mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-04-21 21:21:54 +02:00
Code Issues Releases Wiki Activity

EONE-62 (New Feature): Improved extended field model (fields of type db working now);

Browse Source 
structure model improvements;
extended fields administration problems solved (there are maybe more);
init_session() and login core routines modified to work with user models;
option Login As added on user administration (visible from main admins only);
minor fixes;
This commit is contained in:
secretr 2010-05-14 18:45:51 +00:00
parent 5cc153b09c
commit 7ccb925587
7 changed files with 497 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
class2.php
View File

@ -949,8 +949,9 @@ $sql->db_Mark_Time('(Start: Login/logout/ban/tz)');
if (isset($_POST['userlogin']) || isset($_POST['userlogin_x']))
{
e107_require_once(e_HANDLER.'login.php');
$usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin'], varset($_POST['hashchallenge'],''));
e107::getUser()->login($_POST['username'], $_POST['userpass'], $_POST['autologin'], varset($_POST['hashchallenge'],''), false);
// e107_require_once(e_HANDLER.'login.php');
// $usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin'], varset($_POST['hashchallenge'],''));
}
@ -1543,6 +1544,10 @@ class floodprotect
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
//------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------//
/**
* The whole could happen inside e_user class
* @return void
*/
function init_session()
{
/*
@ -1554,17 +1559,17 @@ function init_session()
*/
global $pref, $user_pref, $currentUser, $_E107;
global $user_pref, $currentUser;
$sql = e107::getDb();
$tp = e107::getParser();
$e107 = e107::getInstance();
$eArrayStorage = e107::getArrayStorage();
// New user model
$user = e107::getUser();
define('USERIP', $e107->getip());
if(varset($_E107['cli']))
if(e107::isCli())
{
define('USER', true);
define('USERID', 1);
@ -1579,7 +1584,14 @@ function init_session()
return;
}
if (!isset($_COOKIE[e_COOKIE]) && !isset($_SESSION[e_COOKIE]) && !isset($_E107['cli']))
if ($user->hasBan())
{
$msg = e107::findPref('ban_messages/6');
if($msg) echo e107::getParser()->toHTML($msg);
exit;
}
if (!$user->isUser())
{
define('USER', false);
define('USERID', 0);
@ -1588,9 +1600,101 @@ function init_session()
define('GUEST', true);
define('USERCLASS', '');
define('USEREMAIL', '');
if($user->hasSessionError())
{
define('LOGINMESSAGE', CORE_LAN10);
define('CORRUPT_COOKIE', true);
}
}
else
{
// we shouldn't use getValue() here, it's there for e.g. shortcodes, profile page render etc.
define('USERID', $user->getId());
define('USERNAME', $user->get('user_name'));
// define('USERURL', $user->get('user_homepage', false)); OLD?
define('USEREMAIL', $user->get('user_email'));
define('USER', true);
define('USERCLASS', $user->get('user_class'));
define('USERIMAGE', $user->get('user_image'));
define('USERPHOTO', $user->get('user_sess'));
define('ADMIN', $user->isAdmin());
define('ADMINID', $user->getAdminId());
define('ADMINNAME', $user->getAdminName());
define('ADMINPERMS', $user->getAdminPerms());
define('ADMINEMAIL', $user->getAdminEmail());
define('ADMINPWCHANGE', $user->getAdminPwchange());
if(ADMIN) // XXX - why for admins only?
{
e107::getRedirect()->setPreviousUrl();
}
// DB
$update_ip = ($user->get('user_ip') != USERIP ? ", user_ip = '".USERIP."'" : "");
if($user->get('user_currentvisit') + 3600 < time() || !$user->get('user_lastvisit'))
{
$user->set('user_lastvisit', (integer) $user->get('user_currentvisit'));
$user->set('user_currentvisit', time());
$sql->db_Update('user', "user_visits = user_visits + 1, user_lastvisit = ".$user->get('user_lastvisit').", user_currentvisit = ".$user->get('user_currentvisit')."{$update_ip} WHERE user_id='".USERID."' ");
}
else
{
$user->set('user_currentvisit', time());
$sql->db_Update('user', "user_currentvisit = ".$user->get('user_currentvisit')."{$update_ip} WHERE user_id='".USERID."' ");
}
define('USERLV', $user->get('user_lastvisit'));
// BC - FIXME - get rid of them!
$currentUser = $user->getData();
$currentUser['user_realname'] = $result['user_login']; // Used by force_userupdate
$e107->currentUser = &$currentUser;
if ($user->checkClass(e107::getPref('allow_theme_select', false), false))
{ // User can set own theme
if (isset($_POST['settheme']))
{
$uconfig = $user->getConfig();
if(e107::getPref('sitetheme') != $_POST['sitetheme'])
{
require_once(e_HANDLER."theme_handler.php");
$utheme = new themeHandler;
$ut = $utheme->themeArray[$_POST['sitetheme']];
$uconfig->setPosted('sitetheme', $_POST['sitetheme'])
->setPosted('sitetheme_custompages', $ut['custompages'])
->setPosted('sitetheme_deflayout', $utheme->findDefault($_POST['sitetheme']));
}
else
{
$uconfig->remove('sitetheme')
->remove('sitetheme_custompages')
->remove('sitetheme_deflayout');
}
$uconfig->save(true);
unset($ut);
}
}
elseif ($user->getPref('sitetheme'))
{
$user->getConfig()
->remove('sitetheme')
->remove('sitetheme_custompages')
->remove('sitetheme_deflayout')
->save(false);
}
define('USERTHEME', ($user->getPref('sitetheme') && file_exists(e_THEME.$user->getPref('sitetheme')."/theme.php") ? $user->getPref('sitetheme') : false));
$user_pref = $user->getPref();
}
define('USERCLASS_LIST', $user->getClassList(true));
define('e_CLASS_REGEXP', '(^|,)('.str_replace(',', '|', USERCLASS_LIST).')(,|$)');
define('e_NOBODY_REGEXP', '(^|,)'.e_UC_NOBODY.'(,|$)');
/* XXX - remove it after everything is working well!!
if(!isset($_E107['cli']))
{
list($uid, $upw)=(isset($_COOKIE[e_COOKIE]) && $_COOKIE[e_COOKIE] ? explode(".", $_COOKIE[e_COOKIE]) : explode(".", $_SESSION[e_COOKIE]));
@ -1631,7 +1735,6 @@ function init_session()
define('USERPHOTO', $result['user_sess']);
$update_ip = ($result['user_ip'] != USERIP ? ", user_ip = '".USERIP."'" : "");
if($result['user_currentvisit'] + 3600 < time() || !$result['user_lastvisit'])
{
$result['user_lastvisit'] = $result['user_currentvisit'];
@ -1715,8 +1818,8 @@ function init_session()
define('USERTHEME', (isset($user_pref['sitetheme']) && file_exists(e_THEME.$user_pref['sitetheme']."/theme.php") ? $user_pref['sitetheme'] : false));
// global $ADMIN_DIRECTORY, $PLUGINS_DIRECTORY;
}
else
}*/
/*else
{
define('USER', false);
define('USERID', 0);
@ -1725,11 +1828,11 @@ function init_session()
define('CORRUPT_COOKIE', true);
define('USERCLASS', '');
}
}
}*/
define('USERCLASS_LIST', class_list());
/*define('USERCLASS_LIST', class_list());
define('e_CLASS_REGEXP', '(^|,)('.str_replace(',', '|', USERCLASS_LIST).')(,|$)');
define('e_NOBODY_REGEXP', '(^|,)'.e_UC_NOBODY.'(,|$)');
define('e_NOBODY_REGEXP', '(^|,)'.e_UC_NOBODY.'(,|$)');*/
}

