function sp_rebuild_user_auths($userid) { global $spGlobals; $user_auths = array(); $user_auths['global'] = array(); if (sp_is_forum_admin($userid)) { # forum admins get full auths $forums = spdb_table(SFFORUMS); if ($forums) { foreach ($forums as $forum) { foreach ($spGlobals['auths_map'] as $auth) { if ($spGlobals['auths'][$auth]->admin_negate) { $user_auths[$forum->forum_id][$auth] = 0; $user_auths['global'][$auth] = 0; } else { $user_auths[$forum->forum_id][$auth] = 1; $user_auths['global'][$auth] = 1; } } } } } else { $memberships = sp_get_user_memberships($userid); if (empty($memberships)) { $value = sp_get_sfmeta('default usergroup', 'sfguests'); $memberships[0]['usergroup_id'] = $value[0]['meta_value']; } # no memberships means no permissions if (empty($memberships)) { return; } # get the roles $roles_data = spdb_table(SFROLES, 0); foreach ($roles_data as $role) { $roles[$role->role_id] = unserialize($role->role_auths); } # now build auths for user foreach ($memberships as $membership) { # get the permissions for the membership $permissions = spdb_table(SFPERMISSIONS, 'usergroup_id=' . $membership['usergroup_id']); if ($permissions) { foreach ($permissions as $permission) { if (!isset($user_auths[$permission->forum_id])) { $user_auths[$permission->forum_id] = $roles[$permission->permission_role]; } else { foreach (array_keys($roles[$permission->permission_role]) as $auth_id) { if (!isset($user_auths[$permission->forum_id][$auth_id])) { $user_auths[$permission->forum_id][$auth_id] = $roles[$permission->permission_role][$auth_id]; } else { $user_auths[$permission->forum_id][$auth_id] |= $roles[$permission->permission_role][$auth_id]; } } } foreach ($roles[$permission->permission_role] as $auth_id => $auth) { if (empty($user_auths['global'][$auth_id])) { $user_auths['global'][$auth_id] = $auth; } else { $user_auths['global'][$auth_id] |= $auth; } } } } } } # now save the user auths if (!empty($user_auths)) { if (!empty($userid)) { sp_update_member_item($userid, 'auths', $user_auths); } else { sp_update_option('sf_guest_auths', $user_auths); } } return $user_auths; }
function __construct($ident = 0, $current = false, $small = false) { global $spStatus, $spGlobals; $id = 0; if (is_numeric($ident)) { $w = "ID={$ident}"; } else { if ($ident != false) { $w = "user_login='******'"; } } if ($ident) { # Users data $d = spdb_table(SFUSERS, $w, 'row'); if ($d) { $this->ID = $d->ID; $id = $d->ID; } } $includeList = spUser_build_filter_list(); if ($id) { # Others $this->member = true; $this->guest = 0; $this->guest_name = ''; $this->guest_email = ''; $this->offmember = false; $this->usertype = 'User'; # Users data foreach ($d as $key => $item) { if (array_key_exists($key, $includeList)) { $this->{$key} = $item; } } $this->user_registered = sp_member_registration_to_server_tz($this->user_registered); # usermeta data $d = spdb_table(SFUSERMETA, "user_id={$id}"); if ($d) { foreach ($d as $m) { $t = $m->meta_key; if (array_key_exists($t, $includeList)) { $this->{$t} = maybe_unserialize($m->meta_value); } } } # If awaiting installation then dive out now to avoid errors if ($spStatus == 'Install') { return; } # sfmembers data $d = spdb_table(SFMEMBERS, "user_id={$id}", 'row'); #check for ghost user if (empty($d)) { #create the member sp_create_member_data($id); $d = spdb_table(SFMEMBERS, "user_id={$id}", 'row'); } if ($d) { foreach ($d as $key => $item) { if ($key == 'admin_options' && !empty($item)) { $opts = unserialize($item); foreach ($opts as $opt => $set) { $this->{$opt} = $set; } } else { if ($key == 'user_options' && !empty($item)) { $opts = unserialize($item); foreach ($opts as $opt => $set) { $this->{$opt} = $set; } } else { if ($key == 'lastvisit') { $this->lastvisit = $item; } else { $this->{$key} = maybe_unserialize($item); } } } } } # Check for new post list size if (!isset($this->unreadposts) || empty($this->unreadposts)) { $controls = sp_get_option('sfcontrols'); $this->unreadposts = empty($controls['sfunreadposts']) ? 50 : $controls['sfunreadposts']; } # usertype for moderators if ($this->moderator) { $this->usertype = 'Moderator'; } # check for super admins and make admin a moderator as well if ($this->admin || is_multisite() && is_super_admin($id)) { $this->admin = true; $this->moderator = true; $this->usertype = 'Admin'; $ins = sp_get_option('spInspect'); if (!empty($ins) && array_key_exists($id, $ins)) { $this->inspect = $ins[$id]; } else { $this->inspect = ''; } } # plugins can add iterms for members... if (!$small) { do_action_ref_array('sph_user_class_member', array(&$this)); } else { do_action_ref_array('sph_user_class_member_small', array(&$this)); } } else { # some basics for guests $this->ID = 0; $this->guest = true; $this->member = 0; $this->admin = false; $this->moderator = false; $this->display_name = 'guest'; $this->guest_name = ''; $this->guest_email = ''; $this->usertype = 'Guest'; $this->offmember = sp_check_unlogged_user(); $this->timezone = 0; $this->timezone_string = ''; $this->posts = 0; $this->avatar = ''; $this->user_email = ''; $this->auths = sp_get_option('sf_guest_auths'); $this->memberships = sp_get_option('sf_guest_memberships'); # plugins can add iterms for guests... if (!$small) { do_action_ref_array('sph_user_class_guest', array(&$this)); } else { do_action_ref_array('sph_user_class_guest_small', array(&$this)); } } # Only perform this last section if forum is operational if ($spStatus == 'ok') { # Ranking $this->rank = sp_get_user_forum_rank($this->usertype, $id, $this->posts); $this->special_rank = $this->member ? sp_get_user_special_ranks($id) : array(); # if no memberships rebuild them and save if (empty($this->memberships)) { $memberships = array(); if (!empty($id)) { if (!$this->admin) { # get the usergroup memberships for the user and save in sfmembers table $memberships = sp_get_user_memberships($id); sp_update_member_item($id, 'memberships', $memberships); } } else { # user is a guest or unassigned member so get the global permissions from the guest usergroup and save as option $value = sp_get_sfmeta('default usergroup', 'sfguests'); $memberships[] = spdb_table(SFUSERGROUPS, 'usergroup_id=' . $value[0]['meta_value'], 'row', '', '', ARRAY_A); sp_update_option('sf_guest_memberships', $memberships); } # put in the data $this->memberships = $memberships; } # if no auths rebuild them and save if (empty($this->auths)) { $this->auths = sp_rebuild_user_auths($id); } } $this->ip = sp_get_ip(); $this->trackid = -1; # Things to do if user is current user if ($current) { # Set up editor type $spGlobals['editor'] = 0; # for a user... if ($this->member && !empty($this->editor)) { $spGlobals['editor'] = $this->editor; } # and if not defined or is for a guest... if ($spGlobals['editor'] == 0) { $defeditor = sp_get_option('speditor'); if (!empty($defeditor)) { $spGlobals['editor'] = $defeditor; } } # final check to ensure selected editor type is indeed available if ($spGlobals['editor'] == 0 || $spGlobals['editor'] == 1 && !defined('RICHTEXT') || $spGlobals['editor'] == 2 && !defined('HTML') || $spGlobals['editor'] == 3 && !defined('BBCODE')) { $spGlobals['editor'] = PLAINTEXT; if (defined('BBCODE')) { $spGlobals['editor'] = BBCODE; } if (defined('HTML')) { $spGlobals['editor'] = HTML; } if (defined('RICHTEXT')) { $spGlobals['editor'] = RICHTEXT; } } # Grab any notices present if ($this->guest && !empty($this->guest_email)) { $this->user_notices = spdb_table(SFNOTICES, "guest_email='" . $this->guest_email . "'", '', $order = 'notice_id'); } elseif ($this->member && !empty($this->user_email)) { $this->user_notices = spdb_table(SFNOTICES, "user_id=" . $this->ID, '', $order = 'notice_id'); } # plugins can add iterms for the current user (so no small allowed here) do_action_ref_array('sph_current_user_class', array(&$this)); } # Finally filter the data for display foreach ($includeList as $item => $filter) { if (property_exists($this, $item)) { $this->{$item} = spUser_filter_item($this->{$item}, $filter); } } # allow plugins to add items to user class - regardless small or otherwise, current or otherwise do_action_ref_array('sph_user_class', array(&$this)); }
die; } sp_SetupUserProfileData($userid); if (!empty($spProfileUser->avatar['remote'])) { echo '<img src="' . esc_url($spProfileUser->avatar['remote']) . '" alt="" /><br /><br />'; } else { echo '<p class="spCenter">' . sp_text('No remote avatar currently selected') . '<br /><br /></p>'; } die; } if ($action == 'update-memberships') { if (empty($userid)) { die; } global $spThisUser; $spProfileData = sp_get_user_memberships($userid); if ($spProfileData) { $alt = 'spOdd'; foreach ($spProfileData as $userGroup) { echo "<div class='spProfileUsergroup {$alt}'>"; echo '<div class="spColumnSection">'; echo '<div class="spHeaderName">' . $userGroup['usergroup_name'] . '</div>'; echo '<div class="spHeaderDescription">' . $userGroup['usergroup_desc'] . '</div>'; echo '</div>'; if ($userGroup['usergroup_join'] == 1 || $spThisUser->admin) { $submit = true; echo '<div class="spColumnSection spProfileMembershipsLeave">'; echo '<div class="spInRowLabel">'; echo '<input type="checkbox" name="usergroup_leave[]" id="sfusergroup_leave_' . $userGroup['usergroup_id'] . '" value="' . $userGroup['usergroup_id'] . '" />'; echo '<label for="sfusergroup_leave_' . $userGroup['usergroup_id'] . '">' . sp_text('Leave Usergroup') . '</label>'; echo '</div>';
function sp_MemberListRank($args = '', $label = '') { global $spThisUser, $spThisMember, $spPaths; if (!sp_get_auth('view_members_list')) { return; } $defs = array('tagId' => 'spMembersListRank%ID%', 'tagClass' => 'spInRowCount', 'labelClass' => 'spInRowLabel', 'rank' => 1, 'rankClass' => 'spInRowRank', 'badge' => 1, 'badgeClass' => 'spImg', 'stack' => 1, 'order' => 'SNU', 'showAll' => 0, 'echo' => 1, 'get' => 0); $a = wp_parse_args($args, $defs); $a = apply_filters('sph_MemberListRank_args', $a); extract($a, EXTR_SKIP); # sanitize before use $tagId = esc_attr($tagId); $tagClass = esc_attr($tagClass); $labelClass = esc_attr($labelClass); $rankClass = esc_attr($rankClass); $badgeClass = esc_attr($badgeClass); $rank = (int) $rank; $badge = (int) $badge; $stack = (int) $stack; $order = esc_attr($order); $showAll = (int) $showAll; $echo = (int) $echo; $get = (int) $get; $tagId = str_ireplace('%ID%', $spThisMember->user_id, $tagId); $att = $stack ? '<br />' : ''; $ranks = array(); $idx = 0; for ($x = 0; $x < strlen($order); $x++) { $xRank = substr($order, $x, 1); switch ($xRank) { case 'S': # Special Rank $rankData = sp_get_user_special_ranks($spThisMember->user_id); if ($rankData) { foreach ($rankData as $r) { $ranks[$idx]['name'] = $r['name']; if ($r['badge']) { $ranks[$idx]['badge'] = $r['badge']; } $idx++; } } break; case 'N': # Normal Rank $usertype = $spThisMember->admin ? 'Admin' : 'User'; $rankData = sp_get_user_forum_rank($usertype, $spThisMember->user_id, $spThisMember->posts); if ($rankData) { $ranks[$idx]['name'] = $rankData[0]['name']; if ($rankData[0]['badge']) { $ranks[$idx]['badge'] = $rankData[0]['badge']; } $idx++; } break; case 'U': # UserGroup badge $rankData = sp_get_user_memberships($spThisMember->user_id); if ($rankData) { foreach ($rankData as $r) { if ($r['usergroup_badge']) { $ranks[$idx]['badge'] = SF_STORE_URL . '/' . $spPaths['ranks'] . '/' . $r['usergroup_badge']; } $ranks[$idx]['name'] = $r['usergroup_name']; $idx++; } } break; } if (!$showAll) { if (!empty($ranks)) { break; } } } if ($get) { return $ranks; } # now render it $out = "<div id='{$tagId}' class='{$tagClass}'>"; if (!empty($label)) { $out .= "<span class='{$labelClass}'>" . sp_filter_title_display($label) . "{$att}</span>"; } foreach ($ranks as $thisRank) { if ($badge && !empty($thisRank['badge'])) { $out .= "<img class='{$badgeClass}' src='" . $thisRank['badge'] . "' alt='' />{$att}"; } if ($rank) { $out .= "<span class='{$rankClass}'>" . $thisRank['name'] . "</span>{$att}"; } } $out .= "</div>\n"; $out = apply_filters('sph_MemberListRank', $out, $a); if ($echo) { echo $out; } else { return $out; } }
function sp_update_member_moderator_flag($userid) { $ugs = sp_get_user_memberships($userid); if ($ugs) { foreach ($ugs as $ug) { $mod = spdb_table(SFUSERGROUPS, "usergroup_id={$ug['usergroup_id']}", 'usergroup_is_moderator'); if ($mod) { sp_update_member_item($userid, 'moderator', 1); # see if our forum moderator list changed sp_update_forum_moderators(); return; } } } # not a moderator if we get here sp_update_member_item($userid, 'moderator', 0); }
function sp_memberslist_query($groupBy, $orderBy, $sortBy, $number, $limitUG, $ugids) { global $spThisUser, $spVars, $wpdb; # check for page $page = isset($_GET['page']) ? sp_esc_int($_GET['page']) : $spVars['page']; # check for member search $search = !empty($_POST['msearch']) && !isset($_POST['allmembers']) ? sp_esc_str($_POST['msearch']) : ''; $search = !empty($_GET['msearch']) ? sp_esc_str($_GET['msearch']) : $search; # check for usergroup selection query arg $ug_select = !empty($_POST['ug']) && !isset($_POST['allmembers']) ? sp_esc_int($_POST['ug']) : ''; $ug_select = !empty($_GET['ug']) ? sp_esc_int($_GET['ug']) : $ug_select; # check for constructor limiting usergroups if ($groupBy == 'usergroup' && !empty($ugids)) { $ugids = explode(',', sp_esc_str($ugids)); } $data = new stdClass(); $data->records = new stdClass(); $data->count = 0; if ($spThisUser->admin || sp_get_auth('view_members_list')) { # default to 'no data' $this->membersListStatus = 'no data'; # are we limiting member lists to user group memberships? $where = 'posts > -2'; if ($groupBy == 'usergroup' && !