/system/cp/cp.members.php
PHP | 5601 lines | 3639 code | 1365 blank | 597 comment | 544 complexity | 2223e2fee1dd8e25ecf455659a1e1645 MD5 | raw file
Large files files are truncated, but you can click here to view the full file
- <?php
- /*
- =====================================================
- ExpressionEngine - by EllisLab
- -----------------------------------------------------
- http://expressionengine.com/
- -----------------------------------------------------
- Copyright (c) 2003 - 2010 EllisLab, Inc.
- =====================================================
- THIS IS COPYRIGHTED SOFTWARE
- PLEASE READ THE LICENSE AGREEMENT
- http://expressionengine.com/docs/license.html
- =====================================================
- File: cp.members.php
- -----------------------------------------------------
- Purpose: Member management functions
- =====================================================
- */
- if ( ! defined('EXT'))
- {
- exit('Invalid file request');
- }
- class Members {
- // Default member groups. We used these for translation purposes
-
- var $english = array('Guests', 'Banned', 'Members', 'Pending', 'Super Admins');
-
- var $perpage = 50; // Number of results on the "View all member" page
-
- var $no_delete = array('1', '2', '3', '4'); // Member groups that can not be deleted
-
- /** -----------------------------
- /** Constructor
- /** -----------------------------*/
- function Members()
- {
- global $LANG;
-
- // Fetch the language files
-
- $LANG->fetch_language_file('myaccount');
- $LANG->fetch_language_file('members');
- }
- /* END */
-
-
- /** -----------------------------
- /** View all members
- /** -----------------------------*/
-
- function view_all_members($message = '')
- {
- global $IN, $LANG, $DSP, $LOC, $DB, $PREFS;
-
- // These variables are only set when one of the pull-down menus is used
- // We use it to construct the SQL query with
-
- $group_id = $IN->GBL('group_id', 'GP');
- $order = $IN->GBL('order', 'GP');
-
- $query = $DB->query("SELECT COUNT(*) AS count FROM exp_members");
-
- $total_members = $query->row['count'];
-
- // Begin building the page output
-
- $r = $DSP->qdiv('tableHeading', $LANG->line('view_members'));
-
- if ($message != '')
- {
- $r .= $DSP->qdiv('box', $message);
- }
-
- // Declare the "filtering" form
-
- $r .= $DSP->form_open(array('action' => 'C=admin'.AMP.'M=members'.AMP.'P=view_members'));
-
- $DSP->right_crumb($LANG->line('new_member_search'), BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=member_search');
- // Table start
-
- $r .= $DSP->div('box');
- $r .= $DSP->table('', '0', '', '100%').
- $DSP->tr().
- $DSP->td('itemWrapper', '', '5').NL;
-
- // Member group selection pull-down menu
-
- $r .= $DSP->input_select_header('group_id').
- $DSP->input_select_option('', $LANG->line('member_groups')).
- $DSP->input_select_option('', $LANG->line('all'));
-
- // Fetch the names of all member groups and write each one in an <option> field
-
- $query = $DB->query("SELECT group_title, group_id FROM exp_member_groups WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."' order by group_title");
-
- foreach ($query->result as $row)
- {
- $group_name = $row['group_title'];
-
- if (in_array($group_name, $this->english))
- {
- $group_name = $LANG->line(strtolower(str_replace(" ", "_", $group_name)));
- }
-
- $r .= $DSP->input_select_option($row['group_id'], $group_name, ($group_id == $row['group_id']) ? 1 : '');
- }
- $r .= $DSP->input_select_footer().
- $DSP->nbs(2);
-
-
- // "display order" pull-down menu
-
- $sel_1 = ($order == 'desc') ? 1 : '';
- $sel_2 = ($order == 'asc') ? 1 : '';
- $sel_3 = ($order == 'username') ? 1 : '';
- $sel_4 = ($order == 'username_desc') ? 1 : '';
- $sel_5 = ($order == 'screen_name') ? 1 : '';
- $sel_6 = ($order == 'screen_name_desc') ? 1 : '';
- $sel_7 = ($order == 'email') ? 1 : '';
- $sel_8 = ($order == 'email_desc') ? 1 : '';
-
-
- $r .= $DSP->input_select_header('order').
- $DSP->input_select_option('desc', $LANG->line('sort_order'), $sel_1).
- $DSP->input_select_option('asc', $LANG->line('ascending'), $sel_2).
- $DSP->input_select_option('desc', $LANG->line('descending'), $sel_1).
- $DSP->input_select_option('username_asc', $LANG->line('username_asc'), $sel_3).
- $DSP->input_select_option('username_desc', $LANG->line('username_desc'), $sel_4).
- $DSP->input_select_option('screen_name_asc', $LANG->line('screen_name_asc'), $sel_5).
- $DSP->input_select_option('screen_name_desc', $LANG->line('screen_name_desc'), $sel_6).
- $DSP->input_select_option('email_asc', $LANG->line('email_asc'), $sel_7).
- $DSP->input_select_option('email_desc', $LANG->line('email_desc'), $sel_8).
- $DSP->input_select_footer().
- $DSP->nbs(2);
-
-
- // Submit button and close filtering form
- $r .= $DSP->input_submit($LANG->line('submit'), 'submit');
-
- $r .= $DSP->td_c().
- $DSP->td('defaultRight', '', 2).
- $DSP->heading($LANG->line('total_members').NBS.NBS.$total_members.NBS.NBS.NBS.NBS.NBS, 5).
- $DSP->td_c().
- $DSP->tr_c().
