} else {
if (updateEmail($userId, $email)) {
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Update title
if ($userdetails['title'] != $_POST['title']) {
$title = trim($_POST['title']);
//Validate title
if (minMaxRange(1, 50, $title)) {
$errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50));
} else {
if (updateTitle($userId, $title)) {
$successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Remove permission level
if (!empty($_POST['removePermission'])) {
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($remove, $userId)) {
$successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
function changeTitleSummaryDescription($uid, $pid, $title, $summary, $description)
{
// Check that user can view the puzzle
if (!canViewPuzzle($uid, $pid)) {
utilsError("You do not have permission to modify this puzzle.");
}
// Get the old title, summary, and description
$puzzleInfo = getPuzzleInfo($pid);
$oldTitle = $puzzleInfo["title"];
$oldSummary = $puzzleInfo["summary"];
$oldDescription = $puzzleInfo["description"];
$purifier = new HTMLPurifier();
mysql_query('START TRANSACTION');
// If title has changed, update it
$cleanTitle = htmlspecialchars($title);
if ($oldTitle !== $cleanTitle) {
updateTitle($uid, $pid, $oldTitle, $cleanTitle);
}
// If summary has changed, update it
$cleanSummary = $purifier->purify($summary);
if ($oldSummary !== $cleanSummary) {
updateSummary($uid, $pid, $oldSummary, $cleanSummary);
}
// If description has changed, update it
$cleanDescription = $purifier->purify($description);
if ($oldDescription !== $cleanDescription) {
updateDescription($uid, $pid, $oldDescription, $cleanDescription);
}
// Assuming all went well, commit the changes to the database
mysql_query('COMMIT');
}
<?php
include "base.php";
$title = $_POST["title"];
$tags = $_POST["tags"];
$linkID = $_POST["linkID"];
function updateTitle($linkID, $newTitle)
{
$query = "UPDATE links set title=? WHERE linkID = ?";
$params = [$newTitle, $linkID];
editQuery($query, $params);
}
updateTitle($linkID, $title);
deleteConnections($linkID);
if (strlen($tags) > 0) {
$tagString = strtolower($tags);
$tags = stringToArray($tagString);
$tags = array_unique($tags);
foreach ($tags as $tag) {
$query = "SELECT * from tags WHERE tag = ?";
$params = [$tag];
$res = selectQuery($query, $params);
if (count($res) == 0) {
$query = "INSERT into tags (tag) VALUES (?)";
$params = [$tag];
editQuery($query, $params);
}
}
foreach ($tags as $tag) {
$query = "SELECT tagID from tags WHERE tag = ?";
$params = [$tag];
$response = rateLink($_REQUEST['from_url'], $_REQUEST['from_url_param'], $_REQUEST['to_url'], $_REQUEST['to_url_param'], $_REQUEST['up']);
break;
case "get_link_comment":
$response = getLinkComment($_REQUEST['from_url'], $_REQUEST['from_url_param'], $_REQUEST['to_url'], $_REQUEST['to_url_param']);
break;
case "verify_user":
$response = verifyUser($_REQUEST['confirm_code']);
break;
case "invite_user":
$response = inviteUser($_REQUEST['email']);
break;
case "get_title":
$response = getTitle($_REQUEST['url'], $_REQUEST['url_param']);
break;
case "update_title":
$response = updateTitle($_REQUEST['url'], $_REQUEST['url_param'], $_REQUEST['title']);
break;
}
mysql_close($connection);
if ($_REQUEST['command'] == "verify_user") {
echo "<html>";
echo "<head> <title> User verification </title></head>";
echo "<body>";
echo $response;
echo "</body>";
echo "</html>";
} else {
echo "<xmlresponse>";
echo $response;
echo "</xmlresponse>";
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$userId = $_GET['id'];
//Check if selected user exists
if (!userIdExists($userId)) {
header("Location: " . str_replace('index.php/', '', site_url('admin_users')));
die;
}
$userdetails = fetchUserDetails(NULL, NULL, $userId);
//Fetch user details
//Forms posted
if (!empty($_POST)) {
//Delete selected account
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deleteUsers($deletions)) {
$successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
} else {
//Update display name
if ($userdetails['display_name'] != $_POST['display']) {
$displayname = trim($_POST['display']);
//Validate display name
if (displayNameExists($displayname)) {
$errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname));
} elseif (minMaxRange(5, 25, $displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25));
} elseif (!ctype_alnum($displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");
} else {
if (updateDisplayName($userId, $displayname)) {
$successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname));
} else {
$errors[] = lang("SQL_ERROR");
}
}
} else {
$displayname = $userdetails['display_name'];
}
//Activate account
if (isset($_POST['activate']) && $_POST['activate'] == "activate") {
if (setUserActive($userdetails['activation_token'])) {
$successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Update email
if ($userdetails['email'] != $_POST['email']) {
$email = trim($_POST["email"]);
//Validate email
if (!isValidEmail($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
} elseif (emailExists($email)) {
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
} else {
if (updateEmail($userId, $email)) {
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Update title
if ($userdetails['title'] != $_POST['title']) {
$title = trim($_POST['title']);
//Validate title
if (minMaxRange(1, 50, $title)) {
$errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50));
} else {
if (updateTitle($userId, $title)) {
$successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Remove permission level
if (!empty($_POST['removePermission'])) {
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($remove, $userId)) {
$successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
if (!empty($_POST['addPermission'])) {
$add = $_POST['addPermission'];
if ($addition_count = addPermission($add, $userId)) {
$successes[] = lang("ACCOUNT_PERMISSION_ADDED", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
$userdetails = fetchUserDetails(NULL, NULL, $userId);
}
}
$userPermission = fetchUserPermissions($userId);
$permissionData = fetchAllPermissions();
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin User</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminUser' action='" . $_SERVER['PHP_SELF'] . "?id=" . $userId . "' method='post'>\r\n<table class='admin'><tr><td>\r\n<h3>User Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $userdetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Username:</label>\r\n" . $userdetails['user_name'] . "\r\n</p>\r\n<p>\r\n<label>Display Name:</label>\r\n<input type='text' name='display' value='" . $userdetails['display_name'] . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='email' value='" . $userdetails['email'] . "' />\r\n</p>\r\n<p>\r\n<label>Active:</label>";
//Display activation link, if account inactive
if ($userdetails['active'] == '1') {
echo "Yes";
} else {
echo "No\r\n\t</p>\r\n\t<p>\r\n\t<label>Activate:</label>\r\n\t<input type='checkbox' name='activate' id='activate' value='activate'>\r\n\t";
}
echo "\r\n</p>\r\n<p>\r\n<label>Title:</label>\r\n<input type='text' name='title' value='" . $userdetails['title'] . "' />\r\n</p>\r\n<p>\r\n<label>Sign Up:</label>\r\n" . date("j M, Y", $userdetails['sign_up_stamp']) . "\r\n</p>\r\n<p>\r\n<label>Last Sign In:</label>";
//Last sign in, interpretation
if ($userdetails['last_sign_in_stamp'] == '0') {
echo "Never";
} else {
echo date("j M, Y", $userdetails['last_sign_in_stamp']);
}
echo "\r\n</p>\r\n<p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $userdetails['id'] . "]' id='delete[" . $userdetails['id'] . "]' value='" . $userdetails['id'] . "'>\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>Remove Permission:";
//List of permission levels user is apart of
foreach ($permissionData as $v1) {
if (isset($userPermission[$v1['id']])) {
echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
//List of permission levels user is not apart of
echo "</p><p>Add Permission:";
foreach ($permissionData as $v1) {
if (!isset($userPermission[$v1['id']])) {
echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
}
}
}
//End data validation
if (count($errors) == 0) {
$loggedInUser->updateEmail($email);
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
}
}
if ($title != $loggedInUser->title) {
$title = trim($title);
//Validate title
if (minMaxRange(1, 50, $title)) {
$errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50));
} else {
if (updateTitle($loggedInUser->user_id, $title)) {
$loggedInUser->title = $title;
$successes[] = lang("ACCOUNT_TITLE_UPDATED", array($loggedInUser->displayname, $title));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
// campus can only be set one time
if ($campus = $_POST["campus"]) {
if ($campus != $loggedInUser->campus) {
$loggedInUser->updateCampus($campus);
$successes[] = lang("ACCOUNT_CAMPUS_UPDATED", array($loggedInUser->displayname, getCampusById($campus)));
}
}
// team can only be set one time
