/**
* Main function that calls others
*
* @return bool
*/
public function settings($h)
{
if ($h->cage->get->testPage('subpage') == 'default_perms' || $h->cage->post->testPage('subpage') == 'default_perms') {
$this->defaultPerms($h);
return true;
}
if ($h->cage->get->testPage('subpage') == 'default_settings' || $h->cage->post->testPage('subpage') == 'default_settings') {
$this->defaultSettings($h);
return true;
}
if ($h->cage->get->testPage('subpage') == 'add_user' || $h->cage->post->testPage('subpage') == 'add_user') {
$this->addUserPage($h);
return true;
}
// grab the number of pending users:
$sql = "SELECT COUNT(user_id) FROM " . TABLE_USERS . " WHERE user_role = %s";
$num_pending = $h->db->get_var($h->db->prepare($sql, 'pending'));
if (!$num_pending) {
$num_pending = "0";
}
$h->vars['num_pending'] = $num_pending;
// check if all new users are automatically set to pending or not
$user_signin_settings = $h->getSerializedSettings('user_signin');
$h->vars['regStatus'] = $user_signin_settings['registration_status'];
$h->vars['useEmailConf'] = $user_signin_settings['emailconf_enabled'];
// clear variables:
$h->vars['search_term'] = '';
if ($h->vars['regStatus'] == 'pending') {
$h->vars['user_filter'] = 'pending';
} else {
$h->vars['user_filter'] = 'all';
}
// Get unique statuses for Filter form:
$h->vars['roles'] = $h->getUniqueRoles();
$u = new UserBase();
// if checkboxes
if ($h->cage->get->getAlpha('type') == 'checkboxes' && $h->cage->get->keyExists('user_man')) {
foreach ($h->cage->get->keyExists('user_man') as $id => $checked) {
$h->message = $h->lang["user_man_checkboxes_role_changed"];
// default "Changed role" message
$u->id = $id;
$u->getUserBasic($h, $id);
$new_role = $h->cage->get->testAlnumLines('checkbox_action');
if ($new_role != $u->role) {
// change role:
$u->role = $new_role;
$new_perms = $u->getDefaultPermissions($h, $new_role);
$u->setAllPermissions($new_perms);
$u->updatePermissions($h);
$u->updateUserBasic($h, $id);
$h->message = $h->lang["user_man_checkboxes_role_changed"];
if ($new_role == 'killspammed' || $new_role == 'deleted') {
$h->deleteComments($u->id);
// includes child comments from *other* users
$h->deletePosts($u->id);
// includes tags and votes for self-submitted posts
if ($h->cage->get->keyExists('addblockedlist')) {
$h->addToBlockedList($type = 'user', $value = $u->name, false);
$h->addToBlockedList($type = 'email', $value = $u->email, false);
}
$h->pluginHook('user_man_killspam_delete', '', array($u));
if ($new_role == 'deleted') {
$u->deleteUser($h);
$h->clearCache('db_cache', false);
// clears them from User Manager list
}
}
}
}
}
// if search
$search_term = '';
if ($h->cage->get->getAlpha('type') == 'search') {
$search_term = $h->cage->get->sanitizeTags('search_value');
if (strlen($search_term) < 3) {
$h->message = $h->lang["user_man_search_too_short"];
$h->messageType = 'red';
} else {
$h->vars['search_term'] = $search_term;
// used to refill the search box after a search
$where_clause = " WHERE user_username LIKE %s OR user_email LIKE %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$search_term = '%' . $search_term . '%';
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, $search_term, $search_term));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, $search_term, $search_term);
}
}
// if filter
$filter = '';
if ($h->cage->get->getAlpha('type') == 'filter') {
$filter = $h->cage->get->testAlnumLines('user_filter');
$h->vars['user_filter'] = $filter;
// used to refill the filter box after use
switch ($filter) {
case 'all':
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql));
$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
$query = $h->db->prepare($sql);
break;
case 'not_killspammed':
$where_clause = " WHERE user_role != %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'killspammed'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'killspammed');
break;
case 'admin':
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'admin'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'admin');
break;
case 'supermod':
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'supermod'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'supermod');
break;
case 'moderator':
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'moderator'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'moderator');
break;
case 'member':
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'member'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'member');
break;
case 'pending':
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'pending'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'pending');
break;
case 'undermod':
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'undermod'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'undermod');
break;
case 'suspended':
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'suspended'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'suspended');
break;
case 'banned':
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'banned'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'banned');
break;
case 'killspammed':
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered by registration date
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'killspammed'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'killspammed');
break;
case 'newest':
$sort_clause = ' ORDER BY user_date DESC';
// same as "all"
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS;
$count = $h->db->get_var($h->db->prepare($count_sql));
$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
$query = $h->db->prepare($sql);
break;
case 'oldest':
$sort_clause = ' ORDER BY user_date ASC';
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS;
$count = $h->db->get_var($h->db->prepare($count_sql));
$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
$query = $h->db->prepare($sql);
break;
case 'last_visited':
$sort_clause = ' ORDER BY user_lastvisit DESC';
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS;
$count = $h->db->get_var($h->db->prepare($count_sql));
$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
$query = $h->db->prepare($sql);
break;
default:
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
// ordered newest first for convenience
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, $filter));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, $filter);
// filter = 'admin', 'member', etc.
