[ Index ]
 

Code source de GeekLog 1.4.1

Accédez au Source d'autres logiciels libres

title

Body

[fermer]

/public_html/admin/ -> user.php (source)

   1  <?php
   2  
   3  /* Reminder: always indent with 4 spaces (no tabs). */
   4  // +---------------------------------------------------------------------------+
   5  // | Geeklog 1.4                                                               |
   6  // +---------------------------------------------------------------------------+
   7  // | user.php                                                                  |
   8  // |                                                                           |
   9  // | Geeklog user administration page.                                         |
  10  // +---------------------------------------------------------------------------+
  11  // | Copyright (C) 2000-2006 by the following authors:                         |
  12  // |                                                                           |
  13  // | Authors: Tony Bibbs        - tony AT tonybibbs DOT com                    |
  14  // |          Mark Limburg      - mlimburg AT users DOT sourceforge DOT net    |
  15  // |          Jason Whittenburg - jwhitten AT securitygeeks DOT com            |
  16  // |          Dirk Haun         - dirk AT haun-online DOT de                   |
  17  // +---------------------------------------------------------------------------+
  18  // |                                                                           |
  19  // | This program is free software; you can redistribute it and/or             |
  20  // | modify it under the terms of the GNU General Public License               |
  21  // | as published by the Free Software Foundation; either version 2            |
  22  // | of the License, or (at your option) any later version.                    |
  23  // |                                                                           |
  24  // | This program is distributed in the hope that it will be useful,           |
  25  // | but WITHOUT ANY WARRANTY; without even the implied warranty of            |
  26  // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the             |
  27  // | GNU General Public License for more details.                              |
  28  // |                                                                           |
  29  // | You should have received a copy of the GNU General Public License         |
  30  // | along with this program; if not, write to the Free Software Foundation,   |
  31  // | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.           |
  32  // |                                                                           |
  33  // +---------------------------------------------------------------------------+
  34  //
  35  // $Id: user.php,v 1.180 2006/12/28 09:27:54 dhaun Exp $
  36  
  37  // Set this to true to get various debug messages from this script
  38  $_USER_VERBOSE = false;
  39  
  40  require_once  ('../lib-common.php');
  41  require_once  ('auth.inc.php');
  42  require_once ($_CONF['path_system'] . 'lib-user.php');
  43  
  44  $display = '';
  45  
  46  // Make sure user has access to this page
  47  if (!SEC_hasRights('user.edit')) {
  48      $retval .= COM_siteHeader ('menu', $MESSAGE[30]);
  49      $retval .= COM_startBlock ($MESSAGE[30], '',
  50                 COM_getBlockTemplate ('_msg_block', 'header'));
  51      $retval .= $MESSAGE[37];
  52      $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
  53      $retval .= COM_siteFooter ();
  54      COM_accessLog("User {$_USER['username']} tried to illegally access the user administration screen.");
  55      echo $retval;
  56      exit;
  57  }
  58  
  59  /**
  60  * Display a list of checkboxes for the user's group assignments
  61  *
  62  * @param    string  $table      DB Table to pull data from
  63  * @param    string  $selection  Comma delimited list of fields to pull from table
  64  * @param    string  $where      Where clause of SQL statement
  65  * @param    string  $selected   Value to set to CHECKED
  66  * @return   string              HTML with Checkbox code
  67  * @see function COM_checkList
  68  *
  69  */
  70  function GROUP_checkList ($table, $selection, $where='', $selected='')
  71  {
  72      global $_TABLES, $LANG_ACCESS;
  73  
  74      $retval = '';
  75  
  76      $sql = "SELECT $selection FROM $table";
  77      if (!empty ($where)) {
  78          $sql .= " WHERE $where";
  79      }
  80      $result = DB_query ($sql);
  81      $nrows = DB_numRows ($result);
  82  
  83      if (empty ($selected)) {
  84          $S = array ();
  85      } else {
  86          $S = explode (' ', $selected);
  87      }
  88  
  89      for ($i = 0; $i < $nrows; $i++) {
  90          $A = DB_fetchArray ($result, true);
  91  
  92          $readonly = false;
  93          $input = '<input type="checkbox"';
  94  
  95          for ($x = 0; $x < count ($S); $x++) {
  96              if ($A[0] == $S[$x]) {
  97                  $input .= ' checked="checked"';
  98  
  99                  if (($A[1] == 'All Users') || ($A[1] == 'Logged-in Users')) {
 100                      $readonly = true;
 101                  }
 102              }
 103          }
 104          if ($A[1] == 'Remote Users') {
 105              $readonly = true;
 106          }
 107  
 108          if ($readonly) {
 109              $input .= ' disabled="disabled">'
 110                     . '<input type="hidden" name="' . $table . '[]" value="'
 111                     . $A[0] . '" checked="checked">';
 112              $retval .= '<span title="' . $LANG_ACCESS['readonly'] . '">'
 113                      . $input . stripslashes ($A[1]) . '</span><br>' . LB;
 114          } else {
 115              $input .= ' name="' . $table . '[]" value="' . $A[0] . '"';
 116              $retval .= $input . '>' . stripslashes ($A[1]) . '<br>' . LB;
 117          }
 118      }
 119  
 120      return $retval;
 121  }
 122  
 123  /**
 124  * Shows the user edit form
 125  *
 126  * @param    int     $uid    User to edit
 127  * @param    int     $msg    Error message to display
 128  * @return   string          HTML for user edit form
 129  *
 130  */
 131  function edituser($uid = '', $msg = '')
 132  {
 133      global $_CONF, $_TABLES, $_USER, $LANG28, $LANG_ACCESS, $LANG_ADMIN,
 134             $MESSAGE;
 135  
 136      $retval = '';
 137  
 138      if (!empty ($msg)) {
 139          $retval .= COM_startBlock ($LANG28[22], '',
 140                             COM_getBlockTemplate ('_msg_block', 'header'))
 141                  . $MESSAGE[$msg]
 142                  . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
 143      }
 144  
 145      if (!empty ($msg) && !empty ($uid) && ($uid > 1)) {
 146          // an error occured while editing a user - if it was a new account,
 147          // don't bother trying to read the user's data from the database ...