67
e107_admin/auth.php
View File

@ -29,9 +29,16 @@ if (ADMIN)
//don't include it if it'a an AJAX call or not wanted
if (!e_AJAX_REQUEST && !defset('e_NOHEADER'))
{
// XXX LOGIN AS Temporary solution, we need something smarter, e.g. reserved message stack 'admin' which will be always printed
// inside admin area
if(e107::getUser()->getSessionDataAs())
{ // TODO - lan
$asuser = e107::getSystemUser(e107::getUser()->getSessionDataAs(), false);
e107::getMessage()->addInfo('Successfully logged in as '.($asuser && $asuser->getValue('name') ? $asuser->getValue('name') : 'unknown'). ' <a href="'.e_ADMIN_ABS.'users.php?logoutas">[logout]</a>');
}
require_once (e_ADMIN."header.php");
}
/*
* FIXME - missing $style for tablerender
* The Solution: parse_admin() without sending it to the browser if it's an ajax call
@ -46,19 +53,19 @@ else
require_once (e_HANDLER.'js_helper.php');
e_jshelper::sendAjaxError(403, ADLAN_86, ADLAN_87, true);
}
$use_imagecode = ($pref['logcode'] && extension_loaded("gd"));
if ($use_imagecode)
{
require_once (e_HANDLER."secure_img_handler.php");
$sec_img = new secure_image;
}
if ($_POST['authsubmit'])
{
$obj = new auth;
if ($use_imagecode)
{
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify']))
@ -68,10 +75,10 @@ else
exit;
}
}
// require_once (e_HANDLER.'user_handler.php');
$row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'], ''));
if ($row[0] == "authfail")
{
$admin_log->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", LAN_ROLL_LOG_11, "U: ".$tp->toDB($_POST['authname']), FALSE, LOG_TO_ROLLING);
@ -83,10 +90,10 @@ else
else
{
$cookieval = $row['user_id'].".".md5($row['user_password']);
// $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'");
// list($user_id, $user_name, $userpass) = $sql->db_Fetch();
// Calculate class membership - needed for a couple of things
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
$class_list = explode(',', $row['user_class']);
@ -100,26 +107,26 @@ else
}
$class_list[] = e_UC_MEMBER;
$class_list[] = e_UC_PUBLIC;
$user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], '')));
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list))
{ // Need to note in user audit trail
e107::getAdminLog()->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name);
}
$edata_li = array("user_id"=>$row['user_id'], "user_name"=>$row['user_name'], 'class_list'=>implode(',', $class_list));
e107::getEvent()->trigger("login", $edata_li);
session_set(e_COOKIE, $cookieval, (time() + 3600 * 24 * 30));
echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
}
}
$e_sub_cat = 'logout';
if (!defset('NO_HEADER'))
require_once (e_ADMIN."header.php");
if (ADMIN == FALSE)
{
$obj = new auth;
@ -139,13 +146,13 @@ class auth
* @return null
*/
public function authform() //TODO Template
{
{
global $use_imagecode,$sec_img,$pref;
$frm = e107::getForm();
$incChap = (vartrue($pref['password_CHAP'], 0)) ? " onsubmit='hashLoginPassword(this)'" : "";
$text = "<div style='padding:20px;text-align:center'>
<form method='post' action='".e_SELF."' {$incChap} >
<table style='width:50%' class='fborder'>
@ -158,12 +165,12 @@ class auth
<tr>
<td style='width:35%' class='forumheader3'>".ADLAN_90."</td>
<td class='forumheader3' style='text-align:center'><input class='tbox' type='password' name='authpass' id='userpass' size='30' value='' maxlength='30' />\n";
if (isset($_SESSION['challenge']) && varset($pref['password_CHAP'], 0))
$text .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='{$_SESSION['challenge']}' />\n\n";
$text .= "</td></tr>\n";
if ($use_imagecode)
{
$text .= "
@ -174,7 +181,7 @@ class auth
</tr>
";
}
$text .= "
<tr>
<td colspan='2' class='forumheader center'>"
@ -184,7 +191,7 @@ class auth
</table>
</form>
</div>";
e107::getRender()->tablerender(ADLAN_92, $text);
}
@ -200,20 +207,20 @@ class auth
{
global $pref;
$tp = e107::getParser();
$sql_auth = e107::getDb('sql_auth');
$user_info = e107::getSession();
$reason = '';
$reason = '';
$authname = $tp->toDB(preg_replace("/\sOR\s|\=|\#/", "", trim($authname)));
$authpass = trim($authpass);
if (($authpass == '') || ($authname == ''))
$reason = 'np';
if (strlen($authname) > varset($pref['loginname_maxlength'], 30))
$reason = 'lu';
if (!$reason)
{
if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' "))
@ -231,7 +238,7 @@ class auth
}
}
if (!$reason && ($row['user_id'])) // Can validate password
{
{
if (($authresponse && isset($_SESSION['challenge'])) && ($authresponse != $_SESSION['challenge']))
{ // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted)
if (($pass_result = $user_info->CheckCHAP($_SESSION['challenge'], $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID)

