Coppermine PHP Cross Reference Image Galleries

Source: /usermgr.php - 1168 lines - 55682 bytes - Summary - Text - Print

   1  <?php
   2  /*************************

   3    Coppermine Photo Gallery

   4    ************************

   5    Copyright (c) 2003-2014 Coppermine Dev Team

   6    v1.0 originally written by Gregory Demar

   7  

   8    This program is free software; you can redistribute it and/or modify

   9    it under the terms of the GNU General Public License version 3

  10    as published by the Free Software Foundation.

  11  

  12    ********************************************

  13    Coppermine version: 1.5.28

  14    $HeadURL: https://svn.code.sf.net/p/coppermine/code/trunk/cpg1.5.x/usermgr.php $

  15    $Revision: 8683 $

  16  **********************************************/
  17  
  18  define('IN_COPPERMINE', true);
  19  define('USERMGR_PHP', true);
  20  define('PROFILE_PHP', true);
  21  
  22  require ('include/init.inc.php');
  23  
  24  $cpg_udb->view_users();
  25  
  26  $icon_array['ok'] = cpg_fetch_icon('ok', 1);
  27  $icon_array['search'] = cpg_fetch_icon('search', 1);
  28  $icon_array['add_user'] = cpg_fetch_icon('add_user', 2);
  29  $icon_array['edit'] = cpg_fetch_icon('edit', 2);
  30  
  31  if (USER_ID !='') {
  32   if (GALLERY_ADMIN_MODE) {
  33    $lim_user = 0;
  34    $number_of_columns = 10;
  35   }
  36   elseif ($CONFIG['allow_memberlist']) {
  37    $lim_user = 1;
  38    $number_of_columns = 9;
  39    show_memberlist;
  40   }
  41   else {
  42      $lim_user = 2;
  43      cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
  44   }
  45  }
  46  else {
  47      $lim_user = 3;
  48      cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
  49  }
  50  
  51  function show_memberlist()
  52  {
  53          cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
  54          pageheader($lang_usermgr_php['title']);
  55          list_users();
  56          pagefooter();
  57  }
  58  
  59  function list_group_alb_access($group_id) {  //shows a list of albums a specific group can see. Categories are listed with albums for clarity
  60      global $CONFIG, $group_id, $aid, $icon_array;
  61  
  62      $query = "
  63        SELECT
  64          group_id, albums.aid AS aid, group_name, categories.name AS category, albums.title AS album
  65        FROM
  66          {$CONFIG['TABLE_USERGROUPS']} AS groups,
  67          {$CONFIG['TABLE_ALBUMS']} AS albums
  68        LEFT JOIN
  69          {$CONFIG['TABLE_CATEGORIES']} AS categories
  70        ON
  71          albums.category = categories.cid
  72        WHERE
  73          group_id = $group_id AND albums.visibility = groups.group_id
  74        ORDER BY
  75          category, album";
  76      $result = cpg_db_query($query);
  77      $albs = cpg_db_fetch_rowset($result);
  78      mysql_free_result($result);
  79  
  80      foreach($albs as $album) {
  81        $aid = $album['aid'];
  82        echo '
  83          <tr>
  84          <td>' . $album['category'] . '</td>
  85          <td>' . $album['album'] . '</td>
  86          <td>&nbsp;<a href="modifyalb.php?album=' . $album['aid'] . '">' . cpg_fetch_icon('edit', 0) . '</a></td>
  87          </tr>
  88          ';
  89     }
  90  }
  91  
  92  function list_groups_alb_access() //shows a list of albums each group can see. Categories are listed with albums for clarity
  93  {
  94      global $CONFIG;
  95      global $lang_usermgr_php, $lang_common, $group_id, $icon_array;
  96  
  97      starttable(500, $lang_usermgr_php['groups_alb_access'].'&nbsp;'.cpg_display_help('f=users.htm&amp;as=user_cp_edit_permission_by_group&amp;ae=user_cp_edit_permission_by_group_end', '450', '300'), 3);
  98  
  99      $sql = "
 100        SELECT
 101          group_id, group_name, categories.name AS category, albums.title AS album
 102        FROM
 103          {$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums
 104        LEFT JOIN
 105          {$CONFIG['TABLE_CATEGORIES']} AS categories
 106        ON
 107          albums.category = categories.cid
 108        WHERE
 109          albums.visibility = groups.group_id
 110        GROUP BY
 111          group_name
 112        ORDER BY
 113          group_name, category, album
 114      ";
 115  
 116      $result = cpg_db_query($sql);
 117      $groups = cpg_db_fetch_rowset($result);
 118      mysql_free_result($result);
 119  
 120      echo "
 121      <td>{$lang_usermgr_php['category']}</td>
 122      <td>{$lang_common['album']}</td>
 123      <td>{$lang_usermgr_php['modify']}</td>
 124      ";
 125      foreach($groups as $group) {
 126          $group_name = $group['group_name'];
 127          $group_id = $group['group_id'];
 128          echo '<tr><td colspan="3" class="tableh1">' . $group_name . '</td></tr>';
 129          list_group_alb_access($group_id);
 130      }
 131      endtable();
 132  }
 133  
 134  
 135  function list_users($search = '')
 136  {
 137      global $CONFIG, $cpg_udb, $CPG_PHP_SELF, $LINEBREAK; //, $PHP_SELF;

