use Fisharebest\Webtrees\Functions\FunctionsEdit;
use Fisharebest\Webtrees\Functions\FunctionsPrint;
define('WT_SCRIPT_NAME', 'edituser.php');
require './includes/session.php';
// Need to be logged in
if (!Auth::check()) {
header('Location: ' . WT_BASE_URL);
return;
}
// Extract form variables
$form_action = Filter::post('form_action');
$form_username = Filter::post('form_username');
$form_realname = Filter::post('form_realname');
$form_pass1 = Filter::post('form_pass1', WT_REGEX_PASSWORD);
$form_pass2 = Filter::post('form_pass2', WT_REGEX_PASSWORD);
$form_email = Filter::postEmail('form_email');
$form_rootid = Filter::post('form_rootid', WT_REGEX_XREF);
$form_theme = Filter::post('form_theme');
$form_language = Filter::post('form_language');
$form_timezone = Filter::post('form_timezone');
$form_contact_method = Filter::post('form_contact_method');
$form_visible_online = Filter::postBool('form_visible_online');
// Respond to form action
if ($form_action && Filter::checkCsrf()) {
switch ($form_action) {
case 'update':
if ($form_username !== Auth::user()->getUserName() && User::findByUserName($form_username)) {
FlashMessages::addMessage(I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'));
} elseif ($form_email !== Auth::user()->getEmail() && User::findByEmail($form_email)) {
FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
} else {
global $WT_TREE;
define('WT_SCRIPT_NAME', 'admin_users.php');
require './includes/session.php';
$controller = new PageController();
$controller->restrictAccess(Auth::isAdmin());
// Valid values for form variables
$ALL_EDIT_OPTIONS = array('none' => I18N::translate('Visitor'), 'access' => I18N::translate('Member'), 'edit' => I18N::translate('Editor'), 'accept' => I18N::translate('Moderator'), 'admin' => I18N::translate('Manager'));
// Form actions
switch (Filter::post('action')) {
case 'save':
if (Filter::checkCsrf()) {
$user_id = Filter::postInteger('user_id');
$user = User::find($user_id);
$username = Filter::post('username');
$real_name = Filter::post('real_name');
$email = Filter::postEmail('email');
$pass1 = Filter::post('pass1', WT_REGEX_PASSWORD);
$pass2 = Filter::post('pass2', WT_REGEX_PASSWORD);
$theme = Filter::post('theme', implode('|', array_keys(Theme::themeNames())), '');
$language = Filter::post('language');
$timezone = Filter::post('timezone');
$contact_method = Filter::post('contact_method');
$comment = Filter::post('comment');
$auto_accept = Filter::postBool('auto_accept');
$canadmin = Filter::postBool('canadmin');
$visible_online = Filter::postBool('visible_online');
$verified = Filter::postBool('verified');
$approved = Filter::postBool('approved');
if ($user_id === 0) {
// Create a new user
if (User::findByUserName($username)) {
*
* @global Tree $WT_TREE
*/
global $WT_TREE;
define('WT_SCRIPT_NAME', 'login.php');
require './includes/session.php';
// If we are already logged in, then go to the “Home page”
if (Auth::check() && $WT_TREE) {
header('Location: ' . WT_BASE_URL);
return;
}
$controller = new PageController();
$action = Filter::post('action');
$user_realname = Filter::post('user_realname');
$user_name = Filter::post('user_name');
$user_email = Filter::postEmail('user_email');
$user_password01 = Filter::post('user_password01', WT_REGEX_PASSWORD);
$user_password02 = Filter::post('user_password02', WT_REGEX_PASSWORD);
$user_comments = Filter::post('user_comments');
$user_password = Filter::post('user_password');
$user_hashcode = Filter::post('user_hashcode');
$url = Filter::post('url');
// Not actually a URL - just a path
$username = Filter::post('username');
$password = Filter::post('password');
// These parameters may come from the URL which is emailed to users.
if (!$action) {
$action = Filter::get('action');
}
if (!$user_name) {
$user_name = Filter::get('user_name');
