$search_operators[] = $_REQUEST['lastactive_op'] == 'gte' ? '>=' : '<'; } if (isset($_REQUEST['search_status']) && $_REQUEST['search_status'] != '' && $_REQUEST['search_status'] != 'any') { $search_fields[] = 'active'; if ($_REQUEST['search_status'] == 'pending') { $search_values[] = 0; $search_operators[] = '<'; } else { $search_values[] = (int) $_REQUEST['search_status']; $search_operators[] = '='; } } // Find a list of all matching user_ids. $all_user_ids = phorum_api_user_search($search_fields, $search_values, $search_operators, TRUE, 'AND'); // Find a list of matching user_ids to display on the current page. $user_ids = phorum_api_user_search($search_fields, $search_values, $search_operators, TRUE, 'AND', '+username', $search_start, $display); // Retrieve the user data for the users on the current page. $users = empty($user_ids) ? array() : phorum_api_user_get($user_ids, FALSE); $total = empty($all_user_ids) ? 0 : count($all_user_ids); if (count($users)) { $nav = ""; if ($_REQUEST["start"] > 0) { $old_start = $_REQUEST["start"] - $display; $input_args = array('module=users', 'start=' . $old_start); $input_args = array_merge($input_args, $url_safe_search_arr); $prev_url = phorum_admin_build_url($input_args); $nav .= "<a href=\"{$prev_url}\">Previous Page</a>"; } $nav .= " "; if ($_REQUEST["start"] + $display < $total) { $new_start = $_REQUEST["start"] + $display;
* argument. */ if (isset($PHORUM["hooks"]["pm_recipient_add"])) { list($action, $page, $error, $recipients) = phorum_api_hook("pm_recipient_add", array($action, $page, $error, $recipients)); } // Convert adding a recipient by name to adding by user id. if (isset($_POST["to_name"])) { $to_name = trim($_POST["to_name"]); if ($to_name != '') { if ($PHORUM["display_name_source"] == "username") { $check_fields = array("username", "real_name"); } else { $check_fields = array("real_name", "username"); } foreach ($check_fields as $field) { $to_user_ids = phorum_api_user_search($field, $to_name, '=', TRUE); if (!empty($to_user_ids)) { break; } } if (empty($to_user_ids)) { $error = $PHORUM["DATA"]["LANG"]["UserNotFound"]; } elseif (count($to_user_ids) > 1) { $error = $PHORUM["DATA"]["LANG"]["DupUserFound"]; } else { $_POST["to_id"] = array_shift($to_user_ids); unset($_POST["to_name"]); } } } // Add a recipient by id.
break; } // Check if the user already exists as an admin user. // If yes, then we can use that existing user. $user_id = phorum_api_user_authenticate(PHORUM_ADMIN_SESSION, $_POST["admin_user"], $_POST["admin_pass"]); if ($user_id) { $user = phorum_api_user_get($user_id); if (empty($user["admin"])) { phorum_admin_error("That user already exists but without admin " . "permissions. Please create a different user."); break; } } // Authenticating the user failed? Let's check if the user // already exists at all. if (!$user_id) { $user = phorum_api_user_search('username', $_POST['admin_user']); if ($user) { phorum_admin_error("That user already exists in the database."); break; } } // The user does not yet exist. Create it now. if (!$user_id) { // add the user $user = array("user_id" => NULL, "username" => $_POST["admin_user"], "password" => $_POST["admin_pass"], "email" => $_POST["admin_email"], "active" => 1, "admin" => 1); if (!phorum_api_user_save($user)) { phorum_admin_error("There was an error adding the user."); break; } } // set the default http_path so we can continue.
