/**
* Validates permissions and parameters.
*/
public function validateDelete()
{
// read and validate user objects
parent::validateDelete();
$userIDs = array();
foreach ($this->objects as $user) {
// you cannot delete yourself
if ($user->userID == WCF::getUser()->userID) {
continue;
}
$userIDs[] = $user->userID;
}
// list might be empty because only our own user id was given
if (empty($userIDs)) {
throw new ValidateActionException("Invalid object id");
}
// validate groups
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("userID IN (?)", array($userIDs));
$sql = "SELECT\tDISTINCT groupID\n\t\t\tFROM\twcf" . WCF_N . "_user_to_group\n\t\t\t" . $conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$groupIDs = array();
while ($row = $statement->fetchArray()) {
$groupIDs[] = $row['groupID'];
}
if (!UserGroup::isAccessibleGroup($groupIDs)) {
throw new ValidateActionException('Insufficient permissions');
}
}
/**
* @see wcf\page\IPage::readParameters()
*/
public function readParameters() {
if (isset($_REQUEST['id'])) $this->userID = intval($_REQUEST['id']);
$user = new User($this->userID);
if (!$user->userID) {
throw new IllegalLinkException();
}
$this->user = new UserEditor($user);
if (!UserGroup::isAccessibleGroup($this->user->getGroupIDs())) {
throw new PermissionDeniedException();
}
parent::readParameters();
}
/**
* @see \wcf\system\search\acp\IACPSearchResultProvider::search()
*/
public function search($query)
{
if (!WCF::getSession()->getPermission('admin.user.canEditUser')) {
return array();
}
$results = array();
$sql = "SELECT\t*\n\t\t\tFROM\twcf" . WCF_N . "_user\n\t\t\tWHERE\tusername LIKE ?";
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array($query . '%'));
while ($user = $statement->fetchObject('wcf\\data\\user\\User')) {
if (UserGroup::isAccessibleGroup($user->getGroupIDs())) {
$results[] = new ACPSearchResult($user->username, LinkHandler::getInstance()->getLink('UserEdit', array('object' => $user)));
}
}
return $results;
}
/**
* @see wcf\page\IPage::readParameters()
*/
public function readParameters()
{
parent::readParameters();
if (isset($_REQUEST['id'])) {
$this->userID = intval($_REQUEST['id']);
}
$user = new User($this->userID);
if (!$user->userID) {
throw new IllegalLinkException();
}
$this->user = new UserEditor($user);
if (!UserGroup::isAccessibleGroup($this->user->getGroupIDs())) {
throw new PermissionDeniedException();
}
$this->optionHandler->setUser($this->user->getDecoratedObject());
$this->optionHandler->showEmptyOptions();
}
/**
* @see \wcf\page\IPage::assignVariables()
*/
public function assignVariables()
{
parent::assignVariables();
WCF::getTPL()->assign(array('editOnInit' => $this->editOnInit, 'overviewObjectType' => $this->objectType, 'profileContent' => $this->profileContent, 'userID' => $this->userID, 'user' => $this->user, 'followers' => $this->followerList->getObjects(), 'followerCount' => $this->followerList->countObjects(), 'following' => $this->followingList->getObjects(), 'followingCount' => $this->followingList->countObjects(), 'visitors' => $this->visitorList !== null ? $this->visitorList->getObjects() : array(), 'visitorCount' => $this->visitorList !== null ? $this->visitorList->countObjects() : 0, 'allowSpidersToIndexThisPage' => true, 'isAccessible' => UserGroup::isAccessibleGroup($this->user->getGroupIDs())));
}
/**
* @todo add documentation
*/
protected function fetchUsers($loopFunction = null) {
// select users
$sql = "SELECT user.*
FROM wcf".WCF_N."_user user
LEFT JOIN wcf".WCF_N."_user_option_value option_value
ON (option_value.userID = user.userID)
".$this->conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute(array($this->conditions->getParameters()));
$users = array();
while ($row = $statement->fetchArray()) {
$users[$row['userID']] = $row;
}
// select group ids
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("userID = ?", array(array_keys($users)));
$sql = "SELECT userID, groupID
FROM wcf".WCF_N."_user_to_group
".$conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$groupIDs = array();
while ($row = $statement->fetchArray()) {
if (!is_array($groupIDs[$row['userID']])) {
$groupIDs[$row['userID']] = array();
}
$groupIDs[$row['userID']][] = $row['groupID'];
}
foreach ($users as $userID => $userData) {
if (!UserGroup::isAccessibleGroup($groupIDs[$userID])) {
throw new PermissionDeniedException();
}
if ($loopFunction !== null) {
$loopFunction($userID, $userData);
}
$userIDArray[] = $userID;
$this->affectedUsers++;
}
return $userIDArray;
}
/**
* Validates accessible groups.
