Nemcio/Kleeja
1
0
Fork 0
mirror of https://github.com/kleeja-official/kleeja.git synced 2025-12-14 20:19:43 +01:00
Code Issues Packages Projects Releases Activity
Files
next-version
Kleeja/includes/adm/g_users.php
H.Rouatbi 3cdfa9ce5a Miscellaneous changes 
* PHP code style fixes
* Updated database schema for upgrade
2024-10-07 17:33:07 +01:00

1326 lines
44 KiB
PHP
Executable File
Raw Permalink Blame History

<?php
/**
*
* @package adm
* @copyright (c) 2007 Kleeja.net
* @license ./docs/license.txt
*
*/
// not for directly open
if (! defined('IN_ADMIN'))
{
exit();
}
//for style ..
$stylee = 'admin_users';
$current_smt = preg_replace('/[^a-z0-9_]/i', '', g('smt', 'str', 'general'));
$action = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . (ig('page') ? '&amp;page=' . g('page', 'int') : '');
$action .= (ig('search_id') ? '&amp;search_id=' . g('search') : '');
$action .= (ig('qg') ? '&amp;qg=' . g('qg', 'int') : '') . '&amp;smt=' . $current_smt;
$action_all = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . '&amp;smt=' . $current_smt . (ig('page') ? '&amp;page=' . g('page', 'int') : '');
$cp_users_url = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php');
//if not normal user system
$user_not_normal = (int) $config['user_system'] != 1;
$is_search = $affected = false;
$GET_FORM_KEY = kleeja_add_form_key_get('adm_users');
$H_FORM_KEYS = kleeja_add_form_key('adm_users');
$H_FORM_KEYS2 = kleeja_add_form_key('adm_users_newuser');
$H_FORM_KEYS3 = kleeja_add_form_key('adm_users_newgroup');
$H_FORM_KEYS4 = kleeja_add_form_key('adm_users_delgroup');
$H_FORM_KEYS5 = kleeja_add_form_key('adm_users_editacl');
$H_FORM_KEYS6 = kleeja_add_form_key('adm_users_editdata');
$H_FORM_KEYS7 = kleeja_add_form_key('adm_users_editexts');
$H_FORM_KEYS8 = kleeja_add_form_key('adm_users_edituser');
//
// Check form key
//
if (ip('submit'))
{
if (! kleeja_check_form_key('adm_users'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('newuser'))
{
if (! kleeja_check_form_key('adm_users_newuser'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('edituser'))
{
if (! kleeja_check_form_key('adm_users_edituser'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action . '&uid=' . p('uid', 'int'), 1);
}
}
if (ip('delgroup'))
{
if (! kleeja_check_form_key('adm_users_delgroup'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('newgroup'))
{
if (! kleeja_check_form_key('adm_users_newgroup'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('editacl'))
{
if (! kleeja_check_form_key('adm_users_editacl'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('editdata'))
{
if (! kleeja_check_form_key('adm_users_editdata'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('newext') or ip('editexts'))
{
if (! kleeja_check_form_key('adm_users_editexts'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
//
//delete all user files [only one user]
//
if (ig('deleteuserfile'))
{
//check _GET Csrf token
if (! kleeja_check_form_key_get('adm_users'))
{
kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $action_all, 2);
}
//is exists ?
if (! $SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE id=" . g('deleteuserfile', 'int'))))
{
redirect($action_all);
}
$query = [
'SELECT' => 'size, name, folder',
'FROM' => "{$dbprefix}files",
'WHERE' => 'user=' . g('deleteuserfile', 'int'),
];
$result = $SQL->build($query);
$sizes = $num = 0;
while ($row=$SQL->fetch_array($result))
{
//delete from folder ..
kleeja_unlink(PATH . $row['folder'] . '/' . $row['name']);
//delete thumb
if (file_exists(PATH . $row['folder'] . '/thumbs/' . $row['name']))
{
kleeja_unlink(PATH . $row['folder'] . '/thumbs/' . $row['name']);
}
$num++;
$sizes += $row['size'];
}
$SQL->freeresult($result);
if ($num == 0)
{
kleeja_admin_err($lang['ADMIN_DELETE_NO_FILE'], true, '', true, $action_all, 2);
}
else
{
//update number of stats
$update_query = [
'UPDATE' => "{$dbprefix}stats",
'SET' => "sizes=sizes-$sizes, files=files-$num",
];
$SQL->build($update_query);
if ($SQL->affected())
{
delete_cache('data_stats');
}
//delete all files in just one query
$d_query = [
'DELETE' => "{$dbprefix}files",
'WHERE' => 'user=' . g('deleteuserfile', 'int'),
];
$SQL->build($d_query);
kleeja_admin_info($lang['ADMIN_DELETE_FILE_OK'], true, '', true, $action_all, 3);
}
}
//
//Delete a user
//
if (ig('del_user'))
{
//check _GET Csrf token
if (! kleeja_check_form_key_get('adm_users'))
{
kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $action_all, 2);
}
//is exists ?
if (! $SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE id=" . g('del_user', 'int'))))
{
redirect($action_all);
}
//delete all files in just one query
$d_query = [
'DELETE' => "{$dbprefix}users",
'WHERE' => 'id=' . g('del_user', 'int'),
];
$SQL->build($d_query);
kleeja_admin_info($lang['USER_DELETED'], true, '', true, './');
}
//
//add new user
//
elseif (ip('newuser'))
{
if (trim(p('lname')) == '' || trim(p('lpass')) == '' || trim(p('lmail')) == '')
{
$ERRORS[] = $lang['EMPTY_FIELDS'];
}
elseif (! preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i", trim(strtolower(p('lmail')))))
{
$ERRORS[] = $lang['WRONG_EMAIL'];
}
elseif (strlen(trim(p('lname'))) < 2 || strlen(trim(p('lname'))) > 25)
{
$ERRORS[] = str_replace('4', '2', $lang['WRONG_NAME']);
}
elseif ($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE clean_name='" . trim($SQL->escape($usrcp->cleanusername(p('lname')))) . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_NAME'];
}
elseif ($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE mail='" . trim($SQL->escape(strtolower(p('lmail')))) . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_EMAIL'];
}
//no errors, lets do process
if (empty($ERRORS))
{
$name = (string) $SQL->escape(trim(p('lname')));
$user_salt = (string) substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$pass = (string) $usrcp->kleeja_hash_password($SQL->escape(trim(p('lpass'))) . $user_salt);
$mail = (string) trim(strtolower(p('lmail')));
$clean_name = (string) $usrcp->cleanusername($name);
$group = (int) p('lgroup');
$insert_query = [
'INSERT' => 'name ,password, password_salt ,group_id, mail,founder, session_id, clean_name',
'INTO' => "{$dbprefix}users",
'VALUES' => "'$name', '$pass', '$user_salt', $group , '$mail', 0 , '', '$clean_name'"
];
if ($SQL->build($insert_query))
{
$last_user_id = $SQL->insert_id();
//update number of stats
$update_query = [
'UPDATE' => "{$dbprefix}stats",
'SET' => "users=users+1, lastuser='$name'",
];
$SQL->build($update_query);
if ($SQL->affected())
{
delete_cache('data_stats');
}
}
//User added ..
kleeja_admin_info($lang['USER_ADDED'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users', 3);
}
else
{
$errs = '';
foreach ($ERRORS as $r)
{
$errs .= '- ' . $r . '. <br />';
}
$current_smt = 'new_u';
//kleeja_admin_err($errs, true, '', true, $action_all, 3);
}
}
//
//edit user
//
if (ip('edituser'))
{
$userid = p('uid', 'int');
//is exists ?
if (! $SQL->num_rows($SQL->query("SELECT id FROM {$dbprefix}users WHERE id=" . $userid)))
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
}
$query = [
'SELECT' => 'name, mail, clean_name, group_id, founder, show_my_filecp',
'FROM' => "{$dbprefix}users",
'WHERE' => 'id=' . $userid,
];
$result = $SQL->build($query);
$udata = $SQL->fetch_array($result);
$SQL->freeresult($result);
$new_clean_name = trim($SQL->escape($usrcp->cleanusername(p('l_name'))));
$new_name = $new_mail = false;
$pass = '';
if (trim(p('l_name')) == '')
{
$ERRORS[] = $lang['EMPTY_FIELDS'] . ' (' . $lang['USERNAME'] . ')';
}
elseif (trim(p('l_mail')) == '')
{
$ERRORS[] = $lang['EMPTY_FIELDS'] . ' (' . $lang['EMAIL'] . ')';
}
elseif (! preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i", trim(strtolower(p('l_mail')))))
{
$ERRORS[] = $lang['WRONG_EMAIL'];
}
elseif ($udata['clean_name'] != $new_clean_name)
{
$new_name = true;
if (strlen(trim(p('l_name'))) < 2 || strlen(trim(p('l_name'))) > 100)
{
$ERRORS[] = str_replace('4', '2', $lang['WRONG_NAME']);
}
elseif ($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE clean_name='" . $new_clean_name . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_NAME'];
}
}
elseif ($udata['mail'] != trim(p('l_mail')))
{
$new_mail = true;
if ($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE mail='" . trim($SQL->escape(strtolower(p('lmail')))) . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_EMAIL'];
}
}
elseif (trim(p('l_pass')) != '')
{
$user_salt = substr(base64_encode(pack('H*', sha1(mt_rand()))), 0, 7);
$pass = "password = '" . $usrcp->kleeja_hash_password(trim(p('l_pass')) . $user_salt) . "', password_salt='" . $user_salt . "',";
}
//no errors, lets do process
if (empty($ERRORS))
{
$update_query = [
'UPDATE' => "{$dbprefix}users",
'SET' => ($new_name ? "name = '" . $SQL->escape(p('l_name')) . "', clean_name='" . $SQL->escape($new_clean_name) . "', " : '') .
($new_mail ? "mail = '" . $SQL->escape(p('l_mail')) . "'," : '') .
$pass .
(ip('l_founder') ? 'founder=' . p('l_founder', 'int') . ',' : '') .
'group_id=' . p('l_group', 'int') . ',' .
'show_my_filecp=' . p('l_show_filecp', 'int'),
'WHERE' => 'id=' . $userid
];
$SQL->build($update_query);
if ($SQL->affected())
{
kleeja_admin_info($lang['USER_UPDATED'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users&smt=show_group&qg=' . p('l_qg', 'int') . '&page=' . p('l_page', 'int'), 2);
}
else
{
kleeja_admin_info($lang['NO_UP_CHANGE_S'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users&smt=show_group&qg=' . p('l_qg', 'int') . '&page=' . p('l_page', 'int'), 2);
}
}
else
{
$errs = '';
foreach ($ERRORS as $r)
{
$errs .= '- ' . $r . '. <br />';
}
$current_smt = 'edit_user';
$_GET['uid'] = $userid;
$_GET['page'] = p('l_page');
//kleeja_admin_err($errs, true, '', true, $action_all, 3);
}
}
//
//add new group
//
if (ip('newgroup'))
{
if (trim(p('gname')) == '' || trim(p('gname')) == '' || trim(p('gname')) == '')
{
$ERRORS[] = $lang['EMPTY_FIELDS'];
}
elseif (strlen(trim(p('gname'))) < 2 || strlen(trim(p('gname'))) > 100)
{
$ERRORS[] = str_replace('4', '1', $lang['WRONG_NAME']);
}
elseif ($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}groups WHERE group_name='" . trim($SQL->escape(p('gname'))) . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_NAME'];
}
elseif (in_array(trim(p('gname')), [$lang['ADMINS'], $lang['GUESTS'], $lang['USERS']]))
{
$ERRORS[] = $lang['TAKEN_NAMES'];
}
//no errors, lets do process
if (empty($ERRORS))
{
//Insert the group ..
$insert_query = [
'INSERT' => 'group_name',
'INTO' => "{$dbprefix}groups",
'VALUES' => "'" . trim($SQL->escape(p('gname'))) . "'"
];
$SQL->build($insert_query);
//Then, get the ID
$new_group_id = $SQL->insert_id();
$org_group_id = p('cfrom', 'int');
if (! $new_group_id or ! $org_group_id)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
}
if ($org_group_id == -1)
{
$org_group_id = (int) $config['default_group'];
}
//copy acls from the other group to this group
$query = [
'SELECT' => 'acl_name, acl_can',
'FROM' => "{$dbprefix}groups_acl",
'WHERE' => 'group_id=' . $org_group_id,
'ORDER BY' => 'acl_name ASC'
];
$result = $SQL->build($query);
while ($row=$SQL->fetch_array($result))
{
$insert_query = [
'INSERT' => 'acl_name, acl_can, group_id',
'INTO' => "{$dbprefix}groups_acl",
'VALUES' => "'" . $row['acl_name'] . "', " . $row['acl_can'] . ', ' . $new_group_id
];
$SQL->build($insert_query);
}
$SQL->freeresult($result);
//copy configs from the other group to this group
$query = [
'SELECT' => 'd.name, d.value',
'FROM' => "{$dbprefix}groups_data d",
'WHERE' => 'd.group_id=' . $org_group_id,
'ORDER BY' => 'd.name ASC'
];
$result = $SQL->build($query);
while ($row=$SQL->fetch_array($result))
{
$insert_query = [
'INSERT' => 'name, value, group_id',
'INTO' => "{$dbprefix}groups_data",
'VALUES' => "'" . $row['name'] . "', '" . $SQL->escape($row['value']) . "', " . $new_group_id
];
$SQL->build($insert_query);
}
$SQL->freeresult($result);
//copy exts from the other group to this group
$query = [
'SELECT' => 'e.ext, e.size',
'FROM' => "{$dbprefix}groups_exts e",
'WHERE' => 'e.group_id=' . $org_group_id,
'ORDER BY' => 'e.ext_id ASC'
];
$result = $SQL->build($query);
while ($row=$SQL->fetch_array($result))
{
$insert_query = [
'INSERT' => 'ext, size, group_id',
'INTO' => "{$dbprefix}groups_exts",
'VALUES' => "'" . $row['ext'] . "', " . $row['size'] . ', ' . $new_group_id
];
$SQL->build($insert_query);
}
$SQL->freeresult($result);
//show group-is-added message
delete_cache('data_groups');
kleeja_admin_info(sprintf($lang['GROUP_ADDED'], p('gname')), true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
else
{
$errs = '';
foreach ($ERRORS as $r)
{
$errs .= '- ' . $r . '. <br />';
}
kleeja_admin_err($errs, true, '', true, $action, 3);
}
}
//
//delete group
//
if (ip('delgroup'))
{
$from_group = ip('dgroup') ? p('dgroup', 'int') : 0;
$to_group = ip('tgroup') ? p('tgroup', 'int') : 0;
//if missing IDs of groups, deleted one and transfering-to one.
