/** * Emails password to a user * This will email the given user their password. * * @param string $username Username for which to get and email password * @param int $msg Message number of message to show when done * @return string Optionally returns the HTML for the default form if the user info can't be found */ function emailpassword($username, $msg = 0) { global $_CONF, $_TABLES, $LANG04; $retval = ''; $username = DB_escapeString($username); // don't retrieve any remote users! $result = DB_query("SELECT uid,email,status FROM {$_TABLES['users']} WHERE username = '******' AND ((remoteservice is null) OR (remoteservice = ''))"); $nrows = DB_numRows($result); if ($nrows == 1) { $A = DB_fetchArray($result); if ($_CONF['usersubmission'] == 1 && $A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) { COM_redirect($_CONF['site_url'] . '/index.php?msg=48'); } $mailresult = USER_createAndSendPassword($username, $A['email'], $A['uid']); if ($mailresult == false) { COM_redirect("{$_CONF['site_url']}/index.php?msg=85"); } elseif ($msg) { COM_redirect("{$_CONF['site_url']}/index.php?msg={$msg}"); } else { COM_redirect("{$_CONF['site_url']}/index.php?msg=1"); } } else { $retval = COM_createHTMLDocument(defaultform($LANG04[17]), array('pagetitle' => $LANG04[17])); } return $retval; }
/** * Emails password to a user * * This will email the given user their password. * * @param string $username Username for which to get and email password * @param int $msg Message number of message to show when done * @return string Optionally returns the HTML for the default form if the user info can't be found * */ function emailpassword($username, $msg = 0) { global $_CONF, $_TABLES, $LANG04; $retval = ''; $username = addslashes($username); // don't retrieve any remote users! $result = DB_query("SELECT uid,email,status FROM {$_TABLES['users']} WHERE username = '******' AND ((remoteservice is null) OR (remoteservice = ''))"); $nrows = DB_numRows($result); if ($nrows == 1) { $A = DB_fetchArray($result); if ($_CONF['usersubmission'] == 1 && $A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) { return COM_refresh($_CONF['site_url'] . '/index.php?msg=48'); } $mailresult = USER_createAndSendPassword($username, $A['email'], $A['uid']); if ($mailresult == false) { $retval = COM_refresh("{$_CONF['site_url']}/index.php?msg=85"); } else { if ($msg) { $retval = COM_refresh("{$_CONF['site_url']}/index.php?msg={$msg}"); } else { $retval = COM_refresh("{$_CONF['site_url']}/index.php?msg=1"); } } } else { $retval = COM_siteHeader('menu', $LANG04[17]) . defaultform($LANG04[17]) . COM_siteFooter(); } return $retval; }
/** * This function allows the administrator to import batches of users * * TODO: This function should first display the users that are to be imported, * together with the invalid users and the reason of invalidity. Each valid line * should have a checkbox that allows selection of final to be imported users. * After clicking an extra button, the actual import should take place. This will * prevent problems in case the list formatting is incorrect. * * @return string HTML with success or error message * */ function importusers() { global $_CONF, $_TABLES, $LANG04, $LANG28; // Setting this to true will cause import to print processing status to // webpage and to the error.log file $verbose_import = true; $retval = ''; // Bulk import implies admin authorisation: $_CONF['usersubmission'] = 0; // First, upload the file require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); $upload->setPath($_CONF['path_data']); $upload->setAllowedMimeTypes(array('text/plain' => '.txt')); $upload->setFileNames('user_import_file.txt'); if ($upload->uploadFiles()) { // Good, file got uploaded, now install everything $thefile = current($_FILES); $filename = $_CONF['path_data'] . 'user_import_file.txt'; if (!file_exists($filename)) { // empty upload form $retval = COM_refresh($_CONF['site_admin_url'] . '/user.php?mode=importform'); return $retval; } } else { // A problem occurred, print debug information $retval = COM_showMessageText($upload->printErrors(false), $LANG28[24]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22])); return $retval; } $users = file($filename); $retval .