function public_server_cron($a, $b)
{
logger("public_server: cron start");
require_once 'include/enotify.php';
$r = q("select * from user where account_expires_on < UTC_TIMESTAMP() + INTERVAL 5 DAY and account_expires_on > '0000-00-00 00:00:00' and\n\t\texpire_notification_sent = '0000-00-00 00:00:00' ");
if (count($r)) {
foreach ($r as $rr) {
notification(array('uid' => $rr['uid'], 'type' => NOTIFY_SYSTEM, 'system_type' => 'public_server_expire', 'language' => $rr['language'], 'to_name' => $rr['username'], 'to_email' => $rr['email'], 'source_name' => t('Administrator'), 'source_link' => $a->get_baseurl(), 'source_photo' => $a->get_baseurl() . '/images/person-80.jpg'));
q("update user set expire_notification_sent = '%s' where uid = %d", dbesc(datetime_convert()), intval($rr['uid']));
}
}
$r = q("select * from user where account_expired = 1 and account_expires_on < UTC_TIMESTAMP() - INTERVAL 5 DAY and account_expires_on > '0000-00-00 00:00:00'");
if (count($r)) {
require_once 'include/Contact.php';
foreach ($r as $rr) {
user_remove($rr['uid']);
}
}
$nologin = get_config('public_server', 'nologin');
if ($nologin) {
$r = q("select uid from user where account_expired = 0 and login_date = '0000-00-00 00:00:00' and register_date < UTC_TIMESTAMP() - INTERVAL %d DAY and account_expires_on = '0000-00-00 00:00:00'", intval($nologin));
if (count($r)) {
foreach ($r as $rr) {
q("update user set account_expires_on = '%s' where uid = %d", dbesc(datetime_convert('UTC', 'UTC', 'now +' . '6 days')), intval($rr['uid']));
}
}
}
$flagusers = get_config('public_server', 'flagusers');
if ($flagusers) {
$r = q("select uid from user where account_expired = 0 and login_date < UTC_TIMESTAMP() - INTERVAL %d DAY and account_expires_on = '0000-00-00 00:00:00' and `page-flags` = 0", intval($flagusers));
if (count($r)) {
foreach ($r as $rr) {
q("update user set account_expires_on = '%s' where uid = %d", dbesc(datetime_convert('UTC', 'UTC', 'now +' . '6 days')), intval($rr['uid']));
}
}
}
$flagposts = get_config('public_server', 'flagposts');
$flagpostsexpire = get_config('public_server', 'flagpostsexpire');
if ($flagposts && $flagpostsexpire) {
$r = q("select uid from user where account_expired = 0 and login_date < UTC_TIMESTAMP() - INTERVAL %d DAY and account_expires_on = '0000-00-00 00:00:00' and expire = 0 and `page-flags` = 0", intval($flagposts));
if (count($r)) {
foreach ($r as $rr) {
q("update user set expire = %d where uid = %d", intval($flagpostsexpire), intval($rr['uid']));
}
}
}
logger("public_server: cron end");
}
function testdrive_cron($a, $b)
{
require_once 'include/enotify.php';
$r = q("select * from user where account_expires_on < UTC_TIMESTAMP() + INTERVAL 5 DAY and\n\t\texpire_notification_sent = '0000-00-00 00:00:00' ");
if (count($r)) {
foreach ($r as $rr) {
notification(array('uid' => $rr['uid'], 'type' => NOTIFY_SYSTEM, 'system_type' => 'testdrive_expire', 'language' => $rr['language'], 'to_name' => $rr['username'], 'to_email' => $rr['email'], 'source_name' => t('Administrator'), 'source_link' => $a->get_baseurl(), 'source_photo' => $a->get_baseurl() . '/images/person-80.jpg'));
q("update user set expire_notification_sent = '%s' where uid = %d", dbesc(datetime_convert()), intval($rr['uid']));
}
}
$r = q("select * from user where account_expired = 1 and account_expires_on < UTC_TIMESTAMP() - INTERVAL 5 DAY ");
if (count($r)) {
require_once 'include/Contact.php';
foreach ($r as $rr) {
user_remove($rr['uid']);
}
}
}
function removeme_post(&$a)
{
if (!local_user()) {
return;
}
if (!x($_POST, 'qxz_password') || !strlen(trim($_POST['qxz_password']))) {
return;
}
if (!x($_POST, 'verify') || !strlen(trim($_POST['verify']))) {
return;
}
if ($_POST['verify'] !== $_SESSION['remove_account_verify']) {
return;
}
$encrypted = hash('whirlpool', trim($_POST['qxz_password']));
if (strlen($a->user['password']) && $encrypted === $a->user['password']) {
require_once 'include/Contact.php';
user_remove($a->user['uid']);
// NOTREACHED
}
}
db_query("DELETE FROM `prefix_usercheck` WHERE `check` = '" . escape($_GET['check'], 'string') . "'");
break;
// join us
// join us
case 4:
echo '<br />Joinus kann über diese Liste nicht akzeptiert werden, mache diese über <a style="color:red;" href="http://ilch11.dev/admin.php?groups-joinus">Joinus Anfragen bearbeiten</a><br /><br />';
break;
// ak 5 remove account
// ak 5 remove account
case 5:
list($id, $muell) = explode('-remove-', $row['check']);
if ($id == $_SESSION['authid']) {
echo 'Der eigene Account ist auf diese Weise nicht löschbar.';
break;
}
user_remove($id);
db_query("DELETE FROM prefix_usercheck WHERE `check` = '" . escape($_GET['check'], 'string') . "'");
break;
}
} else {
$tpl->set_out('error', 'User nicht auffindbar', 3);
}
}
// remove pending user
if ($menu->get(1) == "del" and isset($_GET['check'])) {
db_query("DELETE FROM `prefix_usercheck` WHERE `check` = '" . escape($_GET['check'], 'string') . "'");
}
$tpl->out(0);
$ak = array('', 'neuer User', 'neues Passwort', 'neue Emailadresse', 'Join us');
$c = 0;
$erg = db_query("SELECT `check`, `name`, `email`, `ak`, date_format(`datime`,'%k:%i Uhr %e.%c.%Y') as `time` FROM `prefix_usercheck` ORDER by `datime` DESC");
$_SESSION['dialog']['info'][] = $ret['error_string'];
} else {
$_SESSION['dialog']['info'][] = _('Unable to process user addition');
}
header("Location: " . _u('index.php?app=main&inc=core_user&route=user_mgmnt&op=user_add&view=' . $view));
exit;
break;
case "user_del":
$up['username'] = $_REQUEST['uname'];
$del_uid = user_username2uid($up['username']);
// users cannot be removed if they still have subusers
$subusers = user_getsubuserbyuid($del_uid);
if (count($subusers) > 0) {
$ret['error_string'] = _('Unable to delete this user until all subusers under this user have been removed');
} else {
$ret = user_remove($del_uid);
}
$_SESSION['dialog']['info'][] = $ret['error_string'];
header("Location: " . _u('index.php?app=main&inc=core_user&route=user_mgmnt&op=user_list&view=' . $view));
exit;
break;
case "user_unban":