exit; } // figure out what the user is trying to do, in this case we have a group to list (and maybe some commands) if (!empty($group_id)) { // if adding a new user to the group if (isset($_REQUEST["adduser"])) { $userid = 0; // Find the user_id for the user to add. if (is_numeric($_REQUEST["adduser"])) { // fix implemented 11/16/08 $userid = (int) $_REQUEST["adduser"]; } else { // older templates may send username $name = trim($_REQUEST["adduser"]); if ($name != '') { $userids = phorum_api_user_search('username', $name, '=', TRUE); if (!empty($userids) && count($userids) == 1) { $userid = array_shift($userids); } } } if ($userid) { // load the users groups, add the new group, then save again $groups = phorum_api_user_check_group_access(PHORUM_USER_GROUP_SUSPENDED, PHORUM_ACCESS_LIST, $userid); // make sure the user isn't already a member of the group if (!isset($groups[$group_id])) { $groups[$group_id] = PHORUM_USER_GROUP_APPROVED; phorum_api_user_save_groups($userid, $groups); $PHORUM["DATA"]["OKMSG"] = $PHORUM["DATA"]["LANG"]["UserAddedToGroup"]; } } else {
phorum_api_hook('failed_login', array('username' => $_POST['username'], 'password' => $_POST['password'], 'location' => 'forum')); } } } // ---------------------------------------------------------------------------- // Handle password reminder requests // ---------------------------------------------------------------------------- if (!$hook_info['handled'] && isset($_POST['lostpass'])) { // Trim the email address. $_POST['lostpass'] = trim($_POST['lostpass']); $hook_args = NULL; // Did the user enter an email address? if ($_POST['lostpass'] == '') { $error = $PHORUM['DATA']['LANG']['ErrRequired']; $focus = 'lostpass'; } elseif ($uid = phorum_api_user_search('email', $_POST['lostpass'])) { // An existing user id was found for the entered email // address. Retrieve the user. $user = phorum_api_user_get($uid); // User registration not yet approved by a moderator. // Tell the user that we are awaiting approval. if ($user['active'] == PHORUM_USER_PENDING_MOD) { $template = 'message'; $okmsg = $PHORUM['DATA']['LANG']['RegVerifyMod']; $hook_args = array('status' => 'unapproved', 'email' => $_POST['lostpass'], 'user' => $user, 'secret' => NULL); } elseif ($user['active'] == PHORUM_USER_PENDING_EMAIL || $user['active'] == PHORUM_USER_PENDING_BOTH) { // Generate and store a new registration code. $regcode = substr(md5(microtime()), 0, 8); phorum_api_user_save(array('user_id' => $uid, 'password_temp' => $regcode)); // The URL that the user can visit to confirm the account. $verify_url = phorum_api_url(PHORUM_REGISTER_URL, 'approve=' . $regcode . $uid);
require_once PHORUM_PATH . '/include/api/mail.php'; require_once PHORUM_PATH . '/include/api/ban.php'; // email-verification if ($PHORUM['registration_control']) { //$PHORUM['DATA']['PROFILE']['email_temp']="email_address@bogus.com|bla"; if (!empty($PHORUM['DATA']['PROFILE']['email_temp'])) { list($PHORUM['DATA']['PROFILE']['email_temp_part'], $bogus) = explode("|", $PHORUM['DATA']['PROFILE']['email_temp']); } } $email_temp_part = ""; if (count($_POST)) { if (empty($_POST["email"])) { $error = $PHORUM["DATA"]["LANG"]["ErrRequired"]; } elseif (!phorum_api_mail_check_address($_POST["email"])) { $error = $PHORUM["DATA"]["LANG"]["ErrEmail"]; } elseif ($PHORUM['user']['email'] != $_POST["email"] && phorum_api_user_search("email", $_POST["email"])) { $error = $PHORUM["DATA"]["LANG"]["ErrEmailExists"]; } elseif (($banerr = phorum_api_ban_check($_POST["email"], PHORUM_BAD_EMAILS)) !