= COM_startBlock($LANG28[31], '', COM_getBlockTemplate('_admin_block', 'header')); // Following variables track import processing statistics $successes = 0; $failures = 0; foreach ($users as $line) { $line = rtrim($line); if (empty($line)) { continue; } list($full_name, $u_name, $email) = explode("\t", $line); $full_name = strip_tags($full_name); $u_name = COM_applyFilter($u_name); $email = COM_applyFilter($email); if ($verbose_import) { $retval .= "<br" . XHTML . "><b>Working on username={$u_name}, fullname={$full_name}, and email={$email}</b><br" . XHTML . ">\n"; COM_errorLog("Working on username={$u_name}, fullname={$full_name}, and email={$email}", 1); } // prepare for database $userName = trim($u_name); $fullName = trim($full_name); $emailAddr = trim($email); if (COM_isEmail($email)) { // email is valid form $ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($userName)); $ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($emailAddr)); if ($ucount == 0 && $ecount == 0) { // user doesn't already exist - pass in optional true for $batchimport parm $uid = USER_createAccount($userName, $emailAddr, '', $fullName, '', '', '', true); $result = USER_createAndSendPassword($userName, $emailAddr, $uid); if ($result) { $successes++; if ($verbose_import) { $retval .= "<br" . XHTML . "> Account for <b>{$u_name}</b> created successfully.<br" . XHTML . ">\n"; COM_errorLog("Account for {$u_name} created successfully", 1); } } else { // user creation failed $retval .= "<br" . XHTML . ">ERROR: There was a problem creating the account for <b>{$u_name}</b>.<br" . XHTML . ">\n"; COM_errorLog("ERROR: here was a problem creating the account for {$u_name}.", 1); } } else { if ($verbose_import) { $retval .= "<br" . XHTML . "><b>{$u_name}</b> or <b>{$email}</b> already exists, account not created.<br" . XHTML . ">\n"; // user already exists COM_errorLog("{$u_name},{$email}: username or email already exists, account not created", 1); } $failures++; } // end if $ucount == 0 && ecount == 0 } else { if ($verbose_import) { $retval .= "<br" . XHTML . "><b>{$email}</b> is not a valid email address, account not created<br" . XHTML . ">\n"; // malformed email COM_errorLog("{$email} is not a valid email address, account not created", 1); } $failures++; } // end if COM_isEmail($email) } // end foreach unlink($filename); $retval .= '<p>' . sprintf($LANG28[32], $successes, $failures); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[24])); return $retval; }
/** * Emails password to a user * * This will email the given user their password. * * @param string $username Username for which to get and email password * @param string $passwd Unencrypted password (optional) * @param int $msg Message number of message to show when done * @return string Optionally returns the HTML for the default form if the user info can't be found * */ function emailpassword($username, $passwd = '', $msg = 0) { global $_CONF, $_TABLES, $LANG04; $retval = ''; $username = DB_escapeString($username); // don't retrieve any remote users! $result = DB_query("SELECT uid,email,status FROM {$_TABLES['users']} WHERE username = '******' AND (account_type & " . LOCAL_USER . ")"); $nrows = DB_numRows($result); if ($nrows == 1) { $A = DB_fetchArray($result); if ($_CONF['usersubmission'] == 1 && $A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) { echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48'); } $mailresult = USER_createAndSendPassword($username, $A['email'], $A['uid'], $passwd); if ($mailresult == false) { echo COM_refresh("{$_CONF['site_url']}/index.php?msg=85"); } else { if ($msg) { echo COM_refresh("{$_CONF['site_url']}/index.php?msg={$msg}"); } else { if ($_CONF['registration_type'] == 1) { echo COM_refresh("{$_CONF['site_url']}/index.php?msg=3"); } else { echo COM_refresh("{$_CONF['site_url']}/index.php?msg=1"); } } } } else { $retval = defaultform(''); } return $retval; }
