/** * Authenticates this session's User, and returns its object. * @return User */ public static function Authenticate() { global $lang; if (array_key_exists('CurrentUser', $_SESSION)) { /* @var $User User */ $User = unserialize($_SESSION['CurrentUser']); $Users = User::GetUsers(new UserSearchParameters($User->getID(), FALSE, FALSE, $User->getPassword())); if ($Users) { $User = $Users[0]; $User->setLastActive(time()); User::Update($User, $User); $lang->setLanguages(array($User->getLanguage())); if ($User->hasPermission(RIGHT_ACCOUNT_LOGIN)) { return $User; } else { $e = new Error(RIGHTS_ERR_USERNOTALLOWED); Error::AddError($e); header('location:login.php#2'); exit; } } else { header('location:login.php#1'); exit; } } else { global $argv, $argc; if (isset($argv) && $argc > 0) { foreach ($argv as $arg) { $kv = explode('=', $arg); if (count($kv) > 1) { $_GET[$kv[0]] = $kv[1]; } unset($kv); } /* Authenticate on the commandline as Default User */ $Users = User::GetUsers(new UserSearchParameters(CMDLINE_USERID)); if ($Users) { $User = $Users[0]; return $User; } else { return NULL; } } else { /* If not on the commandline, the Session expired */ header('location:login.php?url=' . urlencode($_SERVER['REQUEST_URI'])); exit; } } }
} ?> </select></dd> </dl> <dl> <dt><label for="filter_creator"><?php putGS('Creator'); ?> </label></dt> <dd><select name="creator"> <option value=""><?php putGS('All'); ?> </option> <?php foreach (User::GetUsers() as $creator) { ?> <option value="<?php echo $creator->getUserId(); ?> "><?php echo htmlspecialchars($creator->getRealName()); ?> </option> <?php } ?> </select></dd> </dl> <dl> <dt><label for="filter_status"><?php
<?php include 'cd.php'; $CurrentUser = Authentication::Authenticate(); HTMLstuff::RefererRegister($_SERVER['REQUEST_URI']); $UserRows = ''; $UserCount = 0; $Users = User::GetUsers(); if ($Users) { /* @var $User User */ foreach ($Users as $User) { $UserCount++; $UserRows .= sprintf("\n<tr class=\"Row%10\$d\">" . "<td>%12\$s</td>" . "<td>%3\$s</td>" . "<td class=\"Center\">%4\$s</td>" . "<td class=\"Center\"%6\$s>%5\$s</td>" . "<td class=\"Center\">%7\$s</td>" . "<td class=\"Center\">%8\$s</td>" . "<td class=\"Center\">%13\$s</td>" . "</tr>", $User->getID(), htmlentities($User->getUserName()), htmlentities($User->GetFullName()), $User->getGender() == GENDER_FEMALE ? 'f' : ($User->getGender() == GENDER_MALE ? 'm' : '?'), $User->getBirthdate() > 0 ? date('j-m-Y', $User->getBirthdate()) : ' ', $User->getBirthdate() > 0 ? ' title="' . date('l', $User->getBirthdate()) . '"' : NULL, $User->getLastActive() > 0 ? date('j-n-Y G:i', $User->getLastActive()) : ' ', $User->getLastLogin() > 0 ? date('j-n-Y G:i', $User->getLastLogin()) : ' ', COMMAND_DELETE, $UserCount % 2 == 0 ? 2 : 1, $lang->g('LabelDeleteUser'), $CurrentUser->hasPermission(RIGHT_USER_EDIT) ? sprintf("<a href=\"user_view.php?user_id=%1\$d\">%2\$s</a>", $User->getID(), $User->getUserName()) : sprintf("<a href=\"#\">%1\$s</a>", $User->getUserName()), $CurrentUser->hasPermission(RIGHT_USER_DELETE) ? sprintf("<a href=\"user_view.php?user_id=%1\$d&cmd=%2\$s\" title=\"%3\$s\"><img src=\"images/button_delete.png\" width=\"16\" height=\"16\" alt=\"%3\$s\" /></a>", $User->getID(), COMMAND_DELETE, $lang->g('LabelDeleteUser')) : sprintf("<a href=\"#\"><img src=\"images/button_delete_invalid.png\" width=\"16\" height=\"16\" title=\"%1\$s\" alt=\"%1\$s\"/></a>", $lang->g('LabelNotAllowed'))); } unset($User); } echo HTMLstuff::HtmlHeader($lang->g('NavigationUsers'), $CurrentUser); ?> <h2><?php echo sprintf('<a href="index.php">%2$s</a> - %1$s', $lang->g('NavigationUsers'), $lang->g('NavigationHome')); ?> </h2> <table> <thead> <tr> <th style="width: 160px;"><?php echo $lang->g('LabelUsername'); ?> </th>
