} else {
// Do not delete ourself!
$datum[13] = '';
}
}
// Total filtered/unfiltered rows
$recordsFiltered = WT_DB::prepare("SELECT FOUND_ROWS()")->fetchOne();
$recordsTotal = User::count();
Zend_Session::writeClose();
header('Content-type: application/json');
echo json_encode(array('draw' => WT_Filter::getInteger('draw'), 'recordsTotal' => $recordsTotal, 'recordsFiltered' => $recordsFiltered, 'data' => $data));
exit;
case 'load1row':
// Generate an AJAX response for datatables to load expanded row
$user_id = WT_Filter::getInteger('user_id');
$user = User::find($user_id);
Zend_Session::writeClose();
header('Content-type: text/html; charset=UTF-8');
echo '<h2>', WT_I18N::translate('Details'), '</h2>';
echo '<dl>';
echo '<dt>', WT_I18N::translate('Administrator'), '</dt>';
echo '<dd>', edit_field_yes_no_inline('user_setting-' . $user_id . '-canadmin', $user->getSetting('canadmin')), '</dd>';
echo '<dt>', WT_I18N::translate('Password'), '</dt>';
echo '<dd>', edit_field_inline('user-password-' . $user_id, ''), '</dd>';
echo '<dt>', WT_I18N::translate('Preferred contact method'), '</dt>';
echo '<dd>', edit_field_contact_inline('user_setting-' . $user_id . '-contactmethod', $user->getSetting('contactmethod')), '</dd>';
echo '<dt>', WT_I18N::translate('Allow this user to edit his account information'), '</dt>';
echo '<dd>', edit_field_yes_no_inline('user_setting-' . $user_id . '-editaccount', $user->getSetting('editaccount')), '</dd>';
echo '<dt>', WT_I18N::translate('Automatically approve changes made by this user'), '</dt>';
echo '<dd>', edit_field_yes_no_inline('user_setting-' . $user_id . '-auto_accept', $user->getSetting('auto_accept')), '</dd>';
echo '<dt>', WT_I18N::translate('Theme'), '</dt>';
function user_contact_link($user_id)
{
$user = User::find($user_id);
if ($user) {
$method = $user->getSetting('contactmethod');
switch ($method) {
case 'none':
return '';
case 'mailto':
return '<a href="mailto:' . WT_Filter::escapeHtml($user->getEmail()) . '">' . WT_Filter::escapeHtml($user->getRealName($user_id)) . '</a>';
default:
return "<a href='#' onclick='message(\"" . WT_Filter::escapeJs($user->getUserName()) . "\", \"" . $method . "\", \"" . WT_SERVER_NAME . WT_SCRIPT_PATH . WT_Filter::escapeJs(get_query_url()) . "\", \"\");return false;'>" . WT_Filter::escapeHtml($user->getRealName($user_id)) . '</a>';
}
} else {
return '';
}
}
/**
* Used in custom theme headers...
*
* @deprecated
*/
function getUserFullName($user_id)
{
return User::find($user_id)->getRealName();
}
/**
* The authenticated user, from the current session.
