| [ Index ] |
|
Code source de Joomla 1.0.13 |
1 <?php 2 /** 3 * @version $Id: admin.users.php 7813 2007-06-29 06:04:09Z louis $ 4 * @package Joomla 5 * @subpackage Users 6 * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved. 7 * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php 8 * Joomla! is free software. This version may have been modified pursuant 9 * to the GNU General Public License, and as distributed it includes or 10 * is derivative of works licensed under the GNU General Public License or 11 * other free or open source software licenses. 12 * See COPYRIGHT.php for copyright notices and details. 13 */ 14 15 // no direct access 16 defined( '_VALID_MOS' ) or die( 'Restricted access' ); 17 18 if (!$acl->acl_check( 'administration', 'manage', 'users', $my->usertype, 'components', 'com_users' )) { 19 mosRedirect( 'index2.php', _NOT_AUTH ); 20 } 21 22 require_once( $mainframe->getPath( 'admin_html' ) ); 23 require_once( $mainframe->getPath( 'class' ) ); 24 25 $cid = josGetArrayInts( 'cid' ); 26 27 switch ($task) { 28 case 'new': 29 editUser( 0, $option); 30 break; 31 32 case 'edit': 33 editUser( intval( $cid[0] ), $option ); 34 break; 35 36 case 'editA': 37 editUser( $id, $option ); 38 break; 39 40 case 'save': 41 case 'apply': 42 // check to see if functionality restricted for use as demo site 43 if ( $_VERSION->RESTRICT == 1 ) { 44 mosRedirect( 'index2.php?mosmsg=Functionality Restricted' ); 45 } else { 46 saveUser( $task ); 47 } 48 break; 49 50 case 'remove': 51 removeUsers( $cid, $option ); 52 break; 53 54 case 'block': 55 // check to see if functionality restricted for use as demo site 56 if ( $_VERSION->RESTRICT == 1 ) { 57 mosRedirect( 'index2.php?mosmsg=Functionality Restricted' ); 58 } else { 59 changeUserBlock( $cid, 1, $option ); 60 } 61 break; 62 63 case 'unblock': 64 changeUserBlock( $cid, 0, $option ); 65 break; 66 67 case 'logout': 68 logoutUser( $cid, $option, $task ); 69 break; 70 71 case 'flogout': 72 logoutUser( $id, $option, $task ); 73 break; 74 75 case 'cancel': 76 cancelUser( $option ); 77 break; 78 79 case 'contact': 80 $contact_id = mosGetParam( $_POST, 'contact_id', '' ); 81 mosRedirect( 'index2.php?option=com_contact&task=editA&id='. $contact_id ); 82 break; 83 84 default: 85 showUsers( $option ); 86 break; 87 } 88 89 function showUsers( $option ) { 90 global $database, $mainframe, $my, $acl, $mosConfig_list_limit; 91 92 $filter_type = $mainframe->getUserStateFromRequest( "filter_type{$option}", 'filter_type', 0 ); 93 $filter_logged = intval( $mainframe->getUserStateFromRequest( "filter_logged{$option}", 'filter_logged', 0 ) ); 94 $limit = intval( $mainframe->getUserStateFromRequest( "viewlistlimit", 'limit', $mosConfig_list_limit ) ); 95 $limitstart = intval( $mainframe->getUserStateFromRequest( "view{$option}limitstart", 'limitstart', 0 ) ); 96 $search = $mainframe->getUserStateFromRequest( "search{$option}", 'search', '' ); 97 if (get_magic_quotes_gpc()) { 98 $filter_type = stripslashes( $filter_type ); 99 $search = stripslashes( $search ); 100 } 101 $where = array(); 102 103 if (isset( $search ) && $search!