11 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
11 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
12 */ |
12 */ |
13 |
13 |
14 function page_Admin_UserManager() |
14 function page_Admin_UserManager() |
15 { |
15 { |
16 global $db, $session, $paths, $template, $plugins; // Common objects |
16 global $db, $session, $paths, $template, $plugins; // Common objects |
17 global $lang; |
17 global $lang; |
18 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
18 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
19 { |
19 { |
20 $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
20 $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
21 echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
21 echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
22 echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
22 echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
23 return; |
23 return; |
24 } |
24 } |
25 |
25 |
26 require_once(ENANO_ROOT . '/includes/math.php'); |
26 require_once(ENANO_ROOT . '/includes/math.php'); |
27 require_once(ENANO_ROOT . '/includes/diffiehellman.php'); |
27 require_once(ENANO_ROOT . '/includes/diffiehellman.php'); |
28 |
28 |
29 $GLOBALS['dh_supported'] = $dh_supported; |
29 $GLOBALS['dh_supported'] = $dh_supported; |
30 |
30 |
31 //die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>'); |
31 //die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>'); |
32 |
32 |
33 if ( isset($_POST['action']['save']) ) |
33 if ( isset($_POST['action']['save']) ) |
34 { |
34 { |
35 # |
35 # |
36 # BEGIN VALIDATION |
36 # BEGIN VALIDATION |
37 # |
37 # |
38 |
38 |
39 $errors = array(); |
39 $errors = array(); |
40 |
40 |
41 if ( defined('ENANO_DEMO_MODE') ) |
41 if ( defined('ENANO_DEMO_MODE') ) |
42 { |
42 { |
43 $errors[] = $lang->get('acpum_err_nosave_demo'); |
43 $errors[] = $lang->get('acpum_err_nosave_demo'); |
44 } |
44 } |
45 |
45 |
46 $user_id = intval($_POST['user_id']); |
46 $user_id = intval($_POST['user_id']); |
47 if ( empty($user_id) || $user_id == 1 ) |
47 if ( empty($user_id) || $user_id == 1 ) |
48 $errors[] = 'Invalid user ID.'; |
48 $errors[] = 'Invalid user ID.'; |
49 |
49 |
50 if ( isset($_POST['delete_account']) && count($errors) < 1 ) |
50 if ( isset($_POST['delete_account']) && count($errors) < 1 ) |
51 { |
51 { |
52 $q = $db->sql_query('DELETE FROM '.table_prefix."users_extra WHERE user_id=$user_id;"); |
52 $q = $db->sql_query('DELETE FROM '.table_prefix."users_extra WHERE user_id=$user_id;"); |
53 if ( !$q ) |
53 if ( !$q ) |
54 $db->_die(); |
54 $db->_die(); |
55 $q = $db->sql_query('DELETE FROM '.table_prefix."users WHERE user_id=$user_id;"); |
55 $q = $db->sql_query('DELETE FROM '.table_prefix."users WHERE user_id=$user_id;"); |
56 if ( !$q ) |
56 if ( !$q ) |
57 $db->_die(); |
57 $db->_die(); |
58 $q = $db->sql_query('DELETE FROM '.table_prefix."session_keys WHERE user_id=$user_id;"); |
58 $q = $db->sql_query('DELETE FROM '.table_prefix."session_keys WHERE user_id=$user_id;"); |
59 if ( !$q ) |
59 if ( !$q ) |
60 $db->_die(); |
60 $db->_die(); |
61 echo '<div class="info-box">' . $lang->get('acpum_msg_delete_success') . '</div>'; |
61 echo '<div class="info-box">' . $lang->get('acpum_msg_delete_success') . '</div>'; |
62 |
62 |
63 // deleting own account? |
63 // deleting own account? |
64 if ( $user_id === $session->user_id ) |
64 if ( $user_id === $session->user_id ) |
65 { |
65 { |
66 // cute little hack to boot them out of the admin panel |
66 // cute little hack to boot them out of the admin panel |
67 echo '<script type="text/javascript"> |
67 echo '<script type="text/javascript"> |
68 addOnloadHook(function() |
68 addOnloadHook(function() |
69 { |
69 { |
70 setTimeout(function() |
70 setTimeout(function() |
71 { |
71 { |
72 eraseCookie("sid"); |
72 eraseCookie("sid"); |
73 ENANO_SID = false; |
73 ENANO_SID = false; |
74 auth_level = USER_LEVEL_MEMBER; |
74 auth_level = USER_LEVEL_MEMBER; |
75 window.location = makeUrlNS("Special", "Login"); |
75 window.location = makeUrlNS("Special", "Login"); |
76 }, 3000); |
76 }, 3000); |
77 }); |
77 }); |
78 </script>'; |
78 </script>'; |
79 } |
79 } |
80 } |
80 } |
81 else |
81 else |
82 { |
82 { |
83 if ( $session->user_id == $user_id ) |
83 if ( $session->user_id == $user_id ) |
84 { |
84 { |
85 $username = $session->username; |
85 $username = $session->username; |
86 $password = false; |
86 $password = false; |
87 $email = $session->email; |
87 $email = $session->email; |
88 $real_name = $session->real_name; |
88 $real_name = $session->real_name; |
89 } |
89 } |
90 else |
90 else |
91 { |
91 { |
92 $username = $_POST['username']; |
92 $username = $_POST['username']; |
93 if ( !preg_match('#^'.$session->valid_username.'$#', $username) ) |
93 if ( !preg_match('#^'.$session->valid_username.'$#', $username) ) |
94 $errors[] = $lang->get('acpum_err_illegal_username'); |
94 $errors[] = $lang->get('acpum_err_illegal_username'); |
95 |
95 |
96 $password = false; |
96 $password = false; |
97 if ( $_POST['changing_pw'] == 'yes' ) |
97 if ( $_POST['changing_pw'] == 'yes' ) |
98 { |
98 { |
99 $password = $session->get_aes_post('new_password'); |
99 $password = $session->get_aes_post('new_password'); |
100 } |
100 } |
101 |
101 |
102 $email = $_POST['email']; |
102 $email = $_POST['email']; |
103 if ( !preg_match('/^(?:[\w\d]+\.?)+@((?:(?:[\w\d]\-?)+\.)+\w{2,4}|localhost)$/', $email) ) |
103 if ( !preg_match('/^(?:[\w\d]+\.?)+@((?:(?:[\w\d]\-?)+\.)+\w{2,4}|localhost)$/', $email) ) |
104 $errors[] = $lang->get('acpum_err_illegal_email'); |
104 $errors[] = $lang->get('acpum_err_illegal_email'); |
105 |
105 |
106 $real_name = $_POST['real_name']; |
106 $real_name = $_POST['real_name']; |
107 } |
107 } |
108 |
108 |
109 $signature = RenderMan::preprocess_text($_POST['signature'], true, false); |
109 $signature = RenderMan::preprocess_text($_POST['signature'], true, false); |
110 |
110 |
111 $user_level = intval($_POST['user_level']); |
111 $user_level = intval($_POST['user_level']); |
112 if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN ) |
112 if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN ) |
113 $errors[] = 'Invalid user level'; |
113 $errors[] = 'Invalid user level'; |
114 |
114 |
115 $user_rank = $_POST['user_rank']; |
115 $user_rank = $_POST['user_rank']; |
116 if ( $user_rank !== 'NULL' ) |
116 if ( $user_rank !== 'NULL' ) |
117 { |
117 { |
118 $user_rank = intval($user_rank); |
118 $user_rank = intval($user_rank); |
119 if ( !$user_rank ) |
119 if ( !$user_rank ) |
120 $errors[] = 'Invalid user rank'; |
120 $errors[] = 'Invalid user rank'; |
121 } |
121 } |
122 |
122 |
123 $imaddr_aim = htmlspecialchars($_POST['imaddr_aim']); |
123 $imaddr_aim = htmlspecialchars($_POST['imaddr_aim']); |
124 $imaddr_msn = htmlspecialchars($_POST['imaddr_msn']); |
124 $imaddr_msn = htmlspecialchars($_POST['imaddr_msn']); |
125 $imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']); |
125 $imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']); |
126 $imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']); |
126 $imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']); |
127 $homepage = htmlspecialchars($_POST['homepage']); |
127 $homepage = htmlspecialchars($_POST['homepage']); |
128 $location = htmlspecialchars($_POST['location']); |
128 $location = htmlspecialchars($_POST['location']); |
129 $occupation = htmlspecialchars($_POST['occupation']); |
129 $occupation = htmlspecialchars($_POST['occupation']); |
130 $hobbies = htmlspecialchars($_POST['hobbies']); |
130 $hobbies = htmlspecialchars($_POST['hobbies']); |
131 $email_public = ( isset($_POST['email_public']) ) ? '1' : '0'; |
131 $email_public = ( isset($_POST['email_public']) ) ? '1' : '0'; |
132 $user_title = htmlspecialchars($_POST['user_title']); |
132 $user_title = htmlspecialchars($_POST['user_title']); |
133 |
133 |
134 if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) ) |
134 if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) ) |
135 { |
135 { |
136 $imaddr_msn = "$imaddr_msn@hotmail.com"; |
136 $imaddr_msn = "$imaddr_msn@hotmail.com"; |
137 } |
137 } |
138 |
138 |
139 if ( !preg_match('#^https?://#', $homepage) ) |
139 if ( !preg_match('#^https?://#', $homepage) ) |
140 { |
140 { |
141 $homepage = "http://$homepage"; |
141 $homepage = "http://$homepage"; |
142 } |
142 } |
143 |
143 |
144 if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) ) |
144 if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) ) |
145 { |
145 { |
146 $homepage = ''; |
146 $homepage = ''; |
147 } |
147 } |
148 |
148 |
149 // true for quiet operation |
149 // true for quiet operation |
150 list(, , $avatar_post_fail) = avatar_post($user_id, true); |
150 list(, , $avatar_post_fail) = avatar_post($user_id, true); |
151 |
151 |
152 if ( count($errors) < 1 && !$avatar_post_fail ) |
152 if ( count($errors) < 1 && !$avatar_post_fail ) |
153 { |
153 { |
154 $q = $db->sql_query('SELECT u.user_level, u.user_has_avatar, u.avatar_type, u.username FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';'); |
154 $q = $db->sql_query('SELECT u.user_level, u.user_has_avatar, u.avatar_type, u.username FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';'); |
155 if ( !$q ) |
155 if ( !$q ) |
156 $db->_die(); |
156 $db->_die(); |
157 |
157 |
158 if ( $db->numrows() < 1 ) |
158 if ( $db->numrows() < 1 ) |
159 { |
159 { |
160 echo 'Couldn\'t select user data: no rows returned'; |
160 echo 'Couldn\'t select user data: no rows returned'; |
161 } |
161 } |
162 |
162 |
163 $row = $db->fetchrow(); |
163 $row = $db->fetchrow(); |
164 $existing_level =& $row['user_level']; |
164 $existing_level =& $row['user_level']; |
165 $avi_type =& $row['avatar_type']; |
165 $avi_type =& $row['avatar_type']; |
166 $has_avi = ( $row['user_has_avatar'] == 1 ); |
166 $has_avi = ( $row['user_has_avatar'] == 1 ); |
167 $old_username = $row['username']; |
167 $old_username = $row['username']; |
168 $db->free_result(); |
168 $db->free_result(); |
169 |
169 |
170 $to_update_users = array(); |
170 $to_update_users = array(); |
171 if ( $user_id != $session->user_id ) |
171 if ( $user_id != $session->user_id ) |
172 { |
172 { |
173 $to_update_users['username'] = $username; |
173 $to_update_users['username'] = $username; |
174 if ( $password ) |
174 if ( $password ) |
175 { |
175 { |
176 $session->set_password($user_id, $password); |
176 $session->set_password($user_id, $password); |
177 } |
177 } |
178 $to_update_users['email'] = $email; |
178 $to_update_users['email'] = $email; |
179 $to_update_users['real_name'] = $real_name; |
179 $to_update_users['real_name'] = $real_name; |
180 } |
180 } |
181 $to_update_users['signature'] = $signature; |
181 $to_update_users['signature'] = $signature; |
182 $to_update_users['user_level'] = $user_level; |
182 $to_update_users['user_level'] = $user_level; |
183 $to_update_users['user_rank'] = $user_rank; |
183 $to_update_users['user_rank'] = $user_rank; |
184 $to_update_users['user_title'] = $user_title; |
184 $to_update_users['user_title'] = $user_title; |
185 |
185 |
186 if ( $user_rank > 0 ) |
186 if ( $user_rank > 0 ) |
187 { |
187 { |
188 $to_update_users['user_rank_userset'] = '0'; |
188 $to_update_users['user_rank_userset'] = '0'; |
189 } |
189 } |
190 |
190 |
191 if ( isset($_POST['account_active']) ) |
191 if ( isset($_POST['account_active']) ) |
192 { |
192 { |
193 $to_update_users['account_active'] = "1"; |
193 $to_update_users['account_active'] = "1"; |
194 } |
194 } |
195 else |
195 else |
196 { |
196 { |
197 $to_update_users['account_active'] = "0"; |
