AJAX core library: possible breaking change, readystatechange functions are now called with the XHR instance as the first parameter, to allow requests to run in parallel. This means much better stability but may break some applets (compatibility hack is included)
<?php
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
* Version 1.1.6 (Caoineag beta 1)
* Copyright (C) 2006-2008 Dan Fuhry
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
*/
function page_Admin_UserManager()
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $lang;
if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
{
$login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
return;
}
require_once(ENANO_ROOT . '/includes/math.php');
require_once(ENANO_ROOT . '/includes/diffiehellman.php');
$GLOBALS['dh_supported'] = $dh_supported;
//die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>');
if ( isset($_POST['action']['save']) )
{
#
# BEGIN VALIDATION
#
$errors = array();
if ( defined('ENANO_DEMO_MODE') )
{
$errors[] = $lang->get('acpum_err_nosave_demo');
}
$user_id = intval($_POST['user_id']);
if ( empty($user_id) || $user_id == 1 )
$errors[] = 'Invalid user ID.';
if ( isset($_POST['delete_account']) && count($errors) < 1 )
{
$q = $db->sql_query('DELETE FROM '.table_prefix."users_extra WHERE user_id=$user_id;");
if ( !$q )
$db->_die();
$q = $db->sql_query('DELETE FROM '.table_prefix."users WHERE user_id=$user_id;");
if ( !$q )
$db->_die();
echo '<div class="info-box">' . $lang->get('acpum_msg_delete_success') . '</div>';
}
else
{
if ( $session->user_id == $user_id )
{
$username = $session->username;
$password = false;
$email = $session->email;
$real_name = $session->real_name;
}
else
{
$username = $_POST['username'];
if ( !preg_match('#^'.$session->valid_username.'$#', $username) )
$errors[] = $lang->get('acpum_err_illegal_username');
$password = false;
if ( $_POST['changing_pw'] == 'yes' )
{
$password = $session->get_aes_post('new_password');
}
$email = $_POST['email'];
if ( !preg_match('/^(?:[\w\d]+\.?)+@((?:(?:[\w\d]\-?)+\.)+\w{2,4}|localhost)$/', $email) )
$errors[] = $lang->get('acpum_err_illegal_email');
$real_name = $_POST['real_name'];
}
$signature = RenderMan::preprocess_text($_POST['signature'], true, true);
$user_level = intval($_POST['user_level']);
if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN )
$errors[] = 'Invalid user level';
$user_rank = $_POST['user_rank'];
if ( $user_rank !== 'NULL' )
{
$user_rank = intval($user_rank);
if ( !$user_rank )
$errors[] = 'Invalid user rank';
}
$imaddr_aim = htmlspecialchars($_POST['imaddr_aim']);
$imaddr_msn = htmlspecialchars($_POST['imaddr_msn']);
$imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']);
$imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']);
$homepage = htmlspecialchars($_POST['homepage']);
$location = htmlspecialchars($_POST['location']);
$occupation = htmlspecialchars($_POST['occupation']);
$hobbies = htmlspecialchars($_POST['hobbies']);
$email_public = ( isset($_POST['email_public']) ) ? '1' : '0';
$user_title = htmlspecialchars($_POST['user_title']);
if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) )
{
$imaddr_msn = "$imaddr_msn@hotmail.com";
}
if ( substr($homepage, 0, 7) != 'http://' )
{
$homepage = "http://$homepage";
}
if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
{
$homepage = '';
}
if ( count($errors) < 1 )
{
$q = $db->sql_query('SELECT u.user_level, u.user_has_avatar, u.avatar_type FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';');
if ( !$q )
$db->_die();
if ( $db->numrows() < 1 )
{
echo 'Couldn\'t select user data: no rows returned';
}
$row = $db->fetchrow();
$existing_level =& $row['user_level'];
$avi_type =& $row['avatar_type'];
$has_avi = ( $row['user_has_avatar'] == 1 );
$db->free_result();
$to_update_users = array();
if ( $user_id != $session->user_id )
{
$to_update_users['username'] = $username;
if ( $password )
{
$password = $session->pk_encrypt($password, ENC_HEX);
$to_update_users['password'] = $password;
}
$to_update_users['email'] = $email;
$to_update_users['real_name'] = $real_name;
}
$to_update_users['signature'] = $signature;
$to_update_users['user_level'] = $user_level;
$to_update_users['user_rank'] = $user_rank;
$to_update_users['user_title'] = $user_title;
if ( $user_rank > 0 )
{
$to_update_users['user_rank_userset'] = '0';
}
if ( isset($_POST['account_active']) )
{
$to_update_users['account_active'] = "1";
}
else
{
$to_update_users['account_active'] = "0";
$to_update_users['activation_key'] = sha1($session->dss_rand());
}
// Avatar validation
$action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep';
$avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type;
switch($action)
{
case 'keep':
default:
break;
case 'remove':
if ( $has_avi )
{
// First switch the avatar off
$to_update_users['user_has_avatar'] = '0';
@unlink($avi_path);
}
break;
case 'set_http':
case 'set_file':
// Hackish way to preserve the UNIX philosophy of reusing as much code as possible
if ( $action == 'set_http' )
{
// Check if this action is enabled
if ( getConfig('avatar_upload_http') !== '1' )
{
// non-localized, only appears on hack attempt
$errors[] = 'Uploads over HTTP are disabled.';
break;
}
// Download the file
require_once( ENANO_ROOT . '/includes/http.php' );
if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) )
{
$errors[] = $lang->get('usercp_avatar_invalid_url');
break;
}
$hostname = $match[1];
$uri = '/' . $match[4];
$port = ( $match[3] ) ? intval($match[3]) : 80;
$max_size = intval(getConfig('avatar_max_size'));
// Get temporary file
$tempfile = tempnam(false, "enanoavatar_{$user_id}");
if ( !$tempfile )
$errors[] = 'Error getting temp file.';
@unlink($tempfile);
$request = new Request_HTTP($hostname, $uri, 'GET', $port);
$result = $request->write_response_to_file($tempfile, 50, $max_size);
if ( !$result || $request->response_code != HTTP_OK )
{
@unlink($tempfile);
$errors[] = $lang->get('usercp_avatar_bad_write');
break;
}
// Response written. Proceed to validation...
