function show_memberlist()
{
cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
pageheader($lang_usermgr_php['title']);
list_users();
pagefooter();
}
function admin_tools()
{
if (current_user_can('manage_options')) {
?>
<div id="admin-tools">
<a class="admin-tools-toggle" href="#" data-toggle="modal" data-target="#admin-tools-modal"><span aria-hidden="true" class="glyphicon glyphicon-plus"></span>Admin Tools</a>
</div>
<div class="modal fade" id="admin-tools-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">×</span></button>
<h4 class="modal-title">Administrator Tools</h4>
</div>
<div class="modal-body"><?php
list_users();
?>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
</div>
</div><!-- /.modal-content -->
</div><!-- /.modal-dialog -->
</div><!-- /.modal -->
<?php
}
}
$formData = parseRequest($_POST);
$errors = validateFormData($formData);
if (is_array($errors) && count($errors) > 0) {
} else {
$id = $formData['aid'];
$pw = $formData['pwd'];
setcookie("devid", $id, time() + 60 * 60 * 24 * 5);
// 有効期限5日間
$errors = login_new($id, $pw);
}
} else {
if (isset($_REQUEST['error_msg'])) {
$errors = $_REQUEST['error_msg'];
}
}
$users = list_users();
if (strlen($formData['aid']) > 0 && $formData['aid'] != '') {
$id = $formData['aid'];
} else {
$id = $_COOKIE["devid"];
//まずクッキーを読み出して変数に格納
}
function parseRequest($lineData)
{
$formData = array();
$formData['aid'] = normalizeData($lineData['aid']);
$formData['pwd'] = normalizeData($lineData['pwd']);
return $formData;
}
/*
* データをチェックする。
<?php
$all_users = list_users($db);
if (isset($_GET['error'])) {
$error = $_GET['error'];
}
?>
<h2 class="sub-header">Users</h2>
<div class="table-responsive">
<table class="table table-striped">
<thead>
<tr>
<th>Username</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<?php
foreach ($all_users as $user_row) {
echo "<tr>";
echo "<td>{$user_row->username}</td><td><a href=\"./includes/user_delete.php?delete={$user_row->username}\" name=\"Delete\">Delete</a> / <a href=\"./?section=user_profile&user={$user_row->username}\">Edit</a></td>";
echo "</tr>";
}
?>
</tbody>
</table>
<?php
if (isset($_GET['error'])) {
$error = $_GET['error'];
}
$matches = CPGPluginAPI::filter('plugin_block', $matches);
if (is_array($matches)) {
switch ($matches[1]) {
case 'breadcrumb':
// Added breadcrumb as a separate listable block from config
if (($breadcrumb != '' || count($cat_data) > 0) && $cat != 0) {
theme_display_breadcrumb($breadcrumb, $cat_data);
}
break;
case 'catlist':
if ($breadcrumb != '' || count($cat_data) > 0) {
theme_display_cat_list($breadcrumb, $cat_data, $statistics);
}
if (isset($cat) && $cat == USER_GAL_CAT) {
list_users();
}
break;
case 'alblist':
list_albums();
break;
case 'anycontent':
if ($cat == 0) {
ob_start();
/**
* Any php code or HTML can be put in this file and will be displayed
*/
include 'anycontent.php';
$anycontent = CPGPluginAPI::filter('anycontent', ob_get_contents());
ob_end_clean();
echo $anycontent;
<?php
require_once realpath($_SERVER['DOCUMENT_ROOT']) . '/includes/init.inc.php';
if (isset($_POST['page']) && isset($_POST['keyword'])) {
echo list_users($_POST['page'], $_POST['keyword']);
}
$user=new usersMenus();
if($user->AsSambaAdministrator==false){
$tpl=new templates();
echo "alert('". $tpl->javascript_parse_text("{ERROR_NO_PRIVS}")."');";
die();exit();
}
if(isset($_GET["tabs"])){popup_tabs();exit;}
if(isset($_GET["popup"])){popup();exit;}
if(isset($_GET["popup-acls"])){popup_acls();exit;}
if(isset($_GET["main"])){popup_main();exit;}
if(isset($_GET["sharedlist"])){shared_folders_list();exit;}
if(isset($_GET["acldisks"])){acldisks();exit;}
if(isset($_GET["aclline"])){aclsave();exit;}
if(isset($_GET["SearchUser"])){SearchUser();exit;}
if(isset($_GET["SearchPattern"])){list_users();exit;}
if(isset($_GET["DeleteAllAcls"])){DeleteAllAcls();exit;}
