user.php | searchcode

/wp-content/plugins/mailz/lists/admin/commonlib/pages/user.php

https://bitbucket.org/antonyravel/cape-resorts
PHP | 354 lines | 321 code | 20 blank | 13 comment | 119 complexity | 6281188645b188f45b1d7cf3aa22c962 MD5 | raw file
  1
  2<script language="Javascript" src="js/jslib.js" type="text/javascript"></script>
  3
  4<?php
  5
  6#if (!$_GET["id"] && !$_GET["delete"]) {
  7#  Fatal_Error("No such user");
  8#  return;
  9#}
 10$id = sprintf('%d',isset($_GET["id"]) ? $_GET['id']:0);
 11$delete = sprintf('%d',isset($_GET['delete']) ? $_GET["delete"]:0);
 12$date = new Date();
 13
 14$access = accessLevel("user");
 15switch ($access) {
 16  case "owner":
 17    $subselect = sprintf(' and %s.owner = %d',$tables["list"],$_SESSION["logindetails"]["id"]);
 18    $subselect_where = sprintf(' where %s.owner = %d',$tables["list"],$_SESSION["logindetails"]["id"]);break;
 19  case "all":
 20    $subselect = "";break;
 21  case "view":
 22    $subselect = "";
 23    if (sizeof($_POST)) {
 24      print Error($GLOBALS['I18N']->get('You only have privileges to view this page, not change any of the information'));
 25      return;
 26    }
 27    break;
 28  case "none":
 29  default:
 30    $subselect = " and ".$tables["list"].".id = 0";
 31    $subselect_where = " where ".$tables["list"].".owner = 0";break;
 32}
 33if ($access != "all") {
 34  $delete_message = '<br />'.$GLOBALS['I18N']->get('Delete will delete user from the list').'<br />';
 35} else {
 36  $delete_message = '<br />'.$GLOBALS['I18N']->get('Delete will delete user and all listmemberships').'<br />';
 37}
 38$usegroups = Sql_Table_exists("groups") && Sql_Table_exists('user_group');
 39
 40if ($_POST["change"] && ($access == "owner"|| $access == "all")) {
 41  if (!verifyToken()) {
 42    print Error($GLOBALS['I18N']->get('No Access'));
 43    return;
 44  }
 45  if (!$id) {
 46    $id = addNewUser($_POST['email']);
 47    $newuser = 1;
 48  }
 49  if (!$id) {
 50    print $GLOBALS['I18N']->get('Error adding user, please check that the user exists');
 51    return;
 52  }
 53  # read the current values to compare changes
 54  $old_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d',$tables["user"],$id));
 55  $old_data = array_merge($old_data,getUserAttributeValues('',$id));
 56  # and membership of lists
 57  $req = Sql_Query("select * from {$tables["listuser"]} where userid = $id");
 58  while ($row = Sql_Fetch_Array($req)) {
 59    $old_listmembership[$row["listid"]] = listName($row["listid"]);
 60  }
 61  while (list ($key,$val) = each ($struct)) {
 62    list($a,$b) = explode(":",$val[1]);
 63    if (!ereg("sys",$a) && $val[1]) {
 64      if ($key == "password" && ENCRYPTPASSWORD) {
 65        if (isset($_POST[$key]))
 66          Sql_Query("update {$tables["user"]} set $key = \"".md5($_POST[$key])."\" where id = $id");
 67      } else {
 68        Sql_Query("update {$tables["user"]} set $key = \"".sql_escape($_POST[$key])."\" where id = $id");
 69       }
 70    }
 71    elseif ((!$require_login || ($require_login && isSuperUser())) && $key == "confirmed")
 72      Sql_Query("update {$tables["user"]} set $key = \"".sql_escape($_POST[$key])."\" where id = $id");
 73
 74  }
 75  if (is_array($_POST['attribute']))
 76  while (list($key,$val) = each ($_POST['attribute'])) {
 77    Sql_Query(sprintf('replace into %s (userid,attributeid,value)
 78      values(%d,%d,"%s")',$tables["user_attribute"],$id,$key,$val));
 79  }
 80  if (is_array($_POST["dateattribute"]))
 81  foreach ($_POST["dateattribute"] as $attid => $attname) {
 82    if (isset($_POST[normalize($attname).'_novalue'])) {
 83      $value = "";
 84    } else {
 85      $value = $date->getDate($attname);
 86    }
 87    Sql_Query(sprintf('replace into %s (userid,attributeid,value)
 88      values(%d,%d,"%s")',$tables["user_attribute"],$id,$attid,$value));
 89  }
 90  if (is_array($_POST['cbattribute'])) {
 91    while (list($key,$val) = each ($_POST['cbattribute'])) {
 92      if ($_POST['attribute'][$key] == "on") {
 93        Sql_Query(sprintf('replace into %s (userid,attributeid,value)