== NULL) { $error = $banerr; } elseif (isset($PHORUM['DATA']['PROFILE']['email_temp_part']) && !empty($_POST['email_verify_code']) && $PHORUM['DATA']['PROFILE']['email_temp_part'] . "|" . $_POST['email_verify_code'] != $PHORUM['DATA']['PROFILE']['email_temp']) { $error = $PHORUM['DATA']['LANG']['ErrWrongMailcode']; } else { // flip this due to db vs. UI wording. $_POST["hide_email"] = isset($_POST["hide_email"]) ? 0 : 1; $_POST['moderation_email'] = isset($_POST['moderation_email']) && phorum_api_user_check_access(PHORUM_USER_ALLOW_MODERATE_MESSAGES, PHORUM_ACCESS_ANY) ? 1 : 0; // Remember this for the template. if (isset($PHORUM['DATA']['PROFILE']['email_temp_part'])) { $email_temp_part = $PHORUM['DATA']['PROFILE']['email_temp_part']; } // do we need to send a confirmation-mail? if (isset($PHORUM['DATA']['PROFILE']['email_temp_part']) && !empty($_POST['email_verify_code']) && $PHORUM['DATA']['PROFILE']['email_temp_part'] . "|" . $_POST['email_verify_code'] == $PHORUM['DATA']['PROFILE']['email_temp']) {
if (isset($_POST["preview"])) { $action = "preview"; } if (isset($_POST["rcpt_add"])) { $action = "rcpt_add"; } if (!is_null($del_rcpt)) { $action = "del_rcpt"; } // Adding a recipient. if ($action == "rcpt_add" || $action == "preview" || $action == "post") { // Convert adding a recipient by name to adding by user id. if (isset($_POST["to_name"])) { $to_name = trim($_POST["to_name"]); if ($to_name != '') { $to_user_ids = phorum_api_user_search('display_name', $to_name, '=', TRUE); if (empty($to_user_ids) || count($to_user_ids) > 1) { $error = $PHORUM["DATA"]["LANG"]["UserNotFound"]; } else { $_POST["to_id"] = array_shift($to_user_ids); unset($_POST["to_name"]); } } } // Add a recipient by id. if (isset($_POST["to_id"]) && is_numeric($_POST["to_id"])) { $user = phorum_api_user_get($_POST["to_id"]); if ($user && $user["active"] == PHORUM_USER_ACTIVE) { $recipients[$user["user_id"]] = $user; } else { $error = $PHORUM["DATA"]["LANG"]["UserNotFound"];
if (isset($_REQUEST["adduser"])) { // Find the user_id for the user to add. if (is_numeric($_REQUEST["adduser"])) { // fix implemented 11/16/08 $userid = (int) $_REQUEST["adduser"]; } else { // older templates may send username $name = trim($_REQUEST["adduser"]); if ($name != '') { if ($PHORUM["display_name_source"] == "username") { $check_fields = array("username", "real_name"); } else { $check_fields = array("real_name", "username"); } foreach ($check_fields as $field) { $userids = phorum_api_user_search($field, $name, '=', TRUE); if (!empty($userids)) { break; } } if (!empty($userids) && count($userids) == 1) { $userid = array_shift($userids); } } } if ($userid) { // load the users groups, add the new group, then save again $groups = phorum_api_user_check_group_access(PHORUM_USER_GROUP_SUSPENDED, PHORUM_ACCESS_LIST, $userid); // make sure the user isn't already a member of the group if (!isset($groups[$group_id])) { $groups[$group_id] = PHORUM_USER_GROUP_APPROVED;
