ($getInline == 0) {
$gNavigation->addUrl(CURRENT_URL, $headline);
}
// Testen ob Feste Rolle gesetzt ist
if (isset($_SESSION['set_rol_id'])) {
$setRoleId = $_SESSION['set_rol_id'];
unset($_SESSION['set_rol_id']);
} else {
$setRoleId = null;
}
if ($getInline == true) {
header('Content-type: text/html; charset=utf-8');
$html .= '<script type="text/javascript"><!--
$(document).ready(function() {
$(".admidio-group-heading").click(function() { showHideBlock($(this).attr("id")); });
}
// only show download if user has rights to view folder
if ($errorCode !== 'DOW_FOLDER_NO_RIGHTS') {
// Ermittlung der Dateiendung
$fileExtension = mb_strtolower(substr($plg_row->fil_name, strrpos($plg_row->fil_name, '.') + 1), 'UTF-8');
// Auszugebendes Icon ermitteln
$iconFile = 'page_white_question.png';
if (array_key_exists($fileExtension, $icon_file_extension)) {
$iconFile = $icon_file_extension[$fileExtension];
}
// if set in config file then show timestamp of file upload
if ($plg_show_upload_timestamp) {
// Vorname und Nachname abfragen (Upload der Datei)
$mein_user = new User($gDb, $gProfileFields, $plg_row->fil_usr_id);
$timestampHtml = '<img class="admidio-icon-info" data-html="true" src="' . THEME_PATH . '/icons/info.png" alt="' . $gL10n->get('SYS_FILE') . '"
title="' . $plg_row->fil_timestamp . ',<br />' . $mein_user->getValue('FIRST_NAME') . ' ' . $mein_user->getValue('LAST_NAME') . '" />';
}
echo '
<a class="btn ' . $plg_link_class_downl . '" href="' . $g_root_path . '/adm_program/modules/downloads/get_file.php?file_id=' . $plg_row->fil_id . '"><img
src="' . THEME_PATH . '/icons/' . $iconFile . '" alt="' . $plg_row->fol_path . '/' . $plg_row->fol_name . '/"
title="' . $plg_row->fol_path . '/' . $plg_row->fol_name . '/" />' . $plg_row->fil_name . $timestampHtml . '</a>';
++$anzahl;
if ($anzahl == $plg_downloads_count) {
break;
}
}
}
echo '</div>';
if ($anzahl == 0) {
echo $gL10n->get('PLG_DOWNLOADS_NO_DOWNLOADS_AVAILABLE');
}
INNER JOIN ' . TBL_CATEGORIES . '
ON cat_id = rol_cat_id
WHERE rol_valid = 1
AND ( cat_org_id = ' . $gCurrentOrganization->getValue('org_id') . '
OR cat_org_id IS NULL )
AND mem_begin <= \'' . DATE_NOW . '\'
AND mem_end > \'' . DATE_NOW . '\'
AND mem_usr_id = ' . $getUserId;
$mglStatement = $gDb->query($sql);
while ($row = $mglStatement->fetch()) {
// alle Rollen der aktuellen Gliedgemeinschaft auf ungueltig setzen
$member->setArray($row);
$member->stopMembership($row['mem_rol_id'], $row['mem_usr_id']);
}
$gMessage->setForwardUrl($gNavigation->getUrl(), 2000);
$gMessage->show($gL10n->get('MEM_REMOVE_MEMBERSHIP_OK', $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME'), $gCurrentOrganization->getValue('org_longname')));
} elseif ($getMode === 3) {
// User aus der Datenbank loeschen
// nur Webmaster duerfen dies
if (!$gCurrentUser->isWebmaster()) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
// User darf in keiner anderen Orga aktiv sein
// kein Suizid ermoeglichen
if ($otherOrgaCount > 0 || $gCurrentUser->getValue('usr_id') == $getUserId) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
$phrase = $gL10n->get('SYS_DELETE_DATA');
// User aus der Admidio Datenbank loeschen
$user->delete();
} elseif ($getMode === 4) {
require_once '../../system/common.php';
require_once '../../system/login_valid.php';
header('Content-type: text/html; charset=utf-8');
// Initialize and check the parameters
$getUserId = admFuncVariableIsValid($_GET, 'usr_id', 'int', array('requireValue' => true));
$getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'html', 'validValues' => array('html', 'change')));
// in ajax mode only return simple text on error
if ($getMode === 'change') {
$gMessage->showHtmlTextOnly(true);
} else {
$gMessage->showInModaleWindow();
}
$user = new User($gDb, $gProfileFields, $getUserId);
// only the own password could be individual set.