}
else
{
// Check if this action is enabled
if ( getConfig('avatar_upload_file') !== '1' )
{
// non-localized, only appears on hack attempt
$errors[] = 'Uploads from the browser are disabled.';
break;
}
$max_size = intval(getConfig('avatar_max_size'));
$file =& $_FILES['avatar_file'];
$tempfile =& $file['tmp_name'];
if ( filesize($tempfile) > $max_size )
{
@unlink($tempfile);
$errors[] = $lang->get('usercp_avatar_file_too_large');
break;
}
}
$file_type = get_image_filetype($tempfile);
if ( !$file_type )
{
unlink($tempfile);
$errors[] = $lang->get('usercp_avatar_bad_filetype');
break;
}
$avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type;
// The file type is good - validate dimensions and animation
switch($file_type)
{
case 'png':
$is_animated = is_png_animated($tempfile);
$dimensions = png_get_dimensions($tempfile);
break;
case 'gif':
$is_animated = is_gif_animated($tempfile);
$dimensions = gif_get_dimensions($tempfile);
break;
case 'jpg':
$is_animated = false;
$dimensions = jpg_get_dimensions($tempfile);
break;
default:
$errors[] = 'API mismatch';
break 2;
}
// Did we get invalid size data? If so the image is probably corrupt.
if ( !$dimensions )
{
@unlink($tempfile);
$errors[] = $lang->get('usercp_avatar_corrupt_image');
break;
}
// Is the image animated?
if ( $is_animated && getConfig('avatar_enable_anim') !== '1' )
{
@unlink($tempfile);
$errors[] = $lang->get('usercp_avatar_disallowed_animation');
break;
}
// Check image dimensions
list($image_x, $image_y) = $dimensions;
$max_x = intval(getConfig('avatar_max_width'));
$max_y = intval(getConfig('avatar_max_height'));
if ( $image_x > $max_x || $image_y > $max_y )
{
@unlink($tempfile);
$errors[] = $lang->get('usercp_avatar_too_large');
break;
}
// All good!
@unlink($avi_path);
if ( rename($tempfile, $avi_path_new) )
{
$to_update_users['user_has_avatar'] = '1';
$to_update_users['avatar_type'] = $file_type;
}
else
{
// move failed - turn avatar off
$to_update_users['user_has_avatar'] = '0';
}
break;
case 'set_gravatar':
// set avatar to use Gravatar
// first, remove old image
if ( $has_avi )
{
@unlink($avi_path);
}
// set to gravatar mode
$to_update_users['user_has_avatar'] = '1';
$to_update_users['avatar_type'] = 'grv';
$has_avi = 1;
break;
}
if ( count($errors) < 1 )
{
$to_update_users_extra = array();
$to_update_users_extra['user_aim'] = $imaddr_aim;
$to_update_users_extra['user_msn'] = $imaddr_msn;
$to_update_users_extra['user_yahoo'] = $imaddr_yahoo;
$to_update_users_extra['user_xmpp'] = $imaddr_xmpp;
$to_update_users_extra['user_homepage'] = $homepage;
$to_update_users_extra['user_location'] = $location;
$to_update_users_extra['user_job'] = $occupation;
$to_update_users_extra['user_hobbies'] = $hobbies;
$to_update_users_extra['email_public'] = ( $email_public ) ? '1' : '0';
$update_sql = '';
foreach ( $to_update_users as $key => $unused_crap )
{
$value =& $to_update_users[$key];
$value = $db->escape($value);
$update_sql .= ( empty($update_sql) ? '' : ',' ) . "$key='$value'";
}
$update_sql = 'UPDATE '.table_prefix."users SET $update_sql WHERE user_id=$user_id;";
$update_sql_extra = '';
foreach ( $to_update_users_extra as $key => $unused_crap )
{
$value =& $to_update_users_extra[$key];
$value = $db->escape($value);
$update_sql_extra .= ( empty($update_sql_extra) ? '' : ',' ) . "$key='$value'";
}
$update_sql_extra = 'UPDATE '.table_prefix."users_extra SET $update_sql_extra WHERE user_id=$user_id;";
if ( !$db->sql_query($update_sql) )
$db->_die();
if ( !$db->sql_query($update_sql_extra) )
$db->_die();
if ( $existing_level != $user_level )
{
// We need to update group memberships
if ( $existing_level == USER_LEVEL_ADMIN )
{
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
if ( !$q )
$db->_die();
$session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
}
else if ( $existing_level == USER_LEVEL_MOD )
{
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_from_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
if ( !$q )
$db->_die();
$session->remove_user_from_group($user_id, GROUP_ID_MOD);
}
if ( $user_level == USER_LEVEL_ADMIN )
{
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_admin\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
if ( !$q )
$db->_die();
$session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
}
else if ( $user_level == USER_LEVEL_MOD )
{
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'u_to_mod\',' . time() . ',"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");');
if ( !$q )
$db->_die();
$session->add_user_to_group($user_id, GROUP_ID_MOD, false);
}
}
// user level updated, regenerate the ranks cache
generate_cache_userranks();
