function mod_lastreg($mod, $cfg)
{
$inDB = cmsDatabase::getInstance();
cmsCore::loadModel('users');
$model = new cms_model_users();
$inDB->orderBy('regdate', 'DESC');
$inDB->limitPage(1, $cfg['newscount']);
$users = $model->getUsers();
if ($cfg['view_type'] == 'list') {
$total_all = cmsUser::getCountAllUsers();
} else {
$total_all = 0;
}
cmsPage::initTemplate('modules', $cfg['tpl'])->assign('usrs', $users)->assign('cfg', $cfg)->assign('total_all', $total_all)->assign('total', sizeof($users))->display($cfg['tpl']);
return true;
}
function mod_user_rating($module_id, $cfg)
{
$inDB = cmsDatabase::getInstance();
cmsCore::loadModel('users');
$model = new cms_model_users();
if (!isset($cfg['count'])) {
$cfg['count'] = 20;
}
if (!isset($cfg['view_type'])) {
$cfg['view_type'] = 'rating';
}
if (!in_array($cfg['view_type'], array('karma', 'rating'))) {
$cfg['view_type'] = 'rating';
}
$inDB->orderBy($cfg['view_type'], 'DESC');
$inDB->limitPage(1, $cfg['count']);
$users = $model->getUsers();
cmsPage::initTemplate('modules', 'mod_user_rating')->assign('users', $users)->assign('cfg', $cfg)->display('mod_user_rating.tpl');
return true;
}
function users()
{
header('X-Frame-Options: DENY');
$inCore = cmsCore::getInstance();
$inPage = cmsPage::getInstance();
$inDB = cmsDatabase::getInstance();
$inUser = cmsUser::getInstance();
global $_LANG;
$model = new cms_model_users();
// id пользователя
$id = cmsCore::request('id', 'int', 0);
// логин пользователя
$login = cmsCore::strClear(urldecode(cmsCore::request('login', 'html', '')));
$do = $inCore->do;
$page = cmsCore::request('page', 'int', 1);
$pagetitle = $inCore->getComponentTitle();
if ($model->config['sw_search'] != 2) {
$inPage->addPathway($pagetitle, '/users');
}
$inPage->setTitle($pagetitle);
$inPage->setDescription($pagetitle);
// js только авторизованным
if ($inUser->id) {
$inPage->addHeadJS('components/users/js/profile.js');
$inPage->addHeadJsLang(array('CONFIRM_CLEAN_CAT', 'CHOOSE_RECIPIENT', 'SEND_TO_USER', 'FRIENDSHIP_OFFER', 'STOP_FRIENDLY', 'REALY_STOP_FRIENDLY', 'ENTER_STATUS', 'HAVE_JUST'));
}
//============================================================================//
//========================= Список пользователей ============================//
//============================================================================//
if ($do == 'view') {
// если запрещен просмотр всех пользователей, 404
if ($model->config['sw_search'] == 2) {
cmsCore::error404();
}
//очищаем поисковые запросы если пришли со другой страницы
if (!strstr(cmsCore::getBackURL(), '/users')) {
cmsUser::sessionClearAll();
}
$stext = array();
// Возможные входные переменные
$name = cmsCore::getSearchVar('name');
$city = cmsCore::getSearchVar('city');
$hobby = cmsCore::getSearchVar('hobby');
$gender = cmsCore::getSearchVar('gender');
$orderby = cmsCore::request('orderby', array('karma', 'rating', 'regdate'), 'regdate');
$orderto = cmsCore::request('orderto', array('asc', 'desc'), 'desc');
$age_to = (int) cmsCore::getSearchVar('ageto', 'all');
$age_fr = (int) cmsCore::getSearchVar('agefrom', 'all');
$group_id = cmsCore::request('group_id', 'int', 0);
// Флаг о показе только онлайн пользователей
if (cmsCore::inRequest('online')) {
cmsUser::sessionPut('usr_online', (bool) cmsCore::request('online', 'int'));
$page = 1;
}
$only_online = cmsUser::sessionGet('usr_online');
if ($only_online) {
$stext[] = $_LANG['SHOWING_ONLY_ONLINE'];
}
///////////////////////////////////////
//////////Условия выборки//////////////
///////////////////////////////////////
// группа
if ($group_id) {
$model->whereUserGroupIs($group_id);
$link['group'] = '/users/group/' . $group_id;
$_LANG['GROUP_SEARCH_NAME'] = cmsUser::getGroupTitle($group_id);
}
// Добавляем в выборку имя, если оно есть
if ($name) {
$model->whereNameIs($name);
$stext[] = $_LANG['NAME'] . " — " . htmlspecialchars(stripslashes($name));
}
// Добавляем в выборку город, если он есть
if ($city) {
$model->whereCityIs($city);
$stext[] = $_LANG['CITY'] . " — " . htmlspecialchars(stripslashes($city));
}
// Добавляем в выборку хобби, если есть
if ($hobby) {
$model->whereHobbyIs($hobby);
$stext[] = $_LANG['HOBBY'] . " — " . htmlspecialchars(stripslashes($hobby));
}
// Добавляем в выборку пол, если есть
if ($gender) {
$model->whereGenderIs($gender);
if ($gender == 'm') {
$stext[] = $_LANG['MALE'];
} else {
$stext[] = $_LANG['FEMALE'];
}
}
// Добавляем в выборку возраст, более
if ($age_fr) {
$model->whereAgeFrom($age_fr);
$stext[] = $_LANG['NOT_YOUNG'] . " {$age_fr} " . $_LANG['YEARS'];
}
// Добавляем в выборку возраст, менее
if ($age_to) {
$model->whereAgeTo($age_to);
$stext[] = $_LANG['NOT_OLD'] . " {$age_fr} " . $_LANG['YEARS'];
}
// Считаем общее количество согласно выборки
$total = $model->getUsersCount($only_online);
if ($total) {
//устанавливаем сортировку
$inDB->orderBy($orderby, $orderto);
//устанавливаем номер текущей страницы и кол-во пользователей на странице
$inDB->limitPage($page, $model->config['users_perpage']);
// Загружаем пользователей согласно выборки
$users = $model->getUsers($only_online);
} else {
$inDB->resetConditions();
}
$link['latest'] = '/users';
$link['positive'] = '/users/positive.html';
$link['rating'] = '/users/rating.html';
if ($orderby == 'regdate') {
$link['selected'] = 'latest';
}
if ($orderby == 'karma') {
$link['selected'] = 'positive';
}
if ($orderby == 'rating') {
$link['selected'] = 'rating';
}
$pagebar_link = '/users/' . $link['selected'] . '%page%.html';
if ($group_id) {
$link['selected'] = 'group';
$pagebar_link = '/users/' . $link['selected'] . '/' . $group_id . '-%page%';
}
cmsPage::initTemplate('components', 'com_users_view')->assign('stext', $stext)->assign('orderby', $orderby)->assign('orderto', $orderto)->assign('users', $users)->assign('total', $total)->assign('only_online', $only_online)->assign('gender', $gender)->assign('name', stripslashes($name))->assign('city', stripslashes($city))->assign('hobby', stripslashes($hobby))->assign('age_to', $age_to)->assign('age_fr', $age_fr)->assign('cfg', $model->config)->assign('link', $link)->assign('pagebar', cmsPage::getPagebar($total, $page, $model->config['users_perpage'], $pagebar_link))->display('com_users_view.tpl');
}
//============================================================================//
//======================= Редактирование профиля ============================//
//============================================================================//
if ($do == 'editprofile') {
// неавторизованным, не владельцам и не админам тут делать нечего
if (!$inUser->id || $inUser->id != $id && !$inUser->is_admin) {
cmsCore::error404();
}
$usr = $model->getUser($id);
if (!$usr) {
cmsCore::error404();
}
$opt = cmsCore::request('opt', 'str', 'edit');
// главного админа может редактировать только он сам
if ($id == 1 && $inUser->id != $id) {
cmsCore::error404();
}
// показываем форму
if ($opt == 'edit') {
$inPage->setTitle($_LANG['CONFIG_PROFILE'] . ' - ' . $usr['nickname']);
$inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login']));
$inPage->addPathway($_LANG['CONFIG_PROFILE']);
$private_forms = array();
if (isset($model->config['privforms'])) {
if (is_array($model->config['privforms'])) {
foreach ($model->config['privforms'] as $form_id) {
$private_forms = array_merge($private_forms, cmsForm::getFieldsHtml($form_id, $usr['formsdata']));
}
}
}
cmsPage::initTemplate('components', 'com_users_edit_profile')->assign('opt', $opt)->assign('usr', $usr)->assign('private_forms', $private_forms)->assign('cfg_forum', $inCore->loadComponentConfig('forum'))->assign('cfg', $model->config)->display('com_users_edit_profile.tpl');
return;
}
// Если сохраняем профиль
if ($opt == 'save') {
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
$errors = false;
$users['nickname'] = cmsCore::request('nickname', 'str');
if (mb_strlen($users['nickname']) < 2) {
cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error');
$errors = true;
}
cmsCore::loadModel('registration');
$modreg = new cms_model_registration();
if (!$inUser->is_admin) {
if ($modreg->getBadNickname($users['nickname'])) {
cmsCore::addSessionMessage($_LANG['ERR_NICK_EXISTS'], 'error');
$errors = true;
}
}
$profiles['gender'] = cmsCore::request('gender', 'str');
$profiles['city'] = cmsCore::request('city', 'str');
if (mb_strlen($profiles['city']) > 50) {
cmsCore::addSessionMessage($_LANG['LONG_CITY_NAME'], 'error');
$errors = true;
}
$users['email'] = cmsCore::request('email', 'email');
if (!$users['email']) {
cmsCore::addSessionMessage($_LANG['REALY_ADRESS_EMAIL'], 'error');
$errors = true;
}
if ($usr['email'] != $users['email']) {
$is_set_email = $inDB->get_field('cms_users', "email='{$users['email']}'", 'id');
if ($is_set_email) {
cmsCore::addSessionMessage($_LANG['ADRESS_EMAIL_IS_BUSY'], 'error');
$errors = true;
} else {
// формируем токен
$token = md5($usr['email'] . uniqid() . microtime());
$inDB->insert('cms_users_activate', array('user_id' => $inUser->id, 'pubdate' => date("Y-m-d H:i:s"), 'code' => $token));
$codelink = HOST . '/users/change_email/' . $token . '/' . $users['email'];
// по старому адресу высылаем письмо с подтверждением
$letter = cmsCore::getLanguageTextFile('change_email');
$letter = str_replace(array('{nickname}', '{codelink}'), array($inUser->nickname, $codelink), $letter);
cmsCore::mailText($usr['email'], '', $letter);
cmsCore::addSessionMessage(sprintf($_LANG['YOU_CHANGE_EMAIL'], $usr['email']), 'info');
// email не меняем
$users['email'] = $usr['email'];
}
}
$profiles['showphone'] = cmsCore::request('showphone', 'int', 0);
$profiles['showmail'] = cmsCore::request('showmail', 'int');
$profiles['email_newmsg'] = cmsCore::request('email_newmsg', 'int');
$profiles['showbirth'] = cmsCore::request('showbirth', 'int');
$profiles['description'] = cmsCore::request('description', 'str', '');
$users['birthdate'] = (int) $_REQUEST['birthdate']['year'] . '-' . (int) $_REQUEST['birthdate']['month'] . '-' . (int) $_REQUEST['birthdate']['day'];
$profiles['signature'] = $inDB->escape_string(cmsCore::badTagClear(cmsCore::request('signature', 'html', '')));
$profiles['signature_html'] = $inDB->escape_string(cmsCore::parseSmiles(cmsCore::request('signature', 'html', ''), true));
$profiles['allow_who'] = cmsCore::request('allow_who', 'str');
if (!preg_match('/^([a-zA-Z]+)$/ui', $profiles['allow_who'])) {
$errors = true;
}
$users['icq'] = cmsCore::request('icq', 'str', '');
$profiles['showicq'] = cmsCore::request('showicq', 'int');
$profiles['cm_subscribe'] = cmsCore::request('cm_subscribe', 'str');
if (!preg_match('/^([a-zA-Z]+)$/ui', $profiles['cm_subscribe'])) {
$errors = true;
}
$users['phone'] = cmsCore::request('phone', 'int', 0);
// получаем данные форм
$profiles['formsdata'] = '';
if (isset($model->config['privforms'])) {
if (is_array($model->config['privforms'])) {
foreach ($model->config['privforms'] as $form_id) {
$form_input = cmsForm::getFieldsInputValues($form_id);
$profiles['formsdata'] .= $inDB->escape_string(cmsCore::arrayToYaml($form_input['values']));
// Проверяем значения формы
foreach ($form_input['errors'] as $field_error) {
if ($field_error) {
cmsCore::addSessionMessage($field_error, 'error');
$errors = true;
}
}
}
}
}
if ($errors) {
cmsCore::redirectBack();
}
$inDB->update('cms_user_profiles', cmsCore::callEvent('UPDATE_USER_PROFILES', array_merge(array('id' => $usr['pid'], 'user_id' => $usr['id']), $profiles)), $usr['pid']);
$inDB->update('cms_users', cmsCore::callEvent('UPDATE_USER_USERS', array_merge(array('id' => $usr['id']), $users)), $usr['id']);
cmsCore::addSessionMessage($_LANG['PROFILE_SAVED'], 'info');
cmsCore::redirect(cmsUser::getProfileURL($usr['login']));
}
if ($opt == 'changepass') {
$errors = false;
$oldpass = cmsCore::request('oldpass', 'str');
$newpass = cmsCore::request('newpass', 'str');
$newpass2 = cmsCore::request('newpass2', 'str');
if ($inUser->password != md5($oldpass)) {
cmsCore::addSessionMessage($_LANG['OLD_PASS_WRONG'], 'error');
$errors = true;
}
if ($newpass != $newpass2) {
cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error');
$errors = true;
}
if ($oldpass && $newpass && $newpass2 && mb_strlen($newpass) < 6) {
cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error');
$errors = true;
}
if ($errors) {
cmsCore::redirectBack();
}
cmsCore::callEvent('UPDATE_USER_PASSWORD', array('user_id' => $usr['id'], 'oldpass' => $oldpass, 'newpass' => $newpass));
$sql = "UPDATE cms_users SET password='******' WHERE id = '{$id}' AND password='******'";
$inDB->query($sql);
cmsCore::addSessionMessage($_LANG['PASS_CHANGED'], 'info');
cmsCore::redirect(cmsUser::getProfileURL($inUser->login));
}
}
//============================================================================//
//============================= Просмотр профиля ============================//
//============================================================================//
if ($do == 'profile') {
$inPage->addHeadJsLang(array('NEW_POST_ON_WALL', 'CONFIRM_DEL_POST_ON_WALL'));
// если просмотр профиля гостям запрещен
if (!$inUser->id && !$model->config['sw_guest']) {
cmsUser::goToLogin();
}
if (is_numeric($login)) {
cmsCore::error404();
}
$usr = $model->getUser($login);
if (!$usr) {
cmsCore::error404();
}
$myprofile = $inUser->id == $usr['id'];
$inPage->setTitle($usr['nickname']);
$inPage->addPathway($usr['nickname']);
// просмотр профиля запрещен
if (!cmsUser::checkUserContentAccess($usr['allow_who'], $usr['id'])) {
cmsPage::initTemplate('components', 'com_users_not_allow')->assign('is_auth', $inUser->id)->assign('usr', $usr)->display('com_users_not_allow.tpl');
return;
}
// Профиль удален
if ($usr['is_deleted']) {
cmsPage::initTemplate('components', 'com_users_deleted.tpl')->assign('usr', $usr)->assign('is_admin', $inUser->is_admin)->assign('others_active', $inDB->rows_count('cms_users', "login='******'login']}' AND is_deleted=0", 1))->display('com_users_deleted.tpl');
return;
}
// Данные о друзьях
$usr['friends_total'] = cmsUser::getFriendsCount($usr['id']);
$usr['friends'] = cmsUser::getFriends($usr['id']);
// очищать сессию друзей если в своем профиле и количество друзей из базы не совпадает с количеством друзей в сессии
if ($myprofile && sizeof($usr['friends']) != $usr['friends_total']) {
cmsUser::clearSessionFriends();
}
// обрезаем список
$usr['friends'] = array_slice($usr['friends'], 0, 6);
// выясняем друзья ли мы с текущим пользователем
$usr['isfriend'] = !$myprofile ? cmsUser::isFriend($usr['id']) : false;
// награды пользователя
$usr['awards'] = $model->config['sw_awards'] ? $model->getUserAwards($usr['id']) : false;
// стена
if ($model->config['sw_wall']) {
$inDB->limitPage(1, $model->config['wall_perpage']);
$usr['wall_html'] = cmsUser::getUserWall($usr['id'], 'users', $myprofile, $inUser->is_admin);
}
// можно ли пользователю изменять карму
$usr['can_change_karma'] = $model->isUserCanChangeKarma($usr['id']) && $inUser->id;
// Фотоальбомы пользователя
if ($model->config['sw_photo']) {
$usr['albums'] = $model->getPhotoAlbums($usr['id'], $usr['isfriend'], !$inCore->isComponentEnable('photos'));
$usr['albums_total'] = sizeof($usr['albums']);
$usr['albums_show'] = 6;
if ($usr['albums_total'] > $usr['albums_show']) {
array_splice($usr['albums'], $usr['albums_show']);
}
}
$usr['board_count'] = $model->config['sw_board'] ? $inDB->rows_count('cms_board_items', "user_id='{$usr['id']}' AND published=1") : 0;
$usr['comments_count'] = $model->config['sw_comm'] ? $inDB->rows_count('cms_comments', "user_id='{$usr['id']}' AND published=1") : 0;
$usr['forum_count'] = $model->config['sw_forum'] ? $inDB->rows_count('cms_forum_posts', "user_id = '{$usr['id']}'") : 0;
$usr['files_count'] = $model->config['sw_files'] ? $inDB->rows_count('cms_user_files', "user_id = '{$usr['id']}'") : 0;
$cfg_reg = $inCore->loadComponentConfig('registration');
$usr['invites_count'] = $inUser->id && $myprofile && $cfg_reg['reg_type'] == 'invite' ? $model->getUserInvitesCount($inUser->id) : 0;
$usr['blog'] = $model->config['sw_blogs'] ? $inDB->get_fields('cms_blogs', "user_id = '{$usr['id']}' AND owner = 'user'", 'title, seolink') : false;
$usr['form_fields'] = array();
if (is_array($model->config['privforms'])) {
foreach ($model->config['privforms'] as $form_id) {
$usr['form_fields'] = array_merge($usr['form_fields'], cmsForm::getFieldsValues($form_id, $usr['formsdata']));
}
}
if ($usr['city']) {
cmsCore::loadModel('geo');
$geo = new cms_model_geo();
$city_parents = $geo->getCityParents($usr['city']);
if ($city_parents) {
$usr['country'] = $city_parents['country_name'];
}
}
$plugins = $model->getPluginsOutput($usr);
cmsPage::initTemplate('components', 'com_users_profile.tpl')->assign('usr', $usr)->assign('plugins', $plugins)->assign('cfg', $model->config)->assign('myprofile', $myprofile)->assign('cfg_forum', $inCore->loadComponentConfig('forum'))->assign('is_admin', $inUser->is_admin)->assign('is_auth', $inUser->id)->display('com_users_profile.tpl');
}
//============================================================================//
//============================= Список сообщений ============================//
//============================================================================//
if ($do == 'messages') {
if (!$model->config['sw_msg']) {
cmsCore::error404();
}
if (!$inUser->id || $inUser->id != $id && !$inUser->is_admin) {
cmsUser::goToLogin();
}
$usr = cmsUser::getShortUserData($id);
if (!$usr) {
cmsCore::error404();
}
$inPage->setTitle($_LANG['MY_MESS']);
$inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login']));
$inPage->addPathway($_LANG['MY_MESS'], '/users/' . $id . '/messages.html');
include 'components/users/messages.php';
}
//============================================================================//
//=========================== Отправка сообщения ============================//
//============================================================================//
if ($do == 'sendmessage') {
if (!$model->config['sw_msg']) {
cmsCore::halt();
}
if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
cmsCore::halt();
}
if (!$inUser->id || $inUser->id == $id && !cmsCore::inRequest('massmail') && !cmsCore::request('send_to_group', 'int', 0)) {
cmsCore::halt();
}
if (!cmsCore::inRequest('gosend')) {
$replyid = cmsCore::request('replyid', 'int', 0);
if ($replyid) {
$msg = $model->getReplyMessage($replyid, $inUser->id);
if (!$msg) {
cmsCore::halt();
}
}
$inPage->setRequestIsAjax();
cmsPage::initTemplate('components', 'com_users_messages_add')->assign('msg', isset($msg) ? $msg : array())->assign('is_reply_user', $replyid)->assign('id', $id)->assign('bbcodetoolbar', cmsPage::getBBCodeToolbar('message'))->assign('smilestoolbar', cmsPage::getSmilesPanel('message'))->assign('groups', $inUser->is_admin ? cmsUser::getGroups(true) : array())->assign('friends', cmsUser::getFriends($inUser->id))->assign('id_admin', $inUser->is_admin)->display('com_users_messages_add.tpl');
cmsCore::jsonOutput(array('error' => false, 'html' => ob_get_clean()));
}
if (cmsCore::inRequest('gosend')) {
// Кому отправляем
$usr = cmsUser::getShortUserData($id);
if (!$usr) {
cmsCore::halt();
}
$message = cmsCore::parseSmiles(cmsCore::request('message', 'html', ''), true);
if (mb_strlen($message) < 2) {
cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ERR_SEND_MESS']));
}
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
$output = cmsCore::callEvent('USER_SEND_MESSEDGE', array('text' => $message, 'to_id' => $id));
$message = $output['text'];
$id = $output['to_id'];
$send_to_group = cmsCore::request('send_to_group', 'int', 0);
$group_id = cmsCore::request('group_id', 'int', 0);
//
// Обычная отправка (1 получатель)
//
if (!cmsCore::inRequest('massmail') && !$send_to_group) {
//отправляем сообщение
$msg_id = cmsUser::sendMessage($inUser->id, $id, $message);
// отправляем уведомление на email если нужно
$model->sendNotificationByEmail($id, $inUser->id, $msg_id);
cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['SEND_MESS_OK']));
}
//
// далее идут массовые рассылки, доступные только админам
//
if (!$inUser->is_admin) {
cmsCore::halt();
}
// отправить всем: получаем список всех пользователей
if (cmsCore::inRequest('massmail')) {
$userlist = cmsUser::getAllUsers();
// проверяем что есть кому отправлять
if (!$userlist) {
cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ERR_SEND_MESS']));
}
$count = array();
// отправляем всем по списку
foreach ($userlist as $usr) {
$count[] = cmsUser::sendMessage(USER_MASSMAIL, $usr['id'], $message);
}
cmsCore::jsonOutput(array('error' => false, 'text' => sprintf($_LANG['SEND_MESS_ALL_OK'], sizeof($count))));
}
// отправить группе: получаем список членов группы
if ($send_to_group) {
$count = cmsUser::sendMessageToGroup(USER_MASSMAIL, $group_id, $message);
$success_msg = sprintf($_LANG['SEND_MESS_GROUP_OK'], $count, cmsUser::getGroupTitle($group_id));
cmsCore::jsonOutput(array('error' => false, 'text' => $success_msg));
}
}
}
//============================================================================//
//============================= Удаление сообщения ==========================//
//============================================================================//
if ($do == 'delmessage') {
if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
cmsCore::halt();
}
if (!$model->config['sw_msg']) {
cmsCore::halt();
}
if (!$inUser->id) {
cmsCore::halt();
}
$msg = $inDB->get_fields('cms_user_msg', "id='{$id}'", '*');
if (!$msg) {
cmsCore::halt();
}
$can_delete = $inUser->id == $msg['to_id'] || $inUser->id == $msg['from_id'] ? true : false;
if (!$can_delete && !$inUser->is_admin) {
cmsCore::halt();
}
// Сообщения с from_id < 0
if ($msg['from_id'] < 0) {
$inDB->query("DELETE FROM cms_user_msg WHERE id = '{$id}' LIMIT 1");
$info_text = $_LANG['MESS_NOTICE_DEL_OK'];
}
// мне сообщение от пользователя
if ($msg['to_id'] == $inUser->id && $msg['from_id'] > 0) {
$inDB->query("UPDATE cms_user_msg SET to_del=1 WHERE id='{$id}'");
$info_text = $_LANG['MESS_DEL_OK'];
}
// от меня сообщение
if ($msg['from_id'] == $inUser->id && !$msg['is_new']) {
$inDB->query("UPDATE cms_user_msg SET from_del=1 WHERE id='{$id}'");
$info_text = $_LANG['MESS_DEL_OK'];
}
// отзываем сообщение
if ($msg['from_id'] == $inUser->id && $msg['is_new']) {
$inDB->query("DELETE FROM cms_user_msg WHERE id = '{$id}' LIMIT 1");
$info_text = $_LANG['MESS_BACK_OK'];
}
// удаляем сообщения, которые удалены с двух сторон
$inDB->query("DELETE FROM cms_user_msg WHERE to_del=1 AND from_del=1");
cmsCore::jsonOutput(array('error' => false, 'text' => $info_text));
}
//============================================================================//
//=========================== Удаление сообщений ============================//
//============================================================================//
if ($do == 'delmessages') {
if (!$model->config['sw_msg']) {
cmsCore::error404();
}
if ($inUser->id != $id && !$inUser->is_admin) {
cmsCore::error404();
}
$usr = cmsUser::getShortUserData($id);
if (!$usr) {
cmsCore::error404();
}
$opt = cmsCore::request('opt', 'str', 'in');
if ($opt == 'notices') {
$inDB->query("DELETE FROM cms_user_msg WHERE to_id = '{$id}' AND from_id < 0");
} else {
$del_flag = $opt == 'in' ? 'to_del' : 'from_del';
$id_flag = $opt == 'in' ? 'to_id' : 'from_id';
$inDB->query("UPDATE cms_user_msg SET {$del_flag}=1 WHERE {$id_flag}='{$id}'");
$inDB->query("DELETE FROM cms_user_msg WHERE to_del=1 AND from_del=1");
}
cmsCore::addSessionMessage($_LANG['MESS_ALL_DEL_OK'], 'info');
cmsCore::redirectBack();
}
//============================================================================//
//============================= Загрузка аватара ============================//
//============================================================================//
if ($do == 'avatar') {
if (!$inUser->id || $inUser->id && $inUser->id != $id) {
cmsCore::error404();
}
$inPage->setTitle($_LANG['LOAD_AVATAR']);
$inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login));
$inPage->addPathway($_LANG['LOAD_AVATAR']);
if (cmsCore::inRequest('upload')) {
cmsCore::loadClass('upload_photo');
$inUploadPhoto = cmsUploadPhoto::getInstance();
// Выставляем конфигурационные параметры
$inUploadPhoto->upload_dir = PATH . '/images/';
$inUploadPhoto->dir_medium = 'users/avatars/';
$inUploadPhoto->dir_small = 'users/avatars/small/';
$inUploadPhoto->small_size_w = $model->config['smallw'];
$inUploadPhoto->medium_size_w = $model->config['medw'];
$inUploadPhoto->medium_size_h = $model->config['medh'];
$inUploadPhoto->is_watermark = false;
$inUploadPhoto->input_name = 'picture';
$file = $inUploadPhoto->uploadPhoto($inUser->orig_imageurl);
if (!$file) {
cmsCore::addSessionMessage('<strong>' . $_LANG['ERROR'] . ':</strong> ' . cmsCore::uploadError() . '!', 'error');
cmsCore::redirect('/users/' . $id . '/avatar.html');
}
$sql = "UPDATE cms_user_profiles SET imageurl = '{$file['filename']}' WHERE user_id = '{$id}' LIMIT 1";
$inDB->query($sql);
// очищаем предыдущую запись о смене аватара
cmsActions::removeObjectLog('add_avatar', $id);
// выводим сообщение в ленту
cmsActions::log('add_avatar', array('object' => '', 'object_url' => '', 'object_id' => $id, 'target' => '', 'target_url' => '', 'description' => '<a href="' . cmsUser::getProfileURL($inUser->login) . '" class="act_usr_ava">
<img border="0" src="/images/users/avatars/small/' . $file['filename'] . '">
</a>'));
cmsCore::redirect(cmsUser::getProfileURL($inUser->login));
} else {
cmsPage::initTemplate('components', 'com_users_avatar_upload')->assign('id', $id)->display('com_users_avatar_upload.tpl');
}
}
//============================================================================//
//============================= Библиотека аватаров =========================//
//============================================================================//
if ($do == 'select_avatar') {
if (!$inUser->id || $inUser->id && $inUser->id != $id) {
cmsCore::error404();
}
$avatars_dir = PATH . "/images/users/avatars/library";
$avatars_dir_rel = "/images/users/avatars/library";
$avatars_dir_handle = opendir($avatars_dir);
$avatars = array();
while ($nextfile = readdir($avatars_dir_handle)) {
