* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
* License for the specific language governing rights and limitations
* under the License.
*/
if (!defined('IS_VALID_PHPMYFAQ_ADMIN')) {
header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME']));
exit;
}
$ajax_action = PMF_Filter::filterInput(INPUT_GET, 'ajaxaction', FILTER_SANITIZE_STRING);
$user_id = PMF_Filter::filterInput(INPUT_GET, 'user_id', FILTER_VALIDATE_INT);
$usersearch = PMF_Filter::filterInput(INPUT_GET, 'q', FILTER_SANITIZE_STRING);
if ($permission['adduser'] || $permission['edituser'] || $permission['deluser']) {
$user = new PMF_User();
if ('get_user_list' == $ajax_action) {
foreach ($user->searchUsers($usersearch) as $single_user) {
print $single_user['login'] . '|' . $single_user['user_id'] . "\n";
}
}
$user->getUserById($user_id);
// Return the user data
if ('get_user_data' == $ajax_action) {
$userdata = array();
$userdata = $user->userdata->get('*');
$userdata['status'] = $user->getStatus();
print json_encode(array_map('utf8_encode', $userdata));
}
// Return the user rights
if ('get_user_rights' == $ajax_action) {
print json_encode($user->perm->getUserRights($user_id));
}
}
$responseWrapper->addCommonHeaders();
if ($user->perm->checkRight($user->getUserId(), 'adduser') || $user->perm->checkRight($user->getUserId(), 'edituser') || $user->perm->checkRight($user->getUserId(), 'deluser')) {
$user = new PMF_User($faqConfig);
switch ($ajaxAction) {
case 'get_user_list':
$users = [];
foreach ($user->searchUsers($usersearch) as $singleUser) {
$users[] = array('user_id' => $singleUser['user_id'], 'name' => $singleUser['login']);
}
$response->setData($users);
break;
case 'get_user_data':
$user->getUserById($userId);
$userdata = [];
$userdata = $user->userdata->get('*');
$userdata['status'] = $user->getStatus();
$userdata['login'] = $user->getLogin();
$response->setData($userdata);
break;
case 'get_user_rights':
$user->getUserById($userId);
$response->setData($user->perm->getUserRights($userId));
break;
case 'activate_user':
$user->getUserById($userId);
$user->setStatus('active');
echo json_encode($user->getStatus());
break;
case 'delete_user':
$user->getUserById($userId);
if ($user->getStatus() == 'protected' || $userId == 1) {
$message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>';
}
}
}
// delete user confirmation
if ($userAction == 'delete_confirm') {
$message = '';
$user = new PMF_User();
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
if ($userId == 0) {
$message .= '<p class="error">' . $errorMessages['delUser_noId'] . '</p>';
$userAction = $defaultUserAction;
} else {
$user->getUserById($userId);
// account is protected
if ($user->getStatus() == 'protected' || $userId == 1) {
$userAction = $defaultUserAction;
$message .= '<p class="error">' . $errorMessages['delUser_protectedAccount'] . '</p>';
} else {
?>
<h2><?php
print $text['header'];
?>
</h2>
<div id="user_confirmDelete">
<fieldset>
<legend><?php
print $text['delUser'];
?>
</legend>
$templateVars['displayPagination'] = true;
$templateVars['pagination'] = $pagination->render();
}
$counter = $displayedCounter = 0;
foreach ($allUsers as $userId) {
$user->getUserById($userId);
if ($displayedCounter >= $perPage) {
continue;
}
$counter++;
if ($counter <= $firstPage) {
continue;
}
$displayedCounter++;
$icon = '';
switch ($user->getStatus()) {
case 'active':
$icon = 'icon-ok';
break;
case 'blocked':
$icon = 'icon-lock';
break;
case 'protected':
$icon = 'icon-ok-sign';
break;
}
$templateVars['users'][] = array('id' => $user->getUserId(), 'displayName' => $user->getUserData('display_name'), 'editUrl' => '?action=user&user_id=' . $user->getUserData('user_id'), 'email' => $user->getUserData('email'), 'icon' => $icon, 'loginName' => $user->getLogin(), 'showDeleteButton' => $user->getStatus() !== 'protected', 'status' => $user->getStatus());
