Exemple #1
0
                    }
                }
                db_free_result($attr_results);
            }
            //if($attr_results)
        }
        db_free_result($addr_results);
    }
    //if($addr_results)
    $activate_url = get_site_url() . 'user_admin.php?op=activate&user_id=' . $HTTP_VARS['user_id'];
    $delete_url = get_site_url() . 'user_admin.php?op=delete&user_id=' . $HTTP_VARS['user_id'];
    $message = get_opendb_lang_var('new_account_email', array('admin_name' => get_opendb_lang_var('site_administrator', 'site', get_opendb_config_var('site', 'title')), 'user_info' => $user_info_lines, 'site' => get_opendb_config_var('site', 'title'), 'activate_url' => $activate_url, 'delete_url' => $delete_url));
    return send_email_to_site_admins(PERM_ADMIN_CREATE_USER, $HTTP_VARS['email_addr'], get_opendb_lang_var('new_account'), $message, $errors);
}
if (is_site_enabled()) {
    if (is_opendb_valid_session() || $HTTP_VARS['op'] == 'signup') {
        if ($HTTP_VARS['op'] == 'gfx_code_check' && is_numeric($HTTP_VARS['gfx_random_number'])) {
            secretimage($HTTP_VARS['gfx_random_number']);
        } else {
            if (is_array(get_opendb_session_var('user_listing_url_vars'))) {
                $footer_links_r[] = array(url => "user_listing.php?" . get_url_string(get_opendb_session_var('user_listing_url_vars')), text => get_opendb_lang_var('back_to_user_listing'));
            }
            if ($HTTP_VARS['op'] == 'new_user') {
                if (is_user_granted_permission(PERM_ADMIN_CREATE_USER)) {
                    echo _theme_header(get_opendb_lang_var('add_new_user'));
                    echo "<h2>" . get_opendb_lang_var('add_new_user') . "</h2>";
                    echo get_user_input_form(NULL, $HTTP_VARS);
                    echo format_footer_links($footer_links_r);
                    echo _theme_footer();
                } else {
                    opendb_not_authorised_page(PERM_ADMIN_CREATE_USER, $HTTP_VARS, $HTTP_VARS);
Exemple #2
0
                            if (opendb_user_email($user_r['user_id'], NULL, $subject, $message, $errors)) {
                                return TRUE;
                            } else {
                                return "EMAIL_NOT_SENT";
                            }
                        }
                    } else {
                        $errors[] = "User '" . $HTTP_VARS['uid'] . "' does not have a valid email address.";
                        return FALSE;
                    }
                }
            }
        }
    }
}
if (is_opendb_valid_session() && $HTTP_VARS['op'] != 'login' && $HTTP_VARS['op'] != 'newpassword') {
    if (strlen($HTTP_VARS['redirect']) > 0) {
        // Redirect to requested page, as already logged in.
        //TODO: This does not work very well with a login page in middle of an item update!
        opendb_redirect(urldecode($HTTP_VARS['redirect']));
    } else {
        // refresh of login page
        opendb_redirect('welcome.php');
    }
} else {
    // invalid session - go to login
    if ($HTTP_VARS['op'] == 'newpassword') {
        if (strlen($HTTP_VARS['uid']) > 0 && get_opendb_config_var('login', 'enable_new_pwd_gen') !== FALSE) {
            echo _theme_header(get_opendb_lang_var('login'), is_show_login_menu_enabled());
            echo "<h2>" . get_opendb_lang_var('lost_password') . "</h2>";
            $result = perform_newpassword($HTTP_VARS, $errors);
Exemple #3
0
    if ($address_type_r['public_address_ind'] == 'Y') {
        return TRUE;
    } else {
        if (is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
            return TRUE;
        } else {
            if ($address_type_r['borrow_address_ind'] == 'Y' && is_owner_and_borrower(get_opendb_session_var('user_id'), $HTTP_VARS['uid']) || is_owner_and_borrower($HTTP_VARS['uid'], get_opendb_session_var('user_id'))) {
                return TRUE;
            } else {
                return FALSE;
            }
        }
    }
}
if (is_site_enabled()) {
    if (is_opendb_valid_session()) {
        if (is_user_granted_permission(PERM_VIEW_USER_PROFILE)) {
            $user_r = fetch_user_r($HTTP_VARS['uid']);
            if (is_array($user_r)) {
                $page_title = get_opendb_lang_var('user_profile_for_user_name', array('user_id' => $user_r['user_id'], 'fullname' => $user_r['fullname']));
