/**
* Emails password to a user
* This will email the given user their password.
*
* @param string $username Username for which to get and email password
* @param int $msg Message number of message to show when done
* @return string Optionally returns the HTML for the default form if the user info can't be found
*/
function emailpassword($username, $msg = 0)
{
global $_CONF, $_TABLES, $LANG04;
$retval = '';
$username = DB_escapeString($username);
// don't retrieve any remote users!
$result = DB_query("SELECT uid,email,status FROM {$_TABLES['users']} WHERE username = '******' AND ((remoteservice is null) OR (remoteservice = ''))");
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
if ($_CONF['usersubmission'] == 1 && $A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
COM_redirect($_CONF['site_url'] . '/index.php?msg=48');
}
$mailresult = USER_createAndSendPassword($username, $A['email'], $A['uid']);
if ($mailresult == false) {
COM_redirect("{$_CONF['site_url']}/index.php?msg=85");
} elseif ($msg) {
COM_redirect("{$_CONF['site_url']}/index.php?msg={$msg}");
} else {
COM_redirect("{$_CONF['site_url']}/index.php?msg=1");
}
} else {
$retval = COM_createHTMLDocument(defaultform($LANG04[17]), array('pagetitle' => $LANG04[17]));
}
return $retval;
}
/**
* Emails password to a user
*
* This will email the given user their password.
*
* @param string $username Username for which to get and email password
* @param int $msg Message number of message to show when done
* @return string Optionally returns the HTML for the default form if the user info can't be found
*
*/
function emailpassword($username, $msg = 0)
{
global $_CONF, $_TABLES, $LANG04;
$retval = '';
$username = addslashes($username);
// don't retrieve any remote users!
$result = DB_query("SELECT uid,email,status FROM {$_TABLES['users']} WHERE username = '******' AND ((remoteservice is null) OR (remoteservice = ''))");
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
if ($_CONF['usersubmission'] == 1 && $A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=48');
}
$mailresult = USER_createAndSendPassword($username, $A['email'], $A['uid']);
if ($mailresult == false) {
$retval = COM_refresh("{$_CONF['site_url']}/index.php?msg=85");
} else {
if ($msg) {
$retval = COM_refresh("{$_CONF['site_url']}/index.php?msg={$msg}");
} else {
$retval = COM_refresh("{$_CONF['site_url']}/index.php?msg=1");
}
}
} else {
$retval = COM_siteHeader('menu', $LANG04[17]) . defaultform($LANG04[17]) . COM_siteFooter();
}
return $retval;
}
/**
* This function allows the administrator to import batches of users
*
* TODO: This function should first display the users that are to be imported,
* together with the invalid users and the reason of invalidity. Each valid line
* should have a checkbox that allows selection of final to be imported users.
* After clicking an extra button, the actual import should take place. This will
* prevent problems in case the list formatting is incorrect.
*
* @return string HTML with success or error message
*
*/
function importusers()
{
global $_CONF, $_TABLES, $LANG04, $LANG28;
// Setting this to true will cause import to print processing status to
// webpage and to the error.log file
$verbose_import = true;
$retval = '';
// Bulk import implies admin authorisation:
$_CONF['usersubmission'] = 0;
// First, upload the file
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
$upload->setPath($_CONF['path_data']);
$upload->setAllowedMimeTypes(array('text/plain' => '.txt'));
$upload->setFileNames('user_import_file.txt');
if ($upload->uploadFiles()) {
// Good, file got uploaded, now install everything
$thefile = current($_FILES);
$filename = $_CONF['path_data'] . 'user_import_file.txt';
if (!file_exists($filename)) {
// empty upload form
$retval = COM_refresh($_CONF['site_admin_url'] . '/user.php?mode=importform');
return $retval;
}
} else {
// A problem occurred, print debug information
$retval = COM_showMessageText($upload->printErrors(false), $LANG28[24]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
return $retval;
}
$users = file($filename);
$retval .= COM_startBlock($LANG28[31], '', COM_getBlockTemplate('_admin_block', 'header'));
// Following variables track import processing statistics
$successes = 0;
$failures = 0;
foreach ($users as $line) {
$line = rtrim($line);
if (empty($line)) {
continue;
}
list($full_name, $u_name, $email) = explode("\t", $line);
$full_name = strip_tags($full_name);
$u_name = COM_applyFilter($u_name);
$email = COM_applyFilter($email);
if ($verbose_import) {
$retval .= "<br" . XHTML . "><b>Working on username={$u_name}, fullname={$full_name}, and email={$email}</b><br" . XHTML . ">\n";
COM_errorLog("Working on username={$u_name}, fullname={$full_name}, and email={$email}", 1);
}
// prepare for database
$userName = trim($u_name);
$fullName = trim($full_name);
$emailAddr = trim($email);
if (COM_isEmail($email)) {
// email is valid form
$ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($userName));
$ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($emailAddr));
if ($ucount == 0 && $ecount == 0) {
// user doesn't already exist - pass in optional true for $batchimport parm
$uid = USER_createAccount($userName, $emailAddr, '', $fullName, '', '', '', true);
$result = USER_createAndSendPassword($userName, $emailAddr, $uid);
if ($result) {
$successes++;
if ($verbose_import) {
$retval .= "<br" . XHTML . "> Account for <b>{$u_name}</b> created successfully.<br" . XHTML . ">\n";
COM_errorLog("Account for {$u_name} created successfully", 1);
}
} else {
// user creation failed
$retval .= "<br" . XHTML . ">ERROR: There was a problem creating the account for <b>{$u_name}</b>.<br" . XHTML . ">\n";
COM_errorLog("ERROR: here was a problem creating the account for {$u_name}.", 1);
}
} else {
if ($verbose_import) {
$retval .= "<br" . XHTML . "><b>{$u_name}</b> or <b>{$email}</b> already exists, account not created.<br" . XHTML . ">\n";
// user already exists
COM_errorLog("{$u_name},{$email}: username or email already exists, account not created", 1);
}
$failures++;
}
// end if $ucount == 0 && ecount == 0
} else {
if ($verbose_import) {
$retval .= "<br" . XHTML . "><b>{$email}</b> is not a valid email address, account not created<br" . XHTML . ">\n";
// malformed email
COM_errorLog("{$email} is not a valid email address, account not created", 1);
}
$failures++;
}
// end if COM_isEmail($email)
}
// end foreach
unlink($filename);
$retval .= '<p>' . sprintf($LANG28[32], $successes, $failures);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[24]));
return $retval;
}
/**
* Emails password to a user
*
* This will email the given user their password.
*
* @param string $username Username for which to get and email password
* @param string $passwd Unencrypted password (optional)
* @param int $msg Message number of message to show when done
* @return string Optionally returns the HTML for the default form if the user info can't be found
*
*/
function emailpassword($username, $passwd = '', $msg = 0)
{
global $_CONF, $_TABLES, $LANG04;
$retval = '';
$username = DB_escapeString($username);
// don't retrieve any remote users!
$result = DB_query("SELECT uid,email,status FROM {$_TABLES['users']} WHERE username = '******' AND (account_type & " . LOCAL_USER . ")");
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
if ($_CONF['usersubmission'] == 1 && $A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=48');
}
$mailresult = USER_createAndSendPassword($username, $A['email'], $A['uid'], $passwd);
if ($mailresult == false) {
echo COM_refresh("{$_CONF['site_url']}/index.php?msg=85");
} else {
if ($msg) {
echo COM_refresh("{$_CONF['site_url']}/index.php?msg={$msg}");
} else {
if ($_CONF['registration_type'] == 1) {
echo COM_refresh("{$_CONF['site_url']}/index.php?msg=3");
} else {
echo COM_refresh("{$_CONF['site_url']}/index.php?msg=1");
}
}
}
} else {
$retval = defaultform('');
}
return $retval;
}
/**
* Moderate user submissions
*
* Users from the user submission queue are either appoved (an email containing
* the password is sent out) or deleted.
*
* @param int $uid Array of items
* @param array $action Action to perform ('delete', 'approve')
* @param int $count Number of items
* @return string HTML for "command and control" page
*
*/
function moderateusers($uid, $action, $count)
{
global $_CONF, $_TABLES, $LANG04;
$retval = '';
// Set true if an valid action other then delete_all is selected
$formaction = false;
for ($i = 0; $i < $count; $i++) {
if (isset($action[$i]) and $action[$i] != '') {
$formaction = true;
} else {
continue;
}
switch ($action[$i]) {
case 'delete':
// Ok, delete everything related to this user
if ($uid[$i] > 1) {
USER_deleteAccount($uid[$i]);
}
break;
case 'approve':
$uid[$i] = COM_applyFilter($uid[$i], true);
$result = DB_query("SELECT email,username, uid FROM {$_TABLES['users']} WHERE uid = {$uid[$i]}");
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
$sql = "UPDATE {$_TABLES['users']} SET status=3 WHERE uid={$A['uid']}";
DB_query($sql);
USER_createAndSendPassword($A['username'], $A['email'], $A['uid']);
}
break;
}
}
// Check if there was no direct action used on the form
// and if the delete_all submit action was used
if (!$formaction and isset($_POST['delitem'])) {
foreach ($_POST['delitem'] as $del_uid) {
$del_uid = COM_applyFilter($del_uid, true);
if ($del_uid > 1) {
USER_deleteAccount($del_uid);
}
}
}
$retval .= commandcontrol(SEC_createToken());
return $retval;
}
/**
* Moderates a single item
*
* This will actually perform moderation (approve or delete) one or more items
*
* @param string $action Action to perform ('delete' or 'approve')
* @param string $type Type of item ('user', 'draftstory', 'story', etc.)
* @param string $id ID of item to approve or delete
* @return string HTML for "command and control" page
*
*/
function MODERATE_item($action = '', $type = '', $id = '')
{
global $_CONF, $_TABLES;
$retval = '';
if (empty($action)) {
// null action
$retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null action.");
return $retval;
}
if (empty($type)) {
// null item type
$retval .= COM_errorLog("Submissions Error: An attempt was made to moderate a null item type.");
return $retval;
}
if (empty($id)) {
// null item type
$retval .= COM_errorLog("Submissions Error: An attempt was made to moderate an item with a null id.");
return $retval;
}
list($key, $table, $fields, $submissiontable) = PLG_getModerationValues($type);
switch ($action) {
case 'delete':
switch ($type) {
case 'user':
// user
if ($id > 1) {
USER_deleteAccount($id);
}
break;
case 'story':
// story (needs to move to a plugin)
DB_delete($submissiontable, "{$key}", $id);
break;
case 'draftstory':
// draft story
STORY_deleteStory($id);
break;
default:
// plugin
$retval .= PLG_deleteSubmission($type, $id);
DB_delete($submissiontable, "{$key}", $id);
break;
}
break;
case 'approve':
switch ($type) {
case 'story':
// story (needs to move to a plugin)
$result = DB_query("SELECT * FROM {$submissiontable} WHERE {$key} = '{$id}'");
$A = DB_fetchArray($result);
$A['related'] = DB_escapeString(implode("\n", STORY_extractLinks($A['introtext'])));
$A['owner_id'] = $A['uid'];
$A['title'] = DB_escapeString($A['title']);
$A['introtext'] = DB_escapeString($A['introtext']);
$A['bodytext'] = DB_escapeString($A['bodytext']);
$result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'");
$T = DB_fetchArray($result);
if ($T['archive_flag'] == 1) {
$frontpage = 0;
} else {
if (isset($_CONF['frontpage'])) {
$frontpage = $_CONF['frontpage'];
} else {
$frontpage = 1;
}
}
DB_save($table, 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}");
DB_delete($submissiontable, "{$key}", $id);
PLG_itemSaved($A['sid'], 'article');
COM_rdfUpToDateCheck();
COM_olderStuff();
break;
case 'draftstory':
// draft story
DB_query("UPDATE {$table} SET draft_flag = 0 WHERE {$key} = '{$id}'");
COM_rdfUpToDateCheck();
COM_olderStuff();
break;
case 'user':
// user
$result = DB_query("SELECT {$fields} FROM {$table} WHERE {$key} = '{$id}'");
$nrows = DB_numRows($result);
if ($nrows == 1) {
$A = DB_fetchArray($result);
if ($_CONF['registration_type'] == 1) {
$sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_VERIFICATION . " WHERE {$key} = '{$A['uid']}'";
} else {
$sql = "UPDATE {$table} SET status=" . USER_ACCOUNT_AWAITING_ACTIVATION . " WHERE {$key} = '{$A['uid']}'";
}
DB_query($sql);
USER_createAndSendPassword($A['username'], $A['email'], $A['uid']);
}
break;
default:
// plugin
DB_copy($table, $fields, $fields, $submissiontable, $key, $id);
$retval .= PLG_approveSubmission($type, $id);
break;
}
break;
}
// switch ($action)
return $retval;
}
