}
}
db_free_result($attr_results);
}
//if($attr_results)
}
db_free_result($addr_results);
}
//if($addr_results)
$activate_url = get_site_url() . 'user_admin.php?op=activate&user_id=' . $HTTP_VARS['user_id'];
$delete_url = get_site_url() . 'user_admin.php?op=delete&user_id=' . $HTTP_VARS['user_id'];
$message = get_opendb_lang_var('new_account_email', array('admin_name' => get_opendb_lang_var('site_administrator', 'site', get_opendb_config_var('site', 'title')), 'user_info' => $user_info_lines, 'site' => get_opendb_config_var('site', 'title'), 'activate_url' => $activate_url, 'delete_url' => $delete_url));
return send_email_to_site_admins(PERM_ADMIN_CREATE_USER, $HTTP_VARS['email_addr'], get_opendb_lang_var('new_account'), $message, $errors);
}
if (is_site_enabled()) {
if (is_opendb_valid_session() || $HTTP_VARS['op'] == 'signup') {
if ($HTTP_VARS['op'] == 'gfx_code_check' && is_numeric($HTTP_VARS['gfx_random_number'])) {
secretimage($HTTP_VARS['gfx_random_number']);
} else {
if (is_array(get_opendb_session_var('user_listing_url_vars'))) {
$footer_links_r[] = array(url => "user_listing.php?" . get_url_string(get_opendb_session_var('user_listing_url_vars')), text => get_opendb_lang_var('back_to_user_listing'));
}
if ($HTTP_VARS['op'] == 'new_user') {
if (is_user_granted_permission(PERM_ADMIN_CREATE_USER)) {
echo _theme_header(get_opendb_lang_var('add_new_user'));
echo "<h2>" . get_opendb_lang_var('add_new_user') . "</h2>";
echo get_user_input_form(NULL, $HTTP_VARS);
echo format_footer_links($footer_links_r);
echo _theme_footer();
} else {
opendb_not_authorised_page(PERM_ADMIN_CREATE_USER, $HTTP_VARS, $HTTP_VARS);
if (opendb_user_email($user_r['user_id'], NULL, $subject, $message, $errors)) {
return TRUE;
} else {
return "EMAIL_NOT_SENT";
}
}
} else {
$errors[] = "User '" . $HTTP_VARS['uid'] . "' does not have a valid email address.";
return FALSE;
}
}
}
}
}
}
if (is_opendb_valid_session() && $HTTP_VARS['op'] != 'login' && $HTTP_VARS['op'] != 'newpassword') {
if (strlen($HTTP_VARS['redirect']) > 0) {
// Redirect to requested page, as already logged in.
//TODO: This does not work very well with a login page in middle of an item update!
opendb_redirect(urldecode($HTTP_VARS['redirect']));
} else {
// refresh of login page
opendb_redirect('welcome.php');
}
} else {
// invalid session - go to login
if ($HTTP_VARS['op'] == 'newpassword') {
if (strlen($HTTP_VARS['uid']) > 0 && get_opendb_config_var('login', 'enable_new_pwd_gen') !== FALSE) {
echo _theme_header(get_opendb_lang_var('login'), is_show_login_menu_enabled());
echo "<h2>" . get_opendb_lang_var('lost_password') . "</h2>";
$result = perform_newpassword($HTTP_VARS, $errors);
if ($address_type_r['public_address_ind'] == 'Y') {
return TRUE;
} else {
if (is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
return TRUE;
} else {
if ($address_type_r['borrow_address_ind'] == 'Y' && is_owner_and_borrower(get_opendb_session_var('user_id'), $HTTP_VARS['uid']) || is_owner_and_borrower($HTTP_VARS['uid'], get_opendb_session_var('user_id'))) {
return TRUE;
} else {
return FALSE;
}
}
}
}
if (is_site_enabled()) {
if (is_opendb_valid_session()) {
if (is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
$user_r = fetch_user_r($HTTP_VARS['uid']);
if (is_array($user_r)) {
$page_title = get_opendb_lang_var('user_profile_for_user_name', array('user_id' => $user_r['user_id'], 'fullname' => $user_r['fullname']));
echo _theme_header($page_title);
echo '<h2>' . $page_title . '</h2>';
if ($user_r['active_ind'] != 'Y') {
echo "<p class=\"userDeactivatedNotice\">" . get_opendb_lang_var('user_deactivated') . "</p>";
}
echo "<table>";
echo format_field(get_opendb_lang_var('userid'), $user_r['user_id']);
echo format_field(get_opendb_lang_var('user_role'), $user_r['role_description']);
echo format_field(get_opendb_lang_var('fullname'), $user_r['fullname']);
if ($user_r['user_id'] === get_opendb_session_var('user_id') || is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
echo format_field(get_opendb_lang_var('email'), $user_r['email_addr']);
{
$index = strpos($help_page, "/");
if ($index !== FALSE) {
$language = substr($help_page, 0, $index);
// ensure someone is not trying to download the /etc/passwd file or something by basename it back to a simple filename
$page = basename(substr($help_page, $index + 1));
}
// make sure it ends in html
if (is_exists_language($language) && ends_with($page, ".html") && @file_exists("./help/{$language}/{$page}")) {
return "./help/{$language}/{$page}";
}
// else
return NULL;
}
if (is_site_enabled()) {
if (is_opendb_valid_session() || is_site_public_access()) {
echo _theme_header(get_opendb_lang_var('help'), FALSE);
if (($page_location = validate_opendb_lang_help_page_url($HTTP_VARS['page'])) != NULL) {
$page_title = get_opendb_lang_var('site_help', 'site', get_opendb_config_var('site', 'title'));
echo "<h2>" . $page_title . "</h2>";
// TODO: Add support for topic and subtopic
include $page_location;
} else {
echo _theme_header(get_opendb_lang_var('no_help_available'), FALSE);
echo "<p class=\"error\">" . get_opendb_lang_var('no_help_available') . "</p>";
}
echo _theme_footer();
} else {
//not a valid session.
// invalid login, so login instead.
redirect_login($PHP_SELF, $HTTP_VARS);
{
$to = "";
if (is_not_empty_array($user_id_rs)) {
reset($user_id_rs);
while (list(, $user_id) = each($user_id_rs)) {
if (strlen($to) == 0) {
$to = $user_id;
} else {
$to .= ", " . $user_id;
}
}
}
return $to;
}
if (is_site_enabled()) {
if (is_opendb_valid_session() || $HTTP_VARS['op'] == 'send_to_site_admin' && get_opendb_config_var('email', 'send_to_site_admin') !== FALSE) {
// no email functionality is available unless a valid mailer is configured.
if (is_valid_opendb_mailer()) {
// Avoid any attempts to foil required validation checks.
$HTTP_VARS['subject'] = trim(strip_tags($HTTP_VARS['subject']));
$HTTP_VARS['message'] = trim(strip_tags($HTTP_VARS['message']));
if ($HTTP_VARS['op'] == 'send_to_site_admin') {
// Avoid any attempts to foil required validation checks.
$HTTP_VARS['from'] = trim(strip_tags($HTTP_VARS['from']));
if ($HTTP_VARS['op2'] == 'send' && send_email_to_site_admins(PERM_ADMIN_SEND_EMAIL, $HTTP_VARS['from'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) {
echo _theme_header(get_opendb_lang_var('send_email'), $HTTP_VARS['inc_menu']);
echo "<h2>" . get_opendb_lang_var('send_email') . "</h2>";
echo "<p class=\"success\">" . get_opendb_lang_var('message_sent_to') . " " . get_opendb_lang_var('site_administrator', 'site', get_opendb_config_var('site', 'title')) . "</p>";
echo _theme_footer();
} else {
echo _theme_header(get_opendb_lang_var('send_email'), $HTTP_VARS['inc_menu']);
function is_site_public_access()
{
if (is_opendb_configured() && !is_opendb_valid_session() && get_opendb_config_var('site.public_access', 'enable') === TRUE) {
return TRUE;
} else {
return FALSE;
}
}