function smarty_function_attribution($params, &$smarty) { if (isset($params['user_id'])) { if (!defined("SYS_USERS")) { require_once BASE . "subsystems/users.php"; } $u = exponent_users_getUserById($params['user_id']); } else { if (isset($params['user'])) { $u = $params['user']; } } if ($u) { $str = ""; switch (DISPLAY_ATTRIBUTION) { case "firstlast": $str = $u->firstname . " " . $u->lastname; break; case "lastfirst": $str = $u->lastname . ", " . $u->lastname; break; case "first": $str = $u->firstname; break; case "username": default: $str = $u->username; break; } echo $str; } }
function form($object) { $i18n = exponent_lang_loadFile('datatypes/formbuilder_form.php'); global $db; if (!defined('SYS_FORMS')) { require_once BASE . 'subsystems/forms.php'; } if (!defined('SYS_USERS')) { require_once BASE . 'subsystems/users.php'; } //global $user; exponent_forms_initialize(); $form = new form(); if (!isset($object->id)) { $object->name = ''; $object->description = ''; $object->is_email = 0; $object->is_saved = 1; $object->response = $i18n['default_response']; $object->resetbtn = $i18n['default_resetbtn']; $object->submitbtn = $i18n['default_submitbtn']; $object->subject = $i18n['default_subject']; } else { $form->meta('id', $object->id); } $form->register('name', $i18n['name'], new textcontrol($object->name)); $form->register('description', $i18n['description'], new texteditorcontrol($object->description)); $form->register('response', $i18n['response'], new htmleditorcontrol($object->response)); $form->register(null, '', new htmlcontrol('<br><br><b>' . $i18n['button_header'] . '</b><br><hr><br>')); $form->register('submitbtn', $i18n['submitbtn'], new textcontrol($object->submitbtn)); $form->register('resetbtn', $i18n['resetbtn'], new textcontrol($object->resetbtn)); $form->register(null, '', new htmlcontrol('<br><br><b>' . $i18n['email_header'] . '</b><br><hr><br>')); $form->register('is_email', $i18n['is_email'], new checkboxcontrol($object->is_email, false)); $userlist = array(); $users = exponent_users_getAllUsers(); foreach ($users as $locuser) { $userlist[$locuser->id] = $locuser->username; } $defaults = array(); foreach ($db->selectObjects('formbuilder_address', 'form_id=' . $object->id . ' and user_id != 0') as $address) { $locuser = exponent_users_getUserById($address->user_id); $defaults[$locuser->id] = $locuser->username; } $form->register('users', $i18n['users'], new listbuildercontrol($defaults, $userlist)); $groups = exponent_users_getAllGroups(); $grouplist = array(); $defaults = array(); foreach ($groups as $group) { $grouplist[$group->id] = $group->name; } if ($grouplist != null) { foreach ($db->selectObjects('formbuilder_address', 'form_id=' . $object->id . ' and group_id != 0') as $address) { $group = exponent_users_getGroupById($address->group_id); $defaults[$group->id] = $group->name; } $form->register('groups', $i18n['groups'], new listbuildercontrol($defaults, $grouplist)); } $defaults = array(); foreach ($db->selectObjects('formbuilder_address', 'form_id=' . $object->id . " and email != ''") as $address) { $defaults[$address->email] = $address->email; } $form->register('addresses', $i18n['addresses'], new listbuildercontrol($defaults, null)); $form->register('subject', $i18n['subject'], new textcontrol($object->subject)); $form->register(null, '', new htmlcontrol('<br /><br /><b>' . $i18n['database_header'] . '</b><br /><hr size="1" /><br />')); $form->register('is_saved', $i18n['is_saved'], new checkboxcontrol($object->is_saved, false)); $form->register(null, '', new htmlcontrol('<br /> ' . $i18n['warning_data_loss'] . '<br />')); if ($object->is_saved == 1) { $form->controls['is_saved']->disabled = true; $form->meta('is_saved', '1'); } $form->register(null, '', new htmlcontrol('<br /><br /><br />')); $form->register('submit', '', new buttongroupcontrol($i18n['save'], '', $i18n['cancel'])); return $form; }