- $DSP->table_c();
- $r .= $DSP->div_c();
- $r .= $DSP->form_close();
-
- // Build the SQL query as well as the query string for the paginate links
-
- $pageurl = BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=view_members';
-
- if ($group_id)
- {
- $query = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = ".$group_id);
-
- $total_count = $query->row['count'];
- }
- else
- {
- $total_count = $total_members;
- }
-
- // No result? Show the "no results" message
- if ($total_count == 0)
- {
- $r .= $DSP->qdiv('', BR.$LANG->line('no_members_matching_that_criteria'));
-
- return $DSP->set_return_data( $LANG->line('view_members'),
- $r,
- $LANG->line('view_members')
- );
- }
-
- // Get the current row number and add the LIMIT clause to the SQL query
-
- if ( ! $rownum = $IN->GBL('rownum', 'GP'))
- {
- $rownum = 0;
- }
- $sql = "SELECT member_id FROM exp_members ";
-
- if ($group_id)
- {
- $sql .= " WHERE group_id = $group_id";
-
- $pageurl .= AMP.'group_id='.$group_id;
- }
-
-
- $o_sql = " ORDER BY ";
-
- if ($order)
- {
- $pageurl .= AMP.'order='.$order;
-
- switch ($order)
- {
- case 'asc' : $o_sql .= "join_date asc";
- break;
- case 'desc' : $o_sql .= "join_date desc";
- break;
- case 'username_asc' : $o_sql .= "username asc";
- break;
- case 'username_desc' : $o_sql .= "username desc";
- break;
- case 'screen_name_asc' : $o_sql .= "screen_name asc";
- break;
- case 'screen_name_desc' : $o_sql .= "screen_name desc";
- break;
- case 'email_asc' : $o_sql .= "email asc";
- break;
- case 'email_desc' : $o_sql .= "email desc";
- break;
- default : $o_sql .= "join_date desc";
- }
- }
- else
- {
- $o_sql .= "join_date desc";
- }
-
- $query = $DB->query($sql.$o_sql." LIMIT ".$rownum.", ".$this->perpage);
-
- $sql = "SELECT exp_members.username,
- exp_members.member_id,
- exp_members.screen_name,
- exp_members.email,
- exp_members.join_date,
- exp_members.last_visit,
- exp_member_groups.group_title
- FROM exp_members, exp_member_groups
- WHERE exp_members.group_id = exp_member_groups.group_id
- AND exp_member_groups.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
- AND exp_members.member_id IN (";
- foreach ($query->result as $row)
- {
- $sql .= $row['member_id'].',';
- }
-
- $sql = substr($sql, 0, -1).')';
- $query = $DB->query($sql.$o_sql);
-
- // "select all" checkbox
- $r .= $DSP->toggle();
-
- $DSP->body_props .= ' onload="magic_check()" ';
-
- $r .= $DSP->magic_checkboxes();
- // Declare the "delete" form
-
- $r .= $DSP->form_open(
- array(
- 'action' => 'C=admin'.AMP.'M=members'.AMP.'P=mbr_conf',
- 'name' => 'target',
- 'id' => 'target'
-
- )
- );
- // Build the table heading
- $r .= $DSP->table('tableBorder', '0', '', '100%').
- $DSP->tr().
- $DSP->table_qcell('tableHeadingAlt', $LANG->line('username')).
- $DSP->table_qcell('tableHeadingAlt', $LANG->line('screen_name')).
- $DSP->table_qcell('tableHeadingAlt', $LANG->line('email')).
- $DSP->table_qcell('tableHeadingAlt', $LANG->line('join_date')).
- $DSP->table_qcell('tableHeadingAlt', $LANG->line('last_visit')).
- $DSP->table_qcell('tableHeadingAlt', $LANG->line('member_group')).
- $DSP->table_qcell('tableHeadingAlt', $DSP->input_checkbox('toggleflag', '', '', "onclick=\"toggle(this);\"")).
- $DSP->tr_c();
-
- // Loop through the query result and write each table row
-
- $i = 0;
-
- foreach($query->result as $row)
- {
- $style = ($i % 2) ? 'tableCellOne' : 'tableCellTwo'; $i++;
-
- $r .= $DSP->tr();
-
- // Username
-
- $r .= $DSP->table_qcell($style,
- $DSP->anchor(
- BASE.AMP.'C=myaccount'.AMP.'id='.$row['member_id'],
- '<b>'.$row['username'].'</b>'
- )
- );
- // Screen name
-
- $screen = ($row['screen_name'] == '') ? "--" : '<b>'.$row['screen_name'].'</b>';
-
- $r .= $DSP->table_qcell($style, $screen);
-
-
- // Email
-
- $r .= $DSP->table_qcell($style,
- $DSP->mailto($row['email'], $row['email'])
- );
- // Join date
- $r .= $DSP->td($style).
- $LOC->convert_timestamp('%Y', $row['join_date']).'-'.
- $LOC->convert_timestamp('%m', $row['join_date']).'-'.
- $LOC->convert_timestamp('%d', $row['join_date']).
- $DSP->td_c();
-
- // Last visit date
- $r .= $DSP->td($style);
-
- if ($row['last_visit'] != 0)
- {
- $r .= $LOC->set_human_time($row['last_visit']);
- }
- else
- {
- $r .= "--";
- }
-
- $r .= $DSP->td_c();
-
- // Member group
-
- $r .= $DSP->td($style);
-
- $group_name = $row['group_title'];
-
- if (in_array($group_name, $this->english))
- {
- $group_name = $LANG->line(strtolower(str_replace(" ", "_", $group_name)));
- }
-
- $r .= $group_name;
-
- $r .= $DSP->td_c();
-
- // Delete checkbox
-
- $r .= $DSP->table_qcell($style, $DSP->input_checkbox('toggle[]', $row['member_id'], '', ' id="delete_box_'.$row['member_id'].'"'));
-
- $r .= $DSP->tr_c();
-
- } // End foreach
-
- $r .= $DSP->table_c();
-
- $r .= $DSP->table('', '0', '', '98%');
- $r .= $DSP->tr().
- $DSP->td();
-
- // Pass the relevant data to the paginate class so it can display the "next page" links
-
- $r .= $DSP->div('crumblinks').
- $DSP->pager(
- $pageurl,
- $total_count,
- $this->perpage,
- $rownum,
- 'rownum'
- ).
- $DSP->div_c().
