} else {
?>
<?php
echo I18N::translate('Nothing found to cleanup');
?>
<?php
}
?>
</p>
</form>
<?php
break;
case 'cleanup2':
foreach (User::all() as $user) {
if (Filter::post('del_' . $user->getUserId()) == '1') {
Log::addAuthenticationLog('Deleted user: '******'The user %s has been deleted.', Filter::escapeHtml($user->getUserName()));
}
}
header('Location: ' . WT_BASE_URL . WT_SCRIPT_NAME);
break;
default:
$controller->setPageTitle(I18N::translate('User administration'))->addExternalJavascript(WT_JQUERY_DATATABLES_JS_URL)->addExternalJavascript(WT_DATATABLES_BOOTSTRAP_JS_URL)->addInlineJavascript('
jQuery(".table-user-list").dataTable({
' . I18N::datatablesI18N() . ',
stateSave: true,
stateDuration: 300,
processing: true,
serverSide: true,
ajax: {
$form_language = Filter::post('form_language');
$form_timezone = Filter::post('form_timezone');
$form_contact_method = Filter::post('form_contact_method');
$form_visible_online = Filter::postBool('form_visible_online');
// Respond to form action
if ($form_action && Filter::checkCsrf()) {
switch ($form_action) {
case 'update':
if ($form_username !== Auth::user()->getUserName() && User::findByUserName($form_username)) {
FlashMessages::addMessage(I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'));
} elseif ($form_email !== Auth::user()->getEmail() && User::findByEmail($form_email)) {
FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.'));
} else {
// Change username
if ($form_username !== Auth::user()->getUserName()) {
Log::addAuthenticationLog('User ' . Auth::user()->getUserName() . ' renamed to ' . $form_username);
Auth::user()->setUserName($form_username);
}
// Change password
if ($form_pass1 && $form_pass1 === $form_pass2) {
Auth::user()->setPassword($form_pass1);
}
// Change other settings
Auth::user()->setRealName($form_realname)->setEmail($form_email)->setPreference('language', $form_language)->setPreference('TIMEZONE', $form_timezone)->setPreference('contactmethod', $form_contact_method)->setPreference('visibleonline', $form_visible_online ? '1' : '0');
if ($form_theme === null) {
Auth::user()->deletePreference('theme');
} else {
Auth::user()->setPreference('theme', $form_theme);
}
$WT_TREE->setUserPreference(Auth::user(), 'rootid', $form_rootid);
}
// Change the current language
$language = Filter::post('language');
try {
I18N::init($language);
Session::put('locale', $language);
// Remember our selection
Auth::user()->setPreference('language', $language);
} catch (\Exception $ex) {
// Request for a non-existant language.
http_response_code(406);
}
break;
case 'masquerade':
$user = User::find(Filter::postInteger('user_id'));
if ($user && Auth::isAdmin() && Auth::user() !== $user) {
Log::addAuthenticationLog('Masquerade as user: '******'unlink-media':
// Remove links from an individual and their spouse-family records to a media object.
// Used by the "unlink" option on the album (lightbox) tab.