 138      global $lang_usermgr_php, $lang_byte_units, $lang_date, $lang_common, $icon_array;
 139      global $lim_user, $number_of_columns, $template_tab_display;
 140      global $USER_DATA;
 141  
 142      $superCage = Inspekt::makeSuperCage();
 143  
 144      list($timestamp, $form_token) = getFormToken();
 145  
 146      $number_of_columns_minus_one = $number_of_columns - 1;
 147      $number_of_columns_minus_three = $number_of_columns - 3;
 148      $number_of_columns_minus_four = $number_of_columns - 4;
 149  
 150      $sort_codes = array('name_a' => 'user_name ASC',
 151          'name_d' => 'user_name DESC',
 152          'group_a' => 'group_name ASC',
 153          'group_d' => 'group_name DESC',
 154          'reg_a' => 'user_regdate ASC',
 155          'reg_d' => 'user_regdate DESC',
 156          'pic_a' => 'pic_count ASC',
 157          'pic_d' => 'pic_count DESC',
 158          'disku_a' => 'disk_usage ASC',
 159          'disku_d' => 'disk_usage DESC',
 160          'lv_a' => 'user_lastvisit ASC',
 161          'lv_d' => 'user_lastvisit DESC',
 162          );
 163  
 164      $sort = 'reg_d';
 165      if ($superCage->get->keyExists('sort') && ($matches = $superCage->get->getMatched('sort', '/^[a-z_]+$/'))) {
 166          if ($sort_codes[$matches[0]]) {
 167              $sort = $matches[0];
 168          }
 169      }
 170  
 171      $makereadonly = ($CONFIG['bridge_enable']) ? 'style="display:none;" disabled="disabled" ':'';
 172  
 173      $user_count = $cpg_udb->get_user_count();
 174  
 175      if (!$user_count) {
 176          cpg_die(CRITICAL_ERROR, $lang_usermgr_php['err_no_users'], __FILE__, __LINE__);
 177      }
 178  
 179      $user_per_page = 25;
 180      $page = $superCage->get->testInt('page') ? $superCage->get->getInt('page') : 1;    $lower_limit = ($page-1) * $user_per_page;
 181      $lower_limit = ($page-1) * $user_per_page;
 182  
 183      if ($search) {
 184          $username = '&amp;username='.$search;
 185  
 186          $users_search = $cpg_udb->get_users(
 187                                    array(
 188                                          'users_per_page' => $user_count,
 189                                          'lower_limit' => 0,
 190                                          'search' => $search,
 191                                          'sort' => $sort
 192                                         )
 193                                    );
 194          $user_count = count($users_search);
 195      }
 196  
 197      $tab_tmpl = $template_tab_display;
 198      $tab_tmpl['page_link'] = strtr($tab_tmpl['page_link'], array('{LINK}' => 'usermgr.php?sort=' . $sort . '&amp;page=%d'.$username));
 199      $tab_tmpl['left_text'] = strtr($tab_tmpl['left_text'], array('{LEFT_TEXT}' => $lang_usermgr_php['u_user_on_p_pages']));
 200  
 201      $users = $cpg_udb->get_users(
 202                                    array(
 203                                          'users_per_page' => $user_per_page,
 204                                          'lower_limit' => $lower_limit,
 205                                          'search' => $search,
 206                                          'sort' => $sort
 207                                         )
 208                                    );
 209  
 210      $total_pages = ceil($user_count / $user_per_page);
 211  
 212      $tabs = create_tabs($user_count, $page, $total_pages, $tab_tmpl);
 213  
 214      $lb = '<span id="album_listbox_wrapper" style="display:none">';
 215      $lb .= $lang_usermgr_php['sort_by'].': ';
 216      $lb .= "<select name=\"album_listbox\" id=\"album_listbox\" class=\"listbox\" onchange=\"if(this.options[this.selectedIndex].value) window.location.href='{$CPG_PHP_SELF}?page=$page&amp;sort='+this.options[this.selectedIndex].value;\">" . $LINEBREAK;
 217      foreach($sort_codes as $key => $value) {
 218          $selected = ($key == $sort) ? 'selected="selected"' : "";
 219          $lb .= '        <option value="' . $key . '" '.$selected.'>' . $lang_usermgr_php[$key] . '</option>' . $LINEBREAK;
 220      }
 221      $lb .= '</select>' . $LINEBREAK;
 222      $lb .= '</span>' . $LINEBREAK;
 223  
 224  echo <<<EOT
 225  <script type="text/javascript" language="javascript">
 226  <!--
 227  
 228  function selectaction(d,box) {
 229  // check if an action has been selected

 230    var action = document.editForm.action.value;
 231    if (action == '') {
 232      return false;
 233    }
 234  // check if at least one user has been selected

 235    var checked_counter = 0;
 236    var checked_string = '';
 237    var f = document.editForm;
 238    for (i = 0; i < f.length; i++) {
 239      if (f[i].type == "checkbox" && f[i].name.indexOf(box) >= 0) {
 240        if (f[i].checked) {
 241          checked_counter = checked_counter + 1;
 242          if (checked_string == '') {
 243            checked_string = f[i].name;
 244          } else {
 245            checked_string = checked_string + ',' + f[i].name;
 246          }
 247        }
 248      }
 249    }
 250    if (checked_counter == 0) {
 251      document.editForm.action.value = '';
 252      alert('{$lang_usermgr_php['alert_no_selection']}');
 253      return false;
 254    }
 255    document.editForm.id.value = checked_string;
 256    document.editForm.new_password.style.display = "none";
 257    document.editForm.group.style.display = "none";
 258    document.editForm.go.style.display = "none";
 259    document.editForm.delete_files.style.display = "none";
 260    document.editForm.delete_comments.style.display = "none";
 261    switch(document.editForm.action.value) {
 262      case "delete":
 263        document.editForm.delete_files.style.display = "inline";
 264        document.editForm.delete_comments.style.display = "inline";
 265        document.editForm.go.style.display = "inline";
 266      break;
 267      case "reset_password":
 268        document.editForm.new_password.style.display = "inline";
 269        document.editForm.go.style.display = "inline";
 270      break;
 271      case "change_group":
 272        document.editForm.new_password.value = '';
 273        document.editForm.group.style.display = "inline";
 274        if (document.editForm.group.value != '') {
 275        document.editForm.submit();
 276        }
 277      break;
 278      case "add_group":
 279        document.editForm.new_password.value = '';
 280        document.editForm.group.style.display = "inline";
 281        if (document.editForm.group.value != '') {
 282        document.editForm.submit();
 283        }
 284      break;
 285      default:
 286        document.editForm.new_password.value = '';
 287        document.editForm.submit();
 288      break;
 289    }
 290  }
 291  addonload("show_section('album_listbox_wrapper')");
 292  addonload("show_section('checkAll')");
 293  addonload("show_section('checkAll2')");
 294  addonload("show_section('action')");
 295  -->
 296  </script>
 297  EOT;
 298  
 299  echo '<form method="get" action="delete.php" name="editForm" id="cpgform">';
 300  
 301      if ($superCage->post->keyExists('username')) {
 302          $search_filter = '<td align="center">' . $lang_usermgr_php['search_result'] . $superCage->post->getEscaped('username') . '</td>';
 303      } else {
 304          $search_filter = '';
 305      }
 306      $help = '&nbsp;'.cpg_display_help('f=users.htm&amp;as=user_cp&amp;ae=user_cp_end&amp;top=1', '650', '500');
 307      $usermgr_table_header = <<<EOT
 308                  <input type="hidden" name="id" value="" />
 309                  <table border="0" cellspacing="0" cellpadding="0" width="100%">
 310                      <tr>
 311                          <td>
 312  EOT;
 313  if (!$lim_user) {
 314      $usermgr_table_header .= cpg_fetch_icon('user_mgr', 2).$lang_usermgr_php['user_manager'].$help;
 315  } else {
 316      $usermgr_table_header .= cpg_fetch_icon('user_mgr', 2).$lang_usermgr_php['memberlist'];
 317  }
 318  $usermgr_table_header .= <<<EOT
 319                          </td>
 320                          $search_filter
 321                          <td class="sortorder_options" align="right">
 322                              $lb
 323                          </td>
 324                      </tr>
 325                  </table>
 326  EOT;
 327  
 328      starttable('100%', $usermgr_table_header, $number_of_columns);
 329  
 330      // Accept header addons

