function mod_lastreg($mod, $cfg) { $inDB = cmsDatabase::getInstance(); cmsCore::loadModel('users'); $model = new cms_model_users(); $inDB->orderBy('regdate', 'DESC'); $inDB->limitPage(1, $cfg['newscount']); $users = $model->getUsers(); if ($cfg['view_type'] == 'list') { $total_all = cmsUser::getCountAllUsers(); } else { $total_all = 0; } cmsPage::initTemplate('modules', $cfg['tpl'])->assign('usrs', $users)->assign('cfg', $cfg)->assign('total_all', $total_all)->assign('total', sizeof($users))->display($cfg['tpl']); return true; }
function mod_user_rating($module_id, $cfg) { $inDB = cmsDatabase::getInstance(); cmsCore::loadModel('users'); $model = new cms_model_users(); if (!isset($cfg['count'])) { $cfg['count'] = 20; } if (!isset($cfg['view_type'])) { $cfg['view_type'] = 'rating'; } if (!in_array($cfg['view_type'], array('karma', 'rating'))) { $cfg['view_type'] = 'rating'; } $inDB->orderBy($cfg['view_type'], 'DESC'); $inDB->limitPage(1, $cfg['count']); $users = $model->getUsers(); cmsPage::initTemplate('modules', 'mod_user_rating')->assign('users', $users)->assign('cfg', $cfg)->display('mod_user_rating.tpl'); return true; }
function users() { header('X-Frame-Options: DENY'); $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); global $_LANG; $model = new cms_model_users(); // id пользователя $id = cmsCore::request('id', 'int', 0); // логин пользователя $login = cmsCore::strClear(urldecode(cmsCore::request('login', 'html', ''))); $do = $inCore->do; $page = cmsCore::request('page', 'int', 1); $pagetitle = $inCore->getComponentTitle(); if ($model->config['sw_search'] != 2) { $inPage->addPathway($pagetitle, '/users'); } $inPage->setTitle($pagetitle); $inPage->setDescription($pagetitle); // js только авторизованным if ($inUser->id) { $inPage->addHeadJS('components/users/js/profile.js'); $inPage->addHeadJsLang(array('CONFIRM_CLEAN_CAT', 'CHOOSE_RECIPIENT', 'SEND_TO_USER', 'FRIENDSHIP_OFFER', 'STOP_FRIENDLY', 'REALY_STOP_FRIENDLY', 'ENTER_STATUS', 'HAVE_JUST')); } //============================================================================// //========================= Список пользователей ============================// //============================================================================// if ($do == 'view') { // если запрещен просмотр всех пользователей, 404 if ($model->config['sw_search'] == 2) { cmsCore::error404(); } //очищаем поисковые запросы если пришли со другой страницы if (!strstr(cmsCore::getBackURL(), '/users')) { cmsUser::sessionClearAll(); } $stext = array(); // Возможные входные переменные $name = cmsCore::getSearchVar('name'); $city = cmsCore::getSearchVar('city'); $hobby = cmsCore::getSearchVar('hobby'); $gender = cmsCore::getSearchVar('gender'); $orderby = cmsCore::request('orderby', array('karma', 'rating', 'regdate'), 'regdate'); $orderto = cmsCore::request('orderto', array('asc', 'desc'), 'desc'); $age_to = (int) cmsCore::getSearchVar('ageto', 'all'); $age_fr = (int) cmsCore::getSearchVar('agefrom', 'all'); $group_id = cmsCore::request('group_id', 'int', 0); // Флаг о показе только онлайн пользователей if (cmsCore::inRequest('online')) { cmsUser::sessionPut('usr_online', (bool) cmsCore::request('online', 'int')); $page = 1; } $only_online = cmsUser::sessionGet('usr_online'); if ($only_online) { $stext[] = $_LANG['SHOWING_ONLY_ONLINE']; } /////////////////////////////////////// //////////Условия выборки////////////// /////////////////////////////////////// // группа if ($group_id) { $model->whereUserGroupIs($group_id); $link['group'] = '/users/group/' . $group_id; $_LANG['GROUP_SEARCH_NAME'] = cmsUser::getGroupTitle($group_id); } // Добавляем в выборку имя, если оно есть if ($name) { $model->whereNameIs($name); $stext[] = $_LANG['NAME'] . " — " . htmlspecialchars(stripslashes($name)); } // Добавляем в выборку город, если он есть if ($city) { $model->whereCityIs($city); $stext[] = $_LANG['CITY'] . " — " . htmlspecialchars(stripslashes($city)); } // Добавляем в выборку хобби, если есть if ($hobby) { $model->whereHobbyIs($hobby); $stext[] = $_LANG['HOBBY'] . " — " . htmlspecialchars(stripslashes($hobby)); } // Добавляем в выборку пол, если есть if ($gender) { $model->whereGenderIs($gender); if ($gender == 'm') { $stext[] = $_LANG['MALE']; } else { $stext[] = $_LANG['FEMALE']; } } // Добавляем в выборку возраст, более if ($age_fr) { $model->whereAgeFrom($age_fr); $stext[] = $_LANG['NOT_YOUNG'] . " {$age_fr} " . $_LANG['YEARS']; } // Добавляем в выборку возраст, менее if ($age_to) { $model->whereAgeTo($age_to); $stext[] = $_LANG['NOT_OLD'] . " {$age_fr} " . $_LANG['YEARS']; } // Считаем общее количество согласно выборки $total = $model->getUsersCount($only_online); if ($total) { //устанавливаем сортировку $inDB->orderBy($orderby, $orderto); //устанавливаем номер текущей страницы и кол-во пользователей на странице $inDB->limitPage($page, $model->config['users_perpage']); // Загружаем пользователей согласно выборки $users = $model->getUsers($only_online); } else { $inDB->resetConditions(); } $link['latest'] = '/users'; $link['positive'] = '/users/positive.html'; $link['rating'] = '/users/rating.html'; if ($orderby == 'regdate') { $link['selected'] = 'latest'; } if ($orderby == 'karma') { $link['selected'] = 'positive'; } if ($orderby == 'rating') { $link['selected'] = 'rating'; } $pagebar_link = '/users/' . $link['selected'] . '%page%.html'; if ($group_id) { $link['selected'] = 'group'; $pagebar_link = '/users/' . $link['selected'] . '/' . $group_id . '-%page%'; } cmsPage::initTemplate('components', 'com_users_view')->assign('stext', $stext)->assign('orderby', $orderby)->assign('orderto', $orderto)->assign('users', $users)->assign('total', $total)->assign('only_online', $only_online)->assign('gender', $gender)->assign('name', stripslashes($name))->assign('city', stripslashes($city))->assign('hobby', stripslashes($hobby))->assign('age_to', $age_to)->assign('age_fr', $age_fr)->assign('cfg', $model->config)->assign('link', $link)->assign('pagebar', cmsPage::getPagebar($total, $page, $model->config['users_perpage'], $pagebar_link))->display('com_users_view.tpl'); } //============================================================================// //======================= Редактирование профиля ============================// //============================================================================// if ($do == 'editprofile') { // неавторизованным, не владельцам и не админам тут делать нечего if (!$inUser->id || $inUser->id != $id && !$inUser->is_admin) { cmsCore::error404(); } $usr = $model->getUser($id); if (!$usr) { cmsCore::error404(); } $opt = cmsCore::request('opt', 'str', 'edit'); // главного админа может редактировать только он сам if ($id == 1 && $inUser->id != $id) { cmsCore::error404(); } // показываем форму if ($opt == 'edit') { $inPage->setTitle($_LANG['CONFIG_PROFILE'] . ' - ' . $usr['nickname']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['CONFIG_PROFILE']); $private_forms = array(); if (isset($model->config['privforms'])) { if (is_array($model->config['privforms'])) { foreach ($model->config['privforms'] as $form_id) { $private_forms = array_merge($private_forms, cmsForm::getFieldsHtml($form_id, $usr['formsdata'])); } } } cmsPage::initTemplate('components', 'com_users_edit_profile')->assign('opt', $opt)->assign('usr', $usr)->assign('private_forms', $private_forms)->assign('cfg_forum', $inCore->loadComponentConfig('forum'))->assign('cfg', $model->config)->display('com_users_edit_profile.tpl'); return; } // Если сохраняем профиль if ($opt == 'save') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $errors = false; $users['nickname'] = cmsCore::request('nickname', 'str'); if (mb_strlen($users['nickname']) < 2) { cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error'); $errors = true; } cmsCore::loadModel('registration'); $modreg = new cms_model_registration(); if (!$inUser->is_admin) { if ($modreg->getBadNickname($users['nickname'])) { cmsCore::addSessionMessage($_LANG['ERR_NICK_EXISTS'], 'error'); $errors = true; } } $profiles['gender'] = cmsCore::request('gender', 'str'); $profiles['city'] = cmsCore::request('city', 'str'); if (mb_strlen($profiles['city']) > 50) { cmsCore::addSessionMessage($_LANG['LONG_CITY_NAME'], 'error'); $errors = true; } $users['email'] = cmsCore::request('email', 'email'); if (!$users['email']) { cmsCore::addSessionMessage($_LANG['REALY_ADRESS_EMAIL'], 'error'); $errors = true; } if ($usr['email'] != $users['email']) { $is_set_email = $inDB->get_field('cms_users', "email='{$users['email']}'", 'id'); if ($is_set_email) { cmsCore::addSessionMessage($_LANG['ADRESS_EMAIL_IS_BUSY'], 'error'); $errors = true; } else { // формируем токен $token = md5($usr['email'] . uniqid() . microtime()); $inDB->insert('cms_users_activate', array('user_id' => $inUser->id, 'pubdate' => date("Y-m-d H:i:s"), 'code' => $token)); $codelink = HOST . '/users/change_email/' . $token . '/' . $users['email']; // по старому адресу высылаем письмо с подтверждением $letter = cmsCore::getLanguageTextFile('change_email'); $letter = str_replace(array('{nickname}', '{codelink}'), array($inUser->nickname, $codelink), $letter); cmsCore::mailText($usr['email'], '', $letter); cmsCore::addSessionMessage(sprintf($_LANG['YOU_CHANGE_EMAIL'], $usr['email']), 'info'); // email не меняем $users['email'] = $usr['email']; } } $profiles['showphone'] = cmsCore::request('showphone', 'int', 0); $profiles['showmail'] = cmsCore::request('showmail', 'int'); $profiles['email_newmsg'] = cmsCore::request('email_newmsg', 'int'); $profiles['showbirth'] = cmsCore::request('showbirth', 'int'); $profiles['description'] = cmsCore::request('description', 'str', ''); $users['birthdate'] = (int) $_REQUEST['birthdate']['year'] . '-' . (int) $_REQUEST['birthdate']['month'] . '-' . (int) $_REQUEST['birthdate']['day']; $profiles['signature'] = $inDB->escape_string(cmsCore::badTagClear(cmsCore::request('signature', 'html', ''))); $profiles['signature_html'] = $inDB->escape_string(cmsCore::parseSmiles(cmsCore::request('signature', 'html', ''), true)); $profiles['allow_who'] = cmsCore::request('allow_who', 'str'); if (!preg_match('/^([a-zA-Z]+)$/ui', $profiles['allow_who'])) { $errors = true; } $users['icq'] = cmsCore::request('icq', 'str', ''); $profiles['showicq'] = cmsCore::request('showicq', 'int'); $profiles['cm_subscribe'] = cmsCore::request('cm_subscribe', 'str'); if (!preg_match('/^([a-zA-Z]+)$/ui', $profiles['cm_subscribe'])) { $errors = true; } $users['phone'] = cmsCore::request('phone', 'int', 0); // получаем данные форм $profiles['formsdata'] = ''; if (isset($model->config['privforms'])) { if (is_array($model->config['privforms'])) { foreach ($model->config['privforms'] as $form_id) { $form_input = cmsForm::getFieldsInputValues($form_id); $profiles['formsdata'] .= $inDB->escape_string(cmsCore::arrayToYaml($form_input['values'])); // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } } } } if ($errors) { cmsCore::redirectBack(); } $inDB->update('cms_user_profiles', cmsCore::callEvent('UPDATE_USER_PROFILES', array_merge(array('id' => $usr['pid'], 'user_id' => $usr['id']), $profiles)), $usr['pid']); $inDB->update('cms_users', cmsCore::callEvent('UPDATE_USER_USERS', array_merge(array('id' => $usr['id']), $users)), $usr['id']); cmsCore::addSessionMessage($_LANG['PROFILE_SAVED'], 'info'); cmsCore::redirect(cmsUser::getProfileURL($usr['login'])); } if ($opt == 'changepass') { $errors = false; $oldpass = cmsCore::request('oldpass', 'str'); $newpass = cmsCore::request('newpass', 'str'); $newpass2 = cmsCore::request('newpass2', 'str'); if ($inUser->password != md5($oldpass)) { cmsCore::addSessionMessage($_LANG['OLD_PASS_WRONG'], 'error'); $errors = true; } if ($newpass != $newpass2) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } if ($oldpass && $newpass && $newpass2 && mb_strlen($newpass) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($errors) { cmsCore::redirectBack(); } cmsCore::callEvent('UPDATE_USER_PASSWORD', array('user_id' => $usr['id'], 'oldpass' => $oldpass, 'newpass' => $newpass)); $sql = "UPDATE cms_users SET password='******' WHERE id = '{$id}' AND password='******'"; $inDB->query($sql); cmsCore::addSessionMessage($_LANG['PASS_CHANGED'], 'info'); cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } //============================================================================// //============================= Просмотр профиля ============================// //============================================================================// if ($do == 'profile') { $inPage->addHeadJsLang(array('NEW_POST_ON_WALL', 'CONFIRM_DEL_POST_ON_WALL')); // если просмотр профиля гостям запрещен if (!