";
ob_start();
$email_status = $validator->ValidateEmailBox($_POST['test_email']);
$text .= ob_get_contents();
ob_end_clean();
$text .= "
";
$caption = $_POST['test_email']." - ";
$caption .= ($email_status == 1)? "Valid": "Invalid";
if($email_status == 1){
$text .= "";
}
$ns->tablerender($caption, $text);
unset($id, $action, $sub_cation);
}
// ------- Update Options. --------------
if (isset($_POST['update_options']))
{
$temp = array();
$temp['avatar_upload'] = (FILE_UPLOADS ? $_POST['avatar_upload'] : 0);
$temp['im_width'] = $_POST['im_width'];
$temp['im_height'] = $_POST['im_height'];
$temp['photo_upload'] = (FILE_UPLOADS ? $_POST['photo_upload'] : 0);
$temp['del_unv'] = $_POST['del_unv'];
$temp['profile_rate'] = $_POST['profile_rate'];
$temp['profile_comments'] = $_POST['profile_comments'];
$temp['track_online'] = $_POST['track_online'];
$temp['force_userupdate'] = $_POST['force_userupdate'];
$temp['memberlist_access'] = $_POST['memberlist_access'];
$temp['user_new_period'] = $_POST['user_new_period'];
if ($admin_log->logArrayDiffs($temp, $pref, 'USET_03'))
{
save_prefs(); // Only save if changes
$user->show_message(USRLAN_1);
}
else
{
$user->show_message(USRLAN_193);
}
}
// ------- Prune Users. --------------
if (isset($_POST['prune']))
{
$e107cache->clear('online_menu_member_total');
$e107cache->clear('online_menu_member_newest');
$text = USRLAN_56.' ';
$bantype = $_POST['prune_type'];
if($bantype == 30) // older than 30 days.
{
$bantype = 2;
$ins = " AND user_join < ".strtotime("-30 days");
}
if ($sql->db_Select("user", "user_id, user_name", "user_ban= {$bantype}".$ins))
{
$uList = $sql->db_getList();
foreach($uList as $u)
{
$text .= $u['user_name']." ";
$sql->db_Delete("user", "user_id='{$u['user_id']}' ");
$sql->db_Delete("user_extended", "user_extended_id='{$u['user_id']}' ");
}
$admin_log->log_event('USET_04',str_replace(array('--COUNT--','--TYPE--'),array(count($uList),$bantype),USRLAN_160),E_LOG_INFORMATIVE);
}
$ns->tablerender(USRLAN_57, "
".$text."
");
unset($text);
}
// ------- Quick Add User --------------
if (isset($_POST['adduser']))
{
if (!$_POST['ac'] == md5(ADMINPWCHANGE))
{
exit;
}
$e107cache->clear('online_menu_member_total');
$e107cache->clear('online_menu_member_newest');
$error = FALSE;
if (isset($_POST['generateloginname']))
{
$_POST['loginname'] = $userMethods->generateUserLogin($pref['predefinedLoginName']);
}
if (isset($_POST['generatepassword']))
{
$_POST['password1'] = $userMethods->generateRandomString('**********'); // 10-char password should be enough
$_POST['password2'] = $_POST['password1'];
}
// Now validate everything
$allData = validatorClass::validateFields($_POST,$userMethods->userVettingInfo, TRUE); // Do basic validation
validatorClass::checkMandatory('user_name,user_loginname', $allData); // Check for missing fields (email done in userValidation() )
validatorClass::dbValidateArray($allData, $userMethods->userVettingInfo, 'user', 0); // Do basic DB-related checks
$userMethods->userValidation($allData); // Do user-specific DB checks
if (!isset($allData['errors']['user_password']))
{ // No errors in password - keep it outside the main data array
$savePassword = $allData['data']['user_password'];
unset($allData['data']['user_password']); // Delete the password value in the output array
}
