require $ROOT_FOLDER . "message_edit.php";
}
}
if ($inside_admin && $UI_CONFIG && $goBackLink) {
$UI_CONFIG->actionButtons[] = array("id" => "goback", "caption" => CONTROL_AUTH_HTML_BACK, "align" => 'left', "action" => "mainView.loadIframe('" . $goBackLink . "&inside_admin=1')");
}
break;
} else {
if ($posting == 1) {
// check permission
if (!($cc_env['Edit_Access_ID'] == 1 || $cc_env['Edit_Access_ID'] == 2 && $AUTH_USER_ID || is_object($perm) && $perm->isSubClass($cc, MASK_EDIT))) {
nc_print_status(NETCAT_MODERATION_ERROR_NORIGHTS, 'error');
} else {
require $ROOT_FOLDER . "message_put.php";
if (is_array($SQL_multifield)) {
nc_multifield_sql_exec($message ? $message : $AUTH_USER_ID, $SQL_multifield);
}
$f_Checked += 0;
if ($multiple_changes) {
foreach ($updateStrings as $multiple_changes_msg_id => $update_string) {
if ($user_table_mode) {
$resMsg = $db->query("UPDATE `User` SET {$update_string} WHERE `User_ID` = " . $multiple_changes_msg_id);
} else {
$SQL = "UPDATE `Message{$classID}`\n\t\t\t\t\t\t\t\t\tSET {$update_string},\n\t\t\t\t\t\t\t\t\t\t`LastUser_ID` = {$AUTH_USER_ID},\n\t\t\t\t\t\t\t\t\t\t`LastIP` = '" . $db->escape($REMOTE_ADDR) . "',\n\t\t\t\t\t\t\t\t\t\t`LastUserAgent` = '" . $db->escape($HTTP_USER_AGENT) . "'\n\t\t\t\t\t\t\t\t\t\tWHERE `Message_ID` = " . $multiple_changes_msg_id;
$resMsg = $db->query($SQL);
}
}
} else {
if ($user_table_mode) {
$nc_core->event->execute("updateUserPrep", $message);
$resMsg = $db->query("UPDATE `User` SET " . $updateString . " `Checked` = `Checked`" . ($admin_mode ? ", `Keyword` = '" . $f_Keyword . "'" : "") . " " . ($Password ? ", `Password` = " . $nc_core->MYSQL_ENCRYPT . "('" . $db->escape($Password) . "'), `UserType` = 'normal' " : "") . " WHERE `User_ID` = '" . $message . "'");
function ActionUserCompleted($action_file, $type)
{
global $nc_core, $db, $ROOT_FOLDER, $admin_mode, $perm;
global $systemTableID, $systemTableName, $systemMessageID;
global $FILES_FOLDER, $INCLUDE_FOLDER;
global $DIRCHMOD, $FILECHMOD, $AUTHORIZE_BY;
$params = array('Checked', 'InsideAdminAccess', 'PermissionGroupID', 'Catalogue_ID', 'Password1', 'Password2', 'UserID', 'posting');
foreach ($params as $v) {
global ${$v};
}
$st = new nc_Component(0, 3);
foreach ($st->get_fields() as $v) {
$name = 'f_' . $v['name'];
global ${$name};
if ($v['type'] == 6) {
global ${$name . "_old"};
global ${"f_KILL" . $v['id']};
}
if ($v['type'] == 8) {
global ${$name . "_day"};
global ${$name . "_month"};
global ${$name . "_year"};
global ${$name . "_hours"};
global ${$name . "_minutes"};
global ${$name . "_seconds"};
}
}
$UserID = intval($UserID);
$Checked = intval($Checked);
$ret = 0;
// возврщаемое значение (текст ошибки или 0)
require_once $INCLUDE_FOLDER . "s_files.inc.php";
$is_there_any_files = getFileCount(0, $systemTableID);
$user_table_mode = true;
if ($type == 1) {
$action = "add";
} else {
$action = "change";
$message = $UserID;
}
$Priority += 0;
nc_check_availability_candidates_for_delete_in_multifile_and_delete();
nc_rename_multifile();
require $ROOT_FOLDER . "message_fields.php";
if ($posting == 0) {
return $warnText;
}
require $ROOT_FOLDER . "message_put.php";
if (empty($PermissionGroupID)) {
return CONTROL_USER_FUNC_GROUP_ERROR;
}
// значение, которое пойдет в таблицу User
// для совместимости со старыми версиями
$mainPermissionGroupID = intval(min($PermissionGroupID));
$groups_with_more_rights = $perm->GetGroupWithMoreRights();
//нельзя добавить в группу с большими правами
$add_groups_with_more_rights = array_intersect($PermissionGroupID, $groups_with_more_rights);
if (!empty($add_groups_with_more_rights)) {
return $warnText = NETCAT_MODERATION_ERROR_NORIGHT;
}
eval("\$Login = \$f_{$AUTHORIZE_BY};");
if ($type == 1) {
$Password = $Password1;
for ($i = 0; $i < $fldCount; $i++) {