if (! $from_group or ! $to_group)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
//We can not move users to the same group we deleting ! that's stupid pro!
if ($from_group == $to_group)
{
kleeja_admin_err($lang['NO_MOVE_SAME_GRP'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
//to_group = '-1' : means default group .. so now we get the real ID.
if ($to_group == -1)
{
$to_group = (int) $config['default_group'];
}
//you can not delete default group !
if ($from_group == (int) $config['default_group'])
{
kleeja_admin_err($lang['DEFAULT_GRP_NO_DEL'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
//delete the exts
$query_del = [
'DELETE' => "{$dbprefix}groups_exts",
'WHERE' => 'group_id=' . $from_group
];
$SQL->build($query_del);
//then, delete the configs
$query_del = [
'DELETE' => "{$dbprefix}groups_data",
'WHERE' => 'group_id=' . $from_group
];
$SQL->build($query_del);
//then, delete acls
$query_del = [
'DELETE' => "{$dbprefix}groups_acl",
'WHERE' => 'group_id=' . $from_group
];
$SQL->build($query_del);
//then, delete the group itself
$query_del = [
'DELETE' => "{$dbprefix}groups",
'WHERE' => 'group_id=' . $from_group
];
$SQL->build($query_del);
//then, move users to the dest. group
$update_query = [
'UPDATE' => "{$dbprefix}users",
'SET' => 'group_id=' . $to_group,
'WHERE' => 'group_id=' . $from_group
];
$SQL->build($update_query);
//get those groups name
$group_name_from = str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$from_group]['data']['group_name']
);
$group_name_to =str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$to_group]['data']['group_name']
);
//delete cache ..
delete_cache('data_groups');
kleeja_admin_info(sprintf($lang['GROUP_DELETED'], $group_name_from, $group_name_to), true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
//
//begin of default users page
//
$query = [];
$show_results = false;
switch ($current_smt):
case 'general':
$query = [
'SELECT' => 'COUNT(group_id) AS total_groups',
'FROM' => "{$dbprefix}groups",
'ORDER BY' => 'group_id ASC'
];
$result = $SQL->build($query);
$nums_rows = 0;
$n_fetch = $SQL->fetch_array($result);
$nums_rows = $n_fetch['total_groups'];
$no_results = false;
$e_groups = $c_groups = [];
$l_groups = [];
$groups_background_color = [
1 => ['background' => 'dark', 'icon' => ' fa-star'],
2 => ['background' => 'secondary', 'icon' => 'fa-user-secret'],
3 => ['background' => 'primary', 'icon' => 'fa-user-circle'],
];
if ($nums_rows > 0)
{
$query['SELECT'] = 'group_id, group_name, group_is_default, group_is_essential';
$result = $SQL->build($query);
while ($row=$SQL->fetch_array($result))
{
$r = [
'id' => $row['group_id'],
'name' => str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$row['group_name']
),
'style' => ! empty($groups_background_color[$row['group_id']])
? $groups_background_color[$row['group_id']]
: ['background' => 'secondary', 'icon' => ''],
'is_default' => (int) $row['group_is_default'] ? true : false
];
if ((int) $row['group_is_essential'] == 1)
{
$e_groups[] = $r;
}
else
{
$c_groups[] = $r;
}
}
}
if ($user_not_normal)
{
$c_groups = false;
}
$SQL->freeresult($result);
break;
//handling editing ACLs(permissions) for the requesting groups
case 'group_acl':
$req_group = ig('qg') ? g('qg', 'int') : 0;
if (! $req_group)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
$group_name = str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$req_group]['data']['group_name']
);
$query = [
'SELECT' => 'acl_name, acl_can',
'FROM' => "{$dbprefix}groups_acl",
'WHERE' => 'group_id=' . $req_group,
'ORDER BY' => 'acl_name ASC'
];
$result = $SQL->build($query);
$acls = $submitted_on_acls = $submitted_off_acls = [];
while ($row=$SQL->fetch_array($result))
{
//if submit
if (ip('editacl'))
{
if (ip($row['acl_name']))
{
$submitted_on_acls[] = $row['acl_name'];
}
elseif (! ip($row['acl_name']))
{
$submitted_off_acls[] = $row['acl_name'];
}
}
if ($req_group == 2 && in_array($row['acl_name'], ['access_fileuser', 'enter_acp']))
{
continue;
}
$acls[] = [
'acl_title' => ! empty($lang['ACLS_' . strtoupper($row['acl_name'])]) ? $lang['ACLS_' . strtoupper($row['acl_name'])] : $olang['ACLS_' . strtoupper($row['acl_name'])],
'acl_name' => $row['acl_name'],
'acl_can' => (int) $row['acl_can']
];
}
$SQL->freeresult($result);
//if submit
if (ip('editacl'))
{
//update 'can' acls
if (sizeof($submitted_on_acls))
{
$update_query = [
'UPDATE' => "{$dbprefix}groups_acl",
'SET' => 'acl_can=1',
'WHERE' => "acl_name IN ('" . implode("', '", $submitted_on_acls) . "') AND group_id=" . $req_group
];
$SQL->build($update_query);
}
//update 'can not' acls
if (sizeof($submitted_off_acls))
{
$update_query2 = [
'UPDATE' => "{$dbprefix}groups_acl",
'SET' => 'acl_can=0',
'WHERE' => "acl_name IN ('" . implode("', '", $submitted_off_acls) . "') AND group_id=" . $req_group
];
$SQL->build($update_query2);
}
//delete cache ..
delete_cache('data_groups');
kleeja_admin_info($lang['CONFIGS_UPDATED'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
break;
//handling editing settings for the requested group
case 'group_data':
$req_group = ig('qg') ? g('qg', 'int') : 0;
if (! $req_group)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
// When user change language from start page, hurry hurry section, he comes here
if (ig('lang_change'))
{
//check _GET Csrf token
if (! kleeja_check_form_key_get('adm_start_actions'))
{
kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH) . '?cp=start', 2);
}
$got_lang = preg_replace('[^a-zA-Z0-9]', '', g('lang_change'));
// -1 means all
if ($req_group == -1)
{
//general
update_config('language', $got_lang);
//all groups
foreach ($d_groups as $group_id => $group_info)
{
update_config('language', $got_lang, true, $group_id);
}
$group_name = $lang['ALL'];
}
else
{
update_config('language', $got_lang, true, $req_group);
$group_name = str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$req_group]['data']['group_name']
);
}
delete_cache('data_lang' . $got_lang);
//msg, done
kleeja_admin_info(
$lang['CONFIGS_UPDATED'] . ', ' . $lang['LANGUAGE'] . ':' . $got_lang . ' - ' . $lang['FOR'] . ':' . $group_name,
true,
'',
true,
basename(ADMIN_PATH) . '?cp=start'
);
}
$group_name = str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$req_group]['data']['group_name']
);
$gdata = $d_groups[$req_group]['data'];
$query = [
'SELECT' => 'c.name, c.option, c.value',
'FROM' => "{$dbprefix}config c",
'WHERE' => "c.type='groups'",
'ORDER BY' => 'c.display_order ASC'
];
$result = $SQL->build($query);
$data = [];
$cdata = $d_groups[$req_group]['configs'];
$STAMP_IMG_URL = file_exists(PATH . 'images/watermark.gif') ? PATH . 'images/watermark.gif' : PATH . 'images/watermark.png';
while ($row=$SQL->fetch_array($result))
{
//submit, why here ? dont ask me just accept it as it.
if (ip('editdata'))
{
is_array($plugin_run_result = Plugins::getInstance()->run('after_submit_adm_users_groupdata', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
$new[$row['name']] = p($row['name'], 'str', $row['value']);
$update_query = [
'UPDATE' => "{$dbprefix}groups_data",
'SET' => "value='" . $SQL->escape($new[$row['name']]) . "'",
'WHERE' => "name='" . $row['name'] . "' AND group_id=" . $req_group
];
$SQL->build($update_query);
continue;
}
if ($row['name'] == 'language')
{
$lngfiles = '';
//get languages
if ($dh = @opendir(PATH . 'lang'))
{
while (($file = readdir($dh)) !== false)
{
if (strpos($file, '.') === false && $file != '..' && $file != '.')
