} else { if (updateEmail($userId, $email)) { $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } else { $errors[] = lang("SQL_ERROR"); } } } //Update title if ($userdetails['title'] != $_POST['title']) { $title = trim($_POST['title']); //Validate title if (minMaxRange(1, 50, $title)) { $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50)); } else { if (updateTitle($userId, $title)) { $successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title)); } else { $errors[] = lang("SQL_ERROR"); } } } //Remove permission level if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($remove, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } }
function changeTitleSummaryDescription($uid, $pid, $title, $summary, $description) { // Check that user can view the puzzle if (!canViewPuzzle($uid, $pid)) { utilsError("You do not have permission to modify this puzzle."); } // Get the old title, summary, and description $puzzleInfo = getPuzzleInfo($pid); $oldTitle = $puzzleInfo["title"]; $oldSummary = $puzzleInfo["summary"]; $oldDescription = $puzzleInfo["description"]; $purifier = new HTMLPurifier(); mysql_query('START TRANSACTION'); // If title has changed, update it $cleanTitle = htmlspecialchars($title); if ($oldTitle !== $cleanTitle) { updateTitle($uid, $pid, $oldTitle, $cleanTitle); } // If summary has changed, update it $cleanSummary = $purifier->purify($summary); if ($oldSummary !== $cleanSummary) { updateSummary($uid, $pid, $oldSummary, $cleanSummary); } // If description has changed, update it $cleanDescription = $purifier->purify($description); if ($oldDescription !== $cleanDescription) { updateDescription($uid, $pid, $oldDescription, $cleanDescription); } // Assuming all went well, commit the changes to the database mysql_query('COMMIT'); }
<?php include "base.php"; $title = $_POST["title"]; $tags = $_POST["tags"]; $linkID = $_POST["linkID"]; function updateTitle($linkID, $newTitle) { $query = "UPDATE links set title=? WHERE linkID = ?"; $params = [$newTitle, $linkID]; editQuery($query, $params); } updateTitle($linkID, $title); deleteConnections($linkID); if (strlen($tags) > 0) { $tagString = strtolower($tags); $tags = stringToArray($tagString); $tags = array_unique($tags); foreach ($tags as $tag) { $query = "SELECT * from tags WHERE tag = ?"; $params = [$tag]; $res = selectQuery($query, $params); if (count($res) == 0) { $query = "INSERT into tags (tag) VALUES (?)"; $params = [$tag]; editQuery($query, $params); } } foreach ($tags as $tag) { $query = "SELECT tagID from tags WHERE tag = ?"; $params = [$tag];
$response = rateLink($_REQUEST['from_url'], $_REQUEST['from_url_param'], $_REQUEST['to_url'], $_REQUEST['to_url_param'], $_REQUEST['up']); break; case "get_link_comment": $response = getLinkComment($_REQUEST['from_url'], $_REQUEST['from_url_param'], $_REQUEST['to_url'], $_REQUEST['to_url_param']); break; case "verify_user": $response = verifyUser($_REQUEST['confirm_code']); break; case "invite_user": $response = inviteUser($_REQUEST['email']); break; case "get_title": $response = getTitle($_REQUEST['url'], $_REQUEST['url_param']); break; case "update_title": $response = updateTitle($_REQUEST['url'], $_REQUEST['url_param'], $_REQUEST['title']); break; } mysql_close($connection); if ($_REQUEST['command'] == "verify_user") { echo "<html>"; echo "<head> <title> User verification </title></head>"; echo "<body>"; echo $response; echo "</body>"; echo "</html>"; } else { echo "<xmlresponse>"; echo $response; echo "</xmlresponse>"; }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $userId = $_GET['id']; //Check if selected user exists if (!userIdExists($userId)) { header("Location: " . str_replace('index.php/', '', site_url('admin_users'))); die; } $userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details //Forms posted if (!empty($_POST)) { //Delete selected account if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deleteUsers($deletions)) { $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } else { //Update display name if ($userdetails['display_name'] != $_POST['display']) { $displayname = trim($_POST['display']); //Validate display name if (displayNameExists($displayname)) { $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname)); } elseif (minMaxRange(5, 25, $displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25)); } elseif (!ctype_alnum($displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"); } else { if (updateDisplayName($userId, $displayname)) { $successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname)); } else { $errors[] = lang("SQL_ERROR"); } } } else { $displayname = $userdetails['display_name']; } //Activate account if (isset($_POST['activate']) && $_POST['activate'] == "activate") { if (setUserActive($userdetails['activation_token'])) { $successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname)); } else { $errors[] = lang("SQL_ERROR"); } } //Update email if ($userdetails['email'] != $_POST['email']) { $email = trim($_POST["email"]); //Validate email if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } elseif (emailExists($email)) { $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); } else { if (updateEmail($userId, $email)) { $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } else { $errors[] = lang("SQL_ERROR"); } } } //Update title if ($userdetails['title'] != $_POST['title']) { $title = trim($_POST['title']); //Validate title if (minMaxRange(1, 50, $title)) { $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50)); } else { if (updateTitle($userId, $title)) { $successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title)); } else { $errors[] = lang("SQL_ERROR"); } } } //Remove permission level if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($remove, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPermission($add, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } $userdetails = fetchUserDetails(NULL, NULL, $userId); } } $userPermission = fetchUserPermissions($userId); $permissionData = fetchAllPermissions(); require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin User</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminUser' action='" . $_SERVER['PHP_SELF'] . "?id=" . $userId . "' method='post'>\r\n<table class='admin'><tr><td>\r\n<h3>User Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $userdetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Username:</label>\r\n" . $userdetails['user_name'] . "\r\n</p>\r\n<p>\r\n<label>Display Name:</label>\r\n<input type='text' name='display' value='" . $userdetails['display_name'] . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='email' value='" . $userdetails['email'] . "' />\r\n</p>\r\n<p>\r\n<label>Active:</label>"; //Display activation link, if account inactive if ($userdetails['active'] == '1') { echo "Yes"; } else { echo "No\r\n\t</p>\r\n\t<p>\r\n\t<label>Activate:</label>\r\n\t<input type='checkbox' name='activate' id='activate' value='activate'>\r\n\t"; } echo "\r\n</p>\r\n<p>\r\n<label>Title:</label>\r\n<input type='text' name='title' value='" . $userdetails['title'] . "' />\r\n</p>\r\n<p>\r\n<label>Sign Up:</label>\r\n" . date("j M, Y", $userdetails['sign_up_stamp']) . "\r\n</p>\r\n<p>\r\n<label>Last Sign In:</label>"; //Last sign in, interpretation if ($userdetails['last_sign_in_stamp'] == '0') { echo "Never"; } else { echo date("j M, Y", $userdetails['last_sign_in_stamp']); } echo "\r\n</p>\r\n<p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $userdetails['id'] . "]' id='delete[" . $userdetails['id'] . "]' value='" . $userdetails['id'] . "'>\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>Remove Permission:"; //List of permission levels user is apart of foreach ($permissionData as $v1) { if (isset($userPermission[$v1['id']])) { echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } //List of permission levels user is not apart of echo "</p><p>Add Permission:"; foreach ($permissionData as $v1) { if (!isset($userPermission[$v1['id']])) { echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
} } } //End data validation if (count($errors) == 0) { $loggedInUser->updateEmail($email); $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } } if ($title != $loggedInUser->title) { $title = trim($title); //Validate title if (minMaxRange(1, 50, $title)) { $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50)); } else { if (updateTitle($loggedInUser->user_id, $title)) { $loggedInUser->title = $title; $successes[] = lang("ACCOUNT_TITLE_UPDATED", array($loggedInUser->displayname, $title)); } else { $errors[] = lang("SQL_ERROR"); } } } // campus can only be set one time if ($campus = $_POST["campus"]) { if ($campus != $loggedInUser->campus) { $loggedInUser->updateCampus($campus); $successes[] = lang("ACCOUNT_CAMPUS_UPDATED", array($loggedInUser->displayname, getCampusById($campus))); } } // team can only be set one time