if ($nextfile != '.' && $nextfile != '..' && (mb_strstr($nextfile, '.gif') || mb_strstr($nextfile, '.jpg') || mb_strstr($nextfile, '.jpeg') || mb_strstr($nextfile, '.png'))) {
$avatars[] = $nextfile;
}
}
closedir($avatars_dir_handle);
if (!cmsCore::inRequest('set_avatar')) {
$inPage->setTitle($_LANG['SELECT_AVATAR']);
$inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login));
$inPage->addPathway($_LANG['SELECT_AVATAR']);
$perpage = 20;
$total = sizeof($avatars);
$avatars = array_slice($avatars, ($page - 1) * $perpage, $perpage);
cmsPage::initTemplate('components', 'com_users_avatars')->assign('userid', $id)->assign('avatars', $avatars)->assign('avatars_dir', $avatars_dir_rel)->assign('page', $page)->assign('perpage', $perpage)->assign('pagebar', cmsPage::getPagebar($total, $page, $perpage, '/users/%user_id%/select-avatar-%page%.html', array('user_id' => $id)))->display('com_users_avatars.tpl');
} else {
$avatar_id = cmsCore::request('avatar_id', 'int', 0);
$file = $avatars[$avatar_id];
if (file_exists($avatars_dir . '/' . $file)) {
$uploaddir = PATH . '/images/users/avatars/';
$realfile = $file;
$filename = md5($realfile . '-' . $id . '-' . time()) . '.jpg';
$uploadfile = $avatars_dir . '/' . $realfile;
$uploadavatar = $uploaddir . $filename;
$uploadthumb = $uploaddir . 'small/' . $filename;
if ($inUser->orig_imageurl && $inUser->orig_imageurl != 'nopic.jpg') {
@unlink(PATH . '/images/users/avatars/' . $inUser->orig_imageurl);
@unlink(PATH . '/images/users/avatars/small/' . $inUser->orig_imageurl);
}
cmsCore::includeGraphics();
copy($uploadfile, $uploadavatar);
@img_resize($uploadfile, $uploadthumb, $model->config['smallw'], $model->config['smallw']);
$sql = "UPDATE cms_user_profiles SET imageurl = '{$filename}' WHERE user_id = '{$id}' LIMIT 1";
$inDB->query($sql);
// очищаем предыдущую запись о смене аватара
cmsActions::removeObjectLog('add_avatar', $id);
// выводим сообщение в ленту
cmsActions::log('add_avatar', array('object' => '', 'object_url' => '', 'object_id' => $id, 'target' => '', 'target_url' => '', 'description' => '<a href="' . cmsUser::getProfileURL($inUser->login) . '" class="act_usr_ava">
<img border="0" src="/images/users/avatars/small/' . $filename . '">
</a>'));
}
cmsCore::redirect(cmsUser::getProfileURL($inUser->login));
}
}
//============================================================================//
//======================== Работа с фотографиями ============================//
//============================================================================//
if ($do == 'photos') {
if (!$model->config['sw_photo']) {
cmsCore::error404();
}
$pdo = cmsCore::request('pdo', 'str', '');
include 'components/users/photos.php';
}
//============================================================================//
//============================= Друзья пользователя =========================//
//============================================================================//
if ($do == 'friendlist') {
if (!$inUser->id) {
cmsUser::goToLogin();
}
$usr = cmsUser::getShortUserData($id);
if (!$usr) {
cmsCore::error404();
}
$perpage = 10;
$inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login']));
$inPage->addPathway($_LANG['FRIENDS']);
$inPage->setTitle($_LANG['FRIENDS']);
// все друзья
$friends = cmsUser::getFriends($usr['id']);
// их общее количество
$total = count($friends);
// получаем только нужных на странице
$friends = array_slice($friends, ($page - 1) * $perpage, $perpage);
cmsPage::initTemplate('components', 'com_users_friends')->assign('friends', $friends)->assign('usr', $usr)->assign('myprofile', $id == $inUser->id)->assign('total', $total)->assign('pagebar', cmsPage::getPagebar($total, $page, $perpage, 'javascript:centerLink(\'/users/' . $id . '/friendlist%page%.html\')'))->display('com_users_friends.tpl');
}
//============================================================================//
//============================= Запрос на дружбу ============================//
//============================================================================//
if ($do == 'addfriend') {
if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
cmsCore::halt();
}
if (!$inUser->id || $inUser->id == $id) {
cmsCore::halt();
}
$usr = cmsUser::getShortUserData($id);
if (!$usr) {
cmsCore::halt();
}
cmsUser::clearSessionFriends();
if (cmsUser::isFriend($id)) {
cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['YOU_ARE_BE_FRIENDS']));
}
// проверяем был ли ранее запрос на дружбу
// если был, то делаем accept запросу
$is_need_accept_id = cmsUser::getFriendFieldId($id, 0, 'to_me');
if ($is_need_accept_id) {
$inDB->query("UPDATE cms_user_friends SET is_accepted = 1 WHERE id = '{$is_need_accept_id}'");
//регистрируем событие
cmsActions::log('add_friend', array('object' => $inUser->nickname, 'user_id' => $usr['id'], 'object_url' => cmsUser::getProfileURL($inUser->login), 'object_id' => $is_need_accept_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => ''));
cmsCore::callEvent('USER_ACCEPT_FRIEND', $id);
cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ADD_FRIEND_OK'] . $usr['nickname']));
}
// Если пользователь пытается добавиться в друзья к
// пользователю, к которому уже отправил запрос
if (cmsUser::getFriendFieldId($id, 0, 'from_me')) {
cmsCore::jsonOutput(array('error' => true, 'text' => $_LANG['ADD_TO_FRIEND_SEND_ERR']));
}
// Мы вообще не друзья с пользователем, создаем запрос
cmsUser::addFriend($id);
cmsUser::sendMessage(USER_UPDATER, $id, sprintf($_LANG['RECEIVED_F_O'], cmsUser::getProfileLink($inUser->login, $inUser->nickname), '<a class="ajaxlink" href="javascript:void(0)" onclick="users.acceptFriend(' . $inUser->id . ', this);return false;">' . $_LANG['ACCEPT'] . '</a>', '<a class="ajaxlink" href="javascript:void(0)" onclick="users.rejectFriend(' . $inUser->id . ', this);return false;">' . $_LANG['REJECT'] . '</a>'));
cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['ADD_TO_FRIEND_SEND']));
}
//============================================================================//
//============================= Прекращение дружбы ==========================//
//============================================================================//
if ($do == 'delfriend') {
if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
cmsCore::halt();
}
if (!$inUser->id || $inUser->id == $id) {
cmsCore::halt();
}
$usr = cmsUser::getShortUserData($id);
if (!$usr) {
cmsCore::error404();
}
if (cmsUser::getFriendFieldId($id)) {
$is_accepted_friend = cmsUser::isFriend($id);
if (cmsUser::deleteFriend($id)) {
// Если подтвержденный друг
if ($is_accepted_friend) {
cmsCore::jsonOutput(array('error' => false, 'text' => $usr['nickname'] . $_LANG['DEL_FRIEND']));
} else {
cmsCore::jsonOutput(array('error' => false, 'text' => $_LANG['REJECT_FRIEND'] . $usr['nickname']));
}
} else {
cmsCore::halt();
}
} else {
cmsCore::halt();
}
}
//============================================================================//
//============================= История кармы ===============================//
//============================================================================//
if ($do == 'karma') {
$usr = cmsUser::getShortUserData($id);
if (!$usr) {
cmsCore::error404();
}
$inPage->setTitle($_LANG['KARMA_HISTORY']);
$inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login']));
$inPage->addPathway($_LANG['KARMA_HISTORY']);
cmsPage::initTemplate('components', 'com_users_karma')->assign('karma', $model->getUserKarma($usr['id']))->assign('usr', $usr)->display('com_users_karma.tpl');
}
//============================================================================//
//============================= Изменение кармы =============================//
//============================================================================//
if ($do == 'votekarma') {
if ($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
cmsCore::halt();
}
if (!$inUser->id) {
cmsCore::halt();
}
$points = cmsCore::request('sign', 'str', 'plus') == 'plus' ? 1 : -1;
$to = cmsCore::request('to', 'int', 0);
$user = cmsUser::getShortUserData($to);
if (!$user) {
cmsCore::halt();
}
if (!$model->isUserCanChangeKarma($to)) {
cmsCore::halt();
}
cmsCore::halt(cmsUser::changeKarmaUser($to, $points));
}
//============================================================================//
//======================= Наградить пользователя ============================//
//============================================================================//
if ($do == 'giveaward') {
if (!$inUser->is_admin) {
cmsCore::error404();
}
$usr = cmsUser::getShortUserData($id);
if (!$usr) {
cmsCore::error404();
}
$inPage->setTitle($_LANG['AWARD_USER']);
$inPage->addPathway($usr['nickname'], cmsUser::getProfileURL($usr['login']));
$inPage->addPathway($_LANG['AWARD']);
if (!cmsCore::inRequest('gosend')) {
cmsPage::initTemplate('components', 'com_users_awards_give')->assign('usr', $usr)->assign('awardslist', cmsUser::getAwardsImages())->display('com_users_awards_give.tpl');
} else {
$award['title'] = cmsCore::request('title', 'str', $_LANG['AWRD']);
$award['description'] = cmsCore::request('description', 'str', '');
$award['imageurl'] = cmsCore::request('imageurl', 'str', '');
$award['from_id'] = $inUser->id;
$award['id'] = 0;
cmsUser::giveAward($award, $id);
cmsCore::redirect(cmsUser::getProfileURL($usr['login']));
}
}
//============================================================================//
//============================= Удаление награды ============================//
//============================================================================//
if ($do == 'delaward') {
$aw = $inDB->get_fields('cms_user_awards', "id = '{$id}'", '*');
if (!$aw) {
cmsCore::error404();
}
if (!$inUser->id || $inUser->id != $aw['user_id'] && !$inUser->is_admin) {
cmsCore::error404();
}
$inDB->delete('cms_user_awards', "id = '{$id}'", 1);
cmsActions::removeObjectLog('add_award', $id);
cmsCore::redirectBack();
}
//============================================================================//
//============================= Награды на сайте ============================//
//============================================================================//
if ($do == 'awardslist') {
$inPage->setTitle($_LANG['SITE_AWARDS']);
$inPage->addPathway($_LANG['SITE_AWARDS']);
$awards = cmsUser::getAutoAwards();
if (!$awards) {
cmsCore::error404();
}
foreach ($awards as $aw) {
//Перебираем все награды и ищем пользователей с текущей наградой
$sql = "SELECT u.id as id, u.nickname as nickname, u.login as login, IFNULL(p.gender, 'm') as gender\r\n FROM cms_user_awards aw\r\n LEFT JOIN cms_users u ON u.id = aw.user_id\r\n LEFT JOIN cms_user_profiles p ON p.user_id = u.id\r\n WHERE aw.award_id = '{$aw['id']}'";
$rs = $inDB->query($sql);
$aw['uhtml'] = '';
if ($inDB->num_rows($rs)) {
while ($user = $inDB->fetch_assoc($rs)) {
$aw['uhtml'] .= cmsUser::getGenderLink($user['id'], $user['nickname'], $user['gender'], $user['login']) . ', ';
}
$aw['uhtml'] = rtrim($aw['uhtml'], ', ');
} else {
$aw['uhtml'] = $_LANG['NOT_USERS_WITH_THIS_AWARD'];
}
$aws[] = $aw;
}
cmsPage::initTemplate('components', 'com_users_awards_site')->assign('aws', $aws)->display('com_users_awards_site.tpl');
}
//============================================================================//
//============================= Удаление профиля ============================//
//============================================================================//
if ($do == 'delprofile') {
// неавторизованным тут делать нечего
if (!$inUser->id) {
cmsCore::error404();
}
// есть ли удаляемый профиль
$data = cmsUser::getShortUserData($id);
if (!$data) {
cmsCore::error404();
}
// владелец профиля или админ
if ($inUser->is_admin) {
// могут ли администраторы удалять профиль
if (!cmsUser::isAdminCan('admin/users', cmsUser::getAdminAccess())) {
cmsCore::error404();
}
// администратор сам себя не удалит
if ($inUser->id == $data['id']) {
cmsCore::error404();
}
} else {
// удаляем только свой профиль
if ($inUser->id != $data['id']) {
cmsCore::error404();
}
}
if (isset($_POST['csrf_token'])) {
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
$model->deleteUser($id);
if (!$inUser->is_admin) {
session_destroy();
cmsCore::redirect('/logout');
} else {
cmsCore::addSessionMessage($_LANG['DELETING_PROFILE_OK'], 'info');
cmsCore::redirect('/users');
}
} else {
$inPage->setTitle($_LANG['DELETING_PROFILE']);
$inPage->addPathway($data['nickname'], $inUser->getProfileURL($data['login']));
$inPage->addPathway($_LANG['DELETING_PROFILE']);
$confirm['title'] = $_LANG['DELETING_PROFILE'];
$confirm['text'] = '<p>' . $_LANG['REALLY_DEL_PROFILE'] . '</p>';
$confirm['action'] = '/users/' . $id . '/delprofile.html';
$confirm['yes_button'] = array();
$confirm['yes_button']['type'] = 'submit';
cmsPage::initTemplate('components', 'action_confirm.tpl')->assign('confirm', $confirm)->display('action_confirm.tpl');
}
}
//============================================================================//
//============================ Восстановить профиль =========================//
//============================================================================//