42
e107_admin/users.php
View File

@ -3,7 +3,7 @@
/*
* e107 website system
*
* Copyright (C) 2008-2009 e107 Inc (e107.org)
* Copyright (C) 2008-2010 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
@ -23,6 +23,7 @@ if (!getperms('4'))
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_'.e_PAGE);
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user.php');
if (varset($_POST['useraction']))
{
foreach ($_POST['useraction'] as $key => $val)
@ -36,11 +37,18 @@ if (varset($_POST['useraction']))
}
}
}
/*if (isset ($_POST['useraction']) && $_POST['useraction'] == 'userinfo')
if (e_QUERY == 'logoutas' || varset($_POST['useraction']) == 'logoutas')
{
header('location:'.e_ADMIN."userinfo.php?".$e107->tp->toDB($_POST['userip']));
$asuser = e107::getSystemUser(e107::getUser()->getSessionDataAs(), false);
if(e107::getUser()->logoutAs())
{ // TODO - lan
e107::getMessage()->addSuccess('Successfully logged out from '.($asuser && $asuser->getValue('name') ? $asuser->getValue('name') : 'unknown').' account', 'default', true);
}
header('location:'.e_ADMIN_ABS.'users.php');
exit;
}*/
}
if (isset ($_POST['useraction']) && $_POST['useraction'] == 'usersettings')
{
header('location:'.$e107->url->getUrl('core:user','main','func=settings&id='.(int) $_POST['userid']));
@ -389,6 +397,21 @@ if (isset ($_POST['useraction']) && $_POST['useraction'] == 'userclass')
$user->show_userclass($_POST['userid']);
}
// ---- Login as another user --------------------
if (isset ($_POST['useraction']) && $_POST['useraction'] == 'loginas')
{
if(e107::getUser()->getSessionDataAs())
{
e107::getMessage()->addWarning(USRLAN_AS_3);
}
elseif(e107::getUser()->loginAs($_POST['userid']))
{ // TODO - lan
e107::getMessage()->addSuccess('Successfully logged in as '.e107::getSystemUser($_POST['userid'])->getValue('name').' <a href="'.e_ADMIN_ABS.'users.php?logoutas">[logout]</a>')
->addSuccess('Please, <a href="'.SITEURL.'" rel="external">Leave Admin</a> to browse the system as this user. Use &quot;Logout&quot; option in Administration to end front-end session');
}
}
// ------- Resend Email Confirmation. --------------
if (isset ($_POST['useraction']) && $_POST['useraction'] == 'resend')
{
@ -910,7 +933,14 @@ class users
if ($user_perms != "0")
{
$text .= "<option value='userinfo'>".USRLAN_80."</option>
<option value='usersettings'>".LAN_EDIT."</option>";
<option value='usersettings'>".LAN_EDIT."</option>
";
// login/logout As
if(getperms('0') && !($row['user_admin'] && getperms('0', $row['user_perms'])))
{
if(e107::getUser()->getSessionDataAs() == $row['user_id']) $text .= "<option value='logoutas'>".sprintf(USRLAN_AS_2, $row['user_name'])."</option>";
else $text .= "<option value='loginas'>".sprintf(USRLAN_AS_1, $row['user_name'])."</option>";
}
switch ($user_ban)
{
case 0 :
@ -1149,7 +1179,7 @@ class users
</div>";
$emessage = & eMessage :: getInstance();
$emessage = eMessage :: getInstance();
$total_cap = (isset ($_GET['srch'])) ? $user_total : $users;
$caption = USRLAN_77."&nbsp;&nbsp; (total: $total_cap)";

