require WT_ROOT . 'includes/functions/functions_edit.php'; use Rhumsaa\Uuid\Uuid; use WT\Auth; use WT\Log; use WT\User; // If we are already logged in, then go to the “Home page” if (WT_USER_ID && WT_GED_ID) { header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH); exit; } $controller = new WT_Controller_Page(); $REQUIRE_ADMIN_AUTH_REGISTRATION = WT_Site::preference('REQUIRE_ADMIN_AUTH_REGISTRATION'); $action = WT_Filter::post('action'); $user_realname = WT_Filter::post('user_realname'); $user_name = WT_Filter::post('user_name', WT_REGEX_USERNAME); $user_email = WT_Filter::postEmail('user_email'); $user_password01 = WT_Filter::post('user_password01', WT_REGEX_PASSWORD); $user_password02 = WT_Filter::post('user_password02', WT_REGEX_PASSWORD); $user_comments = WT_Filter::post('user_comments'); $user_password = WT_Filter::post('user_password'); $user_hashcode = WT_Filter::post('user_hashcode'); $url = WT_Filter::post('url'); // Not actually a URL - just a path $username = WT_Filter::post('username'); $password = WT_Filter::post('password'); $timediff = WT_Filter::postInteger('timediff', -43200, 50400, 0); // Same range as date('Z') // These parameters may come from the URL which is emailed to users. if (!$action) { $action = WT_Filter::get('action'); }
$ALL_THEMES_DIRS = array(); foreach (get_theme_names() as $themename => $themedir) { $ALL_THEME_DIRS[] = $themedir; } $ALL_EDIT_OPTIONS = array('none' => WT_I18N::translate('Visitor'), 'access' => WT_I18N::translate('Member'), 'edit' => WT_I18N::translate('Editor'), 'accept' => WT_I18N::translate('Moderator'), 'admin' => WT_I18N::translate('Manager')); // Form actions $action = WT_Filter::get('action', null, 'listusers'); $usrlang = WT_Filter::post('usrlang', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE); $username = WT_Filter::post('username', WT_REGEX_USERNAME); $filter = WT_Filter::post('filter'); $ged = WT_Filter::post('ged'); // Extract form variables $realname = WT_Filter::post('realname'); $pass1 = WT_Filter::post('pass1', WT_REGEX_PASSWORD); $pass2 = WT_Filter::post('pass2', WT_REGEX_PASSWORD); $emailaddress = WT_Filter::postEmail('emailaddress'); $user_theme = WT_Filter::post('user_theme', implode('|', $ALL_THEME_DIRS)); $user_language = WT_Filter::post('user_language', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE); $new_contact_method = WT_Filter::post('new_contact_method'); $new_comment = WT_Filter::post('new_comment'); $new_auto_accept = WT_Filter::postBool('new_auto_accept'); $canadmin = WT_Filter::postBool('canadmin'); $visibleonline = WT_Filter::postBool('visibleonline'); $editaccount = WT_Filter::postBool('editaccount'); $verified = WT_Filter::postBool('verified'); $verified_by_admin = WT_Filter::postBool('verified_by_admin'); switch ($action) { case 'loadrows': // Generate an AJAX/JSON response for datatables to load a block of rows $search = WT_Filter::get('search'); $search = $search['value'];
if (!Auth::id() || !Auth::user()->getSetting('editaccount')) { header('Location: ' . WT_SERVER_NAME . WT_SCRIPT_PATH); exit; } // Valid values for form variables $ALL_THEMES_DIRS = array(); foreach (get_theme_names() as $themename => $themedir) { $ALL_THEME_DIRS[] = $themedir; } // Extract form variables $form_action = WT_Filter::post('form_action'); $form_username = WT_Filter::post('form_username'); $form_realname = WT_Filter::post('form_realname'); $form_pass1 = WT_Filter::post('form_pass1', WT_REGEX_PASSWORD); $form_pass2 = WT_Filter::post('form_pass2', WT_REGEX_PASSWORD); $form_email = WT_Filter::postEmail('form_email'); $form_rootid = WT_Filter::post('form_rootid', WT_REGEX_XREF); $form_theme = WT_Filter::post('form_theme', implode('|', $ALL_THEME_DIRS)); $form_language = WT_Filter::post('form_language', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE); $form_contact_method = WT_Filter::post('form_contact_method'); $form_visible_online = WT_Filter::postBool('form_visible_online'); // Respond to form action if ($form_action == 'update' && WT_Filter::checkCsrf()) { if ($form_username != Auth::user()->getUserName() && User::findByIdentifier($form_username)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.')); } elseif ($form_email != Auth::user()->getEmail() && User::findByIdentifier($form_email)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate email address. A user with that email already exists.')); } else { // Change username if ($form_username != WT_USER_NAME) { Log::addAuthenticationLog('User ' . Auth::user()->getUserName() . ' renamed to ' . $form_username);