$inUser->id && !$model->config['sw_guest']) { cmsUser::goToLogin(); } if (is_numeric($login)) { cmsCore::error404(); } $usr = $model->getUser($login); if (!$usr) { cmsCore::error404(); } $myprofile = $inUser->id == $usr['id']; $inPage->setTitle($usr['nickname']); $inPage->addPathway($usr['nickname']); // просмотр профиля запрещен if (!cmsUser::checkUserContentAccess($usr['allow_who'], $usr['id'])) { cmsPage::initTemplate('components', 'com_users_not_allow')->assign('is_auth', $inUser->id)->assign('usr', $usr)->display('com_users_not_allow.tpl'); return; } // Профиль удален if ($usr['is_deleted']) { cmsPage::initTemplate('components', 'com_users_deleted.tpl')->assign('usr', $usr)->assign('is_admin', $inUser->is_admin)->assign('others_active', $inDB->rows_count('cms_users', "login='******'login']}' AND is_deleted=0", 1))->display('com_users_deleted.tpl'); return; } // Данные о друзьях $usr['friends_total'] = cmsUser::getFriendsCount($usr['id']); $usr['friends'] = cmsUser::getFriends($usr['id']); // очищать сессию друзей если в своем профиле и количество друзей из базы не совпадает с количеством друзей в сессии if ($myprofile && sizeof($usr['friends']) != $usr['friends_total']) { cmsUser::clearSessionFriends(); } // обрезаем список $usr['friends'] = array_slice($usr['friends'], 0, 6); // выясняем друзья ли мы с текущим пользователем $usr['isfriend'] = !$myprofile ? cmsUser::isFriend($usr['id']) : false; // награды пользователя $usr['awards'] = $model->config['sw_awards'] ? $model->getUserAwards($usr['id']) : false; // стена if ($model->config['sw_wall']) { $inDB->limitPage(1, $model->config['wall_perpage']); $usr['wall_html'] = cmsUser::getUserWall($usr['id'], 'users', $myprofile, $inUser->is_admin); } // можно ли пользователю изменять карму $usr['can_change_karma'] = $model->isUserCanChangeKarma($usr['id']) && $inUser->id; // Фотоальбомы пользователя if ($model->config['sw_photo']) { $usr['albums'] = $model->getPhotoAlbums($usr['id'], $usr['isfriend'], !$inCore->isComponentEnable('photos')); $usr['albums_total'] = sizeof($usr['albums']); $usr['albums_show'] = 6; if ($usr['albums_total'] > $usr['albums_show']) { array_splice($usr['albums'], $usr['albums_show']); } } $usr['board_count'] = $model->config['sw_board'] ? $inDB->rows_count('cms_board_items', "user_id='{$usr['id']}' AND published=1") : 0; $usr['comments_count'] = $model->config['sw_comm'] ? $inDB->rows_count('cms_comments', "user_id='{$usr['id']}' AND published=1") : 0; $usr['forum_count'] = $model->config['sw_forum'] ? $inDB->rows_count('cms_forum_posts', "user_id = '{$usr['id']}'") : 0; $usr['files_count'] = $model->config['sw_files'] ? $inDB->rows_count('cms_user_files', "user_id = '{$usr['id']}'") : 0; $cfg_reg = $inCore->loadComponentConfig('registration'); $usr['invites_count'] = $inUser->id && $myprofile && $cfg_reg['reg_type'] == 'invite' ? $model->getUserInvitesCount($inUser->id) : 0; $usr['blog'] = $model->config['sw_blogs'] ? $inDB->get_fields('cms_blogs', "user_id = '{$usr['id']}' AND owner = 'user'", 'title, seolink') : false; $usr['form_fields'] = array(); if (is_array($model->config['privforms'])) { foreach ($model->config['privforms'] as $form_id) { $usr['form_fields'] = array_merge($usr['form_fields'], cmsForm::getFieldsValues($form_id, $usr['formsdata'])); } } if ($usr['city']) { cmsCore::loadModel('geo'); $geo = new cms_model_geo(); $city_parents = $geo->getCityParents($usr['city']); if ($city_parents) { $usr['country'] = $city_parents['country_name']; } } $plugins = $model->getPluginsOutput($usr); cmsPage::initTemplate('components', 'com_users_profile.tpl')->assign('usr', $usr)->assign('plugins', $plugins)->assign('cfg', $model->config)->assign('myprofile', $myprofile)->assign('cfg_forum', $inCore->loadComponentConfig('forum'))->assign('is_admin', $inUser->is_admin)->assign('is_auth', $inUser->id)->display('com_users_profile.tpl'); } //============================================================================// //============================= Список сообщений ============================// //============================================================================// if ($do == 'messages') { if (!$model->config['sw_msg']) { cmsCore::error404(); } if (!$inUser->id || $inUser->id != $id && !$inUser->is_admin) { cmsUser::goToLogin(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inPage->setTitle($_LANG['MY_MESS']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['MY_MESS'], '/users/' . $id . '/messages.html'); include 'components/users/messages.php'; } //============================================================================// //=========================== Отправка сообщения ============================// //============================================================================// if ($do == 'sendmessage') { if (!$model->config['sw_msg']) { cmsCore::halt(); } if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id || $inUser->id == $id && !cmsCore::inRequest('massmail') && !cmsCore::request('send_to_group', 'int', 0)) { cmsCore::halt(); } if (!cmsCore::inRequest('gosend')) { $replyid = cmsCore::request('replyid', 'int', 0); if ($replyid) { $msg = $model->getReplyMessage($replyid, $inUser->id); if (!$msg) { cmsCore::halt(); } } $inPage->setRequestIsAjax(); cmsPage::initTemplate('components', 'com_users_messages_add')->assign('msg', isset($msg) ? $msg : array())->assign('is_reply_user', $replyid)->assign('id', $id)->assign('bbcodetoolbar', cmsPage::getBBCodeToolbar('message'))->assign('smilestoolbar', cmsPage::getSmilesPanel('message'))->assign('groups', $inUser->is_admin ? cmsUser::getGroups(true) : array())->assign('friends', cmsUser::getFriends($inUser->id))->assign('id_admin', $inUser->is_admin)->display('com_users_messages_add.tpl'); cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean())); } if (cmsCore::inRequest('gosend')) { // Кому отправляем $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::halt(); } $message = cmsCore::parseSmiles(cmsCore::request('message', 'html', ''), true); if (mb_strlen($message) < 2) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_SEND_MESS'])); } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $output = cmsCore::callEvent('USER_SEND_MESSEDGE', array('text' => $message, 'to_id' => $id)); $message = $output['text']; $id = $output['to_id']; $send_to_group = cmsCore::request('send_to_group', 'int', 0); $group_id = cmsCore::request('group_id', 'int', 0); // // Обычная отправка (1 получатель) // if (!cmsCore::inRequest('massmail') && !$send_to_group) { //отправляем сообщение $msg_id = cmsUser::sendMessage($inUser->id, $id, $message); // отправляем уведомление на email если нужно $model->sendNotificationByEmail($id, $inUser->id, $msg_id); cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['SEND_MESS_OK'])); } // // далее идут массовые рассылки, доступные только админам // if (!$inUser->is_admin) { cmsCore::halt(); } // отправить всем: получаем список всех пользователей if (cmsCore::inRequest('massmail')) { $userlist = cmsUser::getAllUsers(); // проверяем что есть кому отправлять if (!$userlist) { cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ERR_SEND_MESS'])); } $count = array(); // отправляем всем по списку foreach ($userlist as $usr) { $count[] = cmsUser::sendMessage(USER_MASSMAIL, $usr['id'], $message); } cmsCore::jsonOutput(array('error' => false, 'text' => sprintf($_LANG['SEND_MESS_ALL_OK'], sizeof($count)))); } // отправить группе: получаем список членов группы if ($send_to_group) { $count = cmsUser::sendMessageToGroup(USER_MASSMAIL, $group_id, $message); $success_msg = sprintf($_LANG['SEND_MESS_GROUP_OK'], $count, cmsUser::getGroupTitle($group_id)); cmsCore::jsonOutput(array('error' => false, 'text' => $success_msg)); } } } //============================================================================// //============================= Удаление сообщения ==========================// //============================================================================// if ($do == 'delmessage') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$model->config['sw_msg']) { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } $msg = $inDB->get_fields('cms_user_msg', "id='{$id}'", '*'); if (!$msg) { cmsCore::halt(); } $can_delete = $inUser->id == $msg['to_id'] || $inUser->id == $msg['from_id'] ? true : false; if (!$can_delete && !$inUser->is_admin) { cmsCore::halt(); } // Сообщения с from_id < 0 if ($msg['from_id'] < 0) { $inDB->query("DELETE FROM cms_user_msg WHERE id = '{$id}' LIMIT 1"); $info_text = $_LANG['MESS_NOTICE_DEL_OK']; } // мне сообщение от пользователя if ($msg['to_id'] == $inUser->id && $msg['from_id'] > 0) { $inDB->query("UPDATE cms_user_msg SET to_del=1 WHERE id='{$id}'"); $info_text = $_LANG['MESS_DEL_OK']; } // от меня сообщение if ($msg['from_id'] == $inUser->id && !$msg['is_new']) { $inDB->query("UPDATE cms_user_msg SET from_del=1 WHERE id='{$id}'"); $info_text = $_LANG['MESS_DEL_OK']; } // отзываем сообщение if ($msg['from_id'] == $inUser->id && $msg['is_new']) { $inDB->query("DELETE FROM cms_user_msg WHERE id = '{$id}' LIMIT 1"); $info_text = $_LANG['MESS_BACK_OK']; } // удаляем сообщения, которые удалены с двух сторон $inDB->query("DELETE FROM cms_user_msg WHERE to_del=1 AND from_del=1"); cmsCore::jsonOutput(array('error' => false, 'text' => $info_text)); } //============================================================================// //=========================== Удаление сообщений ============================// //============================================================================// if ($do == 'delmessages') { if (!$model->config['sw_msg']) { cmsCore::error404(); } if ($inUser->id != $id && !$inUser->is_admin) { cmsCore::error404(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $opt = cmsCore::request('opt', 'str', 'in'); if ($opt == 'notices') { $inDB->query("DELETE FROM cms_user_msg WHERE to_id = '{$id}' AND from_id < 0"); } else { $del_flag = $opt == 'in' ? 'to_del' : 'from_del'; $id_flag = $opt == 'in' ? 'to_id' : 'from_id'; $inDB->query("UPDATE cms_user_msg SET {$del_flag}=1 WHERE {$id_flag}='{$id}'"); $inDB->query("DELETE FROM cms_user_msg WHERE to_del=1 AND from_del=1"); } cmsCore::addSessionMessage($_LANG['MESS_ALL_DEL_OK'], 'info'); cmsCore::redirectBack(); } //============================================================================// //============================= Загрузка аватара ============================// //============================================================================// if ($do == 'avatar') { if (!$inUser->id || $inUser->id && $inUser->id != $id) { cmsCore::error404(); } $inPage->setTitle($_LANG['LOAD_AVATAR']); $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['LOAD_AVATAR']); if (cmsCore::inRequest('upload')) { cmsCore::loadClass('upload_photo'); $inUploadPhoto = cmsUploadPhoto::getInstance(); // Выставляем конфигурационные параметры $inUploadPhoto->upload_dir = PATH . '/images/'; $inUploadPhoto->dir_medium = 'users/avatars/'; $inUploadPhoto->dir_small = 'users/avatars/small/'; $inUploadPhoto->small_size_w = $model->config['smallw']; $inUploadPhoto->medium_size_w = $model->config['medw']; $inUploadPhoto->medium_size_h = $model->config['medh']; $inUploadPhoto->is_watermark = false; $inUploadPhoto->input_name = 'picture'; $file = $inUploadPhoto->uploadPhoto($inUser->orig_imageurl); if (!$file) { cmsCore::addSessionMessage('<strong>' . $_LANG['ERROR'] . ':</strong> ' . cmsCore::uploadError() . '!', 'error'); cmsCore::redirect('/users/' . $id . '/avatar.html'); } $sql = "UPDATE cms_user_profiles SET imageurl = '{$file['filename']}' WHERE user_id = '{$id}' LIMIT 1"; $inDB->query($sql); // очищаем предыдущую запись о смене аватара cmsActions::removeObjectLog('add_avatar', $id); // выводим сообщение в ленту cmsActions::log('add_avatar', array('object' => '', 'object_url' => '', 'object_id' => $id, 'target' => '', 'target_url' => '', 'description' => '<a href="' . cmsUser::getProfileURL($inUser->login) . '" class="act_usr_ava"> <img border="0" src="/images/users/avatars/small/' . $file['filename'] . '"> </a>')); cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } else { cmsPage::initTemplate('components', 'com_users_avatar_upload')->assign('id', $id)->display('com_users_avatar_upload.tpl'); } } //============================================================================// //============================= Библиотека аватаров =========================// //============================================================================// if ($do == 'select_avatar') { if (!$inUser->id || $inUser->id && $inUser->id != $id) { cmsCore::error404(); } $avatars_dir = PATH . "/images/users/avatars/library"; $avatars_dir_rel = "/images/users/avatars/library"; $avatars_dir_handle = opendir($avatars_dir); $avatars = array(); while ($nextfile = readdir($avatars_dir_handle)) { if ($nextfile != '.' && $nextfile != '..' && (mb_strstr($nextfile, '.gif') || mb_strstr($nextfile, '.jpg') || mb_strstr($nextfile, '.jpeg') || mb_strstr($nextfile, '.png'))) { $avatars[] = $nextfile; } } closedir($avatars_dir_handle); if (!cmsCore::inRequest('set_avatar')) { $inPage->setTitle($_LANG['SELECT_AVATAR']); $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['SELECT_AVATAR']); $perpage = 20; $total = sizeof($avatars); $avatars = array_slice($avatars, ($page - 1) * $perpage, $perpage); cmsPage::initTemplate('components', 'com_users_avatars')->assign('userid', $id)->assign('avatars', $avatars)->assign('avatars_dir', $avatars_dir_rel)->assign('page', $page)->assign('perpage', $perpage)->assign('pagebar', cmsPage::getPagebar($total, $page, $perpage, '/users/%user_id%/select-avatar-%page%.html', array('user_id' => $id)))->display('com_users_avatars.tpl'); } else { $avatar_id = cmsCore::request('avatar_id', 'int', 0); $file = $avatars[$avatar_id]; if (file_exists($avatars_dir . '/' . $file)) { $uploaddir = PATH . '/images/users/avatars/'; $realfile = $file; $filename = md5($realfile . '-' . $id . '-' . time()) . '.jpg'; $uploadfile = $avatars_dir . '/' . $realfile; $uploadavatar = $uploaddir . $filename; $uploadthumb = $uploaddir . 'small/' . $filename; if ($inUser->orig_imageurl && $inUser->orig_imageurl != 'nopic.jpg') { @unlink(PATH . '/images/users/avatars/' . $inUser->orig_imageurl); @unlink(PATH . '/images/users/avatars/small/' . $inUser->orig_imageurl); } cmsCore::includeGraphics(); copy($uploadfile, $uploadavatar); @img_resize($uploadfile, $uploadthumb, $model->config['smallw'], $model->config['smallw']); $sql = "UPDATE cms_user_profiles SET imageurl = '{$filename}' WHERE user_id = '{$id}' LIMIT 1"; $inDB->query($sql); // очищаем предыдущую запись о смене аватара cmsActions::removeObjectLog('add_avatar', $id); // выводим сообщение в ленту cmsActions::log('add_avatar', array('object' => '', 'object_url' => '', 'object_id' => $id, 'target' => '', 'target_url' => '', 'description' => '<a href="' . cmsUser::getProfileURL($inUser->login) . '" class="act_usr_ava"> <img border="0" src="/images/users/avatars/small/' . $filename . '"> </a>')); } cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } //============================================================================// //======================== Работа с фотографиями ============================// //============================================================================// if ($do == 'photos') { if (!$model->config['sw_photo']) { cmsCore::error404(); } $pdo = cmsCore::request('pdo', 'str', ''); include 'components/users/photos.php'; } //============================================================================// //============================= Друзья пользователя =========================// //============================================================================// if ($do == 'friendlist') { if (!$inUser->id) { cmsUser::goToLogin(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $perpage = 10; $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['FRIENDS']); $inPage->setTitle($_LANG['FRIENDS']); // все друзья $friends = cmsUser::getFriends($usr['id']); // их общее количество $total = count($friends); // получаем только нужных на странице $friends = array_slice($friends, ($page - 1) * $perpage, $perpage); cmsPage::initTemplate('components', 'com_users_friends')->assign('friends', $friends)->assign('usr', $usr)->assign('myprofile', $id == $inUser->id)->assign('total', $total)->assign('pagebar', cmsPage::getPagebar($total, $page, $perpage, 'javascript:centerLink(\'/users/' . $id . '/friendlist%page%.html\')'))->display('com_users_friends.tpl'); } //============================================================================// //============================= Запрос на дружбу ============================// //============================================================================// if ($do == 'addfriend') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id || $inUser->id == $id) { cmsCore::halt(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::halt(); } cmsUser::clearSessionFriends(); if (cmsUser::isFriend($id)) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['YOU_ARE_BE_FRIENDS'])); } // проверяем был ли ранее запрос на дружбу // если был, то делаем accept запросу $is_need_accept_id = cmsUser::getFriendFieldId($id, 0, 'to_me'); if ($is_need_accept_id) { $inDB->query("UPDATE cms_user_friends SET is_accepted = 1 WHERE id = '{$is_need_accept_id}'"); //регистрируем событие cmsActions::log('add_friend', array('object' => $inUser->nickname, 'user_id' => $usr['id'], 'object_url' => cmsUser::getProfileURL($inUser->login), 'object_id' => $is_need_accept_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '')); cmsCore::callEvent('USER_ACCEPT_FRIEND', $id); cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ADD_FRIEND_OK'] . $usr['nickname'])); } // Если пользователь пытается добавиться в друзья к // пользователю, к которому уже отправил запрос if (cmsUser::getFriendFieldId($id, 0, 'from_me')) { cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ADD_TO_FRIEND_SEND_ERR'])); } // Мы вообще не друзья с пользователем, создаем запрос cmsUser::addFriend($id); cmsUser::sendMessage(USER_UPDATER, $id, sprintf($_LANG['RECEIVED_F_O'], cmsUser::getProfileLink($inUser->login, $inUser->nickname), '<a class="ajaxlink" href="javascript:void(0)" onclick="users.acceptFriend(' . $inUser->id . ', this);return false;">' . $_LANG['ACCEPT'] . '</a>', '<a class="ajaxlink" href="javascript:void(0)" onclick="users.rejectFriend(' . $inUser->id . ', this);return false;">' . $_LANG['REJECT'] . '</a>')); cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ADD_TO_FRIEND_SEND'])); } //============================================================================// //============================= Прекращение дружбы ==========================// //============================================================================// if ($do == 'delfriend') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id || $inUser->id == $id) { cmsCore::halt(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } if (cmsUser::getFriendFieldId($id)) { $is_accepted_friend = cmsUser::isFriend($id); if (cmsUser::deleteFriend($id)) { // Если подтвержденный друг if ($is_accepted_friend) { cmsCore::jsonOutput(array('error' => false, 'text' => $usr['nickname'] . $_LANG['DEL_FRIEND'])); } else { cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['REJECT_FRIEND'] . $usr['nickname'])); } } else { cmsCore::halt(); } } else { cmsCore::halt(); } } //============================================================================// //============================= История кармы ===============================// //============================================================================// if ($do == 'karma') { $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inPage->setTitle($_LANG['KARMA_HISTORY']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['KARMA_HISTORY']); cmsPage::initTemplate('components', 'com_users_karma')->assign('karma', $model->getUserKarma($usr['id']))->assign('usr', $usr)->display('com_users_karma.tpl'); } //============================================================================// //============================= Изменение кармы =============================// //============================================================================// if ($do == 'votekarma') { if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') { cmsCore::halt(); } if (!$inUser->id) { cmsCore::halt(); } $points = cmsCore::request('sign', 'str', 'plus') == 'plus' ? 1 : -1; $to = cmsCore::request('to', 'int', 0); $user = cmsUser::getShortUserData($to); if (!$user) { cmsCore::halt(); } if (!$model->isUserCanChangeKarma($to)) { cmsCore::halt(); } cmsCore::halt(cmsUser::changeKarmaUser($to, $points)); } //============================================================================// //======================= Наградить пользователя ============================// //============================================================================// if ($do == 'giveaward') { if (!$inUser->is_admin) { cmsCore::error404(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inPage->setTitle($_LANG['AWARD_USER']); $inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login'])); $inPage->addPathway($_LANG['AWARD']); if (!cmsCore::inRequest('gosend')) { cmsPage::initTemplate('components', 'com_users_awards_give')->assign('usr', $usr)->assign('awardslist', cmsUser::getAwardsImages())->display('com_users_awards_give.tpl'); } else { $award['title'] = cmsCore::request('title', 'str', $_LANG['AWRD']); $award['description'] = cmsCore::request('description', 'str', ''); $award['imageurl'] = cmsCore::request('imageurl', 'str', ''); $award['from_id'] = $inUser->id; $award['id'] = 0; cmsUser::giveAward($award, $id); cmsCore::redirect(cmsUser::getProfileURL($usr['login'])); } } //============================================================================// //============================= Удаление награды ============================// //============================================================================// if ($do == 'delaward') { $aw = $inDB->get_fields('cms_user_awards', "id = '{$id}'", '*'); if (!$aw) { cmsCore::error404(); } if (!$inUser->id || $inUser->id != $aw['user_id'] && !$inUser->is_admin) { cmsCore::error404(); } $inDB->delete('cms_user_awards', "id = '{$id}'", 1); cmsActions::removeObjectLog('add_award', $id); cmsCore::redirectBack(); } //============================================================================// //============================= Награды на сайте ============================// //============================================================================// if ($do == 'awardslist') { $inPage->setTitle($_LANG['SITE_AWARDS']); $inPage->addPathway($_LANG['SITE_AWARDS']); $awards = cmsUser::getAutoAwards(); if (!$awards) { cmsCore::error404(); } foreach ($awards as $aw) { //Перебираем все награды и ищем пользователей с текущей наградой $sql = "SELECT u.id as id, u.nickname as nickname, u.login as login, IFNULL(p.gender, 'm') as gender\r\n FROM cms_user_awards aw\r\n LEFT JOIN cms_users u ON u.id = aw.user_id\r\n LEFT JOIN cms_user_profiles p ON p.user_id = u.id\r\n WHERE aw.award_id = '{$aw['id']}'"; $rs = $inDB->query($sql); $aw['uhtml'] = ''; if ($inDB->num_rows($rs)) { while ($user = $inDB->fetch_assoc($rs)) { $aw['uhtml'] .