 148          $cnt = DB_count ($_TABLES['users'], 'uid', $uid);
 149          if ($cnt == 0) {
 150              $uid = '';
 151          }
 152      }
 153  
 154      if (!empty ($uid) && ($uid > 1)) {
 155          $result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid = '$uid'");
 156          $A = DB_fetchArray($result);
 157          if (empty ($A['uid'])) {
 158              return COM_refresh ($_CONF['site_admin_url'] . '/user.php');
 159          }
 160  
 161          if (SEC_inGroup('Root',$uid) AND !SEC_inGroup('Root')) {
 162              // the current admin user isn't Root but is trying to change
 163              // a root account.  Deny them and log it.
 164              $retval .= COM_startBlock ($LANG28[1], '',
 165                                 COM_getBlockTemplate ('_msg_block', 'header'));
 166              $retval .= $LANG_ACCESS['editrootmsg'];
 167              COM_accessLog("User {$_USER['username']} tried to edit a Root account with insufficient privileges.");
 168              $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
 169              return $retval;
 170          }
 171          $curtime = COM_getUserDateTimeFormat($A['regdate']);
 172          $lastlogin = DB_getItem ($_TABLES['userinfo'], 'lastlogin', "uid = '$uid'");
 173          $lasttime = COM_getUserDateTimeFormat ($lastlogin);
 174      } else {
 175          $A['uid'] = '';
 176          $uid = '';
 177          $curtime =  COM_getUserDateTimeFormat();
 178          $lastlogin = '';
 179          $lasttime = '';
 180          $A['status'] = USER_ACCOUNT_ACTIVE;
 181      }
 182  
 183      $retval .= COM_startBlock ($LANG28[1], '',
 184                                 COM_getBlockTemplate ('_admin_block', 'header'));
 185  
 186      $user_templates = new Template($_CONF['path_layout'] . 'admin/user');
 187      $user_templates->set_file (array ('form' => 'edituser.thtml',
 188                                        'groupedit' => 'groupedit.thtml'));
 189      $user_templates->set_var('site_url', $_CONF['site_url']);
 190      $user_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
 191      $user_templates->set_var('layout_url', $_CONF['layout_url']);
 192      $user_templates->set_var('lang_save', $LANG_ADMIN['save']);
 193      if (!empty($uid) && ($A['uid'] != $_USER['uid']) && SEC_hasRights('user.delete')) {
 194          $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete']
 195                     . '" name="mode"%s>';
 196          $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
 197          $user_templates->set_var ('delete_option',
 198                                    sprintf ($delbutton, $jsconfirm));
 199          $user_templates->set_var ('delete_option_no_confirmation',
 200                                    sprintf ($delbutton, ''));
 201      }
 202      $user_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
 203  
 204      $user_templates->set_var('lang_userid', $LANG28[2]);
 205      if (empty ($A['uid'])) {
 206          $user_templates->set_var ('user_id', 'n/a');
 207      } else {
 208          $user_templates->set_var ('user_id', $A['uid']);
 209      }
 210      $user_templates->set_var('lang_regdate', $LANG28[14]);
 211      $user_templates->set_var('regdate_timestamp', $curtime[1]);
 212      $user_templates->set_var('user_regdate', $curtime[0]);
 213      $user_templates->set_var('lang_lastlogin', $LANG28[35]);
 214      if (empty ($lastlogin)) {
 215          $user_templates->set_var('user_lastlogin', $LANG28[36]);
 216      } else {
 217          $user_templates->set_var('user_lastlogin', $lasttime[0]);
 218      }
 219      $user_templates->set_var('lang_username', $LANG28[3]);
 220      if (isset ($A['username'])) {
 221          $user_templates->set_var('username', $A['username']);
 222      } else {
 223          $user_templates->set_var('username', '');
 224      }
 225  
 226      if ($_CONF['allow_user_photo'] && ($A['uid'] > 0)) {
 227          $photo = USER_getPhoto ($A['uid'], $A['photo'], $A['email'], -1);
 228          $user_templates->set_var ('user_photo', $photo);
 229          if (empty ($A['photo'])) {
 230              $user_templates->set_var ('lang_delete_photo', '');
 231              $user_templates->set_var ('delete_photo_option', '');
 232          } else {
 233              $user_templates->set_var ('lang_delete_photo', $LANG28[28]);
 234              $user_templates->set_var ('delete_photo_option',
 235                      '<input type="checkbox" name="delete_photo">');
 236          }
 237      } else {
 238          $user_templates->set_var ('user_photo', '');
 239          $user_templates->set_var ('lang_delete_photo', '');
 240          $user_templates->set_var ('delete_photo_option', '');
 241      }
 242  
 243      $user_templates->set_var('lang_fullname', $LANG28[4]);
 244      if (isset ($A['fullname'])) {
 245          $user_templates->set_var ('user_fullname',
 246                                    htmlspecialchars ($A['fullname']));
 247      } else {
 248          $user_templates->set_var ('user_fullname', '');
 249      }
 250      $user_templates->set_var('lang_password', $LANG28[5]);
 251      $user_templates->set_var('lang_password_conf', $LANG28[39]);
 252      $user_templates->set_var('lang_emailaddress', $LANG28[7]);
 253      if (isset ($A['email'])) {
 254          $user_templates->set_var('user_email', htmlspecialchars($A['email']));
 255      } else {
 256          $user_templates->set_var('user_email', '');
 257      }
 258      $user_templates->set_var('lang_homepage', $LANG28[8]);
 259      if (isset ($A['homepage'])) {
 260          $user_templates->set_var ('user_homepage',
 261                                    htmlspecialchars ($A['homepage']));
 262      } else {
 263          $user_templates->set_var ('user_homepage', '');
 264      }
 265      $user_templates->set_var('do_not_use_spaces', '');
 266  
 267      $statusarray = array (USER_ACCOUNT_AWAITING_ACTIVATION => $LANG28[43],
 268                            USER_ACCOUNT_ACTIVE              => $LANG28[45]
 269                     );
 270  
 271      $allow_ban = true;
 272  
 273      if ($A['uid'] == $_USER['uid']) {
 274          $allow_ban = false; // do not allow to ban yourself
 275      } else if (SEC_inGroup('Root',$A['uid'])) { // is this user a root user?
 276          $count_root_sql = "SELECT COUNT(ug_uid) AS root_count FROM {$_TABLES['group_assignments']} "
 277                      . "WHERE ug_main_grp_id = 1 GROUP BY ug_uid;";
 278          $count_root_result = DB_query($count_root_sql);
 279          $C = DB_fetchArray($count_root_result); // how many are left?
