2018-01-09 02:09:07 +03:00
< ? php
/**
*
* @ package adm
2020-04-11 22:45:48 +02:00
* @ copyright ( c ) 2007 Kleeja . net
2018-01-09 02:09:07 +03:00
* @ license ./ docs / license . txt
*
*/
// not for directly open
2019-05-03 23:52:08 +03:00
if ( ! defined ( 'IN_ADMIN' ))
2018-01-09 02:09:07 +03:00
{
2019-05-03 23:52:08 +03:00
exit ();
2018-01-09 02:09:07 +03:00
}
//for style ..
2019-05-18 01:47:17 +03:00
$stylee = 'admin_users' ;
$current_smt = preg_replace ( '/[^a-z0-9_]/i' , '' , g ( 'smt' , 'str' , 'general' ));
2018-01-09 02:09:07 +03:00
2019-05-18 01:47:17 +03:00
$action = basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ) . ( ig ( 'page' ) ? '&page=' . g ( 'page' , 'int' ) : '' );
$action .= ( ig ( 'search_id' ) ? '&search_id=' . g ( 'search' ) : '' );
$action .= ( ig ( 'qg' ) ? '&qg=' . g ( 'qg' , 'int' ) : '' ) . '&smt=' . $current_smt ;
$action_all = basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ) . '&smt=' . $current_smt . ( ig ( 'page' ) ? '&page=' . g ( 'page' , 'int' ) : '' );
2018-01-09 02:09:07 +03:00
$cp_users_url = basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' );
//if not normal user system
2019-05-24 04:28:18 +03:00
$user_not_normal = ( int ) $config [ 'user_system' ] != 1 ;
2019-05-18 01:47:17 +03:00
$is_search = $affected = false ;
$GET_FORM_KEY = kleeja_add_form_key_get ( 'adm_users' );
$H_FORM_KEYS = kleeja_add_form_key ( 'adm_users' );
$H_FORM_KEYS2 = kleeja_add_form_key ( 'adm_users_newuser' );
$H_FORM_KEYS3 = kleeja_add_form_key ( 'adm_users_newgroup' );
$H_FORM_KEYS4 = kleeja_add_form_key ( 'adm_users_delgroup' );
$H_FORM_KEYS5 = kleeja_add_form_key ( 'adm_users_editacl' );
$H_FORM_KEYS6 = kleeja_add_form_key ( 'adm_users_editdata' );
$H_FORM_KEYS7 = kleeja_add_form_key ( 'adm_users_editexts' );
$H_FORM_KEYS8 = kleeja_add_form_key ( 'adm_users_edituser' );
2018-01-09 02:09:07 +03:00
//
// Check form key
//
if ( ip ( 'submit' ))
{
2019-05-03 23:52:08 +03:00
if ( ! kleeja_check_form_key ( 'adm_users' ))
{
kleeja_admin_err ( $lang [ 'INVALID_FORM_KEY' ], true , $lang [ 'ERROR' ], true , $action , 1 );
}
2018-01-09 02:09:07 +03:00
}
2019-05-03 23:52:08 +03:00
2018-01-09 02:09:07 +03:00
if ( ip ( 'newuser' ))
{
2019-05-03 23:52:08 +03:00
if ( ! kleeja_check_form_key ( 'adm_users_newuser' ))
{
kleeja_admin_err ( $lang [ 'INVALID_FORM_KEY' ], true , $lang [ 'ERROR' ], true , $action , 1 );
}
2018-01-09 02:09:07 +03:00
}
2019-05-03 23:52:08 +03:00
2018-01-09 02:09:07 +03:00
if ( ip ( 'edituser' ))
{
2019-05-03 23:52:08 +03:00
if ( ! kleeja_check_form_key ( 'adm_users_edituser' ))
{
kleeja_admin_err ( $lang [ 'INVALID_FORM_KEY' ], true , $lang [ 'ERROR' ], true , $action . '&uid=' . p ( 'uid' , 'int' ), 1 );
}
2018-01-09 02:09:07 +03:00
}
2019-05-03 23:52:08 +03:00
2018-01-09 02:09:07 +03:00
if ( ip ( 'delgroup' ))
{
2019-05-03 23:52:08 +03:00
if ( ! kleeja_check_form_key ( 'adm_users_delgroup' ))
{
kleeja_admin_err ( $lang [ 'INVALID_FORM_KEY' ], true , $lang [ 'ERROR' ], true , $action , 1 );
}
2018-01-09 02:09:07 +03:00
}
2019-05-03 23:52:08 +03:00
2018-01-09 02:09:07 +03:00
if ( ip ( 'newgroup' ))
{
2019-05-03 23:52:08 +03:00
if ( ! kleeja_check_form_key ( 'adm_users_newgroup' ))
{
kleeja_admin_err ( $lang [ 'INVALID_FORM_KEY' ], true , $lang [ 'ERROR' ], true , $action , 1 );
}
2018-01-09 02:09:07 +03:00
}
2019-05-03 23:52:08 +03:00
2018-01-09 02:09:07 +03:00
if ( ip ( 'editacl' ))
{
2019-05-03 23:52:08 +03:00
if ( ! kleeja_check_form_key ( 'adm_users_editacl' ))
{
kleeja_admin_err ( $lang [ 'INVALID_FORM_KEY' ], true , $lang [ 'ERROR' ], true , $action , 1 );
}
2018-01-09 02:09:07 +03:00
}
2019-05-03 23:52:08 +03:00
2018-01-09 02:09:07 +03:00
if ( ip ( 'editdata' ))
{
2019-05-03 23:52:08 +03:00
if ( ! kleeja_check_form_key ( 'adm_users_editdata' ))
{
kleeja_admin_err ( $lang [ 'INVALID_FORM_KEY' ], true , $lang [ 'ERROR' ], true , $action , 1 );
}
2018-01-09 02:09:07 +03:00
}
2019-05-03 23:52:08 +03:00
2018-01-09 02:09:07 +03:00
if ( ip ( 'newext' ) or ip ( 'editexts' ))
{
2019-05-03 23:52:08 +03:00
if ( ! kleeja_check_form_key ( 'adm_users_editexts' ))
{
kleeja_admin_err ( $lang [ 'INVALID_FORM_KEY' ], true , $lang [ 'ERROR' ], true , $action , 1 );
}
2018-01-09 02:09:07 +03:00
}
//
//delete all user files [only one user]
//
2019-05-03 23:52:08 +03:00
if ( ig ( 'deleteuserfile' ))
2018-01-09 02:09:07 +03:00
{
2019-05-03 23:52:08 +03:00
//check _GET Csrf token
if ( ! kleeja_check_form_key_get ( 'adm_users' ))
{
kleeja_admin_err ( $lang [ 'INVALID_GET_KEY' ], true , $lang [ 'ERROR' ], true , $action_all , 2 );
}
//is exists ?
if ( ! $SQL -> num_rows ( $SQL -> query ( " SELECT * FROM { $dbprefix } users WHERE id= " . g ( 'deleteuserfile' , 'int' ))))
{
redirect ( $action_all );
}
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => 'size, name, folder' ,
'FROM' => " { $dbprefix } files " ,
'WHERE' => 'user=' . g ( 'deleteuserfile' , 'int' ),
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
$sizes = $num = 0 ;
while ( $row = $SQL -> fetch_array ( $result ))
{
//delete from folder ..
2019-05-18 01:47:17 +03:00
kleeja_unlink ( PATH . $row [ 'folder' ] . '/' . $row [ 'name' ]);
2019-05-03 23:52:08 +03:00
//delete thumb
if ( file_exists ( PATH . $row [ 'folder' ] . '/thumbs/' . $row [ 'name' ]))
{
2019-05-18 01:47:17 +03:00
kleeja_unlink ( PATH . $row [ 'folder' ] . '/thumbs/' . $row [ 'name' ]);
2019-05-03 23:52:08 +03:00
}
$num ++ ;
$sizes += $row [ 'size' ];
}
$SQL -> freeresult ( $result );
if ( $num == 0 )
{
kleeja_admin_err ( $lang [ 'ADMIN_DELETE_NO_FILE' ], true , '' , true , $action_all , 2 );
}
else
{
//update number of stats
2019-05-18 01:47:17 +03:00
$update_query = [
'UPDATE' => " { $dbprefix } stats " ,
'SET' => " sizes=sizes- $sizes , files=files- $num " ,
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query );
if ( $SQL -> affected ())
{
delete_cache ( 'data_stats' );
}
//delete all files in just one query
2019-05-18 01:47:17 +03:00
$d_query = [
'DELETE' => " { $dbprefix } files " ,
'WHERE' => 'user=' . g ( 'deleteuserfile' , 'int' ),
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $d_query );
kleeja_admin_info ( $lang [ 'ADMIN_DELETE_FILE_OK' ], true , '' , true , $action_all , 3 );
}
2018-01-09 02:09:07 +03:00
}
//
//Delete a user
//
2019-05-03 23:52:08 +03:00
if ( ig ( 'del_user' ))
2018-01-09 02:09:07 +03:00
{
2019-05-03 23:52:08 +03:00
//check _GET Csrf token
if ( ! kleeja_check_form_key_get ( 'adm_users' ))
{
kleeja_admin_err ( $lang [ 'INVALID_GET_KEY' ], true , $lang [ 'ERROR' ], true , $action_all , 2 );
}
//is exists ?
if ( ! $SQL -> num_rows ( $SQL -> query ( " SELECT * FROM { $dbprefix } users WHERE id= " . g ( 'del_user' , 'int' ))))
{
redirect ( $action_all );
}
//delete all files in just one query
2019-05-18 01:47:17 +03:00
$d_query = [
'DELETE' => " { $dbprefix } users " ,
'WHERE' => 'id=' . g ( 'del_user' , 'int' ),
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $d_query );
kleeja_admin_info ( $lang [ 'USER_DELETED' ], true , '' , true , './' );
2018-01-09 02:09:07 +03:00
}
//
//add new user
//
2019-05-03 23:52:08 +03:00
elseif ( ip ( 'newuser' ))
2018-01-09 02:09:07 +03:00
{
2019-05-03 23:52:08 +03:00
if ( trim ( p ( 'lname' )) == '' || trim ( p ( 'lpass' )) == '' || trim ( p ( 'lmail' )) == '' )
{
$ERRORS [] = $lang [ 'EMPTY_FIELDS' ];
}
elseif ( ! preg_match ( " /^[_a-z0-9-]+( \ .[_a-z0-9-]+)*@[a-z0-9-]+( \ .[a-z0-9-]+)*( \ .[a-z] { 2,4}) $ /i " , trim ( strtolower ( p ( 'lmail' )))))
{
$ERRORS [] = $lang [ 'WRONG_EMAIL' ];
}
elseif ( strlen ( trim ( p ( 'lname' ))) < 2 || strlen ( trim ( p ( 'lname' ))) > 25 )
{
$ERRORS [] = str_replace ( '4' , '2' , $lang [ 'WRONG_NAME' ]);
}
elseif ( $SQL -> num_rows ( $SQL -> query ( " SELECT * FROM { $dbprefix } users WHERE clean_name=' " . trim ( $SQL -> escape ( $usrcp -> cleanusername ( p ( 'lname' )))) . " ' " )) != 0 )
{
$ERRORS [] = $lang [ 'EXIST_NAME' ];
}
elseif ( $SQL -> num_rows ( $SQL -> query ( " SELECT * FROM { $dbprefix } users WHERE mail=' " . trim ( $SQL -> escape ( strtolower ( p ( 'lmail' )))) . " ' " )) != 0 )
{
$ERRORS [] = $lang [ 'EXIST_EMAIL' ];
}
//no errors, lets do process
if ( empty ( $ERRORS ))
{
2019-05-18 01:47:17 +03:00
$name = ( string ) $SQL -> escape ( trim ( p ( 'lname' )));
2019-05-22 19:33:52 +03:00
$user_salt = ( string ) substr ( base64_encode ( pack ( 'H*' , sha1 ( mt_rand ()))), 0 , 7 );
2019-05-18 01:47:17 +03:00
$pass = ( string ) $usrcp -> kleeja_hash_password ( $SQL -> escape ( trim ( p ( 'lpass' ))) . $user_salt );
$mail = ( string ) trim ( strtolower ( p ( 'lmail' )));
$clean_name = ( string ) $usrcp -> cleanusername ( $name );
$group = ( int ) p ( 'lgroup' );
$insert_query = [
'INSERT' => 'name ,password, password_salt ,group_id, mail,founder, session_id, clean_name' ,
'INTO' => " { $dbprefix } users " ,
'VALUES' => " ' $name ', ' $pass ', ' $user_salt ', $group , ' $mail ', 0 , '', ' $clean_name ' "
2019-05-03 23:52:08 +03:00
];
if ( $SQL -> build ( $insert_query ))
{
$last_user_id = $SQL -> insert_id ();
//update number of stats
2019-05-18 01:47:17 +03:00
$update_query = [
'UPDATE' => " { $dbprefix } stats " ,
'SET' => " users=users+1, lastuser=' $name ' " ,
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query );
if ( $SQL -> affected ())
{
delete_cache ( 'data_stats' );
}
}
//User added ..
kleeja_admin_info ( $lang [ 'USER_ADDED' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' , 3 );
}
else
{
2019-05-18 01:47:17 +03:00
$errs = '' ;
2019-05-03 23:52:08 +03:00
foreach ( $ERRORS as $r )
{
$errs .= '- ' . $r . '. <br />' ;
}
$current_smt = 'new_u' ;
//kleeja_admin_err($errs, true, '', true, $action_all, 3);
}
2018-01-09 02:09:07 +03:00
}
//
//edit user
//
2019-05-03 23:52:08 +03:00
if ( ip ( 'edituser' ))
2018-01-09 02:09:07 +03:00
{
2019-05-03 23:52:08 +03:00
$userid = p ( 'uid' , 'int' );
2018-01-09 02:09:07 +03:00
2019-05-03 23:52:08 +03:00
//is exists ?
if ( ! $SQL -> num_rows ( $SQL -> query ( " SELECT id FROM { $dbprefix } users WHERE id= " . $userid )))
{
kleeja_admin_err ( 'ERROR-NO-ID' , true , '' , true , basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ));
}
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => 'name, mail, clean_name, group_id, founder, show_my_filecp' ,
'FROM' => " { $dbprefix } users " ,
'WHERE' => 'id=' . $userid ,
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
$udata = $SQL -> fetch_array ( $result );
$SQL -> freeresult ( $result );
$new_clean_name = trim ( $SQL -> escape ( $usrcp -> cleanusername ( p ( 'l_name' ))));
$new_name = $new_mail = false ;
$pass = '' ;
if ( trim ( p ( 'l_name' )) == '' )
{
$ERRORS [] = $lang [ 'EMPTY_FIELDS' ] . ' (' . $lang [ 'USERNAME' ] . ')' ;
}
elseif ( trim ( p ( 'l_mail' )) == '' )
{
$ERRORS [] = $lang [ 'EMPTY_FIELDS' ] . ' (' . $lang [ 'EMAIL' ] . ')' ;
}
elseif ( ! preg_match ( " /^[_a-z0-9-]+( \ .[_a-z0-9-]+)*@[a-z0-9-]+( \ .[a-z0-9-]+)*( \ .[a-z] { 2,4}) $ /i " , trim ( strtolower ( p ( 'l_mail' )))))
{
$ERRORS [] = $lang [ 'WRONG_EMAIL' ];
}
elseif ( $udata [ 'clean_name' ] != $new_clean_name )
{
$new_name = true ;
if ( strlen ( trim ( p ( 'l_name' ))) < 2 || strlen ( trim ( p ( 'l_name' ))) > 100 )
{
$ERRORS [] = str_replace ( '4' , '2' , $lang [ 'WRONG_NAME' ]);
}
elseif ( $SQL -> num_rows ( $SQL -> query ( " SELECT * FROM { $dbprefix } users WHERE clean_name=' " . $new_clean_name . " ' " )) != 0 )
{
$ERRORS [] = $lang [ 'EXIST_NAME' ];
}
}
elseif ( $udata [ 'mail' ] != trim ( p ( 'l_mail' )))
{
$new_mail = true ;
if ( $SQL -> num_rows ( $SQL -> query ( " SELECT * FROM { $dbprefix } users WHERE mail=' " . trim ( $SQL -> escape ( strtolower ( p ( 'lmail' )))) . " ' " )) != 0 )
{
$ERRORS [] = $lang [ 'EXIST_EMAIL' ];
}
}
elseif ( trim ( p ( 'l_pass' )) != '' )
{
2019-05-22 19:33:52 +03:00
$user_salt = substr ( base64_encode ( pack ( 'H*' , sha1 ( mt_rand ()))), 0 , 7 );
2019-05-18 01:47:17 +03:00
$pass = " password = ' " . $usrcp -> kleeja_hash_password ( trim ( p ( 'l_pass' )) . $user_salt ) . " ', password_salt=' " . $user_salt . " ', " ;
2019-05-03 23:52:08 +03:00
}
//no errors, lets do process
if ( empty ( $ERRORS ))
{
2019-05-18 01:47:17 +03:00
$update_query = [
'UPDATE' => " { $dbprefix } users " ,
'SET' => ( $new_name ? " name = ' " . $SQL -> escape ( p ( 'l_name' )) . " ', clean_name=' " . $SQL -> escape ( $new_clean_name ) . " ', " : '' ) .
2019-05-03 23:52:08 +03:00
( $new_mail ? " mail = ' " . $SQL -> escape ( p ( 'l_mail' )) . " ', " : '' ) .
2019-05-17 05:08:42 +03:00
$pass .
2019-05-03 23:52:08 +03:00
( ip ( 'l_founder' ) ? 'founder=' . p ( 'l_founder' , 'int' ) . ',' : '' ) .
'group_id=' . p ( 'l_group' , 'int' ) . ',' .
'show_my_filecp=' . p ( 'l_show_filecp' , 'int' ),
2019-05-18 01:47:17 +03:00
'WHERE' => 'id=' . $userid
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query );
if ( $SQL -> affected ())
{
kleeja_admin_info ( $lang [ 'USER_UPDATED' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users&smt=show_group&qg=' . p ( 'l_qg' , 'int' ) . '&page=' . p ( 'l_page' , 'int' ), 2 );
}
else
{
kleeja_admin_info ( $lang [ 'NO_UP_CHANGE_S' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users&smt=show_group&qg=' . p ( 'l_qg' , 'int' ) . '&page=' . p ( 'l_page' , 'int' ), 2 );
}
}
else
{
2019-05-18 01:47:17 +03:00
$errs = '' ;
2019-05-03 23:52:08 +03:00
foreach ( $ERRORS as $r )
{
$errs .= '- ' . $r . '. <br />' ;
}
$current_smt = 'edit_user' ;
$_GET [ 'uid' ] = $userid ;
$_GET [ 'page' ] = p ( 'l_page' );
//kleeja_admin_err($errs, true, '', true, $action_all, 3);
}
2018-01-09 02:09:07 +03:00
}
//
//add new group
//
2019-05-03 23:52:08 +03:00
if ( ip ( 'newgroup' ))
2018-01-09 02:09:07 +03:00
{
2019-05-03 23:52:08 +03:00
if ( trim ( p ( 'gname' )) == '' || trim ( p ( 'gname' )) == '' || trim ( p ( 'gname' )) == '' )
{
$ERRORS [] = $lang [ 'EMPTY_FIELDS' ];
}
elseif ( strlen ( trim ( p ( 'gname' ))) < 2 || strlen ( trim ( p ( 'gname' ))) > 100 )
{
$ERRORS [] = str_replace ( '4' , '1' , $lang [ 'WRONG_NAME' ]);
}
elseif ( $SQL -> num_rows ( $SQL -> query ( " SELECT * FROM { $dbprefix } groups WHERE group_name=' " . trim ( $SQL -> escape ( p ( 'gname' ))) . " ' " )) != 0 )
{
$ERRORS [] = $lang [ 'EXIST_NAME' ];
}
elseif ( in_array ( trim ( p ( 'gname' )), [ $lang [ 'ADMINS' ], $lang [ 'GUESTS' ], $lang [ 'USERS' ]]))
{
$ERRORS [] = $lang [ 'TAKEN_NAMES' ];
}
//no errors, lets do process
if ( empty ( $ERRORS ))
{
//Insert the group ..
2019-05-18 01:47:17 +03:00
$insert_query = [
'INSERT' => 'group_name' ,
'INTO' => " { $dbprefix } groups " ,
'VALUES' => " ' " . trim ( $SQL -> escape ( p ( 'gname' ))) . " ' "
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $insert_query );
//Then, get the ID
$new_group_id = $SQL -> insert_id ();
$org_group_id = p ( 'cfrom' , 'int' );
if ( ! $new_group_id or ! $org_group_id )
{
kleeja_admin_err ( 'ERROR-NO-ID' , true , '' , true , basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ));
}
if ( $org_group_id == - 1 )
{
$org_group_id = ( int ) $config [ 'default_group' ];
}
2019-05-17 05:08:42 +03:00
//copy acls from the other group to this group
2019-05-03 23:52:08 +03:00
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => 'acl_name, acl_can' ,
'FROM' => " { $dbprefix } groups_acl " ,
'WHERE' => 'group_id=' . $org_group_id ,
'ORDER BY' => 'acl_name ASC'
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
while ( $row = $SQL -> fetch_array ( $result ))
{
2019-05-18 01:47:17 +03:00
$insert_query = [
'INSERT' => 'acl_name, acl_can, group_id' ,
'INTO' => " { $dbprefix } groups_acl " ,
'VALUES' => " ' " . $row [ 'acl_name' ] . " ', " . $row [ 'acl_can' ] . ', ' . $new_group_id
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $insert_query );
}
2019-05-30 07:32:17 +03:00
$SQL -> freeresult ( $result );
2019-05-03 23:52:08 +03:00
2019-05-17 05:08:42 +03:00
//copy configs from the other group to this group
2019-05-03 23:52:08 +03:00
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => 'd.name, d.value' ,
'FROM' => " { $dbprefix } groups_data d " ,
'WHERE' => 'd.group_id=' . $org_group_id ,
'ORDER BY' => 'd.name ASC'
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
while ( $row = $SQL -> fetch_array ( $result ))
{
2019-05-18 01:47:17 +03:00
$insert_query = [
'INSERT' => 'name, value, group_id' ,
'INTO' => " { $dbprefix } groups_data " ,
'VALUES' => " ' " . $row [ 'name' ] . " ', ' " . $SQL -> escape ( $row [ 'value' ]) . " ', " . $new_group_id
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $insert_query );
}
2019-05-30 07:32:17 +03:00
$SQL -> freeresult ( $result );
2019-05-03 23:52:08 +03:00
2019-05-17 05:08:42 +03:00
//copy exts from the other group to this group
2019-05-03 23:52:08 +03:00
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => 'e.ext, e.size' ,
'FROM' => " { $dbprefix } groups_exts e " ,
'WHERE' => 'e.group_id=' . $org_group_id ,
'ORDER BY' => 'e.ext_id ASC'
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
while ( $row = $SQL -> fetch_array ( $result ))
{
2019-05-18 01:47:17 +03:00
$insert_query = [
'INSERT' => 'ext, size, group_id' ,
'INTO' => " { $dbprefix } groups_exts " ,
'VALUES' => " ' " . $row [ 'ext' ] . " ', " . $row [ 'size' ] . ', ' . $new_group_id
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $insert_query );
}
2019-05-30 07:32:17 +03:00
$SQL -> freeresult ( $result );
2019-05-03 23:52:08 +03:00
//show group-is-added message
delete_cache ( 'data_groups' );
kleeja_admin_info ( sprintf ( $lang [ 'GROUP_ADDED' ], p ( 'gname' )), true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' );
}
else
{
2019-05-18 01:47:17 +03:00
$errs = '' ;
2019-05-03 23:52:08 +03:00
foreach ( $ERRORS as $r )
{
$errs .= '- ' . $r . '. <br />' ;
}
kleeja_admin_err ( $errs , true , '' , true , $action , 3 );
}
2018-01-09 02:09:07 +03:00
}
//
//delete group
//
2019-05-03 23:52:08 +03:00
if ( ip ( 'delgroup' ))
2018-01-09 02:09:07 +03:00
{
2019-05-03 23:52:08 +03:00
$from_group = ip ( 'dgroup' ) ? p ( 'dgroup' , 'int' ) : 0 ;
$to_group = ip ( 'tgroup' ) ? p ( 'tgroup' , 'int' ) : 0 ;
//if missing IDs of groups, deleted one and transfering-to one.
if ( ! $from_group or ! $to_group )
{
kleeja_admin_err ( 'ERROR-NO-ID' , true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' );
}
//We can not move users to the same group we deleting ! that's stupid pro!
if ( $from_group == $to_group )
{
kleeja_admin_err ( $lang [ 'NO_MOVE_SAME_GRP' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' );
}
//to_group = '-1' : means default group .. so now we get the real ID.
if ( $to_group == - 1 )
{
$to_group = ( int ) $config [ 'default_group' ];
}
2019-05-17 05:08:42 +03:00
//you can not delete default group !
2019-05-03 23:52:08 +03:00
if ( $from_group == ( int ) $config [ 'default_group' ])
{
kleeja_admin_err ( $lang [ 'DEFAULT_GRP_NO_DEL' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' );
}
//delete the exts
2019-05-18 01:47:17 +03:00
$query_del = [
'DELETE' => " { $dbprefix } groups_exts " ,
'WHERE' => 'group_id=' . $from_group
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $query_del );
//then, delete the configs
2019-05-18 01:47:17 +03:00
$query_del = [
'DELETE' => " { $dbprefix } groups_data " ,
'WHERE' => 'group_id=' . $from_group
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $query_del );
//then, delete acls
2019-05-18 01:47:17 +03:00
$query_del = [
'DELETE' => " { $dbprefix } groups_acl " ,
'WHERE' => 'group_id=' . $from_group
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $query_del );
//then, delete the group itself
2019-05-18 01:47:17 +03:00
$query_del = [
'DELETE' => " { $dbprefix } groups " ,
'WHERE' => 'group_id=' . $from_group
2019-05-03 23:52:08 +03:00
];
2019-05-17 05:08:42 +03:00
$SQL -> build ( $query_del );
2019-05-03 23:52:08 +03:00
//then, move users to the dest. group
$update_query = [
2019-05-18 01:47:17 +03:00
'UPDATE' => " { $dbprefix } users " ,
'SET' => 'group_id=' . $to_group ,
'WHERE' => 'group_id=' . $from_group
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query );
//get those groups name
2019-05-18 01:47:17 +03:00
$group_name_from = str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$d_groups [ $from_group ][ 'data' ][ 'group_name' ]);
2019-05-18 01:47:17 +03:00
$group_name_to = str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$d_groups [ $to_group ][ 'data' ][ 'group_name' ]);
//delete cache ..
delete_cache ( 'data_groups' );
kleeja_admin_info ( sprintf ( $lang [ 'GROUP_DELETED' ], $group_name_from , $group_name_to ), true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' );
2018-01-09 02:09:07 +03:00
}
//
2019-05-17 05:08:42 +03:00
//begin of default users page
2018-01-09 02:09:07 +03:00
//
2019-05-03 23:52:08 +03:00
$query = [];
2018-01-09 02:09:07 +03:00
$show_results = false ;
2019-05-03 23:52:08 +03:00
switch ( $current_smt ) :
2018-01-09 02:09:07 +03:00
case 'general' :
2019-05-03 23:52:08 +03:00
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => 'COUNT(group_id) AS total_groups' ,
'FROM' => " { $dbprefix } groups " ,
'ORDER BY' => 'group_id ASC'