$uid = user_username2uid($_REQUEST['uname']);
if (user_banned_get($uid)) {
if (user_banned_remove($uid)) {
$_SESSION['dialog']['info'][] = _('Account has been unbanned') . ' (' . _('username') . ': ' . $_REQUEST['uname'] . ')';
} else {
$_SESSION['dialog']['info'][] = _('Unable to unban account') . ' (' . _('username') . ': ' . $_REQUEST['uname'] . ')';
}
} else {
$_SESSION['dialog']['info'][] = _('User is not on banned users list') . ' (' . _('username') . ': ' . $_REQUEST['uname'] . ')';
function form_actions() {
global $colors, $user_actions, $auth_realms;
/* if we are to save this form, instead of display it */
if (isset($_POST["selected_items"])) {
if (get_request_var_post("drp_action") != "2") {
$selected_items = unserialize(stripslashes(get_request_var_post("selected_items")));
}
if (get_request_var_post("drp_action") == "1") { /* delete */
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_remove($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "2") { /* copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("selected_items"));
input_validate_input_number(get_request_var_post("new_realm"));
/* ==================================================== */
$new_username = get_request_var_post("new_username");
$new_realm = get_request_var_post("new_realm", 0);
$template_user = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . get_request_var_post("selected_items"));
$overwrite = array( "full_name" => get_request_var_post("new_fullname") );
if (strlen($new_username)) {
if (sizeof(db_fetch_assoc("SELECT username FROM user_auth WHERE username = '******' AND realm = " . $new_realm))) {
raise_message(19);
} else {
if (user_copy($template_user["username"], $new_username, $template_user["realm"], $new_realm, false, $overwrite) === false) {
raise_message(2);
} else {
raise_message(1);
}
}
}
}
if (get_request_var_post("drp_action") == "3") { /* enable */
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_enable($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "4") { /* disable */
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_disable($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "5") { /* batch copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("template_user"));
/* ==================================================== */
$copy_error = false;
$template = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . get_request_var_post("template_user"));
for ($i=0;($i<count($selected_items));$i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
$user = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . $selected_items[$i]);
if ((isset($user)) && (isset($template))) {
if (user_copy($template["username"], $user["username"], $template["realm"], $user["realm"], true) === false) {
$copy_error = true;
}
}
}
if ($copy_error) {
raise_message(2);
} else {
raise_message(1);
}
}
header("Location: user_admin.php");
exit;
}
/* loop through each of the users and process them */
$user_list = "";
$user_array = array();
$i = 0;
while (list($var,$val) = each($_POST)) {
if (ereg("^chk_([0-9]+)$", $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post("drp_action") != "2") {
$user_list .= "<li>" . db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $matches[1]) . "<br>";
}
$user_array[$i] = $matches[1];
}
$i++;
}
include_once("./include/top_header.php");
html_start_box("<strong>" . $user_actions[get_request_var_post("drp_action")] . "</strong>", "60%", $colors["header_panel"], "3", "center", "");
print "<form action='user_admin.php' method='post'>\n";
if ((get_request_var_post("drp_action") == "1") && (sizeof($user_array))) { /* delete */
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
<p>Are you sure you want to delete the following users?</p>
<p>$user_list</p>
</td>
</tr>\n";
}
$user_id = "";
if ((get_request_var_post("drp_action") == "2") && (sizeof($user_array))) { /* copy */
$user_id = $user_array[0];
$user_realm = db_fetch_cell("SELECT realm FROM user_auth WHERE id = " . $user_id);
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
Would you like to copy this user?<br><br>
</td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
Template Username: <i>" . db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $user_id) . "</i>
</td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
New Username: "******"new_username", "", "", 25);
print " </td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
New Full Name: ";
print form_text_box("new_fullname", "", "", 35);
print " </td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
New Realm: \n";
print form_dropdown("new_realm", $auth_realms, "", "", $user_realm, "", 0);
print " </td>
</tr>\n";
}
if ((get_request_var_post("drp_action") == "3") && (sizeof($user_array))) { /* enable */
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
<p>Are you sure you want to enable the following users?</p>
<p>$user_list</p>
</td>
</tr>\n";
}
if ((get_request_var_post("drp_action") == "4") && (sizeof($user_array))) { /* disable */
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
<p>Are you sure you want to disable the following users?</p>
<p>$user_list</p>
</td>
</tr>\n";
}
if ((get_request_var_post("drp_action") == "5") && (sizeof($user_array))) { /* batch copy */
$usernames = db_fetch_assoc("SELECT id,username FROM user_auth WHERE realm = 0 ORDER BY username");
print "
<tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>Are you sure you want to overwrite the selected users with the selected template users settings and permissions? Original user Full Name, Password, Realm and Enable status will be retained, all other fields will be overwritten from template user.<br><br></td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
Template User: \n";
print form_dropdown("template_user", $usernames, "username", "id", "", "", 0);
print " </td>
</tr><tr>
<td class='textArea' bgcolor='#" . $colors["form_alternate1"] . "'>
<p>Users to update:
$user_list</p>
</td>
</tr>\n";
}
if (sizeof($user_array) == 0) {