= cmsUser::getGenderLink($user['id'], $user['nickname'], $user['gender'], $user['login']) . ', '; } $aw['uhtml'] = rtrim($aw['uhtml'], ', '); } else { $aw['uhtml'] = $_LANG['NOT_USERS_WITH_THIS_AWARD']; } $aws[] = $aw; } cmsPage::initTemplate('components', 'com_users_awards_site')->assign('aws', $aws)->display('com_users_awards_site.tpl'); } //============================================================================// //============================= Удаление профиля ============================// //============================================================================// if ($do == 'delprofile') { // неавторизованным тут делать нечего if (!$inUser->id) { cmsCore::error404(); } // есть ли удаляемый профиль $data = cmsUser::getShortUserData($id); if (!$data) { cmsCore::error404(); } // владелец профиля или админ if ($inUser->is_admin) { // могут ли администраторы удалять профиль if (!cmsUser::isAdminCan('admin/users', cmsUser::getAdminAccess())) { cmsCore::error404(); } // администратор сам себя не удалит if ($inUser->id == $data['id']) { cmsCore::error404(); } } else { // удаляем только свой профиль if ($inUser->id != $data['id']) { cmsCore::error404(); } } if (isset($_POST['csrf_token'])) { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $model->deleteUser($id); if (!$inUser->is_admin) { session_destroy(); cmsCore::redirect('/logout'); } else { cmsCore::addSessionMessage($_LANG['DELETING_PROFILE_OK'], 'info'); cmsCore::redirect('/users'); } } else { $inPage->setTitle($_LANG['DELETING_PROFILE']); $inPage->addPathway($data['nickname'], $inUser->getProfileURL($data['login'])); $inPage->addPathway($_LANG['DELETING_PROFILE']); $confirm['title'] = $_LANG['DELETING_PROFILE']; $confirm['text'] = '<p>' . $_LANG['REALLY_DEL_PROFILE'] . '</p>'; $confirm['action'] = '/users/' . $id . '/delprofile.html'; $confirm['yes_button'] = array(); $confirm['yes_button']['type'] = 'submit'; cmsPage::initTemplate('components', 'action_confirm.tpl')->assign('confirm', $confirm)->display('action_confirm.tpl'); } } //============================================================================// //============================ Восстановить профиль =========================// //============================================================================// if ($do == 'restoreprofile') { if (!$inUser->is_admin) { cmsCore::error404(); } $usr = cmsUser::getShortUserData($id); if (!$usr) { cmsCore::error404(); } $inDB->query("UPDATE cms_users SET is_deleted = 0 WHERE id = '{$id}'"); cmsCore::redirectBack(); } //============================================================================// //============================= Файлы пользователей =========================// //============================================================================// if ($do == 'files') { if (!$model->config['sw_files']) { cmsCore::error404(); } $fdo = cmsCore::request('fdo', 'str', ''); include 'components/users/files.php'; } //============================================================================// //================================ Инвайты =================================// //============================================================================// if ($do == 'invites') { $reg_cfg = $inCore->loadComponentConfig('registration'); if ($reg_cfg['reg_type'] != 'invite') { cmsCore::error404(); } $invites_count = $model->getUserInvitesCount($inUser->id); if (!$invites_count) { cmsCore::error404(); } if (!cmsCore::inRequest('send_invite')) { $inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login)); $inPage->addPathway($_LANG['MY_INVITES']); cmsPage::initTemplate('components', 'com_users_invites')->assign('invites_count', $invites_count)->display('com_users_invites.tpl'); return; } if (cmsCore::inRequest('send_invite')) { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $invite_email = cmsCore::request('invite_email', 'email', ''); if (!$invite_email) { cmsCore::redirectBack(); } if ($model->sendInvite($inUser->id, $invite_email)) { cmsCore::addSessionMessage(sprintf($_LANG['INVITE_SENDED'], $invite_email), 'success'); } else { cmsCore::addSessionMessage($_LANG['INVITE_ERROR'], 'error'); } cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } if ($do == 'change_email') { if (!$inUser->id) { cmsUser::goToLogin(); } $email = cmsCore::request('email', 'email', ''); $token = cmsCore::request('token', 'str', ''); // не занят ли email $is_email = $inDB->get_field('cms_users', "email='{$email}'", 'id'); if ($is_email || !$email || !$token) { cmsCore::error404(); } // проверяем токен $valid_id = $inDB->get_field('cms_users_activate', "code='{$token}' AND user_id = '{$inUser->id}'", 'id'); if (!$valid_id) { cmsCore::error404(); } $inDB->delete('cms_users_activate', "id = '{$valid_id}'"); // Сохраняем новый email $inDB->update('cms_users', array('email' => $email), $inUser->id); cmsCore::addSessionMessage($_LANG['NEW_EMAIL_SAVED'], 'success'); cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// }
function registration() { header('X-Frame-Options: DENY'); $inCore = cmsCore::getInstance(); $inPage = cmsPage::getInstance(); $inDB = cmsDatabase::getInstance(); $inUser = cmsUser::getInstance(); $inConf = cmsConfig::getInstance(); $model = new cms_model_registration(); cmsCore::loadModel('users'); $users_model = new cms_model_users(); global $_LANG; $do = $inCore->do; //============================================================================// if ($do == 'sendremind') { if ($inUser->id) { cmsCore::error404(); } $inPage->setTitle($_LANG['REMINDER_PASS']); $inPage->addPathway($_LANG['REMINDER_PASS']); if (!cmsCore::inRequest('goremind')) { cmsPage::initTemplate('components', 'com_registration_sendremind')->display('com_registration_sendremind.tpl'); } else { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $email = cmsCore::request('email', 'email', ''); if (!$email) { cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error'); cmsCore::redirectBack(); } $usr = cmsUser::getShortUserData($email); if (!$usr || $usr['is_locked'] || $usr['is_deleted']) { cmsCore::addSessionMessage($_LANG['ADRESS'] . ' "' . $email . '" ' . $_LANG['NOT_IN_OUR_BASE'], 'error'); cmsCore::redirectBack(); } if (cmsUser::userIsAdmin($usr['id'])) { cmsCore::addSessionMessage($_LANG['NOT_ADMIN_SENDREMIND'], 'error'); cmsCore::redirectBack(); } $usercode = md5($usr['id'] . '-' . uniqid() . '-' . microtime() . '-' . PATH); $sql = "INSERT cms_users_activate (pubdate, user_id, code)\n VALUES (NOW(), '{$usr['id']}', '{$usercode}')"; $inDB->query($sql); $newpass_link = HOST . '/registration/remind/' . $usercode; $mail_message = $_LANG['HELLO'] . ', ' . $usr['nickname'] . '!' . "\n\n"; $mail_message .= $_LANG['REMINDER_TEXT'] . ' "' . $inConf->sitename . '".' . "\n\n"; $mail_message .= $_LANG['YOUR_LOGIN'] . ': ' . $usr['login'] . "\n\n"; $mail_message .= $_LANG['NEW_PASS_LINK'] . ":\n" . $newpass_link . "\n\n"; $mail_message .= $_LANG['LINK_EXPIRES'] . "\n\n"; $mail_message .= $_LANG['SIGNATURE'] . ', ' . $inConf->sitename . ' (' . HOST . ').' . "\n"; $mail_message .= date('d-m-Y (H:i)'); $inCore->mailText($email, $inConf->sitename . ' - ' . $_LANG['REMINDER_PASS'], $mail_message); cmsCore::addSessionMessage($_LANG['NEW_PAS_SENDED'], 'info'); cmsCore::redirect('/login'); } } //============================================================================// if ($do == 'remind') { if ($inUser->id) { cmsCore::error404(); } $usercode = cmsCore::request('code', 'str', ''); //проверяем формат кода if (!preg_match('/^[0-9a-f]{32}$/i', $usercode)) { cmsCore::error404(); } // проверяем код $user_id = $inDB->get_field('cms_users_activate', "code = '{$usercode}'", 'user_id'); if (!$user_id) { cmsCore::error404(); } //получаем пользователя $user = $inDB->get_fields('cms_users', "id = '{$user_id}'", '*'); if (!$user) { cmsCore::error404(); } if (cmsUser::userIsAdmin($user['id'])) { cmsCore::error404(); } if (cmsCore::inRequest('submit')) { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $errors = false; $pass = cmsCore::request('pass', 'str', ''); $pass2 = cmsCore::request('pass2', 'str', ''); if (!$pass) { cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error'); $errors = true; } if ($pass && !$pass2) { cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error'); $errors = true; } if ($pass && $pass2 && mb_strlen($pass) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($pass && $pass2 && $pass != $pass2) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } if ($errors) { cmsCore::redirectBack(); } $md5_pass = md5($pass); $inDB->query("UPDATE cms_users SET password = '******', logdate = NOW() WHERE id = '{$user['id']}'"); $inDB->query("DELETE FROM cms_users_activate WHERE code = '{$usercode}'"); cmsCore::addSessionMessage($_LANG['CHANGE_PASS_COMPLETED'], 'info'); $inUser->signInUser($user['login'], $pass, true); cmsCore::redirect(cmsUser::getProfileURL($user['login'])); } $inPage->setTitle($_LANG['RECOVER_PASS']); $inPage->addPathway($_LANG['RECOVER_PASS']); cmsPage::initTemplate('components', 'com_registration_remind')->assign('cfg', $model->config)->assign('user', $user)->display('com_registration_remind.tpl'); } //============================================================================// if ($do == 'register') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } if ($inUser->id && !$inUser->is_admin) { if ($inCore->menuId() == 1) { return; } else { cmsCore::error404(); } } // регистрация закрыта if (!$model->config['is_on']) { cmsCore::error404(); } // регистрация по инвайтам if ($model->config['reg_type'] == 'invite') { if (!$users_model->checkInvite(cmsUser::sessionGet('invite_code'))) { cmsCore::error404(); } } $errors = false; // получаем данные $item['login'] = cmsCore::request('login', 'str', ''); $item['email'] = cmsCore::request('email', 'email'); $item['icq'] = cmsCore::request('icq', 'str', ''); $item['city'] = cmsCore::request('city', 'str', ''); $item['nickname'] = cmsCore::request('nickname', 'str', ''); $item['realname1'] = cmsCore::request('realname1', 'str', ''); $item['realname2'] = cmsCore::request('realname2', 'str', ''); $pass = cmsCore::request('pass', 'str', ''); $pass2 = cmsCore::request('pass2', 'str', ''); // проверяем логин if (mb_strlen($item['login']) < 2 || mb_strlen($item['login']) > 15 || is_numeric($item['login']) || !preg_match("/^([a-z0-9])+\$/ui", $item['login'])) { cmsCore::addSessionMessage($_LANG['ERR_LOGIN'], 'error'); $errors = true; } // проверяем пароль if (!$pass) { cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error'); $errors = true; } if ($pass && !$pass2) { cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error'); $errors = true; } if ($pass && $pass2 && mb_strlen($pass) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($pass && $pass2 && $pass != $pass2) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } // Проверяем nickname или имя и фамилию if ($model->config['name_mode'] == 'nickname') { if (!$item['nickname']) { cmsCore::addSessionMessage($_LANG['TYPE_NICKNAME'], 'error'); $errors = true; } } else { if (!$item['realname1']) { cmsCore::addSessionMessage($_LANG['TYPE_NAME'], 'error'); $errors = true; } if (!$item['realname2']) { cmsCore::addSessionMessage($_LANG['TYPE_SONAME'], 'error'); $errors = true; } $item['nickname'] = trim($item['realname1']) . ' ' . trim($item['realname2']); } if (mb_strlen($item['nickname']) < 2) { cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error'); $errors = true; } if ($model->getBadNickname($item['nickname'])) { cmsCore::addSessionMessage($_LANG['ERR_NICK_EXISTS'], 'error'); $errors = true; } // Проверяем email if (!$item['email']) { cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error'); $errors = true; } // День рождения list($item['bday'], $item['bmonth'], $item['byear']) = array_values(cmsCore::request('birthdate', 'array_int', array())); $item['birthdate'] = sprintf('%04d-%02d-%02d', $item['byear'], $item['bmonth'], $item['bday']); // получаем данные конструктора форм $item['formsdata'] = ''; if (isset($users_model->config['privforms'])) { if (is_array($users_model->config['privforms'])) { foreach ($users_model->config['privforms'] as $form_id) { $form_input = cmsForm::getFieldsInputValues($form_id); $item['formsdata'] .