function handler_admin_member($page, $user)
{
global $globals;
$user = User::getSilent($user);
if (empty($user)) {
return PL_NOT_FOUND;
}
if (!$user->inGroup($globals->asso('id'))) {
pl_redirect('annuaire');
}
$page->changeTpl('xnetgrp/membres-edit.tpl');
$page->addJsLink('xnet_members.js');
$mmlist = new MMList(S::user(), $globals->asso('mail_domain'));
if (Post::has('change')) {
S::assert_xsrf_token();
require_once 'emails.inc.php';
require_once 'name.func.inc.php';
// Convert user status to X
if (!Post::blank('x')) {
$forlife = $this->changeLogin($page, $user, Post::i('userid'), Post::b('broken'), Post::b('marketing'), Post::v('marketing_from'));
if ($forlife) {
pl_redirect('member/' . $forlife);
}
}
// Update user info
if ($user->type == 'virtual' || $user->type == 'xnet' && !$user->perms) {
$lastname = capitalize_name(Post::t('lastname'));
if (Post::s('type') != 'virtual') {
$firstname = capitalize_name(Post::t('firstname'));
} else {
$firstname = '';
}
$full_name = build_full_name($firstname, $lastname);
$directory_name = build_directory_name($firstname, $lastname);
$sort_name = build_sort_name($firstname, $lastname);
XDB::query('UPDATE accounts
SET full_name = {?}, directory_name = {?}, sort_name = {?}, display_name = {?},
firstname = {?}, lastname = {?}, sex = {?}, type = {?}
WHERE uid = {?}', $full_name, $directory_name, $sort_name, Post::t('display_name'), $firstname, $lastname, Post::t('sex') == 'male' ? 'male' : 'female', Post::t('type') == 'xnet' ? 'xnet' : 'virtual', $user->id());
}
// Updates email.
$new_email = strtolower(Post::t('email'));
if (($user->type == 'virtual' || $user->type == 'xnet' && !$user->perms) && require_email_update($user, $new_email)) {
XDB::query('UPDATE accounts
SET email = {?}
WHERE uid = {?}', $new_email, $user->id());
if ($user->forlifeEmail()) {
$listClient = new MMList(S::user());
$listClient->change_user_email($user->forlifeEmail(), $new_email);
update_alias_user($user->forlifeEmail(), $new_email);
}
$user = User::getWithUID($user->id());
}
if (XDB::affectedRows()) {
$page->trigSuccess('Données de l\'utilisateur mises à jour.');
}
if ($user->type == 'xnet' && !$user->perms) {
if (Post::b('suggest')) {
$request = new AccountReq(S::user(), $user->hruid, Post::t('email'), $globals->asso('nom'), $globals->asso('diminutif'));
$request->submit();
$page->trigSuccess('Le compte va bientôt être activé.');
}
if (Post::b('again')) {
$this->again($user->id());
$page->trigSuccess('Relance effectuée avec succès.');
}
}
// Update group params for user
$perms = Post::v('group_perms');
$comm = Post::t('comm');
$position = Post::t('group_position') == '' ? null : Post::v('group_position');
if ($user->group_perms != $perms || $user->group_comm != $comm || $user->group_position != $position) {
XDB::query('UPDATE group_members
SET perms = {?}, comm = {?}, position = {?}
WHERE uid = {?} AND asso_id = {?}', $perms == 'admin' ? 'admin' : 'membre', $comm, $position, $user->id(), $globals->asso('id'));
if (XDB::affectedRows()) {
if ($perms != $user->group_perms) {
$page->trigSuccess('Permissions modifiées !');
}
if ($comm != $user->group_comm) {
$page->trigSuccess('Commentaire mis à jour.');
}
if ($position != $user->group_position) {
$page->trigSuccess('Poste mis à jour.');
}
}
}
// Gets user info again as they might have change
$user = User::getSilent($user->id());
// Update ML subscriptions
foreach (Env::v('ml1', array()) as $ml => $state) {
$ask = empty($_REQUEST['ml2'][$ml]) ? 0 : 2;
if ($ask == $state) {
continue;
}
if ($state == '1') {
$page->trigWarning("{$user->fullName()} a " . "actuellement une demande d'inscription en " . "cours sur <strong>{$ml}@</strong> !!!");
} elseif ($ask) {
$mmlist->mass_subscribe($ml, array($user->forlifeEmail()));
$page->trigSuccess("{$user->fullName()} a été abonné à {$ml}@.");
} else {
$mmlist->mass_unsubscribe($ml, array($user->forlifeEmail()));
$page->trigSuccess("{$user->fullName()} a été désabonné de {$ml}@.");
}
}
// Change subscriptioin to aliases
foreach (Env::v('ml3', array()) as $ml => $state) {
require_once 'emails.inc.php';
$ask = !empty($_REQUEST['ml4'][$ml]);
list($local_part, ) = explode('@', $ml);
if ($ask == $state) {
continue;
}
if ($ask) {
add_to_list_alias($user->id(), $local_part, $globals->asso('mail_domain'));
$page->trigSuccess("{$user->fullName()} a été abonné à {$ml}.");
} else {
delete_from_list_alias($user->id(), $local_part, $globals->asso('mail_domain'));
$page->trigSuccess("{$user->fullName()} a été désabonné de {$ml}.");
}
}
if ($globals->asso('has_nl')) {
$nl = NewsLetter::forGroup($globals->asso('shortname'));
// Updates group's newsletter subscription.