 94          values(%d,%d,"on")',$tables["user_attribute"],$id,$key));
 95      } else {
 96        Sql_Query(sprintf('replace into %s (userid,attributeid,value)
 97          values(%d,%d,"")',$tables["user_attribute"],$id,$key));
 98      }
 99    }
100  }
101
102  if (is_array($_POST['cbgroup'])) {
103    while (list($key,$val) = each ($_POST['cbgroup'])) {
104      $field = "cbgroup".$val;
105      if (is_array($_POST[$field])) {
106        $newval = array();
107        foreach ($_POST[$field] as $fieldval) {
108          array_push($newval,sprintf('%0'.$checkboxgroup_storesize.'d',$fieldval));
109         }
110        $value = join(",",$newval);
111      }
112      else
113        $value = "";
114      Sql_Query(sprintf('replace into %s (userid,attributeid,value)
115        values(%d,%d,"%s")',$tables["user_attribute"],$id,$val,$value));
116    }
117  }
118  if ($usegroups) {
119    Sql_Query("delete from user_group where userid = $id");
120    if (is_array($_POST["groups"])) {
121      foreach ($_POST["groups"] as $group) {
122        Sql_Query(sprintf('insert into user_group (userid,groupid) values(%d,%d)',$id,$group));
123        print "<br/>".$GLOBALS['I18N']->get('User added to group').' '.groupName($group);
124      }
125    }
126  }
127  # submitting page now saves everything, so check is not necessary
128  if ($subselect == "") {
129    Sql_Query("delete from {$tables["listuser"]} where userid = $id");
130  } else {
131    # only unsubscribe from the lists of this admin
132    $req = Sql_Query("select id from {$tables["list"]} $subselect_where");
133    while ($row = Sql_Fetch_Row($req)) {
134      Sql_Query("delete from {$tables["listuser"]} where userid = $id and listid = $row[0]");
135    }
136  }
137  if (is_array($_POST["subscribe"])) {
138    foreach ($_POST["subscribe"] as $ind => $lst) {
139      Sql_Query("insert into {$tables["listuser"]} (userid,listid) values($id,$lst)");
140      print '<br/>'.sprintf($GLOBALS['I18N']->get('User added to list %s'),ListName($lst));
141    }
142    print "<br/>";
143  }
144  $history_entry = '';
145  $current_data = Sql_Fetch_Array_Query(sprintf('select * from %s where id = %d',$tables["user"],$id));
146  $current_data = array_merge($current_data,getUserAttributeValues('',$id));
147  foreach ($current_data as $key => $val) {
148    if (!is_numeric($key))
149    if ($old_data[$key] != $val && $key != "modified") {
150      $history_entry .= "$key = $val\nchanged from $old_data[$key]\n";
151     }
152  }
153  if (!$history_entry) {
154    $history_entry = "\nNo userdata changed";
155  }
156  # check lists
157  $req = Sql_Query("select * from {$tables["listuser"]} where userid = $id");
158  while ($row = Sql_Fetch_Array($req)) {
159    $listmembership[$row["listid"]] = listName($row["listid"]);
160  }
161  # i'll do this once I can test it on a 4.3 server
162  #if (function_exists("array_diff_assoc")) {
163  if (0) {
164    # it requires 4.3
165    $subscribed_to = array_diff_assoc($listmembership, $old_listmembership);
166    $unsubscribed_from = array_diff_assoc($old_listmembership,$listmembership);
167    foreach ($subscribed_to as $key => $desc) {
168      $history_entry .= "Subscribed to $desc\n";
169    }
170    foreach ($unsubscribed_to as $key => $desc) {
171      $history_entry .= "Unsubscribed from $desc\n";
172    }
173  } else {
174    $history_entry .= "\nList subscriptions:\n";
175    foreach ($old_listmembership as $key => $val) {
176      $history_entry .= "Was subscribed to: $val\n";
177    }
178    foreach ($listmembership as $key => $val) {
179      $history_entry .= "Is now subscribed to: $val\n";
180    }
181    if (!sizeof($listmembership)) {
182      $history_entry .= "Not subscribed to any lists\n";
183    }
184  }
185
186  addUserHistory($email,"Update by ".adminName($_SESSION["logindetails"]["id"]),$history_entry);
187  if ($newuser) {
188    Redirect("user&id=$id");
189    exit;
190  }
191  Info($GLOBALS['I18N']->get('Changes saved'));
192}
193
194if (isset($delete) && $delete && $access != "view") {
195  # delete the index in delete