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
2019-05-18 01:47:17 +03:00
$nums_rows = 0 ;
$n_fetch = $SQL -> fetch_array ( $result );
$nums_rows = $n_fetch [ 'total_groups' ];
$no_results = false ;
$e_groups = $c_groups = [];
$l_groups = [];
2019-05-03 23:52:08 +03:00
$groups_background_color = [
1 => [ 'background' => 'dark' , 'icon' => ' fa-star' ],
2 => [ 'background' => 'secondary' , 'icon' => 'fa-user-secret' ],
3 => [ 'background' => 'primary' , 'icon' => 'fa-user-circle' ],
];
if ( $nums_rows > 0 )
{
2019-05-18 01:47:17 +03:00
$query [ 'SELECT' ] = 'group_id, group_name, group_is_default, group_is_essential' ;
2019-05-03 23:52:08 +03:00
$result = $SQL -> build ( $query );
while ( $row = $SQL -> fetch_array ( $result ))
{
$r = [
2019-05-18 01:47:17 +03:00
'id' => $row [ 'group_id' ],
'name' => str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$row [ 'group_name' ]),
'style' => ! empty ( $groups_background_color [ $row [ 'group_id' ]])
? $groups_background_color [ $row [ 'group_id' ]]
: [ 'background' => 'secondary' , 'icon' => '' ],
2019-05-18 01:47:17 +03:00
'is_default' => ( int ) $row [ 'group_is_default' ] ? true : false
2019-05-03 23:52:08 +03:00
];
if (( int ) $row [ 'group_is_essential' ] == 1 )
{
$e_groups [] = $r ;
}
else
{
$c_groups [] = $r ;
}
}
}
if ( $user_not_normal )
{
$c_groups = false ;
}
$SQL -> freeresult ( $result );
2018-01-09 02:09:07 +03:00
break ;
2019-05-03 23:52:08 +03:00
//handling editing ACLs(permissions) for the requesting groups
2018-01-09 02:09:07 +03:00
case 'group_acl' :
2019-05-03 23:52:08 +03:00
$req_group = ig ( 'qg' ) ? g ( 'qg' , 'int' ) : 0 ;
if ( ! $req_group )
{
kleeja_admin_err ( 'ERROR-NO-ID' , true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' );
}
2019-05-18 01:47:17 +03:00
$group_name = str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$d_groups [ $req_group ][ 'data' ][ 'group_name' ]);
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => 'acl_name, acl_can' ,
'FROM' => " { $dbprefix } groups_acl " ,
'WHERE' => 'group_id=' . $req_group ,
'ORDER BY' => 'acl_name ASC'
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
$acls = $submitted_on_acls = $submitted_off_acls = [];
while ( $row = $SQL -> fetch_array ( $result ))
{
//if submit
if ( ip ( 'editacl' ))
{
if ( ip ( $row [ 'acl_name' ]))
{
$submitted_on_acls [] = $row [ 'acl_name' ];
}
elseif ( ! ip ( $row [ 'acl_name' ]))
{
$submitted_off_acls [] = $row [ 'acl_name' ];
}
}
if ( $req_group == 2 && in_array ( $row [ 'acl_name' ], [ 'access_fileuser' , 'enter_acp' ]))
{
continue ;
}
$acls [] = [
2019-05-18 01:47:17 +03:00
'acl_title' => ! empty ( $lang [ 'ACLS_' . strtoupper ( $row [ 'acl_name' ])]) ? $lang [ 'ACLS_' . strtoupper ( $row [ 'acl_name' ])] : $olang [ 'ACLS_' . strtoupper ( $row [ 'acl_name' ])],
'acl_name' => $row [ 'acl_name' ],
'acl_can' => ( int ) $row [ 'acl_can' ]
2019-05-03 23:52:08 +03:00
];
}
$SQL -> freeresult ( $result );
//if submit
if ( ip ( 'editacl' ))
{
//update 'can' acls
if ( sizeof ( $submitted_on_acls ))
{
$update_query = [
2019-05-18 01:47:17 +03:00
'UPDATE' => " { $dbprefix } groups_acl " ,
'SET' => 'acl_can=1' ,
'WHERE' => " acl_name IN (' " . implode ( " ', ' " , $submitted_on_acls ) . " ') AND group_id= " . $req_group
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query );
}
//update 'can not' acls
if ( sizeof ( $submitted_off_acls ))
{
$update_query2 = [
2019-05-18 01:47:17 +03:00
'UPDATE' => " { $dbprefix } groups_acl " ,
'SET' => 'acl_can=0' ,
'WHERE' => " acl_name IN (' " . implode ( " ', ' " , $submitted_off_acls ) . " ') AND group_id= " . $req_group
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query2 );
}
//delete cache ..
delete_cache ( 'data_groups' );
kleeja_admin_info ( $lang [ 'CONFIGS_UPDATED' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' );
}
2019-05-17 05:08:42 +03:00
2018-01-09 02:09:07 +03:00
break ;
2019-05-03 23:52:08 +03:00
//handling editing settings for the requested group
2018-01-09 02:09:07 +03:00
case 'group_data' :
2019-05-03 23:52:08 +03:00
$req_group = ig ( 'qg' ) ? g ( 'qg' , 'int' ) : 0 ;
if ( ! $req_group )
{
kleeja_admin_err ( 'ERROR-NO-ID' , true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' );
}
// When user change language from start page, hurry hurry section, he comes here
if ( ig ( 'lang_change' ))
{
//check _GET Csrf token
if ( ! kleeja_check_form_key_get ( 'adm_start_actions' ))
{
kleeja_admin_err ( $lang [ 'INVALID_GET_KEY' ], true , $lang [ 'ERROR' ], true , basename ( ADMIN_PATH ) . '?cp=start' , 2 );
}
$got_lang = preg_replace ( '[^a-zA-Z0-9]' , '' , g ( 'lang_change' ));
// -1 means all
if ( $req_group == - 1 )
{
2018-01-09 02:09:07 +03:00
//general
2019-05-03 23:52:08 +03:00
update_config ( 'language' , $got_lang );
2018-01-09 02:09:07 +03:00
//all groups
foreach ( $d_groups as $group_id => $group_info )
{
update_config ( 'language' , $got_lang , true , $group_id );
}
2019-05-03 23:52:08 +03:00
$group_name = $lang [ 'ALL' ];
}
else
{
update_config ( 'language' , $got_lang , true , $req_group );
2019-05-18 01:47:17 +03:00
$group_name = str_replace (
2019-05-03 23:52:08 +03:00
[ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
2018-01-09 02:09:07 +03:00
$d_groups [ $req_group ][ 'data' ][ 'group_name' ]
);
2019-05-03 23:52:08 +03:00
}
2018-01-09 02:09:07 +03:00
delete_cache ( 'data_lang' . $got_lang );
2019-05-03 23:52:08 +03:00
//msg, done
kleeja_admin_info ( $lang [ 'CONFIGS_UPDATED' ] . ', ' . $lang [ 'LANGUAGE' ] . ':' . $got_lang . ' - ' . $lang [ 'FOR' ] . ':' . $group_name ,
true , '' , true , basename ( ADMIN_PATH ) . '?cp=start' );
}
2018-01-09 02:09:07 +03:00
2019-05-18 01:47:17 +03:00
$group_name = str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$d_groups [ $req_group ][ 'data' ][ 'group_name' ]);
2019-05-18 01:47:17 +03:00
$gdata = $d_groups [ $req_group ][ 'data' ];
2018-01-09 02:09:07 +03:00
2019-05-03 23:52:08 +03:00
$query = [
2019-05-26 21:31:18 +03:00
'SELECT' => 'c.name, c.option, c.value' ,
2019-05-18 01:47:17 +03:00
'FROM' => " { $dbprefix } config c " ,
'WHERE' => " c.type='groups' " ,
'ORDER BY' => 'c.display_order ASC'
2019-05-03 23:52:08 +03:00
];
2018-01-09 02:09:07 +03:00
2019-05-03 23:52:08 +03:00
$result = $SQL -> build ( $query );
2018-01-09 02:09:07 +03:00
2019-05-03 23:52:08 +03:00
$data = [];
$cdata = $d_groups [ $req_group ][ 'configs' ];
$STAMP_IMG_URL = file_exists ( PATH . 'images/watermark.gif' ) ? PATH . 'images/watermark.gif' : PATH . 'images/watermark.png' ;
2018-01-09 02:09:07 +03:00
2019-05-03 23:52:08 +03:00
while ( $row = $SQL -> fetch_array ( $result ))
{
//submit, why here ? dont ask me just accept it as it.