<?php include 'cd.php'; $UserName = NULL; $Password = NULL; $ReturnURL = NULL; if (array_key_exists('hidAction', $_POST) && $_POST['hidAction'] && $_POST['hidAction'] == 'LoginLogin') { $UserName = $_POST['txtUserName']; $Password = $_POST['txtPassword']; $ReturnURL = array_key_exists('url', $_GET) && isset($_GET['url']) ? $_GET['url'] : NULL; $Users = User::GetUsers(new UserSearchParameters(FALSE, FALSE, $UserName)); if ($Users) { /* @var $User User */ $User = $Users[0]; if ($User->hasPermission(RIGHT_ACCOUNT_LOGIN)) { if (Utils::HashString($Password, $User->getSalt()) == $User->getPassword()) { $User->setPreLastLogin($User->getLastLogin()); $User->setLastLogin(time()); // By resetting the user's Salt and Password-hash upon login, // existing reset-URLs and concurrent loginsessions become invalid. $User->setSalt(Utils::GenerateGarbage(20)); $User->setPassword(Utils::HashString($Password, $User->getSalt())); User::Update($User, $User); $_SESSION['CurrentUser'] = serialize($User); session_regenerate_id(TRUE); if (isset($ReturnURL)) { header('location:' . urldecode($ReturnURL)); } else { header('location:index.php'); } exit;
foreach ($CacheImagesInDB as $ci) { if ($ci->getKind() == CACHEIMAGE_KIND_INDEX) { if (file_exists($ci->getFilenameOnDisk(TRUE, TRUE))) { rename($ci->getFilenameOnDisk(TRUE, TRUE), $ci->getFilenameOnDisk(FALSE, FALSE)); } if (file_exists($ci->getFilenameOnDisk(FALSE, TRUE))) { rename($ci->getFilenameOnDisk(FALSE, TRUE), $ci->getFilenameOnDisk(FALSE, FALSE)); } } else { if (file_exists($ci->getFilenameOnDisk(TRUE))) { rename($ci->getFilenameOnDisk(TRUE), $ci->getFilenameOnDisk(FALSE)); } } } /* Give the admin-user full rights */ $admUser = User::GetUsers(new UserSearchParameters(CMDLINE_USERID)); /* @var $admUser User */ if ($admUser) { $admUser = $admUser[0]; $admUser->setRights(Rights::getTotalRights()); User::Update($admUser, $admUser); } /* Introduce CANDYPATH constant and write to config */ if (defined('CANDYIMAGEPATH') && !defined('CANDYPATH')) { if (($configfile = file_get_contents('config.php')) !== FALSE) { $configfile = str_replace('CANDYIMAGEPATH', 'CANDYPATH', $configfile); if (file_put_contents('config.php', $configfile) === FALSE) { $e = new Error(NULL, $lang->g('ErrorSetupWritingConfig')); Error::AddError($e); $NoError = FALSE; }
?> </td> <td><?php echo lang('ROLE'); ?> </td> <td><?php echo lang('STATUS'); ?> </td> <td></td> </tr> </thead> <tbody> <?php if ($user->GetUsers()) { foreach ($user->GetUsers() as $u) { $status = $u->active == 0 ? lang('INACTIVE') : lang('ACTIVE'); $roles = array("1" => lang('ADMINISTRATOR'), "2" => lang('STANDARD_USER')); echo "<tr>\r\n\t\t\t\t\t\t\t\t<td>"; if ($u->id != $user->data()->id) { echo "<input type='checkbox' name='checkbox[]' id='checkbox-" . $u->id . "' class='checkbox checkbox-style' value='" . $u->id . "'>\r\n\t\t\t\t\t\t\t\t\t<label for='checkbox-" . $u->id . "'></label>"; } echo "\r\n\t\t\t\t\t\t\t\t</td>\r\n\t\t\t\t\t\t\t\t<td>" . escape($u->username) . "</td>\r\n\t\t\t\t\t\t\t\t<td>" . escape(ucfirst($u->firstname)) . "</td>\r\n\t\t\t\t\t\t\t\t<td>" . escape(ucfirst($u->lastname)) . "</td>\r\n\t\t\t\t\t\t\t\t<td>" . escape($u->email) . "</td>\r\n\t\t\t\t\t\t\t\t<td><a href='https://facebook.com/" . $u->fbuserid . "' title='" . escape(ucfirst($u->firstname)) . " " . escape(ucfirst($u->lastname)) . "' target='_blank'>" . lang('VIEW_PROFILE') . " <span class='glyphicon glyphicon-link'></span></a></td>\r\n\t\t\t\t\t\t\t\t<td>" . $roles[$u->roles] . "</td>\r\n\t\t\t\t\t\t\t\t<td>" . $status . "</td>\r\n\t\t\t\t\t\t\t\t<td>\r\n\t\t\t\t\t\t\t\t\t<a href='#' title='' class='btn btn-primary edit' id='" . $u->id . "' onclick='return false;'><span class='glyphicon glyphicon-pencil'></span> " . lang('EDIT') . "</a>\r\n\t\t\t\t\t\t\t\t\t<a href='users.php?action=delete&userId=" . $u->id . "' title='' class='btn btn-danger delete' id='" . $u->id . "' onclick='return confirm(\"" . lang('DELETE_USER_CONFIRMATION') . "\");'><span class='glyphicon glyphicon-trash'></span> " . lang('DELETE') . "</a>\r\n\t\t\t\t\t\t\t\t</td>\r\n\t\t\t\t\t\t\t</tr>"; } } ?> </tbody> </table> </form> </div>