130
e107_admin/users_extended.php
View File

@ -50,9 +50,6 @@ $frm = new e_form;
$ue = new e107_user_extended;
$user = new users_ext;
$message = '';
if (e_QUERY)
@ -64,38 +61,44 @@ if (e_QUERY)
unset($tmp);
}
if (isset($_POST['up_x']))
// TODO $_POST['up_x'] check for the evil IE
$tmp = isset($_POST['up']) ? $_POST['up'] : false;
if ($tmp)
{
$qs = explode(".", $_POST['id']);
$tmp = array_values($tmp);
$qs = explode(".", $tmp[0]);
$_id = intval($qs[0]);
$_order = intval($qs[1]);
$_parent = intval($qs[2]);
if (($_id > 0) && ($_order > 0) && ($_parent > 0))
$_parent = intval($qs[2]); var_dump($_id, $_order, $_parent);
if (($_id > 0) && ($_order > 0) /*&& ($_parent > 0)*/)
{
$sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order+1 WHERE user_extended_struct_type > 0 AND user_extended_struct_parent = {$_parent} AND user_extended_struct_order ='".($_order-1)."'");
$sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order-1 WHERE user_extended_struct_type > 0 AND user_extended_struct_parent = {$_parent} AND user_extended_struct_id='".$_id."'");
$admin_log->log_event('EUF_01',$_id.', '.$_order.', '.$_parent,E_LOG_INFORMATIVE,'');
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
if (isset($_POST['down_x']))
// TODO $_POST['down_x'] check for the evil IE
$tmp = isset($_POST['down']) ? $_POST['down'] : false;
if ($tmp)
{
$qs = explode(".", $_POST['id']);
$tmp = array_values($tmp);
$qs = explode(".", $tmp[0]);
$_id = intval($qs[0]);
$_order = intval($qs[1]);
$_parent = intval($qs[2]);
if (($_id > 0) && ($_order > 0) && ($_parent > 0))
if (($_id > 0) && ($_order > 0)/* && ($_parent > 0)*/)
{
$sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order-1 WHERE user_extended_struct_type > 0 AND user_extended_struct_parent = {$_parent} AND user_extended_struct_order='".($_order+1)."'");
$sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order+1 WHERE user_extended_struct_type > 0 AND user_extended_struct_parent = {$_parent} AND user_extended_struct_id='".$_id."'");
$admin_log->log_event('EUF_02',$_id.', '.$_order.', '.$_parent,E_LOG_INFORMATIVE,'');
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
if (isset($_POST['catup_x']))
if (isset($_POST['catup_x']) || isset($_POST['catup']))
{
$qs = explode(".", $_POST['id']);
$_id = intval($qs[0]);
@ -105,11 +108,12 @@ if (isset($_POST['catup_x']))
$sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order+1 WHERE user_extended_struct_type = 0 AND user_extended_struct_order='".($_order-1)."'");
$sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order-1 WHERE user_extended_struct_type = 0 AND user_extended_struct_id='".$_id."'");
$admin_log->log_event('EUF_03',$_id.', '.$_order,E_LOG_INFORMATIVE,'');
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
if (isset($_POST['catdown_x']))
if (isset($_POST['catdown_x']) || isset($_POST['catdown']))
{
$qs = explode(".", $_POST['id']);
$_id = intval($qs[0]);
@ -119,9 +123,11 @@ if (isset($_POST['catdown_x']))
$sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order-1 WHERE user_extended_struct_type = 0 AND user_extended_struct_order='".($_order+1)."'");
$sql->db_Update("user_extended_struct", "user_extended_struct_order=user_extended_struct_order+1 WHERE user_extended_struct_type = 0 AND user_extended_struct_id='".$_id."'");
$admin_log->log_event('EUF_04',$_id.', '.$_order,E_LOG_INFORMATIVE,'');
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
$user = new users_ext;
if (isset($_POST['add_field']))
{
@ -134,7 +140,7 @@ if (isset($_POST['add_field']))
}
$new_values = $user->make_delimited($_POST['user_values']);
$new_parms = $tp->toDB($_POST['user_include']."^,^".$_POST['user_regex']."^,^".$_POST['user_regexfail']."^,^".$_POST['user_hide']);
// Check to see if its a reserved field name before adding to database
if ($ue->user_extended_reserved($ue_field_name))
{ // Reserved field name
@ -150,6 +156,7 @@ if (isset($_POST['add_field']))
else
{
$admin_log->log_event('EUF_05',$ue_field_name.'[!br!]'.$tp->toDB($_POST['user_text']).'[!br!]'.intval($_POST['user_type']),E_LOG_INFORMATIVE,'');
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
}
@ -160,7 +167,7 @@ if (isset($_POST['add_field']))
}
if (isset($_POST['update_field']))
if (isset($_POST['update_field']))
{
if($_POST['user_type']==EUF_DB_FIELD)
{
@ -168,24 +175,36 @@ if (isset($_POST['update_field']))