unset($_POST['password1']); // Restrict the scope of this
unset($_POST['password2']);
if (!check_class($pref['displayname_class'], $allData['data']['user_class']))
{
if ($allData['data']['user_name'] != $allData['data']['user_loginname'])
{
$allData['errors']['user_name'] = ERR_FIELDS_DIFFERENT;
}
}
if (count($allData['errors']))
{
require_once(e_HANDLER."message_handler.php");
$temp = validatorClass::makeErrorList($allData,'USER_ERR_','%n - %x - %t: %v', '
', $userMethods->userVettingInfo);
message_handler('P_ALERT', $temp);
$error = TRUE;
}
// Always save some of the entered data - then we can redisplay on error
$user_data = &$allData['data'];
if (!$error)
{
$message = '';
$user_data['user_password'] = $userMethods->HashPassword($savePassword,$loginname);
$user_data['user_join'] = time();
if ($userMethods->needEmailPassword())
{ // Save separate password encryption for use with email address
$user_data['user_prefs'] = serialize(array('email_password' => $userMethods->HashPassword($savePassword, $user_data['user_email'])));
}
$userMethods->userClassUpdate($allData['data'], 'userall'); // Set any initial classes
$userMethods->addNonDefaulted($user_data);
validatorClass::addFieldTypes($userMethods->userVettingInfo,$allData);
//FIXME - (SecretR) there is a better way to fix this (missing default value, sql error in strict mode - user_realm is to be deleted from DB later)
$allData['data']['user_realm'] = '';
if ($sql -> db_Insert('user', $allData))
{
// Add to admin log
$admin_log->log_event('USET_02',"UName: {$user_data['user_name']}; Email: {$user_data['user_email']}",E_LOG_INFORMATIVE);
// Add to user audit trail
$admin_log->user_audit(USER_AUDIT_ADD_ADMIN,$user_data, 0,$user_data['user_loginname']);
$e_event->trigger('userfull', $user_data); // send everything available for user data - bit sparse compared with user-generated signup
if (isset($_POST['sendconfemail']))
{ // Send confirmation email to user
require_once(e_HANDLER.'mail.php');
$e_message = str_replace(array('--SITE--','--LOGIN--','--PASSWORD--'),array(SITEURL,$loginname,$savePassword),USRLAN_185).USRLAN_186;
if (sendemail($user_data['user_email'],USRLAN_187.SITEURL,$e_message,$user_data['user_login'],'',''))
{
$message = USRLAN_188.'
';
}
else
{
$message = USRLAN_189.'
';
}
}
$message .= str_replace('--NAME--',$user_data['user_name'], USRLAN_174) ;
if (isset($_POST['generateloginname'])) $message .= '
'.USRLAN_173.': '.$loginname;
if (isset($_POST['generatepassword'])) $message .= '
'.USRLAN_172.': '.$savePassword;
unset($user_data); // Don't recycle the data once the user's been accepted without error
}
}
if (isset($message)) $user->show_message($message);
}
// ------- Bounce --> Unverified --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "reqverify")
{
$sql->db_Select("user", "*", "user_id='".$_POST['userid']."'");
$row = $sql->db_Fetch();
extract($row);
$sql->db_Update("user", "user_ban='2' WHERE user_id='".$_POST['userid']."' ");
$user->show_message("User now has to verify");
$action = "main";
if(!$sub_action) {$sub_action = "user_id"; }
}
// ------- Ban User. --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "ban")
{
// $sub_action = $_POST['userid'];
$sql->db_Select("user", "*", "user_id='".$_POST['userid']."'");
$row = $sql->db_Fetch();
if (($row['user_perms'] == "0") || ($row['user_perms'] == "0."))
