/**
this function returns the permission values of the user with the given
user name.
if the user is not found in the user database, this function returns
NULL, otherwise, it returns the permissions of the user.
*/
function user_get_permissions($username)
{
// try to find the user in the user database
$data = user_find($username, NULL);
// return NULL if the user does not exists
if (!isset($data)) {
return;
}
// return the user permissions
return $data[_idx('permissions')];
}
!defined('DEBUG') and exit('Access Denied.');
$action = param(1);
if ($action == 'list') {
$header['title'] = '用户管理';
$pagesize = 20;
$srchtype = param(2);
$keyword = trim(urldecode(param(3)));
$page = param(4, 0);
$cond = array();
if ($keyword) {
!in_array($srchtype, array('uid', 'username', 'mobile', 'email', 'gid', 'create_ip')) and $srchtype = 'uid';
$cond[$srchtype] = $srchtype == 'create_ip' ? ip2long($keyword) : $keyword;
}
$n = user_count($cond);
$page = page($page, $n, $pagesize);
$userlist = user_find($cond, array('uid' => -1), $page, $pagesize);
$pagehtml = pages("admin/user-list-{$srchtype}-" . urlencode($keyword) . '-{page}.htm', $n, $page, $pagesize);
foreach ($userlist as &$_user) {
$_user['group'] = array_value($grouplist, $_user['gid'], '');
}
include "./admin/view/user_list.htm";
} elseif ($action == 'create') {
if ($method == 'GET') {
$header['title'] = '用户创建';
include "./admin/view/user_create.htm";
} elseif ($method == 'POST') {
$mobile = param('mobile');
$email = param('email');
$username = param('username');
$password = param('password');
$gid = param('gid');
/**
* edit user
*/
function edituser($dir)
{
// Determine the user name from the post data
$user = stripslashes($GLOBALS['__POST']["user"]);
// try to find the user
$data = user_find($user, NULL);
if ($data == NULL) {
show_error($user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]);
}
if ($self = $user == $GLOBALS['__SESSION']["s_user"]) {
$dir = "";
}
if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") {
$nuser = stripslashes($GLOBALS['__POST']["nuser"]);
if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") {
show_error($GLOBALS["error_msg"]["miscfieldmissed"]);
}
if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") {
if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) {
show_error($GLOBALS["error_msg"]["miscnopassmatch"]);
}
$pass = md5(stripslashes($GLOBALS['__POST']["pass1"]));
} else {
$pass = $data[1];
}
if ($self) {
$GLOBALS['__POST']["active"] = 1;
}
// determine the user permissions
$permissions = _eval_permissions();
// determine the new user data
$data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $permissions, $GLOBALS['__POST']["active"]);
if (!user_update($user, $data)) {
show_error($user . ": " . $GLOBALS["error_msg"]["saveuser"]);
}
if ($self) {
user_activate($nuser, NULL);
}
header("location: " . make_link("admin", $dir, NULL));
return;
}
show_header($GLOBALS["messages"]["actadmin"] . ": " . sprintf($GLOBALS["messages"]["miscedituser"], $data[0]));
// Javascript functions:
include "./_include/js_admin3.php";
echo "<CENTER><FORM name=\"edituser\" action=\"" . make_link("admin", $dir, NULL) . "&action2=edituser\" method=\"post\">\n";
echo "<INPUT type=\"hidden\" name=\"confirm\" value=\"true\"><INPUT type=\"hidden\" name=\"user\" value=\"" . $data[0] . "\">\n";
echo "<BR><TABLE width=\"450\">\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscusername"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type\"text\" name=\"nuser\" size=\"30\" value=\"";
echo $data[0] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscconfpass"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass1\" size=\"30\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscconfnewpass"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass2\" size=\"30\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscchpass"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"checkbox\" name=\"chpass\" value=\"true\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["mischomedir"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_dir\" size=\"30\" value=\"";
echo $data[2] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["mischomeurl"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_url\" size=\"30\" value=\"";
echo $data[3] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscshowhidden"] . ":</TD>";
echo "<TD align=\"right\"><SELECT name=\"show_hidden\">\n";
echo "<OPTION value=\"0\">" . $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>";
echo "<OPTION value=\"1\"" . ($data[4] ? " selected " : "") . ">";
echo $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>\n";
echo "</SELECT></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["mischidepattern"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"text\" name=\"no_access\" size=\"30\" value=\"";
echo $data[5] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscperms"] . ":</TD>\n";
// print out the extended permission table of the user permission
echo "<TD align=\"right\">\n";
admin_print_permissions($data[0]);
echo "</TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscactive"] . ":</TD>";