197 $to_update_users['account_active'] = "0"; |
198 $to_update_users['activation_key'] = sha1($session->dss_rand()); |
198 $to_update_users['activation_key'] = sha1($session->dss_rand()); |
199 } |
199 } |
200 |
200 |
201 if ( count($errors) < 1 ) |
201 if ( count($errors) < 1 ) |
202 { |
202 { |
203 $to_update_users_extra = array(); |
203 $to_update_users_extra = array(); |
204 $to_update_users_extra['user_aim'] = $imaddr_aim; |
204 $to_update_users_extra['user_aim'] = $imaddr_aim; |
205 $to_update_users_extra['user_msn'] = $imaddr_msn; |
205 $to_update_users_extra['user_msn'] = $imaddr_msn; |
206 $to_update_users_extra['user_yahoo'] = $imaddr_yahoo; |
206 $to_update_users_extra['user_yahoo'] = $imaddr_yahoo; |
207 $to_update_users_extra['user_xmpp'] = $imaddr_xmpp; |
207 $to_update_users_extra['user_xmpp'] = $imaddr_xmpp; |
208 $to_update_users_extra['user_homepage'] = $homepage; |
208 $to_update_users_extra['user_homepage'] = $homepage; |
209 $to_update_users_extra['user_location'] = $location; |
209 $to_update_users_extra['user_location'] = $location; |
210 $to_update_users_extra['user_job'] = $occupation; |
210 $to_update_users_extra['user_job'] = $occupation; |
211 $to_update_users_extra['user_hobbies'] = $hobbies; |
211 $to_update_users_extra['user_hobbies'] = $hobbies; |
212 $to_update_users_extra['email_public'] = ( $email_public ) ? '1' : '0'; |
212 $to_update_users_extra['email_public'] = ( $email_public ) ? '1' : '0'; |
213 |
213 |
214 $update_sql = ''; |
214 $update_sql = ''; |
215 |
215 |
216 foreach ( $to_update_users as $key => $unused_crap ) |
216 foreach ( $to_update_users as $key => $unused_crap ) |
217 { |
217 { |
218 $value =& $to_update_users[$key]; |
218 $value =& $to_update_users[$key]; |
219 if ( $value !== 'NULL' ) |
219 if ( $value !== 'NULL' ) |
220 $value = "'" . $db->escape($value) . "'"; |
220 $value = "'" . $db->escape($value) . "'"; |
221 |
221 |
222 $update_sql .= ( empty($update_sql) ? '' : ',' ) . "$key=$value"; |
222 $update_sql .= ( empty($update_sql) ? '' : ',' ) . "$key=$value"; |
223 } |
223 } |
224 |
224 |
225 $update_sql = 'UPDATE ' . table_prefix . "users SET $update_sql WHERE user_id=$user_id;"; |
225 $update_sql = 'UPDATE ' . table_prefix . "users SET $update_sql WHERE user_id=$user_id;"; |
226 |
226 |
227 $update_sql_extra = ''; |
227 $update_sql_extra = ''; |
228 |
228 |
229 foreach ( $to_update_users_extra as $key => $unused_crap ) |
229 foreach ( $to_update_users_extra as $key => $unused_crap ) |
230 { |
230 { |
231 $value =& $to_update_users_extra[$key]; |
231 $value =& $to_update_users_extra[$key]; |
232 $value = $db->escape($value); |
232 $value = $db->escape($value); |
233 $update_sql_extra .= ( empty($update_sql_extra) ? '' : ',' ) . "$key='$value'"; |
233 $update_sql_extra .= ( empty($update_sql_extra) ? '' : ',' ) . "$key='$value'"; |
234 } |
234 } |
235 |
235 |
236 $update_sql_extra = 'UPDATE '.table_prefix."users_extra SET $update_sql_extra WHERE user_id=$user_id;"; |
236 $update_sql_extra = 'UPDATE '.table_prefix."users_extra SET $update_sql_extra WHERE user_id=$user_id;"; |
237 |
237 |
238 if ( !$db->sql_query($update_sql) ) |
238 if ( !$db->sql_query($update_sql) ) |
239 $db->_die(); |
239 $db->_die(); |
240 |
240 |
241 if ( !$db->sql_query($update_sql_extra) ) |
241 if ( !$db->sql_query($update_sql_extra) ) |
242 $db->_die(); |
242 $db->_die(); |
243 |
243 |
244 // If the username was changed, we need to update their user page as well |
244 // If the username was changed, we need to update their user page as well |
245 if ( $old_username != $username ) |
245 if ( $old_username != $username ) |
246 { |
246 { |
247 $page = new PageProcessor($old_username, 'User'); |
247 $page = new PageProcessor($old_username, 'User'); |
248 if ( $page->exists() ) |
248 if ( $page->exists() ) |
249 { |
249 { |
250 // they have a user page, rename it |
250 // they have a user page, rename it |
251 $old_urlname = $db->escape(sanitize_page_id($old_username)); |
251 $old_urlname = $db->escape(sanitize_page_id($old_username)); |
252 $new_urlname = $db->escape(sanitize_page_id($username)); |
252 $new_urlname = $db->escape(sanitize_page_id($username)); |
253 $sql = array( |
253 $sql = array( |
254 'UPDATE ' . table_prefix . "pages SET urlname = '$new_urlname' WHERE urlname = '$old_urlname' AND namespace = 'User';", |
254 'UPDATE ' . table_prefix . "pages SET urlname = '$new_urlname' WHERE urlname = '$old_urlname' AND namespace = 'User';", |
255 // Change the page's title ONLY if it exactly matches the old username |
255 // Change the page's title ONLY if it exactly matches the old username |
256 'UPDATE ' . table_prefix . "pages SET name = '" . $db->escape($username) . "' WHERE urlname = '$new_urlname' AND name = '" . $db->escape($old_username) . "' AND namespace = 'User';", |
256 'UPDATE ' . table_prefix . "pages SET name = '" . $db->escape($username) . "' WHERE urlname = '$new_urlname' AND name = '" . $db->escape($old_username) . "' AND namespace = 'User';", |
257 'UPDATE ' . table_prefix . "logs SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';", |
257 'UPDATE ' . table_prefix . "logs SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';", |
258 'UPDATE ' . table_prefix . "tags SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';", |
258 'UPDATE ' . table_prefix . "tags SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';", |
259 'UPDATE ' . table_prefix . "comments SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';", |
259 'UPDATE ' . table_prefix . "comments SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';", |
260 'UPDATE ' . table_prefix . "page_text SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';", |
260 'UPDATE ' . table_prefix . "page_text SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';", |
261 'UPDATE ' . table_prefix . "categories SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';" |
261 'UPDATE ' . table_prefix . "categories SET page_id = '$new_urlname' WHERE page_id = '$old_urlname' AND namespace = 'User';" |
262 ); |
262 ); |
263 foreach ( $sql as $q ) |
263 foreach ( $sql as $q ) |
264 { |
264 { |
265 if ( !$db->sql_query($q) ) |
265 if ( !$db->sql_query($q) ) |
266 $db->_die('UserManager renaming user page post-username change'); |
266 $db->_die('UserManager renaming user page post-username change'); |
267 } |
267 } |
268 } |
268 } |
269 } |
269 } |
270 |
270 |
271 if ( $existing_level != $user_level ) |
271 if ( $existing_level != $user_level ) |
272 { |
272 { |
273 // We need to update group memberships |
273 // We need to update group memberships |
274 if ( $existing_level == USER_LEVEL_ADMIN ) |
274 if ( $existing_level == USER_LEVEL_ADMIN ) |
275 { |
275 { |
276 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_from_admin\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); |
276 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_from_admin\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); |
277 if ( !$q ) |
277 if ( !$q ) |
278 $db->_die(); |
278 $db->_die(); |
279 $session->remove_user_from_group($user_id, GROUP_ID_ADMIN); |
279 $session->remove_user_from_group($user_id, GROUP_ID_ADMIN); |
280 } |
280 } |
281 else if ( $existing_level == USER_LEVEL_MOD ) |
281 else if ( $existing_level == USER_LEVEL_MOD ) |
282 { |
282 { |
283 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_from_mod\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); |
283 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_from_mod\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); |
284 if ( !$q ) |
284 if ( !$q ) |
285 $db->_die(); |
285 $db->_die(); |
286 $session->remove_user_from_group($user_id, GROUP_ID_MOD); |
286 $session->remove_user_from_group($user_id, GROUP_ID_MOD); |
287 } |
287 } |
288 |
288 |
289 if ( $user_level == USER_LEVEL_ADMIN ) |
289 if ( $user_level == USER_LEVEL_ADMIN ) |
290 { |
290 { |
291 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_to_admin\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); |
291 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_to_admin\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); |
292 if ( !$q ) |
292 if ( !$q ) |
293 $db->_die(); |
293 $db->_die(); |
294 $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false); |
294 $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false); |
295 } |
295 } |
296 else if ( $user_level == USER_LEVEL_MOD ) |
296 else if ( $user_level == USER_LEVEL_MOD ) |
297 { |
297 { |
298 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_to_mod\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); |
298 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,author_uid,page_text) VALUES(\'security\',\'u_to_mod\',' . time() . ', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\', ' . $session->user_id . ', \'' . $db->escape($session->username) . '\', \'' . $db->escape($username) . '\');'); |
299 if ( !$q ) |
299 if ( !$q ) |
300 $db->_die(); |
300 $db->_die(); |
301 $session->add_user_to_group($user_id, GROUP_ID_MOD, false); |
301 $session->add_user_to_group($user_id, GROUP_ID_MOD, false); |
302 } |
302 } |
303 } |
303 } |
304 |
304 |
305 // user level updated, regenerate the ranks cache |
305 // user level updated, regenerate the ranks cache |
306 generate_cache_userranks(); |
306 generate_cache_userranks(); |
307 |
307 |
308 echo '<div class="info-box">' . $lang->get('acpum_msg_save_success') . '</div>'; |
308 echo '<div class="info-box">' . $lang->get('acpum_msg_save_success') . '</div>'; |
309 } |
309 } |
310 } |
310 } |
311 } |
311 } |
312 |
312 |
313 if ( count($errors) > 0 || @$avatar_post_fail ) |
313 if ( count($errors) > 0 || @$avatar_post_fail ) |
314 { |
314 { |
315 if ( count($errors) > 0 ) |
315 if ( count($errors) > 0 ) |
316 { |
316 { |
317 echo '<div class="error-box"> |
317 echo '<div class="error-box"> |
318 <b>' . $lang->get('acpum_err_validation_fail') . '</b> |
318 <b>' . $lang->get('acpum_err_validation_fail') . '</b> |
319 <ul> |
319 <ul> |
320 <li>' . implode("</li>\n <li>", $errors) . '</li> |
320 <li>' . implode("</li>\n <li>", $errors) . '</li> |
321 </ul> |
321 </ul> |
322 </div>'; |
322 </div>'; |
323 } |
323 } |
324 $form = new Admin_UserManager_SmartForm(); |
324 $form = new Admin_UserManager_SmartForm(); |
325 $form->user_id = $user_id; |
325 $form->user_id = $user_id; |
326 $form->username = $username; |
326 $form->username = $username; |
327 $form->email = $email; |
327 $form->email = $email; |
328 $form->real_name = $real_name; |
328 $form->real_name = $real_name; |
329 $form->signature = $signature; |
329 $form->signature = $signature; |
330 $form->user_level = $user_level; |
330 $form->user_level = $user_level; |
331 $form->user_rank = $user_rank; |
331 $form->user_rank = $user_rank; |
332 $form->user_title = $user_title; |
332 $form->user_title = $user_title; |
333 $form->im = array( |
333 $form->im = array( |
334 'aim' => $imaddr_aim, |
334 'aim' => $imaddr_aim, |
335 'yahoo' => $imaddr_yahoo, |
335 'yahoo' => $imaddr_yahoo, |
336 'msn' => $imaddr_msn, |
336 'msn' => $imaddr_msn, |
337 'xmpp' => $imaddr_xmpp |
337 'xmpp' => $imaddr_xmpp |
338 ); |
338 ); |
339 $form->contact = array( |
339 $form->contact = array( |
340 'homepage' => $homepage, |
340 'homepage' => $homepage, |
341 'location' => $location, |
341 'location' => $location, |
342 'job' => $occupation, |
342 'job' => $occupation, |
343 'hobbies' => $hobbies |
343 'hobbies' => $hobbies |
344 ); |
344 ); |
345 $form->email_public = ( isset($_POST['email_public']) ); |
