/** * Confirm email address is valid via sent code. * * @access public * @since 2.0.0 * * @param int $UserID * @param string $EmailKey Authenticate with unique, 1-time code sent via email. */ public function EmailConfirm($UserID, $EmailKey = '') { $User = $this->UserModel->GetID($UserID); $EmailConfirmed = $this->UserModel->ConfirmEmail($User, $EmailKey); $this->Form->SetValidationResults($this->UserModel->ValidationResults()); if ($EmailConfirmed && !Gdn::Session()->IsValid()) { $UserID = GetValue('UserID', $User); Gdn::Session()->Start($UserID); } $this->SetData('EmailConfirmed', $EmailConfirmed); $this->SetData('Email', $User->Email); $this->Render(); }
/** * Handle flagging process in a discussion. */ public function DiscussionController_Flag_Create($Sender) { if (!C('Plugins.Flagging.Enabled')) { return; } // Signed in users only. if (!($UserID = Gdn::Session()->UserID)) { return; } $UserName = Gdn::Session()->User->Name; $Arguments = $Sender->RequestArgs; if (sizeof($Arguments) != 5) { return; } list($Context, $ElementID, $ElementAuthorID, $ElementAuthor, $EncodedURL) = $Arguments; $URL = base64_decode(str_replace('-', '=', $EncodedURL)); $Sender->SetData('Plugin.Flagging.Data', array('Context' => $Context, 'ElementID' => $ElementID, 'ElementAuthorID' => $ElementAuthorID, 'ElementAuthor' => $ElementAuthor, 'URL' => $URL, 'UserID' => $UserID, 'UserName' => $UserName)); if ($Sender->Form->AuthenticatedPostBack()) { $SQL = Gdn::SQL(); $Comment = $Sender->Form->GetValue('Plugin.Flagging.Reason'); $Sender->SetData('Plugin.Flagging.Reason', $Comment); $CreateDiscussion = C('Plugins.Flagging.UseDiscussions'); if ($CreateDiscussion) { // Category $CategoryID = C('Plugins.Flagging.CategoryID'); // New discussion name if ($Context == 'comment') { $Result = $SQL->Select('d.Name')->Select('c.Body')->From('Comment c')->Join('Discussion d', 'd.DiscussionID = c.DiscussionID', 'left')->Where('c.CommentID', $ElementID)->Get()->FirstRow(); } elseif ($Context == 'discussion') { $DiscussionModel = new DiscussionModel(); $Result = $DiscussionModel->GetID($ElementID); } $DiscussionName = GetValue('Name', $Result); $PrefixedDiscussionName = T('FlagPrefix', 'FLAG: ') . $DiscussionName; // Prep data for the template $Sender->SetData('Plugin.Flagging.Report', array('DiscussionName' => $DiscussionName, 'FlaggedContent' => GetValue('Body', $Result))); // Assume no discussion exists $this->DiscussionID = NULL; // Get discussion ID if already flagged $FlagResult = Gdn::SQL()->Select('DiscussionID')->From('Flag fl')->Where('ForeignType', $Context)->Where('ForeignID', $ElementID)->Get()->FirstRow(); if ($FlagResult) { // New comment in existing discussion $DiscussionID = $FlagResult->DiscussionID; $ReportBody = $Sender->FetchView($this->GetView('reportcomment.php')); $SQL->Insert('Comment', array('DiscussionID' => $DiscussionID, 'InsertUserID' => $UserID, 'Body' => $ReportBody, 'Format' => 'Html', 'DateInserted' => date('Y-m-d H:i:s'))); $CommentModel = new CommentModel(); $CommentModel->UpdateCommentCount($DiscussionID); } else { // New discussion body $ReportBody = $Sender->FetchView($this->GetView('report.php')); $DiscussionID = $SQL->Insert('Discussion', array('InsertUserID' => $UserID, 'UpdateUserID' => $UserID, 'CategoryID' => $CategoryID, 'Name' => $PrefixedDiscussionName, 'Body' => $ReportBody, 'Format' => 'Html', 'CountComments' => 1, 'DateInserted' => date('Y-m-d H:i:s'), 'DateUpdated' => date('Y-m-d H:i:s'), 'DateLastComment' => date('Y-m-d H:i:s'))); // Update discussion count $DiscussionModel = new DiscussionModel(); $DiscussionModel->UpdateDiscussionCount($CategoryID); } } try { // Insert the flag $SQL->Insert('Flag', array('DiscussionID' => $DiscussionID, 'InsertUserID' => $UserID, 'InsertName' => $UserName, 'AuthorID' => $ElementAuthorID, 'AuthorName' => $ElementAuthor, 'ForeignURL' => $URL, 'ForeignID' => $ElementID, 'ForeignType' => $Context, 'Comment' => $Comment, 'DateInserted' => date('Y-m-d H:i:s'))); } catch (Exception $e) { } // Notify users with permission who've chosen to be notified if (!$FlagResult) { // Only send if this is first time it's being flagged. $Sender->SetData('Plugin.Flagging.DiscussionID', $DiscussionID); $Subject = isset($PrefixedDiscussionName) ? $PrefixedDiscussionName : T('FlagDiscussion', 'A discussion was flagged'); $EmailBody = $Sender->FetchView($this->GetView('reportemail.php')); $NotifyUsers = C('Plugins.Flagging.NotifyUsers', array()); // Send emails $UserModel = new UserModel(); foreach ($NotifyUsers as $UserID) { $User = $UserModel->GetID($UserID); $Email = new Gdn_Email(); $Email->To($User->Email)->Subject(sprintf(T('[%1$s] %2$s'), Gdn::Config('Garden.Title'), $Subject))->Message($EmailBody)->Send(); } } $Sender->InformMessage(T('FlagSent', "Your complaint has been registered.")); } $Sender->Render($this->GetView('flag.php')); }
public function Get($UserID = FALSE) { if (!$UserID) { $UserID = Gdn::Session()->UserID; } if (($UserID != Gdn::Session()->UserID || !Gdn::Session()->UserID) && !Gdn::Session()->CheckPermission('Garden.Users.Edit')) { throw new Exception(T('You do not have permission to view other profiles.'), 401); } $UserModel = new UserModel(); // Get the user. $User = $UserModel->GetID($UserID, DATASET_TYPE_ARRAY); if (!$User) { throw new Exception(T('User not found.'), 404); } $PhotoUrl = $User['Photo']; if ($PhotoUrl && strpos($PhotoUrl, '//') == FALSE) { $PhotoUrl = Url('/uploads/' . ChangeBasename($PhotoUrl, 'n%s'), TRUE); } $User['Photo'] = $PhotoUrl; // Remove unwanted fields. $this->Data = ArrayTranslate($User, array('UserID', 'Name', 'Email', 'Photo')); $this->Render(); }
public function UserBookmarkCount($UserID = FALSE) { if ($UserID === FALSE) { $UserID = Gdn::Session()->UserID; } if (!$UserID) { $CountBookmarks = NULL; } else { if ($UserID == Gdn::Session() && isset(Gdn::Session()->User->CountBookmarks)) { $CountBookmarks = Gdn::Session()->User->CountBookmarks; } else { $UserModel = new UserModel(); $User = $UserModel->GetID($UserID, DATASET_TYPE_ARRAY); $CountBookmarks = $User['CountBookmarks']; } if ($CountBookmarks === NULL) { $CountBookmarks = Gdn::SQL()->Select('DiscussionID', 'count', 'CountBookmarks')->From('UserDiscussion')->Where('Bookmarked', '1')->Where('UserID', $UserID)->Get()->Value('CountBookmarks', 0); Gdn::UserModel()->SetField($UserID, 'CountBookmarks', $CountBookmarks); } } $this->SetData('CountBookmarks', $CountBookmarks); $this->SetData('_Value', $CountBookmarks); $this->xRender('Value', 'utility', 'dashboard'); }
/** * Edit a user account. * * @since 2.0.0 * @access public * @param int $UserID Unique ID. */ public function Edit($UserID) { $this->Permission('Garden.Users.Edit'); // Page setup $this->AddJsFile('user.js'); $this->Title(T('Edit User')); $this->AddSideMenu('dashboard/user'); // Only admins can reassign roles $RoleModel = new RoleModel(); $AllRoles = $RoleModel->GetArray(); $RoleData = CheckPermission('Garden.Settings.Manage') ? $AllRoles : array(); $UserModel = new UserModel(); $User = $UserModel->GetID($UserID, DATASET_TYPE_ARRAY); // Determine if username can be edited $CanEditUsername = (bool) C("Garden.Profile.EditUsernames") || Gdn::Session()->CheckPermission('Garden.Users.Edit'); $this->SetData('_CanEditUsername', $CanEditUsername); // Determine if emails can be edited $CanEditEmail = Gdn::Session()->CheckPermission('Garden.Users.Edit'); $this->SetData('_CanEditEmail', $CanEditEmail); // Decide if they have ability to confirm users $Confirmed = (bool) GetValueR('Confirmed', $User); $CanConfirmEmail = UserModel::RequireConfirmEmail() && Gdn::Session()->CheckPermission('Garden.Users.Edit'); $this->SetData('_CanConfirmEmail', $CanConfirmEmail); $this->SetData('_EmailConfirmed', $Confirmed); $User['ConfirmEmail'] = (int) $Confirmed; // Determine whether user being