*
* @return User|null
*/
public static function user()
{
return User::find(Auth::id());
}
<label for="user_hashcode">', WT_I18N::translate('Verification code:'), '</label>
<input type="text" id="user_hashcode" name="user_hashcode" value="', $user_hashcode, '">
</div>
<div>
<input type="submit" value="', WT_I18N::translate('Send'), '">
</div>
</form>
</div>';
break;
case 'verify_hash':
if (!WT_Site::preference('USE_REGISTRATION_MODULE')) {
header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH);
exit;
}
// switch language to webmaster settings
$webmaster = User::find(get_gedcom_setting(WT_GED_ID, 'WEBMASTER_USER_ID'));
WT_I18N::init($webmaster->getSetting('language'));
$user = User::findByIdentifier($user_name);
$mail1_body = WT_I18N::translate('Hello administrator…') . WT_Mail::EOL . WT_Mail::EOL . WT_I18N::translate('A new user (%1$s) has requested an account (%2$s) and verified an email address (%3$s).', $user->getRealName(), $user->getUserName(), $user->getEmail()) . WT_Mail::EOL . WT_Mail::EOL;
if ($REQUIRE_ADMIN_AUTH_REGISTRATION && !$user->getSetting('verified_by_admin')) {
$mail1_body .= WT_I18N::translate('You now need to review the account details, and set the “approved” status to “yes”.');
} else {
$mail1_body .= WT_I18N::translate('You do not have to take any action; the user can now login.');
}
$mail1_body .= WT_Mail::EOL . '<a href="' . WT_SERVER_NAME . WT_SCRIPT_PATH . "admin_users.php?filter=" . rawurlencode($user->getUserName()) . '">' . WT_SERVER_NAME . WT_SCRIPT_PATH . "admin_users.php?filter=" . rawurlencode($user->getUserName()) . '</a>' . WT_Mail::auditFooter();
$mail1_subject = WT_I18N::translate('New user at %s', WT_SERVER_NAME . WT_SCRIPT_PATH . ' ' . $WT_TREE->tree_title);
// Change to the new user’s language
WT_I18N::init($user->getSetting('language'));
$controller->setPageTitle(WT_I18N::translate('User verification'));
$controller->pageHeader();
echo '<div id="login-register-page">';
}
// Delete the record itself
$record->deleteRecord();
} else {
header('HTTP/1.0 406 Not Acceptable');
}
break;
case 'delete-user':
$user = User::find(WT_Filter::postInteger('user_id'));
if ($user && Auth::isAdmin() && Auth::user() !== $user) {
Log::addAuthenticationLog('Deleted user: '******'masquerade':
$user = User::find(WT_Filter::postInteger('user_id'));
if ($user && Auth::isAdmin() && Auth::user() !== $user) {
Log::addAuthenticationLog('Masquerade as user: '******'HTTP/1.0 406 Not Acceptable');
}
break;
case 'unlink-media':
// Remove links from an individual and their spouse-family records to a media object.
// Used by the "unlink" option on the album (lightbox) tab.
require WT_ROOT . 'includes/functions/functions_edit.php';
$source = WT_Individual::getInstance(WT_Filter::post('source', WT_REGEX_XREF));
$target = WT_Filter::post('target', WT_REGEX_XREF);
if ($source && $source->canShow() && $source->canEdit() && $target) {
// Consider the individual and their spouse-family records
public function __construct()
{
global $SCRIPT_NAME, $MEDIA_DIRECTORY, $WT_SESSION;
// Our cart is an array of items in the session
if (!is_array($WT_SESSION->cart)) {
$WT_SESSION->cart = array();
}
if (!array_key_exists(WT_GED_ID, $WT_SESSION->cart)) {
$WT_SESSION->cart[WT_GED_ID] = array();
}
$this->action = WT_Filter::get('action');
$this->id = WT_Filter::get('id');
$convert = WT_Filter::get('convert', 'yes|no', 'no');
$this->Zip = WT_Filter::get('Zip');
$this->IncludeMedia = WT_Filter::get('IncludeMedia');
$this->conv_path = WT_Filter::get('conv_path');
$this->privatize_export = WT_Filter::get('privatize_export', 'none|visitor|user|gedadmin', 'visitor');
$this->level1 = WT_Filter::getInteger('level1');