}
$upd_values = $user->make_delimited($_POST['user_values']);
$upd_parms = $tp->toDB($_POST['user_include']."^,^".$_POST['user_regex']."^,^".$_POST['user_regexfail']."^,^".$_POST['user_hide']);
admin_update($ue->user_extended_modify($sub_action, $tp->toDB($_POST['user_field']), $tp->toDB($_POST['user_text']), intval($_POST['user_type']), $upd_parms, $upd_values, $tp->toDB($_POST['user_default']), intval($_POST['user_required']), intval($_POST['user_read']), intval($_POST['user_write']), intval($_POST['user_applicable']), intval($_POST['user_parent'])), 'update', EXTLAN_29);
$admin_log->log_event('EUF_06',$tp->toDB($_POST['user_field']).'[!br!]'.$tp->toDB($_POST['user_text']).'[!br!]'.intval($_POST['user_type']),E_LOG_INFORMATIVE,'');
$result = admin_update($ue->user_extended_modify($sub_action, $tp->toDB($_POST['user_field']), $tp->toDB($_POST['user_text']), intval($_POST['user_type']), $upd_parms, $upd_values, $tp->toDB($_POST['user_default']), intval($_POST['user_required']), intval($_POST['user_read']), intval($_POST['user_write']), intval($_POST['user_applicable']), intval($_POST['user_parent'])), 'update', EXTLAN_29);
if($result)
{
$admin_log->log_event('EUF_06',$tp->toDB($_POST['user_field']).'[!br!]'.$tp->toDB($_POST['user_text']).'[!br!]'.intval($_POST['user_type']),E_LOG_INFORMATIVE,'');
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
if (isset($_POST['update_category']))
{
$name = trim($tp->toHTML($_POST['user_field']));
admin_update($sql->db_Update("user_extended_struct","user_extended_struct_name = '{$name}', user_extended_struct_read = '{$_POST['user_read']}', user_extended_struct_write = '{$_POST['user_write']}', user_extended_struct_applicable = '{$_POST['user_applicable']}' WHERE user_extended_struct_id = '{$sub_action}'"), 'update', EXTLAN_43);
$admin_log->log_event('EUF_09',$name,E_LOG_INFORMATIVE,'');
$result = admin_update($sql->db_Update("user_extended_struct","user_extended_struct_name = '{$name}', user_extended_struct_read = '{$_POST['user_read']}', user_extended_struct_write = '{$_POST['user_write']}', user_extended_struct_applicable = '{$_POST['user_applicable']}' WHERE user_extended_struct_id = '{$sub_action}'"), 'update', EXTLAN_43);
if($result)
{
$admin_log->log_event('EUF_09',$name,E_LOG_INFORMATIVE,'');
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
if (isset($_POST['add_category']))
{
$name = $tp->toHTML($_POST['user_field']);
admin_update($sql->db_Insert("user_extended_struct","'0', '{$name}', '', 0, '', '', '', '{$_POST['user_read']}', '{$_POST['user_write']}', '0', '0', '{$_POST['user_applicable']}', '0', '0'"), 'insert', EXTLAN_40);
$admin_log->log_event('EUF_08',$name,E_LOG_INFORMATIVE,'');
$result = admin_update($sql->db_Insert("user_extended_struct","'0', '{$name}', '', 0, '', '', '', '{$_POST['user_read']}', '{$_POST['user_write']}', '0', '0', '{$_POST['user_applicable']}', '0', '0'"), 'insert', EXTLAN_40);
if($result)
{
$admin_log->log_event('EUF_08',$name,E_LOG_INFORMATIVE,'');
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
@ -201,6 +220,7 @@ if (varset($_POST['eu_action'],'') == "delcat")
{
$admin_log->log_event('EUF_10',$_id.', '.$_name,E_LOG_INFORMATIVE,'');
$message = EXTLAN_41;
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
@ -216,7 +236,7 @@ if(isset($_POST['deactivate']))
if($sql->db_Select("user_extended_struct","DISTINCT(user_extended_struct_parent)"))
/*if($sql->db_Select("user_extended_struct","DISTINCT(user_extended_struct_parent)"))
{
$plist = $sql->db_getList();
foreach($plist as $_p)
@ -232,7 +252,7 @@ if($sql->db_Select("user_extended_struct","DISTINCT(user_extended_struct_parent)
}
}
}
}
}*/
if($message)
@ -292,8 +312,8 @@ require_once("footer.php");
class users_ext
{
var $catList;
var $catNums;
protected $catList;
protected $catNums;
function users_ext()
{
@ -311,14 +331,45 @@ class users_ext
$this->catList[0][0] = array('user_extended_struct_name' => EXTLAN_36);
$this->catNums = array_keys($this->catList);
if($action == 'cat' && !empty($_POST))
{
$this->reorderItems();
}
if (!e_QUERY || $action == 'main')
{
$this->showExtendedList();
// moved here for better performance
if(!empty($_POST))
{
$this->reorderItems();
}
$this->showExtendedList();
}
}
function reorderItems()
{
$sql = e107::getDb();
if($sql->db_Select("user_extended_struct","DISTINCT(user_extended_struct_parent)"))