# General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## // Part of the User Management category if (!defined('EXPONENT')) { exit(''); } if (isset($_GET['id']) && exponent_permissions_check('user_management', exponent_core_makeLocation('administrationmodule'))) { if (!defined('SYS_USERS')) { require_once BASE . 'subsystems/users.php'; } $u = exponent_users_getUserById(intval($_GET['id'])); if ($u) { $groups = exponent_users_getAllGroups(); $admin = array(); $membership = array(); foreach ($db->selectObjects('groupmembership', 'member_id=' . $u->id) as $m) { $membership[] = $m->group_id; if ($m->is_admin == 1) { $admin[] = $m->group_id; } } for ($i = 0; $i < count($groups); $i++) { if (in_array($groups[$i]->id, $membership)) { $groups[$i]->is_member = 1; if (in_array($groups[$i]->id, $admin)) { $groups[$i]->is_admin = 1;
if ($config->subject == '') { $config->subject = $i18n['default_subject']; } } $headers = array(); $headers['From'] = $config->from_name . ' <' . $config->from_address . '>'; if ($config->replyto_address != '') { $headers['Reply-to'] = $config->replyto_address; } if (!defined('SYS_USERS')) { include_once BASE . 'subsystems/users.php'; } $emails = array(); foreach ($db->selectObjects('contact_contact', "location_data='" . serialize($loc) . "'") as $c) { if ($c->user_id != 0) { $u = exponent_users_getUserById($c->user_id); $emails[] = $u->email; } else { if ($c->email != '') { $emails[] = $c->email; } } } if (!defined('SYS_SMTP')) { include_once BASE . 'subsystems/smtp.php'; } if (exponent_smtp_mail($emails, $config->from_address, $config->subject, $msg, $headers)) { $template = new template('contactmodule', '_final_message'); $template->assign('message', $config->final_message); $template->output(); } else {
} else { $newpass = ''; for ($i = 0; $i < rand(12, 20); $i++) { $num = rand(48, 122); if ($num > 97 && $num < 122 || $num > 65 && $num < 90 || $num > 48 && $num < 57) { $newpass .= chr($num); } else { $i--; } } // Send message if (!defined('SYS_SMTP')) { require_once BASE . 'subsystems/smtp.php'; } $e_template = new template('loginmodule', '_email_resetdone', $loc); $e_template->assign('newpass', $newpass); $msg = $e_template->render(); if (!defined('SYS_USERS')) { require_once BASE . 'subsystems/users.php'; } $u = exponent_users_getUserById($tok->uid); if (!exponent_smtp_mail($u->email, $i18n['from_name'] . ' <' . $i18n['from_email'] . '@' . HOSTNAME . '>', $i18n['title'], $msg)) { echo $i18n['smtp_error']; } else { // Save new password $u->password = md5($newpass); exponent_users_saveUser($u); $db->delete('passreset_token', 'uid=' . $tok->uid); echo $i18n['sent']; } }
} usort($controls, 'exponent_sorting_byRankAscending'); $fields = array(); $captions = array(); foreach ($controls as $c) { $ctl = unserialize($c->data); $control_type = get_class($ctl); $name = $c->name; $fields[$name] = call_user_func(array($control_type, 'templateFormat'), $data->{$name}, $ctl); $captions[$name] = $c->caption; } $captions['ip'] = $i18n['ip']; $captions['timestamp'] = $i18n['timestamp']; $captions['user_id'] = $i18n['username']; $fields['ip'] = $data->ip; $locUser = exponent_users_getUserById($data->user_id); $fields['user_id'] = isset($locUser->username) ? $locUser->username : ''; $fields['timestamp'] = strftime(DISPLAY_DATETIME_FORMAT, $data->timestamp); if ($rpt->text == '') { $template = new template('formbuilder', '_default_report'); } else { $template = new template('formbuilder', '_custom_report'); $template->assign('template', $rpt->text); } $template->assign('fields', $fields); $template->assign('captions', $captions); $template->assign('backlink', exponent_flow_get()); $template->assign('is_email', 0); $template->output(); } else { echo SITE_403_HTML;