= $inDB->escape_string(cmsCore::arrayToYaml($form_input['values'])); // Проверяем значения формы foreach ($form_input['errors'] as $field_error) { if ($field_error) { cmsCore::addSessionMessage($field_error, 'error'); $errors = true; } } } } } // Проверяем каптчу if (!cmsPage::checkCaptchaCode()) { cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error'); $errors = true; } // проверяем есть ли такой пользователь $user_exist = $inDB->get_fields('cms_users', "(login LIKE '{$item['login']}' OR email LIKE '{$item['email']}') AND is_deleted = 0", 'id, login, email'); if ($user_exist) { if ($user_exist['login'] == $item['login']) { cmsCore::addSessionMessage($_LANG['LOGIN'] . ' "' . $item['login'] . '" ' . $_LANG['IS_BUSY'], 'error'); $errors = true; } else { cmsCore::addSessionMessage($_LANG['EMAIL_IS_BUSY'], 'error'); $errors = true; } } // В случае ошибок, возвращаемся в форму if ($errors) { cmsUser::sessionPut('item', $item); cmsCore::redirect('/registration'); } ////////////////////////////////////////////// //////////// РЕГИСТРАЦИЯ ///////////////////// ////////////////////////////////////////////// $item['is_locked'] = $model->config['act']; $item['password'] = md5($pass); $item['orig_password'] = $pass; $item['group_id'] = $model->config['default_gid']; $item['regdate'] = date('Y-m-d H:i:s'); $item['logdate'] = date('Y-m-d H:i:s'); if (cmsUser::sessionGet('invite_code')) { $invite_code = cmsUser::sessionGet('invite_code'); $item['invited_by'] = (int) $users_model->getInviteOwner($invite_code); if ($item['invited_by']) { $users_model->closeInvite($invite_code); } cmsUser::sessionDel('invite_code'); } else { $item['invited_by'] = 0; } $item = cmsCore::callEvent('USER_BEFORE_REGISTER', $item); $item['id'] = $item['user_id'] = $inDB->insert('cms_users', $item); if (!$item['id']) { cmsCore::error404(); } $inDB->insert('cms_user_profiles', $item); cmsCore::callEvent('USER_REGISTER', $item); if ($item['is_locked']) { $model->sendActivationNotice($pass, $item['id']); cmsPage::includeTemplateFile('special/regactivate.php'); cmsCore::halt(); } else { cmsActions::log('add_user', array('object' => '', 'user_id' => $item['id'], 'object_url' => '', 'object_id' => $item['id'], 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '')); if ($model->config['send_greetmsg']) { $model->sendGreetsMessage($item['id']); } $model->sendRegistrationNotice($pass, $item['id']); $back_url = $inUser->signInUser($item['login'], $pass, true); cmsCore::redirect($back_url); } } //============================================================================// if ($do == 'view') { $pagetitle = $inCore->getComponentTitle(); $inPage->setTitle($pagetitle); $inPage->addPathway($pagetitle); $inPage->addHeadJsLang(array('WRONG_PASS')); // Если пользователь авторизован, то не показываем форму регистрации, редирект в профиль. if ($inUser->id && !$inUser->is_admin) { if ($inCore->menuId() == 1) { return; } else { cmsCore::redirect(cmsUser::getProfileURL($inUser->login)); } } $correct_invite = cmsUser::sessionGet('invite_code') ? true : false; if ($model->config['reg_type'] == 'invite' && cmsCore::inRequest('invite_code')) { $invite_code = cmsCore::request('invite_code', 'str', ''); $correct_invite = $users_model->checkInvite($invite_code); if ($correct_invite) { cmsUser::sessionPut('invite_code', $invite_code); } else { cmsCore::addSessionMessage($_LANG['INCORRECT_INVITE'], 'error'); } } $item = cmsUser::sessionGet('item'); if ($item) { cmsUser::sessionDel('item'); } if (empty($item['birthdate'])) { $item['birthdate'] = date('Y-m-d'); } $private_forms = array(); if (isset($users_model->config['privforms'])) { if (is_array($users_model->config['privforms'])) { foreach ($users_model->config['privforms'] as $form_id) { $private_forms = array_merge($private_forms, cmsForm::getFieldsHtml($form_id, array(), true)); } } } cmsPage::initTemplate('components', 'com_registration')->assign('cfg', $model->config)->assign('item', $item)->assign('pagetitle', $pagetitle)->assign('correct_invite', $correct_invite)->assign('private_forms', $private_forms)->display('com_registration.tpl'); } //============================================================================// if ($do == 'activate') { $code = cmsCore::request('code', 'str', ''); if (!$code) { cmsCore::error404(); } $user_id = $inDB->get_field('cms_users_activate', "code = '{$code}'", 'user_id'); if (!$user_id) { cmsCore::error404(); } $inDB->query("UPDATE cms_users SET is_locked = 0 WHERE id = '{$user_id}'"); $inDB->query("DELETE FROM cms_users_activate WHERE code = '{$code}'"); cmsCore::callEvent('USER_ACTIVATED', $user_id); if ($model->config['send_greetmsg']) { $model->sendGreetsMessage($user_id); } // Регистрируем событие cmsActions::log('add_user', array('object' => '', 'user_id' => $user_id, 'object_url' => '', 'object_id' => $user_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '')); cmsCore::addSessionMessage($_LANG['ACTIVATION_COMPLETE'], 'info'); cmsUser::goToLogin(); } //============================================================================// if ($do == 'auth') { //====================// //== разлогивание ==// if (cmsCore::inRequest('logout')) { $inUser->logout(); cmsCore::redirect('/'); } //====================// //== авторизация ==// if (!cmsCore::inRequest('logout')) { // флаг неуспешных авторизаций $anti_brute_force = cmsUser::sessionGet('anti_brute_force'); $login = cmsCore::request('login', 'str', ''); $passw = cmsCore::request('pass', 'str', ''); $remember_pass = cmsCore::inRequest('remember'); // если нет логина или пароля, показываем форму входа if (!$login || !$passw) { if ($inUser->id && !$inUser->is_admin) { cmsCore::redirect('/'); } $inPage->setTitle($_LANG['SITE_LOGIN']); $inPage->addPathway($_LANG['SITE_LOGIN']); cmsPage::initTemplate('components', 'com_registration_login')->assign('cfg', $model->config)->assign('anti_brute_force', $anti_brute_force)->assign('is_sess_back', cmsUser::sessionGet('auth_back_url'))->display('com_registration_login.tpl'); if (!mb_strstr(cmsCore::getBackURL(), 'login')) { cmsUser::sessionPut('auth_back_url', cmsCore::getBackURL()); } return; } if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } // Проверяем каптчу if ($anti_brute_force && !cmsPage::checkCaptchaCode()) { cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error'); cmsCore::redirect('/login'); } cmsUser::sessionDel('anti_brute_force'); $back_url = $inUser->signInUser($login, $passw, $remember_pass); cmsCore::redirect($back_url); } } //============================================================================// if ($do == 'autherror') { cmsUser::sessionPut('anti_brute_force', 1); cmsPage::includeTemplateFile('special/autherror.php'); cmsCore::halt(); } //============================================================================// }
$inCore->loadModel('users'); $model = new cms_model_users(); $inv_count = $cfg['inv_count']; $inv_karma = $cfg['inv_karma']; if ($inv_count) { $invites_given = $model->giveInvites($inv_count, $inv_karma); if ($invites_given) { cmsUser::sessionPut('reg_msg', 'Выдано инвайтов: ' . $invites_given); } else { cmsUser::sessionPut('reg_msg', 'Инвайты не выданы: нет подходящих пользователей'); } } } if ($inCore->request('inv_delete', 'int', 0)) { $inCore->loadModel('users'); $model = new cms_model_users(); $model->deleteInvites(); cmsUser::sessionPut('reg_msg', 'Неиспользованные инвайты удалены'); } $inCore->redirectBack(); } $msg = cmsUser::sessionGet('reg_msg'); if ($msg) { echo '<p class="success">' . $msg . '</p>'; cmsUser::sessionDel('reg_msg'); } ?> <form action="index.php?view=components&do=config&id=<?php echo $_REQUEST['id']; ?> " method="post" name="optform" target="_self" id="optform">
function applet_users() { $inCore = cmsCore::getInstance(); cmsCore::loadClass('actions'); cmsCore::loadModel('users'); $model = new cms_model_users(); // подключаем язык компонента регистрации cmsCore::loadLanguage('components/registration'); global $_LANG; global $adminAccess; if (!cmsUser::isAdminCan('admin/users', $adminAccess)) { cpAccessDenied(); } cmsCore::c('page')->setTitle($_LANG['AD_USERS']); cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users'); $do = cmsCore::request('do', 'str', 'list'); $id = cmsCore::request('id', 'int', 0); if ($do == 'list') { $toolmenu = array( array( 'icon' => 'useradd.gif', 'title' => $_LANG['AD_USER_ADD'], 'link' => '?view=users&do=add' ), array( 'icon' => 'useredit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=users&do=edit&multiple=1');" ), array( 'icon' => 'userdelete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:if(confirm('". $_LANG['AD_IF_USERS_SELECT_REMOVE'] ."')) { checkSel('?view=users&do=delete&multiple=1'); }" ), array( 'icon' => 'usergroup.gif', 'title' => $_LANG['AD_USERS_GROUP'], 'link' => '?view=usergroups' ), array( 'icon' => 'userbanlist.gif', 'title' => $_LANG['AD_BANLIST'], 'link' => '?view=userbanlist' ), array( 'icon' => 'user_go.png', 'title' => $_LANG['AD_USERS_SELECT_ACTIVATE'], 'link' => "javascript:if(confirm('". $_LANG['AD_IF_USERS_SELECT_ACTIVATE'] ."')) { checkSel('?view=users&do=activate&multiple=1'); }" ), array( 'icon' => 'help.gif', 'title' => $_LANG['AD_HELP'], 'link' => '?view=help&topic=users' ) ); cpToolMenu($toolmenu); $fields = array( array( 'title' => 'id', 'field' => 'id', 'width' => '40' ), array( 'title' => $_LANG['LOGIN'], 'field' => 'login', 'width' => '100', 'link' => '?view=users&do=edit&id=%id%', 'filter' => 12 ), array( 'title' => $_LANG['NICKNAME'], 'field' => 'nickname', 'width' => '', 'link' => '?view=users&do=edit&id=%id%', 'filter' => 12 ), array( 'title' => $_LANG['AD_RATING'], 'field' => array( 'rating', 'id' ), 'width' => '70', 'prc' => 'setRating' ), array( 'title' => $_LANG['AD_GROUP'], 'field' => 'group_id', 'width' => '110', 'prc' => 'cpGroupById', 'filter' => 1, 'filterlist' => cpGetList('cms_user_groups') ), array( 'title' => $_LANG['EMAIL'], 'field' => 'email', 'width' => '120' ), array( 'title' => $_LANG['AD_REGISTRATION_DATE'], 'field' => 'regdate', 'width' => '100' ), array( 'title' => $_LANG['AD_LAST_LOGIN'], 'field' => 'logdate', 'width' => '100' ), array( 'title' => $_LANG['AD_LAST_IP'], 'field' => 'last_ip', 'width' => '90', 'prc' => 'getIpLink' ), array( 'title' => $_LANG['AD_IS_LOCKED'], 'field' => 'is_locked', 'width' => '110', 'prc' => 'viewAct' ), array( 'title' => $_LANG['AD_IS_DELETED'], 'field' => 'is_deleted', 'width' => '80', 'prc' => 'viewDel' ) ); $actions = array( array( 'title' => $_LANG['AD_PROFILE'], 'icon' => 'profile.gif', 'link' => '/users/%login%' ), array( 'title' => $_LANG['AD_BANNED'], 'icon' => 'ban.gif', 'link' => '?view=userbanlist&do=add&to=%id%' ), array( 'title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_IS_USER_DELETE'], 'link' => '?view=users&do=delete&id=%id%' ), array( 'title' => $_LANG['AD_FOREVER_USER_DELETE'], 'icon' => 'off.gif', 'confirm' => $_LANG['AD_IF_FOREVER_USER_DELETE'], 'link' => '?view=users&do=delete_full&id=%id%' ) ); cpListTable('cms_users', $fields, $actions, '1=1', 'regdate DESC'); } if ($do == 'rerating') { $user_id = cmsCore::request('user_id', 'int'); if (!$user_id) { cmsCore::redirectBack(); } $rating = cmsUser::getRating($user_id); $user_sql = "UPDATE cms_users SET rating = ". $rating ." WHERE id = '". $user_id ."'"; cmsCore::c('db')->query($user_sql); cmsCore::redirectBack(); } if ($do == 'activate') { $user_ids = cmsCore::request('item', 'array_int'); if (!