{
$lngfiles .= '<option ' . ($d_groups[$req_group]['configs']['language'] == $file ? 'selected="selected"' : '') . ' value="' . $file . '">' . $file . '</option>' . "\n";
}
}
@closedir($dh);
}
}
$guest_disallowed_configs = ['enable_userfile', 'max_storage'];
if ($req_group == 2 && in_array($row['name'], $guest_disallowed_configs))
{
continue;
}
$data[] = [
'option' =>
str_replace(
['<input ', '<select ', '<td>', '</td>', '<label>', '<tr>', '</tr>'],
['<input class="form-control" ', '<select class="form-control" ', '<div class="form-group">', '</div>', '<label class="form-check-label">', '', ''],
'<div class="form-group">' . "\n" .
'<label for="' . $row['name'] . '">' . (! empty($lang[strtoupper($row['name'])]) ? $lang[strtoupper($row['name'])] : $olang[strtoupper($row['name'])]) . '</label>' . "\n" .
'<div class="box">' . (empty($row['option']) ? '' : $tpl->admindisplayoption(preg_replace(['!{con.[a-z0-9_]+}!', '!NAME="con.!'], ['{cdata.' . $row['name'] . '}', 'NAME="cdata.'], $row['option']))) . '</div>' . "\n" .
'</div>' . "\n" . '<div class="clearfix"></div>'
)
];
}
$SQL->freeresult($result);
//submit
if (ip('editdata'))
{
//Remove group_is_default from the current one
if (p('group_is_default', 'int') == 1)
{
$update_query = [
'UPDATE' => "{$dbprefix}groups",
'SET' => 'group_is_default=0',
'WHERE' => 'group_is_default=1'
];
$SQL->build($update_query);
//update config value of the current default group
update_config('default_group', $req_group);
delete_cache('data_config');
}
//update not-configs data
$update_query = [
'UPDATE' => "{$dbprefix}groups",
'SET' => 'group_is_default=' . p('group_is_default', 'int') . (ip('group_name') ? ", group_name='" . $SQL->escape(p('group_name')) . "'" : ''),
'WHERE' => 'group_id=' . $req_group
];
$SQL->build($update_query);
//delete cache ..
delete_cache('data_groups');
kleeja_admin_info($lang['CONFIGS_UPDATED'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
break;
//handling adding-editing allowed file extensions for requested group
case 'group_exts':
$req_group = ig('qg') ? g('qg', 'int') : 0;
if (! $req_group)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
}
$group_name =str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$req_group]['data']['group_name']
);
//delete ext?
$DELETED_EXT = $GE_INFO = false;
if (ig('del'))
{
//check _GET Csrf token
if (! kleeja_check_form_key_get('adm_users'))
{
kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $action, 2);
}
$req_ext = ig('del') ? g('del', 'int') : 0;
if (! $req_ext)
{
kleeja_admin_err('ERROR-NO-EXT-ID', true, '', true, $action, 2);
}
$query_del = [
'DELETE' => "{$dbprefix}groups_exts",
'WHERE' => 'ext_id=' . $req_ext
];
$SQL->build($query_del);
//done
$DELETED_EXT = $GE_INFO = 2;
delete_cache('data_groups');
}
//add ext?
$ADDED_EXT = false;
if (ip('newext'))
{
$new_ext = ip('extisnew') ? preg_replace('/[^a-z0-9]/', '', strtolower(p('extisnew'))) : false;
if (! $new_ext)
{
kleeja_admin_err($lang['EMPTY_EXT_FIELD'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users&smt=group_exts&qg=' . $req_group);
}
//check if it's welcomed one
//if he trying to be smart, he will add like ext1.ext2.php
//so we will just look at last one
$new_ext = explode('.', $new_ext);
$new_ext = array_pop($new_ext);
$check_ext = strtolower($new_ext);
$not_welcomed_exts = ['php', 'php3', 'php5', 'php4', 'asp', 'aspx', 'shtml', 'html', 'htm', 'xhtml', 'phtml', 'pl', 'cgi', 'ini', 'htaccess', 'sql', 'txt'];
if (in_array($check_ext, $not_welcomed_exts))
{
kleeja_admin_err(sprintf($lang['FORBID_EXT'], $check_ext), true, '', true, $action);
}
//check if there is any exists of this ext in db
$query = [
'SELECT' => '*',
'FROM' => "{$dbprefix}groups_exts",
'WHERE' => "ext='" . $new_ext . "' and group_id=" . $req_group,
];
$result = $SQL->build($query);
if ($SQL->num_rows($result))
{
kleeja_admin_err(sprintf($lang['NEW_EXT_EXISTS_B4'], $new_ext), true, '', true, $action);
}
//add
$default_size = '2097152';//bytes
$insert_query = [
'INSERT' => 'ext ,group_id, size',
'INTO' => "{$dbprefix}groups_exts",
'VALUES' => "'$new_ext', $req_group, $default_size"
];
$SQL->build($insert_query);
//done
$ADDED_EXT = $GE_INFO = 2;
delete_cache('data_groups');
}
//if submit/update
if (ip('editexts'))
{
$ext_ids = $_POST['size']; //is an array
if (is_array($ext_ids))
{
foreach ($ext_ids as $e_id=>$e_val)
{
$update_query = [
'UPDATE' => "{$dbprefix}groups_exts",
'SET' => 'size=' . (intval($e_val)*1024),
'WHERE' => 'ext_id=' . intval($e_id) . ' AND group_id=' . $req_group
];
$SQL->build($update_query);
}
//delete cache ..
