* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the * License for the specific language governing rights and limitations * under the License. */ if (!defined('IS_VALID_PHPMYFAQ_ADMIN')) { header('Location: http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])); exit; } $ajax_action = PMF_Filter::filterInput(INPUT_GET, 'ajaxaction', FILTER_SANITIZE_STRING); $user_id = PMF_Filter::filterInput(INPUT_GET, 'user_id', FILTER_VALIDATE_INT); $usersearch = PMF_Filter::filterInput(INPUT_GET, 'q', FILTER_SANITIZE_STRING); if ($permission['adduser'] || $permission['edituser'] || $permission['deluser']) { $user = new PMF_User(); if ('get_user_list' == $ajax_action) { foreach ($user->searchUsers($usersearch) as $single_user) { print $single_user['login'] . '|' . $single_user['user_id'] . "\n"; } } $user->getUserById($user_id); // Return the user data if ('get_user_data' == $ajax_action) { $userdata = array(); $userdata = $user->userdata->get('*'); $userdata['status'] = $user->getStatus(); print json_encode(array_map('utf8_encode', $userdata)); } // Return the user rights if ('get_user_rights' == $ajax_action) { print json_encode($user->perm->getUserRights($user_id)); } }
$responseWrapper->addCommonHeaders(); if ($user->perm->checkRight($user->getUserId(), 'adduser') || $user->perm->checkRight($user->getUserId(), 'edituser') || $user->perm->checkRight($user->getUserId(), 'deluser')) { $user = new PMF_User($faqConfig); switch ($ajaxAction) { case 'get_user_list': $users = []; foreach ($user->searchUsers($usersearch) as $singleUser) { $users[] = array('user_id' => $singleUser['user_id'], 'name' => $singleUser['login']); } $response->setData($users); break; case 'get_user_data': $user->getUserById($userId); $userdata = []; $userdata = $user->userdata->get('*'); $userdata['status'] = $user->getStatus(); $userdata['login'] = $user->getLogin(); $response->setData($userdata); break; case 'get_user_rights': $user->getUserById($userId); $response->setData($user->perm->getUserRights($userId)); break; case 'activate_user': $user->getUserById($userId); $user->setStatus('active'); echo json_encode($user->getStatus()); break; case 'delete_user': $user->getUserById($userId); if ($user->getStatus() == 'protected' || $userId == 1) {
$message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>'; } } } // delete user confirmation if ($userAction == 'delete_confirm') { $message = ''; $user = new PMF_User(); $userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0); if ($userId == 0) { $message .= '<p class="error">' . $errorMessages['delUser_noId'] . '</p>'; $userAction = $defaultUserAction; } else { $user->getUserById($userId); // account is protected if ($user->getStatus() == 'protected' || $userId == 1) { $userAction = $defaultUserAction; $message .= '<p class="error">' . $errorMessages['delUser_protectedAccount'] . '</p>'; } else { ?> <h2><?php print $text['header']; ?> </h2> <div id="user_confirmDelete"> <fieldset> <legend><?php print $text['delUser']; ?> </legend>
$templateVars['displayPagination'] = true; $templateVars['pagination'] = $pagination->render(); } $counter = $displayedCounter = 0; foreach ($allUsers as $userId) { $user->getUserById($userId); if ($displayedCounter >= $perPage) { continue; } $counter++; if ($counter <= $firstPage) { continue; } $displayedCounter++; $icon = ''; switch ($user->getStatus()) { case 'active': $icon = 'icon-ok'; break; case 'blocked': $icon = 'icon-lock'; break; case 'protected': $icon = 'icon-ok-sign'; break; } $templateVars['users'][] = array('id' => $user->getUserId(), 'displayName' => $user->getUserData('display_name'), 'editUrl' => '?action=user&user_id=' . $user->getUserData('user_id'), 'email' => $user->getUserData('email'), 'icon' => $icon, 'loginName' => $user->getLogin(), 'showDeleteButton' => $user->getStatus() !== 'protected', 'status' => $user->getStatus()); } $twig->loadTemplate('user/listallusers.twig')->display($templateVars); unset($templateVars, $allUsers, $numUsers, $page, $perPage, $numPages, $lastPage, $firstPage, $baseUrl, $options, $pagination, $counter, $displayedCounter, $icon); }
