b2evolution PHP Cross Reference Blogging Systems

Source: /inc/users/user.ctrl.php - 887 lines - 29579 bytes - Text - Print

   1  <?php
   2  
   3  if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
   4  
   5  /**
   6   * @var AdminUI_general
   7   */
   8  global $AdminUI;
   9  
  10  param( 'user_tab', 'string', '', true );
  11  if( empty($user_tab) )
  12  {
  13      $user_tab = 'profile';
  14  }
  15  
  16  $AdminUI->set_path( 'users', 'users' );
  17  
  18  param_action();
  19  
  20  param( 'user_ID', 'integer', NULL );    // Note: should NOT be memorized (would kill navigation/sorting) use memorize_param() if needed
  21  param( 'redirect_to', 'url', NULL );
  22  
  23  param( 'display_mode', 'string', 'normal' );
  24  
  25  /**
  26   * @global boolean true, if user is only allowed to edit his profile
  27   */
  28  $user_profile_only = ! $current_User->check_perm( 'users', 'view' );
  29  
  30  if( $user_profile_only )
  31  { // User has no permissions to view: he can only edit his profile
  32  
  33      if( isset($user_ID) && $user_ID != $current_User->ID )
  34      { // User is trying to edit something he should not: add error message (Should be prevented by UI)
  35          $Messages->add( T_('You have no permission to view other users!'), 'error' );
  36      }
  37  
  38      // Make sure the user only edits himself:
  39      $user_ID = $current_User->ID;
  40      if( ! in_array( $action, array( 'update', 'update_avatar', 'upload_avatar', 'edit', 'default_settings' ) ) )
  41      {
  42          $action = 'edit';
  43      }
  44  }
  45  
  46  /*
  47   * Load editable objects and set $action (while checking permissions)
  48   */
  49  
  50  $UserCache = & get_UserCache();
  51  
  52  if( ! is_null($user_ID) )
  53  { // User selected
  54      if( $action == 'update' && $user_ID == 0 )
  55      { // we create a new user
  56          $edited_User = new User();
  57          $edited_User->set_datecreated( $localtimenow );
  58      }
  59      elseif( ($edited_User = & $UserCache->get_by_ID( $user_ID, false )) === false )
  60      {    // We could not find the User to edit:
  61          unset( $edited_User );
  62          forget_param( 'user_ID' );
  63          $Messages->add( sprintf( T_('Requested &laquo;%s&raquo; object does not exist any longer.'), T_('User') ), 'error' );
  64          // Redirect so that a reload doesn't write to the DB twice:
  65          header_redirect( '?ctrl=users', 303 ); // Will EXIT
  66          // We have EXITed already at this point!!
  67      }
  68  
  69      if( $action != 'view' && $action != 'report_user' && $action != 'remove_report' )
  70      { // check edit permissions
  71          if( ! $current_User->check_perm( 'users', 'edit' )
  72              && $edited_User->ID != $current_User->ID )
  73          { // user is only allowed to _view_ other user's profiles
  74              $Messages->add( T_('You have no permission to edit other users!'), 'error' );
  75              $action = 'view';
  76          }
  77          elseif( $demo_mode && ( $edited_User->ID <= 3 ) && ( $edited_User->ID > 0 ) )
  78          { // Demo mode restrictions: users created by install process cannot be edited
  79              $Messages->add( T_('You cannot edit the admin and demo users profile in demo mode!'), 'error' );
  80  
  81              if( strpos( $action, 'delete_' ) === 0 || $action == 'promote' )
  82              {   // Fallback to list/view action
  83                  header_redirect( regenerate_url( 'ctrl,action', 'ctrl=users&amp;action=list' ) );
  84              }
  85              else
  86              {
  87                  $action = 'view';
  88              }
  89          }
  90      }
  91  }
  92  elseif( $action != 'new' )
  93  { // user ID is not set, edit the current user
  94      $user_ID = $current_User->ID;
  95      $edited_User = $current_User;
  96  }
  97  
  98  /*
  99   * Perform actions, if there were no errors:
 100   */
 101  if( !$Messages->has_errors() )
 102  { // no errors
 103      switch( $action )
 104      {
 105          case 'new':
 106              // We want to create a new user:
 107              if( isset( $edited_User ) )
 108              { // We want to use a template
 109                  $new_User = $edited_User; // Copy !
 110                  $new_User->set( 'ID', 0 );
 111                  $edited_User = & $new_User;
 112              }
 113              else
 114              { // We use an empty user:
 115                  $edited_User = new User();
 116              }
 117              break;
 118  
 119          case 'remove_avatar':
 120              // Check that this action request is not a CSRF hacked request:
 121              $Session->assert_received_crumb( 'user' );
 122  
 123              if( empty($edited_User) || !is_object($edited_User) )
 124              {
 125                  $Messages->add( 'No user set!' ); // Needs no translation, should be prevented by UI.
