Пример #1
0
if ($cc_env['File_Mode']) {
    $file_class = new nc_class_view($CLASS_TEMPLATE_FOLDER, $db);
    $file_class->load($cc_env['Real_Class_ID'], $cc_env['File_Path'], $Class_Template_ID ? null : $cc_env['File_Hash']);
    require $INCLUDE_FOLDER . "classes/nc_class_aggregator_editor.class.php";
    $nc_class_aggregator = nc_class_aggregator_editor::init($file_class);
}
ob_start();
do {
    //эта проверка делается в файлах index.php index_fs.php и завершает работу скрипта
    //но в первом файле поверка только для v4, а второй файл в конце этого скрипта
    //поэтому отправляем сразу в конец скрипта
    if (!$check_auth && NC_AUTH_IN_PROGRESS !== 1) {
        break;
    }
    nc_check_availability_candidates_for_delete_in_multifile_and_delete();
    nc_rename_multifile();
    if (!$user_table_mode && !$message && !$delete && !$export && !$import && !$nc_recovery) {
        nc_print_status(NETCAT_MODERATION_ERROR_NORIGHTS, "error");
        break;
    }
    if ($posting && $nc_core->token->is_use($delete ? "delete" : "change")) {
        if (!$nc_core->token->verify()) {
            echo NETCAT_TOKEN_INVALID;
            break;
        }
    }
    $is_there_any_files = $user_table_mode ? getFileCount(0, $systemTableID) : getFileCount($classID, 0);
    # права модератора
    $modRights = CheckUserRights($current_cc['Sub_Class_ID'], "moderate", $posting);
    # формирование обратной ссылки
    $alter_goBackLink = "";
Пример #2
0
function ActionUserCompleted($action_file, $type)
{
    global $nc_core, $db, $ROOT_FOLDER, $admin_mode, $perm;
    global $systemTableID, $systemTableName, $systemMessageID;
    global $FILES_FOLDER, $INCLUDE_FOLDER;
    global $DIRCHMOD, $FILECHMOD, $AUTHORIZE_BY;
    $params = array('Checked', 'InsideAdminAccess', 'PermissionGroupID', 'Catalogue_ID', 'Password1', 'Password2', 'UserID', 'posting');
    foreach ($params as $v) {
        global ${$v};
    }
    $st = new nc_Component(0, 3);
    foreach ($st->get_fields() as $v) {
        $name = 'f_' . $v['name'];
        global ${$name};
        if ($v['type'] == 6) {
            global ${$name . "_old"};
            global ${"f_KILL" . $v['id']};
        }
        if ($v['type'] == 8) {
            global ${$name . "_day"};
            global ${$name . "_month"};
            global ${$name . "_year"};
            global ${$name . "_hours"};
            global ${$name . "_minutes"};
            global ${$name . "_seconds"};
        }
    }
    $UserID = intval($UserID);
    $Checked = intval($Checked);
    $ret = 0;
    // возврщаемое значение (текст ошибки или 0)
    require_once $INCLUDE_FOLDER . "s_files.inc.php";
    $is_there_any_files = getFileCount(0, $systemTableID);
    $user_table_mode = true;
    if ($type == 1) {
        $action = "add";
    } else {
        $action = "change";
        $message = $UserID;
    }
    $Priority += 0;
    nc_check_availability_candidates_for_delete_in_multifile_and_delete();
    nc_rename_multifile();
    require $ROOT_FOLDER . "message_fields.php";
    if ($posting == 0) {
        return $warnText;
    }
    require $ROOT_FOLDER . "message_put.php";
    if (empty($PermissionGroupID)) {
        return CONTROL_USER_FUNC_GROUP_ERROR;
    }
    // значение, которое пойдет в таблицу User
    // для совместимости со старыми версиями
    $mainPermissionGroupID = intval(min($PermissionGroupID));
    $groups_with_more_rights = $perm->GetGroupWithMoreRights();
    //нельзя добавить в группу с большими правами
    $add_groups_with_more_rights = array_intersect($PermissionGroupID, $groups_with_more_rights);
    if (!empty($add_groups_with_more_rights)) {
        return $warnText = NETCAT_MODERATION_ERROR_NORIGHT;
    }
    eval("\$Login = \$f_{$AUTHORIZE_BY};");
    if ($type == 1) {
        $Password = $Password1;
        for ($i = 0; $i < $fldCount; $i++) {
            if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) {
                $fieldString .= "`" . $fld[$i] . "`,";
                $valueString .= ${$fld[$i] . 'NewValue'} . ",";
            }
        }
        $insert = "INSERT INTO User ( " . $fieldString;
        $insert .= "PermissionGroup_ID, Catalogue_ID, Password, Checked, Created,InsideAdminAccess) values ( " . $valueString;
