private function getAvailableGroups()
{
global $db;
$user = User::getUserById($this->getElementValue('id'));
$sql = 'SELECT g.id, g.title FROM groups g WHERE id NOT IN (SELECT gm.id FROM group_memberships gm WHERE gm.user = :userId) AND g.id != :userPrimaryGroup';
$stmt = $db->prepare($sql);
$stmt->bindValue(':userId', $user->getId());
$stmt->bindValue(':userPrimaryGroup', $user->getData('group'));
$stmt->execute();
return $stmt->fetchAll();
}
public function __construct($userId = null)
{
parent::__construct('formUpdateProfile', 'Update profile');
if ($userId == null) {
$user = Session::getUser();
} else {
if ($userId != Session::getUser()->getId()) {
requirePrivOrRedirect('EDIT_USERS', 'index.php');
$user = User::getUserById($userId);
} else {
$user = Session::getUser();
}
}
$this->user = $user;
$this->addSection('Bio');
$this->addElement(new ElementHidden('action', null, 'edit'));
$this->addElement(new ElementHidden('user', null, $user->getId()));
$this->addElement(new ElementEmail('email', 'E-Mail Address', $user->getData('email')));
$elementRealName = $this->addElement(new ElementAlphaNumeric('realName', 'Real Name', $user->getData('real_name')));
$elementRealName->setMinMaxLengths(0, 32);
$elementLocation = $this->addElement(new ElementAlphaNumeric('location', 'Location', $user->getData('location')));
$elementLocation->setMinMaxLengths(0, 64);
$this->addElement(new ElementInputRegex('mobileNo', 'Mobile No.', $user->getData('mobileNo')))->setMinMaxLengths(0, 16);
$this->getElement('mobileNo')->setPattern('#^[\\d ]+$#', 'numbers and spaces');
$this->getElement('mobileNo')->setMinMaxLengths(11, 15);
$this->addSection('Preferences');
$this->addElement(new ElementCheckbox('mailingList', 'Mailing list', $user->getData('mailingList')));
$now = date_create();
$elementDateFormat = $this->addElement(new ElementSelect('dateFormat', 'Date format', $user->getData('dateFormat')));
$elementDateFormat->addOption('ISO date format (recommended): ' . formatDt($now, 'Y-m-d'), 'Y-m-d H:i');
$elementDateFormat->addOption('UK, numeric date format: ' . formatDt($now, 'd-m-Y'), 'd-m-Y');
$elementDateFormat->addOption('UK, long date format: ' . formatDt($now, 'jS M Y'), 'jS M Y');
$elementDateFormat->addOption('USA, numeric date format: ' . formatDt($now, 'm-d-Y'), 'm-d-Y');
$elementDateFormat->addOption('Opus date format: ' . formatDtOpus($now), 'opus');
$this->addSection('Change password');
if (Session::getUser()->getUsername() == $user->getUsername()) {
$this->addElement(new ElementPassword('passwordCurrent', 'Current password', null, 'Fill this field out if you would like to change your password.'));
$this->getElement('passwordCurrent')->setOptional(true);
}
$this->addElement(new ElementPassword('password1', 'New Password', null))->setOptional(true);
$this->addElement(new ElementPassword('password2', 'New Password (confirm)', null))->setOptional(true);
if (Session::getUser()->hasPriv('EDIT_BANS')) {
$this->addSection('Banning and admin stuff');
$this->addElement(new ElementInput('bannedReason', 'Banned reason', $user->getData('bannedReason'), 'Enter a reason to ban this user. Leave it blank to keep the user active.'));
$this->getElement('bannedReason')->addSuggestedValue('', 'Clear ban');
$this->getElement('bannedReason')->setMinMaxLengths(0, 256);
$this->addElement(new ElementCheckbox('emailFlagged', 'Email flagged?', $user->getData('emailFlagged')));
}
$this->addButtons(Form::BTN_SUBMIT);
}
require_once 'includes/widgets/footer.php';
break;
case 'revoke':
$priv = $sanitizer->filterUint('priv');
$groupId = $sanitizer->filterUint('group');
$sql = 'DELETE FROM privileges_g WHERE permission = :priv AND `group` = :groupId ';