edited is privileged (can escalate permissions) $UserModel = new UserModel(); $EditingPrivilegedUser = $UserModel->CheckPermission($User, 'Garden.Settings.Manage'); // Determine our password reset options // Anyone with user editing my force reset over email $this->ResetOptions = array(0 => T('Keep current password.'), 'Auto' => T('Force user to reset their password and send email notification.')); // Only admins may manually reset passwords for other admins if (CheckPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser) { $this->ResetOptions['Manual'] = T('Manually set user password. No email notification.'); } // Set the model on the form. $this->Form->SetModel($UserModel); // Make sure the form knows which item we are editing. $this->Form->AddHidden('UserID', $UserID); try { $AllowEditing = TRUE; $this->EventArguments['AllowEditing'] =& $AllowEditing; $this->EventArguments['TargetUser'] =& $User; // These are all the 'effective' roles for this edit action. This list can // be trimmed down from the real list to allow subsets of roles to be // edited. $this->EventArguments['RoleData'] =& $RoleData; $UserRoleData = $UserModel->GetRoles($UserID)->ResultArray(); $RoleIDs = ConsolidateArrayValuesByKey($UserRoleData, 'RoleID'); $RoleNames = ConsolidateArrayValuesByKey($UserRoleData, 'Name'); $UserRoleData = ArrayCombine($RoleIDs, $RoleNames); $this->EventArguments['UserRoleData'] =& $UserRoleData; $this->FireEvent("BeforeUserEdit"); $this->SetData('AllowEditing', $AllowEditing); $this->Form->SetData($User); if ($this->Form->AuthenticatedPostBack()) { if (!$CanEditUsername) { $this->Form->SetFormValue("Name", $User['Name']); } // Allow mods to confirm/unconfirm emails $this->Form->RemoveFormValue('Confirmed'); $Confirmation = $this->Form->GetFormValue('ConfirmEmail', null); $Confirmation = !is_null($Confirmation) ? (bool) $Confirmation : null; if ($CanConfirmEmail && is_bool($Confirmation)) { $this->Form->SetFormValue('Confirmed', (int) $Confirmation); } $ResetPassword = $this->Form->GetValue('ResetPassword', FALSE); // If we're an admin or this isn't a privileged user, allow manual setting of password $AllowManualReset = CheckPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser; if ($ResetPassword == 'Manual' && $AllowManualReset) { // If a new password was specified, add it to the form's collection $NewPassword = $this->Form->GetValue('NewPassword', ''); $this->Form->SetFormValue('Password', $NewPassword); } // Role changes // These are the new roles the editing user wishes to apply to the target // user, adjusted for his ability to affect those roles $RequestedRoles = $this->Form->GetFormValue('RoleID'); if (!is_array($RequestedRoles)) { $RequestedRoles = array(); } $RequestedRoles = array_flip($RequestedRoles); $UserNewRoles = array_intersect_key($RoleData, $RequestedRoles); // These roles will stay turned on regardless of the form submission contents // because the editing user does not have permission to modify them $ImmutableRoles = array_diff_key($AllRoles, $RoleData); $UserImmutableRoles = array_intersect_key($ImmutableRoles, $UserRoleData); // Apply immutable roles foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) { $UserNewRoles[$IMRoleID] = $IMRoleName; } // Put the data back into the forum object as if the user had submitted // this themselves $this->Form->SetFormValue('RoleID', array_keys($UserNewRoles)); if ($this->Form->Save(array('SaveRoles' => TRUE)) !== FALSE) { if ($this->Form->GetValue('ResetPassword', '') == 'Auto') { $UserModel->PasswordRequest($User['Email']); $UserModel->SetField($UserID, 'HashMethod', 'Reset'); } $this->InformMessage(T('Your changes have been saved.')); } $UserRoleData = $UserNewRoles; } } catch (Exception $Ex) { $this->Form->AddError($Ex); } $this->SetData('User', $User); $this->SetData('Roles', $RoleData); $this->SetData('UserRoles', $UserRoleData); $this->Render(); }