345 $form->email_public = ( isset($_POST['email_public']) ); |
346 $form->account_active = ( isset($_POST['account_active']) ); |
346 $form->account_active = ( isset($_POST['account_active']) ); |
347 // This is SAFE. The smartform calls is_valid_ip() on this value, thus preventing XSS |
347 // This is SAFE. The smartform calls is_valid_ip() on this value, thus preventing XSS |
348 // attempts from making it into the form HTML. Badly coded templates may still be |
348 // attempts from making it into the form HTML. Badly coded templates may still be |
349 // affected, but if have_reg_ip is checked for, then you're fine. |
349 // affected, but if have_reg_ip is checked for, then you're fine. |
350 $form->reg_ip_addr = $_POST['user_registration_ip']; |
350 $form->reg_ip_addr = $_POST['user_registration_ip']; |
351 echo $form->render(); |
351 echo $form->render(); |
352 return false; |
352 return false; |
353 } |
353 } |
354 |
354 |
355 # |
355 # |
356 # END VALIDATION |
356 # END VALIDATION |
357 # |
357 # |
358 } |
358 } |
359 else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) || ($pathsuser = $paths->getParam(0)) ) |
359 else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) || ($pathsuser = $paths->getParam(0)) ) |
360 { |
360 { |
361 if ( isset($_GET['user']) ) |
361 if ( isset($_GET['user']) ) |
362 { |
362 { |
363 $username =& $_GET['user']; |
363 $username =& $_GET['user']; |
364 } |
364 } |
365 else if ( isset($_GET['username']) ) |
365 else if ( isset($_GET['username']) ) |
366 { |
366 { |
367 $username =& $_GET['username']; |
367 $username =& $_GET['username']; |
368 } |
368 } |
369 else if ( isset($_POST['username']) ) |
369 else if ( isset($_POST['username']) ) |
370 { |
370 { |
371 $username =& $_POST['username']; |
371 $username =& $_POST['username']; |
372 } |
372 } |
373 else if ( $pathsuser ) |
373 else if ( $pathsuser ) |
374 { |
374 { |
375 $username = str_replace('_', ' ', dirtify_page_id($pathsuser)); |
375 $username = str_replace('_', ' ', dirtify_page_id($pathsuser)); |
376 } |
376 } |
377 else |
377 else |
378 { |
378 { |
379 echo 'No username provided'; |
379 echo 'No username provided'; |
380 return false; |
380 return false; |
381 } |
381 } |
382 $q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, u.user_rank, u.user_title, u.user_has_avatar, u.avatar_type, u.user_registration_ip, x.* FROM '.table_prefix.'users AS u |
382 $q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, u.user_rank, u.user_title, u.user_has_avatar, u.avatar_type, u.user_registration_ip, x.* FROM '.table_prefix.'users AS u |
383 LEFT JOIN '.table_prefix.'users_extra AS x |
383 LEFT JOIN '.table_prefix.'users_extra AS x |
384 ON ( u.user_id = x.user_id OR x.user_id IS NULL ) |
384 ON ( u.user_id = x.user_id OR x.user_id IS NULL ) |
385 WHERE ( ' . ENANO_SQLFUNC_LOWERCASE . '(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\' ) AND u.user_id != 1;'); |
385 WHERE ( ' . ENANO_SQLFUNC_LOWERCASE . '(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\' ) AND u.user_id != 1;'); |
386 if ( !$q ) |
386 if ( !$q ) |
387 $db->_die(); |
387 $db->_die(); |
388 |
388 |
389 if ( $db->numrows() < 1 ) |
389 if ( $db->numrows() < 1 ) |
390 { |
390 { |
391 echo '<div class="error-box">' . $lang->get('acpum_err_bad_username') . '</div>'; |
391 echo '<div class="error-box">' . $lang->get('acpum_err_bad_username') . '</div>'; |
392 } |
392 } |
393 else |
393 else |
394 { |
394 { |
395 $row = $db->fetchrow(); |
395 $row = $db->fetchrow(); |
396 $row['user_id'] = $row['authoritative_uid']; |
396 $row['user_id'] = $row['authoritative_uid']; |
397 $form = new Admin_UserManager_SmartForm(); |
397 $form = new Admin_UserManager_SmartForm(); |
398 $form->user_id = $row['user_id']; |
398 $form->user_id = $row['user_id']; |
399 $form->username = $row['username']; |
399 $form->username = $row['username']; |
400 $form->email = $row['email']; |
400 $form->email = $row['email']; |
401 $form->real_name = $row['real_name']; |
401 $form->real_name = $row['real_name']; |
402 $form->signature = $row['signature']; |
402 $form->signature = $row['signature']; |
403 $form->user_level= $row['user_level']; |
403 $form->user_level= $row['user_level']; |
404 $form->user_rank = $row['user_rank']; |
404 $form->user_rank = $row['user_rank']; |
405 $form->user_title= $row['user_title']; |
405 $form->user_title= $row['user_title']; |
406 $form->account_active = ( $row['account_active'] == 1 ); |
406 $form->account_active = ( $row['account_active'] == 1 ); |
407 $form->email_public = ( $row['email_public'] == 1 ); |
407 $form->email_public = ( $row['email_public'] == 1 ); |
408 $form->has_avatar = ( $row['user_has_avatar'] == 1 ); |
408 $form->has_avatar = ( $row['user_has_avatar'] == 1 ); |
409 $form->avi_type = $row['avatar_type']; |
409 $form->avi_type = $row['avatar_type']; |
410 $form->im = array( |
410 $form->im = array( |
411 'aim' => $row['user_aim'], |
411 'aim' => $row['user_aim'], |
412 'yahoo' => $row['user_yahoo'], |
412 'yahoo' => $row['user_yahoo'], |
413 'msn' => $row['user_msn'], |
413 'msn' => $row['user_msn'], |
414 'xmpp' => $row['user_xmpp'] |
414 'xmpp' => $row['user_xmpp'] |
415 ); |
415 ); |
416 $form->contact = array( |
416 $form->contact = array( |
417 'homepage' => $row['user_homepage'], |
417 'homepage' => $row['user_homepage'], |
418 'location' => $row['user_location'], |
418 'location' => $row['user_location'], |
419 'job' => $row['user_job'], |
419 'job' => $row['user_job'], |
420 'hobbies' => $row['user_hobbies'], |
420 'hobbies' => $row['user_hobbies'], |
421 ); |
421 ); |
422 $form->email_public = ( $row['email_public'] == 1 ); |
422 $form->email_public = ( $row['email_public'] == 1 ); |
423 $form->reg_ip_addr = ( $row['user_registration_ip'] ) ? $row['user_registration_ip'] : ''; |
423 $form->reg_ip_addr = ( $row['user_registration_ip'] ) ? $row['user_registration_ip'] : ''; |
424 $html = $form->render(); |
424 $html = $form->render(); |
425 if ( !$html ) |
425 if ( !$html ) |
426 { |
426 { |
427 echo 'Internal error: form processor returned false'; |
427 echo 'Internal error: form processor returned false'; |
428 } |
428 } |
429 else |
429 else |
430 { |
430 { |
431 echo $html; |
431 echo $html; |
432 } |
432 } |
433 return true; |
433 return true; |
434 } |
434 } |
435 } |
435 } |
436 else if ( isset($_POST['action']['clear_sessions']) ) |
436 else if ( isset($_POST['action']['clear_sessions']) ) |
437 { |
437 { |
438 if ( defined('ENANO_DEMO_MODE') ) |
438 if ( defined('ENANO_DEMO_MODE') ) |
439 { |
439 { |
440 echo '<div class="error-box">' . $lang->get('acpum_err_sessionclear_demo') . '</div>'; |
440 echo '<div class="error-box">' . $lang->get('acpum_err_sessionclear_demo') . '</div>'; |
441 } |
441 } |
442 else |
442 else |
443 { |
443 { |
444 // Get the current session information so the user doesn't get logged out |
444 // Get the current session information so the user doesn't get logged out |
445 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
445 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
446 $sk = md5($session->sid_super); |
446 $sk = md5($session->sid_super); |
447 $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN); |
447 $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN); |
448 if ( !$qb ) |
448 if ( !$qb ) |
449 { |
449 { |
450 die('Error selecting session key info block B: '.$db->get_error()); |
450 die('Error selecting session key info block B: '.$db->get_error()); |
451 } |
451 } |
452 if ( $db->numrows($qb) < 1 ) |
452 if ( $db->numrows($qb) < 1 ) |
453 { |
453 { |
454 die('Error: cannot read admin session info block B, aborting table clear process'); |
454 die('Error: cannot read admin session info block B, aborting table clear process'); |
455 } |
455 } |
456 $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER); |
456 $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER); |
457 if ( !$qa ) |
457 if ( !$qa ) |
458 { |
458 { |
459 die('Error selecting session key info block A: '.$db->get_error()); |
459 die('Error selecting session key info block A: '.$db->get_error()); |
460 } |
460 } |
461 if ( $db->numrows($qa) < 1 ) |
461 if ( $db->numrows($qa) < 1 ) |
462 { |
462 { |
463 die('Error: cannot read user session info block A, aborting table clear process'); |
463 die('Error: cannot read user session info block A, aborting table clear process'); |
464 } |
464 } |
465 $ra = $db->fetchrow($qa); |
465 $ra = $db->fetchrow($qa); |
466 $rb = $db->fetchrow($qb); |
466 $rb = $db->fetchrow($qb); |
467 $db->free_result($qa); |
467 $db->free_result($qa); |
468 $db->free_result($qb); |
468 $db->free_result($qb); |
469 |
469 |
470 $db->sql_query('DELETE FROM '.table_prefix.'session_keys;'); |
470 $db->sql_query('DELETE FROM '.table_prefix.'session_keys;'); |
471 $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra['session_key'].'\', \'' . $db->escape($ra['salt']) . '\', \''.$session->user_id.'\', \''.$ra['auth_level'].'\', \''.$ra['source_ip'].'\', '.$ra['time'].' ),( \''.$rb['session_key'].'\', \'' . $db->escape($rb['salt']) . '\', \''.$session->user_id.'\', \''.$rb['auth_level'].'\', \''.$rb['source_ip'].'\', '.$rb['time'].' )'); |
471 $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra['session_key'].'\', \'' . $db->escape($ra['salt']) . '\', \''.$session->user_id.'\', \''.$ra['auth_level'].'\', \''.$ra['source_ip'].'\', '.$ra['time'].' ),( \''.$rb['session_key'].'\', \'' . $db->escape($rb['salt']) . '\', \''.$session->user_id.'\', \''.$rb['auth_level'].'\', \''.$rb['source_ip'].'\', '.$rb['time'].' )'); |
472 |
472 |
473 echo '<div class="info-box">' . $lang->get('acpum_msg_sessionclear_success') . '</div>'; |
473 echo '<div class="info-box">' . $lang->get('acpum_msg_sessionclear_success') . '</div>'; |
474 } |
474 } |
475 } |
475 } |
476 echo '<form action="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true) . '" method="post" enctype="multipart/form-data" onsubmit="if ( !submitAuthorized ) return false;">'; |
476 echo '<form action="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true) . '" method="post" enctype="multipart/form-data" onsubmit="if ( !submitAuthorized ) return false;">'; |
477 echo '<h3>' . $lang->get('acpum_heading_main') . '</h3>'; |
477 echo '<h3>' . $lang->get('acpum_heading_main') . '</h3>'; |
478 echo '<p>' . $lang->get('acpum_hint_intro') . '</p>'; |
478 echo '<p>' . $lang->get('acpum_hint_intro') . '</p>'; |
479 echo '<table border="0"> |
479 echo '<table border="0"> |
480 <tr> |
480 <tr> |
481 <td><b>' . $lang->get('acpum_field_search_user') . '</b><br /> |
481 <td><b>' . $lang->get('acpum_field_search_user') . '</b><br /> |
482 <small>' . $lang->get('acpum_field_search_user_hint') . '</small> |
482 <small>' . $lang->get('acpum_field_search_user_hint') . '</small> |
483 </td> |
483 </td> |
484 <td style="width: 10px;"></td> |
484 <td style="width: 10px;"></td> |
485 <td>' . $template->username_field('username') . '</td> |
485 <td>' . $template->username_field('username') . '</td> |
486 <td> |
486 <td> |
487 <input type="submit" name="action[go]" value="' . $lang->get('acpum_btn_search_user_go') . ' »" /> |
487 <input type="submit" name="action[go]" value="' . $lang->get('acpum_btn_search_user_go') . ' »" /> |
488 </td> |
488 </td> |
489 </tr> |
489 </tr> |
490 </table>'; |
490 </table>'; |
491 echo '<h3>' . $lang->get('acpum_heading_clear_sessions') . '</h3>'; |
491 echo '<h3>' . $lang->get('acpum_heading_clear_sessions') . '</h3>'; |
492 echo '<p>' . $lang->get('acpum_hint_clear_sessions') . '</p>'; |
492 echo '<p>' . $lang->get('acpum_hint_clear_sessions') . '</p>'; |