$source = Individual::getInstance(Filter::post('source', WT_REGEX_XREF), $WT_TREE);
$target = Filter::post('target', WT_REGEX_XREF);
if ($source && $source->canShow() && $source->canEdit() && $target) {
// Consider the individual and their spouse-family records
$sources = $source->getSpouseFamilies();
$sources[] = $source;
foreach ($sources as $source) {
I18N::init($webmaster->getPreference('language'));
$user = User::findByUserName($user_name);
$edit_user_url = WT_BASE_URL . "admin_users.php?action=edit&user_id=" . $user->getUserId();
$mail1_body = I18N::translate('Hello administrator…') . Mail::EOL . Mail::EOL . I18N::translate('A new user (%1$s) has requested an account (%2$s) and verified an email address (%3$s).', $user->getRealNameHtml(), Filter::escapeHtml($user->getUserName()), Filter::escapeHtml($user->getEmail())) . Mail::EOL . Mail::EOL . I18N::translate('You need to review the account details.') . Mail::EOL . Mail::EOL . '<a href="' . $edit_user_url . '">' . $edit_user_url . '</a>' . Mail::EOL . Mail::EOL . I18N::translate('Set the status to “approved”.') . Mail::EOL . I18N::translate('Set the access level for each tree.') . Mail::EOL . I18N::translate('Link the user account to an individual.');
$mail1_subject = I18N::translate('New user at %s', WT_BASE_URL . ' ' . $WT_TREE->getTitle());
// Change to the new user’s language
I18N::init($user->getPreference('language'));
$controller->setPageTitle(I18N::translate('User verification'));
$controller->pageHeader();
echo '<div id="login-register-page">';
echo '<h2>' . I18N::translate('User verification') . '</h2>';
echo '<div id="user-verify">';
if ($user && $user->checkPassword($user_password) && $user->getPreference('reg_hashcode') === $user_hashcode) {
Mail::send($WT_TREE, $webmaster->getEmail(), $webmaster->getRealName(), $WT_TREE->getPreference('WEBTREES_EMAIL'), $WT_TREE->getPreference('WEBTREES_EMAIL'), $mail1_subject, $mail1_body);
$mail1_method = $webmaster->getPreference('CONTACT_METHOD');
if ($mail1_method != 'messaging3' && $mail1_method != 'mailto' && $mail1_method != 'none') {
Database::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)")->execute(array($user_name, WT_CLIENT_IP, $webmaster->getUserId(), $mail1_subject, Filter::unescapeHtml($mail1_body)));
}
$user->setPreference('verified', '1')->setPreference('reg_timestamp', date('U'))->deletePreference('reg_hashcode');
Log::addAuthenticationLog('User ' . $user_name . ' verified their email address');
echo '<p>', I18N::translate('You have confirmed your request to become a registered user.'), '</p>';
echo '<p>', I18N::translate('The administrator has been informed. As soon as they give you permission to login, you can login with your user name and password.'), '</p>';
} else {
echo '<p class="warning">';
echo I18N::translate('Could not verify the information you entered. Please try again or contact the site administrator for more information.');
echo '</p>';
}
echo '</div>';
echo '</div>';
break;
}
if (preg_match('/(?!' . preg_quote(WT_BASE_URL, '/') . ')(((?:ftp|http|https):\\/\\/)[a-zA-Z0-9.-]+)/', $subject . $body, $match)) {
$errors .= '<p class="ui-state-error">' . I18N::translate('You are not allowed to send messages that contain external links.') . '</p>' . '<p class="ui-state-highlight">' . I18N::translate('You should delete the “%1$s” from “%2$s” and try again.', $match[2], $match[1]) . '</p>' . Log::addAuthenticationLog('Possible spam message from "' . $from_name . '"/"' . $from_email . '", subject="' . $subject . '", body="' . $body . '"');
$action = 'compose';
}
$from = $from_email;
}
// Ensure the user always visits this page twice - once to compose it and again to send it.
// This makes it harder for spammers.
switch ($action) {
case 'compose':
Session::put('good_to_send', true);
break;
case 'send':
// Only send messages if we've come straight from the compose page.
if (!Session::get('good_to_send')) {
Log::addAuthenticationLog('Attempt to send a message without visiting the compose page. Spam attack?');
$action = 'compose';
}
if (!Filter::checkCsrf()) {
$action = 'compose';
}
Session::forget('good_to_send');
break;
}
switch ($action) {
case 'compose':
$controller->pageHeader()->addInlineJavascript('
function checkForm(frm) {
if (frm.subject.value === "") {
alert("' . I18N::translate('Please enter a message subject.') . '");
document.messageform.subject.focus();
/**
* Check that the POST request contains the CSRF token generated above.
*
* @return bool
*/
public static function checkCsrf()
{
if (self::post('csrf') !== self::getCsrfToken()) {
// Oops. Something is not quite right
Log::addAuthenticationLog('CSRF mismatch - session expired or malicious attack');
FlashMessages::addMessage(I18N::translate('This form has expired. Try again.'), 'error');
return false;
}
return true;
}
