Nemcio/Kleeja
1
0
Fork 0
mirror of https://github.com/kleeja-official/kleeja.git synced 2025-12-15 20:49:41 +01:00
Code Issues Packages Projects Releases Activity
Files
4f368775eb6e5dd53d6ce1e3470cdbaf4f1044a9
Kleeja/includes/adm/g_users.php
Abdulrahman 7f4a4f6ff9 hello github! 😘
2018-01-09 02:09:07 +03:00

1296 lines
37 KiB
PHP
Executable File
Raw Blame History

<?php
/**
*
* @package adm
* @copyright (c) 2007 Kleeja.com
* @license ./docs/license.txt
*
*/
// not for directly open
if (!defined('IN_ADMIN'))
{
exit();
}
//for style ..
$stylee = "admin_users";
$current_smt = preg_replace('/[^a-z0-9_]/i', '', g('smt', 'str', 'general'));
$action = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . (ig('page') ? '&amp;page=' . g('page', 'int') : '');
$action .= (ig('search_id') ? '&amp;search_id=' . g('search') : '');
$action .= (ig('qg') ? '&amp;qg=' . g('qg', 'int') : '') . '&amp;smt=' . $current_smt;
$action_all = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . '&amp;smt=' . $current_smt . (ig('page') ? '&amp;page=' . g('page', 'int') : '');
$cp_users_url = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php');
//if not normal user system
$user_not_normal = (int) $config['user_system'] != 1 ? true : false;
$is_search = $affected = false;
$GET_FORM_KEY = kleeja_add_form_key_get('adm_users');
$H_FORM_KEYS = kleeja_add_form_key('adm_users');
$H_FORM_KEYS2 = kleeja_add_form_key('adm_users_newuser');
$H_FORM_KEYS3 = kleeja_add_form_key('adm_users_newgroup');
$H_FORM_KEYS4 = kleeja_add_form_key('adm_users_delgroup');
$H_FORM_KEYS5 = kleeja_add_form_key('adm_users_editacl');
$H_FORM_KEYS6 = kleeja_add_form_key('adm_users_editdata');
$H_FORM_KEYS7 = kleeja_add_form_key('adm_users_editexts');
$H_FORM_KEYS8 = kleeja_add_form_key('adm_users_edituser');
//
// Check form key
//
if (ip('submit'))
{
if(!kleeja_check_form_key('adm_users'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('newuser'))
{
if(!kleeja_check_form_key('adm_users_newuser'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('edituser'))
{
if(!kleeja_check_form_key('adm_users_edituser'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action . '&uid=' . p('uid', 'int'), 1);
}
}
if (ip('delgroup'))
{
if(!kleeja_check_form_key('adm_users_delgroup'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('newgroup'))
{
if(!kleeja_check_form_key('adm_users_newgroup'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('editacl'))
{
if(!kleeja_check_form_key('adm_users_editacl'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('editdata'))
{
if(!kleeja_check_form_key('adm_users_editdata'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
if (ip('newext') or ip('editexts'))
{
if(!kleeja_check_form_key('adm_users_editexts'))
{
kleeja_admin_err($lang['INVALID_FORM_KEY'], true, $lang['ERROR'], true, $action, 1);
}
}
//
//delete all user files [only one user]
//
if(ig('deleteuserfile'))
{
//check _GET Csrf token
if(!kleeja_check_form_key_get('adm_users'))
{
kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $action_all, 2);
}
//is exists ?
if(!$SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE id=" . g('deleteuserfile', 'int'))))
{
redirect($action_all);
}
$query = array(
'SELECT' => 'size, name, folder',
'FROM' => "{$dbprefix}files",
'WHERE' => 'user=' . g('deleteuserfile', 'int'),
);
$result = $SQL->build($query);
$sizes = $num = 0;
while($row=$SQL->fetch_array($result))
{
//delete from folder ..
kleeja_unlink (PATH . $row['folder'] . "/" . $row['name']);
//delete thumb
if (file_exists(PATH . $row['folder'] . "/thumbs/" . $row['name']))
{
kleeja_unlink (PATH . $row['folder'] . "/thumbs/" . $row['name']);
}
$num++;
$sizes += $row['size'];
}
$SQL->freeresult($result);
if($num == 0)
{
kleeja_admin_err($lang['ADMIN_DELETE_NO_FILE'], true, '', true, $action_all, 2);
}
else
{
//update number of stats
$update_query = array(
'UPDATE' => "{$dbprefix}stats",
'SET' => "sizes=sizes-$sizes, files=files-$num",
);
$SQL->build($update_query);
if($SQL->affected())
{
delete_cache('data_stats');
}
//delete all files in just one query
$d_query = array(
'DELETE' => "{$dbprefix}files",
'WHERE' => "user=" . g('deleteuserfile', 'int'),
);
$SQL->build($d_query);
kleeja_admin_info($lang['ADMIN_DELETE_FILE_OK'], true, '', true, $action_all, 3);
}
}
//
//Delete a user
//
if(ig('del_user'))
{
//check _GET Csrf token
if(!kleeja_check_form_key_get('adm_users'))
{
kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $action_all, 2);
}
//is exists ?
