function edit()
{
$id = WebApp::post('id') === NULL ? '' : intval(WebApp::post('id'));
$this->parent->parent->debug($id);
if (!is_int($id)) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>User ID must be an integer</code>', B_T_FAIL);
}
if ($id == $this->parent->parent->user->getUserID() && !$this->parent->inGroup(1)) {
$this->parent->parent->logEvent($this::name_space, 'Attempted to edit themself');
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot edit yourself</code>', B_T_FAIL);
}
$f_name = WebApp::post('f_name') === NULL ? '' : WebApp::post('f_name');
$s_name = WebApp::post('s_name') === NULL ? '' : WebApp::post('s_name');
$username = WebApp::post('username') === NULL ? '' : WebApp::post('username');
$email = WebApp::post('email') === NULL ? '' : WebApp::post('email');
$n_pwd = WebApp::post('n_pwd') === NULL ? '' : WebApp::post('n_pwd');
$n_pwd_c = WebApp::post('c_pwd') === NULL ? '' : WebApp::post('c_pwd');
$chgPwd = WebApp::post('chgPwd') === NULL ? '' : WebApp::post('chgPwd');
$enabled = WebApp::post('enabled') === NULL ? false : WebApp::post('enabled');
$p_group = WebApp::post('p_group') === NULL ? 3 : WebApp::post('p_group');
$s_groups = WebApp::post('s_group') === NULL ? array() : strgetcsv(WebApp::post('s_group'));
if ($f_name == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>First Name must not be blank</code>', B_T_FAIL);
}
if ($s_name == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Surname must not be blank</code>', B_T_FAIL);
}
if ($username == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Username must not be blank</code>', B_T_FAIL);
}
if ($email == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Email must not be blank</code>', B_T_FAIL);
}
if ($chgPwd == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Change Password must not be blank</code>', B_T_FAIL);
}
if ($enabled == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Enabled must not be blank</code>', B_T_FAIL);
}
if ($p_group == '') {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Primary Group must not be blank</code>', B_T_FAIL);
}
if ($this->parent->inGroup(2, false) && $p_group == 1) {
$this->parent->parent->logEvent($this::name_space, 'Tried to make "' . $username . '" a Super Admin');
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot escalate privileges</code>', B_T_FAIL);
}
if ($this->parent->parent->user->getUserID() == $id && $enabled == false) {
$this->parent->parent->logEvent($this::name_space, 'Tried to disable themself');
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot disable yourself</code>', B_T_FAIL);
}
if ($n_pwd != $n_pwd_c) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>New passwords must match, or both be empty</code>', B_T_FAIL);
}
$clear_sgroup = $this->mySQL_w->prepare("DELETE FROM `core_sgroup` WHERE `user`=?");
$update_sgroup = $this->mySQL_w->prepare("INSERT INTO `core_sgroup` (`user`, `group`) VALUES (?, ?)");
if ($clear_sgroup === false) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Clear query failed</code>', B_T_FAIL);
}
if ($update_sgroup === false) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update sgroup query failed</code>', B_T_FAIL);
}
if ($n_pwd != '') {
$userCtrl = $this->parent->parent->user;
$hash = $userCtrl->ranHash();
$new_pwd = $userCtrl->pwd_hash($n_pwd, $hash) . ':' . $hash;
$update = $this->mySQL_w->prepare("UPDATE `core_users` SET `f_name`=?,`s_name`=?,`email`=?,`en`=?,`chgPwd`=?,`p_group`=?,`pass`=?, `pwd_reset`=`pwd_reset`+1 WHERE `id`=? AND `username`=?");
if ($update === false) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update query failed</code>', B_T_FAIL);
}
$update->bind_param('sssiiisis', $f_name, $s_name, $email, $enabled, $chgPwd, $p_group, $new_pwd, $id, $username);
} else {
$update = $this->mySQL_w->prepare("UPDATE `core_users` SET `f_name`=?,`s_name`=?,`email`=?,`en`=?,`chgPwd`=?,`p_group`=? WHERE `id`=? AND `username`=?");
if ($update === false) {
return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update query failed</code>', B_T_FAIL);
}
$update->bind_param('sssiiiis', $f_name, $s_name, $email, $enabled, $chgPwd, $p_group, $id, $username);
}
$clear_sgroup->bind_param('i', $id);
$update_sgroup->bind_param('ii', $id, $sgroup);
$clear_sgroup->execute();