 126                  $action = 'list';
 127                  break;
 128              }
 129  
 130              if( !$edited_User->remove_avatar() )
 131              { // could not remove the avatar
 132                  $action = 'view';
 133                  break;
 134              }
 135  
 136              // Redirect so that a reload doesn't write to the DB twice:
 137              header_redirect( '?ctrl=user&user_tab=avatar&user_ID='.$edited_User->ID, 303 ); // Will EXIT
 138              // We have EXITed already at this point!!
 139              break;
 140  
 141          case 'delete_avatar':
 142              // Check that this action request is not a CSRF hacked request:
 143              $Session->assert_received_crumb( 'user' );
 144  
 145              if( empty($edited_User) || !is_object($edited_User) )
 146              {
 147                  $Messages->add( 'No user set!' ); // Needs no translation, should be prevented by UI.
 148                  $action = 'list';
 149                  break;
 150              }
 151              $file_ID = param( 'file_ID', 'integer', NULL );
 152  
 153              $result = $edited_User->delete_avatar( $file_ID );
 154              if( $result !== true )
 155              {
 156                  $action = $result;
 157                  break;
 158              }
 159              // Redirect so that a reload doesn't write to the DB twice:
 160              header_redirect( '?ctrl=user&user_tab=avatar&user_ID='.$edited_User->ID, 303 ); // Will EXIT
 161              // We have EXITed already at this point!!
 162              break;
 163  
 164          case 'upload_avatar':
 165              // Check that this action request is not a CSRF hacked request:
 166              $Session->assert_received_crumb( 'user' );
 167  
 168              if( empty($edited_User) || !is_object($edited_User) )
 169              {
 170                  $Messages->add( 'No user set!' ); // Needs no translation, should be prevented by UI.
 171                  $action = 'list';
 172                  break;
 173              }
 174  
 175              $result = $edited_User->update_avatar_from_upload();
 176              if( $result !== true )
 177              {
 178                  $action = $result;
 179                  break;
 180              }
 181              // Redirect so that a reload doesn't write to the DB twice:
 182              header_redirect( '?ctrl=user&user_tab=avatar&user_ID='.$edited_User->ID, 303 ); // Will EXIT
 183              // We have EXITed already at this point!!
 184              break;
 185  
 186          case 'update_avatar':
 187              // Check that this action request is not a CSRF hacked request:
 188              $Session->assert_received_crumb( 'user' );
 189  
 190              if( empty($edited_User) || !is_object($edited_User) )
 191              {
 192                  $Messages->add( 'No user set!' ); // Needs no translation, should be prevented by UI.
 193                  $action = 'list';
 194                  break;
 195              }
 196              $file_ID = param( 'file_ID', 'integer', NULL );
 197  
 198              $result = $edited_User->update_avatar( $file_ID );
 199              if( $result !== true )
 200              {
 201                  $action = $result;
 202                  break;
 203              }
 204              // Redirect so that a reload doesn't write to the DB twice:
 205              header_redirect( '?ctrl=user&user_tab=avatar&user_ID='.$edited_User->ID, 303 ); // Will EXIT
 206              // We have EXITed already at this point!!
 207              break;
 208  
 209          case 'rotate_avatar_90_left':
 210          case 'rotate_avatar_180':
 211          case 'rotate_avatar_90_right':
 212              // Check that this action request is not a CSRF hacked request:
 213              $Session->assert_received_crumb( 'user' );
 214  
 215              if( empty($edited_User) || !is_object($edited_User) )
 216              {
 217                  $Messages->add( 'No user set!' ); // Needs no translation, should be prevented by UI.
 218                  $action = 'list';
 219                  break;
 220              }
 221              $file_ID = param( 'file_ID', 'integer', NULL );
 222  
 223              switch( $action )
 224              {
 225                  case 'rotate_avatar_90_left':
 226                      $degrees = 90;
 227                      break;
 228                  case 'rotate_avatar_180':
 229                      $degrees = 180;
 230                      break;
 231                  case 'rotate_avatar_90_right':
 232                      $degrees = 270;
 233                      break;
 234              }
 235  
 236              $result = $edited_User->rotate_avatar( $file_ID, $degrees );
 237              if( $result !== true )
 238              {
 239                  switch( $result )
 240                  {
 241                      case 'only_own_profile':
 242                          $action = 'view';
 243                          break;
 244  
 245                      case 'wrong_file':
 246                      case 'other_user':
 247                      case 'rotate_error':
 248                      default:
 249                          $action = 'edit';
 250                          break;
 251                  }
 252                  break;
 253              }
 254              // Redirect so that a reload doesn't write to the DB twice:
 255              header_redirect( '?ctrl=user&user_tab=avatar&user_ID='.$edited_User->ID, 303 ); // Will EXIT
 256              // We have EXITed already at this point!!
