function smarty_function_attribution($params, &$smarty)
{
if (isset($params['user_id'])) {
if (!defined("SYS_USERS")) {
require_once BASE . "subsystems/users.php";
}
$u = exponent_users_getUserById($params['user_id']);
} else {
if (isset($params['user'])) {
$u = $params['user'];
}
}
if ($u) {
$str = "";
switch (DISPLAY_ATTRIBUTION) {
case "firstlast":
$str = $u->firstname . " " . $u->lastname;
break;
case "lastfirst":
$str = $u->lastname . ", " . $u->lastname;
break;
case "first":
$str = $u->firstname;
break;
case "username":
default:
$str = $u->username;
break;
}
echo $str;
}
}
function form($object)
{
$i18n = exponent_lang_loadFile('datatypes/formbuilder_form.php');
global $db;
if (!defined('SYS_FORMS')) {
require_once BASE . 'subsystems/forms.php';
}
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
//global $user;
exponent_forms_initialize();
$form = new form();
if (!isset($object->id)) {
$object->name = '';
$object->description = '';
$object->is_email = 0;
$object->is_saved = 1;
$object->response = $i18n['default_response'];
$object->resetbtn = $i18n['default_resetbtn'];
$object->submitbtn = $i18n['default_submitbtn'];
$object->subject = $i18n['default_subject'];
} else {
$form->meta('id', $object->id);
}
$form->register('name', $i18n['name'], new textcontrol($object->name));
$form->register('description', $i18n['description'], new texteditorcontrol($object->description));
$form->register('response', $i18n['response'], new htmleditorcontrol($object->response));
$form->register(null, '', new htmlcontrol('<br><br><b>' . $i18n['button_header'] . '</b><br><hr><br>'));
$form->register('submitbtn', $i18n['submitbtn'], new textcontrol($object->submitbtn));
$form->register('resetbtn', $i18n['resetbtn'], new textcontrol($object->resetbtn));
$form->register(null, '', new htmlcontrol('<br><br><b>' . $i18n['email_header'] . '</b><br><hr><br>'));
$form->register('is_email', $i18n['is_email'], new checkboxcontrol($object->is_email, false));
$userlist = array();
$users = exponent_users_getAllUsers();
foreach ($users as $locuser) {
$userlist[$locuser->id] = $locuser->username;
}
$defaults = array();
foreach ($db->selectObjects('formbuilder_address', 'form_id=' . $object->id . ' and user_id != 0') as $address) {
$locuser = exponent_users_getUserById($address->user_id);
$defaults[$locuser->id] = $locuser->username;
}
$form->register('users', $i18n['users'], new listbuildercontrol($defaults, $userlist));
$groups = exponent_users_getAllGroups();
$grouplist = array();
$defaults = array();
foreach ($groups as $group) {
$grouplist[$group->id] = $group->name;
}
if ($grouplist != null) {
foreach ($db->selectObjects('formbuilder_address', 'form_id=' . $object->id . ' and group_id != 0') as $address) {
$group = exponent_users_getGroupById($address->group_id);
$defaults[$group->id] = $group->name;
}
$form->register('groups', $i18n['groups'], new listbuildercontrol($defaults, $grouplist));
}
$defaults = array();
foreach ($db->selectObjects('formbuilder_address', 'form_id=' . $object->id . " and email != ''") as $address) {
$defaults[$address->email] = $address->email;
}
$form->register('addresses', $i18n['addresses'], new listbuildercontrol($defaults, null));
$form->register('subject', $i18n['subject'], new textcontrol($object->subject));
$form->register(null, '', new htmlcontrol('<br /><br /><b>' . $i18n['database_header'] . '</b><br /><hr size="1" /><br />'));
$form->register('is_saved', $i18n['is_saved'], new checkboxcontrol($object->is_saved, false));
$form->register(null, '', new htmlcontrol('<br /> ' . $i18n['warning_data_loss'] . '<br />'));
if ($object->is_saved == 1) {
$form->controls['is_saved']->disabled = true;
$form->meta('is_saved', '1');
}
$form->register(null, '', new htmlcontrol('<br /><br /><br />'));
$form->register('submit', '', new buttongroupcontrol($i18n['save'], '', $i18n['cancel']));
return $form;
}
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
// Part of the User Management category
if (!defined('EXPONENT')) {
exit('');
}
if (isset($_GET['id']) && exponent_permissions_check('user_management', exponent_core_makeLocation('administrationmodule'))) {