= "") { 104 $searchEscaped = $database->getEscaped( trim( strtolower( $search ) ) ); 105 $where[] = "(a.username LIKE '%$searchEscaped%' OR a.email LIKE '%$searchEscaped%' OR a.name LIKE '%$searchEscaped%')"; 106 } 107 if ( $filter_type ) { 108 if ( $filter_type == 'Public Frontend' ) { 109 $where[] = "(a.usertype = 'Registered' OR a.usertype = 'Author' OR a.usertype = 'Editor'OR a.usertype = 'Publisher')"; 110 } else if ( $filter_type == 'Public Backend' ) { 111 $where[] = "(a.usertype = 'Manager' OR a.usertype = 'Administrator' OR a.usertype = 'Super Administrator')"; 112 } else { 113 $where[] = "a.usertype = LOWER( " . $database->Quote( $filter_type ) . " )"; 114 } 115 } 116 if ( $filter_logged == 1 ) { 117 $where[] = "s.userid = a.id"; 118 } else if ($filter_logged == 2) { 119 $where[] = "s.userid IS NULL"; 120 } 121 122 // exclude any child group id's for this user 123 $pgids = $acl->get_group_children( $my->gid, 'ARO', 'RECURSE' ); 124 125 mosArrayToInts( $pgids ); 126 if (is_array( $pgids ) && count( $pgids ) > 0) { 127 $where[] = '( a.gid != ' . implode( ' OR a.gid != ', $pgids ) . ' )'; 128 } 129 130 $query = "SELECT COUNT(a.id)" 131 . "\n FROM #__users AS a"; 132 133 if ($filter_logged == 1 || $filter_logged == 2) { 134 $query .= "\n INNER JOIN #__session AS s ON s.userid = a.id"; 135 } 136 137 $query .= ( count( $where ) ? "\n WHERE " . implode( ' AND ', $where ) : '' ) 138 ; 139 $database->setQuery( $query ); 140 $total = $database->loadResult(); 141 142 require_once( $GLOBALS['mosConfig_absolute_path'] . '/administrator/includes/pageNavigation.php' ); 143 $pageNav = new mosPageNav( $total, $limitstart, $limit ); 144 145 $query = "SELECT a.*, g.name AS groupname" 146 . "\n FROM #__users AS a" 147 . "\n INNER JOIN #__core_acl_aro AS aro ON aro.value = a.id" // map user to aro 148 . "\n INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.aro_id" // map aro to group 149 . "\n INNER JOIN #__core_acl_aro_groups AS g ON g.group_id = gm.group_id"; 150 151 if ($filter_logged == 1 || $filter_logged == 2) { 152 $query .= "\n INNER JOIN #__session AS s ON s.userid = a.id"; 153 } 154 155 $query .= (count( $where ) ? "\n WHERE " . implode( ' AND ', $where ) : "") 156 . "\n GROUP BY a.id" 157 ; 158 $database->setQuery( $query, $pageNav->limitstart, $pageNav->limit ); 159 $rows = $database->loadObjectList(); 160 161 if ($database->getErrorNum()) { 162 echo $database->stderr(); 163 return false; 164 } 165 166 $template = 'SELECT COUNT(s.userid) FROM #__session AS s WHERE s.userid = '; 167 $n = count( $rows ); 168 for ($i = 0; $i < $n; $i++) { 169 $row = &$rows[$i]; 170 $query = $template . (int) $row->id; 171 $database->setQuery( $query ); 172 $row->loggedin = $database->loadResult(); 173 } 174 175 // get list of Groups for dropdown filter 176 $query = "SELECT name AS value, name AS text" 177 . "\n FROM #__core_acl_aro_groups" 178 . "\n WHERE name != 'ROOT'" 179 . "\n AND name != 'USERS'" 180 ; 181 $types[] = mosHTML::makeOption( '0', '- Select Group -' ); 182 $database->setQuery( $query ); 183 $types = array_merge( $types, $database->loadObjectList() ); 184 $lists['type'] = mosHTML::selectList( $types, 'filter_type', 'class="inputbox" size="1" onchange="document.adminForm.submit( );"', 'value', 'text', "$filter_type" ); 185 186 // get list of Log Status for dropdown filter 187 $logged[] = mosHTML::makeOption( 0, '- Select Log Status - '); 188 $logged[] = mosHTML::makeOption( 1, 'Logged In'); 189 $lists['logged'] = mosHTML::selectList( $logged, 'filter_logged', 'class="inputbox" size="1" onchange="document.adminForm.submit( );"', 'value', 'text', "$filter_logged" ); 190 191 HTML_users::showUsers( $rows, $pageNav, $search, $option, $lists ); 192 } 193 194 /** 195 * Edit the user 196 * @param int The user ID 197 * @param string The URL option 198 */ 199 function editUser( $uid='0', $option='users' ) { 200 global $database, $my, $acl, $mainframe; 201 202 $msg = checkUserPermissions( array($uid), "edit", true ); 203 if ($msg) { 204 echo "<script type=\"text/javascript\"> alert('".