- <?php
- /*
- UserSpice 4
- An Open Source PHP User Management System
- by the UserSpice Team at http://UserSpice.com
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
- ?>
- <?php require_once '../users/init.php'; ?>
- <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
- <?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
- <?php if (!securePage($_SERVER['PHP_SELF'])){die();} ?>
- <?php
- $validation = new Validate();
- //PHP Goes Here!
- $query = $db->query("SELECT * FROM email");
- $results = $query->first();
- $act = $results->email_act;
- $errors = [];
- $successes = [];
- $userId = Input::get('id');
- $email = $db->query("SELECT * FROM email")->first();
- //Check if selected user exists
- if(!userIdExists($userId)){
- Redirect::to('admin_users.php?err=That user does not exist.'); die();
- }
- $userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details
- //Forms posted
- if(!empty($_POST)) {
- $token = $_POST['csrf'];
- if(!Token::check($token)){
- die('Token doesn\'t match!');
- }else {
- if(!empty($_POST['delete'])){
- $deletions = $_POST['delete'];
- if ($deletion_count = deleteUsers($deletions)){
- Redirect::to('admin_users.php?msg='.lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count)));
- }
- else {
- $errors[] = lang("SQL_ERROR");
- }
- }
- else
- {
- //Update display name
- if ($userdetails->username != $_POST['username']){
- $displayname = Input::get("username");
- $fields=array('username'=>$displayname);
- $validation->check($_POST,array(
- 'username' => array(
- 'display' => 'Username',
- 'required' => true,
- 'unique_update' => 'users,'.$userId,
- 'min' => 1,
- 'max' => 25
- )
- ));
- if($validation->passed()){
- $db->update('users',$userId,$fields);
- $successes[] = "Username Updated";
- }else{
- }
- }
- //Update first name
- if ($userdetails->fname != $_POST['fname']){
- $fname = Input::get("fname");
- $fields=array('fname'=>$fname);
- $validation->check($_POST,array(
- 'fname' => array(
- 'display' => 'First Name',
- 'required' => true,
- 'min' => 1,
- 'max' => 25
- )
- ));
- if($validation->passed()){
- $db->update('users',$userId,$fields);
- $successes[] = "First Name Updated";
- }else{
- ?><div id="form-errors">
- <?=$validation->display_errors();?></div>
- <?php
- }
- }
- //Update last name
- if ($userdetails->lname != $_POST['lname']){
- $lname = Input::get("lname");
- $fields=array('lname'=>$lname);
- $validation->check($_POST,array(
- 'lname' => array(
- 'display' => 'Last Name',
- 'required' => true,
- 'min' => 1,
- 'max' => 25
- )
- ));
- if($validation->passed()){
- $db->update('users',$userId,$fields);
- $successes[] = "Last Name Updated";
- }else{
- ?><div id="form-errors">
- <?=$validation->display_errors();?></div>
- <?php
- }
- }
- if(!empty($_POST['password'])) {
- $validation->check($_POST,array(
- 'password' => array(
- 'display' => 'New Password',
- 'required' => true,
- 'min' => $settings->min_pw,
- 'max' => $settings->max_pw,
- ),
- 'confirm' => array(
- 'display' => 'Confirm New Password',
- 'required' => true,
- 'matches' => 'password',
- ),
- ));
- if (empty($errors)) {
- //process
- $new_password_hash = password_hash(Input::get('password', true), PASSWORD_BCRYPT, array('cost' => 12));
- $user->update(array('password' => $new_password_hash,),$userId);
- $successes[]='Password updated.';
- }
- }
- if(isset($_POST['sendPwReset'])) {
- $params = array(
- 'username' => $userdetails->username,
- 'sitename' => $settings->site_name,
- 'fname' => $userdetails->fname,
- 'email' => rawurlencode($userdetails->email),
- 'vericode' => $userdetails->vericode,
- );
- $to = rawurlencode($userdetails->email);
- $subject = 'Password Reset';
- $body = email_body('_email_adminPwReset.php',$params);
- email($to,$subject,$body);
- $successes[] = "Password reset sent.";
- }
- //Block User
- if ($userdetails->permissions != $_POST['active']){
- $active = Input::get("active");
- $fields=array('permissions'=>$active);
- $db->update('users',$userId,$fields);
- $successes[] = "Set user access to $active.";
- }
- //Force PW User
- if ($userdetails->force_pr != $_POST['force_pr']){
- $force_pr = Input::get("force_pr");
- $fields=array('force_pr'=>$force_pr);
- $db->update('users',$userId,$fields);
- $successes[] = "Set force_pr to $force_pr.";
- }
- //Update email
- if ($userdetails->email != $_POST['email']){
- $email = Input::get("email");
