Example #1
0
 /**
  * Change username or email
  *
  * @param int $userid
  * @return bool
  */
 public function updateAccount($h, $userid = 0)
 {
     // $viewee is the person whose account is being modified
     $viewee = new UserBase($h);
     // Get the details of the account to show.
     // If no account is specified, assume it's your own.
     if (!$userid) {
         $userid = $this->id;
     }
     $viewee->getUser($h, $userid);
     $error = 0;
     // fill checks
     $checks['userid_check'] = '';
     $checks['username_check'] = '';
     $checks['email_check'] = '';
     $checks['role_check'] = '';
     $checks['password_check_old'] = '';
     $checks['password_check_new'] = '';
     $checks['password_check_new2'] = '';
     // Updating account info (username and email address)
     if ($h->cage->post->testAlnumLines('update_type') == 'update_general') {
         // check CSRF key
         if (!$h->csrf()) {
             $h->messages[$h->lang('error_csrf')] = 'red';
             $error = 1;
         }
         $username_check = $h->cage->post->testUsername('username');
         // alphanumeric, dashes and underscores okay, case insensitive
         if (!$username_check) {
             $h->messages[$h->lang('main_user_account_update_username_error')] = 'red';
             $error = 1;
         } elseif ($h->nameExists($username_check, '', $viewee->id) || $h->isBlocked('user', $username_check)) {
             $h->messages[$h->lang('main_user_account_update_username_exists')] = 'red';
             $error = 1;
         } else {
             //success
             $viewee->name = $username_check;
         }
         $email_check = $h->cage->post->testEmail('email');
         if (!$email_check) {
             $h->messages[$h->lang('main_user_account_update_email_error')] = 'red';
             $error = 1;
         } elseif ($h->emailExists($email_check, '', $viewee->id) || $h->isBlocked('email', $email_check)) {
             $h->messages[$h->lang('main_user_account_update_email_exists')] = 'red';
             $error = 1;
         } else {
             //success
             $viewee->email = $email_check;
         }
         $role_check = $h->cage->post->testUsername('user_role');
         // from Users plugin account page
         // compare with current role and update if different
         if (!$error && $role_check && $role_check != $viewee->role) {
             $viewee->role = $role_check;
             $new_perms = $viewee->getDefaultPermissions($h, $role_check);
             $viewee->setAllPermissions($new_perms);
             $viewee->updatePermissions($h);
             if ($role_check == 'killspammed' || $role_check == 'deleted') {
                 $h->deleteComments($viewee->id);
                 // includes child comments from *other* users
                 $h->deletePosts($viewee->id);
                 // includes tags and votes for self-submitted posts
                 $h->pluginHook('userbase_killspam', '', array('target_user' => $viewee->id));
                 if ($role_check == 'deleted') {
                     $h->deleteUser($viewee->id);
                     $checks['username_check'] = 'deleted';
                     $h->message = $h->lang("users_account_deleted");
                     $h->messageType = 'red';
                     return $checks;
                     // This will then show a red "deleted" notice
                 }
             }
         }
         // If we've just edited our own account, let's refresh the cookie so it uses our latest username:
         if ($h->currentUser->id == $h->cage->post->testInt('userid')) {
             $h->setCookie($h, false);
             // delete the cookie
             $h->getUser($h, $h->currentUser->id, '', true);
             // re-read the database record to get updated info
             $h->setCookie($h, true);
             // create a new, updated cookie
         }
     }
     if (!isset($username_check) && !isset($email_check)) {
         $username_check = $viewee->name;
         $email_check = $viewee->email;
         $role_check = $viewee->role;
         // do nothing
     } elseif ($error == 0) {
         $exists = $h->userExists(0, $username_check, $email_check);
         if ($exists != 'no' && $exists != 'error') {
             // user exists
             //success
             $viewee->updateUserBasic($h, $userid);
             // only update the cookie if it's your own account:
             if ($userid == $this->id) {
                 $h->setCookie($h, false);
                 // delete the cookie
                 $h->getUser($h, $h->currentUser->id, '', true);
                 // re-read the database record to get updated info
                 $h->setCookie($h, true);
                 // create a new, updated cookie
             }
             $h->messages[$h->lang('main_user_account_update_success')] = 'green';
         } else {
             //fail
             $h->messages[$h->lang("main_user_account_update_unexpected_error")] = 'red';
         }
     } else {
         // error must = 1 so fall through and display the form again
     }
     //update checks
     $this->updatePassword($h, $userid);
     $userid_check = $viewee->id;
     $checks['userid_check'] = $userid_check;
     $checks['username_check'] = $username_check;