 331      echo CPGPluginAPI::filter('usermgr_header','');
 332  
 333      if (!$lim_user) {
 334       echo <<< EOT
 335  
 336          <tr>
 337                  <td class="tableh1" align="center">
 338                      <input type="checkbox" {$makereadonly}name="checkAll" id="checkAll" onclick="selectAll('cpgform');" class="checkbox" title="{$lang_common['check_uncheck_all']}" style="display:none" />
 339                  </td>
 340                  <td class="tableh1" colspan="2">
 341                      <span class="statlink">{$lang_usermgr_php['name']}</span>
 342                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=name_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['name_a']}" /></a>
 343                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=name_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['name_d']}" /></a>
 344                  </td>
 345                  <td class="tableh1" align="center">
 346                      <span class="statlink">{$lang_usermgr_php['status']}</span>
 347                  </td>
 348                  <td class="tableh1">
 349                      <span class="statlink"><a href="groupmgr.php" class="statlink">{$lang_usermgr_php['group']}</a></span>
 350                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=group_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['group_a']}" /></a>
 351                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=group_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['group_d']}" /></a>
 352                  </td>
 353                  <td class="tableh1">
 354                      <span class="statlink">{$lang_usermgr_php['registered_on']}</span>
 355                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=reg_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['reg_a']}" /></a>
 356                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=reg_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['reg_d']}" /></a>
 357                  </td>
 358                  <td class="tableh1">
 359                      <span class="statlink">{$lang_usermgr_php['last_visit']}</span>
 360                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=lv_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['lv_a']}" /></a>
 361                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=lv_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['lv_d']}" /></a>
 362                  </td>
 363                  <td class="tableh1" align="center">
 364                      <span class="statlink">{$lang_usermgr_php['comments']}</span>
 365                  </td>
 366                  <td class="tableh1" align="center">
 367                      <span class="statlink">{$lang_usermgr_php['pictures']}</span>
 368                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=pic_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['pic_a']}" /></a>
 369                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=pic_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['pic_d']}" /></a>
 370                  </td>
 371                  <td class="tableh1" align="center">
 372                      <span class="statlink">{$lang_usermgr_php['disk_space_used']}/{$lang_usermgr_php['disk_space_quota']}</span>
 373                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=disku_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['disku_a']}" /></a>
 374                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=disku_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['disku_d']}" /></a>
 375                  </td>
 376          </tr>
 377  EOT;
 378      }
 379      else {
 380       echo <<< EOT
 381  
 382          <tr>
 383                  <td class="tableh1" colspan="2">
 384                      <span class="statlink">{$lang_usermgr_php['name']}</span>
 385                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=name_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['name_a']}" /></a>
 386                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=name_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['name_d']}" /></a>
 387                  </td>
 388                  <td class="tableh1" align="center">
 389                      <span class="statlink">{$lang_usermgr_php['status']}</span>
 390                  </td>
 391                  <td class="tableh1"><span class="statlink">{$lang_usermgr_php['group']}</span>
 392                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=group_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['group_a']}" /></a>
 393                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=group_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['group_d']}" /></a>
 394                  </td>
 395                  <td class="tableh1">
 396                      <span class="statlink">{$lang_usermgr_php['registered_on']}</span>
 397                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=reg_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['reg_a']}" /></a>
 398                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=reg_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['reg_d']}" /></a>
 399                  </td>
 400                  <td class="tableh1">
 401                      <span class="statlink">{$lang_usermgr_php['last_visit']}</span>
 402                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=lv_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['lv_a']}" /></a>
 403                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=lv_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['lv_d']}" /></a>
 404                  </td>
 405                  <td class="tableh1" align="center">
 406                      <span class="statlink">{$lang_usermgr_php['comments']}</span>
 407                  </td>
 408                  <td class="tableh1" align="center">
 409                      <span class="statlink">{$lang_usermgr_php['pictures']}</span>
 410                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=pic_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['pic_a']}" /></a>
 411                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=pic_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['pic_d']}" /></a>
 412                  </td>
 413                  <td class="tableh1" align="center">
 414                      <span class="statlink">{$lang_usermgr_php['disk_space_used']}/{$lang_usermgr_php['disk_space_quota']}</span>
 415                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=disku_a$username"><img src="images/ascending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['disku_a']}" /></a>
 416                      <a href="{$CPG_PHP_SELF}?page=$page&amp;sort=disku_d$username"><img src="images/descending.png" width="9" height="9" border="0" alt="" title="{$lang_usermgr_php['disku_d']}" /></a>
 417                  </td>
 418          </tr>
 419  EOT;
 420      }
 421  
 422      $loop_counter = 0;
 423  
 424      // query total number of files uploaded

 425      $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} LIMIT 1");
 426      $tempPicCount = mysql_fetch_array($result);
 427      $totalPictureCount = $tempPicCount[0];
 428      $totalPictureCount_fmt = cpg_float2decimal($totalPictureCount);
 429      mysql_free_result($result);
 430      unset($tempPicCount);
 431  
 432      // query total space used

 433      $result = cpg_db_query("SELECT SUM(total_filesize) FROM {$CONFIG['TABLE_PICTURES']} LIMIT 1");
 434      $tempSpaceCount = mysql_fetch_array($result);
 435      $totalSpaceCount = $tempSpaceCount[0];
 436      $totalSpaceCount_fmt = cpg_format_bytes($totalSpaceCount);
 437      mysql_free_result($result);
 438      unset($tempSpaceCount);
 439  
 440      // query total number of comments posted

 441      $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_COMMENTS']} LIMIT 1");
 442      $tempCommentCount = mysql_fetch_array($result);
 443      $totalCommentCount = $tempCommentCount[0];
 444      $totalCommentCount_fmt = cpg_float2decimal($totalCommentCount);
 445      mysql_free_result($result);
 446      unset($tempCommentCount);
 447  
 448      foreach ($users as $user) {
 449          if ($loop_counter == 0) {
 450              $row_style_class = 'tableb';
 451          } else {
 452              $row_style_class = 'tableb tableb_alternate';
 453          }
 454          $loop_counter++;
 455          if ($loop_counter > 1) {
 456              $loop_counter = 0;
 457          }
 458          if ($user['disk_usage'] == '') {
 459              $user['disk_usage'] = 0;
 460          }
 461          $group_quota_separator = '/';
 462          // Determine actual quota if user belongs to more than one user group

