Annotation of /mambo/branches/4.5.3h/components/com_user/user.php
Parent Directory
| 
Revision Log
Revision 1393 - (view) (download)
| 1 : | root | 1 | <?php |
| 2 : | /** | ||
| 3 : | * @version $Id: user.php,v 1.1 2005/07/22 01:54:57 eddieajau Exp $ | ||
| 4 : | * @package Mambo | ||
| 5 : | * @subpackage Users | ||
| 6 : | * @copyright (C) 2000 - 2005 Miro International Pty Ltd | ||
| 7 : | chanh | 1393 | * @license GNU/GPL Version 2, see LICENSE.php |
| 8 : | root | 1 | * Mambo is Free Software |
| 9 : | */ | ||
| 10 : | |||
| 11 : | /** ensure this file is being included by a parent file */ | ||
| 12 : | defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); | ||
| 13 : | |||
| 14 : | // Editor usertype check | ||
| 15 : | //$is_editor = (strtolower($my->usertype) == 'author' || strtolower($my->usertype) == 'editor' || strtolower($my->usertype) == 'administrator' || strtolower($my->usertype) == 'super administrator' ); | ||
| 16 : | $access = new stdClass(); | ||
| 17 : | $access->canEdit = $acl->acl_check( 'action', 'edit', 'users', $my->usertype, 'content', 'all' ); | ||
| 18 : | $access->canEditOwn = $acl->acl_check( 'action', 'edit', 'users', $my->usertype, 'content', 'own' ); | ||
| 19 : | |||
| 20 : | require_once ( $mainframe->getPath( 'front_html' ) ); | ||
| 21 : | $task = mosGetParam( $_REQUEST, 'task' ); | ||
| 22 : | |||
| 23 : | switch( $task ) { | ||
| 24 : | case "saveUpload": | ||
| 25 : | saveUpload( $mosConfig_dbprefix, $uid, $option, $userfile, $userfile_name, $type, $existingImage); | ||
| 26 : | break; | ||
| 27 : | |||
| 28 : | case "UserDetails": | ||
| 29 : | userEdit( $option, $my->id, _UPDATE ); | ||
| 30 : | break; | ||
| 31 : | |||
| 32 : | case "saveUserEdit": | ||
| 33 : | userSave( $option, $my->id ); | ||
| 34 : | break; | ||
| 35 : | |||
| 36 : | case "CheckIn": | ||
| 37 : | CheckIn( $my->id, $access, $option ); | ||
| 38 : | break; | ||
| 39 : | |||
| 40 : | default: | ||
| 41 : | HTML_user::frontpage(); | ||
| 42 : | break; | ||
| 43 : | } | ||
| 44 : | |||
| 45 : | function saveUpload($database, $_dbprefix, $uid, $option, $userfile, $userfile_name, $type, $existingImage) { | ||
| 46 : | global $database; | ||
| 47 : | |||
| 48 : | if ($uid == 0) { | ||
| 49 : | mosNotAuth(); | ||
| 50 : | return; | ||
| 51 : | } | ||
| 52 : | |||
| 53 : | $base_Dir = "images/stories/"; | ||
| 54 : | $checksize=filesize($userfile); | ||
| 55 : | if ($checksize > 50000) { | ||
| 56 : | echo "<script> alert(\""._UP_SIZE."\"); window.history.go(-1); </script>\n"; | ||
| 57 : | } else { | ||
| 58 : | if (file_exists($base_Dir.$userfile_name)) { | ||
| 59 : | $message=_UP_EXISTS; | ||
| 60 : | eval ("\$message = \"$message\";"); | ||
| 61 : | print "<script> alert('$message'); window.history.go(-1);</script>\n"; | ||
| 62 : | } else { | ||
| 63 : | if ((!strcasecmp(substr($userfile_name,-4),".gif")) || (!strcasecmp(substr($userfile_name,-4),".jpg"))) { | ||
| 64 : | if (!move_uploaded_file($userfile, $base_Dir.$userfile_name)) | ||
| 65 : | { | ||
| 66 : | echo _UP_COPY_FAIL." $userfile_name"; | ||
| 67 : | } else { | ||