if(!$SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE id=" . g('del_user', 'int'))))
{
redirect($action_all);
}
//delete all files in just one query
$d_query = array(
'DELETE' => "{$dbprefix}users",
'WHERE' => "id=" . g('del_user', 'int'),
);
$SQL->build($d_query);
kleeja_admin_info($lang['USER_DELETED'], true, '', true, './');
}
//
//add new user
//
else if (ip('newuser'))
{
if (trim(p('lname')) == '' || trim(p('lpass')) == '' || trim(p('lmail')) == '')
{
$ERRORS[] = $lang['EMPTY_FIELDS'];
}
else if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i", trim(strtolower(p('lmail')))))
{
$ERRORS[] = $lang['WRONG_EMAIL'];
}
else if (strlen(trim(p('lname'))) < 2 || strlen(trim(p('lname'))) > 25)
{
$ERRORS[] = str_replace('4', '2', $lang['WRONG_NAME']);
}
else if ($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE clean_name='" . trim($SQL->escape($usrcp->cleanusername(p('lname')))) . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_NAME'];
}
else if ($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE mail='" . trim($SQL->escape(strtolower(p('lmail')))) . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_EMAIL'];
}
//no errors, lets do process
if(empty($ERRORS))
{
$name = (string) $SQL->escape(trim(p('lname')));
$user_salt = (string) substr(kleeja_base64_encode(pack("H*", sha1(mt_rand()))), 0, 7);
$pass = (string) $usrcp->kleeja_hash_password($SQL->escape(trim(p('lpass'))) . $user_salt);
$mail = (string) trim(strtolower(p('lmail')));
$clean_name = (string) $usrcp->cleanusername($name);
$group = (int) p('lgroup');
$insert_query = array(
'INSERT' => 'name ,password, password_salt ,group_id, mail,founder, session_id, clean_name',
'INTO' => "{$dbprefix}users",
'VALUES' => "'$name', '$pass', '$user_salt', $group , '$mail', 0 , '', '$clean_name'"
);
if ($SQL->build($insert_query))
{
$last_user_id = $SQL->insert_id();
//update number of stats
$update_query = array(
'UPDATE' => "{$dbprefix}stats",
'SET' => "users=users+1, lastuser='$name'",
);
$SQL->build($update_query);
if($SQL->affected())
{
delete_cache('data_stats');
}
}
#User added ..
kleeja_admin_info($lang['USER_ADDED'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users', 3);
}
else
{
$errs = '';
foreach($ERRORS as $r)
{
$errs .= '- ' . $r . '. <br />';
}
$current_smt = 'new_u';
#kleeja_admin_err($errs, true, '', true, $action_all, 3);
}
}
//
//edit user
//
if(ip('edituser'))
{
$userid = p('uid', 'int');
//is exists ?
if(!$SQL->num_rows($SQL->query("SELECT id FROM {$dbprefix}users WHERE id=" . $userid)))
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
}
$query = array(
'SELECT' => 'name, mail, clean_name, group_id, founder, show_my_filecp',
'FROM' => "{$dbprefix}users",
'WHERE' => 'id=' . $userid,
);
$result = $SQL->build($query);
$udata = $SQL->fetch_array($result);
$SQL->freeresult($result);
$new_clean_name = trim($SQL->escape($usrcp->cleanusername(p('l_name'))));
$new_name = $new_mail = false;
$pass = '';
if (trim(p('l_name')) == '')
{
$ERRORS[] = $lang['EMPTY_FIELDS'] . ' (' . $lang['USERNAME'] . ')';
}
elseif (trim(p('l_mail')) == '')
{
$ERRORS[] = $lang['EMPTY_FIELDS'] . ' (' . $lang['EMAIL'] . ')';
}
else if (!preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/i", trim(strtolower(p('l_mail')))))
{
$ERRORS[] = $lang['WRONG_EMAIL'];
}
elseif($udata['clean_name'] != $new_clean_name)
{
$new_name = true;
if (strlen(trim(p('l_name'))) < 2 || strlen(trim(p('l_name'))) > 100)
{
$ERRORS[] = str_replace('4', '2', $lang['WRONG_NAME']);
}
else if ($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE clean_name='" . $new_clean_name . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_NAME'];
}
}
else if ($udata['mail'] != trim(p('l_mail')))
{
$new_mail = true;
if($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE mail='" . trim($SQL->escape(strtolower(p('lmail')))) . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_EMAIL'];
}
}
else if (trim(p('l_pass')) != '')
{
$user_salt = substr(kleeja_base64_encode(pack("H*", sha1(mt_rand()))), 0, 7);
$pass = "password = '" . $usrcp->kleeja_hash_password(trim(p('l_pass')) . $user_salt) . "', password_salt='" . $user_salt . "',";
}
//no errors, lets do process
if(empty($ERRORS))
{
$update_query = array(
'UPDATE' => "{$dbprefix}users",
'SET' => ($new_name ? "name = '" . $SQL->escape(p('l_name')) . "', clean_name='" . $SQL->escape($new_clean_name) . "', " : '') .