        $insert .= "'" . $mainPermissionGroupID . "', ";
        if (isset($_POST['Catalogue_ID'])) {
            $insert .= +$_POST['Catalogue_ID'] . ", ";
        } else {
            $insert .= "0, ";
        }
        $insert .= $nc_core->MYSQL_ENCRYPT . "('" . $Password . "'),'{$Checked}','" . date("Y-m-d H:i:s") . "', '" . (int) $InsideAdminAccess . "')";
        // execute core action
        $nc_core->event->execute("addUserPrep", 0);
        $Result = $db->query($insert);
        $UserID = $db->insert_id;
        $message = $UserID;
        if ($Result) {
            // execute core action
            $nc_core->event->execute("addUser", $message);
            nc_print_status(CONTROL_USER_NEW_ADDED, 'ok');
            foreach ($PermissionGroupID as $v) {
                nc_usergroup_add_to_group($UserID, $v);
            }
        } else {
            return CONTROL_USER_NEW_NOTADDED . "<br/>" . sprintf(NETCAT_ERROR_SQL, $db->last_query, $db->last_error);
        }
    }
    if ($type == 2) {
        $cur_checked = $db->get_var("SELECT `Checked` FROM `User` WHERE `User_ID` = '" . $UserID . "'");
        $update = "update User set ";
        for ($i = 0; $i < $fldCount; $i++) {
            if ($fldTypeOfEdit[$i] == 3 || $fldTypeOfEdit[$i] == 2 && !nc_field_check_admin_perm()) {
                continue;
            }
            // поле недоступно никому или доступно администратору но нет прав администратора
            if (isset(${$fld[$i] . 'Defined'}) && ${$fld[$i] . 'Defined'} == true) {
                $update .= $fld[$i] . "=" . ${$fld[$i] . 'NewValue'} . ",";
            } else {
                $update .= $fld[$i] . "=" . ($fldValue[$i] ? $fldValue[$i] : "NULL") . ",";
            }
        }
        $update .= "Checked=\"" . $Checked . "\",";
        $update .= "PermissionGroup_ID=\"" . $mainPermissionGroupID . "\",";
        $update .= "InsideAdminAccess=" . (int) $InsideAdminAccess;
        if (isset($_POST['Catalogue_ID'])) {
            $update .= ", Catalogue_ID=" . (int) $_POST['Catalogue_ID'];
        }
        $update .= " where User_ID=" . $UserID;
        // execute core action
        $nc_core->event->execute("updateUserPrep", $UserID);
        if ($cur_checked != $Checked) {
            $nc_core->event->execute($Checked ? "checkUserPrep" : "uncheckUserPrep", $UserID);
        }
        $Result = $db->query($update);
        // execute core action
        $nc_core->event->execute("updateUser", $UserID);
        $db->query("DELETE FROM `User_Group` WHERE `User_ID`='" . intval($UserID) . "'");
        foreach ($PermissionGroupID as $v) {
            nc_usergroup_add_to_group($UserID, $v, 0);
        }
        // произошла смена состояния пользователя
        if ($cur_checked != $Checked) {
            $nc_core->event->execute($Checked ? "checkUser" : "uncheckUser", $UserID);
        }
    }
    if (is_array($SQL_multifield)) {
        nc_multifield_sql_exec($message, $SQL_multifield);
    }
    // Обновление в таблице с файлами
    if (!empty($filetable_lastid)) {
        $db->query("UPDATE `Filetable` SET `Message_ID`='" . $message . "' WHERE ID IN (" . join(',', $filetable_lastid) . ")");
    }
    // create dir
    @mkdir($FILES_FOLDER . "u/", $DIRCHMOD);
    /*     * */
    for ($i = 0; $i < count($tmpFile); $i++) {
        eval("\$tmpNewFile[\$i] = \"" . $tmpNewFile[$i] . "\";");
        @rename($FILES_FOLDER . $tmpFile[$i], $FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i]);
        @chmod($FILES_FOLDER . $File_Path[$i] . $tmpNewFile[$i], $FILECHMOD);
    }
    // привязка токена
    $nc_token_login = $nc_core->input->fetch_get_post('nc_token_login');
    $nc_token_key = $nc_core->input->fetch_get_post('nc_token_key');
    if ($nc_token_login && $nc_token_key && $UserID) {
        $db->query("INSERT INTO `Auth_Token`\n                  SET `Login` = '" . $db->escape($nc_token_login) . "',\n                      `PublicKey` = '" . $db->escape($nc_token_key) . "',\n                      `User_ID` = '" . $UserID . "' ");
    }
    $nc_token_destroy = $nc_core->input->fetch_get_post('nc_token_destroy');
    if ($nc_token_destroy) {
        $nc_auth_token = new nc_auth_token();
        $nc_auth_token->delete_by_id($nc_token_destroy);
    }
    return 0;
}