 463          if ($user_groups = cpg_get_groups($user['user_id'])) {
 464              $quota = mysql_fetch_assoc(cpg_db_query("SELECT MAX(group_quota) AS disk_max, MIN(group_quota) AS disk_min FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_quota >= 0 AND group_id IN (".implode(", ", $user_groups).")"));
 465              $user['group_quota'] = $quota["disk_min"] ? $quota["disk_max"] : 0;
 466          }
 467          if ($user['group_quota']) {
 468              $disk_usage_output = theme_display_bar($user['disk_usage'],$user['group_quota'],150,'', '', $group_quota_separator.$user['group_quota'].'&nbsp;'.$lang_byte_units[1],'red','green');
 469          } else {
 470              $disk_usage_output = theme_display_bar($user['disk_usage'],$user['group_quota'],150,'', '', '&nbsp;'.$lang_byte_units[1],'green','green');
 471          }
 472          if ($user['user_active'] == 'NO') {
 473              //$user['group_name'] = '<i>' . $lang_usermgr_php['inactive'] . '</i>';

 474              $user['status'] = cpg_fetch_icon('offline', 0, $lang_usermgr_php['status_inactive']);
 475              $action = 'activate';
 476          } else {
 477              $user['status'] = cpg_fetch_icon('online', 0, $lang_usermgr_php['status_active']);
 478              $action = 'deactivate';
 479          }
 480          if (!$lim_user) {
 481              $user['status'] = '<a href="delete.php?id=u'.$user['user_id'].'&amp;album_listbox='.$sort.'&amp;action='.$action
 482              .'&amp;what=user&amp;form_token=' . $form_token . '&amp;timestamp=' . $timestamp . '" title="">' . $user['status'] . '</a>';
 483          }
 484          $user['user_regdate'] = localised_date($user['user_regdate'], $lang_date['register']);
 485          if ($user['user_lastvisit']) {
 486              $user['user_lastvisit'] = localised_date($user['user_lastvisit'], $lang_date['register']);
 487          }
 488          else {
 489              $user['user_lastvisit'] = $lang_usermgr_php['never'];
 490          }
 491  
 492          $view_profile = '<a href="profile.php?uid=' . $user['user_id'] . '">' . cpg_fetch_icon('my_profile', 0, $lang_usermgr_php['view_profile']) . '</a>';
 493          if ($user['pic_count']) {
 494              $last_uploads = '<a href="thumbnails.php?album=lastupby&amp;uid=' . $user['user_id'] . '">' . cpg_fetch_icon('last_uploads', 0, $lang_usermgr_php['latest_upload']) . '</a>';
 495          } else {
 496              if ($lim_user == 0) {
 497                  $last_uploads = cpg_fetch_icon('last_uploads_disabled', 0, $lang_usermgr_php['no_latest_upload']);
 498              } else {
 499                  $last_uploads = cpg_fetch_icon('blank', 0);
 500              }
 501          }
 502          // fetch number of comments and add link to comments if applicable

 503          if ($lim_user == 0) {
 504              $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_COMMENTS']} WHERE author_id = {$user['user_id']}"); // display all comments for the admin

 505          } else {
 506              $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_COMMENTS']} WHERE author_id = {$user['user_id']} AND approval = 'YES' "); // only display approved comments for non-admin

 507          }
 508          $commentCount = mysql_fetch_array($result);
 509          $user['comment_num'] = $commentCount[0];
 510          mysql_free_result($result);
 511          if ($user['comment_num'] > 0) {
 512              $user_comment_link = '<a href="thumbnails.php?album=lastcomby&amp;uid=' . $user['user_id'] . '">' . cpg_fetch_icon('comment', 0, $lang_usermgr_php['last_comments'] . '('.$user['comment_num'].')') . '</a>';
 513          } else {
 514              $user_comment_link = cpg_fetch_icon('blank', 0, $lang_usermgr_php['no_last_comments']);
 515          }
 516          // create comments bar

 517          $comment_quota_output = theme_display_bar($user['comment_num'],$totalCommentCount,60,'', '', '','red','');
 518          // create files bar

 519          $file_quota_output = theme_display_bar($user['pic_count'],$totalPictureCount,60,'', '', '','red','');
 520          // Look up banned table

 521          if (mysql_num_rows(cpg_db_query("SELECT user_name FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '" . addslashes($user['user_name']) . "' AND brute_force=0 LIMIT 1"))) {
 522              $ban_user_link = '<a href="banning.php">' . cpg_fetch_icon('ban_user_disabled', 0, $lang_usermgr_php['user_is_banned']) . '</a>';
 523              $ban_memberlist = cpg_fetch_icon('ban_user_disabled', 0, $lang_usermgr_php['user_is_banned']);
 524          } else {
 525              $ban_user_link = '<a href="banning.php?ban_user=' . $user['user_id'] . '">' . cpg_fetch_icon('ban_user', 0, $lang_usermgr_php['ban_user']) . '</a>';
 526              $ban_memberlist = '';
 527          }
 528  
 529          if (!$lim_user) {
 530                  if ($user['user_id'] == $USER_DATA['user_id']) {
 531                      $profile_link = 'profile.php?op=edit_profile';
 532                      $checkbox_html = '';
 533                      $ban_user_link = cpg_fetch_icon('blank', 0);
 534                  } else {
 535                      $profile_link = $CPG_PHP_SELF.'?op=edit&amp;user_id='.$user['user_id'].'&amp;form_token=' . $form_token . '&amp;timestamp=' . $timestamp;
 536                      $checkbox_html = '<input name="u'.$user['user_id'].'" '.$makereadonly.'type="checkbox" value="" class="checkbox" />';
 537                  }
 538                  $profile_link = '<a href="' . $profile_link . '">' . cpg_fetch_icon('edit', 0, $lang_usermgr_php['edit_profile']) . '</a>';
 539                  echo <<< EOT
 540          <tr>
 541                  <td class="{$row_style_class}" align="center">{$checkbox_html}</td>
 542                  <td class="{$row_style_class}">{$user['user_name']}</td>
 543                  <td class="{$row_style_class}" align="left">
 544                      {$view_profile}
 545                      {$profile_link}
 546                      {$last_uploads}
 547                      {$ban_user_link}
 548                      {$user_comment_link}
 549                  </td>
 550                  <td class="{$row_style_class}">{$user['status']}</td>
 551                  <td class="{$row_style_class}">{$user['group_name']}</td>
 552                  <td class="{$row_style_class}">{$user['user_regdate']}</td>
 553                  <td class="{$row_style_class}">{$user['user_lastvisit']}</td>
 554                  <td class="{$row_style_class}" align="right">{$comment_quota_output}</td>
 555                  <td class="{$row_style_class}" align="right">{$file_quota_output}</td>
 556                  <td class="{$row_style_class}" align="center">{$disk_usage_output}</td>
 557          </tr>
 558  
 559  EOT;
 560          } else {
 561                    echo <<< EOT
 562          <tr>
 563                  <td class="{$row_style_class}">{$user['user_name']}</td>
 564                  <td class="{$row_style_class}">{$view_profile}{$last_uploads}{$user_comment_link}</td>
 565                  <td class="{$row_style_class}">{$user['status']}{$ban_memberlist}</td>
 566                  <td class="{$row_style_class}">{$user['group_name']}</td>
 567                  <td class="{$row_style_class}">{$user['user_regdate']}</td>
 568                  <td class="{$row_style_class}">{$user['user_lastvisit']}</td>
 569                  <td class="{$row_style_class}" align="right">{$user['comment_num']}</td>
 570                  <td class="{$row_style_class}" align="right">{$user['pic_count']}</td>
 571                  <td class="{$row_style_class}" align="center">{$disk_usage_output}</td>
 572          </tr>
 573  
 574  EOT;
 575          }
 576  
 577      } // while