- $DSP->td_c().
- $DSP->td('defaultRight');
-
- // Delete button
-
- $r .= $DSP->input_submit($LANG->line('submit'));
-
- $r .= NBS.$DSP->input_select_header('action');
- if ($group_id == '4' && $PREFS->ini('req_mbr_activation') == 'email' && $DSP->allowed_group('can_admin_members'))
- {
- $r .= $DSP->input_select_option('resend', $LANG->line('resend_activation_emails'));
- }
-
- $r .= $DSP->input_select_option('delete', $LANG->line('delete_selected')).
- $DSP->input_select_footer().
- $DSP->td_c().
- $DSP->tr_c();
-
- // Table end
-
- $r .= $DSP->table_c().
- $DSP->form_close();
- // Set output data
- $DSP->title = $LANG->line('view_members');
- $DSP->crumb = $DSP->anchor(BASE.AMP.'C=admin'.AMP.'area=members_and_groups', $LANG->line('members_and_groups')).
- $DSP->crumb_item($LANG->line('view_members'));
- $DSP->body = $r;
- }
- /* END */
-
- /** -----------------------------------------------------------
- /** Member Action Confirm
- /** -----------------------------------------------------------*/
-
- function member_confirm()
- {
- if (isset($_POST['action']) && $_POST['action'] == 'resend')
- {
- $this->resend_activation_emails();
- }
- else
- {
- $this->member_delete_confirm();
- }
- }
- /* END */
- /** -----------------------------------------------------------
- /** Resend Pending Member's Activation Emails
- /** -----------------------------------------------------------*/
- function resend_activation_emails()
- {
- global $DSP, $LANG, $DB, $PREFS, $IN, $FNS, $REGX;
-
- if ( ! $DSP->allowed_group('can_admin_members') OR $PREFS->ini('req_mbr_activation') !== 'email')
- {
- return $DSP->no_access_message();
- }
-
- if ($IN->GBL('mid', 'GET') !== FALSE)
- {
- $_POST['toggle'] = $IN->GBL('mid', 'GET');
- }
-
- if ( ! $IN->GBL('toggle', 'POST'))
- {
- return $this->view_all_members();
- }
- $damned = array();
-
- foreach ($_POST as $key => $val)
- {
- if (strstr($key, 'toggle') AND ! is_array($val))
- {
- $damned[] = $DB->escape_str($val);
- }
- }
-
- if (sizeof($damned) == 0)
- {
- return $this->view_all_members();
- }
-
- $query = $DB->query("SELECT screen_name, username, email, authcode FROM exp_members WHERE member_id IN ('".implode("','", $damned)."')");
-
- if ($query->num_rows == 0)
- {
- return $this->view_all_members();
- }
-
- $qs = ($PREFS->ini('force_query_string') == 'y') ? '' : '?';
-
- $action_id = $FNS->fetch_action_id('Member', 'activate_member');
-
- $template = $FNS->fetch_email_template('mbr_activation_instructions');
-
- $swap = array(
- 'site_name' => stripslashes($PREFS->ini('site_name')),
- 'site_url' => $PREFS->ini('site_url')
- );
-
- if ( ! class_exists('EEmail'))
- {
- require PATH_CORE.'core.email'.EXT;
- }
-
- $email = new EEmail;
-
- foreach($query->result as $row)
- {
- $swap['name'] = ($row['screen_name'] != '') ? $row['screen_name'] : $row['username'];
- $swap['activation_url'] = $FNS->fetch_site_index(0, 0).$qs.'ACT='.$action_id.'&id='.$row['authcode'];
- $swap['username'] = $row['username'];
- $swap['email'] = $row['email'];
-
- /** ----------------------------
- /** Send email
- /** ----------------------------*/
-
- $email->initialize();
- $email->wordwrap = true;
- $email->from($PREFS->ini('webmaster_email'), $PREFS->ini('webmaster_name'));
- $email->to($row['email']);
- $email->subject($FNS->var_swap($template['title'], $swap));
- $email->message($REGX->entities_to_ascii($FNS->var_swap($template['data'], $swap)));
- $email->Send();
- }
-
- return $this->view_all_members($DSP->qdiv('success', $LANG->line(($IN->GBL('mid', 'GET') !== FALSE) ? 'activation_email_resent' : 'activation_emails_resent')));
- }
- /* END */
-
-
- /** -----------------------------------------------------------
- /** Delete Member (confirm)
- /** -----------------------------------------------------------*/
- // Warning message if you try to delete members
- //-----------------------------------------------------------
- function member_delete_confirm()
- {
- global $IN, $DSP, $LANG, $DB, $SESS, $PREFS;
-
- if ( ! $DSP->allowed_group('can_delete_members'))
- {
- return $DSP->no_access_message();
- }
-
- $from_myaccount = FALSE;
- $entries_exit = FALSE;
-
- if ($IN->GBL('mid', 'GET') !== FALSE)
- {
- $from_myaccount = TRUE;
- $_POST['toggle'] = $IN->GBL('mid', 'GET');
- }
-
- if ( ! $IN->GBL('toggle', 'POST'))
- {
- return $this->view_all_members();
- }
- $r = $DSP->form_open(array('action' => 'C=admin'.AMP.'M=members'.AMP.'P=mbr_delete'));
-
- $i = 0;
- $damned = array();
-
- foreach ($_POST as $key => $val)
- {
- if (strstr($key, 'toggle') AND ! is_array($val))
- {
- $r .= $DSP->input_hidden('delete[]', $val);
-
- // Is the user trying to delete himself?
