view_users(); $icon_array['ok'] = cpg_fetch_icon('ok', 1); $icon_array['search'] = cpg_fetch_icon('search', 1); $icon_array['add_user'] = cpg_fetch_icon('add_user', 2); $icon_array['edit'] = cpg_fetch_icon('edit', 2); if (USER_ID !='') { if (GALLERY_ADMIN_MODE) { $lim_user = 0; $number_of_columns = 10; } elseif ($CONFIG['allow_memberlist']) { $lim_user = 1; $number_of_columns = 9; } else { $lim_user = 2; cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } } else { $lim_user = 3; cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__); } function list_group_alb_access($group_id) { //shows a list of albums a specific group can see. Categories are listed with albums for clarity global $CONFIG, $group_id, $aid, $icon_array; $query = " SELECT group_id, albums.aid AS aid, group_name, categories.name AS category, albums.title AS album FROM {$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums LEFT JOIN {$CONFIG['TABLE_CATEGORIES']} AS categories ON albums.category = categories.cid WHERE group_id = $group_id AND albums.visibility = groups.group_id ORDER BY category, album"; $result = cpg_db_query($query); $albs = cpg_db_fetch_rowset($result, true); foreach($albs as $album) { $aid = $album['aid']; echo ' ' . $album['category'] . ' ' . $album['album'] . ' ' . cpg_fetch_icon('edit', 0) . ' '; } } function list_groups_alb_access() //shows a list of albums each group can see. Categories are listed with albums for clarity { global $CONFIG; global $lang_usermgr_php, $lang_common, $group_id, $icon_array; starttable(500, $lang_usermgr_php['groups_alb_access'].' '.cpg_display_help('f=users.htm&as=user_cp_edit_permission_by_group&ae=user_cp_edit_permission_by_group_end', '450', '300'), 3); $sql = " SELECT group_id, group_name, categories.name AS category, albums.title AS album FROM {$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums LEFT JOIN {$CONFIG['TABLE_CATEGORIES']} AS categories ON albums.category = categories.cid WHERE albums.visibility = groups.group_id GROUP BY group_name ORDER BY group_name, category, album "; $result = cpg_db_query($sql); $groups = cpg_db_fetch_rowset($result, true); echo " {$lang_usermgr_php['category']} {$lang_common['album']} {$lang_usermgr_php['modify']} "; foreach($groups as $group) { $group_name = $group['group_name']; $group_id = $group['group_id']; echo '' . $group_name . ''; list_group_alb_access($group_id); } endtable(); } function list_users($search = '') { global $CONFIG, $cpg_udb, $CPG_PHP_SELF, $LINEBREAK; //, $PHP_SELF; global $lang_usermgr_php, $lang_byte_units, $lang_date, $lang_common, $icon_array; global $lim_user, $number_of_columns, $template_tab_display; global $USER_DATA; $superCage = Inspekt::makeSuperCage(); list($timestamp, $form_token) = getFormToken(); $number_of_columns_minus_one = $number_of_columns - 1; $number_of_columns_minus_three = $number_of_columns - 3; $number_of_columns_minus_four = $number_of_columns - 4; $sort_codes = array('name_a' => 'user_name ASC', 'name_d' => 'user_name DESC', 'group_a' => 'group_name ASC', 'group_d' => 'group_name DESC', 'reg_a' => 'user_regdate ASC', 'reg_d' => 'user_regdate DESC', 'pic_a' => 'pic_count ASC', 'pic_d' => 'pic_count DESC', 'disku_a' => 'disk_usage ASC', 'disku_d' => 'disk_usage DESC', 'lv_a' => 'user_lastvisit ASC', 'lv_d' => 'user_lastvisit DESC', ); $sort = 'reg_d'; if ($superCage->get->keyExists('sort') && ($matches = $superCage->get->getMatched('sort', '/^[a-z_]+$/'))) { if ($sort_codes[$matches[0]]) { $sort = $matches[0]; } } $makereadonly = ($CONFIG['bridge_enable']) ? 'style="display:none;" disabled="disabled" ':''; $user_count = $cpg_udb->get_user_count(); if (!$user_count) { cpg_die(CRITICAL_ERROR, $lang_usermgr_php['err_no_users'], __FILE__, __LINE__); } $user_per_page = 25; $page = $superCage->get->testInt('page') ? $superCage->get->getInt('page') : 1; $lower_limit = ($page-1) * $user_per_page; $lower_limit = ($page-1) * $user_per_page; $username = ''; if ($search) { $username = '&username='.$search; $users_search = $cpg_udb->get_users( array( 'users_per_page' => $user_count, 'lower_limit' => 0, 'search' => $search, 'sort' => $sort ) ); $user_count = count($users_search); } $tab_tmpl = $template_tab_display; $tab_tmpl['page_link'] = strtr($tab_tmpl['page_link'], array('{LINK}' => 'usermgr.php?sort=' . $sort . '&page=%d'.$username)); $tab_tmpl['left_text'] = strtr($tab_tmpl['left_text'], array('{LEFT_TEXT}' => $lang_usermgr_php['u_user_on_p_pages'])); $users = $cpg_udb->get_users( array( 'users_per_page' => $user_per_page, 'lower_limit' => $lower_limit, 'search' => $search, 'sort' => $sort ) ); $total_pages = ceil($user_count / $user_per_page); $tabs = create_tabs($user_count, $page, $total_pages, $tab_tmpl); $lb = '' . $LINEBREAK; echo << EOT; echo '

'; if ($superCage->post->keyExists('username')) { $search_filter = '' . $lang_usermgr_php['search_result'] . $superCage->post->getEscaped('username') . ''; } else { $search_filter = ''; } $help = ' '.cpg_display_help('f=users.htm&as=user_cp&ae=user_cp_end&top=1', '650', '500'); $usermgr_table_header = <<

EOT; if (!$lim_user) { $usermgr_table_header .= cpg_fetch_icon('user_mgr', 2).$lang_usermgr_php['user_manager'].$help; } else { $usermgr_table_header .= cpg_fetch_icon('user_mgr', 2).$lang_usermgr_php['memberlist']; } $usermgr_table_header .= << $search_filter

$lb

EOT; starttable('100%', $usermgr_table_header, $number_of_columns); // Accept header addons echo CPGPluginAPI::filter('usermgr_header',''); if ($CONFIG['user_manager_hide_file_stats']) { $pictures_quota_header = ''; } else { $pictures_quota_header = <<< EOT {$lang_usermgr_php['pictures']} ${$lang_usermgr_php['pic_a']}$ ${$lang_usermgr_php['pic_d']}$ {$lang_usermgr_php['disk_space_used']}/{$lang_usermgr_php['disk_space_quota']} ${$lang_usermgr_php['disku_a']}$ ${$lang_usermgr_php['disku_d']}$ EOT; } if (!$lim_user) { echo <<< EOT {$lang_usermgr_php['name']} ${$lang_usermgr_php['name_a']}$ ${$lang_usermgr_php['name_d']}$ {$lang_usermgr_php['status']} {$lang_usermgr_php['group']} ${$lang_usermgr_php['group_a']}$ ${$lang_usermgr_php['group_d']}$ {$lang_usermgr_php['registered_on']} ${$lang_usermgr_php['reg_a']}$ ${$lang_usermgr_php['reg_d']}$ {$lang_usermgr_php['last_visit']} ${$lang_usermgr_php['lv_a']}$ ${$lang_usermgr_php['lv_d']}$ {$lang_usermgr_php['comments']} $pictures_quota_header EOT; } else { echo <<< EOT {$lang_usermgr_php['name']} ${$lang_usermgr_php['name_a']}$ ${$lang_usermgr_php['name_d']}$ {$lang_usermgr_php['status']} {$lang_usermgr_php['group']} ${$lang_usermgr_php['group_a']}$ ${$lang_usermgr_php['group_d']}$ {$lang_usermgr_php['registered_on']} ${$lang_usermgr_php['reg_a']}$ ${$lang_usermgr_php['reg_d']}$ {$lang_usermgr_php['last_visit']} ${$lang_usermgr_php['lv_a']}$ ${$lang_usermgr_php['lv_d']}$ {$lang_usermgr_php['comments']} $pictures_quota_header EOT; } $loop_counter = 0; // query total number of files uploaded $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} LIMIT 1"); $tempPicCount = $result->fetchArray(true); $totalPictureCount = $tempPicCount[0]; $totalPictureCount_fmt = cpg_float2decimal($totalPictureCount); unset($tempPicCount); // query total space used $result = cpg_db_query("SELECT SUM(total_filesize) FROM {$CONFIG['TABLE_PICTURES']} LIMIT 1"); $tempSpaceCount = $result->fetchArray(true); $totalSpaceCount = $tempSpaceCount[0]; $totalSpaceCount_fmt = cpg_format_bytes($totalSpaceCount); unset($tempSpaceCount); // query total number of comments posted $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_COMMENTS']} LIMIT 1"); $tempCommentCount = $result->fetchArray(true); $totalCommentCount = $tempCommentCount[0]; $totalCommentCount_fmt = cpg_float2decimal($totalCommentCount); unset($tempCommentCount); foreach ($users as $user) { if ($loop_counter == 0) { $row_style_class = 'tableb'; } else { $row_style_class = 'tableb tableb_alternate'; } $loop_counter++; if ($loop_counter > 1) { $loop_counter = 0; } if ($user['disk_usage'] == '') { $user['disk_usage'] = 0; } $group_quota_separator = '/'; // Determine actual quota if user belongs to more than one user group if ($user_groups = cpg_get_groups($user['user_id'])) { $quota = cpg_db_query("SELECT MAX(group_quota) AS disk_max, MIN(group_quota) AS disk_min FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_quota >= 0 AND group_id IN (".implode(", ", $user_groups).")")->fetchAssoc(true); $user['group_quota'] = $quota["disk_min"] ? $quota["disk_max"] : 0; } if ($user['group_quota']) { $disk_usage_output = theme_display_bar($user['disk_usage'],$user['group_quota'],150,'', '', $group_quota_separator.$user['group_quota'].' '.$lang_byte_units[1],'red','green'); } else { $disk_usage_output = theme_display_bar($user['disk_usage'],$user['group_quota'],150,'', '', ' '.$lang_byte_units[1],'green','green'); } if ($user['user_active'] == 'NO') { //$user['group_name'] = '' . $lang_usermgr_php['inactive'] . ''; $user['status'] = cpg_fetch_icon('offline', 0, $lang_usermgr_php['status_inactive']); $action = 'activate'; } else { $user['status'] = cpg_fetch_icon('online', 0, $lang_usermgr_php['status_active']); $action = 'deactivate'; } if (!$lim_user) { $user['status'] = '' . $user['status'] . ''; } $user['user_regdate'] = localised_date($user['user_regdate'], $lang_date['register']); if ($user['user_lastvisit']) { $user['user_lastvisit'] = localised_date($user['user_lastvisit'], $lang_date['register']); } else { $user['user_lastvisit'] = $lang_usermgr_php['never']; } $view_profile = '' . cpg_fetch_icon('my_profile', 0, $lang_usermgr_php['view_profile']) . ''; if ($user['pic_count']) { $last_uploads = '' . cpg_fetch_icon('last_uploads', 0, $lang_usermgr_php['latest_upload']) . ''; } else { if ($lim_user == 0) { $last_uploads = cpg_fetch_icon('last_uploads_disabled', 0, $lang_usermgr_php['no_latest_upload']); } else { $last_uploads = cpg_fetch_icon('blank', 0); } } // fetch number of comments and add link to comments if applicable if ($lim_user == 0) { $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_COMMENTS']} WHERE author_id = {$user['user_id']}"); // display all comments for the admin } else { $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_COMMENTS']} WHERE author_id = {$user['user_id']} AND approval = 'YES' "); // only display approved comments for non-admin } $commentCount = $result->fetchArray(true); $user['comment_num'] = $commentCount[0]; if ($user['comment_num'] > 0) { $user_comment_link = '' . cpg_fetch_icon('comment', 0, $lang_usermgr_php['last_comments'] . '('.