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
$u = exponent_users_getUserById(intval($_GET['id']));
if ($u) {
$groups = exponent_users_getAllGroups();
$admin = array();
$membership = array();
foreach ($db->selectObjects('groupmembership', 'member_id=' . $u->id) as $m) {
$membership[] = $m->group_id;
if ($m->is_admin == 1) {
$admin[] = $m->group_id;
}
}
for ($i = 0; $i < count($groups); $i++) {
if (in_array($groups[$i]->id, $membership)) {
$groups[$i]->is_member = 1;
if (in_array($groups[$i]->id, $admin)) {
$groups[$i]->is_admin = 1;
if ($config->subject == '') {
$config->subject = $i18n['default_subject'];
}
}
$headers = array();
$headers['From'] = $config->from_name . ' <' . $config->from_address . '>';
if ($config->replyto_address != '') {
$headers['Reply-to'] = $config->replyto_address;
}
if (!defined('SYS_USERS')) {
include_once BASE . 'subsystems/users.php';
}
$emails = array();
foreach ($db->selectObjects('contact_contact', "location_data='" . serialize($loc) . "'") as $c) {
if ($c->user_id != 0) {
$u = exponent_users_getUserById($c->user_id);
$emails[] = $u->email;
} else {
if ($c->email != '') {
$emails[] = $c->email;
}
}
}
if (!defined('SYS_SMTP')) {
include_once BASE . 'subsystems/smtp.php';
}
if (exponent_smtp_mail($emails, $config->from_address, $config->subject, $msg, $headers)) {
$template = new template('contactmodule', '_final_message');
$template->assign('message', $config->final_message);
$template->output();
} else {
} else {
$newpass = '';
for ($i = 0; $i < rand(12, 20); $i++) {
$num = rand(48, 122);
if ($num > 97 && $num < 122 || $num > 65 && $num < 90 || $num > 48 && $num < 57) {
$newpass .= chr($num);
} else {
$i--;
}
}
// Send message
if (!defined('SYS_SMTP')) {
require_once BASE . 'subsystems/smtp.php';
}
$e_template = new template('loginmodule', '_email_resetdone', $loc);
$e_template->assign('newpass', $newpass);
$msg = $e_template->render();
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
$u = exponent_users_getUserById($tok->uid);
if (!exponent_smtp_mail($u->email, $i18n['from_name'] . ' <' . $i18n['from_email'] . '@' . HOSTNAME . '>', $i18n['title'], $msg)) {
echo $i18n['smtp_error'];
} else {
// Save new password
$u->password = md5($newpass);
exponent_users_saveUser($u);
$db->delete('passreset_token', 'uid=' . $tok->uid);
echo $i18n['sent'];
}
}
}
usort($controls, 'exponent_sorting_byRankAscending');
$fields = array();
$captions = array();
foreach ($controls as $c) {
$ctl = unserialize($c->data);
$control_type = get_class($ctl);
$name = $c->name;
$fields[$name] = call_user_func(array($control_type, 'templateFormat'), $data->{$name}, $ctl);
$captions[$name] = $c->caption;
}
$captions['ip'] = $i18n['ip'];
$captions['timestamp'] = $i18n['timestamp'];
$captions['user_id'] = $i18n['username'];
$fields['ip'] = $data->ip;
$locUser = exponent_users_getUserById($data->user_id);
$fields['user_id'] = isset($locUser->username) ? $locUser->username : '';
$fields['timestamp'] = strftime(DISPLAY_DATETIME_FORMAT, $data->timestamp);
if ($rpt->text == '') {
$template = new template('formbuilder', '_default_report');
} else {
$template = new template('formbuilder', '_custom_report');
$template->assign('template', $rpt->text);
}
$template->assign('fields', $fields);
$template->assign('captions', $captions);
$template->assign('backlink', exponent_flow_get());
$template->assign('is_email', 0);
$template->output();
} else {
echo SITE_403_HTML;
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
// Part of the User Management category
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('user_management', exponent_core_makeLocation('administrationmodule'))) {
$ticket = $db->selectObject('sessionticket', "ticket='" . preg_replace('/[^A-Za-z0-9]/', '', $_GET['ticket']) . "'");
if ($ticket) {
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
$u = exponent_users_getUserById($ticket->uid);
if ($u->is_acting_admin == 0 || $user->is_admin == 1 && $u->is_admin == 0) {
// We can only kick the user if they are A) not an acting admin, or B) The current user is a super user and the kicked user is not.