$msg."'); window.history.go(-1);</script>\n"; 205 exit; 206 } 207 208 $row = new mosUser( $database ); 209 // load the row from the db table 210 $row->load( (int)$uid ); 211 212 if ( $uid ) { 213 $query = "SELECT *" 214 . "\n FROM #__contact_details" 215 . "\n WHERE user_id = " . (int) $row->id 216 ; 217 $database->setQuery( $query ); 218 $contact = $database->loadObjectList(); 219 220 $row->name = trim( $row->name ); 221 $row->email = trim( $row->email ); 222 $row->username = trim( $row->username ); 223 $row->password = trim( $row->password ); 224 225 } else { 226 $contact = NULL; 227 $row->block = 0; 228 } 229 230 // check to ensure only super admins can edit super admin info 231 if ( ( $my->gid < 25 ) && ( $row->gid == 25 ) ) { 232 mosRedirect( 'index2.php?option=com_users', _NOT_AUTH ); 233 } 234 235 $my_group = strtolower( $acl->get_group_name( $row->gid, 'ARO' ) ); 236 if ( $my_group == 'super administrator' && $my->gid != 25 ) { 237 $lists['gid'] = '<input type="hidden" name="gid" value="'. $my->gid .'" /><strong>Super Administrator</strong>'; 238 } else if ( $my->gid == 24 && $row->gid == 24 ) { 239 $lists['gid'] = '<input type="hidden" name="gid" value="'. $my->gid .'" /><strong>Administrator</strong>'; 240 } else { 241 // ensure user can't add group higher than themselves 242 $my_groups = $acl->get_object_groups( 'users', $my->id, 'ARO' ); 243 if (is_array( $my_groups ) && count( $my_groups ) > 0) { 244 $ex_groups = $acl->get_group_children( $my_groups[0], 'ARO', 'RECURSE' ); 245 } else { 246 $ex_groups = array(); 247 } 248 249 $gtree = $acl->get_group_children_tree( null, 'USERS', false ); 250 251 // remove users 'above' me 252 $i = 0; 253 while ($i < count( $gtree )) { 254 if (in_array( $gtree[$i]->value, $ex_groups )) { 255 array_splice( $gtree, $i, 1 ); 256 } else { 257 $i++; 258 } 259 } 260 261 $lists['gid'] = mosHTML::selectList( $gtree, 'gid', 'size="10"', 'value', 'text', $row->gid ); 262 } 263 264 // build the html select list 265 $lists['block'] = mosHTML::yesnoRadioList( 'block', 'class="inputbox" size="1"', $row->block ); 266 // build the html select list 267 $lists['sendEmail'] = mosHTML::yesnoRadioList( 'sendEmail', 'class="inputbox" size="1"', $row->sendEmail ); 268 269 $file = $mainframe->getPath( 'com_xml', 'com_users' ); 270 $params =& new mosUserParameters( $row->params, $file, 'component' ); 271 272 HTML_users::edituser( $row, $contact, $lists, $option, $uid, $params ); 273 } 274 275 function saveUser( $task ) { 276 global $database, $my, $acl; 277 global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; 278 279 $userIdPosted = mosGetParam($_POST, 'id'); 280 if ($userIdPosted) { 281 $msg = checkUserPermissions( array($userIdPosted), 'save', in_array($my->gid, array(24, 25)) ); 282 if ($msg) { 283 echo "<script type=\"text/javascript\"> alert('".$msg."'); window.history.go(-1);</script>\n"; 284 exit; 285 } 286 } 287 288 $row = new mosUser( $database ); 289 if (!$row->bind( $_POST )) { 290 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 291 exit(); 292 } 293 294 $row->name = trim( $row->name ); 295 $row->email = trim( $row->email ); 296 $row->username = trim( $row->username ); 297 298 // sanitise fields 299 $row->id = (int) $row->id; 300 // sanitise gid field 301 $row->gid = (int) $row->gid; 302 303 $isNew = !$row->id; 304 $pwd = ''; 305 306 // MD5 hash convert passwords 307 if ($isNew) { 308 // new user stuff 309 if ($row->password == '') { 310 $pwd = mosMakePassword(); 311 312 $salt = mosMakePassword(16); 313 $crypt = md5($pwd.$salt); 314 $row->password = $crypt.':'.$salt; 315 } else { 316 $pwd = trim( $row->password ); 317 318 $salt = mosMakePassword(16); 319 $crypt = md5($pwd.$salt); 320 $row->password = $crypt.':'.