if (Post::i('newsletter') == 1) {
$nl->subscribe($user);
} else {
$nl->unsubscribe(null, $user->id());
}
}
}
$res = XDB::rawFetchAllAssoc('SHOW COLUMNS FROM group_members LIKE \'position\'');
$positions = str_replace(array('enum(', ')', '\''), '', $res[0]['Type']);
if ($globals->asso('has_nl')) {
$nl = NewsLetter::forGroup($globals->asso('shortname'));
$nl_registered = $nl->subscriptionState($user);
} else {
$nl_registered = false;
}
$page->assign('user', $user);
$page->assign('suggest', $this->suggest($user));
$page->assign('listes', $mmlist->get_lists($user->forlifeEmail()));
$page->assign('alias', $user->emailGroupAliases($globals->asso('mail_domain')));
$page->assign('positions', explode(',', $positions));
$page->assign('nl_registered', $nl_registered);
$page->assign('pending_xnet_account', XDB::fetchOneCell('SELECT 1
FROM register_pending_xnet
WHERE uid = {?}', $user->id()));
}
function handler_user($page, $login = false)
{
global $globals;
$page->changeTpl('admin/user.tpl');
$page->setTitle('Administration - Compte');
if (S::suid()) {
$page->kill("Déjà en SUID !!!");
}
// Loads the user identity using the environment.
if ($login) {
$user = User::get($login);
}
if (empty($user)) {
pl_redirect('admin/accounts');
}
$listClient = new MMList(S::user());
$login = $user->login();
$registered = $user->state != 'pending';
// Form processing
if (!empty($_POST)) {
S::assert_xsrf_token();
if (Post::has('uid') && Post::i('uid') != $user->id()) {
$page->kill('Une erreur s\'est produite');
}
}
// Handles specific requests (AX sync, su, ...).
if (Post::has('log_account')) {
pl_redirect("admin/logger?loguser={$login}&year=" . date('Y') . "&month=" . date('m'));
}
if (Post::has('su_account') && $registered) {
if (!Platal::session()->startSUID($user)) {
$page->trigError('Impossible d\'effectuer un SUID sur ' . $user->login());
} else {
pl_redirect("");
}
}
// Handles account deletion.
if (Post::has('account_deletion_confirmation')) {
$uid = $user->id();
$name = $user->fullName();
$profile = $user->profile();
if ($profile && Post::b('clear_profile')) {
$user->profile()->clear();
}
$user->clear(true);
$page->trigSuccess("L'utilisateur {$name} ({$uid}) a bien été désinscrit.");
if (Post::b('erase_account')) {
XDB::execute('DELETE FROM accounts
WHERE uid = {?}', $uid);
$page->trigSuccess("L'utilisateur {$name} ({$uid}) a été supprimé de la base de données");
}
}
// Account Form {{{
require_once 'emails.inc.php';
$to_update = array();
if (Post::has('disable_weak_access')) {
$to_update['weak_password'] = null;
} else {
if (Post::has('update_account')) {
if (!$user->hasProfile()) {
require_once 'name.func.inc.php';
$name_update = false;
$lastname = capitalize_name(Post::t('lastname'));
$firstname = capitalize_name(Post::t('firstname'));
if ($lastname != $user->lastname) {
$to_update['lastname'] = $lastname;
$name_update = true;
}
if (Post::s('type') != 'virtual' && $firstname != $user->firstname) {
$to_update['firstname'] = $firstname;
$name_update = true;
}
if ($name_update) {
if (Post::s('type') == 'virtual') {
$firstname = '';
}
$to_update['full_name'] = build_full_name($firstname, $lastname);
$to_update['directory_name'] = build_directory_name($firstname, $lastname);
$to_update['sort_name'] = build_sort_name($firstname, $lastname);
}
if (Post::s('display_name') != $user->displayName()) {
$to_update['display_name'] = Post::s('display_name');
}
}
if (Post::s('sex') != ($user->isFemale() ? 'female' : 'male')) {
$to_update['sex'] = Post::s('sex');
if ($user->hasProfile()) {
XDB::execute('UPDATE profiles
SET sex = {?}
WHERE pid = {?}', Post::s('sex'), $user->profile()->id());
}
}
if (!Post::blank('pwhash')) {
$to_update['password'] = Post::s('pwhash');
require_once 'googleapps.inc.php';
$account = new GoogleAppsAccount($user);
if ($account->active() && $account->sync_password) {
$account->set_password(Post::s('pwhash'));
}
}
if (!Post::blank('weak_password')) {
$to_update['weak_password'] = Post::s('weak_password');
}
