842 

   843 /*

   844 function page_Admin_UserManager() {

   845   global $db, $session, $paths, $template, $plugins; // Common objects

   846   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )

   847   {

   848     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';

   849     return;

   850   }

   851   

   852   if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) )

   853   {

   854     $_POST['go'] = true;

   855     $_POST['username'] = $_GET['user'];

   856   }

   857   

   858   if(isset($_POST['go']))

   859   {

   860     // We need the user ID before we can do anything

   861     $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');

   862     if ( !$q )

   863     {

   864       die('Error selecting user ID: '.mysql_error());

   865     }

   866     if ( $db->numrows() < 1 )

   867     {

   868       echo('User does not exist, please enter another username.');

   869       return;

   870     }

   871     $r = $db->fetchrow();

   872     $db->free_result();

   873     if(isset($_POST['save']))

   874     {

   875       $_POST['level'] = intval($_POST['level']);

   876       

   877       $new_level = $_POST['level'];

   878       $old_level = intval($r['user_level']);

   879       

   880       if ( defined('ENANO_DEMO_MODE') )

   881       {

   882         echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';

   883         $re = Array('permission denied');

   884       }

   885       else

   886       {

   887         $re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);

   888       }

   889       

   890       if($re == 'success')

   891       {

   892         

   893         if ( $new_level != $old_level )

   894         {

   895           $user_id = intval($r['user_id']);

   896           // We need to update group memberships

   897           if ( $old_level == USER_LEVEL_ADMIN ) 

   898           {

   899             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');

   900             if ( !$q )

   901               $db->_die();

   902             $session->remove_user_from_group($user_id, GROUP_ID_ADMIN);

   903           }

   904           else if ( $old_level == USER_LEVEL_MOD ) 

   905           {

   906             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');

   907             if ( !$q )

   908               $db->_die();

   909             $session->remove_user_from_group($user_id, GROUP_ID_MOD);

   910           }

   911           

   912           if ( $new_level == USER_LEVEL_ADMIN )

   913           {

   914             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');

   915             if ( !$q )

   916               $db->_die();

   917             $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);

   918           }

   919           else if ( $new_level == USER_LEVEL_MOD )

   920           {

   921             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');

   922             if ( !$q )

   923               $db->_die();

   924             $session->add_user_to_group($user_id, GROUP_ID_MOD, false);

   925           }

   926         }

   927         

   928         // update account activation

   929         if ( isset($_POST['account_active']) )

   930         {

   931           // activate account

   932           $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=1 WHERE user_id=' . intval($r['user_id']) . ';');

   933           if ( !$q )

   934             $db->_die();

   935         }

   936         else

   937         {

   938           // deactivate account and throw away the old key

   939           $actkey = sha1 ( microtime() . mt_rand() );

   940           $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . intval($r['user_id']) . ';');

   941           if ( !$q )

   942             $db->_die();

   943         }

   944         

   945         echo('<div class="info-box">Your changes have been saved.</div>');

   946       }

   947       else

   948       {

   949         echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');

   950       }

   951       $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');

   952       if ( !$q )

   953       {

   954         die('Error selecting user ID: '.mysql_error());

   955       }

   956       if($db->numrows($q) < 1)

   957       {

   958         die('User does not exist, please enter another username.');

   959       }

   960       $r = mysql_fetch_object($q);

   961       $db->free_result();

   962     }

   963     elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))

   964     {

   965       if ( defined('ENANO_DEMO_MODE') )

   966       {

   967         echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';

   968       }

   969       else

   970       {

   971         $q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');

   972         if($q)

   973         {

   974           echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';

   975         }

   976         else

   977         {

   978           echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';

   979         }

   980       }

   981     }

   982     else

   983     {

   984       $disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : '';

   985       $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" style="margin-right: 7px;" ' : '';

   986       $meter         = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td></td><td><div id="pwmeter"></div><p><small>Password complexity requirements are not enforced here.</small></p></td></tr>' : '';

   987       echo('

   988       <h3>Edit User Info</h3>

   989       <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">

   990         <table border="0" style="margin-left: 0.2in;">   

   991           <tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr>

   992           <tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" '.$evt_get_score.'/></td></tr>

   993           '.$meter.'