-
- if ($SESS->userdata('member_id') == $val)
- {
- return $DSP->error_message($LANG->line('can_not_delete_self'));
- }
-
- $damned[] = $DB->escape_str($val);
- $i++;
- }
- }
-
- $r .= $DSP->qdiv('alertHeading', $LANG->line('delete_member'));
- $r .= $DSP->div('box');
-
- if ($i == 1)
- {
- $r .= $DSP->qdiv('itemWrapper', '<b>'.$LANG->line('delete_member_confirm').'</b>');
-
- $query = $DB->query("SELECT screen_name FROM exp_members WHERE member_id = '".$DB->escape_str($damned['0'])."'");
-
- $r .= $DSP->qdiv('itemWrapper', $DSP->qdiv('highlight', $query->row['screen_name']));
- }
- else
- {
- $r .= '<b>'.$LANG->line('delete_members_confirm').'</b>';
- }
-
- $r .= $DSP->qdiv('itemWrapper', $DSP->qdiv('alert', $LANG->line('action_can_not_be_undone')));
-
- /** ----------------------------------------------------------
- /** Do the users being deleted have entries assigned to them?
- /** ----------------------------------------------------------*/
-
- $sql = "SELECT COUNT(entry_id) AS count FROM exp_weblog_titles WHERE author_id ";
-
- if ($i == 1)
- {
- $sqlb = "= '".$DB->escape_str($damned['0'])."'";
- }
- else
- {
- $sqlb = " IN ('".implode("','",$damned)."')";
- }
-
- $query = $DB->query($sql.$sqlb);
- if ($query->row['count'] > 0)
- {
- $entries_exit = TRUE;
- $r .= $DSP->input_hidden('entries_exit', 'yes');
- }
- if ($DB->table_exists('exp_gallery_entries') === TRUE)
- {
- $sql = "SELECT COUNT(entry_id) AS count FROM exp_gallery_entries WHERE author_id ";
- $query = $DB->query($sql.$sqlb);
- if ($query->row['count'] > 0)
- {
- $entries_exit = TRUE;
- $r .= $DSP->input_hidden('gallery_entries_exit', 'yes');
- }
- }
-
- /** ----------------------------------------------------------
- /** If so, fetch the member names for reassigment
- /** ----------------------------------------------------------*/
- if ($entries_exit == TRUE)
- {
- // Fetch the member_group of each user being deleted
- $sql = "SELECT group_id FROM exp_members WHERE member_id ";
-
- if ($i == 1)
- {
- $sql .= " = '".$DB->escape_str($damned['0'])."'";
- }
- else
- {
- $sql .= " IN ('".implode("','",$damned)."')";
- }
-
- $query = $DB->query($sql);
-
- $group_ids[] = 1;
- if ($query->num_rows > 0)
- {
- foreach($query->result as $row)
- {
- $group_ids[] = $row['group_id'];
- }
- }
-
- $group_ids = array_unique($group_ids);
-
- // Find Valid Member Replacements
- $query = $DB->query("SELECT exp_members.member_id, username, screen_name
- FROM exp_members
- LEFT JOIN exp_member_groups on exp_member_groups.group_id = exp_members.group_id
- WHERE exp_member_groups.group_id IN (".implode(",",$group_ids).")
- AND exp_members.member_id NOT IN ('".implode("','",$damned)."')
- AND (exp_members.in_authorlist = 'y' OR exp_member_groups.include_in_authorlist = 'y')
- AND exp_member_groups.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
- ORDER BY screen_name asc, username asc");
- if ($query->num_rows == 0)
- {
- $query = $DB->query("SELECT member_id, username, screen_name
- FROM exp_members
- WHERE group_id = 1
- AND member_id NOT IN ('".implode("','",$damned)."')
- ORDER BY screen_name asc, username asc");
- }
- $r .= $DSP->div('itemWrapper');
- $r .= $DSP->div('defaultBold');
- $r .= ($i == 1) ? $LANG->line('heir_to_member_entries') : $LANG->line('heir_to_members_entries');
- $r .= $DSP->div_c();
-
- $r .= $DSP->div('itemWrapper');
- $r .= $DSP->input_select_header('heir');
-
- foreach($query->result as $row)
- {
- $r .= $DSP->input_select_option($row['member_id'], ($row['screen_name'] != '') ? $row['screen_name'] : $row['username']);
- }
-
- $r .= $DSP->input_select_footer();
- $r .= $DSP->div_c();
- $r .= $DSP->div_c();
- }
-
- $r .= $DSP->qdiv('itemWrapper', $DSP->input_submit($LANG->line('delete'))).
- $DSP->div_c().
- $DSP->form_close();
- $DSP->title = $LANG->line('delete_member');
- $DSP->crumb = $DSP->anchor(BASE.AMP.'C=admin'.AMP.'area=members_and_groups', $LANG->line('members_and_groups')).
- $DSP->crumb_item($LANG->line('delete_member'));
- $DSP->body = $r;
- }
- /* END */
-
-
- /** ----------------------------------------------
- /** Login as Member - SuperAdmins only!
- /** ----------------------------------------------*/
- function login_as_member()
- {
- global $IN, $DSP, $LANG, $DB, $SESS, $PREFS, $FNS, $LOG;
-
- if ($SESS->userdata['group_id'] != 1)
- {
- return $DSP->no_access_message();
- }
-
- if (($id = $IN->GBL('mid', 'GET')) === FALSE)
- {
- return $DSP->no_access_message();
- }
-
- if ($SESS->userdata['member_id'] == $id)
- {
- return $DSP->no_access_message();
- }
-
- /** ----------------------------------------
- /** Fetch member data
- /** ----------------------------------------*/
- $sql = "SELECT exp_members.screen_name, exp_member_groups.can_access_cp
- FROM exp_members, exp_member_groups
- WHERE member_id = '".$DB->escape_str($id)."'
- AND exp_member_groups.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
- AND exp_members.group_id = exp_member_groups.group_id";
-
- $query = $DB->query($sql);
-
- if ($query->num_rows == 0)
- {
- return $DSP->no_access_message();
- }
-
- $DSP->title = $LANG->line('login_as_member');
- $DSP->crumb = $DSP->anchor(BASE.AMP.'C=admin'.AMP.'area=members_and_groups', $LANG->line('members_and_groups')).
- $DSP->crumb_item($LANG->line('login_as_member'));
-
-
- /** ----------------------------------------
- /** Create Our Little Redirect Form
- /** ----------------------------------------*/
-
- $r = $DSP->form_open(
- array('action' => 'C=admin'.AMP.'M=members'.AMP.'P=do_login_as_member'),
- array('mid' => $id)
- );
-
- $r .= $DSP->qdiv('default', '', 'menu_contents');
-
- $r .= $DSP->table('tableBorder', '0', '', '100%');
-
- $r .= $DSP->tr().
- $DSP->td('tableHeadingAlt', '', '2').$LANG->line('login_as_member').
- $DSP->td_c().
- $DSP->tr_c();
-
- $r .= $DSP->tr().
- $DSP->td('tableCellOne').
- $DSP->qdiv('alert', $LANG->line('action_can_not_be_undone')).
- $DSP->qdiv('itemWrapper', str_replace('%screen_name%', $query->row['screen_name'], $LANG->line('login_as_member_description'))).
- $DSP->td_c().
- $DSP->tr_c();
-
- $r .= $DSP->tr().
- $DSP->td('tableCellTwo');
-
- $r .= $DSP->qdiv('',
- $DSP->input_radio('return_destination', 'site', 1).$DSP->nbs(3).
- $LANG->line('site_homepage')
- );
-
- if ($query->row['can_access_cp'] == 'y')
- {
- $r .= $DSP->qdiv('',
- $DSP->input_radio('return_destination', 'cp').$DSP->nbs(3).
- $LANG->line('control_panel')
- );
- }
-
- $r .= $DSP->qdiv('',
- $DSP->input_radio('return_destination', 'other', '').$DSP->nbs(3).
- $LANG->line('other').NBS.':'.NBS.$DSP->input_text('other_url', $FNS->fetch_site_index(), '30', '80', 'input', '500px')
- );
- $r .= $DSP->td_c().
- $DSP->tr_c().
- $DSP->tr().
- $DSP->td('tableCellOne').
- $DSP->qdiv('itemWrapper', $DSP->input_submit($LANG->line('submit'), 'submit')).
- $DSP->td_c().
- $DSP->tr_c().
- $DSP->table_c().
- $DSP->div_c();
-
- $DSP->body = $r;
- }
- /* END */
-
-
- /** ----------------------------------------------
- /** Login as Member - SuperAdmins only!
- /** ----------------------------------------------*/
- function do_login_as_member()
- {
- global $IN, $DSP, $LANG, $DB, $SESS, $PREFS, $FNS, $LOG, $REGX;
-
- if ($SESS->userdata['group_id'] != 1)
- {
- return $DSP->no_access_message();
- }
-
- if (($id = $IN->GBL('mid')) === FALSE)
- {
- return $DSP->no_access_message();
- }
-
- if ($SESS->userdata['member_id'] == $id)
- {
- return $DSP->no_access_message();
- }
-
- /** ----------------------------------------
- /** Fetch member data
- /** ----------------------------------------*/
- $sql = "SELECT exp_members.username, exp_members.password, exp_members.unique_id, exp_members.member_id, exp_members.group_id, exp_member_groups.can_access_cp
- FROM exp_members, exp_member_groups
- WHERE member_id = '".$DB->escape_str($id)."'
- AND exp_member_groups.site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
- AND exp_members.group_id = exp_member_groups.group_id";
-
- $query = $DB->query($sql);
-
- if ($query->num_rows == 0)
- {
- return $DSP->no_access_message();
- }
-
- $LANG->fetch_language_file('login');
-
- /** --------------------------------------------------
- /** Do we allow multiple logins on the same account?
- /** --------------------------------------------------*/
-
- if ($PREFS->ini('allow_multi_logins') == 'n')
- {
- // Kill old sessions first
-
- $SESS->gc_probability = 100;
-
- $SESS->delete_old_sessions();
-
- $expire = time() - $SESS->session_length;
-
- // See if there is a current session
- $result = $DB->query("SELECT ip_address, user_agent
- FROM exp_sessions
- WHERE member_id = '".$query->row['member_id']."'
- AND last_activity > $expire");
-
- // If a session exists, trigger the error message
-
- if ($result->num_rows == 1)
- {
- if ($SESS->userdata['ip_address'] != $result->row['ip_address'] ||
- $SESS->userdata['user_agent'] != $result->row['user_agent'] )
- {
- return $DSP->error_message($LANG->line('multi_login_warning'));
- }
- }
- }
-
- /** ----------------------------------------
- /** Log the SuperAdmin login
- /** ----------------------------------------*/
-
- $LOG->log_action($LANG->line('login_as_user').':'.NBS.$query->row['username']);
-
- /** ----------------------------------------
- /** Set cookies
- /** ----------------------------------------*/
-
- // Set cookie expiration to one year if the "remember me" button is clicked
- $expire = 0;
- $type = (isset($_POST['return_destination']) && $_POST['return_destination'] == 'cp') ? $PREFS->ini('admin_session_type') : $PREFS->ini('user_session_type');
-
- if ($type != 's')
- {
- $FNS->set_cookie($SESS->c_expire , time()+$expire, $expire);
- $FNS->set_cookie($SESS->c_uniqueid , $query->row['unique_id'], $expire);
- $FNS->set_cookie($SESS->c_password , $query->row['password'], $expire);
- $FNS->set_cookie($SESS->c_anon , 1, $expire);
- }
-
- /** ----------------------------------------
- /** Create a new session
- /** ----------------------------------------*/
- $session_id = $SESS->create_new_session($query->row['member_id'], TRUE);
-
- /** ----------------------------------------
- /** Delete old password lockouts
- /** ----------------------------------------*/
-
- $SESS->delete_password_lockout();
- /** ----------------------------------------
- /** Redirect the user to the return page
- /** ----------------------------------------*/
-
- $return_path = $FNS->fetch_site_index();
-
- if (isset($_POST['return_destination']))
- {
- if ($_POST['return_destination'] == 'cp')
- {
- $s = ($PREFS->ini('admin_session_type') != 'c') ? $SESS->userdata['session_id'] : 0;
- $return_path = $PREFS->ini('cp_url', FALSE).'?S='.$s;
- }
- elseif ($_POST['return_destination'] == 'other' && isset($_POST['other_url']) && stristr($_POST['other_url'], 'http'))
- {
- $return_path = $REGX->xss_clean(strip_tags($_POST['other_url']));
- }
- }
-
- $FNS->redirect($return_path);
- exit;
- }
- /* END */
-
-
-
- /** ---------------------------------------------
- /** Delete Members
- /** ---------------------------------------------*/
- function member_delete()
- {
- global $IN, $DSP, $PREFS, $LANG, $SESS, $FNS, $DB, $STAT, $EXT;
-
- if ( ! $DSP->allowed_group('can_delete_members'))
- {
- return $DSP->no_access_message();
- }
- if ( ! $IN->GBL('delete', 'POST'))
- {
- return $this->view_all_members();
- }
-
- /** ---------------------------------------------
- /** Fetch member ID numbers and build the query
- /** ---------------------------------------------*/
- $ids = array();
- $mids = array();
-
- foreach ($_POST as $key => $val)
- {
- if (strstr($key, 'delete') AND ! is_array($val) AND $val != '')
- {
- $ids[] = "member_id = '".$DB->escape_str($val)."'";
- $mids[] = $DB->escape_str($val);
- }
- }
-
- $IDS = implode(" OR ", $ids);
- // SAFETY CHECK
- // Let's fetch the Member Group ID of each member being deleted
- // If there is a Super Admin in the bunch we'll run a few more safeties
-
- $super_admins = 0;
-
- $query = $DB->query("SELECT group_id FROM exp_members WHERE ".$IDS);
-
- foreach ($query->result as $row)
- {
- if ($query->row['group_id'] == 1)
- {
- $super_admins++;
- }
- }
-
- if ($super_admins > 0)
- {
- // You must be a Super Admin to delete a Super Admin
-
- if ($SESS->userdata['group_id'] != 1)
- {
- return $DSP->error_message($LANG->line('must_be_superadmin_to_delete_one'));
- }
-
- // You can't detete the only Super Admin
-
- $query = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = '1'");
-
- if ($super_admins >= $query->row['count'])
- {
- return $DSP->error_message($LANG->line('can_not_delete_super_admin'));
- }
- }
-
- // If we got this far we're clear to delete the members
-
- $DB->query("DELETE FROM exp_members WHERE ".$IDS);
- $DB->query("DELETE FROM exp_member_data WHERE ".$IDS);
- $DB->query("DELETE FROM exp_member_homepage WHERE ".$IDS);
-
- foreach($mids as $val)
- {
- $message_query = $DB->query("SELECT DISTINCT recipient_id FROM exp_message_copies WHERE sender_id = '$val' AND message_read = 'n'");
- $DB->query("DELETE FROM exp_message_copies WHERE sender_id = '$val'");
- $DB->query("DELETE FROM exp_message_data WHERE sender_id = '$val'");
- $DB->query("DELETE FROM exp_message_folders WHERE member_id = '$val'");
- $DB->query("DELETE FROM exp_message_listed WHERE member_id = '$val'");
-
- if ($message_query->num_rows > 0)
- {
- foreach($message_query->result as $row)
- {
- $count_query = $DB->query("SELECT COUNT(*) AS count FROM exp_message_copies WHERE recipient_id = '".$row['recipient_id']."' AND message_read = 'n'");
- $DB->query($DB->update_string('exp_members', array('private_messages' => $count_query->row['count']), "member_id = '".$row['recipient_id']."'"));
- }
- }
- }
-
- /** ----------------------------------
- /** Are there forum posts to delete?
- /** ----------------------------------*/
-
- if ($PREFS->ini('forum_is_installed') == "y")
- {
- $DB->query("DELETE FROM exp_forum_subscriptions WHERE ".$IDS);
- $DB->query("DELETE FROM exp_forum_pollvotes WHERE ".$IDS);
- $IDS = str_replace('member_id', 'admin_member_id', $IDS);
- $DB->query("DELETE FROM exp_forum_administrators WHERE ".$IDS);
-
- $IDS = str_replace('admin_member_id', 'mod_member_id', $IDS);
- $DB->query("DELETE FROM exp_forum_moderators WHERE ".$IDS);
- $IDS = str_replace('mod_member_id', 'author_id', $IDS);
- $DB->query("DELETE FROM exp_forum_topics WHERE ".$IDS);
-
- // Snag the affected topic id's before deleting the members for the update afterwards
- $query = $DB->query("SELECT topic_id FROM exp_forum_posts WHERE ".$IDS);
-
- if ($query->num_rows > 0)
- {
- $topic_ids = array();
-
- foreach ($query->result as $row)
- {
- $topic_ids[] = $row['topic_id'];
- }
-
- $topic_ids = array_unique($topic_ids);
- }
-
- $DB->query("DELETE FROM exp_forum_posts WHERE ".$IDS);
- $DB->query("DELETE FROM exp_forum_polls WHERE ".$IDS);
- // Kill any attachments
- $query = $DB->query("SELECT attachment_id, filehash, extension, board_id FROM exp_forum_attachments WHERE ".str_replace('author_id', 'member_id', $IDS));
-
- if ($query->num_rows > 0)
- {
- // Grab the upload path
- $res = $DB->query('SELECT board_id, board_upload_path FROM exp_forum_boards');
-
- $paths = array();
- foreach ($res->result as $row)
- {
- $paths[$row['board_id']] = $row['board_upload_path'];
- }
-
- foreach ($query->result as $row)
- {
- if ( ! isset($paths[$row['board_id']]))
- {
- continue;
- }
-
- $file = $paths[$row['board_id']].$row['filehash'].$row['extension'];
- $thumb = $paths[$row['board_id']].$row['filehash'].'_t'.$row['extension'];
-
- @unlink($file);
- @unlink($thumb);
-
- $DB->query("DELETE FROM exp_forum_attachments WHERE attachment_id = '{$row['attachment_id']}'");
- }
- }
-
- // Update the forum stats
- $query = $DB->query("SELECT forum_id FROM exp_forums WHERE forum_is_cat = 'n'");
-
-
- if ( ! class_exists('Forum'))
- {
- require PATH_MOD.'forum/mod.forum'.EXT;
- require PATH_MOD.'forum/mod.forum_core'.EXT;
- }
-
- $FRM = new Forum_Core;
-
- foreach ($query->result as $row)
- {
- $FRM->_update_post_stats($row['forum_id']);
- }
-
- if (isset($topic_ids))
- {
- foreach ($topic_ids as $topic_id)
- {
- $FRM->_update_topic_stats($topic_id);
- }
- }
- }
-
- /** -------------------------------------
- /** Delete comments and update entry stats
- /** -------------------------------------*/
-
- $weblog_ids = array();
-
- $IDS = str_replace('member_id', 'author_id', $IDS);
-
- $query = $DB->query("SELECT DISTINCT(entry_id), weblog_id FROM exp_comments WHERE ".$IDS);
-
- if ($query->num_rows > 0)
- {
- $DB->query("DELETE FROM exp_comments WHERE ".$IDS);
-
- foreach ($query->result as $row)
- {
- $weblog_ids[] = $row['weblog_id'];
-
- $query = $DB->query("SELECT MAX(comment_date) AS max_date FROM exp_comments WHERE status = 'o' AND entry_id = '".$DB->escape_str($row['entry_id'])."'");
-
- $comment_date = ($query->num_rows == 0 OR !is_numeric($query->row['max_date'])) ? 0 : $query->row['max_date'];
-
- $query = $DB->query("SELECT COUNT(*) AS count FROM exp_comments WHERE entry_id = '{$row['entry_id']}' AND status = 'o'");
-
- $DB->query("UPDATE exp_weblog_titles
- SET comment_total = '".$DB->escape_str($query->row['count'])."', recent_comment_date = '$comment_date'
- WHERE entry_id = '{$row['entry_id']}'");
- }
- }
-
- if (count($weblog_ids) > 0)
- {
- foreach (array_unique($weblog_ids) as $weblog_id)
- {
- $STAT->update_comment_stats($weblog_id);
- }
- }
- /** ----------------------------------
- /** Reassign Entires to Heir
- /** ----------------------------------*/
-
- $heir_id = $IN->GBL('heir', 'POST');
- $entries_exit = $IN->GBL('entries_exit', 'POST');
- $gallery_entries_exit = $IN->GBL('gallery_entries_exit', 'POST');
-
-
- if ($heir_id !== FALSE && is_numeric($heir_id))
- {
- if ($entries_exit == 'yes')
- {
- $DB->query("UPDATE exp_weblog_titles SET author_id = '{$heir_id}' WHERE
- ".str_replace('member_id', 'author_id', $IDS));
- $query = $DB->query("SELECT COUNT(entry_id) AS count, MAX(entry_date) AS entry_date
- FROM exp_weblog_titles
- WHERE author_id = '{$heir_id}'");
-
- $DB->query("UPDATE exp_members
- SET total_entries = '".$DB->escape_str($query->row['count'])."', last_entry_date = '".$DB->escape_str($query->row['entry_date'])."'
- WHERE member_id = '{$heir_id}'");
- }
- if ($gallery_entries_exit == 'yes')
- {
- $DB->query("UPDATE exp_gallery_entries SET author_id = '{$heir_id}' WHERE ".str_replace('member_id', 'author_id', $IDS));
- }
- }
-
- // -------------------------------------------
- // 'cp_members_member_delete_end' hook.
- // - Additional processing when a member is deleted through the CP
- //
- $edata = $EXT->call_extension('cp_members_member_delete_end');
- if ($EXT->end_script === TRUE) return;
- //
- // -------------------------------------------
-
- // Update global stats
-
- $STAT->update_member_stats();
-
- $message = (count($ids) == 1) ? $DSP->qdiv('success', $LANG->line('member_deleted')) :
- $DSP->qdiv('success', $LANG->line('members_deleted'));
- return $this->view_all_members($message);
- }
- /* END */
-
- /** -----------------------------
- /** Member group overview
- /** -----------------------------*/
-
- function member_group_manager($message = '')
- {
- global $LANG, $DSP, $DB, $IN, $PREFS;
-
- $row_limit = 20;
- $paginate = '';
-
- if ( ! $DSP->allowed_group('can_admin_mbr_groups'))
- {
- return $DSP->no_access_message();
- }
-
- $sql = "SELECT group_id, group_title, can_access_cp, is_locked
- FROM exp_member_groups
- WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'
- ORDER BY exp_member_groups.group_title";
-
- $g_query = $DB->query("SELECT group_id, group_title FROM exp_member_groups WHERE site_id = '".$DB->escape_str($PREFS->ini('site_id'))."'");
-
- if ($g_query->num_rows > $row_limit)
- {
- $row_count = ( ! $IN->GBL('row')) ? 0 : $IN->GBL('row');
-
- $paginate = $DSP->pager( BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=mbr_group_manager',
- $g_query->num_rows,
- $row_limit,
- $row_count,
- 'row'
- );
-
- $sql .= " LIMIT ".$row_count.", ".$row_limit;
- }
- $query = $DB->query($sql);
-
-
- $DSP->body .= $DSP->qdiv('tableHeading', $LANG->line('member_groups'));
-
- if ($message != '')
- $DSP->body .= $DSP->qdiv('box', $message);
-
- $DSP->body .= $DSP->table('tableBorder', '0', '', '100%').
- $DSP->tr().
- $DSP->table_qcell('tableHeadingAlt',
- array(
- $LANG->line('group_title'),
- $LANG->line('edit_group'),
- $LANG->line('security_lock'),
- $LANG->line('group_id'),
- $LANG->line('mbrs'),
- $LANG->line('delete')
- )
- ).
- $DSP->tr_c();
-
-
- $i = 0;
-
- foreach($query->result as $row)
- {
- $group_name = $row['group_title'];
-
- if (in_array($group_name, $this->english))
- {
- $group_name = $LANG->line(strtolower(str_replace(" ", "_", $group_name)));
- }
-
- $style = ($i % 2) ? 'tableCellOne' : 'tableCellTwo'; $i++;
-
- $DSP->body .= $DSP->tr();
-
- $title = ($row['can_access_cp'] == 'y') ? $DSP->qspan('highlight', $DSP->required().NBS.$group_name) : $group_name;
-
- $DSP->body .= $DSP->table_qcell($style, $DSP->qspan('defaultBold', $title), '25%');
- $DSP->body .= $DSP->table_qcell($style, $DSP->anchor(BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=edit_mbr_group'.AMP.'group_id='.$row['group_id'], $LANG->line('edit_group')), '18%');
- $status = ($row['is_locked'] == 'y') ? $DSP->qdiv('highlight', $LANG->line('locked')) : $DSP->qdiv('highlight_alt', $LANG->line('unlocked'));
-
- $DSP->body .= $DSP->table_qcell($style, $status, '17%');
-
- $DSP->body .= $DSP->table_qcell($style, $row['group_id'], '15%');
- $group_id = $row['group_id'];
- $cquery = $DB->query("SELECT COUNT(*) AS count FROM exp_members WHERE group_id = '{$group_id}'");
- $DSP->body .= $DSP->table_qcell($style, $DSP->qspan('lightLinks', '('.$cquery->row['count'].')').NBS.
- $DSP->anchor(BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=view_members'.AMP.'group_id='.$row['group_id'],
- $LANG->line('view')), '15%');
- $delete = ( ! in_array($row['group_id'], $this->no_delete)) ? $DSP->anchor(BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=mbr_group_del_conf'.AMP.'group_id='.$row['group_id'], $LANG->line('delete')) : '--';
- $DSP->body .= $DSP->table_qcell($style, $delete, '10%');
- $DSP->body .= $DSP->tr_c();
- }
-
- $DSP->body .= $DSP->table_c();
-
- if ($paginate != '')
- {
- $DSP->body .= $DSP->qdiv('itemWrapper', $DSP->qdiv('defaultBold', $paginate));
- }
-
- $DSP->body .= $DSP->qdiv('bigPad', $DSP->qspan('alert', '*').NBS.$LANG->line('member_has_cp_access'));
-
- $DSP->body .= $DSP->form_open(array('action' => 'C=admin'.AMP.'M=members'.AMP.'P=edit_mbr_group'));
-
- $DSP->body .= $DSP->div('box');
- $DSP->body .= NBS.NBS.$LANG->line('create_group_based_on_old').$DSP->nbs(3);
- $DSP->body .= $DSP->input_select_header('clone_id');
-
- foreach($g_query->result as $row)
- {
- $DSP->body .= $DSP->input_select_option($row['group_id'], $row['group_title']);
- }
-
- $DSP->body .= $DSP->input_select_footer();
- $DSP->body .= $DSP->nbs(2).$DSP->input_submit();
- $DSP->body .= $DSP->div_c();
- $DSP->body .= $DSP->form_close();
-
-
- $DSP->title = $LANG->line('member_groups');
- $DSP->crumb = $DSP->anchor(BASE.AMP.'C=admin'.AMP.'area=members_and_groups', $LANG->line('members_and_groups')).
- $DSP->crumb_item($LANG->line('member_groups'));
-
- $DSP->right_crumb($LANG->line('create_new_member_group'), BASE.AMP.'C=admin'.AMP.'M=members'.AMP.'P=edit_mbr_group');
- }
- /* END */
-
-
-
- /** ----------------------------------
- /** Edit/Create a member group form
- /** ----------------------------------*/
-
- function edit_member_group_form($msg='')
- {
- global $IN, $DSP, $DB, $SESS, $LANG, $PREFS;
- /** ----------------------------------------------------
- /** Only super admins can administrate member groups
- /** ----------------------------------------------------*/
-
- if ($SESS->userdata['group_id'] != 1)
- {
- return $DSP->no_access_message($LANG->line('only_superadmins_can_admin_groups'));
- }
-
- $group_id = $IN->GBL('group_id');
- $clone_id = $IN->GBL('clone_id');
-
- $id = ( ! $group_id) ? '3' : $group_id;
-
-
- // Assign the page title
- $title = ($group_id != '') ? $LANG->line('edit_member_group') : $LANG->line('create_member_group');
-
- /** ----------------------------------
- /** Fetch the Sites
- /** ----------------------------------*/
-
- if ($PREFS->ini('multiple_sites_enabled') == 'y')
- {
- $sites_query = $DB->query("SELECT * FROM exp_sites ORDER BY site_label");
- }
- else
- {
- $sites_query = $DB->query("SELECT * FROM exp_sites WHERE site_id = '1'");
- }
-
- /** ----------------------------------
- /** Fetch the member group data
- /** ----------------------------------*/
-
- if ($clone_id != '') $id = $clone_id;
-
- $query = $DB->query("SELECT * FROM exp_member_groups WHERE group_id = '".$DB->escape_str($id)."'");
-
- $result = ($query->num_rows == 0) ? FALSE : TRUE;
-
- $group_data = array();
-
- foreach($query->result as $row)
- {
- $group_data[$row['site_id']] = $row;
- }
-
- $default_id = $query->row['site_id'];
-
- /** ----------------------------------
- /** Translate the group title
- /** ----------------------------------*/
-
- // We only translate this if it has not been edited
-
- $group_title = ($group_id == '') ? '' : $group_data[$default_id]['group_title'];
- $group_description = ($group_id == '') ? '' : $group_data[$default_id]['group_description'];
-
- …
Large files files are truncated, but you can click here to view the full file