<?php
if ($ucnt > 0) {
?>
<input type="submit" value="<?php
echo WT_I18N::translate('continue');
?>
"> <?php
}
?>
</p>
</form><?php
break;
case 'cleanup2':
foreach (User::all() as $user) {
if (WT_Filter::post('del_' . $user->getUserId()) == '1') {
Log::addAuthenticationLog('Deleted user: '******'Deleted user: '******'<br>';
$user->delete();
}
}
break;
case 'listusers':
default:
echo '<table id="list">', '<thead>', '<tr>', '<th style="margin:0 -2px 1px 1px; padding:6px 0 5px;"> </th>', '<th> user-id </th>', '<th>', WT_I18N::translate('Username'), '</th>', '<th>', WT_I18N::translate('Real name'), '</th>', '<th>', WT_I18N::translate('Email'), '</th>', '<th> </th>', '<th>', WT_I18N::translate('Language'), '</th>', '<th> date_registered </th>', '<th>', WT_I18N::translate('Date registered'), '</th>', '<th> last_login </th>', '<th>', WT_I18N::translate('Last logged in'), '</th>', '<th>', WT_I18N::translate('Verified'), '</th>', '<th>', WT_I18N::translate('Approved'), '</th>', '<th style="margin:0 -2px 1px 1px; padding:3px 0 4px;"> </th>', '</tr>', '</thead>', '<tbody>', '</tbody>', '</table>';
$controller->addExternalJavascript(WT_JQUERY_DATATABLES_URL)->addExternalJavascript(WT_JQUERY_JEDITABLE_URL)->addInlineJavascript('
var oTable = jQuery("#list").dataTable({
dom: \'<"H"pf<"dt-clear">irl>t<"F"pl>\',
' . WT_I18N::datatablesI18N() . ',
processing: true,
serverSide: true,
ajax: "' . WT_SCRIPT_NAME . '?action=loadrows",
<?php
// Log out from the current session
//
// webtrees: Web based Family History software
// Copyright (C) 2014 webtrees development team.
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
use WT\Auth;
use WT\Log;
define('WT_SCRIPT_NAME', 'logout.php');
require './includes/session.php';
if (Auth::id()) {
Log::addAuthenticationLog('Logout: ' . Auth::user()->getUserName() . '/' . Auth::user()->getRealName());
Auth::logout();
}
header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH);
WT_DB::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)")->execute(array($user_name, $WT_REQUEST->getClientIp(), $webmaster->getUserId(), $mail1_subject, WT_Filter::unescapeHtml($mail1_body)));
}
$user->setSetting('verified', 1)->setSetting('reg_timestamp', date("U"))->setSetting('reg_hashcode', null);
if (!$REQUIRE_ADMIN_AUTH_REGISTRATION) {
set_user_setting($user_id, 'verified_by_admin', 1);
}
Log::addAuthenticationLog('User ' . $user_name . ' verified their email address');
echo '<br><br>' . WT_I18N::translate('You have confirmed your request to become a registered user.') . '<br><br>';
if ($REQUIRE_ADMIN_AUTH_REGISTRATION && !$user->getSetting('verified_by_admin')) {
echo WT_I18N::translate('The administrator has been informed. As soon as he gives you permission to login, you can login with your user name and password.');
} else {
echo WT_I18N::translate('You can now login with your user name and password.');
}
echo '<br><br>';
} else {
Log::addAuthenticationLog('User ' . $user_name . ' failed to verify their email address');
echo '<br><br>';
echo '<span class="warning">';
echo WT_I18N::translate('Data was not correct, please try again');
echo '</span><br><br>';
}
} else {
echo '<br><br>';
echo '<span class="warning">';
echo WT_I18N::translate('Could not verify the information you entered. Please try again or contact the site administrator for more information.');
echo '</span>';
}
echo '</div>';
echo '</div>';
break;
}
$record->deleteRecord();
} else {
header('HTTP/1.0 406 Not Acceptable');
}
break;
case 'delete-user':
$user = User::find(WT_Filter::postInteger('user_id'));
if ($user && Auth::isAdmin() && Auth::user() !== $user) {
Log::addAuthenticationLog('Deleted user: '******'masquerade':
$user = User::find(WT_Filter::postInteger('user_id'));
if ($user && Auth::isAdmin() && Auth::user() !== $user) {
Log::addAuthenticationLog('Masquerade as user: '******'HTTP/1.0 406 Not Acceptable');
}
break;
case 'unlink-media':
// Remove links from an individual and their spouse-family records to a media object.