print "<tr><td bgcolor='#" . $colors["form_alternate1"]. "'><span class='textError'>You must select at least one user.</span></td></tr>\n";
$save_html = "<a href='user_admin.php'><img src='images/button_cancel.gif' alt='Cancel' align='absmiddle' border='0'></a>";
}else{
$save_html = "<a href='user_admin.php'><img src='images/button_no.gif' alt='Cancel' align='absmiddle' border='0'></a> <input type='image' src='images/button_yes.gif' alt='Save' align='absmiddle'>";
}
print " <tr>
<td align='right' bgcolor='#eaeaea'>
<input type='hidden' name='action' value='actions'>";
if (get_request_var_post("drp_action") == "2") { /* copy */
print " <input type='hidden' name='selected_items' value='" . $user_id . "'>\n";
}else{
print " <input type='hidden' name='selected_items' value='" . (isset($user_array) ? serialize($user_array) : '') . "'>\n";
}
print " <input type='hidden' name='drp_action' value='" . get_request_var_post("drp_action") . "'>
$save_html
</td>
</tr>
";
html_end_box();
include_once("./include/bottom_footer.php");
}
function webservices_account_remove($uid)
{
$ret = user_remove($uid, TRUE);
if ($ret['status']) {
$json['status'] = 'OK';
$json['error'] = '0';
$json['info'] = $ret['error_string'];
} else {
$json['status'] = 'ERR';
$json['error'] = '606';
$json['info'] = $ret['error_string'];
}
return $json;
}
break;
// details des users aendern
// details des users aendern
case 2:
$design = new design('Admins Area', 'Admins Area', 2);
$design->header();
$changeok = true;
$uid = escape($_POST['uID'], 'integer');
$altes_recht = db_result(db_query("SELECT recht FROM prefix_user WHERE id = " . $uid), 0);
$neues_recht = escape($_POST['urecht'], 'integer');
if (($neues_recht <= $_SESSION['authright'] or $altes_recht <= $_SESSION['authright']) and $_SESSION['authid'] > 1) {
$changeok = false;
}
if ($changeok and chk_antispam('adminuser', true)) {
if (isset($_POST['userdel'])) {
user_remove($uid);
wd('?user', 'User wurde erfolgreich gelöscht');
} else {
$abf = "SELECT * FROM prefix_user WHERE id = '" . $uid . "'";
$erg = db_query($abf);
$row = db_fetch_object($erg);
if (isset($_POST['passw'])) {
$newPass = genkey(8);
$newPassHash = user_pw_crypt($newPass);
icmail($row->email, 'neues Password', "Hallo\n\nDein Password wurde soeben von einem Administrator gäendert es ist nun:\n\n{$newPass}\n\nGruß der Administrator");
db_query('UPDATE `prefix_user` SET pass = "******" WHERE id = "' . escape($_POST['uID'], 'integer') . '"');
}
// avatar speichern START
$avatar_sql_update = '';
if (!empty($_FILES['avatarfile']['name'])) {
$file_tmpe = $_FILES['avatarfile']['tmp_name'];
function form_actions()
{
global $user_actions, $auth_realms;
/* if we are to save this form, instead of display it */
if (isset($_POST['associate_host'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_perms (user_id, item_id, type) VALUES (?, ?, 3)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_perms WHERE user_id = ? AND item_id = ? AND type = 3', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permsd&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['associate_graph'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_perms (user_id, item_id, type) VALUES (?, ?, 1)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_perms WHERE user_id = ? AND item_id = ? AND type = 1', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permsg&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['associate_template'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_perms (user_id, item_id, type) VALUES (?, ?, 4)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_perms WHERE user_id = ? AND item_id = ? AND type = 4', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permste&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['associate_groups'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_group_members (user_id, group_id) VALUES (?, ?)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_group_members WHERE user_id = ? AND group_id = ?', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permsgr&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['associate_tree'])) {
while (list($var, $val) = each($_POST)) {
if (ereg('^chk_([0-9]+)$', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') == '1') {
db_execute_prepared('REPLACE INTO user_auth_perms (user_id, item_id, type) VALUES (?, ?, 2)', array(get_request_var_post('id'), $matches[1]));
} else {
db_execute_prepared('DELETE FROM user_auth_perms WHERE user_id = ? AND item_id = ? AND type = 2', array(get_request_var_post('id'), $matches[1]));
}
}
}
header('Location: user_admin.php?action=user_edit&tab=permstr&id=' . get_request_var_post('id'));
exit;
} elseif (isset($_POST['selected_items'])) {
if (get_request_var_post('drp_action') != '2') {
$selected_items = unserialize(stripslashes(get_request_var_post('selected_items')));
}
if (get_request_var_post('drp_action') == '1') {
/* delete */
for ($i = 0; $i < count($selected_items); $i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_remove($selected_items[$i]);
api_plugin_hook_function('user_remove', $selected_items[$i]);
}
}
if (get_request_var_post('drp_action') == '2') {
/* copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post('selected_items'));
input_validate_input_number(get_request_var_post('new_realm'));
/* ==================================================== */
$new_username = get_request_var_post('new_username');
$new_realm = get_request_var_post('new_realm', 0);
$template_user = db_fetch_row_prepared('SELECT username, realm FROM user_auth WHERE id = ?', array(get_request_var_post('selected_items')));
$overwrite = array('full_name' => get_request_var_post('new_fullname'));
if (strlen($new_username)) {
if (sizeof(db_fetch_assoc_prepared('SELECT username FROM user_auth WHERE username = ? AND realm = ?', array($new_username, $new_realm)))) {
raise_message(19);
} else {
if (user_copy($template_user['username'], $new_username, $template_user['realm'], $new_realm, false, $overwrite) === false) {
raise_message(2);
