plugins/admin/UserManager.php
changeset 629 8733c22969e7
parent 621 68f8a9cc0a18
child 630 3a8ed301be66
equal deleted inserted replaced
628:ab6f55abb17e 629:8733c22969e7
    21     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
    21     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
    22     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
    22     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
    23     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
    23     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
    24     return;
    24     return;
    25   }
    25   }
       
    26   
       
    27   require_once(ENANO_ROOT . '/includes/math.php');
       
    28   require_once(ENANO_ROOT . '/includes/diffiehellman.php');
       
    29   
       
    30   $GLOBALS['dh_supported'] = $dh_supported;
    26   
    31   
    27   //die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>');
    32   //die('<pre>' . htmlspecialchars(print_r($_POST, true)) . '</pre>');
    28   
    33   
    29   if ( isset($_POST['action']['save']) )
    34   if ( isset($_POST['action']['save']) )
    30   {
    35   {
   309             else
   314             else
   310             {
   315             {
   311               // move failed - turn avatar off
   316               // move failed - turn avatar off
   312               $to_update_users['user_has_avatar'] = '0';
   317               $to_update_users['user_has_avatar'] = '0';
   313             }
   318             }
       
   319             break;
       
   320           case 'set_gravatar':
       
   321             // set avatar to use Gravatar
       
   322             // first, remove old image
       
   323             if ( $has_avi )
       
   324             {
       
   325               @unlink($avi_path);
       
   326             }
       
   327             // set to gravatar mode
       
   328             $to_update_users['user_has_avatar'] = '1';
       
   329             $to_update_users['avatar_type'] = 'grv';
       
   330             
       
   331             $has_avi = 1;
   314             break;
   332             break;
   315         }
   333         }
   316         
   334         
   317         if ( count($errors) < 1 )
   335         if ( count($errors) < 1 )
   318         {
   336         {
   791   
   809   
   792   function render()
   810   function render()
   793   {
   811   {
   794     global $db, $session, $paths, $template, $plugins; // Common objects
   812     global $db, $session, $paths, $template, $plugins; // Common objects
   795     global $lang;
   813     global $lang;
       
   814     global $dh_supported;
   796     if ( file_exists( ENANO_ROOT . "/themes/$template->theme/admin_usermanager_form.tpl" ) )
   815     if ( file_exists( ENANO_ROOT . "/themes/$template->theme/admin_usermanager_form.tpl" ) )
   797     {
   816     {
   798       $parser = $template->makeParser('admin_usermanager_form.tpl');
   817       $parser = $template->makeParser('admin_usermanager_form.tpl');
   799     }
   818     }
   800     else
   819     else
   895                       <input type="hidden" name="changing_pw" value="no" />
   914                       <input type="hidden" name="changing_pw" value="no" />
   896                       <input type="hidden" name="challenge_data" value="{MD5_CHALLENGE}" />
   915                       <input type="hidden" name="challenge_data" value="{MD5_CHALLENGE}" />
   897                       <input type="hidden" name="use_crypt" value="no" />
   916                       <input type="hidden" name="use_crypt" value="no" />
   898                       <input type="hidden" name="crypt_key" value="{PUBLIC_KEY}" />
   917                       <input type="hidden" name="crypt_key" value="{PUBLIC_KEY}" />
   899                       <input type="hidden" name="crypt_data" value="" />
   918                       <input type="hidden" name="crypt_data" value="" />
       
   919                       <input type="hidden" name="dh_supported" value="{DH_SUPPORTED}" />
       
   920                       <input type="hidden" name="dh_public" value="{DH_PUBLIC}" />
       
   921                       <input type="hidden" name="dh_mypublic" value="" />
   900                       <table border="0" style="background-color: transparent;" cellspacing="0" cellpadding="0">
   922                       <table border="0" style="background-color: transparent;" cellspacing="0" cellpadding="0">
   901                         <tr>
   923                         <tr>
   902                           <td colspan="2">
   924                           <td colspan="2">
   903                             <b>{lang:acpum_field_password_title}</b>
   925                             <b>{lang:acpum_field_password_title}</b>
   904                           </td>
   926                           </td>
  1037                   <td class="row2">
  1059                   <td class="row2">
  1038                     {lang:acpum_avatar_lbl_change}
  1060                     {lang:acpum_avatar_lbl_change}
  1039                   </td>
  1061                   </td>
  1040                   <td class="row1">
  1062                   <td class="row1">
  1041                     <script type="text/javascript">
  1063                     <script type="text/javascript">
  1042                       function admincp_users_avatar_set_{UUID}(obj)
  1064                       function admincp_users_avatar_set_{UUID}(elParent)
  1043                       {
  1065                       {
  1044                         switch(obj.value)
  1066                         switch(elParent.value)
  1045                         {
  1067                         {
  1046                           case 'keep':
  1068                           case 'keep':
  1047                           case 'remove':
  1069                           case 'remove':
  1048                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
  1070                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
  1049                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
  1071                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
       