// Used by the "unlink" option on the album (lightbox) tab.
require WT_ROOT . 'includes/functions/functions_edit.php';
$source = WT_Individual::getInstance(WT_Filter::post('source', WT_REGEX_XREF));
$target = WT_Filter::post('target', WT_REGEX_XREF);
if ($source && $source->canShow() && $source->canEdit() && $target) {
// Consider the individual and their spouse-family records
$sources = $source->getSpouseFamilies();
$sources[] = $source;
$form_email = WT_Filter::postEmail('form_email');
$form_rootid = WT_Filter::post('form_rootid', WT_REGEX_XREF);
$form_theme = WT_Filter::post('form_theme', implode('|', $ALL_THEME_DIRS));
$form_language = WT_Filter::post('form_language', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE);
$form_contact_method = WT_Filter::post('form_contact_method');
$form_visible_online = WT_Filter::postBool('form_visible_online');
// Respond to form action
if ($form_action == 'update' && WT_Filter::checkCsrf()) {
if ($form_username != Auth::user()->getUserName() && User::findByIdentifier($form_username)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'));
} elseif ($form_email != Auth::user()->getEmail() && User::findByIdentifier($form_email)) {
WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate email address. A user with that email already exists.'));
} else {
// Change username
if ($form_username != WT_USER_NAME) {
Log::addAuthenticationLog('User ' . Auth::user()->getUserName() . ' renamed to ' . $form_username);
Auth::user()->setUserName($form_username);
}
// Change password
if ($form_pass1 && $form_pass1 == $form_pass2) {
Auth::user()->setPassword($form_pass1);
}
// Change other settings
Auth::user()->setRealName($form_realname)->setEmail($form_email)->setSetting('theme', $form_theme)->setSetting('language', $form_language)->setSetting('contactmethod', $form_contact_method)->setSetting('visibleonline', $form_visible_online);
$WT_TREE->userPreference(WT_USER_ID, 'rootid', $form_rootid);
// Reload page to pick up changes such as theme and user_id
header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH . WT_SCRIPT_NAME);
exit;
}
}
$controller = new WT_Controller_Page();
/**
* If the Facebook username or email is associated with an account, login to it. Otherwise, register a new account.
*
* @param object $facebookUser Facebook user
* @param string $url (optional) URL to redirect to afterwards.
*/
private function login_or_register(&$facebookUser, $url = '')
{
$REQUIRE_ADMIN_AUTH_REGISTRATION = WT_Site::getPreference('REQUIRE_ADMIN_AUTH_REGISTRATION');
if ($this->getSetting('require_verified', 1) && empty($facebookUser->verified)) {
$this->error_page(WT_I18N::translate('Only verified Facebook accounts are authorized. Please verify your account on Facebook and then try again'));
}
if (empty($facebookUser->username)) {
$facebookUser->username = $facebookUser->id;
}
$user_id = $this->get_user_id_from_facebook_username($facebookUser->username);
if (!$user_id) {
if (!isset($facebookUser->email)) {
$this->error_page(WT_I18N::translate('You must grant access to your email address via Facebook in order to use this website. Please uninstall the application on Facebook and try again.'));
}
$user = User::findByIdentifier($facebookUser->email);
if ($user) {
$user_id = $user->getUserId();
}
}
if ($user_id) {
// This is an existing user so log them in if they are approved
$login_result = $this->login($user_id);
$message = '';
switch ($login_result) {
case -1:
// not validated
$message = WT_I18N::translate('This account has not been verified. Please check your email for a verification message.');
break;
case -2:
// not approved
$message = WT_I18N::translate('This account has not been approved. Please wait for an administrator to approve it.');
break;
default:
$user = User::find($user_id);
$user->setPreference(self::user_setting_facebook_username, $this->cleanseFacebookUsername($facebookUser->username));
// redirect to the homepage/$url
header('Location: ' . WT_SCRIPT_PATH . $url);
return;
}
$this->error_page($message);
} else {
// This is a new Facebook user who may or may not already have a manual account
if (!WT_Site::getPreference('USE_REGISTRATION_MODULE')) {
$this->error_page('<p>' . WT_I18N::translate('The administrator has disabled registrations.') . '</p>');
}
// check if the username is already in use
$username = $this->cleanseFacebookUsername($facebookUser->username);
$wt_username = substr($username, 0, 32);
// Truncate the username to 32 characters to match the DB.
if (User::findByIdentifier($wt_username)) {
// fallback to email as username since we checked above that a user with the email didn't exist.
$wt_username = $facebookUser->email;
$wt_username = substr($wt_username, 0, 32);
// Truncate the username to 32 characters to match the DB.
}
// Generate a random password since the user shouldn't need it and can always reset it.