$user_ids) { cmsCore::redirectBack(); } foreach ($user_ids as $user_id) { $code = cmsCore::c('db')->get_field('cms_users_activate', "user_id = '". $user_id ."'", 'code'); $sql = "UPDATE cms_users SET is_locked = 0 WHERE id = '". $user_id ."'"; cmsCore::c('db')->query($sql); $sql = "DELETE FROM cms_users_activate WHERE code = '". $code ."'"; cmsCore::c('db')->query($sql); cmsCore::callEvent('USER_ACTIVATED', $user_id); // Регистрируем событие cmsActions::log( 'add_user', array( 'object' => '', 'user_id' => $user_id, 'object_url' => '', 'object_id' => $user_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => '' ) ); } cmsCore::redirectBack(); } if ($do == 'delete') { if (!cmsCore::inRequest('item')) { if ($id >= 0) { $model->deleteUser($id); } } else { $model->deleteUsers(cmsCore::request('item', 'array_int', array())); } cmsCore::redirectBack(); } if ($do == 'delete_full') { $model->deleteUser($id, true); cmsCore::redirectBack(); } if ($do == 'submit' || $do == 'update') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $types = array( 'login' => array( 'login', 'str', '' ), 'nickname' => array( 'nickname', 'str', '', 'htmlspecialchars' ), 'email' => array( 'email', 'email', '' ), 'group_id' => array( 'group_id', 'int', 1 ), 'is_locked' => array( 'is_locked', 'int', 0 ), 'password' => array( 'pass', 'str', '', 'stripslashes' ), 'pass2' => array( 'pass2', 'str', '', 'stripslashes' ) ); $items = cmsCore::getArrayFromRequest($types); $errors = false; // проверяем логин if (mb_strlen($items['login']) < 2 || mb_strlen($items['login']) > 15 || is_numeric($items['login']) || !preg_match("/^([a-zA-Z0-9])+$/ui", $items['login'])) { cmsCore::addSessionMessage($_LANG['ERR_LOGIN'], 'error'); $errors = true; } // проверяем пароль if ($do == 'submit') { if (!$items['password']) { cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error'); $errors = true; } } if ($items['password'] && !$items['pass2']) { cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error'); $errors = true; } if ($items['password'] && $items['pass2'] && mb_strlen($items['password']) < 6) { cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error'); $errors = true; } if ($items['password'] && $items['pass2'] && $items['password'] != $items['pass2']) { cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error'); $errors = true; } // никнейм if (mb_strlen($items['nickname']) < 2) { cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error'); $errors = true; } // Проверяем email if (!$items['email']) { cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error'); $errors = true; } // проверяем есть ли такой пользователь if ($do == 'submit') { $user_exist = cmsCore::c('db')->get_fields('cms_users', "(login LIKE '". $items['login'] ."' OR email LIKE '". $items['email'] ."') AND is_deleted = 0", 'login'); if ($user_exist) { if ($user_exist['login'] == $items['login']) { cmsCore::addSessionMessage($_LANG['LOGIN'] .' "'. $items['login'] .'" '. $_LANG['IS_BUSY'], 'error'); $errors = true; } else { cmsCore::addSessionMessage($_LANG['EMAIL_IS_BUSY'], 'error'); $errors = true; } } } if ($errors) { if ($do == 'submit') { cmsUser::sessionPut('items', $items); } cmsCore::redirectBack(); } if ($do == 'submit') { $items['regdate'] = date('Y-m-d H:i:s'); $items['logdate'] = date('Y-m-d H:i:s'); $items['password'] = md5($items['password']); $items['user_id'] = cmsCore::c('db')->insert('cms_users', $items); if (!$items['user_id']) { cmsCore::error404(); } cmsCore::c('db')->insert('cms_user_profiles', $items); cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); cmsCore::redirect('?view=users'); } else { // главного админа может редактировать только он сам if ($id == 1 && cmsCore::c('user')->id != $id) { cmsCore::error404(); } if ($id == 1) { unset($items['group_id']); unset($items['is_locked']); } if (!$items['password']) { unset($items['password']); } else { $items['password'] = md5($items['password']); } cmsCore::c('db')->update('cms_users', $items, $id); cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); if (empty($_SESSION['editlist'])) { cmsCore::redirect('index.php?view=users'); } else { cmsCore::redirect('index.php?view=users&do=edit'); } } } if ($do == 'edit' || $do == 'add') { $toolmenu = array( array( 'icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();' ), array( 'icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);' ) ); cpToolMenu($toolmenu); if ($do == 'edit') { if (cmsCore::inRequest('multiple')){ if (cmsCore::inRequest('item')){ $_SESSION['editlist'] = cmsCore::request('item', 'array_int', array()); } else { cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error'); cmsCore::redirectBack(); } } $ostatok = ''; if (isset($_SESSION['editlist'])) { $item_id = array_shift($_SESSION['editlist']); if (count($_SESSION['editlist']) == 0) { unset($_SESSION['editlist']); } else { $ostatok = '('. $_LANG['AD_NEXT_IN'] . count($_SESSION['editlist']) .')'; } } else { $item_id = cmsCore::request('id', 'int', 0); } $mod = cmsCore::c('db')->get_fields('cms_users', "id = '". $item_id ."'", '*'); if (!$mod) { cmsCore::error404(); } echo '<h3>'. $_LANG['AD_USER_EDIT'] .' '. $ostatok .'</h3>'; cpAddPathway($mod['nickname']); } else { $mod = cmsUser::sessionGet('items'); if ($mod) { cmsUser::sessionDel('items'); } cpAddPathway($_LANG['AD_USER_ADD']); } cmsCore::c('page')->addHeadJS('components/registration/js/check.js'); ?> <form action="index.php?view=users" method="post" enctype="multipart/form-data" name="addform" id="addform"> <input type="hidden" name="csrf_token" value="<?php echo cmsUser::getCsrfToken(); ?>" /> <div style="width:500px;"> <div class="form-group"> <label><?php echo $_LANG['LOGIN']; ?>:</label> <input type="text" id="logininput" class="form-control" name="login" value="<?php echo cmsCore::getArrVal($mod, 'login', ''); ?>" onchange="checkLogin()" /> <?php if ($do == 'edit') { echo '<div class="help-block" style="text-align:right;"><a target="_blank" href="/users/'. $mod['login'] .'" title="'. $_LANG['AD_USER_PROFILE'] .'">'. $_LANG['AD_USER_PROFILE'] .'</a></div>'; } ?> </div> <div class="form-group"> <label><?php echo $_LANG['NICKNAME']; ?>:</label> <input type="text" id="login" class="form-control" name="nickname" value="<?php echo htmlspecialchars(cmsCore::getArrVal($mod, 'nickname', '')); ?>" /> </div> <div class="form-group"> <label><?php echo $_LANG['EMAIL']; ?>:</label> <input type="text" id="nickname" class="form-control" name="email" value="<?php echo cmsCore::getArrVal($mod, 'email', ''); ?>" /> </div> <div class="form-group"> <label><?php if ($do == 'edit') { echo $_LANG['AD_NEW_PASS']; } else { echo $_LANG['PASS']; } ?></label> <input type="password" id="pass" class="form-control" name="pass" /> </div> <div class="form-group"> <label><?php echo $_LANG['REPEAT_PASS']; ?>:</label> <input type="password" id="pass2" class="form-control" name="pass2" /> </div> <div class="form-group"> <label><?php echo $_LANG['AD_GROUP']; ?>:</label> <select id="group_id" class="form-control" name="group_id"> <?php echo $inCore->getListItems('cms_user_groups', cmsCore::getArrVal($mod, 'group_id', 0)); ?> </select> <?php if ($do == 'edit') { echo '<div class="help-block" style="text-align:right;"><a target="_blank" href="?view=usergroups&do=edit&id='. $mod['group_id'] .'">'. $_LANG['EDIT'] .'</a></div>'; } ?> </div> <div class="form-group"> <label><?php echo $_LANG['AD_IF_ACCAUNT_LOCK']; ?></label> <div class="btn-group" data-toggle="buttons" style="float:right;"> <label class="btn btn-default <?php if ($mod['is_locked']) { echo 'active'; } ?>"> <input type="radio" name="is_locked" <?php if ($mod['is_locked']) { echo 'checked="checked"'; } ?> value="1" /> <?php echo $_LANG['YES']; ?> </label> <label class="btn btn-default <?php if (!$mod['is_locked']) { echo 'active'; } ?>"> <input type="radio" name="is_locked" <?php if (!$mod['is_locked']) { echo 'checked="checked"'; } ?> value="0" /> <?php echo $_LANG['NO']; ?> </label> </div> </div> </div> <div> <?php if ($do == 'edit') { ?> <input type="hidden" name="do" value="update" /> <input type="submit" class="btn btn-primary" name="add_mod" value="<?php echo $_LANG['SAVE']; ?>" /> <?php } else { ?> <input type="hidden" name="do" value="submit" /> <input type="submit" class="btn btn-primary" name="add_mod" value="<?php echo $_LANG['AD_USER_ADD']; ?>" /> <?php } ?> <input type="button" class="btn btn-default" name="back2" value="<?php echo $_LANG['CANCEL']; ?>" onclick="window.history.back();" /> <?php if ($do == 'edit') { echo '<input type="hidden" name="id" value="'. $mod['id'] .'" />'; } ?> </div> </form> <?php } }
function applet_usergroups() { $inDB = cmsDatabase::getInstance(); global $_LANG; global $adminAccess; if (!cmsUser::isAdminCan('admin/users', $adminAccess)) { cpAccessDenied(); } $GLOBALS['cp_page_title'] = $_LANG['AD_USERS_GROUP']; cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users'); cpAddPathway($_LANG['AD_USERS_GROUP'], 'index.php?view=usergroups'); $do = cmsCore::request('do', 'str', 'list'); $id = cmsCore::request('id', 'int', -1); cmsCore::loadModel('users'); $model = new cms_model_users(); if ($do == 'list') { $toolmenu[] = array('icon' => 'usergroupadd.gif', 'title' => $_LANG['AD_CREATE_GROUP'], 'link' => '?view=usergroups&do=add'); $toolmenu[] = array('icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=usergroups&do=edit&multiple=1');"); $toolmenu[] = array('icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:if(confirm('{$_LANG['AD_REMOVE_GROUP']}')) { checkSel('?view=users&do=delete&multiple=1'); }"); cpToolMenu($toolmenu); $fields[] = array('title' => 'id', 'field' => 'id', 'width' => '30'); $fields[] = array('title' => $_LANG['TITLE'], 'field' => 'title', 'width' => '', 'link' => '?view=usergroups&do=edit&id=%id%', 'filter' => '12'); $fields[] = array('title' => $_LANG['AD_FROM_USERS'], 'field' => 'id', 'width' => '100', 'prc' => 'getCountUsers'); $fields[] = array('title' => $_LANG['AD_IF_ADMIN'], 'field' => 'is_admin', 'width' => '110', 'prc' => 'cpYesNo'); $fields[] = array('title' => $_LANG['AD_ALIAS'], 'field' => 'alias', 'width' => '75', 'filter' => '12'); $actions[] = array('title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=usergroups&do=edit&id=%id%'); $actions[] = array('title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_REMOVE_GROUP'], 'link' => '?view=usergroups&do=delete&id=%id%'); cpListTable('cms_user_groups', $fields, $actions); } if ($do == 'delete') { if (!isset($_REQUEST['item'])) { if ($id >= 0) { $model->deleteGroup($id); } } else { $model->deleteGroups(cmsCore::request('item', 'array_int', array())); } cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); cmsCore::redirect('index.php?view=usergroups'); } if ($do == 'submit' || $do == 'update') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $types = array('title' => array('title', 'str', ''), 'alias' => array('alias', 'str', ''), 'is_admin' => array('is_admin', 'int', 0), 'access' => array('access', 'array_str', array(), create_function('$a_list', 'return implode(\',\', $a_list);'))); $items = cmsCore::getArrayFromRequest($types); if ($do == 'submit') { $inDB->insert('cms_user_groups', $items); cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); cmsCore::redirect('index.php?view=usergroups'); } else { $inDB->update('cms_user_groups', $items, $id); cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); if (empty($_SESSION['editlist'])) { cmsCore::redirect('index.php?view=usergroups'); } else { cmsCore::redirect('index.php?view=usergroups&do=edit'); } } } if ($do == 'add' || $do == 'edit') { $toolmenu[] = array('icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();'); $toolmenu[] = array('icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);'); cpToolMenu($toolmenu); if ($do == 'add') { cpAddPathway($_LANG['AD_CREATE_GROUP']); } else { if (isset($_REQUEST['multiple'])) { if (isset($_REQUEST['item'])) { $_SESSION['editlist'] = cmsCore::request('item', 'array_int', array()); } else { cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error'); cmsCore::redirectBack(); } } $ostatok = ''; if (isset($_SESSION['editlist'])) { $item_id = array_shift($_SESSION['editlist']); if (sizeof($_SESSION['editlist']) == 0) { unset($_SESSION['editlist']); } else { $ostatok = '(' . $_LANG['AD_NEXT_IN'] . sizeof($_SESSION['editlist']) . ')'; } } else { $item_id = cmsCore::request('id', 'int', 0); } $mod = $inDB->get_fields('cms_user_groups', "id = '{$item_id}'", '*'); if (!$mod) { cmsCore::error404(); } echo '<h3>' . $_LANG['AD_EDIT_GROUP'] . ' ' . $ostatok . '</h3>'; cpAddPathway($_LANG['AD_EDIT_GROUP'] . ' ' . $mod['title']); } if (isset($mod['access'])) { $mod['access'] = str_replace(', ', ',', $mod['access']); $mod['access'] = explode(',', $mod['access']); } ?> <form id="addform" name="addform" method="post" action="index.php?view=usergroups"> <input type="hidden" name="csrf_token" value="<?php echo cmsUser::getCsrfToken(); ?> " /> <table width="660" border="0" cellspacing="5" class="proptable"> <tr> <td width="198" valign="top"><div><strong><?php echo $_LANG['AD_GROUP_NAME']; ?> : </strong></div><span class="hinttext"><?php echo $_LANG['AD_VIEW_SITE']; ?> </span></td> <td width="475" valign="top"><input name="title" type="text" id="title" size="30" value="<?php echo htmlspecialchars($mod['title']); ?> "/></td> </tr> <tr> <td valign="top"><div><strong><?php echo $_LANG['AD_ALIAS']; ?> :</strong></div><?php if ($do == 'edit') { ?> <span class="hinttext"><?php echo $_LANG['AD_DONT_CHANGE']; ?> </span><?php } ?> </td> <td valign="top"><input name="alias" type="text" id="title3" <?php if (@$mod['alias'] == 'guest') { ?> readonly="readonly"<?php } ?> size="30" value="<?php echo @$mod['alias']; ?> "/></td> </tr> <tr> <td><strong><?php echo $_LANG['AD_IF_ADMIN']; ?> </strong></td> <td> <label><input name="is_admin" type="radio" value="1" <?php if (@$mod['is_admin']) { echo 'checked="checked"'; } ?> onclick="$('#accesstable').hide();$('#admin_accesstable').show();"/> <?php echo $_LANG['YES']; ?> </label> <label><input name="is_admin" type="radio" value="0" <?php if (@(!$mod['is_admin'])) { echo 'checked="checked"'; } ?> onclick="$('#accesstable').show();$('#admin_accesstable').hide();"/> <?php echo $_LANG['NO']; ?> </label> </td> </tr> </table> <!---------------------------------------------------------------------------------------------------------------------------------------------> <table width="660" border="0" cellspacing="5" class="proptable" id="admin_accesstable" style="<?php if (@(!$mod['is_admin'])) { echo 'display:none;'; } ?> "> <tr> <td width="191" valign="top"> <div><strong><?php echo $_LANG['AD_AVAILABLE_SECTIONS']; ?> </strong></div> <span class="hinttext"><?php echo $_LANG['AD_ALL_SECTIONS']; ?> </span> </td> <td width="475" valign="top"> <table width="100%" border="0" cellspacing="2" cellpadding="0"> <tr> <td width="16"><input type="checkbox" name="access[]" id="admin_menu" value="admin/menu" <?php if (isset($mod['access'])) { if (in_array('admin/menu', $mod['access'])) { echo 'checked="checked"'; } } ?> ></td> <td><label for="admin_menu"><?php echo $_LANG['AD_MENU_CONTROL']; ?> </label></td> </tr> <tr> <td width="16"><input type="checkbox" name="access[]" id="admin_modules" value="admin/modules" <?php if (isset($mod['access'])) { if (in_array('admin/modules', $mod['access'])) { echo 'checked="checked"'; } } ?> ></td> <td><label for="admin_modules"><?php echo $_LANG['AD_MODULES_CONTROL']; ?> </label></td> </tr> <tr> <td width="16"><input type="checkbox" name="access[]" id="admin_content" value="admin/content" <?php if (isset($mod['access'])) { if (in_array('admin/content', $mod['access'])) { echo 'checked="checked"'; } } ?> ></td> <td><label for="admin_content"><?php echo $_LANG['AD_CONTENTS_CONTROL']; ?> </label></td> </tr> <tr> <td width="16"><input type="checkbox" name="access[]" id="admin_plugins" value="admin/plugins" <?php if (isset($mod['access'])) { if (in_array('admin/filters', $mod['access'])) { echo 'checked="checked"'; } } ?> ></td> <td><label for="admin_plugins"><?php echo $_LANG['AD_PLUGINS_CONTROL']; ?> </label></td> </tr> <tr> <td width="16"><input type="checkbox" name="access[]" id="admin_filters" value="admin/filters" <?php if (isset($mod['access'])) { if (in_array('admin/filters', $mod['access'])) { echo 'checked="checked"'; } } ?> ></td> <td><label for="admin_filters"><?php echo $_LANG['AD_FILTERS_CONTROL']; ?> </label></td> </tr> <tr> <td width="16"><input type="checkbox" name="access[]" id="admin_components" value="admin/components" <?php if (isset($mod['access'])) { if (in_array('admin/components', $mod['access'])) { echo 'checked="checked"'; } } ?> ></td> <td><label for="admin_components"><?php echo $_LANG['AD_COMPONENTS_CONTROL']; ?> </label></td> </tr> <tr> <td width="16"><input type="checkbox" name="access[]" id="admin_users" value="admin/users" <?php if (isset($mod['access'])) { if (in_array('admin/users', $mod['access'])) { echo 'checked="checked"'; } } ?> ></td> <td><label for="admin_users"><?php echo $_LANG['AD_USERS_CONTROL']; ?> </label></td> </tr> <tr> <td width="16"><input type="checkbox" name="access[]" id="admin_config" value="admin/config" <?php if (isset($mod['access'])) { if (in_array('admin/config', $mod['access'])) { echo 'checked="checked"'; } } ?> ></td> <td><label for="admin_config"><?php echo $_LANG['AD_SETTINGS_CONTROL']; ?> </label></td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div><strong><?php echo $_LANG['AD_COMPONENTS_SETTINGS_FREE']; ?> </strong></div> <span class="hinttext"><?php echo $_LANG['AD_COMPONENTS_SETTINGS_ON']; ?> </span> </td> <td valign="top"> <table width="100%" border="0" cellspacing="2" cellpadding="0"> <?php $coms = cmsCore::getInstance()->getAllComponents(); foreach ($coms as $com) { if (!file_exists(PATH . '/admin/components/' . $com['link'] . '/backend.php')) { continue; } ?> <tr> <td width="16"><input type="checkbox" name="access[]" id="admin_com_<?php echo $com['link']; ?> " value="admin/com_<?php echo $com['link']; ?> " <?php if (isset($mod['access'])) { if (in_array('admin/com_' . $com['link'], $mod['access'])) { echo 'checked="checked"'; } } ?> /></td> <td><label for="admin_com_<?php echo $com['link']; ?> "><?php echo $com['title']; ?> </label></td> </tr> <?php } ?> </table> </td> </tr> </table> <!---------------------------------------------------------------------------------------------------------------------------------------------> <table width="660" border="0" cellspacing="5" class="proptable" id="accesstable" style="<?php if (@$mod['is_admin']) { echo 'display:none;'; } ?> "> <tr> <td width="191" valign="top"><strong><?php echo $_LANG['AD_GROUP_RULE']; ?> </strong></td> <td width="475" valign="top"> <table width="100%" border="0" cellspacing="2" cellpadding="0"> <?php $sql = "SELECT * FROM cms_user_groups_access ORDER BY access_type"; $res = $inDB->query($sql); while ($ga = $inDB->fetch_assoc($res)) { if ($mod['alias'] == 'guest' && $ga['hide_for_guest']) { continue; } ?> <tr> <td width="16"><input type="checkbox" name="access[]" id="<?php echo str_replace('/', '_', $ga['access_type']); ?> " value="<?php echo $ga['access_type']; ?> " <?php if (isset($mod['access'])) { if (in_array($ga['access_type'], $mod['access'])) { echo 'checked="checked"'; } } ?> ></td> <td><label for="<?php echo str_replace('/', '_', $ga['access_type']); ?> "><?php echo $ga['access_name']; ?> </label></td> </tr> <?php } ?> </table> </td> </tr> </table> <!---------------------------------------------------------------------------------------------------------------------------------------------> <p> <input name="add_mod" type="submit" id="add_mod" <?php if ($do == 'add') { echo 'value="' . $_LANG['AD_CREATE_GROUP'] . '"'; } else { echo 'value="' . $_LANG['SAVE'] . '"'; } ?> /> <span style="margin-top:15px"><input name="back" type="button" id="back" value="<?php echo $_LANG['CANCEL']; ?> " onclick="window.history.back();"/></span> <input name="do" type="hidden" id="do" <?php if ($do == 'add') { echo 'value="submit"'; } else { echo 'value="update"'; } ?> /> <?php if ($do == 'edit') { echo '<input name="id" type="hidden" value="' . $mod['id'] . '" />'; } ?> </p> </form> <?php } }
function applet_usergroups() { global $_LANG; global $adminAccess; if (!cmsUser::isAdminCan('admin/users', $adminAccess)) { cpAccessDenied(); } cmsCore::c('page')->setTitle($_LANG['AD_USERS_GROUP']); cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users'); cpAddPathway($_LANG['AD_USERS_GROUP'], 'index.php?view=usergroups'); $do = cmsCore::request('do', 'str', 'list'); $id = cmsCore::request('id', 'int', -1); cmsCore::loadModel('users'); $model = new cms_model_users(); if ($do == 'list') { $toolmenu = array( array( 'icon' => 'usergroupadd.gif', 'title' => $_LANG['AD_CREATE_GROUP'], 'link' => '?view=usergroups&do=add' ), array( 'icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=usergroups&do=edit&multiple=1');" ), array( 'icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:if(confirm('". $_LANG['AD_REMOVE_GROUP'] ."')) { checkSel('?view=users&do=delete&multiple=1'); }" ) ); cpToolMenu($toolmenu); $fields = array( array( 'title' => 'id', 'field' => 'id', 'width' => '40' ), array( 'title' => $_LANG['TITLE'], 'field' => 'title', 'width' => '', 'link' => '?view=usergroups&do=edit&id=%id%', 'filter' => '12' ), array( 'title' => $_LANG['AD_FROM_USERS'], 'field' => 'id', 'width' => '110', 'prc' => 'getCountUsers' ), array( 'title' => $_LANG['AD_IF_ADMIN'], 'field' => 'is_admin', 'width' => '120', 'prc' => 'cpYesNo' ), array( 'title' => $_LANG['AD_ALIAS'], 'field' => 'alias', 'width' => '85', 'filter' => '12' ) ); $actions = array( array( 'title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=usergroups&do=edit&id=%id%' ), array( 'title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_REMOVE_GROUP'], 'link' => '?view=usergroups&do=delete&id=%id%' ) ); cpListTable('cms_user_groups', $fields, $actions); } if ($do == 'delete') { if (!cmsCore::inRequest('item')){ if ($id >= 0){ $model->deleteGroup($id); } } else { $model->deleteGroups(cmsCore::request('item', 'array_int', array())); } cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); cmsCore::redirect('index.php?view=usergroups'); } if ($do == 'submit' || $do == 'update') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $types = array( 'title' => array( 'title', 'str', '' ), 'alias' => array( 'alias', 'str', '' ), 'is_admin' => array( 'is_admin', 'int', 0 ), 'access' => array( 'access', 'array_str', array(), create_function('$a_list', 'return implode(\',\', $a_list);') ) ); $items = cmsCore::getArrayFromRequest($types); if ($do == 'submit') { cmsCore::c('db')->insert('cms_user_groups', $items); cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); cmsCore::redirect('index.php?view=usergroups'); } else { cmsCore::c('db')->update('cms_user_groups', $items, $id); cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); if (empty($_SESSION['editlist'])) { cmsCore::redirect('index.php?view=usergroups'); } else { cmsCore::redirect('index.php?view=usergroups&do=edit'); } } } if ($do == 'add' || $do == 'edit') { $toolmenu = array( array( 'icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();' ), array( 'icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);' ) ); cpToolMenu($toolmenu); if ($do == 'add') { cpAddPathway($_LANG['AD_CREATE_GROUP']); $mod = array(); } else { if(cmsCore::inRequest('multiple')){ if (cmsCore::inRequest('item')){ $_SESSION['editlist'] = cmsCore::request('item', 'array_int', array()); } else { cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error'); cmsCore::redirectBack(); } } $ostatok = ''; if (isset($_SESSION['editlist'])) { $item_id = array_shift($_SESSION['editlist']); if (count($_SESSION['editlist']) == 0) { unset($_SESSION['editlist']); } else { $ostatok = '('. $_LANG['AD_NEXT_IN'] . count($_SESSION['editlist']) .')'; } } else { $item_id = cmsCore::request('id', 'int', 0); } $mod = cmsCore::c('db')->get_fields('cms_user_groups', "id = '". $item_id ."'", '*'); if (!$mod){ cmsCore::error404(); } echo '<h3>'. $_LANG['AD_EDIT_GROUP'] .' '. $ostatok .'</h3>'; cpAddPathway($_LANG['AD_EDIT_GROUP'] .' '. $mod['title']); } if (isset($mod['access'])) { $mod['access'] = str_replace(', ', ',', $mod['access']); $mod['access'] = explode(',', $mod['access']); } ?> <form id="addform" name="addform" method="post" action="index.php?view=usergroups"> <input type="hidden" name="csrf_token" value="<?php echo cmsUser::getCsrfToken(); ?>" /> <div style="width:650px;"> <div class="form-group"> <label><?php echo $_LANG['AD_GROUP_NAME'];?