$db->delete('sessionticket', "ticket='" . $ticket->ticket . "'");
}
}
exponent_flow_redirect();
} else {
echo SITE_403_HTML;
}
// This type of permissions check requires us to read the data from the database first,
// and then decide whether or not to let the user in.
$canview = exponent_permissions_check("approve", $loc) || exponent_permissions_check("manage_approval", $loc);
if (!defined("SYS_USERS")) {
require_once BASE . "subsystems/users.php";
}
exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION);
if ($db->tableExists($datatype . "_wf_info")) {
$approveloc = exponent_core_makeLocation($_GET['m'], $_GET['s']);
$summaries = $db->selectObjects($datatype . "_wf_info", "location_data='" . serialize($approveloc) . "'");
for ($i = 0; $i < count($summaries); $i++) {
$summaries[$i]->revision = $db->selectObject($datatype . "_wf_revision", "wf_original=" . $summaries[$i]->real_id . " AND wf_major=" . $summaries[$i]->current_major . " AND wf_minor=" . $summaries[$i]->current_minor);
$summaries[$i]->state_data = unserialize($summaries[$i]->current_state_data);
$involved_users = array();
foreach ($summaries[$i]->state_data[0] as $id) {
$involved_users[$id] = exponent_users_getUserById($id);
}
if (isset($involved_users[$user->id])) {
$canview = true;
}
$summaries[$i]->involved = $involved_users;
$summaries[$i]->policy = $db->selectObject("approvalpolicy", "id=" . $summaries[$i]->policy_id);
$summaries[$i]->real = $db->selectObject($datatype, "id=" . $summaries[$i]->real_id);
}
}
if ($canview) {
$template = new template("workflow", "_summary", exponent_core_makeLocation('workflow', $loc->src));
$template->register_permissions(array("manage_approval", "approve"), $loc);
$template->assign("summaries", $summaries);
$template->assign("datatype", $datatype);
$template->assign("user", $user);
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
exponent_flow_set(SYS_FLOW_PUBLIC, SYS_FLOW_ACTION);
$resource = $db->selectObject('resourceitem', 'id=' . intval($_GET['id']));
if ($resource != null) {
$loc = unserialize($resource->location_data);
$iloc = exponent_core_makeLocation($loc->mod, $loc->src, $resource->id);
$resource->permissions = array('administrate' => exponent_permissions_check('administrate', $iloc), 'edit' => exponent_permissions_check('edit', $iloc), 'delete' => exponent_permissions_check('delete', $iloc));
if ($resource->flock_owner != 0) {
if (!defined('SYS_USERS')) {
include_once BASE . 'subsystems/users.php';
}
$resource->lock_owner = exponent_users_getUserById($resource->flock_owner);
$resource->locked = 1;
} else {
$resource->locked = 0;
}
//unset ($_SESSION['downloadfilename']);
//unset($_SESSION['downloadfile']);
$file = $db->selectObject('file', 'id=' . $resource->file_id);
if ($file != null) {
$mimetype = $db->selectObject('mimetype', "mimetype='" . $file->mimetype . "'");
$filenametest = $file->directory . "/" . $file->filename;
if (file_exists($filenametest)) {
header("Content-Disposition: attachment; filename=" . $file->filename);
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
header("Location: http://{$host}{$uri}/{$filenametest}");
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
$u = null;
if (isset($_REQUEST['uid'])) {
if (!defined('SYS_USERS')) {
include_once BASE . 'subsystems/users.php';
}
$u = exponent_users_getUserById($_REQUEST['uid']);
}
if ($user && $u) {
$ban = null;
$ban->owner = $user->id;
$ban->user_id = $u->id;
$db->insertObject($ban, 'inbox_contactbanned');
exponent_flow_redirect();
} else {
echo SITE_404_HTML;
}
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
if ($user) {
exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION);
if (!defined('SYS_USERS')) {
include_once BASE . 'subsystems/users.php';
}
$groups = $db->selectObjects('inbox_contactlist', 'owner=' . $user->id);
$banned = $db->selectObjects('inbox_contactbanned', 'owner=' . $user->id);
for ($i = 0; $i < count($banned); $i++) {
$banned[$i]->user = exponent_users_getUserById($banned[$i]->user_id);
}
$template = new template('inboxmodule', '_viewcontacts', $loc);
$template->assign('groups', $groups);
$template->assign('banned', $banned);
$template->output();
} else {
echo SITE_403_HTML;
}
function form($object)
{
$i18n = exponent_lang_loadFile('datatypes/privatemessage.php');
if (!defined('SYS_FORMS')) {
require_once BASE . 'subsystems/forms.php';
}
exponent_forms_initialize();
$form = new form();
$users = array();
$groups = array();
global $db, $user;
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
if (exponent_permissions_check('contact_all', exponent_core_makeLocation('InboxModule'))) {
foreach (exponent_users_getAllUsers() as $u) {
$users[$u->id] = $u->firstname . ' ' . $u->lastname . ' (' . $u->username . ')';
}
} else {
foreach (exponent_users_getGroupsForUser($user, 1, 0) as $g) {
foreach (exponent_users_getUsersInGroup($g) as $u) {
$users[$u->id] = $u->firstname . ' ' . $u->lastname . ' (' . $u->username . ')';
}
}
}
// Process other uses who the current user has blocked, and remove them from the list
// Process other users who have blocked the current user, and remove them from the list.
foreach ($db->selectObjects('inbox_contactbanned', 'owner=' . $user->id . ' OR user_id=' . $user->id) as $blocked) {
if ($blocked->user_id == $user->id) {
// Blocked by someone else. Remove the owner (user who blocked us)
unset($users[$blocked->owner]);
} else {
if ($blocked->owner == $user->id) {
// We blocked the user, remove the blocked user_id
unset($users[$blocked->user_id]);
}
}
}
uasort($users, 'strnatcmp');
$groups = array();
foreach ($db->selectObjects('inbox_contactlist', 'owner=' . $user->id) as $g) {
$groups['list_' . $g->id] = $g->name . ' ' . $i18n['personal_list'];
}
if (exponent_permissions_check('contact_all', exponent_core_makeLocation('InboxModule'))) {
foreach (exponent_users_getAllGroups(1, 0) as $g) {
$groups['group_' . $g->id] = $g->name . ' ' . $i18n['system_group'];
}
} else {
foreach (exponent_users_getGroupsForUser($user, 1, 0) as $g) {
$groups['group_' . $g->id] = $g->name . ' ' . $i18n['system_group'];
}
}
uasort($groups, 'strnatcmp');
$recipient_caption = $i18n['recipient'];
$group_recipient_caption = $i18n['group_recipient'];
$btn = new buttongroupcontrol($i18n['save'], '', $i18n['cancel']);
$object->group_recipient = array();
if ($object == null || !isset($object->recipient)) {
$object->subject = '';
$object->body = '';
$object->recipient = array();
if (!count($users) && !count($groups)) {
$btn->disabled = true;
}
} else {
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
$u = exponent_users_getUserById($object->recipient);
$form->register(null, '', new htmlcontrol(sprintf($i18n['replyto'], $u->firstname . ' ' . $u->lastname . ' (' . $u->username . ')')));
$form->meta('replyto', $object->recipient);
$object->recipient = array();
unset($users[$u->id]);
$recipient_caption = $i18n['copyto'];
$group_recipient_caption = $i18n['group_copyto'];
}
if (count($users)) {
$form->register('recipients', $recipient_caption, new listbuildercontrol($object->recipient, $users));
}
if (count($groups)) {
$form->register('group_recipients', $group_recipient_caption, new listbuildercontrol($object->group_recipient, $groups));
}
if (!count($groups) && !count($users)) {
$form->register(null, '', new htmlcontrol('<div class="error">' . $i18n['nocontacts'] . '</div>'));
}
$form->register('subject', $i18n['subject'], new textcontrol($object->subject));
$form->register('body', $i18n['body'], new htmleditorcontrol($object->body));
$form->register('submit', '', $btn);
return $form;
}
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('administrate', $loc)) {
$users = explode(';', $_POST['permdata']);
if (!defined('SYS_USERS')) {
include_once BASE . 'subsystems/users.php';
}
foreach ($users as $user_str) {
$perms = explode(':', $user_str);
$u = exponent_users_getUserById($perms[0]);
exponent_permissions_revokeAll($u, $loc);
for ($i = 1; $i < count($perms); $i++) {
exponent_permissions_grant($u, $perms[$i], $loc);
}
if ($perms[0] == $user->id) {
exponent_permissions_load($user);
}
}
exponent_permissions_triggerRefresh();
exponent_flow_redirect();
} else {
echo SITE_403_HTML;
}
}
//Email stuff here...