break;
}
}
if (!isset($query)) {
// default list
// if all new users are set to 'pending' show pending list as default...
if ($h->vars['regStatus'] == 'pending') {
$where_clause = " WHERE user_role = %s";
$sort_clause = ' ORDER BY user_date DESC';
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql, 'pending'));
$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
$query = $h->db->prepare($sql, 'pending');
} else {
$sort_clause = ' ORDER BY user_date DESC';
// ordered by newest
$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $sort_clause;
$count = $h->db->get_var($h->db->prepare($count_sql));
$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
$query = $h->db->prepare($sql);
}
}
$pagedResults = $h->pagination($query, $count, 30, 'users');
if ($pagedResults) {
$h->vars['user_man_rows'] = $this->drawRows($h, $pagedResults, $filter, $search_term);
} elseif ($h->vars['user_filter'] == 'pending') {
$h->message = $h->lang['user_man_no_pending_users'];
$h->messageType = 'green';
}
// Show template:
$h->displayTemplate('user_man_main', 'user_manager');
}
/**
* Change username or email
*
* @param int $userid
* @return bool
*/
public function updateAccount($h, $userid = 0)
{
// $viewee is the person whose account is being modified
$viewee = new UserBase($h);
// Get the details of the account to show.
// If no account is specified, assume it's your own.
if (!$userid) {
$userid = $this->id;
}
$viewee->getUser($h, $userid);
$error = 0;
// fill checks
$checks['userid_check'] = '';
$checks['username_check'] = '';
$checks['email_check'] = '';
$checks['role_check'] = '';
$checks['password_check_old'] = '';
$checks['password_check_new'] = '';
$checks['password_check_new2'] = '';
// Updating account info (username and email address)
if ($h->cage->post->testAlnumLines('update_type') == 'update_general') {
// check CSRF key
if (!$h->csrf()) {
$h->messages[$h->lang('error_csrf')] = 'red';
$error = 1;
}
$username_check = $h->cage->post->testUsername('username');
// alphanumeric, dashes and underscores okay, case insensitive
if (!$username_check) {
$h->messages[$h->lang('main_user_account_update_username_error')] = 'red';
$error = 1;
} elseif ($h->nameExists($username_check, '', $viewee->id) || $h->isBlocked('user', $username_check)) {
$h->messages[$h->lang('main_user_account_update_username_exists')] = 'red';
$error = 1;
} else {
//success
$viewee->name = $username_check;
}
$email_check = $h->cage->post->testEmail('email');
if (!$email_check) {
$h->messages[$h->lang('main_user_account_update_email_error')] = 'red';
$error = 1;
} elseif ($h->emailExists($email_check, '', $viewee->id) || $h->isBlocked('email', $email_check)) {
$h->messages[$h->lang('main_user_account_update_email_exists')] = 'red';
$error = 1;
} else {
//success
$viewee->email = $email_check;
}
$role_check = $h->cage->post->testUsername('user_role');
// from Users plugin account page
// compare with current role and update if different
if (!$error && $role_check && $role_check != $viewee->role) {
$viewee->role = $role_check;
$new_perms = $viewee->getDefaultPermissions($h, $role_check);
$viewee->setAllPermissions($new_perms);
$viewee->updatePermissions($h);
if ($role_check == 'killspammed' || $role_check == 'deleted') {
$h->deleteComments($viewee->id);
// includes child comments from *other* users
$h->deletePosts($viewee->id);
// includes tags and votes for self-submitted posts
$h->pluginHook('userbase_killspam', '', array('target_user' => $viewee->id));
if ($role_check == 'deleted') {
$h->deleteUser($viewee->id);
$checks['username_check'] = 'deleted';
$h->message = $h->lang("users_account_deleted");
$h->messageType = 'red';
return $checks;
// This will then show a red "deleted" notice
}
}
}
// If we've just edited our own account, let's refresh the cookie so it uses our latest username:
if ($h->currentUser->id == $h->cage->post->testInt('userid')) {
$h->setCookie($h, false);
// delete the cookie
$h->getUser($h, $h->currentUser->id, '', true);
// re-read the database record to get updated info
$h->setCookie($h, true);
// create a new, updated cookie
}
}
if (!isset($username_check) && !isset($email_check)) {
$username_check = $viewee->name;
$email_check = $viewee->email;
$role_check = $viewee->role;
// do nothing
} elseif ($error == 0) {
$exists = $h->userExists(0, $username_check, $email_check);
if ($exists != 'no' && $exists != 'error') {
// user exists
//success
$viewee->updateUserBasic($h, $userid);
// only update the cookie if it's your own account:
if ($userid == $this->id) {
$h->setCookie($h, false);
// delete the cookie
$h->getUser($h, $h->currentUser->id, '', true);
// re-read the database record to get updated info
$h->setCookie($h, true);
// create a new, updated cookie
}
$h->messages[$h->lang('main_user_account_update_success')] = 'green';
} else {
//fail
$h->messages[$h->lang("main_user_account_update_unexpected_error")] = 'red';
}
} else {
// error must = 1 so fall through and display the form again
}
//update checks
$this->updatePassword($h, $userid);
$userid_check = $viewee->id;
$checks['userid_check'] = $userid_check;
$checks['username_check'] = $username_check;
$checks['email_check'] = $email_check;
$checks['role_check'] = $role_check;
return $checks;
}