if ($do == 'restoreprofile') {
if (!$inUser->is_admin) {
cmsCore::error404();
}
$usr = cmsUser::getShortUserData($id);
if (!$usr) {
cmsCore::error404();
}
$inDB->query("UPDATE cms_users SET is_deleted = 0 WHERE id = '{$id}'");
cmsCore::redirectBack();
}
//============================================================================//
//============================= Файлы пользователей =========================//
//============================================================================//
if ($do == 'files') {
if (!$model->config['sw_files']) {
cmsCore::error404();
}
$fdo = cmsCore::request('fdo', 'str', '');
include 'components/users/files.php';
}
//============================================================================//
//================================ Инвайты =================================//
//============================================================================//
if ($do == 'invites') {
$reg_cfg = $inCore->loadComponentConfig('registration');
if ($reg_cfg['reg_type'] != 'invite') {
cmsCore::error404();
}
$invites_count = $model->getUserInvitesCount($inUser->id);
if (!$invites_count) {
cmsCore::error404();
}
if (!cmsCore::inRequest('send_invite')) {
$inPage->addPathway($inUser->nickname, cmsUser::getProfileURL($inUser->login));
$inPage->addPathway($_LANG['MY_INVITES']);
cmsPage::initTemplate('components', 'com_users_invites')->assign('invites_count', $invites_count)->display('com_users_invites.tpl');
return;
}
if (cmsCore::inRequest('send_invite')) {
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
$invite_email = cmsCore::request('invite_email', 'email', '');
if (!$invite_email) {
cmsCore::redirectBack();
}
if ($model->sendInvite($inUser->id, $invite_email)) {
cmsCore::addSessionMessage(sprintf($_LANG['INVITE_SENDED'], $invite_email), 'success');
} else {
cmsCore::addSessionMessage($_LANG['INVITE_ERROR'], 'error');
}
cmsCore::redirect(cmsUser::getProfileURL($inUser->login));
}
}
if ($do == 'change_email') {
if (!$inUser->id) {
cmsUser::goToLogin();
}
$email = cmsCore::request('email', 'email', '');
$token = cmsCore::request('token', 'str', '');
// не занят ли email
$is_email = $inDB->get_field('cms_users', "email='{$email}'", 'id');
if ($is_email || !$email || !$token) {
cmsCore::error404();
}
// проверяем токен
$valid_id = $inDB->get_field('cms_users_activate', "code='{$token}' AND user_id = '{$inUser->id}'", 'id');
if (!$valid_id) {
cmsCore::error404();
}
$inDB->delete('cms_users_activate', "id = '{$valid_id}'");
// Сохраняем новый email
$inDB->update('cms_users', array('email' => $email), $inUser->id);
cmsCore::addSessionMessage($_LANG['NEW_EMAIL_SAVED'], 'success');
cmsCore::redirect(cmsUser::getProfileURL($inUser->login));
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
}
function registration()
{
header('X-Frame-Options: DENY');
$inCore = cmsCore::getInstance();
$inPage = cmsPage::getInstance();
$inDB = cmsDatabase::getInstance();
$inUser = cmsUser::getInstance();
$inConf = cmsConfig::getInstance();
$model = new cms_model_registration();
cmsCore::loadModel('users');
$users_model = new cms_model_users();
global $_LANG;
$do = $inCore->do;
//============================================================================//
if ($do == 'sendremind') {
if ($inUser->id) {
cmsCore::error404();
}
$inPage->setTitle($_LANG['REMINDER_PASS']);
$inPage->addPathway($_LANG['REMINDER_PASS']);
if (!cmsCore::inRequest('goremind')) {
cmsPage::initTemplate('components', 'com_registration_sendremind')->display('com_registration_sendremind.tpl');
} else {
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
$email = cmsCore::request('email', 'email', '');
if (!$email) {
cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error');
cmsCore::redirectBack();
}
$usr = cmsUser::getShortUserData($email);
if (!$usr || $usr['is_locked'] || $usr['is_deleted']) {
cmsCore::addSessionMessage($_LANG['ADRESS'] . ' "' . $email . '" ' . $_LANG['NOT_IN_OUR_BASE'], 'error');
cmsCore::redirectBack();
}
if (cmsUser::userIsAdmin($usr['id'])) {
cmsCore::addSessionMessage($_LANG['NOT_ADMIN_SENDREMIND'], 'error');
cmsCore::redirectBack();
}
$usercode = md5($usr['id'] . '-' . uniqid() . '-' . microtime() . '-' . PATH);
$sql = "INSERT cms_users_activate (pubdate, user_id, code)\n VALUES (NOW(), '{$usr['id']}', '{$usercode}')";
$inDB->query($sql);
$newpass_link = HOST . '/registration/remind/' . $usercode;
$mail_message = $_LANG['HELLO'] . ', ' . $usr['nickname'] . '!' . "\n\n";
$mail_message .= $_LANG['REMINDER_TEXT'] . ' "' . $inConf->sitename . '".' . "\n\n";
$mail_message .= $_LANG['YOUR_LOGIN'] . ': ' . $usr['login'] . "\n\n";
$mail_message .= $_LANG['NEW_PASS_LINK'] . ":\n" . $newpass_link . "\n\n";
$mail_message .= $_LANG['LINK_EXPIRES'] . "\n\n";
$mail_message .= $_LANG['SIGNATURE'] . ', ' . $inConf->sitename . ' (' . HOST . ').' . "\n";
$mail_message .= date('d-m-Y (H:i)');
$inCore->mailText($email, $inConf->sitename . ' - ' . $_LANG['REMINDER_PASS'], $mail_message);
cmsCore::addSessionMessage($_LANG['NEW_PAS_SENDED'], 'info');
cmsCore::redirect('/login');
}
}
//============================================================================//
if ($do == 'remind') {
if ($inUser->id) {
cmsCore::error404();
}
$usercode = cmsCore::request('code', 'str', '');
//проверяем формат кода
if (!preg_match('/^[0-9a-f]{32}$/i', $usercode)) {
cmsCore::error404();
}
// проверяем код
$user_id = $inDB->get_field('cms_users_activate', "code = '{$usercode}'", 'user_id');
if (!$user_id) {
cmsCore::error404();
}
//получаем пользователя
$user = $inDB->get_fields('cms_users', "id = '{$user_id}'", '*');
if (!$user) {
cmsCore::error404();
}
if (cmsUser::userIsAdmin($user['id'])) {
cmsCore::error404();
}
if (cmsCore::inRequest('submit')) {
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
$errors = false;
$pass = cmsCore::request('pass', 'str', '');
$pass2 = cmsCore::request('pass2', 'str', '');
if (!$pass) {
cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error');
$errors = true;
}
if ($pass && !$pass2) {
cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error');
$errors = true;
}
if ($pass && $pass2 && mb_strlen($pass) < 6) {
cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error');
$errors = true;
}
if ($pass && $pass2 && $pass != $pass2) {
cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error');
$errors = true;
}
if ($errors) {
cmsCore::redirectBack();
}
$md5_pass = md5($pass);
$inDB->query("UPDATE cms_users SET password = '******', logdate = NOW() WHERE id = '{$user['id']}'");
$inDB->query("DELETE FROM cms_users_activate WHERE code = '{$usercode}'");
cmsCore::addSessionMessage($_LANG['CHANGE_PASS_COMPLETED'], 'info');
$inUser->signInUser($user['login'], $pass, true);
cmsCore::redirect(cmsUser::getProfileURL($user['login']));
}
$inPage->setTitle($_LANG['RECOVER_PASS']);
$inPage->addPathway($_LANG['RECOVER_PASS']);
cmsPage::initTemplate('components', 'com_registration_remind')->assign('cfg', $model->config)->assign('user', $user)->display('com_registration_remind.tpl');
}
//============================================================================//
if ($do == 'register') {
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
if ($inUser->id && !$inUser->is_admin) {
if ($inCore->menuId() == 1) {
return;
} else {
cmsCore::error404();
}
}
// регистрация закрыта
if (!$model->config['is_on']) {
cmsCore::error404();
}
// регистрация по инвайтам
if ($model->config['reg_type'] == 'invite') {
if (!$users_model->checkInvite(cmsUser::sessionGet('invite_code'))) {
cmsCore::error404();
}
}
$errors = false;
// получаем данные
$item['login'] = cmsCore::request('login', 'str', '');
$item['email'] = cmsCore::request('email', 'email');
$item['icq'] = cmsCore::request('icq', 'str', '');
$item['city'] = cmsCore::request('city', 'str', '');
$item['nickname'] = cmsCore::request('nickname', 'str', '');
$item['realname1'] = cmsCore::request('realname1', 'str', '');
$item['realname2'] = cmsCore::request('realname2', 'str', '');
$pass = cmsCore::request('pass', 'str', '');
$pass2 = cmsCore::request('pass2', 'str', '');
// проверяем логин
if (mb_strlen($item['login']) < 2 || mb_strlen($item['login']) > 15 || is_numeric($item['login']) || !preg_match("/^([a-z0-9])+\$/ui", $item['login'])) {
cmsCore::addSessionMessage($_LANG['ERR_LOGIN'], 'error');
$errors = true;
}
// проверяем пароль
if (!$pass) {
cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error');
$errors = true;
}
if ($pass && !$pass2) {
cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error');
$errors = true;
}
if ($pass && $pass2 && mb_strlen($pass) < 6) {
cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error');
$errors = true;
}
if ($pass && $pass2 && $pass != $pass2) {
cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error');
$errors = true;
}
// Проверяем nickname или имя и фамилию
if ($model->config['name_mode'] == 'nickname') {
if (!$item['nickname']) {
cmsCore::addSessionMessage($_LANG['TYPE_NICKNAME'], 'error');
$errors = true;
}
} else {
if (!$item['realname1']) {
cmsCore::addSessionMessage($_LANG['TYPE_NAME'], 'error');
$errors = true;
}
if (!$item['realname2']) {
cmsCore::addSessionMessage($_LANG['TYPE_SONAME'], 'error');
$errors = true;
}
$item['nickname'] = trim($item['realname1']) . ' ' . trim($item['realname2']);
}
if (mb_strlen($item['nickname']) < 2) {
cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error');
$errors = true;
}
if ($model->getBadNickname($item['nickname'])) {
cmsCore::addSessionMessage($_LANG['ERR_NICK_EXISTS'], 'error');
$errors = true;
}
// Проверяем email
if (!$item['email']) {
cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error');
$errors = true;
}
// День рождения
list($item['bday'], $item['bmonth'], $item['byear']) = array_values(cmsCore::request('birthdate', 'array_int', array()));
$item['birthdate'] = sprintf('%04d-%02d-%02d', $item['byear'], $item['bmonth'], $item['bday']);
// получаем данные конструктора форм
$item['formsdata'] = '';
if (isset($users_model->config['privforms'])) {
if (is_array($users_model->config['privforms'])) {
foreach ($users_model->config['privforms'] as $form_id) {
$form_input = cmsForm::getFieldsInputValues($form_id);
$item['formsdata'] .= $inDB->escape_string(cmsCore::arrayToYaml($form_input['values']));
// Проверяем значения формы
foreach ($form_input['errors'] as $field_error) {
if ($field_error) {
cmsCore::addSessionMessage($field_error, 'error');
$errors = true;
}
}
}
}
}
// Проверяем каптчу
if (!cmsPage::checkCaptchaCode()) {
cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error');
$errors = true;
}
// проверяем есть ли такой пользователь
$user_exist = $inDB->get_fields('cms_users', "(login LIKE '{$item['login']}' OR email LIKE '{$item['email']}') AND is_deleted = 0", 'id, login, email');
if ($user_exist) {
if ($user_exist['login'] == $item['login']) {
cmsCore::addSessionMessage($_LANG['LOGIN'] . ' "' . $item['login'] . '" ' . $_LANG['IS_BUSY'], 'error');
$errors = true;
} else {
cmsCore::addSessionMessage($_LANG['EMAIL_IS_BUSY'], 'error');
$errors = true;
}
}
// В случае ошибок, возвращаемся в форму
if ($errors) {
cmsUser::sessionPut('item', $item);
cmsCore::redirect('/registration');
}
//////////////////////////////////////////////
//////////// РЕГИСТРАЦИЯ /////////////////////
//////////////////////////////////////////////
$item['is_locked'] = $model->config['act'];
$item['password'] = md5($pass);
$item['orig_password'] = $pass;
$item['group_id'] = $model->config['default_gid'];
$item['regdate'] = date('Y-m-d H:i:s');
$item['logdate'] = date('Y-m-d H:i:s');
if (cmsUser::sessionGet('invite_code')) {
$invite_code = cmsUser::sessionGet('invite_code');
$item['invited_by'] = (int) $users_model->getInviteOwner($invite_code);
if ($item['invited_by']) {
$users_model->closeInvite($invite_code);
}
cmsUser::sessionDel('invite_code');
} else {
$item['invited_by'] = 0;
}
$item = cmsCore::callEvent('USER_BEFORE_REGISTER', $item);
$item['id'] = $item['user_id'] = $inDB->insert('cms_users', $item);
if (!$item['id']) {
cmsCore::error404();
}
$inDB->insert('cms_user_profiles', $item);
cmsCore::callEvent('USER_REGISTER', $item);
if ($item['is_locked']) {
$model->sendActivationNotice($pass, $item['id']);
cmsPage::includeTemplateFile('special/regactivate.php');
cmsCore::halt();
} else {
cmsActions::log('add_user', array('object' => '', 'user_id' => $item['id'], 'object_url' => '', 'object_id' => $item['id'], 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => ''));
if ($model->config['send_greetmsg']) {
$model->sendGreetsMessage($item['id']);
}
$model->sendRegistrationNotice($pass, $item['id']);
$back_url = $inUser->signInUser($item['login'], $pass, true);
cmsCore::redirect($back_url);
}
}
//============================================================================//
if ($do == 'view') {
$pagetitle = $inCore->getComponentTitle();
$inPage->setTitle($pagetitle);
$inPage->addPathway($pagetitle);
$inPage->addHeadJsLang(array('WRONG_PASS'));
// Если пользователь авторизован, то не показываем форму регистрации, редирект в профиль.