 257              break;
 258  
 259          case 'update':
 260          case 'add_field':
 261          case 'subscribe':
 262              // Check that this action request is not a CSRF hacked request:
 263              $Session->assert_received_crumb( 'user' );
 264  
 265              // Update existing user OR create new user:
 266              if( empty($edited_User) || !is_object($edited_User) )
 267              {
 268                  $Messages->add( 'No user set!' ); // Needs no translation, should be prevented by UI.
 269                  $action = 'list';
 270                  break;
 271              }
 272  
 273              // if new user is true then it will redirect to user list after user has been created
 274              $is_new_user = $edited_User->ID == 0 ? true : false;
 275  
 276              $result = $edited_User->update_from_request( $is_new_user );
 277              if( $result !== true )
 278              {
 279                  $action = $result;
 280                  break;
 281              }
 282  
 283              if( param( 'advanced_form', 'boolean', false ) )
 284              {
 285                  $current_admin_skin = param( 'current_admin_skin', 'string' );
 286                  if( ( $current_admin_skin == $UserSettings->get( 'admin_skin', $current_User->ID ) ) &&
 287                      ( $current_admin_skin == $UserSettings->get( 'admin_skin', $edited_User->ID ) ) )
 288                  { // Save Admin skin display settings if admin skin wasn't changed, and
 289                      // edited user admin skin is the same as current user admin skin
 290                      $AdminUI->set_skin_settings( $edited_User->ID );
 291                  }
 292  
 293                  if( $UserSettings->dbupdate() )
 294                  {
 295                      $Messages->add( T_('User feature settings have been changed.'), 'success');
 296                  }
 297  
 298                  // PluginUserSettings
 299                  load_funcs('plugins/_plugin.funcs.php');
 300  
 301                  $any_plugin_settings_updated = false;
 302                  $Plugins->restart();
 303                  while( $loop_Plugin = & $Plugins->get_next() )
 304                  {
 305                      $pluginusersettings = $loop_Plugin->GetDefaultUserSettings( $tmp_params = array('for_editing'=>true) );
 306                      if( empty($pluginusersettings) )
 307                      {
 308                          continue;
 309                      }
 310  
 311                      // Loop through settings for this plugin:
 312                      foreach( $pluginusersettings as $set_name => $set_meta )
 313                      {
 314                          autoform_set_param_from_request( $set_name, $set_meta, $loop_Plugin, 'UserSettings', $edited_User );
 315                      }
 316  
 317                      // Let the plugin handle custom fields:
 318                      $ok_to_update = $Plugins->call_method( $loop_Plugin->ID, 'PluginUserSettingsUpdateAction', $tmp_params = array(
 319                          'User' => & $edited_User, 'action' => 'save' ) );
 320  
 321                      if( $ok_to_update === false )
 322                      {
 323                          $loop_Plugin->UserSettings->reset();
 324                      }
 325                      elseif( $loop_Plugin->UserSettings->dbupdate() )
 326                      {
 327                          $any_plugin_settings_updated = true;
 328                      }
 329                  }
 330  
 331                  if( $any_plugin_settings_updated )
 332                  {
 333                      $Messages->add( T_('Usersettings of Plugins have been updated.'), 'success' );
 334                  }
 335              }
 336  
 337              if( $is_new_user )
 338              { // New user is created
 339  
 340                  // Reset the filters in order to the new user can be seen
 341                  load_class( 'users/model/_userlist.class.php', 'UserList' );
 342                  $UserList = new UserList( 'admin' );
 343                  $UserList->refresh_query = true;
 344                  $UserList->query();
 345  
 346                  header_redirect( regenerate_url( 'ctrl,action', 'ctrl=users&amp;action=list', '', '&' ), 303 );
 347              }
 348              else
 349              { // The user is updated
 350                  if( ( $user_tab == 'admin' ) && ( $edited_User->ID == $current_User->ID ) )
 351                  { // an admin user has edited his own admin preferences
 352                      if( $current_User->check_status( 'is_closed' ) )
 353                      { // an admin user has changed his own status to closed, logout the user
 354                          logout();
 355                          header_redirect( $baseurl, 303 );
 356                          // will have exited
 357                      }
 358                      if( $current_User->grp_ID != 1 )
 359                      { // admin user has changed his own group, change user_tab for redirect
 360                          $user_tab = 'profile';
 361                      }
 362                  }
 363                  header_redirect( regenerate_url( '', 'user_ID='.$edited_User->ID.'&action=edit&user_tab='.$user_tab, '', '&' ), 303 );
 364              }
 365              break;
 366  
 367          case 'default_settings':
 368              // Check that this action request is not a CSRF hacked request:
 369              $Session->assert_received_crumb( 'user' );
 370  
 371              $reload_page = false; // We set it to true, if a setting changes that needs a page reload (locale, admin skin, ..)
 372  
 373              // Admin skin:
 374              $cur_admin_skin = $UserSettings->get('admin_skin');
 375  
 376              $UserSettings->delete( 'admin_skin', $edited_User->ID );
 377              if( $cur_admin_skin
 378                      && $UserSettings->get('admin_skin', $edited_User->ID ) != $cur_admin_skin
 379                      && ($edited_User->ID == $current_User->ID) )
 380              { // admin_skin has changed:
 381                  $reload_page = true;
 382              }
 383  
 384              // Reset user settings to defaults:
 385              $UserSettings->reset_to_defaults( $edited_User->ID, false );
 386  
 387              // Update user settings:
 388              if( $UserSettings->dbupdate() ) $Messages->add( T_('User feature settings have been changed.'), 'success');
 389  
 390              // PluginUserSettings
 391              $any_plugin_settings_updated = false;
 392              $Plugins->restart();
 393              while( $loop_Plugin = & $Plugins->get_next() )
 394              {
 395                  $pluginusersettings = $loop_Plugin->GetDefaultUserSettings( $tmp_params = array('for_editing'=>true) );
 396  
 397                  if( empty($pluginusersettings) )
 398                  {
 399                      continue;
 400                  }
 401  
 402                  foreach( $pluginusersettings as $k => $l_meta )
 403                  {
 404                      if( isset($l_meta['layout']) || ! empty($l_meta['no_edit']) )
 405                      { // a layout "setting" or not for editing
 406                          continue;
 407                      }
 408  
 409                      $loop_Plugin->UserSettings->delete($k, $edited_User->ID);
 410                  }
 411  
 412                  // Let the plugin handle custom fields:
 413                  $ok_to_update = $Plugins->call_method( $loop_Plugin->ID, 'PluginUserSettingsUpdateAction', $tmp_params = array(
 414                      'User' => & $edited_User, 'action' => 'reset' ) );
 415  
 416                  if( $ok_to_update === false )
 417                  {
 418                      $loop_Plugin->UserSettings->reset();
 419                  }
 420                  elseif( $loop_Plugin->UserSettings->dbupdate() )
 421                  {
 422                      $any_plugin_settings_updated = true;
 423                  }
 424              }
 425              if( $any_plugin_settings_updated )
 426              {
 427                  $Messages->add( T_('Usersettings of Plugins have been updated.'), 'success' );
 428              }
 429  
 430              // Always display the profile again:
 431              $action = 'edit';
 432  
 433              if( $reload_page )
 434              { // reload the current page through header redirection:
 435                  header_redirect( regenerate_url( '', 'user_ID='.$edited_User->ID.'&action='.$action, '', '&' ) ); // will save $Messages into Session
 436              }
 437              break;
 438  
 439          case 'refresh_regional':
 440              // Refresh a regions, sub-regions & cities (when JavaScript is disabled)
 441  
 442              // Check that this action request is not a CSRF hacked request:
 443              $Session->assert_received_crumb( 'user' );
 444  
 445              $edited_User->ctry_ID = param( 'edited_user_ctry_ID', 'integer', 0 );
 446              $edited_User->rgn_ID = param( 'edited_user_rgn_ID', 'integer', 0 );
 447              $edited_User->subrg_ID = param( 'edited_user_subrg_ID', 'integer', 0 );
 448              break;
 449  
 450          case 'delete_all_blogs':
 451              // Delete all blogs of edited user recursively
 452  
 453              // Check that this action request is not a CSRF hacked request:
 454              $Session->assert_received_crumb( 'user' );
 455  
 456              // Check edit permissions:
 457              $current_User->check_perm( 'users', 'edit', true );
 458  
 459              if( param( 'confirm', 'integer', 0 ) )
 460              {    // confirmed
 461                  if( $edited_User->delete_blogs() )
 462                  {    // The blogs were deleted successfully
 463                      $Messages->add( T_('All blogs of the user were deleted.'), 'success' );
 464  
 465                      // Redirect so that a reload doesn't write to the DB twice:
 466                      header_redirect( '?ctrl=user&user_tab=activity&user_ID='.$user_ID, 303 ); // Will EXIT
 467                      // We have EXITed already at this point!!