echo '<div class="info-box">' . $lang->get('acpum_msg_save_success') . '</div>';
}
}
}
if ( count($errors) > 0 )
{
echo '<div class="error-box">
<b>' . $lang->get('acpum_err_validation_fail') . '</b>
<ul>
<li>' . implode("</li>\n <li>", $errors) . '</li>
</ul>
</div>';
$form = new Admin_UserManager_SmartForm();
$form->user_id = $user_id;
$form->username = $username;
$form->email = $email;
$form->real_name = $real_name;
$form->signature = $signature;
$form->user_level = $user_level;
$form->user_rank = $user_rank;
$form->user_title = $user_title;
$form->im = array(
'aim' => $imaddr_aim,
'yahoo' => $imaddr_yahoo,
'msn' => $imaddr_msn,
'xmpp' => $imaddr_xmpp
);
$form->contact = array(
'homepage' => $homepage,
'location' => $location,
'job' => $occupation,
'hobbies' => $hobbies
);
$form->email_public = ( isset($_POST['email_public']) );
$form->account_active = ( isset($_POST['account_active']) );
// This is SAFE. The smartform calls is_valid_ip() on this value, thus preventing XSS
// attempts from making it into the form HTML. Badly coded templates may still be
// affected, but if have_reg_ip is checked for, then you're fine.
$form->reg_ip_addr = $_POST['user_registration_ip'];
echo $form->render();
return false;
}
#
# END VALIDATION
#
}
else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) )
{
if ( isset($_GET['user']) )
{
$username =& $_GET['user'];
}
else if ( isset($_GET['username']) )
{
$username =& $_GET['username'];
}
else if ( isset($_POST['username']) )
{
$username =& $_POST['username'];
}
else
{
echo 'No username provided';
return false;
}
$q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, u.user_rank, u.user_title, u.user_has_avatar, u.avatar_type, u.user_registration_ip, x.* FROM '.table_prefix.'users AS u
LEFT JOIN '.table_prefix.'users_extra AS x
ON ( u.user_id = x.user_id OR x.user_id IS NULL )
WHERE ( ' . ENANO_SQLFUNC_LOWERCASE . '(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\' ) AND u.user_id != 1;');
if ( !$q )
$db->_die();
if ( $db->numrows() < 1 )
{
echo '<div class="error-box">' . $lang->get('acpum_err_bad_username') . '</div>';
}
else
{
$row = $db->fetchrow();
$row['user_id'] = $row['authoritative_uid'];
$form = new Admin_UserManager_SmartForm();
$form->user_id = $row['user_id'];
$form->username = $row['username'];
$form->email = $row['email'];
$form->real_name = $row['real_name'];
$form->signature = $row['signature'];
$form->user_level= $row['user_level'];
$form->user_rank = $row['user_rank'];
$form->user_title= $row['user_title'];
$form->account_active = ( $row['account_active'] == 1 );
$form->email_public = ( $row['email_public'] == 1 );
$form->has_avatar = ( $row['user_has_avatar'] == 1 );
$form->avi_type = $row['avatar_type'];
$form->im = array(
'aim' => $row['user_aim'],
'yahoo' => $row['user_yahoo'],
'msn' => $row['user_msn'],
'xmpp' => $row['user_xmpp']
);
$form->contact = array(
'homepage' => $row['user_homepage'],
'location' => $row['user_location'],
'job' => $row['user_job'],
'hobbies' => $row['user_hobbies'],
);
$form->email_public = ( $row['email_public'] == 1 );
$form->reg_ip_addr = ( $row['user_registration_ip'] ) ? $row['user_registration_ip'] : '';
$html = $form->render();
if ( !$html )
{
echo 'Internal error: form processor returned false';
}
else
{
echo $html;
}
return true;
}
}
else if ( isset($_POST['action']['clear_sessions']) )
{
if ( defined('ENANO_DEMO_MODE') )
{
echo '<div class="error-box">' . $lang->get('acpum_err_sessionclear_demo') . '</div>';
}
else
{
// Get the current session information so the user doesn't get logged out
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
$sk = md5(strrev($session->sid_super));
$qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
if ( !$qb )
{
die('Error selecting session key info block B: '.$db->get_error());
}
if ( $db->numrows($qb) < 1 )
{
die('Error: cannot read admin session info block B, aborting table clear process');
}
$qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
if ( !$qa )
{
die('Error selecting session key info block A: '.$db->get_error());
}
if ( $db->numrows($qa) < 1 )
{
die('Error: cannot read user session info block A, aborting table clear process');
}
$ra = $db->fetchrow($qa);
$rb = $db->fetchrow($qb);
$db->free_result($qa);
$db->free_result($qb);
$db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
$db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra['session_key'].'\', \''.$ra['salt'].'\', \''.$session->user_id.'\', \''.$ra['auth_level'].'\', \''.$ra['source_ip'].'\', '.$ra['time'].' ),( \''.$rb['session_key'].'\', \''.$rb['salt'].'\', \''.$session->user_id.'\', \''.$rb['auth_level'].'\', \''.$rb['source_ip'].'\', '.$rb['time'].' )');
