static function checkuser($usergroups = array()) { global $serendipity; static $debug = false; if (!empty($serendipity['GET']['adduser_activation']) && !empty($_GET['r'])) { $string = $serendipity['GET']['adduser_activation']; $q = "SELECT * FROM {$serendipity['dbPrefix']}pending_authors WHERE hash = '" . serendipity_db_escape_string($string) . "' LIMIT 1"; if ($debug) { echo "[debug] QUERY: {$q}<br />\n"; } $author = serendipity_db_query($q, true); serendipity_common_adduser::sendMail($author['username'], function_exists('serendipity_specialchars') ? serendipity_specialchars($string) : htmlspecialchars($string, ENT_COMPAT, LANG_CHARSET), $author['email'], false, false); echo PLUGIN_ADDUSER_SENTMAIL_APPROVE_ADMIN; return true; } if (!empty($serendipity['GET']['adduser_activation'])) { $string = $serendipity['GET']['adduser_activation']; unset($serendipity['GET']['adduser_activation']); if (strlen($string) != 32) { echo PLUGIN_ADDUSER_WRONG_ACTIVATION . '<hr />'; return false; } $q = "SELECT * FROM {$serendipity['dbPrefix']}pending_authors WHERE hash = '" . serendipity_db_escape_string($string) . "' LIMIT 1"; if ($debug) { echo "[debug] QUERY: {$q}<br />\n"; } $author = serendipity_db_query($q, true); if ($debug) { echo "[debug] RESULT: " . print_r($author, true) . "<br />\n"; } if (is_array($author)) { $user = serendipity_db_query("SELECT authorid FROM {$serendipity['dbPrefix']}authors WHERE username = '******'username']) . "'", true); if (is_array($user) && !empty($user['authorid'])) { printf(PLUGIN_ADDUSER_EXISTS . '<hr />', function_exists('serendipity_specialchars') ? serendipity_specialchars($author['username']) : htmlspecialchars($author['username'], ENT_COMPAT, LANG_CHARSET)); return false; } $newID = serendipity_addAuthor($author['username'], '', $author['username'], $author['email'], $author['userlevel']); if ($debug) { echo "[debug] serendipity_addAuthor: {$newID}<br />\n"; } if ($newID) { serendipity_db_query("UPDATE {$serendipity['dbPrefix']}authors\n SET right_publish = '" . ($author['right_publish'] ? '1' : '0') . "',\n password = '******'password'] . "'\n WHERE authorid = " . (int) $newID); serendipity_set_config_var('no_create', $author['no_create'], $newID); serendipity_set_config_var('lang', $serendipity['lang'], $newID); // Fetch default properties for new authors as configured. // Only set values for the keys that are supported (all booleans currently!) $config = serendipity_db_query("SELECT name, value FROM {$serendipity['dbPrefix']}config WHERE name LIKE 'serendipity_plugin_adduser:%'"); $pair_config = array('wysiwyg' => '', 'simpleFilters' => '', 'enableBackendPopup' => '', 'moderateCommentsDefault' => '', 'allowCommentsDefault' => '', 'showMediaToolbar' => '', 'use_autosave' => ''); if (is_array($config)) { foreach ($config as $conf) { $names = explode('/', $conf['name']); if (isset($pair_config[$names[1]])) { $pair_config[$names[1]] = serendipity_get_bool($conf['value']); serendipity_set_config_var($names[1], $pair_config['wysiwyg'], $newID); } } } if (is_array($usergroups) && function_exists('serendipity_updateGroups')) { if ($debug) { echo "[debug] update groups: " . print_r($usergroups, true) . "<br />\n"; } serendipity_updateGroups($usergroups, $newID, false); } elseif ($debug) { echo "[debug] no group addition: " . print_r($usergroups, true) . "<br />\n"; } } elseif ($debug) { echo "[debug] serendipity_addAuthor() failed!<br />\n"; } } $q = "SELECT authorid FROM {$serendipity['dbPrefix']}authors\n WHERE username = '******'username'] . "'\n AND password = '******'password'] . "'\n LIMIT 1"; $newauthor = serendipity_db_query($q, true); if (is_array($newauthor) && $newauthor['authorid'] > 0) { echo PLUGIN_ADDUSER_SUCCEED . '<hr />'; serendipity_db_query("DELETE FROM {$serendipity['dbPrefix']}pending_authors WHERE hash = '" . serendipity_db_escape_string($string) . "'"); return true; } else { if ($debug) { echo "[debug] QUERY: {$q}<br />\n"; echo "[debug] RESULT: " . print_r($newauthor, true) . "<br />\n"; } echo PLUGIN_ADDUSER_FAILED . '<hr />'; return false; } } return false; }
} elseif ($groupval == 2 && in_array(3, $valid_groups)) { // Admin is allowed to assign users to chief editors continue; } elseif ($groupval == 1 && in_array(2, $valid_groups)) { // Chief is allowed to assign users to editors continue; } unset($_POST[$item['var']][$groupkey]); } } else { continue; } if (count($_POST[$item['var']]) < 1) { echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . WARNING_NO_GROUPS_SELECTED . '</div>'; } else { serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false); } continue; } if (serendipity_checkConfigItemFlags($item, 'local')) { serendipity_set_user_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user'], $serendipity['authorid'] == $serendipity['POST']['user'] ? true : false); } if (serendipity_checkConfigItemFlags($item, 'configuration')) { serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user']); } } } $pl_data = array('id' => $serendipity['POST']['authorid'], 'authorid' => $serendipity['POST']['authorid'], 'username' => $_POST['username'], 'realname' => $_POST['realname'], 'email' => $_POST['email']); serendipity_updatePermalink($pl_data, 'author'); serendipity_plugin_api::hook_event('backend_users_edit', $pl_data); printf('<div class="serendipityAdminMsgSuccess"><img style="height: 22px; width: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_success.png') . '" alt="" />' . MODIFIED_USER . '</div>', htmlspecialchars($_POST['realname']));