 468                  }
 469              }
 470              break;
 471  
 472          case 'delete_all_posts_created':
 473              // Delete all posts created by the user
 474  
 475              // Check that this action request is not a CSRF hacked request:
 476              $Session->assert_received_crumb( 'user' );
 477  
 478              // Check edit permissions:
 479              $current_User->check_perm( 'users', 'edit', true );
 480  
 481              if( param( 'confirm', 'integer', 0 ) )
 482              {    // confirmed
 483                  if( $edited_User->delete_posts( 'created' ) )
 484                  {    // The posts were deleted successfully
 485                      $Messages->add( T_('The posts created by the user were deleted.'), 'success' );
 486  
 487                      // Redirect so that a reload doesn't write to the DB twice:
 488                      header_redirect( '?ctrl=user&user_tab=activity&user_ID='.$user_ID, 303 ); // Will EXIT
 489                      // We have EXITed already at this point!!
 490                  }
 491              }
 492              break;
 493  
 494          case 'delete_all_posts_edited':
 495              // Delete all posts edited by the user
 496  
 497              // Check that this action request is not a CSRF hacked request:
 498              $Session->assert_received_crumb( 'user' );
 499  
 500              // Check edit permissions:
 501              $current_User->check_perm( 'users', 'edit', true );
 502  
 503              if( param( 'confirm', 'integer', 0 ) )
 504              {    // confirmed
 505                  if( $edited_User->delete_posts( 'edited' ) )
 506                  {    // The posts were deleted successfully
 507                      $Messages->add( T_('The posts edited by the user were deleted.'), 'success' );
 508  
 509                      // Redirect so that a reload doesn't write to the DB twice:
 510                      header_redirect( '?ctrl=user&user_tab=activity&user_ID='.$user_ID, 303 ); // Will EXIT
 511                      // We have EXITed already at this point!!
 512                  }
 513              }
 514              break;
 515  
 516          case 'delete_all_comments':
 517              // Delete all comments posted by the user
 518  
 519              // Check that this action request is not a CSRF hacked request:
 520              $Session->assert_received_crumb( 'user' );
 521  
 522              // Check edit permissions:
 523              $current_User->check_perm( 'users', 'edit', true );
 524  
 525              if( param( 'confirm', 'integer', 0 ) )
 526              {    // confirmed
 527                  if( $edited_User->delete_comments() )
 528                  {    // The posts were deleted successfully
 529                      $Messages->add( T_('The comments posted by the user were deleted.'), 'success' );
 530  
 531                      // Redirect so that a reload doesn't write to the DB twice:
 532                      header_redirect( '?ctrl=user&user_tab=activity&user_ID='.$user_ID, 303 ); // Will EXIT
 533                      // We have EXITed already at this point!!
 534                  }
 535              }
 536              break;
 537  
 538          case 'delete_all_messages':
 539              // Delete all messages posted by the user
 540  
 541              // Check that this action request is not a CSRF hacked request:
 542              $Session->assert_received_crumb( 'user' );
 543  
 544              // Check edit permissions:
 545              $current_User->check_perm( 'users', 'edit', true );
 546  
 547              if( param( 'confirm', 'integer', 0 ) )
 548              {    // confirmed
 549                  if( $edited_User->delete_messages() )
 550                  {    // The messages were deleted successfully
 551                      $Messages->add( T_('The private messages sent by the user were deleted.'), 'success' );
 552  
 553                      // Redirect so that a reload doesn't write to the DB twice:
 554                      header_redirect( '?ctrl=user&user_tab=activity&user_ID='.$user_ID, 303 ); // Will EXIT
 555                      // We have EXITed already at this point!!
 556                  }
 557              }
 558              break;
 559  
 560          case 'delete_all_userdata':
 561              // Delete user and all his contributions
 562  
 563              // Check that this action request is not a CSRF hacked request:
 564              $Session->assert_received_crumb( 'user' );
 565  
 566              // Check edit permissions:
 567              $current_User->check_perm( 'users', 'edit', true );
 568  
 569              if( $edited_User->ID == $current_User->ID || $edited_User->ID == 1 )
 570              {    // Don't delete a logged in user
 571                  break;
 572              }
 573  
 574              if( param( 'confirm', 'integer', 0 ) )
 575              {    // confirmed
 576                  $user_login = $edited_User->dget( 'login' );
 577  
 578                  if( $edited_User->delete_messages() &&
 579                      $edited_User->delete_comments() &&
 580                      $edited_User->delete_posts( 'created|edited' ) &&
 581                      $edited_User->delete_blogs() &&
 582                      $edited_User->dbdelete( $Messages ) )
 583                  {    // User and all his contributions were deleted successfully
 584                      $Messages->add( sprintf( T_('The user &laquo;%s&raquo; and all his contributions were deleted.'), $user_login ), 'success' );
 585  
 586                      // Redirect so that a reload doesn't write to the DB twice:
 587                      header_redirect( '?ctrl=users', 303 ); // Will EXIT
 588                      // We have EXITed already at this point!!