// Set all our URLs. phorum_build_common_urls(); $template = "login"; $error = ""; $okmsg = ""; // Handle posted form data. if (count($_POST) > 0) { // The user wants to retrieve a new password. if (isset($_POST["lostpass"])) { // Trim the email address. $_POST["lostpass"] = trim($_POST["lostpass"]); $hook_args = NULL; // Did the user enter an email address? if (empty($_POST["lostpass"])) { $error = $PHORUM["DATA"]["LANG"]["LostPassError"]; } elseif ($uid = phorum_api_user_search("email", $_POST["lostpass"])) { // An existing user id was found for the entered email // address. Retrieve the user. $user = phorum_api_user_get($uid); $tmp_user = array(); // User registration not yet approved by a moderator. if ($user["active"] == PHORUM_USER_PENDING_MOD) { $template = "message"; $okmsg = $PHORUM["DATA"]["LANG"]["RegVerifyMod"]; $hook_args = array('status' => 'unapproved', 'email' => $_POST['lostpass'], 'user' => $user, 'secret' => NULL); // User registration still need email verification. } elseif ($user["active"] == PHORUM_USER_PENDING_EMAIL || $user["active"] == PHORUM_USER_PENDING_BOTH) { // Generate and store a new email confirmation code. $tmp_user["user_id"] = $uid; $tmp_user["password_temp"] = substr(md5(microtime()), 0, 8); phorum_api_user_save($tmp_user);
} else { if (isset($_POST["page"])) { $_GET["page"] = $_POST["page"]; } $page = isset($_GET["page"]) ? (int) $_GET["page"] : 1; } if ($page <= 0) { $page = 1; } if ($page > $totalpages) { $page = $totalpages; } $search_start = ($page - 1) * $pagelength; $db_sort = $sort == "display_name" ? $sort_dir . $sort : array($sort_dir . $sort, "display_name"); // Find a list of matching user_ids to display on the current page. $user_ids = phorum_api_user_search($search_fields, $search_values, $search_operators, TRUE, 'AND', $db_sort, $search_start, $pagelength); // Retrieve the user data for the users on the current page. $users = empty($user_ids) ? array() : phorum_api_user_get($user_ids, FALSE); if (count($users)) { // Create a page list for a drop down menu. $pagelist = array(); for ($p = 1; $p <= $totalpages; $p++) { $pagelist[$p] = $p; } $cols = 6; $input_args = array('module=users'); $input_args = array_merge($input_args, $url_safe_search_arr); $frm_url = phorum_admin_build_url($input_args); $sort_input_args = array('page=' . $page, 'pagelength=' . $pagelength); $sort_input_args = array_merge($sort_input_args, $input_args); $display_name_sort_dir = $sort == "display_name" ? $reverse_sort_dir : "";
function testUserApiDelete() { $user_id = phorum_api_user_search('username', 'testuser' . $this->sharedFixture, '='); $ret = phorum_api_user_delete($this->user_id_used); $this->assertTrue($ret, 'User delete.'); $ret = phorum_api_user_get($this->user_id_used); $this->assertNull($ret, 'Checking for deleted user.'); }
// You should have received a copy of the Phorum License // // along with this program. // //////////////////////////////////////////////////////////////////////////////// if (!defined("PHORUM")) { return; } // For phorum_valid_email() include_once "./include/email_functions.php"; $error = false; // Post and reply checks for unregistered users. if (!$PHORUM["DATA"]["LOGGEDIN"] && ($mode == 'post' || $mode == 'reply')) { if (empty($message["author"])) { $error = $PHORUM["DATA"]["LANG"]["ErrAuthor"]; } elseif ((!defined('PHORUM_ENFORCE_UNREGISTERED_NAMES') || defined('PHORUM_ENFORCE_UNREGISTERED_NAMES') && PHORUM_ENFORCE_UNREGISTERED_NAMES == true) && phorum_api_user_search(array("username", "display_name"), array($message["author"], $message["author"]), array("=", "="), FALSE, "OR")) { $error = $PHORUM["DATA"]["LANG"]["ErrRegisterdName"]; } elseif (!empty($message["email"]) && phorum_api_user_search("email", $message["email"])) { $error = $PHORUM["DATA"]["LANG"]["ErrRegisterdEmail"]; } } /* * [hook] * check_post * * [description] * This hook can be used for modifying the message data and for running * additional checks on the data. If an error is put in * <literal>$error</literal>, Phorum will stop posting the message and show * the error to the user in the post-form.<sbr/> * <sbr/> * Beware that <literal>$error</literal> can already contain an error on * input, in case multiple modules are run for this hook. Therefore you
