<?php
/*
UserSpice 4
An Open Source PHP User Management System
by the UserSpice Team at http://UserSpice.com
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<?php require_once '../users/init.php'; ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
<?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?>
<?php
$validation = new Validate();
//PHP Goes Here!
$query = $db->query("SELECT * FROM email");
$results = $query->first();
$act = $results->email_act;
$errors = [];
$successes = [];
$userId = Input::get('id');
$email = $db->query("SELECT * FROM email")->first();
//Check if selected user exists
if(!userIdExists($userId)){
Redirect::to('admin_users.php?err=That user does not exist.'); die();
}
$userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details
//Forms posted
if(!empty($_POST)) {
$token = $_POST['csrf'];
if(!Token::check($token)){
die('Token doesn\'t match!');
}else {
if(!empty($_POST['delete'])){
$deletions = $_POST['delete'];
if ($deletion_count = deleteUsers($deletions)){
Redirect::to('admin_users.php?msg='.lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count)));
}
else {
$errors[] = lang("SQL_ERROR");
}
}
else
{
//Update display name
if ($userdetails->username != $_POST['username']){
$displayname = Input::get("username");
$fields=array('username'=>$displayname);
$validation->check($_POST,array(
'username' => array(
'display' => 'Username',
'required' => true,
'unique_update' => 'users,'.$userId,
'min' => 1,
'max' => 25
)
));
if($validation->passed()){
$db->update('users',$userId,$fields);
$successes[] = "Username Updated";
}else{
}
}
//Update first name
if ($userdetails->fname != $_POST['fname']){
$fname = Input::get("fname");
$fields=array('fname'=>$fname);
$validation->check($_POST,array(
'fname' => array(
'display' => 'First Name',
'required' => true,
'min' => 1,
'max' => 25
)
));
if($validation->passed()){
$db->update('users',$userId,$fields);
$successes[] = "First Name Updated";
}else{
?><div id="form-errors">
<?=$validation->display_errors();?></div>
<?php
}
}
//Update last name
if ($userdetails->lname != $_POST['lname']){
$lname = Input::get("lname");
$fields=array('lname'=>$lname);
$validation->check($_POST,array(
'lname' => array(
'display' => 'Last Name',
'required' => true,
'min' => 1,
'max' => 25
)
));
if($validation->passed()){
$db->update('users',$userId,$fields);
$successes[] = "Last Name Updated";
}else{
?><div id="form-errors">
<?=$validation->display_errors();?></div>
<?php
}
}
if(!empty($_POST['password'])) {
$validation->check($_POST,array(
'password' => array(
'display' => 'New Password',
'required' => true,
'min' => $settings->min_pw,
'max' => $settings->max_pw,
),
'confirm' => array(
'display' => 'Confirm New Password',
'required' => true,
'matches' => 'password',
),
));
if (empty($errors)) {
//process
$new_password_hash = password_hash(Input::get('password', true), PASSWORD_BCRYPT, array('cost' => 12));
$user->update(array('password' => $new_password_hash,),$userId);
$successes[]='Password updated.';
}
}
if(isset($_POST['sendPwReset'])) {
$params = array(
'username' => $userdetails->username,
'sitename' => $settings->site_name,
'fname' => $userdetails->fname,
'email' => rawurlencode($userdetails->email),
'vericode' => $userdetails->vericode,
);
$to = rawurlencode($userdetails->email);
$subject = 'Password Reset';
$body = email_body('_email_adminPwReset.php',$params);
email($to,$subject,$body);
$successes[] = "Password reset sent.";
}
//Block User
if ($userdetails->permissions != $_POST['active']){
$active = Input::get("active");
$fields=array('permissions'=>$active);
$db->update('users',$userId,$fields);
$successes[] = "Set user access to $active.";
}
//Force PW User
if ($userdetails->force_pr != $_POST['force_pr']){
$force_pr = Input::get("force_pr");
$fields=array('force_pr'=>$force_pr);
$db->update('users',$userId,$fields);
$successes[] = "Set force_pr to $force_pr.";
}