if ( ip ( 'editdata' ))
{
2018-01-09 02:09:07 +03:00
is_array ( $plugin_run_result = Plugins :: getInstance () -> run ( 'after_submit_adm_users_groupdata' , get_defined_vars ())) ? extract ( $plugin_run_result ) : null ; //run hook
2019-05-03 23:52:08 +03:00
$new [ $row [ 'name' ]] = p ( $row [ 'name' ], 'str' , $row [ 'value' ]);
$update_query = [
2019-05-18 01:47:17 +03:00
'UPDATE' => " { $dbprefix } groups_data " ,
'SET' => " value=' " . $SQL -> escape ( $new [ $row [ 'name' ]]) . " ' " ,
'WHERE' => " name=' " . $row [ 'name' ] . " ' AND group_id= " . $req_group
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query );
continue ;
}
if ( $row [ 'name' ] == 'language' )
{
2019-05-26 21:31:18 +03:00
$lngfiles = '' ;
2019-05-03 23:52:08 +03:00
//get languages
if ( $dh = @ opendir ( PATH . 'lang' ))
{
while (( $file = readdir ( $dh )) !== false )
{
if ( strpos ( $file , '.' ) === false && $file != '..' && $file != '.' )
{
$lngfiles .= '<option ' . ( $d_groups [ $req_group ][ 'configs' ][ 'language' ] == $file ? 'selected="selected"' : '' ) . ' value="' . $file . '">' . $file . '</option>' . " \n " ;
}
}
@ closedir ( $dh );
}
}
if ( $req_group == 2 && in_array ( $row [ 'name' ], [ 'enable_userfile' ]))
{
continue ;
}
$data [] = [
2019-05-18 01:47:17 +03:00
'option' =>
2019-05-03 23:52:08 +03:00
str_replace (
[ '<input ' , '<select ' , '<td>' , '</td>' , '<label>' , '<tr>' , '</tr>' ],
[ '<input class="form-control" ' , '<select class="form-control" ' , '<div class="form-group">' , '</div>' , '<label class="form-check-label">' , '' , '' ],
'<div class="form-group">' . " \n " .
'<label for="' . $row [ 'name' ] . '">' . ( ! empty ( $lang [ strtoupper ( $row [ 'name' ])]) ? $lang [ strtoupper ( $row [ 'name' ])] : $olang [ strtoupper ( $row [ 'name' ])]) . '</label>' . " \n " .
'<div class="box">' . ( empty ( $row [ 'option' ]) ? '' : $tpl -> admindisplayoption ( preg_replace ([ '!{con.[a-z0-9_]+}!' , '!NAME="con.!' ], [ '{cdata.' . $row [ 'name' ] . '}' , 'NAME="cdata.' ], $row [ 'option' ]))) . '</div>' . " \n " .
'</div>' . " \n " . '<div class="clearfix"></div>' )
];
}
$SQL -> freeresult ( $result );
//submit
if ( ip ( 'editdata' ))
{
//Remove group_is_default from the current one
if ( p ( 'group_is_default' , 'int' ) == 1 )
{
$update_query = [
2019-05-18 01:47:17 +03:00
'UPDATE' => " { $dbprefix } groups " ,
'SET' => 'group_is_default=0' ,
'WHERE' => 'group_is_default=1'
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query );
//update config value of the current default group
update_config ( 'default_group' , $req_group );
delete_cache ( 'data_config' );
}
//update not-configs data
$update_query = [
2019-05-18 01:47:17 +03:00
'UPDATE' => " { $dbprefix } groups " ,
'SET' => 'group_is_default=' . p ( 'group_is_default' , 'int' ) . ( ip ( 'group_name' ) ? " , group_name=' " . $SQL -> escape ( p ( 'group_name' )) . " ' " : '' ),
'WHERE' => 'group_id=' . $req_group
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query );
//delete cache ..
delete_cache ( 'data_groups' );
kleeja_admin_info ( $lang [ 'CONFIGS_UPDATED' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users' );
}
2018-01-09 02:09:07 +03:00
break ;
2019-05-03 23:52:08 +03:00
//handling adding-editing allowed file extensions for requested group
2018-01-09 02:09:07 +03:00
case 'group_exts' :
2019-05-03 23:52:08 +03:00
$req_group = ig ( 'qg' ) ? g ( 'qg' , 'int' ) : 0 ;
if ( ! $req_group )
{
kleeja_admin_err ( 'ERROR-NO-ID' , true , '' , true , basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ));
}
2019-05-18 01:47:17 +03:00
$group_name = str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$d_groups [ $req_group ][ 'data' ][ 'group_name' ]);
//delete ext?
$DELETED_EXT = $GE_INFO = false ;
if ( ig ( 'del' ))
{
//check _GET Csrf token
if ( ! kleeja_check_form_key_get ( 'adm_users' ))
{
kleeja_admin_err ( $lang [ 'INVALID_GET_KEY' ], true , $lang [ 'ERROR' ], true , $action , 2 );
}
$req_ext = ig ( 'del' ) ? g ( 'del' , 'int' ) : 0 ;
if ( ! $req_ext )
{
kleeja_admin_err ( 'ERROR-NO-EXT-ID' , true , '' , true , $action , 2 );
}
2019-05-18 01:47:17 +03:00
$query_del = [
'DELETE' => " { $dbprefix } groups_exts " ,
'WHERE' => 'ext_id=' . $req_ext
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $query_del );
//done
$DELETED_EXT = $GE_INFO = 2 ;
delete_cache ( 'data_groups' );
}
//add ext?
$ADDED_EXT = false ;
if ( ip ( 'newext' ))
{
$new_ext = ip ( 'extisnew' ) ? preg_replace ( '/[^a-z0-9]/' , '' , strtolower ( p ( 'extisnew' ))) : false ;
if ( ! $new_ext )
{
kleeja_admin_err ( $lang [ 'EMPTY_EXT_FIELD' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users&smt=group_exts&qg=' . $req_group );
}
//check if it's welcomed one
//if he trying to be smart, he will add like ext1.ext2.php
//so we will just look at last one
$new_ext = explode ( '.' , $new_ext );
$new_ext = array_pop ( $new_ext );
2018-01-09 02:09:07 +03:00
$check_ext = strtolower ( $new_ext );
2019-05-03 23:52:08 +03:00
$not_welcomed_exts = [ 'php' , 'php3' , 'php5' , 'php4' , 'asp' , 'aspx' , 'shtml' , 'html' , 'htm' , 'xhtml' , 'phtml' , 'pl' , 'cgi' , 'ini' , 'htaccess' , 'sql' , 'txt' ];
if ( in_array ( $check_ext , $not_welcomed_exts ))
{
kleeja_admin_err ( sprintf ( $lang [ 'FORBID_EXT' ], $check_ext ), true , '' , true , $action );
}
//check if there is any exists of this ext in db
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => '*' ,
'FROM' => " { $dbprefix } groups_exts " ,
'WHERE' => " ext=' " . $new_ext . " ' and group_id= " . $req_group ,
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
if ( $SQL -> num_rows ( $result ))
{
kleeja_admin_err ( sprintf ( $lang [ 'NEW_EXT_EXISTS_B4' ], $new_ext ), true , '' , true , $action );
}
//add
2019-05-18 01:47:17 +03:00
$default_size = '2097152' ; //bytes
$insert_query = [
'INSERT' => 'ext ,group_id, size' ,
'INTO' => " { $dbprefix } groups_exts " ,
'VALUES' => " ' $new_ext ', $req_group , $default_size "
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $insert_query );
//done
$ADDED_EXT = $GE_INFO = 2 ;
delete_cache ( 'data_groups' );
}
//if submit/update
if ( ip ( 'editexts' ))
{
$ext_ids = $_POST [ 'size' ]; //is an array
if ( is_array ( $ext_ids ))
{
foreach ( $ext_ids as $e_id => $e_val )
{
$update_query = [
2019-05-18 01:47:17 +03:00
'UPDATE' => " { $dbprefix } groups_exts " ,
'SET' => 'size=' . ( intval ( $e_val ) * 1024 ),
'WHERE' => 'ext_id=' . intval ( $e_id ) . ' AND group_id=' . $req_group
2019-05-03 23:52:08 +03:00
];
$SQL -> build ( $update_query );
}
//delete cache ..