 578      //mysql_free_result($result);

 579  
 580      if (!$lim_user) {
 581          if ($search) {
 582              $search_string_default = 'value="'.$search.'"';
 583          } else {
 584              $search_string_default = 'value="'.$lang_usermgr_php['search'].'" onfocus="this.value=\'\'"';
 585          }
 586              $help = cpg_display_help('f=users.htm&amp;as=user_cp_search&amp;ae=user_cp_search_end&amp;top=1', '400', '150');
 587              echo <<<EOT
 588          <tr>
 589                  <td class="tablef" align="center"><input type="checkbox" name="checkAll2" id="checkAll2" {$makereadonly}onclick="selectAll('cpgform');" class="checkbox" title="{$lang_common['check_uncheck_all']}" style="display:none" /></td>
 590                  <td colspan="$number_of_columns_minus_four"  class="tablef">
 591                  <table cellpadding="0" cellspacing="0" width="100%" border="0">
 592                  <tr>
 593                          <td align="left">
 594                              <select name="action" id="action" size="1" class="listbox" {$makereadonly}onchange="return selectaction(this,'u');" style="display:none">
 595                                  <option value="" selected="selected">{$lang_usermgr_php['with_selected']}</option>
 596                                  <option value="delete">{$lang_common['delete']}</option>
 597                                  <option value="activate">{$lang_usermgr_php['activate']}</option>
 598                                  <option value="deactivate">{$lang_usermgr_php['deactivate']}</option>
 599                                  <option value="reset_password">{$lang_usermgr_php['reset_password']}</option>
 600                                  <option value="change_group">{$lang_usermgr_php['change_primary_membergroup']}</option>
 601                                  <option value="add_group">{$lang_usermgr_php['add_secondary_membergroup']}</option>
 602                              </select>
 603                              <input type="hidden" name="what" value="user"/>
 604                                <input type="text" name="new_password" value="{$lang_usermgr_php['password']}" size="8" maxlength="25" class="textinput" onfocus="this.value='';" style="display:none" />
 605                                <select name="group" size="1" class="listbox" style="display:none" onchange="return selectaction(this,'u');">
 606                                    <option value="">{$lang_usermgr_php['select_group']}</option>
 607  
 608  EOT;
 609          $sql = "SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']} ORDER BY group_name";
 610          $result = cpg_db_query($sql);
 611          $group_list = cpg_db_fetch_rowset($result);
 612          mysql_free_result($result);
 613  
 614          if (isset($element[1])) {
 615              $sel_group = $user_data[$element[1]];
 616          } else {
 617              $sel_group = '';
 618          }
 619  
 620          foreach ($group_list as $group) {
 621              if ($group['group_id'] != 3) {
 622                  print '                                  <option value="' . $group['group_id'] . '"' . ($group['group_id'] == $sel_group ? ' selected' : '') . '>' . $group['group_name'] . '</option>' . $LINEBREAK;
 623              }
 624          }
 625  
 626          $help_create = '&nbsp;'.cpg_display_help('f=users.htm&amp;as=user_cp_new&amp;ae=user_cp_new_end', '600', '250');
 627  
 628          $create_new_user_icon = cpg_fetch_icon('add_user', 2);
 629          list($timestamp, $form_token) = getFormToken();    
 630  
 631          echo <<<EOT
 632                                </select>
 633                              <select name="delete_files" size="1" class="listbox" style="display:none">
 634                                  <option value="no">{$lang_usermgr_php['delete_files_no']}</option>
 635                                  <option value="yes">{$lang_usermgr_php['delete_files_yes']}</option>
 636                              </select>
 637                              <select name="delete_comments" size="1" class="listbox" style="display:none">
 638                                  <option value="no">{$lang_usermgr_php['delete_comments_no']}</option>
 639                                  <option value="yes">{$lang_usermgr_php['delete_comments_yes']}</option>
 640                              </select>
 641                              <button type="submit" class="button" name="go" value="{$lang_usermgr_php['submit']}" style="display:none">{$icon_array['ok']}{$lang_usermgr_php['submit']}</button>
 642                          </td>
 643                  </tr>
 644                  </table>
 645                  <input type="hidden" name="form_token" value="{$form_token}" />
 646                  <input type="hidden" name="timestamp" value="{$timestamp}" />
 647                  </td>
 648                  <td align="right" class="tablef">$totalCommentCount_fmt</td>
 649                  <td align="right" class="tablef">$totalPictureCount_fmt</td>
 650                  <td align="right" class="tablef">$totalSpaceCount_fmt</td>
 651          </tr>
 652  EOT;
 653  
 654          endtable();
 655  
 656          echo '</form>';
 657  
 658          starttable('100%');
 659  
 660  echo <<< EOT
 661  
 662          <tr>
 663              <td colspan="$number_of_columns" class="tablef" align="center" valign="middle">
 664                  <table border="0" cellspacing="0" cellpadding="0" width="100%">
 665                      <tr>
 666                          <td class="tablef" align="center" valign="middle">
 667                              <form method="post" action="{$CPG_PHP_SELF}" name="searchUser" id="cpgform2">
 668                                  <input type="text" name="username" class="textinput" $search_string_default />
 669                                  <button type="submit" class="button" name="user_search" value="{$lang_usermgr_php['search_submit']}">{$icon_array['search']}{$lang_usermgr_php['search_submit']}</button>
 670                                  $help
 671                              </form>
 672                          </td>
 673                          <td class="tablef" align="center" valign="middle">
 674                              <a href="{$CPG_PHP_SELF}?op=new_user&amp;form_token={$form_token}&amp;timestamp={$timestamp}" {$makereadonly}class="admin_menu">{$create_new_user_icon}{$lang_usermgr_php['create_new_user']}</a>
 675                              {$help_create}
 676                          </td>
 677                      </tr>
 678                  </table>
 679              </td>
 680          </tr>
 681  EOT;
 682      } else {
 683          echo <<< EOT
 684          <tr>
 685              <td colspan="$number_of_columns_minus_three" class="tablef" align="left" valign="middle">
 686                  {$lang_usermgr_php['total']}
 687              </td>
 688              <td class="tablef" align="right" valign="middle">
 689                  $totalCommentCount_fmt
 690              </td>
 691              <td class="tablef" align="right" valign="middle">
 692                  $totalPictureCount_fmt
 693              </td>
 694              <td class="tablef" align="right" valign="middle">
 695                  {$totalSpaceCount_fmt}
 696              </td>
 697          </tr>
 698  EOT;
 699      }
 700  
 701      // Accept footer addons for the user manager