// Webmaster could only send a generated password or set a password if no password was set before
if (!isMember($getUserId) || !$gCurrentUser->isWebmaster() && $gCurrentUser->getValue('usr_id') != $getUserId || $gCurrentUser->isWebmaster() && $user->getValue('usr_password') !== '' && $user->getValue('EMAIL') === '' && $gPreferences['enable_system_mails'] == 1) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
if ($getMode === 'change') {
if ($gCurrentUser->isWebmaster() && $gCurrentUser->getValue('usr_id') != $getUserId) {
$oldPassword = '';
} else {
$oldPassword = $_POST['old_password'];
}
$newPassword = $_POST['new_password'];
$newPasswordConfirm = $_POST['new_password_confirm'];
/***********************************************************************/
/* Handle form input */
/***********************************************************************/
if (($oldPassword !== '' || $gCurrentUser->isWebmaster()) && $newPassword !== '' && $newPasswordConfirm !== '') {
if (strlen($newPassword) >= 8) {
/**
* Creates a html fragment with information about user and time when the recordset was created
* and when it was at last edited. Therefore all necessary data must be set in the function
* parameters. If userid is not set then the function will show @b deleted @b user.
* @param int $userIdCreated Id of the user who create the recordset.
* @param string $timestampCreate Date and time of the moment when the user create the recordset.
* @param int $userIdEdited Id of the user last changed the recordset.
* @param string $timestampEdited Date and time of the moment when the user last changed the recordset
* @return string Returns a html string with usernames who creates item and edit item the last time
*/
function admFuncShowCreateChangeInfoById($userIdCreated, $timestampCreate, $userIdEdited, $timestampEdited)
{
global $gDb, $gProfileFields, $gL10n, $gPreferences;
// only show info if system setting is activated
if ($gPreferences['system_show_create_edit'] > 0) {
$htmlCreateName = '';
$htmlEditName = '';
// compose name of user who create the recordset
if ($timestampCreate !== '') {
if ($userIdCreated > 0) {
$userCreate = new User($gDb, $gProfileFields, $userIdCreated);
if ($gPreferences['system_show_create_edit'] == 1) {
$htmlCreateName = $userCreate->getValue('FIRST_NAME') . ' ' . $userCreate->getValue('LAST_NAME');
} else {
$htmlCreateName = $userCreate->getValue('usr_login_name');
}
} else {
$htmlCreateName = $gL10n->get('SYS_DELETED_USER');
}
}
// compose name of user who edit the recordset
if ($timestampEdited !== '') {
if ($userIdEdited > 0) {
$userEdit = new User($gDb, $gProfileFields, $userIdEdited);
if ($gPreferences['system_show_create_edit'] == 1) {
$htmlEditName = $userEdit->getValue('FIRST_NAME') . ' ' . $userEdit->getValue('LAST_NAME');
} else {
$htmlEditName = $userEdit->getValue('usr_login_name');
}
} else {
$htmlEditName = $gL10n->get('SYS_DELETED_USER');
}
}
if ($htmlCreateName !== '' || $htmlEditName !== '') {
// get html output from other function
return admFuncShowCreateChangeInfoByName($htmlCreateName, $timestampCreate, $htmlEditName, $timestampEdited, $userIdCreated, $userIdEdited);
}
}
return '';
}
$_SESSION['photo_album'] = $photo_album;
}
// pruefen, ob Album zur aktuellen Organisation gehoert
if ($getPhotoId > 0 && $photo_album->getValue('pho_org_id') != $gCurrentOrganization->getValue('org_id')) {
$gMessage->show($gL10n->get('SYS_INVALID_PAGE_VIEW'));
}
if ($gValidLogin && strlen($gCurrentUser->getValue('EMAIL')) === 0) {
// der eingeloggte Benutzer hat in seinem Profil keine gueltige Mailadresse hinterlegt,
// die als Absender genutzt werden kann...