196  print $GLOBALS['I18N']->get('Deleting')." $delete ..\n";
197  if ($require_login && !isSuperUser()) {
198    $lists = Sql_query("SELECT listid FROM {$tables["listuser"]},{$tables["list"]} where userid = ".$delete." and $tables[listuser].listid = $tables[list].id $subselect ");
199    while ($lst = Sql_fetch_array($lists))
200      Sql_query("delete from {$tables["listuser"]} where userid = $delete and listid = $lst[0]");
201  } else {
202    deleteUser($delete);
203  }
204  print '..'.$GLOBALS['I18N']->get('Done')."<br /><hr><br />\n";
205}
206
207$membership = "";
208$subscribed = array();
209if ($id) {
210  $result = Sql_query("SELECT * FROM {$tables["user"]} where id = $id");
211  if (!Sql_Affected_Rows()) {
212    Fatal_Error($GLOBALS['I18N']->get('No such User').' '.$id);
213    return;
214  }
215  $user = sql_fetch_array($result);
216  $lists = Sql_query("SELECT listid,name FROM {$tables["listuser"]},{$tables["list"]} where userid = ".$user["id"]." and $tables[listuser].listid = $tables[list].id $subselect ");
217  while ($lst = Sql_fetch_array($lists)) {
218    $membership .= "<li>".PageLink2("editlist",$lst["name"],"id=".$lst["listid"]);
219    array_push($subscribed,$lst["listid"]);
220  }
221  if (!$membership)
222    $membership = $GLOBALS['I18N']->get('No Lists');
223  if ($access != "view")
224  printf( "<br /><hr/>%s<li><a href=\"javascript:deleteRec('%s');\">delete</a> %s\n",
225    $delete_message,PageURL2("user","","delete=$id&$returnurl"),$user["email"]);
226  printf('&nbsp;&nbsp;<a href="%s">%s</a>',getConfig("preferencesurl").
227    '&uid='.$user["uniqid"],$GLOBALS['I18N']->get('update page'));
228  printf('&nbsp;&nbsp;<a href="%s">%s</a>',getConfig("unsubscribeurl").'&uid='.$user["uniqid"],$GLOBALS['I18N']->get('unsubscribe page'));
229  print '&nbsp;&nbsp;'.PageLink2("userhistory&id=$id",$GLOBALS['I18N']->get('History'));
230} else {
231  $user = array();
232  $id = 0;
233  print '<h1>'.$GLOBALS['I18N']->get('Add a new User').'</h1>';
234}
235  print "<p><h3>".$GLOBALS['I18N']->get('User Details')."</h3>".formStart()."<table border=1>";
236  print "<input type=hidden name=list value=$list><input type=hidden name=id value=$id>";
237  print "<input type=hidden name=returnpage value=$returnpage><input type=hidden name=returnoption value=$returnoption>";
238
239  reset($struct);
240  while (list ($key,$val) = each ($struct)) {
241    list($a,$b) = explode(":",$val[1]);
242    if ($key == "confirmed") {
243      if (!$require_login || ($require_login && isSuperUser())) {
244        printf('<tr><td>%s (1/0)</td><td><input type="text" name="%s" value="%s" size=5></td></tr>'."\n",$GLOBALS['I18N']->get($b),$key,$user[$key]);
245      } else {
246        printf('<tr><td>%s</td><td>%s</td></tr>',$b,$user[$key]);
247      }
248    } elseif ($key == "password" && ENCRYPTPASSWORD) {
249      printf('<tr><td>%s (%s)</td><td><input type="text" name="%s" value="%s" size=30></td></tr>'."\n",$GLOBALS['I18N']->get('encrypted'),$val[1],$key,"");
250    } elseif ($key == "blacklisted") {
251      printf('<tr><td>%s</td><td>%s</td></tr>',$GLOBALS['I18N']->get($b),isBlackListed($user['email']));
252    } else {
253      if (!strpos($key,'_')) {
254        if (ereg("sys",$a))
255          printf('<tr><td>%s</td><td>%s</td></tr>',$GLOBALS['I18N']->get($b),$user[$key]);
256        elseif ($val[1])
257          printf('<tr><td>%s</td><td><input type="text" name="%s" value="%s" size=30></td></tr>'."\n",$GLOBALS['I18N']->get($val[1]),$key,$user[$key]);
258      }
259    }
260  }
261  $res = Sql_Query("select * from $tables[attribute] order by listorder");
262  while ($row = Sql_fetch_array($res)) {
263    $val_req = Sql_Fetch_Row_Query("select value from $tables[user_attribute] where userid = $id and attributeid = $row[id]");
264    $row["value"] = $val_req[0];
265
266    if ($row["type"] == "date") {
267      printf('<input style="attributeinput" type=hidden name="dateattribute[%d]" value="%s">',$row["id"],$row["name"]);
268      $novalue = trim($row["value"]) == "" ? "checked":"";