*
* @param boolean $ignoreOwnUser
*/
protected function __validateAccessibleGroups($ignoreOwnUser = true)
{
if ($ignoreOwnUser) {
if (in_array(WCF::getUser()->userID, $this->objectIDs)) {
unset($this->objectIDs[array_search(WCF::getUser()->userID, $this->objectIDs)]);
if (isset($this->objects[WCF::getUser()->userID])) {
unset($this->objects[WCF::getUser()->userID]);
}
}
}
// list might be empty because only our own user id was given
if (empty($this->objectIDs)) {
throw new UserInputException('objectIDs');
}
// validate groups
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("userID IN (?)", array($this->objectIDs));
$sql = "SELECT\tDISTINCT groupID\n\t\t\tFROM\twcf" . WCF_N . "_user_to_group\n\t\t\t" . $conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$groupIDs = array();
while ($row = $statement->fetchArray()) {
$groupIDs[] = $row['groupID'];
}
if (!UserGroup::isAccessibleGroup($groupIDs)) {
throw new PermissionDeniedException();
}
}
/**
* Gets the list of results.
*/
protected function readUsers()
{
// get user ids
$userIDs = array();
$sql = "SELECT\t\tuser_table.userID\n\t\t\tFROM\t\twcf" . WCF_N . "_user user_table\n\t\t\t" . (isset($this->options[$this->sortField]) ? "LEFT JOIN wcf" . WCF_N . "_user_option_value user_option_value ON (user_option_value.userID = user_table.userID)" : '') . "\n\t\t\t" . $this->conditions . "\n\t\t\tORDER BY\t" . ($this->sortField != 'email' && isset($this->options[$this->sortField]) ? 'user_option_value.userOption' . $this->options[$this->sortField]['optionID'] : $this->sortField) . " " . $this->sortOrder;
$statement = WCF::getDB()->prepareStatement($sql, $this->itemsPerPage, ($this->pageNo - 1) * $this->itemsPerPage);
$statement->execute($this->conditions->getParameters());
while ($row = $statement->fetchArray()) {
$userIDs[] = $row['userID'];
}
// get user data
if (count($userIDs)) {
$userToGroups = array();
// get group ids
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("user_table.userID IN (?)", array($userIDs));
$sql = "SELECT\tuserID, groupID\n\t\t\t\tFROM\twcf" . WCF_N . "_user_to_group user_table\n\t\t\t\t" . $conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
while ($row = $statement->fetchArray()) {
$userToGroups[$row['userID']][] = $row['groupID'];
}
$sql = "SELECT\t\toption_value.*, user_table.*\n\t\t\t\tFROM\t\twcf" . WCF_N . "_user user_table\n\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value\n\t\t\t\tON\t\t(option_value.userID = user_table.userID)\n\t\t\t\t" . $conditions . "\n\t\t\t\tORDER BY\t" . ($this->sortField != 'email' && isset($this->options[$this->sortField]) ? 'option_value.userOption' . $this->options[$this->sortField]['optionID'] : 'user_table.' . $this->sortField) . " " . $this->sortOrder;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
while ($row = $statement->fetchArray()) {
$row['groupIDs'] = implode(',', $userToGroups[$row['userID']]);
$accessible = UserGroup::isAccessibleGroup($userToGroups[$row['userID']]);
$row['accessible'] = $accessible;
$row['deletable'] = $accessible && WCF::getSession()->getPermission('admin.user.canDeleteUser') && $row['userID'] != WCF::getUser()->userID ? 1 : 0;
$row['editable'] = $accessible && WCF::getSession()->getPermission('admin.user.canEditUser') ? 1 : 0;
$row['isMarked'] = intval(in_array($row['userID'], $this->markedUsers));
$this->users[] = new User(null, $row);
}
// get special columns
foreach ($this->users as $key => $user) {
foreach ($this->columns as $column) {
switch ($column) {
case 'email':
$this->columnValues[$user->userID][$column] = '<a href="mailto:' . StringUtil::encodeHTML($user->email) . '">' . StringUtil::encodeHTML($user->email) . '</a>';
break;
case 'registrationDate':
$this->columnValues[$user->userID][$column] = DateUtil::format(DateUtil::getDateTimeByTimestamp($user->{$column}), DateUtil::DATE_FORMAT);
break;
default:
if (isset($this->options[$column])) {
if ($this->options[$column]->outputClass) {
$this->options[$column]->setOptionValue($user);
$outputObj = $this->options[$column]->getOutputObject();
$this->columnValues[$user->userID][$column] = $outputObj->getOutput($user, $this->options[$column]->getDecoratedObject(), $user->{$column});
} else {
$this->columnValues[$user->userID][$column] = StringUtil::encodeHTML($user->{$column});
}
}
break;
}
}
}
}
}
/**
* Returns the ids of the users which can be deleted.