 589                  }
 590              }
 591              break;
 592  
 593          case 'report_user': // Report a user
 594              // Check that this action request is not a CSRF hacked request:
 595              $Session->assert_received_crumb( 'user' );
 596  
 597              if( !$current_User->check_status( 'can_report_user' ) )
 598              { // current User status doesn't allow user reporting
 599                  // Redirect to the account activation page
 600                  $Messages->add( T_( 'You must activate your account before you can report another user. <b>See below:</b>' ), 'error' );
 601                  header_redirect( get_activate_info_url(), 302 );
 602                  // will have exited
 603              }
 604  
 605              $report_status = param( 'report_user_status', 'string', '' );
 606              $report_info = param( 'report_info_content', 'text', '' );
 607              $user_ID = param( 'user_ID', 'integer', 0 );
 608  
 609              if( get_report_status_text( $report_status ) == '' )
 610              { // A report status is incorrect
 611                  $Messages->add( T_('Please select the correct report reason!'), 'error' );
 612                  $user_tab = 'report';
 613              }
 614  
 615              if( ! param_errors_detected() )
 616              {
 617                  // add report and block contact ( it will be blocked if was already on this user contact list )
 618                  add_report_from( $user_ID, $report_status, $report_info );
 619                  $blocked_message = '';
 620                  if( $current_User->check_perm( 'perm_messaging', 'reply' ) )
 621                  { // user has messaging permission, set/add this user as blocked contact
 622                      $contact_status = check_contact( $user_ID );
 623                      if( $contact_status == NULL )
 624                      { // contact doesn't exists yet, create as blocked contact
 625                          create_contacts_user( $user_ID, true );
 626                          $blocked_message = ' '.T_('You have also blocked this user from contacting you in the future.');
 627                      }
 628                      elseif( $contact_status )
 629                      { // contact exists and it's not blocked, set as blocked
 630                          set_contact_blocked( $user_ID, 1 );
 631                          $blocked_message = ' '.T_('You have also blocked this user from contacting you in the future.');
 632                      }
 633                  }
 634                  $Messages->add( T_('The user was repoted.').$blocked_message, 'success' );
 635              }
 636  
 637              header_redirect( $admin_url.'?ctrl=user&user_tab='.$user_tab.'&user_ID='.$user_ID );
 638              break;
 639  
 640      case 'remove_report': // Remove current User report from the given user
 641          // Check that this action request is not a CSRF hacked request:
 642          $Session->assert_received_crumb( 'user' );
 643  
 644          $user_ID = param( 'user_ID', 'integer', 0 );
 645  
 646          remove_report_from( $user_ID );
 647          $unblocked_message = '';
 648          if( set_contact_blocked( $user_ID, 0 ) )
 649          { // the user was unblocked
 650              $unblocked_message = ' '.T_('You have also unblocked this user. He will be able to contact you again in the future.');
 651          }
 652          $Messages->add( T_('The report was removed.').$unblocked_message, 'success' );
 653          header_redirect( $admin_url.'?ctrl=user&user_tab='.$user_tab.'&user_ID='.$user_ID );
 654          break;
 655      }
 656  }
 657  
 658  if( $display_mode != 'js')
 659  {
 660      // Display a form to quick search users
 661      $AdminUI->top_block = get_user_quick_search_form();
 662  
 663      // require colorbox js
 664      require_js_helper( 'colorbox', 'rsc_url' );
 665  
 666      $AdminUI->breadcrumbpath_init( false );  // fp> I'm playing with the idea of keeping the current blog in the path here...