delete_cache ( 'data_groups' );
kleeja_admin_info ( $lang [ 'UPDATED_EXTS' ], true , '' , true , $action );
}
}
//show exts
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => 'ext_id, ext, size' ,
'FROM' => " { $dbprefix } groups_exts " ,
'WHERE' => 'group_id=' . $req_group ,
'ORDER BY' => 'ext_id ASC'
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
$exts = [];
while ( $row = $SQL -> fetch_array ( $result ))
2018-01-09 02:09:07 +03:00
{
//handle big int
$size = preg_match ( '/^[0-9]+/' , $row [ 'size' ], $matches ) ? $matches [ 0 ] : 0 ;
2019-05-03 23:52:08 +03:00
$exts [] = [
2019-05-18 01:47:17 +03:00
'ext_id' => $row [ 'ext_id' ],
'ext_name' => $row [ 'ext' ],
'ext_size' => round ( $size / 1024 ),
'ext_icon' => file_exists ( PATH . 'images/filetypes/' . $row [ 'ext' ] . '.png' ) ? PATH . 'images/filetypes/' . $row [ 'ext' ] . '.png' : PATH . 'images/filetypes/file.png'
2019-05-03 23:52:08 +03:00
];
}
$SQL -> freeresult ( $result );
2018-01-09 02:09:07 +03:00
break ;
2019-05-03 23:52:08 +03:00
//show users (from search keyword)
2018-01-09 02:09:07 +03:00
case 'show_su' :
$filter = get_filter ( g ( 'search_id' ), 'user_search' , false , 'filter_uid' );
2019-05-03 23:52:08 +03:00
if ( ! $filter )
{
kleeja_admin_err ( $lang [ 'ERROR_TRY_AGAIN' ], true , $lang [ 'ERROR' ], true , basename ( ADMIN_PATH ) . '?cp=h_search&smt=users' , 1 );
}
2018-01-09 02:09:07 +03:00
2019-05-18 01:47:17 +03:00
$search = unserialize ( htmlspecialchars_decode ( $filter [ 'filter_value' ]));
2018-01-09 02:09:07 +03:00
2019-05-18 01:47:17 +03:00
$usernamee = $search [ 'username' ] != '' ? 'AND (name LIKE \'%' . $SQL -> escape ( $search [ 'username' ]) . '%\' OR clean_name LIKE \'%' . $SQL -> escape ( $search [ 'username' ]) . '%\') ' : '' ;
$usermailee = $search [ 'usermail' ] != '' ? 'AND mail LIKE \'%' . $SQL -> escape ( $search [ 'usermail' ]) . '%\' ' : '' ;
$is_search = true ;
2019-05-03 23:52:08 +03:00
2019-05-18 01:47:17 +03:00
$query [ 'WHERE' ] = " name <> '' $usernamee $usermailee " ;
2019-05-03 23:52:08 +03:00
//show users (for requested group)
2018-01-09 02:09:07 +03:00
case 'show_group' :
2019-05-03 23:52:08 +03:00
if ( $current_smt != 'show_su' )
{
2019-05-18 01:47:17 +03:00
$is_search = true ;
$req_group = ig ( 'qg' ) ? g ( 'qg' , 'int' ) : 0 ;
$group_name = str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$d_groups [ $req_group ][ 'data' ][ 'group_name' ]);
2019-05-18 01:47:17 +03:00
$query [ 'WHERE' ] = " name != '' AND group_id = " . $req_group ;
2019-05-03 23:52:08 +03:00
}
//show users (all)
2018-01-09 02:09:07 +03:00
case 'users' :
2019-05-18 01:47:17 +03:00
$query [ 'SELECT' ] = 'COUNT(id) AS total_users' ;
$query [ 'FROM' ] = " { $dbprefix } users " ;
$query [ 'ORDER BY' ] = 'id ASC' ;
2019-05-03 23:52:08 +03:00
$result = $SQL -> build ( $query );
$nums_rows = 0 ;
$n_fetch = $SQL -> fetch_array ( $result );
$nums_rows = $n_fetch [ 'total_users' ];
//pagination
2019-05-18 01:47:17 +03:00
$currentPage = ig ( 'page' ) ? g ( 'page' , 'int' ) : 1 ;
$Pager = new Pagination ( $perpage , $nums_rows , $currentPage );
$start = $Pager -> getStartRow ();
2019-05-03 23:52:08 +03:00
$no_results = false ;
if ( $nums_rows > 0 )
{
2019-05-18 01:47:17 +03:00
$query [ 'SELECT' ] = 'id, name, founder, group_id, last_visit' ;
$query [ 'LIMIT' ] = " $start , $perpage " ;
2019-05-03 23:52:08 +03:00
$result = $SQL -> build ( $query );
while ( $row = $SQL -> fetch_array ( $result ))
{
$userfile = $config [ 'siteurl' ] . ( $config [ 'mod_writer' ] ? 'fileuser-' . $row [ 'id' ] . '.html' : 'ucp.php?go=fileuser&id=' . $row [ 'id' ]);
2019-05-18 01:47:17 +03:00
$arr [] = [
'id' => $row [ 'id' ],
'name' => $row [ 'name' ],
'userfile_link' => $userfile ,
'delusrfile_link' => $row [ 'founder' ] && ( int ) $userinfo [ 'founder' ] == 0 ? false : basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ) . '&deleteuserfile=' . $row [ 'id' ] . ( ig ( 'page' ) ? '&page=' . g ( 'page' , 'int' ) : '' ),
'delusr_link' => $userinfo [ 'id' ] == $row [ 'id' ] || ( $row [ 'founder' ] && ( int ) $userinfo [ 'founder' ] == 0 ) ? false : basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ) . '&del_user=' . $row [ 'id' ] . ( ig ( 'page' ) ? '&page=' . g ( 'page' , 'int' ) : '' ),
'editusr_link' => basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ) . '&smt=edit_user&uid=' . $row [ 'id' ] . ( ig ( 'page' ) ? '&page=' . g ( 'page' , 'int' ) : '' ),
'founder' => ( int ) $row [ 'founder' ],
'last_visit' => empty ( $row [ 'last_visit' ]) ? $lang [ 'NOT_YET' ] : kleeja_date ( $row [ 'last_visit' ]),
'group' => str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$d_groups [ $row [ 'group_id' ]][ 'data' ][ 'group_name' ])
];
}
$SQL -> freeresult ( $result );
}
else
{ //num rows
$no_results = true ;
}
//pages
2019-05-18 01:47:17 +03:00
$total_pages = $Pager -> getTotalPages ();
$page_nums = $Pager -> print_nums (
2019-05-03 23:52:08 +03:00
basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ) . ( ig ( 'search_id' ) ? '&search_id=' . g ( 'search_id' ) : '' )
2018-01-09 02:09:07 +03:00
. ( ig ( 'qg' ) ? '&qg=' . g ( 'qg' , 'int' ) : '' ) . ( ig ( 'smt' ) ? '&smt=' . $current_smt : '' )
2019-05-17 05:08:42 +03:00
);
2019-05-03 23:52:08 +03:00
$show_results = true ;
2018-01-09 02:09:07 +03:00
break ;
2019-05-03 23:52:08 +03:00
//editing a user, form
2018-01-09 02:09:07 +03:00
case 'edit_user' :
2019-05-03 23:52:08 +03:00
//is exists ?