} else {
raise_message(1);
}
}
}
}
if (get_request_var_post('drp_action') == '3') {
/* enable */
for ($i = 0; $i < count($selected_items); $i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_enable($selected_items[$i]);
}
}
if (get_request_var_post('drp_action') == '4') {
/* disable */
for ($i = 0; $i < count($selected_items); $i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
user_disable($selected_items[$i]);
}
}
if (get_request_var_post('drp_action') == '5') {
/* batch copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post('template_user'));
/* ==================================================== */
$copy_error = false;
$template = db_fetch_row_prepared('SELECT username, realm FROM user_auth WHERE id = ?', array(get_request_var_post('template_user')));
for ($i = 0; $i < count($selected_items); $i++) {
/* ================= input validation ================= */
input_validate_input_number($selected_items[$i]);
/* ==================================================== */
$user = db_fetch_row_prepared('SELECT username, realm FROM user_auth WHERE id = ?', array($selected_items[$i]));
if (isset($user) && isset($template)) {
if (user_copy($template['username'], $user['username'], $template['realm'], $user['realm'], true) === false) {
$copy_error = true;
}
}
}
if ($copy_error) {
raise_message(2);
} else {
raise_message(1);
}
}
header('Location: user_admin.php');
exit;
}
/* loop through each of the users and process them */
$user_list = '';
$user_array = array();
$i = 0;
while (list($var, $val) = each($_POST)) {
if (preg_match('/^chk_([0-9]+)$/', $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post('drp_action') != '2') {
$user_list .= '<li>' . db_fetch_cell_prepared('SELECT username FROM user_auth WHERE id = ?', array($matches[1])) . '</li>';
}
$user_array[$i] = $matches[1];
$i++;
}
}
/* Check for deleting of Graph Export User */
if (get_request_var_post('drp_action') == '1' && isset($user_array) && sizeof($user_array)) {
/* delete */
$exportuser = read_config_option('export_user_id');
if (in_array($exportuser, $user_array)) {
raise_message(22);
header('Location: user_admin.php');
exit;
}
}
top_header();
html_start_box('<strong>' . $user_actions[get_request_var_post('drp_action')] . '</strong>', '40%', '', '3', 'center', '');
print "<form action='user_admin.php' method='post'>\n";
if (isset($user_array) && sizeof($user_array)) {
if (get_request_var_post('drp_action') == '1' && sizeof($user_array)) {
/* delete */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\", the selected User(s) will be deleted.</p>\n\t\t\t\t\t\t<p><ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Delete User(s)'>";
}
$user_id = '';
if (get_request_var_post('drp_action') == '2' && sizeof($user_array)) {
/* copy */
$user_id = $user_array[0];
$user_realm = db_fetch_cell_prepared('SELECT realm FROM user_auth WHERE id = ?', array($user_id));
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tWhen you click \"Continue\" the selected User will be copied to the new User below<br><br>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tTemplate Username: <i>" . db_fetch_cell_prepared('SELECT username FROM user_auth WHERE id = ?', array($user_id)) . "</i>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\tUsername: "******"\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tFull Name: ";
print form_text_box('new_fullname', '', '', 35);
print "\t\t\t\t</td>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tRealm: \n";
print form_dropdown('new_realm', $auth_realms, '', '', $user_realm, '', 0);
print "\t\t\t\t</td>\n\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Copy User'>";
}
if (get_request_var_post('drp_action') == '3' && sizeof($user_array)) {
/* enable */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\" the selected User(s) will be enabled.</p>\n\t\t\t\t\t\t<ul>{$user_list}</ul>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Enable User(s)'>";
}
if (get_request_var_post('drp_action') == '4' && sizeof($user_array)) {
/* disable */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\" the selected User(s) will be disabled.</p>\n\t\t\t\t\t\t<ul>{$user_list}</ul>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Disable User(s)'>";
}
if (get_request_var_post('drp_action') == '5' && sizeof($user_array)) {
/* batch copy */
$usernames = db_fetch_assoc('SELECT id, username FROM user_auth WHERE realm = 0 ORDER BY username');
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>When you click \"Continue\" you will overwrite selected the User(s) settings with the selected template User settings and permissions? Original user Full Name, Password, Realm and Enable status will be retained, all other fields will be overwritten from Template User.<br><br></td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tTemplate User: \n";
print form_dropdown('template_user', $usernames, 'username', 'id', '', '', 0);
print "\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>User(s) to update:\n\t\t\t\t\t\t<ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Reset User(s) Settings'>";
}
} else {
print "<tr><td class='even'><span class='textError'>You must select at least one user.</span></td></tr>\n";
$save_html = "<input type='button' value='Return' onClick='window.history.back()'>";
}
print " <tr>\n\t\t\t<td align='right' class='saveRow'>\n\t\t\t\t<input type='hidden' name='action' value='actions'>";
if (get_request_var_post('drp_action') == '2') {
/* copy */
print "\t\t\t\t<input type='hidden' name='selected_items' value='" . $user_id . "'>\n";
} else {
print "\t\t\t\t<input type='hidden' name='selected_items' value='" . (isset($user_array) ? serialize($user_array) : '') . "'>\n";
}
print "\t\t\t\t<input type='hidden' name='drp_action' value='" . get_request_var_post('drp_action') . "'>\n\t\t\t\t{$save_html}\n\t\t\t</td>\n\t\t</tr>\n\t\t";
html_end_box();
bottom_footer();
}
/**
* @param App $a
* @return string
*/
function admin_page_users(&$a)
{
if ($a->argc > 2) {
$uid = $a->argv[3];