if(isset($_GET["AddAclUser"])){AddAclUser();exit;}
if(isset($_GET["DeleteAclUser"])){DeleteAclUser();exit;}
if(isset($_GET["ChangeAclUser"])){ChangeAclUser();exit;}
if(isset($_GET["AddAclGroup"])){AddAclGroup();exit;}
if(isset($_GET["DeleteAclGroup"])){DeleteAclGroup();exit;}
if(isset($_GET["ChangeAclGroup"])){ChangeAclGroup();exit;}
if(isset($_GET["set-recursive"])){SubitemsMode();exit;}
if(isset($_GET["chmod_return_only"])){chmod_return_only();exit;}
if(isset($_GET["chmod_save"])){chmod_save();exit;}
if(isset($_GET["config"])){dir_status();exit;}
<?php
//List users by role
require_once '../includes/functions.inc.php';
require_once '../includes/admin.inc.php';
$rid = isset($_POST['rid']) ? $_POST['rid'] : 0;
$count = isset($_POST['count']) ? $_POST['count'] : 10;
$page = isset($_POST['page']) ? $_POST['page'] : 1;
print list_users($rid, $count, $page);
?>
<script type="text/javascript">
$("a.button.disabled").click(function(){
openLogin();
});
$('#admin_user_section [title]').qtip({
style: {
padding: 7,
background: '#404041',
color: 'white',
fontSize: '10px',
textAlign: 'center',
border: {
width: 2,
color: 'white'
},
tip: 'topLeft',
name: 'dark' // Inherit the rest of the attributes from the preset dark style
},
position: {
corner: {
target: 'bottomMiddle',
} elseif (isset($_GET['toggle_reservation_reminder'])) {
echo toggle_reservation_reminder();
} elseif (isset($_GET['change_user_details'])) {
$user_name = mysql_real_escape_string(trim($_POST['user_name']));
$user_email = mysql_real_escape_string($_POST['user_email']);
$user_password = mysql_real_escape_string($_POST['user_password']);
echo change_user_details($user_name, $user_email, $user_password);
} else {
echo '<div class="box_div" id="cp_div"><div class="box_top_div"><a href="#">Start</a> > Control panel</div><div class="box_body_div">';
if ($_SESSION['user_is_admin'] == '1') {
?>
<h3>User administration</h3>
<div id="users_div"><?php
echo list_users();
?>
</div>
<p class="center_p"><input type="button" class="small_button blue_button" id="reset_user_password_button" value="Reset password"> <input type="button" class="small_button blue_button" id="change_user_permissions_button" value="Change permissions"> <input type="button" class="small_button" id="delete_user_reservations_button" value="Delete reservations"> <input type="button" class="small_button" id="delete_user_button" value="Delete user"></p>
<p class="center_p" id="user_administration_message_p"></p>
<hr>
<h3>Database administration</h3>
<p class="smalltext_p">These will require a confirmation. Your user and reservations will not be deleted unless you delete everything.</p>
<p><input type="button" class="small_button" id="delete_all_reservations_button" value="Delete all reservations"> <input type="button" class="small_button" id="delete_all_users_button" value="Delete all users"> <input type="button" class="small_button" id="delete_everything_button" value="Delete everything"></p>
<p id="database_administration_message_p"></p>
if ($ret) {
echo json_encode(array("message" => "done"));
} else {
echo json_encode(array("message" => "error"));
}
return;
} else {
if ($action == "getValue") {
$ret = getUserVariable($user_name, $value);
if ($ret) {
echo json_encode(array("message" => "done"));
// value exists
} else {
echo json_encode(array("message" => "error"));
}
return;
} else {
if (!check_role("admin")) {
return;
}
echo json_encode(list_users());
return;
}
}
}
}
}
}
}
?>
$_SESSION["list"] = $tmpl['mainAdmin'];
} else {
if ($_POST["selectoption"] == "Категории") {
//
list_of_categ($mysqli, $tmpl['list_categ_admin'], $tmpl['search']);
} else {
if ($_POST['DeleteCategory']) {
DeleteCategory($mysqli, $_POST['select_name_category2']);
$_SESSION["list"] = $tmpl['mainAdmin'];
} else {
if ($_POST['AddCategory']) {
AddCategory($mysqli, $_POST['new_categ'], $_POST['select_name_category1']);
$_SESSION["list"] = $tmpl['mainAdmin'];
} else {
if ($_POST["selectoption"] == "Пользователи") {
list_users($mysqli, $tmpl['usersAdmin']);
} else {
if ($_POST['selectedUser']) {
SelectUser($mysqli, $_POST['selectuser'], $tmpl['user_admin']);
} else {
if ($_POST['DeleteUser']) {
DeleteUser($mysqli);
$_SESSION["list"] = $tmpl['mainAdmin'];
} else {
if ($_POST['ChangeUser']) {
ChangeUser($mysqli, $_POST['group_user'], $_POST['block']);
$_SESSION["list"] = $tmpl['mainAdmin'];
} else {
if ($_POST["selectoption"] == "Отчеты") {
//
//CreatePDF($mysqli);
list_users("users.xml", $form_attrs);
}
}
} elseif ($form_attrs['action'] == "new") {
/* Display new user form */
$forms = make_form("newuser.xml", $form_attrs, "");
/*
* Make sure that the action value that led to this form being displayed
* (action=new) is not retained
*/
$forms[user]->setElementAttrById("action", "elemValue", "add");
include "templates/user_table.php";
} elseif ($forms[user]) {
/* There was not an error with user detail form */
include "templates/user_table.php";
} elseif (!$form_attrs['userid'] && !$form_attrs['action']) {
list_users("users.xml", $form_attrs);
} elseif ($form_attrs['action'] != "modify") {
/* && $form_attrs[action] */
echo "Invalid action requested.<br>\n";
list_users("users.xml", $form_attrs);
} else {
/* elseif( $userid ) */
echo "Cannot find user record matching the request.<br>\n";
list_users("users.xml", $form_attrs);
}
/* Else list_users() */
} else {
/* No form type specified - just list all the users */
list_users("users.xml", $form_attrs);
}
} elseif (isset($_GET['toggle_reservation_reminder'])) {
echo toggle_reservation_reminder($conn);
} elseif (isset($_GET['change_user_details'])) {
$user_name = mysqli_real_escape_string($conn, trim($_POST['user_name']));
$user_email = mysqli_real_escape_string($conn, $_POST['user_email']);
$user_password = mysqli_real_escape_string($conn, $_POST['user_password']);
echo change_user_details($user_name, $user_email, $user_password, $conn);
} else {
echo '<div class="box_div" id="cp_div"><div class="box_top_div"><a href="#">Start</a> > Control panel</div><div class="box_body_div">';
if ($_SESSION['user_is_admin'] == '1') {
?>
<h3>User administration</h3>
<div id="users_div"><?php
echo list_users($conn);
?>
</div>
<p class="center_p"><input type="button" class="small_button blue_button" id="reset_user_password_button" value="Reset password"> <input type="button" class="small_button blue_button" id="change_user_permissions_button" value="Change permissions"> <input type="button" class="small_button" id="delete_user_reservations_button" value="Delete reservations"> <input type="button" class="small_button" id="delete_user_button" value="Delete user"></p>
<p class="center_p" id="user_administration_message_p"></p>
<hr>
<h3>Database administration</h3>
<p class="smalltext_p">These will require a confirmation. Your user and reservations will not be deleted unless you delete everything.</p>
<p><input type="button" class="small_button" id="delete_all_reservations_button" value="Delete all reservations"> <input type="button" class="small_button" id="delete_all_users_button" value="Delete all users"> <input type="button" class="small_button" id="delete_everything_button" value="Delete everything"></p>
<p id="database_administration_message_p"></p>
<div style="float: right" id="search_bar">
<form action="" method="POST">
<input id="search_user_box" type="text" name="keyword" title="Fill in your search query" size="20" placeholder="Search user.." />
</form>
<div style="display: none;" id="search_user_suggestion"></div>
</div>
<script type="text/javascript">
function searchUserSuggestion() {
if ($("input#search_user_box").val() != '') {
$("#search_user_suggestion").delay(200).load("triggers/search_user.php",{keyword:$("input#search_user_box").val()}).slideDown();
} else {
$("#search_user_suggestion").css("display","none");
}
}
$("input#search_user_box").keyup(searchUserSuggestion).change(searchUserSuggestion);
if ($("input#search_user_box").val() == '') {
$("#search_user_suggestion").css("display","none");
}
</script>
<?php
$rid = isset($_POST['rid']) ? $_POST['rid'] : 0;
print select_role('rid', $rid);
print '<div id="admin_user_section">';
print list_users($rid, 10, 1);
print '</div>';
?>
<script type="text/javascript">
$("select#rid").change(function(){
$("#admin_user_section").load("triggers/admin_user.php",{rid:$(this).val(),count:10,page:1});
});
</script>
<?php
session_start();
require_once '../config.php';
require_once '../database.php';
require_once '../ui.php';
show_header('../');
show_menu('../');
#Authentication:
if (!isset($_SESSION['admin'])) {
if (!isset($_POST['pwd'])) {
include 'login.php';
} else {
$user = list_users('admin');
print_r($user);
print_r($_POST);
if ($user['upassword'] == $_POST['pwd']) {
$_SESSION['admin'] = 'yes';
print 'Access granted.';
} else {
print 'Wrong password!';
}
}
}
if (isset($_SESSION['admin'])) {
$devices = list_secrets();
$settings = list_settings();
show_settings($settings);
show_devices($devices);
}
include '../html_footer.html';
function get_parser()
{
$conf = configurations();
if (!$_GET) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects');
}
if (isset($_GET['mod'])) {
if (is_array(myfilter($_GET['mod'], 'mod'))) {
trigger_error('potential attack using mod');
return deconnect();
} else {
$mod = $_GET['mod'];
}
} else {
$mod = null;
}
switch ($_GET['action']) {
case 'adduser':
if (admin(true)) {
if ($_POST['usr_email'] && $_POST['username']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser', add_user(myfilter($_POST['usr_email'], 'email'), myfilter($_POST['username'], 'user'), myfilter($_POST['lvl'], 'lvl')));
}
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'adduser');
}
break;
case 'listusers':
if (admin(true)) {
$list_users = list_users(array(null));
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listusers', $list_users);
}
break;
case 'deco':
return deconnect();
break;
case 'modpass':
if ($_POST['oldpass'] && $_POST['password1'] && $_POST['password2']) {
$pass = array(myfilter($_POST['oldpass'], 'password'), myfilter($_POST['password1'], 'password'), myfilter($_POST['password2'], 'password'));
if (is_string($pass[0]) && is_string($pass[1]) && is_string($pass[2])) {
$change = change_password($_SESSION['db_data']['_id'], $pass);
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', $change);
}
}
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'changepass', null);
break;
case 'resetpass':
if (isset($_GET['user_id']) && isset($_GET['resetcode']) && !is_array($_GET['user_id']) && !is_array($_GET['resetcode'])) {
return reset_password($_GET['user_id'], $_GET['resetcode']);
} elseif (isset($_GET['user_id']) && !is_array($_GET['user_id']) && admin(true)) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', reset_password($_GET['user_id']));
}
break;
case 'edituser':
if (isset($_GET['user_id'])) {
if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data($_SESSION['db_data']));
}
if (admin(true) && !is_array($_GET['user_id'])) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_user', change_user_data(check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id'))))));
}
}
break;
case 'changemail':
if (isset($_GET['user_id']) && isset($_GET['code'])) {
$db = check_user(array('_id' => new MongoID(myfilter($_GET['user_id'], '_id'))));
if ($db['mail_change_id'] == $_GET['code']) {
return change_email_user(array('email' => $db['new_mail'], 'new_mail' => null, 'mail_change_id' => null), myfilter($_GET['user_id'], '_id'), 'postmail');