   994           <tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr>

   995           <tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>

   996           ' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '

   997           <tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>

   998           <tr><td></td><td><label><input type="checkbox" name="account_active"' . ( $r['account_active'] == '1' ? ' checked="checked"' : '' ) . ' /> Account is active</label><br /><small>If this is unchecked, the activation key will be reset, meaning that any activation e-mails sent will be invalidated.</small></td></tr>

   999           <tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>

  1000           <tr><td align="center" colspan="2">

  1001           <input type="submit" name="save" value="Save Changes" /></td></tr>

  1002         </table>

  1003       </form>

  1004       ');

  1005     }

  1006   }

  1007   else if(isset($_POST['clearsessions'])) 

  1008   {

  1009     if ( defined('ENANO_DEMO_MODE') )

  1010     {

  1011       echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';

  1012     }

  1013     else

  1014     {

  1015       // Get the current session information so the user doesn't get logged out

  1016       $aes = new AESCrypt();

  1017       $sk = md5(strrev($session->sid_super));

  1018       $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);

  1019       if ( !$qb )

  1020       {

  1021         die('Error selecting session key info block B: '.$db->get_error());

  1022       }

  1023       if ( $db->numrows($qb) < 1 )

  1024       {

  1025         die('Error: cannot read admin session info block B, aborting table clear process');

  1026       }

  1027       $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);

  1028       if ( !$qa )

  1029       {

  1030         die('Error selecting session key info block A: '.$db->get_error());

  1031       }

  1032       if ( $db->numrows($qa) < 1 )

  1033       {

  1034         die('Error: cannot read user session info block A, aborting table clear process');

  1035       }

  1036       $ra = mysql_fetch_object($qa);

  1037       $rb = mysql_fetch_object($qb);

  1038       $db->free_result($qa);

  1039       $db->free_result($qb);

  1040       

  1041       $db->sql_query('DELETE FROM '.table_prefix.'session_keys;');

  1042       $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');

  1043       

  1044       echo('

  1045         <div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>

  1046       ');

  1047     }

  1048   }   

  1049   echo('

  1050   <h3>User Management</h3>

  1051   <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">

  1052     <p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>

  1053     <h3>Clear session keys table</h3>

  1054      <p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p>

  1055      <p><input type="submit" name="clearsessions" value="Clear session keys table" /></p>

  1056   </form>

  1057   ');

  1058   if(isset($_GET['action']) && isset($_GET['user']))

  1059   {

  1060     switch($_GET['action'])

  1061     {

  1062       case "activate":

  1063         $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');

  1064         if($e)

  1065         {

  1066           $row = $db->fetchrow();

  1067           $db->free_result();

  1068           if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }

  1069           else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';

  1070         } else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';

  1071         break;

  1072       case "sendemail":

  1073         if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }

  1074         else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';

  1075         break;

  1076       case "deny":

  1077         $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');

  1078         if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';

  1079         else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';

  1080         break;

  1081     }

  1082   }

  1083   $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l

  1084                          LEFT JOIN '.table_prefix.'users AS u

  1085                            ON ( u.username = l.edit_summary OR u.username IS NULL )

  1086                          WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');

  1087   if($q)

  1088   {

  1089     if($db->numrows() > 0)

  1090     {

  1091       $n = $db->numrows();

  1092       if($n == 1) $s = $n . ' user is';

  1093       else $s = $n . ' users are';

  1094       echo '<h3>'.$s . ' awaiting account activation</h3>';

  1095       echo '<div class="tblholder">

  1096             <table border="0" cellspacing="1" cellpadding="4" width="100%">

  1097             <tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th>COPPA user</th><th colspan="3">Actions</th></tr>';

  1098       $cls = 'row2';

  1099       while($row = $db->fetchrow())

  1100       {

  1101         if($cls == 'row2') $cls = 'row1';

  1102         else $cls = 'row2';

  1103         $coppa = ( $row['user_coppa'] == '1' ) ? '<b>Yes</b>' : 'No';

  1104         echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&amp;action=activate&amp;user='.$row['edit_summary'].'&amp;logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&amp;action=sendemail&amp;user='.$row['edit_summary'].'&amp;logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&amp;action=deny&amp;user='.$row['edit_summary'].'&amp;logid='.$row['time_id']).'">Deny request</a></td></tr>';

  1105       }

  1106       echo '</table>';

  1107     }

  1108     $db->free_result();

  1109   }

  1110 }

  1111 */