| 68 : | echo "<script>window.opener.focus;</script>"; | ||
| 69 : | if ($type=="news") { | ||
| 70 : | $op="UserNews"; | ||
| 71 : | } elseif ($type=="articles") { | ||
| 72 : | $op="UserArticle"; | ||
| 73 : | } | ||
| 74 : | |||
| 75 : | if ($existingImage!="") { | ||
| 76 : | if (file_exists($base_Dir.$existingImage)) { | ||
| 77 : | //delete the exisiting file | ||
| 78 : | unlink($base_Dir.$existingImage); | ||
| 79 : | } | ||
| 80 : | } | ||
| 81 : | echo "<script>window.opener.document.adminForm.ImageName.value='$userfile_name';</script>"; | ||
| 82 : | echo "<script>window.opener.document.adminForm.ImageName2.value='$userfile_name';</script>"; | ||
| 83 : | echo "<script>window.opener.document.adminForm.imagelib.src=null;</script>"; | ||
| 84 : | echo "<script>window.opener.document.adminForm.imagelib.src='images/stories/$userfile_name';</script>"; | ||
| 85 : | echo "<script>window.close(); </script>"; | ||
| 86 : | } | ||
| 87 : | } else { | ||
| 88 : | echo "<script> alert(\""._UP_TYPE_WARN."\"); window.history.go(-1); </script>\n"; | ||
| 89 : | } | ||
| 90 : | } | ||
| 91 : | } | ||
| 92 : | } | ||
| 93 : | |||
| 94 : | function userEdit( $option, $uid, $submitvalue) { | ||
| 95 : | global $database; | ||
| 96 : | if ($uid == 0) { | ||
| 97 : | mosNotAuth(); | ||
| 98 : | return; | ||
| 99 : | } | ||
| 100 : | $row = new mosUser( $database ); | ||
| 101 : | $row->load( $uid ); | ||
| 102 : | $row->orig_password = $row->password; | ||
| 103 : | HTML_user::userEdit( $row, $option, $submitvalue ); | ||
| 104 : | } | ||
| 105 : | |||
| 106 : | function userSave( $option, $uid) { | ||
| 107 : | global $database; | ||
| 108 : | |||
| 109 : | $user_id = intval( mosGetParam( $_POST, 'id', 0 )); | ||
| 110 : | |||
| 111 : | // do some security checks | ||
| 112 : | if ($uid == 0 || $user_id == 0 || $user_id <> $uid) { | ||
| 113 : | mosNotAuth(); | ||
| 114 : | return; | ||
| 115 : | } | ||
| 116 : | $row = new mosUser( $database ); | ||
| 117 : | $row->load( $user_id ); | ||
| 118 : | $row->orig_password = $row->password; | ||
| 119 : | |||
| 120 : | if (!$row->bind( $_POST, "gid usertype" )) { | ||
| 121 : | echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; | ||
| 122 : | exit(); | ||
| 123 : | } | ||
| 124 : | mosMakeHtmlSafe($row); | ||
| 125 : | |||
| 126 : | if(isset($_POST["password"]) && $_POST["password"] != "") { | ||
| 127 : | if(isset($_POST["verifyPass"]) && ($_POST["verifyPass"] == $_POST["password"])) { | ||
| 128 : | $row->password = md5($_POST["password"]); | ||
| 129 : | } else { | ||
| 130 : | echo "<script> alert(\""._PASS_MATCH."\"); window.history.go(-1); </script>\n"; | ||
| 131 : | exit(); | ||
| 132 : | } | ||
| 133 : | } else { | ||
| 134 : | // Restore 'original password' | ||
| 135 : | $row->password = $row->orig_password; | ||
| 136 : | } | ||
| 137 : | if (!$row->check()) { | ||
| 138 : | echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; | ||
| 139 : | exit(); | ||
| 140 : | } | ||
| 141 : | |||
| 142 : | unset($row->orig_password); // prevent DB error!! | ||
| 143 : | |||
| 144 : | if (!$row->store()) { | ||