- $fields=array('email'=>$email);
- $validation->check($_POST,array(
- 'email' => array(
- 'display' => 'Email',
- 'required' => true,
- 'valid_email' => true,
- 'unique_update' => 'users,'.$userId,
- 'min' => 3,
- 'max' => 75
- )
- ));
- if($validation->passed()){
- $db->update('users',$userId,$fields);
- $successes[] = "Email Updated";
- }else{
- ?><div id="form-errors">
- <?=$validation->display_errors();?></div>
- <?php
- }
- }
- //Update validation
- if($email->email_act==1) {
- $email_verified = Input::get("email_verified");
- if (isset($email_verified) AND $email_verified == '1'){
- if ($userdetails->email_verified == 0){
- if (updateUser('email_verified', $userId, 1)){
- $successes[] = "Verification Updated";
- }else{
- $errors[] = lang("SQL_ERROR");
- }
- }
- }elseif ($userdetails->email_verified == 1){
- if (updateUser('email_verified', $userId, 0)){
- $successes[] = "Verification Updated";
- }else{
- $errors[] = lang("SQL_ERROR");
- }
- } }
- //Toggle protected setting
- if(in_array($user->data()->id,$master_account)) {
- $protected = Input::get("protected");
- if (isset($protected) AND $protected == '1'){
- if ($userdetails->protected == 0){
- if (updateUser('protected', $userId, 1)){
- $successes[] = lang("USER_PROTECTION", array("now"));
- }else{
- $errors[] = lang("SQL_ERROR");
- }
- }
- }elseif ($userdetails->protected == 1){
- if (updateUser('protected', $userId, 0)){
- $successes[] = lang("USER_PROTECTION", array("no longer"));
- }else{
- $errors[] = lang("SQL_ERROR");
- }
- } }
- //Toggle msg_exempt setting
- $msg_exempt = Input::get("msg_exempt");
- if (isset($msg_exempt) AND $msg_exempt == '1'){
- if ($userdetails->msg_exempt == 0){
- if (updateUser('msg_exempt', $userId, 1)){
- $successes[] = lang("USER_MESSAGE_EXEMPT", array("now"));
- }else{
- $errors[] = lang("SQL_ERROR");
- }
- }
- }elseif ($userdetails->msg_exempt == 1){
- if (updateUser('msg_exempt', $userId, 0)){
- $successes[] = lang("USER_MESSAGE_EXEMPT", array("no longer"));
- }else{
- $errors[] = lang("SQL_ERROR");
- }
- }
- //Toggle dev_user setting
- $dev_user = Input::get("dev_user");
- if (isset($dev_user) AND $dev_user == '1'){
- if ($userdetails->dev_user == 0){
- if (updateUser('dev_user', $userId, 1)){
- $successes[] = lang("USER_DEV_OPTION", array("now"));
- }else{
- $errors[] = lang("SQL_ERROR");
- }
- }
- }elseif ($userdetails->dev_user == 1){
- if (updateUser('dev_user', $userId, 0)){
- $successes[] = lang("USER_DEV_OPTION", array("no longer"));
- }else{
- $errors[] = lang("SQL_ERROR");
- }
- }
- //Remove permission level
- if(!empty($_POST['removePermission'])){
- $remove = $_POST['removePermission'];
- if ($deletion_count = removePermission($remove, $userId)){
- $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array ($deletion_count));
- }
- else {
- $errors[] = lang("SQL_ERROR");
- }
- }
- if(!empty($_POST['addPermission'])){
- $add = $_POST['addPermission'];
- if ($addition_count = addPermission($add, $userId,'user')){
- $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count));
- }
- else {
- $errors[] = lang("SQL_ERROR");
- }
- }
- }
- $userdetails = fetchUserDetails(NULL, NULL, $userId);
- } }
- $userPermission = fetchUserPermissions($userId);
- $currentuserPermission = fetchUserPermissions($user->data()->id);
- $permissionData = fetchAllPermissions();
- $grav = get_gravatar(strtolower(trim($userdetails->email)));
- $useravatar = '<img src="'.$grav.'" class="img-responsive img-thumbnail" alt="">';
- if((!in_array($user->data()->id, $master_account) && in_array($userId, $master_account) || !in_array($user->data()->id, $master_account) && $userdetails->protected==1) && $userId != $user->data()->id) $protectedprof = 1;
- else $protectedprof = 0;
- ?>
- <div id="page-wrapper">
- <div class="container">
- <?=resultBlock($errors,$successes);?>
- <?=$validation->display_errors();?>
- <div class="row">
- <div class="col-xs-12 col-sm-2"><!--left col-->
- <?php echo $useravatar;?>
- </div><!--/col-2-->
- <div class="col-xs-12 col-sm-10">
- <form class="form" id='adminUser' name='adminUser' action='admin_user.php?id=<?=$userId?>' method='post'>
- <h3><?=$userdetails->fname?> <?=$userdetails->lname?> - <?=$userdetails->username?></h3>
- <div class="panel panel-default">