*
* @return array<integer>
*/
protected function validateDelete() {
// check permissions
if (!WCF::getSession()->getPermission('admin.user.canDeleteUser')) {
return 0;
}
// user cannot delete itself
$userIDs = array_keys($this->objects);
foreach ($userIDs as $index => $userID) {
if ($userID == WCF::getUser()->userID) {
unset($userIDs[$index]);
}
}
// no valid users found
if (empty($userIDs)) return array();
// fetch user to group associations
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("userID IN (?)", array($userIDs));
$sql = "SELECT userID, groupID
FROM wcf".WCF_N."_user_to_group
".$conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$userToGroup = array();
while ($row = $statement->fetchArray()) {
if (!isset($userToGroup[$row['userID']])) {
$userToGroup[$row['userID']] = array();
}
$userToGroup[$row['userID']][] = $row['groupID'];
}
// validate if user's group is accessible for current user
foreach ($userIDs as $userID) {
if (!isset($userToGroup[$userID]) || !UserGroup::isAccessibleGroup($userToGroup[$userID])) {
unset($userIDs[$userID]);
}
}
return $userIDs;
}
/**
* Fetches a list of users.
*
* @param mixed $loopFunction
* @return array<integer>
*/
public function fetchUsers($loopFunction = null)
{
// select users
$sql = "SELECT\t\tuser_table.*\n\t\t\tFROM\t\twcf" . WCF_N . "_user user_table\n\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value\n\t\t\tON\t\t(option_value.userID = user_table.userID)\n\t\t\t" . $this->conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($this->conditions->getParameters());
$users = array();
while ($row = $statement->fetchArray()) {
$users[$row['userID']] = $row;
}
if (empty($users)) {
return array();
}
// select group ids
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("userID IN (?)", array(array_keys($users)));
$sql = "SELECT\tuserID, groupID\n\t\t\tFROM\twcf" . WCF_N . "_user_to_group\n\t\t\t" . $conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$groupIDs = array();
while ($row = $statement->fetchArray()) {
if (!isset($groupIDs[$row['userID']])) {
$groupIDs[$row['userID']] = array();
}
$groupIDs[$row['userID']][] = $row['groupID'];
}
foreach ($users as $userID => $userData) {
if (!empty($groupIDs[$userID]) && !UserGroup::isAccessibleGroup($groupIDs[$userID])) {
throw new PermissionDeniedException();
}
if ($loopFunction !== null) {
$loopFunction($userID, $userData);
}
$userIDs[] = $userID;
$this->affectedUsers++;
}
return $userIDs;
}
/**
* @see wcf\form\IForm::validate()
*/
public function validate() {
// validate static user options
try {
$this->validateUsername($this->username);
}
catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
try {
$this->validateEmail($this->email, $this->confirmEmail);
}
catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
try {
$this->validatePassword($this->password, $this->confirmPassword);
}
catch (UserInputException $e) {
$this->errorType[$e->getField()] = $e->getType();
}
// validate user groups
if (!empty($this->groupIDs)) {
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("groupID IN (?)", array($this->groupIDs));
$conditions->add("groupType NOT IN (?)", array(array(UserGroup::GUESTS, UserGroup::EVERYONE, UserGroup::USERS)));
$sql = "SELECT groupID
FROM wcf".WCF_N."_user_group
".$conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$this->groupIDs = array();
while ($row = $statement->fetchArray()) {
if (UserGroup::isAccessibleGroup(array($row['groupID']))) {
$this->groupIDs[] = $row['groupID'];
}
}
}
// validate user language
$language = LanguageFactory::getInstance()->getLanguage($this->languageID);
if ($language === null || !$language->languageID) {
// use default language
$this->languageID = LanguageFactory::getInstance()->getDefaultLanguageID();
}
// validate visible languages
foreach ($this->visibleLanguages as $key => $visibleLanguage) {
$language = LanguageFactory::getInstance()->getLanguage($visibleLanguage);
if (!$language->languageID || !$language->hasContent) {
unset($this->visibleLanguages[$key]);
}
}
if (empty($this->visibleLanguages) && ($language = LanguageFactory::getInstance()->getLanguage($this->languageID)) && $language->hasContent) {
$this->visibleLanguages[] = $this->languageID;
}
// validate dynamic options
parent::validate();
}
/**
* Returns true if the active user can edit this user.