 667      $AdminUI->breadcrumbpath_add( T_('Users'), '?ctrl=users' );
 668      if( $action == 'new' )
 669      {
 670          $AdminUI->breadcrumbpath_add( $edited_User->login, '?ctrl=user&amp;user_ID='.$edited_User->ID );
 671      }
 672      else
 673      {
 674          $AdminUI->breadcrumbpath_add( $edited_User->get_colored_login(), '?ctrl=user&amp;user_ID='.$edited_User->ID );
 675      }
 676  
 677      switch( $user_tab )
 678      {
 679          case 'profile':
 680              $AdminUI->breadcrumbpath_add( T_('Profile'), '?ctrl=user&amp;user_ID='.$edited_User->ID.'&amp;user_tab='.$user_tab );
 681              require_css( $rsc_url.'css/jquery/smoothness/jquery-ui.css' );
 682              init_userfields_js();
 683              break;
 684          case 'avatar':
 685              if( isset($GLOBALS['files_Module']) )
 686              {
 687                  $AdminUI->breadcrumbpath_add( T_('Profile picture'), '?ctrl=user&amp;user_ID='.$edited_User->ID.'&amp;user_tab='.$user_tab );
 688              }
 689              break;
 690          case 'pwdchange':
 691              $AdminUI->breadcrumbpath_add( T_('Change password'), '?ctrl=user&amp;user_ID='.$edited_User->ID.'&amp;user_tab='.$user_tab );
 692              break;
 693          case 'userprefs':
 694              $AdminUI->breadcrumbpath_add( T_('Preferences'), '?ctrl=user&amp;user_ID='.$edited_User->ID.'&amp;user_tab='.$user_tab );
 695              break;
 696          case 'subs':
 697              $AdminUI->breadcrumbpath_add( T_('Notifications'), '?ctrl=user&amp;user_ID='.$edited_User->ID.'&amp;user_tab='.$user_tab );
 698              break;
 699          case 'advanced':
 700              $AdminUI->breadcrumbpath_add( T_('Advanced'), '?ctrl=user&amp;user_ID='.$edited_User->ID.'&amp;user_tab='.$user_tab );
 701              break;
 702          case 'admin':
 703              $AdminUI->breadcrumbpath_add( T_('Admin'), '?ctrl=user&amp;user_ID='.$edited_User->ID.'&amp;user_tab='.$user_tab );
 704              load_funcs('tools/model/_email.funcs.php');
 705              break;
 706          case 'sessions':
 707              $AdminUI->breadcrumbpath_add( T_('Sessions'), '?ctrl=user&amp;user_ID='.$edited_User->ID.'&amp;user_tab='.$user_tab );
 708              break;
 709          case 'activity':
 710              $AdminUI->breadcrumbpath_add( $current_User->ID == $edited_User->ID ? T_('My Activity') : T_('User Activity'), '?ctrl=user&amp;user_ID='.$edited_User->ID.'&amp;user_tab='.$user_tab );
 711              require_css( $rsc_url.'css/blog_base.css' ); // Default styles for the blog navigation
 712              break;
 713      }
 714  
 715      // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
 716      $AdminUI->disp_html_head();
 717  
 718      // Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions)
 719      $AdminUI->disp_body_top();
 720  }
 721  
 722  /*
 723   * Display appropriate payload:
 724   */
 725  switch( $action )
 726  {
 727      case 'nil':
 728          // Display NO payload!
 729          break;
 730  
 731      case 'new':
 732      case 'view':
 733      case 'edit':
 734      default:
 735          load_class( 'users/model/_userlist.class.php', 'UserList' );
 736          // Initialize users list from session cache in order to display prev/next links
 737          $UserList = new UserList( 'admin' );
 738          $UserList->memorize = false;
 739          $UserList->load_from_Request();
 740  
 741          switch( $user_tab )
 742          {
 743              case 'profile':
 744                  // Display user identity form:
 745                  $AdminUI->disp_payload_begin();
 746                  $AdminUI->disp_view( 'users/views/_user_identity.form.php' );
 747                  $AdminUI->disp_payload_end();
 748                  break;
 749              case 'avatar':
 750                  // Display user avatar form:
 751                  if( $Settings->get('allow_avatars') )
 752                  {
 753                      $AdminUI->disp_payload_begin();
 754                      $AdminUI->disp_view( 'users/views/_user_avatar.form.php' );
 755                      $AdminUI->disp_payload_end();
 756                  }
 757                  break;
 758              case 'pwdchange':
 759                  // Display user password form:
 760                  $AdminUI->disp_payload_begin();
 761                  $AdminUI->disp_view( 'users/views/_user_password.form.php' );
 762                  $AdminUI->disp_payload_end();
 763                  break;
 764              case 'userprefs':
 765                  // Display user preferences form:
 766                  $AdminUI->disp_payload_begin();
 767                  $AdminUI->disp_view( 'users/views/_user_preferences.form.php' );
 768                  $AdminUI->disp_payload_end();
 769                  break;
 770              case 'subs':
 771                  // Display user subscriptions form:
 772                  $AdminUI->disp_payload_begin();
 773                  $AdminUI->disp_view( 'users/views/_user_subscriptions.form.php' );
 774                  $AdminUI->disp_payload_end();
 775                  break;
 776              case 'advanced':
 777                  // Display user advanced form:
 778                  $AdminUI->disp_view( 'users/views/_user_advanced.form.php' );
 779                  break;
 780              case 'admin':
 781                  // Display user admin form:
 782                  $AdminUI->disp_view( 'users/views/_user_admin.form.php' );
 783                  break;
 784              case 'sessions':
 785                  // Display user admin form:
 786                  $AdminUI->disp_view( 'sessions/views/_stats_sessions_list.view.php' );
 787                  break;
 788              case 'activity':
