XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
user.php
Go to the documentation of this file.
1 <?php
20 include 'admin_header.php';
21 xoops_cp_header();
22  $indexAdmin = new ModuleAdmin();
23  echo $indexAdmin->addNavigation('user.php');
24 
25 $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : 'list';
26 if ( $op == "editordelete" ) {
27  $op = isset($_REQUEST['delete']) ? "delete" : "edit";
28 }
29 $handler =& xoops_gethandler('member');
30 
31 switch($op ) {
32  default:
33  case "list":
34  include_once $GLOBALS['xoops']->path( "/class/xoopsformloader.php" );
35  $form = new XoopsThemeForm(_PROFILE_AM_EDITUSER, 'form', 'user.php');
36  $form->addElement(new XoopsFormSelectUser(_PROFILE_AM_SELECTUSER, 'id') );
37  $form->addElement(new XoopsFormHidden('op', 'editordelete') );
38  $button_tray = new XoopsFormElementTray('');
39  $button_tray->addElement(new XoopsFormButton('', 'edit', _EDIT, 'submit') );
40  $button_tray->addElement(new XoopsFormButton('', 'delete', _DELETE, 'submit') );
41  $form->addElement($button_tray);
42  $form->display();
43 
44  case "new":
45  xoops_loadLanguage("main", $GLOBALS['xoopsModule']->getVar('dirname', 'n') );
46  include_once '../include/forms.php';
47  $obj =& $handler->createUser();
48  $obj->setGroups(array(XOOPS_GROUP_USERS) );
49  $form = profile_getUserForm($obj);
50  $form->display();
51  break;
52 
53  case "edit":
54  xoops_loadLanguage("main", $GLOBALS['xoopsModule']->getVar('dirname', 'n') );
55  $obj =& $handler->getUser($_REQUEST['id']);
56  if ( in_array(XOOPS_GROUP_ADMIN, $obj->getGroups() ) && !in_array(XOOPS_GROUP_ADMIN, $GLOBALS['xoopsUser']->getGroups() ) ) {
57  // If not webmaster trying to edit a webmaster - disallow
58  redirect_header("user.php", 3, _US_NOEDITRIGHT);
59  }
60  include_once '../include/forms.php';
61  $form = profile_getUserForm($obj);
62  $form->display();
63  break;
64 
65  case "save":
66  xoops_loadLanguage("main", $GLOBALS['xoopsModule']->getVar('dirname', 'n') );
67  if ( !$GLOBALS['xoopsSecurity']->check() ) {
68  redirect_header('user.php', 3, _US_NOEDITRIGHT . "<br />" . implode('<br />', $GLOBALS['xoopsSecurity']->getErrors() ));
69  exit;
70  }
71 
72  // Dynamic fields
73  $profile_handler =& xoops_getmodulehandler('profile');
74  // Get fields
75  $fields = $profile_handler->loadFields();
76  $userfields = $profile_handler->getUserVars();
77  // Get ids of fields that can be edited
78  $gperm_handler =& xoops_gethandler('groupperm');
79  $editable_fields = $gperm_handler->getItemIds('profile_edit', $GLOBALS['xoopsUser']->getGroups(), $GLOBALS['xoopsModule']->getVar('mid') );
80 
81  $uid = empty($_POST['uid']) ? 0 : intval($_POST['uid']);
82  if ( !empty($uid) ) {
83  $user =& $handler->getUser($uid);
84  $profile = $profile_handler->get($uid);
85  if ( !is_object($profile) ) {
86  $profile = $profile_handler->create();
87  $profile->setVar('profile_id', $uid);
88  }
89  } else {
90  $user =& $handler->createUser();
91  $profile = $profile_handler->create();
92  if ( count($fields) > 0 ) {
93  foreach (array_keys($fields) as $i ) {
94  $fieldname = $fields[$i]->getVar('field_name');
95  if ( in_array($fieldname, $userfields) ) {
96  $default = $fields[$i]->getVar('field_default');
97  if ( $default === '' || $default === null) continue;
98  $user->setVar($fieldname, $default);
99  }
100  }
101  }
102  $user->setVar('user_regdate', time() );
103  $user->setVar('level', 1);
104  }
105  $myts =& MyTextSanitizer::getInstance();
106  $user->setVar('uname', $_POST['uname']);
107  $user->setVar('email', trim($_POST['email']) );
108  if ( isset($_POST['level']) && $user->getVar('level') != intval($_POST['level']) ) {
109  $user->setVar('level', intval($_POST['level']) );
110  }
111  $password = $vpass = null;
112  if ( !empty($_POST['password']) ) {
113  $password = $myts->stripSlashesGPC(trim($_POST['password']) );
114  $vpass = @$myts->stripSlashesGPC(trim($_POST['vpass']) );
115  $user->setVar('pass', md5($password) );
116  } elseif ( $user->isNew() ) {
117  $password = $vpass = '';
118  }
119  xoops_load("userUtility");
120  $stop = XoopsUserUtility::validate($user, $password, $vpass);
121 
122  $errors = array();
123  if ( $stop != "" ) {
124  $errors[] = $stop;
125  }
126 
127  foreach (array_keys($fields) as $i ) {
128  $fieldname = $fields[$i]->getVar('field_name');
129  if ( in_array($fields[$i]->getVar('field_id'), $editable_fields) && isset($_REQUEST[$fieldname]) ) {
130  if ( in_array($fieldname, $userfields) ) {
131  $value = $fields[$i]->getValueForSave($_REQUEST[$fieldname], $user->getVar($fieldname, 'n') );
132  $user->setVar($fieldname, $value);
133  } else {
134  $value = $fields[$i]->getValueForSave( ( isset($_REQUEST[$fieldname]) ? $_REQUEST[$fieldname] : ""), $profile->getVar($fieldname, 'n') );
135  $profile->setVar($fieldname, $value);
136  }
137  }
138  }
139 
140  $new_groups = isset($_POST['groups']) ? $_POST['groups'] : array();
141 
142  if ( count($errors) == 0 ) {
143  if ( $handler->insertUser($user) ) {
144  $profile->setVar('profile_id', $user->getVar('uid') );
145  $profile_handler->insert($profile);
146  include_once $GLOBALS['xoops']->path( "/modules/system/constants.php" );
147  if ( $gperm_handler->checkRight("system_admin", XOOPS_SYSTEM_GROUP, $GLOBALS['xoopsUser']->getGroups(), 1) ) {
148  //Update group memberships
149  $cur_groups = $user->getGroups();
150 
151  $added_groups = array_diff($new_groups, $cur_groups);
152  $removed_groups = array_diff($cur_groups, $new_groups);
153 
154  if ( count($added_groups) > 0 ) {
155  foreach ($added_groups as $groupid ) {
156  $handler->addUserToGroup($groupid, $user->getVar('uid') );
157  }
158  }
159  if ( count($removed_groups) > 0 ) {
160  foreach ($removed_groups as $groupid ) {
161  $handler->removeUsersFromGroup($groupid, array($user->getVar('uid') ));
162  }
163  }
164  }
165  if ( $user->isNew() ) {
166  redirect_header('user.php', 2, _PROFILE_AM_USERCREATED, false);
167  } else {
168  redirect_header('user.php', 2, _US_PROFUPDATED, false);
169  }
170  }
171  } else {
172  foreach ($errors as $err ) {
173  $user->setErrors($err);
174  }
175  }
176  $user->setGroups($new_groups);
177  include_once '../include/forms.php';
178  echo $user->getHtmlErrors();
179  $form = profile_getUserForm($user, $profile);
180  $form->display();
181  break;
182 
183  case "delete":
184  if ( $_REQUEST['id'] == $GLOBALS['xoopsUser']->getVar('uid') ) {
185  redirect_header('user.php', 2, _PROFILE_AM_CANNOTDELETESELF);
186  }
187  $obj =& $handler->getUser($_REQUEST['id']);
188  $groups = $obj->getGroups();
189  if ( in_array(XOOPS_GROUP_ADMIN, $groups) ) {
190  redirect_header('user.php', 3, _PROFILE_AM_CANNOTDELETEADMIN, false);
191  }
192 
193  if ( isset($_REQUEST['ok']) && $_REQUEST['ok'] == 1 ) {
194  if ( !$GLOBALS['xoopsSecurity']->check() ) {
195  redirect_header('user.php', 3, implode(',', $GLOBALS['xoopsSecurity']->getErrors() ), false);
196  }
197  $profile_handler = xoops_getmodulehandler('profile');
198  $profile = $profile_handler->get($obj->getVar('uid') );
199  if ( !$profile || $profile->isNew() || $profile_handler->delete($profile) ) {
200  if ( $handler->deleteUser($obj) ) {
201  redirect_header('user.php', 3, sprintf(_PROFILE_AM_DELETEDSUCCESS, $obj->getVar('uname') . " (" . $obj->getVar('email') . ")"), false);
202  } else {
203  echo $obj->getHtmlErrors();
204  }
205  } else {
206  echo $profile->getHtmlErrors();
207  }
208 
209  } else {
210  xoops_confirm(array('ok' => 1, 'id' => $_REQUEST['id'], 'op' => 'delete'), $_SERVER['REQUEST_URI'], sprintf(_PROFILE_AM_RUSUREDEL, $obj->getVar('uname') . " (" . $obj->getVar('email') . ")") );
211  }
212  break;
213 }
214 
215 include 'admin_footer.php';
216 //xoops_cp_footer();