//Don't send email if this is an edit.
if ($f->is_email == 1 && !isset($_POST['data_id'])) {
//Building Email List...
$emaillist = array();
foreach ($db->selectObjects("formbuilder_address", "form_id=" . $f->id) as $address) {
if ($address->group_id != 0) {
foreach (exponent_users_getUsersInGroup(exponent_user_getGroupById($address->group_id)) as $locUser) {
if ($locUser->email != '') {
$emaillist[] = $locUser->email;
}
}
} else {
if ($address->user_id != 0) {
$locUser = exponent_users_getUserById($address->user_id);
if ($locUser->email != '') {
$emaillist[] = $locUser->email;
}
} else {
if ($address->email != '') {
$emaillist[] = $address->email;
}
}
}
}
if ($rpt->text == "") {
$template = new template("formbuilder", "_default_report");
} else {
$template = new template("formbuilder", "_custom_report");
$template->assign("template", $rpt->text);
function exponent_users_userManagerFormTemplate($template)
{
global $db;
global $user;
$users = $db->selectObjects('user');
if (!defined('SYS_SORTING')) {
require_once BASE . 'subsystems/sorting.php';
}
if (!function_exists('exponent_sorting_byLastFirstAscending')) {
function exponent_sorting_byLastFirstAscending($a, $b)
{
return strnatcmp($a->lastname . ', ' . $a->firstname, $b->lastname . ', ' . $b->firstname);
}
}
usort($users, 'exponent_sorting_byLastFirstAscending');
for ($i = 0; $i < count($users); $i++) {
$users[$i] = exponent_users_getUserById($users[$i]->id);
if ($users[$i]->is_acting_admin && $user->is_admin == 0) {
// Dealing with an acting admin, and the current user is not a super user
// Fake the is_admin parameter to disable editting.
$users[$i]->is_admin = 1;
}
}
$template->assign('users', $users);
$template->assign('blankpass', md5(''));
return $template;
}
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
// Part of the User Management category
if (!defined('EXPONENT')) {
exit('');
}
if (exponent_permissions_check('user_management', exponent_core_makeLocation('AdministrationModule'))) {
exponent_flow_set(SYS_FLOW_PROTECTED, SYS_FLOW_ACTION);
$db->delete('sessionticket', 'last_active < ' . (time() - SESSION_TIMEOUT));
if (!defined('SYS_USERS')) {
require_once BASE . 'subsystems/users.php';
}
if (!defined('SYS_DATETIME')) {
require_once BASE . 'subsystems/datetime.php';
}
$sessions = $db->selectObjects('sessionticket');
for ($i = 0; $i < count($sessions); $i++) {
$sessions[$i]->user = exponent_users_getUserById($sessions[$i]->uid);
$sessions[$i]->duration = exponent_datetime_duration($sessions[$i]->last_active, $sessions[$i]->start_time);
}
$template = new template('AdministrationModule', '_sessionmanager', $loc);
$template->assign('sessions', $sessions);
$template->assign('user', $user);
$template->output();
} else {
echo SITE_403_HTML;
}
}
usort($controls, "exponent_sorting_byRankAscending");
foreach (array_slice($controls, 0, 5) as $control) {
if ($rpt->column_names != '') {
$rpt->column_names .= '|!|';
}
$rpt->column_names .= $control->name;
}
}
foreach (explode("|!|", $rpt->column_names) as $column_name) {
if ($column_name == "ip") {
$columndef .= 'new cColumn("' . $i18n['ip'] . '","ip",null,null),';
} elseif ($column_name == "user_id") {
foreach ($items as $key => $item) {
if ($item->{$column_name} != 0) {
$locUser = exponent_users_getUserById($item->{$column_name});
$item->{$column_name} = $locUser->username;
} else {
$item->{$column_name} = '';
}
$items[$key] = $item;
}
$columndef .= 'new cColumn("' . $i18n['username'] . '","user_id",null,null),';
} elseif ($column_name == "timestamp") {
$srt = $column_name . "_srt";
foreach ($items as $key => $item) {
$item->{$srt} = $item->{$column_name};
$item->{$column_name} = strftime(DISPLAY_DATETIME_FORMAT, $item->{$column_name});
$items[$key] = $item;
}
$columndef .= 'new cColumn("' . $i18n['timestamp'] . '","timestamp",null,f' . $srt . '),';
