} # Users if (!isset($_POST['usr_name']) || empty($_POST['usr_name'])) { $errors .= '* ' . letheglobal_please_enter_a_name . '<br>'; } if (!isset($_POST['usr_mail']) || !mailVal($_POST['usr_mail'])) { $errors .= '* ' . letheglobal_invalid_e_mail_address . '<br>'; } else { if (cntData("SELECT ID,mail FROM " . $db_prefix . "users WHERE mail='" . mysql_prep($_POST['usr_mail']) . "'") != 0) { $errors .= '* ' . letheglobal_e_mail_already_exists . '<br>'; } } if (!isset($_POST['usr_pass']) || empty($_POST['usr_pass'])) { $errors .= '* ' . letheglobal_please_enter_password . '<br>'; } else { $passLenth = isToo($_POST['usr_pass'], letheglobal_password . ' ', 5, 30); if ($passLenth != '') { $errors .= '* ' . $passLenth . '<br>'; } else { if (!isset($_POST['usr_pass2']) || $_POST['usr_pass2'] != $_POST['usr_pass']) { $errors .= '* ' . letheglobal_passwords_mismatch . '<br>'; } } } if ($errors == '') { # Update DB File $confList = '<?php # +------------------------------------------------------------------------+ # | Artlantis CMS Solutions | # +------------------------------------------------------------------------+ # | Lethe Newsletter & Mailing System |
public function editUser() { global $myconn; /* Mode Protector */ if (LETHE_AUTH_MODE == 0) { $this->UID = LETHE_AUTH_ID; } /* Check User */ $opUser = $myconn->query("SELECT * FROM " . db_table_pref . "users WHERE OID=" . $this->OID . " AND ID=" . $this->UID . "") or die(mysqli_error($myconn)); if (mysqli_num_rows($opUser) == 0) { $this->errPrint = errMod(letheglobal_record_not_found . '!', 'danger'); return false; } else { $opUserRs = $opUser->fetch_assoc(); $this->isPrimary = $opUserRs['isPrimary']; /* Primary User Checker */ if (!$opUserRs['isPrimary']) { /* Delete */ if (isset($_POST['del']) && $_POST['del'] == 'YES') { $myconn->query("DELETE FROM " . db_table_pref . "users WHERE OID=" . $this->OID . " AND ID=" . $this->UID . "") or die(mysqli_error($myconn)); header('Location: ?p=settings/users'); return false; die; } if (isset($_POST['active']) && $_POST['active'] == 'YES') { $active = 1; } else { $active = 0; } } else { $active = 1; } if (!isset($_POST['usr_name']) || empty($_POST['usr_name'])) { $this->errPrint .= '* ' . letheglobal_please_enter_a_name . '<br>'; } if (!isset($_POST['usr_mail']) || !mailVal($_POST['usr_mail'])) { $this->errPrint .= '* ' . letheglobal_invalid_e_mail_address . '<br>'; } else { if (cntData("SELECT ID,OID,mail FROM " . db_table_pref . "users WHERE mail='" . mysql_prep($_POST['usr_mail']) . "' AND ID<>" . $this->UID . "") != 0) { $this->errPrint .= '* ' . letheglobal_e_mail_already_exists . '<br>'; } } if (isset($_POST['usr_pass']) && !empty($_POST['usr_pass'])) { $passLenth = isToo($_POST['usr_pass'], letheglobal_password . ' ', 5, 30); if ($passLenth != '') { $this->errPrint .= '* ' . $passLenth . '<br>'; } else { if (!isset($_POST['usr_pass2']) || $_POST['usr_pass2'] != $_POST['usr_pass']) { $this->errPrint .= '* ' . letheglobal_passwords_mismatch . '<br>'; } else { $_POST['usr_pass'] = encr($_POST['usr_pass']); } } } else { $_POST['usr_pass'] = $opUserRs['pass']; } if ($this->auth_mode != 2) { if (!isset($_POST['usr_auth']) || intval($_POST['usr_auth']) > 1) { $this->auth_mode = $opUserRs['auth_mode']; } else { if (LETHE_AUTH_MODE == 0) { $this->auth_mode = 0; } else { $this->auth_mode = intval($_POST['usr_auth']); } } } if ($this->isMaster == 0) { # Organization User /* if(!isset($_POST['user_daily_limit']) || !is_numeric($_POST['user_daily_limit'])){$this->errPrint.