/**
* @param integer $id
* @param null|PdoDatabase $database
* @return Comment[]
* @throws Exception
*/
public static function getForRequest($id, PdoDatabase $database = null)
{
if ($database == null) {
$database = gGetDb();
}
if (User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
// current user is an admin or checkuser, so retrieve everything.
$statement = $database->prepare("SELECT * FROM comment WHERE request = :target;");
} else {
// current user isn't an admin, so limit to only those which are visible to users, and private comments
// the user has posted themselves.
$statement = $database->prepare(<<<SQL
SELECT * FROM comment
WHERE request = :target AND (visibility = 'user' OR user = :userid);
SQL
);
$statement->bindValue(":userid", User::getCurrent()->getId());
}
$statement->bindValue(":target", $id);
$statement->execute();
$result = array();
/** @var Comment $v */
foreach ($statement->fetchAll(PDO::FETCH_CLASS, get_called_class()) as $v) {
$v->isNew = false;
$v->setDatabase($database);
$result[] = $v;
}
return $result;
}
/**
* Send a "close pend ticket" email to the end user. (created, taken, etc...)
*/
function sendemail($messageno, $target, $id)
{
$template = EmailTemplate::getById($messageno, gGetDb());
$headers = 'From: accounts-enwiki-l@lists.wikimedia.org';
// Get the closing user's Email signature and append it to the Email.
if (User::getCurrent()->getEmailSig() != "") {
$emailsig = html_entity_decode(User::getCurrent()->getEmailSig(), ENT_QUOTES, "UTF-8");
mail($target, "RE: [ACC #{$id}] English Wikipedia Account Request", $template->getText() . "\n\n" . $emailsig, $headers);
} else {
mail($target, "RE: [ACC #{$id}] English Wikipedia Account Request", $template->getText(), $headers);
}
}
/**
* @param User $user
*/
private static function createLogEntry(PdoDatabase $database, DataObject $object, $logaction, $comment = null, $user = null)
{
if ($user == null) {
$user = User::getCurrent();
}
$log = new Log();
$log->setDatabase($database);
$log->setAction($logaction);
$log->setObjectId($object->getId());
$log->setObjectType(get_class($object));
$log->setUser($user);
$log->setComment($comment);
$log->save();
}
/**
* Summary of displayInternalHeader
*/
public static function displayInternalHeader()
{
// userid
// username
// sitenotice
global $smarty, $session;
$userid = isset($_SESSION['userID']) ? $_SESSION['userID'] : 0;
$user = isset($_SESSION['user']) ? $_SESSION['user'] : "";
$sitenotice = InterfaceMessage::get(InterfaceMessage::SITENOTICE);
$smarty->assign("userid", $userid);
$smarty->assign("username", $user);
$smarty->assign("sitenotice", $sitenotice);
$smarty->assign("alerts", SessionAlert::retrieve());
$smarty->display("header-internal.tpl");
if ($userid != 0) {
User::getCurrent()->touchLastLogin();
$session->forceLogout($_SESSION['userID']);
}
}
<div class="option" id="ln-media"><a class="section" href="media.php">General Media</a></div>
<?php
}
if ($section == 'links') {
?>
<div class="option-active" id="ln-links-active"><a class="section" href="links.php">Links</a></div>
<?php
} else {
?>
<div class="option" id="ln-links"><a class="section" href="links.php">Links</a></div>
<?php
}
?>
<?php
$u = User::getCurrent();
if ($u->isAdmin()) {
if ($section == 'admin_users' || $section == 'admin_streaming_audio') {
?>
<div class="option-active" id="ln-admin-active"><a class="section" href="admin.php">Admin Options</a></div>
<ul>
<li<?php
if ($section == 'admin_users') {
?>
class="active"<?php
}
?>
><a href="admin_users.php">Users</a></li>
<li<?php
if ($section == 'admin_streaming_audio') {
?>
function update($postArray)
{
$db = new db();
$title = $db->sanitize_to_db($postArray['title']);
$uo = User::getCurrent();
include_class('band_members');
if (User::isAdmin()) {
$uo = User::get($postArray['user_id']);
if (db::isError($uo)) {
$e->add($uo);
} else {
if (!$uo->isAdmin() && $uo->isBandMember()) {
$e->add("Invalid user. User must be a band member or an administrator.");
}
}
} else {
$uo = User::getCurrent();
}
$user_id = $uo->getID();
$_dt = strtotime($postArray['date']);
$dt = date('Y-m-d', $_dt) . ' ' . $postArray['time'];
$dateTime = date("Y-m-d H:i:s", strtotime($dt));
$description = $db->sanitize_to_db($postArray['description']);
$body = $db->sanitize_to_db($postArray['body']);
if (!$title) {
$title = '(untitled)';
}
if (!$this->canEdit()) {
return Error::create("You may not edit this news posting.");
}
$r = @mysql_query("update Band_News set title='{$title}', user_id = {$user_id}, date_time='{$dateTime}', description='{$description}', body='{$body}' where ID = " . $this->ID);
if ($r) {
return BandNews::get($this->ID);
} else {
return Error::MySQL();
}
}
function zoomPage($id, $urlhash)
{
global $session, $availableRequestStates, $createdid;
global $smarty, $locationProvider, $rdnsProvider, $antispoofProvider;
global $xffTrustProvider, $enableEmailConfirm;
$database = gGetDb();
$request = Request::getById($id, $database);
if ($request == false) {
// Notifies the user and stops the script.