# This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## // Part of the User Management category if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('user_management', exponent_core_makeLocation('administrationmodule'))) { $ticket = $db->selectObject('sessionticket', "ticket='" . preg_replace('/[^A-Za-z0-9]/', '', $_GET['ticket']) . "'"); if ($ticket) { if (!defined('SYS_USERS')) { require_once BASE . 'subsystems/users.php'; } $u = exponent_users_getUserById($ticket->uid); if ($u->is_acting_admin == 0 || $user->is_admin == 1 && $u->is_admin == 0) { // We can only kick the user if they are A) not an acting admin, or B) The current user is a super user and the kicked user is not. $db->delete('sessionticket', "ticket='" . $ticket->ticket . "'"); } } exponent_flow_redirect(); } else { echo SITE_403_HTML; }
// This type of permissions check requires us to read the data from the database first, // and then decide whether or not to let the user in. $canview = exponent_permissions_check("approve", $loc) || exponent_permissions_check("manage_approval", $loc); if (!defined("SYS_USERS")) { require_once BASE . "subsystems/users.php"; } exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION); if ($db->tableExists($datatype . "_wf_info")) { $approveloc = exponent_core_makeLocation($_GET['m'], $_GET['s']); $summaries = $db->selectObjects($datatype . "_wf_info", "location_data='" . serialize($approveloc) . "'"); for ($i = 0; $i < count($summaries); $i++) { $summaries[$i]->revision = $db->selectObject($datatype . "_wf_revision", "wf_original=" . $summaries[$i]->real_id . " AND wf_major=" . $summaries[$i]->current_major . " AND wf_minor=" . $summaries[$i]->current_minor); $summaries[$i]->state_data = unserialize($summaries[$i]->current_state_data); $involved_users = array(); foreach ($summaries[$i]->state_data[0] as $id) { $involved_users[$id] = exponent_users_getUserById($id); } if (isset($involved_users[$user->id])) { $canview = true; } $summaries[$i]->involved = $involved_users; $summaries[$i]->policy = $db->selectObject("approvalpolicy", "id=" . $summaries[$i]->policy_id); $summaries[$i]->real = $db->selectObject($datatype, "id=" . $summaries[$i]->real_id); } } if ($canview) { $template = new template("workflow", "_summary", exponent_core_makeLocation('workflow', $loc->src)); $template->register_permissions(array("manage_approval", "approve"), $loc); $template->assign("summaries", $summaries); $template->assign("datatype", $datatype); $template->assign("user", $user);
# ################################################## if (!defined('EXPONENT')) { exit(''); } exponent_flow_set(SYS_FLOW_PUBLIC, SYS_FLOW_ACTION); $resource = $db->selectObject('resourceitem', 'id=' . intval($_GET['id'])); if ($resource != null) { $loc = unserialize($resource->location_data); $iloc = exponent_core_makeLocation($loc->mod, $loc->src, $resource->id); $resource->permissions = array('administrate' => exponent_permissions_check('administrate', $iloc), 'edit' => exponent_permissions_check('edit', $iloc), 'delete' => exponent_permissions_check('delete', $iloc)); if ($resource->flock_owner != 0) { if (!defined('SYS_USERS')) { include_once BASE . 'subsystems/users.php'; } $resource->lock_owner = exponent_users_getUserById($resource->flock_owner); $resource->locked = 1; } else { $resource->locked = 0; } //unset ($_SESSION['downloadfilename']); //unset($_SESSION['downloadfile']); $file = $db->selectObject('file', 'id=' . $resource->file_id); if ($file != null) { $mimetype = $db->selectObject('mimetype', "mimetype='" . $file->mimetype . "'"); $filenametest = $file->directory . "/" . $file->filename; if (file_exists($filenametest)) { header("Content-Disposition: attachment; filename=" . $file->filename); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); header("Location: http://{$host}{$uri}/{$filenametest}");
# # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } $u = null; if (isset($_REQUEST['uid'])) { if (!defined('SYS_USERS')) { include_once BASE . 'subsystems/users.php'; } $u = exponent_users_getUserById($_REQUEST['uid']); } if ($user && $u) { $ban = null; $ban->owner = $user->id; $ban->user_id = $u->id; $db->insertObject($ban, 'inbox_contactbanned'); exponent_flow_redirect(); } else { echo SITE_404_HTML; }
# This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } if ($user) { exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION); if (!defined('SYS_USERS')) { include_once BASE . 