$search_operators[] = $_REQUEST['lastactive_op'] == 'gte' ? '>=' : '<';
}
if (isset($_REQUEST['search_status']) && $_REQUEST['search_status'] != '' && $_REQUEST['search_status'] != 'any') {
$search_fields[] = 'active';
if ($_REQUEST['search_status'] == 'pending') {
$search_values[] = 0;
$search_operators[] = '<';
} else {
$search_values[] = (int) $_REQUEST['search_status'];
$search_operators[] = '=';
}
}
// Find a list of all matching user_ids.
$all_user_ids = phorum_api_user_search($search_fields, $search_values, $search_operators, TRUE, 'AND');
// Find a list of matching user_ids to display on the current page.
$user_ids = phorum_api_user_search($search_fields, $search_values, $search_operators, TRUE, 'AND', '+username', $search_start, $display);
// Retrieve the user data for the users on the current page.
$users = empty($user_ids) ? array() : phorum_api_user_get($user_ids, FALSE);
$total = empty($all_user_ids) ? 0 : count($all_user_ids);
if (count($users)) {
$nav = "";
if ($_REQUEST["start"] > 0) {
$old_start = $_REQUEST["start"] - $display;
$input_args = array('module=users', 'start=' . $old_start);
$input_args = array_merge($input_args, $url_safe_search_arr);
$prev_url = phorum_admin_build_url($input_args);
$nav .= "<a href=\"{$prev_url}\">Previous Page</a>";
}
$nav .= " ";
if ($_REQUEST["start"] + $display < $total) {
$new_start = $_REQUEST["start"] + $display;
* argument.
*/
if (isset($PHORUM["hooks"]["pm_recipient_add"])) {
list($action, $page, $error, $recipients) = phorum_api_hook("pm_recipient_add", array($action, $page, $error, $recipients));
}
// Convert adding a recipient by name to adding by user id.
if (isset($_POST["to_name"])) {
$to_name = trim($_POST["to_name"]);
if ($to_name != '') {
if ($PHORUM["display_name_source"] == "username") {
$check_fields = array("username", "real_name");
} else {
$check_fields = array("real_name", "username");
}
foreach ($check_fields as $field) {
$to_user_ids = phorum_api_user_search($field, $to_name, '=', TRUE);
if (!empty($to_user_ids)) {
break;
}
}
if (empty($to_user_ids)) {
$error = $PHORUM["DATA"]["LANG"]["UserNotFound"];
} elseif (count($to_user_ids) > 1) {
$error = $PHORUM["DATA"]["LANG"]["DupUserFound"];
} else {
$_POST["to_id"] = array_shift($to_user_ids);
unset($_POST["to_name"]);
}
}
}
// Add a recipient by id.
break;
}
// Check if the user already exists as an admin user.
// If yes, then we can use that existing user.
$user_id = phorum_api_user_authenticate(PHORUM_ADMIN_SESSION, $_POST["admin_user"], $_POST["admin_pass"]);
if ($user_id) {
$user = phorum_api_user_get($user_id);
if (empty($user["admin"])) {
phorum_admin_error("That user already exists but without admin " . "permissions. Please create a different user.");
break;
}
}
// Authenticating the user failed? Let's check if the user
// already exists at all.
if (!$user_id) {
$user = phorum_api_user_search('username', $_POST['admin_user']);
if ($user) {
phorum_admin_error("That user already exists in the database.");
break;
}
}
// The user does not yet exist. Create it now.
if (!$user_id) {
// add the user
$user = array("user_id" => NULL, "username" => $_POST["admin_user"], "password" => $_POST["admin_pass"], "email" => $_POST["admin_email"], "active" => 1, "admin" => 1);
if (!phorum_api_user_save($user)) {
phorum_admin_error("There was an error adding the user.");
break;
}
}
// set the default http_path so we can continue.