// update user data if ($userAction == 'update_data') { $message = ''; $userAction = $defaultUserAction; $userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0); if ($userId == 0) { $message .= '<p class="error">' . $errorMessages['updateUser_noId'] . '</p>'; } else { $userData = array(); $userData['display_name'] = PMF_Filter::filterInput(INPUT_POST, 'display_name', FILTER_SANITIZE_STRING, ''); $userData['email'] = PMF_Filter::filterInput(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL, ''); $userData['last_modified'] = PMF_Filter::filterInput(INPUT_POST, 'last_modified', FILTER_SANITIZE_STRING, ''); $userStatus = PMF_Filter::filterInput(INPUT_POST, 'user_status', FILTER_SANITIZE_STRING, $defaultUserStatus); $user = new PMF_User(); $user->getUserById($userId); $stats = $user->getStatus(); // set new password an send email if user is switched to active if ($stats == 'blocked' && $userStatus == 'active') { $consonants = array("b", "c", "d", "f", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "v", "w", "x", "y", "z"); $vowels = array("a", "e", "i", "o", "u"); $newPassword = ''; srand((double) microtime() * 1000000); for ($i = 1; $i <= 4; $i++) { $newPassword .= $consonants[rand(0, 19)]; $newPassword .= $vowels[rand(0, 4)]; } $user->changePassword($newPassword); $mail = new PMF_Mail(); $mail->addTo($userData['email']); $mail->subject = '[%sitename%] Username / activation'; $mail->message = sprintf("\nUsername: %s\nLoginname: %s\nNew Password: %s\n\n", $userData['display_name'], $user->getLogin(), $newPassword);
$ajaxAction = PMF_Filter::filterInput(INPUT_GET, 'ajaxaction', FILTER_SANITIZE_STRING); $userId = PMF_Filter::filterInput(INPUT_GET, 'user_id', FILTER_VALIDATE_INT); $usersearch = PMF_Filter::filterInput(INPUT_GET, 'q', FILTER_SANITIZE_STRING); if ($permission['adduser'] || $permission['edituser'] || $permission['deluser']) { $user = new PMF_User(); switch ($ajaxAction) { case 'get_user_list': foreach ($user->searchUsers($usersearch) as $singleUser) { print $singleUser['login'] . '|' . $singleUser['user_id'] . "\n"; } break; case 'get_user_data': $user->getUserById($userId); $userdata = array(); $userdata = $user->userdata->get('*'); $userdata['status'] = $user->getStatus(); $userdata['login'] = $user->getLogin(); print json_encode($userdata); break; case 'get_user_rights': $user->getUserById($userId); print json_encode($user->perm->getUserRights($userId)); break; case 'delete_user': $user->getUserById($userId); if ($user->getStatus() == 'protected' || $userId == 1) { $message = '<p class="error">' . $PMF_LANG['ad_user_error_protectedAccount'] . '</p>'; } else { if (!$user->deleteUser()) { $message = $PMF_LANG['ad_user_error_delete']; } else {
<tbody> <?php foreach ($user->getAllUsers() as $userId) { $user->getUserById($userId); ?> <tr class="row_user_id_<?php print $user->getUserData('user_id'); ?> "> <td><?php print $user->getUserData('user_id'); ?> </td> <td><?php print $user->getStatus(); ?> </td> <td><?php print $user->getUserData('display_name'); ?> </td> <td><?php print $user->getLogin(); ?> </td> <td> <a href="mailto:<?php print $user->getUserData('email'); ?> ">
$counter++; if ($counter <= $firstPage) { continue; } $displayedCounter++; ?> <tr class="row_user_id_<?php print $user->getUserId(); ?> "> <td><?php print $user->getUserId(); ?> </td> <td><i class="<?php switch ($user->getStatus()) { case 'active': echo "icon-ok"; break; case 'blocked': echo 'icon-lock'; break; case 'protected': echo 'icon-ok-sign'; break; } ?> "></i></td> <td><?php print $user->getUserData('display_name'); ?>