 702      echo CPGPluginAPI::filter('usermgr_footer','');
 703  
 704      if ($tabs) {
 705  
 706          echo <<<EOT
 707          <tr>
 708                  <td colspan="$number_of_columns" style="padding: 0px;">
 709                          <table width="100%" cellspacing="0" cellpadding="0">
 710                                  <tr>
 711                                          $tabs
 712                                  </tr>
 713                          </table>
 714                  </td>
 715          </tr>
 716  
 717  EOT;
 718      }
 719  
 720      endtable();
 721  }
 722  
 723  function edit_user($user_id)
 724  {
 725      global $CONFIG, $CPG_PHP_SELF; //, $PHP_SELF;

 726      global $lang_usermgr_php, $lang_common, $icon_array, $op;
 727  
 728      $form_data = array(
 729          array('input', 'user_name', cpg_fetch_icon('my_profile', 2) . $lang_usermgr_php['name'], 25),
 730          array('password', 'user_password', cpg_fetch_icon('key_enter', 2) . $lang_usermgr_php['password'], 25),
 731          array('yesno', 'user_active', cpg_fetch_icon('online', 2) . $lang_usermgr_php['user_active']),
 732          array('group_list', 'user_group', cpg_fetch_icon('groups_mgr', 2) . $lang_usermgr_php['user_group']),
 733          array('input', 'user_email', cpg_fetch_icon('mail', 2) . $lang_usermgr_php['user_email'], 255)
 734          );
 735      if ($CONFIG['user_profile1_name'] != '') {
 736          $form_data[] = array('input', 'user_profile1', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile1_name'], 255);
 737      }
 738      if ($CONFIG['user_profile2_name'] != '') {
 739          $form_data[] = array('input', 'user_profile2', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile2_name'], 255);
 740      }
 741      if ($CONFIG['user_profile3_name'] != '') {
 742          $form_data[] = array('input', 'user_profile3', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile3_name'], 255);
 743      }
 744      if ($CONFIG['user_profile4_name'] != '') {
 745          $form_data[] = array('input', 'user_profile4', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile4_name'], 255);
 746      }
 747      if ($CONFIG['user_profile5_name'] != '') {
 748          $form_data[] = array('input', 'user_profile5', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile5_name'], 255);
 749      }
 750      if ($CONFIG['user_profile6_name'] != '') {
 751          $form_data[] = array('textarea', 'user_profile6', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile6_name'], 255);
 752      }
 753      //$form_data = CPGPluginAPI::filter('usermgr_form_list', array(0 => $form_data, 1 => $user_id);

 754      list($timestamp, $form_token) = getFormToken();
 755  
 756      if ($user_id != 'new_user') {
 757          $sql = "SELECT * FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$user_id'";
 758          $result = cpg_db_query($sql);
 759          if (!mysql_num_rows($result)) {
 760              cpg_die(CRITICAL_ERROR, $lang_usermgr_php['err_unknown_user'], __FILE__, __LINE__);
 761          }
 762          $user_data = mysql_fetch_array($result);
 763          mysql_free_result($result);
 764  
 765          if (mysql_num_rows(cpg_db_query("SELECT user_name FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '" . addslashes($user_data['user_name']) . "' AND brute_force=0 LIMIT 1"))){
 766              $user_status = $lang_usermgr_php['user_is_banned'];
 767          } elseif ($user_data['user_active'] == 'YES') {
 768              $user_status = $lang_usermgr_php['status_active'];
 769          } else {
 770              $user_status = $lang_usermgr_php['status_inactive'];
 771          }
 772      } else {
 773          // If this is a new user then add a checkbox for 'send login data to user' option