BootstrapSkin::displayAlertBox("Could not load the requested request!", "alert-error", "Error", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
$smarty->assign('ecenable', $enableEmailConfirm);
if (isset($_GET['ecoverride']) && User::getCurrent()->isAdmin()) {
$smarty->assign('ecoverride', true);
} else {
$smarty->assign('ecoverride', false);
}
$smarty->assign('request', $request);
$smarty->assign("usernamerawunicode", html_entity_decode($request->getName()));
$smarty->assign("iplocation", $locationProvider->getIpLocation($request->getTrustedIp()));
$createdreason = EmailTemplate::getById($createdid, gGetDb());
$smarty->assign("createdEmailTemplate", $createdreason);
#region setup whether data is viewable or not
$viewableDataStatement = $database->prepare(<<<SQL
SELECT COUNT(*)
FROM request
WHERE
(
email = :email
OR ip = :trustedIp
OR forwardedip LIKE :trustedProxy
)
AND reserved = :reserved
AND emailconfirm = 'Confirmed'
AND status != 'Closed';
SQL
);
$viewableDataStatement->bindValue(":email", $request->getEmail());
$viewableDataStatement->bindValue(":reserved", User::getCurrent()->getId());
$viewableDataStatement->bindValue(":trustedIp", $request->getTrustedIp());
$viewableDataStatement->bindValue(":trustedProxy", '%' . $request->getTrustedIp() . '%');
$viewableDataStatement->execute();
$viewableData = $viewableDataStatement->fetchColumn();
$viewableDataStatement->closeCursor();
$hideinfo = $viewableData == 0;
#endregion
if ($request->getStatus() == "Closed") {
$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp() . microtime());
//If the request is closed, change the hash based on microseconds similar to the checksums.
$smarty->assign("isclosed", true);
} else {
$hash = md5($request->getId() . $request->getEmail() . $request->getTrustedIp());
$smarty->assign("isclosed", false);
}
$smarty->assign("hash", $hash);
if ($hash == $urlhash) {
$correcthash = true;
} else {
$correcthash = false;
}
$smarty->assign("showinfo", false);
if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
$smarty->assign("showinfo", true);
}
// force to not show, overriden later
$smarty->assign("proxyip", "");
if ($hideinfo == false || $correcthash == true || User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
$smarty->assign("proxyip", $request->getForwardedIp());
if ($request->getForwardedIp()) {
$smartyproxies = array();
// Initialize array to store data to be output in Smarty template.
$smartyproxiesindex = 0;
$proxies = explode(",", $request->getForwardedIp());
$proxies[] = $request->getIp();
$origin = $proxies[0];
$smarty->assign("origin", $origin);
$proxies = array_reverse($proxies);
$trust = true;
global $rfc1918ips;
foreach ($proxies as $proxynum => $p) {
$p2 = trim($p);
$smartyproxies[$smartyproxiesindex]['ip'] = $p2;
// get data on this IP.
$trusted = $xffTrustProvider->isTrusted($p2);
$ipisprivate = ipInRange($rfc1918ips, $p2);
if (!$ipisprivate) {
$iprdns = $rdnsProvider->getRdns($p2);
$iplocation = $locationProvider->getIpLocation($p2);
} else {
// this is going to fail, so why bother trying?
$iprdns = false;
$iplocation = false;
}
// current trust chain status BEFORE this link
$pretrust = $trust;
// is *this* link trusted?
$smartyproxies[$smartyproxiesindex]['trustedlink'] = $trusted;
// current trust chain status AFTER this link
$trust = $trust & $trusted;
if ($pretrust && $p2 == $origin) {
$trust = true;
}
$smartyproxies[$smartyproxiesindex]['trust'] = $trust;
$smartyproxies[$smartyproxiesindex]['rdnsfailed'] = $iprdns === false;
$smartyproxies[$smartyproxiesindex]['rdns'] = $iprdns;
$smartyproxies[$smartyproxiesindex]['routable'] = !$ipisprivate;
$smartyproxies[$smartyproxiesindex]['location'] = $iplocation;
if ($iprdns == $p2 && $ipisprivate == false) {
$smartyproxies[$smartyproxiesindex]['rdns'] = null;
}
$smartyproxies[$smartyproxiesindex]['showlinks'] = (!$trust || $p2 == $origin) && !$ipisprivate;
$smartyproxiesindex++;
}
$smarty->assign("proxies", $smartyproxies);
}
}
global $defaultRequestStateKey;
// TODO: remove me and replace with call in the template directly
$smarty->assign("isprotected", $request->isProtected());
$smarty->assign("defaultstate", $defaultRequestStateKey);
$smarty->assign("requeststates", $availableRequestStates);
try {
$spoofs = $antispoofProvider->getSpoofs($request->getName());
} catch (Exception $ex) {
$spoofs = $ex->getMessage();
}
$smarty->assign("spoofs", $spoofs);
// START LOG DISPLAY
$logs = Logger::getRequestLogsWithComments($request->getId(), $request->getDatabase());
$requestLogs = array();
if (trim($request->getComment()) !== "") {
$requestLogs[] = array('type' => 'comment', 'security' => 'user', 'userid' => null, 'user' => $request->getName(), 'entry' => null, 'time' => $request->getDate(), 'canedit' => false, 'id' => $request->getId(), 'comment' => $request->getComment());
}
$namecache = array();
$editableComments = false;
if (User::getCurrent()->isAdmin() || User::getCurrent()->isCheckuser()) {
$editableComments = true;
}
foreach ($logs as $entry) {
// both log and comment have a 'user' field
if (!array_key_exists($entry->getUser(), $namecache)) {
$namecache[$entry->getUser()] = $entry->getUserObject();
}
if ($entry instanceof Comment) {
$requestLogs[] = array('type' => 'comment', 'security' => $entry->getVisibility(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'entry' => null, 'time' => $entry->getTime(), 'canedit' => $editableComments || $entry->getUser() == User::getCurrent()->getId(), 'id' => $entry->getId(), 'comment' => $entry->getComment());
}
if ($entry instanceof Log) {
$requestLogs[] = array('type' => 'log', 'security' => 'user', 'userid' => $entry->getUser() == -1 ? null : $entry->getUser(), 'user' => $namecache[$entry->getUser()]->getUsername(), 'entry' => Logger::getLogDescription($entry), 'time' => $entry->getTimestamp(), 'canedit' => false, 'id' => $entry->getId(), 'comment' => $entry->getComment());
}
}
$smarty->assign("requestLogs", $requestLogs);
// START OTHER REQUESTS BY IP AND EMAIL STUFF
// Displays other requests from this ip.
// assign to user
$userListQuery = "SELECT username FROM user WHERE status = 'User' or status = 'Admin';";
$userListResult = gGetDb()->query($userListQuery);
$userListData = $userListResult->fetchAll(PDO::FETCH_COLUMN);
$userListProcessedData = array();
foreach ($userListData as $userListItem) {
$userListProcessedData[] = "\"" . htmlentities($userListItem) . "\"";
}
$userList = '[' . implode(",", $userListProcessedData) . ']';
$smarty->assign("jsuserlist", $userList);
// end: assign to user
// TODO: refactor this!
$createreasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED);
$smarty->assign("createreasons", $createreasons);
$declinereasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED);
$smarty->assign("declinereasons", $declinereasons);
$allcreatereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED);
$smarty->assign("allcreatereasons", $allcreatereasons);
$alldeclinereasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED);
$smarty->assign("alldeclinereasons", $alldeclinereasons);
$allotherreasons = EmailTemplate::getAllActiveTemplates(false);
$smarty->assign("allotherreasons", $allotherreasons);
return $smarty->fetch("request-zoom.tpl");
}
function add($postArray)
{
$db = new db();
$uo = User::getCurrent();
if (User::isAdmin()) {
$uo = User::get($postArray['user_id']);
if (db::isError($uo)) {
$e->add($uo);
} else {
if (!$uo->isAdmin() && $uo->isBandMember()) {
$e->add("Invalid user. User must be a band member or an administrator.");
}
}
} else {
$uo = User::getCurrent();
}
$user_id = $uo->getID();
$name = $db->sanitize_to_db($postArray['name']);
$address1 = $db->sanitize_to_db($postArray['address1']);
$address2 = $db->sanitize_to_db($postArray['address2']);
$city = $db->sanitize_to_db($postArray['city']);
$stateProvince = $db->sanitize_to_db($postArray['stateProvince']);
if ($stateProvince == "??") {
$stateProvince = $db->sanitize_to_db($postArray['stateProvinceOther']);
}
$postalCode = $db->sanitize_to_db($postArray['postalCode']);
$directions = $db->sanitize_to_db($postArray['directions']);
$country = $db->sanitize_to_db($postArray['country']);
$country = $country == null ? VENUE_DEFAULT_COUNTRY : $country;
if (!$name) {
$name = '(untitled venue)';
}
$r = mysql_query("insert into Venues (user_id, country, name, address1, address2, city, stateProvince, postalCode, directions, is_active) values ('{$user_id}', '{$country}', '{$name}', '{$address1}', '{$address2}', '{$city}', '{$stateProvince}', '{$postalCode}', '{$directions}'," . DEFAULT_ACTIVE . ")");
if ($r) {
return Venue::get(mysql_insert_id());
} else {
return Error::MySQL();
}
}
/**
* Shows the statistics page.
*/
public function Show()
{
// Get the needed objects.
// fetch and show page header
global $dontUseWikiDb;
BootstrapSkin::displayInternalHeader();
if ($this->requiresWikiDatabase() && $dontUseWikiDb == 1) {
// wiki database unavailable, don't show stats page
BootstrapSkin::displayAlertBox("This statistics page is currently unavailable.", "alert-error", "Database unavailable", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
// wiki database available OR stats page doesn't need wiki database
// check protection level
if ($this->isProtected()) {
if (User::getCurrent()->isCommunityUser()) {
showlogin();
BootstrapSkin::displayInternalFooter();
die;
}
$session = new session();
$session->checksecurity();
}
// not protected or access allowed
echo '<div class="page-header"><h1>' . $this->getPageTitle() . '</h1></div>';
if ($this->requiresSimpleHtmlEnvironment()) {
echo '<div class="row-fluid"><div class="span12">';
BootstrapSkin::pushTagStack("</div>");
BootstrapSkin::pushTagStack("</div>");
}
echo $this->execute();
// Display the footer of the interface.