//Update email
if ($userdetails->email != $_POST['email']){
$email = Input::get("email");
$fields=array('email'=>$email);
$validation->check($_POST,array(
'email' => array(
'display' => 'Email',
'required' => true,
'valid_email' => true,
'unique_update' => 'users,'.$userId,
'min' => 3,
'max' => 75
)
));
if($validation->passed()){
$db->update('users',$userId,$fields);
$successes[] = "Email Updated";
}else{
?><div id="form-errors">
<?=$validation->display_errors();?></div>
<?php
}
}
//Update validation
if($email->email_act==1) {
$email_verified = Input::get("email_verified");
if (isset($email_verified) AND $email_verified == '1'){
if ($userdetails->email_verified == 0){
if (updateUser('email_verified', $userId, 1)){
$successes[] = "Verification Updated";
}else{
$errors[] = lang("SQL_ERROR");
}
}
}elseif ($userdetails->email_verified == 1){
if (updateUser('email_verified', $userId, 0)){
$successes[] = "Verification Updated";
}else{
$errors[] = lang("SQL_ERROR");
}
} }
//Toggle protected setting
if(in_array($user->data()->id,$master_account)) {
$protected = Input::get("protected");
if (isset($protected) AND $protected == '1'){
if ($userdetails->protected == 0){
if (updateUser('protected', $userId, 1)){
$successes[] = lang("USER_PROTECTION", array("now"));
}else{
$errors[] = lang("SQL_ERROR");
}
}
}elseif ($userdetails->protected == 1){
if (updateUser('protected', $userId, 0)){
$successes[] = lang("USER_PROTECTION", array("no longer"));
}else{
$errors[] = lang("SQL_ERROR");
}
} }
//Toggle msg_exempt setting
$msg_exempt = Input::get("msg_exempt");
if (isset($msg_exempt) AND $msg_exempt == '1'){
if ($userdetails->msg_exempt == 0){
if (updateUser('msg_exempt', $userId, 1)){
$successes[] = lang("USER_MESSAGE_EXEMPT", array("now"));
}else{
$errors[] = lang("SQL_ERROR");
}
}
}elseif ($userdetails->msg_exempt == 1){
if (updateUser('msg_exempt', $userId, 0)){
$successes[] = lang("USER_MESSAGE_EXEMPT", array("no longer"));
}else{
$errors[] = lang("SQL_ERROR");
}
}
//Toggle dev_user setting
$dev_user = Input::get("dev_user");
if (isset($dev_user) AND $dev_user == '1'){
if ($userdetails->dev_user == 0){
if (updateUser('dev_user', $userId, 1)){
$successes[] = lang("USER_DEV_OPTION", array("now"));
}else{
$errors[] = lang("SQL_ERROR");
}
}
}elseif ($userdetails->dev_user == 1){
if (updateUser('dev_user', $userId, 0)){
$successes[] = lang("USER_DEV_OPTION", array("no longer"));
}else{
$errors[] = lang("SQL_ERROR");
}
}
//Remove permission level
if(!empty($_POST['removePermission'])){
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($remove, $userId)){
$successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array ($deletion_count));
}
else {
$errors[] = lang("SQL_ERROR");
}
}
if(!empty($_POST['addPermission'])){
$add = $_POST['addPermission'];
if ($addition_count = addPermission($add, $userId,'user')){
$successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count));
}
else {
$errors[] = lang("SQL_ERROR");
}
}
}
$userdetails = fetchUserDetails(NULL, NULL, $userId);
} }
$userPermission = fetchUserPermissions($userId);
$currentuserPermission = fetchUserPermissions($user->data()->id);
$permissionData = fetchAllPermissions();
$grav = get_gravatar(strtolower(trim($userdetails->email)));
$useravatar = '<img src="'.$grav.'" class="img-responsive img-thumbnail" alt="">';
if((!in_array($user->data()->id, $master_account) && in_array($userId, $master_account) || !in_array($user->data()->id, $master_account) && $userdetails->protected==1) && $userId != $user->data()->id) $protectedprof = 1;
else $protectedprof = 0;
?>
<div id="page-wrapper">
<div class="container">
<?=resultBlock($errors,$successes);?>
<?=$validation->display_errors();?>
<div class="row">
<div class="col-xs-12 col-sm-2"><!--left col-->
<?php echo $useravatar;?>
</div><!--/col-2-->
<div class="col-xs-12 col-sm-10">
<form class="form" id='adminUser' name='adminUser' action='admin_user.php?id=<?=$userId?>' method='post'>
<h3><?=$userdetails->fname?> <?=$userdetails->lname?> - <?=$userdetails->username?></h3>
<div class="panel panel-default">
<div class="panel-heading">User ID: <?=$userdetails->id?><?php if($act==1) {?> - <?php if($userdetails->email_verified==1) {?> Email Verified <input type="hidden" name="email_verified" value="1" /><?php } elseif($userdetails->email_verified==0) {?> Email Unverified - <input type="checkbox" name="email_verified" value="1" /> Verify<?php } else {?>Error: No Validation<?php } } ?> <?php if($protectedprof==1) {?><p class="pull-right">PROTECTED PROFILE - EDIT DISABLED</p><?php } ?> <?php if(in_array($user->data()->id, $master_account)) {?><p class="pull-right"><input type="checkbox" name="protected" value="1" <?php if($userdetails->protected==1){?>checked<?php } ?>/> Protected Account</p><?php } ?></div>
<div class="panel-body">
<label>Joined: </label> <?=$userdetails->join_date?><br/>
<label>Last Login: </label> <?php if($userdetails->last_login != 0) { echo $userdetails->last_login; } else {?> <i>Never</i> <?php }?><br/>
<label>Username:</label>
<input class='form-control' type='text' name='username' value='<?=$userdetails->username?>' />
<label>Email:</label>
<input class='form-control' type='text' name='email' value='<?=$userdetails->email?>' />
<label>First Name:</label>
<input class='form-control' type='text' name='fname' value='<?=$userdetails->fname?>' />
<label>Last Name:</label>
<input class='form-control' type='text' name='lname' value='<?=$userdetails->lname?>' />
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">Functions <?php if($protectedprof==1) {?><p class="pull-right">PROTECTED PROFILE - EDIT DISABLED</p><?php } ?></div>
<div class="panel-body">
<center>
<div class="btn-group"><button type="button" class="btn btn-warning" data-toggle="modal" data-target="#password">Update Password</button></div>
<div class="btn-group"><button type="button" class="btn btn-info" data-toggle="modal" data-target="#systems">System Settings</button></div>
<div class="btn-group"><button type="button" class="btn btn-primary" data-toggle="modal" data-target="#permissions">Permission Settings</button></div>
<div class="btn-group"><button type="button" class="btn btn-default" data-toggle="modal" data-target="#misc">Misc Settings</button></div>
</center>
</div>
</div>
<div id="password" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Update Password</h4>
</div>
<div class="modal-body">
<div class="form-group">
<label>New Password (<?=$settings->min_pw?> char min, <?=$settings->max_pw?> max.)</label>
<input class='form-control' type='password' name='password' <?php if((!in_array($user->data()->id, $master_account) && in_array($userId, $master_account) || !in_array($user->data()->id, $master_account) && $userdetails->protected==1) && $userId != $user->data()->id) {?>disabled<?php } ?>/>
</div>
<div class="form-group">
<label>Confirm Password</label>
<input class='form-control' type='password' name='confirm' <?php if((!in_array($user->data()->id, $master_account) && in_array($userId, $master_account) || !in_array($user->data()->id, $master_account) && $userdetails->protected==1) && $userId != $user->data()->id) {?>disabled<?php } ?>/>
</div>
<label><input type="checkbox" name="sendPwReset" id="sendPwReset" /> Send Reset Email?</label>
</div>
<div class="modal-footer">
<div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
<div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div>
</div>
</div>
</div>
</div>
<div id="systems" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">System Settings</h4>
</div>
<div class="modal-body">
<?php //Your system content here - form is already included ?>
</div>
<div class="modal-footer">
<div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
<div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div>
</div>
</div>
</div>
</div>