 789                  // Display user activity lists:
 790                  $AdminUI->disp_payload_begin();
 791  
 792                  if( in_array( $action, array( 'delete_all_blogs', 'delete_all_posts_created', 'delete_all_posts_edited', 'delete_all_comments', 'delete_all_messages', 'delete_all_userdata' ) ) )
 793                  {    // We need to ask for confirmation before delete:
 794                      param( 'user_ID', 'integer', 0 , true ); // Memorize user_ID
 795                      // Create Data Object to user only one method confirm_delete()
 796                      $DataObject = new DataObject( '' );
 797                      switch( $action )
 798                      {
 799                          case 'delete_all_blogs':
 800                              $deleted_blogs_count = count( $edited_User->get_deleted_blogs() );
 801                              if( $deleted_blogs_count > 0 )
 802                              {    // Display a confirm message if curent user can delete at least one blog of the edited user
 803                                  $confirm_message = sprintf( T_('Delete %d blogs of the user?'), $deleted_blogs_count );
 804                              }
 805                              break;
 806  
 807                          case 'delete_all_posts_created':
 808                              $deleted_posts_created_count = count( $edited_User->get_deleted_posts( 'created' ) );
 809                              if( $deleted_posts_created_count > 0 )
 810                              {    // Display a confirm message if curent user can delete at least one post created by the edited user
 811                                  $confirm_message = sprintf( T_('Delete %d posts created by the user?'), $deleted_posts_created_count );
 812                              }
 813                              break;
 814  
 815                          case 'delete_all_posts_edited':
 816                              $deleted_posts_edited_count = count( $edited_User->get_deleted_posts( 'edited' ) );
 817                              if( $deleted_posts_edited_count > 0 )
 818                              {    // Display a confirm message if curent user can delete at least one post created by the edited user
 819                                  $confirm_message = sprintf( T_('Delete %d posts edited by the user?'), $deleted_posts_edited_count );
 820                              }
 821                              break;
 822  
 823                          case 'delete_all_comments':
 824                              $deleted_comments_count = count( $edited_User->get_deleted_comments() );
 825                              if( $deleted_comments_count > 0 )
 826                              {    // Display a confirm message if curent user can delete at least one comment posted by the edited user
 827                                  $confirm_message = sprintf( T_('Delete %d comments posted by the user?'), $deleted_comments_count );
 828                              }
 829                              break;
 830  
 831                          case 'delete_all_messages':
 832                              $messages_count = $edited_User->get_num_messages();
 833                              if( $messages_count > 0 && $current_User->check_perm( 'perm_messaging', 'abuse' ) )
 834                              {    // Display a confirm message if curent user can delete the messages sent by the edited user
 835                                  $confirm_message = sprintf( T_('Delete %d private messages sent by the user?'), $messages_count );
 836                              }
 837                              break;
 838  
 839                          case 'delete_all_userdata':
 840                              if(  $current_User->ID != $edited_User->ID && $edited_User->ID != 1 )
 841                              {    // User can NOT delete admin and own account
 842                                  $confirm_message = T_('Delete user and all his contributions?');
 843                              }
 844                              break;
 845                      }
 846                      if( !empty( $confirm_message ) )
 847                      {    // Displays form to confirm deletion
 848                          $DataObject->confirm_delete( $confirm_message, 'user', $action, get_memorized( 'action' ) );
 849                      }
 850                  }
 851  
 852                  $AdminUI->disp_view( 'users/views/_user_activity.view.php' );
 853                  $AdminUI->disp_payload_end();
 854                  break;
 855  
 856              case 'report':
 857                  if( $display_mode == 'js')
 858                  { // Do not append Debuglog & Debug JSlog to response!
 859                      $debug = false;
 860                      $debug_jslog = false;
 861                  }
 862  
 863                  if( $display_mode != 'js')
 864                  {
 865                      $AdminUI->disp_payload_begin();
 866                  }
 867                  $user_tab = param( 'user_tab_from', 'string', 'profile' );
 868                  $AdminUI->disp_view( 'users/views/_user_report.form.php' );
 869                  if( $display_mode != 'js')
 870                  {
 871                      $AdminUI->disp_payload_end();
 872                  }
 873                  break;
 874          }
 875  
 876          break;
 877  }
 878  
 879  if( $display_mode != 'js')
 880  {
 881      // Init JS for user reporting
 882      echo_user_report_js();
 883  
 884      // Display body bottom, debug info and close </html>:
 885      $AdminUI->disp_global_footer();
 886  }
 887  ?>

title

Description

title

Description

title

Description

title

title

Body