if ($inUser->id && !$inUser->is_admin) {
if ($inCore->menuId() == 1) {
return;
} else {
cmsCore::redirect(cmsUser::getProfileURL($inUser->login));
}
}
$correct_invite = cmsUser::sessionGet('invite_code') ? true : false;
if ($model->config['reg_type'] == 'invite' && cmsCore::inRequest('invite_code')) {
$invite_code = cmsCore::request('invite_code', 'str', '');
$correct_invite = $users_model->checkInvite($invite_code);
if ($correct_invite) {
cmsUser::sessionPut('invite_code', $invite_code);
} else {
cmsCore::addSessionMessage($_LANG['INCORRECT_INVITE'], 'error');
}
}
$item = cmsUser::sessionGet('item');
if ($item) {
cmsUser::sessionDel('item');
}
if (empty($item['birthdate'])) {
$item['birthdate'] = date('Y-m-d');
}
$private_forms = array();
if (isset($users_model->config['privforms'])) {
if (is_array($users_model->config['privforms'])) {
foreach ($users_model->config['privforms'] as $form_id) {
$private_forms = array_merge($private_forms, cmsForm::getFieldsHtml($form_id, array(), true));
}
}
}
cmsPage::initTemplate('components', 'com_registration')->assign('cfg', $model->config)->assign('item', $item)->assign('pagetitle', $pagetitle)->assign('correct_invite', $correct_invite)->assign('private_forms', $private_forms)->display('com_registration.tpl');
}
//============================================================================//
if ($do == 'activate') {
$code = cmsCore::request('code', 'str', '');
if (!$code) {
cmsCore::error404();
}
$user_id = $inDB->get_field('cms_users_activate', "code = '{$code}'", 'user_id');
if (!$user_id) {
cmsCore::error404();
}
$inDB->query("UPDATE cms_users SET is_locked = 0 WHERE id = '{$user_id}'");
$inDB->query("DELETE FROM cms_users_activate WHERE code = '{$code}'");
cmsCore::callEvent('USER_ACTIVATED', $user_id);
if ($model->config['send_greetmsg']) {
$model->sendGreetsMessage($user_id);
}
// Регистрируем событие
cmsActions::log('add_user', array('object' => '', 'user_id' => $user_id, 'object_url' => '', 'object_id' => $user_id, 'target' => '', 'target_url' => '', 'target_id' => 0, 'description' => ''));
cmsCore::addSessionMessage($_LANG['ACTIVATION_COMPLETE'], 'info');
cmsUser::goToLogin();
}
//============================================================================//
if ($do == 'auth') {
//====================//
//== разлогивание ==//
if (cmsCore::inRequest('logout')) {
$inUser->logout();
cmsCore::redirect('/');
}
//====================//
//== авторизация ==//
if (!cmsCore::inRequest('logout')) {
// флаг неуспешных авторизаций
$anti_brute_force = cmsUser::sessionGet('anti_brute_force');
$login = cmsCore::request('login', 'str', '');
$passw = cmsCore::request('pass', 'str', '');
$remember_pass = cmsCore::inRequest('remember');
// если нет логина или пароля, показываем форму входа
if (!$login || !$passw) {
if ($inUser->id && !$inUser->is_admin) {
cmsCore::redirect('/');
}
$inPage->setTitle($_LANG['SITE_LOGIN']);
$inPage->addPathway($_LANG['SITE_LOGIN']);
cmsPage::initTemplate('components', 'com_registration_login')->assign('cfg', $model->config)->assign('anti_brute_force', $anti_brute_force)->assign('is_sess_back', cmsUser::sessionGet('auth_back_url'))->display('com_registration_login.tpl');
if (!mb_strstr(cmsCore::getBackURL(), 'login')) {
cmsUser::sessionPut('auth_back_url', cmsCore::getBackURL());
}
return;
}
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
// Проверяем каптчу
if ($anti_brute_force && !cmsPage::checkCaptchaCode()) {
cmsCore::addSessionMessage($_LANG['ERR_CAPTCHA'], 'error');
cmsCore::redirect('/login');
}
cmsUser::sessionDel('anti_brute_force');
$back_url = $inUser->signInUser($login, $passw, $remember_pass);
cmsCore::redirect($back_url);
}
}
//============================================================================//
if ($do == 'autherror') {
cmsUser::sessionPut('anti_brute_force', 1);
cmsPage::includeTemplateFile('special/autherror.php');
cmsCore::halt();
}
//============================================================================//
}
$inCore->loadModel('users');
$model = new cms_model_users();
$inv_count = $cfg['inv_count'];
$inv_karma = $cfg['inv_karma'];
if ($inv_count) {
$invites_given = $model->giveInvites($inv_count, $inv_karma);
if ($invites_given) {
cmsUser::sessionPut('reg_msg', 'Выдано инвайтов: ' . $invites_given);
} else {
cmsUser::sessionPut('reg_msg', 'Инвайты не выданы: нет подходящих пользователей');
}
}
}
if ($inCore->request('inv_delete', 'int', 0)) {
$inCore->loadModel('users');
$model = new cms_model_users();
$model->deleteInvites();
cmsUser::sessionPut('reg_msg', 'Неиспользованные инвайты удалены');
}
$inCore->redirectBack();
}
$msg = cmsUser::sessionGet('reg_msg');
if ($msg) {
echo '<p class="success">' . $msg . '</p>';
cmsUser::sessionDel('reg_msg');
}
?>
<form action="index.php?view=components&do=config&id=<?php
echo $_REQUEST['id'];
?>
" method="post" name="optform" target="_self" id="optform">
function applet_users() {
$inCore = cmsCore::getInstance();
cmsCore::loadClass('actions');
cmsCore::loadModel('users');
$model = new cms_model_users();
// подключаем язык компонента регистрации
cmsCore::loadLanguage('components/registration');
global $_LANG;
global $adminAccess;
if (!cmsUser::isAdminCan('admin/users', $adminAccess)) { cpAccessDenied(); }
cmsCore::c('page')->setTitle($_LANG['AD_USERS']);
cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users');
$do = cmsCore::request('do', 'str', 'list');
$id = cmsCore::request('id', 'int', 0);
if ($do == 'list') {
$toolmenu = array(
array( 'icon' => 'useradd.gif', 'title' => $_LANG['AD_USER_ADD'], 'link' => '?view=users&do=add' ),
array( 'icon' => 'useredit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=users&do=edit&multiple=1');" ),
array( 'icon' => 'userdelete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:if(confirm('". $_LANG['AD_IF_USERS_SELECT_REMOVE'] ."')) { checkSel('?view=users&do=delete&multiple=1'); }" ),
array( 'icon' => 'usergroup.gif', 'title' => $_LANG['AD_USERS_GROUP'], 'link' => '?view=usergroups' ),
array( 'icon' => 'userbanlist.gif', 'title' => $_LANG['AD_BANLIST'], 'link' => '?view=userbanlist' ),
array( 'icon' => 'user_go.png', 'title' => $_LANG['AD_USERS_SELECT_ACTIVATE'], 'link' => "javascript:if(confirm('". $_LANG['AD_IF_USERS_SELECT_ACTIVATE'] ."')) { checkSel('?view=users&do=activate&multiple=1'); }" ),
array( 'icon' => 'help.gif', 'title' => $_LANG['AD_HELP'], 'link' => '?view=help&topic=users' )
);
cpToolMenu($toolmenu);
$fields = array(
array( 'title' => 'id', 'field' => 'id', 'width' => '40' ),
array( 'title' => $_LANG['LOGIN'], 'field' => 'login', 'width' => '100', 'link' => '?view=users&do=edit&id=%id%', 'filter' => 12 ),
array( 'title' => $_LANG['NICKNAME'], 'field' => 'nickname', 'width' => '', 'link' => '?view=users&do=edit&id=%id%', 'filter' => 12 ),
array( 'title' => $_LANG['AD_RATING'], 'field' => array( 'rating', 'id' ), 'width' => '70', 'prc' => 'setRating' ),
array( 'title' => $_LANG['AD_GROUP'], 'field' => 'group_id', 'width' => '110', 'prc' => 'cpGroupById', 'filter' => 1, 'filterlist' => cpGetList('cms_user_groups') ),
array( 'title' => $_LANG['EMAIL'], 'field' => 'email', 'width' => '120' ),
array( 'title' => $_LANG['AD_REGISTRATION_DATE'], 'field' => 'regdate', 'width' => '100' ),
array( 'title' => $_LANG['AD_LAST_LOGIN'], 'field' => 'logdate', 'width' => '100' ),
array( 'title' => $_LANG['AD_LAST_IP'], 'field' => 'last_ip', 'width' => '90', 'prc' => 'getIpLink' ),
array( 'title' => $_LANG['AD_IS_LOCKED'], 'field' => 'is_locked', 'width' => '110', 'prc' => 'viewAct' ),
array( 'title' => $_LANG['AD_IS_DELETED'], 'field' => 'is_deleted', 'width' => '80', 'prc' => 'viewDel' )
);
$actions = array(
array( 'title' => $_LANG['AD_PROFILE'], 'icon' => 'profile.gif', 'link' => '/users/%login%' ),
array( 'title' => $_LANG['AD_BANNED'], 'icon' => 'ban.gif', 'link' => '?view=userbanlist&do=add&to=%id%' ),
array( 'title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_IS_USER_DELETE'], 'link' => '?view=users&do=delete&id=%id%' ),
array( 'title' => $_LANG['AD_FOREVER_USER_DELETE'], 'icon' => 'off.gif', 'confirm' => $_LANG['AD_IF_FOREVER_USER_DELETE'], 'link' => '?view=users&do=delete_full&id=%id%' )
);
cpListTable('cms_users', $fields, $actions, '1=1', 'regdate DESC');
}
if ($do == 'rerating') {
$user_id = cmsCore::request('user_id', 'int');
if (!$user_id) { cmsCore::redirectBack(); }
$rating = cmsUser::getRating($user_id);
$user_sql = "UPDATE cms_users
SET rating = ". $rating ."
