Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/admin/UserManager.php
changeset 629 8733c22969e7
parent 621 68f8a9cc0a18
child 630 3a8ed301be66
equal deleted inserted replaced
628:ab6f55abb17e 629:8733c22969e7 
    21     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
 
    21     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
 
    22     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
 
    22     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
 
    23     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
 
    23     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
 
    24     return;
 
    24     return;
 
    25   }
 
    25   }
 
       
    26   
       
    27   require_once(ENANO_ROOT . '/includes/math.php');
 
       
    28   require_once(ENANO_ROOT . '/includes/diffiehellman.php');
 
       
    29   
       
    30   $GLOBALS['dh_supported'] = $dh_supported;
 
    26   
    31   
    27   //die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>');
 
    32   //die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>');
 
    28   
    33   
    29   if ( isset($_POST['action']['save']) )
 
    34   if ( isset($_POST['action']['save']) )
 
    30   {
 
    35   {
 
   309             else
 
   314             else
 
   310             {
 
   315             {
 
   311               // move failed - turn avatar off
 
   316               // move failed - turn avatar off
 
   312               $to_update_users['user_has_avatar'] = '0';
 
   317               $to_update_users['user_has_avatar'] = '0';
 
   313             }
 
   318             }
 
       
   319             break;
 
       
   320           case 'set_gravatar':
 
       
   321             // set avatar to use Gravatar
 
       
   322             // first, remove old image
 
       
   323             if ( $has_avi )
 
       
   324             {
 
       
   325               @unlink($avi_path);
 
       
   326             }
 
       
   327             // set to gravatar mode
 
       
   328             $to_update_users['user_has_avatar'] = '1';
 
       
   329             $to_update_users['avatar_type'] = 'grv';
 
       
   330             
       
   331             $has_avi = 1;
 
   314             break;
 
   332             break;
 
   315         }
 
   333         }
 
   316         
   334         
   317         if ( count($errors) < 1 )
 
   335         if ( count($errors) < 1 )
 
   318         {
 
   336         {
 
   791   
   809   
   792   function render()
 
   810   function render()
 
   793   {
 
   811   {
 
   794     global $db, $session, $paths, $template, $plugins; // Common objects
 
   812     global $db, $session, $paths, $template, $plugins; // Common objects
 
   795     global $lang;
 
   813     global $lang;
 
       
   814     global $dh_supported;
 
   796     if ( file_exists( ENANO_ROOT . "/themes/$template->theme/admin_usermanager_form.tpl" ) )
 
   815     if ( file_exists( ENANO_ROOT . "/themes/$template->theme/admin_usermanager_form.tpl" ) )
 
   797     {
 
   816     {
 
   798       $parser = $template->makeParser('admin_usermanager_form.tpl');
 
   817       $parser = $template->makeParser('admin_usermanager_form.tpl');
 
   799     }
 
   818     }
 
   800     else
 
   819     else
 
   895                       <input type="hidden" name="changing_pw" value="no" />
 
   914                       <input type="hidden" name="changing_pw" value="no" />
 
   896                       <input type="hidden" name="challenge_data" value="{MD5_CHALLENGE}" />
 
   915                       <input type="hidden" name="challenge_data" value="{MD5_CHALLENGE}" />
 
   897                       <input type="hidden" name="use_crypt" value="no" />
 
   916                       <input type="hidden" name="use_crypt" value="no" />
 
   898                       <input type="hidden" name="crypt_key" value="{PUBLIC_KEY}" />
 
   917                       <input type="hidden" name="crypt_key" value="{PUBLIC_KEY}" />
 
   899                       <input type="hidden" name="crypt_data" value="" />
 
   918                       <input type="hidden" name="crypt_data" value="" />
 
       
   919                       <input type="hidden" name="dh_supported" value="{DH_SUPPORTED}" />
 
       
   920                       <input type="hidden" name="dh_public" value="{DH_PUBLIC}" />
 
       
   921                       <input type="hidden" name="dh_mypublic" value="" />
 
   900                       <table border="0" style="background-color: transparent;" cellspacing="0" cellpadding="0">
 
   922                       <table border="0" style="background-color: transparent;" cellspacing="0" cellpadding="0">
 
   901                         <tr>
 
   923                         <tr>
 
   902                           <td colspan="2">
 
   924                           <td colspan="2">
 
   903                             <b>{lang:acpum_field_password_title}</b>
 
   925                             <b>{lang:acpum_field_password_title}</b>
 
   904                           </td>
 
   926                           </td>
 
  1037                   <td class="row2">
 
  1059                   <td class="row2">
 
  1038                     {lang:acpum_avatar_lbl_change}
 
  1060                     {lang:acpum_avatar_lbl_change}
 
  1039                   </td>
 
  1061                   </td>
 
  1040                   <td class="row1">
 
  1062                   <td class="row1">
 
  1041                     <script type="text/javascript">
 
  1063                     <script type="text/javascript">
 
  1042                       function admincp_users_avatar_set_{UUID}(obj)
 