$user['comment_num'].')') . ''; } else { $user_comment_link = cpg_fetch_icon('blank', 0, $lang_usermgr_php['no_last_comments']); } // create comments bar $comment_quota_output = theme_display_bar($user['comment_num'],$totalCommentCount,60,'', '', '','red',''); // create files bar $file_quota_output = theme_display_bar($user['pic_count'],$totalPictureCount,60,'', '', '','red',''); // Look up banned table if (cpg_db_query("SELECT user_name FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '" . addslashes($user['user_name']) . "' AND brute_force=0 LIMIT 1")->numRows()) { $ban_user_link = '' . cpg_fetch_icon('ban_user_disabled', 0, $lang_usermgr_php['user_is_banned']) . ''; $ban_memberlist = cpg_fetch_icon('ban_user_disabled', 0, $lang_usermgr_php['user_is_banned']); } else { $ban_user_link = '' . cpg_fetch_icon('ban_user', 0, $lang_usermgr_php['ban_user']) . ''; $ban_memberlist = ''; } if (!$lim_user) { if ($user['user_id'] == $USER_DATA['user_id']) { $profile_link = 'profile.php?op=edit_profile'; $checkbox_html = ''; $ban_user_link = cpg_fetch_icon('blank', 0); } else { $profile_link = $CPG_PHP_SELF.'?op=edit&user_id='.$user['user_id'].'&form_token=' . $form_token . '&timestamp=' . $timestamp; $checkbox_html = ''; } $profile_link = '' . cpg_fetch_icon('edit', 0, $lang_usermgr_php['edit_profile']) . ''; if ($CONFIG['user_manager_hide_file_stats']) { $pictures_quota_data = ''; } else { $pictures_quota_data = <<< EOT {$file_quota_output} {$disk_usage_output} EOT; } echo <<< EOT {$checkbox_html} {$user['user_name']} {$view_profile} {$profile_link} {$last_uploads} {$ban_user_link} {$user_comment_link} {$user['status']} {$user['group_name']} {$user['user_regdate']} {$user['user_lastvisit']} {$comment_quota_output} $pictures_quota_data EOT; } else { if ($CONFIG['user_manager_hide_file_stats']) { $pictures_quota_data = ''; } else { $pictures_quota_data = <<< EOT {$user['pic_count']} {$disk_usage_output} EOT; } echo <<< EOT {$user['user_name']} {$view_profile}{$last_uploads}{$user_comment_link} {$user['status']}{$ban_memberlist} {$user['group_name']} {$user['user_regdate']} {$user['user_lastvisit']} {$user['comment_num']} $pictures_quota_data EOT; } } // foreach $result->free(); if ($CONFIG['user_manager_hide_file_stats']) { $pictures_quota_footer = ''; } else { $pictures_quota_footer = <<< EOT $totalPictureCount_fmt $totalSpaceCount_fmt EOT; } if (!$lim_user) { if ($search) { $search_string_default = 'value="'.$search.'"'; } else { $search_string_default = 'value="'.$lang_usermgr_php['search'].'" onfocus="this.value=\'\'"'; } $help = cpg_display_help('f=users.htm&as=user_cp_search&ae=user_cp_search_end&top=1', '400', '150'); echo <<

$totalCommentCount_fmt $pictures_quota_footer EOT; endtable(); echo ''; starttable('100%'); echo <<< EOT

{$create_new_user_icon}{$lang_usermgr_php['create_new_user']} {$help_create}

EOT; } else { echo <<< EOT {$lang_usermgr_php['total']} $totalCommentCount_fmt $pictures_quota_footer EOT; } // Accept footer addons for the user manager echo CPGPluginAPI::filter('usermgr_footer',''); if ($tabs) { echo << $tabs

EOT; } endtable(); } function edit_user($user_id) { global $CONFIG, $CPG_PHP_SELF, $LINEBREAK; //, $PHP_SELF; global $lang_usermgr_php, $lang_common, $icon_array, $op; $form_data = array( array('input', 'user_name', cpg_fetch_icon('my_profile', 2) . $lang_usermgr_php['name'], 25), array('password', 'user_password', cpg_fetch_icon('key_enter', 2) . $lang_usermgr_php['password'], 25), array('yesno', 'user_active', cpg_fetch_icon('online', 2) . $lang_usermgr_php['user_active']), array('group_list', 'user_group', cpg_fetch_icon('groups_mgr', 2) . $lang_usermgr_php['user_group']), array('input', 'user_email', cpg_fetch_icon('mail', 2) . $lang_usermgr_php['user_email'], 255) ); if ($CONFIG['user_profile1_name'] != '') { $form_data[] = array('input', 'user_profile1', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile1_name'], 255); } if ($CONFIG['user_profile2_name'] != '') { $form_data[] = array('input', 'user_profile2', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile2_name'], 255); } if ($CONFIG['user_profile3_name'] != '') { $form_data[] = array('input', 'user_profile3', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile3_name'], 255); } if ($CONFIG['user_profile4_name'] != '') { $form_data[] = array('input', 'user_profile4', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile4_name'], 255); } if ($CONFIG['user_profile5_name'] != '') { $form_data[] = array('input', 'user_profile5', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile5_name'], 255); } if ($CONFIG['user_profile6_name'] != '') { $form_data[] = array('textarea', 'user_profile6', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile6_name'], 255); } //$form_data = CPGPluginAPI::filter('usermgr_form_list', array(0 => $form_data, 1 => $user_id); list($timestamp, $form_token) = getFormToken(); if ($user_id) { $sql = "SELECT * FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$user_id'"; $result = cpg_db_query($sql); if (!$result->numRows()) { cpg_die(CRITICAL_ERROR, $lang_usermgr_php['err_unknown_user'], __FILE__, __LINE__); } $user_data = $result->fetchArray(true); if (cpg_db_query("SELECT user_name FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '" . addslashes($user_data['user_name']) . "' AND brute_force=0 LIMIT 1")->numRows()){ $user_status = $lang_usermgr_php['user_is_banned']; } elseif ($user_data['user_active'] == 'YES') { $user_status = $lang_usermgr_php['status_active']; } else { $user_status = $lang_usermgr_php['status_inactive']; } } else { // If this is a new user then add a checkbox for 'send login data to user' option $form_data[] = array('checkbox', 'send_login_data', $lang_usermgr_php['send_login_data']); $user_data = array('user_name'=>'','user_active'=>'','user_group'=>'','user_group_list'=>'','user_email'=>'', 'user_profile1'=>'','user_profile2'=>'','user_profile3'=>'','user_profile4'=>'','user_profile6'=>'' ); } $status_icon = cpg_fetch_icon('online', 2); echo << EOT; if ($op == 'new_user') { starttable(500, $icon_array['add_user'] . $lang_usermgr_php['create_new_user'], 2); } else { starttable(500, $icon_array['edit'] . $lang_usermgr_php['modify_user'], 2); echo <<< EOT {$status_icon}{$lang_usermgr_php['status']} {$user_status} EOT; } $loopCounter = 0; foreach ($form_data as $element) { if ($loopCounter/2 == floor($loopCounter/2)) { $row_style_class = 'tableb tableb_alternate'; } else { $row_style_class = 'tableb'; } $loopCounter++; switch ($element[0]) { case 'input' : $value = $user_data[$element[1]]; if ($element[2]) echo << {$element[2]} EOT; break; case 'textarea' : $value = $user_data[$element[1]]; if ($element[2]) echo << {$element[2]} EOT; break; case 'password' : echo << {$element[2]} EOT; break; case 'yesno' : $value = $user_data[$element[1]]; $yes_selected = ($value == 'YES' || $op == 'new_user') ? 'checked="checked"' : ''; $no_selected = ($value == 'NO') ? 'checked="checked"' : ''; echo <<< EOT {$element[2]} {$lang_common['yes']} {$lang_common['no']} EOT; break; case 'group_list' : $sql = "SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']} ORDER BY group_name"; $result = cpg_db_query($sql); $group_list = cpg_db_fetch_rowset($result, true); $sel_group = $user_data[$element[1]]; $user_group_list = ($user_data['user_group_list'] == '') ? ',' . $sel_group . ',' : ',' . $user_data['user_group_list'] . ',' . $sel_group . ','; echo << {$element[2]} ' . $group['group_name'] . '