WHERE id = '". $user_id ."'";
cmsCore::c('db')->query($user_sql);
cmsCore::redirectBack();
}
if ($do == 'activate') {
$user_ids = cmsCore::request('item', 'array_int');
if (!$user_ids) { cmsCore::redirectBack(); }
foreach ($user_ids as $user_id) {
$code = cmsCore::c('db')->get_field('cms_users_activate', "user_id = '". $user_id ."'", 'code');
$sql = "UPDATE cms_users SET is_locked = 0 WHERE id = '". $user_id ."'";
cmsCore::c('db')->query($sql);
$sql = "DELETE FROM cms_users_activate WHERE code = '". $code ."'";
cmsCore::c('db')->query($sql);
cmsCore::callEvent('USER_ACTIVATED', $user_id);
// Регистрируем событие
cmsActions::log(
'add_user',
array(
'object' => '',
'user_id' => $user_id,
'object_url' => '',
'object_id' => $user_id,
'target' => '',
'target_url' => '',
'target_id' => 0,
'description' => ''
)
);
}
cmsCore::redirectBack();
}
if ($do == 'delete') {
if (!cmsCore::inRequest('item')) {
if ($id >= 0) {
$model->deleteUser($id);
}
} else {
$model->deleteUsers(cmsCore::request('item', 'array_int', array()));
}
cmsCore::redirectBack();
}
if ($do == 'delete_full') {
$model->deleteUser($id, true);
cmsCore::redirectBack();
}
if ($do == 'submit' || $do == 'update') {
if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); }
$types = array(
'login' => array( 'login', 'str', '' ),
'nickname' => array( 'nickname', 'str', '', 'htmlspecialchars' ),
'email' => array( 'email', 'email', '' ),
'group_id' => array( 'group_id', 'int', 1 ),
'is_locked' => array( 'is_locked', 'int', 0 ),
'password' => array( 'pass', 'str', '', 'stripslashes' ),
'pass2' => array( 'pass2', 'str', '', 'stripslashes' )
);
$items = cmsCore::getArrayFromRequest($types);
$errors = false;
// проверяем логин
if (mb_strlen($items['login']) < 2 ||
mb_strlen($items['login']) > 15 ||
is_numeric($items['login']) ||
!preg_match("/^([a-zA-Z0-9])+$/ui", $items['login'])) {
cmsCore::addSessionMessage($_LANG['ERR_LOGIN'], 'error');
$errors = true;
}
// проверяем пароль
if ($do == 'submit') {
if (!$items['password']) {
cmsCore::addSessionMessage($_LANG['TYPE_PASS'], 'error');
$errors = true;
}
}
if ($items['password'] && !$items['pass2']) {
cmsCore::addSessionMessage($_LANG['TYPE_PASS_TWICE'], 'error');
$errors = true;
}
if ($items['password'] && $items['pass2'] && mb_strlen($items['password']) < 6) {
cmsCore::addSessionMessage($_LANG['PASS_SHORT'], 'error');
$errors = true;
}
if ($items['password'] && $items['pass2'] && $items['password'] != $items['pass2']) {
cmsCore::addSessionMessage($_LANG['WRONG_PASS'], 'error');
$errors = true;
}
// никнейм
if (mb_strlen($items['nickname']) < 2) {
cmsCore::addSessionMessage($_LANG['SHORT_NICKNAME'], 'error');
$errors = true;
}
// Проверяем email
if (!$items['email']) {
cmsCore::addSessionMessage($_LANG['ERR_EMAIL'], 'error');
$errors = true;
}
// проверяем есть ли такой пользователь
if ($do == 'submit') {
$user_exist = cmsCore::c('db')->get_fields('cms_users', "(login LIKE '". $items['login'] ."' OR email LIKE '". $items['email'] ."') AND is_deleted = 0", 'login');
if ($user_exist) {
if ($user_exist['login'] == $items['login']) {
cmsCore::addSessionMessage($_LANG['LOGIN'] .' "'. $items['login'] .'" '. $_LANG['IS_BUSY'], 'error');
$errors = true;
} else {
cmsCore::addSessionMessage($_LANG['EMAIL_IS_BUSY'], 'error');
$errors = true;
}
}
}
if ($errors) {
if ($do == 'submit') {
cmsUser::sessionPut('items', $items);
}
cmsCore::redirectBack();
}
if ($do == 'submit') {
$items['regdate'] = date('Y-m-d H:i:s');
$items['logdate'] = date('Y-m-d H:i:s');
$items['password'] = md5($items['password']);
$items['user_id'] = cmsCore::c('db')->insert('cms_users', $items);
if (!$items['user_id']) { cmsCore::error404(); }
cmsCore::c('db')->insert('cms_user_profiles', $items);
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
cmsCore::redirect('?view=users');
} else {
// главного админа может редактировать только он сам
if ($id == 1 && cmsCore::c('user')->id != $id) {
cmsCore::error404();
}
if ($id == 1) {
unset($items['group_id']);
unset($items['is_locked']);
}
if (!$items['password']) {
unset($items['password']);
} else {
$items['password'] = md5($items['password']);
}
cmsCore::c('db')->update('cms_users', $items, $id);
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
if (empty($_SESSION['editlist'])) {
cmsCore::redirect('index.php?view=users');
} else {
cmsCore::redirect('index.php?view=users&do=edit');
}
}
}
if ($do == 'edit' || $do == 'add') {
$toolmenu = array(
array( 'icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();' ),
array( 'icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);' )
);
cpToolMenu($toolmenu);
if ($do == 'edit') {
if (cmsCore::inRequest('multiple')){
if (cmsCore::inRequest('item')){
$_SESSION['editlist'] = cmsCore::request('item', 'array_int', array());
} else {
cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error');
cmsCore::redirectBack();
}
}
$ostatok = '';
if (isset($_SESSION['editlist'])) {
$item_id = array_shift($_SESSION['editlist']);
if (count($_SESSION['editlist']) == 0) {
unset($_SESSION['editlist']);
} else {
$ostatok = '('. $_LANG['AD_NEXT_IN'] . count($_SESSION['editlist']) .')';
}
} else {
$item_id = cmsCore::request('id', 'int', 0);
}
$mod = cmsCore::c('db')->get_fields('cms_users', "id = '". $item_id ."'", '*');
if (!$mod) { cmsCore::error404(); }
echo '<h3>'. $_LANG['AD_USER_EDIT'] .' '. $ostatok .'</h3>';
cpAddPathway($mod['nickname']);
} else {
$mod = cmsUser::sessionGet('items');
if ($mod) { cmsUser::sessionDel('items'); }
cpAddPathway($_LANG['AD_USER_ADD']);
}
cmsCore::c('page')->addHeadJS('components/registration/js/check.js');
?>
<form action="index.php?view=users" method="post" enctype="multipart/form-data" name="addform" id="addform">
<input type="hidden" name="csrf_token" value="<?php echo cmsUser::getCsrfToken(); ?>" />
<div style="width:500px;">
<div class="form-group">
<label><?php echo $_LANG['LOGIN']; ?>:</label>
<input type="text" id="logininput" class="form-control" name="login" value="<?php echo cmsCore::getArrVal($mod, 'login', ''); ?>" onchange="checkLogin()" />
<?php if ($do == 'edit') { echo '<div class="help-block" style="text-align:right;"><a target="_blank" href="/users/'. $mod['login'] .'" title="'. $_LANG['AD_USER_PROFILE'] .'">'. $_LANG['AD_USER_PROFILE'] .'</a></div>'; } ?>
</div>
<div class="form-group">
<label><?php echo $_LANG['NICKNAME']; ?>:</label>
<input type="text" id="login" class="form-control" name="nickname" value="<?php echo htmlspecialchars(cmsCore::getArrVal($mod, 'nickname', '')); ?>" />
</div>
<div class="form-group">
<label><?php echo $_LANG['EMAIL']; ?>:</label>
<input type="text" id="nickname" class="form-control" name="email" value="<?php echo cmsCore::getArrVal($mod, 'email', ''); ?>" />
</div>
<div class="form-group">
<label><?php if ($do == 'edit') { echo $_LANG['AD_NEW_PASS']; } else { echo $_LANG['PASS']; } ?></label>
<input type="password" id="pass" class="form-control" name="pass" />
</div>
<div class="form-group">
<label><?php echo $_LANG['REPEAT_PASS']; ?>:</label>
<input type="password" id="pass2" class="form-control" name="pass2" />
</div>
<div class="form-group">
<label><?php echo $_LANG['AD_GROUP']; ?>:</label>
<select id="group_id" class="form-control" name="group_id">
<?php
echo $inCore->getListItems('cms_user_groups', cmsCore::getArrVal($mod, 'group_id', 0));
?>
</select>
<?php if ($do == 'edit') { echo '<div class="help-block" style="text-align:right;"><a target="_blank" href="?view=usergroups&do=edit&id='. $mod['group_id'] .'">'. $_LANG['EDIT'] .'</a></div>'; } ?>
</div>
<div class="form-group">
<label><?php echo $_LANG['AD_IF_ACCAUNT_LOCK']; ?></label>
<div class="btn-group" data-toggle="buttons" style="float:right;">
<label class="btn btn-default <?php if ($mod['is_locked']) { echo 'active'; } ?>">
<input type="radio" name="is_locked" <?php if ($mod['is_locked']) { echo 'checked="checked"'; } ?> value="1" /> <?php echo $_LANG['YES']; ?>
</label>
<label class="btn btn-default <?php if (!$mod['is_locked']) { echo 'active'; } ?>">
<input type="radio" name="is_locked" <?php if (!$mod['is_locked']) { echo 'checked="checked"'; } ?> value="0" /> <?php echo $_LANG['NO']; ?>
</label>
</div>
</div>
</div>
<div>
<?php if ($do == 'edit') { ?>
<input type="hidden" name="do" value="update" />
<input type="submit" class="btn btn-primary" name="add_mod" value="<?php echo $_LANG['SAVE']; ?>" />
<?php } else { ?>
<input type="hidden" name="do" value="submit" />
<input type="submit" class="btn btn-primary" name="add_mod" value="<?php echo $_LANG['AD_USER_ADD']; ?>" />
<?php } ?>
<input type="button" class="btn btn-default" name="back2" value="<?php echo $_LANG['CANCEL']; ?>" onclick="window.history.back();" />
<?php
if ($do == 'edit') {
echo '<input type="hidden" name="id" value="'. $mod['id'] .'" />';
}
?>
</div>
</form>
<?php
}
}
function applet_usergroups()
{
$inDB = cmsDatabase::getInstance();
global $_LANG;
global $adminAccess;
if (!cmsUser::isAdminCan('admin/users', $adminAccess)) {
cpAccessDenied();
}
$GLOBALS['cp_page_title'] = $_LANG['AD_USERS_GROUP'];
cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users');
cpAddPathway($_LANG['AD_USERS_GROUP'], 'index.php?view=usergroups');
$do = cmsCore::request('do', 'str', 'list');
$id = cmsCore::request('id', 'int', -1);
cmsCore::loadModel('users');
$model = new cms_model_users();
if ($do == 'list') {
$toolmenu[] = array('icon' => 'usergroupadd.gif', 'title' => $_LANG['AD_CREATE_GROUP'], 'link' => '?view=usergroups&do=add');
$toolmenu[] = array('icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=usergroups&do=edit&multiple=1');");
$toolmenu[] = array('icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:if(confirm('{$_LANG['AD_REMOVE_GROUP']}')) { checkSel('?view=users&do=delete&multiple=1'); }");
cpToolMenu($toolmenu);
$fields[] = array('title' => 'id', 'field' => 'id', 'width' => '30');
$fields[] = array('title' => $_LANG['TITLE'], 'field' => 'title', 'width' => '', 'link' => '?view=usergroups&do=edit&id=%id%', 'filter' => '12');
$fields[] = array('title' => $_LANG['AD_FROM_USERS'], 'field' => 'id', 'width' => '100', 'prc' => 'getCountUsers');
$fields[] = array('title' => $_LANG['AD_IF_ADMIN'], 'field' => 'is_admin', 'width' => '110', 'prc' => 'cpYesNo');
$fields[] = array('title' => $_LANG['AD_ALIAS'], 'field' => 'alias', 'width' => '75', 'filter' => '12');
$actions[] = array('title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=usergroups&do=edit&id=%id%');
$actions[] = array('title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_REMOVE_GROUP'], 'link' => '?view=usergroups&do=delete&id=%id%');
cpListTable('cms_user_groups', $fields, $actions);
}
if ($do == 'delete') {
if (!isset($_REQUEST['item'])) {
if ($id >= 0) {
$model->deleteGroup($id);
}
} else {
$model->deleteGroups(cmsCore::request('item', 'array_int', array()));
}
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
cmsCore::redirect('index.php?view=usergroups');
}
if ($do == 'submit' || $do == 'update') {
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
$types = array('title' => array('title', 'str', ''), 'alias' => array('alias', 'str', ''), 'is_admin' => array('is_admin', 'int', 0), 'access' => array('access', 'array_str', array(), create_function('$a_list', 'return implode(\',\', $a_list);')));
$items = cmsCore::getArrayFromRequest($types);
if ($do == 'submit') {
$inDB->insert('cms_user_groups', $items);
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
cmsCore::redirect('index.php?view=usergroups');
} else {
$inDB->update('cms_user_groups', $items, $id);
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
if (empty($_SESSION['editlist'])) {
cmsCore::redirect('index.php?view=usergroups');
} else {
cmsCore::redirect('index.php?view=usergroups&do=edit');
}
}
}
if ($do == 'add' || $do == 'edit') {
$toolmenu[] = array('icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();');
$toolmenu[] = array('icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);');
cpToolMenu($toolmenu);
if ($do == 'add') {
cpAddPathway($_LANG['AD_CREATE_GROUP']);
} else {
if (isset($_REQUEST['multiple'])) {
if (isset($_REQUEST['item'])) {
$_SESSION['editlist'] = cmsCore::request('item', 'array_int', array());
} else {
cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error');
cmsCore::redirectBack();
}
}
$ostatok = '';
if (isset($_SESSION['editlist'])) {