$gMessage->show($gL10n->get('SYS_CURRENT_USER_NO_EMAIL', '<a href="' . $g_root_path . '/adm_program/modules/profile/profile.php">', '</a>'));
}
if ($getUserId > 0) {
// usr_id wurde uebergeben, dann Kontaktdaten des Users aus der DB fischen
$user = new User($gDb, $gProfileFields, $getUserId);
// darf auf die User-Id zugegriffen werden
if (!$gCurrentUser->editUsers() && !isMember($user->getValue('usr_id')) || strlen($user->getValue('usr_id')) === 0) {
$gMessage->show($gL10n->get('SYS_USER_ID_NOT_FOUND'));
}
// besitzt der User eine gueltige E-Mail-Adresse
if (!strValidCharacters($user->getValue('EMAIL'), 'email')) {
$gMessage->show($gL10n->get('SYS_USER_NO_EMAIL', $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME')));
}
}
if (isset($_SESSION['ecard_request'])) {
// if user is returned to this form after he submit it,
// then try to restore all values that he has entered before
$template = $_SESSION['ecard_request']['ecard_template'];
$recipients = $_SESSION['ecard_request']['ecard_recipients'];
$message = $_SESSION['ecard_request']['ecard_message'];
} else {
$template = $gPreferences['ecard_template'];
$count = $pdoStatement->rowCount();
// show error if no user found or more than one user found
if ($count === 0) {
$gMessage->show($gL10n->get('SYS_LOSTPW_EMAIL_ERROR', $_POST['recipient_email']));
} elseif ($count > 1) {
$gMessage->show($gL10n->get('SYS_LOSTPW_SEVERAL_EMAIL', $_POST['recipient_email']));
}
$row = $pdoStatement->fetch();
$user = new User($gDb, $gProfileFields, $row['usr_id']);
// create and save new password and activation id
$newPassword = PasswordHashing::genRandomPassword(8);
$activationId = PasswordHashing::genRandomPassword(10);
$user->setPassword($newPassword, true);
$user->setValue('usr_activation_code', $activationId);
$sysmail = new SystemMail($gDb);
$sysmail->addRecipient($user->getValue('EMAIL'), $user->getValue('FIRST_NAME', 'database') . ' ' . $user->getValue('LAST_NAME', 'database'));
$sysmail->setVariable(1, $newPassword);
$sysmail->setVariable(2, $g_root_path . '/adm_program/system/password_activation.php?usr_id=' . $user->getValue('usr_id') . '&aid=' . $activationId);
$sysmail->sendSystemMail('SYSMAIL_ACTIVATION_LINK', $user);
$user->saveChangesWithoutRights();
$user->save();
$gMessage->setForwardUrl($g_root_path . '/adm_program/system/login.php');
$gMessage->show($gL10n->get('SYS_LOSTPW_SEND', $_POST['recipient_email']));
} catch (AdmException $e) {
$e->showHtml();
}
} else {
/*********************HTML_PART*******************************/
// create html page object
$page = new HtmlPage($headline);
// add back link to module menu
$getNewUserId = admFuncVariableIsValid($_GET, 'new_user_id', 'int', array('requireValue' => true));
// nur Webmaster duerfen User zuordnen, ansonsten Seite verlassen
if (!$gCurrentUser->approveUsers()) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
// pruefen, ob Modul aufgerufen werden darf
if ($gPreferences['registration_mode'] == 0) {
$gMessage->show($gL10n->get('SYS_MODULE_DISABLED'));
}
// set headline of the script
$headline = $gL10n->get('NWU_ASSIGN_REGISTRATION');
// create user object for new user
$new_user = new User($gDb, $gProfileFields, $getNewUserId);