if (Post::i('token_access', 0) != ($user->token_access ? 1 : 0)) {
$to_update['token'] = Post::i('token_access') ? rand_url_id(16) : null;
}
if (Post::i('skin') != $user->skin) {
$to_update['skin'] = Post::i('skin');
if ($to_update['skin'] == 0) {
$to_update['skin'] = null;
}
}
if (Post::s('state') != $user->state) {
$to_update['state'] = Post::s('state');
}
if (Post::i('is_admin', 0) != ($user->is_admin ? 1 : 0)) {
$to_update['is_admin'] = Post::b('is_admin');
}
if (Post::s('type') != $user->type) {
$to_update['type'] = Post::s('type');
}
if (Post::i('watch', 0) != ($user->watch ? 1 : 0)) {
$to_update['flags'] = new PlFlagset();
$to_update['flags']->addFlag('watch', Post::i('watch'));
}
if (Post::t('comment') != $user->comment) {
$to_update['comment'] = Post::blank('comment') ? null : Post::t('comment');
}
$new_email = strtolower(Post::t('email'));
if (require_email_update($user, $new_email)) {
$to_update['email'] = $new_email;
$listClient->change_user_email($user->forlifeEmail(), $new_email);
update_alias_user($user->forlifeEmail(), $new_email);
}
}
}
if (!empty($to_update)) {
$res = XDB::query('SELECT *
FROM accounts
WHERE uid = {?}', $user->id());
$oldValues = $res->fetchAllAssoc();
$oldValues = $oldValues[0];
$set = array();
$diff = array();
foreach ($to_update as $k => $value) {
$value = XDB::format('{?}', $value);
$set[] = $k . ' = ' . $value;
$diff[$k] = array($oldValues[$k], trim($value, "'"));
unset($oldValues[$k]);
}
XDB::rawExecute('UPDATE accounts
SET ' . implode(', ', $set) . '
WHERE uid = ' . XDB::format('{?}', $user->id()));
$page->trigSuccess('Données du compte mise à jour avec succès');
$user = User::getWithUID($user->id());
/* Formats the $diff and send it to the site administrators. The rules are the folowing:
* -formats: password, token, weak_password
*/
foreach (array('password', 'token', 'weak_password') as $key) {
if (isset($diff[$key])) {
$diff[$key] = array('old value', 'new value');
} else {
$oldValues[$key] = 'old value';
}
}
$mail = new PlMailer('admin/useredit.mail.tpl');
$mail->assign('admin', S::user()->hruid);
$mail->assign('hruid', $user->hruid);
$mail->assign('diff', $diff);
$mail->assign('oldValues', $oldValues);
$mail->send();
}
// }}}
// Profile form {{{
if (Post::has('add_profile') || Post::has('del_profile') || Post::has('owner')) {
if (Post::i('del_profile', 0) != 0) {
XDB::execute('DELETE FROM account_profiles
WHERE uid = {?} AND pid = {?}', $user->id(), Post::i('del_profile'));
XDB::execute('DELETE FROM profiles
WHERE pid = {?}', Post::i('del_profile'));
} else {
if (!Post::blank('new_profile')) {
$profile = Profile::get(Post::t('new_profile'));
if (!$profile) {
$page->trigError('Le profil ' . Post::t('new_profile') . ' n\'existe pas');
} else {
XDB::execute('INSERT IGNORE INTO account_profiles (uid, pid)
VALUES ({?}, {?})', $user->id(), $profile->id());
}
}
}
XDB::execute('UPDATE account_profiles
SET perms = IF(pid = {?}, CONCAT(perms, \',owner\'), REPLACE(perms, \'owner\', \'\'))
WHERE uid = {?}', Post::i('owner'), $user->id());
}
// }}}
// Email forwards form {{{
$redirect = $registered ? new Redirect($user) : null;
if (Post::has('add_fwd')) {
$email = Post::t('email');
if (!isvalid_email_redirection($email, $user)) {
$page->trigError("Email non valide: {$email}");
} else {
$redirect->add_email($email);
$page->trigSuccess("Ajout de {$email} effectué");
}
} else {
if (!Post::blank('del_fwd')) {
$redirect->delete_email(Post::t('del_fwd'));
} else {
if (!Post::blank('activate_fwd')) {
$redirect->modify_one_email(Post::t('activate_fwd'), true);
} else {
if (!Post::blank('deactivate_fwd')) {
$redirect->modify_one_email(Post::t('deactivate_fwd'), false);
} else {
if (Post::has('disable_fwd')) {
$redirect->disable();
} else {
if (Post::has('enable_fwd')) {
$redirect->enable();
} else {
if (!Post::blank('clean_fwd')) {
$redirect->clean_errors(Post::t('clean_fwd'));
}
}
}
}
}
}
}
// }}}
// Email alias form {{{
if (Post::has('add_alias')) {
// Splits new alias in user and fqdn.