{
$plist = $sql->db_getList();
foreach($plist as $_p)
{
$o = 0;
if($sql->db_Select("user_extended_struct", "user_extended_struct_id", "user_extended_struct_parent = {$_p['user_extended_struct_parent']} && user_extended_struct_type != 0 ORDER BY user_extended_struct_order ASC"))
{
$_list = $sql->db_getList();
foreach($_list as $r)
{
$sql->db_Update("user_extended_struct", "user_extended_struct_order = '{$o}' WHERE user_extended_struct_id = {$r['user_extended_struct_id']}");
$o++;
}
}
}
e107::getCache()->clear_sys('user_extended_struct', true);
}
}
@ -331,6 +382,7 @@ class users_ext
{
$admin_log->log_event('EUF_07',$_id.', '.$_name, E_LOG_INFORMATIVE,'');
$emessage->add(EXTLAN_30." [".$_name."]", E_MESSAGE_SUCCESS);
e107::getCache()->clear_sys('user_extended_struct', true);
}
else
{
@ -422,11 +474,11 @@ class users_ext
$i++;
}
}
else
elseif($cn == 0)
{
$text .= "
<tr>
<td colspan='8' class='center'>".EXTLAN_28."</td>
<td colspan='10' class='center'>".EXTLAN_28."</td>
</tr>
";
}
@ -573,7 +625,7 @@ class users_ext
$table_list = ($_POST['table_db']) ? $_POST['table_db'] : $curVals[0] ;
if($sql -> db_Select_gen("DESCRIBE ".MPREFIX."{$table_list}")){
while($row3 = $sql -> db_Fetch()){
$field_name=$row3[0];
$field_name=$row3['Field'];
$selected = ($curVals[1] == $field_name) ? " selected='selected' " : "";
$text .="<option value=\"$field_name\" $selected>".$field_name."</option>\n";
}
@ -585,7 +637,7 @@ class users_ext
$table_list = ($_POST['table_db']) ? $_POST['table_db'] : $curVals[0] ;
if($sql -> db_Select_gen("DESCRIBE ".MPREFIX."{$table_list}")){
while($row3 = $sql -> db_Fetch()){
$field_name=$row3[0];
$field_name=$row3['Field'];
$selected = ($curVals[2] == $field_name) ? " selected='selected' " : "";
$text .="<option value=\"$field_name\" $selected>".$field_name."</option>\n";
}
@ -597,7 +649,7 @@ class users_ext
$table_list = ($_POST['table_db']) ? $_POST['table_db'] : $curVals[0] ;
if($sql -> db_Select_gen("DESCRIBE ".MPREFIX."{$table_list}")){
while($row3 = $sql -> db_Fetch()){
$field_name=$row3[0];
$field_name=$row3['Field'];
$selected = ($curVals[3] == $field_name) ? " selected='selected' " : "";
$text .="<option value=\"$field_name\" $selected>".$field_name."</option>\n";
}
@ -679,21 +731,21 @@ class users_ext
<tr>
<td >".EXTLAN_5."</td>
<td colspan='3'>
".r_userclass("user_applicable", $current['user_extended_struct_applicable'], 'off', 'member, admin, classes, nobody')."<br /><span class='field-help'>".EXTLAN_20."</span>
".r_userclass("user_applicable", $current['user_extended_struct_applicable'], 'off', 'member, admin, main, classes, nobody')."<br /><span class='field-help'>".EXTLAN_20."</span>
</td>
</tr>
<tr>
<td>".EXTLAN_6."</td>
<td colspan='3'>
".r_userclass("user_read", $current['user_extended_struct_read'], 'off', 'public, member, admin, readonly, classes')."<br /><span class='field-help'>".EXTLAN_22."</span>
".r_userclass("user_read", $current['user_extended_struct_read'], 'off', 'public, member, admin, main, readonly, classes')."<br /><span class='field-help'>".EXTLAN_22."</span>
</td>
</tr>
<tr>
<td>".EXTLAN_7."</td>
<td colspan='3'>
".r_userclass("user_write", $current['user_extended_struct_write'], 'off', 'member, admin, classes')."<br /><span class='field-help'>".EXTLAN_21."</span>
".r_userclass("user_write", $current['user_extended_struct_write'], 'off', 'member, admin, main, classes')."<br /><span class='field-help'>".EXTLAN_21."</span>
</td>
</tr>
@ -796,12 +848,12 @@ class users_ext
if($i > 0)
{
$text .= "
<input type='image' alt='' title='".EXTLAN_26."' src='".e_IMAGE."/admin_images/up.png' name='catup' value='{$ext['user_extended_struct_id']}.{$i}' />
<input type='image' alt='' title='".EXTLAN_26."' src='".ADMIN_UP_ICON_PATH."' name='catup' value='{$ext['user_extended_struct_id']}.{$i}' />
";
}
if($i <= count($catList)-2)
{
$text .= "<input type='image' alt='' title='".EXTLAN_25."' src='".e_IMAGE."/admin_images/down.png' name='catdown' value='{$ext['user_extended_struct_id']}.{$i}' />";
$text .= "<input type='image' alt='' title='".EXTLAN_25."' src='".ADMIN_DOWN_ICON_PATH."' name='catdown' value='{$ext['user_extended_struct_id']}.{$i}' />";
}
$text .= "
</form>
@ -1138,7 +1190,7 @@ class users_ext
function headerjs()
{
//FIXME
include_once(e_LANGUAGEDIR.e_LANGUAGE."/lan_user_extended.php");
$text = "