493 echo '<p><input type="submit" name="action[clear_sessions]" value="' . $lang->get('acpum_btn_clear_sessions') . '" /></p>'; |
493 echo '<p><input type="submit" name="action[clear_sessions]" value="' . $lang->get('acpum_btn_clear_sessions') . '" /></p>'; |
494 echo '</form>'; |
494 echo '</form>'; |
495 |
495 |
496 if(isset($_GET['action']) && isset($_GET['user'])) |
496 if(isset($_GET['action']) && isset($_GET['user'])) |
497 { |
497 { |
498 switch($_GET['action']) |
498 switch($_GET['action']) |
499 { |
499 { |
500 case "activate": |
500 case "activate": |
501 $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\''); |
501 $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\''); |
502 if ( $e ) |
502 if ( $e ) |
503 { |
503 { |
504 // attempt to activate the account |
504 // attempt to activate the account |
505 $row = $db->fetchrow(); |
505 $row = $db->fetchrow(); |
506 $db->free_result(); |
506 $db->free_result(); |
507 if ( $session->activate_account($_GET['user'], $row['activation_key']) ) |
507 if ( $session->activate_account($_GET['user'], $row['activation_key']) ) |
508 { |
508 { |
509 echo '<div class="info-box">' . $lang->get('acpum_msg_activate_success', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
509 echo '<div class="info-box">' . $lang->get('acpum_msg_activate_success', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
510 $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); |
510 $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); |
511 } |
511 } |
512 else |
512 else |
513 { |
513 { |
514 echo '<div class="warning-box">' . $lang->get('acpum_err_activate_fail', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
514 echo '<div class="warning-box">' . $lang->get('acpum_err_activate_fail', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
515 } |
515 } |
516 } |
516 } |
517 else |
517 else |
518 { |
518 { |
519 echo '<div class="error-box">Error activating account: '.$db->get_error().'</div>'; |
519 echo '<div class="error-box">Error activating account: '.$db->get_error().'</div>'; |
520 } |
520 } |
521 break; |
521 break; |
522 case "sendemail": |
522 case "sendemail": |
523 if ( $session->send_activation_mail($_GET['user'] ) ) |
523 if ( $session->send_activation_mail($_GET['user'] ) ) |
524 { |
524 { |
525 echo '<div class="info-box">' . $lang->get('acpum_msg_activate_email_success', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
525 echo '<div class="info-box">' . $lang->get('acpum_msg_activate_email_success', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
526 $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); |
526 $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); |
527 } |
527 } |
528 else |
528 else |
529 { |
529 { |
530 echo '<div class="error-box">' . $lang->get('acpum_err_activate_email_fail', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
530 echo '<div class="error-box">' . $lang->get('acpum_err_activate_email_fail', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
531 } |
531 } |
532 break; |
532 break; |
533 case "deny": |
533 case "deny": |
534 $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND time_id=\'' . $db->escape($_GET['logid']) . '\';'); |
534 $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND time_id=\'' . $db->escape($_GET['logid']) . '\';'); |
535 if ( !$e ) |
535 if ( !$e ) |
536 { |
536 { |
537 echo '<div class="error-box">Error during row deletion: '.$db->get_error().'</div>'; |
537 echo '<div class="error-box">Error during row deletion: '.$db->get_error().'</div>'; |
538 } |
538 } |
539 else |
539 else |
540 { |
540 { |
541 echo '<div class="info-box">' . $lang->get('acpum_msg_activate_deny_success', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
541 echo '<div class="info-box">' . $lang->get('acpum_msg_activate_deny_success', array('username' => htmlspecialchars($_GET['user']))) . '</div>'; |
542 } |
542 } |
543 break; |
543 break; |
544 } |
544 } |
545 } |
545 } |
546 $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l |
546 $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l |
547 LEFT JOIN '.table_prefix.'users AS u |
547 LEFT JOIN '.table_prefix.'users AS u |
548 ON ( u.username = l.edit_summary OR u.username IS NULL ) |
548 ON ( u.username = l.edit_summary OR u.username IS NULL ) |
549 WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;'); |
549 WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;'); |
550 if($q) |
550 if($q) |
551 { |
551 { |
552 if($db->numrows() > 0) |
552 if($db->numrows() > 0) |
553 { |
553 { |
554 $n = $db->numrows(); |
554 $n = $db->numrows(); |
555 $str = ( $n == 1 ) ? |
555 $str = ( $n == 1 ) ? |
556 $lang->get('acpum_heading_activation_one') : |
556 $lang->get('acpum_heading_activation_one') : |
557 $lang->get('acpum_heading_activation_plural', array('count' => strval($n))); |
557 $lang->get('acpum_heading_activation_plural', array('count' => strval($n))); |
558 |
558 |
559 echo '<h3>' . $str . '</h3>'; |
559 echo '<h3>' . $str . '</h3>'; |
560 |
560 |
561 echo '<div class="tblholder"> |
561 echo '<div class="tblholder"> |
562 <table border="0" cellspacing="1" cellpadding="4" width="100%"> |
562 <table border="0" cellspacing="1" cellpadding="4" width="100%"> |
563 <tr> |
563 <tr> |
564 <th>' . $lang->get('acpum_col_activate_timestamp') . '</th> |
564 <th>' . $lang->get('acpum_col_activate_timestamp') . '</th> |
565 <th>' . $lang->get('acpum_col_activate_requestedby') . '</th> |
565 <th>' . $lang->get('acpum_col_activate_requestedby') . '</th> |
566 <th>' . $lang->get('acpum_col_activate_requestedfor') . '</th> |
566 <th>' . $lang->get('acpum_col_activate_requestedfor') . '</th> |
567 <th>' . $lang->get('acpum_col_activate_coppauser') . '</th> |
567 <th>' . $lang->get('acpum_col_activate_coppauser') . '</th> |
568 <th colspan="3">' . $lang->get('acpum_col_activate_actions') . '</th> |
568 <th colspan="3">' . $lang->get('acpum_col_activate_actions') . '</th> |
569 </tr>'; |
569 </tr>'; |
570 $cls = 'row2'; |
570 $cls = 'row2'; |
571 while($row = $db->fetchrow()) |
571 while($row = $db->fetchrow()) |
572 { |
572 { |
573 if($cls == 'row2') $cls = 'row1'; |
573 if($cls == 'row2') $cls = 'row1'; |
574 else $cls = 'row2'; |
574 else $cls = 'row2'; |
575 $coppa = ( $row['user_coppa'] == '1' ) ? '<b>' . $lang->get('acpum_coppauser_yes') . '</b>' : $lang->get('acpum_coppauser_no'); |
575 $coppa = ( $row['user_coppa'] == '1' ) ? '<b>' . $lang->get('acpum_coppauser_yes') . '</b>' : $lang->get('acpum_coppauser_no'); |
576 echo '<tr> |
576 echo '<tr> |
577 <td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $row['time_id']).'</td> |
577 <td class="'.$cls.'">'.enano_date(ED_DATE | ED_TIME, $row['time_id']).'</td> |
578 <td class="'.$cls.'">'.$row['author'].'</td> |
578 <td class="'.$cls.'">'.$row['author'].'</td> |
579 <td class="'.$cls.'">'.$row['edit_summary'].'</td> |
579 <td class="'.$cls.'">'.$row['edit_summary'].'</td> |
580 <td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td> |
580 <td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td> |
581 <td class="'.$cls.'" style="text-align: center;"> |
581 <td class="'.$cls.'" style="text-align: center;"> |
582 <a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_activate_now') . '</a> |
582 <a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_activate_now') . '</a> |
583 </td> |
583 </td> |
584 <td class="'.$cls.'" style="text-align: center;"> |
584 <td class="'.$cls.'" style="text-align: center;"> |
585 <a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_send_email') . '</a> |
585 <a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_send_email') . '</a> |
586 </td> |
586 </td> |
587 <td class="'.$cls.'" style="text-align: center;"> |
587 <td class="'.$cls.'" style="text-align: center;"> |
588 <a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_activate_deny') . '</a> |
588 <a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_activate_deny') . '</a> |
589 </td> |
589 </td> |
590 </tr>'; |
590 </tr>'; |
591 } |
591 } |
592 echo '</table>'; |
592 echo '</table>'; |
593 echo '</div>'; |
593 echo '</div>'; |
594 } |
594 } |
595 $db->free_result(); |
595 $db->free_result(); |
596 } |
596 } |
597 |
597 |
598 acp_usermanager_lockouts(); |
598 acp_usermanager_lockouts(); |
599 } |
599 } |
600 |
600 |
601 /** |
601 /** |
602 * Smart form class for the user manager. |
602 * Smart form class for the user manager. |
603 * @package Enano |
603 * @package Enano |
604 * @subpackage Administration |
604 * @subpackage Administration |
605 */ |
605 */ |
606 |
606 |
607 class Admin_UserManager_SmartForm |
607 class Admin_UserManager_SmartForm |
608 { |
608 { |
609 |
609 |
610 /** |
610 /** |
611 * Universally Unique Identifier (UUID) for this editor instance. Used to unique-itize Javascript functions and whatnot. |
611 * Universally Unique Identifier (UUID) for this editor instance. Used to unique-itize Javascript functions and whatnot. |
612 * @var string |
612 * @var string |
613 */ |
613 */ |
614 |
614 |
615 var $uuid = ''; |
615 var $uuid = ''; |
616 |
616 |
617 /** |
617 /** |
618 * User ID that we're editing. |
618 * User ID that we're editing. |
619 * @var int |
619 * @var int |
620 */ |
620 */ |
621 |
621 |
622 var $user_id = 0; |
622 var $user_id = 0; |
623 |
623 |
624 /** |
624 /** |
625 * Username |
625 * Username |
626 * @var string |
626 * @var string |
627 */ |
627 */ |
628 |
628 |
629 var $username = ''; |
629 var $username = ''; |
630 |
630 |
631 /** |
631 /** |
632 * E-mail address |
632 * E-mail address |
633 * @var string |
633 * @var string |
634 */ |
634 */ |
635 |
635 |
636 var $email = ''; |
636 var $email = ''; |
637 |
637 |
638 /** |
638 /** |
639 * Real name |
639 * Real name |
640 * @var string |
640 * @var string |
641 */ |
641 */ |
642 |
642 |
643 var $real_name = ''; |
643 var $real_name = ''; |
644 |
644 |
645 /** |
645 /** |
646 * Signature |
646 * Signature |
647 * @var string |
647 * @var string |
648 */ |
648 */ |
649 |
649 |
650 var $signature = ''; |
650 var $signature = ''; |
651 |
651 |
652 /** |
652 /** |
653 * IM contact information |
653 * IM contact information |
654 * @var array |
654 * @var array |
655 */ |
655 */ |
656 |
656 |
657 var $im = array(); |
657 var $im = array(); |
658 |
658 |
659 /** |
659 /** |
660 * Real-life contact info |
660 * Real-life contact info |
661 * @var array |
661 * @var array |
662 */ |
662 */ |
663 |
663 |
664 var $contact = array(); |
664 var $contact = array(); |
665 |
665 |
666 /** |
666 /** |
667 * User level |
667 * User level |
668 * @var int |
668 * @var int |
669 */ |
669 */ |
670 |
670 |
671 var $user_level = USER_LEVEL_MEMBER; |
671 var $user_level = USER_LEVEL_MEMBER; |
672 |
672 |
673 /** |
673 /** |
674 * User-specific user rank |
674 * User-specific user rank |
675 * @var int |
675 * @var int |
676 */ |
676 */ |
677 |
677 |
678 var $user_rank = NULL; |
678 var $user_rank = NULL; |
679 |
679 |
680 /** |
680 /** |
681 * User's custom title |
681 * User's custom title |
682 * @var int |
682 * @var int |
683 */ |
683 */ |
684 |
684 |
685 var $user_title = ''; |
685 var $user_title = ''; |
686 |
686 |
687 /** |
687 /** |
688 * Account activated |
688 * Account activated |
689 * @var bool |
689 * @var bool |
690 */ |
690 */ |
691 |
691 |
692 var $account_active = true; |
692 var $account_active = true; |
693 |
693 |
694 /** |
694 /** |
695 * Email public switch |
695 * Email public switch |
696 * @var bool |
696 * @var bool |
697 */ |
697 */ |
698 |
698 |
699 var $email_public = false; |
