plugins/admin/UserManager.php
changeset 141 13a43f08ffe1
parent 140 40f7fa5fd061
child 142 ca9118d9c0f2
equal deleted inserted replaced
140:40f7fa5fd061 141:13a43f08ffe1
    28     #
    28     #
    29     # BEGIN VALIDATION
    29     # BEGIN VALIDATION
    30     #
    30     #
    31     
    31     
    32     $errors = array();
    32     $errors = array();
       
    33     
       
    34     if ( defined('ENANO_DEMO_MODE') )
       
    35     {
       
    36       $errors[] = 'Users cannot be modified or deleted in demo mode.';
       
    37     }
       
    38     
    33     $user_id = intval($_POST['user_id']);
    39     $user_id = intval($_POST['user_id']);
    34     if ( empty($user_id) )
    40     if ( empty($user_id) || $user_id == 1 )
    35       $errors[] = 'Invalid user ID.';
    41       $errors[] = 'Invalid user ID.';
    36     
    42     
    37     if ( isset($_POST['delete_account']) )
    43     if ( isset($_POST['delete_account']) && count($errors) < 1 )
    38     {
    44     {
    39       $q = $db->sql_query('DELETE FROM '.table_prefix."users_extra WHERE user_id=$user_id;");
    45       $q = $db->sql_query('DELETE FROM '.table_prefix."users_extra WHERE user_id=$user_id;");
    40       if ( !$q )
    46       if ( !$q )
    41         $db->_die();
    47         $db->_die();
    42       $q = $db->sql_query('DELETE FROM '.table_prefix."users WHERE user_id=$user_id;");
    48       $q = $db->sql_query('DELETE FROM '.table_prefix."users WHERE user_id=$user_id;");
   106       if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
   112       if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
   107       {
   113       {
   108         $homepage = '';
   114         $homepage = '';
   109       }
   115       }
   110       
   116       
   111       if ( count($errors) > 0 )
   117       if ( count($errors) < 1 )
   112       {
       
   113         echo '<div class="error-box">
       
   114                 <b>Your request could not be processed due to the following validation errors:</b>
       
   115                 <ul>
       
   116                   <li>' . implode("</li>\n        <li>", $errors) . '</li>
       
   117                 </ul>
       
   118               </div>';
       
   119         $form = new Admin_UserManager_SmartForm();
       
   120         $form->user_id = $user_id;
       
   121         $form->username = $username;
       
   122         $form->email = $email;
       
   123         $form->real_name = $real_name;
       
   124         $form->signature = $signature;
       
   125         $form->user_level = $user_level;
       
   126         $form->im = array(
       
   127             'aim' => $imaddr_aim,
       
   128             'yahoo' => $imaddr_yahoo,
       
   129             'msn' => $imaddr_msn,
       
   130             'xmpp' => $imaddr_xmpp
       
   131           );
       
   132         $form->contact = array(
       
   133             'homepage' => $homepage,
       
   134             'location' => $location,
       
   135             'job' => $occupation,
       
   136             'hobbies' => $hobbies
       
   137           );
       
   138         $form->email_public = ( isset($_POST['email_public']) );
       
   139         $form->account_active = ( isset($_POST['account_active']) );
       
   140         echo $form->render();
       
   141         return false;
       
   142       }
       
   143       else
       
   144       {
   118       {
   145         $q = $db->sql_query('SELECT u.user_level FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';');
   119         $q = $db->sql_query('SELECT u.user_level FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';');
   146         if ( !$q )
   120         if ( !$q )
   147           $db->_die();
   121           $db->_die();
   148         
   122         
   255         
   229         
   256         echo '<div class="info-box">Your changes have been saved.</div>';
   230         echo '<div class="info-box">Your changes have been saved.</div>';
   257       }
   231       }
   258     }
   232     }
   259     
   233     
       
   234     if ( count($errors) > 0 )
       
   235     {
       
   236       echo '<div class="error-box">
       
   237               <b>Your request could not be processed due to the following validation errors:</b>
       
   238               <ul>
       
   239                 <li>' . implode("</li>\n        <li>", $errors) . '</li>
       
   240               </ul>
       
   241             </div>';
       
   242       $form = new Admin_UserManager_SmartForm();
       
   243       $form->user_id = $user_id;
       
   244       $form->username = $username;
       
   245       $form->email = $email;
       
   246       $form->real_name = $real_name;
       
   247       $form->signature = $signature;
       
   248       $form->user_level = $user_level;
       
   249       $form->im = array(
       
   250           'aim' => $imaddr_aim,
       
   251           'yahoo' => $imaddr_yahoo,
       
   252           'msn' => $imaddr_msn,
       
   253           'xmpp' => $imaddr_xmpp
       
   254         );
       
   255       $form->contact = array(
       
   256           'homepage' => $homepage,
       
   257           'location' => $location,
       
   258           'job' => $occupation,
       
   259           'hobbies' => $hobbies
       
   260         );
       
   261       $form->email_public = ( isset($_POST['email_public']) );
       
   262       $form->account_active = ( isset($_POST['account_active']) );
       
   263       echo $form->render();
       
   264       return false;
       
   265     }
       
   266     
   260     #
   267     #
   261     # END VALIDATION
   268     # END VALIDATION
   262     #
   269     #
   263   }
   270   }
   264   else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) )
   271   else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) )
   277       return false;
   284       return false;
   278     }
   285     }
   279     $q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, x.* FROM '.table_prefix.'users AS u
   286     $q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, x.* FROM '.table_prefix.'users AS u
   280                            LEFT JOIN '.table_prefix.'users_extra AS x
   287                            LEFT JOIN '.table_prefix.'users_extra AS x
   281                              ON ( u.user_id = x.user_id OR x.user_id IS NULL )
   288                              ON ( u.user_id = x.user_id OR x.user_id IS NULL )
   282                            WHERE lcase(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\';');
   289                            WHERE ( lcase(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\' ) AND user_id != 1;');
   283     if ( !$q )
   290     if ( !$q )
   284       $db->_die();
   291       $db->_die();
   285     
   292     
   286     if ( $db->numrows() < 1 )
   293     if ( $db->numrows() < 1 )
   287     {
   294     {