'subsystems/users.php'; } $groups = $db->selectObjects('inbox_contactlist', 'owner=' . $user->id); $banned = $db->selectObjects('inbox_contactbanned', 'owner=' . $user->id); for ($i = 0; $i < count($banned); $i++) { $banned[$i]->user = exponent_users_getUserById($banned[$i]->user_id); } $template = new template('inboxmodule', '_viewcontacts', $loc); $template->assign('groups', $groups); $template->assign('banned', $banned); $template->output(); } else { echo SITE_403_HTML; }
function form($object) { $i18n = exponent_lang_loadFile('datatypes/privatemessage.php'); if (!defined('SYS_FORMS')) { require_once BASE . 'subsystems/forms.php'; } exponent_forms_initialize(); $form = new form(); $users = array(); $groups = array(); global $db, $user; if (!defined('SYS_USERS')) { require_once BASE . 'subsystems/users.php'; } if (exponent_permissions_check('contact_all', exponent_core_makeLocation('InboxModule'))) { foreach (exponent_users_getAllUsers() as $u) { $users[$u->id] = $u->firstname . ' ' . $u->lastname . ' (' . $u->username . ')'; } } else { foreach (exponent_users_getGroupsForUser($user, 1, 0) as $g) { foreach (exponent_users_getUsersInGroup($g) as $u) { $users[$u->id] = $u->firstname . ' ' . $u->lastname . ' (' . $u->username . ')'; } } } // Process other uses who the current user has blocked, and remove them from the list // Process other users who have blocked the current user, and remove them from the list. foreach ($db->selectObjects('inbox_contactbanned', 'owner=' . $user->id . ' OR user_id=' . $user->id) as $blocked) { if ($blocked->user_id == $user->id) { // Blocked by someone else. Remove the owner (user who blocked us) unset($users[$blocked->owner]); } else { if ($blocked->owner == $user->id) { // We blocked the user, remove the blocked user_id unset($users[$blocked->user_id]); } } } uasort($users, 'strnatcmp'); $groups = array(); foreach ($db->selectObjects('inbox_contactlist', 'owner=' . $user->id) as $g) { $groups['list_' . $g->id] = $g->name . ' ' . $i18n['personal_list']; } if (exponent_permissions_check('contact_all', exponent_core_makeLocation('InboxModule'))) { foreach (exponent_users_getAllGroups(1, 0) as $g) { $groups['group_' . $g->id] = $g->name . ' ' . $i18n['system_group']; } } else { foreach (exponent_users_getGroupsForUser($user, 1, 0) as $g) { $groups['group_' . $g->id] = $g->name . ' ' . $i18n['system_group']; } } uasort($groups, 'strnatcmp'); $recipient_caption = $i18n['recipient']; $group_recipient_caption = $i18n['group_recipient']; $btn = new buttongroupcontrol($i18n['save'], '', $i18n['cancel']); $object->group_recipient = array(); if ($object == null || !isset($object->recipient)) { $object->subject = ''; $object->body = ''; $object->recipient = array(); if (!count($users) && !count($groups)) { $btn->disabled = true; } } else { if (!defined('SYS_USERS')) { require_once BASE . 'subsystems/users.php'; } $u = exponent_users_getUserById($object->recipient); $form->register(null, '', new htmlcontrol(sprintf($i18n['replyto'], $u->firstname . ' ' . $u->lastname . ' (' . $u->username . ')'))); $form->meta('replyto', $object->recipient); $object->recipient = array(); unset($users[$u->id]); $recipient_caption = $i18n['copyto']; $group_recipient_caption = $i18n['group_copyto']; } if (count($users)) { $form->register('recipients', $recipient_caption, new listbuildercontrol($object->recipient, $users)); } if (count($groups)) { $form->register('group_recipients', $group_recipient_caption, new listbuildercontrol($object->group_recipient, $groups)); } if (!count($groups) && !count($users)) { $form->register(null, '', new htmlcontrol('<div class="error">' . $i18n['nocontacts'] . '</div>')); } $form->register('subject', $i18n['subject'], new textcontrol($object->subject)); $form->register('body', $i18n['body'], new htmleditorcontrol($object->body)); $form->register('submit', '', $btn); return $form; }
# General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('administrate', $loc)) { $users = explode(';', $_POST['permdata']); if (!defined('SYS_USERS')) { include_once BASE . 'subsystems/users.php'; } foreach ($users as $user_str) { $perms = explode(':', $user_str); $u = exponent_users_getUserById($perms[0]); exponent_permissions_revokeAll($u, $loc); for ($i = 1; $i < count($perms); $i++) { exponent_permissions_grant($u, $perms[$i], $loc); } if ($perms[0] == $user->id) { exponent_permissions_load($user); } } exponent_permissions_triggerRefresh(); exponent_flow_redirect(); } else { echo SITE_403_HTML; }
} //Email stuff here... //Don't send email if this is an edit. if ($f->is_email == 1 && !isset($_POST['data_id'])) { //Building Email List... $emaillist = array(); foreach ($db->selectObjects("formbuilder_address", "form_id=" . $f->id) as $address) { if ($address->group_id != 0) { foreach (exponent_users_getUsersInGroup(exponent_user_getGroupById($address->group_id)) as $locUser) { if ($locUser->email != '') { $emaillist[] = $locUser->email; } } } else { if ($address->user_id != 0) { $locUser = exponent_users_getUserById($address->user_id); if ($locUser->email != '') { $emaillist[] = $locUser->email; } } else { if ($address->email != '') { $emaillist[] = $address->email; } } } } if ($rpt->text == "") { $template = new template("formbuilder", "_default_report"); } else { $template = new template("formbuilder", "_custom_report"); $template->assign("template", $rpt->text);
function exponent_users_userManagerFormTemplate($template) { global $db; global $user; $users = $db->selectObjects('user'); if (!defined('SYS_SORTING')) { require_once BASE . 'subsystems/sorting.php'; } if (!function_exists('exponent_sorting_byLastFirstAscending')) { function exponent_sorting_byLastFirstAscending($a, $b) { return strnatcmp($a->lastname . ', ' . $a->firstname, $b->lastname . ', ' . $b->firstname); } } usort($users, 'exponent_sorting_byLastFirstAscending'); for ($i = 0; $i < count($users); $i++) { $users[$i] = exponent_users_getUserById($users[$i]->id); if ($users[$i]->is_acting_admin && $user->is_admin == 0) { // Dealing with an acting admin, and the current user is not a super user // Fake the is_admin parameter to disable editting. $users[$i]->is_admin = 1; } } $template->assign('users', $users); $template->assign('blankpass', md5('')); return $template; }
# Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## // Part of the User Management category if (!defined('EXPONENT')) { exit(''); } if (exponent_permissions_check('user_management', exponent_core_makeLocation('AdministrationModule'))) { exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION); $db->delete('sessionticket', 'last_active < ' . (time() - SESSION_TIMEOUT)); if (!defined('SYS_USERS')) { require_once BASE . 'subsystems/users.php'; } if (!defined('SYS_DATETIME')) { require_once BASE . 'subsystems/datetime.php'; } $sessions = $db->selectObjects('sessionticket'); for ($i = 0; $i < count($sessions); $i++) { $sessions[$i]->user = exponent_users_getUserById($sessions[$i]->uid); $sessions[$i]->duration = exponent_datetime_duration($sessions[$i]->last_active, $sessions[$i]->start_time); } $template = new template('AdministrationModule', '_sessionmanager', $loc); $template->assign('sessions', $sessions); $template->assign('user', $user); $template->output(); } else { echo SITE_403_HTML; }
} usort($controls, "exponent_sorting_byRankAscending"); foreach (array_slice($controls, 0, 5) as $control) { if ($rpt->column_names != '') { $rpt->column_names .= '|!|'; } $rpt->column_names .= $control->name; } } foreach (explode("|!|", $rpt->column_names) as $column_name) { if ($column_name == "ip") { $columndef .= 'new cColumn("' . $i18n['ip'] . '","ip",null,null),'; } elseif ($column_name == "user_id") { foreach ($items as $key => $item) { if ($item->{$column_name} != 0) { $locUser = exponent_users_getUserById($item->{$column_name}); $item->{$column_name} = $locUser->username; } else { $item->{$column_name} = ''; } $items[$key] = $item; } $columndef .= 'new cColumn("' . $i18n['username'] . '","user_id",null,null),'; } elseif ($column_name == "timestamp") { $srt = $column_name . "_srt"; foreach ($items as $key => $item) { $item->{$srt} = $item->{$column_name}; $item->{$column_name} = strftime(DISPLAY_DATETIME_FORMAT, $item->{$column_name}); $items[$key] = $item; } $columndef .= 'new cColumn("' . $i18n['timestamp'] . '","timestamp",null,f' . $srt . '),';