 280          if ($C['root_count'] < 2) {
 281              $allow_ban = false; // prevent banning the last root user
 282          }
 283      }
 284  
 285      if ($allow_ban) {
 286          $statusarray[USER_ACCOUNT_DISABLED] = $LANG28[42];
 287      }
 288  
 289      if ($_CONF['usersubmission'] == 1) {
 290          $statusarray[USER_ACCOUNT_AWAITING_APPROVAL] = $LANG28[44];
 291      }
 292      asort($statusarray);
 293      $statusselect = '<select name="userstatus">';
 294      foreach ($statusarray as $key => $value) {
 295          $statusselect .= '<option value="' . $key . '"';
 296          if ($key == $A['status']) {
 297              $statusselect .= ' selected="selected"';
 298          }
 299          $statusselect .= '>' . $value . '</option>' . LB;
 300      }
 301      $statusselect .= '</select><input type="hidden" name="oldstatus" value="'
 302                    . $A['status'] . '">';
 303      $user_templates->set_var('user_status', $statusselect);
 304      $user_templates->set_var('lang_user_status', $LANG28[46]);
 305  
 306      if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userEdit'))) {
 307          if (!empty ($uid) && ($uid > 1)) {
 308              $user_templates->set_var('customfields', CUSTOM_userEdit($uid) );
 309          } else {
 310              $user_templates->set_var('customfields', CUSTOM_userEdit($A['uid']) );
 311          }
 312      }
 313  
 314      if (SEC_hasRights('group.edit')) {
 315          $user_templates->set_var('lang_securitygroups', $LANG_ACCESS['securitygroups']);
 316          $user_templates->set_var('lang_groupinstructions', $LANG_ACCESS['securitygroupsmsg']);
 317  
 318          if (!empty($uid)) {
 319              $usergroups = SEC_getUserGroups($uid);
 320              if (is_array($usergroups) && !empty($uid)) {
 321                  $selected = implode(' ',$usergroups);
 322              } else {
 323                  $selected = '';
 324              }
 325          } else {
 326              $selected = DB_getItem($_TABLES['groups'],'grp_id',"grp_name='All Users'") . ' ';
 327              $selected .= DB_getItem($_TABLES['groups'],'grp_id',"grp_name='Logged-in Users'");
 328          }
 329          $thisUsersGroups = SEC_getUserGroups ();
 330          $remoteGroup = DB_getItem ($_TABLES['groups'], 'grp_id',
 331                                     "grp_name='Remote Users'");
 332          if (!empty ($remoteGroup)) {
 333              $thisUsersGroups[] = $remoteGroup;
 334          }
 335          $where = 'grp_id IN (' . implode (',', $thisUsersGroups) . ')';
 336          $user_templates->set_var ('group_options',
 337                  GROUP_checkList ($_TABLES['groups'], 'grp_id,grp_name',
 338                                   $where, $selected));
 339          $user_templates->parse('group_edit', 'groupedit', true);
 340      } else {
 341          // user doesn't have the rights to edit a user's groups so set to -1
 342          // so we know not to handle the groups array when we save
 343          $user_templates->set_var ('group_edit',
 344                  '<input type="hidden" name="groups" value="-1">');
 345      }
 346      $user_templates->parse('output', 'form');
 347      $retval .= $user_templates->finish($user_templates->get_var('output'));
 348      $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
 349  
 350      return $retval;
 351  }
 352  
 353  function listusers()
 354  {
 355      global $_CONF, $_TABLES, $LANG_ADMIN, $LANG28, $_IMAGE_TYPE;
 356  
 357      require_once( $_CONF['path_system'] . 'lib-admin.php' );
 358  
 359      $display = '';
 360  
 361      if ($_CONF['lastlogin']) {
 362          $login_text = $LANG28[41];
 363          $login_field = 'lastlogin';
 364      } else {
 365          $login_text = $LANG28[40];
 366          $login_field = 'regdate';
 367      }
 368  
 369      $header_arr = array(      # dislay 'text' and use table field 'field'
 370                      array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false),
 371                      array('text' => $LANG28[37], 'field' => $_TABLES['users'] . '.uid', 'sort' => true),
 372                      array('text' => $LANG28[3], 'field' => 'username', 'sort' => true),
 373                      array('text' => $LANG28[4], 'field' => 'fullname', 'sort' => true),
 374                      array('text' => $login_text, 'field' => $login_field, 'sort' => true)
 375      );
 376  
 377      $header_arr[] = array('text' => $LANG28[7], 'field' => 'email', 'sort' => true);
 378  
 379      $defsort_arr = array('field'     => $_TABLES['users'] . '.uid',
 380                           'direction' => 'ASC');
 381  
 382      $menu_arr = array (
 383                      array('url' => $_CONF['site_admin_url'] . '/user.php?mode=edit',
 384                            'text' => $LANG_ADMIN['create_new']),
 385                      array('url' => $_CONF['site_admin_url'] . '/user.php?mode=importform',
 386                            'text' => $LANG28[23]),
 387                      array('url' => $_CONF['site_admin_url'] . '/user.php?mode=batchdelete',
 388                            'text' => $LANG28[54]),
 389                      array('url' => $_CONF['site_admin_url'],
 390                            'text' => $LANG_ADMIN['admin_home'])
 391      );
 392  
 393      $text_arr = array('has_menu'     => true,
 394                        'has_extras'   => true,
 395                        'title'        => $LANG28[11],
 396                        'instructions' => $LANG28[12],
 397                        'icon'         => $_CONF['layout_url'] . '/images/icons/user.' . $_IMAGE_TYPE,
 398                        'form_url'     => $_CONF['site_admin_url'] . "/user.php",
 399                        'help_url'     => ''
 400      );
 401  
 402      if ($_CONF['lastlogin']) {
 403          $join_userinfo="LEFT JOIN {$_TABLES['userinfo']} ON {$_TABLES['users']}.uid={$_TABLES['userinfo']}.uid ";
 404          $select_userinfo=",lastlogin";
 405      }
 406      $sql = "SELECT {$_TABLES['users']}.uid,username,fullname,email,photo,status,regdate$select_userinfo "
 407           . "FROM {$_TABLES['users']} $join_userinfo WHERE 1=1";
 408  
 409      $query_arr = array('table' => 'users',
 410                         'sql' => $sql,
 411                         'query_fields' => array('username', 'email', 'fullname'),
 412                         'default_filter' => "AND {$_TABLES['users']}.uid > 1");
 413  
 414      $display .= ADMIN_list ("user", "ADMIN_getListField_users", $header_arr, $text_arr,
 415                              $query_arr, $menu_arr, $defsort_arr);
 416      return $display;
 417  }
 418  
 419  /**
 420  * Saves user to the database
 421  *