} // Check additional data - name, surname, clubid ... if (!isset($_POST["name"]) || empty($_POST["name"]) || !isset($_POST["surname"]) || empty($_POST["surname"])) { $error = $PHORUM["DATA"]["LANG"]["ErrRealname"]; } if (!isset($_POST["clubid"]) || empty($_POST["clubid"])) { $error = $PHORUM["DATA"]["LANG"]["ErrClubId"]; } if (!is_numeric($_POST["clubid"]) || intval($_POST["clubid"]) <= 0) { $error = $PHORUM["DATA"]["LANG"]["ErrClubIdInvalid"]; } // Check if the username and email address don't already exist. if (phorum_api_user_search("username", $_POST["username"])) { $error = $PHORUM["DATA"]["LANG"]["ErrRegisterdName"]; } if (phorum_api_user_search("email", $_POST["email"])) { $error = $PHORUM["DATA"]["LANG"]["ErrRegisterdEmail"]; } // Check banlists. if (empty($error)) { $error = phorum_check_bans(array(array($_POST["username"], PHORUM_BAD_NAMES), array($_POST["email"], PHORUM_BAD_EMAILS), array(NULL, PHORUM_BAD_IPS))); } // Create user if no errors have been encountered. if (empty($error)) { // Setup the default userdata to store. $userdata = array('username' => NULL, 'password' => NULL, 'email' => NULL, 'clubid' => NULL); // Add custom profile fields as acceptable fields. foreach ($PHORUM["PROFILE_FIELDS"] as $id => $field) { if ($id === 'num_fields' || !empty($field['deleted'])) { continue; }
* </hookcode> */ $todo_checks = array('username_empty' => 1, 'username_unique' => 1, 'email_valid' => 1, 'email_unique' => 1, 'password' => 1, 'banlists' => 1); if (isset($PHORUM["hooks"]["before_register_check"])) { list($_POST, $todo_checks, $error) = phorum_api_hook("before_register_check", array($_POST, $todo_checks, $error)); } // Check if all required fields are filled and valid. if ($todo_checks['username_empty'] && (!isset($_POST["username"]) || empty($_POST['username']))) { $error = $PHORUM["DATA"]["LANG"]["ErrUsername"]; } elseif ($todo_checks['email_valid'] && !isset($_POST["email"]) || !phorum_api_mail_check_address($_POST["email"])) { $error = $PHORUM["DATA"]["LANG"]["ErrEmail"]; } elseif ($todo_checks['password'] && (empty($_POST["password"]) || $_POST["password"] != $_POST["password2"])) { $error = $PHORUM["DATA"]["LANG"]["ErrPassword"]; } elseif ($todo_checks['username_unique'] && phorum_api_user_search("username", $_POST["username"])) { $error = $PHORUM["DATA"]["LANG"]["ErrRegisterdName"]; } elseif ($todo_checks['email_unique'] && phorum_api_user_search("email", $_POST["email"])) { $error = $PHORUM["DATA"]["LANG"]["ErrRegisterdEmail"]; } // Check banlists. if ($todo_checks['banlists'] && empty($error)) { $error = phorum_api_ban_check_multi(array(array($_POST["username"], PHORUM_BAD_NAMES), array($_POST["email"], PHORUM_BAD_EMAILS), array(NULL, PHORUM_BAD_IPS))); } // Create user if no errors have been encountered. if (empty($error)) { // Setup the default userdata to store. $userdata = array('username' => NULL, 'password' => NULL, 'email' => NULL, 'real_name' => NULL); // Add custom profile fields as acceptable fields. foreach ($PHORUM["CUSTOM_FIELDS"][PHORUM_CUSTOM_FIELD_USER] as $id => $field) { if ($id === 'num_fields' || !empty($field['deleted'])) { continue; }