}
$twig->loadTemplate('user/listallusers.twig')->display($templateVars);
unset($templateVars, $allUsers, $numUsers, $page, $perPage, $numPages, $lastPage, $firstPage, $baseUrl, $options, $pagination, $counter, $displayedCounter, $icon);
}
// update user data
if ($userAction == 'update_data') {
$message = '';
$userAction = $defaultUserAction;
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0);
if ($userId == 0) {
$message .= '<p class="error">' . $errorMessages['updateUser_noId'] . '</p>';
} else {
$userData = array();
$userData['display_name'] = PMF_Filter::filterInput(INPUT_POST, 'display_name', FILTER_SANITIZE_STRING, '');
$userData['email'] = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL, '');
$userData['last_modified'] = PMF_Filter::filterInput(INPUT_POST, 'last_modified', FILTER_SANITIZE_STRING, '');
$userStatus = PMF_Filter::filterInput(INPUT_POST, 'user_status', FILTER_SANITIZE_STRING, $defaultUserStatus);
$user = new PMF_User();
$user->getUserById($userId);
$stats = $user->getStatus();
// set new password an send email if user is switched to active
if ($stats == 'blocked' && $userStatus == 'active') {
$consonants = array("b", "c", "d", "f", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "v", "w", "x", "y", "z");
$vowels = array("a", "e", "i", "o", "u");
$newPassword = '';
srand((double) microtime() * 1000000);
for ($i = 1; $i <= 4; $i++) {
$newPassword .= $consonants[rand(0, 19)];
$newPassword .= $vowels[rand(0, 4)];
}
$user->changePassword($newPassword);
$mail = new PMF_Mail();
$mail->addTo($userData['email']);
$mail->subject = '[%sitename%] Username / activation';
$mail->message = sprintf("\nUsername: %s\nLoginname: %s\nNew Password: %s\n\n", $userData['display_name'], $user->getLogin(), $newPassword);
$ajaxAction = PMF_Filter::filterInput(INPUT_GET, 'ajaxaction', FILTER_SANITIZE_STRING);
$userId = PMF_Filter::filterInput(INPUT_GET, 'user_id', FILTER_VALIDATE_INT);
$usersearch = PMF_Filter::filterInput(INPUT_GET, 'q', FILTER_SANITIZE_STRING);
if ($permission['adduser'] || $permission['edituser'] || $permission['deluser']) {
$user = new PMF_User();
switch ($ajaxAction) {
case 'get_user_list':
foreach ($user->searchUsers($usersearch) as $singleUser) {
print $singleUser['login'] . '|' . $singleUser['user_id'] . "\n";
}
break;
case 'get_user_data':
$user->getUserById($userId);
$userdata = array();
$userdata = $user->userdata->get('*');
$userdata['status'] = $user->getStatus();
$userdata['login'] = $user->getLogin();
print json_encode($userdata);
break;
case 'get_user_rights':
$user->getUserById($userId);
print json_encode($user->perm->getUserRights($userId));
break;
case 'delete_user':
$user->getUserById($userId);
if ($user->getStatus() == 'protected' || $userId == 1) {
$message = '<p class="error">' . $PMF_LANG['ad_user_error_protectedAccount'] . '</p>';
} else {
if (!$user->deleteUser()) {
$message = $PMF_LANG['ad_user_error_delete'];
} else {
<tbody>
<?php
foreach ($user->getAllUsers() as $userId) {
$user->getUserById($userId);
?>
<tr class="row_user_id_<?php
print $user->getUserData('user_id');
?>
">
<td><?php
print $user->getUserData('user_id');
?>
</td>
<td><?php
print $user->getStatus();
?>
</td>
<td><?php
print $user->getUserData('display_name');
?>
</td>
<td><?php
print $user->getLogin();
?>
</td>
<td>
<a href="mailto:<?php
print $user->getUserData('email');
?>
">
$counter++;
if ($counter <= $firstPage) {
continue;
}
$displayedCounter++;
?>
<tr class="row_user_id_<?php
print $user->getUserId();
?>
">
<td><?php
print $user->getUserId();
?>
</td>
<td><i class="<?php
switch ($user->getStatus()) {
case 'active':
echo "icon-ok";
break;
case 'blocked':
echo 'icon-lock';
break;
case 'protected':
echo 'icon-ok-sign';
break;
}
?>
"></i></td>
<td><?php
print $user->getUserData('display_name');
?>