$item_id = array_shift($_SESSION['editlist']);
if (sizeof($_SESSION['editlist']) == 0) {
unset($_SESSION['editlist']);
} else {
$ostatok = '(' . $_LANG['AD_NEXT_IN'] . sizeof($_SESSION['editlist']) . ')';
}
} else {
$item_id = cmsCore::request('id', 'int', 0);
}
$mod = $inDB->get_fields('cms_user_groups', "id = '{$item_id}'", '*');
if (!$mod) {
cmsCore::error404();
}
echo '<h3>' . $_LANG['AD_EDIT_GROUP'] . ' ' . $ostatok . '</h3>';
cpAddPathway($_LANG['AD_EDIT_GROUP'] . ' ' . $mod['title']);
}
if (isset($mod['access'])) {
$mod['access'] = str_replace(', ', ',', $mod['access']);
$mod['access'] = explode(',', $mod['access']);
}
?>
<form id="addform" name="addform" method="post" action="index.php?view=usergroups">
<input type="hidden" name="csrf_token" value="<?php
echo cmsUser::getCsrfToken();
?>
" />
<table width="660" border="0" cellspacing="5" class="proptable">
<tr>
<td width="198" valign="top"><div><strong><?php
echo $_LANG['AD_GROUP_NAME'];
?>
: </strong></div><span class="hinttext"><?php
echo $_LANG['AD_VIEW_SITE'];
?>
</span></td>
<td width="475" valign="top"><input name="title" type="text" id="title" size="30" value="<?php
echo htmlspecialchars($mod['title']);
?>
"/></td>
</tr>
<tr>
<td valign="top"><div><strong><?php
echo $_LANG['AD_ALIAS'];
?>
:</strong></div><?php
if ($do == 'edit') {
?>
<span class="hinttext"><?php
echo $_LANG['AD_DONT_CHANGE'];
?>
</span><?php
}
?>
</td>
<td valign="top"><input name="alias" type="text" id="title3" <?php
if (@$mod['alias'] == 'guest') {
?>
readonly="readonly"<?php
}
?>
size="30" value="<?php
echo @$mod['alias'];
?>
"/></td>
</tr>
<tr>
<td><strong><?php
echo $_LANG['AD_IF_ADMIN'];
?>
</strong></td>
<td>
<label><input name="is_admin" type="radio" value="1" <?php
if (@$mod['is_admin']) {
echo 'checked="checked"';
}
?>
onclick="$('#accesstable').hide();$('#admin_accesstable').show();"/> <?php
echo $_LANG['YES'];
?>
</label>
<label><input name="is_admin" type="radio" value="0" <?php
if (@(!$mod['is_admin'])) {
echo 'checked="checked"';
}
?>
onclick="$('#accesstable').show();$('#admin_accesstable').hide();"/> <?php
echo $_LANG['NO'];
?>
</label>
</td>
</tr>
</table>
<!--------------------------------------------------------------------------------------------------------------------------------------------->
<table width="660" border="0" cellspacing="5" class="proptable" id="admin_accesstable" style="<?php
if (@(!$mod['is_admin'])) {
echo 'display:none;';
}
?>
">
<tr>
<td width="191" valign="top">
<div><strong><?php
echo $_LANG['AD_AVAILABLE_SECTIONS'];
?>
</strong></div>
<span class="hinttext"><?php
echo $_LANG['AD_ALL_SECTIONS'];
?>
</span>
</td>
<td width="475" valign="top">
<table width="100%" border="0" cellspacing="2" cellpadding="0">
<tr>
<td width="16"><input type="checkbox" name="access[]" id="admin_menu" value="admin/menu" <?php
if (isset($mod['access'])) {
if (in_array('admin/menu', $mod['access'])) {
echo 'checked="checked"';
}
}
?>
></td>
<td><label for="admin_menu"><?php
echo $_LANG['AD_MENU_CONTROL'];
?>
</label></td>
</tr>
<tr>
<td width="16"><input type="checkbox" name="access[]" id="admin_modules" value="admin/modules" <?php
if (isset($mod['access'])) {
if (in_array('admin/modules', $mod['access'])) {
echo 'checked="checked"';
}
}
?>
></td>
<td><label for="admin_modules"><?php
echo $_LANG['AD_MODULES_CONTROL'];
?>
</label></td>
</tr>
<tr>
<td width="16"><input type="checkbox" name="access[]" id="admin_content" value="admin/content" <?php
if (isset($mod['access'])) {
if (in_array('admin/content', $mod['access'])) {
echo 'checked="checked"';
}
}
?>
></td>
<td><label for="admin_content"><?php
echo $_LANG['AD_CONTENTS_CONTROL'];
?>
</label></td>
</tr>
<tr>
<td width="16"><input type="checkbox" name="access[]" id="admin_plugins" value="admin/plugins" <?php
if (isset($mod['access'])) {
if (in_array('admin/filters', $mod['access'])) {
echo 'checked="checked"';
}
}
?>
></td>
<td><label for="admin_plugins"><?php
echo $_LANG['AD_PLUGINS_CONTROL'];
?>
</label></td>
</tr>
<tr>
<td width="16"><input type="checkbox" name="access[]" id="admin_filters" value="admin/filters" <?php
if (isset($mod['access'])) {
if (in_array('admin/filters', $mod['access'])) {
echo 'checked="checked"';
}
}
?>
></td>
<td><label for="admin_filters"><?php
echo $_LANG['AD_FILTERS_CONTROL'];
?>
</label></td>
</tr>
<tr>
<td width="16"><input type="checkbox" name="access[]" id="admin_components" value="admin/components" <?php
if (isset($mod['access'])) {
if (in_array('admin/components', $mod['access'])) {
echo 'checked="checked"';
}
}
?>
></td>
<td><label for="admin_components"><?php
echo $_LANG['AD_COMPONENTS_CONTROL'];
?>
</label></td>
</tr>
<tr>
<td width="16"><input type="checkbox" name="access[]" id="admin_users" value="admin/users" <?php
if (isset($mod['access'])) {
if (in_array('admin/users', $mod['access'])) {
echo 'checked="checked"';
}
}
?>
></td>
<td><label for="admin_users"><?php
echo $_LANG['AD_USERS_CONTROL'];
?>
</label></td>
</tr>
<tr>
<td width="16"><input type="checkbox" name="access[]" id="admin_config" value="admin/config" <?php
if (isset($mod['access'])) {
if (in_array('admin/config', $mod['access'])) {
echo 'checked="checked"';
}
}
?>
></td>
<td><label for="admin_config"><?php
echo $_LANG['AD_SETTINGS_CONTROL'];
?>
</label></td>
</tr>
</table>
</td>
</tr>
<tr>
<td valign="top">
<div><strong><?php
echo $_LANG['AD_COMPONENTS_SETTINGS_FREE'];
?>
</strong></div>
<span class="hinttext"><?php
echo $_LANG['AD_COMPONENTS_SETTINGS_ON'];
?>
</span>
</td>
<td valign="top">
<table width="100%" border="0" cellspacing="2" cellpadding="0">
<?php
$coms = cmsCore::getInstance()->getAllComponents();
foreach ($coms as $com) {
if (!file_exists(PATH . '/admin/components/' . $com['link'] . '/backend.php')) {
continue;
}
?>
<tr>
<td width="16"><input type="checkbox" name="access[]" id="admin_com_<?php
echo $com['link'];
?>
" value="admin/com_<?php
echo $com['link'];
?>
" <?php
if (isset($mod['access'])) {
if (in_array('admin/com_' . $com['link'], $mod['access'])) {
echo 'checked="checked"';
}
}
?>
/></td>
<td><label for="admin_com_<?php
echo $com['link'];
?>
"><?php
echo $com['title'];
?>
</label></td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
</table>
<!--------------------------------------------------------------------------------------------------------------------------------------------->
<table width="660" border="0" cellspacing="5" class="proptable" id="accesstable" style="<?php
if (@$mod['is_admin']) {
echo 'display:none;';
}
?>
">
<tr>
<td width="191" valign="top"><strong><?php
echo $_LANG['AD_GROUP_RULE'];
?>
</strong></td>
<td width="475" valign="top">
<table width="100%" border="0" cellspacing="2" cellpadding="0">
<?php
$sql = "SELECT * FROM cms_user_groups_access ORDER BY access_type";
$res = $inDB->query($sql);
while ($ga = $inDB->fetch_assoc($res)) {
if ($mod['alias'] == 'guest' && $ga['hide_for_guest']) {
continue;
}
?>
<tr>
<td width="16"><input type="checkbox" name="access[]" id="<?php
echo str_replace('/', '_', $ga['access_type']);
?>
" value="<?php
echo $ga['access_type'];
?>
" <?php
if (isset($mod['access'])) {
if (in_array($ga['access_type'], $mod['access'])) {
echo 'checked="checked"';
}
}
?>
></td>
<td><label for="<?php
echo str_replace('/', '_', $ga['access_type']);
?>
"><?php
echo $ga['access_name'];
?>
</label></td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
</table>
<!--------------------------------------------------------------------------------------------------------------------------------------------->
<p>
<input name="add_mod" type="submit" id="add_mod" <?php
if ($do == 'add') {
echo 'value="' . $_LANG['AD_CREATE_GROUP'] . '"';
} else {
echo 'value="' . $_LANG['SAVE'] . '"';
}
?>
/>
<span style="margin-top:15px"><input name="back" type="button" id="back" value="<?php
echo $_LANG['CANCEL'];
?>
" onclick="window.history.back();"/></span>
<input name="do" type="hidden" id="do" <?php
if ($do == 'add') {
echo 'value="submit"';
} else {
echo 'value="update"';
}
?>
/>
<?php
if ($do == 'edit') {
echo '<input name="id" type="hidden" value="' . $mod['id'] . '" />';
}
?>
</p>
</form>
<?php
}
}
function applet_usergroups() {
global $_LANG;
global $adminAccess;
if (!cmsUser::isAdminCan('admin/users', $adminAccess)) { cpAccessDenied(); }
cmsCore::c('page')->setTitle($_LANG['AD_USERS_GROUP']);
cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users');
cpAddPathway($_LANG['AD_USERS_GROUP'], 'index.php?view=usergroups');
$do = cmsCore::request('do', 'str', 'list');
$id = cmsCore::request('id', 'int', -1);
cmsCore::loadModel('users');
$model = new cms_model_users();
if ($do == 'list') {
$toolmenu = array(
array( 'icon' => 'usergroupadd.gif', 'title' => $_LANG['AD_CREATE_GROUP'], 'link' => '?view=usergroups&do=add' ),
array( 'icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=usergroups&do=edit&multiple=1');" ),
array( 'icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:if(confirm('". $_LANG['AD_REMOVE_GROUP'] ."')) { checkSel('?view=users&do=delete&multiple=1'); }" )
);
cpToolMenu($toolmenu);
$fields = array(
array( 'title' => 'id', 'field' => 'id', 'width' => '40' ),
array( 'title' => $_LANG['TITLE'], 'field' => 'title', 'width' => '', 'link' => '?view=usergroups&do=edit&id=%id%', 'filter' => '12' ),
array( 'title' => $_LANG['AD_FROM_USERS'], 'field' => 'id', 'width' => '110', 'prc' => 'getCountUsers' ),
array( 'title' => $_LANG['AD_IF_ADMIN'], 'field' => 'is_admin', 'width' => '120', 'prc' => 'cpYesNo' ),
array( 'title' => $_LANG['AD_ALIAS'], 'field' => 'alias', 'width' => '85', 'filter' => '12' )
);
$actions = array(
array( 'title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=usergroups&do=edit&id=%id%' ),
array( 'title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_REMOVE_GROUP'], 'link' => '?view=usergroups&do=delete&id=%id%' )
);
cpListTable('cms_user_groups', $fields, $actions);
}
if ($do == 'delete') {
if (!cmsCore::inRequest('item')){
if ($id >= 0){
$model->deleteGroup($id);
}
} else {
$model->deleteGroups(cmsCore::request('item', 'array_int', array()));
}
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
cmsCore::redirect('index.php?view=usergroups');
}
if ($do == 'submit' || $do == 'update') {
if (!cmsUser::checkCsrfToken()) { cmsCore::error404(); }
$types = array(
'title' => array( 'title', 'str', '' ),
'alias' => array( 'alias', 'str', '' ),
'is_admin' => array( 'is_admin', 'int', 0 ),
'access' => array( 'access', 'array_str', array(), create_function('$a_list', 'return implode(\',\', $a_list);') )
);
$items = cmsCore::getArrayFromRequest($types);
if ($do == 'submit') {
cmsCore::c('db')->insert('cms_user_groups', $items);
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
cmsCore::redirect('index.php?view=usergroups');
} else {
cmsCore::c('db')->update('cms_user_groups', $items, $id);
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
if (empty($_SESSION['editlist'])) {
cmsCore::redirect('index.php?view=usergroups');
} else {
cmsCore::redirect('index.php?view=usergroups&do=edit');
}
}
}
if ($do == 'add' || $do == 'edit') {
$toolmenu = array(
array( 'icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();' ),
array( 'icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);' )
);
cpToolMenu($toolmenu);
if ($do == 'add') {
cpAddPathway($_LANG['AD_CREATE_GROUP']);
$mod = array();
} else {
if(cmsCore::inRequest('multiple')){
if (cmsCore::inRequest('item')){
$_SESSION['editlist'] = cmsCore::request('item', 'array_int', array());
} else {
cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error');
cmsCore::redirectBack();
}
}
$ostatok = '';
if (isset($_SESSION['editlist'])) {
$item_id = array_shift($_SESSION['editlist']);
if (count($_SESSION['editlist']) == 0) {
unset($_SESSION['editlist']);
} else {
$ostatok = '('. $_LANG['AD_NEXT_IN'] . count($_SESSION['editlist']) .')';
}
} else {
$item_id = cmsCore::request('id', 'int', 0);
}
$mod = cmsCore::c('db')->get_fields('cms_user_groups', "id = '". $item_id ."'", '*');
if (!$mod){ cmsCore::error404(); }
echo '<h3>'. $_LANG['AD_EDIT_GROUP'] .' '. $ostatok .'</h3>';
cpAddPathway($_LANG['AD_EDIT_GROUP'] .' '. $mod['title']);
}
if (isset($mod['access'])) {
$mod['access'] = str_replace(', ', ',', $mod['access']);
$mod['access'] = explode(',', $mod['access']);
}
?>
<form id="addform" name="addform" method="post" action="index.php?view=usergroups">
