<?php
// File: $Id: users.php,v 1.24 2001/12/06 21:10:48 gregorrothfuss Exp $ $Name: $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2001 by the Post-Nuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file:
// Purpose of file:
// ----------------------------------------------------------------------
if (!eregi("admin.php", $PHP_SELF)) { die ("Access Denied"); }
$hlpfile = "manual/users.html";
modules_get_language();
/*********************************************************/
/* Users Functions */
/*********************************************************/
function displayUsers() {
global $hlpfile, $admin;
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._USERADMIN."</b></font></center>";
CloseTable();
echo "<br>";
if (!authorised(0, 'Users::', '::', ACCESS_EDIT)) {
echo _MODIFYUSERSNOAUTH;
include 'footer.php';
return;
}
// Edit current user
if (authorised(0, 'Users::', '::', ACCESS_EDIT)) {
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._EDITUSER."</b></font><br><br>"
."<form method=\"post\" action=\"admin.php\">"
."<b>"._NICKNAME.": </b> <input type=\"text\" name=\"chng_uid\" size=\"20\">\n"
."<select name=\"op\">"
."<option value=\"modifyUser\">"._MODIFY."</option>\n"
."<option value=\"delUser\">"._DELETE."</option></select>\n"
."<input type=\"submit\" value=\""._OK."\"></form></center>";
CloseTable();
echo "<br>";
}
// Add new user
if (authorised(0, 'Users::', '::', ACCESS_ADD)) {
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._ADDUSER."</b></font><br><br>"
."<form action=\"admin.php\" method=\"post\">"
."<table border=\"0\" width=\"100%\">"
."<tr><td width=\"100\">"._NICKNAME."</td>"
."<td><input type=\"text\" name=\"add_uname\" size=\"30\" maxlength=\"25\"> <font class=\"pn-sub\">"._REQUIRED."</font></td></tr>"
."<tr><td>"._NAME."</td>"
."<td><input type=\"text\" name=\"add_name\" size=\"30\" maxlength=\"50\"></td></tr>"
."<tr><td>"._EMAIL."</td>"
."<td><input type=\"text\" name=\"add_email\" size=\"30\" maxlength=\"60\"> <font class=\"pn-sub\">"._REQUIRED."</font></td></tr>"
."<tr><td>"._FAKEEMAIL."</td>"
."<td><input type=\"text\" name=\"add_femail\" size=\"30\" maxlength=\"60\"></td></tr>"
."<tr><td>"._URL."</td>"
."<td><input type=\"text\" name=\"add_url\" size=\"30\" maxlength=\"60\"></td></tr>"
."<tr><td>"._ICQ."</td>"
."<td><input type=\"text\" name=\"add_user_icq\" size=\"20\" maxlength=\"20\"></td></tr>"
."<tr><td>"._AIM."</td>"
."<td><input type=\"text\" name=\"add_user_aim\" size=\"20\" maxlength=\"20\"></td></tr>"
."<tr><td>"._YIM."</td>"
."<td><input type=\"text\" name=\"add_user_yim\" size=\"20\" maxlength=\"20\"></td></tr>"
."<tr><td>"._MSNM."</td>"
."<td><input type=\"text\" name=\"add_user_msnm\" size=\"20\" maxlength=\"20\"></td></tr>"
."<tr><td>"._LOCATION."</td>"
."<td><input type=\"text\" name=\"add_user_from\" size=\"25\" maxlength=\"60\"></td></tr>"
."<tr><td>"._OCCUPATION."</td>"
."<td><input type=\"text\" name=\"add_user_occ\" size=\"25\" maxlength=\"60\"></td></tr>"
."<tr><td>"._INTERESTS."</td>"
."<td><input type=\"text\" name=\"add_user_intrest\" size=\"25\" maxlength=\"255\"></td></tr>"
."<tr><td>"._OPTION."</td>"
."<td><input type=\"checkbox\" name=\"add_user_viewemail\" VALUE=\"1\"> "._ALLOWUSERS."</td></tr>"
."<tr><td>"._SIGNATURE."</td>"
."<td><textarea name=\"add_user_sig\" rows=\"6\" cols=\"45\"></textarea></td></tr>"
."<tr><td>"._PASSWORD."</td>"
."<td><input type=\"password\" name=\"add_pass\" size=\"12\" maxlength=\"12\"> <font class=\"pn-sub\">"._REQUIRED."</font></td></tr>"
