/**
* Confirm email address is valid via sent code.
*
* @access public
* @since 2.0.0
*
* @param int $UserID
* @param string $EmailKey Authenticate with unique, 1-time code sent via email.
*/
public function EmailConfirm($UserID, $EmailKey = '') {
$User = $this->UserModel->GetID($UserID);
$EmailConfirmed = $this->UserModel->ConfirmEmail($User, $EmailKey);
$this->Form->SetValidationResults($this->UserModel->ValidationResults());
if ($EmailConfirmed && !Gdn::Session()->IsValid()) {
$UserID = GetValue('UserID', $User);
Gdn::Session()->Start($UserID);
}
$this->SetData('EmailConfirmed', $EmailConfirmed);
$this->SetData('Email', $User->Email);
$this->Render();
}
/**
* Handle flagging process in a discussion.
*/
public function DiscussionController_Flag_Create($Sender)
{
if (!C('Plugins.Flagging.Enabled')) {
return;
}
// Signed in users only.
if (!($UserID = Gdn::Session()->UserID)) {
return;
}
$UserName = Gdn::Session()->User->Name;
$Arguments = $Sender->RequestArgs;
if (sizeof($Arguments) != 5) {
return;
}
list($Context, $ElementID, $ElementAuthorID, $ElementAuthor, $EncodedURL) = $Arguments;
$URL = base64_decode(str_replace('-', '=', $EncodedURL));
$Sender->SetData('Plugin.Flagging.Data', array('Context' => $Context, 'ElementID' => $ElementID, 'ElementAuthorID' => $ElementAuthorID, 'ElementAuthor' => $ElementAuthor, 'URL' => $URL, 'UserID' => $UserID, 'UserName' => $UserName));
if ($Sender->Form->AuthenticatedPostBack()) {
$SQL = Gdn::SQL();
$Comment = $Sender->Form->GetValue('Plugin.Flagging.Reason');
$Sender->SetData('Plugin.Flagging.Reason', $Comment);
$CreateDiscussion = C('Plugins.Flagging.UseDiscussions');
if ($CreateDiscussion) {
// Category
$CategoryID = C('Plugins.Flagging.CategoryID');
// New discussion name
if ($Context == 'comment') {
$Result = $SQL->Select('d.Name')->Select('c.Body')->From('Comment c')->Join('Discussion d', 'd.DiscussionID = c.DiscussionID', 'left')->Where('c.CommentID', $ElementID)->Get()->FirstRow();
} elseif ($Context == 'discussion') {
$DiscussionModel = new DiscussionModel();
$Result = $DiscussionModel->GetID($ElementID);
}
$DiscussionName = GetValue('Name', $Result);
$PrefixedDiscussionName = T('FlagPrefix', 'FLAG: ') . $DiscussionName;
// Prep data for the template
$Sender->SetData('Plugin.Flagging.Report', array('DiscussionName' => $DiscussionName, 'FlaggedContent' => GetValue('Body', $Result)));
// Assume no discussion exists
$this->DiscussionID = NULL;
// Get discussion ID if already flagged
$FlagResult = Gdn::SQL()->Select('DiscussionID')->From('Flag fl')->Where('ForeignType', $Context)->Where('ForeignID', $ElementID)->Get()->FirstRow();
if ($FlagResult) {
// New comment in existing discussion
$DiscussionID = $FlagResult->DiscussionID;
$ReportBody = $Sender->FetchView($this->GetView('reportcomment.php'));
$SQL->Insert('Comment', array('DiscussionID' => $DiscussionID, 'InsertUserID' => $UserID, 'Body' => $ReportBody, 'Format' => 'Html', 'DateInserted' => date('Y-m-d H:i:s')));
$CommentModel = new CommentModel();
$CommentModel->UpdateCommentCount($DiscussionID);
} else {
// New discussion body
$ReportBody = $Sender->FetchView($this->GetView('report.php'));
$DiscussionID = $SQL->Insert('Discussion', array('InsertUserID' => $UserID, 'UpdateUserID' => $UserID, 'CategoryID' => $CategoryID, 'Name' => $PrefixedDiscussionName, 'Body' => $ReportBody, 'Format' => 'Html', 'CountComments' => 1, 'DateInserted' => date('Y-m-d H:i:s'), 'DateUpdated' => date('Y-m-d H:i:s'), 'DateLastComment' => date('Y-m-d H:i:s')));
// Update discussion count
$DiscussionModel = new DiscussionModel();
$DiscussionModel->UpdateDiscussionCount($CategoryID);
}
}
try {
// Insert the flag
$SQL->Insert('Flag', array('DiscussionID' => $DiscussionID, 'InsertUserID' => $UserID, 'InsertName' => $UserName, 'AuthorID' => $ElementAuthorID, 'AuthorName' => $ElementAuthor, 'ForeignURL' => $URL, 'ForeignID' => $ElementID, 'ForeignType' => $Context, 'Comment' => $Comment, 'DateInserted' => date('Y-m-d H:i:s')));
} catch (Exception $e) {
}
// Notify users with permission who've chosen to be notified
if (!$FlagResult) {
// Only send if this is first time it's being flagged.