/** * @param UserModel $UserModel * @param array $Args */ public function UserModel_BeforeSave_Handler($UserModel, $Args) { if (isset($Args['Fields']) && !isset($Args['Fields']['Password'])) { return; } // Grab the current passwordhash for comparison. $UserID = GetValueR('FormPostValues.UserID', $Args); if ($UserID) { $CurrentUser = $UserModel->GetID($UserID, DATASET_TYPE_ARRAY); $this->_OldPasswordHash = array($CurrentUser['Password'], $CurrentUser['HashMethod']); } }
/** * Edit a user account. * * @since 2.0.0 * @access public * @param int $UserID Unique ID. */ public function Edit($UserID) { $this->Permission('Garden.Users.Edit'); // Page setup $this->AddJsFile('user.js'); $this->Title(T('Edit User')); $this->AddSideMenu('dashboard/user'); // Determine if username can be edited $this->CanEditUsername = TRUE; $this->CanEditUsername = $this->CanEditUsername & Gdn::Config("Garden.Profile.EditUsernames"); $this->CanEditUsername = $this->CanEditUsername | Gdn::Session()->CheckPermission('Garden.Users.Edit'); $RoleModel = new RoleModel(); $AllRoles = $RoleModel->GetArray(); // By default, people with access here can freely assign all roles $this->RoleData = $AllRoles; $UserModel = new UserModel(); $this->User = $UserModel->GetID($UserID); // Set the model on the form. $this->Form->SetModel($UserModel); // Make sure the form knows which item we are editing. $this->Form->AddHidden('UserID', $UserID); try { $AllowEditing = TRUE; $this->EventArguments['AllowEditing'] =& $AllowEditing; $this->EventArguments['TargetUser'] =& $this->User; // These are all the 'effective' roles for this edit action. This list can // be trimmed down from the real list to allow subsets of roles to be // edited. $this->EventArguments['RoleData'] =& $this->RoleData; $UserRoleData = $UserModel->GetRoles($UserID)->ResultArray(); $RoleIDs = ConsolidateArrayValuesByKey($UserRoleData, 'RoleID'); $RoleNames = ConsolidateArrayValuesByKey($UserRoleData, 'Name'); $this->UserRoleData = ArrayCombine($RoleIDs, $RoleNames); $this->EventArguments['UserRoleData'] =& $this->UserRoleData; $this->FireEvent("BeforeUserEdit"); $this->SetData('AllowEditing', $AllowEditing); if (!$this->Form->AuthenticatedPostBack()) { $this->Form->SetData($this->User); } else { if (!$this->CanEditUsername) { $this->Form->SetFormValue("Name", $this->User->Name); } // If a new password was specified, add it to the form's collection $ResetPassword = $this->Form->GetValue('ResetPassword', FALSE); $NewPassword = $this->Form->GetValue('NewPassword', ''); if ($ResetPassword !== FALSE) { $this->Form->SetFormValue('Password', $NewPassword); } // Role changes // These are the new roles the editing user wishes to apply to the target // user, adjusted for his ability to affect those roles $RequestedRoles = $this->Form->GetFormValue('RoleID'); if (!is_array($RequestedRoles)) { $RequestedRoles = array(); } $RequestedRoles = array_flip($RequestedRoles); $UserNewRoles = array_intersect_key($this->RoleData, $RequestedRoles); // These roles will stay turned on regardless of the form submission contents // because the editing user does not have permission to modify them $ImmutableRoles = array_diff_key($AllRoles, $this->RoleData); $UserImmutableRoles = array_intersect_key($ImmutableRoles, $this->UserRoleData); // Apply immutable roles foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) { $UserNewRoles[$IMRoleID] = $IMRoleName; } // Put the data back into the forum object as if the user had submitted // this themselves $this->Form->SetFormValue('RoleID', array_keys($UserNewRoles)); if ($this->Form->Save(array('SaveRoles' => TRUE)) !== FALSE) { if ($this->Form->GetValue('Password', '') != '') { $UserModel->SendPasswordEmail($UserID, $NewPassword); } $this->InformMessage(T('Your changes have been saved.')); } $this->UserRoleData = $UserNewRoles; } } catch (Exception $Ex) { $this->Form->AddError($Ex); } $this->Render(); }