 774          $form_data[] = array('checkbox', 'send_login_data', $lang_usermgr_php['send_login_data']);
 775      }
 776  
 777      $status_icon = cpg_fetch_icon('online', 2);
 778  
 779      echo <<<EOT
 780          <form name="cpgform3" id="cpgform3" method="post" action="{$CPG_PHP_SELF}?op=update&amp;user_id=$user_id">
 781  
 782  EOT;
 783      if ($op == 'new_user') {
 784          starttable(500, $icon_array['add_user'] . $lang_usermgr_php['create_new_user'], 2);
 785      } else {
 786          starttable(500, $icon_array['edit'] . $lang_usermgr_php['modify_user'], 2);
 787          echo <<< EOT
 788          <tr>
 789                  <td class="tableb">
 790                          {$status_icon}{$lang_usermgr_php['status']}
 791                  </td>
 792                  <td class="tableb">
 793                          {$user_status}
 794                  </td>
 795          </tr>
 796  EOT;
 797      }
 798  
 799      $loopCounter = 0;
 800      foreach ($form_data as $element) {
 801          if ($loopCounter/2 == floor($loopCounter/2)) {
 802              $row_style_class = 'tableb tableb_alternate';
 803          } else {
 804              $row_style_class = 'tableb';
 805          }
 806          $loopCounter++;
 807          switch ($element[0]) {
 808              case 'input' :
 809                  $user_data[$element[1]] = $user_data[$element[1]];
 810                  if ($element[2]) echo <<<EOT
 811              <tr>
 812                  <td width="40%" class="{$row_style_class}" valign="top">
 813                              {$element[2]}
 814              </td>
 815              <td width="60%" class="{$row_style_class}" valign="top">
 816                      <input type="text" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="{$user_data[$element[1]]}" class="textinput" />
 817                      </td>
 818              </tr>
 819  
 820  
 821  EOT;
 822                  break;
 823  
 824              case 'textarea' :
 825  
 826                 $value = $user_data[$element[1]];
 827  
 828                 if ($element[2]) echo <<<EOT
 829              <tr>
 830                  <td width="40%" class="{$row_style_class}" height="25" valign="top">
 831                              {$element[2]}
 832              </td>
 833              <td width="60%" class="{$row_style_class}" valign="top">
 834                      <textarea name="{$element[1]}" rows="7" cols="40" class="textinput" style="width: 100%">$value</textarea>
 835                      </td>
 836              </tr>
 837  
 838  
 839  EOT;
 840                  break;
 841  
 842              case 'password' :
 843                  echo <<<EOT
 844              <tr>
 845                  <td width="40%" class="{$row_style_class}" valign="top">
 846                              {$element[2]}
 847              </td>
 848              <td width="60%" class="{$row_style_class}" valign="top">
 849                      <input type="password" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="" class="textinput" />
 850                      </td>
 851              </tr>
 852  
 853  EOT;
 854                  break;
 855  
 856              case 'yesno' :
 857                  $value = $user_data[$element[1]];
 858                  $yes_selected = ($value == 'YES' || $op == 'new_user') ? 'checked="checked"' : '';
 859                  $no_selected = ($value == 'NO') ? 'checked="checked"' : '';
 860  
 861                  echo <<< EOT
 862              <tr>
 863                  <td class="{$row_style_class}" valign="top">
 864                              {$element[2]}
 865              </td>
 866                      <td class="{$row_style_class}" valign="top">
 867                          <input type="radio" id="yes" name="{$element[1]}" value="YES" $yes_selected /><label for="yes" class="clickable_option">{$lang_common['yes']}</label>
 868                          &nbsp;&nbsp;
 869                          <input type="radio" id="no" name="{$element[1]}" value="NO" $no_selected /><label for="no" class="clickable_option">{$lang_common['no']}</label>
 870                      </td>
 871              </tr>
 872  
 873  EOT;
 874                  break;
 875  
 876              case 'group_list' :
 877                  $sql = "SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']} ORDER BY group_name";
 878                  $result = cpg_db_query($sql);
 879                  $group_list = cpg_db_fetch_rowset($result);
 880                  mysql_free_result($result);
 881  
 882                  $sel_group = $user_data[$element[1]];
 883                  $user_group_list = ($user_data['user_group_list'] == '') ? ',' . $sel_group . ',' : ',' . $user_data['user_group_list'] . ',' . $sel_group . ',';
 884  
 885                  echo <<<EOT
 886              <tr>
 887                  <td class="{$row_style_class}" valign="top">
 888                              {$element[2]}
 889              </td>
 890              <td class="{$row_style_class}" valign="top">
 891                      <select name="{$element[1]}" class="listbox">
 892  
 893  EOT;
 894                  $group_cb = '';
 895                  foreach($group_list as $group) {
 896                      echo '                        <option value="' . $group['group_id'] . '"' . ($group['group_id'] == $sel_group || ($op == 'new_user' && $group['group_id'] == 2) ? ' selected="selected"' : '') . '>' . $group['group_name'] . '</option>' . $LINEBREAK;
 897                      if ($group['group_id'] != 3) {
 898                        $checked = strpos(' ' . $user_group_list, ',' . $group['group_id'] . ',') ? 'checked="checked"' : '';
 899                        $group_cb .= '<input name="group_list[]" type="checkbox" value="' . $group['group_id'] . '" ' . $checked . ' />' . $group['group_name'] . '<br />' . $LINEBREAK;
 900                      }
 901                  }
 902                  $assignedGroupsHelp = cpg_display_help('f=users.htm&amp;as=user_cp_edit_permission_by_group&amp;ae=user_cp_edit_permission_by_group_end', '450', '300');
 903                  echo <<<EOT
 904                              </select><br />
 905                              $group_cb
 906                              <br />
 907                              <a href="usermgr.php?op=groups_alb_access&amp;form_token={$form_token}&amp;timestamp={$timestamp}" class="admin_menu">{$lang_usermgr_php['groups_alb_access']}</a>
 908                              {$assignedGroupsHelp}
 909  
 910                </td>
 911              </tr>
 912  
 913  EOT;
 914                  break;
 915  
 916              case 'checkbox':
 917                  echo <<< EOT
 918              <tr>
 919                  <td class="{$row_style_class}" valign="top">
 920                              <label for="send_login_data">{$element[2]}</label>
 921              </td>
 922                      <td class="{$row_style_class} valign="top"">
 923                          <input type="checkbox" id="send_login_data" name="{$element[1]}" value="YES" />
 924                      </td>
 925              </tr>
 926  
 927  EOT;
 928                  break;
 929  
 930              default:
 931                  cpg_die(CRITICAL_ERROR, 'Invalid action for form creation ' . $element[0], __FILE__, __LINE__);
 932          }
 933      }
 934  
 935      if ($op == 'new_user') {
 936      echo <<<EOT
 937          <tr>
 938                  <td colspan="2" align="center" class="tablef">
 939                          <button type="submit" class="button" name="usermgr_edit_submit" value="{$lang_usermgr_php['submit']}">{$icon_array['ok']}{$lang_usermgr_php['submit']}</button>
 940                          <input type="hidden" name="form_token" value="{$form_token}" />
 941                          <input type="hidden" name="timestamp" value="{$timestamp}" />
 942                  </td>
 943          </tr>
 944  
 945  EOT;
 946      } else {
 947      echo <<<EOT
 948          <tr>
 949                  <td colspan="2" class="tableh2">
 950                          {$lang_usermgr_php['notes']}
 951                  </td>
 952          </tr>
 953          <tr>
 954                  <td colspan="2" class="tableb">
 955                          <ul>
 956                              <li>{$lang_usermgr_php['note_list']}</li>
 957                          </ul>
 958                  </td>
 959          </tr>
 960          <tr>
 961                  <td colspan="2" align="center" class="tablef">
 962                          <button type="submit" class="button" name="usermgr_edit_submit" value="{$lang_usermgr_php['modify_user']}">{$icon_array['ok']}{$lang_usermgr_php['modify_user']}</button>
 963                          <input type="hidden" name="form_token" value="{$form_token}" />
 964                          <input type="hidden" name="timestamp" value="{$timestamp}" />
 965                  </td>
 966          </tr>
 967  
 968  EOT;
 969      }
 970      endtable();
 971  
 972      echo '</form>';
 973  }
 974  
 975  function update_user($user_id)
 976  {
 977      global $CONFIG;
 978      global $lang_usermgr_php, $lang_register_php, $icon_array;
 979  
 980      $superCage = Inspekt::makeSuperCage();
 981  
 982      $user_name = $superCage->post->getEscaped('user_name');
 983      $user_password = $superCage->post->getEscaped('user_password');
 984      $user_email = $superCage->post->getEscaped('user_email');
 985      $profile1 = $superCage->post->getEscaped('user_profile1');
 986      $profile2 = $superCage->post->getEscaped('user_profile2');
 987      $profile3 = $superCage->post->getEscaped('user_profile3');
 988      $profile4 = $superCage->post->getEscaped('user_profile4');
 989      $profile5 = $superCage->post->getEscaped('user_profile5');
 990      $profile6 = $superCage->post->getEscaped('user_profile6');
 991      $user_active = $superCage->post->getAlpha('user_active');
 992      $user_group = $superCage->post->getInt('user_group');
 993      $group_list = $superCage->post->keyExists('group_list') ? $superCage->post->getInt('group_list') : '';
 994  
 995      if ($user_id == 'new_user') {
 996          cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_profile6) VALUES (NOW(), '')");
 997          $user_id = mysql_insert_id();
 998          log_write('New user "'.$user_name.'" created', CPG_ACCESS_LOG);
 999  
1000          // Create a personal album if corresponding option is enabled