$Sender->SetData('Plugin.Flagging.DiscussionID', $DiscussionID);
$Subject = isset($PrefixedDiscussionName) ? $PrefixedDiscussionName : T('FlagDiscussion', 'A discussion was flagged');
$EmailBody = $Sender->FetchView($this->GetView('reportemail.php'));
$NotifyUsers = C('Plugins.Flagging.NotifyUsers', array());
// Send emails
$UserModel = new UserModel();
foreach ($NotifyUsers as $UserID) {
$User = $UserModel->GetID($UserID);
$Email = new Gdn_Email();
$Email->To($User->Email)->Subject(sprintf(T('[%1$s] %2$s'), Gdn::Config('Garden.Title'), $Subject))->Message($EmailBody)->Send();
}
}
$Sender->InformMessage(T('FlagSent', "Your complaint has been registered."));
}
$Sender->Render($this->GetView('flag.php'));
}
public function Get($UserID = FALSE)
{
if (!$UserID) {
$UserID = Gdn::Session()->UserID;
}
if (($UserID != Gdn::Session()->UserID || !Gdn::Session()->UserID) && !Gdn::Session()->CheckPermission('Garden.Users.Edit')) {
throw new Exception(T('You do not have permission to view other profiles.'), 401);
}
$UserModel = new UserModel();
// Get the user.
$User = $UserModel->GetID($UserID, DATASET_TYPE_ARRAY);
if (!$User) {
throw new Exception(T('User not found.'), 404);
}
$PhotoUrl = $User['Photo'];
if ($PhotoUrl && strpos($PhotoUrl, '//') == FALSE) {
$PhotoUrl = Url('/uploads/' . ChangeBasename($PhotoUrl, 'n%s'), TRUE);
}
$User['Photo'] = $PhotoUrl;
// Remove unwanted fields.
$this->Data = ArrayTranslate($User, array('UserID', 'Name', 'Email', 'Photo'));
$this->Render();
}
public function UserBookmarkCount($UserID = FALSE)
{
if ($UserID === FALSE) {
$UserID = Gdn::Session()->UserID;
}
if (!$UserID) {
$CountBookmarks = NULL;
} else {
if ($UserID == Gdn::Session() && isset(Gdn::Session()->User->CountBookmarks)) {
$CountBookmarks = Gdn::Session()->User->CountBookmarks;
} else {
$UserModel = new UserModel();
$User = $UserModel->GetID($UserID, DATASET_TYPE_ARRAY);
$CountBookmarks = $User['CountBookmarks'];
}
if ($CountBookmarks === NULL) {
$CountBookmarks = Gdn::SQL()->Select('DiscussionID', 'count', 'CountBookmarks')->From('UserDiscussion')->Where('Bookmarked', '1')->Where('UserID', $UserID)->Get()->Value('CountBookmarks', 0);
Gdn::UserModel()->SetField($UserID, 'CountBookmarks', $CountBookmarks);
}
}
$this->SetData('CountBookmarks', $CountBookmarks);
$this->SetData('_Value', $CountBookmarks);
$this->xRender('Value', 'utility', 'dashboard');
}
/**
* Edit a user account.
*
* @since 2.0.0
* @access public
* @param int $UserID Unique ID.