$alias = Env::t('email');
if (strpos($alias, '@') !== false) {
list($alias, $domain) = explode('@', $alias);
} else {
$domain = $user->mainEmailDomain();
}
// Checks for alias' user validity.
if (!preg_match('/[-a-z0-9\\.]+/s', $alias)) {
$page->trigError("'{$alias}' n'est pas un alias valide");
}
// Eventually adds the alias to the right domain.
if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) {
$req = new AliasReq($user, $alias, 'Admin request', false);
if ($req->commit()) {
$page->trigSuccess("Nouvel alias '{$alias}@{$domain}' attribué.");
} else {
$page->trigError("Impossible d'ajouter l'alias '{$alias}@{$domain}', il est probablement déjà attribué.");
}
} elseif ($domain == $user->mainEmailDomain()) {
XDB::execute('INSERT INTO email_source_account (email, uid, domain, type, flags)
SELECT {?}, {?}, id, \'alias\', \'\'
FROM email_virtual_domains
WHERE name = {?}', $alias, $user->id(), $domain);
$page->trigSuccess("Nouvel alias '{$alias}' ajouté");
} else {
$page->trigError("Le domaine '{$domain}' n'est pas valide pour cet utilisateur.");
}
} else {
if (!Post::blank('del_alias')) {
$delete_alias = Post::t('del_alias');
list($email, $domain) = explode('@', $delete_alias);
XDB::execute('DELETE s
FROM email_source_account AS s
INNER JOIN email_virtual_domains AS m ON (s.domain = m.id)
INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id)
WHERE s.email = {?} AND s.uid = {?} AND d.name = {?} AND type != \'forlife\'', $email, $user->id(), $domain);
XDB::execute('UPDATE email_redirect_account AS r
INNER JOIN email_virtual_domains AS m ON (m.name = {?})
INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id)
SET r.rewrite = \'\'
WHERE r.uid = {?} AND r.rewrite = CONCAT({?}, \'@\', d.name)', $domain, $user->id(), $email);
fix_bestalias($user);
$page->trigSuccess("L'alias '{$delete_alias}' a été supprimé");
} else {
if (!Post::blank('best')) {
$best_alias = Post::t('best');
// First delete the bestalias flag from all this user's emails.
XDB::execute("UPDATE email_source_account\n SET flags = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', flags, ','), ',bestalias,', ','))\n WHERE uid = {?}", $user->id());
// Then gives the bestalias flag to the given email.
list($email, $domain) = explode('@', $best_alias);
XDB::execute("UPDATE email_source_account\n SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'bestalias')\n WHERE uid = {?} AND email = {?}", $user->id(), $email);
// As having a non-null bestalias value is critical in
// plat/al's code, we do an a posteriori check on the
// validity of the bestalias.
fix_bestalias($user);
}
}
}
// }}}
// OpenId form {{{
if (Post::has('del_openid')) {
XDB::execute('DELETE FROM account_auth_openid
WHERE id = {?}', Post::i('del_openid'));
}
// }}}
// Forum form {{{
if (Post::has('b_edit')) {
XDB::execute("DELETE FROM forum_innd\n WHERE uid = {?}", $user->id());
if (Env::v('write_perm') != "" || Env::v('read_perm') != "" || Env::v('commentaire') != "") {
XDB::execute("INSERT INTO forum_innd\n SET ipmin = '0', ipmax = '4294967295',\n write_perm = {?}, read_perm = {?},\n comment = {?}, priority = '200', uid = {?}", Env::v('write_perm'), Env::v('read_perm'), Env::v('comment'), $user->id());
}
}
// }}}
$page->addJsLink('jquery.ui.xorg.js');
// Displays last login and last host information.