$user = q("SELECT username, blocked FROM `user` WHERE `uid`=%d", intval($uid));
if (count($user) == 0) {
notice('User not found' . EOL);
goaway($a->get_baseurl(true) . '/admin/users');
return '';
// NOTREACHED
}
switch ($a->argv[2]) {
case "delete":
check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
// delete user
require_once "include/Contact.php";
user_remove($uid);
notice(sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL);
break;
case "block":
check_form_security_token_redirectOnErr('/admin/users', 'admin_users', 't');
q("UPDATE `user` SET `blocked`=%d WHERE `uid`=%s", intval(1 - $user[0]['blocked']), intval($uid));
notice(sprintf($user[0]['blocked'] ? t("User '%s' unblocked") : t("User '%s' blocked"), $user[0]['username']) . EOL);
break;
}
goaway($a->get_baseurl(true) . '/admin/users');
return '';
// NOTREACHED
}
/* get pending */
$pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email`\n\t\t\t\t FROM `register`\n\t\t\t\t LEFT JOIN `contact` ON `register`.`uid` = `contact`.`uid`\n\t\t\t\t LEFT JOIN `user` ON `register`.`uid` = `user`.`uid`;");
/* get users */
$total = q("SELECT count(*) as total FROM `user` where 1");
if (count($total)) {
$a->set_pager_total($total[0]['total']);
$a->set_pager_itemspage(100);
}
$users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro`, `lastitem`.`lastitem_date`, `user`.`account_expired`\n\t\t\t\tFROM\n\t\t\t\t\t(SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid`\n\t\t\t\t\tFROM `item`\n\t\t\t\t\tWHERE `item`.`type` = 'wall'\n\t\t\t\t\tGROUP BY `item`.`uid`) AS `lastitem`\n\t\t\t\t\t\t RIGHT OUTER JOIN `user` ON `user`.`uid` = `lastitem`.`uid`,\n\t\t\t\t\t `contact`\n\t\t\t\tWHERE\n\t\t\t\t\t `user`.`uid` = `contact`.`uid`\n\t\t\t\t\t\tAND `user`.`verified` =1\n\t\t\t\t\tAND `contact`.`self` =1\n\t\t\t\tORDER BY `contact`.`name` LIMIT %d, %d\n\t\t\t\t", intval($a->pager['start']), intval($a->pager['itemspage']));
function _setup_users($e)
{
$a = get_app();
$adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
$accounts = array(t('Normal Account'), t('Soapbox Account'), t('Community/Celebrity Account'), t('Automatic Friend Account'));
$e['page-flags'] = $accounts[$e['page-flags']];
$e['register_date'] = relative_date($e['register_date']);
$e['login_date'] = relative_date($e['login_date']);
$e['lastitem_date'] = relative_date($e['lastitem_date']);
//$e['is_admin'] = ($e['email'] === $a->config['admin_email']);
$e['is_admin'] = in_array($e['email'], $adminlist);
$e['deleted'] = $e['account_removed'] ? relative_date($e['account_expires_on']) : False;
return $e;
}
$users = array_map("_setup_users", $users);
// Get rid of dashes in key names, Smarty3 can't handle them
// and extracting deleted users
$tmp_users = array();
$deleted = array();
while (count($users)) {
$new_user = array();
foreach (array_pop($users) as $k => $v) {
$k = str_replace('-', '_', $k);
$new_user[$k] = $v;
}
if ($new_user['deleted']) {
array_push($deleted, $new_user);
} else {
array_push($tmp_users, $new_user);
}
}
//Reversing the two array, and moving $tmp_users to $users
array_reverse($deleted);
while (count($tmp_users)) {
array_push($users, array_pop($tmp_users));
}
$t = get_markup_template("admin_users.tpl");
$o = replace_macros($t, array('$title' => t('Administration'), '$page' => t('Users'), '$submit' => t('Add User'), '$select_all' => t('select all'), '$h_pending' => t('User registrations waiting for confirm'), '$h_deleted' => t('User waiting for permanent deletion'), '$th_pending' => array(t('Request date'), t('Name'), t('Email')), '$no_pending' => t('No registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), '$delete' => t('Delete'), '$block' => t('Block'), '$unblock' => t('Unblock'), '$siteadmin' => t('Site admin'), '$accountexpired' => t('Account expired'), '$h_users' => t('Users'), '$h_newuser' => t('New User'), '$th_deleted' => array(t('Name'), t('Email'), t('Register date'), t('Last login'), t('Last item'), t('Deleted since')), '$th_users' => array(t('Name'), t('Email'), t('Register date'), t('Last login'), t('Last item'), t('Account')), '$confirm_delete_multi' => t('Selected users will be deleted!\\n\\nEverything these users had posted on this site will be permanently deleted!\\n\\nAre you sure?'), '$confirm_delete' => t('The user {0} will be deleted!\\n\\nEverything this user has posted on this site will be permanently deleted!\\n\\nAre you sure?'), '$form_security_token' => get_form_security_token("admin_users"), '$baseurl' => $a->get_baseurl(true), '$pending' => $pending, 'deleted' => $deleted, '$users' => $users, '$newusername' => array('new_user_name', t("Name"), '', t("Name of the new user.")), '$newusernickname' => array('new_user_nickname', t("Nickname"), '', t("Nickname of the new user.")), '$newuseremail' => array('new_user_email', t("Email"), '', t("Email address of the new user."), '', '', 'email')));
$o .= paginate($a);
return $o;
}
function admin_page_users(&$a)
{
if ($a->argc > 2) {
$uid = $a->argv[3];
$user = q("SELECT * FROM `user` WHERE `uid`=%d", intval($uid));
if (count($user) == 0) {
notice('User not found' . EOL);
goaway($a->get_baseurl() . '/admin/users');
return;
// NOTREACHED
}
switch ($a->argv[2]) {
case "delete":
// delete user
require_once "include/Contact.php";
user_remove($uid);
notice(sprintf(t("User '%s' deleted"), $user[0]['username']) . EOL);
break;
case "block":
q("UPDATE `user` SET `blocked`=%d WHERE `uid`=%s", intval(1 - $user[0]['blocked']), intval($uid));
notice(sprintf($user[0]['blocked'] ? t("User '%s' unblocked") : t("User '%s' blocked"), $user[0]['username']) . EOL);
break;
}
goaway($a->get_baseurl() . '/admin/users');
return;
// NOTREACHED
}
/* get pending */
$pending = q("SELECT `register`.*, `contact`.`name`, `user`.`email`\n\t\t\t\t FROM `register`\n\t\t\t\t LEFT JOIN `contact` ON `register`.`uid` = `contact`.`uid`\n\t\t\t\t LEFT JOIN `user` ON `register`.`uid` = `user`.`uid`;");
/* get users */
$total = q("SELECT count(*) as total FROM `user` where 1");
if (count($total)) {