$stmt = $db->prepare($sql);
$stmt->bindValue(':priv', $priv);
$stmt->bindValue(':groupId', $groupId);
$stmt->execute();
redirect('group.php?action=view&id=' . $groupId, 'Permision revoked');
break;
case 'kick':
Session::requirePriv('GROUP_KICK');
$group = new Group($sanitizer->filterUint('group'));
$user = User::getUserById($sanitizer->filterUint('user'));
$sql = 'DELETE FROM group_memberships WHERE user = :userId AND `group` = :groupId LIMIT 1';
$stmt = $db->prepare($sql);
$stmt->bindValue(':userId', $user->getId());
$stmt->bindValue(':groupId', $group->getId());
$stmt->execute();
redirect('group.php?action=view&id=' . $group->getId(), 'User kicked from group.');
break;
case 'edit':
$id = $sanitizer->filterUint('id');
$group = new Group($id);
$f = new FormGroupEdit();
$f->addElement(new ElementHidden('action', null, 'edit'));
if ($f->validate()) {
$f->process();
}
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormAddUserToGroup.php';
use libAllure\Session;
use libAllure\User;
try {
if (isset($_REQUEST['id'])) {
$user = User::getUserById($_REQUEST['id']);
} else {
$user = Session::getUser();
}
} catch (Exception $e) {
$tpl->error('Could not find user.');
}
if (Session::hasPriv('GROUP_EDIT')) {
$formAddUserToGroup = new FormAddUserToGroup($user->getId());
if ($formAddUserToGroup->validate()) {
$formAddUserToGroup->process();
}
}
require_once 'includes/widgets/header.php';
require_once 'includes/widgets/sidebar.php';
$userArray = array('username' => $user->getData('username'), 'realName' => $user->getData('real_name'), 'registered' => $user->getData('registered'));
$avatarUrl = 'resources/images/avatars/' . $user->getId() . '.png';
if (file_exists($avatarUrl)) {
$userArray['avatar'] = $avatarUrl;
}
if (Session::isLoggedIn() && Session::getUser()->hasPriv('VIEW_PROFILE_PRIVATE')) {
$userArray['canSeePrivate'] = true;
$userArray['lastLogin'] = $user->getData('lastLogin');
<?php
require_once 'includes/common.php';
require_once 'includes/classes/FormSendEmail.php';
use libAllure\Session;
use libAllure\Sanitizer;
use libAllure\User;
Session::requirePriv('SENDEMAIL');
$userId = Sanitizer::getInstance()->filterUint('userId');
$user = User::getUserById($userId);
$email = $user->getData('email');
if (empty($email)) {
redirect('account.php', 'Cannot send email to a user with a blank email address.');
}
$f = new FormSendEmail($email);
$f->addElementHidden('userId', $userId);
if ($f->validate()) {
$f->process();
redirect('profile.php?id=' . $userId, 'Your contribution to the spam on the internet has been completed.');
} else {
require_once 'includes/widgets/header.php';
$tpl->assignForm($f);
$tpl->display('form.tpl');
}
require_once 'includes/widgets/footer.php';
<?php
require_once 'includes/widgets/header.php';
use libAllure\User;
use libAllure\Session;
use libAllure\Sanitizer;
if (!Session::isLoggedIn()) {
redirect('index.php', 'Guests do not have attendance records.');
}
if (!Session::hasPriv('VIEW_ATTENDANCE')) {
redirect('account.php', 'Do you not have permission to view your attendance record');
}
if (!isset($_REQUEST['user'])) {
$user = Session::getUser();
} else {
$user = User::getUserById(Sanitizer::getInstance()->filterUint('user'));
}
$attendance = getUserSignups($user->getId());
require_once 'includes/widgets/sidebar.php';
$tpl->assign('stats', getSignupStatistics($attendance));
$tpl->assign('username', $user->getUsername());
$tpl->assign('userId', $user->getId());
$tpl->assign('attendance', $attendance);
$tpl->assign('privViewSignupComments', Session::hasPriv('VIEW_SIGNUP_COMMENTS'));
$tpl->display('attendanceRecord.tpl');
require_once 'includes/widgets/footer.php';