$password = md5(uniqid(rand(), TRUE));
$hashcode = md5(uniqid(rand(), true));
$preApproved = unserialize($this->getSetting('preapproved'));
// From login.php:
Log::addAuthenticationLog('User registration requested for: ' . $wt_username);
if ($user = User::create($wt_username, $facebookUser->name, $facebookUser->email, $password)) {
$verifiedByAdmin = !$REQUIRE_ADMIN_AUTH_REGISTRATION || isset($preApproved[$username]);
$user->setPreference(self::user_setting_facebook_username, $this->cleanseFacebookUsername($facebookUser->username))->setPreference('language', WT_LOCALE)->setPreference('verified', '1')->setPreference('verified_by_admin', $verifiedByAdmin ? '1' : '0')->setPreference('reg_timestamp', date('U'))->setPreference('reg_hashcode', $hashcode)->setPreference('contactmethod', 'messaging2')->setPreference('visibleonline', '1')->setPreference('editaccount', '1')->setPreference('auto_accept', '0')->setPreference('canadmin', '0')->setPreference('sessiontime', $verifiedByAdmin ? WT_TIMESTAMP : '0')->setPreference('comment', @$facebookUser->birthday . "\n " . "https://www.facebook.com/" . $this->cleanseFacebookUsername($facebookUser->username));
// Apply pre-approval settings
if (isset($preApproved[$username])) {
$userSettings = $preApproved[$username];
foreach ($userSettings as $gedcom => $userGedcomSettings) {
foreach (array('gedcomid', 'rootid', 'canedit') as $userPref) {
if (empty($userGedcomSettings[$userPref])) {
continue;
}
// Use a direct DB query instead of $tree->setUserPreference since we
// can't get a reference to the WT_Tree since it checks permissions but
// we are trying to give the permissions.
WT_DB::prepare("REPLACE INTO `##user_gedcom_setting` (user_id, gedcom_id, setting_name, setting_value) VALUES (?, ?, ?, LEFT(?, 255))")->execute(array($user->getUserId(), $gedcom, $userPref, $userGedcomSettings[$userPref]));
}
}
// Remove the pre-approval record
unset($preApproved[$username]);
$this->setSetting('preapproved', serialize($preApproved));
}
// We need jQuery below
global $controller;
$controller = new WT_Controller_Page();
$controller->setPageTitle($this->getTitle())->pageHeader();
echo '<form id="verify-form" name="verify-form" method="post" action="', WT_LOGIN_URL, '" class="ui-autocomplete-loading" style="width:16px;height:16px;padding:0">';
echo $this->hidden_input("action", "verify_hash");
echo $this->hidden_input("user_name", $wt_username);
echo $this->hidden_input("user_password", $password);
echo $this->hidden_input("user_hashcode", $hashcode);
echo WT_Filter::getCsrf();
echo '</form>';
if ($verifiedByAdmin) {
$controller->addInlineJavaScript('
function verify_hash_success() {
// now the account is approved but not logged in. Now actually login for the user.
window.location = "' . $this->getConnectURL($url) . '";
}
function verify_hash_failure() {
alert("' . WT_I18N::translate("There was an error verifying your account. Contact the site administrator if you are unable to access the site.") . '");
window.location = "' . WT_SCRIPT_PATH . '";
}
$(document).ready(function() {
$.post("' . WT_LOGIN_URL . '", $("#verify-form").serialize(), verify_hash_success).fail(verify_hash_failure);
});
');
} else {
echo '<script>document.getElementById("verify-form").submit()</script>';
}
} else {
Log::addErrorLog("Facebook: Couldn't create the user account");
$this->error_page('<p>' . WT_I18N::translate('Unable to create your account. Please try again.') . '</p>' . '<div class="back"><a href="javascript:history.back()">' . WT_I18N::translate('Back') . '</a></div>');
}
}
}
if (preg_match('/(?!' . preg_quote(WT_SERVER_NAME, '/') . ')(((?:ftp|http|https):\\/\\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) {
$errors .= '<p class="ui-state-error">' . WT_I18N::translate('You are not allowed to send messages that contain external links.') . '</p>' . '<p class="ui-state-highlight">' . WT_I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]) . '</p>' . Log::addAuthenticationLog('Possible spam message from "' . $from_name . '"/"' . $from_email . '", subject="' . $subject . '", body="' . $body . '"');
$action = 'compose';
}
$from = $from_email;
}
// Ensure the user always visits this page twice - once to compose it and again to send it.
// This makes it harder for spammers.
switch ($action) {
case 'compose':
$WT_SESSION->good_to_send = true;
break;
case 'send':
// Only send messages if we've come straight from the compose page.
if (!$WT_SESSION->good_to_send) {
Log::addAuthenticationLog('Attempt to send message without visiting the compose page. Spam attack?');
$action = 'compose';
}
if (!WT_Filter::checkCsrf()) {
$action = 'compose';
}
unset($WT_SESSION->good_to_send);
break;
}
switch ($action) {
case 'compose':
$controller->pageHeader()->addInlineJavascript('
function checkForm(frm) {
if (frm.subject.value=="") {
alert("' . WT_I18N::translate('Please enter a message subject.') . '");
document.messageform.subject.focus();
public static function checkCsrf()
{
if (WT_Filter::post('csrf') !== WT_Filter::getCsrfToken()) {
// Oops. Something is not quite right
Log::addAuthenticationLog('CSRF mismatch - session expired or malicious attack');
WT_FlashMessages::addMessage(WT_I18N::translate('This form has expired. Try again.'));
return false;
}
return true;
}
