Beispiel #1
0
require WT_ROOT . 'includes/functions/functions_edit.php';
use Rhumsaa\Uuid\Uuid;
use WT\Auth;
use WT\Log;
use WT\User;
// If we are already logged in, then go to the “Home page”
if (WT_USER_ID && WT_GED_ID) {
    header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH);
    exit;
}
$controller = new WT_Controller_Page();
$REQUIRE_ADMIN_AUTH_REGISTRATION = WT_Site::preference('REQUIRE_ADMIN_AUTH_REGISTRATION');
$action = WT_Filter::post('action');
$user_realname = WT_Filter::post('user_realname');
$user_name = WT_Filter::post('user_name', WT_REGEX_USERNAME);
$user_email = WT_Filter::postEmail('user_email');
$user_password01 = WT_Filter::post('user_password01', WT_REGEX_PASSWORD);
$user_password02 = WT_Filter::post('user_password02', WT_REGEX_PASSWORD);
$user_comments = WT_Filter::post('user_comments');
$user_password = WT_Filter::post('user_password');
$user_hashcode = WT_Filter::post('user_hashcode');
$url = WT_Filter::post('url');
// Not actually a URL - just a path
$username = WT_Filter::post('username');
$password = WT_Filter::post('password');
$timediff = WT_Filter::postInteger('timediff', -43200, 50400, 0);
// Same range as date('Z')
// These parameters may come from the URL which is emailed to users.
if (!$action) {
    $action = WT_Filter::get('action');
}
Beispiel #2
0
$ALL_THEMES_DIRS = array();
foreach (get_theme_names() as $themename => $themedir) {
    $ALL_THEME_DIRS[] = $themedir;
}
$ALL_EDIT_OPTIONS = array('none' => WT_I18N::translate('Visitor'), 'access' => WT_I18N::translate('Member'), 'edit' => WT_I18N::translate('Editor'), 'accept' => WT_I18N::translate('Moderator'), 'admin' => WT_I18N::translate('Manager'));
// Form actions
$action = WT_Filter::get('action', null, 'listusers');
$usrlang = WT_Filter::post('usrlang', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE);
$username = WT_Filter::post('username', WT_REGEX_USERNAME);
$filter = WT_Filter::post('filter');
$ged = WT_Filter::post('ged');
// Extract form variables
$realname = WT_Filter::post('realname');
$pass1 = WT_Filter::post('pass1', WT_REGEX_PASSWORD);
$pass2 = WT_Filter::post('pass2', WT_REGEX_PASSWORD);
$emailaddress = WT_Filter::postEmail('emailaddress');
$user_theme = WT_Filter::post('user_theme', implode('|', $ALL_THEME_DIRS));
$user_language = WT_Filter::post('user_language', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE);
$new_contact_method = WT_Filter::post('new_contact_method');
$new_comment = WT_Filter::post('new_comment');
$new_auto_accept = WT_Filter::postBool('new_auto_accept');
$canadmin = WT_Filter::postBool('canadmin');
$visibleonline = WT_Filter::postBool('visibleonline');
$editaccount = WT_Filter::postBool('editaccount');
$verified = WT_Filter::postBool('verified');
$verified_by_admin = WT_Filter::postBool('verified_by_admin');
switch ($action) {
    case 'loadrows':
        // Generate an AJAX/JSON response for datatables to load a block of rows
        $search = WT_Filter::get('search');
        $search = $search['value'];
Beispiel #3
0
if (!Auth::id() || !Auth::user()->getSetting('editaccount')) {
    header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH);
    exit;
}
// Valid values for form variables
$ALL_THEMES_DIRS = array();
foreach (get_theme_names() as $themename => $themedir) {
    $ALL_THEME_DIRS[] = $themedir;
}
// Extract form variables
$form_action = WT_Filter::post('form_action');
$form_username = WT_Filter::post('form_username');
$form_realname = WT_Filter::post('form_realname');
$form_pass1 = WT_Filter::post('form_pass1', WT_REGEX_PASSWORD);
$form_pass2 = WT_Filter::post('form_pass2', WT_REGEX_PASSWORD);
$form_email = WT_Filter::postEmail('form_email');
$form_rootid = WT_Filter::post('form_rootid', WT_REGEX_XREF);
$form_theme = WT_Filter::post('form_theme', implode('|', $ALL_THEME_DIRS));
$form_language = WT_Filter::post('form_language', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE);
$form_contact_method = WT_Filter::post('form_contact_method');
$form_visible_online = WT_Filter::postBool('form_visible_online');
// Respond to form action
if ($form_action == 'update' && WT_Filter::checkCsrf()) {
    if ($form_username != Auth::user()->getUserName() && User::findByIdentifier($form_username)) {
        WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate user name.  A user with that user name already exists.  Please choose another user name.'));
    } elseif ($form_email != Auth::user()->getEmail() && User::findByIdentifier($form_email)) {
        WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate email address.  A user with that email already exists.'));
    } else {
        // Change username
        if ($form_username != WT_USER_NAME) {
            Log::addAuthenticationLog('User ' . Auth::user()->getUserName() . ' renamed to ' . $form_username);