."<input type=\"hidden\" name=\"add_avatar\" value=\"blank.gif\">"
."<input type=\"hidden\" name=\"op\" value=\"addUser\">"
."<tr><td><input type=\"submit\" value=\""._ADDUSERBUT."\"></form></td></tr>"
."</table>";
CloseTable();
}
include("footer.php");
}
function modifyUser($chng_user) {
global $pntable, $dbconn;
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._USERADMIN."</b></font></center>";
CloseTable();
echo "<br>";
$column = &$pntable['users_column'];
$result = $dbconn->Execute("SELECT $column[uid], $column[uname], $column[name],
$column[url], $column[email], $column[femail],
$column[user_icq], $column[user_aim],
$column[user_yim], $column[user_msnm],
$column[user_from], $column[user_occ],
$column[user_intrest], $column[user_viewemail],
$column[user_avatar], $column[user_sig], $column[pass]
FROM $pntable[users]
WHERE $column[uname]='$chng_user'");
// FTO database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
if($result->EOF) {
$result = $dbconn->Execute("SELECT $column[uid], $column[uname], $column[name],
$column[url], $column[email], $column[femail],
$column[user_icq], $column[user_aim],
$column[user_yim], $column[user_msnm],
$column[user_from], $column[user_occ],
$column[user_intrest], $column[user_viewemail],
$column[user_avatar], $column[user_sig],
$column[pass]
FROM $pntable[users]
WHERE $column[uid]='$chng_user'");
}
if(!$result->EOF) {
list($chng_uid, $chng_uname, $chng_name, $chng_url, $chng_email, $chng_femail, $chng_user_icq, $chng_user_aim, $chng_user_yim, $chng_user_msnm, $chng_user_from, $chng_user_occ, $chng_user_intrest, $chng_user_viewemail, $chng_avatar, $chng_user_sig, $chng_pass) = $result->fields;
if (!authorised(0, 'Users::', "$chng_uname::$chng_uid", ACCESS_EDIT)) {
echo _MODIFYUSERSEDITNOAUTH;
include 'footer.php';
return;
}
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._USERUPDATE.": <i>$chng_user</i></b></font></center>"
."<form action=\"admin.php\" method=\"post\">"
."<table border=\"0\">"
."<tr><td>"._USERID."</td>"
."<td><b>$chng_uid</b></td></tr>"
."<tr><td>"._NICKNAME."</td>"
."<td><input type=\"text\" name=\"chng_uname\" value=\"$chng_uname\"> <font class=\"pn-sub\">"._REQUIRED."</font></td></tr>"
."<tr><td>"._NAME."</td>"
."<td><input type=\"text\" name=\"chng_name\" value=\"$chng_name\"></td></tr>"
."<tr><td>"._URL."</td>"
."<td><input type=\"text\" name=\"chng_url\" value=\"$chng_url\" size=\"30\" maxlength=\"60\"></td></tr>"
."<tr><td>"._EMAIL."</td>"
."<td><input type=\"text\" name=\"chng_email\" value=\"$chng_email\" size=\"30\" maxlength=\"60\"> <font class=\"pn-sub\">"._REQUIRED."</font></td></tr>"
."<tr><td>"._FAKEEMAIL."</td>"
."<td><input type=\"text\" name=\"chng_femail\" value=\"$chng_femail\" size=\"30\" maxlength=\"60\"></td></tr>"
."<tr><td>"._ICQ."</td>"
."<td><input type=\"text\" name=\"chng_user_icq\" value=\"$chng_user_icq\" size=\"20\" maxlength=\"20\"></td></tr>"
."<tr><td>"._AIM."</td>"
."<td><input type=\"text\" name=\"chng_user_aim\" value=\"$chng_user_aim\" size=\"20\" maxlength=\"20\"></td></tr>"
."<tr><td>"._YIM."</td>"
."<td><input type=\"text\" name=\"chng_user_yim\" value=\"$chng_user_yim\" size=\"20\" maxlength=\"20\"></td></tr>"
."<tr><td>"._MSNM."</td>"
."<td><input type=\"text\" name=\"chng_user_msnm\" value=\"$chng_user_msnm\" size=\"20\" maxlength=\"20\"></td></tr>"
."<tr><td>"._LOCATION."</td>"