$salt; 321 } 322 $row->registerDate = date( 'Y-m-d H:i:s' ); 323 } else { 324 $original = new mosUser( $database ); 325 $original->load( (int)$row->id ); 326 327 // existing user stuff 328 if ($row->password == '') { 329 // password set to null if empty 330 $row->password = null; 331 } else { 332 $row->password = trim($row->password); 333 $salt = mosMakePassword(16); 334 $crypt = md5($row->password.$salt); 335 $row->password = $crypt.':'.$salt; 336 } 337 338 // if group has been changed and where original group was a Super Admin 339 if ( $row->gid != $original->gid ) { 340 if ( $original->gid == 25 ) { 341 // count number of active super admins 342 $query = "SELECT COUNT( id )" 343 . "\n FROM #__users" 344 . "\n WHERE gid = 25" 345 . "\n AND block = 0" 346 ; 347 $database->setQuery( $query ); 348 $count = $database->loadResult(); 349 350 if ( $count <= 1 ) { 351 // disallow change if only one Super Admin exists 352 echo "<script> alert('You cannot change this users Group as it is the only active Super Administrator for your site'); window.history.go(-1); </script>\n"; 353 exit(); 354 } 355 } 356 357 $user_group = strtolower( $acl->get_group_name( $original->gid, 'ARO' ) ); 358 if (( $user_group == 'super administrator' && $my->gid != 25) ) { 359 // disallow change of super-Admin by non-super admin 360 echo "<script> alert('You cannot change this users Group as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; 361 exit(); 362 } else if ( $my->gid == 24 && $original->gid == 24 ) { 363 // disallow change of super-Admin by non-super admin 364 echo "<script> alert('You cannot change the Group of another Administrator as you are not a Super Administrator for your site'); window.history.go(-1); </script>\n"; 365 exit(); 366 } // ensure user can't add group higher than themselves done below 367 } 368 } 369 /* 370 // if user is made a Super Admin group and user is NOT a Super Admin 371 if ( $row->gid == 25 && $my->gid != 25 ) { 372 // disallow creation of Super Admin by non Super Admin users 373 echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; 374 exit(); 375 } 376 */ 377 // Security check to avoid creating/editing user to higher level than himself: response to artf4529. 378 if (!in_array($row->gid,getGIDSChildren($my->gid))) { 379 // disallow creation of Super Admin by non Super Admin users 380 echo "<script> alert('You cannot create a user with this user Group level, only Super Administrators have this ability'); window.history.go(-1); </script>\n"; 381 exit(); 382 } 383 384 // save usertype to usertype column 385 $query = "SELECT name" 386 . "\n FROM #__core_acl_aro_groups" 387 . "\n WHERE group_id = " . (int) $row->gid 388 ; 389 $database->setQuery( $query ); 390 $usertype = $database->loadResult(); 391 $row->usertype = $usertype; 392 393 // save params 394 $params = mosGetParam( $_POST, 'params', '' ); 395 if (is_array( $params )) { 396 $txt = array(); 397 foreach ( $params as $k=>$v) { 398 $txt[] = "$k=$v"; 399 } 400 $row->params = implode( "\n", $txt ); 401 } 402 403 if (!$row->check()) { 404 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 405 exit(); 406 } 407 if (!$row->store()) { 408 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 409 exit(); 410 } 411 $row->checkin(); 412 413 // updates the current users param settings 414 if ( $my->id == $row->id ) { 415 //session_start(); 416 $_SESSION['session_user_params']= $row->params; 417 session_write_close(); 418 } 419 420 // update the ACL 421 if (!