<?php
require_once "/project/admin/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$userId = $loggedInUser->user_id;
if (!userIdExists($userId)) {
header("Location:login.php");
die;
}
//require_once '../tabs.php';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Your Interviews</title>
<link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/redmond/jquery-ui.css" />
<link rel="stylesheet" type="text/css" media="screen" href="/project/admin/themes/ui.jqgrid.css" />
<link rel="stylesheet" type="text/css" media="screen" href="/projects/admin/themes/ui.multiselect.css" />
<link href="/project/admin/models/site-templates/default.css" rel='stylesheet' type='text/css' />
<style type="text">
<![CDATA[
html, body {
margin: 0; /* Remove body margin/padding */
padding: 0;
overflow: hidden; /* Remove scroll bars on browser window */
font-size: 75%;
}
]]>
</style>
function updateUserField($user_id, $field_name, $field_value)
{
try {
global $db_table_prefix;
$db = pdoConnect();
$sqlVars = array();
// Check that the user exists
if (!userIdExists($user_id)) {
addAlert("danger", "Invalid user id specified.");
return false;
}
// Note that this function uses the field name directly in the query, so do not use unsanitized user input for this function!
$query = "UPDATE " . $db_table_prefix . "users\n\t\t\tSET\n\t\t\t{$field_name} = :field_value\n\t\t\tWHERE\n\t\t\tid = :user_id";
$stmt = $db->prepare($query);
$sqlVars[':user_id'] = $user_id;
$sqlVars[':field_value'] = $field_value;
if ($stmt->execute($sqlVars)) {
return true;
} else {
return false;
}
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
}
}
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
// Validate csrf token
checkCSRF($ajax, $csrf_token);
if (count($validator->errors) > 0) {
apiReturnError($ajax, getReferralPage());
}
// Special case to update the logged in user (self)
$self = false;
if ($user_id == "0") {
$self = true;
$user_id = $loggedInUser->user_id;
}
//Check if selected user exists
if (!$user_id or !userIdExists($user_id)) {
addAlert("danger", lang("ACCOUNT_INVALID_USER_ID"));
apiReturnError($ajax, getReferralPage());
}
$userdetails = fetchUserAuthById($user_id);
//Fetch user details
$error_count = 0;
$success_count = 0;
//Update display name if specified and different from current value
if ($display_name && $userdetails['display_name'] != $display_name) {
if (!updateUserDisplayName($user_id, $display_name)) {
$error_count++;
$display_name = $userdetails['display_name'];
} else {
$success_count++;
}
<?php
require_once "../models/config.php";
// Recommended admin-only access
if (!securePage(__FILE__)) {
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") {
echo json_encode(array("errors" => 1, "successes" => 0));
} else {
header("Location: " . getReferralPage());
}
exit;
}
$validator = new Validator();
// Look up specified user
$selected_user_id = $validator->requiredGetVar('id');
if (!is_numeric($selected_user_id) || !userIdExists($selected_user_id)) {
addAlert("danger", "I'm sorry, the user id you specified is invalid!");
header("Location: " . getReferralPage());
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<title>PHP Reports Admin - User Details</title>
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "models/config.php";
setReferralPage(getAbsoluteDocumentPath(__FILE__));
if (!userIdExists('1')) {
addAlert("danger", lang("MASTER_ACCOUNT_NOT_EXISTS"));
header("Location: install/wizard_root_user.php");
exit;
}
// If registration is disabled, send them back to the home page with an error message
if (!$can_register) {
addAlert("danger", lang("ACCOUNT_REGISTRATION_DISABLED"));
header("Location: login.php");
exit;
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
addAlert("danger", "I'm sorry, you cannot register for an account while logged in. Please log out first.");
apiReturnError(false, SITE_ROOT);
}
/**
* Creates new action permit mapping for a user
* @param string $user_id the id of the user for which to create a new permit.
* @param string $action_name the name of the action function.
* @param string $permit the permit expression, a sequence of permission validator function calls joined by '&'.
* @return boolean true for success, false if failed
*/
function createUserActionPermit($user_id, $action_name, $permit)
{
// This block automatically checks this action against the permissions database before running.