- <div class="panel-heading">User ID: <?=$userdetails->id?><?php if($act==1) {?> - <?php if($userdetails->email_verified==1) {?> Email Verified <input type="hidden" name="email_verified" value="1" /><?php } elseif($userdetails->email_verified==0) {?> Email Unverified - <input type="checkbox" name="email_verified" value="1" /> Verify<?php } else {?>Error: No Validation<?php } } ?> <?php if($protectedprof==1) {?><p class="pull-right">PROTECTED PROFILE - EDIT DISABLED</p><?php } ?> <?php if(in_array($user->data()->id, $master_account)) {?><p class="pull-right"><input type="checkbox" name="protected" value="1" <?php if($userdetails->protected==1){?>checked<?php } ?>/> Protected Account</p><?php } ?></div>
- <div class="panel-body">
- <label>Joined: </label> <?=$userdetails->join_date?><br/>
- <label>Last Login: </label> <?php if($userdetails->last_login != 0) { echo $userdetails->last_login; } else {?> <i>Never</i> <?php }?><br/>
- <label>Username:</label>
- <input class='form-control' type='text' name='username' value='<?=$userdetails->username?>' />
- <label>Email:</label>
- <input class='form-control' type='text' name='email' value='<?=$userdetails->email?>' />
- <label>First Name:</label>
- <input class='form-control' type='text' name='fname' value='<?=$userdetails->fname?>' />
- <label>Last Name:</label>
- <input class='form-control' type='text' name='lname' value='<?=$userdetails->lname?>' />
- </div>
- </div>
- <div class="panel panel-default">
- <div class="panel-heading">Functions <?php if($protectedprof==1) {?><p class="pull-right">PROTECTED PROFILE - EDIT DISABLED</p><?php } ?></div>
- <div class="panel-body">
- <center>
- <div class="btn-group"><button type="button" class="btn btn-warning" data-toggle="modal" data-target="#password">Update Password</button></div>
- <div class="btn-group"><button type="button" class="btn btn-info" data-toggle="modal" data-target="#systems">System Settings</button></div>
- <div class="btn-group"><button type="button" class="btn btn-primary" data-toggle="modal" data-target="#permissions">Permission Settings</button></div>
- <div class="btn-group"><button type="button" class="btn btn-default" data-toggle="modal" data-target="#misc">Misc Settings</button></div>
- </center>
- </div>
- </div>
- <div id="password" class="modal fade" role="dialog">
- <div class="modal-dialog">
- <!-- Modal content-->
- <div class="modal-content">
- <div class="modal-header">
- <button type="button" class="close" data-dismiss="modal">×</button>
- <h4 class="modal-title">Update Password</h4>
- </div>
- <div class="modal-body">
- <div class="form-group">
- <label>New Password (<?=$settings->min_pw?> char min, <?=$settings->max_pw?> max.)</label>
- <input class='form-control' type='password' name='password' <?php if((!in_array($user->data()->id, $master_account) && in_array($userId, $master_account) || !in_array($user->data()->id, $master_account) && $userdetails->protected==1) && $userId != $user->data()->id) {?>disabled<?php } ?>/>
- </div>
- <div class="form-group">
- <label>Confirm Password</label>
- <input class='form-control' type='password' name='confirm' <?php if((!in_array($user->data()->id, $master_account) && in_array($userId, $master_account) || !in_array($user->data()->id, $master_account) && $userdetails->protected==1) && $userId != $user->data()->id) {?>disabled<?php } ?>/>
- </div>
- <label><input type="checkbox" name="sendPwReset" id="sendPwReset" /> Send Reset Email?</label>
- </div>
- <div class="modal-footer">
- <div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
- <div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div>
- </div>
- </div>
- </div>
- </div>
- <div id="systems" class="modal fade" role="dialog">
- <div class="modal-dialog">
- <!-- Modal content-->
- <div class="modal-content">
- <div class="modal-header">
- <button type="button" class="close" data-dismiss="modal">×</button>
- <h4 class="modal-title">System Settings</h4>
- </div>
- <div class="modal-body">
- <?php //Your system content here - form is already included ?>
- </div>
- <div class="modal-footer">
- <div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
- <div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div>
- </div>
- </div>
- </div>
- </div>
- <div id="permissions" class="modal fade" role="dialog">
- <div class="modal-dialog">
- <!-- Modal content-->
- <div class="modal-content">
- <div class="modal-header">