{
$user->show_message(USRLAN_7);
}
else
{
if($sql->db_Update("user", "user_ban='1' WHERE user_id='".$_POST['userid']."' "))
{
$admin_log->log_event('USET_05',str_replace(array('--UID--','--NAME--'),array($row['user_id'],$row['user_name']),USRLAN_161),E_LOG_INFORMATIVE);
$user->show_message(USRLAN_8);
}
if(trim($row['user_ip']) == "")
{
$user->show_message(USRLAN_135);
}
else
{
if($sql->db_Count("user", "(*)", "WHERE user_ip = '{$row['user_ip']}'") > 1)
{ // Multiple users have same IP address
$user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_136));
}
else
{
if ($e107->add_ban(6,USRLAN_149.$row['user_name'].'/'.$row['user_loginname'],$row['user_ip'],USERID))
{ // Successful IP ban
$user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_137));
}
else
{ // IP address on whitelist
$user->show_message(str_replace("{IP}", $row['user_ip'], USRLAN_150));
}
}
}
}
$action = "main";
if(!$sub_action){$sub_action = "user_id"; }
}
// ------- Unban User --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "unban")
{
$sql->db_Select("user", "user_name,user_ip", "user_id='".$_POST['userid']."'");
$row = $sql->db_Fetch();
$sql->db_Update("user", "user_ban='0' WHERE user_id='".$_POST['userid']."' ");
$sql -> db_Delete("banlist", " banlist_ip='{$row['user_ip']}' ");
$admin_log->log_event('USET_06',str_replace(array('--UID--','--NAME--'),array($_POST['userid'],$row['user_name']),USRLAN_162),E_LOG_INFORMATIVE);
$user->show_message(USRLAN_9);
$action = "main";
if(!$sub_action){$sub_action = "user_id"; }
}
// ------- Resend Email Confirmation. --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == 'resend')
{
$qry = (e_QUERY) ? "?".e_QUERY : "";
if ($sql->db_Select("user", "*", "user_id='".$_POST['userid']."' ")) {
$resend = $sql->db_Fetch();
$text .= "
\n";
$caption = USRLAN_112;
$ns->tablerender($caption, $text);
require_once("footer.php");
exit;
}
}
// ------- TEst Email confirmation. --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == 'test')
{
$qry = (e_QUERY) ? "?".e_QUERY : "";
if ($sql->db_Select("user", "*", "user_id='".$_POST['userid']."' ")) {
$test = $sql->db_Fetch();
$text .= "
\n";
$caption = USRLAN_118;
$ns->tablerender($caption, $text);
require_once("footer.php");
exit;
}
}
// ------- Delete User --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == 'deluser')
{
if ($_POST['confirm'])
{
$uid = intval($_POST['userid']);
if ($sql->db_Delete("user", "user_id=".$uid." AND user_perms != '0' AND user_perms != '0.'"))
{
$sql->db_Delete("user_extended", "user_extended_id='".$uid."' ");
$admin_log->log_event('USET_07',str_replace('--UID--',$uid,USRLAN_163),E_LOG_INFORMATIVE);
$e_event->trigger('userdelete', $temp = array('user_id' => $uid));
$user->show_message(USRLAN_10);
}
if(!$sub_action){ $sub_action = "user_id"; }
if(!$id){ $id = "DESC"; }
}
else
{ // Put up confirmation
if ($sql->db_Select("user", "*", "user_id='".$_POST['userid']."' ")) {
$row = $sql->db_Fetch();
$qry = (e_QUERY) ? "?".e_QUERY : "";
$text .= "
";
$ns->tablerender(USRLAN_16, $text);
require_once("footer.php");
exit;
}
}
}
// ------- Make Admin --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "admin" && getperms('3'))
{
$sql->db_Select("user", "user_id, user_name", "user_id='".$_POST['userid']."'");
$row = $sql->db_Fetch();
$sql->db_Update("user", "user_admin='1' WHERE user_id='".$_POST['userid']."' ");
$admin_log->log_event('USET_08',str_replace(array('--UID--','--NAME--'),array($row['user_id'],$row['user_name']),USRLAN_164),E_LOG_INFORMATIVE);
$user->show_message($row['user_name']." ".USRLAN_3."
".USRLAN_4."");
$action = "main";
if(!$sub_action){ $sub_action = "user_id"; }
if(!$id){ $id = "DESC"; }
}
// ------- Remove Admin --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "unadmin" && getperms('3'))
{
$sql->db_Select("user", "*", "user_id='".$_POST['userid']."'");
$row = $sql->db_Fetch();
extract($row);
if ($user_perms == "0")
{
$user->show_message(USRLAN_5);
}
else
{
$sql->db_Update("user", "user_admin='0', user_perms='' WHERE user_id='".$_POST['userid']."'");
$admin_log->log_event('USET_09',str_replace(array('--UID--','--NAME--'),array($row['user_id'],$row['user_name']),USRLAN_165),E_LOG_INFORMATIVE);
$user->show_message($user_name." ".USRLAN_6);
$action = "main";
if(!$sub_action){ $sub_action = "user_id"; }
if(!$id){ $id = "DESC"; }
}
}
// ------- Approve User. --------------
if (isset($_POST['useraction']) && $_POST['useraction'] == "verify")
{
$uid = intval($_POST['userid']);
if ($sql->db_Select("user", "*", "user_id='".$uid."' "))
{
if ($row = $sql->db_Fetch())
{
$dbData = array();
$dbData['WHERE'] = "user_id=".$uid;
$dbData['data'] = array('user_ban'=>'0', 'user_sess'=>'');
// Add in the initial classes as necessary
if ($userMethods->userClassUpdate($row, 'userall'))
{
$dbData['data']['user_class'] = $row['user_class'];
}
$userMethods->addNonDefaulted($dbData);
validatorClass::addFieldTypes($userMethods->userVettingInfo,$dbData);
$sql->db_Update('user',$dbData);
$admin_log->log_event('USET_10',str_replace(array('--UID--','--NAME--'),array($row['user_id'],$row['user_name']),USRLAN_166),E_LOG_INFORMATIVE);
$e_event->trigger('userfull', $row); // 'New' event
$user->show_message(USRLAN_86);
if(!$action){ $action = "main"; }
if(!$sub_action){ $sub_action = "user_id"; }
if(!$id){ $id = "DESC"; }
if($pref['user_reg_veri'] == 2)
{
if($sql->db_Select("user", "user_email, user_name", "user_id = '{$uid}'"))
{
$row = $sql->db_Fetch();
$message = USRLAN_114." ".$row['user_name'].",\n\n".USRLAN_122." ".SITENAME.".\n\n".USRLAN_123."\n\n";
$message .= str_replace("{SITEURL}", SITEURL, USRLAN_139);
require_once(e_HANDLER."mail.php");
if(sendemail($row['user_email'], USRLAN_113." ".SITENAME, $message))
{
// echo str_replace("\n","
",$message);
$user->show_message("Email sent to: ".$row['user_name']);
}
else
{
$user->show_message("Failed to send to: ".$row['user_name']);
}
}
}
}
}
}
if (isset($action) && $action == "uset")
{
$user->show_message(USRLAN_87);
$action = "main";
}
if (isset($action) && $action == "cu")
{
$user->show_message(USRLAN_88);
$action = "main";
// $sub_action = "user_id";
}
/*
echo "action= ".$action."
";
echo "subaction= ".$sub_action."
";
echo "id= ".$id."
";
echo "from= ".$from."
";
echo "amount= ".$amount."
";
*/
$unverified = $sql -> db_Count("user", "(*)", "WHERE user_ban = 2");
if (!e_QUERY) $action = "main";
switch ($action)
{
case "unverified" :
$user->show_existing_users($action, $sub_action, $id, $from, $amount);
break;
case "options" :
$user->show_prefs();
break;
case "prune" :
$user->show_prune();
break;
case "create" :
$userMethods->deleteExpired(); // Remove time-expired users
$user->add_user($user_data);
break;
default :
$user->show_existing_users($action, $sub_action, $id, $from, $amount);
}
require_once("footer.php");
class users
{
var $fields = array();
var $fieldpref = array();
function users()
{
global $pref, $user_pref, $sql, $tp;
if(isset($pref['admin_user_disp']))
{
$user_pref['admin_users_columns'] = ($pref['admin_user_disp']) ? explode("|",$pref['admin_user_disp']) : array('user_name', 'user_class');
save_prefs('user');
unset($pref['admin_user_disp']);
save_prefs;
}
$this->usersSaveColumnPref();
$this->fieldpref = (!$user_pref['admin_users_columns']) ? array('user_name', 'user_class') : $user_pref['admin_users_columns'];
$this->fields = array(
'user_id' => array('title'=> 'Id', 'width'=>'5%', 'forced'=> TRUE),