  1064                       function admincp_users_avatar_set_{UUID}(elParent)
 
  1043                       {
 
  1065                       {
 
  1044                         switch(obj.value)
 
  1066                         switch(elParent.value)
 
  1045                         {
 
  1067                         {
 
  1046                           case 'keep':
 
  1068                           case 'keep':
 
  1047                           case 'remove':
 
  1069                           case 'remove':
 
  1048                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
 
  1070                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
 
  1049                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
 
  1071                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
 
       
  1072                             $('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
 
  1050                             break;
 
  1073                             break;
 
  1051                           case 'set_http':
 
  1074                           case 'set_http':
 
  1052                             $('avatar_upload_http_{UUID}').object.style.display = 'block';
 
  1075                             $('avatar_upload_http_{UUID}').object.style.display = 'block';
 
  1053                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
 
  1076                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
 
       
  1077                             $('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
 
  1054                             break;
 
  1078                             break;
 
  1055                           case 'set_file':
 
  1079                           case 'set_file':
 
  1056                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
 
  1080                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
 
  1057                             $('avatar_upload_file_{UUID}').object.style.display = 'block';
 
  1081                             $('avatar_upload_file_{UUID}').object.style.display = 'block';
 
       
  1082                             $('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
 
       
  1083                             break;
 
       
  1084                           case 'set_gravatar':
 
       
  1085                             $('avatar_upload_gravatar_{UUID}').object.style.display = 'block';
 
       
  1086                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
 
       
  1087                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
 
  1058                             break;
 
  1088                             break;
 
  1059                         }
 
  1089                         }
 
  1060                       }
 
  1090                       }
 
  1061                     </script>
 
  1091                     </script>
 
  1062                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br />
 
  1092                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br />
 
  1064                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_http" /> {lang:acpum_avatar_lbl_set_http}</label><br />
 
  1094                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_http" /> {lang:acpum_avatar_lbl_set_http}</label><br />
 
  1065                       <div id="avatar_upload_http_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
 
  1095                       <div id="avatar_upload_http_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
 
  1066                         {lang:usercp_avatar_lbl_url} <input type="text" name="avatar_http_url" size="40" value="http://" /><br />
 
  1096                         {lang:usercp_avatar_lbl_url} <input type="text" name="avatar_http_url" size="40" value="http://" /><br />
 
  1067                         <small>{lang:usercp_avatar_lbl_url_desc} {lang:usercp_avatar_limits}</small>
 
  1097                         <small>{lang:usercp_avatar_lbl_url_desc} {lang:usercp_avatar_limits}</small>
 
  1068                       </div>
 
  1098                       </div>
 
  1069                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_file" /> {lang:acpum_avatar_lbl_set_file}</label>
 
  1099                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_file" /> {lang:acpum_avatar_lbl_set_file}</label><br />
 
  1070                       <div id="avatar_upload_file_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
 
  1100                       <div id="avatar_upload_file_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
 
  1071                         {lang:usercp_avatar_lbl_file} <input type="file" name="avatar_file" size="40" value="http://" /><br />
 
  1101                         {lang:usercp_avatar_lbl_file} <input type="file" name="avatar_file" size="40" value="http://" /><br />
 
  1072                         <small>{lang:usercp_avatar_lbl_file_desc} {lang:usercp_avatar_limits}</small>
 
  1102                         <small>{lang:usercp_avatar_lbl_file_desc} {lang:usercp_avatar_limits}</small>
 
  1073                       </div>
 
  1103                       </div>
 
       
  1104                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_gravatar" /> {lang:acpum_avatar_lbl_set_gravatar} <img alt=" " src="{GRAVATAR_URL}" /></label><br />
 
       
  1105                       <div id="avatar_upload_gravatar_{UUID}"></div>
 
  1074                   </td>
 
  1106                   </td>
 
  1075                 </tr>
 
  1107                 </tr>
 
  1076                 
  1108                 
  1077               <!-- / Avatar settings -->
 
  1109               <!-- / Avatar settings -->
 
  1078               
  1110               
  1147             </table>
 
  1179             </table>
 
  1148           </div>
 
  1180           </div>
 
  1149         
  1181         
  1150         </form>
 
  1182         </form>
 
  1151         
  1183         
       
  1184         <!-- BEGINNOT same_user -->
 
  1152         <script type="text/javascript">
 
  1185         <script type="text/javascript">
 
  1153         password_score_field(document.forms['useredit_{UUID}'].new_password);
 
  1186         password_score_field(document.forms['useredit_{UUID}'].new_password);
 