."<td><input type=\"text\" name=\"chng_user_from\" value=\"$chng_user_from\" size=\"25\" maxlength=\"60\"></td></tr>"
."<tr><td>"._OCCUPATION."</td>"
."<td><input type=\"text\" name=\"chng_user_occ\" value=\"$chng_user_occ\" size=\"25\" maxlength=\"60\"></td></tr>"
."<tr><td>"._INTERESTS."</td>"
."<td><input type=\"text\" name=\"chng_user_intrest\" value=\"$chng_user_intrest\" size=\"25\" maxlength=\"255\"></td></tr>"
."<tr><td>"._OPTION."</td>";
if ($chng_user_viewemail ==1) {
echo "<td><input type=\"checkbox\" name=\"chng_user_viewemail\" value=\"1\" checked> "._ALLOWUSERS."</td></tr>";
} else {
echo "<td><input type=\"checkbox\" name=\"chng_user_viewemail\" value=\"1\"> "._ALLOWUSERS."</td></tr>";
}
echo "<tr><td>"._SIGNATURE."</td>"
."<td><textarea name=\"chng_user_sig\" rows=\"6\" cols=\"45\">$chng_user_sig</textarea></td></tr>"
."<tr><td>"._PASSWORD."</td>"
."<td><input type=\"password\" name=\"chng_pass\" size=\"12\" maxlength=\"12\"></td></tr>"
."<tr><td>"._RETYPEPASSWD."</td>"
."<td><input type=\"password\" name=\"chng_pass2\" size=\"12\" maxlength=\"12\"> <font class=\"pn-sub\">"._FORCHANGES."</font></td></tr>"
."<input type=\"hidden\" name=\"chng_avatar\" value=\"$chng_avatar\">"
."<input type=\"hidden\" name=\"chng_uid\" value=\"$chng_uid\">"
."<input type=\"hidden\" name=\"op\" value=\"updateUser\">"
."<tr><td><input type=\"submit\" value=\""._SAVECHANGES."\"></form></td></tr>"
."</table>";
CloseTable();
} else {
OpenTable();
echo "<center><b>"._USERNOEXIST."</b><br><br>"
.""._GOBACK."</center>";
CloseTable();
}
include("footer.php");
}
function updateUser($chng_uid, $chng_uname, $chng_name, $chng_url,$chng_email, $chng_femail, $chng_user_icq, $chng_user_aim, $chng_user_yim, $chng_user_msnm, $chng_user_from, $chng_user_occ, $chng_user_intrest, $chng_user_viewemail, $chng_avatar, $chng_user_sig, $chng_pass, $chng_pass2)
{
global $pntable, $system, $result, $dbconn;
//FTO remove warning
global $hlpfile;
csrfcheck();
$column = &$pntable['users_column'];
$result = $dbconn->Execute("SELECT $column[uname]
FROM $pntable[users]
WHERE $column[uid] = '$chng_uid'");
//FTO Replace record count
// if($result->PO_Record Count() == 1)
// FTO Check EOF and databse error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($old_uname) = $result->fields;
$result->MoveNext();
if (!$result->EOF) {
include 'header.php';
echo _USERNOEXIST;
include 'footer.php';
return;
}
if (!authorised(0, 'Users::', "$old_uname::$chng_uid", ACCESS_EDIT)) {
include 'header.php';
echo _MODIFYUSERSEDITNOAUTH;
include 'footer.php';
return;
}
if ($chng_url != "")
{
$url_array = explode(":", $chng_url);
if ($url_array[0] != "http")
{
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._USERADMIN."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
echo "<center>"._ERRORINVURL."<br><br>"
.""._GOBACK."</center>";
CloseTable();
include("footer.php");
exit;
}
}
$tmp = 0;
if ($chng_pass2 != "") {
if($chng_pass != $chng_pass2) {
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._USERADMIN."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
echo "<center>"._PASSWDNOMATCH."<br><br>"
.""._GOBACK."</center>";
CloseTable();
include("footer.php");
exit;
}
$tmp = 1;
}
if ($tmp == 0) {
$column = &$pntable['users_column'];
$result = $dbconn->Execute("UPDATE $pntable[users]
SET $column[uname]='$chng_uname',
$column[name]='$chng_name',
$column[email]='$chng_email',
$column[femail]='$chng_femail',
$column[url]='$chng_url',
$column[user_icq]='$chng_user_icq',