delete_cache('data_groups');
kleeja_admin_info($lang['UPDATED_EXTS'], true, '', true, $action);
}
}
//show exts
$query = [
'SELECT' => 'ext_id, ext, size',
'FROM' => "{$dbprefix}groups_exts",
'WHERE' => 'group_id=' . $req_group,
'ORDER BY' => 'ext_id ASC'
];
$result = $SQL->build($query);
$exts = [];
while ($row=$SQL->fetch_array($result))
{
//handle big int
$size = preg_match('/^[0-9]+/', $row['size'], $matches) ? $matches[0] : 0;
$exts[] = [
'ext_id' => $row['ext_id'],
'ext_name' => $row['ext'],
'ext_size' => round($size / 1024),
'ext_icon' => file_exists(PATH . 'images/filetypes/' . $row['ext'] . '.png') ? PATH . 'images/filetypes/' . $row['ext'] . '.png' : PATH . 'images/filetypes/file.png'
];
}
$SQL->freeresult($result);
break;
//show users (from search keyword)
case 'show_su':
$filter = get_filter(g('search_id'), 'user_search', false, 'filter_uid');
if (! $filter)
{
kleeja_admin_err($lang['ERROR_TRY_AGAIN'], true, $lang['ERROR'], true, basename(ADMIN_PATH) . '?cp=h_search&smt=users', 1);
}
$search = unserialize(htmlspecialchars_decode($filter['filter_value']));
$usernamee = $search['username'] != '' ? 'AND (name LIKE \'%' . $SQL->escape($search['username']) . '%\' OR clean_name LIKE \'%' . $SQL->escape($search['username']) . '%\') ' : '';
$usermailee = $search['usermail'] != '' ? 'AND mail LIKE \'%' . $SQL->escape($search['usermail']) . '%\' ' : '';
$is_search = true;
$query['WHERE'] = "name <> '' $usernamee $usermailee";
//show users (for requested group)
case 'show_group':
if ($current_smt != 'show_su')
{
$is_search = true;
$req_group = ig('qg') ? g('qg', 'int') : 0;
$group_name =str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$req_group]['data']['group_name']
);
$query['WHERE'] = "name != '' AND group_id = " . $req_group;
}
//show users (all)
case 'users':
$query['SELECT'] = 'COUNT(id) AS total_users';
$query['FROM'] = "{$dbprefix}users";
$query['ORDER BY'] = 'id ASC';
$result = $SQL->build($query);
$nums_rows = 0;
$n_fetch = $SQL->fetch_array($result);
$nums_rows = $n_fetch['total_users'];
//pagination
$currentPage = ig('page') ? g('page', 'int') : 1;
$Pager = new Pagination($perpage, $nums_rows, $currentPage);
$start = $Pager->getStartRow();
$no_results = false;
if ($nums_rows > 0)
{
$query['SELECT'] = 'id, name, founder, group_id, last_visit';
$query['LIMIT'] = "$start, $perpage";
$result = $SQL->build($query);
while ($row=$SQL->fetch_array($result))
{
$userfile = $config['siteurl'] . ($config['mod_writer'] ? 'fileuser-' . $row['id'] . '.html' : 'ucp.php?go=fileuser&amp;id=' . $row['id']);
$arr[] = [
'id' => $row['id'],
'name' => $row['name'],
'userfile_link' => $userfile,
'delusrfile_link' => $row['founder'] && (int) $userinfo['founder'] == 0 ? false : basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . '&amp;deleteuserfile=' . $row['id'] . (ig('page') ? '&amp;page=' . g('page', 'int') : ''),
'delusr_link' => $userinfo['id'] == $row['id'] || ($row['founder'] && (int) $userinfo['founder'] == 0) ? false : basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . '&amp;del_user=' . $row['id'] . (ig('page') ? '&amp;page=' . g('page', 'int') : ''),
'editusr_link' => basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . '&amp;smt=edit_user&amp;uid=' . $row['id'] . (ig('page') ? '&amp;page=' . g('page', 'int') : ''),
'founder' => (int) $row['founder'],
'last_visit' => empty($row['last_visit']) ? $lang['NOT_YET'] : kleeja_date($row['last_visit']),
'group' => str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$row['group_id']]['data']['group_name']
)
];
}
$SQL->freeresult($result);
}
else
{ //num rows
$no_results = true;
}
//pages
$total_pages = $Pager->getTotalPages();
$page_nums = $Pager->print_nums(
basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . (ig('search_id') ? '&search_id=' . g('search_id') : '')
. (ig('qg') ? '&qg=' . g('qg', 'int') : '') . (ig('smt') ? '&smt=' . $current_smt : '')
);
$show_results = true;
break;
//editing a user, form
case 'edit_user':
//is exists ?