='* '. organizations_please_enter_a_daily_sending_limit .'<br>';}else{ if(intval($_POST['user_daily_limit'])>set_org_max_daily_limit && intval($_POST['user_daily_limit'])!=0){ $_POST['user_daily_limit'] = set_org_max_daily_limit; } } */ if (!isset($_POST['perm-sel-list']) || empty($_POST['perm-sel-list'])) { $this->errPrint .= '* ' . organizations_please_choose_access_pages . '<br>'; } if (!isset($_POST['user_auth_mode']) || !is_numeric($_POST['user_auth_mode'])) { $this->errPrint .= '* ' . organizations_select_a_management_type . '<br>'; } else { /* CSRF Auth Protection */ if (intval($_POST['user_auth_mode']) > 1) { $this->auth_mode = 0; } else { $this->auth_mode = intval($_POST['user_auth_mode']); } } } else { $_POST['user_daily_limit'] = 0; } if (isset($_POST['user_spec_view']) && $_POST['user_spec_view'] == 'YES') { $user_spec_view = 1; } else { $user_spec_view = 0; } /* Update */ if ($this->errPrint == '') { $LPRE = $myconn->prepare("UPDATE \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t" . db_table_pref . "users \n\t\t\t\t\t\t\t\t\t\t\t SET \n\t\t\t\t\t\t\t\t\t\t\t\t\t\treal_name=?,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tmail=?,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tpass=?,\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tauth_mode=" . $this->auth_mode . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tisActive=" . $active . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tisPrimary=" . $this->isPrimary . ",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tuser_spec_view=" . $user_spec_view . "\n\t\t\t\t\t\t\t\t\t\t WHERE\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tOID=" . $this->OID . "\n\t\t\t\t\t\t\t\t\t\t\t AND\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tID=" . $this->UID . "\n\t\t\t\t\t\t\t\t\t\t") or die(mysqli_error($myconn)); $LPRE->bind_param('sss', $_POST['usr_name'], $_POST['usr_mail'], $_POST['usr_pass']); $LPRE->execute(); $LPRE->close(); if ($this->isMaster == 0) { # Organization User /* Clear Removed Perms */ if (isset($_POST['perm-all-list'])) { $permDel = $myconn->prepare("DELETE FROM " . db_table_pref . "user_permissions WHERE OID=" . $this->OID . " AND UID=" . $this->UID . " AND perm=?") or die(mysqli_error($myconn)); foreach ($_POST['perm-all-list'] as $k => $v) { $permDel->bind_param('s', $v); $permDel->execute(); } $permDel->close(); } /* Add Allowed Pages */ $usrID = intval($this->UID); $addPerm = $myconn->prepare("INSERT INTO " . db_table_pref . "user_permissions SET OID=" . $this->OID . ", UID=?, perm=?") or die(mysqli_error($myconn)); foreach ($_POST['perm-sel-list'] as $k => $v) { $pg = str_replace('?p=', '', $v); if (cntData("SELECT ID FROM " . db_table_pref . "user_permissions WHERE OID=" . $this->OID . " AND UID=" . $usrID . " AND perm='" . mysql_prep($pg) . "'") == 0) { $addPerm->bind_param('is', $usrID, $pg); $addPerm->execute(); } } $addPerm->close(); } $this->errPrint = errMod(letheglobal_updated_successfully . '!', 'success'); unset($_POST); } else { $this->errPrint = errMod($this->errPrint, 'danger'); } return $this->errPrint; } $opUser->free(); }