                echo _theme_header($page_title);
                echo '<h2>' . $page_title . '</h2>';
                if ($user_r['active_ind'] != 'Y') {
                    echo "<p class=\"userDeactivatedNotice\">" . get_opendb_lang_var('user_deactivated') . "</p>";
                }
                echo "<table>";
                echo format_field(get_opendb_lang_var('userid'), $user_r['user_id']);
                echo format_field(get_opendb_lang_var('user_role'), $user_r['role_description']);
                echo format_field(get_opendb_lang_var('fullname'), $user_r['fullname']);
                if ($user_r['user_id'] === get_opendb_session_var('user_id') || is_user_granted_permission(PERM_ADMIN_USER_PROFILE)) {
                    echo format_field(get_opendb_lang_var('email'), $user_r['email_addr']);
Exemple #4
0
{
    $index = strpos($help_page, "/");
    if ($index !== FALSE) {
        $language = substr($help_page, 0, $index);
        // ensure someone is not trying to download the /etc/passwd file or something by basename it back to a simple filename
        $page = basename(substr($help_page, $index + 1));
    }
    // make sure it ends in html
    if (is_exists_language($language) && ends_with($page, ".html") && @file_exists("./help/{$language}/{$page}")) {
        return "./help/{$language}/{$page}";
    }
    // else
    return NULL;
}
if (is_site_enabled()) {
    if (is_opendb_valid_session() || is_site_public_access()) {
        echo _theme_header(get_opendb_lang_var('help'), FALSE);
        if (($page_location = validate_opendb_lang_help_page_url($HTTP_VARS['page'])) != NULL) {
            $page_title = get_opendb_lang_var('site_help', 'site', get_opendb_config_var('site', 'title'));
            echo "<h2>" . $page_title . "</h2>";
            // TODO: Add support for topic and subtopic
            include $page_location;
        } else {
            echo _theme_header(get_opendb_lang_var('no_help_available'), FALSE);
            echo "<p class=\"error\">" . get_opendb_lang_var('no_help_available') . "</p>";
        }
        echo _theme_footer();
    } else {
        //not a valid session.
        // invalid login, so login instead.
        redirect_login($PHP_SELF, $HTTP_VARS);
Exemple #5
0
{
    $to = "";
    if (is_not_empty_array($user_id_rs)) {
        reset($user_id_rs);
        while (list(, $user_id) = each($user_id_rs)) {
            if (strlen($to) == 0) {
                $to = $user_id;
            } else {
                $to .= ", " . $user_id;
            }
        }
    }
    return $to;
}
if (is_site_enabled()) {
    if (is_opendb_valid_session() || $HTTP_VARS['op'] == 'send_to_site_admin' && get_opendb_config_var('email', 'send_to_site_admin') !== FALSE) {
        // no email functionality is available unless a valid mailer is configured.
        if (is_valid_opendb_mailer()) {
            // Avoid any attempts to foil required validation checks.
            $HTTP_VARS['subject'] = trim(strip_tags($HTTP_VARS['subject']));
            $HTTP_VARS['message'] = trim(strip_tags($HTTP_VARS['message']));
            if ($HTTP_VARS['op'] == 'send_to_site_admin') {
                // Avoid any attempts to foil required validation checks.
                $HTTP_VARS['from'] = trim(strip_tags($HTTP_VARS['from']));
                if ($HTTP_VARS['op2'] == 'send' && send_email_to_site_admins(PERM_ADMIN_SEND_EMAIL, $HTTP_VARS['from'], $HTTP_VARS['subject'], $HTTP_VARS['message'], $errors)) {
                    echo _theme_header(get_opendb_lang_var('send_email'), $HTTP_VARS['inc_menu']);
                    echo "<h2>" . get_opendb_lang_var('send_email') . "</h2>";
                    echo "<p class=\"success\">" . get_opendb_lang_var('message_sent_to') . " " . get_opendb_lang_var('site_administrator', 'site', get_opendb_config_var('site', 'title')) . "</p>";
                    echo _theme_footer();
                } else {
                    echo _theme_header(get_opendb_lang_var('send_email'), $HTTP_VARS['inc_menu']);
Exemple #6
0
function is_site_public_access()
{
    if (is_opendb_configured() && !is_opendb_valid_session() && get_opendb_config_var('site.public_access', 'enable') === TRUE) {
        return TRUE;
    } else {
        return FALSE;
    }
}