' . $LINEBREAK; } } $assignedGroupsHelp = cpg_display_help('f=users.htm&as=user_cp_edit_permission_by_group&ae=user_cp_edit_permission_by_group_end', '450', '300'); echo <<
$group_cb
{$lang_usermgr_php['groups_alb_access']} {$assignedGroupsHelp} EOT; break; case 'checkbox': echo <<< EOT {$element[2]} EOT; break; default: cpg_die(CRITICAL_ERROR, 'Invalid action for form creation ' . $element[0], __FILE__, __LINE__); } } if ($op == 'new_user') { echo << EOT; } else { echo << {$lang_usermgr_php['notes']}

{$lang_usermgr_php['note_list']}

EOT; } endtable(); echo ''; } function update_user($user_id) { global $CONFIG; global $lang_usermgr_php, $lang_register_php, $icon_array; $superCage = Inspekt::makeSuperCage(); $user_name = $superCage->post->getEscaped('user_name'); $user_password = $superCage->post->getEscaped('user_password'); $user_email = $superCage->post->getEscaped('user_email'); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $user_active = $superCage->post->getAlpha('user_active'); $user_group = $superCage->post->getInt('user_group'); $group_list = $superCage->post->keyExists('group_list') ? $superCage->post->getInt('group_list') : ''; if ($user_id == 0) { cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_profile6) VALUES (NOW(), '')"); $user_id = cpg_db_last_insert_id(); log_write('New user "'.$user_name.'" created', CPG_ACCESS_LOG); // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('$user_name', $catid)"); } } $sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '$user_name' AND user_id != $user_id"; $result = cpg_db_query($sql); if ($result->numRows()) { cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__); return false; } $result->free(); if (utf_strlen($user_name) < 2) cpg_die(ERROR, $lang_register_php['username_warning2'], __FILE__, __LINE__); if ($user_password && utf_strlen($user_password) < 2) cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__); // Save old user data (we need it later to determine if we need to send the activation confirmation email) $user_data = cpg_db_query("SELECT user_name, user_active, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$user_id'")->fetchAssoc(true); if (is_array($group_list)) { $user_group_list = ''; foreach($group_list as $group) $user_group_list .= ($group != $user_group) ? $group . ',' : ''; $user_group_list = substr($user_group_list, 0, -1); } else { $user_group_list = ''; } $sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_name = '$user_name', " . "user_email = '$user_email', " . "user_active = '$user_active', " . "user_group = '$user_group', " . "user_profile1 = '$profile1', " . "user_profile2 = '$profile2', " . "user_profile3 = '$profile3', " . "user_profile4 = '$profile4', " . "user_profile5 = '$profile5', " . "user_profile6 = '$profile6', " . "user_group_list = '$user_group_list'"; if (!empty($user_password)) { require 'include/passwordhash.inc.php'; $sql_update .= ', '.cpg_password_create_update_string($user_password); } if ($user_active == 'YES') $sql_update .= ", user_actkey = ''"; $sql_update .