<input type="hidden" name="csrf_token" value="<?php echo cmsUser::getCsrfToken(); ?>" />
<div style="width:650px;">
<div class="form-group">
<label><?php echo $_LANG['AD_GROUP_NAME'];?>:</label>
<input type="text" class="form-control" name="title" size="30" value="<?php echo htmlspecialchars(cmsCore::getArrVal($mod, 'title', '')); ?>" />
<div class="help-block"><?php echo $_LANG['AD_VIEW_SITE']; ?></div>
</div>
<div class="form-group">
<label><?php echo $_LANG['AD_ALIAS'];?>:</label>
<input type="text" class="form-control" name="alias" size="30" <?php if (cmsCore::getArrVal($mod, 'alias', '') == 'guest') { echo 'readonly="readonly"'; } ?> value="<?php echo cmsCore::getArrVal($mod, 'alias', ''); ?>" />
<?php if ($do == 'edit') { ?>
<div class="help-block"><?php echo $_LANG['AD_DONT_CHANGE']; ?></div>
<?php } ?>
</div>
<div class="form-group">
<label><?php echo $_LANG['AD_IF_ADMIN'];?>:</label>
<div class="btn-group" data-toggle="buttons" style="float:right;">
<label class="btn btn-default <?php if (cmsCore::getArrVal($mod, 'is_admin')) { echo 'active'; } ?>" onclick="$('#accesstable').hide();$('#admin_accesstable').show();">
<input type="radio" name="is_admin" <?php if (cmsCore::getArrVal($mod, 'is_admin')) { echo 'checked="checked"'; } ?> value="1" /> <?php echo $_LANG['YES']; ?>
</label>
<label class="btn btn-default <?php if (!cmsCore::getArrVal($mod, 'is_admin')) { echo 'active'; } ?>" onclick="$('#accesstable').show();$('#admin_accesstable').hide();">
<input type="radio" name="is_admin" <?php if (!cmsCore::getArrVal($mod, 'is_admin')) { echo 'checked="checked"'; } ?> value="0" /> <?php echo $_LANG['NO']; ?>
</label>
</div>
</div>
<hr>
<div id="admin_accesstable" <?php if (!cmsCore::getArrVal($mod, 'is_admin')) { echo 'style="display:none;"'; } ?>>
<div class="form-group">
<label><?php echo $_LANG['AD_AVAILABLE_SECTIONS']; ?></label>
<div style="margin-left:50px;">
<div class="checkbox">
<label>
<input type="checkbox" id="admin_menu" name="access[]" value="admin/menu" <?php if (isset($mod['access'])) { if (in_array('admin/menu', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_MENU_CONTROL']; ?>
</label>
</div>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_modules" name="access[]" value="admin/modules" <?php if (isset($mod['access'])) { if (in_array('admin/modules', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_MODULES_CONTROL']; ?>
</label>
</div>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_content" name="access[]" value="admin/content" <?php if (isset($mod['access'])) { if (in_array('admin/content', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_CONTENTS_CONTROL']; ?>
</label>
</div>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_plugins" name="access[]" value="admin/plugins" <?php if (isset($mod['access'])) { if (in_array('admin/filters', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_CONTENTS_CONTROL']; ?>
</label>
</div>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_filters" name="access[]" value="admin/filters" <?php if (isset($mod['access'])) { if (in_array('admin/filters', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_FILTERS_CONTROL']; ?>
</label>
</div>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_components" name="access[]" value="admin/components" <?php if (isset($mod['access'])) { if (in_array('admin/components', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_COMPONENTS_CONTROL']; ?>
</label>
</div>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_users" name="access[]" value="admin/users" <?php if (isset($mod['access'])) { if (in_array('admin/users', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_USERS_CONTROL']; ?>
</label>
</div>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_config" name="access[]" value="admin/config" <?php if (isset($mod['access'])) { if (in_array('admin/config', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_SETTINGS_CONTROL']; ?>
</label>
</div>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_config" name="access[]" value="admin/tickets" <?php if (isset($mod['access'])) { if (in_array('admin/tickets', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_TICKETS_CONTROL']; ?>
</label>
</div>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_config" name="access[]" value="admin/checksystem" <?php if (isset($mod['access'])) { if (in_array('admin/checksystem', $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $_LANG['AD_CHECKSYSTEM_CONTROL']; ?>
</label>
</div>
</div>
<div class="help-block"><?php echo $_LANG['AD_ALL_SECTIONS']; ?></div>
</div>
<div class="form-group">
<label><?php echo $_LANG['AD_COMPONENTS_SETTINGS_FREE']; ?></label>
<div style="margin-left:50px;">
<?php
$coms = cmsCore::getInstance()->getAllComponents();
foreach ($coms as $com) {
if (!file_exists(PATH.'/admin/components/'. $com['link'] .'/backend.php')) { continue; }
?>
<div class="checkbox">
<label>
<input type="checkbox" id="admin_com_<?php echo $com['link']; ?>" name="access[]" value="admin/com_<?php echo $com['link']; ?>" <?php if (isset($mod['access'])) { if (in_array('admin/com_'. $com['link'], $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $com['title']; ?>
</label>
</div>
<?php } ?>
</div>
<div class="help-block"><?php echo $_LANG['AD_COMPONENTS_SETTINGS_ON']; ?></div>
</div>
</div>
<div id="accesstable" <?php if (cmsCore::getArrVal($mod, 'is_admin')) { echo 'style="display:none;"'; } ?>>
<div class="form-group">
<label><?php echo $_LANG['AD_GROUP_RULE'];?></label>
<div style="margin-left:50px;">
<?php
$sql = "SELECT * FROM cms_user_groups_access ORDER BY access_type";
$res = cmsCore::c('db')->query($sql);
while ($ga = cmsCore::c('db')->fetch_assoc($res)) {
if ($mod['alias'] == 'guest' && $ga['hide_for_guest']) { continue; }
?>
<div class="checkbox">
<label>
<input type="checkbox" id="<?php echo str_replace('/', '_', $ga['access_type']); ?>" name="access[]" value="<?php echo $ga['access_type']; ?>" <?php if (isset($mod['access'])) { if (in_array($ga['access_type'], $mod['access'])) { echo 'checked="checked"'; } } ?> />
<?php echo $ga['access_name']; ?>
</label>
</div>
<?php } ?>
</div>
</div>
</div>
</div>
<div>
<input type="submit" class="btn btn-primary" name="add_mod" value="<?php if ($do == 'add') { echo $_LANG['AD_CREATE_GROUP']; } else { echo $_LANG['SAVE']; } ?>" />
<input type="button" class="btn btn-default" name="back" value="<?php echo $_LANG['CANCEL'];?>" onclick="window.history.back();"/>
<input type="hidden" name="do" value="<?php if ($do == 'add') { echo 'submit'; } else { echo 'update'; } ?>" />
<?php
if ($do == 'edit') {
echo '<input name="id" type="hidden" value="'. $mod['id'] .'" />';
}
?>
</div>
</form>
<?php
}
}
// LICENSED BY GNU/GPL v2 //
// //
/******************************************************************************/
Error_Reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
@set_time_limit(0);
define('PATH', $_SERVER['DOCUMENT_ROOT']);
define('VALID_CMS', 1);
header('Content-Type: text/html; charset=utf-8');
include_once PATH . '/core/cms.php';
$inCore = cmsCore::getInstance();
cmsCore::loadClass('user');
$inDB = cmsDatabase::getInstance();
$inConf = cmsConfig::getInstance();
$inUser = cmsUser::getInstance();
cmsCore::loadModel('users');
$model = new cms_model_users();
if (empty($_FILES['Filedata']['name'])) {
return false;
}
$sess_id = cmsCore::request('sess_id', 'str');
if (!$sess_id) {
header("HTTP/1.1 500 File Upload Error");
exit(0);
}
session_id($sess_id);
session_start();
$user_id = (int) $_SESSION['user']['id'];
if (!$user_id) {
header("HTTP/1.1 500 Internal Server Error");
exit(0);
}
function applet_usergroups()
{
global $_LANG;
global $adminAccess;
if (!cmsUser::isAdminCan('admin/users', $adminAccess)) {
cpAccessDenied();
}
cmsCore::c('page')->setTitle($_LANG['AD_USERS_GROUP']);
cpAddPathway($_LANG['AD_USERS'], 'index.php?view=users');
cpAddPathway($_LANG['AD_USERS_GROUP'], 'index.php?view=usergroups');
$do = cmsCore::request('do', 'str', 'list');
$id = cmsCore::request('id', 'int', -1);
cmsCore::loadModel('users');
$model = new cms_model_users();
if ($do == 'list') {
$toolmenu = array(array('icon' => 'usergroupadd.gif', 'title' => $_LANG['AD_CREATE_GROUP'], 'link' => '?view=usergroups&do=add'), array('icon' => 'edit.gif', 'title' => $_LANG['AD_EDIT_SELECTED'], 'link' => "javascript:checkSel('?view=usergroups&do=edit&multiple=1');"), array('icon' => 'delete.gif', 'title' => $_LANG['AD_DELETE_SELECTED'], 'link' => "javascript:if(confirm('" . $_LANG['AD_REMOVE_GROUP'] . "')) { checkSel('?view=users&do=delete&multiple=1'); }"));
cpToolMenu($toolmenu);
$fields = array(array('title' => 'id', 'field' => 'id', 'width' => '40'), array('title' => $_LANG['TITLE'], 'field' => 'title', 'width' => '', 'link' => '?view=usergroups&do=edit&id=%id%', 'filter' => '12'), array('title' => $_LANG['AD_FROM_USERS'], 'field' => 'id', 'width' => '110', 'prc' => 'getCountUsers'), array('title' => $_LANG['AD_IF_ADMIN'], 'field' => 'is_admin', 'width' => '120', 'prc' => 'cpYesNo'), array('title' => $_LANG['AD_ALIAS'], 'field' => 'alias', 'width' => '85', 'filter' => '12'));
$actions = array(array('title' => $_LANG['EDIT'], 'icon' => 'edit.gif', 'link' => '?view=usergroups&do=edit&id=%id%'), array('title' => $_LANG['DELETE'], 'icon' => 'delete.gif', 'confirm' => $_LANG['AD_REMOVE_GROUP'], 'link' => '?view=usergroups&do=delete&id=%id%'));
cpListTable('cms_user_groups', $fields, $actions);
}
if ($do == 'delete') {
if (!cmsCore::inRequest('item')) {
if ($id >= 0) {
$model->deleteGroup($id);
}
} else {
$model->deleteGroups(cmsCore::request('item', 'array_int', array()));
}
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
cmsCore::redirect('index.php?view=usergroups');
}
if ($do == 'submit' || $do == 'update') {
if (!cmsUser::checkCsrfToken()) {
cmsCore::error404();
}
$types = array('title' => array('title', 'str', ''), 'alias' => array('alias', 'str', ''), 'is_admin' => array('is_admin', 'int', 0), 'access' => array('access', 'array_str', array(), create_function('$a_list', 'return implode(\',\', $a_list);')));
$items = cmsCore::getArrayFromRequest($types);
if ($do == 'submit') {
cmsCore::c('db')->insert('cms_user_groups', $items);
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
cmsCore::redirect('index.php?view=usergroups');
} else {
cmsCore::c('db')->update('cms_user_groups', $items, $id);
cmsCore::addSessionMessage($_LANG['AD_DO_SUCCESS'], 'success');
if (empty($_SESSION['editlist'])) {
cmsCore::redirect('index.php?view=usergroups');
} else {
cmsCore::redirect('index.php?view=usergroups&do=edit');
}
}
}
if ($do == 'add' || $do == 'edit') {
$toolmenu = array(array('icon' => 'save.gif', 'title' => $_LANG['SAVE'], 'link' => 'javascript:document.addform.submit();'), array('icon' => 'cancel.gif', 'title' => $_LANG['CANCEL'], 'link' => 'javascript:history.go(-1);'));
cpToolMenu($toolmenu);
if ($do == 'add') {
cpAddPathway($_LANG['AD_CREATE_GROUP']);
$mod = array();
} else {
if (cmsCore::inRequest('multiple')) {
if (cmsCore::inRequest('item')) {
$_SESSION['editlist'] = cmsCore::request('item', 'array_int', array());
} else {
cmsCore::addSessionMessage($_LANG['AD_NO_SELECT_OBJECTS'], 'error');
cmsCore::redirectBack();
}
}
$ostatok = '';
if (isset($_SESSION['editlist'])) {
$item_id = array_shift($_SESSION['editlist']);
if (count($_SESSION['editlist']) == 0) {
unset($_SESSION['editlist']);
} else {
$ostatok = '(' . $_LANG['AD_NEXT_IN'] . count($_SESSION['editlist']) . ')';
}
} else {
$item_id = cmsCore::request('id', 'int', 0);
}
$mod = cmsCore::c('db')->get_fields('cms_user_groups', "id = '" . $item_id . "'", '*');
if (!$mod) {
cmsCore::error404();
}
echo '<h3>' . $_LANG['AD_EDIT_GROUP'] . ' ' . $ostatok . '</h3>';
cpAddPathway($_LANG['AD_EDIT_GROUP'] . ' ' . $mod['title']);
}
if (isset($mod['access'])) {
$mod['access'] = str_replace(', ', ',', $mod['access']);
$mod['access'] = explode(',', $mod['access']);
}
$gas = array();
$sql = "SELECT * FROM cms_user_groups_access ORDER BY access_type";
$res = cmsCore::c('db')->query($sql);
while ($ga = cmsCore::c('db')->fetch_assoc($res)) {
$gas[] = $ga;
}
cmsCore::c('page')->initTemplate('applets', 'usergroups_add')->assign('do', $do)->assign('coms', cmsCore::getInstance()->getAllComponents())->assign('gas', $gas)->assign('mod', $mod)->display();
}
}