699 var $email_public = false; |
700 |
700 |
701 /** |
701 /** |
702 * Whether the user has an avatar or not. |
702 * Whether the user has an avatar or not. |
703 * @var bool |
703 * @var bool |
704 */ |
704 */ |
705 |
705 |
706 var $has_avatar = false; |
706 var $has_avatar = false; |
707 |
707 |
708 /** |
708 /** |
709 * The type of avatar the user has. One of "jpg", "png", or "gif". |
709 * The type of avatar the user has. One of "jpg", "png", or "gif". |
710 * @var string |
710 * @var string |
711 */ |
711 */ |
712 |
712 |
713 var $avi_type = 'png'; |
713 var $avi_type = 'png'; |
714 |
714 |
715 /** |
715 /** |
716 * The IP address of the user during registration |
716 * The IP address of the user during registration |
717 * @var string |
717 * @var string |
718 */ |
718 */ |
719 |
719 |
720 var $reg_ip_addr = ''; |
720 var $reg_ip_addr = ''; |
721 |
721 |
722 /** |
722 /** |
723 * Constructor. |
723 * Constructor. |
724 */ |
724 */ |
725 |
725 |
726 function Admin_UserManager_SmartForm() |
726 function Admin_UserManager_SmartForm() |
727 { |
727 { |
728 $this->uuid = md5( mt_rand() . microtime() ); |
728 $this->uuid = md5( mt_rand() . microtime() ); |
729 } |
729 } |
730 |
730 |
731 /** |
731 /** |
732 * Renders and returns the finished form. |
732 * Renders and returns the finished form. |
733 * @return string |
733 * @return string |
734 */ |
734 */ |
735 |
735 |
736 function render() |
736 function render() |
737 { |
737 { |
738 global $db, $session, $paths, $template, $plugins; // Common objects |
738 global $db, $session, $paths, $template, $plugins; // Common objects |
739 global $lang; |
739 global $lang; |
740 global $dh_supported; |
740 global $dh_supported; |
741 if ( file_exists( ENANO_ROOT . "/themes/$template->theme/admin_usermanager_form.tpl" ) ) |
741 if ( file_exists( ENANO_ROOT . "/themes/$template->theme/admin_usermanager_form.tpl" ) ) |
742 { |
742 { |
743 $parser = $template->makeParser('admin_usermanager_form.tpl'); |
743 $parser = $template->makeParser('admin_usermanager_form.tpl'); |
744 } |
744 } |
745 else |
745 else |
746 { |
746 { |
747 $tpl_code = <<<EOF |
747 $tpl_code = <<<EOF |
748 <!-- Start of user edit form --> |
748 <!-- Start of user edit form --> |
749 |
749 |
750 <script type="text/javascript"> |
750 <script type="text/javascript"> |
751 function userform_{UUID}_chpasswd() |
751 function userform_{UUID}_chpasswd() |
752 { |
752 { |
753 var link = document.getElementById('userform_{UUID}_pwlink'); |
753 var link = document.getElementById('userform_{UUID}_pwlink'); |
754 var form = document.getElementById('userform_{UUID}_pwform'); |
754 var form = document.getElementById('userform_{UUID}_pwform'); |
755 domOpacity(link, 100, 0, 500); |
755 domOpacity(link, 100, 0, 500); |
756 domObjChangeOpac(0, form); |
756 domObjChangeOpac(0, form); |
757 setTimeout("var link = document.getElementById('userform_{UUID}_pwlink'); var form = document.getElementById('userform_{UUID}_pwform'); link.style.display = 'none'; form.style.display = 'block'; domOpacity(form, 0, 100, 500);", 550); |
757 setTimeout("var link = document.getElementById('userform_{UUID}_pwlink'); var form = document.getElementById('userform_{UUID}_pwform'); link.style.display = 'none'; form.style.display = 'block'; domOpacity(form, 0, 100, 500);", 550); |
758 <!-- BEGINNOT same_user -->document.forms['useredit_{UUID}'].changing_pw.value = 'yes';<!-- END same_user --> |
758 <!-- BEGINNOT same_user -->document.forms['useredit_{UUID}'].changing_pw.value = 'yes';<!-- END same_user --> |
759 } |
759 } |
760 |
760 |
761 function userform_{UUID}_chpasswd_cancel() |
761 function userform_{UUID}_chpasswd_cancel() |
762 { |
762 { |
763 var link = document.getElementById('userform_{UUID}_pwlink'); |
763 var link = document.getElementById('userform_{UUID}_pwlink'); |
764 var form = document.getElementById('userform_{UUID}_pwform'); |
764 var form = document.getElementById('userform_{UUID}_pwform'); |
765 domOpacity(form, 100, 0, 500); |
765 domOpacity(form, 100, 0, 500); |
766 domObjChangeOpac(0, link); |
766 domObjChangeOpac(0, link); |
767 setTimeout("var link = document.getElementById('userform_{UUID}_pwlink'); var form = document.getElementById('userform_{UUID}_pwform'); form.style.display = 'none'; link.style.display = 'block'; domOpacity(link, 0, 100, 500);", 550); |
767 setTimeout("var link = document.getElementById('userform_{UUID}_pwlink'); var form = document.getElementById('userform_{UUID}_pwform'); form.style.display = 'none'; link.style.display = 'block'; domOpacity(link, 0, 100, 500);", 550); |
768 <!-- BEGINNOT same_user -->document.forms['useredit_{UUID}'].changing_pw.value = 'no';<!-- END same_user --> |
768 <!-- BEGINNOT same_user -->document.forms['useredit_{UUID}'].changing_pw.value = 'no';<!-- END same_user --> |
769 } |
769 } |
770 |
770 |
771 function userform_{UUID}_validate() |
771 function userform_{UUID}_validate() |
772 { |
772 { |
773 var form = document.forms['useredit_{UUID}']; |
773 var form = document.forms['useredit_{UUID}']; |
774 <!-- BEGINNOT same_user --> |
774 <!-- BEGINNOT same_user --> |
775 if ( form.changing_pw.value == 'yes' ) |
775 if ( form.changing_pw.value == 'yes' ) |
776 { |
776 { |
777 return runEncryption(true); |
777 return runEncryption(true); |
778 } |
778 } |
779 <!-- END same_user --> |
779 <!-- END same_user --> |
780 return true; |
780 return true; |
781 } |
781 } |
782 </script> |
782 </script> |
783 |
783 |
784 <form action="{FORM_ACTION}" method="post" name="useredit_{UUID}" enctype="multipart/form-data" onsubmit="return userform_{UUID}_validate();"> |
784 <form action="{FORM_ACTION}" method="post" name="useredit_{UUID}" enctype="multipart/form-data" onsubmit="return userform_{UUID}_validate();"> |
785 |
785 |
786 <input name="user_id" value="{USER_ID}" type="hidden" /> |
786 <input name="user_id" value="{USER_ID}" type="hidden" /> |
787 |
787 |
788 <div class="tblholder"> |
788 <div class="tblholder"> |
789 <table border="0" cellspacing="1" cellpadding="4"> |
789 <table border="0" cellspacing="1" cellpadding="4"> |
790 |
790 |
791 <!-- Heading --> |
791 <!-- Heading --> |
792 |
792 |
793 <tr> |
793 <tr> |
794 <th colspan="2"> |
794 <th colspan="2"> |
795 {lang:acpum_heading_editing_user} {USERNAME} |
795 {lang:acpum_heading_editing_user} {USERNAME} |
796 </th> |
796 </th> |
797 </tr> |
797 </tr> |
798 |
798 |
799 <!-- Basic options (stored in enano_users) --> |
799 <!-- Basic options (stored in enano_users) --> |
800 |
800 |
801 <tr> |
801 <tr> |
802 <th colspan="2" class="subhead"> |
802 <th colspan="2" class="subhead"> |
803 {lang:acpum_heading_basic_options} |
803 {lang:acpum_heading_basic_options} |
804 </th> |
804 </th> |
805 </tr> |
805 </tr> |
806 |
806 |
807 <tr> |
807 <tr> |
808 <td class="row2" style="width: 25%;"> |
808 <td class="row2" style="width: 25%;"> |
809 {lang:acpum_field_username}<br /> |
809 {lang:acpum_field_username}<br /> |
810 <small>{lang:acpum_field_username_hint}</small> |
810 <small>{lang:acpum_field_username_hint}</small> |
811 </td> |
811 </td> |
812 <td class="row1" style="width: 75%;"> |
812 <td class="row1" style="width: 75%;"> |
813 <input type="text" name="username" value="{USERNAME}" size="40" <!-- BEGIN same_user -->disabled="disabled" <!-- END same_user -->/> |
813 <input type="text" name="username" value="{USERNAME}" size="40" <!-- BEGIN same_user -->disabled="disabled" <!-- END same_user -->/> |
814 <!-- BEGIN same_user --><small>{lang:acpum_msg_same_user_username}</small><!-- END same_user --> |
814 <!-- BEGIN same_user --><small>{lang:acpum_msg_same_user_username}</small><!-- END same_user --> |
815 </td> |
815 </td> |
816 </tr> |
816 </tr> |
817 |
817 |
818 <tr> |
818 <tr> |
819 <td class="row2"> |
819 <td class="row2"> |
820 {lang:acpum_field_password} |
820 {lang:acpum_field_password} |
821 <!-- BEGIN password_meter --> |
821 <!-- BEGIN password_meter --> |
822 <br /> |
822 <br /> |
823 <small>{lang:acpum_field_password_hint}</small> |
823 <small>{lang:acpum_field_password_hint}</small> |
824 <!-- END password_meter --> |
824 <!-- END password_meter --> |
825 </td> |
825 </td> |
826 <td class="row1"> |
826 <td class="row1"> |
827 <div id="userform_{UUID}_pwlink"> |
827 <div id="userform_{UUID}_pwlink"> |
828 <b>{lang:acpum_msg_password_unchanged}</b> <a href="#" onclick="userform_{UUID}_chpasswd(); return false;">{lang:acpum_btn_reset_password}</a> |
828 <b>{lang:acpum_msg_password_unchanged}</b> <a href="#" onclick="userform_{UUID}_chpasswd(); return false;">{lang:acpum_btn_reset_password}</a> |
829 </div> |
829 </div> |
830 <div id="userform_{UUID}_pwform" style="display: none;"> |
830 <div id="userform_{UUID}_pwform" style="display: none;"> |
831 <!-- BEGIN same_user --> |
831 <!-- BEGIN same_user --> |
832 {lang:acpum_msg_same_user_password} <a href="#" onclick="userform_{UUID}_chpasswd_cancel(); return false;">{lang:etc_cancel}</a> |
832 {lang:acpum_msg_same_user_password} <a href="#" onclick="userform_{UUID}_chpasswd_cancel(); return false;">{lang:etc_cancel}</a> |
833 <!-- BEGINELSE same_user --> |
833 <!-- BEGINELSE same_user --> |
834 <input type="hidden" name="changing_pw" value="no" /> |
834 <input type="hidden" name="changing_pw" value="no" /> |
835 {AES_FORM} |
835 {AES_FORM} |
836 <table border="0" style="background-color: transparent;" cellspacing="0" cellpadding="0"> |
836 <table border="0" style="background-color: transparent;" cellspacing="0" cellpadding="0"> |
837 <tr> |
837 <tr> |
838 <td colspan="2"> |
838 <td colspan="2"> |
839 <b>{lang:acpum_field_password_title}</b> |
839 <b>{lang:acpum_field_password_title}</b> |
840 </td> |
840 </td> |
841 </tr> |
841 </tr> |
842 <tr> |
842 <tr> |
843 <td>{lang:acpum_field_newpassword}</td> |
843 <td>{lang:acpum_field_newpassword}</td> |
844 <td> |
844 <td> |
845 <!-- BEGIN password_meter --> |
845 <!-- BEGIN password_meter --> |
846 <input type="password" name="new_password" value="" onkeyup="password_score_field(this);" /><span class="password-checker" style="font-weight: bold; color: #A0A0A0"> Waiting for l10n init</span> |
846 <input type="password" name="new_password" value="" onkeyup="password_score_field(this);" /><span class="password-checker" style="font-weight: bold; color: #A0A0A0"> Waiting for l10n init</span> |
847 <!-- BEGINELSE password_meter --> |
847 <!-- BEGINELSE password_meter --> |
848 <input type="password" name="new_password" value="" /> |
848 <input type="password" name="new_password" value="" /> |
849 <!-- END password_meter --> |
849 <!-- END password_meter --> |
850 <!-- BEGIN password_meter --> |
850 <!-- BEGIN password_meter --> |
851 <div id="pwmeter" style="margin: 4px 0; height: 8px;"></div> |
851 <div id="pwmeter" style="margin: 4px 0; height: 8px;"></div> |
852 <!-- END password_meter --> |
852 <!-- END password_meter --> |
853 </td> |
853 </td> |
854 </tr> |
854 </tr> |
855 <tr> |
855 <tr> |
856 <td>{lang:acpum_field_newpassword_confirm}</td> |
856 <td>{lang:acpum_field_newpassword_confirm}</td> |
857 <td><input type="password" name="new_password_confirm" value="" /></td> |
857 <td><input type="password" name="new_password_confirm" value="" /></td> |
858 </tr> |
858 </tr> |
859 <tr> |
859 <tr> |
860 <td colspan="2"> |
860 <td colspan="2"> |
861 <a href="#" onclick="userform_{UUID}_chpasswd_cancel(); return false;">{lang:etc_cancel}</a> |
861 <a href="#" onclick="userform_{UUID}_chpasswd_cancel(); return false;">{lang:etc_cancel}</a> |
862 </td> |
862 </td> |
863 </tr> |
863 </tr> |
864 </table> |
864 </table> |
865 <!-- END same_user --> |