if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) {
$fieldString .= "`" . $fld[$i] . "`,";
$valueString .= ${$fld[$i] . 'NewValue'} . ",";
}
}
$insert = "INSERT INTO User ( " . $fieldString;
$insert .= "PermissionGroup_ID, Catalogue_ID, Password, Checked, Created,InsideAdminAccess) values ( " . $valueString;
$insert .= "'" . $mainPermissionGroupID . "', ";
if (isset($_POST['Catalogue_ID'])) {
$insert .= +$_POST['Catalogue_ID'] . ", ";
} else {
$insert .= "0, ";
}
$insert .= $nc_core->MYSQL_ENCRYPT . "('" . $Password . "'),'{$Checked}','" . date("Y-m-d H:i:s") . "', '" . (int) $InsideAdminAccess . "')";
// execute core action
$nc_core->event->execute("addUserPrep", 0);
$Result = $db->query($insert);
$UserID = $db->insert_id;
$message = $UserID;
if ($Result) {
// execute core action
$nc_core->event->execute("addUser", $message);
nc_print_status(CONTROL_USER_NEW_ADDED, 'ok');
foreach ($PermissionGroupID as $v) {
nc_usergroup_add_to_group($UserID, $v);
}
} else {
return CONTROL_USER_NEW_NOTADDED . "<br/>" . sprintf(NETCAT_ERROR_SQL, $db->last_query, $db->last_error);
}
}
if ($type == 2) {
$cur_checked = $db->get_var("SELECT `Checked` FROM `User` WHERE `User_ID` = '" . $UserID . "'");
$update = "update User set ";
for ($i = 0; $i < $fldCount; $i++) {
if ($fldTypeOfEdit[$i] == 3 || $fldTypeOfEdit[$i] == 2 && !nc_field_check_admin_perm()) {
continue;
}
// поле недоступно никому или доступно администратору но нет прав администратора
if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) {
$update .= $fld[$i] . "=" . ${$fld[$i] . 'NewValue'} . ",";
} else {
$update .= $fld[$i] . "=" . ($fldValue[$i] ? $fldValue[$i] : "NULL") . ",";
}
}
$update .= "Checked=\"" . $Checked . "\",";
$update .= "PermissionGroup_ID=\"" . $mainPermissionGroupID . "\",";
$update .= "InsideAdminAccess=" . (int) $InsideAdminAccess;
if (isset($_POST['Catalogue_ID'])) {
$update .= ", Catalogue_ID=" . (int) $_POST['Catalogue_ID'];
}
$update .= " where User_ID=" . $UserID;
// execute core action
$nc_core->event->execute("updateUserPrep", $UserID);
if ($cur_checked != $Checked) {
$nc_core->event->execute($Checked ? "checkUserPrep" : "uncheckUserPrep", $UserID);
}
$Result = $db->query($update);
// execute core action
$nc_core->event->execute("updateUser", $UserID);
$db->query("DELETE FROM `User_Group` WHERE `User_ID`='" . intval($UserID) . "'");
foreach ($PermissionGroupID as $v) {
nc_usergroup_add_to_group($UserID, $v, 0);
}
// произошла смена состояния пользователя
if ($cur_checked != $Checked) {
$nc_core->event->execute($Checked ? "checkUser" : "uncheckUser", $UserID);
}
}
if (is_array($SQL_multifield)) {
nc_multifield_sql_exec($message, $SQL_multifield);
}
// Обновление в таблице с файлами
if (!empty($filetable_lastid)) {
$db->query("UPDATE `Filetable` SET `Message_ID`='" . $message . "' WHERE ID IN (" . join(',', $filetable_lastid) . ")");
}
// create dir
@mkdir($FILES_FOLDER . "u/", $DIRCHMOD);
/* * */
for ($i = 0; $i < count($tmpFile); $i++) {
eval("\$tmpNewFile[\$i] = \"" . $tmpNewFile[$i] . "\";");
@rename($FILES_FOLDER . $tmpFile[$i], $FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i]);
@chmod($FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i], $FILECHMOD);
}
// привязка токена
$nc_token_login = $nc_core->input->fetch_get_post('nc_token_login');
$nc_token_key = $nc_core->input->fetch_get_post('nc_token_key');
if ($nc_token_login && $nc_token_key && $UserID) {
$db->query("INSERT INTO `Auth_Token`\n SET `Login` = '" . $db->escape($nc_token_login) . "',\n `PublicKey` = '" . $db->escape($nc_token_key) . "',\n `User_ID` = '" . $UserID . "' ");
}
$nc_token_destroy = $nc_core->input->fetch_get_post('nc_token_destroy');
if ($nc_token_destroy) {
$nc_auth_token = new nc_auth_token();
$nc_auth_token->delete_by_id($nc_token_destroy);
}
return 0;
}