}
}
break;
case 'deluser':
if (admin(true) && !is_array($_GET['user_id'])) {
return delete_user(myfilter($_GET['user_id'], '_id'));
}
break;
case 'addproject':
if (admin(true)) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_project', addproject());
}
break;
case 'project':
if (isset($_GET['project_id'])) {
if (!is_array(myfilter($_GET['project_id'], '_id'))) {
$_SESSION['currentprojet'] = myfilter($_GET['project_id'], '_id');
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', check_projects_mod($mod));
}
}
break;
case 'getfile':
if (isset($_GET['file']) && isset($_GET['key']) && isset($_GET['id']) && isset($_GET['os']) && isset($_GET['arch'])) {
if (!is_array(myfilter($_GET['file'], 'sha1')) && !is_array(myfilter($_GET['key'], 'timestamp')) && !is_array(myfilter($_GET['id'], '_id')) && !is_array($_GET['os']) && !is_array($_GET['arch'])) {
return down_file(myfilter($_GET['file'], 'sha1'), myfilter($_GET['key'], 'timestamp'), base64_decode(urldecode($_GET['os'])), base64_decode(urldecode($_GET['arch'])), myfilter($_GET['id'], '_id'));
}
}
break;
case 'addfile':
if (admin(true) && isset($_GET['id'])) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'add_file', addfile(myfilter($_GET['id'], '_id')));
}
}
break;
case 'deletefile':
if (admin(true) && isset($_GET['id']) && isset($_GET['key'])) {
if (!is_array(myfilter($_GET['id'], '_id')) && !is_array(myfilter($_GET['key'], 'timestamp'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'project', delete_file(myfilter($_GET['id'], '_id'), myfilter($_GET['key'], 'timestamp')));
}
}
break;
case 'usersetting':
if (isset($_GET['user_id'])) {
if (user(true) && $_GET['user_id'] == $_SESSION['db_data']['_id']) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'setting', change_user_setting($_SESSION['db_data']['_id']));
}
}
break;
case 'bug':
if (isset($_GET['id'])) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', check_bug($mod));
}
}
break;
case 'submitbug':
if (isset($_GET['id'])) {
if (user(true) && in_array($_GET['id'], $_SESSION['db_data']['projects'])) {
$_SESSION['idbug'] = $_GET['id'];
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id']));
}
if (admin(true) || vip(true)) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
$_SESSION['idbug'] = $_GET['id'];
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'submitbug', add_bug($_POST, $_GET['id']));
}
}
}
break;
case 'listprojects':
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'listprojects', $mod);
break;
case 'editbug':
if (strlen($_POST['status']) && isset($_GET['id']) && admin(true)) {
if (!is_array($_POST['status']) && !is_array(myfilter($_GET['id'], '_id'))) {
if (in_array($_POST['status'], $conf['bugs']['Open']) || in_array($_POST['status'], $conf['bugs']['Closed'])) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'bug', edit_bug($_POST['status']));
}
}
}
break;
case 'resetpassmail':
if (strlen($_POST['usr_email'])) {
return echo_front_page(reset_password_mail(myfilter($_POST['usr_email'], 'email')));
}
break;
case 'editproject':
if (isset($_GET['id']) && admin(true)) {
if (!is_array(myfilter($_GET['id'], '_id'))) {
return user_page_display($_SESSION['db_data']['user'], $_SESSION['db_data']['lvl'], 'edit_project', edit_project($_POST));
}
}
break;
}
return echo_front_page();
}
?>
</td>
<td style="text-indent: 10px; font-family: 'Lucida Console'; font-weight: bolder;">
<?php
echo $result['password'];
?>
</td>
</tr>
</tbody>
</table>
<?php
}
}
if (isset($_POST['dept'])) {
$users = list_users($_POST['dept']);
?>
<div class="alert alert-info" style="text-align: center;">
Students registered under the <strong><?php
echo get_collegeName($_POST['dept']);
?>
</strong>.
</div>
<table class="table table-hover">
<thead>
<tr>
<th>
Student ID