($new_mail ? "mail = '" . $SQL->escape(p('l_mail')) . "'," : '') .
$pass .
(ip('l_founder') ? "founder=" . p('l_founder', 'int') . "," : '') .
"group_id=" . p('l_group', 'int') . "," .
"show_my_filecp=" . p('l_show_filecp', 'int'),
'WHERE' => 'id=' . $userid
);
$SQL->build($update_query);
if($SQL->affected())
{
kleeja_admin_info($lang['USER_UPDATED'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users&smt=show_group&qg=' . p('l_qg', 'int') . '&page='. p('l_page', 'int'), 2);
}
else
{
kleeja_admin_info($lang['NO_UP_CHANGE_S'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users&smt=show_group&qg=' . p('l_qg', 'int') . '&page='. p('l_page', 'int'), 2);
}
}
else
{
$errs = '';
foreach($ERRORS as $r)
{
$errs .= '- ' . $r . '. <br />';
}
$current_smt = 'edit_user';
$_GET['uid'] = $userid;
$_GET['page'] = p('l_page');
//kleeja_admin_err($errs, true, '', true, $action_all, 3);
}
}
//
//add new group
//
if(ip('newgroup'))
{
if (trim(p('gname')) == '' || trim(p('gname')) == '' || trim(p('gname')) == '')
{
$ERRORS[] = $lang['EMPTY_FIELDS'];
}
else if (strlen(trim(p('gname'))) < 2 || strlen(trim(p('gname'))) > 100)
{
$ERRORS[] = str_replace('4', '1', $lang['WRONG_NAME']);
}
else if ($SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}groups WHERE group_name='" . trim($SQL->escape(p('gname'))) . "'")) != 0)
{
$ERRORS[] = $lang['EXIST_NAME'];
}
elseif (in_array(trim(p('gname')), array($lang['ADMINS'], $lang['GUESTS'], $lang['USERS'])))
{
$ERRORS[] = $lang['TAKEN_NAMES'];
}
//no errors, lets do process
if(empty($ERRORS))
{
#Insert the group ..
$insert_query = array(
'INSERT' => 'group_name',
'INTO' => "{$dbprefix}groups",
'VALUES' => "'" . trim($SQL->escape(p('gname'))) . "'"
);
$SQL->build($insert_query);
#Then, get the ID
$new_group_id = $SQL->insert_id();
$org_group_id = p('cfrom', 'int');
if(!$new_group_id or !$org_group_id)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
}
if($org_group_id == -1)
{
$org_group_id = (int) $config['default_group'];
}
#copy acls from the other group to this group
$query = array(
'SELECT' => 'acl_name, acl_can',
'FROM' => "{$dbprefix}groups_acl",
'WHERE' => 'group_id=' . $org_group_id,
'ORDER BY' => 'acl_name ASC'
);
$result = $SQL->build($query);
while($row=$SQL->fetch_array($result))
{
$insert_query = array(
'INSERT' => 'acl_name, acl_can, group_id',
'INTO' => "{$dbprefix}groups_acl",
'VALUES' => "'" . $row['acl_name'] . "', " . $row['acl_can'] . ", " . $new_group_id
);
$SQL->build($insert_query);
}
$SQL->free($result);
#copy configs from the other group to this group
$query = array(
'SELECT' => 'd.name, d.value',
'FROM' => "{$dbprefix}groups_data d",
'WHERE' => 'd.group_id=' . $org_group_id,
'ORDER BY' => 'd.name ASC'
);
$result = $SQL->build($query);
while($row=$SQL->fetch_array($result))
{
$insert_query = array(
'INSERT' => 'name, value, group_id',
'INTO' => "{$dbprefix}groups_data",
'VALUES' => "'" . $row['name'] . "', '" . $SQL->escape($row['value']) . "', " . $new_group_id
);
$SQL->build($insert_query);
}
$SQL->free($result);
#copy exts from the other group to this group
$query = array(
'SELECT' => 'e.ext, e.size',
'FROM' => "{$dbprefix}groups_exts e",
'WHERE' => 'e.group_id=' . $org_group_id,
'ORDER BY' => 'e.ext_id ASC'
);
$result = $SQL->build($query);
while($row=$SQL->fetch_array($result))
{
$insert_query = array(
'INSERT' => 'ext, size, group_id',
'INTO' => "{$dbprefix}groups_exts",
'VALUES' => "'" . $row['ext'] . "', " . $row['size'] . ", " . $new_group_id
);
$SQL->build($insert_query);
}
$SQL->free($result);
#show group-is-added message
delete_cache('data_groups');
kleeja_admin_info(sprintf($lang['GROUP_ADDED'], p('gname')), true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
else
{
$errs = '';
foreach($ERRORS as $r)
{
$errs .= '- ' . $r . '. <br />';
}
kleeja_admin_err($errs, true, '', true, $action, 3);
}
}
//
//delete group
//
if(ip('delgroup'))
{
$from_group = ip('dgroup') ? p('dgroup', 'int') : 0;
$to_group = ip('tgroup') ? p('tgroup', 'int') : 0;
#if missing IDs of groups, deleted one and transfering-to one.