exit;
}
// figure out what the user is trying to do, in this case we have a group to list (and maybe some commands)
if (!empty($group_id)) {
// if adding a new user to the group
if (isset($_REQUEST["adduser"])) {
$userid = 0;
// Find the user_id for the user to add.
if (is_numeric($_REQUEST["adduser"])) {
// fix implemented 11/16/08
$userid = (int) $_REQUEST["adduser"];
} else {
// older templates may send username
$name = trim($_REQUEST["adduser"]);
if ($name != '') {
$userids = phorum_api_user_search('username', $name, '=', TRUE);
if (!empty($userids) && count($userids) == 1) {
$userid = array_shift($userids);
}
}
}
if ($userid) {
// load the users groups, add the new group, then save again
$groups = phorum_api_user_check_group_access(PHORUM_USER_GROUP_SUSPENDED, PHORUM_ACCESS_LIST, $userid);
// make sure the user isn't already a member of the group
if (!isset($groups[$group_id])) {
$groups[$group_id] = PHORUM_USER_GROUP_APPROVED;
phorum_api_user_save_groups($userid, $groups);
$PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["UserAddedToGroup"];
}
} else {
phorum_api_hook('failed_login', array('username' => $_POST['username'], 'password' => $_POST['password'], 'location' => 'forum'));
}
}
}
// ----------------------------------------------------------------------------
// Handle password reminder requests
// ----------------------------------------------------------------------------
if (!$hook_info['handled'] && isset($_POST['lostpass'])) {
// Trim the email address.
$_POST['lostpass'] = trim($_POST['lostpass']);
$hook_args = NULL;
// Did the user enter an email address?
if ($_POST['lostpass'] == '') {
$error = $PHORUM['DATA']['LANG']['ErrRequired'];
$focus = 'lostpass';
} elseif ($uid = phorum_api_user_search('email', $_POST['lostpass'])) {
// An existing user id was found for the entered email
// address. Retrieve the user.
$user = phorum_api_user_get($uid);
// User registration not yet approved by a moderator.
// Tell the user that we are awaiting approval.
if ($user['active'] == PHORUM_USER_PENDING_MOD) {
$template = 'message';
$okmsg = $PHORUM['DATA']['LANG']['RegVerifyMod'];
$hook_args = array('status' => 'unapproved', 'email' => $_POST['lostpass'], 'user' => $user, 'secret' => NULL);
} elseif ($user['active'] == PHORUM_USER_PENDING_EMAIL || $user['active'] == PHORUM_USER_PENDING_BOTH) {
// Generate and store a new registration code.
$regcode = substr(md5(microtime()), 0, 8);
phorum_api_user_save(array('user_id' => $uid, 'password_temp' => $regcode));
// The URL that the user can visit to confirm the account.
$verify_url = phorum_api_url(PHORUM_REGISTER_URL, 'approve=' . $regcode . $uid);
require_once PHORUM_PATH . '/include/api/mail.php';
require_once PHORUM_PATH . '/include/api/ban.php';
// email-verification
if ($PHORUM['registration_control']) {
//$PHORUM['DATA']['PROFILE']['email_temp']="email_address@bogus.com|bla";
if (!empty($PHORUM['DATA']['PROFILE']['email_temp'])) {
list($PHORUM['DATA']['PROFILE']['email_temp_part'], $bogus) = explode("|", $PHORUM['DATA']['PROFILE']['email_temp']);
}
}
$email_temp_part = "";
if (count($_POST)) {
if (empty($_POST["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrRequired"];
} elseif (!phorum_api_mail_check_address($_POST["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
} elseif ($PHORUM['user']['email'] != $_POST["email"] && phorum_api_user_search("email", $_POST["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrEmailExists"];
} elseif (($banerr = phorum_api_ban_check($_POST["email"], PHORUM_BAD_EMAILS)) !== NULL) {
$error = $banerr;
} elseif (isset($PHORUM['DATA']['PROFILE']['email_temp_part']) && !empty($_POST['email_verify_code']) && $PHORUM['DATA']['PROFILE']['email_temp_part'] . "|" . $_POST['email_verify_code'] != $PHORUM['DATA']['PROFILE']['email_temp']) {
$error = $PHORUM['DATA']['LANG']['ErrWrongMailcode'];
} else {
// flip this due to db vs. UI wording.
$_POST["hide_email"] = isset($_POST["hide_email"]) ? 0 : 1;
$_POST['moderation_email'] = isset($_POST['moderation_email']) && phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES, PHORUM_ACCESS_ANY) ? 1 : 0;
// Remember this for the template.
if (isset($PHORUM['DATA']['PROFILE']['email_temp_part'])) {
$email_temp_part = $PHORUM['DATA']['PROFILE']['email_temp_part'];
}
// do we need to send a confirmation-mail?
if (isset($PHORUM['DATA']['PROFILE']['email_temp_part']) && !empty($_POST['email_verify_code']) && $PHORUM['DATA']['PROFILE']['email_temp_part'] . "|" . $_POST['email_verify_code'] == $PHORUM['DATA']['PROFILE']['email_temp']) {
if (isset($_POST["preview"])) {
$action = "preview";
}
if (isset($_POST["rcpt_add"])) {
$action = "rcpt_add";
}
if (!is_null($del_rcpt)) {
$action = "del_rcpt";
}
// Adding a recipient.
if ($action == "rcpt_add" || $action == "preview" || $action == "post") {
// Convert adding a recipient by name to adding by user id.
if (isset($_POST["to_name"])) {
$to_name = trim($_POST["to_name"]);
if ($to_name != '') {
$to_user_ids = phorum_api_user_search('display_name', $to_name, '=', TRUE);
if (empty($to_user_ids) || count($to_user_ids) > 1) {
$error = $PHORUM["DATA"]["LANG"]["UserNotFound"];
} else {
$_POST["to_id"] = array_shift($to_user_ids);
unset($_POST["to_name"]);
}
}
}
// Add a recipient by id.
if (isset($_POST["to_id"]) && is_numeric($_POST["to_id"])) {
$user = phorum_api_user_get($_POST["to_id"]);
if ($user && $user["active"] == PHORUM_USER_ACTIVE) {
$recipients[$user["user_id"]] = $user;
} else {
$error = $PHORUM["DATA"]["LANG"]["UserNotFound"];
if (isset($_REQUEST["adduser"])) {
// Find the user_id for the user to add.
if (is_numeric($_REQUEST["adduser"])) {
// fix implemented 11/16/08
$userid = (int) $_REQUEST["adduser"];
} else {
// older templates may send username
$name = trim($_REQUEST["adduser"]);
if ($name != '') {
if ($PHORUM["display_name_source"] == "username") {
$check_fields = array("username", "real_name");
} else {
$check_fields = array("real_name", "username");
}
foreach ($check_fields as $field) {
$userids = phorum_api_user_search($field, $name, '=', TRUE);
if (!empty($userids)) {
break;
}
}
if (!empty($userids) && count($userids) == 1) {
$userid = array_shift($userids);
}
}
}
if ($userid) {
// load the users groups, add the new group, then save again
$groups = phorum_api_user_check_group_access(PHORUM_USER_GROUP_SUSPENDED, PHORUM_ACCESS_LIST, $userid);
// make sure the user isn't already a member of the group
if (!isset($groups[$group_id])) {
$groups[$group_id] = PHORUM_USER_GROUP_APPROVED;
// Set all our URLs.
phorum_build_common_urls();
$template = "login";
$error = "";
$okmsg = "";
// Handle posted form data.
if (count($_POST) > 0) {
// The user wants to retrieve a new password.
if (isset($_POST["lostpass"])) {
// Trim the email address.