 422  * @param    int     $uid            user id
 423  * @param    string  $usernmae       (short) user name
 424  * @param    string  $fullname       user's full name
 425  * @param    string  $email          user's email address
 426  * @param    string  $regdate        date the user registered with the site
 427  * @param    string  $homepage       user's homepage URL
 428  * @param    array   $groups         groups the user belongs to
 429  * @param    string  $delete_photo   delete user's photo if == 'on'
 430  * @return   string                  HTML redirect or error message
 431  *
 432  */
 433  function saveusers ($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus=3, $oldstatus=3)
 434  {
 435      global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
 436  
 437      $retval = '';
 438      $userChanged = false;
 439  
 440      if ($_USER_VERBOSE) COM_errorLog("**** entering saveusers****",1);
 441      if ($_USER_VERBOSE) COM_errorLog("group size at beginning = " . sizeof($groups),1);
 442  
 443      if ($passwd != $passwd_conf) { // passwords don't match
 444          return edituser ($uid, 67);
 445      }
 446  
 447      if (!empty ($username) && !empty ($email)) {
 448  
 449          if (!COM_isEmail ($email)) {
 450              return edituser ($uid, 52);
 451          }
 452  
 453          $uname = addslashes ($username);
 454          if (empty ($uid)) {
 455              $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)',
 456                                    "username = '$uname'");
 457          } else {
 458              $uservice = DB_getItem ($_TABLES['users'], 'remoteservice', "uid = $uid");
 459              if ($uservice != '') {
 460                  $uservice = addslashes($uservice);
 461                  $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)',
 462                              "username = '$uname' AND uid <> $uid AND remoteservice = '$uservice'");
 463              } else {
 464                  $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)',
 465                                    "username = '$uname' AND uid <> $uid AND (remoteservice = '' OR remoteservice is null)");
 466              }
 467          }
 468          if ($ucount > 0) {
 469              // Admin just changed a user's username to one that already exists
 470              return edituser ($uid, 51);
 471          }
 472  
 473          $emailaddr = addslashes ($email);
 474          if (empty ($uid)) {
 475              $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)',
 476                                    "email = '$emailaddr'");
 477          } else {
 478              $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)',
 479                                    "email = '$emailaddr' AND uid <> $uid");
 480          }
 481          if ($ucount > 0) {
 482              // Admin just changed a user's email to one that already exists
 483              return edituser ($uid, 56);
 484          }
 485  
 486          if (empty ($uid) || !empty ($passwd)) {
 487              $passwd = md5 ($passwd);
 488          } else {
 489              $passwd = DB_getItem ($_TABLES['users'], 'passwd', "uid = $uid");
 490          }
 491  
 492          if (empty ($uid)) {
 493              if (empty ($passwd)) {
 494                  // no password? create one ...
 495                  srand ((double) microtime () * 1000000);
 496                  $passwd = rand ();
 497                  $passwd = md5 ($passwd);
 498                  $passwd = substr ($passwd, 1, 8);
 499                  $passwd = md5 ($passwd);
 500              }
 501  
 502              $uid = USER_createAccount ($username, $email, $passwd, $fullname,
 503                                         $homepage);
 504              if (($uid > 1) && ($_CONF['usersubmission'] == 1)) {
 505                  // we don't want to queue new users created by a User Admin
 506                  DB_query ("UPDATE {$_TABLES['users']} SET status = " . USER_ACCOUNT_AWAITING_ACTIVATION . " WHERE uid = $uid");
 507              }
 508          } else {
 509              $fullname = addslashes ($fullname);
 510              $homepage = addslashes ($homepage);
 511              $curphoto = DB_getItem($_TABLES['users'],'photo',"uid = $uid");
 512              if (!empty ($curphoto) && ($delete_photo == 'on')) {
 513                  USER_deletePhoto ($curphoto);
 514                  $curphoto = '';
 515              }
 516  
 517              if (($_CONF['allow_user_photo'] == 1) && !empty ($curphoto)) {
 518                  $curusername = DB_getItem ($_TABLES['users'], 'username',
 519                                             "uid = $uid");
 520                  if ($curusername != $username) {
 521                      // user has been renamed - rename the photo, too
 522                      $newphoto = preg_replace ('/' . $curusername . '/',
 523                                                $username, $curphoto, 1);
 524                      $imgpath = $_CONF['path_images'] . 'userphotos/';
 525                      if (rename ($imgpath . $curphoto,
 526                                  $imgpath . $newphoto) === false) {
 527                          $display = COM_siteHeader ('menu', $LANG28[22]);
 528                          $display .= COM_errorLog ('Could not rename userphoto "'
 529                                          . $curphoto . '" to "' . $newphoto . '".');
 530                          $display .= COM_siteFooter ();
 531                          return $display;
 532                      }
 533                      $curphoto = $newphoto;
 534                  }
 535              }
 536  
 537              $curphoto = addslashes ($curphoto);
 538              DB_query("UPDATE {$_TABLES['users']} SET username = '$username', fullname = '$fullname', passwd = '$passwd', email = '$email', homepage = '$homepage', photo = '$curphoto', status='$userstatus' WHERE uid = $uid");
 539              if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userSave'))) {
 540                  CUSTOM_userSave($uid);
 541              }
 542              if( ($_CONF['usersubmission'] == 1) && ($oldstatus == USER_ACCOUNT_AWAITING_APPROVAL)
 543                     && ($userstatus == USER_ACCOUNT_ACTIVE) ) {
 544                  //USER_sendActivationEmail($username, $email);
 545                  USER_createAndSendPassword ($username, $email, $uid);
 546              }
 547              $userChanged = true;
 548          }
 549  
 550          // if groups is -1 then this user isn't allowed to change any groups so ignore
 551          if (is_array ($groups) && SEC_inGroup ('Group Admin')) {
 552              if (!SEC_inGroup ('Root')) {