$isNew) { 422 $query = "SELECT aro_id" 423 . "\n FROM #__core_acl_aro" 424 . "\n WHERE value = " . (int) $row->id 425 ; 426 $database->setQuery( $query ); 427 $aro_id = $database->loadResult(); 428 429 $query = "UPDATE #__core_acl_groups_aro_map" 430 . "\n SET group_id = " . (int) $row->gid 431 . "\n WHERE aro_id = " . (int) $aro_id 432 ; 433 $database->setQuery( $query ); 434 $database->query() or die( $database->stderr() ); 435 } 436 437 // for new users, email username and password 438 if ($isNew) { 439 $query = "SELECT email" 440 . "\n FROM #__users" 441 . "\n WHERE id = " . (int) $my->id 442 ; 443 $database->setQuery( $query ); 444 $adminEmail = $database->loadResult(); 445 446 $subject = _NEW_USER_MESSAGE_SUBJECT; 447 $message = sprintf ( _NEW_USER_MESSAGE, $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd ); 448 449 if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { 450 $adminName = $mosConfig_fromname; 451 $adminEmail = $mosConfig_mailfrom; 452 } else { 453 $query = "SELECT name, email" 454 . "\n FROM #__users" 455 // administrator 456 . "\n WHERE gid = 25" 457 ; 458 $database->setQuery( $query ); 459 $admins = $database->loadObjectList(); 460 $admin = $admins[0]; 461 $adminName = $admin->name; 462 $adminEmail = $admin->email; 463 } 464 465 mosMail( $adminEmail, $adminName, $row->email, $subject, $message ); 466 } 467 468 if (!$isNew) { 469 // if group has been changed 470 if ( $original->gid != $row->gid ) { 471 // delete user acounts active sessions 472 logoutUser( $row->id, 'com_users', 'change' ); 473 } 474 } 475 476 switch ( $task ) { 477 case 'apply': 478 $msg = 'Successfully Saved changes to User: '. $row->name; 479 mosRedirect( 'index2.php?option=com_users&task=editA&hidemainmenu=1&id='. $row->id, $msg ); 480 break; 481 482 case 'save': 483 default: 484 $msg = 'Successfully Saved User: '. $row->name; 485 mosRedirect( 'index2.php?option=com_users', $msg ); 486 break; 487 } 488 } 489 490 /** 491 * Cancels an edit operation 492 * @param option component option to call 493 */ 494 function cancelUser( $option ) { 495 mosRedirect( 'index2.php?option='. $option .'&task=view' ); 496 } 497 498 function removeUsers( $cid, $option ) { 499 global $database, $acl, $my; 500 501 if (!is_array( $cid ) || count( $cid ) < 1) { 502 echo "<script> alert('Select an item to delete'); window.history.go(-1);</script>\n"; 503 exit; 504 } 505 506 $msg = checkUserPermissions( $cid, 'delete' ); 507 508 if ( !$msg && count( $cid ) ) { 509 $obj = new mosUser( $database ); 510 foreach ($cid as $id) { 511 $obj->load( $id ); 512 $count = 2; 513 if ( $obj->gid == 25 ) { 514 // count number of active super admins 515 $query = "SELECT COUNT( id )" 516 . "\n FROM #__users" 517 . "\n WHERE gid = 25" 518 . "\n AND block = 0" 519 ; 520 $database->setQuery( $query ); 521 $count = $database->loadResult(); 522 } 523 524 if ( $count <= 1 && $obj->gid == 25 ) { 525 // cannot delete Super Admin where it is the only one that exists 526 $msg = "You cannot delete this Super Administrator as it is the only active Super Administrator for your site"; 527 } else { 528 // delete user 529 $obj->delete( $id ); 530 $msg = $obj->getError(); 531 532 // delete user acounts active sessions 533 logoutUser( $id, 'com_users', 'remove' ); 534 } 535 } 536 } 537 538 mosRedirect( 'index2.php?option='. $option, $msg ); 539 } 540 /* 541 function removeUsers( $cid, $option ) { 542 global $database, $acl, $my; 543 544 if (!is_array( $cid ) || count( $cid ) < 1) { 545 echo "<script> alert('Select an item to delete'); window.history.go(-1);</script>\n"; 546 exit; 547 } 548 549 if ( count( $cid ) ) { 550 $obj = new mosUser( $database ); 551 foreach ($cid as $id) { 552 // check for a super admin ... can't delete them 553 $groups = $acl->get_object_groups( 'users', $id, 'ARO' ); 554 $this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) ); 555 if ( $this_group == 'super administrator' && $my->gid != 25 ) { 556 $msg = "You cannot delete a Super Administrator"; 557 } else if ( $id == $my->id ){ 558 $msg = "You cannot delete Yourself!"; 559 } else if ( ( $this_group == 'administrator' ) && ( $my->gid == 24 ) ){ 560 $msg = "You cannot delete another `Administrator` only `Super Administrators` have this power"; 561 } else { 562 $obj->load( $id ); 563 $count = 2; 564 if ( $obj->gid == 25 ) { 565 // count number of active super admins 566 $query = "SELECT COUNT( id )" 567 . "\n FROM #__users" 568 . "\n WHERE gid = 25" 569 . "\n AND block = 0" 570 ; 571 $database->setQuery( $query ); 572 $count = $database->loadResult(); 573 } 574 575 if ( $count <= 1 && $obj->gid == 25 ) { 576 // cannot delete Super Admin where it is the only one that exists 577 $msg = "You cannot delete this Super Administrator as it is the only active Super Administrator for your site"; 578 } else { 579 // delete user 580 $obj->delete( $id ); 581 $msg = $obj->getError(); 582 583 // delete user acounts active sessions 584 logoutUser( $id, 'com_users', 'remove' ); 585 } 586 } 587 } 588 } 589 590 mosRedirect( 'index2.php?option='. $option, $msg ); 591 } 592 */ 593 594 /** 595 * Blocks or Unblocks one or more user records 596 * @param array An array of unique category id numbers 597 * @param integer 0 if unblock, 1 if blocking 598 * @param string The current url option 599 */ 600 function changeUserBlock( $cid=null, $block=1, $option ) { 601 global $database; 602 603 $action = $block ? 'block' : 'unblock'; 604 605 if (count( $cid ) < 1) { 606 echo "<script type=\"text/javascript\"> alert('Select an item to $action'); window.history.go(-1);</script>\n"; 607 exit; 608 } 609 610 $msg = checkUserPermissions( $cid, $action ); 611 if ($msg) { 612 echo "<script type=\"text/javascript\"> alert('".$msg."'); window.history.go(-1);</script>\n"; 613 exit; 614 } 615 616 mosArrayToInts( $cid ); 617 $cids = 'id=' . implode( ' OR id=', $cid ); 618 619 $query = "UPDATE #__users" 620 . "\n SET block = " . (int) $block 621 . "\n WHERE ( $cids )" 622 ; 623 $database->setQuery( $query ); 624 if (!$database->query()) { 625 echo "<script> alert('".$database->getErrorMsg()."'); window.history.go(-1); </script>\n"; 626 exit(); 627 } 628 629 // if action is to block a user 630 if ( $block == 1 ) { 631 foreach( $cid as $id ) { 632 // delete user acounts active sessions 633 logoutUser( $id, 'com_users', 'block' ); 634 } 635 } 636 637 mosRedirect( 'index2.php?option='. $option ); 638 } 639 /* 640 function changeUserBlock( $cid=null, $block=1, $option ) { 641 global $database; 642 643 if (count( $cid ) < 1) { 644 $action = $block ? 'block' : 'unblock'; 645 echo "<script> alert('Select an item to $action'); window.history.go(-1);</script>\n"; 646 exit; 647 } 648 649 $cids = implode( ',', $cid ); 650 651 $query = "UPDATE #__users" 652 . "\n SET block = $block" 653 . "\n WHERE id IN ( $cids )" 654 ; 655 $database->setQuery( $query ); 656 if (!$database->query()) { 657 echo "<script> alert('".$database->getErrorMsg()."'); window.history.go(-1); </script>\n"; 658 exit(); 659 } 660 661 // if action is to block a user 662 if ( $block == 1 ) { 663 foreach( $cid as $id ) { 664 // delete user acounts active sessions 665 logoutUser( $id, 'com_users', 'block' ); 666 } 667 } 668 669 mosRedirect( 'index2.php?option='. $option ); 670 } 671 */ 672 673 /** 674 * @param array An array of unique user id numbers 675 * @param string The current url option 676 */ 677 function logoutUser( $cid=null, $option, $task ) { 678 global $database, $my; 679 680 if ( is_array( $cid ) ) { 681 if (count( $cid ) < 1) { 682 mosRedirect( 'index2.php?option='. $option, 'Please select a user' ); 683 } 684 685 foreach( $cid as $cidA ) { 686 $temp = new mosUser( $database ); 687 $temp->load( $cidA ); 688 689 // check to see whether a Administrator is attempting to log out a Super Admin 690 if ( !