$a->set_pager_total($total[0]['total']);
$a->set_pager_itemspage(100);
}
$users = q("SELECT `user` . * , `contact`.`name` , `contact`.`url` , `contact`.`micro`, `lastitem`.`lastitem_date`\n\t\t\t\tFROM\n\t\t\t\t\t(SELECT MAX(`item`.`changed`) as `lastitem_date`, `item`.`uid`\n\t\t\t\t\tFROM `item`\n\t\t\t\t\tWHERE `item`.`type` = 'wall'\n\t\t\t\t\tGROUP BY `item`.`uid`) AS `lastitem`\n\t\t\t\t\t\t RIGHT OUTER JOIN `user` ON `user`.`uid` = `lastitem`.`uid`,\n\t\t\t\t\t `contact`\n\t\t\t\tWHERE\n\t\t\t\t\t `user`.`uid` = `contact`.`uid`\n\t\t\t\t\t\tAND `user`.`verified` =1\n\t\t\t\t\tAND `contact`.`self` =1\n\t\t\t\tORDER BY `contact`.`name` LIMIT %d, %d\n\t\t\t\t", intval($a->pager['start']), intval($a->pager['itemspage']));
function _setup_users($e)
{
$accounts = array(t('Normal Account'), t('Soapbox Account'), t('Community/Celebrity Account'), t('Automatic Friend Account'));
$e['page-flags'] = $accounts[$e['page-flags']];
$e['register_date'] = relative_date($e['register_date']);
$e['login_date'] = relative_date($e['login_date']);
$e['lastitem_date'] = relative_date($e['lastitem_date']);
return $e;
}
$users = array_map("_setup_users", $users);
$t = get_markup_template("admin_users.tpl");
$o = replace_macros($t, array('$title' => t('Administration'), '$page' => t('Users'), '$submit' => t('Submit'), '$select_all' => t('select all'), '$h_pending' => t('User registrations waiting for confirm'), '$th_pending' => array(t('Request date'), t('Name'), t('Email')), '$no_pending' => t('No registrations.'), '$approve' => t('Approve'), '$deny' => t('Deny'), '$delete' => t('Delete'), '$block' => t('Block'), '$unblock' => t('Unblock'), '$h_users' => t('Users'), '$th_users' => array(t('Name'), t('Email'), t('Register date'), t('Last login'), t('Last item'), t('Account')), '$confirm_delete_multi' => t('Selected users will be deleted!\\n\\nEverything these users had posted on this site will be permanently deleted!\\n\\nAre you sure?'), '$confirm_delete' => t('The user {0} will be deleted!\\n\\nEverything this user has posted on this site will be permanently deleted!\\n\\nAre you sure?'), '$baseurl' => $a->get_baseurl(), '$pending' => $pending, '$users' => $users));
$o .= paginate($a);
return $o;
}
include_once "./lib/api_graph.php";
api_graph_remove_multi($graphs);
}
if (sizeof($data_sources) > 0) {
include_once "./lib/api_data_source.php";
api_data_source_remove_multi($data_sources);
}
if (sizeof($hosts) > 0) {
include_once "./lib/api_device.php";
api_device_remove_multi($hosts);
}
// tree, tree_item
db_execute("DELETE FROM graph_tree WHERE id = '" . $_SESSION["private_tree_id"] . "'");
db_execute("DELETE FROM graph_tree_items WHERE graph_tree_id = '" . $_SESSION["private_tree_id"] . "'");
// user_auth
user_remove($_SESSION["sess_user_id"]);
// logout
header("Location: logout.php");
exit;
}
}
}
}
}
/* modify for multi user end */
include "./include/top_header.php";
api_plugin_hook('console_before');
?>
<table width="100%" align="center">
<tr>
<td class="textArea">
/**
* remove user
*/
function removeuser($dir)
{
$user = stripslashes($GLOBALS['__POST']["user"]);
if ($user == $GLOBALS['__SESSION']["s_user"]) {
show_error($GLOBALS["error_msg"]["miscselfremove"]);
}
if (!user_remove($user)) {
show_error($user . ": " . $GLOBALS["error_msg"]["deluser"]);
}
miwoftp_redirect(make_link("list", $dir, NULL));
}
function form_actions()
{
global $user_actions, $auth_realms;
/* ================= input validation ================= */
input_validate_input_regex(get_request_var_post('drp_action'), "^([a-zA-Z0-9_]+)\$");
/* ==================================================== */
/* if we are to save this form, instead of display it */
if (isset($_POST["selected_items"])) {
if (get_request_var_post("drp_action") != "2") {
$selected_items = sanitize_unserialize_selected_items($_POST['selected_items']);
}
if ($selected_items != false) {
if (get_request_var_post("drp_action") == "1") {
/* delete */
for ($i = 0; $i < count($selected_items); $i++) {
user_remove($selected_items[$i]);
api_plugin_hook_function('user_remove', $selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "2") {
/* copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("selected_items"));
input_validate_input_number(get_request_var_post("new_realm"));
/* ==================================================== */
$new_username = get_request_var_post("new_username");
$new_realm = get_request_var_post("new_realm", 0);
$template_user = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . get_request_var_post("selected_items"));
$overwrite = array("full_name" => get_request_var_post("new_fullname"));
if (strlen($new_username)) {
if (sizeof(db_fetch_assoc("SELECT username FROM user_auth WHERE username = '******' AND realm = " . $new_realm))) {
raise_message(19);
} else {
if (user_copy($template_user["username"], $new_username, $template_user["realm"], $new_realm, false, $overwrite) === false) {
raise_message(2);
} else {
raise_message(1);
}
}
}
}
if (get_request_var_post("drp_action") == "3") {
/* enable */
for ($i = 0; $i < count($selected_items); $i++) {
user_enable($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "4") {
/* disable */
for ($i = 0; $i < count($selected_items); $i++) {
user_disable($selected_items[$i]);
}
}
if (get_request_var_post("drp_action") == "5") {
/* batch copy */
/* ================= input validation ================= */
input_validate_input_number(get_request_var_post("template_user"));
/* ==================================================== */
$copy_error = false;
$template = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . get_request_var_post("template_user"));
for ($i = 0; $i < count($selected_items); $i++) {
$user = db_fetch_row("SELECT username, realm FROM user_auth WHERE id = " . $selected_items[$i]);
if (isset($user) && isset($template)) {
if (user_copy($template["username"], $user["username"], $template["realm"], $user["realm"], true) === false) {
$copy_error = true;
}
}
}
if ($copy_error) {
raise_message(2);
} else {
raise_message(1);
}
}
}
header("Location: user_admin.php");
exit;
}
/* loop through each of the users and process them */
$user_list = "";
$user_array = array();
$i = 0;
while (list($var, $val) = each($_POST)) {
if (preg_match("/^chk_([0-9]+)\$/", $var, $matches)) {
/* ================= input validation ================= */
input_validate_input_number($matches[1]);
/* ==================================================== */
if (get_request_var_post("drp_action") != "2") {
$user_list .= "<li>" . htmlspecialchars(db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $matches[1])) . "</li>";
}
$user_array[$i] = $matches[1];
$i++;
}
}
/* Check for deleting of Graph Export User */
if (get_request_var_post("drp_action") == "1" && isset($user_array) && sizeof($user_array)) {
/* delete */
$exportuser = read_config_option('export_user_id');
if (in_array($exportuser, $user_array)) {
raise_message(22);
header("Location: user_admin.php");
exit;
}
}
include_once "./include/top_header.php";
html_start_box("<strong>" . $user_actions[get_request_var_post("drp_action")] . "</strong>", "60%", "", "3", "center", "");
print "<form action='user_admin.php' method='post'>\n";
if (isset($user_array) && sizeof($user_array)) {
if (get_request_var_post("drp_action") == "1" && sizeof($user_array)) {
/* delete */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\", the selected User(s) will be deleted.</p>\n\t\t\t\t\t\t<p><ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Delete User(s)'>";
}
$user_id = "";
if (get_request_var_post("drp_action") == "2" && sizeof($user_array)) {
/* copy */
$user_id = $user_array[0];
$user_realm = db_fetch_cell("SELECT realm FROM user_auth WHERE id = " . $user_id);
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tWhen you click \"Continue\" the selected User will be copied to the new User below<br><br>\n\t\t\t\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tTemplate Username: <i>" . db_fetch_cell("SELECT username FROM user_auth WHERE id=" . $user_id) . "</i>\n\t\t\t\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\tNew Username: "******"new_username", "", "", 25);
print "\t\t\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tNew Full Name: ";
print form_text_box("new_fullname", "", "", 35);
print "\t\t\t\t</td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tNew Realm: \n";
print form_dropdown("new_realm", $auth_realms, "", "", $user_realm, "", 0);
print "\t\t\t\t</td>\n\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Copy User'>";
}
if (get_request_var_post("drp_action") == "3" && sizeof($user_array)) {
/* enable */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\" the selected User(s) will be enabled.</p>\n\t\t\t\t\t\t<p><ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Enable User(s)'>";
}
if (get_request_var_post("drp_action") == "4" && sizeof($user_array)) {
/* disable */
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>When you click \"Continue\" the selected User(s) will be disabled.</p>\n\t\t\t\t\t\t<p><ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Disable User(s)'>";
}
if (get_request_var_post("drp_action") == "5" && sizeof($user_array)) {
/* batch copy */
$usernames = db_fetch_assoc("SELECT id,username FROM user_auth WHERE realm = 0 ORDER BY username");
print "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='textArea' class='odd'>When you click \"Continue\" you will overwrite selected the User(s) settings with the selected template User settings and permissions? Original user Full Name, Password, Realm and Enable status will be retained, all other fields will be overwritten from Template User.<br><br></td>\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\tTemplate User: \n";
print form_dropdown("template_user", $usernames, "username", "id", "", "", 0);
print "\t\t</td>\n\n\t\t\t\t</tr><tr>\n\t\t\t\t\t<td class='textArea'>\n\t\t\t\t\t\t<p>User(s) to update:\n\t\t\t\t\t\t<ul>{$user_list}</ul></p>\n\t\t\t\t\t</td>\n\t\t\t\t</tr>\n";
$save_html = "<input type='button' value='Cancel' onClick='window.history.back()'> <input type='submit' value='Continue' title='Reset User(s) Settings'>";
}
} else {
print "<tr><td class='odd'><span class='textError'>You must select at least one user.</span></td></tr>\n";
$save_html = "<input type='button' value='Return' onClick='window.history.back()'>";
}
print " <tr>\n\t\t\t<td align='right' bgcolor='#eaeaea'>\n\t\t\t\t<input type='hidden' name='action' value='actions'>";
if (get_request_var_post("drp_action") == "2") {
/* copy */
print "\t\t\t\t<input type='hidden' name='selected_items' value='" . $user_id . "'>\n";
} else {
print "\t\t\t\t<input type='hidden' name='selected_items' value='" . (isset($user_array) ? serialize($user_array) : '') . "'>\n";
}
print "\t\t\t\t<input type='hidden' name='drp_action' value='" . get_request_var_post("drp_action") . "'>\n\t\t\t\t{$save_html}\n\t\t\t</td>\n\t\t</tr>\n\t\t";
html_end_box();
include_once "./include/bottom_footer.php";
}
/**
* remove user
*/
function removeuser($dir)
{
$user = stripslashes($GLOBALS['__POST']["user"]);
if ($user == $GLOBALS['__SESSION']["s_user"]) {
show_error($GLOBALS["error_msg"]["miscselfremove"]);
}
if (!user_remove($user)) {
show_error($user . ": " . $GLOBALS["error_msg"]["deluser"]);
}
header("location: " . make_link("admin", $dir, NULL));
}
include("./include/auth.php");
/* set default action */
if (!isset($_REQUEST["action"])) { $_REQUEST["action"] = ""; }
switch ($_REQUEST["action"]) {
case 'save':
form_save();
break;
case 'perm_remove':
perm_remove();
break;
case 'user_remove':
user_remove();
header("Location: user_admin.php");
break;
case 'user_realms_edit':
include_once("include/top_header.php");
user_edit();
include_once("include/bottom_footer.php");
break;
case 'graph_settings_edit':
include_once("include/top_header.php");
user_edit();
// Форма изменения пароля