<div id="permissions" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Permission Settings</h4>
</div>
<div class="modal-body">
<div class="panel panel-default">
<div class="panel-heading">Remove These Permission(s): <?php if($protectedprof==1) {?><p class="pull-right">PROTECTED PROFILE - EDIT DISABLED</p><?php } ?></div>
<div class="panel-body">
<?php
//NEW List of permission levels user is apart of
$perm_ids = [];
foreach($userPermission as $perm){
$perm_ids[] = $perm->permission_id;
}
$currentperm_ids = [];
foreach($currentuserPermission as $currentperm){
$currentperm_ids[] = $currentperm->permission_id;
}
foreach ($permissionData as $v1){
if(in_array($v1->id,$perm_ids)){ ?>
<input type='checkbox' name='removePermission[]' id='removePermission[]' value='<?=$v1->id;?>' <?php if(!in_array($v1->id,$currentperm_ids)){ ?>disabled<?php } ?> /> <?=$v1->name;?>
<?php
}
}
?>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">Add These Permission(s): <?php if($protectedprof==1) {?><p class="pull-right">PROTECTED PROFILE - EDIT DISABLED</p><?php } ?></div>
<div class="panel-body">
<?php
foreach ($permissionData as $v1){
if(!in_array($v1->id,$perm_ids)){ ?>
<input type='checkbox' name='addPermission[]' id='addPermission[]' value='<?=$v1->id;?>' <?php if(!in_array($v1->id,$currentperm_ids)){ ?>disabled<?php } ?>/> <?=$v1->name;?>
<?php
}
}
?>
</div>
</div>
</div>
<div class="modal-footer">
<div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
<div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div>
</div>
</div>
</div>
</div>
<div id="misc" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Misc Settings</h4>
</div>
<div class="modal-body">
<div class="form-group">
<label>Exempt Messages?</label>
<input type="checkbox" name="msg_exempt" value="1" <?php if($userdetails->msg_exempt==1){?>checked<?php } ?>/> <br />
<label>Dev User?</label>
<input type="checkbox" name="dev_user" value="1" <?php if($userdetails->dev_user==1){?>checked<?php } ?>/> <br />
<br /><label> Block?:</label>
<select name="active" class="form-control">
<option value="1" <?php if ($userdetails->permissions==1){echo "selected='selected'";} else { if(!checkMenu(2,$user->data()->id)){ ?>disabled<?php }} ?>>No</option>
<option value="0" <?php if ($userdetails->permissions==0){echo "selected='selected'";} else { if(!checkMenu(2,$user->data()->id)){ ?>disabled<?php }} ?>>Yes</option>
</select>
<label> Force Password Reset?:</label>
<select name="force_pr" class="form-control">
<option <?php if ($userdetails->force_pr==0){echo "selected='selected'";} ?> value="0">No</option>
<option <?php if ($userdetails->force_pr==1){echo "selected='selected'";} ?>value="1">Yes</option>
</select>
<br /><label>Delete this User?</label>
<input type='checkbox' name='delete[<?php echo "$userId"; ?>]' id='delete[<? echo "$userId"; ?>]' value='<?php echo "$userId"; ?>' <?php if (!checkMenu(2,$user->data()->id) || $userId == 1){ ?>disabled<?php } ?>>
</div>
<div class="modal-footer">
<div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
<div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div>
</div>
</div>
</div>
</div>
</div>
<input type="hidden" name="csrf" value="<?=Token::generate();?>" />
<div class="pull-right">
<div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
<div class="btn-group"><a class='btn btn-warning' href="admin_users.php">Cancel</a></div><br /><Br />
</div>
</form>
</div><!--/col-9-->
</div><!--/row-->
</div>
</div>
<?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
<!-- Place any per-page javascript here -->
<script src="js/jwerty.js"></script>
<script>
jwerty.key('esc', function () {
$('.modal').modal('hide');
});
</script>
<?php if($protectedprof==1) {?>
<script>$('#adminUser').find('input:enabled, select:enabled, textarea:enabled').attr('disabled', 'disabled');</script>
<?php } ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?> Pasted: Sep 2, 2017, 7:48:20 pm
Views: 21