restrictAccess(Auth::isAdmin()); require_once WT_ROOT . 'includes/functions/functions_edit.php'; // Valid values for form variables $ALL_EDIT_OPTIONS = array( 'none' => /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Visitor'), 'access'=> /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Member'), 'edit' => /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Editor'), 'accept'=> /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Moderator'), 'admin' => /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Manager') ); // Form actions switch (WT_Filter::post('action')) { case 'save': if (WT_Filter::checkCsrf()) { $user_id = WT_Filter::postInteger('user_id'); $user = User::find($user_id); $username = WT_Filter::post('username'); $real_name = WT_Filter::post('real_name'); $email = WT_Filter::postEmail('email'); $pass1 = WT_Filter::post('pass1', WT_REGEX_PASSWORD); $pass2 = WT_Filter::post('pass2', WT_REGEX_PASSWORD); $theme = WT_Filter::post('theme', implode('|', array_keys(Theme::installedThemes())), ''); $language = WT_Filter::post('language', implode('|', array_keys(WT_I18N::installed_languages())), WT_LOCALE); $contact_method = WT_Filter::post('contact_method'); $comment = WT_Filter::post('comment'); $auto_accept = WT_Filter::postBool('auto_accept'); $admin = WT_Filter::postBool('admin'); $visible_online = WT_Filter::postBool('visible_online'); $verified = WT_Filter::postBool('verified'); $approved = WT_Filter::postBool('approved'); if ($user_id === 0) { // Create a new user if (User::findByIdentifier($username)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.')); } elseif (User::findByIdentifier($email)) { WT_FlashMessages::addMessage(WT_I18N::translate('Duplicate email address. A user with that email already exists.')); } elseif ($pass1 !== $pass2) { WT_FlashMessages::addMessage(WT_I18N::translate('Passwords do not match.')); } else { $user = User::create($username, $real_name, $email, $pass1); $user->setPreference('reg_timestamp', date('U'))->setPreference('sessiontime', '0'); Log::addAuthenticationLog('User ->' . $username . '<- created'); } } else { $user = User::find($user_id); if ($user && $username && $real_name) { $user->setEmail($email); $user->setUserName($username); $user->setRealName($real_name); if ($pass1 !== null && $pass1 === $pass2) { $user->setPassword($pass1); } } } if ($user) { // Approving for the first time? Send a confirmation email if ($approved && !$user->getPreference('verified_by_admin') && $user->getPreference('sessiontime') == 0) { WT_I18N::init($user->getPreference('language')); WT_Mail::systemMessage( $WT_TREE, $user, WT_I18N::translate('Approval of account at %s', WT_BASE_URL), WT_I18N::translate('The administrator at the webtrees site %s has approved your application for an account. You may now login by accessing the following link: %s', WT_BASE_URL, WT_BASE_URL) ); } $user ->setPreference('theme', $theme) ->setPreference('language', $language) ->setPreference('contactmethod', $contact_method) ->setPreference('comment', $comment) ->setPreference('auto_accept', $auto_accept ? '1' : '0') ->setPreference('visibleonline', $visible_online ? '1' : '0') ->setPreference('verified', $verified ? '1' : '0') ->setPreference('verified_by_admin', $approved ? '1' : '0'); // We cannot change our own admin status. Another admin will need to do it. if ($user->getUserId() !== Auth::id()) { $user->setPreference('admin', $admin ? '1' : '0'); } foreach (WT_Tree::getAll() as $tree) { $tree->setUserPreference($user, 'gedcomid', WT_Filter::post('gedcomid' . $tree->id(), WT_REGEX_XREF)); $tree->setUserPreference($user, 'rootid', WT_Filter::post('rootid' . $tree->id(), WT_REGEX_XREF)); $tree->setUserPreference($user, 'canedit', WT_Filter::post('canedit' . $tree->id(), implode('|', array_keys($ALL_EDIT_OPTIONS)))); if (WT_Filter::post('gedcomid' . $tree->id(), WT_REGEX_XREF)) { $tree->setUserPreference($user, 'RELATIONSHIP_PATH_LENGTH', WT_Filter::postInteger('RELATIONSHIP_PATH_LENGTH' . $tree->id(), 0, 10, 0)); } else { // Do not allow a path length to be set if the individual ID is not $tree->setUserPreference($user, 'RELATIONSHIP_PATH_LENGTH', null); } } } } header('Location: ' . WT_BASE_URL . WT_SCRIPT_NAME); return; } switch (WT_Filter::get('action')) { case 'loadrows': // Generate an AJAX/JSON response for datatables to load a block of rows $search = WT_Filter::postArray('search'); $search = $search['value']; $start = WT_Filter::postInteger('start'); $length = WT_Filter::postInteger('length'); $WHERE = " WHERE u.user_id > 0"; $ARGS = array(); if ($search) { $WHERE .= " AND (" . " user_name LIKE CONCAT('%', ?, '%') OR " . " real_name LIKE CONCAT('%', ?, '%') OR " . " email LIKE CONCAT('%', ?, '%'))"; $ARGS = array($search, $search, $search); } Auth::user()->setPreference('admin_users_page_size', $length); if ($length > 0) { $LIMIT = " LIMIT " . $start . ',' . $length; } else { $LIMIT = ""; } $order = WT_Filter::postArray('order'); if ($order) { $ORDER_BY = ' ORDER BY '; foreach ($order as $key => $value) { if ($key > 0) { $ORDER_BY .= ','; } // Datatables numbers columns 0, 1, 2, ... // MySQL numbers columns 1, 2, 3, ... switch ($value['dir']) { case 'asc': $ORDER_BY .= (1 + $value['column']) . ' ASC '; break; case 'desc': $ORDER_BY .= (1 + $value['column']) . ' DESC '; break; } } } else { $ORDER_BY = '1 ASC'; } $sql = "SELECT SQL_CACHE SQL_CALC_FOUND_ROWS '', u.user_id, user_name, real_name, email, us1.setting_value, us2.setting_value, us2.setting_value, us3.setting_value, us3.setting_value, us4.setting_value, us5.setting_value" . " FROM `##user` u" . " LEFT JOIN `##user_setting` us1 ON (u.user_id=us1.user_id AND us1.setting_name='language')" . " LEFT JOIN `##user_setting` us2 ON (u.user_id=us2.user_id AND us2.setting_name='reg_timestamp')" . " LEFT JOIN `##user_setting` us3 ON (u.user_id=us3.user_id AND us3.setting_name='sessiontime')" . " LEFT JOIN `##user_setting` us4 ON (u.user_id=us4.user_id AND us4.setting_name='verified')" . " LEFT JOIN `##user_setting` us5 ON (u.user_id=us5.user_id AND us5.setting_name='verified_by_admin')" . $WHERE . $ORDER_BY . $LIMIT; // This becomes a JSON list, not array, so need to fetch with numeric keys. $data = WT_DB::prepare($sql)->execute($ARGS)->fetchAll(PDO::FETCH_NUM); $installed_languages = WT_I18N::installed_languages(); // Reformat various columns for display foreach ($data as &$datum) { $user_id = $datum[1]; $user_name = $datum[2]; if ($user_id != Auth::id()) { $admin_options = '