     $checks['email_check'] = $email_check;
     $checks['role_check'] = $role_check;
     return $checks;
 }
 /**
  * Main function that calls others
  *
  * @return bool
  */
 public function settings($h)
 {
     if ($h->cage->get->testPage('subpage') == 'default_perms' || $h->cage->post->testPage('subpage') == 'default_perms') {
         $this->defaultPerms($h);
         return true;
     }
     if ($h->cage->get->testPage('subpage') == 'default_settings' || $h->cage->post->testPage('subpage') == 'default_settings') {
         $this->defaultSettings($h);
         return true;
     }
     if ($h->cage->get->testPage('subpage') == 'add_user' || $h->cage->post->testPage('subpage') == 'add_user') {
         $this->addUserPage($h);
         return true;
     }
     // grab the number of pending users:
     $sql = "SELECT COUNT(user_id) FROM " . TABLE_USERS . " WHERE user_role = %s";
     $num_pending = $h->db->get_var($h->db->prepare($sql, 'pending'));
     if (!$num_pending) {
         $num_pending = "0";
     }
     $h->vars['num_pending'] = $num_pending;
     // check if all new users are automatically set to pending or not
     $user_signin_settings = $h->getSerializedSettings('user_signin');
     $h->vars['regStatus'] = $user_signin_settings['registration_status'];
     $h->vars['useEmailConf'] = $user_signin_settings['emailconf_enabled'];
     // clear variables:
     $h->vars['search_term'] = '';
     if ($h->vars['regStatus'] == 'pending') {
         $h->vars['user_filter'] = 'pending';
     } else {
         $h->vars['user_filter'] = 'all';
     }
     // Get unique statuses for Filter form:
     $h->vars['roles'] = $h->getUniqueRoles();
     $u = new UserBase();
     // if checkboxes
     if ($h->cage->get->getAlpha('type') == 'checkboxes' && $h->cage->get->keyExists('user_man')) {
         foreach ($h->cage->get->keyExists('user_man') as $id => $checked) {
             $h->message = $h->lang["user_man_checkboxes_role_changed"];
             // default "Changed role" message
             $u->id = $id;
             $u->getUserBasic($h, $id);
             $new_role = $h->cage->get->testAlnumLines('checkbox_action');
             if ($new_role != $u->role) {
                 // change role:
                 $u->role = $new_role;
                 $new_perms = $u->getDefaultPermissions($h, $new_role);
                 $u->setAllPermissions($new_perms);
                 $u->updatePermissions($h);
                 $u->updateUserBasic($h, $id);
                 $h->message = $h->lang["user_man_checkboxes_role_changed"];
                 if ($new_role == 'killspammed' || $new_role == 'deleted') {
                     $h->deleteComments($u->id);
                     // includes child comments from *other* users
                     $h->deletePosts($u->id);
                     // includes tags and votes for self-submitted posts
                     if ($h->cage->get->keyExists('addblockedlist')) {
                         $h->addToBlockedList($type = 'user', $value = $u->name, false);
                         $h->addToBlockedList($type = 'email', $value = $u->email, false);
                     }
                     $h->pluginHook('user_man_killspam_delete', '', array($u));
                     if ($new_role == 'deleted') {
                         $u->deleteUser($h);
                         $h->clearCache('db_cache', false);
                         // clears them from User Manager list
                     }
                 }
             }
         }
     }
     // if search
     $search_term = '';
     if ($h->cage->get->getAlpha('type') == 'search') {
         $search_term = $h->cage->get->sanitizeTags('search_value');
         if (strlen($search_term) < 3) {
             $h->message = $h->lang["user_man_search_too_short"];
             $h->messageType = 'red';
         } else {
             $h->vars['search_term'] = $search_term;
             // used to refill the search box after a search
             $where_clause = " WHERE user_username LIKE %s OR user_email LIKE %s";
             $sort_clause = ' ORDER BY user_date DESC';
             // ordered by registration date
             $search_term = '%' . $search_term . '%';
             $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
             $count = $h->db->get_var($h->db->prepare($count_sql, $search_term, $search_term));
             $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
             $query = $h->db->prepare($sql, $search_term, $search_term);
         }
     }
     // if filter
     $filter = '';
     if ($h->cage->get->getAlpha('type') == 'filter') {
         $filter = $h->cage->get->testAlnumLines('user_filter');
         $h->vars['user_filter'] = $filter;
         // used to refill the filter box after use
         switch ($filter) {
             case 'all':
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql));
                 $sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
                 $query = $h->db->prepare($sql);
                 break;
             case 'not_killspammed':
                 $where_clause = " WHERE user_role != %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'killspammed'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'killspammed');
                 break;
             case 'admin':
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'admin'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'admin');
                 break;
             case 'supermod':
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'supermod'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'supermod');
                 break;
             case 'moderator':
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'moderator'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'moderator');
                 break;
             case 'member':
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'member'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'member');
                 break;
             case 'pending':
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'pending'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'pending');
                 break;
             case 'undermod':
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'undermod'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'undermod');
                 break;
             case 'suspended':
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'suspended'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'suspended');
                 break;
             case 'banned':
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'banned'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'banned');
                 break;
             case 'killspammed':
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered by registration date
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, 'killspammed'));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, 'killspammed');
                 break;
             case 'newest':
                 $sort_clause = ' ORDER BY user_date DESC';
                 // same as "all"
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS;
                 $count = $h->db->get_var($h->db->prepare($count_sql));
                 $sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
                 $query = $h->db->prepare($sql);
                 break;
             case 'oldest':
                 $sort_clause = ' ORDER BY user_date ASC';
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS;
                 $count = $h->db->get_var($h->db->prepare($count_sql));
                 $sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
                 $query = $h->db->prepare($sql);
                 break;
             case 'last_visited':
                 $sort_clause = ' ORDER BY user_lastvisit DESC';
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS;
                 $count = $h->db->get_var($h->db->prepare($count_sql));
                 $sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
                 $query = $h->db->prepare($sql);
                 break;
             default:
                 $where_clause = " WHERE user_role = %s";
                 $sort_clause = ' ORDER BY user_date DESC';
                 // ordered newest first for convenience
                 $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $count = $h->db->get_var($h->db->prepare($count_sql, $filter));
                 $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
                 $query = $h->db->prepare($sql, $filter);
                 // filter = 'admin', 'member', etc.
                 break;
         }
     }
     if (!isset($query)) {
         // default list
         // if all new users are set to 'pending' show pending list as default...
         if ($h->vars['regStatus'] == 'pending') {
             $where_clause = " WHERE user_role = %s";
             $sort_clause = ' ORDER BY user_date DESC';
             $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
             $count = $h->db->get_var($h->db->prepare($count_sql, 'pending'));
             $sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
             $query = $h->db->prepare($sql, 'pending');
         } else {
             $sort_clause = ' ORDER BY user_date DESC';
             // ordered by newest
             $count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $sort_clause;
             $count = $h->db->get_var($h->db->prepare($count_sql));
             $sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
             $query = $h->db->prepare($sql);
         }
     }
     $pagedResults = $h->pagination($query, $count, 30, 'users');
     if ($pagedResults) {
         $h->vars['user_man_rows'] = $this->drawRows($h, $pagedResults, $filter, $search_term);
     } elseif ($h->vars['user_filter'] == 'pending') {
         $h->message = $h->lang['user_man_no_pending_users'];
         $h->messageType = 'green';
     }
     // Show template:
     $h->displayTemplate('user_man_main', 'user_manager');
 }
Example #3
0
 /**
  * Default permissions
  *
  * @param string $role or 'all'
  * @param string $field 'site' for site defaults and 'base' for base defaults
  * @param book $options_only returns just the options if true
  * @return array $perms
  */
 public function getDefaultPermissions($role = '', $defaults = 'site', $options_only = false)
 {
     $userbase = new UserBase();
     return $userbase->getDefaultPermissions($this, $role, $defaults, $options_only);
 }