echo '<div class="info-box">' . $lang->get('acpum_msg_sessionclear_success') . '</div>';
}
}
echo '<form action="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true) . '" method="post" enctype="multipart/form-data" onsubmit="if ( !submitAuthorized ) return false;">';
echo '<h3>' . $lang->get('acpum_heading_main') . '</h3>';
echo '<p>' . $lang->get('acpum_hint_intro') . '</p>';
echo '<table border="0">
<tr>
<td><b>' . $lang->get('acpum_field_search_user') . '</b><br />
<small>' . $lang->get('acpum_field_search_user_hint') . '</small>
</td>
<td style="width: 10px;"></td>
<td>' . $template->username_field('username') . '</td>
<td>
<input type="submit" name="action[go]" value="' . $lang->get('acpum_btn_search_user_go') . ' »" />
</td>
</tr>
</table>';
echo '<h3>' . $lang->get('acpum_heading_clear_sessions') . '</h3>';
echo '<p>' . $lang->get('acpum_hint_clear_sessions') . '</p>';
echo '<p><input type="submit" name="action[clear_sessions]" value="' . $lang->get('acpum_btn_clear_sessions') . '" /></p>';
echo '</form>';
if(isset($_GET['action']) && isset($_GET['user']))
{
switch($_GET['action'])
{
case "activate":
$e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');
if ( $e )
{
// attempt to activate the account
$row = $db->fetchrow();
$db->free_result();
if ( $session->activate_account($_GET['user'], $row['activation_key']) )
{
echo '<div class="info-box">' . $lang->get('acpum_msg_activate_success', array('username' => htmlspecialchars($_GET['user']))) . '</div>';
$db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid']));
}
else
{
echo '<div class="warning-box">' . $lang->get('acpum_err_activate_fail', array('username' => htmlspecialchars($_GET['user']))) . '</div>';
}
}
else
{
echo '<div class="error-box">Error activating account: '.$db->get_error().'</div>';
}
break;
case "sendemail":
if ( $session->send_activation_mail($_GET['user'] ) )
{
echo '<div class="info-box">' . $lang->get('acpum_msg_activate_email_success', array('username' => htmlspecialchars($_GET['user']))) . '</div>';
$db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid']));
}
else
{
echo '<div class="error-box">' . $lang->get('acpum_err_activate_email_fail', array('username' => htmlspecialchars($_GET['user']))) . '</div>';
}
break;
case "deny":
$e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND time_id=\'' . $db->escape($_GET['logid']) . '\';');
if ( !$e )
{
echo '<div class="error-box">Error during row deletion: '.$db->get_error().'</div>';
}
else
{
echo '<div class="info-box">' . $lang->get('acpum_msg_activate_deny_success', array('username' => htmlspecialchars($_GET['user']))) . '</div>';
}
break;
}
}
$q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l
LEFT JOIN '.table_prefix.'users AS u
ON ( u.username = l.edit_summary OR u.username IS NULL )
WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');
if($q)
{
if($db->numrows() > 0)
{
$n = $db->numrows();
$str = ( $n == 1 ) ?
$lang->get('acpum_heading_activation_one') :
$lang->get('acpum_heading_activation_plural', array('count' => strval($n)));
echo '<h3>' . $str . '</h3>';
echo '<div class="tblholder">
<table border="0" cellspacing="1" cellpadding="4" width="100%">
<tr>
<th>' . $lang->get('acpum_col_activate_timestamp') . '</th>
<th>' . $lang->get('acpum_col_activate_requestedby') . '</th>
<th>' . $lang->get('acpum_col_activate_requestedfor') . '</th>
<th>' . $lang->get('acpum_col_activate_coppauser') . '</th>
<th colspan="3">' . $lang->get('acpum_col_activate_actions') . '</th>
</tr>';
$cls = 'row2';
while($row = $db->fetchrow())
{
if($cls == 'row2') $cls = 'row1';
else $cls = 'row2';
$coppa = ( $row['user_coppa'] == '1' ) ? '<b>' . $lang->get('acpum_coppauser_yes') . '</b>' : $lang->get('acpum_coppauser_no');
echo '<tr>
<td class="'.$cls.'">'.enano_date('F d, Y h:i a', $row['time_id']).'</td>
<td class="'.$cls.'">'.$row['author'].'</td>
<td class="'.$cls.'">'.$row['edit_summary'].'</td>
<td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td>
<td class="'.$cls.'" style="text-align: center;">
<a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_activate_now') . '</a>
</td>
<td class="'.$cls.'" style="text-align: center;">
<a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_send_email') . '</a>
</td>
<td class="'.$cls.'" style="text-align: center;">
<a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.rawurlencode($row['edit_summary']).'&logid='.$row['time_id'], true).'">' . $lang->get('acpum_btn_activate_deny') . '</a>
</td>
</tr>';
}
echo '</table>';
}
$db->free_result();
}
}
/**
* Smart form class for the user manager.
