if(empty($viewUserId) && $loginStatus["status"]) { $viewUserId = $loginStatus["detail"]["userdata"]["dblink"]; # echo "<!-- ".print_r($loginStatus, true)."\n\n Using $viewUserId -->"; } $setUser = array("dblink" => $viewUserId); # echo "<!-- Setting user \n ".print_r($setUser, true) . "\n -->"; $selfUser = new UserFunctions(); $selfUserId = $selfUser->getHardlink(); $viewUser = new UserFunctions($viewUserId, "dblink"); $validUser = true; $userdata = array(); $realProfileImagePath = "users/profiles/default.png"; $realProfileImagePathXS = "users/profiles/default.png"; $realProfileImagePathSM = "users/profiles/default.png"; try { $userdata = $viewUser->getUser($setUser); if(!is_array($userdata)) $userdata = array(); if(empty($userdata["dblink"])) throw(new Exception("Bad User")); $profileImagePath = "users/profiles/" . $viewUserId; $extensions = array("bmp", "jpg", "jpeg", "png", "gif"); foreach($extensions as $ext) { $testPath = realpath($profileImagePath . "." . $ext); echo "\n\n<!-- Testing path '" . $testPath . "' --> "; if(file_exists($testPath)) { $realProfileImagePath = $profileImagePath . "." . $ext; $realProfileImagePathXS = $profileImagePath . "-xs." . $ext; $realProfileImagePathSM = $profileImagePath . "-sm." . $ext; break; } } # else echo "<!-- Got data \n ".print_r($userdata, true) . "\n -->";
function superuserEditUser($get) { /*** * * $get is the $_REQUEST superglobal. * Expects keys: * * @param string user -> The dblink/hardlink of the target user * @param string change_type -> The type of change to * enact. Available: delete | reset * ***/ global $login_status, $default_user_database, $default_sql_user, $default_sql_password, $sql_url, $default_user_table, $db_cols; $udb = new DBHelper($default_user_database, $default_sql_user, $default_sql_password, $sql_url, $default_user_table, $db_cols); $uid = $login_status['detail']['uid']; # is caller an SU or admin? $suFlag = $login_status['detail']['userdata']['su_flag']; $isSu = boolstr($suFlag); $adminFlag = $login_status['detail']['userdata']['admin_flag']; $isAdmin = boolstr($adminFlag); if (!($isSu || $isAdmin)) { return array("status" => false, "error" => "INVALID_USER_PERMISSIONS", "human_error" => "You do not have enough permission to perform this action"); } # Check the target $target = $get["user"]; if (empty($target)) { return array("status" => false, "error" => "INVALID_TARGET_NO_USER_PROVIDED", "human_error" => "You must provide argument 'user'"); } # Do they exist? if (!$udb->isEntry($target, 'dblink')) { return array("status" => false, "error" => "INVALID_TARGET_DOES_NOT_EXIST", "human_error" => "The requested user does not exist"); } $uf = new UserFunctions($target, "dblink"); $userData = $uf->getUser($target); try { # Is the target an SU or admin? $suFlag = $userData['userdata']['su_flag']; $targetIsSu = boolstr($suFlag); if ($targetIsSu) { return array("status" => false, "error" => "INVALID_TARGET_IS_SU", "human_error" => "You can not edit Superusers through this interface. Please contact your system administrator"); } $adminFlag = $userData['userdata']['admin_flag']; $targetIsAdmin = boolstr($adminFlag); if ($targetIsAdmin && !$isSu) { return array("status" => false, "error" => "INVALID_TARGET_ADMIN_VS_ADMIN", "human_error" => "Sorry, only Superusers can edit adminstrators"); } # Permission check complete. $editAction = strtolower($get["change_type"]); if (empty($editAction)) { return array("status" => false, "error" => "INVALID_CHANGE_TYPE_EMPTY", "human_error" => "You must provide an argument 'change_type'"); } switch ($editAction) { case "delete": $dryRun = $uf->forceDeleteCurrentUser(); $targetUid = $dryRun["target_user"]; if ($targetUid != $target) { # Should never happen return array("status" => false, "error" => "MISMATCHED_TARGETS", "human_error" => "The system encountered an error confirming target for deletion", "obj_target" => $targetUid, "post_target" => $target); } return $uf->forceDeleteCurrentUser(true); break; case "reset": return array("status" => false, "error" => "Incomplete"); break; default: return array("status" => false, "error" => "INVALID_CHANGE_TYPE", "human_error" => "We didn't recognize this change type", "change_type_provided" => $editAction); } } catch (Exception $e) { return array("status" => false, "error" => $e->getMessage(), "human_error" => "Application error", "args" => $get); } }