*
* @return boolean
*/
public function canEdit() {
return (WCF::getSession()->getPermission('admin.user.canEditUser') && UserGroup::isAccessibleGroup($this->getGroupIDs()));
}
/**
* Validates accessible groups.
*
* @return array<integer>
*/
protected function __validateAccessibleGroups(array $userIDs, $ignoreOwnUser = true)
{
if ($ignoreOwnUser) {
foreach ($userIDs as $index => $userID) {
if ($userID == WCF::getUser()->userID) {
unset($userIDs[$index]);
}
}
}
// no valid users found
if (empty($userIDs)) {
return array();
}
// fetch user to group associations
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("userID IN (?)", array($userIDs));
$sql = "SELECT\tuserID, groupID\n\t\t\tFROM\twcf" . WCF_N . "_user_to_group\n\t\t\t" . $conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$userToGroup = array();
while ($row = $statement->fetchArray()) {
if (!isset($userToGroup[$row['userID']])) {
$userToGroup[$row['userID']] = array();
}
$userToGroup[$row['userID']][] = $row['groupID'];
}
// validate if user's group is accessible for current user
foreach ($userIDs as $userID) {
if (!isset($userToGroup[$userID]) || !UserGroup::isAccessibleGroup($userToGroup[$userID])) {
unset($userIDs[$userID]);
}
}
return $userIDs;
}
/**
* Returns true if current user may edit this group.
*
* @return boolean
*/
public function isEditable()
{
// insufficient permissions
if (!WCF::getSession()->getPermission('admin.user.canEditGroup')) {
return false;
}
// user cannot edit this group
if (!UserGroup::isAccessibleGroup(array($this->groupID))) {
return false;
}
return true;
}
/**
* @see wcf\form\IForm::save()
*/
public function save()
{
parent::save();
$conditions = new PreparedStatementConditionBuilder();
$conditions->add("userID IN (?)", array($this->userIDs));
$sql = "SELECT\tuserID, groupID\n\t\t\tFROM\twcf" . WCF_N . "_user_to_group\n\t\t\t" . $conditions;
$statement = WCF::getDB()->prepareStatement($sql);
$statement->execute($conditions->getParameters());
$groups = array();
while ($row = $statement->fetchArray()) {
$groups[$row['userID']][] = $row['groupID'];
}
foreach ($this->users as $user) {
if (!UserGroup::isAccessibleGroup($groups[$user->userID])) {
throw new PermissionDeniedException();
}
$groupsIDs = array_merge($groups[$user->userID], $this->groupIDs);
$groupsIDs = array_unique($groupsIDs);
$userEditor = new UserEditor($user);
$userEditor->addToGroups($groupsIDs, true, false);
}
ClipboardHandler::getInstance()->removeItems($this->typeID);
SessionHandler::resetSessions($this->userIDs);
$this->saved();
WCF::getTPL()->assign('message', 'wcf.acp.user.assignToGroup.success');
WCF::getTPL()->display('success');
exit;
}