if (! isset($userid))
{
$userid = g('uid', 'int');
if (! $SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE id=" . $userid)))
{
kleeja_admin_err($lang['NOT_EXSIT_USER'], true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
}
}
$query = [
'SELECT' => 'name, mail, group_id, founder, show_my_filecp',
'FROM' => "{$dbprefix}users",
'WHERE' => 'id=' . $userid,
];
$result = $SQL->build($query);
if (! $SQL->num_rows($result))
{
kleeja_admin_err($lang['NOT_EXSIT_USER'], true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
}
$udata = $SQL->fetch_array($result);
$SQL->freeresult($result);
//If founder, just founder can edit him;
$u_founder = ip('l_founder') ? p('l_founder', 'int') : (int) $udata['founder'];
$im_founder = (int) $userinfo['founder'];
$u_group = ip('l_group') ? p('l_group', 'int') : $udata['group_id'];
$u_qg = ip('l_qg') ? p('u_qg', 'int') : $udata['group_id'];
if ($u_founder && ! $im_founder)
{
kleeja_admin_err($lang['HV_NOT_PRVLG_ACCESS'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users&smt=show_group&qg=' . $u_group);
}
$errs = isset($errs) ? $errs : false;
//prepare them for the template
$title_name = $udata['name'];
$u_name = p('l_name', 'str', $udata['name']);
$u_mail = p('l_mail', 'str', $udata['mail']);
$u_show_filecp = p('l_show_filecp', 'int', $udata['show_my_filecp']);
$u_page = ig('page') ? g('page', 'int') : 0;
$k_groups = array_keys($d_groups);
$u_groups = [];
foreach ($k_groups as $id)
{
$u_groups[] = [
'id' => $id,
'name' => str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$id]['data']['group_name']
),
'default' => $config['default_group'] == $id ? true : false,
'selected' => $id == $u_group
];
}
break;
//new user adding form
case 'new_u':
if ($user_not_normal)
{
kleeja_admin_err($lang['USERS_NOT_NORMAL_SYS']);
exit;
}
//preparing the template
$errs = isset($errs) ? $errs : false;
$uname = p('lname');
$umail = p('lmail');
$k_groups = array_keys($d_groups);
$u_groups = [];
foreach ($k_groups as $id)
{
$u_groups[] = [
'id' => $id,
'name' => str_replace(
['{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'],
[$lang['ADMINS'], $lang['USERS'], $lang['GUESTS']],
$d_groups[$id]['data']['group_name']
),
'default' => $config['default_group'] == $id ? true : false,
'selected' => ip('lgroup') ? p('lgroup') == $id : $id == $config['default_group']
];
}
break;
endswitch;
//after submit
if (ip('submit'))
{
$g_link = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . '&amp;page=' . (ig('page') ? g('page', 'int') : 1) .
(ig('search_id') ? '&amp;search_id=' . g('search_id') : '') . '&amp;smt=' . $current_smt;
$text = ($affected ? $lang['USERS_UPDATED'] : $lang['NO_UP_CHANGE_S']) .
'<script type="text/javascript"> setTimeout("get_kleeja_link(\'' . str_replace('&amp;', '&', $g_link) . '\');", 2000);</script>' . "\n";
$stylee = 'admin_info';
}
//secondary menu
$go_menu = [
'general' => ['name'=>$lang['R_GROUPS'], 'link'=> basename(ADMIN_PATH) . '?cp=g_users&amp;smt=general', 'goto'=>'general', 'current'=> $current_smt == 'general'],
//'users' => array('name'=>$lang['R_USERS'], 'link'=> basename(ADMIN_PATH) . '?cp=g_users&amp;smt=users', 'goto'=>'users', 'current'=> $current_smt == 'users'),
'show_su' => ['name'=>$lang['SEARCH_USERS'], 'link'=> basename(ADMIN_PATH) . '?cp=h_search&amp;smt=users', 'goto'=>'show_su', 'current'=> $current_smt == 'show_su'],
];
//user adding is not allowed in integration
if (! $user_not_normal)
{
$go_menu['new_u'] = ['name'=>$lang['NEW_USER'], 'link'=> basename(ADMIN_PATH) . '?cp=g_users&amp;smt=new_u', 'goto'=>'new_u', 'current'=> $current_smt == 'new_u'];
}
Reference in New Issue View Git Blame Copy Permalink