*/
public function Edit($UserID)
{
$this->Permission('Garden.Users.Edit');
// Page setup
$this->AddJsFile('user.js');
$this->Title(T('Edit User'));
$this->AddSideMenu('dashboard/user');
// Only admins can reassign roles
$RoleModel = new RoleModel();
$AllRoles = $RoleModel->GetArray();
$RoleData = CheckPermission('Garden.Settings.Manage') ? $AllRoles : array();
$UserModel = new UserModel();
$User = $UserModel->GetID($UserID, DATASET_TYPE_ARRAY);
// Determine if username can be edited
$CanEditUsername = (bool) C("Garden.Profile.EditUsernames") || Gdn::Session()->CheckPermission('Garden.Users.Edit');
$this->SetData('_CanEditUsername', $CanEditUsername);
// Determine if emails can be edited
$CanEditEmail = Gdn::Session()->CheckPermission('Garden.Users.Edit');
$this->SetData('_CanEditEmail', $CanEditEmail);
// Decide if they have ability to confirm users
$Confirmed = (bool) GetValueR('Confirmed', $User);
$CanConfirmEmail = UserModel::RequireConfirmEmail() && Gdn::Session()->CheckPermission('Garden.Users.Edit');
$this->SetData('_CanConfirmEmail', $CanConfirmEmail);
$this->SetData('_EmailConfirmed', $Confirmed);
$User['ConfirmEmail'] = (int) $Confirmed;
// Determine whether user being edited is privileged (can escalate permissions)
$UserModel = new UserModel();
$EditingPrivilegedUser = $UserModel->CheckPermission($User, 'Garden.Settings.Manage');
// Determine our password reset options
// Anyone with user editing my force reset over email
$this->ResetOptions = array(0 => T('Keep current password.'), 'Auto' => T('Force user to reset their password and send email notification.'));
// Only admins may manually reset passwords for other admins
if (CheckPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser) {
$this->ResetOptions['Manual'] = T('Manually set user password. No email notification.');
}
// Set the model on the form.
$this->Form->SetModel($UserModel);
// Make sure the form knows which item we are editing.
$this->Form->AddHidden('UserID', $UserID);
try {
$AllowEditing = TRUE;
$this->EventArguments['AllowEditing'] =& $AllowEditing;
$this->EventArguments['TargetUser'] =& $User;
// These are all the 'effective' roles for this edit action. This list can
// be trimmed down from the real list to allow subsets of roles to be
// edited.
$this->EventArguments['RoleData'] =& $RoleData;
$UserRoleData = $UserModel->GetRoles($UserID)->ResultArray();
$RoleIDs = ConsolidateArrayValuesByKey($UserRoleData, 'RoleID');
$RoleNames = ConsolidateArrayValuesByKey($UserRoleData, 'Name');
$UserRoleData = ArrayCombine($RoleIDs, $RoleNames);
$this->EventArguments['UserRoleData'] =& $UserRoleData;
$this->FireEvent("BeforeUserEdit");
$this->SetData('AllowEditing', $AllowEditing);
$this->Form->SetData($User);
if ($this->Form->AuthenticatedPostBack()) {
if (!$CanEditUsername) {
$this->Form->SetFormValue("Name", $User['Name']);
}
// Allow mods to confirm/unconfirm emails
$this->Form->RemoveFormValue('Confirmed');
$Confirmation = $this->Form->GetFormValue('ConfirmEmail', null);
$Confirmation = !is_null($Confirmation) ? (bool) $Confirmation : null;
if ($CanConfirmEmail && is_bool($Confirmation)) {
$this->Form->SetFormValue('Confirmed', (int) $Confirmation);
}
$ResetPassword = $this->Form->GetValue('ResetPassword', FALSE);
// If we're an admin or this isn't a privileged user, allow manual setting of password
$AllowManualReset = CheckPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser;
if ($ResetPassword == 'Manual' && $AllowManualReset) {
// If a new password was specified, add it to the form's collection
$NewPassword = $this->Form->GetValue('NewPassword', '');
$this->Form->SetFormValue('Password', $NewPassword);
}
// Role changes
// These are the new roles the editing user wishes to apply to the target
// user, adjusted for his ability to affect those roles
$RequestedRoles = $this->Form->GetFormValue('RoleID');
if (!is_array($RequestedRoles)) {
$RequestedRoles = array();
}
$RequestedRoles = array_flip($RequestedRoles);
$UserNewRoles = array_intersect_key($RoleData, $RequestedRoles);
// These roles will stay turned on regardless of the form submission contents
// because the editing user does not have permission to modify them
$ImmutableRoles = array_diff_key($AllRoles, $RoleData);
$UserImmutableRoles = array_intersect_key($ImmutableRoles, $UserRoleData);
// Apply immutable roles
foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) {
$UserNewRoles[$IMRoleID] = $IMRoleName;
}
// Put the data back into the forum object as if the user had submitted
// this themselves
$this->Form->SetFormValue('RoleID', array_keys($UserNewRoles));
if ($this->Form->Save(array('SaveRoles' => TRUE)) !== FALSE) {
if ($this->Form->GetValue('ResetPassword', '') == 'Auto') {
$UserModel->PasswordRequest($User['Email']);
$UserModel->SetField($UserID, 'HashMethod', 'Reset');
}
$this->InformMessage(T('Your changes have been saved.'));
}
$UserRoleData = $UserNewRoles;
}
} catch (Exception $Ex) {
$this->Form->AddError($Ex);
}
$this->SetData('User', $User);
$this->SetData('Roles', $RoleData);
$this->SetData('UserRoles', $UserRoleData);
$this->Render();
}
/**
* @param UserModel $UserModel
* @param array $Args
*/
public function UserModel_BeforeSave_Handler($UserModel, $Args)
{
if (isset($Args['Fields']) && !isset($Args['Fields']['Password'])) {
return;
}
// Grab the current passwordhash for comparison.
$UserID = GetValueR('FormPostValues.UserID', $Args);
if ($UserID) {
$CurrentUser = $UserModel->GetID($UserID, DATASET_TYPE_ARRAY);
$this->_OldPasswordHash = array($CurrentUser['Password'], $CurrentUser['HashMethod']);
}
}
/**
* Edit a user account.
*
* @since 2.0.0
* @access public
* @param int $UserID Unique ID.
*/
public function Edit($UserID)
{
$this->Permission('Garden.Users.Edit');
// Page setup
$this->AddJsFile('user.js');
$this->Title(T('Edit User'));
$this->AddSideMenu('dashboard/user');
// Determine if username can be edited
$this->CanEditUsername = TRUE;
$this->CanEditUsername = $this->CanEditUsername & Gdn::Config("Garden.Profile.EditUsernames");
$this->CanEditUsername = $this->CanEditUsername | Gdn::Session()->CheckPermission('Garden.Users.Edit');
$RoleModel = new RoleModel();
$AllRoles = $RoleModel->GetArray();
// By default, people with access here can freely assign all roles
$this->RoleData = $AllRoles;
$UserModel = new UserModel();
$this->User = $UserModel->GetID($UserID);
// Set the model on the form.
$this->Form->SetModel($UserModel);
// Make sure the form knows which item we are editing.
$this->Form->AddHidden('UserID', $UserID);
try {
$AllowEditing = TRUE;
$this->EventArguments['AllowEditing'] =& $AllowEditing;
$this->EventArguments['TargetUser'] =& $this->User;
// These are all the 'effective' roles for this edit action. This list can
// be trimmed down from the real list to allow subsets of roles to be
// edited.
$this->EventArguments['RoleData'] =& $this->RoleData;
$UserRoleData = $UserModel->GetRoles($UserID)->ResultArray();
$RoleIDs = ConsolidateArrayValuesByKey($UserRoleData, 'RoleID');
$RoleNames = ConsolidateArrayValuesByKey($UserRoleData, 'Name');
$this->UserRoleData = ArrayCombine($RoleIDs, $RoleNames);
$this->EventArguments['UserRoleData'] =& $this->UserRoleData;
$this->FireEvent("BeforeUserEdit");
$this->SetData('AllowEditing', $AllowEditing);
if (!$this->Form->AuthenticatedPostBack()) {
$this->Form->SetData($this->User);
} else {
if (!$this->CanEditUsername) {
$this->Form->SetFormValue("Name", $this->User->Name);
}
// If a new password was specified, add it to the form's collection
$ResetPassword = $this->Form->GetValue('ResetPassword', FALSE);
$NewPassword = $this->Form->GetValue('NewPassword', '');
if ($ResetPassword !== FALSE) {
$this->Form->SetFormValue('Password', $NewPassword);
}
// Role changes
// These are the new roles the editing user wishes to apply to the target
// user, adjusted for his ability to affect those roles
$RequestedRoles = $this->Form->GetFormValue('RoleID');
if (!is_array($RequestedRoles)) {
$RequestedRoles = array();
}
$RequestedRoles = array_flip($RequestedRoles);
$UserNewRoles = array_intersect_key($this->RoleData, $RequestedRoles);
// These roles will stay turned on regardless of the form submission contents
// because the editing user does not have permission to modify them
$ImmutableRoles = array_diff_key($AllRoles, $this->RoleData);
$UserImmutableRoles = array_intersect_key($ImmutableRoles, $this->UserRoleData);
// Apply immutable roles
foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) {
$UserNewRoles[$IMRoleID] = $IMRoleName;
}
// Put the data back into the forum object as if the user had submitted
// this themselves
$this->Form->SetFormValue('RoleID', array_keys($UserNewRoles));
if ($this->Form->Save(array('SaveRoles' => TRUE)) !== FALSE) {
if ($this->Form->GetValue('Password', '') != '') {
$UserModel->SendPasswordEmail($UserID, $NewPassword);
}
$this->InformMessage(T('Your changes have been saved.'));
}
$this->UserRoleData = $UserNewRoles;
}
} catch (Exception $Ex) {
$this->Form->AddError($Ex);
}
$this->Render();
}