BootstrapSkin::displayInternalFooter();
}
function add($postArray)
{
$db = new db();
include_class('venues');
$e = new Error();
$name = $db->sanitize_to_db($postArray['name']);
$dt = $db->sanitize_to_db($postArray['date']);
$date = date("Y-m-d", strtotime($dt));
if ($postArray['time']) {
$time = $db->sanitize_to_db($postArray['time']);
$time = "'" . date("H:i:s", strtotime($time)) . "'";
} else {
$time = "null";
}
if ($postArray['cost'] != "") {
$cost = $db->sanitize_to_db($postArray['cost']);
$cost = "'{$cost}'";
} else {
$cost = "null";
}
$is_all_ages = $postArray['is_all_ages'] == '1' ? 1 : 0;
$other_bands = $db->sanitize_to_db($postArray['other_bands']);
$notes = $db->sanitize_to_db($postArray['notes']);
if (User::isAdmin()) {
$uo = User::get($postArray['user_id']);
if (db::isError($uo)) {
$e->add($uo);
} else {
if (!$uo->isAdmin() && $uo->isBandMember()) {
$e->add("Invalid user. User must be a band member or an administrator.");
}
}
} else {
$uo = User::getCurrent();
}
if ($postArray['venue_id'] != '0') {
$ve = Venue::get($postArray['venue_id']);
}
if (db::isError($ve)) {
$e->add($ve);
}
if ($e->hasErrors()) {
return $e;
}
$user_id = $uo->getID();
$venue_id = $db->sanitize_to_db($postArray['venue_id']);
if (!$name) {
$name = is_object($ve) && !db::isError($ve) ? $db->sanitize_to_db($ve->getName()) : "(untitled show)";
}
$r = mysql_query("insert into Shows (name, venue_id, date, time, user_id, cost, is_all_ages, other_bands, notes, is_active) values ('{$name}', '{$venue_id}', '{$date}', {$time}, {$user_id}, {$cost}, {$is_all_ages}, '{$other_bands}', '{$notes}'," . DEFAULT_ACTIVE . ")");
if ($r) {
return Show::get(mysql_insert_id());
} else {
return Error::MySQL();
}
}
function canEdit()
{
$uo = User::getCurrent();
if (is_object($uo)) {
$bm = $this->getMemberObject();
return $uo->getID() == $bm->getUserID() || $uo->isAdmin();
}
}
function statsTopCreatorsRowCallback($row, $rowno)
{
$out = "<tr";
if ($row['log_user'] == User::getCurrent()->getUsername()) {
$out .= ' class="info"';
}
$out .= '>';
$out .= '<td>' . $rowno . '</td>';
$out .= '<td>' . $row['COUNT(*)'] . '</td>';
global $baseurl;
$out .= '<td><a ';
if ($row['user_level'] == "Suspended") {
$out .= 'class="muted" ';
}
if ($row['user_level'] == "Admin") {
$out .= 'class="text-success" ';
}
$out .= 'href="' . $baseurl . '/statistics.php?page=Users&user='******'user_id'] . '">' . $row['log_user'] . '</a></td>';
$out .= '</tr>';
return $out;
}
/**
* Summary of emailEdited
* @param EmailTemplate $template
*/
public static function emailEdited(EmailTemplate $template)
{
self::send("Email {$template->getId()} ({$template->getName()}) edited by " . User::getCurrent()->getUsername());
}
<?php
include 'base.php';
User::protect();
$page_title = 'Band Member Diaries';
include_class('band_diaries');
include_class('band_members');
if ($_GET['memberID']) {
$bm = BandMember::get($_GET['memberID']);
$bdlist = $bm->getDiaries($_GET['entries_per_page'], $_GET['start']);
$news_total = $bm->getTotalDiaryEntries();
if (!db::isError($bm)) {
$uo = $bm->getUserObject();
$uoc = User::getCurrent();
}
}
$section = 'band_diaries';
include 'layout/header.php';
if (is_object($bm) && !db::isError($bm)) {
?>
<div id="breadcrumb">
<a href="index.php">Audition ></a> <a href="band.php">Manage Band ></a> <a href="band_diaries.php">Diaries ></a> <?php
echo $uo->getFirstName();
?>
's Diary
</div>
<h1><?php
echo strtolower($uo->getFirstName());
?>
?>
SELECTED<?php
}
?>
><?php
echo $uo->getFirstName();
?>
</option>
<?php
}
?>
</select>
<?php
} else {
$uo = User::getCurrent();
echo $uo->getFirstName();
}
?>
</td>
<td><strong>Is All Ages?</strong><br/><input type="radio" name="is_all_ages" value="1"<?php
if ($_POST['is_all_ages']) {
?>
checked<?php
}
?>
> Yes
<input type="radio" name="is_all_ages" value="0"<?php
if (!$_POST['is_all_ages']) {
?>
function update($postArray, $filterObj = null)
{
if ($filterObj) {
$proceed = $filterObj->validateMediaOperation("UPDATE");