7
e107_handlers/model_class.php
View File

@ -1642,7 +1642,7 @@ class e_front_model extends e_model
}*/
$data = $this->getPostedData();
$valid_data = $this->getValidator()->getValidData();
$valid_data = $validate ? $this->getValidator()->getValidData() : array();
if($sanitize)
{
@ -2478,7 +2478,10 @@ class e_tree_model extends e_front_model
// auto-load all
if(!$this->getParam('db_query') && $this->getModelTable())
{
$this->setParam('db_query', 'SELECT'.(!$this->getParam('nocount') ? ' SQL_CALC_FOUND_ROWS' : '').' * FROM #'.$this->getModelTable());
$this->setParam('db_query', 'SELECT'.(!$this->getParam('nocount') ? ' SQL_CALC_FOUND_ROWS' : '').' * FROM #'.$this->getModelTable()
.($this->getParam('db_order') ? ' ORDER BY '.$this->getParam('db_order') : '')
.($this->getParam('db_limit') ? ' LIMIT '.$this->getParam('db_limit') : '')
);
}
if($this->getParam('db_query') && $class_name && class_exists($class_name))

238
e107_handlers/user_model.php
View File

@ -142,22 +142,22 @@ class e_user_model extends e_front_model
final public function getAdminName()
{
return ($this->isAdmin() ? $this->getValue('name') : '');
return ($this->isAdmin() ? $this->get('user_name') : false);
}
final public function getAdminEmail()
{
return ($this->isAdmin() ? $this->getValue('email') : '');
return ($this->isAdmin() ? $this->get('user_email') : false);
}
final public function getAdminPwchange()
{
return ($this->isAdmin() ? $this->getValue('pwchange') : '');
return ($this->isAdmin() ? $this->get('user_pwchange') : false);
}
final public function getAdminPerms()
{
return $this->getValue('perms');
return ($this->isAdmin() ? $this->get('user_perms') : false);
}
public function isCurrent()
@ -167,7 +167,7 @@ class e_user_model extends e_front_model
final public function isAdmin()
{
return ($this->getValue('admin') ? true : false);
return ($this->get('user_admin') ? true : false);
}
final public function isMainAdmin()
@ -180,6 +180,21 @@ class e_user_model extends e_front_model
return ($this->getId() ? true : false);
}
final public function isGuest()
{
return ($this->getId() ? false : true);
}
final public function hasBan()
{
return ((integer)$this->get('user_ban') === 1 ? true : false);
}
final public function hasRestriction()
{
return ((integer)$this->get('user_ban') === 0 ? false : true);
}
public function hasEditor()
{
return (null !== $this->_editor);
@ -328,12 +343,12 @@ class e_user_model extends e_front_model
* Get User extended value
*
* @param string$field
* @param string $default
* @param boolean $short if true, 'user_' prefix will be added to field name
* @return mixed
*/
public function getExtended($field)
public function getExtended($field, $short = true)
{
return $this->getExtendedModel()->getValue($field);
return $this->getExtendedModel()->getValue($field, $short);
}
/**
@ -341,11 +356,12 @@ class e_user_model extends e_front_model
*
* @param string $field
* @param mixed $value
* @param boolean $short if true, 'user_' prefix will be added to field name
* @return e_user_model
*/
public function setExtended($field, $value)
public function setExtended($field, $value, $short = true)
{
$this->getExtendedModel()->setValue($field, $value);
$this->getExtendedModel()->setValue($field, $value, $short);
return $this;
}
@ -547,9 +563,16 @@ class e_user_model extends e_front_model
{
$this->clearTarget()
->removeData();
$this->_class_list = array();
$this->_editor = null;
$this->_extended_structure = null;
$this->_user_config = null;
if (null !== $this->_extended_model)
{
$this->_extended_model->destroy();
$this->_extended_model = null;
}
}
}
@ -638,22 +661,48 @@ class e_user extends e_user_model
* @param string $upass_plain
* @param boolean $uauto
* @param string $uchallange
* @param boolean $noredirect
* @return boolean success
*/
final public function login($uname, $upass_plain, $uauto = false, $uchallange = false)
final public function login($uname, $upass_plain, $uauto = false, $uchallange = false, $noredirect = true)
{
if($this->isUser()) return false;
$userlogin = new userlogin($uname, $upass_plain, $uauto, $uchallange, true);
$userlogin = new userlogin($uname, $upass_plain, $uauto, $uchallange, $noredirect);
$this->setSessionData(true)
->setData($userlogin->getUserData());
return $this->isUser();
}
/**
* Login as another user account
* @param integer $user_id
* @return boolean success
*/
final public function loginAs($user_id)
{
// TODO - set session data required for loadAs()
if($this->getParentId()
|| !$this->isMainAdmin()
|| empty($user_id)
|| $this->getSessionDataAs()
|| $user_id == $this->getId()
) return false;
$key = $this->_session_key.'_as';
if('session' == $this->_session_type)
{
$_SESSION[$key] = $user_id;
}
elseif('cookie' == $this->_session_type)
{
$_COOKIE[$key] = $user_id;
cookie($key, $user_id);
}
//$this->loadAs(); - shouldn't be called here - loginAs should be called in Admin area only, loadAs - front-end
return true;
}
/**
@ -701,10 +750,10 @@ class e_user extends e_user_model
$this->setData($this->_parent_model->getData());
// cleanup
$this->_destroyAsSession();
$this->_parent_id = false;
$this->_parent_model = $this->_parent_extstruct = $this->_parent_extmodel = $this->_parent_config = null;
}
$this->_destroyAsSession();
return $this;
}
@ -714,11 +763,10 @@ class e_user extends e_user_model
*/
final public function load($force = false, $denyAs = false)
{
// init_session() should come here
// $this->initConstants(); - called after data is loaded
if(!$force && $this->getId()) return $this;
if(deftrue('e_ADMIN_AREA')) $denyAs = true;
// always run cli as main admin
if(e107::isCli())
{
@ -772,7 +820,7 @@ class e_user extends e_user_model
final public function loadAs()
{
// FIXME - option to avoid it when browsing Admin area
$loginAs = $this->_getSessionDataAs();
$loginAs = $this->getSessionDataAs();
if(!$this->getParentId() && false !== $loginAs && $loginAs !== $this->getId() && $loginAs !== 1 && $this->isMainAdmin())
{
$uasdata = $this->_load($loginAs);
@ -780,7 +828,7 @@ class e_user extends e_user_model
{
// backup parent user data to prevent further db queries
$this->_parent_id = $this->getId();
$this->_parent_model = new e_system_user($this->getData());
$this->_parent_model = new e_user_model($this->getData());
$this->setData($uasdata);
// not allowed - revert back
@ -806,6 +854,7 @@ class e_user extends e_user_model
$this->_parent_model = null;
$this->_parent_extstruct = $this->_parent_extmodel = null;
}
return $this;
}
final protected function _destroySession()
@ -832,7 +881,7 @@ class e_user extends e_user_model
return $this->_destroySession();
}
final protected function _getSessionDataAs()
final public function getSessionDataAs()
{
$id = false;
$key = $this->_session_key.'_as';
@ -1027,13 +1076,18 @@ class e_user_extended_model extends e_front_model
* Returns NULL when field/default value not found or not enough permissions