  1154         </script>
 
  1187         </script>
 
       
  1188         <!-- END same_user -->
 
  1155         
  1189         
  1156         {AES_JAVASCRIPT}
 
  1190         {AES_JAVASCRIPT}
 
  1157       <!-- Conclusion of user edit form -->
 
  1191       <!-- Conclusion of user edit form -->
 
  1158 EOF;
 
  1192 EOF;
 
  1159       $parser = $template->makeParserText($tpl_code);
 
  1193       $parser = $template->makeParserText($tpl_code);
 
  1193       // @error One or more required parameters not set
 
  1227       // @error One or more required parameters not set
 
  1194       return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->email)';
 
  1228       return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->email)';
 
  1195     }
 
  1229     }
 
  1196     
  1230     
  1197     $form_action = makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true);
 
  1231     $form_action = makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true);
 
  1198     $aes_javascript = $session->aes_javascript("useredit_$this->uuid", 'new_password', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
 
  1232     $aes_javascript = $session->aes_javascript("useredit_$this->uuid", 'new_password', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public', 'dh_mypublic');
 
       
  1233     
       
  1234     // FIXME should this be in logic rather than presentation code?
 
       
  1235     if ( $dh_supported )
 
       
  1236     {
 
       
  1237       global $_math;
 
       
  1238       
       
  1239       $dh_key_priv = dh_gen_private();
 
       
  1240       $dh_key_pub = dh_gen_public($dh_key_priv);
 
       
  1241       $dh_key_priv = $_math->str($dh_key_priv);
 
       
  1242       $dh_key_pub = $_math->str($dh_key_pub);
 
       
  1243       // store the keys in the DB for later fetching
 
       
  1244       $q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
 
       
  1245       if ( !$q )
 
       
  1246         $db->_die();
 
       
  1247     }
 
       
  1248     else
 
       
  1249     {
 
       
  1250       $dh_key_pub = '';
 
       
  1251     }
 
  1199     
  1252     
  1200     $parser->assign_vars(array(
 
  1253     $parser->assign_vars(array(
 
  1201         'UUID' => $this->uuid,
 
  1254         'UUID' => $this->uuid,
 
  1202         'USERNAME' => $this->username,
 
  1255         'USERNAME' => $this->username,
 
  1203         'EMAIL' => $this->email,
 
  1256         'EMAIL' => $this->email,
 
  1204         'USER_ID' => $this->user_id,
 
  1257         'USER_ID' => $this->user_id,
 
  1205         'MD5_CHALLENGE' => $session->dss_rand(),
 
  1258         'MD5_CHALLENGE' => $session->dss_rand(),
 
  1206         'PUBLIC_KEY' => $session->rijndael_genkey(),
 
  1259         'PUBLIC_KEY' => $session->rijndael_genkey(),
 
       
  1260         'DH_SUPPORTED' => ( $dh_supported ? 'true' : 'false' ),
 
       
  1261         'DH_PUBLIC' => $dh_key_pub,
 
  1207         'REAL_NAME' => $this->real_name,
 
  1262         'REAL_NAME' => $this->real_name,
 
  1208         'SIGNATURE_FIELD' => $template->tinymce_textarea('signature', $this->signature, 10, 50),
 
  1263         'SIGNATURE_FIELD' => $template->tinymce_textarea('signature', $this->signature, 10, 50),
 
  1209         'USER_LEVEL_MEMBER' => USER_LEVEL_CHPREF,
 
  1264         'USER_LEVEL_MEMBER' => USER_LEVEL_CHPREF,
 
  1210         'USER_LEVEL_MOD' => USER_LEVEL_MOD,
 
  1265         'USER_LEVEL_MOD' => USER_LEVEL_MOD,
 
  1211         'USER_LEVEL_ADMIN' => USER_LEVEL_ADMIN,
 
  1266         'USER_LEVEL_ADMIN' => USER_LEVEL_ADMIN,
 
  1217         'HOMEPAGE' => $homepage,
 
  1272         'HOMEPAGE' => $homepage,
 
  1218         'LOCATION' => $location,
 
  1273         'LOCATION' => $location,
 
  1219         'JOB' => $job,
 
  1274         'JOB' => $job,
 
  1220         'HOBBIES' => $hobbies,
 
  1275         'HOBBIES' => $hobbies,
 
  1221         'FORM_ACTION' => $form_action,
 
  1276         'FORM_ACTION' => $form_action,
 
  1222         'REG_IP_ADDR' => $this->reg_ip_addr
 
  1277         'REG_IP_ADDR' => $this->reg_ip_addr,
 
       
  1278         'GRAVATAR_URL' => make_gravatar_url($this->email, 16)
 
  1223       ));
 
  1279       ));
 
  1224     
  1280     
  1225     if ( $this->has_avatar )
 
  1281     if ( $this->has_avatar )
 
  1226     {
 
  1282     {
 
  1227       $parser->assign_vars(array(
 
  1283       $parser->assign_vars(array(
Enano CMS (1.1.x)