if (db::isError($proceed)) {
return $proceed;
}
}
$db = new db();
$title = $db->sanitize_to_db($postArray['title']);
$description = $db->sanitize_to_db($postArray['description']);
$u = User::getCurrent();
if ($u->isAdmin()) {
$access = $db->sanitize_to_db($postArray['access']);
if ($access == 'STREAMING') {
$result = $this->setupStreaming();
if ($db->isError($result)) {
return $result;
}
}
$q = "update DarkRoom_Media_to_Areas set title = '{$title}', description = '{$description}', access = '{$access}' where ID = " . $this->ID;
} else {
$q = "update DarkRoom_Media_to_Areas set title = '{$title}', description = '{$description}' where ID = " . $this->ID;
}
$r = mysql_query($q);
if ($r) {
return $r;
} else {
$e = new Error();
$e->add(mysql_error());
return $e;
}
}
} elseif ($action == "oauthdetach") {
if ($enforceOAuth) {
BootstrapSkin::displayAccessDenied();
BootstrapSkin::displayInternalFooter();
die;
}
global $baseurl;
$currentUser = User::getCurrent();
$currentUser->detachAccount();
header("Location: {$baseurl}/acc.php?action=logout");
} elseif ($action == "oauthattach") {
$database = gGetDb();
$database->transactionally(function () use($database) {
try {
global $oauthConsumerToken, $oauthSecretToken, $oauthBaseUrl, $oauthBaseUrlInternal;
$user = User::getCurrent();
// Get a request token for OAuth
$util = new OAuthUtility($oauthConsumerToken, $oauthSecretToken, $oauthBaseUrl, $oauthBaseUrlInternal);
$requestToken = $util->getRequestToken();
// save the request token for later
$user->setOAuthRequestToken($requestToken->key);
$user->setOAuthRequestSecret($requestToken->secret);
$user->save();
$redirectUrl = $util->getAuthoriseUrl($requestToken);
header("Location: {$redirectUrl}");
} catch (Exception $ex) {
throw new TransactionException($ex->getMessage(), "Connection to Wikipedia failed.", "alert-error", 0, $ex);
}
});
} else {
echo defaultpage();
function isAdmin()
{
$uo = User::getCurrent();
return $uo->getLevel() == 'ADMIN';
}
<?php
if (!defined("ACC")) {
die;
}
// Invalid entry point
require_once 'lib/smarty/Smarty.class.php';
global $smarty, $smartydebug;
$smarty = new Smarty();
$toolVersion = Environment::getToolVersion();
$currentUser = User::getCurrent();
$smarty->assign("baseurl", $baseurl);
$smarty->assign("wikiurl", $wikiurl);
$smarty->assign("mediawikiScriptPath", $mediawikiScriptPath);
$smarty->assign("toolversion", $toolVersion);
$smarty->assign("currentUser", $currentUser);
$smarty->debugging = $smartydebug;
/**
* Check the user's security level on page load, and bounce accordingly
*
* @deprecated
*/
public function checksecurity()
{
global $secure, $smarty;
// CommunityUser has no database row, and we really don't want CommunityUser to have oauth credentials...
if (!User::getCurrent()->isCommunityUser()) {
if (User::getCurrent()->getStoredOnWikiName() == "##OAUTH##" && User::getCurrent()->getOAuthAccessToken() == null) {
reattachOAuthAccount(User::getCurrent());
}
if (User::getCurrent()->isOAuthLinked()) {
try {
// test retrieval of the identity
User::getCurrent()->getOAuthIdentity();
} catch (TransactionException $ex) {
User::getCurrent()->setOAuthAccessToken(null);
User::getCurrent()->setOAuthAccessSecret(null);
User::getCurrent()->save();
reattachOAuthAccount(User::getCurrent());
}
} else {
global $enforceOAuth;
if ($enforceOAuth) {
reattachOAuthAccount(User::getCurrent());
}
}
}
if (User::getCurrent()->isNew()) {
BootstrapSkin::displayAlertBox("I'm sorry, but, your account has not been approved by a site administrator yet. Please stand by.", "alert-error", "New account", true, false);
BootstrapSkin::displayInternalFooter();
die;
} elseif (User::getCurrent()->isSuspended()) {
$database = gGetDb();
$suspendstatement = $database->prepare(<<<SQL
SELECT comment
FROM log
WHERE action = 'Suspended' AND objectid = :userid and objecttype = 'User'
ORDER BY timestamp DESC
LIMIT 1;
SQL
);
$suspendstatement->bindValue(":userid", User::getCurrent()->getId());
$suspendstatement->execute();
$suspendreason = $suspendstatement->fetchColumn();
$suspendstatement->closeCursor();
$smarty->assign("suspendreason", $suspendreason);
$smarty->display("login/suspended.tpl");
BootstrapSkin::displayInternalFooter();
die;
} elseif (User::getCurrent()->isDeclined()) {
$database = gGetDb();
$suspendstatement = $database->prepare(<<<SQL
SELECT comment
FROM log
WHERE action = 'Declined' AND objectid = :userid and objecttype = 'User'
ORDER BY timestamp DESC
LIMIT 1;
SQL
);
$suspendstatement->bindValue(":userid", User::getCurrent()->getId());
$suspendstatement->execute();
$suspendreason = $suspendstatement->fetchColumn();
$suspendstatement->closeCursor();
$smarty->assign("suspendreason", $suspendreason);
$smarty->display("login/declined.tpl");
BootstrapSkin::displayInternalFooter();
die;
} elseif (!User::getCurrent()->isCommunityUser() && (User::getCurrent()->isUser() || User::getCurrent()->isAdmin())) {
$secure = 1;
} else {
//die("Not logged in!");
}
}
$qterm = '%' . $term . '%';
$statement = gGetDb()->prepare("SELECT * FROM request WHERE email LIKE :term;");
$statement->bindValue(":term", $qterm);
$statement->execute();
$requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request");
foreach ($requests as $r) {
$r->setDatabase(gGetDb());
}
$smarty->assign("term", $term);
$smarty->assign("requests", $requests);
$target = "email address";
$smarty->assign("target", $target);
$smarty->display("search/searchresult.tpl");
} elseif ($_GET['type'] == 'IP') {
// move this to here, so non-admins can perform searches, but not on IP addresses or emails
if (!User::getCurrent()->isAdmin() && !User::getCurrent()->isCheckuser()) {
// Displays both the error message and the footer of the interface.
BootstrapSkin::displayAlertBox("IP address search is only available to tool admins and checkusers.", "alert-error", "Access Denied");
$smarty->display("search/searchform.tpl");
BootstrapSkin::displayInternalFooter();
die;
}
$qterm = '%' . $term . '%';
$statement = gGetDb()->prepare("SELECT * FROM request WHERE email <> '*****@*****.**' and ip <> '127.0.0.1' and ip LIKE :term or forwardedip LIKE :term2;");
$statement->bindValue(":term", $qterm);
$statement->bindValue(":term2", $qterm);
$statement->execute();
$requests = $statement->fetchAll(PDO::FETCH_CLASS, "Request");
foreach ($requests as $r) {
$r->setDatabase(gGetDb());
}
public function isProtected()
{
if ($this->reserved != 0) {
if ($this->reserved == User::getCurrent()->getId()) {
return false;
} else {
return true;
}
} else {
return false;
}
}
}
if (!isset($_POST['reason'])) {
global $smarty;
$smarty->assign("user", $user);
$smarty->assign("status", "Declined");
$smarty->assign("action", "decline");
$smarty->display("usermanagement/changelevel-reason.tpl");
BootstrapSkin::displayInternalFooter();
die;
} else {
$user->decline($_POST['reason']);
Notification::userDeclined($user, $_POST['reason']);
BootstrapSkin::displayAlertBox("Declined user " . htmlentities($user->getUsername(), ENT_COMPAT, 'UTF-8'), "alert-info", "", false);
$headers = 'From: accounts-enwiki-l@lists.wikimedia.org';
// TODO: move to template?
mail($user->getEmail(), "ACC Account Declined", "Dear " . $user->getOnWikiName() . ",\nYour account " . $user->getUsername() . " has been declined access to the account creation tool by " . User::getCurrent()->getUsername() . " because " . $_POST['reason'] . ". For more infomation please email accounts-enwiki-l@lists.wikimedia.org.\n- The English Wikipedia Account Creation Team", $headers);
BootstrapSkin::displayInternalFooter();
die;
}
}
#endregion
#region renaming
if (isset($_GET['rename'])) {
$user = User::getById($_GET['rename'], gGetDb());
if ($user == false) {
BootstrapSkin::displayAlertBox("Sorry, the user you are trying to rename could not be found.", "alert-error", "Error", true, false);
BootstrapSkin::displayInternalFooter();
die;
}
if (!isset($_POST['newname'])) {
global $smarty;