/** * Set default widgets for all existing users (called after install/upgrade) * @return void */ public static function SetDefaultWidgetsAll() { require_once dirname(__FILE__) . '/../User.php'; // do only once if (SystemPref::Get(self::SETTING) != NULL) { return; } SystemPref::Set(self::SETTING, time()); // set widgets per user $users = (array) User::GetUsers(); foreach ($users as $user) { WidgetManager::SetDefaultWidgets($user->getUserId()); } }
public function getQuestioneersWantInvitation() { $Questioneers = array(); foreach (User::GetUsers() as $User) { if ($User->hasPermission('plugin_interview_notify')) { $Questioneer[] = $User; } } return $Questioneer; }
if (!$_POST['txtNewPassword'] && !$_POST['txtRepeatPassword']) { $e = new Error(REQUIRED_FIELD_MISSING); Error::AddError($e); } else { $e = new LoginError(LOGIN_ERR_PASSWORDSNOTIDENTICAL); Error::AddError($e); } } } else { header('location:login.php'); exit; } } else { if (!array_key_exists('hidAction', $_POST) && array_key_exists('Hash', $_GET) && preg_match('/^[0-9a-f]{128}$/i', $_GET['Hash'])) { $Hash = $_GET['Hash']; $Users = User::GetUsers(new UserSearchParameters(FALSE, FALSE, FALSE, $Hash)); if ($Users) { /* @var $User User */ $User = $Users[0]; } else { $e = new LoginError(LOGIN_ERR_RESETCODENOTFOUND); Error::AddError($e); $HashError = TRUE; } } } } echo HTMLstuff::HtmlHeader($lang->g('NavigationResetYourPassword')); ?> <div class="CenterForm">
private function getFormMask($p_owner=false, $p_admin=false) { global $g_user; $data = $this->getData(); foreach (User::GetUsers() as $User) { if (1 || $User->hasPermission('PLUGIN_BLOG_USER')) { $ownerList[$User->getUserId()] = "{$User->getRealName()} ({$User->getUserName()})"; } } asort($ownerList); $languageList = array('' => getGS("---Select language---")); foreach (Language::GetLanguages() as $Language) { $languageList[$Language->getLanguageId()] = $Language->getNativeName(); } asort($languageList); foreach ($data as $k => $v) { // clean user input if (!in_array($k, self::$m_html_allowed_fields)) { $data[$k] = camp_html_entity_decode_array($v); } } // load possible topic list foreach ($this->GetTopicTreeFlat() as $topicId => $topicName) { $topics[$topicId] = $topicName; } // get the topics used foreach ($this->getTopics() as $Topic) { $active_topics[$Topic->getTopicId()] = $Topic->getName($this->getLanguageId()); } $languageSelectedObj = new Language($data['fk_language_id']); $editorLanguage = !empty($_COOKIE['TOL_Language']) ? $_COOKIE['TOL_Language'] : $languageSelectedObj->getCode(); $mask = array( 'f_blog_id' => array( 'element' => 'f_blog_id', 'type' => 'hidden', 'constant' => $data['blog_id'] ), SecurityToken::SECURITY_TOKEN => array( 'element' => SecurityToken::SECURITY_TOKEN, 'type' => 'hidden', 'constant' => SecurityToken::GetToken() ), 'language' => array( 'element' => 'Blog[fk_language_id]', 'type' => 'select', 'label' => getGS('Language'), 'default' => $data['fk_language_id'], 'options' => $languageList, 'required' => true ), 'title' => array( 'element' => 'Blog[title]', 'type' => 'text', 'label' => getGS('Title'), 'default' => $data['title'], 'required' => true ), 'tiny_mce' => array( 'element' => 'tiny_mce', 'text' => self::GetEditor('tiny_mce_box', $g_user, $editorLanguage), 'type' => 'static' ), 'info' => array( 'element' => 'Blog[info]', 'type' => 'textarea', 'label' => getGS('Info'), 'default' => $data['info'], 'required' => true, 'attributes'=> array('cols' => 86, 'rows' => 16, 'id' => 'tiny_mce_box', 'class' => 'tinymce') ), 'feature' => array( 'element' => 'Blog[feature]', 'type' => 'text', 'label' => getGS('Feature'), 'default' => $data['feature'], ), 'status' => array( 'element' => 'Blog[status]', 'type' => 'select', 'label' => getGS('Status'), 'default' => $data['status'], 'required' => true, 'options' => array( 'online' => getGS('online'), 