plugins/SpecialAdmin.php
changeset 259 112debff64bd
parent 256 f8356d9c3481
child 261 5f1cd51bf1be
equal deleted inserted replaced
258:8be996c3740d 259:112debff64bd
   472   
   472   
   473   if(isset($_POST['save']))
   473   if(isset($_POST['save']))
   474   {
   474   {
   475     if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1')
   475     if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1')
   476     {
   476     {
   477       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
   477       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
   478       if ( !$q )
   478       if ( !$q )
   479         $db->_die();
   479         $db->_die();
   480       setConfig('enable_uploads', '1');
   480       setConfig('enable_uploads', '1');
   481     }
   481     }
   482     else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' )
   482     else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' )
   483     {
   483     {
   484       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
   484       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
   485       if ( !$q )
   485       if ( !$q )
   486         $db->_die();
   486         $db->_die();
   487       setConfig('enable_uploads', '0');
   487       setConfig('enable_uploads', '0');
   488     }
   488     }
   489     if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1')
   489     if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1')
   490     {
   490     {
   491       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
   491       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
   492       if ( !$q )
   492       if ( !$q )
   493         $db->_die();
   493         $db->_die();
   494       setConfig('enable_imagemagick', '1');
   494       setConfig('enable_imagemagick', '1');
   495     }
   495     }
   496     else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' )
   496     else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' )
   497     {
   497     {
   498       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
   498       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
   499       if ( !$q )
   499       if ( !$q )
   500         $db->_die();
   500         $db->_die();
   501       setConfig('enable_imagemagick', '0');
   501       setConfig('enable_imagemagick', '0');
   502     }
   502     }
   503     if(isset($_POST['cache_thumbs']))
   503     if(isset($_POST['cache_thumbs']))
   508     {
   508     {
   509       setConfig('cache_thumbs', '0');
   509       setConfig('cache_thumbs', '0');
   510     }
   510     }
   511     if(isset($_POST['file_history']) && getConfig('file_history') != '1' )
   511     if(isset($_POST['file_history']) && getConfig('file_history') != '1' )
   512     {
   512     {
   513       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
   513       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
   514       if ( !$q )
   514       if ( !$q )
   515         $db->_die();
   515         $db->_die();
   516       setConfig('file_history', '1');
   516       setConfig('file_history', '1');
   517     }
   517     }
   518     else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' )
   518     else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' )
   519     {
   519     {
   520       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
   520       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
   521       if ( !$q )
   521       if ( !$q )
   522         $db->_die();
   522         $db->_die();
   523       setConfig('file_history', '0');
   523       setConfig('file_history', '0');
   524     }
   524     }
   525     if(file_exists($_POST['imagemagick_path']) && $_POST['imagemagick_path'] != getConfig('imagemagick_path'))
   525     if(file_exists($_POST['imagemagick_path']) && $_POST['imagemagick_path'] != getConfig('imagemagick_path'))
   526     {
   526     {
   527       $old = getConfig('imagemagick_path');
   527       $old = getConfig('imagemagick_path');
   528       $oldnew = "{$old}||{$_POST['imagemagick_path']}";
   528       $oldnew = "{$old}||{$_POST['imagemagick_path']}";
   529       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","magick_path",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($oldnew) . '");');
   529       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',\'' . $db->escape($oldnew) . '\');');
   530       if ( !$q )
   530       if ( !$q )
   531         $db->_die();
   531         $db->_die();
   532       setConfig('imagemagick_path', $_POST['imagemagick_path']);
   532       setConfig('imagemagick_path', $_POST['imagemagick_path']);
   533     }
   533     }
   534     else if ( $_POST['imagemagick_path'] != getConfig('imagemagick_path') )
   534     else if ( $_POST['imagemagick_path'] != getConfig('imagemagick_path') )
   590   if(isset($_GET['action']))
   590   if(isset($_GET['action']))
   591   {
   591   {
   592     switch($_GET['action'])
   592     switch($_GET['action'])
   593     {
   593     {
   594       case "enable":
   594       case "enable":
   595         $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
   595         $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
   596         if ( !$q )
   596         if ( !$q )
   597           $db->_die();
   597           $db->_die();
   598         setConfig('plugin_'.$_GET['plugin'], '1');
   598         setConfig('plugin_'.$_GET['plugin'], '1');
   599         break;
   599         break;
   600       case "disable":
   600       case "disable":
   603           echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
   603           echo('<h3>Error disabling plugin</h3><p>The demo lockdown plugin cannot be disabled in demo mode.</p>');
   604           break;
   604           break;
   605         }
   605         }
   606         if ( !in_array($_GET['plugin'], $plugins->system_plugins) )
   606         if ( !in_array($_GET['plugin'], $plugins->system_plugins) )
   607         {
   607         {
   608           $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
   608           $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
   609           if ( !$q )
   609           if ( !$q )
   610             $db->_die();
   610             $db->_die();
   611           setConfig('plugin_'.$_GET['plugin'], '0');
   611           setConfig('plugin_'.$_GET['plugin'], '0');
   612         }
   612         }
   613         else 
   613         else 
   837     Log in
   837     Log in
   838   {/if}
   838   {/if}
   839 {/slider}</pre>
   839 {/slider}</pre>
   840   <?php
   840   <?php
   841 }
   841 }
   842 
       
   843 /*
       
   844 function page_Admin_UserManager() {
       
   845   global $db, $session, $paths, $template, $plugins; // Common objects
       
   846   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
       
   847   {
       
   848     echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
       
   849     return;
       
   850   }
       
   851   
       
   852   if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) )
       
   853   {
       
   854     $_POST['go'] = true;
       
   855     $_POST['username'] = $_GET['user'];
       
   856   }
       
   857   
       
   858   if(isset($_POST['go']))
       
   859   {
       
   860     // We need the user ID before we can do anything
       
   861     $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
       
   862     if ( !$q )
       
   863     {
       
   864       die('Error selecting user ID: '.mysql_error());
       
   865     }
       
   866     if ( $db->numrows() < 1 )
       
   867     {
       
   868       echo('User does not exist, please enter another username.');
       
   869       return;
       
   870     }
       
   871     $r = $db->fetchrow();
       
   872     $db->free_result();
       
   873     if(isset($_POST['save']))
       
   874     {
       
   875       $_POST['level'] = intval($_POST['level']);
       
   876       
       
   877       $new_level = $_POST['level'];
       
   878       $old_level = intval($r['user_level']);
       
   879       
       
   880       if ( defined('ENANO_DEMO_MODE') )
       
   881       {
       
   882         echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
       
   883         $re = Array('permission denied');
       
   884       }
       
   885       else
       
   886       {
       
   887         $re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);
       
   888       }
       
   889       
       
   890       if($re == 'success')
       
   891       {
       
   892         
       
   893         if ( $new_level != $old_level )
       
   894         {
       
   895           $user_id = intval($r['user_id']);
       
   896           // We need to update group memberships
       
   897           if ( $old_level == USER_LEVEL_ADMIN ) 
       
   898           {
       
   899             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
       
   900             if ( !$q )
       
   901               $db->_die();
       
   902             $session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
       
   903           }
       
   904           else if ( $old_level == USER_LEVEL_MOD ) 
       
   905           {
       
   906             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
       
   907             if ( !$q )
       
   908               $db->_die();
       
   909             $session->remove_user_from_group($user_id, GROUP_ID_MOD);
       
   910           }
       
   911           
       
   912           if ( $new_level == USER_LEVEL_ADMIN )
       
   913           {
       
   914             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
       
   915             if ( !$q )
       
   916               $db->_die();
       
   917             $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
       
   918           }
       
   919           else if ( $new_level == USER_LEVEL_MOD )
       
   920           {
       
   921             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
       
   922             if ( !$q )
       
   923               $db->_die();
       
   924             $session->add_user_to_group($user_id, GROUP_ID_MOD, false);
       
   925           }
       
   926         }
       
   927         
       
   928         // update account activation
       
   929         if ( isset($_POST['account_active']) )
       
   930         {
       
   931           // activate account
       
   932           $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=1 WHERE user_id=' . intval($r['user_id']) . ';');
       
   933           if ( !$q )
       
   934             $db->_die();
       
   935         }
       
   936         else
       
   937         {
       
   938           // deactivate account and throw away the old key
       
   939           $actkey = sha1 ( microtime() . mt_rand() );
       
   940           $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . intval($r['user_id']) . ';');
       
   941           if ( !$q )
       
   942             $db->_die();
       
   943         }
       
   944         
       
   945         echo('<div class="info-box">Your changes have been saved.</div>');
       
   946       }
       
   947       else
       
   948       {
       
   949         echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');
       
   950       }
       
   951       $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');
       
   952       if ( !$q )
       
   953       {
       
   954         die('Error selecting user ID: '.mysql_error());
       
   955       }
       
   956       if($db->numrows($q) < 1)
       
   957       {
       
   958         die('User does not exist, please enter another username.');
       
   959       }
       
   960       $r = mysql_fetch_object($q);
       
   961       $db->free_result();
       
   962     }
       
   963     elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))
       
   964     {
       
   965       if ( defined('ENANO_DEMO_MODE') )
       
   966       {
       
   967         echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
       
   968       }
       
   969       else
       
   970       {
       
   971         $q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');
       
   972         if($q)
       
   973         {
       
   974           echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';
       
   975         }
       
   976         else
       
   977         {
       
   978           echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';
       
   979         }
       
   980       }
       
   981     }
       
   982     else
       
   983     {
       
   984       $disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : '';
       
   985       $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" style="margin-right: 7px;" ' : '';
       
   986       $meter         = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td></td><td><div id="pwmeter"></div><p><small>Password complexity requirements are not enforced here.</small></p></td></tr>' : '';
       
   987       echo('
       
   988       <h3>Edit User Info</h3>
       
   989       <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
       
   990         <table border="0" style="margin-left: 0.2in;">   
       
   991           <tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr>
       
   992           <tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" '.$evt_get_score.'/></td></tr>
       
   993           '.$meter.'
       