 553                  $rootgrp = DB_getItem ($_TABLES['groups'], 'grp_id',
 554                                         "grp_name = 'Root'");
 555                  if (in_array ($rootgrp, $groups)) {
 556                      COM_accessLog ("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user $username.");
 557                      echo COM_refresh ($_CONF['site_admin_url'] . '/index.php');
 558                      exit;
 559                  }
 560              }
 561  
 562              // make sure the Remote Users group is in $groups
 563              if (SEC_inGroup ('Remote Users', $uid)) {
 564                  $remUsers = DB_getItem ($_TABLES['groups'], 'grp_id',
 565                                          "grp_name = 'Remote Users'");
 566                  if (!in_array ($remUsers, $groups)) {
 567                      $groups[] = $remUsers;
 568                  }
 569              }
 570  
 571              if ($_USER_VERBOSE) {
 572                  COM_errorLog("deleting all group_assignments for user $uid/$username",1);
 573              }
 574  
 575              // remove user from all groups that the User Admin is a member of
 576              $UserAdminGroups = SEC_getUserGroups ();
 577              $whereGroup = 'ug_main_grp_id IN ('
 578                          . implode (',', $UserAdminGroups) . ')';
 579              DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = $uid) AND " . $whereGroup);
 580  
 581              // make sure to add user to All Users and Logged-in Users groups
 582              $allUsers = DB_getItem ($_TABLES['groups'], 'grp_id',
 583                                      "grp_name = 'All Users'");
 584              if (!in_array ($allUsers, $groups)) {
 585                  $groups[] = $allUsers;
 586              }
 587              $logUsers = DB_getItem ($_TABLES['groups'], 'grp_id',
 588                                      "grp_name = 'Logged-in Users'");
 589              if (!in_array ($logUsers, $groups)) {
 590                  $groups[] = $logUsers;
 591              }
 592  
 593              foreach ($groups as $userGroup) {
 594                  if (in_array ($userGroup, $UserAdminGroups)) {
 595                      if ($_USER_VERBOSE) {
 596                          COM_errorLog ("adding group_assignment " . $userGroup
 597                                        . " for $username", 1);
 598                      }
 599                      $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ($userGroup, $uid)";
 600                      DB_query ($sql);
 601                  }
 602              }
 603          }
 604  
 605          if ($userChanged) {
 606              PLG_userInfoChanged ($uid);
 607          }
 608  
 609          $errors = DB_error();
 610          if (empty($errors)) {
 611              echo COM_refresh($_CONF['site_admin_url'] . '/user.php?msg=21');
 612          } else {
 613              $retval .= COM_siteHeader ('menu', $LANG28[22]);
 614              $retval .= COM_errorLog ('Error in saveusers in '
 615                                       . $_CONF['site_admin_url'] . '/user.php');
 616              $retval .= COM_siteFooter ();
 617              echo $retval;
 618              exit;
 619          }
 620      } else {
 621          $retval = COM_siteHeader('menu', $LANG28[1]);
 622          $retval .= COM_errorLog($LANG28[10]);
 623          if (DB_count($_TABLES['users'],'uid',$uid) > 0) {
 624              $retval .= edituser($uid);
 625          } else {
 626              $retval .= edituser();
 627          }
 628          $retval .= COM_siteFooter();
 629          echo $retval;
 630          exit;
 631      }
 632  
 633      if ($_USER_VERBOSE) COM_errorLog("***************leaving saveusers*****************",1);
 634  
 635      return $retval;
 636  }
 637  
 638  /**
 639  * This function allows the batch deletion of users that are inactive
 640  * It shows the form that will filter user that will be deleted
 641  *
 642  * @return   string          HTML Form
 643  */
 644  function batchdelete()
 645  {
 646      global $_CONF, $_TABLES, $LANG_ADMIN, $LANG01, $LANG28, $_IMAGE_TYPE;
 647  
 648      $display = '';
 649      if (!$_CONF['lastlogin']) {
 650          $retval = '<br>'. $_LANG28[55];
 651          return $retval;
 652      }
 653  
 654      require_once( $_CONF['path_system'] . 'lib-admin.php' );
 655  
 656      $usr_type = '';
 657      if (isset($_REQUEST['usr_type'])) {
 658          $usr_type = COM_applyFilter($_REQUEST['usr_type']);
 659      } else {
 660          $usr_type = 'phantom';
 661      }
 662      $usr_time_arr = array();
 663      $usr_time = '';
 664      if (isset($_REQUEST['usr_time'])) {
 665          $usr_time_arr = $_REQUEST['usr_time'];
 666      } else {
 667          $usr_time_arr['phantom'] = 2;
 668          $usr_time_arr['short'] = 6;
 669          $usr_time_arr['old'] = 24;
 670          $usr_time_arr['recent'] = 1;
 671      }
 672      $usr_time = $usr_time_arr[$usr_type];
 673  
 674      // list of options for user display
 675      // sel => form-id
 676      // desc => title
 677      // txt1 => text before input-field
 678      // txt2 => text after input field
 679      $opt_arr = array(
 680          array('sel' => 'phantom', 'desc' => $LANG28[57], 'txt1' => $LANG28[60], 'txt2' => $LANG28[61]),
 681          array('sel' => 'short', 'desc' => $LANG28[58], 'txt1' => $LANG28[62], 'txt2' => $LANG28[63]),
 682          array('sel' => 'old', 'desc' => $LANG28[59], 'txt1' => $LANG28[64], 'txt2' => $LANG28[65]),
 683          array('sel' => 'recent', 'desc' => $LANG28[74], 'txt1' => $LANG28[75], 'txt2' => $LANG28[76])
 684      );
 685  
 686      $user_templates = new Template($_CONF['path_layout'] . 'admin/user');
 687      $user_templates->set_file (array ('form' => 'batchdelete.thtml',
 688                                        'options' => 'batchdelete_options.thtml'));
 689      $user_templates->set_var ('site_admin_url', $_CONF['site_admin_url']);
 690      $user_templates->set_var ('usr_type', $usr_type);
 691      $user_templates->set_var ('usr_time', $usr_time);
 692      $user_templates->set_var ('lang_instruction', $LANG28[56]);
 693      $user_templates->set_var ('lang_updatelist', $LANG28[66]);
 694  
 695      for ($i = 0; $i < count ($opt_arr); $i++) {
 696          $selector = '';
 697          if ($usr_type == $opt_arr[$i]['sel']) {
 698              $selector = ' checked="checked"';
 699          }
 700          $user_templates->set_var ('sel_id', $opt_arr[$i]['sel']);
 701          $user_templates->set_var ('selector', $selector);
 702          $user_templates->set_var ('lang_description', $opt_arr[$i]['desc']);
 703          $user_templates->set_var ('lang_text_start', $opt_arr[$i]['txt1']);
