/** * @see Form::save() */ public function save() { parent::save(); $sql = "SELECT\t\tuser.*,\n\t\t\t\t\tGROUP_CONCAT(groupID SEPARATOR ',') AS groupIDs\n\t\t\tFROM\t\twcf" . WCF_N . "_user user\n\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_to_groups groups\n\t\t\tON\t\t(groups.userID = user.userID)\n\t\t\tWHERE\t\tuser.userID IN (" . $this->userIDs . ")\n\t\t\tGROUP BY\tuser.userID"; $result = WCF::getDB()->sendQuery($sql); while ($row = WCF::getDB()->fetchArray($result)) { if (!Group::isAccessibleGroup(explode(',', $row['groupIDs']))) { throw new PermissionDeniedException(); } $user = new UserEditor(null, $row); $user->addToGroups($this->groupIDs, false, false); } UserEditor::unmarkAll(); Session::resetSessions(explode(',', $this->userIDs)); $this->saved(); WCF::getTPL()->assign('message', 'wcf.acp.user.assignToGroup.success'); WCF::getTPL()->display('success'); exit; }
/** * Creates a new user with all required and filled out additional fields. * * @param string $username * @param string $email * @param string $password * @param mixed $groupIDs * @param array $userOptions * @param array $additionalFields * @param array $visibleLanguages * @param boolean $addDefaultGroups * @return UserEditor */ public static function create($username, $email, $password, $groupIDs, $userOptions = array(), $additionalFields = array(), $visibleLanguages = array(), $addDefaultGroups = true) { // insert main data $salt = StringUtil::getRandomID(); $password = StringUtil::getDoubleSaltedHash($password, $salt); $userID = self::insert($username, $email, $password, $salt, $additionalFields); // insert user options self::insertUserOptions($userID, $userOptions); // insert groups $user = new UserEditor($userID); $user->addToGroups($groupIDs, false, $addDefaultGroups); $user->addToLanguage($visibleLanguages); return $user; }
/** * @see Form::save() */ public function save() { parent::save(); // build conditions $this->conditions = new ConditionBuilder(); // static fields if (!empty($this->username)) { $this->conditions->add("user.username LIKE '%" . addcslashes(escapeString($this->username), '_%') . "%'"); } if (!empty($this->email)) { $this->conditions->add("user.email LIKE '%" . addcslashes(escapeString($this->email), '_%') . "%'"); } if (count($this->groupIDArray) > 0) { $this->conditions->add("user.userID " . ($this->invertGroupIDs == 1 ? 'NOT ' : '') . "IN (SELECT userID FROM wcf" . WCF_N . "_user_to_groups WHERE groupID IN (" . implode(',', $this->groupIDArray) . "))"); } if (count($this->languageIDArray) > 0) { $this->conditions->add("user.languageID IN (" . implode(',', $this->languageIDArray) . ")"); } // dynamic fields foreach ($this->activeOptions as $name => $option) { $value = isset($this->values[$option['optionName']]) ? $this->values[$option['optionName']] : null; $condition = $this->getTypeObject($option['optionType'])->getCondition($option, $value, isset($this->matchExactly[$name])); if ($condition !== false) { $this->conditions->add($condition); } } // call buildConditions event EventHandler::fireAction($this, 'buildConditions'); // execute action switch ($this->action) { case 'sendMail': WCF::getUser()->checkPermission('admin.user.canMailUser'); // get user ids $userIDArray = array(); $sql = "SELECT\t\tuser.userID\n\t\t\t\t\tFROM\t\twcf" . WCF_N . "_user user\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value USING (userID)\n\t\t\t\t\t" . $this->conditions->get(); $result = WCF::getDB()->sendQuery($sql); while ($row = WCF::getDB()->fetchArray($result)) { $userIDArray[] = $row['userID']; $this->affectedUsers++; } // save config in session $userMailData = WCF::getSession()->getVar('userMailData'); if ($userMailData === null) { $userMailData = array(); } $mailID = count($userMailData); $userMailData[$mailID] = array('action' => '', 'userIDs' => implode(',', $userIDArray), 'groupIDs' => '', 'subject' => $this->subject, 'text' => $this->text, 'from' => $this->from, 'enableHTML' => $this->enableHTML); WCF::getSession()->register('userMailData', $userMailData); $this->saved(); // show worker template WCF::getTPL()->assign(array('pageTitle' => WCF::getLanguage()->get('wcf.acp.user.sendMail'), 'url' => 'index.php?action=UserMail&mailID=' . $mailID . '&packageID=' . PACKAGE_ID . SID_ARG_2ND_NOT_ENCODED)); WCF::getTPL()->display('worker'); exit; break; case 'exportMailAddress': WCF::getUser()->checkPermission('admin.user.canMailUser'); // send content type header('Content-Type: text/' . $this->fileType . '; charset=' . CHARSET); header('Content-Disposition: attachment; filename="export.' . $this->fileType . '"'); if ($this->fileType == 'xml') { echo "<?xml version=\"1.0\" encoding=\"" . CHARSET . "\"?>\n<addresses>\n"; } // get users $sql = "SELECT\t\tuser.email\n\t\t\t\t\tFROM\t\twcf" . WCF_N . "_user user\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value USING (userID)\n\t\t\t\t\t" . $this->conditions->get() . "\n\t\t\t\t\tORDER BY\tuser.email"; $result = WCF::getDB()->sendQuery($sql); $i = 0; $j = WCF::getDB()->countRows($result) - 1; while ($row = WCF::getDB()->fetchArray($result)) { if ($this->fileType == 'xml') { echo "<address><![CDATA[" . StringUtil::escapeCDATA($row['email']) . "]]></address>\n"; } else { echo $this->textSeparator . $row['email'] . $this->textSeparator . ($i < $j ? $this->separator : ''); } $i++; $this->affectedUsers++; } if ($this->fileType == 'xml') { echo "</addresses>"; } $this->saved(); exit; break; case 'assignToGroup': WCF::getUser()->checkPermission('admin.user.canEditUser'); $userIDArray = array(); $sql = "SELECT\t\tuser.*,\n\t\t\t\t\t\t\tGROUP_CONCAT(groupID SEPARATOR ',') AS groupIDs\n\t\t\t\t\tFROM\t\twcf" . WCF_N . "_user user\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value USING (userID)\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_to_groups groups\n\t\t\t\t\tON\t\t(groups.userID = user.userID)\n\t\t\t\t\t" . $this->conditions->get() . "\t\t\n\t\t\t\t\tGROUP BY\tuser.userID"; $result = WCF::getDB()->sendQuery($sql); while ($row = WCF::getDB()->fetchArray($result)) { if (!Group::isAccessibleGroup(explode(',', $row['groupIDs']))) { throw new PermissionDeniedException(); } $user = new UserEditor(null, $row); $user->addToGroups($this->assignToGroupIDArray, false, false); $userIDArray[] = $row['userID']; $this->affectedUsers++; } Session::resetSessions($userIDArray); break; case 'delete': WCF::getUser()->checkPermission('admin.user.canDeleteUser'); $userIDArray = array(); $sql = "SELECT\t\tuser.*,\n\t\t\t\t\t\t\tGROUP_CONCAT(groupID SEPARATOR ',') AS groupIDs\n\t\t\t\t\tFROM\t\twcf" . WCF_N . "_user user\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_option_value option_value USING (userID)\n\t\t\t\t\tLEFT JOIN\twcf" . WCF_N . "_user_to_groups groups\n\t\t\t\t\tON\t\t(groups.userID = user.userID)\n\t\t\t\t\t" . $this->conditions->get() . "\t\t\n\t\t\t\t\tGROUP BY\tuser.userID"; $result = WCF::getDB()->sendQuery($sql); while ($row = WCF::getDB()->fetchArray($result)) { if (!Group::isAccessibleGroup(explode(',', $row['groupIDs']))) { throw new PermissionDeniedException(); } $userIDArray[] = $row['userID']; $this->affectedUsers++; } UserEditor::deleteUsers($userIDArray); break; } $this->saved(); WCF::getTPL()->assign('affectedUsers', $this->affectedUsers); }