$this->level2 = WT_Filter::getInteger('level2');
$this->level3 = WT_Filter::getInteger('level3');
$others = WT_Filter::get('others');
$this->type = WT_Filter::get('type');
if (($this->privatize_export == 'none' || $this->privatize_export == 'none') && !WT_USER_GEDCOM_ADMIN) {
$this->privatize_export = 'visitor';
}
if ($this->privatize_export == 'user' && !WT_USER_CAN_ACCESS) {
$this->privatize_export = 'visitor';
}
if ($this->action == 'add') {
if (empty($this->type) && !empty($this->id)) {
$this->type = "";
$obj = WT_GedcomRecord::getInstance($this->id);
if (is_null($obj)) {
$this->id = "";
$this->action = "";
} else {
$this->type = strtolower($obj::RECORD_TYPE);
}
} else {
if (empty($this->id)) {
$this->action = "";
}
}
if (!empty($this->id) && $this->type != 'fam' && $this->type != 'indi' && $this->type != 'sour') {
$this->action = 'add1';
}
}
if ($this->action == 'add1') {
$obj = WT_GedcomRecord::getInstance($this->id);
$this->addClipping($obj);
if ($this->type == 'sour') {
if ($others == 'linked') {
foreach ($obj->linkedIndividuals('SOUR') as $indi) {
$this->addClipping($indi);
}
foreach ($obj->linkedFamilies('SOUR') as $fam) {
$this->addClipping($fam);
}
}
}
if ($this->type == 'fam') {
if ($others == 'parents') {
$this->addClipping($obj->getHusband());
$this->addClipping($obj->getWife());
} elseif ($others == "members") {
$this->addFamilyMembers(WT_Family::getInstance($this->id));
} elseif ($others == "descendants") {
$this->addFamilyDescendancy(WT_Family::getInstance($this->id));
}
} elseif ($this->type == 'indi') {
if ($others == 'parents') {
foreach (WT_Individual::getInstance($this->id)->getChildFamilies() as $family) {
$this->addFamilyMembers($family);
}
} elseif ($others == 'ancestors') {
$this->addAncestorsToCart(WT_Individual::getInstance($this->id), $this->level1);
} elseif ($others == 'ancestorsfamilies') {
$this->addAncestorsToCartFamilies(WT_Individual::getInstance($this->id), $this->level2);
} elseif ($others == 'members') {
foreach (WT_Individual::getInstance($this->id)->getSpouseFamilies() as $family) {
$this->addFamilyMembers($family);
}
} elseif ($others == 'descendants') {
foreach (WT_Individual::getInstance($this->id)->getSpouseFamilies() as $family) {
$this->addClipping($family);
$this->addFamilyDescendancy($family, $this->level3);
}
}
uksort($WT_SESSION->cart[WT_GED_ID], array('WT_Controller_Clippings', 'compareClippings'));
}
} elseif ($this->action == 'remove') {
unset($WT_SESSION->cart[WT_GED_ID][$this->id]);
} elseif ($this->action == 'empty') {
$WT_SESSION->cart[WT_GED_ID] = array();
} elseif ($this->action == 'download') {
$media = array();
$mediacount = 0;
$filetext = gedcom_header(WT_GEDCOM);
// Include SUBM/SUBN records, if they exist
$subn = WT_DB::prepare("SELECT o_gedcom FROM `##other` WHERE o_type=? AND o_file=?")->execute(array('SUBN', WT_GED_ID))->fetchOne();
if ($subn) {
$filetext .= $subn . "\n";
}
$subm = WT_DB::prepare("SELECT o_gedcom FROM `##other` WHERE o_type=? AND o_file=?")->execute(array('SUBM', WT_GED_ID))->fetchOne();
if ($subm) {
$filetext .= $subm . "\n";
}
if ($convert == "yes") {
$filetext = str_replace("UTF-8", "ANSI", $filetext);
$filetext = utf8_decode($filetext);
}
switch ($this->privatize_export) {
case 'gedadmin':
$access_level = WT_PRIV_NONE;
break;
case 'user':
$access_level = WT_PRIV_USER;
break;
case 'visitor':
$access_level = WT_PRIV_PUBLIC;
break;
case 'none':
$access_level = WT_PRIV_HIDE;
break;
}
foreach (array_keys($WT_SESSION->cart[WT_GED_ID]) as $xref) {
$object = WT_GedcomRecord::getInstance($xref);
if ($object) {
// The object may have been deleted since we added it to the cart....