echo "<TD align=\"right\"><SELECT name=\"active\"" . ($self ? " DISABLED " : "") . ">\n";
echo "<OPTION value=\"1\">" . $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>";
echo "<OPTION value=\"0\"" . ($data[7] ? "" : " selected ") . ">";
echo $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>\n";
echo "</SELECT></TD></TR>\n";
echo "<TR><TD colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"" . $GLOBALS["messages"]["btnsave"];
echo "\" onClick=\"return check_pwd();\">\n<input type=\"button\" value=\"";
echo $GLOBALS["messages"]["btncancel"] . "\" onClick=\"javascript:location='";
echo make_link("admin", $dir, NULL) . "';\"></TD></TR></FORM></TABLE><BR></BR>\n";
}
function remindme($lang)
{
$with_name = true;
$with_captcha = true;
$action = 'init';
if (isset($_POST['remindme_send'])) {
$action = 'remindme';
}
$login = $confirmed = $code = $token = false;
if (!empty($_SESSION['login'])) {
$login = $_SESSION['login'];
} else {
if (!empty($_SESSION['user']['name'])) {
$login = $_SESSION['user']['name'];
} else {
if (!empty($_SESSION['user']['mail'])) {
$login = $_SESSION['user']['mail'];
}
}
}
switch ($action) {
case 'remindme':
if (isset($_POST['remindme_login'])) {
$login = strtolower(strflat(readarg($_POST['remindme_login'])));
}
if (isset($_POST['remindme_confirmed'])) {
$confirmed = readarg($_POST['remindme_confirmed']) == 'on' ? true : false;
}
if (isset($_POST['remindme_code'])) {
$code = readarg($_POST['remindme_code']);
}
if (isset($_POST['remindme_token'])) {
$token = readarg($_POST['remindme_token']);
}
break;
default:
break;
}
$missing_code = false;
$bad_code = false;
$bad_token = false;
$missing_login = false;
$bad_login = false;
$missing_confirmation = false;
$email_sent = false;
$user_page = false;
$internal_error = false;
$contact_page = false;
switch ($action) {
case 'remindme':
if (!isset($_SESSION['remindme_token']) or $token != $_SESSION['remindme_token']) {
$bad_token = true;
}
if ($with_captcha) {
if (!$code) {
$missing_code = true;
break;
}
$captcha = isset($_SESSION['captcha']['remindme']) ? $_SESSION['captcha']['remindme'] : false;
if (!$captcha or $captcha != strtoupper($code)) {
$bad_code = true;
break;
}
}
if (!$login) {
$missing_login = true;
} else {
if ((!validate_user_name($login) or !is_user_name_allowed($login)) and (!validate_mail($login) or !is_mail_allowed($login))) {
$bad_login = true;
}
}
if (!$confirmed) {
$missing_confirmation = true;
}
break;
default:
break;
}
switch ($action) {
case 'remindme':
if ($bad_token or $missing_code or $bad_code or $missing_login or $bad_login or $missing_confirmation) {
break;
}
require_once 'models/user.inc';
$user_id = user_find($login);
if (!$user_id) {
$bad_login = true;
require_once 'log.php';
write_log('password.err', substr($login, 0, 40));
break;
}
$user = user_get($user_id);
if (!$user) {
$internal_error = true;
break;
}
if (!$user['user_active'] or $user['user_banned']) {
$bad_login = true;
break;
}
require_once 'newpassword.php';
$newpassword = newpassword();
if (!user_set_newpassword($user_id, $newpassword)) {
$internal_error = true;
break;
}
require_once 'emailcrypto.php';
global $sitename, $webmaster;
$to = $user['user_mail'];
$subject = translate('email:new_password_subject', $lang);
$msg = translate('email:new_password_text', $lang) . "\n\n" . translate('email:salutations', $lang);
if (!emailcrypto($msg, $newpassword, $to, $subject, $webmaster)) {
$internal_error = true;
} else {
$email_sent = $to;
}
$confirmed = false;
break;
default:
break;
}
if ($internal_error) {
$contact_page = url('contact', $lang);
} else {
if ($email_sent) {
$user_page = url('user', $lang);
}
}
$_SESSION['remindme_token'] = $token = token_id();
$errors = compact('missing_login', 'bad_login', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page');
$infos = compact('email_sent', 'user_page');
$output = view('remindme', $lang, compact('token', 'with_captcha', 'with_name', 'login', 'confirmed', 'errors', 'infos'));
return $output;
}
function user_check_flood($longip)
{
global $conf;
if (!$conf['check_flood_on']) {
return FALSE;
}
$userlist = user_find(array(), array('uid' => -1), 1, 20);
if (empty($userlist)) {
return FALSE;
}
$n = 0;
foreach ($userlist as $user) {
if ($user['create_ip'] == $longip) {
$n++;
if ($n > $conf['check_flood']['users']) {
return TRUE;
}
}
}
return FALSE;
}
$db_debug = true;
db_connect($db_url);
require_once 'models/user.inc';
$msecs = microtime(true);
$name = 'barfoo';
$password = '******';
$mail = '';
$locale = 'fr';
$website = false;
$r = user_create_avatar($name);
dump($r);
$r = user_delete_avatar($name);
dump($r);
$r = user_create($name, $password, $mail, $locale, $website);
dump($r);
$user_id = user_find($name);
dump($user_id);
if (!$user_id) {
exit;
}
$r = user_id($user_id);
dump($r);
$r = user_get($user_id);
dump($r);
$mail = '*****@*****.**';
$website = 'www.izend.org';
$r = user_set($user_id, $name, $mail, $website, $locale);
dump($r);
$r = user_get($user_id);
dump($r);
$lastname = 'iZend';
/**
* Provides an array of users matching $str
*
* @param string $str
* @return array
*/
public function searchUsers($str)
{
return user_find($str);
}