  1072                             $('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
  1050                             break;
  1073                             break;
  1051                           case 'set_http':
  1074                           case 'set_http':
  1052                             $('avatar_upload_http_{UUID}').object.style.display = 'block';
  1075                             $('avatar_upload_http_{UUID}').object.style.display = 'block';
  1053                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
  1076                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
       
  1077                             $('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
  1054                             break;
  1078                             break;
  1055                           case 'set_file':
  1079                           case 'set_file':
  1056                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
  1080                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
  1057                             $('avatar_upload_file_{UUID}').object.style.display = 'block';
  1081                             $('avatar_upload_file_{UUID}').object.style.display = 'block';
       
  1082                             $('avatar_upload_gravatar_{UUID}').object.style.display = 'none';
       
  1083                             break;
       
  1084                           case 'set_gravatar':
       
  1085                             $('avatar_upload_gravatar_{UUID}').object.style.display = 'block';
       
  1086                             $('avatar_upload_http_{UUID}').object.style.display = 'none';
       
  1087                             $('avatar_upload_file_{UUID}').object.style.display = 'none';
  1058                             break;
  1088                             break;
  1059                         }
  1089                         }
  1060                       }
  1090                       }
  1061                     </script>
  1091                     </script>
  1062                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br />
  1092                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="keep" checked="checked" /> {lang:acpum_avatar_lbl_keep}</label><br />
  1064                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_http" /> {lang:acpum_avatar_lbl_set_http}</label><br />
  1094                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_http" /> {lang:acpum_avatar_lbl_set_http}</label><br />
  1065                       <div id="avatar_upload_http_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
  1095                       <div id="avatar_upload_http_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
  1066                         {lang:usercp_avatar_lbl_url} <input type="text" name="avatar_http_url" size="40" value="http://" /><br />
  1096                         {lang:usercp_avatar_lbl_url} <input type="text" name="avatar_http_url" size="40" value="http://" /><br />
  1067                         <small>{lang:usercp_avatar_lbl_url_desc} {lang:usercp_avatar_limits}</small>
  1097                         <small>{lang:usercp_avatar_lbl_url_desc} {lang:usercp_avatar_limits}</small>
  1068                       </div>
  1098                       </div>
  1069                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_file" /> {lang:acpum_avatar_lbl_set_file}</label>
  1099                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_file" /> {lang:acpum_avatar_lbl_set_file}</label><br />
  1070                       <div id="avatar_upload_file_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
  1100                       <div id="avatar_upload_file_{UUID}" style="display: none; margin: 10px 0 0 2.2em;">
  1071                         {lang:usercp_avatar_lbl_file} <input type="file" name="avatar_file" size="40" value="http://" /><br />
  1101                         {lang:usercp_avatar_lbl_file} <input type="file" name="avatar_file" size="40" value="http://" /><br />
  1072                         <small>{lang:usercp_avatar_lbl_file_desc} {lang:usercp_avatar_limits}</small>
  1102                         <small>{lang:usercp_avatar_lbl_file_desc} {lang:usercp_avatar_limits}</small>
  1073                       </div>
  1103                       </div>
       
  1104                     <label><input onclick="admincp_users_avatar_set_{UUID}(this);" type="radio" name="avatar_action" value="set_gravatar" /> {lang:acpum_avatar_lbl_set_gravatar} <img alt=" " src="{GRAVATAR_URL}" /></label><br />
       
  1105                       <div id="avatar_upload_gravatar_{UUID}"></div>
  1074                   </td>
  1106                   </td>
  1075                 </tr>
  1107                 </tr>
  1076                 
  1108                 
  1077               <!-- / Avatar settings -->
  1109               <!-- / Avatar settings -->
  1078               
  1110               
  1147             </table>
  1179             </table>
  1148           </div>
  1180           </div>
  1149         
  1181         
  1150         </form>
  1182         </form>
  1151         
  1183         
       
  1184         <!-- BEGINNOT same_user -->
  1152         <script type="text/javascript">
  1185         <script type="text/javascript">
  1153         password_score_field(document.forms['useredit_{UUID}'].new_password);
  1186         password_score_field(document.forms['useredit_{UUID}'].new_password);
  1154         </script>
  1187         </script>
       