$column[user_aim]='$chng_user_aim',
$column[user_yim]='$chng_user_yim',
$column[user_msnm]='$chng_user_msnm',
$column[user_from]='$chng_user_from',
$column[user_occ]='$chng_user_occ',
$column[user_intrest]='$chng_user_intrest',
$column[user_viewemail]='$chng_user_viewemail',
$column[user_avatar]='$chng_avatar',
$column[user_sig]='$chng_user_sig'
WHERE $column[uid]='$chng_uid'");
if($dbconn->ErrorNo()<>0) {
error_log("DB Error: " . $dbconn->ErrorMsg());
}
}
if ($tmp == 1) {
$cpass = md5($chng_pass);
$column = &$pntable['users_column'];
$result = $dbconn->Execute("UPDATE $pntable[users]
SET $column[uname]='$chng_uname',
$column[name]='$chng_name',
$column[email]='$chng_email',
$column[femail]='$chng_femail',
$column[url]='$chng_url',
$column[user_icq]='$chng_user_icq',
$column[user_aim]='$chng_user_aim',
$column[user_yim]='$chng_user_yim',
$column[user_msnm]='$chng_user_msnm',
$column[user_from]='$chng_user_from',
$column[user_occ]='$chng_user_occ',
$column[user_intrest]='$chng_user_intrest',
$column[user_viewemail]='$chng_user_viewemail',
$column[user_avatar]='$chng_avatar',
$column[user_sig]='$chng_sig',
$column[pass]='$cpass'
WHERE $column[uid]='$chng_uid'");
if($dbconn->ErrorNo()<>0) {
error_log("DB Error: " . $dbconn->ErrorMsg());
}
}
pnRedirect("admin.php?op=adminMain");
}
if (!authorised(0, 'Users::', '::', ACCESS_ADMIN)) {
include 'header.php';
echo _MODIFYUSERSNOAUTH;
include 'footer.php';
} else {
switch($op) {
case "mod_users":
displayUsers();
break;
case "modifyUser":
modifyUser($chng_uid);
break;
case "updateUser":
updateUser($chng_uid, $chng_uname, $chng_name, $chng_url, $chng_email, $chng_femail, $chng_user_icq, $chng_user_aim, $chng_user_yim, $chng_user_msnm, $chng_user_from, $chng_user_occ, $chng_user_intrest, $chng_user_viewemail, $chng_avatar, $chng_user_sig, $chng_pass, $chng_pass2);
break;
case "delUser":
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._USERADMIN."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._DELETEUSER."</b></font><br><br>";
$column = &$pntable['users_column'];
// Someone got uname and uid the wrong way around in the form.
// This needs to be sorted one day to avoid further confusion
// FTO : use single quotes for values
$result = $dbconn->Execute("SELECT $column[uid]
FROM $pntable[users]
WHERE $column[uid] = '$chng_uid'");
// FTO Check EOF and databse error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
//FTO Replace record count
// if($result->PO_RecordCount() == 1) {
list($uname) = $result->fields;
$result->MoveNext();
if ( !$result->EOF) {
echo _USERNOEXIST;
CloseTable();
include 'footer.php';
exit;
}
if (!authorised(0, 'Users::', "$uname::$chng_uid", ACCESS_DELETE)) {
echo _MODIFYUSERSDELNOAUTH;
CloseTable();
include 'footer.php';
exit;
}
echo ""._SURE2DELETE." $chng_uid?<br><br>"
."[ <a href=\"admin.php?op=delUserConf&del_uname=$chng_uid\">"._YES."</a> | <a href=\"admin.php?op=mod_users\">"._NO."</a> ]</center>";
CloseTable();
include("footer.php");
break;
case "delUserConf":
csrfcheck();
$column = &$pntable['users_column'];
$result = $dbconn->Execute("SELECT $column[uid]
FROM $pntable[users]
WHERE $column[uid] = '$del_uname'");
//FTO Replace record count
// if($result->PO_RecordCount() == 1) {
// FTO Check database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
list($uid) = $result->fields;
$result->MoveNext();
if ( !$result->EOF) {
include 'header.php';
echo _USERNOEXIST;
include 'footer.php';
exit;
}