'user_status' => array('title'=> ADLAN_134, 'forced'=> TRUE),
'user_name' => array('title'=> LAN_USER_01, 'type' => 'text', 'width' => 'auto', 'thclass' => 'left first'), // Display name
'user_loginname' => array('title'=> LAN_USER_02, 'type' => 'text', 'width' => 'auto'), // User name
'user_login' => array('title'=> LAN_USER_03, 'type' => 'text', 'width' => 'auto'), // Real name (no real vetting)
'user_customtitle' => array('title'=> LAN_USER_04, 'type' => 'text', 'width' => 'auto'), // No real vetting
'user_password' => array('title'=> LAN_USER_05, 'type' => 'text', 'width' => 'auto'),
'user_sess' => array('title'=> LAN_USER_06, 'type' => 'text', 'width' => 'auto'), // Photo
'user_image' => array('title'=> LAN_USER_07, 'type' => 'text', 'width' => 'auto'), // Avatar
'user_email' => array('title'=> LAN_USER_08, 'type' => 'text', 'width' => 'auto'),
'user_signature' => array('title'=> LAN_USER_09, 'type' => 'text', 'width' => 'auto'),
'user_hideemail' => array('title'=> LAN_USER_10, 'type' => 'int', 'width' => 'auto'),
'user_xup' => array('title'=> LAN_USER_11, 'type' => 'text', 'width' => 'auto'),
'user_class' => array('title'=> LAN_USER_12, 'type' => 'class'),
'user_join' => array('title' => LAN_USER_14, 'width'=> 'auto'),
'user_lastvisit' => array('title' => LAN_USER_15, 'width'=> 'auto'),
'user_currentvisit' => array('title' => LAN_USER_16, 'width'=> 'auto'),
'user_comments' => array('title' => LAN_USER_17, 'width'=> 'auto'),
'user_ip' => array('title' => LAN_USER_18, 'width'=> 'auto'),
'user_ban' => array('title' => LAN_USER_19, 'width'=> 'auto'),
'user_prefs' => array('title' => LAN_USER_20, 'width'=> 'auto'),
'user_visits' => array('title' => LAN_USER_21, 'width'=> 'auto'),
'user_admin' => array('title' => LAN_USER_22, 'width'=> 'auto'),
'user_perms' => array('title' => LAN_USER_23, 'width'=> 'auto'),
'user_pwchange' => array('title' => LAN_USER_24, 'width'=> 'auto')
);
$sql -> db_Select("user_extended_struct");
while($row = $sql-> db_Fetch())
{
$field = "user_".$row['user_extended_struct_name'];
$title = ucfirst(str_replace("user_","",$field));
$this->fields[$field] = array('title'=>$title,'width'=>'auto');
}
$this->fields['options'] = array('title' => LAN_OPTIONS, 'width'=>'10%', "thclass" => "center last");
}
function usersSaveColumnPref()
{
global $pref,$user_pref, $admin_log;
if(isset($_POST['submit-e-columns']))
{
$user_pref['admin_users_columns'] = $_POST['e-columns'];
save_prefs('user');
}
}
function show_existing_users($action, $sub_action, $id, $from, $amount)
{
global $sql, $frm, $ns, $tp, $mySQLdefaultdb,$pref,$unverified, $userMethods;
$e107 = e107::getInstance();
$text = "
";
if (isset($_POST['searchquery']) && $_POST['searchquery'] != "")
{
$_POST['searchquery'] = $tp->toDB(trim($_POST['searchquery']));
$query = 'WHERE '.
$query .= (strpos($_POST['searchquery'], "@") !== FALSE) ? "user_email REGEXP('".$_POST['searchquery']."') OR ": "";
$query .= (strpos($_POST['searchquery'], ".") !== FALSE) ? "user_ip REGEXP('".$_POST['searchquery']."') OR ": "";
foreach($this->fieldpref as $disp)
{
$query .= $disp." REGEXP('".$_POST['searchquery']."') OR ";
}
$query .= "user_login REGEXP('".$_POST['searchquery']."') OR ";
$query .= "user_name REGEXP('".$_POST['searchquery']."') ";
if($action == 'unverified')
{
$query .= ' AND user_ban = 2 ';
}
$query .= ' ORDER BY user_id';
}
else
{
$query = '';
if($action == 'unverified')
{
$query = 'WHERE user_ban = 2 ';
}
$query .= 'ORDER BY '.($sub_action ? $sub_action : 'user_id').' '.($id ? $id : 'DESC')." LIMIT $from, $amount";
}
// $user_total = db_Count($table, $fields = '(*)',
$qry_insert = 'SELECT u.*, ue.* FROM `#user` AS u LEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id ';
if ($user_total = $sql->db_Select_gen($qry_insert. $query))
{
$text .= "