// search for users with similar names (SQL function SOUNDEX only available in MySQL)
if ($gPreferences['system_search_similar'] == 1 && $gDbType === 'mysql') {
$sql_similar_name = '( ( SUBSTRING(SOUNDEX(last_name.usd_value), 1, 4) LIKE SUBSTRING(SOUNDEX(\'' . $gDb->escapeString($new_user->getValue('LAST_NAME', 'database')) . '\'), 1, 4)
AND SUBSTRING(SOUNDEX(first_name.usd_value), 1, 4) LIKE SUBSTRING(SOUNDEX(\'' . $gDb->escapeString($new_user->getValue('FIRST_NAME', 'database')) . '\'), 1, 4) )
OR ( SUBSTRING(SOUNDEX(last_name.usd_value), 1, 4) LIKE SUBSTRING(SOUNDEX(\'' . $gDb->escapeString($new_user->getValue('FIRST_NAME', 'database')) . '\'), 1, 4)
AND SUBSTRING(SOUNDEX(first_name.usd_value), 1, 4) LIKE SUBSTRING(SOUNDEX(\'' . $gDb->escapeString($new_user->getValue('LAST_NAME', 'database')) . '\'), 1, 4) ) )';
} else {
$sql_similar_name = '( ( last_name.usd_value LIKE \'' . $gDb->escapeString($new_user->getValue('LAST_NAME', 'database')) . '\'
AND first_name.usd_value LIKE \'' . $gDb->escapeString($new_user->getValue('FIRST_NAME', 'database')) . '\')
OR ( last_name.usd_value LIKE \'' . $gDb->escapeString($new_user->getValue('FIRST_NAME', 'database')) . '\'
AND first_name.usd_value LIKE \'' . $gDb->escapeString($new_user->getValue('LAST_NAME', 'database')) . '\') )';
}
// alle User aus der DB selektieren, die denselben Vor- und Nachnamen haben
$sql = 'SELECT usr_id, usr_login_name, last_name.usd_value as last_name,
first_name.usd_value as first_name, address.usd_value as address,
zip_code.usd_value as zip_code, city.usd_value as city,
email.usd_value as email
FROM ' . TBL_USERS . '
} elseif ($getMode === 4) {
// nur Webmaster duerfen User neue Zugangsdaten zuschicken
// nur ausfuehren, wenn E-Mails vom Server unterstuetzt werden
// nur an Mitglieder der eigenen Organisation schicken
if (!$gCurrentUser->isWebmaster() || $gPreferences['enable_system_mails'] != 1 || $this_orga == false) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
if ($gPreferences['enable_system_mails'] == 1) {
try {
// neues Passwort generieren und abspeichern
$password = PasswordHashing::genRandomPassword(8);
$user->setPassword($password);
$user->save();
// Mail an den User mit den Loginaten schicken
$sysmail = new SystemMail($gDb);
$sysmail->addRecipient($user->getValue('EMAIL'), $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME'));
$sysmail->setVariable(1, $password);
$sysmail->sendSystemMail('SYSMAIL_NEW_PASSWORD', $user);
$gMessage->setForwardUrl($gNavigation->getUrl());
$gMessage->show($gL10n->get('SYS_EMAIL_SEND'));
} catch (AdmException $e) {
$e->showText();
}
}
} elseif ($getMode === 5) {
// Fragen, ob Zugangsdaten verschickt werden sollen
$gMessage->setForwardYesNo($g_root_path . '/adm_program/modules/members/members_function.php?usr_id=' . $getUserId . '&mode=4');
$gMessage->show($gL10n->get('MEM_SEND_NEW_LOGIN', $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME')));
} elseif ($getMode === 6) {
if ($this_orga == true && $other_orga == 0 && $gCurrentUser->isWebmaster()) {
// nur Webmaster duerfen dies
AND mem_end > \'' . DATE_NOW . '\'
AND mem_usr_id = usr_id
AND usr_valid = 1
AND email.usd_usr_id = email.usd_usr_id
ORDER BY last_name, first_name';
$resultUsers = $gDb->query($sql);
while ($row = $gDb->fetch_array($resultUsers)) {
if ($ecardSendResult == true) {
// create and send ecard
$ecardHtmlData = $funcClass->parseEcardTemplate($imageUrl, $_POST['ecard_message'], $ecardDataToParse, $row['first_name'] . ' ' . $row['last_name'], $row['email']);
$ecardSendResult = $funcClass->sendEcard($senderName, $senderEmail, $ecardHtmlData, $row['first_name'] . ' ' . $row['last_name'], $row['email'], $imageServerPath);
}
}
}
if (count($arrayUsers) > 0) {
foreach ($arrayUsers as $userId) {
if ($ecardSendResult == true) {
$user = new User($gDb, $gProfileFields, $userId);
// create and send ecard
$ecardHtmlData = $funcClass->parseEcardTemplate($imageUrl, $_POST['ecard_message'], $ecardDataToParse, $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME'), $user->getValue('EMAIL'));
$ecardSendResult = $funcClass->sendEcard($senderName, $senderEmail, $ecardHtmlData, $user->getValue('FIRST_NAME') . ' ' . $user->getValue('LAST_NAME'), $user->getValue('EMAIL'), $imageServerPath);
}
}
}
// show result
if ($ecardSendResult == true) {
$gMessage->setForwardUrl($gNavigation->getPreviousUrl());
$gMessage->show($gL10n->get('ECA_SUCCESSFULLY_SEND'));
} else {
$gMessage->show($gL10n->get('ECA_NOT_SUCCESSFULLY_SEND'));
}
require_once '../../system/common.php';
require_once '../../system/login_valid.php';
header('Content-type: text/html; charset=utf-8');
// Initialize and check the parameters
$getUserId = admFuncVariableIsValid($_GET, 'usr_id', 'numeric', array('requireValue' => true));
$getMode = admFuncVariableIsValid($_GET, 'mode', 'string', array('defaultValue' => 'html', 'validValues' => array('html', 'change')));
// in ajax mode only return simple text on error
if ($getMode == 'change') {
$gMessage->showHtmlTextOnly(true);
} else {
$gMessage->showInModaleWindow();
}
$user = new User($gDb, $gProfileFields, $getUserId);
// only the own password could be individual set.
// Webmaster could only send a generated password or set a password if no password was set before
if (isMember($getUserId) == false || $gCurrentUser->isWebmaster() == false && $gCurrentUser->getValue('usr_id') != $getUserId || $gCurrentUser->isWebmaster() == true && strlen($user->getValue('usr_password')) > 0 && strlen($user->getValue('EMAIL')) == 0 && $gPreferences['enable_system_mails'] == 1) {
$gMessage->show($gL10n->get('SYS_NO_RIGHTS'));
}
if ($getMode == 'change') {
/***********************************************************************/
/* Handle form input */
/***********************************************************************/
if ($gCurrentUser->isWebmaster() && $gCurrentUser->getValue('usr_id') != $getUserId) {
$_POST['old_password'] = '';
}
if ((strlen($_POST['old_password']) > 0 || $gCurrentUser->isWebmaster()) && strlen($_POST['new_password']) > 0 && strlen($_POST['new_password_confirm']) > 0) {
if (strlen($_POST['new_password']) > 5) {
if ($_POST['new_password'] == $_POST['new_password_confirm']) {
// check if old password is correct.
// Webmaster could change password of other users without this verification.
if ($user->checkPassword($_POST['old_password']) || $gCurrentUser->isWebmaster() && $gCurrentUser->getValue('usr_id') != $getUserId) {
