use Fisharebest\Webtrees\Functions\FunctionsEdit; use Fisharebest\Webtrees\Functions\FunctionsPrint; define('WT_SCRIPT_NAME', 'edituser.php'); require './includes/session.php'; // Need to be logged in if (!Auth::check()) { header('Location: ' . WT_BASE_URL); return; } // Extract form variables $form_action = Filter::post('form_action'); $form_username = Filter::post('form_username'); $form_realname = Filter::post('form_realname'); $form_pass1 = Filter::post('form_pass1', WT_REGEX_PASSWORD); $form_pass2 = Filter::post('form_pass2', WT_REGEX_PASSWORD); $form_email = Filter::postEmail('form_email'); $form_rootid = Filter::post('form_rootid', WT_REGEX_XREF); $form_theme = Filter::post('form_theme'); $form_language = Filter::post('form_language'); $form_timezone = Filter::post('form_timezone'); $form_contact_method = Filter::post('form_contact_method'); $form_visible_online = Filter::postBool('form_visible_online'); // Respond to form action if ($form_action && Filter::checkCsrf()) { switch ($form_action) { case 'update': if ($form_username !== Auth::user()->getUserName() && User::findByUserName($form_username)) { FlashMessages::addMessage(I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.')); } elseif ($form_email !== Auth::user()->getEmail() && User::findByEmail($form_email)) { FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.')); } else {
global $WT_TREE; define('WT_SCRIPT_NAME', 'admin_users.php'); require './includes/session.php'; $controller = new PageController(); $controller->restrictAccess(Auth::isAdmin()); // Valid values for form variables $ALL_EDIT_OPTIONS = array('none' => I18N::translate('Visitor'), 'access' => I18N::translate('Member'), 'edit' => I18N::translate('Editor'), 'accept' => I18N::translate('Moderator'), 'admin' => I18N::translate('Manager')); // Form actions switch (Filter::post('action')) { case 'save': if (Filter::checkCsrf()) { $user_id = Filter::postInteger('user_id'); $user = User::find($user_id); $username = Filter::post('username'); $real_name = Filter::post('real_name'); $email = Filter::postEmail('email'); $pass1 = Filter::post('pass1', WT_REGEX_PASSWORD); $pass2 = Filter::post('pass2', WT_REGEX_PASSWORD); $theme = Filter::post('theme', implode('|', array_keys(Theme::themeNames())), ''); $language = Filter::post('language'); $timezone = Filter::post('timezone'); $contact_method = Filter::post('contact_method'); $comment = Filter::post('comment'); $auto_accept = Filter::postBool('auto_accept'); $canadmin = Filter::postBool('canadmin'); $visible_online = Filter::postBool('visible_online'); $verified = Filter::postBool('verified'); $approved = Filter::postBool('approved'); if ($user_id === 0) { // Create a new user if (User::findByUserName($username)) {
* * @global Tree $WT_TREE */ global $WT_TREE; define('WT_SCRIPT_NAME', 'login.php'); require './includes/session.php'; // If we are already logged in, then go to the “Home page” if (Auth::check() && $WT_TREE) { header('Location: ' . WT_BASE_URL); return; } $controller = new PageController(); $action = Filter::post('action'); $user_realname = Filter::post('user_realname'); $user_name = Filter::post('user_name'); $user_email = Filter::postEmail('user_email'); $user_password01 = Filter::post('user_password01', WT_REGEX_PASSWORD); $user_password02 = Filter::post('user_password02', WT_REGEX_PASSWORD); $user_comments = Filter::post('user_comments'); $user_password = Filter::post('user_password'); $user_hashcode = Filter::post('user_hashcode'); $url = Filter::post('url'); // Not actually a URL - just a path $username = Filter::post('username'); $password = Filter::post('password'); // These parameters may come from the URL which is emailed to users. if (!$action) { $action = Filter::get('action'); } if (!$user_name) { $user_name = Filter::get('user_name');