1001          if ($CONFIG['personal_album_on_registration'] == 1) {
1002              $catid = $user_id + FIRST_USER_CAT;
1003              cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('$user_name', $catid, $user_id)");
1004          }
1005      }
1006  
1007      $sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '$user_name' AND user_id != $user_id";
1008      $result = cpg_db_query($sql);
1009  
1010      if (mysql_num_rows($result)) {
1011          cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
1012          return false;
1013      }
1014      mysql_free_result($result);
1015  
1016      if (utf_strlen($user_name) < 2) cpg_die(ERROR, $lang_register_php['username_warning2'], __FILE__, __LINE__);
1017          if ($user_password && utf_strlen($user_password) < 2) cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__);
1018  
1019      // Save old user data (we need it later to determine if we need to send the activation confirmation email)

1020      $user_data = mysql_fetch_assoc(cpg_db_query("SELECT user_name, user_active, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$user_id'"));
1021  
1022      if (is_array($group_list)) {
1023          $user_group_list = '';
1024          foreach($group_list as $group) $user_group_list .= ($group != $user_group) ? $group . ',' : '';
1025          $user_group_list = substr($user_group_list, 0, -1);
1026      } else {
1027          $user_group_list = '';
1028      }
1029  
1030      $sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " .
1031                    "user_name = '$user_name', " .
1032            "user_email = '$user_email', " .
1033            "user_active = '$user_active', " .
1034            "user_group = '$user_group', " .
1035            "user_profile1 = '$profile1', " .
1036            "user_profile2 = '$profile2', " .
1037            "user_profile3 = '$profile3', " .
1038            "user_profile4 = '$profile4', " .
1039            "user_profile5 = '$profile5', " .
1040            "user_profile6 = '$profile6', " .
1041            "user_group_list = '$user_group_list'";
1042  
1043      if (!empty($user_password)) $sql_update .= ", user_password = '".(md5($user_password))."'";
1044      if ($user_active == 'YES') $sql_update .= ", user_actkey = ''";
1045      $sql_update .= " WHERE user_id = '$user_id'";
1046  
1047      cpg_db_query($sql_update);
1048  
1049      // Update comments' author name

1050      cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author = '$user_name' WHERE author_id = $user_id");
1051  
1052      // If send login data checkbox is checked then send the username and password to the user in an email

1053      if ($superCage->post->keyExists('send_login_data') && trim($user_email)) {
1054          require ('include/mailer.inc.php');
1055          $template_vars = array(
1056                                '{SITE_NAME}' => $CONFIG['gallery_name'],
1057                                '{SITE_LINK}' => $CONFIG['site_url'],
1058                                '{USER_NAME}' => trim($user_name),
1059                                '{USER_PASS}' => trim($user_password),
1060                                );
1061  
1062          if (!cpg_mail(trim($user_email), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_usermgr_php['send_login_data_email'], $template_vars)))) {
1063              cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__);
1064          }
1065      } elseif ($user_data['user_actkey'] && $user_data['user_active'] == 'NO' && $user_active == 'YES') {
1066          // send activation confirmation email (only once)

1067          require ('include/mailer.inc.php');
1068  
1069          $template_vars = array(
1070              '{SITE_LINK}' => $CONFIG['site_url'],
1071              '{USER_NAME}' => $user_data['user_name'],
1072              '{SITE_NAME}' => $CONFIG['gallery_name'],
1073          );
1074  
1075          cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars)));
1076      }
1077  }
1078  
1079  $op = (GALLERY_ADMIN_MODE && ($matches = $superCage->get->getMatched('op', '/^[a-z_]+$/'))) ? $matches[0] : '';
1080  
1081  //Check if the form token is valid

1082  if($op != '' && !checkFormToken()){
1083      cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
1084  }
1085  
1086  switch ($op) {
1087      case 'edit' :
1088          $user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1;
1089  
1090          if (USER_ID == $user_id) cpg_die(ERROR, $lang_usermgr_php['err_edit_self'], __FILE__, __LINE__);
1091          $cpg_udb->edit_users($user_id);
1092  
1093          pageheader($lang_usermgr_php['title']);
1094          edit_user($user_id);
1095          pagefooter();
1096          break;
1097  
1098      case 'update' :
1099          $user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1;
1100          $cpg_udb->edit_users($user_id);
1101  
1102          update_user($user_id);
1103  
1104          cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
1105  
1106          pageheader($lang_usermgr_php['title']);
1107          list_users();
1108          pagefooter();
1109          break;
1110  
1111      case 'new_user' :
1112          pageheader($lang_usermgr_php['title']);
1113          edit_user('new_user');
1114          pagefooter();
1115          break;
1116  
1117      case 'groups_alb_access' : //show what albums user groups can see
1118          pageheader($lang_usermgr_php['groups_alb_access']);
1119          list_groups_alb_access();
1120          pagefooter();
1121          break;
1122  
1123      case 'group_alb_access' : //show what albums specific group can see
1124          $group_id = $superCage->get->getInt('gid');
1125          $sql = "
1126            SELECT group_name
1127            FROM {$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums
1128            WHERE group_id = $group_id AND albums.visibility = groups.group_id
1129          ";
1130          $result = cpg_db_query($sql);
1131          $group = mysql_fetch_array($result);
1132  
1133          if (!mysql_num_rows($result)) {
1134            pageheader($lang_usermgr_php['group_no_access']);
1135            msg_box($lang_usermgr_php['notice'].'&nbsp;'.cpg_display_help('f=groups.htm&amp;as=group_cp_assigned&amp;ae=group_cp_assigned_end', '450', '300'), $lang_usermgr_php['group_no_access']);
1136          } else {
1137              mysql_free_result($result);
1138              $group_name = $group['group_name'];
1139              pageheader(sprintf($lang_usermgr_php['group_can_access'], $group_name));
1140              starttable(500, sprintf($lang_usermgr_php['group_can_access'], $group_name).'&nbsp;'.cpg_display_help('f=groups.htm&amp;as=group_cp_assigned&amp;ae=group_cp_assigned_end', '450', '300'), 3);
1141              echo "
1142              <td>{$lang_usermgr_php['category']}</td>
1143              <td>{$lang_common['album']}</td>
1144              <td>{$lang_usermgr_php['modify']}</td>
1145              ";
1146  
1147              list_group_alb_access($group_id);
1148              endtable();
1149          }
1150          pagefooter();
1151          break;
1152  
1153      default :
1154          cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
1155  
1156          pageheader($lang_usermgr_php['title']);
1157          if ($superCage->post->keyExists('username') || $superCage->get->keyExists('username')) {
1158                  $name = $superCage->post->keyExists('username') ? $superCage->post->getEscaped('username'): $superCage->get->getEscaped('username');
1159                  $wildcards = array("*" => "%", "?" => "_");
1160                  $search = strtr($name, $wildcards);
1161          }
1162          if (isset($search) == false) {$search = '';}
1163          list_users($search);
1164          pagefooter();
1165          break;
1166  }
1167  
1168  ?>

title

Description

title

Description

title

Description

title

title

Body