} } else { $user_ban = retrieve(POST, 'user_ban', '', TSTRING_UNCHANGE); $user_ban = $user_ban > 0 ? time() + $user_ban : 0; if ($valid_user && !empty($id_get)) { try { $info_mbr = PersistenceContext::get_querier()->select_single_row(DB_TABLE_MEMBER, array('user_id', 'display_name', 'warning_percentage', 'email'), 'WHERE user_id=:id', array('id' => $id_get)); } catch (RowNotFoundException $e) { $error_controller = PHPBoostErrors::unexisting_element(); DispatchManager::redirect($error_controller); } MemberSanctionManager::banish($id_get, $user_ban, MemberSanctionManager::SEND_MAIL); if ($user_ban == 0 && $info_mbr['warning_percentage'] == 100) { MemberSanctionManager::remove_write_permissions($id_get, 90, MemberSanctionManager::NO_SEND_CONFIRMATION); } SessionData::recheck_cached_data_from_user_id($user_id); AppContext::get_response()->redirect(UserUrlBuilder::moderation_panel('ban')); } $moderation_panel_template->put_all(array('C_MODO_PANEL_USER' => true, 'L_ACTION_INFO' => $LANG['ban_management'], 'L_LOGIN' => LangLoader::get_message('display_name', 'user-common'), 'L_INFO_MANAGEMENT' => $LANG['ban_management'], 'U_XMLHTTPREQUEST' => 'ban_user', 'U_ACTION' => UserUrlBuilder::moderation_panel('ban')->rel() . '&token=' . AppContext::get_session()->get_token())); if (empty($id_get)) { if ($search_member) { $login = retrieve(POST, 'login_mbr', ''); $user_id = PersistenceContext::get_querier()->get_column_value(DB_TABLE_MEMBER, 'user_id', 'WHERE display_name LIKE :name', array('name' => '%' . $login . '%')); if (!empty($user_id) && !empty($login)) { AppContext::get_response()->redirect(UserUrlBuilder::moderation_panel('ban', $user_id)); } else { AppContext::get_response()->redirect(UserUrlBuilder::moderation_panel('ban')); } } $moderation_panel_template->put_all(array('C_MODO_PANEL_USER_LIST' => true, 'L_PM' => $LANG['user_contact_pm'], 'L_INFO' => $LANG['user_ban_until'], 'L_ACTION_USER' => $LANG['ban_management'], 'L_PROFILE' => LangLoader::get_message('profile', 'user-common'), 'L_SEARCH_USER' => $LANG['search_member'], 'L_SEARCH' => $LANG['search'], 'L_REQUIRE_LOGIN' => $LANG['require_pseudo'])); $i = 0;
/** * @desc Deletes a private message, until the recipient has not read it. * @param int $pm_to * @param int $pm_idmsg * @param int $pm_idconvers * @return int The previous message id. */ public static function delete($pm_to, $pm_idmsg, $pm_idconvers) { //Suppression du message. self::$db_querier->delete(DB_TABLE_PM_MSG, 'WHERE id = :id AND idconvers = :idconvers', array('id' => $pm_idmsg, 'idconvers' => $pm_idconvers)); $pm_max_id = self::$db_querier->get_column_value(DB_TABLE_PM_MSG, 'MAX(id)', 'WHERE idconvers = :idconvers', array('idconvers' => $pm_idconvers)); $pm_last_msg = self::$db_querier->select_single_row(DB_TABLE_PM_MSG, array('user_id', 'timestamp'), 'WHERE id=:id', array('id' => $pm_max_id)); if (!empty($pm_max_id)) { //Mise à jour de la conversation. $user_view_pm = self::$db_querier->get_column_value(DB_TABLE_PM_TOPIC, 'user_view_pm', 'WHERE id = :id', array('id' => $pm_idconvers)); self::$db_querier->inject("UPDATE " . DB_TABLE_PM_TOPIC . " SET nbr_msg = nbr_msg - 1, user_view_pm = '" . ($user_view_pm - 1) . "', last_user_id = '" . $pm_last_msg['user_id'] . "', last_msg_id = '" . $pm_max_id . "', last_timestamp = '" . $pm_last_msg['timestamp'] . "' WHERE id = '" . $pm_idconvers . "'"); //Mise à jour du compteur de mp du destinataire. self::$db_querier->inject("UPDATE " . DB_TABLE_MEMBER . " SET unread_pm = unread_pm - 1 WHERE user_id = '" . $pm_to . "'"); } SessionData::recheck_cached_data_from_user_id($pm_to); return $pm_max_id; }