$_POST["lostpass"] = trim($_POST["lostpass"]);
$hook_args = NULL;
// Did the user enter an email address?
if (empty($_POST["lostpass"])) {
$error = $PHORUM["DATA"]["LANG"]["LostPassError"];
} elseif ($uid = phorum_api_user_search("email", $_POST["lostpass"])) {
// An existing user id was found for the entered email
// address. Retrieve the user.
$user = phorum_api_user_get($uid);
$tmp_user = array();
// User registration not yet approved by a moderator.
if ($user["active"] == PHORUM_USER_PENDING_MOD) {
$template = "message";
$okmsg = $PHORUM["DATA"]["LANG"]["RegVerifyMod"];
$hook_args = array('status' => 'unapproved', 'email' => $_POST['lostpass'], 'user' => $user, 'secret' => NULL);
// User registration still need email verification.
} elseif ($user["active"] == PHORUM_USER_PENDING_EMAIL || $user["active"] == PHORUM_USER_PENDING_BOTH) {
// Generate and store a new email confirmation code.
$tmp_user["user_id"] = $uid;
$tmp_user["password_temp"] = substr(md5(microtime()), 0, 8);
phorum_api_user_save($tmp_user);
} else {
if (isset($_POST["page"])) {
$_GET["page"] = $_POST["page"];
}
$page = isset($_GET["page"]) ? (int) $_GET["page"] : 1;
}
if ($page <= 0) {
$page = 1;
}
if ($page > $totalpages) {
$page = $totalpages;
}
$search_start = ($page - 1) * $pagelength;
$db_sort = $sort == "display_name" ? $sort_dir . $sort : array($sort_dir . $sort, "display_name");
// Find a list of matching user_ids to display on the current page.
$user_ids = phorum_api_user_search($search_fields, $search_values, $search_operators, TRUE, 'AND', $db_sort, $search_start, $pagelength);
// Retrieve the user data for the users on the current page.
$users = empty($user_ids) ? array() : phorum_api_user_get($user_ids, FALSE);
if (count($users)) {
// Create a page list for a drop down menu.
$pagelist = array();
for ($p = 1; $p <= $totalpages; $p++) {
$pagelist[$p] = $p;
}
$cols = 6;
$input_args = array('module=users');
$input_args = array_merge($input_args, $url_safe_search_arr);
$frm_url = phorum_admin_build_url($input_args);
$sort_input_args = array('page=' . $page, 'pagelength=' . $pagelength);
$sort_input_args = array_merge($sort_input_args, $input_args);
$display_name_sort_dir = $sort == "display_name" ? $reverse_sort_dir : "";
function testUserApiDelete()
{
$user_id = phorum_api_user_search('username', 'testuser' . $this->sharedFixture, '=');
$ret = phorum_api_user_delete($this->user_id_used);
$this->assertTrue($ret, 'User delete.');
$ret = phorum_api_user_get($this->user_id_used);
$this->assertNull($ret, 'Checking for deleted user.');
}
// You should have received a copy of the Phorum License //
// along with this program. //
////////////////////////////////////////////////////////////////////////////////
if (!defined("PHORUM")) {
return;
}
// For phorum_valid_email()
include_once "./include/email_functions.php";
$error = false;
// Post and reply checks for unregistered users.
if (!$PHORUM["DATA"]["LOGGEDIN"] && ($mode == 'post' || $mode == 'reply')) {
if (empty($message["author"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrAuthor"];
} elseif ((!defined('PHORUM_ENFORCE_UNREGISTERED_NAMES') || defined('PHORUM_ENFORCE_UNREGISTERED_NAMES') && PHORUM_ENFORCE_UNREGISTERED_NAMES == true) && phorum_api_user_search(array("username", "display_name"), array($message["author"], $message["author"]), array("=", "="), FALSE, "OR")) {
$error = $PHORUM["DATA"]["LANG"]["ErrRegisterdName"];
} elseif (!empty($message["email"]) && phorum_api_user_search("email", $message["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrRegisterdEmail"];
}
}
/*
* [hook]
* check_post
*
* [description]
* This hook can be used for modifying the message data and for running
* additional checks on the data. If an error is put in
* <literal>$error</literal>, Phorum will stop posting the message and show
* the error to the user in the post-form.<sbr/>
* <sbr/>
* Beware that <literal>$error</literal> can already contain an error on
* input, in case multiple modules are run for this hook. Therefore you
}
// Check additional data - name, surname, clubid ...