$res = XDB::query("SELECT start, host\n FROM log_sessions\n WHERE uid = {?} AND suid IS NULL\n ORDER BY start DESC\n LIMIT 1", $user->id());
list($lastlogin, $host) = $res->fetchOneRow();
$page->assign('lastlogin', $lastlogin);
$page->assign('host', $host);
// Display mailing lists
$page->assign('mlists', $listClient->get_all_user_lists($user->forlifeEmail()));
// Display active aliases.
$page->assign('virtuals', $user->emailGroupAliases());
$aliases = XDB::iterator("SELECT CONCAT(s.email, '@', d.name) AS email, (s.type = 'forlife') AS forlife,\n (s.email REGEXP '\\\\.[0-9]{2}\$') AS hundred_year,\n FIND_IN_SET('bestalias', s.flags) AS bestalias, s.expire,\n (s.type = 'alias_aux') AS alias\n FROM email_source_account AS s\n INNER JOIN email_virtual_domains AS d ON (s.domain = d.id)\n WHERE s.uid = {?}\n ORDER BY !alias, s.email", $user->id());
$page->assign('aliases', $aliases);
$page->assign('account_types', XDB::iterator('SELECT * FROM account_types ORDER BY type'));
$page->assign('skins', XDB::iterator('SELECT id, name FROM skins ORDER BY name'));
$page->assign('profiles', XDB::iterator('SELECT p.pid, p.hrpid, FIND_IN_SET(\'owner\', ap.perms) AS owner, p.ax_id
FROM account_profiles AS ap
INNER JOIN profiles AS p ON (ap.pid = p.pid)
WHERE ap.uid = {?}', $user->id()));
$page->assign('openid', XDB::iterator('SELECT id, url
FROM account_auth_openid
WHERE uid = {?}', $user->id()));
// Displays email redirection and the general profile.
if ($registered && $redirect) {
$page->assign('emails', $redirect->emails);
}
$page->assign('user', $user);
$page->assign('hasProfile', $user->hasProfile());
// Displays forum bans.
$res = XDB::query("SELECT write_perm, read_perm, comment\n FROM forum_innd\n WHERE uid = {?}", $user->id());
$bans = $res->fetchOneAssoc();
$page->assign('bans', $bans);
}
function handler_edit($page)
{
global $globals;
$user = S::user();
if (empty($user)) {
return PL_NOT_FOUND;
}
if ($user->type != 'xnet') {
pl_redirect('index');
}
$page->changeTpl('xnet/edit.tpl');
if (Post::has('change')) {
S::assert_xsrf_token();
// Convert user status to X
if (!Post::blank('login_X')) {
$forlife = $this->changeLogin($page, $user, Post::t('login_X'));
if ($forlife) {
pl_redirect('index');
}
}
require_once 'emails.inc.php';
require_once 'name.func.inc.php';
// Update user info
$lastname = capitalize_name(Post::t('lastname'));
$firstname = capitalize_name(Post::t('firstname'));
$full_name = build_full_name($firstname, $lastname);
$directory_name = build_directory_name($firstname, $lastname);
$sort_name = build_sort_name($firstname, $lastname);
XDB::query('UPDATE accounts
SET full_name = {?}, directory_name = {?}, sort_name = {?}, display_name = {?},
firstname = {?}, lastname = {?}, sex = {?}
WHERE uid = {?}', $full_name, $directory_name, $sort_name, Post::t('display_name'), Post::t('firstname'), Post::t('lastname'), Post::t('sex') == 'male' ? 'male' : 'female', $user->id());
// Updates email.
$new_email = strtolower(Post::t('email'));
if (require_email_update($user, $new_email)) {
XDB::query('UPDATE accounts
SET email = {?}
WHERE uid = {?}', $new_email, $user->id());
$listClient = new MMList(S::user());
$listClient->change_user_email($user->forlifeEmail(), $new_email);
update_alias_user($user->forlifeEmail(), $new_email);
}
$user = User::getWithUID($user->id());
S::set('user', $user);
$page->trigSuccess('Données mises à jour.');
}
$page->addJsLink('password.js');
$page->assign('user', $user);
}