private function save(HTTPRequestCustom $request) { $has_error = false; $user_id = $this->user->get_id(); if ($this->form->get_value('delete_account')) { UserService::delete_by_id($user_id); } else { $approbation = $this->internal_auth_infos['approved']; if (AppContext::get_current_user()->is_admin()) { $old_approbation = $approbation; $approbation = $this->form->get_value('approbation'); $groups = array(); foreach ($this->form->get_value('groups') as $field => $option) { $groups[] = $option->get_raw_value(); } GroupsService::edit_member($user_id, $groups); $this->user->set_groups($groups); $this->user->set_level($this->form->get_value('rank')->get_raw_value()); } if ($this->form->has_field('theme')) { $this->user->set_theme($this->form->get_value('theme')->get_raw_value()); } $this->user->set_locale($this->form->get_value('lang')->get_raw_value()); $this->user->set_display_name($this->form->get_value('display_name')); $this->user->set_email($this->form->get_value('email')); $this->user->set_locale($this->form->get_value('lang')->get_raw_value()); $this->user->set_editor($this->form->get_value('text-editor')->get_raw_value()); $this->user->set_show_email(!$this->form->get_value('user_hide_mail')); $this->user->set_timezone($this->form->get_value('timezone')->get_raw_value()); try { UserService::update($this->user, $this->member_extended_fields_service); } catch (MemberExtendedFieldErrorsMessageException $e) { $has_error = true; $this->tpl->put('MSG', MessageHelper::display($e->getMessage(), MessageHelper::NOTICE)); } $login = $this->form->get_value('email'); if ($this->form->get_value('custom_login', false)) { $login = $this->form->get_value('login'); } $password = $this->form->get_value('password'); if ($this->internal_auth_infos === null && !empty($password)) { $authentication_method = new PHPBoostAuthenticationMethod($login, $password); AuthenticationService::associate($authentication_method, $user_id); } elseif (!empty($password)) { $old_password = $this->form->get_value('old_password'); if (!empty($old_password)) { $old_password_hashed = KeyGenerator::string_hash($old_password); if ($old_password_hashed == $this->internal_auth_infos['password']) { PHPBoostAuthenticationMethod::update_auth_infos($user_id, $login, $approbation, KeyGenerator::string_hash($password)); $has_error = false; } else { $has_error = true; $this->tpl->put('MSG', MessageHelper::display($this->lang['profile.edit.password.error'], MessageHelper::NOTICE)); } } } else { PHPBoostAuthenticationMethod::update_auth_infos($user_id, $login, $approbation); } if (AppContext::get_current_user()->is_admin()) { if ($old_approbation != $approbation && $old_approbation == 0) { //Recherche de l'alerte correspondante $matching_alerts = AdministratorAlertService::find_by_criteria($user_id, 'member_account_to_approbate'); //L'alerte a été trouvée if (count($matching_alerts) == 1) { $alert = $matching_alerts[0]; $alert->set_status(AdministratorAlert::ADMIN_ALERT_STATUS_PROCESSED); AdministratorAlertService::save_alert($alert); $site_name = GeneralConfig::load()->get_site_name(); $subject = StringVars::replace_vars($this->user_lang['registration.subject-mail'], array('site_name' => $site_name)); $content = StringVars::replace_vars($this->user_lang['registration.email.mail-administrator-validation'], array('pseudo' => $this->user->get_display_name(), 'site_name' => $site_name, 'signature' => MailServiceConfig::load()->get_mail_signature())); AppContext::get_mail_service()->send_from_properties($this->user->get_email(), $subject, $content); } } $user_warning = $this->form->get_value('user_warning')->get_raw_value(); if (!empty($user_warning) && $user_warning != $this->user->get_warning_percentage()) { MemberSanctionManager::caution($user_id, $user_warning, MemberSanctionManager::SEND_MP, str_replace('%level%', $user_warning, LangLoader::get_message('user_warning_level_changed', 'main'))); } elseif (empty($user_warning)) { MemberSanctionManager::cancel_caution($user_id); } $user_readonly = $this->form->get_value('user_readonly')->get_raw_value(); if (!empty($user_readonly) && $user_readonly != $this->user->get_delay_readonly()) { MemberSanctionManager::remove_write_permissions($user_id, time() + $user_readonly, MemberSanctionManager::SEND_MP, str_replace('%date%', $this->form->get_value('user_readonly')->get_label(), LangLoader::get_message('user_readonly_changed', 'main'))); } elseif (empty($user_readonly)) { MemberSanctionManager::restore_write_permissions($user_id); } $user_ban = $this->form->get_value('user_ban')->get_raw_value(); if (!empty($user_ban) && $user_ban != $this->user->get_delay_banned()) { MemberSanctionManager::banish($user_id, time() + $user_ban, MemberSanctionManager::SEND_MAIL); } elseif ($user_ban != $this->user->get_delay_banned()) { MemberSanctionManager::cancel_banishment($user_id); } } SessionData::recheck_cached_data_from_user_id($user_id); } if (!$has_error) { AppContext::get_response()->redirect($request->get_url_referrer() ? $request->get_url_referrer() : UserUrlBuilder::edit_profile($user_id), $this->lang['user.message.success.edit']); } }