echo "<h2>Изменить пароль</h2>\r\n\t<form class=\"config\" method=\"POST\" action=\"\">\r\n\t\t<input id=\"old_password\" name=\"password\" pattern=\"[-_a-zA-ZА-Яа-яЁё0-9\\s]{3,}\" type=\"text\" title=\"Текущий пароль\" placeholder=\"Текущий пароль\" size=\"30\" required>\r\n\t\t<input id=\"new_password\" name=\"new_password\" pattern=\"[-_a-zA-ZА-Яа-яЁё0-9\\s]{3,30}\" type=\"text\" title=\"Новый пароль\" placeholder=\"Новый пароль\" size=\"30\" required>\r\n\t\t<button name=\"save_password\" type=\"submit\">Изменить пароль</button>\r\n\t</form>";
} else {
// Редактирование чужих профилей
// Обработаем события
# Редактирование профиля пользователя
if (isset($_POST['edit_user'])) {
echo "<p class=\"result\">" . user_update_data($mysqli, $_POST['login'], $_POST['name'], $_POST['mail'], $_POST['filter'], $_POST['rights']) . "</p>";
}
# Смена пароля пользователя
if (isset($_POST['reset_password'])) {
echo "<p class=\"result\">" . user_update_pass($mysqli, $_POST['login'], $_POST['new_pass'], $user) . "</p>";
}
# Удаление пользователя
if (isset($_POST['user_remove'])) {
echo "<p class=\"result\">" . user_remove($mysqli, $_POST['login']) . "</p>";
}
# Создание нового пользователя
if (isset($_POST['user_add'])) {
echo "<p class=\"result\">" . user_add($mysqli, $_POST['login'], $_POST['password'], $_POST['name'], $_POST['mail'], $_POST['filter'], $_POST['rights']) . "</p>";
}
// Список пользователей
echo "<h2>Список пользователей</h2>\r\n\t<table class=\"config\"><tr><th>Имя пользователя</th><th>Электронная почта</th><th>Фильтр событий</th><th>Права доступа</th><th>Редактировать</th><th>Сменить пароль</th><th>Удалить</th></tr>";
foreach (get_users_array($mysqli) as $user_login => $user_data) {
echo "<tr><td>{$user_data['name']}</td><td>{$user_data['mail']}</td><td>{$user_data['filter']}</td><td>{$user_data['rights']}</td> \r\n\t\t<td><button class=\"edit\" data-login=\"{$user_login}\" data-name=\"{$user_data['name']}\" data-name=\"{$user_data['name']}\" data-mail=\"{$user_data['mail']}\" data-filter=\"{$user_data['filter']}\" data-rights=\"{$user_data['rights']}\" >Редактировать</button></td>\r\n\t\t<td><button class=\"reset\" data-login=\"{$user_login}\" data-name=\"{$user_data['name']}\">Изменить пароль</button></td>\r\n\t\t<td><form class=\"config\" method=\"POST\" action=\"\">\r\n\t\t\t<input name=\"login\" type=\"hidden\" value=\"{$user_login}\">\r\n\t\t\t<button name=\"user_remove\" type=\"submit\">Удалить</button>\r\n\t\t</form></td></tr>";
}
echo "</table>";
// Форма динамического редактирования данных пользователя
echo "<form class=\"config dynamic hidden edit\" method=\"POST\" action=\"\">\r\n\t\t<h3>Редактировать данные пользователя</h3>\r\n\t\t<input class=\"user-login\" name=\"login\" type=\"hidden\" value=\"\">\r\n\t\t<input class=\"name\" id=\"name\" name=\"name\" value=\"\" [-_a-zA-ZА-Яа-яЁё0-9\\s]{3,40} type=\"text\" size=\"40\" title=\"Имя и фамилия\" placeholder=\"Имя и фамилия\" required>\r\n\t\t<input id=\"mail\" name=\"mail\" class=\"mail\" pattern=\"^[a-z0-9._%+-]+@[a-z0-9.-]+\\.[a-z]{2,4}\$\" value=\"\" type=\"text\" title=\"Адрес электронной почты\" placeholder=\"Адрес электронной почты\" size=\"40\">\r\n\t\t<input id=\"filter\" name=\"filter\" class=\"filter\" value=\"\" pattern=\"[0-9,\\s]+\" type=\"text\" title=\"Фильтр событий\" placeholder=\"Фильтр событий\" size=\"40\">\r\n\t\t<select id=\"rights\" name=\"rights\" title=\"Права\">\r\n\t\t\t<option value=\"0\">Наблюдатель</option>\r\n\t\t\t<option value=\"1\">Диспетчер</option>\r\n\t\t\t<option value=\"2\">Инженер</option>\r\n\t\t\t<option value=\"3\">Администратор</option>\r\n\t\t</select>\r\n\t\t<button name=\"edit_user\" type=\"submit\">Сохранить</button>\r\n\t</form>";
// Форма динамического изменения пароля
echo "<form class=\"config dynamic hidden reset\" method=\"POST\" action=\"\">\r\n\t\t<h3>Изменить пароль</h3>\r\n\t\t<input class=\"user-login\" name=\"login\" type=\"hidden\" value=\"\">\r\n\t\t<input id=\"new_password\" name=\"new_pass\" pattern=\"[-_a-zA-ZА-Яа-яЁё0-9\\s]{3,30}\" type=\"text\" title=\"Новый пароль\" placeholder=\"Новый пароль\" size=\"40\" required>\r\n\t\t<button name=\"reset_password\" type=\"submit\">Изменить пароль</button>\r\n\t</form>";
<option>2</option>
<option>3</option>
<option>4</option>
<option>5</option>
</select><br />
<input type="submit" />
</form>
<?php
} else {
if ($_GET['action'] == 'remove') {
if (!user_level(5)) {
noperms();
return;
}
if (isset($_POST['user'])) {
if (user_remove($_POST['user'])) {
echo "<p>User successfully deleted</p>\n";
return;
} else {
echo "<p>An error ocurred, maybe is a database error or you. Please, try it again later</p>\n";
}
}
$query = mysql_query("SELECT `id`, `user` FROM `amsn_users` ORDER BY `user` ASC");
if (!mysql_num_rows($query)) {
echo "<p>There are no users to remove</p>\n";
return;
}
?>
<form action="<?php
echo htmlentities($_SERVER['REQUEST_URI']);
?>
// Es wurde versucht einen nicht numerischen wert zu speichern
// statusmeldung
wd('admin.php?inactive', 'Speichern nicht möglich, Wert für Wochen muss eine Zahl sein!', '5');
$design->footer(1);
} else {
if (isset($_POST['saveinaktiv']) && (!is_numeric(substr($_POST['inaktivset'], 0, 1)) || $_POST['inaktivset'] == 0)) {
// Es wurde versucht einen nicht numerischen wert zu speichern
// statusmeldung
wd('admin.php?inactive', 'Speichern nicht möglich, Wert für Wochen muss eine positive Zahl sein!', '5');
$design->footer(1);
} else {
if (isset($_POST['banid']) && is_numeric($_POST['delete_user_id'])) {
// alle daten sind valide
// Wenn ein user gelöscht werden soll + Prüfen ob zu speichernder wert eine Zahl ist
// Löschen des users
user_remove(escape($_POST['delete_user_id'], 'integer'));
// statusmeldung
wd('admin.php?inactive', 'User "' . $_POST['delete_user_name'] . '" wird gelöscht...', '1');
$design->footer(1);
} else {
if (isset($_POST['banid']) && !is_numeric($_POST['delete_user_id'])) {
// Es wurde versucht einen nicht numerischen wert zu speichern
// statusmeldung
wd('admin.php?inactive', 'Es wurde eine fehlerhafte User ID übergeben ...', '5');
$design->footer(1);
}
}
}
}
}
# ###################################################