if (!authorised(0, 'Users::', "$uname::$uid", ACCESS_DELETE)) {
include 'header.php';
echo _MODIFYUSERSDELNOAUTH;
include 'footer.php';
exit;
}
$column = &$pntable['user_perms_column'];
$dbconn->Execute("DELETE FROM $pntable[user_perms]
WHERE $column[uid]='$uid'");
if($dbconn->ErrorNo()<>0) {
echo $dbconn->ErrorMsg();
error_log("DB Error: " . $dbconn->ErrorMsg());
}
$column = &$pntable['group_membership_column'];
$dbconn->Execute("DELETE FROM $pntable[group_membership]
WHERE $column[uid]='$uid'");
if($dbconn->ErrorNo()<>0) {
echo $dbconn->ErrorMsg();
error_log("DB Error: " . $dbconn->ErrorMsg());
}
$column = &$pntable['users_column'];
$dbconn->Execute("DELETE FROM $pntable[users]
WHERE $column[uid]='$uid'");
if($dbconn->ErrorNo()<>0) {
echo $dbconn->ErrorMsg();
error_log("DB Error: " . $dbconn->ErrorMsg());
}
pnRedirect("admin.php?op=adminMain");
break;
case "addUser":
csrfcheck();
if (!authorised(0, 'Users::', "$add_uname::", ACCESS_ADD)) {
include 'header.php';
echo _MODIFYUSERSADDNOAUTH;
include 'footer.php';
exit;
}
$add_pass = md5($add_pass);
if (!($add_uname && $add_email && $add_pass)) {
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._USERADMIN."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
echo "<center><b>"._NEEDTOCOMPLETE."</b><br><br>"
.""._GOBACK."";
CloseTable();
include("footer.php");
return;
}
if (empty($add_user_viewemail)) {
$add_user_viewemail = 0;
}
$user_regdate = date("M d, Y");
$column = &$pntable['users_column'];
// FTO : Add SEQ suffix to avoid conflict name with ORACLE
$uid = $dbconn->GenId("{$pntable['users']}_SEQ");
$sql = "INSERT INTO $pntable[users] ($column[uid], $column[name],
$column[uname], $column[email], $column[femail], $column[url],
$column[user_regdate], $column[user_icq], $column[user_aim],
$column[user_yim], $column[user_msnm], $column[user_from],
$column[user_occ], $column[user_intrest], $column[user_viewemail],
$column[user_avatar], $column[user_sig], $column[pass])
values ($uid,'$add_name','$add_uname','$add_email','$add_femail',
'$add_url','$user_regdate','$add_user_icq','$add_user_aim',
'$add_user_yim','$add_user_msnm','$add_user_from','$add_user_occ',
'$add_user_intrest','$add_user_viewemail','$add_avatar',
'$add_user_sig','$add_pass')";
$result = $dbconn->Execute($sql);
if($dbconn->ErrorNo()<>0) {
echo $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg() . "<br>";
error_log("DB Error: " . $dbconn->ErrorMsg());
return;
}
// Add user to group
// get the generated id
$uid = $dbconn->PO_Insert_ID($pntable[users],$column[uid]);
$column = &$pntable['groups_column'];
$result = $dbconn->Execute("SELECT $column[gid]
FROM $pntable[groups]
WHERE $column[name]='$pnconfig[defaultgroup]'");
if($dbconn->ErrorNo()<>0) {
echo $dbconn->ErrorNo(). "Get default group: ".$dbconn->ErrorMsg(). "<br>";
error_log ($dbconn->ErrorNo(). "Get default group: ".$dbconn->ErrorMsg(). "<br>");
return;
}
//FTO Replace record count
// if ($result->PO_RecordCount() == 1) {
list($gid) = $result->fields;
$result->MoveNext();
if ( $result->EOF) {
$result->Close();
$column = &$pntable['group_membership_column'];
$result = $dbconn->Execute("INSERT INTO $pntable[group_membership]
($column[gid], $column[uid])
VALUES ($gid, $uid)");
if($dbconn->ErrorNo()<>0) {
echo $dbconn->ErrorNo(). "Add to default group: ".$dbconn->ErrorMsg(). "<br>";
error_log ($dbconn->ErrorNo(). "Add to default group: ".$dbconn->ErrorMsg(). "<br>");
return;
}
}
pnRedirect("admin.php?op=mod_users");
break;
}
}
?>