* @package Enano
* @subpackage Administration
*/
class Admin_UserManager_SmartForm
{
/**
* Universally Unique Identifier (UUID) for this editor instance. Used to unique-itize Javascript functions and whatnot.
* @var string
*/
var $uuid = '';
/**
* User ID that we're editing.
* @var int
*/
var $user_id = 0;
/**
* Username
* @var string
*/
var $username = '';
/**
* E-mail address
* @var string
*/
var $email = '';
/**
* Real name
* @var string
*/
var $real_name = '';
/**
* Signature
* @var string
*/
var $signature = '';
/**
* IM contact information
* @var array
*/
var $im = array();
/**
* Real-life contact info
* @var array
*/
var $contact = array();
/**
* User level
* @var int
*/
var $user_level = USER_LEVEL_MEMBER;
/**
* User-specific user rank
* @var int
*/
var $user_rank = NULL;
/**
* User's custom title
* @var int
*/
var $user_title = '';
/**
* Account activated
* @var bool
*/
var $account_active = true;
/**
* Email public switch
* @var bool
*/
var $email_public = false;
/**
* Whether the user has an avatar or not.
* @var bool
*/
var $has_avatar = false;
/**
* The type of avatar the user has. One of "jpg", "png", or "gif".
* @var string
*/
var $avi_type = 'png';
/**
* The IP address of the user during registration
* @var string
*/
var $reg_ip_addr = '';
/**
* Constructor.
*/
function Admin_UserManager_SmartForm()
{
$this->uuid = md5( mt_rand() . microtime() );
}
/**
* Renders and returns the finished form.
* @return string
*/
function render()
{
global $db, $session, $paths, $template, $plugins; // Common objects
global $lang;
global $dh_supported;
if ( file_exists( ENANO_ROOT . "/themes/$template->theme/admin_usermanager_form.tpl" ) )
{
$parser = $template->makeParser('admin_usermanager_form.tpl');
}
else
{
$tpl_code = <<<EOF
<!-- Start of user edit form -->
<script type="text/javascript">
function userform_{UUID}_chpasswd()
{
var link = document.getElementById('userform_{UUID}_pwlink');
var form = document.getElementById('userform_{UUID}_pwform');
domOpacity(link, 100, 0, 500);
domObjChangeOpac(0, form);
setTimeout("var link = document.getElementById('userform_{UUID}_pwlink'); var form = document.getElementById('userform_{UUID}_pwform'); link.style.display = 'none'; form.style.display = 'block'; domOpacity(form, 0, 100, 500);", 550);
<!-- BEGINNOT same_user -->document.forms['useredit_{UUID}'].changing_pw.value = 'yes';<!-- END same_user -->
}
function userform_{UUID}_chpasswd_cancel()
{
var link = document.getElementById('userform_{UUID}_pwlink');
var form = document.getElementById('userform_{UUID}_pwform');
domOpacity(form, 100, 0, 500);
domObjChangeOpac(0, link);
setTimeout("var link = document.getElementById('userform_{UUID}_pwlink'); var form = document.getElementById('userform_{UUID}_pwform'); form.style.display = 'none'; link.style.display = 'block'; domOpacity(link, 0, 100, 500);", 550);
<!-- BEGINNOT same_user -->document.forms['useredit_{UUID}'].changing_pw.value = 'no';<!-- END same_user -->
}
function userform_{UUID}_validate()
{
var form = document.forms['useredit_{UUID}'];
<!-- BEGINNOT same_user -->
if ( form.changing_pw.value == 'yes' )
{
return runEncryption(true);
}
<!-- END same_user -->
return true;
}
</script>
<form action="{FORM_ACTION}" method="post" name="useredit_{UUID}" enctype="multipart/form-data" onsubmit="return userform_{UUID}_validate();">
<input name="user_id" value="{USER_ID}" type="hidden" />
<div class="tblholder">
<table border="0" cellspacing="1" cellpadding="4">
<!-- Heading -->
<tr>
<th colspan="2">
{lang:acpum_heading_editing_user} {USERNAME}
</th>
</tr>
<!-- Basic options (stored in enano_users) -->
<tr>
<th colspan="2" class="subhead">
{lang:acpum_heading_basic_options}
</th>
</tr>
<tr>
<td class="row2" style="width: 25%;">
{lang:acpum_field_username}<br />
<small>{lang:acpum_field_username_hint}</small>
</td>
<td class="row1" style="width: 75%;">
<input type="text" name="username" value="{USERNAME}" size="40" <!-- BEGIN same_user -->disabled="disabled" <!-- END same_user -->/>
<!-- BEGIN same_user --><small>{lang:acpum_msg_same_user_username}</small><!-- END same_user -->
</td>
</tr>
<tr>
<td class="row2">
{lang:acpum_field_password}
<!-- BEGIN password_meter -->
<br />
<small>{lang:acpum_field_password_hint}</small>
<!-- END password_meter -->
</td>
<td class="row1">
<div id="userform_{UUID}_pwlink">
<b>{lang:acpum_msg_password_unchanged}</b> <a href="#" onclick="userform_{UUID}_chpasswd(); return false;">{lang:acpum_btn_reset_password}</a>
</div>
<div id="userform_{UUID}_pwform" style="display: none;">
<!-- BEGIN same_user -->
{lang:acpum_msg_same_user_password} <a href="#" onclick="userform_{UUID}_chpasswd_cancel(); return false;">{lang:etc_cancel}</a>
<!-- BEGINELSE same_user -->
<input type="hidden" name="changing_pw" value="no" />
{AES_FORM}
<table border="0" style="background-color: transparent;" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2">
<b>{lang:acpum_field_password_title}</b>
</td>
</tr>
<tr>
<td>{lang:acpum_field_newpassword}</td>
<td>
<!-- BEGIN password_meter -->
<input type="password" name="new_password" value="" onkeyup="password_score_field(this);" /><span class="password-checker" style="font-weight: bold; color: #A0A0A0"> Waiting for l10n init</span>
<!-- BEGINELSE password_meter -->
<input type="password" name="new_password" value="" />
<!-- END password_meter -->
<!-- BEGIN password_meter -->
<div id="pwmeter" style="margin: 4px 0; height: 8px;"></div>
<!-- END password_meter -->
</td>
</tr>
<tr>
<td>{lang:acpum_field_newpassword_confirm}</td>
<td><input type="password" name="new_password_confirm" value="" /></td>
</tr>
<tr>
<td colspan="2">
<a href="#" onclick="userform_{UUID}_chpasswd_cancel(); return false;">{lang:etc_cancel}</a>
</td>
</tr>
</table>
<!-- END same_user -->
</div>
</td>
</tr>
<tr>
<td class="row2" style="width: 25%;">
{lang:acpum_field_email}
</td>
<td class="row1" style="width: 75%;">
<input type="text" name="email" value="{EMAIL}" size="40" <!-- BEGIN same_user -->disabled="disabled" <!-- END same_user -->/>
<!-- BEGIN same_user --><small>{lang:acpum_msg_same_user_email}</small><!-- END same_user -->
</td>
</tr>
<tr>
<td class="row2" style="width: 25%;">
{lang:acpum_field_realname}
</td>
<td class="row1" style="width: 75%;">
<input type="text" name="real_name" value="{REAL_NAME}" size="40" <!-- BEGIN same_user -->disabled="disabled" <!-- END same_user -->/>
<!-- BEGIN same_user --><small>{lang:acpum_msg_same_user_realname}</small><!-- END same_user -->
</td>
</tr>
<tr>
<td class="row2" style="width: 25%;">
{lang:acpum_field_signature}
</td>
<td class="row1" style="width: 75%;">
{SIGNATURE_FIELD}
</td>
</tr>
<tr>
<td class="row2" style="width: 25%;">
{lang:acpum_field_usertitle}<br />
<small>
{lang:acpum_field_usertitle_hint}
</small>
</td>
<td class="row1" style="width: 75%;">
<input type="text" name="user_title" value="{USER_TITLE}" />
</td>
</tr>
<!-- / Basic options -->
<!-- Extended options (anything in enano_users_extra) -->
<tr>
<th class="subhead" colspan="2">
{lang:acpum_heading_imcontact}
</th>
<tr>
<td class="row2">{lang:acpum_field_aim}</td>
<td class="row1"><input type="text" name="imaddr_aim" value="{IM_AIM}" size="30" /></td>
</tr>
<tr>
<td class="row2">{lang:acpum_field_wlm}<br /><small>{lang:acpum_field_wlm_hint}</small></td>
<td class="row1"><input type="text" name="imaddr_msn" value="{IM_WLM}" size="30" /></td>
</tr>
<tr>
<td class="row2">{lang:acpum_field_yim}</td>
<td class="row1"><input type="text" name="imaddr_yahoo" value="{IM_YAHOO}" size="30" /></td>
</tr>
<tr>
<td class="row2">{lang:acpum_field_xmpp}</td>
<td class="row1"><input type="text" name="imaddr_xmpp" value="{IM_XMPP}" size="30" /></td>
</tr>
<tr>
<th class="subhead" colspan="2">
{lang:acpum_heading_contact_extra}
</th>
</tr>
<tr>
<td class="row2">{lang:acpum_field_homepage}<br /><small>{lang:acpum_field_homepage_hint}</small></td>
<td class="row1"><input type="text" name="homepage" value="{HOMEPAGE}" size="30" /></td>
</tr>
<tr>
<td class="row2">{lang:acpum_field_location}</td>
<td class="row1"><input type="text" name="location" value="{LOCATION}" size="30" /></td>
</tr>
<tr>
<td class="row2">{lang:acpum_field_job}</td>
<td class="row1"><input type="text" name="occupation" value="{JOB}" size="30" /></td>
</tr>
<tr>
<td class="row2">{lang:acpum_field_hobbies}</td>
<td class="row1"><input type="text" name="hobbies" value="{HOBBIES}" size="30" /></td>
</tr>
<tr>
<td class="row2"><label for="chk_email_public_{UUID}">{lang:acpum_field_email_public}</label><br /><small>{lang:acpum_field_email_public_hint}</small></td>
<td class="row1"><input type="checkbox" id="chk_email_public_{UUID}" name="email_public" <!-- BEGIN email_public -->checked="checked" <!-- END email_public -->size="30" /></td>
</tr>
<!-- / Extended options -->
<!-- Avatar settings -->
<tr>
<th class="subhead" colspan="2">
{lang:acpum_avatar_heading}
</th>
</tr>
