function edit() { $id = WebApp::post('id') === NULL ? '' : intval(WebApp::post('id')); $this->parent->parent->debug($id); if (!is_int($id)) { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>User ID must be an integer</code>', B_T_FAIL); } if ($id == $this->parent->parent->user->getUserID() && !$this->parent->inGroup(1)) { $this->parent->parent->logEvent($this::name_space, 'Attempted to edit themself'); return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot edit yourself</code>', B_T_FAIL); } $f_name = WebApp::post('f_name') === NULL ? '' : WebApp::post('f_name'); $s_name = WebApp::post('s_name') === NULL ? '' : WebApp::post('s_name'); $username = WebApp::post('username') === NULL ? '' : WebApp::post('username'); $email = WebApp::post('email') === NULL ? '' : WebApp::post('email'); $n_pwd = WebApp::post('n_pwd') === NULL ? '' : WebApp::post('n_pwd'); $n_pwd_c = WebApp::post('c_pwd') === NULL ? '' : WebApp::post('c_pwd'); $chgPwd = WebApp::post('chgPwd') === NULL ? '' : WebApp::post('chgPwd'); $enabled = WebApp::post('enabled') === NULL ? false : WebApp::post('enabled'); $p_group = WebApp::post('p_group') === NULL ? 3 : WebApp::post('p_group'); $s_groups = WebApp::post('s_group') === NULL ? array() : strgetcsv(WebApp::post('s_group')); if ($f_name == '') { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>First Name must not be blank</code>', B_T_FAIL); } if ($s_name == '') { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Surname must not be blank</code>', B_T_FAIL); } if ($username == '') { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Username must not be blank</code>', B_T_FAIL); } if ($email == '') { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Email must not be blank</code>', B_T_FAIL); } if ($chgPwd == '') { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Change Password must not be blank</code>', B_T_FAIL); } if ($enabled == '') { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Enabled must not be blank</code>', B_T_FAIL); } if ($p_group == '') { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to add user.<br />Error: <code>Primary Group must not be blank</code>', B_T_FAIL); } if ($this->parent->inGroup(2, false) && $p_group == 1) { $this->parent->parent->logEvent($this::name_space, 'Tried to make "' . $username . '" a Super Admin'); return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot escalate privileges</code>', B_T_FAIL); } if ($this->parent->parent->user->getUserID() == $id && $enabled == false) { $this->parent->parent->logEvent($this::name_space, 'Tried to disable themself'); return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>You cannot disable yourself</code>', B_T_FAIL); } if ($n_pwd != $n_pwd_c) { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed to edit user.<br />Error: <code>New passwords must match, or both be empty</code>', B_T_FAIL); } $clear_sgroup = $this->mySQL_w->prepare("DELETE FROM `core_sgroup` WHERE `user`=?"); $update_sgroup = $this->mySQL_w->prepare("INSERT INTO `core_sgroup` (`user`, `group`) VALUES (?, ?)"); if ($clear_sgroup === false) { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Clear query failed</code>', B_T_FAIL); } if ($update_sgroup === false) { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update sgroup query failed</code>', B_T_FAIL); } if ($n_pwd != '') { $userCtrl = $this->parent->parent->user; $hash = $userCtrl->ranHash(); $new_pwd = $userCtrl->pwd_hash($n_pwd, $hash) . ':' . $hash; $update = $this->mySQL_w->prepare("UPDATE `core_users` SET `f_name`=?,`s_name`=?,`email`=?,`en`=?,`chgPwd`=?,`p_group`=?,`pass`=?, `pwd_reset`=`pwd_reset`+1 WHERE `id`=? AND `username`=?"); if ($update === false) { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update query failed</code>', B_T_FAIL); } $update->bind_param('sssiiisis', $f_name, $s_name, $email, $enabled, $chgPwd, $p_group, $new_pwd, $id, $username); } else { $update = $this->mySQL_w->prepare("UPDATE `core_users` SET `f_name`=?,`s_name`=?,`email`=?,`en`=?,`chgPwd`=?,`p_group`=? WHERE `id`=? AND `username`=?"); if ($update === false) { return new ActionResult($this, '/admin/user/user_edit', 0, 'Failed edit user!<br />Error: <code>Update query failed</code>', B_T_FAIL); } $update->bind_param('sssiiiis', $f_name, $s_name, $email, $enabled, $chgPwd, $p_group, $id, $username); } $clear_sgroup->bind_param('i', $id); $update_sgroup->bind_param('ii', $id, $sgroup); $clear_sgroup->execute(); if (count($s_groups) != 0) { foreach ($s_groups as $sgroup) { $this->parent->parent->debug($sgroup); $update_sgroup->bind_param('ii', $id, $sgroup); $update_sgroup->execute(); } } if ($n_pwd != '') { $mail = new Emailer(); $mail->Subject = 'Password Changed'; $mail->msgHTML(UserEmail::adminPasswordChange($f_name)['html']); $mail->AltBody = UserEmail::adminPasswordChange($f_name)['text']; $mail->addAddress($email, $f_name . ' ' . $s_name); $mail->send(); } $update->execute(); $update->store_result(); $this->parent->parent->logEvent($this::name_space, 'Edited user "' . $username . '"'); return new ActionResult($this, '/admin/user/user_view', 1, 'User was edited.', B_T_SUCCESS, array('form' => array('n_pwd' => '', 'c_pwd' => ''))); }
public function send() { if (!$this->accessAdminPage(0)) { return new ActionResult($this, '/admin/email', 0, 'You are not allowed to send emails!', B_T_FAIL); } $check = $this->checknames(); if ($check->status == 0) { return $check; } else { Session::del('status_msg', $check->id); } $to = WebApp::post('to'); $subject = WebApp::post('subject'); $message = WebApp::post('message'); $mail = new Emailer(); $mail->setFrom($this->parent->parent->user->getUsername() . '@biggleswadesc.org', $this->parent->parent->user->getFullName()); $mail->Subject = $subject; $mail->msgHTML($message); $mail->AltBody = 'To view the message, please use an HTML compatible email viewer!'; $to = strgetcsv(WebApp::post('to')); // Fetches emails from usernames $user_query = $this->mySQL_r->prepare("SELECT CONCAT(`f_name`, ' ', `s_name`), `email` FROM `core_users` WHERE `username`=?"); // Fetches names and emails from p_group names $p_group_query = $this->mySQL_r->prepare("SELECT CONCAT(`f_name`, ' ', `s_name`),`email` FROM `core_users`\nINNER JOIN `core_groups` ON `p_group`=`GID` AND `core_groups`.`name`=? AND `type`='p'"); // Fetches names and emails from s_group names through link table (core_sgroup) $s_group_query = $this->mySQL_r->prepare("SELECT CONCAT(`f_name`, ' ', `s_name`),`email` FROM `core_users`\nINNER JOIN `core_groups` ON `core_groups`.`name`=? AND `type`='s'\nINNER JOIN `core_sgroup` ON `core_sgroup`.`user`=`core_users`.`id` AND `core_groups`.`GID`=`core_sgroup`.`group`"); $email_addresses = array(); foreach ($to as $name) { $name = trim($name); if (filter_var($name, FILTER_VALIDATE_EMAIL)) { $email_addresses[$name] = $name; } else { // Check if name is user $user_query->bind_param('s', $name); $user_query->bind_result($fullName, $email); $user_query->execute(); $user_query->store_result(); if ($user_query->num_rows == 1) { $this->parent->parent->debug($this::name_space . ': Address is for user'); // deal with user $user_query->fetch(); $email_addresses[$email] = $fullName; $user_query->free_result(); $user_query->reset(); } else { // Check if name is pgroup $user_query->free_result(); $p_group_query->bind_param('s', $name); $p_group_query->bind_result($fullName, $email); $p_group_query->execute(); $p_group_query->store_result(); if ($p_group_query->num_rows != 0) { while ($p_group_query->fetch()) { $email_addresses[$email] = $fullName; } $p_group_query->free_result(); $p_group_query->reset(); } else { $p_group_query->free_result(); $p_group_query->reset(); // Check sgroup $s_group_query->bind_param('s', $name); $s_group_query->bind_result($fullName, $email); $s_group_query->execute(); $s_group_query->store_result(); if ($s_group_query->num_rows != 0) { // Deal with sgroup while ($s_group_query->fetch()) { $email_addresses[$email] = $fullName; } } $s_group_query->free_result(); $s_group_query->reset(); } } } } $failed = array(); foreach ($email_addresses as $email => $name) { $mail->addAddress($email, $name); if (!$mail->send()) { $failed[] = $email; $this->parent->parent->debug($this::name_space . ': Did not send mail to ' . $email); $this->parent->parent->debug('Reason: ' . $mail->ErrorInfo); } else { $this->parent->parent->debug($this::name_space . ': Sent mail to ' . $email); } $mail->clearAddresses(); } if (count($failed) == 0) { return new ActionResult($this, '/admin/email', 1, 'Email was successfully sent!', B_T_SUCCESS); } else { return new ActionResult($this, '/admin/email', 0, 'Email was sent to except:<code>' . implode(', ', $failed) . '</code>', B_T_WARNING); } }