if ( ! isset ( $userid ))
{
$userid = g ( 'uid' , 'int' );
if ( ! $SQL -> num_rows ( $SQL -> query ( " SELECT * FROM { $dbprefix } users WHERE id= " . $userid )))
{
2019-05-24 19:25:36 +02:00
kleeja_admin_err ( $lang [ 'NOT_EXSIT_USER' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ));
2019-05-03 23:52:08 +03:00
}
}
$query = [
2019-05-18 01:47:17 +03:00
'SELECT' => 'name, mail, group_id, founder, show_my_filecp' ,
'FROM' => " { $dbprefix } users " ,
'WHERE' => 'id=' . $userid ,
2019-05-03 23:52:08 +03:00
];
$result = $SQL -> build ( $query );
2019-08-20 10:23:39 +02:00
2019-05-24 19:07:45 +02:00
if ( ! $SQL -> num_rows ( $result ))
{
2019-05-24 19:25:36 +02:00
kleeja_admin_err ( $lang [ 'NOT_EXSIT_USER' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ));
2019-05-24 19:07:45 +02:00
}
2019-05-03 23:52:08 +03:00
$udata = $SQL -> fetch_array ( $result );
$SQL -> freeresult ( $result );
//If founder, just founder can edit him;
2019-05-18 01:47:17 +03:00
$u_founder = ip ( 'l_founder' ) ? p ( 'l_founder' , 'int' ) : ( int ) $udata [ 'founder' ];
$im_founder = ( int ) $userinfo [ 'founder' ];
$u_group = ip ( 'l_group' ) ? p ( 'l_group' , 'int' ) : $udata [ 'group_id' ];
$u_qg = ip ( 'l_qg' ) ? p ( 'u_qg' , 'int' ) : $udata [ 'group_id' ];
2019-05-03 23:52:08 +03:00
if ( $u_founder && ! $im_founder )
{
kleeja_admin_err ( $lang [ 'HV_NOT_PRVLG_ACCESS' ], true , '' , true , basename ( ADMIN_PATH ) . '?cp=g_users&smt=show_group&qg=' . $u_group );
}
$errs = isset ( $errs ) ? $errs : false ;
//prepare them for the template
2019-05-18 01:47:17 +03:00
$title_name = $udata [ 'name' ];
$u_name = p ( 'l_name' , 'str' , $udata [ 'name' ]);
$u_mail = p ( 'l_mail' , 'str' , $udata [ 'mail' ]);
2019-05-03 23:52:08 +03:00
$u_show_filecp = p ( 'l_show_filecp' , 'int' , $udata [ 'show_my_filecp' ]);
$u_page = ig ( 'page' ) ? g ( 'page' , 'int' ) : 0 ;
$k_groups = array_keys ( $d_groups );
$u_groups = [];
foreach ( $k_groups as $id )
{
$u_groups [] = [
2019-05-18 01:47:17 +03:00
'id' => $id ,
'name' => str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$d_groups [ $id ][ 'data' ][ 'group_name' ]),
2019-05-18 01:47:17 +03:00
'default' => $config [ 'default_group' ] == $id ? true : false ,
'selected' => $id == $u_group
2019-05-03 23:52:08 +03:00
];
}
2018-01-09 02:09:07 +03:00
break ;
2019-05-03 23:52:08 +03:00
//new user adding form
2018-01-09 02:09:07 +03:00
case 'new_u' :
2019-08-20 10:23:39 +02:00
if ( $user_not_normal )
{
kleeja_admin_err ( $lang [ 'USERS_NOT_NORMAL_SYS' ]);
exit ;
}
2019-05-03 23:52:08 +03:00
//preparing the template
2019-05-18 01:47:17 +03:00
$errs = isset ( $errs ) ? $errs : false ;
$uname = p ( 'lname' );
$umail = p ( 'lmail' );
2019-05-03 23:52:08 +03:00
$k_groups = array_keys ( $d_groups );
$u_groups = [];
foreach ( $k_groups as $id )
{
$u_groups [] = [
2019-05-18 01:47:17 +03:00
'id' => $id ,
'name' => str_replace ([ '{lang.ADMINS}' , '{lang.USERS}' , '{lang.GUESTS}' ],
2019-05-03 23:52:08 +03:00
[ $lang [ 'ADMINS' ], $lang [ 'USERS' ], $lang [ 'GUESTS' ]],
$d_groups [ $id ][ 'data' ][ 'group_name' ]),
2019-05-18 01:47:17 +03:00
'default' => $config [ 'default_group' ] == $id ? true : false ,
'selected' => ip ( 'lgroup' ) ? p ( 'lgroup' ) == $id : $id == $config [ 'default_group' ]
2019-05-03 23:52:08 +03:00
];
}
2018-01-09 02:09:07 +03:00
break ;
endswitch ;
2019-05-17 05:08:42 +03:00
//after submit
2018-01-09 02:09:07 +03:00
if ( ip ( 'submit' ))
{
2019-05-03 23:52:08 +03:00
$g_link = basename ( ADMIN_PATH ) . '?cp=' . basename ( __file__ , '.php' ) . '&page=' . ( ig ( 'page' ) ? g ( 'page' , 'int' ) : 1 ) .
( ig ( 'search_id' ) ? '&search_id=' . g ( 'search_id' ) : '' ) . '&smt=' . $current_smt ;
2018-01-09 02:09:07 +03:00
2019-05-18 01:47:17 +03:00
$text = ( $affected ? $lang [ 'USERS_UPDATED' ] : $lang [ 'NO_UP_CHANGE_S' ]) .
2019-05-03 23:52:08 +03:00
'<script type="text/javascript"> setTimeout("get_kleeja_link(\'' . str_replace ( '&' , '&' , $g_link ) . '\');", 2000);</script>' . " \n " ;
2019-05-18 01:47:17 +03:00
$stylee = 'admin_info' ;
2018-01-09 02:09:07 +03:00
}
//secondary menu
2019-05-03 23:52:08 +03:00
$go_menu = [
'general' => [ 'name' => $lang [ 'R_GROUPS' ], 'link' => basename ( ADMIN_PATH ) . '?cp=g_users&smt=general' , 'goto' => 'general' , 'current' => $current_smt == 'general' ],
//'users' => array('name'=>$lang['R_USERS'], 'link'=> basename(ADMIN_PATH) . '?cp=g_users&smt=users', 'goto'=>'users', 'current'=> $current_smt == 'users'),
'show_su' => [ 'name' => $lang [ 'SEARCH_USERS' ], 'link' => basename ( ADMIN_PATH ) . '?cp=h_search&smt=users' , 'goto' => 'show_su' , 'current' => $current_smt == 'show_su' ],
];
2019-05-17 05:08:42 +03:00
//user adding is not allowed in integration
2019-05-03 23:52:08 +03:00
if ( ! $user_not_normal )
2018-01-09 02:09:07 +03:00
{
2019-05-03 23:52:08 +03:00
$go_menu [ 'new_u' ] = [ 'name' => $lang [ 'NEW_USER' ], 'link' => basename ( ADMIN_PATH ) . '?cp=g_users&smt=new_u' , 'goto' => 'new_u' , 'current' => $current_smt == 'new_u' ];
2018-01-09 02:09:07 +03:00
}
