/** * @see Form::save() */ public function save() { parent::save(); // store search result in database $data = serialize(array('matches' => $this->matches, 'itemsPerPage' => $this->itemsPerPage, 'columns' => $this->columns)); $sql = "INSERT INTO \twcf" . WCF_N . "_search\n\t\t\t\t\t(userID, searchData, searchDate, searchType)\n\t\t\tVALUES\t\t(" . WCF::getUser()->userID . ",\n\t\t\t\t\t'" . escapeString($data) . "',\n\t\t\t\t\t" . TIME_NOW . ",\n\t\t\t\t\t'users')"; unset($data); // save memory WCF::getDB()->sendQuery($sql); unset($sql); // save memory // get new search id $this->searchID = WCF::getDB()->getInsertID(); $this->saved(); // forward to result page HeaderUtil::redirect('index.php?page=UserList&searchID=' . $this->searchID . '&sortField=' . rawurlencode($this->sortField) . '&sortOrder=' . rawurlencode($this->sortOrder) . '&packageID=' . PACKAGE_ID . SID_ARG_2ND_NOT_ENCODED); exit; }
/** * @see Form::save() */ public function save() { parent::save(); // build conditions $this->conditions = new ConditionBuilder(); // static fields if (!empty($this->username)) { $this->conditions->add("user.username LIKE '%" . addcslashes(escapeString($this->username), '_%') . "%'"); } if (!empty($this->email)) { $this->conditions->add("user.email LIKE '%" . addcslashes(escapeString($this->email), '_%') . "%'"); } if (count($this->groupIDArray) > 0) { $this->conditions->add("user.userID " . ($this->invertGroupIDs == 1 ? 'NOT ' : '') . "IN (SELECT userID FROM wcf" . WCF_N . "_user_to_groups WHERE groupID IN (" . implode(',', $this->groupIDArray) . "))"); } if (count($this->languageIDArray) > 0) { $this->conditions->add("user.languageID IN (" . implode(',', $this->languageIDArray) . ")"); } // dynamic fields foreach ($this->activeOptions as $name => $option) { $value = isset($this->values[$option['optionName']]) ? $this->values[$option['optionName']] : null; $condition = $this->getTypeObject($option['optionType'])->getCondition($option, $value, isset($this->matchExactly[$name])); if ($condition !== false) { $this->conditions->add($condition); } } // call buildConditions event EventHandler::fireAction($this, 'buildConditions'); // execute action switch ($this->action) { case 'sendMail': WCF::getUser()->checkPermission('admin.user.canMailUser'); // get user ids $userIDArray = array(); $sql = "SELECT\t\tuser.userID\n\t\t\t\t\tFROM\t\twcf" . WCF_N . "_user user\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value USING (userID)\n\t\t\t\t\t" . $this->conditions->get(); $result = WCF::getDB()->sendQuery($sql); while ($row = WCF::getDB()->fetchArray($result)) { $userIDArray[] = $row['userID']; $this->affectedUsers++; } // save config in session $userMailData = WCF::getSession()->getVar('userMailData'); if ($userMailData === null) { $userMailData = array(); } $mailID = count($userMailData); $userMailData[$mailID] = array('action' => '', 'userIDs' => implode(',', $userIDArray), 'groupIDs' => '', 'subject' => $this->subject, 'text' => $this->text, 'from' => $this->from, 'enableHTML' => $this->enableHTML); WCF::getSession()->register('userMailData', $userMailData); $this->saved(); // show worker template WCF::getTPL()->assign(array('pageTitle' => WCF::getLanguage()->get('wcf.acp.user.sendMail'), 'url' => 'index.php?action=UserMail&mailID=' . $mailID . '&packageID=' . PACKAGE_ID . SID_ARG_2ND_NOT_ENCODED)); WCF::getTPL()->display('worker'); exit; break; case 'exportMailAddress': WCF::getUser()->checkPermission('admin.user.canMailUser'); // send content type header('Content-Type: text/' . $this->fileType . '; charset=' . CHARSET); header('Content-Disposition: attachment; filename="export.' . $this->fileType . '"'); if ($this->fileType == 'xml') { echo "<?xml version=\"1.0\" encoding=\"" . CHARSET . "\"?>\n<addresses>\n"; } // get users $sql = "SELECT\t\tuser.email\n\t\t\t\t\tFROM\t\twcf" . WCF_N . "_user user\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value USING (userID)\n\t\t\t\t\t" . $this->conditions->get() . "\n\t\t\t\t\tORDER BY\tuser.email"; $result = WCF::getDB()->sendQuery($sql); $i = 0; $j = WCF::getDB()->countRows($result) - 1; while ($row = WCF::getDB()->fetchArray($result)) { if ($this->fileType == 'xml') { echo "<address><![CDATA[" . StringUtil::escapeCDATA($row['email']) . "]]></address>\n"; } else { echo $this->textSeparator . $row['email'] . $this->textSeparator . ($i < $j ? $this->separator : ''); } $i++; $this->affectedUsers++; } if ($this->fileType == 'xml') { echo "</addresses>"; } $this->saved(); exit; break; case 'assignToGroup': WCF::getUser()->checkPermission('admin.user.canEditUser'); $userIDArray = array(); $sql = "SELECT\t\tuser.*,\n\t\t\t\t\t\t\tGROUP_CONCAT(groupID SEPARATOR ',') AS groupIDs\n\t\t\t\t\tFROM\t\twcf" . WCF_N . "_user user\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value USING (userID)\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_to_groups groups\n\t\t\t\t\tON\t\t(groups.userID = user.userID)\n\t\t\t\t\t" . $this->conditions->get() . "\t\t\n\t\t\t\t\tGROUP BY\tuser.userID"; $result = WCF::getDB()->sendQuery($sql); while ($row = WCF::getDB()->fetchArray($result)) { if (!Group::isAccessibleGroup(explode(',', $row['groupIDs']))) { throw new PermissionDeniedException(); } $user = new UserEditor(null, $row); $user->addToGroups($this->assignToGroupIDArray, false, false); $userIDArray[] = $row['userID']; $this->affectedUsers++; } Session::resetSessions($userIDArray); break; case 'delete': WCF::getUser()->checkPermission('admin.user.canDeleteUser'); $userIDArray = array(); $sql = "SELECT\t\tuser.*,\n\t\t\t\t\t\t\tGROUP_CONCAT(groupID SEPARATOR ',') AS groupIDs\n\t\t\t\t\tFROM\t\twcf" . WCF_N . "_user user\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value USING (userID)\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_to_groups groups\n\t\t\t\t\tON\t\t(groups.userID = user.userID)\n\t\t\t\t\t" . $this->conditions->get() . "\t\t\n\t\t\t\t\tGROUP BY\tuser.userID"; $result = WCF::getDB()->sendQuery($sql); while ($row = WCF::getDB()->fetchArray($result)) { if (!Group::isAccessibleGroup(explode(',', $row['groupIDs']))) { throw new PermissionDeniedException(); } $userIDArray[] = $row['userID']; $this->affectedUsers++; } UserEditor::deleteUsers($userIDArray); break; } $this->saved(); WCF::getTPL()->assign('affectedUsers', $this->affectedUsers); }