/** * Moderate user submissions * * Users from the user submission queue are either appoved (an email containing * the password is sent out) or deleted. * * @param int $uid Array of items * @param array $action Action to perform ('delete', 'approve') * @param int $count Number of items * @return string HTML for "command and control" page * */ function moderateusers($uid, $action, $count) { global $_CONF, $_TABLES, $LANG04; $retval = ''; // Set true if an valid action other then delete_all is selected $formaction = false; for ($i = 0; $i < $count; $i++) { if (isset($action[$i]) and $action[$i] != '') { $formaction = true; } else { continue; } switch ($action[$i]) { case 'delete': // Ok, delete everything related to this user if ($uid[$i] > 1) { USER_deleteAccount($uid[$i]); } break; case 'approve': $uid[$i] = COM_applyFilter($uid[$i], true); $result = DB_query("SELECT email,username, uid FROM {$_TABLES['users']} WHERE uid = {$uid[$i]}"); $nrows = DB_numRows($result); if ($nrows == 1) { $A = DB_fetchArray($result); $sql = "UPDATE {$_TABLES['users']} SET status=3 WHERE uid={$A['uid']}"; DB_query($sql); USER_createAndSendPassword($A['username'], $A['email'], $A['uid']); } break; } } // Check if there was no direct action used on the form // and if the delete_all submit action was used if (!$formaction and isset($_POST['delitem'])) { foreach ($_POST['delitem'] as $del_uid) { $del_uid = COM_applyFilter($del_uid, true); if ($del_uid > 1) { USER_deleteAccount($del_uid); } } } $retval .= commandcontrol(SEC_createToken()); return $retval; }
/** * Moderates a single item * * This will actually perform moderation (approve or delete) one or more items * * @param string $action Action to perform ('delete' or 'approve') * @param string $type Type of item ('user', 'draftstory', 'story', etc.) * @param string $id ID of item to approve or delete * @return string HTML for "command and control" page * */ function MODERATE_item($action = '', $type = '', $id = '') { global $_CONF, $_TABLES; $retval = ''; if (empty($action)) { // null action $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null action."); return $retval; } if (empty($type)) { // null item type $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate a null item type."); return $retval; } if (empty($id)) { // null item type $retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null id."); return $retval; } list($key, $table, $fields, $submissiontable) = PLG_getModerationValues($type); switch ($action) { case 'delete': switch ($type) { case 'user': // user if ($id > 1) { USER_deleteAccount($id); } break; case 'story': // story (needs to move to a plugin) DB_delete($submissiontable, "{$key}", $id); break; case 'draftstory': // draft story STORY_deleteStory($id); break; default: // plugin $retval .= PLG_deleteSubmission($type, $id); DB_delete($submissiontable, "{$key}", $id); break; } break; case 'approve': switch ($type) { case 'story': // story (needs to move to a plugin) $result = DB_query("SELECT * FROM {$submissiontable} WHERE {$key} = '{$id}'"); $A = DB_fetchArray($result); $A['related'] = DB_escapeString(implode("\n", STORY_extractLinks($A['introtext']))); $A['owner_id'] = $A['uid']; $A['title'] = DB_escapeString($A['title']); $A['introtext'] = DB_escapeString($A['introtext']); $A['bodytext'] = DB_escapeString($A['bodytext']); $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'"); $T = DB_fetchArray($result); if ($T['archive_flag'] == 1) { $frontpage = 0; } else { if (isset($_CONF['frontpage'])) { $frontpage = $_CONF['frontpage']; } else { $frontpage = 1; } } DB_save($table, 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}"); DB_delete($submissiontable, "{$key}", $id); PLG_itemSaved($A['sid'], 'article'); COM_rdfUpToDateCheck(); COM_olderStuff(); break; case 'draftstory': // draft story DB_query("UPDATE {$table} SET draft_flag = 0 WHERE {$key} = '{$id}'"); COM_rdfUpToDateCheck(); COM_olderStuff(); break; case 'user': // user $result = DB_query("SELECT {$fields} FROM {$table} WHERE {$key} = '{$id}'"); $nrows = DB_numRows($result); if ($nrows == 1) { $A = DB_fetchArray($result); if ($_CONF['registration_type'] == 1) { $sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_VERIFICATION . " WHERE {$key} = '{$A['uid']}'"; } else { $sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_ACTIVATION . " WHERE {$key} = '{$A['uid']}'"; } DB_query($sql); USER_createAndSendPassword($A['username'], $A['email'], $A['uid']); } break; default: // plugin DB_copy($table, $fields, $fields, $submissiontable, $key, $id); $retval .= PLG_approveSubmission($type, $id); break; } break; } // switch ($action) return $retval; }