$spThisUser->admin) { # if limiting to memberships, get usergroups current user has membership in if ($limitUG) { $ugs = sp_get_user_memberships($spThisUser->ID); if (empty($ugs)) { $value = sp_get_sfmeta('default usergroup', 'sfguests'); $sql = 'SELECT * FROM ' . SFUSERGROUPS . " WHERE usergroup_id={$value[0]['meta_value']}"; $ugs = spdb_select('set', $sql, ARRAY_A); } # Now add any moderator user groups who can moderate the current users forums $forums = sp_get_forum_memberships($spThisUser->ID); $forums = implode(',', $forums); $sql = 'SELECT DISTINCT ' . SFMEMBERSHIPS . '.usergroup_id, usergroup_name, usergroup_desc, usergroup_join, usergroup_badge FROM ' . SFMEMBERSHIPS . ' JOIN ' . SFUSERGROUPS . ' ON ' . SFUSERGROUPS . '.usergroup_id = ' . SFMEMBERSHIPS . '.usergroup_id JOIN ' . SFPERMISSIONS . ' ON ' . SFPERMISSIONS . ".forum_id IN ({$forums})\n\t\t\t\t\tWHERE usergroup_is_moderator=1 ORDER BY " . SFMEMBERSHIPS . '.usergroup_id'; $mugs = spdb_select('set', $sql, ARRAY_A); if ($mugs) { $ugs = array_merge($mugs, $ugs); } } else { $ugs = spdb_table(SFUSERGROUPS, '', '', '', '', ARRAY_A); } if (empty($ugs)) { return $data; } # now build the where clause $ug_ids = array(); foreach ($ugs as $index => $ug) { if (empty($ugids) || in_array($ug['usergroup_id'], $ugids)) { $ug_ids[] = $ug['usergroup_id']; } else { unset($ugs[$index]); } } if (empty($ug_ids)) { return $data; } $this->userGroups = array_values($ugs); # create where clause based on user memberships if (!$limitUG && empty($ugids) && empty($ug_select)) { # not limiting by usergroup or specific ids so grab all users $where .= ' AND (' . SFMEMBERSHIPS . '.usergroup_id IN (' . implode(',', $ug_ids) . ') OR ' . SFMEMBERSHIPS . '.usergroup_id IS NULL)'; } else { if (empty($ug_select)) { # limiting by usergroup or specific ids, so only grab those users plus admins (skips users with no memmberships) $where .= ' AND (' . SFMEMBERSHIPS . '.usergroup_id IN (' . implode(',', $ug_ids) . ') OR admin=1)'; } else { $where .= ' AND (' . SFMEMBERSHIPS . ".usergroup_id = {$ug_select} AND " . SFMEMBERSHIPS . '.usergroup_id IN (' . implode(',', $ug_ids) . '))'; } } } else { if (!empty($ug_select)) { $where .= ' AND ' . SFMEMBERSHIPS . ".usergroup_id = {$ug_select}"; } $this->userGroups = spdb_table(SFUSERGROUPS, '', '', '', '', ARRAY_A); } if ($search != '') { $where .= ' AND ' . SFMEMBERS . '.display_name LIKE "' . esc_sql($wpdb->esc_like($search)) . '%"'; } # how many members per page? $startlimit = 0; if ($page != 1) { $startlimit = ($page - 1) * $number; } $limit = $startlimit . ', ' . $number; $order = ''; if ($groupBy == 'usergroup' && $orderBy == 'id') { $order .= "usergroup_id {$sortBy}, " . SFMEMBERS . ".display_name {$sortBy}"; } if ($groupBy == 'usergroup' && $orderBy == 'alpha') { $order .= "usergroup_name {$sortBy}, " . SFMEMBERS . ".display_name {$sortBy}"; } if ($groupBy == 'user' && $orderBy == 'id') { $order .= SFMEMBERS . ".user_id {$sortBy}"; } if ($groupBy == 'user' && $orderBy == 'alpha') { $order .