 704          $user_templates->set_var ('lang_text_end', $opt_arr[$i]['txt2']);
 705          $user_templates->set_var ('id_value', $usr_time_arr[$opt_arr[$i]['sel']]);
 706          $user_templates->parse('options_list', 'options', true);
 707      }
 708      $user_templates->parse('form', 'form');
 709      $desc = $user_templates->finish($user_templates->get_var('form'));
 710  
 711      $header_arr = array(      # dislay 'text' and use table field 'field'
 712                      array('text' => $LANG28[37], 'field' => $_TABLES['users'] . '.uid', 'sort' => true),
 713                      array('text' => $LANG28[3], 'field' => 'username', 'sort' => true),
 714                      array('text' => $LANG28[4], 'field' => 'fullname', 'sort' => true)
 715      );
 716  
 717      switch ($usr_type) {
 718          case 'phantom':
 719              $header_arr[] = array('text' => $LANG28[14], 'field' => 'regdate', 'sort' => true);
 720              $header_arr[] = array('text' => $LANG28[41], 'field' => 'lastlogin_short', 'sort' => true);
 721              $header_arr[] = array('text' => $LANG28[67], 'field' => 'phantom_date', 'sort' => true);
 722              $list_sql = ", UNIX_TIMESTAMP()- UNIX_TIMESTAMP(regdate) as phantom_date";
 723              $filter_sql = "lastlogin = 0 AND UNIX_TIMESTAMP()- UNIX_TIMESTAMP(regdate) > " . ($usr_time * 2592000) . " AND";
 724              $sort = 'regdate';
 725              break;
 726          case 'short':
 727              $header_arr[] = array('text' => $LANG28[14], 'field' => 'regdate', 'sort' => true);
 728              $header_arr[] = array('text' => $LANG28[41], 'field' => 'lastlogin_short', 'sort' => true);
 729              $header_arr[] = array('text' => $LANG28[68], 'field' => 'online_hours', 'sort' => true);
 730              $header_arr[] = array('text' => $LANG28[69], 'field' => 'offline_months', 'sort' => true);
 731              $list_sql = ", (lastlogin - UNIX_TIMESTAMP(regdate)) AS online_hours, (UNIX_TIMESTAMP() - lastlogin) AS offline_months";
 732              $filter_sql = "lastlogin > 0 AND lastlogin - UNIX_TIMESTAMP(regdate) < 86400 "
 733                           . "AND UNIX_TIMESTAMP() - lastlogin > " . ($usr_time * 2592000) . " AND";
 734              $sort = 'lastlogin';
 735              break;
 736          case 'old':
 737              $header_arr[] = array('text' => $LANG28[41], 'field' => 'lastlogin_short', 'sort' => true);
 738              $header_arr[] = array('text' => $LANG28[69], 'field' => 'offline_months', 'sort' => true);
 739              $list_sql = ", (UNIX_TIMESTAMP() - lastlogin) AS offline_months";
 740              $filter_sql = "lastlogin > 0 AND (UNIX_TIMESTAMP() - lastlogin) > " . ($usr_time * 2592000) . " AND";
 741              $sort = 'lastlogin';
 742              break;
 743          case 'recent':
 744              $header_arr[] = array('text' => $LANG28[14], 'field' => 'regdate', 'sort' => true);
 745              $header_arr[] = array('text' => $LANG28[41], 'field' => 'lastlogin_short', 'sort' => true);
 746              $list_sql = "";
 747              $filter_sql = "(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(regdate)) < " . ($usr_time * 2592000) . " AND";
 748              $sort = 'regdate';
 749              break;
 750      }
 751  
 752      $header_arr[] = array('text' => $LANG28[7], 'field' => 'email', 'sort' => true);
 753  
 754      $menu_arr = array (
 755                      array('url' => $_CONF['site_admin_url'] . '/user.php',
 756                            'text' => $LANG28[11]),
 757                      array('url' => $_CONF['site_admin_url'] . '/user.php?mode=importform',
 758                            'text' => $LANG28[23]),
 759                      array('url' => $_CONF['site_admin_url'],
 760                            'text' => $LANG_ADMIN['admin_home'])
 761      );
 762  
 763      $text_arr = array('has_menu'     => true,
 764                        'has_extras'   => true,
 765                        'title'        => $LANG28[54],
 766                        'instructions' => "$desc",
 767                        'icon'         => $_CONF['layout_url'] . '/images/icons/user.' . $_IMAGE_TYPE,
 768                        'form_url'     => $_CONF['site_admin_url'] . "/user.php?mode=batchdelete&amp;usr_type=$usr_type&amp;usr_time=$usr_time",
 769                        'help_url'     => ''
 770      );
 771  
 772      $defsort_arr = array('field'     => $sort,
 773                           'direction' => 'ASC');
 774  
 775      $join_userinfo = "LEFT JOIN {$_TABLES['userinfo']} ON {$_TABLES['users']}.uid={$_TABLES['userinfo']}.uid ";
 776      $select_userinfo = ", lastlogin as lastlogin_short $list_sql ";
 777  
 778      $sql = "SELECT {$_TABLES['users']}.uid,username,fullname,email,photo,status,regdate$select_userinfo "
 779           . "FROM {$_TABLES['users']} $join_userinfo WHERE 1=1";
 780  
 781      $query_arr = array (
 782          'table' => 'users',
 783          'sql' => $sql,
 784          'query_fields' => array('username', 'email', 'fullname'),
 785          'default_filter' => "AND $filter_sql {$_TABLES['users']}.uid > 1"
 786      );
 787      $listoptions = array('chkdelete' => true, 'chkfield' => 'uid');
 788  
 789      $display .= ADMIN_list ("user", "ADMIN_getListField_users", $header_arr, $text_arr,
 790          $query_arr, $menu_arr, $defsort_arr, '', '', $listoptions);
 791  
 792      $display .= "<input type=\"hidden\" name=\"mode\" value=\"batchdeleteexec\"></form>" . LB;
 793      return $display;
 794  //
 795  
 796  }
 797  /**
 798  * This function deletes the users selected in the batchdeletelist function
 799  *
 800  * @return   string          HTML with success or error message
 801  *
 802  */
 803  function batchdeleteexec()
 804  {
 805      global $_CONF, $LANG28;
 806      $msg = '';
 807      $user_list = array();
 808      if (isset($_POST['delitem'])) {
 809          $user_list = $_POST['delitem'];
 810      }
 811  
 812      if (count($user_list) == 0) {
 813          $msg = $LANG28[72] . "<br>";
 814      }
 815      $c = 0;
 816  
 817      if (isset($_POST['delitem']) AND is_array($_POST['delitem'])) {
 818          foreach($_POST['delitem'] as $delitem) {
 819              $delitem = COM_applyFilter($delitem);
 820              if (!USER_deleteAccount ($delitem)) {
 821                  $msg .= "<strong>{$LANG28[2]} $delitem {$LANG28[70]}</strong><br>\n";
 822              } else {
 823                  $c++; // count the deleted users
 824              }
 825          }
 826      }
 827  
 828      // Since this function is used for deletion only, its necessary to say that
 829      // zero where deleted instead of just leaving this message away.