- <button type="button" class="close" data-dismiss="modal">×</button>
- <h4 class="modal-title">Permission Settings</h4>
- </div>
- <div class="modal-body">
- <div class="panel panel-default">
- <div class="panel-heading">Remove These Permission(s): <?php if($protectedprof==1) {?><p class="pull-right">PROTECTED PROFILE - EDIT DISABLED</p><?php } ?></div>
- <div class="panel-body">
- <?php
- //NEW List of permission levels user is apart of
- $perm_ids = [];
- foreach($userPermission as $perm){
- $perm_ids[] = $perm->permission_id;
- }
- $currentperm_ids = [];
- foreach($currentuserPermission as $currentperm){
- $currentperm_ids[] = $currentperm->permission_id;
- }
- foreach ($permissionData as $v1){
- if(in_array($v1->id,$perm_ids)){ ?>
- <input type='checkbox' name='removePermission[]' id='removePermission[]' value='<?=$v1->id;?>' <?php if(!in_array($v1->id,$currentperm_ids)){ ?>disabled<?php } ?> /> <?=$v1->name;?>
- <?php
- }
- }
- ?>
- </div>
- </div>
- <div class="panel panel-default">
- <div class="panel-heading">Add These Permission(s): <?php if($protectedprof==1) {?><p class="pull-right">PROTECTED PROFILE - EDIT DISABLED</p><?php } ?></div>
- <div class="panel-body">
- <?php
- foreach ($permissionData as $v1){
- if(!in_array($v1->id,$perm_ids)){ ?>
- <input type='checkbox' name='addPermission[]' id='addPermission[]' value='<?=$v1->id;?>' <?php if(!in_array($v1->id,$currentperm_ids)){ ?>disabled<?php } ?>/> <?=$v1->name;?>
- <?php
- }
- }
- ?>
- </div>
- </div>
- </div>
- <div class="modal-footer">
- <div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
- <div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div>
- </div>
- </div>
- </div>
- </div>
- <div id="misc" class="modal fade" role="dialog">
- <div class="modal-dialog">
- <!-- Modal content-->
- <div class="modal-content">
- <div class="modal-header">
- <button type="button" class="close" data-dismiss="modal">×</button>
- <h4 class="modal-title">Misc Settings</h4>
- </div>
- <div class="modal-body">
- <div class="form-group">
- <label>Exempt Messages?</label>
- <input type="checkbox" name="msg_exempt" value="1" <?php if($userdetails->msg_exempt==1){?>checked<?php } ?>/> <br />
- <label>Dev User?</label>
- <input type="checkbox" name="dev_user" value="1" <?php if($userdetails->dev_user==1){?>checked<?php } ?>/> <br />
- <br /><label> Block?:</label>
- <select name="active" class="form-control">
- <option value="1" <?php if ($userdetails->permissions==1){echo "selected='selected'";} else { if(!checkMenu(2,$user->data()->id)){ ?>disabled<?php }} ?>>No</option>
- <option value="0" <?php if ($userdetails->permissions==0){echo "selected='selected'";} else { if(!checkMenu(2,$user->data()->id)){ ?>disabled<?php }} ?>>Yes</option>
- </select>
- <label> Force Password Reset?:</label>
- <select name="force_pr" class="form-control">
- <option <?php if ($userdetails->force_pr==0){echo "selected='selected'";} ?> value="0">No</option>
- <option <?php if ($userdetails->force_pr==1){echo "selected='selected'";} ?>value="1">Yes</option>
- </select>
- <br /><label>Delete this User?</label>
- <input type='checkbox' name='delete[<?php echo "$userId"; ?>]' id='delete[<? echo "$userId"; ?>]' value='<?php echo "$userId"; ?>' <?php if (!checkMenu(2,$user->data()->id) || $userId == 1){ ?>disabled<?php } ?>>
- </div>
- <div class="modal-footer">
- <div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
- <div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div>
- </div>
- </div>
- </div>
- </div>
- </div>
- <input type="hidden" name="csrf" value="<?=Token::generate();?>" />
- <div class="pull-right">
- <div class="btn-group"><input class='btn btn-primary' type='submit' value='Update' class='submit' /></div>
- <div class="btn-group"><a class='btn btn-warning' href="admin_users.php">Cancel</a></div><br /><Br />
- </div>
- </form>
- </div><!--/col-9-->
- </div><!--/row-->
- </div>
- </div>
- <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
- <!-- Place any per-page javascript here -->
- <script src="js/jwerty.js"></script>
- <script>
- jwerty.key('esc', function () {
- $('.modal').modal('hide');
- });
- </script>
- <?php if($protectedprof==1) {?>
- <script>$('#adminUser').find('input:enabled, select:enabled, textarea:enabled').attr('disabled', 'disabled');</script>
- <?php } ?>
- <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>