= " WHERE user_id = '$user_id'"; cpg_db_query($sql_update); // Update comments' author name cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author = '$user_name' WHERE author_id = $user_id"); // If send login data checkbox is checked then send the username and password to the user in an email if ($superCage->post->keyExists('send_login_data') && trim($user_email)) { require 'include/mailer.inc.php'; $template_vars = array( '{SITE_NAME}' => $CONFIG['gallery_name'], '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => trim($user_name), '{USER_PASS}' => trim($user_password), ); if (!cpg_mail(trim($user_email), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_usermgr_php['send_login_data_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__); } } elseif ($user_data['user_actkey'] && $user_data['user_active'] == 'NO' && $user_active == 'YES') { // send activation confirmation email (only once) require 'include/mailer.inc.php'; $template_vars = array( '{SITE_LINK}' => $CONFIG['site_url'], '{USER_NAME}' => $user_data['user_name'], '{SITE_NAME}' => $CONFIG['gallery_name'], ); cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars))); } } $op = (GALLERY_ADMIN_MODE && ($matches = $superCage->get->getMatched('op', '/^[a-z_]+$/'))) ? $matches[0] : ''; //Check if the form token is valid if($op != '' && !checkFormToken()){ cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } switch ($op) { case 'edit' : $user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1; if (USER_ID == $user_id) cpg_die(ERROR, $lang_usermgr_php['err_edit_self'], __FILE__, __LINE__); $cpg_udb->edit_users($user_id); pageheader($lang_usermgr_php['title']); edit_user($user_id); pagefooter(); break; case 'update' : $user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1; $cpg_udb->edit_users($user_id); update_user($user_id); cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1"); pageheader($lang_usermgr_php['title']); list_users(); pagefooter(); break; case 'new_user' : pageheader($lang_usermgr_php['title']); edit_user(0); pagefooter(); break; case 'groups_alb_access' : //show what albums user groups can see pageheader($lang_usermgr_php['groups_alb_access']); list_groups_alb_access(); pagefooter(); break; case 'group_alb_access' : //show what albums specific group can see $group_id = $superCage->get->getInt('gid'); $sql = " SELECT group_name FROM {$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums WHERE group_id = $group_id AND albums.visibility = groups.group_id "; $result = cpg_db_query($sql); $group = $result->fetchArray(); if (!$result->numRows(true)) { pageheader($lang_usermgr_php['group_no_access']); msg_box($lang_usermgr_php['notice'].' '.cpg_display_help('f=groups.htm&as=group_cp_assigned&ae=group_cp_assigned_end', '450', '300'), $lang_usermgr_php['group_no_access']); } else { $group_name = $group['group_name']; pageheader(sprintf($lang_usermgr_php['group_can_access'], $group_name)); starttable(500, sprintf($lang_usermgr_php['group_can_access'], $group_name).' '.cpg_display_help('f=groups.htm&as=group_cp_assigned&ae=group_cp_assigned_end', '450', '300'), 3); echo " {$lang_usermgr_php['category']} {$lang_common['album']} {$lang_usermgr_php['modify']} "; list_group_alb_access($group_id); endtable(); } pagefooter(); break; default : cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1"); pageheader($lang_usermgr_php['title']); if ($superCage->post->keyExists('username') || $superCage->get->keyExists('username')) { $name = $superCage->post->keyExists('username') ? $superCage->post->getEscaped('username'): $superCage->get->getEscaped('username'); $wildcards = array("*" => "%", "?" => "_"); $search = strtr($name, $wildcards); } if (isset($search) == false) {$search = '';} list_users($search); pagefooter(); break; } //EOF