865 <!-- END same_user --> |
866 </div> |
866 </div> |
867 </td> |
867 </td> |
868 </tr> |
868 </tr> |
869 |
869 |
870 <tr> |
870 <tr> |
871 <td class="row2" style="width: 25%;"> |
871 <td class="row2" style="width: 25%;"> |
872 {lang:acpum_field_email} |
872 {lang:acpum_field_email} |
873 </td> |
873 </td> |
874 <td class="row1" style="width: 75%;"> |
874 <td class="row1" style="width: 75%;"> |
875 <input type="text" name="email" value="{EMAIL}" size="40" <!-- BEGIN same_user -->disabled="disabled" <!-- END same_user -->/> |
875 <input type="text" name="email" value="{EMAIL}" size="40" <!-- BEGIN same_user -->disabled="disabled" <!-- END same_user -->/> |
876 <!-- BEGIN same_user --><small>{lang:acpum_msg_same_user_email}</small><!-- END same_user --> |
876 <!-- BEGIN same_user --><small>{lang:acpum_msg_same_user_email}</small><!-- END same_user --> |
877 </td> |
877 </td> |
878 </tr> |
878 </tr> |
879 |
879 |
880 <tr> |
880 <tr> |
881 <td class="row2" style="width: 25%;"> |
881 <td class="row2" style="width: 25%;"> |
882 {lang:acpum_field_realname} |
882 {lang:acpum_field_realname} |
883 </td> |
883 </td> |
884 <td class="row1" style="width: 75%;"> |
884 <td class="row1" style="width: 75%;"> |
885 <input type="text" name="real_name" value="{REAL_NAME}" size="40" <!-- BEGIN same_user -->disabled="disabled" <!-- END same_user -->/> |
885 <input type="text" name="real_name" value="{REAL_NAME}" size="40" <!-- BEGIN same_user -->disabled="disabled" <!-- END same_user -->/> |
886 <!-- BEGIN same_user --><small>{lang:acpum_msg_same_user_realname}</small><!-- END same_user --> |
886 <!-- BEGIN same_user --><small>{lang:acpum_msg_same_user_realname}</small><!-- END same_user --> |
887 </td> |
887 </td> |
888 </tr> |
888 </tr> |
889 |
889 |
890 <tr> |
890 <tr> |
891 <td class="row2" style="width: 25%;"> |
891 <td class="row2" style="width: 25%;"> |
892 {lang:acpum_field_signature} |
892 {lang:acpum_field_signature} |
893 </td> |
893 </td> |
894 <td class="row1" style="width: 75%;"> |
894 <td class="row1" style="width: 75%;"> |
895 {SIGNATURE_FIELD} |
895 {SIGNATURE_FIELD} |
896 </td> |
896 </td> |
897 </tr> |
897 </tr> |
898 |
898 |
899 <tr> |
899 <tr> |
900 <td class="row2" style="width: 25%;"> |
900 <td class="row2" style="width: 25%;"> |
901 {lang:acpum_field_usertitle}<br /> |
901 {lang:acpum_field_usertitle}<br /> |
902 <small> |
902 <small> |
903 {lang:acpum_field_usertitle_hint} |
903 {lang:acpum_field_usertitle_hint} |
904 </small> |
904 </small> |
905 </td> |
905 </td> |
906 <td class="row1" style="width: 75%;"> |
906 <td class="row1" style="width: 75%;"> |
907 <input type="text" name="user_title" value="{USER_TITLE}" /> |
907 <input type="text" name="user_title" value="{USER_TITLE}" /> |
908 </td> |
908 </td> |
909 </tr> |
909 </tr> |
910 |
910 |
911 |
911 |
912 |
912 |
913 <!-- / Basic options --> |
913 <!-- / Basic options --> |
914 |
914 |
915 <!-- Extended options (anything in enano_users_extra) --> |
915 <!-- Extended options (anything in enano_users_extra) --> |
916 |
916 |
917 <tr> |
917 <tr> |
918 <th class="subhead" colspan="2"> |
918 <th class="subhead" colspan="2"> |
919 {lang:acpum_heading_imcontact} |
919 {lang:acpum_heading_imcontact} |
920 </th> |
920 </th> |
921 <tr> |
921 <tr> |
922 <td class="row2">{lang:acpum_field_aim}</td> |
922 <td class="row2">{lang:acpum_field_aim}</td> |
923 <td class="row1"><input type="text" name="imaddr_aim" value="{IM_AIM}" size="30" /></td> |
923 <td class="row1"><input type="text" name="imaddr_aim" value="{IM_AIM}" size="30" /></td> |
924 </tr> |
924 </tr> |
925 <tr> |
925 <tr> |
926 <td class="row2">{lang:acpum_field_wlm}<br /><small>{lang:acpum_field_wlm_hint}</small></td> |
926 <td class="row2">{lang:acpum_field_wlm}<br /><small>{lang:acpum_field_wlm_hint}</small></td> |
927 <td class="row1"><input type="text" name="imaddr_msn" value="{IM_WLM}" size="30" /></td> |
927 <td class="row1"><input type="text" name="imaddr_msn" value="{IM_WLM}" size="30" /></td> |
928 </tr> |
928 </tr> |
929 <tr> |
929 <tr> |
930 <td class="row2">{lang:acpum_field_yim}</td> |
930 <td class="row2">{lang:acpum_field_yim}</td> |
931 <td class="row1"><input type="text" name="imaddr_yahoo" value="{IM_YAHOO}" size="30" /></td> |
931 <td class="row1"><input type="text" name="imaddr_yahoo" value="{IM_YAHOO}" size="30" /></td> |
932 </tr> |
932 </tr> |
933 <tr> |
933 <tr> |
934 <td class="row2">{lang:acpum_field_xmpp}</td> |
934 <td class="row2">{lang:acpum_field_xmpp}</td> |
935 <td class="row1"><input type="text" name="imaddr_xmpp" value="{IM_XMPP}" size="30" /></td> |
935 <td class="row1"><input type="text" name="imaddr_xmpp" value="{IM_XMPP}" size="30" /></td> |
936 </tr> |
936 </tr> |
937 <tr> |
937 <tr> |
938 <th class="subhead" colspan="2"> |
938 <th class="subhead" colspan="2"> |
939 {lang:acpum_heading_contact_extra} |
939 {lang:acpum_heading_contact_extra} |
940 </th> |
940 </th> |
941 </tr> |
941 </tr> |
942 <tr> |
942 <tr> |
943 <td class="row2">{lang:acpum_field_homepage}<br /><small>{lang:acpum_field_homepage_hint}</small></td> |
943 <td class="row2">{lang:acpum_field_homepage}<br /><small>{lang:acpum_field_homepage_hint}</small></td> |
944 <td class="row1"><input type="text" name="homepage" value="{HOMEPAGE}" size="30" /></td> |
944 <td class="row1"><input type="text" name="homepage" value="{HOMEPAGE}" size="30" /></td> |
945 </tr> |
945 </tr> |
946 <tr> |
946 <tr> |
947 <td class="row2">{lang:acpum_field_location}</td> |
947 <td class="row2">{lang:acpum_field_location}</td> |
948 <td class="row1"><input type="text" name="location" value="{LOCATION}" size="30" /></td> |
948 <td class="row1"><input type="text" name="location" value="{LOCATION}" size="30" /></td> |
949 </tr> |
949 </tr> |
950 <tr> |
950 <tr> |
951 <td class="row2">{lang:acpum_field_job}</td> |
951 <td class="row2">{lang:acpum_field_job}</td> |
952 <td class="row1"><input type="text" name="occupation" value="{JOB}" size="30" /></td> |
952 <td class="row1"><input type="text" name="occupation" value="{JOB}" size="30" /></td> |
953 </tr> |
953 </tr> |
954 <tr> |
954 <tr> |
955 <td class="row2">{lang:acpum_field_hobbies}</td> |
955 <td class="row2">{lang:acpum_field_hobbies}</td> |
956 <td class="row1"><input type="text" name="hobbies" value="{HOBBIES}" size="30" /></td> |
956 <td class="row1"><input type="text" name="hobbies" value="{HOBBIES}" size="30" /></td> |
957 </tr> |
957 </tr> |
958 <tr> |
958 <tr> |
959 <td class="row2"><label for="chk_email_public_{UUID}">{lang:acpum_field_email_public}</label><br /><small>{lang:acpum_field_email_public_hint}</small></td> |
959 <td class="row2"><label for="chk_email_public_{UUID}">{lang:acpum_field_email_public}</label><br /><small>{lang:acpum_field_email_public_hint}</small></td> |
960 <td class="row1"><input type="checkbox" id="chk_email_public_{UUID}" name="email_public" <!-- BEGIN email_public -->checked="checked" <!-- END email_public -->size="30" /></td> |
960 <td class="row1"><input type="checkbox" id="chk_email_public_{UUID}" name="email_public" <!-- BEGIN email_public -->checked="checked" <!-- END email_public -->size="30" /></td> |
961 </tr> |
961 </tr> |
962 |
962 |
963 <!-- / Extended options --> |
963 <!-- / Extended options --> |
964 |
964 |
965 <!-- Avatar settings --> |
965 <!-- Avatar settings --> |
966 |
966 |
967 <tr> |
967 <tr> |
968 <th class="subhead" colspan="2"> |
968 <th class="subhead" colspan="2"> |
969 {lang:acpum_avatar_heading} |
969 {lang:acpum_avatar_heading} |
970 </th> |
970 </th> |
971 </tr> |
971 </tr> |
972 |
972 |
973 <tr> |
973 <tr> |
974 <td class="row2"> |
974 <td class="row2"> |
975 {lang:usercp_avatar_label_current} |
975 {lang:usercp_avatar_label_current} |
976 </td> |
976 </td> |
977 <td class="row1"> |
977 <td class="row1"> |
978 <!-- BEGIN user_has_avatar --> |
978 <!-- BEGIN user_has_avatar --> |
979 <img alt="{AVATAR_ALT}" src="{AVATAR_SRC}" /> |
979 <img alt="{AVATAR_ALT}" src="{AVATAR_SRC}" /> |
980 <!-- BEGINELSE user_has_avatar --> |
980 <!-- BEGINELSE user_has_avatar --> |
981 {lang:acpum_avatar_image_none} |
981 {lang:acpum_avatar_image_none} |
982 <!-- END user_has_avatar --> |
982 <!-- END user_has_avatar --> |
983 </td> |
983 </td> |
984 </tr> |
984 </tr> |
985 |
985 |
986 <tr> |
986 <tr> |
987 <td class="row2"> |
987 <td class="row2"> |
988 {lang:acpum_avatar_lbl_change} |
988 {lang:acpum_avatar_lbl_change} |
989 </td> |
989 </td> |
990 <td class="row1" id="avatar_upload_btns_{UUID}"> |
990 <td class="row1" id="avatar_upload_btns_{UUID}"> |
991 <script type="text/javascript"> |
991 <script type="text/javascript"> |
992 function admincp_users_avatar_set_{UUID}(elParent) |
992 function admincp_users_avatar_set_{UUID}(elParent) |
993 { |
993 { |
994 $('td#avatar_upload_btns_{UUID} > div:visible').hide('blind'); |
994 $('td#avatar_upload_btns_{UUID} > div:visible').hide('blind'); |
995 switch(elParent.value) |
995 switch(elParent.value) |
996 { |
996 { |
997 case 'set_http': |
997 case 'set_http': |
998 $('#avatar_upload_http_{UUID}').show('blind'); |
998 $('#avatar_upload_http_{UUID}').show('blind'); |
999 break; |
999 break; |
1000 case 'set_file': |
1000 case 'set_file': |
1001 $('#avatar_upload_file_{UUID}').show('blind'); |
1001 $('#avatar_upload_file_{UUID}').show('blind'); |
1002 break; |
1002 break; |
1003 case 'set_gravatar': |
1003 case 'set_gravatar': |
1004 $('#avatar_upload_gravatar_{UUID}').show('blind'); |
1004 $('#avatar_upload_gravatar_{UUID}').show('blind'); |
1005 break; |
1005 break; |
1006 } |
1006 } |
1007 } |
1007 } |
1008 </script> |
1008 </script> |
1009 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br /> |
1009 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br /> |
1010 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="remove" /> {lang:acpum_avatar_lbl_remove}</label><br /> |
1010 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="remove" /> {lang:acpum_avatar_lbl_remove}</label><br /> |
1011 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_http" /> {lang:acpum_avatar_lbl_set_http}</label><br /> |
1011 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_http" /> {lang:acpum_avatar_lbl_set_http}</label><br /> |
1012 <div id="avatar_upload_http_{UUID}" style="display: none; margin: 10px 0 0 2.2em;"> |
1012 <div id="avatar_upload_http_{UUID}" style="display: none; margin: 10px 0 0 2.2em;"> |
1013 {lang:usercp_avatar_lbl_url} <input type="text" name="avatar_http_url" size="40" value="http://" /><br /> |
1013 {lang:usercp_avatar_lbl_url} <input type="text" name="avatar_http_url" size="40" value="http://" /><br /> |
1014 <small>{lang:usercp_avatar_lbl_url_desc} {lang:usercp_avatar_limits}</small> |
1014 <small>{lang:usercp_avatar_lbl_url_desc} {lang:usercp_avatar_limits}</small> |
1015 </div> |
1015 </div> |
1016 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_file" /> {lang:acpum_avatar_lbl_set_file}</label><br /> |
1016 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_file" /> {lang:acpum_avatar_lbl_set_file}</label><br /> |
1017 <div id="avatar_upload_file_{UUID}" style="display: none; margin: 10px 0 0 2.2em;"> |
1017 <div id="avatar_upload_file_{UUID}" style="display: none; margin: 10px 0 0 2.2em;"> |
1018 {lang:usercp_avatar_lbl_file} <input type="file" name="avatar_file" size="40" value="http://" /><br /> |
1018 {lang:usercp_avatar_lbl_file} <input type="file" name="avatar_file" size="40" value="http://" /><br /> |
1019 <small>{lang:usercp_avatar_lbl_file_desc} {lang:usercp_avatar_limits}</small> |
1019 <small>{lang:usercp_avatar_lbl_file_desc} {lang:usercp_avatar_limits}</small> |