   994           <tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr>
       
   995           <tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>
       
   996           ' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '
       
   997           <tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>
       
   998           <tr><td></td><td><label><input type="checkbox" name="account_active"' . ( $r['account_active'] == '1' ? ' checked="checked"' : '' ) . ' /> Account is active</label><br /><small>If this is unchecked, the activation key will be reset, meaning that any activation e-mails sent will be invalidated.</small></td></tr>
       
   999           <tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>
       
  1000           <tr><td align="center" colspan="2">
       
  1001           <input type="submit" name="save" value="Save Changes" /></td></tr>
       
  1002         </table>
       
  1003       </form>
       
  1004       ');
       
  1005     }
       
  1006   }
       
  1007   else if(isset($_POST['clearsessions'])) 
       
  1008   {
       
  1009     if ( defined('ENANO_DEMO_MODE') )
       
  1010     {
       
  1011       echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';
       
  1012     }
       
  1013     else
       
  1014     {
       
  1015       // Get the current session information so the user doesn't get logged out
       
  1016       $aes = new AESCrypt();
       
  1017       $sk = md5(strrev($session->sid_super));
       
  1018       $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
       
  1019       if ( !$qb )
       
  1020       {
       
  1021         die('Error selecting session key info block B: '.$db->get_error());
       
  1022       }
       
  1023       if ( $db->numrows($qb) < 1 )
       
  1024       {
       
  1025         die('Error: cannot read admin session info block B, aborting table clear process');
       
  1026       }
       
  1027       $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
       
  1028       if ( !$qa )
       
  1029       {
       
  1030         die('Error selecting session key info block A: '.$db->get_error());
       
  1031       }
       
  1032       if ( $db->numrows($qa) < 1 )
       
  1033       {
       
  1034         die('Error: cannot read user session info block A, aborting table clear process');
       
  1035       }
       
  1036       $ra = mysql_fetch_object($qa);
       
  1037       $rb = mysql_fetch_object($qb);
       
  1038       $db->free_result($qa);
       
  1039       $db->free_result($qb);
       
  1040       
       
  1041       $db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
       
  1042       $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');
       
  1043       
       
  1044       echo('
       
  1045         <div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>
       
  1046       ');
       
  1047     }
       
  1048   }   
       
  1049   echo('
       
  1050   <h3>User Management</h3>
       
  1051   <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">
       
  1052     <p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>
       
  1053     <h3>Clear session keys table</h3>
       
  1054      <p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p>
       
  1055      <p><input type="submit" name="clearsessions" value="Clear session keys table" /></p>
       
  1056   </form>
       
  1057   ');
       
  1058   if(isset($_GET['action']) && isset($_GET['user']))
       
  1059   {
       
  1060     switch($_GET['action'])
       
  1061     {
       
  1062       case "activate":
       
  1063         $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');
       
  1064         if($e)
       
  1065         {
       
  1066           $row = $db->fetchrow();
       
  1067           $db->free_result();
       
  1068           if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
       
  1069           else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';
       
  1070         } else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';
       
  1071         break;
       
  1072       case "sendemail":
       
  1073         if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
       
  1074         else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';
       
  1075         break;
       
  1076       case "deny":
       
  1077         $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');
       
  1078         if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';
       
  1079         else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';
       
  1080         break;
       
  1081     }
       
  1082   }
       
  1083   $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l
       
  1084                          LEFT JOIN '.table_prefix.'users AS u
       
  1085                            ON ( u.username = l.edit_summary OR u.username IS NULL )
       
  1086                          WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');
       
  1087   if($q)
       
  1088   {
       
  1089     if($db->numrows() > 0)
       
  1090     {
       
  1091       $n = $db->numrows();
       
  1092       if($n == 1) $s = $n . ' user is';
       
  1093       else $s = $n . ' users are';
       
  1094       echo '<h3>'.$s . ' awaiting account activation</h3>';
       
  1095       echo '<div class="tblholder">
       
  1096             <table border="0" cellspacing="1" cellpadding="4" width="100%">
       
  1097             <tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th>COPPA user</th><th colspan="3">Actions</th></tr>';
       
  1098       $cls = 'row2';
       
  1099       while($row = $db->fetchrow())
       
  1100       {
       
  1101         if($cls == 'row2') $cls = 'row1';
       
  1102         else $cls = 'row2';
       
  1103         $coppa = ( $row['user_coppa'] == '1' ) ? '<b>Yes</b>' : 'No';
       
  1104         echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&amp;action=activate&amp;user='.$row['edit_summary'].'&amp;logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&amp;action=sendemail&amp;user='.$row['edit_summary'].'&amp;logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&amp;action=deny&amp;user='.$row['edit_summary'].'&amp;logid='.$row['time_id']).'">Deny request</a></td></tr>';
       
  1105       }
       
  1106       echo '</table>';
       
  1107     }
       
  1108     $db->free_result();
       
  1109   }
       
  1110 }
       
  1111 */
       
  1112 
   842 
  1113 function page_Admin_GroupManager()
   843 function page_Admin_GroupManager()
  1114 {
   844 {
  1115   global $db, $session, $paths, $template, $plugins; // Common objects
   845   global $db, $session, $paths, $template, $plugins; // Common objects
  1116   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
   846   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )