require $ROOT_FOLDER . "message_edit.php"; } } if ($inside_admin && $UI_CONFIG && $goBackLink) { $UI_CONFIG->actionButtons[] = array("id" => "goback", "caption" => CONTROL_AUTH_HTML_BACK, "align" => 'left', "action" => "mainView.loadIframe('" . $goBackLink . "&inside_admin=1')"); } break; } else { if ($posting == 1) { // check permission if (!($cc_env['Edit_Access_ID'] == 1 || $cc_env['Edit_Access_ID'] == 2 && $AUTH_USER_ID || is_object($perm) && $perm->isSubClass($cc, MASK_EDIT))) { nc_print_status(NETCAT_MODERATION_ERROR_NORIGHTS, 'error'); } else { require $ROOT_FOLDER . "message_put.php"; if (is_array($SQL_multifield)) { nc_multifield_sql_exec($message ? $message : $AUTH_USER_ID, $SQL_multifield); } $f_Checked += 0; if ($multiple_changes) { foreach ($updateStrings as $multiple_changes_msg_id => $update_string) { if ($user_table_mode) { $resMsg = $db->query("UPDATE `User` SET {$update_string} WHERE `User_ID` = " . $multiple_changes_msg_id); } else { $SQL = "UPDATE `Message{$classID}`\n\t\t\t\t\t\t\t\t\tSET {$update_string},\n\t\t\t\t\t\t\t\t\t\t`LastUser_ID` = {$AUTH_USER_ID},\n\t\t\t\t\t\t\t\t\t\t`LastIP` = '" . $db->escape($REMOTE_ADDR) . "',\n\t\t\t\t\t\t\t\t\t\t`LastUserAgent` = '" . $db->escape($HTTP_USER_AGENT) . "'\n\t\t\t\t\t\t\t\t\t\tWHERE `Message_ID` = " . $multiple_changes_msg_id; $resMsg = $db->query($SQL); } } } else { if ($user_table_mode) { $nc_core->event->execute("updateUserPrep", $message); $resMsg = $db->query("UPDATE `User` SET " . $updateString . " `Checked` = `Checked`" . ($admin_mode ? ", `Keyword` = '" . $f_Keyword . "'" : "") . " " . ($Password ? ", `Password` = " . $nc_core->MYSQL_ENCRYPT . "('" . $db->escape($Password) . "'), `UserType` = 'normal' " : "") . " WHERE `User_ID` = '" . $message . "'");
function ActionUserCompleted($action_file, $type) { global $nc_core, $db, $ROOT_FOLDER, $admin_mode, $perm; global $systemTableID, $systemTableName, $systemMessageID; global $FILES_FOLDER, $INCLUDE_FOLDER; global $DIRCHMOD, $FILECHMOD, $AUTHORIZE_BY; $params = array('Checked', 'InsideAdminAccess', 'PermissionGroupID', 'Catalogue_ID', 'Password1', 'Password2', 'UserID', 'posting'); foreach ($params as $v) { global ${$v}; } $st = new nc_Component(0, 3); foreach ($st->get_fields() as $v) { $name = 'f_' . $v['name']; global ${$name}; if ($v['type'] == 6) { global ${$name . "_old"}; global ${"f_KILL" . $v['id']}; } if ($v['type'] == 8) { global ${$name . "_day"}; global ${$name . "_month"}; global ${$name . "_year"}; global ${$name . "_hours"}; global ${$name . "_minutes"}; global ${$name . "_seconds"}; } } $UserID = intval($UserID); $Checked = intval($Checked); $ret = 0; // возврщаемое значение (текст ошибки или 0) require_once $INCLUDE_FOLDER . "s_files.inc.php"; $is_there_any_files = getFileCount(0, $systemTableID); $user_table_mode = true; if ($type == 1) { $action = "add"; } else { $action = "change"; $message = $UserID; } $Priority += 0; nc_check_availability_candidates_for_delete_in_multifile_and_delete(); nc_rename_multifile(); require $ROOT_FOLDER . "message_fields.php"; if ($posting == 0) { return $warnText; } require $ROOT_FOLDER . "message_put.php"; if (empty($PermissionGroupID)) { return CONTROL_USER_FUNC_GROUP_ERROR; } // значение, которое пойдет в таблицу User // для совместимости со старыми версиями $mainPermissionGroupID = intval(min($PermissionGroupID)); $groups_with_more_rights = $perm->GetGroupWithMoreRights(); //нельзя добавить в группу с большими правами $add_groups_with_more_rights = array_intersect($PermissionGroupID, $groups_with_more_rights); if (!empty($add_groups_with_more_rights)) { return $warnText = NETCAT_MODERATION_ERROR_NORIGHT; } eval("\$Login = \$f_{$AUTHORIZE_BY};"); if ($type == 1) { $Password = $Password1; for ($i = 0; $i < $fldCount; $i++) { if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $fieldString .