<tr>
<td class="row2">
{lang:usercp_avatar_label_current}
</td>
<td class="row1">
<!-- BEGIN user_has_avatar -->
<img alt="{AVATAR_ALT}" src="{AVATAR_SRC}" />
<!-- BEGINELSE user_has_avatar -->
{lang:acpum_avatar_image_none}
<!-- END user_has_avatar -->
</td>
</tr>
<tr>
<td class="row2">
{lang:acpum_avatar_lbl_change}
</td>
<td class="row1">
<script type="text/javascript">
function admincp_users_avatar_set_{UUID}(elParent)
{
switch(elParent.value)
{
case 'keep':
case 'remove':
\$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
\$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
\$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
break;
case 'set_http':
\$dynano('avatar_upload_http_{UUID}').object.style.display = 'block';
\$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
\$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
break;
case 'set_file':
\$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
\$dynano('avatar_upload_file_{UUID}').object.style.display = 'block';
\$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
break;
case 'set_gravatar':
\$dynano('avatar_upload_gravatar_{UUID}').object.style.display = 'block';
\$dynano('avatar_upload_http_{UUID}').object.style.display = 'none';
\$dynano('avatar_upload_file_{UUID}').object.style.display = 'none';
break;
}
}
</script>
<label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br />
<label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="remove" /> {lang:acpum_avatar_lbl_remove}</label><br />
<label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_http" /> {lang:acpum_avatar_lbl_set_http}</label><br />
<div id="avatar_upload_http_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
{lang:usercp_avatar_lbl_url} <input type="text" name="avatar_http_url" size="40" value="http://" /><br />
<small>{lang:usercp_avatar_lbl_url_desc} {lang:usercp_avatar_limits}</small>
</div>
<label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_file" /> {lang:acpum_avatar_lbl_set_file}</label><br />
<div id="avatar_upload_file_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
{lang:usercp_avatar_lbl_file} <input type="file" name="avatar_file" size="40" value="http://" /><br />
<small>{lang:usercp_avatar_lbl_file_desc} {lang:usercp_avatar_limits}</small>
</div>
<label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_gravatar" /> {lang:acpum_avatar_lbl_set_gravatar} <img alt=" " src="{GRAVATAR_URL}" /></label><br />
<div id="avatar_upload_gravatar_{UUID}"></div>
</td>
</tr>
<!-- / Avatar settings -->
<!-- Administrator-only options -->
<tr>
<th class="subhead" colspan="2">
{lang:acpum_heading_adminonly}
</th>
</tr>
<tr>
<td class="row2">{lang:acpum_field_active_title}<br />
<small>{lang:acpum_field_active_hint}</small>
</td>
<td class="row1"><label><input type="checkbox" name="account_active" <!-- BEGIN account_active -->checked="checked" <!-- END account_active -->/> {lang:acpum_field_active}</label></td>
</tr>
<tr>
<td class="row2">
{lang:acpum_field_userlevel}<br />
<small>{lang:acpum_field_userlevel_hint}</small>
</td>
<td class="row1">
<select name="user_level">
<option value="{USER_LEVEL_MEMBER}"<!-- BEGIN ul_member --> selected="selected"<!-- END ul_member -->>{lang:userfuncs_ml_level_member}</option>
<option value="{USER_LEVEL_MOD}"<!-- BEGIN ul_mod --> selected="selected"<!-- END ul_mod -->>{lang:userfuncs_ml_level_mod}</option>
<option value="{USER_LEVEL_ADMIN}"<!-- BEGIN ul_admin --> selected="selected"<!-- END ul_admin -->>{lang:userfuncs_ml_level_admin}</option>
</select>
</td>
</tr>
<tr>
<td class="row2">
{lang:acpum_field_userrank}<br />
<small>{lang:acpum_field_userrank_hint}</small>
</td>
<td class="row1">
<select name="user_rank">
{RANK_LIST}
</select>
</td>
</tr>
<!-- BEGIN have_reg_ip -->
<tr>
<td class="row2">
{lang:acpum_field_reg_ip}
</td>
<td class="row1">
{REG_IP_ADDR}
<input type="hidden" name="user_registration_ip" value="{REG_IP_ADDR}" />
</td>
</tr>
<!-- BEGINELSE have_reg_ip -->
<input type="hidden" name="user_registration_ip" value="" />
<!-- END have_reg_ip -->
<tr>
<td class="row2">
{lang:acpum_field_deleteaccount_title}
</td>
<td class="row1">
<label><input type="checkbox" name="delete_account" onclick="var d = (this.checked) ? 'block' : 'none'; document.getElementById('delete_blurb_{UUID}').style.display = d;" /> {lang:acpum_field_deleteaccount}</label>
<div id="delete_blurb_{UUID}" style="display: none;">
<!-- BEGIN same_user -->