= SFMEMBERS . ".display_name {$sortBy}"; } $join = SFUSERS . ' ON ' . SFMEMBERS . '.user_id=' . SFUSERS . '.ID '; if ($groupBy == 'usergroup') { $q = 'if (' . SFMEMBERS . '.admin=1, 0, IFNULL(' . SFMEMBERSHIPS . '.usergroup_id, 99999999)) AS usergroup_id, if (' . SFMEMBERS . '.admin=1, "' . sp_text('Admins') . '", IFNULL(' . SFUSERGROUPS . '.usergroup_name, "' . sp_text('No Memberships') . '")) as usergroup_name, if (' . SFMEMBERS . '.admin=1, "' . sp_text('Forum Administrators') . '", IFNULL(' . SFUSERGROUPS . '.usergroup_desc, "' . sp_text('Members without any usergroup memberships') . '")) as usergroup_desc, ' . SFMEMBERS . '.user_id, ' . SFMEMBERS . '.display_name, admin, avatar, posts, lastvisit, user_registered, user_url, user_options'; $join .= 'LEFT JOIN ' . SFMEMBERSHIPS . ' ON ' . SFMEMBERSHIPS . '.user_id=' . SFMEMBERS . '.user_id LEFT JOIN ' . SFUSERGROUPS . ' ON ' . SFUSERGROUPS . '.usergroup_id=' . SFMEMBERSHIPS . '.usergroup_id'; } else { $q = SFMEMBERS . '.user_id, ' . SFMEMBERS . '.display_name, admin, avatar, posts, lastvisit, user_registered, user_url, user_options'; } # retrieve members list records $spdb = new spdbComplex(); $spdb->table = SFMEMBERS; $spdb->fields = $q; $spdb->found_rows = true; $spdb->distinct = true; $spdb->left_join = $join; $spdb->where = $where; $spdb->orderby = $order; $spdb->limits = $limit; $spdb = apply_filters('sph_members_list_query', $spdb, $this); $records = $spdb->select(); if ($records) { $m = array(); $ugidx = -1; $midx = 0; $data->count = spdb_select('var', 'SELECT FOUND_ROWS()'); foreach ($records as $r) { # for user list only, set up dummy usergroup if ($groupBy != 'usergroup') { $ugidx = 0; } # we have data $this->membersListStatus = 'data'; # set up the usergroup outer data and member inner data if ($groupBy == 'usergroup' && ($ugidx == -1 || $m[$ugidx]->usergroup_id != $r->usergroup_id)) { $ugidx++; $midx = 0; $m[$ugidx] = new stdClass(); $m[$ugidx]->usergroup_id = $r->usergroup_id; $name = !empty($r->usergroup_name) ? sp_filter_title_display($r->usergroup_name) : sp_text('No Memberships'); $desc = !empty($r->usergroup_desc) ? sp_filter_title_display($r->usergroup_desc) : sp_text('Members without any usergroup memberships'); $m[$ugidx]->usergroup_name = $name; $m[$ugidx]->usergroup_desc = $desc; $m[$ugidx] = apply_filters('sph_members_list_records', $m[$ugidx], $r); } if (isset($r->user_id)) { $m[$ugidx]->members[$midx] = new stdClass(); $m[$ugidx]->members[$midx]->user_id = $r->user_id; $m[$ugidx]->members[$midx]->display_name = sp_filter_title_display($r->display_name); $m[$ugidx]->members[$midx]->posts = $r->posts; $m[$ugidx]->members[$midx]->user_url = $r->user_url; $m[$ugidx]->members[$midx]->admin = $r->admin; $m[$ugidx]->members[$midx]->avatar = unserialize($r->avatar); $m[$ugidx]->members[$midx]->user_options = unserialize($r->user_options); $m[$ugidx]->members[$midx]->lastvisit = sp_apply_timezone(sp_member_lastvisit_to_server_tz($r->lastvisit, $m[$ugidx]->members[$midx]->user_options), 'mysql'); $m[$ugidx]->members[$midx]->user_registered = sp_member_registration_to_server_tz($r->user_registered); $m[$ugidx]->members[$midx] = apply_filters('sph_members_list_records', $m[$ugidx]->members[$midx], $r); $midx++; } } $data->records = $m; } } else { $this->membersListStatus = 'no access'; } return $data; }