= "`" . $fld[$i] . "`,"; $valueString .= ${$fld[$i] . 'NewValue'} . ","; } } $insert = "INSERT INTO User ( " . $fieldString; $insert .= "PermissionGroup_ID, Catalogue_ID, Password, Checked, Created,InsideAdminAccess) values ( " . $valueString; $insert .= "'" . $mainPermissionGroupID . "', "; if (isset($_POST['Catalogue_ID'])) { $insert .= +$_POST['Catalogue_ID'] . ", "; } else { $insert .= "0, "; } $insert .= $nc_core->MYSQL_ENCRYPT . "('" . $Password . "'),'{$Checked}','" . date("Y-m-d H:i:s") . "', '" . (int) $InsideAdminAccess . "')"; // execute core action $nc_core->event->execute("addUserPrep", 0); $Result = $db->query($insert); $UserID = $db->insert_id; $message = $UserID; if ($Result) { // execute core action $nc_core->event->execute("addUser", $message); nc_print_status(CONTROL_USER_NEW_ADDED, 'ok'); foreach ($PermissionGroupID as $v) { nc_usergroup_add_to_group($UserID, $v); } } else { return CONTROL_USER_NEW_NOTADDED . "<br/>" . sprintf(NETCAT_ERROR_SQL, $db->last_query, $db->last_error); } } if ($type == 2) { $cur_checked = $db->get_var("SELECT `Checked` FROM `User` WHERE `User_ID` = '" . $UserID . "'"); $update = "update User set "; for ($i = 0; $i < $fldCount; $i++) { if ($fldTypeOfEdit[$i] == 3 || $fldTypeOfEdit[$i] == 2 && !nc_field_check_admin_perm()) { continue; } // поле недоступно никому или доступно администратору но нет прав администратора if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) { $update .= $fld[$i] . "=" . ${$fld[$i] . 'NewValue'} . ","; } else { $update .= $fld[$i] . "=" . ($fldValue[$i] ? $fldValue[$i] : "NULL") . ","; } } $update .= "Checked=\"" . $Checked . "\","; $update .= "PermissionGroup_ID=\"" . $mainPermissionGroupID . "\","; $update .= "InsideAdminAccess=" . (int) $InsideAdminAccess; if (isset($_POST['Catalogue_ID'])) { $update .= ", Catalogue_ID=" . (int) $_POST['Catalogue_ID']; } $update .= " where User_ID=" . $UserID; // execute core action $nc_core->event->execute("updateUserPrep", $UserID); if ($cur_checked != $Checked) { $nc_core->event->execute($Checked ? "checkUserPrep" : "uncheckUserPrep", $UserID); } $Result = $db->query($update); // execute core action $nc_core->event->execute("updateUser", $UserID); $db->query("DELETE FROM `User_Group` WHERE `User_ID`='" . intval($UserID) . "'"); foreach ($PermissionGroupID as $v) { nc_usergroup_add_to_group($UserID, $v, 0); } // произошла смена состояния пользователя if ($cur_checked != $Checked) { $nc_core->event->execute($Checked ? "checkUser" : "uncheckUser", $UserID); } } if (is_array($SQL_multifield)) { nc_multifield_sql_exec($message, $SQL_multifield); } // Обновление в таблице с файлами if (!empty($filetable_lastid)) { $db->query("UPDATE `Filetable` SET `Message_ID`='" . $message . "' WHERE ID IN (" . join(',', $filetable_lastid) . ")"); } // create dir @mkdir($FILES_FOLDER . "u/", $DIRCHMOD); /* * */ for ($i = 0; $i < count($tmpFile); $i++) { eval("\$tmpNewFile[\$i] = \"" . $tmpNewFile[$i] . "\";"); @rename($FILES_FOLDER . $tmpFile[$i], $FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i]); @chmod($FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i], $FILECHMOD); } // привязка токена $nc_token_login = $nc_core->input->fetch_get_post('nc_token_login'); $nc_token_key = $nc_core->input->fetch_get_post('nc_token_key'); if ($nc_token_login && $nc_token_key && $UserID) { $db->query("INSERT INTO `Auth_Token`\n SET `Login` = '" . $db->escape($nc_token_login) . "',\n `PublicKey` = '" . $db->escape($nc_token_key) . "',\n `User_ID` = '" . $UserID . "' "); } $nc_token_destroy = $nc_core->input->fetch_get_post('nc_token_destroy'); if ($nc_token_destroy) { $nc_auth_token = new nc_auth_token(); $nc_auth_token->delete_by_id($nc_token_destroy); } return 0; }