'offline' => getGS('offline'), 'moderated' => getGS('moderated'), 'readonly' => getGS('read only'), ), ), 'admin_status' => array( 'element' => 'Blog[admin_status]', 'type' => 'select', 'label' => getGS('Admin status'), 'default' => $data['admin_status'], 'required' => true, 'options' => array( 'online' => getGS('online'), 'offline' => getGS('offline'), 'pending' => getGS('pending'), 'moderated' => getGS('moderated'), 'readonly' => getGS('read only'), ), ), 'owner' => array( 'element' => 'Blog[fk_user_id]', 'type' => 'select', 'label' => getGS('Owner'), 'default' => $data['fk_user_id'], 'options' => $ownerList, ), 'image' => array( 'element' => 'Blog_Image', 'type' => 'file', 'label' => getGS('Image (.jpg, .png, .gif)'), ), 'image_display' => array( 'element' => 'image_display', 'text' => '<img src="'.$data['images']['100x100'].'">', 'type' => 'static', 'groupit' => true ), 'image_remove' => array( 'element' => 'Blog_Image_remove', 'type' => 'checkbox', 'label' => getGS('Remove this image'), 'groupit' => true ), 'image_label' => array( 'element' => 'image_label', 'text' => getGS('Remove this image'), 'type' => 'static', 'groupit' => true ), 'image_group' => isset($data['images']['100x100']) ? array( 'group' => array('image_display', 'Blog_Image_remove', 'image_label'), ) : null, 'admin_remark' => array( 'element' => 'Blog[admin_remark]', 'type' => 'textarea', 'label' => getGS('Admin remark'), 'default' => $data['admin_remark'], 'attributes'=> array('cols' => 86, 'rows' => 10) ), 'reset' => array( 'element' => 'reset', 'type' => 'reset', 'label' => getGS('Reset'), 'groupit' => true ), 'xsubmit' => array( 'element' => 'xsubmit', 'type' => 'button', 'label' => getGS('Submit'), 'attributes'=> array('onclick' => 'tinyMCE.triggerSave(); if (this.form.onsubmit()) this.form.submit()'), 'groupit' => true ), 'cancel' => array( 'element' => 'cancel', 'type' => 'button', 'label' => getGS('Cancel'), 'attributes' => array('onClick' => 'window.close()'), 'groupit' => true ), 'buttons' => array( 'group' => array('cancel', 'reset', 'xsubmit') ) ); return $mask; }
public function getUsers() { if ($this->validateAdmin()) { echo json_encode(User::GetUsers()); } else { echo 0; } }
include 'cd.php'; $CurrentUser = Authentication::Authenticate(); HTMLstuff::RefererRegister($_SERVER['REQUEST_URI']); $UserID = Utils::SafeIntFromQS('user_id'); $DeleteUser = array_key_exists('cmd', $_GET) && $_GET['cmd'] && $_GET['cmd'] == COMMAND_DELETE; $_SESSION['UserSalt'] = NULL; $PasswordError = FALSE; $LanguageOptions = NULL; $DateFormatOptions = NULL; $RightsCheckboxes = NULL; $DisableControls = $DeleteUser || $UserID == $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_ACCOUNT_EDIT) || $UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_EDIT) && !is_null($UserID) || $UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_ADD) && is_null($UserID); $DisableDefaultButton = $UserID == $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_ACCOUNT_EDIT) || $UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_DELETE) && !is_null($UserID) && $DeleteUser || $UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_EDIT) && !is_null($UserID) && !$DeleteUser || $UserID != $CurrentUser->getID() && !$CurrentUser->hasPermission(RIGHT_USER_ADD) && is_null($UserID); $DisableRights = $DeleteUser || !$CurrentUser->hasPermission(RIGHT_USER_RIGHTS) && !is_null($UserID); /* @var $User User */ if ($UserID) { $Users = User::GetUsers(new UserSearchParameters($UserID)); if ($Users) { $User = $Users[0]; } else { header('location:index.php'); exit; } $_SESSION['UserSalt'] = $User->getSalt(); } else { $User = new User(NULL, $lang->g('LabelNewUser')); } if (array_key_exists('hidAction', $_POST) && $_POST['hidAction'] == 'UserView') { if (array_key_exists('txtUserName', $_POST)) { $User->setUserName(Utils::NullIfEmpty($_POST['txtUserName'])); } if (array_key_exists('hidPassword', $_POST)) {