Exemplo n.º 1
0
 function edit()
 {
     $id = WebApp::post('id') === NULL ? '' : intval(WebApp::post('id'));
     $this->parent->parent->debug($id);
     if (!is_int($id)) {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>User ID must be an integer</code>', B_T_FAIL);
     }
     if ($id == $this->parent->parent->user->getUserID() && !$this->parent->inGroup(1)) {
         $this->parent->parent->logEvent($this::name_space, 'Attempted to edit themself');
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot edit yourself</code>', B_T_FAIL);
     }
     $f_name = WebApp::post('f_name') === NULL ? '' : WebApp::post('f_name');
     $s_name = WebApp::post('s_name') === NULL ? '' : WebApp::post('s_name');
     $username = WebApp::post('username') === NULL ? '' : WebApp::post('username');
     $email = WebApp::post('email') === NULL ? '' : WebApp::post('email');
     $n_pwd = WebApp::post('n_pwd') === NULL ? '' : WebApp::post('n_pwd');
     $n_pwd_c = WebApp::post('c_pwd') === NULL ? '' : WebApp::post('c_pwd');
     $chgPwd = WebApp::post('chgPwd') === NULL ? '' : WebApp::post('chgPwd');
     $enabled = WebApp::post('enabled') === NULL ? false : WebApp::post('enabled');
     $p_group = WebApp::post('p_group') === NULL ? 3 : WebApp::post('p_group');
     $s_groups = WebApp::post('s_group') === NULL ? array() : strgetcsv(WebApp::post('s_group'));
     if ($f_name == '') {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>First Name must not be blank</code>', B_T_FAIL);
     }
     if ($s_name == '') {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Surname must not be blank</code>', B_T_FAIL);
     }
     if ($username == '') {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Username must not be blank</code>', B_T_FAIL);
     }
     if ($email == '') {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Email must not be blank</code>', B_T_FAIL);
     }
     if ($chgPwd == '') {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Change Password must not be blank</code>', B_T_FAIL);
     }
     if ($enabled == '') {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Enabled must not be blank</code>', B_T_FAIL);
     }
     if ($p_group == '') {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Primary Group must not be blank</code>', B_T_FAIL);
     }
     if ($this->parent->inGroup(2, false) && $p_group == 1) {
         $this->parent->parent->logEvent($this::name_space, 'Tried to make "' . $username . '" a Super Admin');
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot escalate privileges</code>', B_T_FAIL);
     }
     if ($this->parent->parent->user->getUserID() == $id && $enabled == false) {
         $this->parent->parent->logEvent($this::name_space, 'Tried to disable themself');
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot disable yourself</code>', B_T_FAIL);
     }
     if ($n_pwd != $n_pwd_c) {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>New passwords must match, or both be empty</code>', B_T_FAIL);
     }
     $clear_sgroup = $this->mySQL_w->prepare("DELETE FROM `core_sgroup` WHERE `user`=?");
     $update_sgroup = $this->mySQL_w->prepare("INSERT INTO `core_sgroup` (`user`, `group`) VALUES (?, ?)");
     if ($clear_sgroup === false) {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Clear query failed</code>', B_T_FAIL);
     }
     if ($update_sgroup === false) {
         return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update sgroup query failed</code>', B_T_FAIL);
     }
     if ($n_pwd != '') {
         $userCtrl = $this->parent->parent->user;
         $hash = $userCtrl->ranHash();
         $new_pwd = $userCtrl->pwd_hash($n_pwd, $hash) . ':' . $hash;
         $update = $this->mySQL_w->prepare("UPDATE `core_users` SET `f_name`=?,`s_name`=?,`email`=?,`en`=?,`chgPwd`=?,`p_group`=?,`pass`=?, `pwd_reset`=`pwd_reset`+1 WHERE `id`=? AND `username`=?");
         if ($update === false) {
             return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update query failed</code>', B_T_FAIL);
         }
         $update->bind_param('sssiiisis', $f_name, $s_name, $email, $enabled, $chgPwd, $p_group, $new_pwd, $id, $username);
     } else {
         $update = $this->mySQL_w->prepare("UPDATE `core_users` SET `f_name`=?,`s_name`=?,`email`=?,`en`=?,`chgPwd`=?,`p_group`=? WHERE `id`=? AND `username`=?");
         if ($update === false) {
             return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update query failed</code>', B_T_FAIL);
         }
         $update->bind_param('sssiiiis', $f_name, $s_name, $email, $enabled, $chgPwd, $p_group, $id, $username);
     }
     $clear_sgroup->bind_param('i', $id);
     $update_sgroup->bind_param('ii', $id, $sgroup);
     $clear_sgroup->execute();
     if (count($s_groups) != 0) {
         foreach ($s_groups as $sgroup) {
             $this->parent->parent->debug($sgroup);
             $update_sgroup->bind_param('ii', $id, $sgroup);
             $update_sgroup->execute();
         }
     }
     if ($n_pwd != '') {
         $mail = new Emailer();
         $mail->Subject = 'Password Changed';
         $mail->msgHTML(UserEmail::adminPasswordChange($f_name)['html']);
         $mail->AltBody = UserEmail::adminPasswordChange($f_name)['text'];
         $mail->addAddress($email, $f_name . ' ' . $s_name);
         $mail->send();
     }
     $update->execute();
     $update->store_result();
     $this->parent->parent->logEvent($this::name_space, 'Edited user "' . $username . '"');
     return new ActionResult($this, '/admin/user/user_view', 1, 'User was edited.', B_T_SUCCESS, array('form' => array('n_pwd' => '', 'c_pwd' => '')));
 }