Exemplo n.º 1
0
// Initalizing static string wrapper
//
PMF_String::init($LANGCODE);
// Preload English strings
require_once PMF_ROOT_DIR . '/lang/language_en.php';
$faqConfig->setLanguage($Language);
if ($faqConfig->get('security.enableLoginOnly')) {
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        $response = Response::create()->setStatusCode(401);
        $response->headers->set('WWW-Authenticate', 'Basic realm="phpMyFAQ RSS Feeds"');
        $response->send();
        exit;
    } else {
        $user = new PMF_User_CurrentUser($faqConfig);
        if ($user->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
            if ($user->getStatus() != 'blocked') {
                $auth = true;
            } else {
                $user = null;
            }
        } else {
            $user = null;
        }
    }
} else {
    $user = PMF_User_CurrentUser::getFromSession($faqConfig);
}
//
// Get current user and group id - default: -1
//
if (isset($user) && !is_null($user) && $user instanceof PMF_User_CurrentUser) {
Exemplo n.º 2
0
             $message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>';
         }
     }
 }
 // delete user confirmation
 if ($userAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
     $message = '';
     $user = new PMF_User_CurrentUser($faqConfig);
     $userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
     if ($userId == 0) {
         $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
         $userAction = $defaultUserAction;
     } else {
         $user->getUserById($userId);
         // account is protected
         if ($user->getStatus() == 'protected' || $userId == 1) {
             $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
             $userAction = $defaultUserAction;
         } else {
             $twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin()));
         }
     }
 }
 // delete user
 if ($userAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
     $message = '';
     $user = new PMF_User($faqConfig);
     $userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0);
     $csrfOkay = true;
     $csrfToken = PMF_Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING);
     if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {