PageRenderTime 89ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/modules/users/admin/edit.php

http://viet-group.googlecode.com/
PHP | 352 lines | 302 code | 44 blank | 6 comment | 44 complexity | ff665d2cac5d59d878299f9b19802c1f MD5 | raw file
Possible License(s): BSD-3-Clause 
    

  1. <?php

    2. 

  2. 

    3. 

  3. /**
    4. 

  4.  * @Project NUKEVIET CMS 3.0
    5. 

  5.  * @Author VINADES (contact@vinades.vn)
    6. 

  6.  * @Copyright ? 2010 VINADES. All rights reserved
    7. 

  7.  * @Createdate 04/05/2010 
    8. 

  8.  */

    9. 

  9. 

    10. 

  10. if ( ! defined( 'NV_IS_FILE_ADMIN' ) ) die( 'Stop!!!' );

    11. 

  11. 

    12. 

  12. $page_title = $lang_module['edit_title'];

    13. 

  13. 

    14. 

  14. $userid = $nv_Request->get_int( 'userid', 'get', 0 );

    15. 

  15. 

    16. 

  16. if ( empty( $userid ) )

    17. 

  17. {

    18. 

  18.     Header( "Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name );

    19. 

  19.     die();

    20. 

  20. }

    21. 

  21. 

    22. 

  22. $sql = "SELECT * FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`=" . $userid;

    23. 

  23. $result = $db->sql_query( $sql );

    24. 

  24. $numrows = $db->sql_numrows( $result );

    25. 

  25. if ( $numrows != 1 )

    26. 

  26. {

    27. 

  27.     Header( "Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name );

    28. 

  28.     die();

    29. 

  29. }

    30. 

  30. $row = $db->sql_fetchrow( $result );

    31. 

  31. $array_old_groups = ( ! empty( $row['in_groups'] ) ) ? explode( ',', $row['in_groups'] ) : array();

    32. 

  32. 

    33. 

  33. $allow = false;

    34. 

  34. 

    35. 

  35. $sql = "SELECT `lev` FROM `" . NV_AUTHORS_GLOBALTABLE . "` WHERE `admin_id`=" . $userid;

    36. 

  36. $query = $db->sql_query( $sql );

    37. 

  37. $numrows = $db->sql_numrows( $query );

    38. 

  38. if ( ! $numrows )

    39. 

  39. {

    40. 

  40.     $allow = true;

    41. 

  41. }

    42. 

  42. else

    43. 

  43. {

    44. 

  44.     list( $level ) = $db->sql_fetchrow( $query );

    45. 

  45.     

    46. 

  46.     if ( $admin_info['admin_id'] == $userid or $admin_info['level'] < $level )

    47. 

  47.     {

    48. 

  48.         $allow = true;

    49. 

  49.     }

    50. 

  50. }

    51. 

  51. 

    52. 

  52. if ( ! $allow )

    53. 

  53. {

    54. 

  54.     Header( "Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name );

    55. 

  55.     die();

    56. 

  56. }

    57. 

  57. 

    58. 

  58. $_user = array();

    59. 

  59. 

    60. 

  60. $groups_list = nv_groups_list();

    61. 

  61. $error = "";

    62. 

  62. 

    63. 

  63. if ( $nv_Request->isset_request( 'confirm', 'post' ) )

    64. 

  64. {

    65. 

  65.     nv_insert_logs( NV_LANG_DATA, $module_name, 'log_edit_user', "userid " . $userid, $admin_info['userid'] );

    66. 

  66.     $_user['username'] = filter_text_input( 'username', 'post', '', 1, NV_UNICKMAX );

    67. 

  67.     $_user['email'] = filter_text_input( 'email', 'post', '', 1, 100 );

    68. 

  68.     $_user['password1'] = filter_text_input( 'password1', 'post', '', 0, NV_UPASSMAX );

    69. 

  69.     $_user['password2'] = filter_text_input( 'password2', 'post', '', 0, NV_UPASSMAX );

    70. 

  70.     $_user['question'] = filter_text_input( 'question', 'post', '', 1, 255 );

    71. 

  71.     $_user['answer'] = filter_text_input( 'answer', 'post', '', 1, 255 );

    72. 

  72.     $_user['full_name'] = filter_text_input( 'full_name', 'post', '', 1, 255 );

    73. 

  73.     $_user['gender'] = filter_text_input( 'gender', 'post', '', 1, 1 );

    74. 

  74.     $_user['website'] = filter_text_input( 'website', 'post', '' );

    75. 

  75.     $_user['location'] = filter_text_input( 'location', 'post', '', 1 );

    76. 

  76.     $_user['yim'] = filter_text_input( 'yim', 'post', '', 1, 100 );

    77. 

  77.     $_user['telephone'] = filter_text_input( 'telephone', 'post', '', 1, 100 );

    78. 

  78.     $_user['fax'] = filter_text_input( 'fax', 'post', '', 1, 100 );

    79. 

  79.     $_user['mobile'] = filter_text_input( 'mobile', 'post', '', 1, 100 );

    80. 

  80.     $_user['view_mail'] = $nv_Request->get_int( 'view_mail', 'post', 0 );

    81. 

  81.     $_user['sig'] = filter_text_textarea( 'sig', '', NV_ALLOWED_HTML_TAGS );

    82. 

  82.     $_user['birthday'] = filter_text_input( 'birthday', 'post', '', 1, 10 );

    83. 

  83.     $_user['in_groups'] = $nv_Request->get_typed_array( 'group', 'post', 'int' );

    84. 

  84.     $_user['delpic'] = $nv_Request->get_int( 'delpic', 'post', 0 );

    85. 

  85.     

    86. 

  86.     if ( ! empty( $_user['website'] ) )

    87. 

  87.     {

    88. 

  88.         if ( ! preg_match( "#^(http|https|ftp|gopher)\:\/\/#", $_user['website'] ) )

    89. 

  89.         {

    90. 

  90.             $_user['website'] = "http://" . $_user['website'];

    91. 

  91.         }

    92. 

  92.         if ( ! nv_is_url( $_user['website'] ) )

    93. 

  93.         {

    94. 

  94.             $_user['website'] = "";

    95. 

  95.         }

    96. 

  96.     }

    97. 

  97.     

    98. 

  98.     if ( ( $error_username = nv_check_valid_login( $_user['username'], NV_UNICKMAX, NV_UNICKMIN ) ) != "" )

    99. 

  99.     {

    100. 

  100.         $error = $error_username;

    101. 

  101.     }

    102. 

  102.     elseif ( $_user['username'] != $db->fixdb( $_user['username'] ) )

    103. 

  103.     {

    104. 

  104.         $error = sprintf( $lang_module['account_deny_name'], '<strong>' . $_user['username'] . '</strong>' );

    105. 

  105.     }

    106. 

  106.     elseif ( ( $error_xemail = nv_check_valid_email( $_user['email'] ) ) != "" )

    107. 

  107.     {

    108. 

  108.         $error = $error_xemail;

    109. 

  109.     }

    110. 

  110.     elseif ( $db->sql_numrows( $db->sql_query( "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`!=" . $userid . " AND `md5username`=" . $db->dbescape( md5( $_user['username'] ) ) ) ) != 0 )

    111. 

  111.     {

    112. 

  112.         $error = $lang_module['edit_error_username_exist'];

    113. 

  113.     }

    114. 

  114.     elseif ( $db->sql_numrows( $db->sql_query( "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "` WHERE `userid`!=" . $userid . " AND `email`=" . $db->dbescape( $_user['email'] ) ) ) != 0 )

    115. 

  115.     {

    116. 

  116.         $error = $lang_module['edit_error_email_exist'];

    117. 

  117.     }

    118. 

  118.     elseif ( $db->sql_numrows( $db->sql_query( "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_reg` WHERE `email`=" . $db->dbescape( $_user['email'] ) ) ) != 0 )

    119. 

  119.     {

    120. 

  120.         $error = $lang_module['edit_error_email_exist'];

    121. 

  121.     }

    122. 

  122.     elseif ( $db->sql_numrows( $db->sql_query( "SELECT `userid` FROM `" . NV_USERS_GLOBALTABLE . "_openid` WHERE `userid`!=" . $userid . " AND `email`=" . $db->dbescape( $_user['email'] ) ) ) != 0 )

    123. 

  123.     {

    124. 

  124.         $error = $lang_module['edit_error_email_exist'];

    125. 

  125.     }

    126. 

  126.     elseif ( ! empty( $_user['password1'] ) and ( $check_pass = nv_check_valid_pass( $_user['password1'], NV_UPASSMAX, NV_UPASSMIN ) ) != "" )

    127. 

  127.     {

    128. 

  128.         $error = $check_pass;

    129. 

  129.     }

    130. 

  130.     elseif ( ! empty( $_user['password1'] ) and $_user['password1'] != $_user['password2'] )

    131. 

  131.     {

    132. 

  132.         $error = $lang_module['edit_error_password'];

    133. 

  133.     }

    134. 

  134.     elseif ( empty( $_user['question'] ) )

    135. 

  135.     {

    136. 

  136.         $error = $lang_module['edit_error_question'];

    137. 

  137.     }

    138. 

  138.     elseif ( empty( $_user['answer'] ) )

    139. 

  139.     {

    140. 

  140.         $error = $lang_module['edit_error_answer'];

    141. 

  141.     }

    142. 

  142.     else

    143. 

  143.     {

    144. 

  144.         $_user['sig'] = nv_nl2br( $_user['sig'], "<br />" );

    145. 

  145.         if ( $_user['gender'] != "M" and $_user['gender'] != "F" )

    146. 

  146.         {

    147. 

  147.             $_user['gender'] = "";

    148. 

  148.         }

    149. 

  149.         

    150. 

  150.         unset( $m );

    151. 

  151.         if ( preg_match( "/^([0-9]{1,2})\.([0-9]{1,2})\.([0-9]{4})$/", $_user['birthday'], $m ) )

    152. 

  152.         {

    153. 

  153.             $_user['birthday'] = mktime( 0, 0, 0, $m[2], $m[1], $m[3] );

    154. 

  154.         }

    155. 

  155.         else

    156. 

  156.         {

    157. 

  157.             $_user['birthday'] = 0;

    158. 

  158.         }

    159. 

  159.         $array_in_groups = array_values( $_user['in_groups'] );

    160. 

  160.         $array_all_groups = array_merge( $array_old_groups, $array_in_groups );

    161. 

  161.         

    162. 

  162.         $_user['in_groups'] = array();

    163. 

  163.         if ( ! empty( $array_all_groups ) )

    164. 

  164.         {

    165. 

  165.             foreach ( $array_all_groups as $group_id_i )

    166. 

  166.             {

    167. 

  167.                 $query = "SELECT `users` FROM `" . NV_GROUPS_GLOBALTABLE . "` WHERE `group_id`=" . $group_id_i;

    168. 

  168.                 $result = $db->sql_query( $query );

    169. 

  169.                 $numrows = $db->sql_numrows( $result );

    170. 

  170.                 if ( $numrows )

    171. 

  171.                 {

    172. 

  172.                     $row_users = $db->sql_fetchrow( $result );

    173. 

  173.                     $users = trim( $row_users['users'] );

    174. 

  174.                     $users = ! empty( $users ) ? explode( ",", $users ) : array();

    175. 

  175.                     if ( in_array( $group_id_i, $array_in_groups ) )

    176. 

  176.                     {

    177. 

  177.                         $users = array_merge( $users, array( $userid ) );

    178. 

  178.                         $_user['in_groups'][] = $group_id_i;

    179. 

  179.                     }

    180. 

  180.                     else

    181. 

  181.                     {

    182. 

  182.                         $users = array_diff( $users, array( $userid ) );

    183. 

  183.                     }

    184. 

  184.                     $users = array_unique( $users );

    185. 

  185.                     sort( $users );

    186. 

  186.                     $users = array_values( $users );

    187. 

  187.                     $users = ! empty( $users ) ? implode( ",", $users ) : "";

    188. 

  188.                     

    189. 

  189.                     $sql = "UPDATE `" . NV_GROUPS_GLOBALTABLE . "` SET `users`=" . $db->dbescape_string( $users ) . " WHERE `group_id`=" . $group_id_i;

    190. 

  190.                     $db->sql_query( $sql );

    191. 

  191.                 }

    192. 

  192.             }

    193. 

  193.         }

    194. 

  194.         $_user['in_groups'] = ( ! empty( $_user['in_groups'] ) ) ? implode( ',', $_user['in_groups'] ) : '';

    195. 

  195.         

    196. 

  196.         $password = ! empty( $_user['password1'] ) ? $crypt->hash( $_user['password1'] ) : $row['password'];

    197. 

  197.         

    198. 

  198.         $photo = $row['photo'];

    199. 

  199.         if ( $_user['delpic'] )

    200. 

  200.         {

    201. 

  201.             if ( ! empty( $photo ) and is_file( NV_ROOTDIR . '/' . $photo ) )

    202. 

  202.             {

    203. 

  203.                 if ( nv_deletefile( NV_ROOTDIR . '/' . $photo ) )

    204. 

  204.                 {

    205. 

  205.                     $photo = "";

    206. 

  206.                 }

    207. 

  207.             }

    208. 

  208.         }

    209. 

  209.         

    210. 

  210.         $db->sql_query( "UPDATE `" . NV_USERS_GLOBALTABLE . "` SET 
    211. 

  211.         `username`=" . $db->dbescape( $_user['username'] ) . ", 
    212. 

  212.         `md5username`=" . $db->dbescape( md5( $_user['username'] ) ) . ", 
    213. 

  213.         `password`=" . $db->dbescape( $password ) . ", 
    214. 

  214.         `email`=" . $db->dbescape( $_user['email'] ) . ", 
    215. 

  215.         `full_name`=" . $db->dbescape( $_user['full_name'] ) . ", 
    216. 

  216.         `gender`=" . $db->dbescape( $_user['gender'] ) . ", 
    217. 

  217.         `photo`=" . $db->dbescape( $photo ) . ", 
    218. 

  218.         `birthday`=" . $_user['birthday'] . ", 
    219. 

  219.         `sig`=" . $db->dbescape( $_user['sig'] ) . ", 
    220. 

  220.         `website`=" . $db->dbescape( $_user['website'] ) . ", 
    221. 

  221.         `location`=" . $db->dbescape( $_user['location'] ) . ", 
    222. 

  222.         `yim`=" . $db->dbescape( $_user['yim'] ) . ", 
    223. 

  223.         `telephone`=" . $db->dbescape( $_user['telephone'] ) . ", 
    224. 

  224.         `fax`=" . $db->dbescape( $_user['fax'] ) . ", 
    225. 

  225.         `mobile`=" . $db->dbescape( $_user['mobile'] ) . ", 
    226. 

  226.         `question`=" . $db->dbescape( $_user['question'] ) . ", 
    227. 

  227.         `answer`=" . $db->dbescape( $_user['answer'] ) . ", 
    228. 

  228.         `view_mail`=" . $_user['view_mail'] . ", 
    229. 

  229.         `in_groups`=" . $db->dbescape_string( $_user['in_groups'] ) . " 
    230. 

  230.         WHERE `userid`=" . $userid );

    231. 

  231.         

    232. 

  232.         if ( isset( $_FILES['photo'] ) and is_uploaded_file( $_FILES['photo']['tmp_name'] ) )

    233. 

  233.         {

    234. 

  234.             @require_once ( NV_ROOTDIR . "/includes/class/upload.class.php" );

    235. 

  235.             

    236. 

  236.             $upload = new upload( array( 'images' ), $global_config['forbid_extensions'], $global_config['forbid_mimes'], NV_UPLOAD_MAX_FILESIZE, NV_MAX_WIDTH, NV_MAX_HEIGHT );

    237. 

  237.             $upload_info = $upload->save_file( $_FILES['photo'], NV_UPLOADS_REAL_DIR . '/' . $module_name, false );

    238. 

  238.             

    239. 

  239.             @unlink( $_FILES['photo']['tmp_name'] );

    240. 

  240.             

    241. 

  241.             if ( empty( $upload_info['error'] ) )

    242. 

  242.             {

    243. 

  243.                 @chmod( $upload_info['name'], 0644 );

    244. 

  244.                 

    245. 

  245.                 if ( ! empty( $photo ) and is_file( NV_ROOTDIR . '/' . $photo ) )

    246. 

  246.                 {

    247. 

  247.                     @nv_deletefile( NV_ROOTDIR . '/' . $photo );

    248. 

  248.                 }

    249. 

  249.                 

    250. 

  250.                 $file_name = str_replace( NV_ROOTDIR . "/", "", $upload_info['name'] );

    251. 

  251.                 

    252. 

  252.                 $sql = "UPDATE `" . NV_USERS_GLOBALTABLE . "` SET `photo`=" . $db->dbescape( $file_name ) . " WHERE `userid`=" . $userid;

    253. 

  253.                 $db->sql_query( $sql );

    254. 

  254.             }

    255. 

  255.         }

    256. 

  256.         

    257. 

  257.         Header( "Location: " . NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name );

    258. 

  258.         exit();

    259. 

  259.     }

    260. 

  260. }

    261. 

  261. else

    262. 

  262. {

    263. 

  263.     $_user = $row;

    264. 

  264.     $_user['password1'] = $_user['password2'] = "";

    265. 

  265.     $_user['birthday'] = ! empty( $_user['birthday'] ) ? date( "d.m.Y", $_user['birthday'] ) : "";

    266. 

  266.     $_user['in_groups'] = ! empty( $_user['in_groups'] ) ? explode( ",", $_user['in_groups'] ) : array();

    267. 

  267.     if ( ! empty( $_user['sig'] ) ) $_user['sig'] = nv_br2nl( $_user['sig'] );

    268. 

  268. }

    269. 

  269. 

    270. 

  270. $genders = array( //
    271. 

  271. 'N' => array( 'key' => 'N', 'title' => $lang_module['NA'], 'selected' => '' ), //
    272. 

  272. 'M' => array( 'key' => 'M', 'title' => $lang_module['male'], 'selected' => $_user['gender'] == "M" ? " selected=\"selected\"" : "" ), //
    273. 

  273. 'F' => array( 'key' => 'F', 'title' => $lang_module['female'], 'selected' => $_user['gender'] == "F" ? " selected=\"selected\"" : "" ) );//
    274. 

  274. 

    275. 

  275. 

    276. 

  276. $_user['view_mail'] = $_user['view_mail'] ? " checked=\"checked\"" : "";

    277. 

  277. 

    278. 

  278. if ( ! empty( $_user['sig'] ) ) $_user['sig'] = nv_htmlspecialchars( $_user['sig'] );

    279. 

  279. 

    280. 

  280. $groups = array();

    281. 

  281. if ( ! empty( $groups_list ) )

    282. 

  282. {

    283. 

  283.     foreach ( $groups_list as $group_id => $grtl )

    284. 

  284.     {

    285. 

  285.         $groups[] = array( 'id' => $group_id, 'title' => $grtl, 'checked' => ( ! empty( $_user['in_groups'] ) and in_array( $group_id, $_user['in_groups'] ) ) ? " checked=\"checked\"" : "" );

    286. 

  286.     }

    287. 

  287. }

    288. 

  288. 

    289. 

  289. $xtpl = new XTemplate( "user_edit.tpl", NV_ROOTDIR . "/themes/" . $global_config['module_theme'] . "/modules/" . $module_file );

    290. 

  290. $xtpl->assign( 'LANG', $lang_module );

    291. 

  291. $xtpl->assign( 'DATA', $_user );

    292. 

  292. $xtpl->assign( 'FORM_ACTION', NV_BASE_ADMINURL . "index.php?" . NV_NAME_VARIABLE . "=" . $module_name . "&amp;" . NV_OP_VARIABLE . "=edit&amp;userid=" . $userid );

    293. 

  293. $xtpl->assign( 'NV_BASE_SITEURL', NV_BASE_SITEURL );

    294. 

  294. 

    295. 

  295. if ( ! empty( $error ) )

    296. 

  296. {

    297. 

  297.     $xtpl->assign( 'ERROR', $error );

    298. 

  298.     $xtpl->parse( 'main.error' );

    299. 

  299. }

    300. 

  300. 

    301. 

  301. if ( defined( 'NV_IS_USER_FORUM' ) )

    302. 

  302. {

    303. 

  303.     $xtpl->parse( 'main.is_forum' );

    304. 

  304. }

    305. 

  305. else

    306. 

  306. {

    307. 

  307.     

    308. 

  308.     foreach ( $genders as $gender )

    309. 

  309.     {

    310. 

  310.         $xtpl->assign( 'GENDER', $gender );

    311. 

  311.         $xtpl->parse( 'main.edit_user.gender' );

    312. 

  312.     }

    313. 

  313.     

    314. 

  314.     if ( ! empty( $row['photo'] ) )

    315. 

  315.     {

    316. 

  316.         $size = @getimagesize( NV_ROOTDIR . '/' . $row['photo'] );

    317. 

  317.         $img = array( //
    318. 

  318.                 'href' => $row['photo'], //
    319. 

  319.                 'height' => $size[1], //
    320. 

  320.                 'width' => $size[0] );//
    321. 

  321. 

    322. 

  322.         $xtpl->assign( 'IMG', $img );

    323. 

  323.         $xtpl->parse( 'main.edit_user.photo' );

    324. 

  324.     }

    325. 

  325.     

    326. 

  326.     if ( ! empty( $groups ) )

    327. 

  327.     {

    328. 

  328.         foreach ( $groups as $group )

    329. 

  329.         {

    330. 

  330.             $xtpl->assign( 'GROUP', $group );

    331. 

  331.             $xtpl->parse( 'main.edit_user.group.list' );

    332. 

  332.         }

    333. 

  333.         $xtpl->parse( 'main.edit_user.group' );

    334. 

  334.     }

    335. 

  335.     $xtpl->parse( 'main.edit_user' );

    336. 

  336. }

    337. 

  337. $xtpl->parse( 'main' );

    338. 

  338. $contents = $xtpl->text( 'main' );

    339. 

  339. 

    340. 

  340. $my_head = "<script type=\"text/javascript\" src=\"" . NV_BASE_SITEURL . "js/popcalendar/popcalendar.js\"></script>\n";

    341. 

  341. $my_head .= "<script type=\"text/javascript\" src=\"" . NV_BASE_SITEURL . "js/shadowbox/shadowbox.js\"></script>\n";

    342. 

  342. $my_head .= "<link rel=\"stylesheet\" type=\"text/css\" href=\"" . NV_BASE_SITEURL . "js/shadowbox/shadowbox.css\" />\n";

    343. 

  343. $my_head .= "<script type=\"text/javascript\">\n";

    344. 

  344. $my_head .= "Shadowbox.init({\n";

    345. 

  345. $my_head .= "});\n";

    346. 

  346. $my_head .= "</script>\n";

    347. 

  347. 

    348. 

  348. include ( NV_ROOTDIR . "/includes/header.php" );

    349. 

  349. echo nv_admin_theme( $contents );

    350. 

  350. include ( NV_ROOTDIR . "/includes/footer.php" );

    351. 

  351. 

    352. 

  352. ?>
    353.