if (!isset($_POST["name"]) || empty($_POST["name"]) || !isset($_POST["surname"]) || empty($_POST["surname"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrRealname"];
}
if (!isset($_POST["clubid"]) || empty($_POST["clubid"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrClubId"];
}
if (!is_numeric($_POST["clubid"]) || intval($_POST["clubid"]) <= 0) {
$error = $PHORUM["DATA"]["LANG"]["ErrClubIdInvalid"];
}
// Check if the username and email address don't already exist.
if (phorum_api_user_search("username", $_POST["username"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrRegisterdName"];
}
if (phorum_api_user_search("email", $_POST["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrRegisterdEmail"];
}
// Check banlists.
if (empty($error)) {
$error = phorum_check_bans(array(array($_POST["username"], PHORUM_BAD_NAMES), array($_POST["email"], PHORUM_BAD_EMAILS), array(NULL, PHORUM_BAD_IPS)));
}
// Create user if no errors have been encountered.
if (empty($error)) {
// Setup the default userdata to store.
$userdata = array('username' => NULL, 'password' => NULL, 'email' => NULL, 'clubid' => NULL);
// Add custom profile fields as acceptable fields.
foreach ($PHORUM["PROFILE_FIELDS"] as $id => $field) {
if ($id === 'num_fields' || !empty($field['deleted'])) {
continue;
}
* </hookcode>
*/
$todo_checks = array('username_empty' => 1, 'username_unique' => 1, 'email_valid' => 1, 'email_unique' => 1, 'password' => 1, 'banlists' => 1);
if (isset($PHORUM["hooks"]["before_register_check"])) {
list($_POST, $todo_checks, $error) = phorum_api_hook("before_register_check", array($_POST, $todo_checks, $error));
}
// Check if all required fields are filled and valid.
if ($todo_checks['username_empty'] && (!isset($_POST["username"]) || empty($_POST['username']))) {
$error = $PHORUM["DATA"]["LANG"]["ErrUsername"];
} elseif ($todo_checks['email_valid'] && !isset($_POST["email"]) || !phorum_api_mail_check_address($_POST["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrEmail"];
} elseif ($todo_checks['password'] && (empty($_POST["password"]) || $_POST["password"] != $_POST["password2"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrPassword"];
} elseif ($todo_checks['username_unique'] && phorum_api_user_search("username", $_POST["username"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrRegisterdName"];
} elseif ($todo_checks['email_unique'] && phorum_api_user_search("email", $_POST["email"])) {
$error = $PHORUM["DATA"]["LANG"]["ErrRegisterdEmail"];
}
// Check banlists.
if ($todo_checks['banlists'] && empty($error)) {
$error = phorum_api_ban_check_multi(array(array($_POST["username"], PHORUM_BAD_NAMES), array($_POST["email"], PHORUM_BAD_EMAILS), array(NULL, PHORUM_BAD_IPS)));
}
// Create user if no errors have been encountered.
if (empty($error)) {
// Setup the default userdata to store.
$userdata = array('username' => NULL, 'password' => NULL, 'email' => NULL, 'real_name' => NULL);
// Add custom profile fields as acceptable fields.
foreach ($PHORUM["CUSTOM_FIELDS"][PHORUM_CUSTOM_FIELD_USER] as $id => $field) {
if ($id === 'num_fields' || !empty($field['deleted'])) {
continue;
}