( $my->gid == 24 && $temp->gid == 25 ) ) { 691 $id[] = $cidA; 692 } 693 } 694 mosArrayToInts( $cid ); 695 $ids = 'userid=' . implode( ' OR userid=', $cid ); 696 } else { 697 $temp = new mosUser( $database ); 698 $temp->load( $cid ); 699 700 // check to see whether a Administrator is attempting to log out a Super Admin 701 if ( $my->gid == 24 && $temp->gid == 25 ) { 702 echo "<script> alert('You cannot log out a Super Administrator'); window.history.go(-1); </script>\n"; 703 exit(); 704 } 705 $ids = 'userid=' . (int) $cid; 706 } 707 708 $query = "DELETE FROM #__session" 709 . "\n WHERE ( $ids )" 710 ; 711 $database->setQuery( $query ); 712 $database->query(); 713 714 switch ( $task ) { 715 case 'flogout': 716 mosRedirect( 'index2.php', $database->getErrorMsg() ); 717 break; 718 719 case 'remove': 720 case 'block': 721 case 'change': 722 return; 723 break; 724 725 default: 726 mosRedirect( 'index2.php?option='. $option, $database->getErrorMsg() ); 727 break; 728 } 729 } 730 731 /** 732 * Check if users are of lower permissions than current user (if not super-admin) and if the user himself is not included 733 * 734 * @param array of userId $cid 735 * @param string $actionName to insert in message. 736 * @return string of error if error, otherwise null 737 * Added 1.0.11 738 */ 739 function checkUserPermissions( $cid, $actionName, $allowActionToMyself = false ) { 740 global $database, $acl, $my; 741 742 $msg = null; 743 if (is_array( $cid ) && count( $cid )) { 744 $obj = new mosUser( $database ); 745 foreach ($cid as $id) { 746 if ( $id != 0 ) { 747 $obj->load( $id ); 748 $groups = $acl->get_object_groups( 'users', $id, 'ARO' ); 749 $this_group = strtolower( $acl->get_group_name( $groups[0], 'ARO' ) ); 750 } else { 751 $this_group = 'Registered'; // minimal user group 752 $obj->gid = $acl->get_group_id( $this_group, 'ARO' ); 753 } 754 755 if ( !$allowActionToMyself && $id == $my->id ){ 756 $msg .= 'You cannot '. $actionName .' Yourself!'; 757 } else if (($obj->gid == $my->gid && !in_array($my->gid, array(24, 25))) || ($obj->gid && !in_array($obj->gid,getGIDSChildren($my->gid)))) { 758 $msg .= 'You cannot '. $actionName .' a `'. $this_group .'`. Only higher-level users have this power. '; 759 } 760 } 761 } 762 763 return $msg; 764 } 765 766 /** 767 * Added 1.0.11 768 */ 769 function getGIDSChildren($gid) { 770 global $database; 771 772 $standardlist = array(-2,); 773 774 $query = "SELECT g1.group_id, g1.name" 775 ."\n FROM #__core_acl_aro_groups g1" 776 ."\n LEFT JOIN #__core_acl_aro_groups g2 ON g2.lft >= g1.lft" 777 ."\n WHERE g2.group_id = " . (int) $gid 778 ."\n ORDER BY g1.name" 779 ; 780 $database->setQuery( $query ); 781 $array = $database->loadResultArray(); 782 783 if( $gid > 0 ) { 784 $standardlist[]=-1; 785 } 786 $array = array_merge($array,$standardlist); 787 788 return $array; 789 } 790 791 /** 792 * Added 1.0.11 793 */ 794 function getGIDSParents($gid) { 795 global $database; 796 797 $query = "SELECT g1.group_id, g1.name" 798 ."\n FROM #__core_acl_aro_groups g1" 799 ."\n LEFT JOIN #__core_acl_aro_groups g2 ON g2.lft <= g1.lft" 800 ."\n WHERE g2.group_id = " . (int) $gid 801 ."\n ORDER BY g1.name" 802 ; 803 $database->setQuery( $query ); 804 $array = $database->loadResultArray(); 805 806 return $array; 807 } 808 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 14:43:32 2007 | par Balluche grâce à PHPXref 0.7 |
|
|