if (count($s_groups) != 0) {
foreach ($s_groups as $sgroup) {
$this->parent->parent->debug($sgroup);
$update_sgroup->bind_param('ii', $id, $sgroup);
$update_sgroup->execute();
}
}
if ($n_pwd != '') {
$mail = new Emailer();
$mail->Subject = 'Password Changed';
$mail->msgHTML(UserEmail::adminPasswordChange($f_name)['html']);
$mail->AltBody = UserEmail::adminPasswordChange($f_name)['text'];
$mail->addAddress($email, $f_name . ' ' . $s_name);
$mail->send();
}
$update->execute();
$update->store_result();
$this->parent->parent->logEvent($this::name_space, 'Edited user "' . $username . '"');
return new ActionResult($this, '/admin/user/user_view', 1, 'User was edited.', B_T_SUCCESS, array('form' => array('n_pwd' => '', 'c_pwd' => '')));
}
public function send()
{
if (!$this->accessAdminPage(0)) {
return new ActionResult($this, '/admin/email', 0, 'You are not allowed to send emails!', B_T_FAIL);
}
$check = $this->checknames();
if ($check->status == 0) {
return $check;
} else {
Session::del('status_msg', $check->id);
}
$to = WebApp::post('to');
$subject = WebApp::post('subject');
$message = WebApp::post('message');
$mail = new Emailer();
$mail->setFrom($this->parent->parent->user->getUsername() . '@biggleswadesc.org', $this->parent->parent->user->getFullName());
$mail->Subject = $subject;
$mail->msgHTML($message);
$mail->AltBody = 'To view the message, please use an HTML compatible email viewer!';
$to = strgetcsv(WebApp::post('to'));
// Fetches emails from usernames
$user_query = $this->mySQL_r->prepare("SELECT CONCAT(`f_name`, ' ', `s_name`), `email` FROM `core_users` WHERE `username`=?");
// Fetches names and emails from p_group names
$p_group_query = $this->mySQL_r->prepare("SELECT CONCAT(`f_name`, ' ', `s_name`),`email` FROM `core_users`\nINNER JOIN `core_groups` ON `p_group`=`GID` AND `core_groups`.`name`=? AND `type`='p'");
// Fetches names and emails from s_group names through link table (core_sgroup)
$s_group_query = $this->mySQL_r->prepare("SELECT CONCAT(`f_name`, ' ', `s_name`),`email` FROM `core_users`\nINNER JOIN `core_groups` ON `core_groups`.`name`=? AND `type`='s'\nINNER JOIN `core_sgroup` ON `core_sgroup`.`user`=`core_users`.`id` AND `core_groups`.`GID`=`core_sgroup`.`group`");
$email_addresses = array();
foreach ($to as $name) {
$name = trim($name);
if (filter_var($name, FILTER_VALIDATE_EMAIL)) {
$email_addresses[$name] = $name;
} else {
// Check if name is user
$user_query->bind_param('s', $name);
$user_query->bind_result($fullName, $email);
$user_query->execute();
$user_query->store_result();
if ($user_query->num_rows == 1) {
$this->parent->parent->debug($this::name_space . ': Address is for user');
// deal with user
$user_query->fetch();
$email_addresses[$email] = $fullName;
$user_query->free_result();
$user_query->reset();
} else {
// Check if name is pgroup
$user_query->free_result();
$p_group_query->bind_param('s', $name);
$p_group_query->bind_result($fullName, $email);
$p_group_query->execute();
$p_group_query->store_result();
if ($p_group_query->num_rows != 0) {
while ($p_group_query->fetch()) {
$email_addresses[$email] = $fullName;
}
$p_group_query->free_result();
$p_group_query->reset();
} else {
$p_group_query->free_result();
$p_group_query->reset();
// Check sgroup
$s_group_query->bind_param('s', $name);
$s_group_query->bind_result($fullName, $email);
$s_group_query->execute();
$s_group_query->store_result();
if ($s_group_query->num_rows != 0) {
// Deal with sgroup
while ($s_group_query->fetch()) {
$email_addresses[$email] = $fullName;
}
}
$s_group_query->free_result();
$s_group_query->reset();
}
}
}
}
$failed = array();
foreach ($email_addresses as $email => $name) {
$mail->addAddress($email, $name);
if (!$mail->send()) {
$failed[] = $email;
$this->parent->parent->debug($this::name_space . ': Did not send mail to ' . $email);
$this->parent->parent->debug('Reason: ' . $mail->ErrorInfo);
} else {
$this->parent->parent->debug($this::name_space . ': Sent mail to ' . $email);
}
$mail->clearAddresses();
}
if (count($failed) == 0) {
return new ActionResult($this, '/admin/email', 1, 'Email was successfully sent!', B_T_SUCCESS);
} else {
return new ActionResult($this, '/admin/email', 0, 'Email was sent to except:<code>' . implode(', ', $failed) . '</code>', B_T_WARNING);
}
}