>:</label> <input type="text" class="form-control" name="title" size="30" value="<?php echo htmlspecialchars(cmsCore::getArrVal($mod, 'title', '')); ?>" /> <div class="help-block"><?php echo $_LANG['AD_VIEW_SITE']; ?></div> </div> <div class="form-group"> <label><?php echo $_LANG['AD_ALIAS'];?>:</label> <input type="text" class="form-control" name="alias" size="30" <?php if (cmsCore::getArrVal($mod, 'alias', '') == 'guest') { echo 'readonly="readonly"'; } ?> value="<?php echo cmsCore::getArrVal($mod, 'alias', ''); ?>" /> <?php if ($do == 'edit') { ?> <div class="help-block"><?php echo $_LANG['AD_DONT_CHANGE']; ?></div> <?php } ?> </div> <div class="form-group"> <label><?php echo $_LANG['AD_IF_ADMIN'];?>:</label> <div class="btn-group" data-toggle="buttons" style="float:right;"> <label class="btn btn-default <?php if (cmsCore::getArrVal($mod, 'is_admin')) { echo 'active'; } ?>" onclick="$('#accesstable').hide();$('#admin_accesstable').show();"> <input type="radio" name="is_admin" <?php if (cmsCore::getArrVal($mod, 'is_admin')) { echo 'checked="checked"'; } ?> value="1" /> <?php echo $_LANG['YES']; ?> </label> <label class="btn btn-default <?php if (!cmsCore::getArrVal($mod, 'is_admin')) { echo 'active'; } ?>" onclick="$('#accesstable').show();$('#admin_accesstable').hide();"> <input type="radio" name="is_admin" <?php if (!cmsCore::getArrVal($mod, 'is_admin')) { echo 'checked="checked"'; } ?> value="0" /> <?php echo $_LANG['NO']; ?> </label> </div> </div> <hr> <div id="admin_accesstable" <?php if (!cmsCore::getArrVal($mod, 'is_admin')) { echo 'style="display:none;"'; } ?>> <div class="form-group"> <label><?php echo $_LANG['AD_AVAILABLE_SECTIONS']; ?></label> <div style="margin-left:50px;"> <div class="checkbox"> <label> <input type="checkbox" id="admin_menu" name="access[]" value="admin/menu" <?php if (isset($mod['access'])) { if (in_array('admin/menu', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_MENU_CONTROL']; ?> </label> </div> <div class="checkbox"> <label> <input type="checkbox" id="admin_modules" name="access[]" value="admin/modules" <?php if (isset($mod['access'])) { if (in_array('admin/modules', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_MODULES_CONTROL']; ?> </label> </div> <div class="checkbox"> <label> <input type="checkbox" id="admin_content" name="access[]" value="admin/content" <?php if (isset($mod['access'])) { if (in_array('admin/content', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_CONTENTS_CONTROL']; ?> </label> </div> <div class="checkbox"> <label> <input type="checkbox" id="admin_plugins" name="access[]" value="admin/plugins" <?php if (isset($mod['access'])) { if (in_array('admin/filters', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_CONTENTS_CONTROL']; ?> </label> </div> <div class="checkbox"> <label> <input type="checkbox" id="admin_filters" name="access[]" value="admin/filters" <?php if (isset($mod['access'])) { if (in_array('admin/filters', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_FILTERS_CONTROL']; ?> </label> </div> <div class="checkbox"> <label> <input type="checkbox" id="admin_components" name="access[]" value="admin/components" <?php if (isset($mod['access'])) { if (in_array('admin/components', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_COMPONENTS_CONTROL']; ?> </label> </div> <div class="checkbox"> <label> <input type="checkbox" id="admin_users" name="access[]" value="admin/users" <?php if (isset($mod['access'])) { if (in_array('admin/users', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_USERS_CONTROL']; ?> </label> </div> <div class="checkbox"> <label> <input type="checkbox" id="admin_config" name="access[]" value="admin/config" <?php if (isset($mod['access'])) { if (in_array('admin/config', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_SETTINGS_CONTROL']; ?> </label> </div> <div class="checkbox"> <label> <input type="checkbox" id="admin_config" name="access[]" value="admin/tickets" <?php if (isset($mod['access'])) { if (in_array('admin/tickets', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_TICKETS_CONTROL']; ?> </label> </div> <div class="checkbox"> <label> <input type="checkbox" id="admin_config" name="access[]" value="admin/checksystem" <?php if (isset($mod['access'])) { if (in_array('admin/checksystem', $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $_LANG['AD_CHECKSYSTEM_CONTROL']; ?> </label> </div> </div> <div class="help-block"><?php echo $_LANG['AD_ALL_SECTIONS']; ?></div> </div> <div class="form-group"> <label><?php echo $_LANG['AD_COMPONENTS_SETTINGS_FREE']; ?></label> <div style="margin-left:50px;"> <?php $coms = cmsCore::getInstance()->getAllComponents(); foreach ($coms as $com) { if (!file_exists(PATH.'/admin/components/'. $com['link'] .'/backend.php')) { continue; } ?> <div class="checkbox"> <label> <input type="checkbox" id="admin_com_<?php echo $com['link']; ?>" name="access[]" value="admin/com_<?php echo $com['link']; ?>" <?php if (isset($mod['access'])) { if (in_array('admin/com_'. $com['link'], $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $com['title']; ?> </label> </div> <?php } ?> </div> <div class="help-block"><?php echo $_LANG['AD_COMPONENTS_SETTINGS_ON']; ?></div> </div> </div> <div id="accesstable" <?php if (cmsCore::getArrVal($mod, 'is_admin')) { echo 'style="display:none;"'; } ?>> <div class="form-group"> <label><?php echo $_LANG['AD_GROUP_RULE'];?></label> <div style="margin-left:50px;"> <?php $sql = "SELECT * FROM cms_user_groups_access ORDER BY access_type"; $res = cmsCore::c('db')->query($sql); while ($ga = cmsCore::c('db')->fetch_assoc($res)) { if ($mod['alias'] == 'guest' && $ga['hide_for_guest']) { continue; } ?> <div class="checkbox"> <label> <input type="checkbox" id="<?php echo str_replace('/', '_', $ga['access_type']); ?>" name="access[]" value="<?php echo $ga['access_type']; ?>" <?php if (isset($mod['access'])) { if (in_array($ga['access_type'], $mod['access'])) { echo 'checked="checked"'; } } ?> /> <?php echo $ga['access_name']; ?> </label> </div> <?php } ?> </div> </div> </div> </div> <div> <input type="submit" class="btn btn-primary" name="add_mod" value="<?php if ($do == 'add') { echo $_LANG['AD_CREATE_GROUP']; } else { echo $_LANG['SAVE']; } ?>" /> <input type="button" class="btn btn-default" name="back" value="<?php echo $_LANG['CANCEL'];?>" onclick="window.history.back();"/> <input type="hidden" name="do" value="<?php if ($do == 'add') { echo 'submit'; } else { echo 'update'; } ?>" /> <?php if ($do == 'edit') { echo '<input name="id" type="hidden" value="'. $mod['id'] .'" />'; } ?> </div> </form> <?php } }
// LICENSED BY GNU/GPL v2 // // // /******************************************************************************/ Error_Reporting(E_ALL & ~E_NOTICE & ~E_WARNING); @set_time_limit(0); define('PATH', $_SERVER['DOCUMENT_ROOT']); define('VALID_CMS', 1); header('Content-Type: text/html; charset=utf-8'); include_once PATH . '/core/cms.php'; $inCore = cmsCore::getInstance(); cmsCore::loadClass('user'); $inDB = cmsDatabase::getInstance(); $inConf = cmsConfig::getInstance(); $inUser = cmsUser::getInstance(); cmsCore::loadModel('users'); $model = new cms_model_users(); if (empty($_FILES['Filedata']['name'])) { return false; } $sess_id = cmsCore::request('sess_id', 'str'); if (!$sess_id) { header("HTTP/1.1 500 File Upload Error"); exit(0); } session_id($sess_id); session_start(); $user_id = (int) $_SESSION['user']['id']; if (!$user_id) { header("HTTP/1.1 500 Internal Server Error"); exit(0); }
function applet_usergroups() { global $_LANG; global $adminAccess; if (!cmsUser::isAdminCan('admin/users', $adminAccess)) { cpAccessDenied(); } cmsCore::c('page')->setTitle($_LANG['AD_USERS_GROUP']); cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users'); cpAddPathway($_LANG['AD_USERS_GROUP'], 'index.php?view=usergroups'); $do = cmsCore::request('do', 'str', 'list'); $id = cmsCore::request('id', 'int', -1); cmsCore::loadModel('users'); $model = new cms_model_users(); if ($do == 'list') { $toolmenu = array(array('icon' => 'usergroupadd.gif', 'title' => $_LANG['AD_CREATE_GROUP'], 'link' => '?view=usergroups&do=add'), array('icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=usergroups&do=edit&multiple=1');"), array('icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:if(confirm('" . $_LANG['AD_REMOVE_GROUP'] . "')) { checkSel('?view=users&do=delete&multiple=1'); }")); cpToolMenu($toolmenu); $fields = array(array('title' => 'id', 'field' => 'id', 'width' => '40'), array('title' => $_LANG['TITLE'], 'field' => 'title', 'width' => '', 'link' => '?view=usergroups&do=edit&id=%id%', 'filter' => '12'), array('title' => $_LANG['AD_FROM_USERS'], 'field' => 'id', 'width' => '110', 'prc' => 'getCountUsers'), array('title' => $_LANG['AD_IF_ADMIN'], 'field' => 'is_admin', 'width' => '120', 'prc' => 'cpYesNo'), array('title' => $_LANG['AD_ALIAS'], 'field' => 'alias', 'width' => '85', 'filter' => '12')); $actions = array(array('title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=usergroups&do=edit&id=%id%'), array('title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_REMOVE_GROUP'], 'link' => '?view=usergroups&do=delete&id=%id%')); cpListTable('cms_user_groups', $fields, $actions); } if ($do == 'delete') { if (!cmsCore::inRequest('item')) { if ($id >= 0) { $model->deleteGroup($id); } } else { $model->deleteGroups(cmsCore::request('item', 'array_int', array())); } cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); cmsCore::redirect('index.php?view=usergroups'); } if ($do == 'submit' || $do == 'update') { if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); } $types = array('title' => array('title', 'str', ''), 'alias' => array('alias', 'str', ''), 'is_admin' => array('is_admin', 'int', 0), 'access' => array('access', 'array_str', array(), create_function('$a_list', 'return implode(\',\', $a_list);'))); $items = cmsCore::getArrayFromRequest($types); if ($do == 'submit') { cmsCore::c('db')->insert('cms_user_groups', $items); cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); cmsCore::redirect('index.php?view=usergroups'); } else { cmsCore::c('db')->update('cms_user_groups', $items, $id); cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success'); if (empty($_SESSION['editlist'])) { cmsCore::redirect('index.php?view=usergroups'); } else { cmsCore::redirect('index.php?view=usergroups&do=edit'); } } } if ($do == 'add' || $do == 'edit') { $toolmenu = array(array('icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();'), array('icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);')); cpToolMenu($toolmenu); if ($do == 'add') { cpAddPathway($_LANG['AD_CREATE_GROUP']); $mod = array(); } else { if (cmsCore::inRequest('multiple')) { if (cmsCore::inRequest('item')) { $_SESSION['editlist'] = cmsCore::request('item', 'array_int', array()); } else { cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error'); cmsCore::redirectBack(); } } $ostatok = ''; if (isset($_SESSION['editlist'])) { $item_id = array_shift($_SESSION['editlist']); if (count($_SESSION['editlist']) == 0) { unset($_SESSION['editlist']); } else { $ostatok = '(' . $_LANG['AD_NEXT_IN'] . count($_SESSION['editlist']) . ')'; } } else { $item_id = cmsCore::request('id', 'int', 0); } $mod = cmsCore::c('db')->get_fields('cms_user_groups', "id = '" . $item_id . "'", '*'); if (!$mod) { cmsCore::error404(); } echo '<h3>' . $_LANG['AD_EDIT_GROUP'] . ' ' . $ostatok . '</h3>'; cpAddPathway($_LANG['AD_EDIT_GROUP'] . ' ' . $mod['title']); } if (isset($mod['access'])) { $mod['access'] = str_replace(', ', ',', $mod['access']); $mod['access'] = explode(',', $mod['access']); } $gas = array(); $sql = "SELECT * FROM cms_user_groups_access ORDER BY access_type"; $res = cmsCore::c('db')->query($sql); while ($ga = cmsCore::c('db')->fetch_assoc($res)) { $gas[] = $ga; } cmsCore::c('page')->initTemplate('applets', 'usergroups_add')->assign('do', $do)->assign('coms', cmsCore::getInstance()->getAllComponents())->assign('gas', $gas)->assign('mod', $mod)->display(); } }