* @param string $field
* @param boolean $short if true, 'user_' prefix will be added to field name
* @param boolean $raw don't retrieve db value
* @return mixed
*/
public function getValue($field, $short = true)
public function getValue($field, $short = true, $raw = false)
{
if($short) $field = 'user_'.$field;
if (!$this->checkRead($field))
return null;
if(!$raw && vartrue($this->_struct_index[$field]['db']))
{
return $this->getDbValue($field);
}
return $this->get($field, $this->getDefault($field));
}
@ -1054,6 +1108,26 @@ class e_user_extended_model extends e_front_model
return $this;
}
protected function getDbValue($field)
{
if(null !== $this->_struct_index[$field]['db_value'])
{
return $this->_struct_index[$field]['db_value'];
}
// retrieve db data
$value = $this->get($field);
list($table, $field_id, $field_name, $field_order) = explode(',', $this->_struct_index[$field]['db'], 4);
$this->_struct_index[$field]['db_value'] = $value;
if($value && $table && $field_id && $field_name && e107::getDb()->db_Select($table, $field_name, "{$field_id}='{$value}'"))
{
$res = e107::getDb()->db_Fetch();
$this->_struct_index[$field]['db_value'] = $res[$field_name];
}
return $this->_struct_index[$field]['db_value'];
}
public function getReadData()
{
// TODO array allowed profile page data (read mode)
@ -1157,6 +1231,8 @@ class e_user_extended_model extends e_front_model
if (!in_array($field->getValue('name'), $ignore))
{
$this->_struct_index['user_'.$field->getValue('name')] = array(
'db' => $field->getValue('type') == 4 ? $field->getValue('values') : '',
'db_value' => null, // used later for caching DB results
'read' => $field->getValue('read'),
'write' => $field->getValue('write'),
'signup' => $field->getValue('signup'),
@ -1312,6 +1388,22 @@ class e_user_extended_structure_model extends e_model
return $this;
}
public function isCategory()
{
return ($this->getValue('type') ? false : true);
}
public function getCategoryId()
{
return $this->getValue('parent');
}
public function getLabel()
{
$label = $this->isCategory() ? $this->getValue('name') : $this->getValue('text');
return defset($label, $label);
}
/**
* Loading of single structure row not allowed for front model
*/
@ -1353,10 +1445,22 @@ class e_user_extended_structure_tree extends e_tree_model
protected $_cache_force = true;
/**
* Force system cache (cache used even if disabled by site admin)
* @var boolen
* Index for speed up retrieving by name routine
* @var array
*/
protected $_name_index = true;
protected $_name_index = array();
/**
* Category Index - numerical array of id's
* @var array
*/
protected $_category_index = array();
/**
* Items by category list
* @var array
*/
protected $_parent_index = array();
/**
* Constructor - auto-load
@ -1367,6 +1471,10 @@ class e_user_extended_structure_tree extends e_tree_model
$this->load();
}
/**
* @param string $name name field value
* @return e_user_extended_structure_model
*/
public function getNodeByName($name)
{
if ($this->isNodeName($name))
@ -1376,14 +1484,44 @@ class e_user_extended_structure_tree extends e_tree_model
return null;
}
/**
* Check if node exists by its name field value
* @param string $name
* @return boolean
*/
public function isNodeName($name)
{
return (isset($this->_name_index[$name]) && $this->isNode($this->_name_index[$name]));
}
/**
* Get node ID by node name field
* @param string $name
* @return integer
*/
public function getNodeId($name)
{
return $this->_name_index[$name];
return (isset($this->_name_index[$name]) ? $this->_name_index[$name] : null);
}
/**
* Get collection of nodes of type category
* @return array
*/
public function getCategoryTree()
{
return $this->_array_intersect_key($this->getTree(), array_combine($this->_category_index, $this->_category_index));
}
/**
* Get collection of nodes assigned to a specific category
* @param integer $category_id
* @return array
*/
public function getTreeByCategory($category_id)
{
if(!isset($this->_parent_index[$category_id]) || empty($this->_parent_index[$category_id])) return array();
return $this->_array_intersect_key($this->getTree(), array_combine($this->_parent_index[$category_id], $this->_parent_index[$category_id]));
}
/**
@ -1394,24 +1532,57 @@ class e_user_extended_structure_tree extends e_tree_model
public function load($force = false)
{
$this->setParam('nocount', true)
->setParam('model_class', 'e_user_extended_structure_model');
->setParam('model_class', 'e_user_extended_structure_model')
->setParam('db_order', 'user_extended_struct_order ASC');
parent::load($force);
print_a($this->_category_index);
print_a($this->_parent_index);
print_a($this->_name_index);
print_a($this->getTreeByCategory(4));
return $this;
}
/**
* Build name index on load
* Build all indexes on load
* (New) This method is auto-triggered by core load() method
* @param e_user_extended_structure_model $model
*/
protected function _onLoad($model)
{
$this->_name_index['user_'.$model->getValue('name')] = $model->getId();
if($model->isCategory())
{
$this->_category_index[] = $model->getId();
}
else
{
$this->_name_index['user_'.$model->getValue('name')] = $model->getId();
$this->_parent_index[$model->getCategoryId()][] = $model->getId();
}
return $this;
}
/**
* Compatibility - array_intersect_key() available since PHP 5.1
*
* @see http://php.net/manual/en/function.array-intersect-key.php
* @param array $array1
* @param array $array2
* @return array
*/
protected function _array_intersect_key($array1, $array2)
{
if(function_exists('array_intersect_key')) return array_intersect_key($array1, $array2);
$ret = array();
foreach ($array1 as $k => $v)
{
if(isset($array2[$k])) $ret[$k] = $v;
}
return $ret;
}
}
class e_user_pref extends e_model
class e_user_pref extends e_front_model
{
/**
* @var e_user_model
@ -1441,7 +1612,8 @@ class e_user_pref extends e_model
$data = $this->_user->get('user_prefs', '');
if(!empty($data))
{
$data = e107::getArrayStorage()->ReadArray($data);
// BC
$data = substr($data, 0, 5) == "array" ? e107::getArrayStorage()->ReadArray($data) : unserialize($data);
if(!$data) $data = array();
}
else $data = array();
@ -1465,10 +1637,14 @@ class e_user_pref extends e_model
* Save and apply user preferences
* @return boolean success
*/
public function save()
public function save($from_post = false)
{
if($this->_user->getId())
{
if($from_post)
{
$this->mergePostedData(false, true, false);
}
$data = $this->toString(true);
$this->apply();
return (e107::getDb('user_prefs')->db_Update('user', "user_prefs='{$data}' WHERE user_id=".$this->_user->getId()) ? true : false);

6
e107_languages/English/admin/lan_users.php
View File

@ -260,4 +260,8 @@ define("USFLAN_6", "User ID");
define("USFLAN_7", "User Information");
?>
define('USRLAN_AS_1', 'Login as %s');
define('USRLAN_AS_2', 'Logout from %s account');
define('USRLAN_AS_3', 'You are already logged in as another user account. Please logout first.');