| 145 : | echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; | ||
| 146 : | exit(); | ||
| 147 : | } | ||
| 148 : | |||
| 149 : | mosRedirect ("index.php?option=$option", _USER_DETAILS_SAVE); | ||
| 150 : | } | ||
| 151 : | |||
| 152 : | function CheckIn( $userid, $access, $option ){ | ||
| 153 : | global $database; | ||
| 154 : | global $mosConfig_db; | ||
| 155 : | |||
| 156 : | if (!($access->canEdit || $access->canEditOwn || $userid > 0)) { | ||
| 157 : | mosNotAuth(); | ||
| 158 : | return; | ||
| 159 : | } | ||
| 160 : | |||
| 161 : | $lt = mysql_list_tables($mosConfig_db); | ||
| 162 : | $k = 0; | ||
| 163 : | echo "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\">"; | ||
| 164 : | while (list($tn) = mysql_fetch_array($lt)) { | ||
| 165 : | // only check in the mos_* tables | ||
| 166 : | if (strpos( $tn, $database->_table_prefix ) !== 0) { | ||
| 167 : | continue; | ||
| 168 : | } | ||
| 169 : | $lf = mysql_list_fields($mosConfig_db, "$tn"); | ||
| 170 : | $nf = mysql_num_fields($lf); | ||
| 171 : | |||
| 172 : | $checked_out = false; | ||
| 173 : | $editor = false; | ||
| 174 : | |||
| 175 : | for ($i = 0; $i < $nf; $i++) { | ||
| 176 : | $fname = mysql_field_name($lf, $i); | ||
| 177 : | if ( $fname == "checked_out") { | ||
| 178 : | $checked_out = true; | ||
| 179 : | } else if ( $fname == "editor") { | ||
| 180 : | $editor = true; | ||
| 181 : | } | ||
| 182 : | } | ||
| 183 : | |||
| 184 : | if ($checked_out) { | ||
| 185 : | if ($editor) { | ||
| 186 : | $database->setQuery( "SELECT checked_out, editor FROM $tn WHERE checked_out > 0 AND checked_out=$userid" ); | ||
| 187 : | } else { | ||
| 188 : | $database->setQuery( "SELECT checked_out FROM $tn WHERE checked_out > 0 AND checked_out=$userid" ); | ||
| 189 : | } | ||
| 190 : | $res = $database->query(); | ||
| 191 : | $num = $database->getNumRows( $res ); | ||
| 192 : | |||
| 193 : | if ($editor) { | ||
| 194 : | $database->setQuery( "UPDATE $tn SET checked_out=0, checked_out_time='00:00:00', editor=NULL WHERE checked_out > 0" ); | ||
| 195 : | } else { | ||
| 196 : | $database->setQuery( "UPDATE $tn SET checked_out=0, checked_out_time='0000-00-00 00:00:00' WHERE checked_out > 0" ); | ||
| 197 : | } | ||
| 198 : | $res = $database->query(); | ||
| 199 : | |||
| 200 : | if ($res == 1) { | ||
| 201 : | |||
| 202 : | if ($num > 0) { | ||
| 203 : | echo "\n<tr class=\"row$k\">"; | ||
| 204 : | echo "\n <td width=\"250\">"; | ||
| 205 : | echo _CHECK_TABLE; | ||
| 206 : | echo " - $tn</td>"; | ||
| 207 : | echo "\n <td>"; | ||
| 208 : | echo _CHECKED_IN; | ||
| 209 : | echo "<b>$num</b>"; | ||
| 210 : | echo _CHECKED_IN_ITEMS; | ||
| 211 : | echo "</td>"; | ||
| 212 : | echo "\n</tr>"; | ||
| 213 : | } | ||
| 214 : | $k = 1 - $k; | ||
| 215 : | } | ||
| 216 : | } | ||
| 217 : | } | ||
| 218 : | ?> | ||
| 219 : | <tr> | ||
| 220 : | <td colspan="2"><b><?php echo _CONF_CHECKED_IN; ?></b></td> | ||
| 221 : | </tr> | ||
| 222 : | </table> | ||
| 223 : | <?php | ||
| 224 : | } | ||
| 225 : | ?> |
| ViewVC Help | |
| Powered by ViewVC 1.0.0 |
Web Hosting provided by Network Redux.