1020 </div> |
1020 </div> |
1021 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_gravatar" /> {lang:acpum_avatar_lbl_set_gravatar} <img alt=" " src="{GRAVATAR_URL}" /></label><br /> |
1021 <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_gravatar" /> {lang:acpum_avatar_lbl_set_gravatar} <img alt=" " src="{GRAVATAR_URL}" /></label><br /> |
1022 <div id="avatar_upload_gravatar_{UUID}"></div> |
1022 <div id="avatar_upload_gravatar_{UUID}"></div> |
1023 </td> |
1023 </td> |
1024 </tr> |
1024 </tr> |
1025 |
1025 |
1026 <!-- / Avatar settings --> |
1026 <!-- / Avatar settings --> |
1027 |
1027 |
1028 <!-- Administrator-only options --> |
1028 <!-- Administrator-only options --> |
1029 |
1029 |
1030 <tr> |
1030 <tr> |
1031 <th class="subhead" colspan="2"> |
1031 <th class="subhead" colspan="2"> |
1032 {lang:acpum_heading_adminonly} |
1032 {lang:acpum_heading_adminonly} |
1033 </th> |
1033 </th> |
1034 </tr> |
1034 </tr> |
1035 |
1035 |
1036 <tr> |
1036 <tr> |
1037 <td class="row2">{lang:acpum_field_active_title}<br /> |
1037 <td class="row2">{lang:acpum_field_active_title}<br /> |
1038 <small>{lang:acpum_field_active_hint}</small> |
1038 <small>{lang:acpum_field_active_hint}</small> |
1039 </td> |
1039 </td> |
1040 <td class="row1"><label><input type="checkbox" name="account_active" <!-- BEGIN account_active -->checked="checked" <!-- END account_active -->/> {lang:acpum_field_active}</label></td> |
1040 <td class="row1"><label><input type="checkbox" name="account_active" <!-- BEGIN account_active -->checked="checked" <!-- END account_active -->/> {lang:acpum_field_active}</label></td> |
1041 </tr> |
1041 </tr> |
1042 |
1042 |
1043 <tr> |
1043 <tr> |
1044 <td class="row2"> |
1044 <td class="row2"> |
1045 {lang:acpum_field_userlevel}<br /> |
1045 {lang:acpum_field_userlevel}<br /> |
1046 <small>{lang:acpum_field_userlevel_hint}</small> |
1046 <small>{lang:acpum_field_userlevel_hint}</small> |
1047 </td> |
1047 </td> |
1048 <td class="row1"> |
1048 <td class="row1"> |
1049 <select name="user_level"> |
1049 <select name="user_level"> |
1050 <option value="{USER_LEVEL_MEMBER}"<!-- BEGIN ul_member --> selected="selected"<!-- END ul_member -->>{lang:userfuncs_ml_level_member}</option> |
1050 <option value="{USER_LEVEL_MEMBER}"<!-- BEGIN ul_member --> selected="selected"<!-- END ul_member -->>{lang:userfuncs_ml_level_member}</option> |
1051 <option value="{USER_LEVEL_MOD}"<!-- BEGIN ul_mod --> selected="selected"<!-- END ul_mod -->>{lang:userfuncs_ml_level_mod}</option> |
1051 <option value="{USER_LEVEL_MOD}"<!-- BEGIN ul_mod --> selected="selected"<!-- END ul_mod -->>{lang:userfuncs_ml_level_mod}</option> |
1052 <option value="{USER_LEVEL_ADMIN}"<!-- BEGIN ul_admin --> selected="selected"<!-- END ul_admin -->>{lang:userfuncs_ml_level_admin}</option> |
1052 <option value="{USER_LEVEL_ADMIN}"<!-- BEGIN ul_admin --> selected="selected"<!-- END ul_admin -->>{lang:userfuncs_ml_level_admin}</option> |
1053 </select> |
1053 </select> |
1054 </td> |
1054 </td> |
1055 </tr> |
1055 </tr> |
1056 |
1056 |
1057 <tr> |
1057 <tr> |
1058 <td class="row2"> |
1058 <td class="row2"> |
1059 {lang:acpum_field_userrank}<br /> |
1059 {lang:acpum_field_userrank}<br /> |
1060 <small>{lang:acpum_field_userrank_hint}</small> |
1060 <small>{lang:acpum_field_userrank_hint}</small> |
1061 </td> |
1061 </td> |
1062 <td class="row1"> |
1062 <td class="row1"> |
1063 <select name="user_rank"> |
1063 <select name="user_rank"> |
1064 {RANK_LIST} |
1064 {RANK_LIST} |
1065 </select> |
1065 </select> |
1066 </td> |
1066 </td> |
1067 </tr> |
1067 </tr> |
1068 |
1068 |
1069 <!-- BEGIN have_reg_ip --> |
1069 <!-- BEGIN have_reg_ip --> |
1070 <tr> |
1070 <tr> |
1071 <td class="row2"> |
1071 <td class="row2"> |
1072 {lang:acpum_field_reg_ip} |
1072 {lang:acpum_field_reg_ip} |
1073 </td> |
1073 </td> |
1074 <td class="row1"> |
1074 <td class="row1"> |
1075 {REG_IP_ADDR} |
1075 {REG_IP_ADDR} |
1076 <input type="hidden" name="user_registration_ip" value="{REG_IP_ADDR}" /> |
1076 <input type="hidden" name="user_registration_ip" value="{REG_IP_ADDR}" /> |
1077 </td> |
1077 </td> |
1078 </tr> |
1078 </tr> |
1079 <!-- BEGINELSE have_reg_ip --> |
1079 <!-- BEGINELSE have_reg_ip --> |
1080 <input type="hidden" name="user_registration_ip" value="" /> |
1080 <input type="hidden" name="user_registration_ip" value="" /> |
1081 <!-- END have_reg_ip --> |
1081 <!-- END have_reg_ip --> |
1082 |
1082 |
1083 <tr> |
1083 <tr> |
1084 <td class="row2"> |
1084 <td class="row2"> |
1085 {lang:acpum_field_deleteaccount_title} |
1085 {lang:acpum_field_deleteaccount_title} |
1086 </td> |
1086 </td> |
1087 <td class="row1"> |
1087 <td class="row1"> |
1088 <label><input type="checkbox" name="delete_account" onclick="var d = (this.checked) ? 'block' : 'none'; document.getElementById('delete_blurb_{UUID}').style.display = d;" /> {lang:acpum_field_deleteaccount}</label> |
1088 <label><input type="checkbox" name="delete_account" onclick="var d = (this.checked) ? 'block' : 'none'; document.getElementById('delete_blurb_{UUID}').style.display = d;" /> {lang:acpum_field_deleteaccount}</label> |
1089 <div id="delete_blurb_{UUID}" style="display: none;"> |
1089 <div id="delete_blurb_{UUID}" style="display: none;"> |
1090 <!-- BEGIN same_user --> |
1090 <!-- BEGIN same_user --> |
1091 <!-- Obnoxious I know, but it's needed. --> |
1091 <!-- Obnoxious I know, but it's needed. --> |
1092 <p><b>{lang:acpum_msg_delete_own_account}</b></p> |
1092 <p><b>{lang:acpum_msg_delete_own_account}</b></p> |
1093 <!-- END same_user --> |
1093 <!-- END same_user --> |
1094 <p><small>{lang:acpum_field_deleteaccount_hint}</small></p> |
1094 <p><small>{lang:acpum_field_deleteaccount_hint}</small></p> |
1095 </div> |
1095 </div> |
1096 </td> |
1096 </td> |
1097 </tr> |
1097 </tr> |
1098 </tr> |
1098 </tr> |
1099 |
1099 |
1100 <!-- Save button --> |
1100 <!-- Save button --> |
1101 <tr> |
1101 <tr> |
1102 <th colspan="2"> |
1102 <th colspan="2"> |
1103 <input type="submit" name="action[save]" value="{lang:acpum_btn_save}" style="font-weight: bold;" /> |
1103 <input type="submit" name="action[save]" value="{lang:acpum_btn_save}" style="font-weight: bold;" /> |
1104 <input type="submit" name="action[noop]" value="{lang:etc_cancel}" style="font-weight: normal;" /> |
1104 <input type="submit" name="action[noop]" value="{lang:etc_cancel}" style="font-weight: normal;" /> |
1105 </th> |
1105 </th> |
1106 </tr> |
1106 </tr> |
1107 |
1107 |
1108 </table> |
1108 </table> |
1109 </div> |
1109 </div> |
1110 |
1110 |
1111 </form> |
1111 </form> |
1112 |
1112 |
1113 <!-- BEGINNOT same_user --> |
1113 <!-- BEGINNOT same_user --> |
1114 <script type="text/javascript"> |
1114 <script type="text/javascript"> |
1115 password_score_field(document.forms['useredit_{UUID}'].new_password); |
1115 password_score_field(document.forms['useredit_{UUID}'].new_password); |
1116 </script> |
1116 </script> |
1117 <!-- END same_user --> |
1117 <!-- END same_user --> |
1118 |
1118 |
1119 {AES_JAVASCRIPT} |
1119 {AES_JAVASCRIPT} |
1120 <!-- Conclusion of user edit form --> |
1120 <!-- Conclusion of user edit form --> |
1121 EOF; |
1121 EOF; |
1122 $parser = $template->makeParserText($tpl_code); |
1122 $parser = $template->makeParserText($tpl_code); |
1123 } |
1123 } |
1124 |
1124 |
1125 $this->username = htmlspecialchars($this->username); |
1125 $this->username = htmlspecialchars($this->username); |
1126 $this->email = htmlspecialchars($this->email); |
1126 $this->email = htmlspecialchars($this->email); |
1127 $this->user_id = intval($this->user_id); |
1127 $this->user_id = intval($this->user_id); |
1128 $this->real_name = htmlspecialchars($this->real_name); |
1128 $this->real_name = htmlspecialchars($this->real_name); |
1129 $this->signature = htmlspecialchars($this->signature); |
1129 $this->signature = htmlspecialchars($this->signature); |
1130 $this->user_level = intval($this->user_level); |
1130 $this->user_level = intval($this->user_level); |
1131 |
1131 |
1132 $im_aim = ( isset($this->im['aim']) ) ? $this->im['aim'] : false; |
1132 $im_aim = ( isset($this->im['aim']) ) ? $this->im['aim'] : false; |
1133 $im_yahoo = ( isset($this->im['yahoo']) ) ? $this->im['yahoo'] : false; |
1133 $im_yahoo = ( isset($this->im['yahoo']) ) ? $this->im['yahoo'] : false; |
1134 $im_msn = ( isset($this->im['msn']) ) ? $this->im['msn'] : false; |
1134 $im_msn = ( isset($this->im['msn']) ) ? $this->im['msn'] : false; |
1135 $im_xmpp = ( isset($this->im['xmpp']) ) ? $this->im['xmpp'] : false; |
1135 $im_xmpp = ( isset($this->im['xmpp']) ) ? $this->im['xmpp'] : false; |
1136 |
1136 |
1137 $homepage = ( isset($this->contact['homepage']) ) ? $this->contact['homepage'] : false; |
1137 $homepage = ( isset($this->contact['homepage']) ) ? $this->contact['homepage'] : false; |
1138 $location = ( isset($this->contact['location']) ) ? $this->contact['location'] : false; |
1138 $location = ( isset($this->contact['location']) ) ? $this->contact['location'] : false; |
1139 $job = ( isset($this->contact['job']) ) ? $this->contact['job'] : false; |
1139 $job = ( isset($this->contact['job']) ) ? $this->contact['job'] : false; |
1140 $hobbies = ( isset($this->contact['hobbies']) ) ? $this->contact['hobbies'] : false; |
1140 $hobbies = ( isset($this->contact['hobbies']) ) ? $this->contact['hobbies'] : false; |
1141 |
1141 |
1142 if ( empty($this->username) ) |
1142 if ( empty($this->username) ) |
1143 { |
1143 { |
1144 // @error One or more required parameters not set |
1144 // @error One or more required parameters not set |
1145 return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->username)'; |
1145 return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->username)'; |
1146 } |
1146 } |
1147 |
1147 |
1148 if ( empty($this->user_id) ) |
1148 if ( empty($this->user_id) ) |
1149 { |
1149 { |
1150 // @error One or more required parameters not set |
1150 // @error One or more required parameters not set |
1151 return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->user_id)'; |
1151 return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->user_id)'; |
1152 } |
1152 } |
1153 |
1153 |
1154 if ( empty($this->email) ) |
1154 if ( empty($this->email) ) |
1155 { |
1155 { |
1156 // @error One or more required parameters not set |
1156 // @error One or more required parameters not set |
1157 return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->email)'; |
1157 return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->email)'; |
1158 } |
1158 } |
1159 |
1159 |
1160 $form_action = makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true); |
1160 $form_action = makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true); |
1161 $aes_javascript = $session->aes_javascript("useredit_$this->uuid", 'new_password'); |
1161 $aes_javascript = $session->aes_javascript("useredit_$this->uuid", 'new_password'); |
1162 |
1162 |
1163 // build rank list |
1163 // build rank list |
1164 $q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks'); |
1164 $q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks'); |
1165 if ( !$q ) |
1165 if ( !$q ) |
1166 $db->_die(); |
1166 $db->_die(); |
1167 $rank_list = '<option value="NULL"' . ( $this->user_rank === NULL ? ' selected="selected"' : '' ) . '>--</option>' . "\n"; |
1167 $rank_list = '<option value="NULL"' . ( $this->user_rank === NULL ? ' selected="selected"' : '' ) . '>--</option>' . "\n"; |
1168 while ( $row = $db->fetchrow() ) |
1168 while ( $row = $db->fetchrow() ) |
1169 { |
1169 { |
1170 $rank_list .= '<option value="' . $row['rank_id'] . '"' . ( $row['rank_id'] == $this->user_rank ? ' selected="selected"' : '' ) . '>' . htmlspecialchars($lang->get($row['rank_title'])) . '</option>' . "\n"; |
1170 $rank_list .= '<option value="' . $row['rank_id'] . '"' . ( $row['rank_id'] == $this->user_rank ? ' selected="selected"' : '' ) . '>' . htmlspecialchars($lang->get($row['rank_title'])) . '</option>' . "\n"; |
1171 } |
1171 } |
1172 |
1172 |
1173 $parser->assign_vars(array( |
1173 $parser->assign_vars(array( |
1174 'UUID' => $this->uuid, |
1174 'UUID' => $this->uuid, |
1175 'USERNAME' => $this->username, |
1175 'USERNAME' => $this->username, |
1176 'EMAIL' => $this->email, |
1176 'EMAIL' => $this->email, |
1177 'USER_ID' => $this->user_id, |
1177 'USER_ID' => $this->user_id, |
1178 'AES_FORM' => $session->generate_aes_form(), |
1178 'AES_FORM' => $session->generate_aes_form(), |
1179 'REAL_NAME' => $this->real_name, |
1179 'REAL_NAME' => $this->real_name, |
1180 'SIGNATURE_FIELD' => $template->tinymce_textarea('signature', $this->signature, 10, 50), |
1180 'SIGNATURE_FIELD' => $template->tinymce_textarea('signature', $this->signature, 10, 50), |
1181 'USER_TITLE' => $this->user_title, |
1181 'USER_TITLE' => $this->user_title, |
1182 'USER_LEVEL_MEMBER' => USER_LEVEL_CHPREF, |
1182 'USER_LEVEL_MEMBER' => USER_LEVEL_CHPREF, |
1183 'USER_LEVEL_MOD' => USER_LEVEL_MOD, |
1183 'USER_LEVEL_MOD' => USER_LEVEL_MOD, |
1184 'USER_LEVEL_ADMIN' => USER_LEVEL_ADMIN, |
1184 'USER_LEVEL_ADMIN' => USER_LEVEL_ADMIN, |
1185 'AES_JAVASCRIPT' => $aes_javascript, |
1185 'AES_JAVASCRIPT' => $aes_javascript, |
1186 'IM_AIM' => $im_aim, |
1186 'IM_AIM' => $im_aim, |
1187 'IM_YAHOO' => $im_yahoo, |
1187 'IM_YAHOO' => $im_yahoo, |
1188 'IM_WLM' => $im_msn, |
1188 'IM_WLM' => $im_msn, |
1189 'IM_XMPP' => $im_xmpp, |
1189 'IM_XMPP' => $im_xmpp, |
1190 'HOMEPAGE' => $homepage, |
1190 'HOMEPAGE' => $homepage, |
1191 'LOCATION' => $location, |
1191 'LOCATION' => $location, |
1192 'JOB' => $job, |
1192 'JOB' => $job, |
1193 'HOBBIES' => $hobbies, |
1193 'HOBBIES' => $hobbies, |
1194 'FORM_ACTION' => $form_action, |
1194 'FORM_ACTION' => $form_action, |
1195 'REG_IP_ADDR' => $this->reg_ip_addr, |
1195 'REG_IP_ADDR' => $this->reg_ip_addr, |
1196 'RANK_LIST' => $rank_list, |
1196 'RANK_LIST' => $rank_list, |
1197 'GRAVATAR_URL' => make_gravatar_url($this->email, 16) |
1197 'GRAVATAR_URL' => make_gravatar_url($this->email, 16) |
1198 )); |
1198 )); |
1199 |
1199 |
1200 if ( $this->has_avatar ) |
1200 if ( $this->has_avatar ) |
1201 { |
1201 { |
1202 $parser->assign_vars(array( |
1202 $parser->assign_vars(array( |
1203 'AVATAR_SRC' => make_avatar_url($this->user_id, $this->avi_type), |
1203 'AVATAR_SRC' => make_avatar_url($this->user_id, $this->avi_type), |
1204 'AVATAR_ALT' => $lang->get('usercp_avatar_image_alt', array('username' => $this->username), $this->email) |
1204 'AVATAR_ALT' => $lang->get('usercp_avatar_image_alt', array('username' => $this->username), $this->email) |
1205 )); |
1205 )); |
1206 } |
1206 } |
1207 |
1207 |
1208 $parser->assign_bool(array( |
1208 $parser->assign_bool(array( |
1209 'password_meter' => ( getConfig('pw_strength_enable') == '1' ), |
1209 'password_meter' => ( getConfig('pw_strength_enable') == '1' ), |
1210 'ul_member' => ( $this->user_level == USER_LEVEL_CHPREF ), |
1210 'ul_member' => ( $this->user_level == USER_LEVEL_CHPREF ), |
1211 'ul_mod' => ( $this->user_level == USER_LEVEL_MOD ), |
1211 'ul_mod' => ( $this->user_level == USER_LEVEL_MOD ), |
1212 'ul_admin' => ( $this->user_level == USER_LEVEL_ADMIN ), |
1212 'ul_admin' => ( $this->user_level == USER_LEVEL_ADMIN ), |
1213 'account_active' => ( $this->account_active === true ), |
1213 'account_active' => ( $this->account_active === true ), |
1214 'email_public' => ( $this->email_public === true ), |
1214 'email_public' => ( $this->email_public === true ), |
1215 'same_user' => ( $this->user_id == $session->user_id ), |
1215 'same_user' => ( $this->user_id == $session->user_id ), |
1216 'user_has_avatar' => ( $this->has_avatar ), |
1216 'user_has_avatar' => ( $this->has_avatar ), |
1217 'have_reg_ip' => ( intval(@strlen($this->reg_ip_addr)) > 0 && is_valid_ip($this->reg_ip_addr) ) |
1217 'have_reg_ip' => ( intval(@strlen($this->reg_ip_addr)) > 0 && is_valid_ip($this->reg_ip_addr) ) |
1218 )); |
1218 )); |
1219 |
1219 |
1220 $parsed = $parser->run(); |
1220 $parsed = $parser->run(); |
1221 return $parsed; |
1221 return $parsed; |
1222 } |
1222 } |
1223 |
1223 |
1224 } |
1224 } |
1225 |
1225 |
1226 function acp_usermanager_lockouts($homewrap = false) |
1226 function acp_usermanager_lockouts($homewrap = false) |
1227 { |
1227 { |
1228 global $db, $session, $paths, $template, $plugins; // Common objects |
1228 global $db, $session, $paths, $template, $plugins; // Common objects |
1229 global $lang; |
1229 global $lang; |
1230 |
1230 |
1231 // Locked out users |
1231 // Locked out users |
1232 |
1232 |
1233 if ( !empty($_GET['clear_lockout']) && is_valid_ip($_GET['clear_lockout']) ) |
1233 if ( !empty($_GET['clear_lockout']) && is_valid_ip($_GET['clear_lockout']) ) |
1234 { |
1234 { |
1235 $ip = $db->escape($_GET['clear_lockout']); |
1235 $ip = $db->escape($_GET['clear_lockout']); |
1236 $q = $db->sql_query('DELETE FROM ' . table_prefix . "lockout WHERE ipaddr = '$ip' AND timestamp > ( " . time() . " - (" . getConfig('lockout_duration', 15) . "*60) );"); |
1236 $q = $db->sql_query('DELETE FROM ' . table_prefix . "lockout WHERE ipaddr = '$ip' AND timestamp > ( " . time() . " - (" . getConfig('lockout_duration', 15) . "*60) );"); |
1237 if ( !$q ) |
1237 if ( !$q ) |
1238 $db->_die(); |
1238 $db->_die(); |
1239 |
1239 |
1240 echo '<div class="info-box">' . $lang->get('acphome_msg_lockout_clear_success', array('ip' => htmlspecialchars($ip))) . '</div>'; |
1240 echo '<div class="info-box">' . $lang->get('acphome_msg_lockout_clear_success', array('ip' => htmlspecialchars($ip))) . '</div>'; |
1241 } |
1241 } |
1242 |
1242 |
1243 $q = $db->sql_query('SELECT COUNT(id) AS fail_count, ipaddr, username, timestamp FROM ' . table_prefix . "lockout\n" |
1243 $q = $db->sql_query('SELECT COUNT(id) AS fail_count, ipaddr, username, timestamp FROM ' . table_prefix . "lockout\n" |
1244 . " WHERE timestamp > ( " . time() . " - " . intval(getConfig('lockout_duration', 15)) . "*60 ) GROUP BY ipaddr ORDER BY COUNT(id) DESC, timestamp DESC;"); |
1244 . " WHERE timestamp > ( " . time() . " - " . intval(getConfig('lockout_duration', 15)) . "*60 ) GROUP BY ipaddr ORDER BY COUNT(id) DESC, timestamp DESC;"); |
1245 if ( !$q ) |
1245 if ( !$q ) |
1246 $db->_die(); |
1246 $db->_die(); |
1247 |
1247 |
1248 if ( $db->numrows() > 0 ) |
1248 if ( $db->numrows() > 0 ) |
1249 { |
1249 { |
1250 if ( $homewrap ) |
1250 if ( $homewrap ) |
1251 echo '<div class="acphome-box notice">'; |
1251 echo '<div class="acphome-box notice">'; |
1252 echo '<h3>' . $lang->get('acphome_msg_users_locked_out') . '</h3>'; |
1252 echo '<h3>' . $lang->get('acphome_msg_users_locked_out') . '</h3>'; |
1253 echo '<p>' . $lang->get('acphome_msg_users_locked_out_hint') . '</p>'; |
1253 echo '<p>' . $lang->get('acphome_msg_users_locked_out_hint') . '</p>'; |
1254 |
1254 |
1255 ?> |
1255 ?> |
1256 <div class="tblholder" style="margin-bottom: 10px;"> |
1256 <div class="tblholder" style="margin-bottom: 10px;"> |
1257 <table width="100%" cellspacing="1" cellpadding="4"> |
1257 <table width="100%" cellspacing="1" cellpadding="4"> |
1258 <tr> |
1258 <tr> |
1259 <th><?php echo $lang->get('acphome_th_locked_out_ip'); ?></th> |
1259 <th><?php echo $lang->get('acphome_th_locked_out_ip'); ?></th> |
1260 <th><?php echo $lang->get('acphome_th_locked_out_username'); ?></th> |
1260 <th><?php echo $lang->get('acphome_th_locked_out_username'); ?></th> |
1261 <th><?php echo $lang->get('acphome_th_locked_out_status'); ?></th> |
1261 <th><?php echo $lang->get('acphome_th_locked_out_status'); ?></th> |
1262 <th><?php echo $lang->get('acphome_th_locked_out_time'); ?></th> |
1262 <th><?php echo $lang->get('acphome_th_locked_out_time'); ?></th> |
1263 <th></th> |
1263 <th></th> |
1264 </tr> |
1264 </tr> |
1265 <?php |
1265 <?php |
1266 |
1266 |
1267 while ( $row = $db->fetchrow() ) |
1267 while ( $row = $db->fetchrow() ) |
1268 { |
1268 { |
1269 echo '<tr>'; |
1269 echo '<tr>'; |
1270 echo '<td class="row1">' . htmlspecialchars($row['ipaddr']) . '</td>'; |
1270 echo '<td class="row1">' . htmlspecialchars($row['ipaddr']) . '</td>'; |
1271 echo '<td class="row2">' . htmlspecialchars($row['username']) . '</td>'; |
1271 echo '<td class="row2">' . htmlspecialchars($row['username']) . '</td>'; |
1272 // status |
1272 // status |
1273 echo '<td class="row1" style="text-align: center;">' . |
1273 echo '<td class="row1" style="text-align: center;">' . |
1274 ( $row['fail_count'] >= getConfig('lockout_threshold', 5) |
1274 ( $row['fail_count'] >= getConfig('lockout_threshold', 5) |
1275 ? '<b>' . $lang->get('acphome_lbl_locked_out_banned') . '</b>' |
1275 ? '<b>' . $lang->get('acphome_lbl_locked_out_banned') . '</b>' |
1276 : $lang->get('acphome_lbl_locked_out_warned', array('fail_count' => $row['fail_count'])) |
1276 : $lang->get('acphome_lbl_locked_out_warned', array('fail_count' => $row['fail_count'])) |
1277 ) |
1277 ) |
1278 . '</td>'; |
1278 . '</td>'; |
1279 // time left |
1279 // time left |
1280 if ( $row['fail_count'] >= getConfig('lockout_threshold', 5) ) |
1280 if ( $row['fail_count'] >= getConfig('lockout_threshold', 5) ) |
1281 { |
1281 { |
1282 $expire_time = $row['timestamp'] + ( getConfig('lockout_duration', 15) * 60 ); |
1282 $expire_time = $row['timestamp'] + ( getConfig('lockout_duration', 15) * 60 ); |
1283 $time_left = round(($expire_time - time()) / 60); |
1283 $time_left = round(($expire_time - time()) / 60); |
1284 $minutes = $time_left == 1 ? $lang->get('etc_unit_minute') : $lang->get('etc_unit_minutes'); |
1284 $minutes = $time_left == 1 ? $lang->get('etc_unit_minute') : $lang->get('etc_unit_minutes'); |
1285 echo '<td class="row2" style="text-align: center;">' . "$time_left $minutes" . '</td>'; |
1285 echo '<td class="row2" style="text-align: center;">' . "$time_left $minutes" . '</td>'; |
1286 } |
1286 } |
1287 else |
1287 else |
1288 { |
1288 { |
1289 echo '<td class="row2" style="text-align: center;">–</td>'; |
1289 echo '<td class="row2" style="text-align: center;">–</td>'; |
1290 } |
1290 } |
1291 // action |
1291 // action |
1292 $btn_text = $row['fail_count'] >= getConfig('lockout_threshold', 5) ? $lang->get('acphome_btn_lockout_unblock') : $lang->get('acphome_btn_lockout_clear'); |
1292 $btn_text = $row['fail_count'] >= getConfig('lockout_threshold', 5) ? $lang->get('acphome_btn_lockout_unblock') : $lang->get('acphome_btn_lockout_clear'); |
1293 echo '<td class="row1" style="text-align: center;"><a href="#" onclick="ajaxPage(\'' . $paths->nslist['Admin'] . 'UserManager\', \'clear_lockout=' . htmlspecialchars($row['ipaddr']) . '\'); return false;">' . $btn_text . '</a></td>'; |
1293 echo '<td class="row1" style="text-align: center;"><a href="#" onclick="ajaxPage(\'' . $paths->nslist['Admin'] . 'UserManager\', \'clear_lockout=' . htmlspecialchars($row['ipaddr']) . '\'); return false;">' . $btn_text . '</a></td>'; |
1294 echo '</tr>'; |
1294 echo '</tr>'; |
1295 } |
1295 } |
1296 echo '</table>'; |
1296 echo '</table>'; |
1297 echo '</div>'; |
1297 echo '</div>'; |
1298 if ( $homewrap ) |
1298 if ( $homewrap ) |
1299 echo '</div>'; |
1299 echo '</div>'; |
1300 } |
1300 } |
1301 |
1301 |
1302 $db->free_result(); |
1302 $db->free_result(); |
1303 } |
1303 } |