269      printf('<tr><td>%s<!--%s--></td><td>%s&nbsp; Not set: <input type=checkbox name="%s_novalue" %s></td></tr>'."\n",stripslashes($row["name"]),$row["value"],$date->showInput($row["name"],"",$row["value"]),normalize(stripslashes($row["name"])),$novalue);
270    } elseif ($row["type"] == "checkbox") {
271      $checked = $row["value"] == "on" ?"checked":"";
272      printf('<tr><td>%s</td><td><input style="attributeinput" type=hidden name="cbattribute[%d]" value="%d"><input style="attributeinput" type=checkbox name="attribute[%d]" value="on" %s></td></tr>'."\n",stripslashes($row["name"]),$row["id"],$row["id"],$row["id"],$checked);
273    } elseif ($row["type"] == "checkboxgroup") {
274      printf ("<tr><td valign=top>%s</td><td>%s</td></tr>\n",stripslashes($row["name"]),UserAttributeValueCbGroup($id,$row["id"]));
275    } elseif ($row["type"] == "textarea") {
276      printf ('<tr><td valign=top>%s</td><td><textarea name="attribute[%d]" rows="10" cols="40" wrap=virtual>%s</textarea></td></tr>',stripslashes($row["name"]),$row["id"],htmlspecialchars($row["value"]));
277    } else {
278    if ($row["type"] != "textline" && $row["type"] != "hidden")
279      printf ("<tr><td>%s</td><td>%s</td></tr>\n",stripslashes($row["name"]),UserAttributeValueSelect($id,$row["id"]));
280    else
281      printf('<tr><td>%s</td><td><input style="attributeinput" type=text name="attribute[%d]" value="%s" size=30></td></tr>'."\n",$row["name"],$row["id"],htmlspecialchars($row["value"]));
282    }
283  }
284  if ($access != "view")
285  print '<tr><td colspan=2><input type=submit name=change value="'.$GLOBALS['I18N']->get('Save Changes').'"></td></tr>';
286  print '</table>';
287
288  if (isBlackListed($user["email"])) {
289    print '<h3>'.$GLOBALS['I18N']->get('User is blacklisted. No emails will be sent to this user').'</h3>';
290  }
291
292  print "<h3>".$GLOBALS['I18N']->get('Mailinglist Membership').":</h3>";
293  print "<table border=1><tr>";
294  $req = Sql_Query("select * from {$tables["list"]} $subselect_where order by listorder,name");
295  $c = 0;
296  while ($row = Sql_Fetch_Array($req)) {
297    if (in_array($row["id"],$subscribed)) {
298      $bgcol = '#F7E7C2';
299      $subs = "checked";
300    } else {
301      $bgcol = '#ffffff';
302      $subs = "";
303    }
304    printf ('<td bgcolor="%s"><input type=checkbox name="subscribe[]" value="%d" %s> %s</td>',
305      $bgcol,$row["id"],$subs,PageLink2("editlist",stripslashes($row["name"]),"id=".$row["id"]));
306    $c++;
307    if ($c % 4 == 0)
308      print '</tr><tr>';
309  }
310  print '</tr>';
311
312  if ($access != "view")
313    print '<tr><td><input type=submit name="change" value="'.$GLOBALS['I18N']->get('Save Changes').'"></td></tr>';
314
315  print '</table>';
316
317  if ($usegroups) {
318    print "<h3>".$GLOBALS['I18N']->get('Group Membership').":</h3>";
319    print "<table border=1><tr>";
320    print '<tr><td colspan=2><hr width=50%></td></tr>
321  <tr><td colspan=2>'.$GLOBALS['I18N']->get('Please select the groups this user is a member of').'</td></tr>
322  <tr><td colspan=2>';
323    $selected_groups = array();
324    if ($id) {
325      $req = Sql_Query("select groupid from user_group where userid = $id");
326      while ($row = Sql_Fetch_Row($req))
327        array_push($selected_groups,$row[0]);
328    }
329
330    $req = Sql_Query("select * from groups");
331    $c = 1;
332    while ($row = Sql_Fetch_array($req)) {
333      if ($row["name"] != "Everyone") {
334        printf ('<i>%s</i><input type=checkbox name="groups[]" value="%d" %s>&nbsp;&nbsp;',
335        $row["name"],$row["id"],in_array($row["id"],$selected_groups)?"checked":""
336            );
337      } else {
338        printf ('<b>%s</b>&nbsp;&nbsp;<input type=hidden name="groups[]" value="%d">',
339        $row["name"],$row["id"]
340            );
341      }
342      if ($c % 5 == 0)
343        print "<br>";
344      $c++;
345    }
346
347    print '</td></tr>';
348    if ($access != "view")
349      print '<tr><td><input type=submit name="change" value="'.$GLOBALS['I18N']->get('Save Changes').'"></td></tr>';
350    print '</table>';
351  }
352
353  print '</form>';
354?>