if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
//Check if selected user exists
if (!userIdExists($user_id)) {
addAlert("danger", "I'm sorry, the user_id you specified is invalid!");
return false;
}
//Check that secure function name exists
$secure_funcs = fetchSecureFunctions();
if (!isset($secure_funcs[$action_name])) {
addAlert("danger", "I'm sorry, the specified action does not exist.");
return false;
}
// Check that permission validators exist
if (!isValidPermitString($permit)) {
return false;
}
// Attempt to create in DB
if (!dbCreateActionPermit($user_id, $action_name, $permit, 'user')) {
return false;
} else {
addAlert("success", "Successfully created user-level permit for action {$action_name}");
return true;
}
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$userId = $_GET['id'];
//Check if selected user exists
if (!userIdExists($userId)) {
header("Location: " . str_replace('index.php/', '', site_url('admin_users')));
die;
}
$userdetails = fetchUserDetails(NULL, NULL, $userId);
//Fetch user details
//Forms posted
if (!empty($_POST)) {
//Delete selected account
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deleteUsers($deletions)) {
$successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
} else {
//Update display name
if ($userdetails['display_name'] != $_POST['display']) {
$displayname = trim($_POST['display']);
//Validate display name
if (displayNameExists($displayname)) {
$errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname));
} elseif (minMaxRange(5, 25, $displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25));
} elseif (!ctype_alnum($displayname)) {
$errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");
} else {
if (updateDisplayName($userId, $displayname)) {
$successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname));
} else {
$errors[] = lang("SQL_ERROR");
}
}
} else {
$displayname = $userdetails['display_name'];
}
//Activate account
if (isset($_POST['activate']) && $_POST['activate'] == "activate") {
if (setUserActive($userdetails['activation_token'])) {
$successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Update email
if ($userdetails['email'] != $_POST['email']) {
$email = trim($_POST["email"]);
//Validate email
if (!isValidEmail($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
} elseif (emailExists($email)) {
$errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));
} else {
if (updateEmail($userId, $email)) {
$successes[] = lang("ACCOUNT_EMAIL_UPDATED");
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Update title
if ($userdetails['title'] != $_POST['title']) {
$title = trim($_POST['title']);
//Validate title
if (minMaxRange(1, 50, $title)) {
$errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50));
} else {
if (updateTitle($userId, $title)) {
$successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Remove permission level
if (!empty($_POST['removePermission'])) {
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($remove, $userId)) {
$successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
if (!empty($_POST['addPermission'])) {
$add = $_POST['addPermission'];
if ($addition_count = addPermission($add, $userId)) {
$successes[] = lang("ACCOUNT_PERMISSION_ADDED", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
$userdetails = fetchUserDetails(NULL, NULL, $userId);
}
}
$userPermission = fetchUserPermissions($userId);
$permissionData = fetchAllPermissions();
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin User</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminUser' action='" . $_SERVER['PHP_SELF'] . "?id=" . $userId . "' method='post'>\r\n<table class='admin'><tr><td>\r\n<h3>User Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $userdetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Username:</label>\r\n" . $userdetails['user_name'] . "\r\n</p>\r\n<p>\r\n<label>Display Name:</label>\r\n<input type='text' name='display' value='" . $userdetails['display_name'] . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='email' value='" . $userdetails['email'] . "' />\r\n</p>\r\n<p>\r\n<label>Active:</label>";
//Display activation link, if account inactive
if ($userdetails['active'] == '1') {
echo "Yes";
} else {
echo "No\r\n\t</p>\r\n\t<p>\r\n\t<label>Activate:</label>\r\n\t<input type='checkbox' name='activate' id='activate' value='activate'>\r\n\t";
}
echo "\r\n</p>\r\n<p>\r\n<label>Title:</label>\r\n<input type='text' name='title' value='" . $userdetails['title'] . "' />\r\n</p>\r\n<p>\r\n<label>Sign Up:</label>\r\n" . date("j M, Y", $userdetails['sign_up_stamp']) . "\r\n</p>\r\n<p>\r\n<label>Last Sign In:</label>";
//Last sign in, interpretation
if ($userdetails['last_sign_in_stamp'] == '0') {
echo "Never";
} else {
echo date("j M, Y", $userdetails['last_sign_in_stamp']);
}
echo "\r\n</p>\r\n<p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $userdetails['id'] . "]' id='delete[" . $userdetails['id'] . "]' value='" . $userdetails['id'] . "'>\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>Remove Permission:";
//List of permission levels user is apart of
foreach ($permissionData as $v1) {
if (isset($userPermission[$v1['id']])) {
echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
//List of permission levels user is not apart of
echo "</p><p>Add Permission:";
foreach ($permissionData as $v1) {
if (!isset($userPermission[$v1['id']])) {
echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
<?php
require_once "../util/functions.php";
$pdo = connectDb();
// formから値を取得
$userId = $_POST["user_id"];
$password = $_POST["password"];
if (userIdExists($userId, $pdo)) {
header('location: signup_error.php');
exit;
} else {
$stmt = $pdo->prepare("INSERT INTO user VALUES (NULL, :user_id, :password)");
$stmt->bindValue(':user_id', $userId);
$stmt->bindValue(':password', $password);
$stmt->execute();
header('location: signup_complete.php');
exit;
}
function userIdExists($userId, $pdo)
{
$sql = "select * from user where user_id = :user_id limit 1";
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':user_id', $userId);
$stmt->execute();
$user = $stmt->fetch();
return $user ? true : false;
}