 830      COM_numberFormat($c); // just in case we have more than 999)..
 831      $msg .= "{$LANG28[71]}: $c<br>\n";
 832      return $msg;
 833  }
 834  
 835  
 836  /**
 837  * This function allows the administrator to import batches of users
 838  *
 839  * @param    string  $file   file to import
 840  * @return   string          HTML with success or error message
 841  *
 842  */
 843  function importusers ($file)
 844  {
 845      global $_CONF, $_TABLES, $LANG04, $LANG28;
 846  
 847      // Setting this to true will cause import to print processing status to
 848      // webpage and to the error.log file
 849      $verbose_import = true;
 850  
 851      $retval = '';
 852  
 853      // Bulk import implies admin authorisation:
 854      $_CONF['usersubmission'] = 0;
 855  
 856      // First, upload the file
 857      require_once ($_CONF['path_system'] . 'classes/upload.class.php');
 858  
 859      $upload = new upload ();
 860      $upload->setPath ($_CONF['path_data']);
 861      $upload->setAllowedMimeTypes (array ('text/plain' => '.txt'));
 862      $upload->setFileNames ('user_import_file.txt');
 863      if ($upload->uploadFiles ()) {
 864          // Good, file got uploaded, now install everything
 865          $thefile =  current ($_FILES);
 866          $filename = $_CONF['path_data'] . 'user_import_file.txt';
 867      } else {
 868          // A problem occurred, print debug information
 869          $retval = COM_siteHeader ('menu', $LANG28[22]);
 870          $retval .= COM_startBlock ($LANG28[24], '',
 871                  COM_getBlockTemplate ('_msg_block', 'header'));
 872          $retval .= $upload->printErrors ();
 873          $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
 874  
 875          return $retval;
 876      }
 877  
 878      $users = file ($filename);
 879  
 880      $retval .= COM_siteHeader ('menu', $LANG28[24]);
 881      $retval .= COM_startBlock ($LANG28[31], '',
 882              COM_getBlockTemplate ('_admin_block', 'header'));
 883  
 884      // Following variables track import processing statistics
 885      $successes = 0;
 886      $failures = 0;
 887      foreach ($users as $line) {
 888          $line = rtrim ($line);
 889          if (empty ($line)) {
 890              continue;
 891          }
 892  
 893          list ($full_name, $u_name, $email) = explode ("\t", $line);
 894  
 895          $full_name = strip_tags ($full_name);
 896          $u_name = COM_applyFilter ($u_name);
 897          $email = COM_applyFilter ($email);
 898  
 899          if ($verbose_import) {
 900              $retval .="<br><b>Working on username=$u_name, fullname=$full_name, and email=$email</b><br>\n";
 901              COM_errorLog ("Working on username=$u_name, fullname=$full_name, and email=$email",1);
 902          }
 903  
 904          // prepare for database
 905          $userName  = trim ($u_name);
 906          $fullName  = trim ($full_name);
 907          $emailAddr = trim ($email);
 908  
 909          if (COM_isEmail ($email)) {
 910              // email is valid form
 911              $ucount = DB_count ($_TABLES['users'], 'username',
 912                                  addslashes ($userName));
 913              $ecount = DB_count ($_TABLES['users'], 'email',
 914                                  addslashes ($emailAddr));
 915  
 916              if ($ucount == 0 && ecount == 0) {
 917                  // user doesn't already exist
 918                  $uid = USER_createAccount ($userName, $emailAddr, '',
 919                                             $fullName);
 920  
 921                  USER_createAndSendPassword ($userName, $emailAddr, $uid);
 922  
 923                  if ($verbose_import) {
 924                      $retval .= "<br> Account for <b>$u_name</b> created successfully.<br>\n";
 925                      COM_errorLog("Account for $u_name created successfully",1);
 926                  }
 927                  $successes++;
 928              } else {
 929                  if ($verbose_import) {
 930                      $retval .= "<br><b>$u_name</b> or <b>$email</b> already exists, account not created.<br>\n"; // user already exists
 931                      COM_errorLog("$u_name,$email: username or email already exists, account not created",1);
 932                  }
 933                  $failures++;
 934              } // end if $ucount == 0 && ecount == 0
 935          } else {
 936              if ($verbose_import) {
 937                  $retval .= "<br><b>$email</b> is not a valid email address, account not created<br>\n"; // malformed email
 938                  COM_errorLog("$email is not a valid email address, account not created",1);
 939              }
 940              $failures++;
 941          } // end if COM_isEmail($email)
 942      } // end foreach
 943  
 944      unlink ($filename);
 945  
 946      $retval .= '<p>' . sprintf ($LANG28[32], $successes, $failures);
 947  
 948      $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
 949      $retval .= COM_siteFooter ();
 950  
 951      return $retval;
 952  }
 953  
 954  /**
 955  * Display "batch add" (import) form
 956  *
 957  * @return   string      HTML for import form
 958  *
 959  */
 960  function display_form ()
 961  {
 962      global $_CONF, $LANG28;
 963  
 964      $retval = '<form action="' . $_CONF['site_admin_url']
 965              . '/user.php" method="post" enctype="multipart/form-data">'