if(!$from_group or !$to_group)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
#We can not move users to the same group we deleting ! that's stupid pro!
if($from_group == $to_group)
{
kleeja_admin_err($lang['NO_MOVE_SAME_GRP'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
#to_group = '-1' : means default group .. so now we get the real ID.
if($to_group == -1)
{
$to_group = (int) $config['default_group'];
}
#you can not delete default group !
if($from_group == (int) $config['default_group'])
{
kleeja_admin_err($lang['DEFAULT_GRP_NO_DEL'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
#delete the exts
$query_del = array(
'DELETE' => "{$dbprefix}groups_exts",
'WHERE' => 'group_id=' . $from_group
);
$SQL->build($query_del);
#then, delete the configs
$query_del = array(
'DELETE' => "{$dbprefix}groups_data",
'WHERE' => 'group_id=' . $from_group
);
$SQL->build($query_del);
#then, delete acls
$query_del = array(
'DELETE' => "{$dbprefix}groups_acl",
'WHERE' => 'group_id=' . $from_group
);
$SQL->build($query_del);
#then, delete the group itself
$query_del = array(
'DELETE' => "{$dbprefix}groups",
'WHERE' => 'group_id=' . $from_group
);
$SQL->build($query_del);
#then, move users to the dest. group
$update_query = array(
'UPDATE' => "{$dbprefix}users",
'SET' => "group_id=" . $to_group,
'WHERE' => "group_id=". $from_group
);
$SQL->build($update_query);
#get those groups name
$group_name_from = str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$from_group]['data']['group_name']);
$group_name_to =str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$to_group]['data']['group_name']);
#delete cache ..
delete_cache('data_groups');
kleeja_admin_info(sprintf($lang['GROUP_DELETED'], $group_name_from, $group_name_to), true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
//
//begin of default users page
//
$query = array();
$show_results = false;
switch($current_smt):
case 'general':
$query = array(
'SELECT' => 'COUNT(group_id) AS total_groups',
'FROM' => "{$dbprefix}groups",
'ORDER BY' => 'group_id ASC'
);
$result = $SQL->build($query);
$nums_rows = 0;
$n_fetch = $SQL->fetch_array($result);
$nums_rows = $n_fetch['total_groups'];
$no_results = false;
$e_groups = $c_groups = array();
$l_groups = array();
$groups_background_color = array(
1 => array('background' => 'dark', 'icon' => ' fa-star'),
2 => array('background' => 'secondary', 'icon' => 'fa-user-secret'),
3 => array('background' => 'primary', 'icon' => 'fa-user-circle'),
);
if ($nums_rows > 0)
{
$query['SELECT'] = 'group_id, group_name, group_is_default, group_is_essential';
$result = $SQL->build($query);
while($row=$SQL->fetch_array($result))
{
$r = array(
'id' => $row['group_id'],
'name' => str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$row['group_name']),
'style' => !empty($groups_background_color[$row['group_id']])
? $groups_background_color[$row['group_id']]
: array('background' => 'secondary', 'icon' => ''),
'is_default' => (int) $row['group_is_default'] ? true : false
);
if((int) $row['group_is_essential'] == 1)
{
$e_groups[] = $r;
}
else
{
$c_groups[] = $r;
}
}
}
if($user_not_normal)
{
$c_groups = false;
}
$SQL->freeresult($result);
break;
#handling editing ACLs(permissions) for the requesting groups
case 'group_acl':
$req_group = ig('qg') ? g('qg', 'int') : 0;
if(!$req_group)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
$group_name = str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$req_group]['data']['group_name']);
$query = array(
'SELECT' => 'acl_name, acl_can',
'FROM' => "{$dbprefix}groups_acl",
'WHERE' => 'group_id=' . $req_group,
'ORDER BY' => 'acl_name ASC'
);
$result = $SQL->build($query);
$acls = $submitted_on_acls = $submitted_off_acls = array();
while($row=$SQL->fetch_array($result))
{
#if submit
if(ip('editacl'))
{
if(ip($row['acl_name']))
{
$submitted_on_acls[] = $row['acl_name'];
}
else if(!ip($row['acl_name']))
{
$submitted_off_acls[] = $row['acl_name'];
}
}
if($req_group == 2 && in_array($row['acl_name'], array('access_fileuser', 'enter_acp')))
{
continue;
}
$acls[] = array(
'acl_title' => $lang['ACLS_' . strtoupper($row['acl_name'])],
'acl_name' => $row['acl_name'],
'acl_can' => (int) $row['acl_can']
);
}
$SQL->freeresult($result);
#if submit
if(ip('editacl'))
{
#update 'can' acls
if(sizeof($submitted_on_acls))
{
$update_query = array(
'UPDATE' => "{$dbprefix}groups_acl",
'SET' => "acl_can=1",
'WHERE' => "acl_name IN ('" . implode("', '", $submitted_on_acls) . "') AND group_id=". $req_group
);
$SQL->build($update_query);
}
#update 'can not' acls
if(sizeof($submitted_off_acls))
{
$update_query2 = array(
'UPDATE' => "{$dbprefix}groups_acl",
'SET' => "acl_can=0",
'WHERE' => "acl_name IN ('" . implode("', '", $submitted_off_acls) . "') AND group_id=". $req_group
);
$SQL->build($update_query2);
}
#delete cache ..