  1188         <!-- END same_user -->
  1155         
  1189         
  1156         {AES_JAVASCRIPT}
  1190         {AES_JAVASCRIPT}
  1157       <!-- Conclusion of user edit form -->
  1191       <!-- Conclusion of user edit form -->
  1158 EOF;
  1192 EOF;
  1159       $parser = $template->makeParserText($tpl_code);
  1193       $parser = $template->makeParserText($tpl_code);
  1193       // @error One or more required parameters not set
  1227       // @error One or more required parameters not set
  1194       return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->email)';
  1228       return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->email)';
  1195     }
  1229     }
  1196     
  1230     
  1197     $form_action = makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true);
  1231     $form_action = makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true);
  1198     $aes_javascript = $session->aes_javascript("useredit_$this->uuid", 'new_password', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data');
  1232     $aes_javascript = $session->aes_javascript("useredit_$this->uuid", 'new_password', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data', 'dh_supported', 'dh_public', 'dh_mypublic');
       
  1233     
       
  1234     // FIXME should this be in logic rather than presentation code?
       
  1235     if ( $dh_supported )
       
  1236     {
       
  1237       global $_math;
       
  1238       
       
  1239       $dh_key_priv = dh_gen_private();
       
  1240       $dh_key_pub = dh_gen_public($dh_key_priv);
       
  1241       $dh_key_priv = $_math->str($dh_key_priv);
       
  1242       $dh_key_pub = $_math->str($dh_key_pub);
       
  1243       // store the keys in the DB for later fetching
       
  1244       $q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
       
  1245       if ( !$q )
       
  1246         $db->_die();
       
  1247     }
       
  1248     else
       
  1249     {
       
  1250       $dh_key_pub = '';
       
  1251     }
  1199     
  1252     
  1200     $parser->assign_vars(array(
  1253     $parser->assign_vars(array(
  1201         'UUID' => $this->uuid,
  1254         'UUID' => $this->uuid,
  1202         'USERNAME' => $this->username,
  1255         'USERNAME' => $this->username,
  1203         'EMAIL' => $this->email,
  1256         'EMAIL' => $this->email,
  1204         'USER_ID' => $this->user_id,
  1257         'USER_ID' => $this->user_id,
  1205         'MD5_CHALLENGE' => $session->dss_rand(),
  1258         'MD5_CHALLENGE' => $session->dss_rand(),
  1206         'PUBLIC_KEY' => $session->rijndael_genkey(),
  1259         'PUBLIC_KEY' => $session->rijndael_genkey(),
       
  1260         'DH_SUPPORTED' => ( $dh_supported ? 'true' : 'false' ),
       
  1261         'DH_PUBLIC' => $dh_key_pub,
  1207         'REAL_NAME' => $this->real_name,
  1262         'REAL_NAME' => $this->real_name,
  1208         'SIGNATURE_FIELD' => $template->tinymce_textarea('signature', $this->signature, 10, 50),
  1263         'SIGNATURE_FIELD' => $template->tinymce_textarea('signature', $this->signature, 10, 50),
  1209         'USER_LEVEL_MEMBER' => USER_LEVEL_CHPREF,
  1264         'USER_LEVEL_MEMBER' => USER_LEVEL_CHPREF,
  1210         'USER_LEVEL_MOD' => USER_LEVEL_MOD,
  1265         'USER_LEVEL_MOD' => USER_LEVEL_MOD,
  1211         'USER_LEVEL_ADMIN' => USER_LEVEL_ADMIN,
  1266         'USER_LEVEL_ADMIN' => USER_LEVEL_ADMIN,
  1217         'HOMEPAGE' => $homepage,
  1272         'HOMEPAGE' => $homepage,
  1218         'LOCATION' => $location,
  1273         'LOCATION' => $location,
  1219         'JOB' => $job,
  1274         'JOB' => $job,
  1220         'HOBBIES' => $hobbies,
  1275         'HOBBIES' => $hobbies,
  1221         'FORM_ACTION' => $form_action,
  1276         'FORM_ACTION' => $form_action,
  1222         'REG_IP_ADDR' => $this->reg_ip_addr
  1277         'REG_IP_ADDR' => $this->reg_ip_addr,
       
  1278         'GRAVATAR_URL' => make_gravatar_url($this->email, 16)
  1223       ));
  1279       ));
  1224     
  1280     
  1225     if ( $this->has_avatar )
  1281     if ( $this->has_avatar )
  1226     {
  1282     {
  1227       $parser->assign_vars(array(
  1283       $parser->assign_vars(array(