<!-- Obnoxious I know, but it's needed. -->
<p><b>{lang:acpum_msg_delete_own_account}</b></p>
<!-- END same_user -->
<p><small>{lang:acpum_field_deleteaccount_hint}</small></p>
</div>
</td>
</tr>
</tr>
<!-- Save button -->
<tr>
<th colspan="2">
<input type="submit" name="action[save]" value="{lang:acpum_btn_save}" style="font-weight: bold;" />
<input type="submit" name="action[noop]" value="{lang:etc_cancel}" style="font-weight: normal;" />
</th>
</tr>
</table>
</div>
</form>
<!-- BEGINNOT same_user -->
<script type="text/javascript">
password_score_field(document.forms['useredit_{UUID}'].new_password);
</script>
<!-- END same_user -->
{AES_JAVASCRIPT}
<!-- Conclusion of user edit form -->
EOF;
$parser = $template->makeParserText($tpl_code);
}
$this->username = htmlspecialchars($this->username);
$this->email = htmlspecialchars($this->email);
$this->user_id = intval($this->user_id);
$this->real_name = htmlspecialchars($this->real_name);
$this->signature = htmlspecialchars($this->signature);
$this->user_level = intval($this->user_level);
$im_aim = ( isset($this->im['aim']) ) ? $this->im['aim'] : false;
$im_yahoo = ( isset($this->im['yahoo']) ) ? $this->im['yahoo'] : false;
$im_msn = ( isset($this->im['msn']) ) ? $this->im['msn'] : false;
$im_xmpp = ( isset($this->im['xmpp']) ) ? $this->im['xmpp'] : false;
$homepage = ( isset($this->contact['homepage']) ) ? $this->contact['homepage'] : false;
$location = ( isset($this->contact['location']) ) ? $this->contact['location'] : false;
$job = ( isset($this->contact['job']) ) ? $this->contact['job'] : false;
$hobbies = ( isset($this->contact['hobbies']) ) ? $this->contact['hobbies'] : false;
if ( empty($this->username) )
{
// @error One or more required parameters not set
return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->username)';
}
if ( empty($this->user_id) )
{
// @error One or more required parameters not set
return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->user_id)';
}
if ( empty($this->email) )
{
// @error One or more required parameters not set
return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->email)';
}
$form_action = makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true);
$aes_javascript = $session->aes_javascript("useredit_$this->uuid", 'new_password');
// build rank list
$q = $db->sql_query('SELECT rank_id, rank_title FROM ' . table_prefix . 'ranks');
if ( !$q )
$db->_die();
$rank_list = '<option value="NULL"' . ( $this->user_rank === NULL ? ' selected="selected"' : '' ) . '>--</option>' . "\n";
while ( $row = $db->fetchrow() )
{
$rank_list .= '<option value="' . $row['rank_id'] . '"' . ( $row['rank_id'] == $this->user_rank ? ' selected="selected"' : '' ) . '>' . htmlspecialchars($lang->get($row['rank_title'])) . '</option>' . "\n";
}
$parser->assign_vars(array(
'UUID' => $this->uuid,
'USERNAME' => $this->username,
'EMAIL' => $this->email,
'USER_ID' => $this->user_id,
'AES_FORM' => $session->generate_aes_form(),
'REAL_NAME' => $this->real_name,
'SIGNATURE_FIELD' => $template->tinymce_textarea('signature', $this->signature, 10, 50),
'USER_TITLE' => $this->user_title,
'USER_LEVEL_MEMBER' => USER_LEVEL_CHPREF,
'USER_LEVEL_MOD' => USER_LEVEL_MOD,
'USER_LEVEL_ADMIN' => USER_LEVEL_ADMIN,
'AES_JAVASCRIPT' => $aes_javascript,
'IM_AIM' => $im_aim,
'IM_YAHOO' => $im_yahoo,
'IM_WLM' => $im_msn,
'IM_XMPP' => $im_xmpp,
'HOMEPAGE' => $homepage,
'LOCATION' => $location,
'JOB' => $job,
'HOBBIES' => $hobbies,
'FORM_ACTION' => $form_action,
'REG_IP_ADDR' => $this->reg_ip_addr,
'RANK_LIST' => $rank_list,
'GRAVATAR_URL' => make_gravatar_url($this->email, 16)
));
if ( $this->has_avatar )
{
$parser->assign_vars(array(
'AVATAR_SRC' => make_avatar_url($this->user_id, $this->avi_type),
'AVATAR_ALT' => $lang->get('usercp_avatar_image_alt', array('username' => $this->username), $this->email)
));
}
$parser->assign_bool(array(
'password_meter' => ( getConfig('pw_strength_enable') == '1' ),
'ul_member' => ( $this->user_level == USER_LEVEL_CHPREF ),
'ul_mod' => ( $this->user_level == USER_LEVEL_MOD ),
'ul_admin' => ( $this->user_level == USER_LEVEL_ADMIN ),
'account_active' => ( $this->account_active === true ),
'email_public' => ( $this->email_public === true ),
'same_user' => ( $this->user_id == $session->user_id ),
'user_has_avatar' => ( $this->has_avatar ),
'have_reg_ip' => ( intval(@strlen($this->reg_ip_addr)) > 0 && is_valid_ip($this->reg_ip_addr) )
));
$parsed = $parser->run();
return $parsed;
}
}
?>