delete_cache('data_groups');
kleeja_admin_info($lang['CONFIGS_UPDATED'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
break;
#handling editing settings for the requested group
case 'group_data':
$req_group = ig('qg') ? g('qg', 'int') : 0;
if(!$req_group)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
# When user change language from start page, hurry hurry section, he comes here
if(ig('lang_change'))
{
//check _GET Csrf token
if(!kleeja_check_form_key_get('adm_start_actions'))
{
kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH) . '?cp=start', 2);
}
$got_lang = preg_replace('[^a-zA-Z0-9]', '', g('lang_change'));
# -1 means all
if($req_group == -1)
{
//general
update_config('language', $got_lang);
//all groups
foreach ($d_groups as $group_id => $group_info)
{
update_config('language', $got_lang, true, $group_id);
}
$group_name = $lang['ALL'];
}
else
{
update_config('language', $got_lang, true, $req_group);
$group_name = str_replace(
array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$req_group]['data']['group_name']
);
}
delete_cache('data_lang' . $got_lang);
#msg, done
kleeja_admin_info($lang['CONFIGS_UPDATED'] . ', ' . $lang['LANGUAGE'] . ':' . $got_lang . ' - ' . $lang['FOR'] . ':' . $group_name,
true, '', true, basename(ADMIN_PATH) . '?cp=start');
}
$group_name = str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$req_group]['data']['group_name']);
$gdata = $d_groups[$req_group]['data'];
$query = array(
'SELECT' => 'c.name, c.option',
'FROM' => "{$dbprefix}config c",
'WHERE' => "c.type='groups'",
'ORDER BY' => 'c.display_order ASC'
);
$result = $SQL->build($query);
$data = array();
$cdata= $d_groups[$req_group]['configs'];
$STAMP_IMG_URL = file_exists(PATH . 'images/watermark.gif') ? PATH . 'images/watermark.gif' : PATH . 'images/watermark.png';
while($row=$SQL->fetch_array($result))
{
#submit, why here ? dont ask me just accept it as it.
if(ip('editdata'))
{
is_array($plugin_run_result = Plugins::getInstance()->run('after_submit_adm_users_groupdata', get_defined_vars())) ? extract($plugin_run_result) : null; //run hook
$new[$row['name']] = p($row['name'] ,'str', $row['value']);
$update_query = array(
'UPDATE' => "{$dbprefix}groups_data",
'SET' => "value='" . $SQL->escape($new[$row['name']]) . "'",
'WHERE' => "name='" . $row['name'] . "' AND group_id=". $req_group
);
$SQL->build($update_query);
continue;
}
if($row['name'] == 'language')
{
//get languages
if ($dh = @opendir(PATH . 'lang'))
{
while (($file = readdir($dh)) !== false)
{
if(strpos($file, '.') === false && $file != '..' && $file != '.')
{
$lngfiles .= '<option ' . ($d_groups[$req_group]['configs']['language'] == $file ? 'selected="selected"' : '') . ' value="' . $file . '">' . $file . '</option>' . "\n";
}
}
@closedir($dh);
}
}
if($req_group == 2 && in_array($row['name'], array('enable_userfile')))
{
continue;
}
$data[] = array(
'option' =>
str_replace(
array('<input ', '<select ', '<td>', '</td>', '<label>', '<tr>', '</tr>'),
array('<input class="form-control" ', '<select class="form-control" ', '<div class="form-group">', '</div>', '<label class="form-check-label">', '', ''),
'<div class="form-group">' . "\n" .
'<label for="' . $row['name'] . '">' . (!empty($lang[strtoupper($row['name'])]) ? $lang[strtoupper($row['name'])] : $olang[strtoupper($row['name'])]) . '</label>' . "\n" .
'<div class="box">' . (empty($row['option']) ? '' : $tpl->admindisplayoption(preg_replace(array('!{con.[a-z0-9_]+}!', '!NAME="con.!'), array('{cdata.' . $row['name'] . '}', 'NAME="cdata.'), $row['option']))) . '</div>' . "\n" .
'</div>' . "\n" . '<div class="clearfix"></div>')
);
}
$SQL->freeresult($result);
#submit
if(ip('editdata'))
{
#Remove group_is_default from the current one
if(p('group_is_default', 'int') == 1)
{
$update_query = array(
'UPDATE' => "{$dbprefix}groups",
'SET' => "group_is_default=0",
'WHERE' => "group_is_default=1"
);
$SQL->build($update_query);
#update config value of the current default group
update_config('default_group', $req_group);
delete_cache('data_config');
}
#update not-configs data
$update_query = array(
'UPDATE' => "{$dbprefix}groups",
'SET' => "group_is_default=" . p('group_is_default', 'int') . (ip('group_name') ? ", group_name='" . $SQL->escape(p('group_name')) . "'" : ''),
'WHERE' => "group_id=". $req_group
);
$SQL->build($update_query);
#delete cache ..
delete_cache('data_groups');
kleeja_admin_info($lang['CONFIGS_UPDATED'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users');
}
break;
#handling adding-editing allowed file extensions for requested group
case 'group_exts':
$req_group = ig('qg') ? g('qg', 'int') : 0;
if(!$req_group)
{
kleeja_admin_err('ERROR-NO-ID', true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
}
$group_name =str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$req_group]['data']['group_name']);
#check if there is klj_exts which means this is an upgraded website !
if(empty($config['exts_upraded1_5']))
{
$ex_exts = $SQL->query("SHOW TABLES LIKE '{$dbprefix}exts';");
if($SQL->num_rows($ex_exts))
{
$xquery = array(
'SELECT' => 'ext, gust_size, user_size, gust_allow, user_allow',
'FROM' => "{$dbprefix}exts",
'WHERE' => 'gust_allow=1 OR user_allow=1',
);
$xresult = $SQL->build($xquery);
$xexts = '';
while($row=$SQL->fetch_array($xresult))
{
if($row['gust_allow'])
{
$xexts .= ($xexts == '' ? '' : ',') . "('" . $SQL->escape($row['ext']) . "', 2, " . $row['gust_size'] . ")";
}
if($row['user_allow'])
{
$xexts .= ($xexts == '' ? '' : ',') . "('" . $SQL->escape($row['ext']) . "', 3, " . $row['user_size'] . ")";
}
}
$SQL->freeresult($result);
#delete prev exts before adding
$query_del = array(
'DELETE' => "{$dbprefix}groups_exts",
'WHERE' => 'group_id=2 OR group_id=3'
);
$SQL->build($query_del);
$SQL->query("INSERT INTO {$dbprefix}groups_exts (ext, group_id, size) VALUES " . $xexts . ";");
add_config('exts_upraded1_5', 'done');
}
}
#delete ext?
$DELETED_EXT = $GE_INFO = false;
if(ig('del'))
{
//check _GET Csrf token
if(!kleeja_check_form_key_get('adm_users'))
{
kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $action, 2);
}
$req_ext = ig('del') ? g('del', 'int') : 0;
if(!$req_ext)
{
kleeja_admin_err('ERROR-NO-EXT-ID', true, '', true, $action, 2);
}
$query_del = array(
'DELETE' => "{$dbprefix}groups_exts",
'WHERE' => 'ext_id=' . $req_ext
);
$SQL->build($query_del);
#done
$DELETED_EXT = $GE_INFO = 2;
delete_cache('data_groups');
}
#add ext?
$ADDED_EXT = false;
if(ip('newext'))
{
$new_ext = ip('extisnew') ? preg_replace('/[^a-z0-9]/', '', strtolower(p('extisnew'))) : false;
if(!$new_ext)
{
kleeja_admin_err($lang['EMPTY_EXT_FIELD'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users&smt=group_exts&qg=' . $req_group);
}
//check if it's welcomed one
//if he trying to be smart, he will add like ext1.ext2.php
//so we will just look at last one
$new_ext = explode('.', $new_ext);
$new_ext = array_pop($new_ext);
$check_ext = strtolower($new_ext);
$not_welcomed_exts = array('php', 'php3', 'php5', 'php4', 'asp', 'aspx', 'shtml', 'html', 'htm', 'xhtml', 'phtml', 'pl', 'cgi', 'ini', 'htaccess', 'sql', 'txt');
if(in_array($check_ext, $not_welcomed_exts))
{
kleeja_admin_err(sprintf($lang['FORBID_EXT'], $check_ext), true, '', true, $action);
}
//check if there is any exists of this ext in db
$query = array(
'SELECT' => '*',
'FROM' => "{$dbprefix}groups_exts",
'WHERE' => "ext='" . $new_ext . "' and group_id=" . $req_group,
);
$result = $SQL->build($query);
if ($SQL->num_rows($result))
{
kleeja_admin_err(sprintf($lang['NEW_EXT_EXISTS_B4'], $new_ext), true, '', true, $action);
}
#add
$default_size = '2097152';#bytes
$insert_query = array(
'INSERT' => 'ext ,group_id, size',
'INTO' => "{$dbprefix}groups_exts",
'VALUES' => "'$new_ext', $req_group, $default_size"
);
$SQL->build($insert_query);
#done
$ADDED_EXT = $GE_INFO = 2;
delete_cache('data_groups');
}
#if submit/update
if(ip('editexts'))
{
$ext_ids = $_POST['size']; #is an array
if(is_array($ext_ids))
{
foreach($ext_ids as $e_id=>$e_val)
{
$update_query = array(
'UPDATE' => "{$dbprefix}groups_exts",
'SET' => "size=" . (intval($e_val)*1024),
'WHERE' => "ext_id=" . intval($e_id) . " AND group_id=". $req_group
);
$SQL->build($update_query);
}
#delete cache ..
delete_cache('data_groups');
kleeja_admin_info($lang['UPDATED_EXTS'], true, '', true, $action);
}
}
#show exts
$query = array(
'SELECT' => 'ext_id, ext, size',
'FROM' => "{$dbprefix}groups_exts",
'WHERE' => 'group_id=' . $req_group,
'ORDER BY' => 'ext_id ASC'
);
$result = $SQL->build($query);
$exts = array();
while($row=$SQL->fetch_array($result))
{
//handle big int
$size = preg_match('/^[0-9]+/', $row['size'], $matches) ? $matches[0] : 0;
$exts[] = array(
'ext_id' => $row['ext_id'],
'ext_name' => $row['ext'],
'ext_size' => round($size / 1024),
'ext_icon' => file_exists(PATH . "images/filetypes/". $row['ext'] . ".png") ? PATH . "images/filetypes/" . $row['ext'] . ".png" : PATH. 'images/filetypes/file.png'
);
}
$SQL->freeresult($result);
break;
#show users (from search keyword)
case 'show_su':
$filter = get_filter(g('search_id'), 'user_search', false, 'filter_uid');
if(!$filter)
{
kleeja_admin_err($lang['ERROR_TRY_AGAIN'], true, $lang['ERROR'], true, basename(ADMIN_PATH) . '?cp=h_search&smt=users', 1);
}
$search = unserialize(htmlspecialchars_decode($filter['filter_value']));
$usernamee = $search['username'] != '' ? 'AND (name LIKE \'%' . $SQL->escape($search['username']) . '%\' OR clean_name LIKE \'%' . $SQL->escape($search['username']) . '%\') ' : '';
$usermailee = $search['usermail'] != '' ? 'AND mail LIKE \'%' . $SQL->escape($search['usermail']) . '%\' ' : '';
$is_search = true;
$query['WHERE'] = "name <> '' $usernamee $usermailee";
#show users (for requested group)
case 'show_group':
if($current_smt != 'show_su')
{
$is_search = true;
$req_group = ig('qg') ? g('qg', 'int') : 0;
$group_name =str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$req_group]['data']['group_name']);
$query['WHERE'] = "name != '' AND group_id = " . $req_group;
}
#show users (all)
case 'users':
$query['SELECT'] = 'COUNT(id) AS total_users';
$query['FROM'] = "{$dbprefix}users";
$query['ORDER BY'] = 'id ASC';
$result = $SQL->build($query);
$nums_rows = 0;
$n_fetch = $SQL->fetch_array($result);
$nums_rows = $n_fetch['total_users'];
//pagination
$currentPage = ig('page') ? g('page', 'int') : 1;
$Pager = new Pagination($perpage, $nums_rows, $currentPage);
$start = $Pager->getStartRow();
$no_results = false;
if ($nums_rows > 0)
{
$query['SELECT'] = 'id, name, founder, group_id, last_visit';
$query['LIMIT'] = "$start, $perpage";
$result = $SQL->build($query);
while($row=$SQL->fetch_array($result))
{
$userfile = $config['siteurl'] . ($config['mod_writer'] ? 'fileuser-' . $row['id'] . '.html' : 'ucp.php?go=fileuser&amp;id=' . $row['id']);
$arr[] = array(
'id' => $row['id'],
'name' => $row['name'],
'userfile_link' => $userfile,
'delusrfile_link' => $row['founder'] && (int) $userinfo['founder'] == 0 ? false : basename(ADMIN_PATH) .'?cp=' . basename(__file__, '.php') . '&amp;deleteuserfile='. $row['id'] . (ig('page') ? '&amp;page=' . g('page', 'int') : ''),
'delusr_link' => $userinfo['id'] == $row['id'] || ($row['founder'] && (int) $userinfo['founder'] == 0) ? false : basename(ADMIN_PATH) .'?cp=' . basename(__file__, '.php') . '&amp;del_user='. $row['id'] . (ig('page') ? '&amp;page=' . g('page', 'int') : ''),
'editusr_link' => basename(ADMIN_PATH) .'?cp=' . basename(__file__, '.php') . '&amp;smt=edit_user&amp;uid='. $row['id'] . (ig('page') ? '&amp;page=' . g('page', 'int') : ''),
'founder' => (int) $row['founder'],
'last_visit' => empty($row['last_visit']) ? $lang['NOT_YET'] : kleeja_date($row['last_visit']),
'group' => str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$row['group_id']]['data']['group_name'])
);
}
$SQL->freeresult($result);
}
else #num rows
{
$no_results = true;
}
//pages
$total_pages = $Pager->getTotalPages();
$page_nums = $Pager->print_nums(
basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . (ig('search_id') ? '&search_id=' . g('search_id') : '')
. (ig('qg') ? '&qg=' . g('qg', 'int') : '') . (ig('smt') ? '&smt=' . $current_smt : '')
);
$show_results = true;
break;
#editing a user, form
case 'edit_user':
//is exists ?
if(!isset($userid))
{
$userid = g('uid', 'int');
if(!$SQL->num_rows($SQL->query("SELECT * FROM {$dbprefix}users WHERE id=" . $userid)))
{
kleeja_admin_err('ERROR-NO-USER-FOUND', true, '', true, basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php'));
}
}
$query = array(
'SELECT' => 'name, mail, group_id, founder, show_my_filecp',
'FROM' => "{$dbprefix}users",
'WHERE' => 'id=' . $userid,
);
$result = $SQL->build($query);
$udata = $SQL->fetch_array($result);
$SQL->freeresult($result);
//If founder, just founder can edit him;
$u_founder = ip('l_founder') ? p('l_founder', 'int') : (int) $udata['founder'];
$im_founder = (int) $userinfo['founder'];
$u_group = ip('l_group') ? p('l_group', 'int') : $udata['group_id'];
$u_qg = ip('l_qg') ? p('u_qg', 'int') : $udata['group_id'];
if($u_founder && !$im_founder)
{
kleeja_admin_err($lang['HV_NOT_PRVLG_ACCESS'], true, '', true, basename(ADMIN_PATH) . '?cp=g_users&smt=show_group&qg=' . $u_group);
}
$errs = isset($errs) ? $errs : false;
#prepare them for the template
$title_name = $udata['name'];
$u_name = p('l_name', 'str', $udata['name']);
$u_mail = p('l_mail', 'str', $udata['mail']);
$u_show_filecp = p('l_show_filecp', 'int', $udata['show_my_filecp']);
$u_page = ig('page') ? g('page', 'int') : 0;
$k_groups = array_keys($d_groups);
$u_groups = array();
foreach($k_groups as $id)
{
$u_groups[] = array(
'id' => $id,
'name' => str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$id]['data']['group_name']),
'default' => $config['default_group'] == $id ? true : false,
'selected' => $id == $u_group
);
}
break;
#new user adding form
case 'new_u':
#preparing the template
$errs = isset($errs) ? $errs : false;
$uname = p('lname');
$umail = p('lmail');
$k_groups = array_keys($d_groups);
$u_groups = array();
foreach($k_groups as $id)
{
$u_groups[] = array(
'id' => $id,
'name' => str_replace(array('{lang.ADMINS}', '{lang.USERS}', '{lang.GUESTS}'),
array($lang['ADMINS'], $lang['USERS'], $lang['GUESTS']),
$d_groups[$id]['data']['group_name']),
'default' => $config['default_group'] == $id ? true : false,
'selected' => ip('lgroup') ? p('lgroup') == $id : $id == $config['default_group']
);
}
break;
endswitch;
//after submit
if (ip('submit'))
{
$g_link = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') . '&amp;page=' . (ig('page') ? g('page', 'int') : 1) .
(ig('search_id') ? '&amp;search_id=' . g('search_id') : '') . '&amp;smt=' . $current_smt;
$text = ($affected ? $lang['USERS_UPDATED'] : $lang['NO_UP_CHANGE_S']) .
'<script type="text/javascript"> setTimeout("get_kleeja_link(\'' . str_replace('&amp;', '&', $g_link) . '\');", 2000);</script>' . "\n";
$stylee = "admin_info";
}
//secondary menu
$go_menu = array(
'general' => array('name'=>$lang['R_GROUPS'], 'link'=> basename(ADMIN_PATH) . '?cp=g_users&amp;smt=general', 'goto'=>'general', 'current'=> $current_smt == 'general'),
#'users' => array('name'=>$lang['R_USERS'], 'link'=> basename(ADMIN_PATH) . '?cp=g_users&amp;smt=users', 'goto'=>'users', 'current'=> $current_smt == 'users'),
'show_su' => array('name'=>$lang['SEARCH_USERS'], 'link'=> basename(ADMIN_PATH) . '?cp=h_search&amp;smt=users', 'goto'=>'show_su', 'current'=> $current_smt == 'show_su'),
);
#user adding is not allowed in integration
if(!$user_not_normal)
{
$go_menu['new_u'] = array('name'=>$lang['NEW_USER'], 'link'=> basename(ADMIN_PATH) . '?cp=g_users&amp;smt=new_u', 'goto'=>'new_u', 'current'=> $current_smt == 'new_u');
}
Reference in New Issue View Git Blame Copy Permalink