 966              . $LANG28[29] . ': <input type="file" name="importfile" size="40">'
 967              . '<input type="hidden" name="mode" value="import">'
 968              . '<input type="submit" name="submit" value="' . $LANG28[30]
 969              . '"></form>';
 970  
 971      return $retval;
 972  }
 973  
 974  /**
 975  * Delete a user
 976  *
 977  * @param    int     $uid    id of user to delete
 978  * @return   string          HTML redirect
 979  *
 980  */
 981  function deleteUser ($uid)
 982  {
 983      global $_CONF;
 984  
 985      if (!USER_deleteAccount ($uid)) {
 986          return COM_refresh ($_CONF['site_admin_url'] . '/user.php');
 987      }
 988  
 989      return COM_refresh ($_CONF['site_admin_url'] . '/user.php?msg=22');
 990  }
 991  
 992  // MAIN
 993  $mode = '';
 994  if (isset ($_REQUEST['mode'])) {
 995      $mode = $_REQUEST['mode'];
 996  }
 997  
 998  if (isset ($_REQUEST['order'])) {
 999      $order =  COM_applyFilter ($_REQUEST['order'],true);
1000  }
1001  
1002  if (isset ($_GET['direction'])) {
1003      $direction =  COM_applyFilter ($_GET['direction']);
1004  }
1005  
1006  if (isset ($_POST['passwd']) && isset ($_POST['passwd_conf']) &&
1007          ($_POST['passwd'] != $_POST['passwd_conf'])) {
1008      // entered passwords were different
1009      $uid = COM_applyFilter ($_POST['uid'], true);
1010      if ($uid > 1) {
1011          $display .= COM_refresh ($_CONF['site_admin_url']
1012                                   . '/user.php?mode=edit&msg=67&uid=' . $uid);
1013      } else {
1014          $display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php?msg=67');
1015      }
1016  } else if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { // delete
1017      $uid = COM_applyFilter ($_POST['uid'], true);
1018      if ($uid > 1) {
1019          $display .= deleteUser ($uid);
1020      } else {
1021          COM_errorLog ('Attempted to delete user uid=' . $uid);
1022          $display = COM_refresh ($_CONF['site_admin_url'] . '/user.php');
1023      }
1024  } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) { // save
1025      $delphoto = '';
1026      if (isset ($_POST['delete_photo'])) {
1027          $delphoto = $_POST['delete_photo'];
1028      }
1029      if (!isset ($_POST['oldstatus'])) {
1030          $_POST['oldstatus'] = USER_ACCOUNT_ACTIVE;
1031      }
1032      if (!isset ($_POST['userstatus'])) {
1033          $_POST['userstatus'] = USER_ACCOUNT_ACTIVE;
1034      }
1035      $display = saveusers (COM_applyFilter ($_POST['uid'], true),
1036              $_POST['username'], $_POST['fullname'],
1037              $_POST['passwd'], $_POST['passwd_conf'], $_POST['email'],
1038              $_POST['regdate'], $_POST['homepage'],
1039              $_POST[$_TABLES['groups']],
1040              $delphoto, $_POST['userstatus'], $_POST['oldstatus']);
1041      if (!empty($display)) {
1042          $tmp = COM_siteHeader('menu', $LANG28[22]);
1043          $tmp .= $display;
1044          $tmp .= COM_siteFooter();
1045          $display = $tmp;
1046      }
1047  } else if ($mode == 'edit') {
1048      $display .= COM_siteHeader('menu', $LANG28[1]);
1049      $msg = '';
1050      if (isset ($_GET['msg'])) {
1051          $msg = COM_applyFilter ($_GET['msg'], true);
1052      }
1053      $uid = '';
1054      if (isset ($_GET['uid'])) {
1055          $uid = COM_applyFilter ($_GET['uid'], true);
1056      }
1057      $display .= edituser ($uid, $msg);
1058      $display .= COM_siteFooter();
1059  } else if ($mode == 'import') {
1060      $display .= importusers ($_POST['file']);
1061  } else if ($mode == 'importform') {
1062      $display .= COM_siteHeader('menu', $LANG28[24]);
1063      $display .= COM_startBlock ($LANG28[24], '',
1064                          COM_getBlockTemplate ('_admin_block', 'header'));
1065      $display .= $LANG28[25] . '<br><br>';
1066      $display .= display_form();
1067      $display .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer'));
1068      $display .= COM_siteFooter();
1069  } else if ($mode == 'batchdelete') {
1070      $display .= COM_siteHeader ('menu', $LANG28[54]);
1071      $display .= batchdelete();
1072      $display .= COM_siteFooter();
1073  } else if ($mode == 'batchdeleteexec') {
1074      $msg = batchdeleteexec();
1075      $display .= COM_siteHeader ('menu', $LANG28[11]);
1076      $timestamp = strftime( $_CONF['daytime'] );
1077      $display .= COM_startBlock( $MESSAGE[40] . ' - ' . $timestamp, '',
1078                             COM_getBlockTemplate( '_msg_block', 'header' ))
1079              . '<p style="padding:5px"><img src="' . $_CONF['layout_url']
1080              . '/images/sysmessage.' . $_IMAGE_TYPE . '" border="0" align="left"'
1081              . ' alt="" style="padding-right:5px; padding-bottom:3px">'
1082              . $msg . '</p>'
1083              . COM_endBlock( COM_getBlockTemplate( '_msg_block', 'footer' ));
1084      $display .= batchdelete();
1085      $display .= COM_siteFooter();
1086  } else { // 'cancel' or no mode at all
1087      $display .= COM_siteHeader ('menu', $LANG28[11]);
1088      if (isset ($_REQUEST['msg'])) {
1089          $display .= COM_showMessage (COM_applyFilter ($_REQUEST['msg'], true));
1090      }
1091      $display .= listusers();
1092      $display .= COM_siteFooter();
1093  }
1094  
1095  echo $display;
1096  
1097  ?>


Généré le : Wed Nov 21 12:27:40 2007 par Balluche grâce à PHPXref 0.7
  Clicky Web Analytics