try { $convers = PersistenceContext::get_querier()->select_single_row(DB_TABLE_PM_TOPIC, array('id', 'title', 'user_id', 'user_id_dest', 'nbr_msg', 'last_msg_id', 'last_user_id', 'user_view_pm'), 'WHERE id = :id AND :user_id IN (user_id, user_id_dest)', array('id' => $pm_id_get, 'user_id' => $current_user->get_id())); } catch (RowNotFoundException $e) { $error_controller = PHPBoostErrors::unexisting_element(); DispatchManager::redirect($error_controller); } //Vérification des autorisations. if (empty($convers['id']) || $convers['user_id'] != $current_user->get_id() && $convers['user_id_dest'] != $current_user->get_id()) { $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } if ($convers['user_view_pm'] > 0 && $convers['last_user_id'] != $current_user->get_id()) { PersistenceContext::get_querier()->update(DB_TABLE_MEMBER, array('unread_pm' => 'unread_pm - ' . (int) $convers['user_view_pm']), 'WHERE user_id = :id', array('id' => $current_user->get_id())); PersistenceContext::get_querier()->update(DB_TABLE_PM_TOPIC, array('user_view_pm' => 0), 'WHERE id = :id', array('id' => $pm_id_get)); PersistenceContext::get_querier()->update(DB_TABLE_PM_MSG, array('view_status' => 1), 'WHERE idconvers = :id AND user_id <> :user_id', array('id' => $convers['id'], 'user_id' => $current_user->get_id())); SessionData::recheck_cached_data_from_user_id($current_user->get_id()); } //On crée une pagination si le nombre de MP est trop important. $page = AppContext::get_request()->get_getint('p', 1); $pagination = new ModulePagination($page, $convers['nbr_msg'], $_NBR_ELEMENTS_PER_PAGE); $pagination->set_url(new Url('/user/pm.php?id=' . $pm_id_get . '&p=%d')); if ($pagination->current_page_is_empty() && $page > 1) { $error_controller = PHPBoostErrors::unexisting_page(); DispatchManager::redirect($error_controller); } $tpl->assign_block_vars('pm', array('C_PAGINATION' => $pagination->has_several_pages(), 'PAGINATION' => $pagination->display(), 'U_PM_BOX' => '<a href="pm.php' . '">' . $LANG['pm_box'] . '</a>', 'U_TITLE_CONVERS' => '<a href="pm' . url('.php?id=' . $pm_id_get, '-0-' . $pm_id_get . '.php') . '">' . $convers['title'] . '</a>')); $tpl->put_all(array('L_REQUIRE_MESSAGE' => $LANG['require_text'], 'L_REQUIRE_TITLE' => $LANG['require_title'], 'L_DELETE_MESSAGE' => $LANG['alert_delete_msg'], 'L_PRIVATE_MESSAGE' => $LANG['private_message'], 'L_RESPOND' => $LANG['respond'], 'L_SUBMIT' => $LANG['submit'], 'L_PREVIEW' => $LANG['preview'], 'L_EDIT' => LangLoader::get_message('edit', 'common'), 'L_DELETE' => LangLoader::get_message('delete', 'common'), 'L_RESET' => $LANG['reset'])); //Message non lu par autre membre que user_id view_status => 0. //Message lu par autre membre que user_id view_status => 1. $is_guest_in_convers = false; $page = retrieve(GET, 'p', 0);
/** * @desc Update user * @param User $user * @param string $condition the SQL condition update user * @param array $parameters */ public static function update(User $user, $extended_fields = null) { $condition = 'WHERE user_id=:user_id'; $parameters = array('user_id' => $user->get_id()); self::$querier->update(DB_TABLE_MEMBER, array('display_name' => TextHelper::htmlspecialchars($user->get_display_name()), 'level' => $user->get_level(), 'groups' => implode('|', $user->get_groups()), 'email' => $user->get_email(), 'show_email' => (int) $user->get_show_email(), 'locale' => $user->get_locale(), 'timezone' => $user->get_timezone(), 'theme' => $user->get_theme(), 'editor' => $user->get_editor()), $condition, $parameters); if ($extended_fields !== null) { if ($extended_fields instanceof MemberExtendedFieldsService) { $fields_data = $extended_fields->get_data($user->get_id()); } elseif (is_array($extended_fields)) { $fields_data = $extended_fields; } else { $fields_data = array(); } self::$querier->update(DB_TABLE_MEMBER_EXTENDED_FIELDS, $fields_data, $condition, $parameters); } SessionData::recheck_cached_data_from_user_id($user->get_id()); self::regenerate_cache(); }