$record = $object->privatizeGedcom($access_level);
// Remove links to objects that aren't in the cart
preg_match_all('/\\n1 ' . WT_REGEX_TAG . ' @(' . WT_REGEX_XREF . ')@(\\n[2-9].*)*/', $record, $matches, PREG_SET_ORDER);
foreach ($matches as $match) {
if (!array_key_exists($match[1], $WT_SESSION->cart[WT_GED_ID])) {
$record = str_replace($match[0], '', $record);
}
}
preg_match_all('/\\n2 ' . WT_REGEX_TAG . ' @(' . WT_REGEX_XREF . ')@(\\n[3-9].*)*/', $record, $matches, PREG_SET_ORDER);
foreach ($matches as $match) {
if (!array_key_exists($match[1], $WT_SESSION->cart[WT_GED_ID])) {
$record = str_replace($match[0], '', $record);
}
}
preg_match_all('/\\n3 ' . WT_REGEX_TAG . ' @(' . WT_REGEX_XREF . ')@(\\n[4-9].*)*/', $record, $matches, PREG_SET_ORDER);
foreach ($matches as $match) {
if (!array_key_exists($match[1], $WT_SESSION->cart[WT_GED_ID])) {
$record = str_replace($match[0], '', $record);
}
}
$record = convert_media_path($record, $this->conv_path);
$savedRecord = $record;
// Save this for the "does this file exist" check
if ($convert == 'yes') {
$record = utf8_decode($record);
}
switch ($object::RECORD_TYPE) {
case 'INDI':
$filetext .= $record . "\n";
$filetext .= "1 SOUR @WEBTREES@\n";
$filetext .= "2 PAGE " . WT_SERVER_NAME . WT_SCRIPT_PATH . $object->getRawUrl() . "\n";
break;
case 'FAM':
$filetext .= $record . "\n";
$filetext .= "1 SOUR @WEBTREES@\n";
$filetext .= "2 PAGE " . WT_SERVER_NAME . WT_SCRIPT_PATH . $object->getRawUrl() . "\n";
break;
case 'SOUR':
$filetext .= $record . "\n";
$filetext .= "1 NOTE " . WT_SERVER_NAME . WT_SCRIPT_PATH . $object->getRawUrl() . "\n";
break;
default:
$ft = preg_match_all("/\n\\d FILE (.+)/", $savedRecord, $match, PREG_SET_ORDER);
for ($k = 0; $k < $ft; $k++) {
// Skip external files and non-existant files
if (file_exists(WT_DATA_DIR . $MEDIA_DIRECTORY . $match[$k][1])) {
$media[$mediacount] = array(PCLZIP_ATT_FILE_NAME => WT_DATA_DIR . $MEDIA_DIRECTORY . $match[$k][1], PCLZIP_ATT_FILE_NEW_FULL_NAME => $match[$k][1]);
$mediacount++;
}
}
$filetext .= trim($record) . "\n";
break;
}
}
}
if ($this->IncludeMedia == "yes") {
$this->media_list = $media;
}
$filetext .= "0 @WEBTREES@ SOUR\n1 TITL " . WT_SERVER_NAME . WT_SCRIPT_PATH . "\n";
if ($user_id = get_gedcom_setting(WT_GED_ID, 'CONTACT_EMAIL')) {
$user = User::find($user_id);
$filetext .= "1 AUTH " . $user->getRealName() . "\n";
}
$filetext .= "0 TRLR\n";
//-- make sure the preferred line endings are used
$filetext = preg_replace("/[\r\n]+/", WT_EOL, $filetext);
$this->download_data = $filetext;
$this->downloadClipping();
}
}
/**
* If the Facebook username or email is associated with an account, login to it. Otherwise, register a new account.
*
* @param object $facebookUser Facebook user
* @param string $url (optional) URL to redirect to afterwards.
*/
private function login_or_register(&$facebookUser, $url = '')
{
$REQUIRE_ADMIN_AUTH_REGISTRATION = WT_Site::getPreference('REQUIRE_ADMIN_AUTH_REGISTRATION');
if ($this->getSetting('require_verified', 1) && empty($facebookUser->verified)) {
$this->error_page(WT_I18N::translate('Only verified Facebook accounts are authorized. Please verify your account on Facebook and then try again'));
}
if (empty($facebookUser->username)) {
$facebookUser->username = $facebookUser->id;
}
$user_id = $this->get_user_id_from_facebook_username($facebookUser->username);
if (!$user_id) {
if (!isset($facebookUser->email)) {
$this->error_page(WT_I18N::translate('You must grant access to your email address via Facebook in order to use this website. Please uninstall the application on Facebook and try again.'));
}
$user = User::findByIdentifier($facebookUser->email);
if ($user) {
$user_id = $user->getUserId();
}
}
if ($user_id) {
// This is an existing user so log them in if they are approved
$login_result = $this->login($user_id);
$message = '';
switch ($login_result) {
case -1:
// not validated
$message = WT_I18N::translate('This account has not been verified. Please check your email for a verification message.');
break;
case -2:
// not approved
$message = WT_I18N::translate('This account has not been approved. Please wait for an administrator to approve it.');
break;
default:
$user = User::find($user_id);
$user->setPreference(self::user_setting_facebook_username, $this->cleanseFacebookUsername($facebookUser->username));
// redirect to the homepage/$url
header('Location: ' . WT_SCRIPT_PATH . $url);
return;
}
$this->error_page($message);
} else {
// This is a new Facebook user who may or may not already have a manual account
if (!WT_Site::getPreference('USE_REGISTRATION_MODULE')) {
$this->error_page('<p>' . WT_I18N::translate('The administrator has disabled registrations.') . '</p>');
}
// check if the username is already in use
$username = $this->cleanseFacebookUsername($facebookUser->username);
$wt_username = substr($username, 0, 32);
// Truncate the username to 32 characters to match the DB.
if (User::findByIdentifier($wt_username)) {
// fallback to email as username since we checked above that a user with the email didn't exist.
$wt_username = $facebookUser->email;
$wt_username = substr($wt_username, 0, 32);
// Truncate the username to 32 characters to match the DB.
}
// Generate a random password since the user shouldn't need it and can always reset it.
$password = md5(uniqid(rand(), TRUE));
$hashcode = md5(uniqid(rand(), true));
$preApproved = unserialize($this->getSetting('preapproved'));
// From login.php:
Log::addAuthenticationLog('User registration requested for: ' . $wt_username);
if ($user = User::create($wt_username, $facebookUser->name, $facebookUser->email, $password)) {
$verifiedByAdmin = !$REQUIRE_ADMIN_AUTH_REGISTRATION || isset($preApproved[$username]);
$user->setPreference(self::user_setting_facebook_username, $this->cleanseFacebookUsername($facebookUser->username))->setPreference('language', WT_LOCALE)->setPreference('verified', '1')->setPreference('verified_by_admin', $verifiedByAdmin ? '1' : '0')->setPreference('reg_timestamp', date('U'))->setPreference('reg_hashcode', $hashcode)->setPreference('contactmethod', 'messaging2')->setPreference('visibleonline', '1')->setPreference('editaccount', '1')->setPreference('auto_accept', '0')->setPreference('canadmin', '0')->setPreference('sessiontime', $verifiedByAdmin ? WT_TIMESTAMP : '0')->setPreference('comment', @$facebookUser->birthday . "\n " . "https://www.facebook.com/" . $this->cleanseFacebookUsername($facebookUser->username));
// Apply pre-approval settings
if (isset($preApproved[$username])) {
$userSettings = $preApproved[$username];
foreach ($userSettings as $gedcom => $userGedcomSettings) {
foreach (array('gedcomid', 'rootid', 'canedit') as $userPref) {
if (empty($userGedcomSettings[$userPref])) {
continue;
}
// Use a direct DB query instead of $tree->setUserPreference since we
// can't get a reference to the WT_Tree since it checks permissions but
// we are trying to give the permissions.
WT_DB::prepare("REPLACE INTO `##user_gedcom_setting` (user_id, gedcom_id, setting_name, setting_value) VALUES (?, ?, ?, LEFT(?, 255))")->execute(array($user->getUserId(), $gedcom, $userPref, $userGedcomSettings[$userPref]));
}
}
// Remove the pre-approval record
unset($preApproved[$username]);
$this->setSetting('preapproved', serialize($preApproved));
}
// We need jQuery below
global $controller;
$controller = new WT_Controller_Page();
$controller->setPageTitle($this->getTitle())->pageHeader();
echo '<form id="verify-form" name="verify-form" method="post" action="', WT_LOGIN_URL, '" class="ui-autocomplete-loading" style="width:16px;height:16px;padding:0">';
echo $this->hidden_input("action", "verify_hash");
echo $this->hidden_input("user_name", $wt_username);
echo $this->hidden_input("user_password", $password);
echo $this->hidden_input("user_hashcode", $hashcode);
echo WT_Filter::getCsrf();
echo '</form>';
if ($verifiedByAdmin) {
$controller->addInlineJavaScript('
function verify_hash_success() {
// now the account is approved but not logged in. Now actually login for the user.
window.location = "' . $this->getConnectURL($url) . '";
}
function verify_hash_failure() {
alert("' . WT_I18N::translate("There was an error verifying your account. Contact the site administrator if you are unable to access the site.") . '");
window.location = "' . WT_SCRIPT_PATH . '";
}
$(document).ready(function() {
$.post("' . WT_LOGIN_URL . '", $("#verify-form").serialize(), verify_hash_success).fail(verify_hash_failure);
});
');
} else {
echo '<script>document.getElementById("verify-form").submit()</script>';
}
} else {
Log::addErrorLog("Facebook: Couldn't create the user account");
$this->error_page('<p>' . WT_I18N::translate('Unable to create your account. Please try again.') . '</p>' . '<div class="back"><a href="javascript:history.back()">' . WT_I18N::translate('Back') . '</a></div>');
}
}
}
static function _getLatestUserData($type = 'userid', $params = null)
{
global $DATE_FORMAT, $TIME_FORMAT;
static $user_id = null;
if ($user_id === null) {
$user = User::findLatestToRegister();
} else {
$user = User::find($user_id);
}
switch ($type) {
default:
case 'userid':
return $user->getUserId();
case 'username':
return $user->getUserName();
case 'fullname':
return $user->getRealName();
case 'regdate':
if (is_array($params) && isset($params[0]) && $params[0] != '') {
$datestamp = $params[0];
} else {
$datestamp = $DATE_FORMAT;
}
return timestamp_to_gedcom_date($user->getSetting('reg_timestamp'))->Display(false, $datestamp);
case 'regtime':
if (is_array($params) && isset($params[0]) && $params[0] != '') {
$datestamp = $params[0];
} else {
$datestamp = str_replace('%', '', $TIME_FORMAT);
}
return date($datestamp, $user->getSetting('reg_timestamp'));
case 'loggedin':
if (is_array($params) && isset($params[0]) && $params[0] != '') {
$yes = $params[0];
} else {
$yes = WT_I18N::translate('yes');
}
if (is_array($params) && isset($params[1]) && $params[1] != '') {
$no = $params[1];
} else {
$no = WT_I18N::translate('no');
}
return WT_DB::prepare("SELECT SQL_NO_CACHE 1 FROM `##session` WHERE user_id=? LIMIT 1")->execute(array($user->getUserId()))->fetchOne() ? $yes : $no;
}
}
case 'RELATIONSHIP_PATH_LENGTH':
$tree = WT_Tree::get($id2);
if (Auth::isManager($tree)) {
$tree->userPreference($id1, $id3, $value);
ok();
break;
}
}
fail();
break;
case 'user_setting':
//////////////////////////////////////////////////////////////////////////////
// Table name: WT_USER_SETTING
// ID format: user_setting-{user_id}-{setting_name}
//////////////////////////////////////////////////////////////////////////////
$user = User::find($id1);
// Authorisation
if (!(Auth::isAdmin() || $user && $user->getSetting('editaccount') && in_array($id2, array('language', 'visible_online', 'contact_method')))) {
fail();
}
// Validation
switch ($id2) {
case 'canadmin':
// Cannot change our own admin status - either to add it or remove it
if (Auth::user() == $user) {
fail();
}
break;
case 'verified_by_admin':
// Approving for the first time? Send a confirmation email
if ($value && !$user->getSetting('verified_by_admin') && $user->getSetting('sessiontime') == 0) {
