# HG changeset patch # User Dan # Date 1190587336 14400 # Node ID 40f7fa5fd061ede5555f85d4b9e9f637d4494c69 # Parent 070ff1509cc29783ac1b0e35e075ca1f777fcd51 Revamped the administrator's user CP, big time. The admin module now uses a smart form and enables all profile fields, including users_extra, to be changed. Passwords are encrypted when sent. The whole CP has been split off into a different file to accomodate the large amount of code. diff -r 070ff1509cc2 -r 40f7fa5fd061 includes/clientside/static/misc.js --- a/includes/clientside/static/misc.js Thu Sep 20 11:27:49 2007 -0400 +++ b/includes/clientside/static/misc.js Sun Sep 23 18:42:16 2007 -0400 @@ -446,11 +446,14 @@ 'level' : ajax_auth_level_cache }; - window.console.debug(json_data); + if ( window.console ) + window.console.debug(json_data); json_data = toJSONString(json_data); - window.console.debug(json_data); + if ( window.console ) + window.console.debug(json_data); json_data = encodeURIComponent(json_data); - window.console.debug(json_data); + if ( window.console ) + window.console.debug(json_data); var loading_win = '
\

Logging in...

\ diff -r 070ff1509cc2 -r 40f7fa5fd061 install.php --- a/install.php Thu Sep 20 11:27:49 2007 -0400 +++ b/install.php Sun Sep 23 18:42:16 2007 -0400 @@ -631,6 +631,12 @@ MySQL.com. Please note that, like Enano, MySQL is licensed under the GNU GPL. If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL or purchase a proprietary license.

+ MySQL login information for this virtual appliance:

Database hostname: localhost
Database login: username "enano", password: "clurichaun" (without quotes)
Database name: enano_www1

'; + } + ?>
diff -r 070ff1509cc2 -r 40f7fa5fd061 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Thu Sep 20 11:27:49 2007 -0400 +++ b/plugins/SpecialAdmin.php Sun Sep 23 18:42:16 2007 -0400 @@ -42,6 +42,7 @@ // Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1 require(ENANO_ROOT . '/plugins/admin/PageGroups.php'); require(ENANO_ROOT . '/plugins/admin/SecurityLog.php'); +require(ENANO_ROOT . '/plugins/admin/UserManager.php'); // function names are IMPORTANT!!! The name pattern is: page__ @@ -838,6 +839,7 @@ auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) @@ -1105,6 +1107,7 @@ $db->free_result(); } } +*/ function page_Admin_GroupManager() { diff -r 070ff1509cc2 -r 40f7fa5fd061 plugins/SpecialUserPrefs.php --- a/plugins/SpecialUserPrefs.php Thu Sep 20 11:27:49 2007 -0400 +++ b/plugins/SpecialUserPrefs.php Sun Sep 23 18:42:16 2007 -0400 @@ -577,7 +577,7 @@ - + '; - } - else - { + // if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' ) + // { + // $return .= ''; + // } + // else + // { if(is_int($num)) { $l = 'SELECT action,date_string,author,edit_summary,time_id,page_text FROM '.table_prefix.'logs WHERE log_type=\'security\' ORDER BY time_id DESC, action ASC LIMIT '.$num.';'; @@ -99,7 +99,7 @@ $return .= seclog_format_inner($r); } $db->free_result(); - } + // } $return .= '

Database information


If this is checked, your e-mail address will be displayed on your user page. To protect your address from spambots, your e-mail address will be encrypted.		" size="30" />user_extra['email_public'] == 1) echo 'checked="checked"'; ?> size="30" />
diff -r 070ff1509cc2 -r 40f7fa5fd061 plugins/admin/SecurityLog.php --- a/plugins/admin/SecurityLog.php Thu Sep 20 11:27:49 2007 -0400 +++ b/plugins/admin/SecurityLog.php Sun Sep 23 18:42:16 2007 -0400 @@ -21,10 +21,10 @@ return; } - if ( defined('ENANO_DEMO_MODE') ) - { - die('Security log is disabled in demo mode.'); - } + // if ( defined('ENANO_DEMO_MODE') && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' ) + // { + // die('Security log is disabled in demo mode.'); + // } echo '

System security log

'; @@ -79,12 +79,12 @@ unset($dbname, $dbhost, $dbuser, $dbpasswd); unset($dbname, $dbhost, $dbuser, $dbpasswd); // PHP5 Zend bug } - if ( defined('ENANO_DEMO_MODE') && !isset($_GET[ $hash ]) && substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' ) - { - $return .= '
Logs are recorded but not displayed for privacy purposes in the demo.
Logs are recorded but not displayed for privacy purposes in the demo.
'; return $return; @@ -115,6 +115,10 @@ global $db, $session, $paths, $template, $plugins; // Common objects $return = ''; static $cls = 'row2'; + if ( substr($_SERVER['REMOTE_ADDR'], 0, 8) != '192.168.' && defined('ENANO_DEMO_MODE') ) + { + $r['edit_summary'] = preg_replace('/([0-9])/', 'x', $r['edit_summary']); + } if ( $r['action'] == 'illegal_page' ) { list($illegal_id, $illegal_ns) = unserialize($r['page_text']); diff -r 070ff1509cc2 -r 40f7fa5fd061 plugins/admin/UserManager.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/plugins/admin/UserManager.php Sun Sep 23 18:42:16 2007 -0400 @@ -0,0 +1,909 @@ +auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) + { + echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; + return; + } + + //die('
' . htmlspecialchars(print_r($_POST, true)) . '
'); + + if ( isset($_POST['action']['save']) ) + { + # + # BEGIN VALIDATION + # + + $errors = array(); + $user_id = intval($_POST['user_id']); + if ( empty($user_id) ) + $errors[] = 'Invalid user ID.'; + + if ( isset($_POST['delete_account']) ) + { + $q = $db->sql_query('DELETE FROM '.table_prefix."users_extra WHERE user_id=$user_id;"); + if ( !$q ) + $db->_die(); + $q = $db->sql_query('DELETE FROM '.table_prefix."users WHERE user_id=$user_id;"); + if ( !$q ) + $db->_die(); + echo '
The user account has been deleted.
'; + } + else + { + if ( $session->user_id != $user_id ) + { + $username = $_POST['username']; + if ( !preg_match('#^'.$session->valid_username.'$#', $username) ) + $errors[] = 'The username you entered contains invalid characters.'; + + $password = false; + if ( $_POST['changing_pw'] == 'yes' ) + { + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $key_hex_md5 = $_POST['crypt_key']; + $key_hex = $session->fetch_public_key($key_hex_md5); + if ( $key_hex ) + { + $key_bin = hexdecode($key_hex); + $data_hex = $_POST['crypt_data']; + $password = $aes->decrypt($data_hex, $key_bin, ENC_HEX); + } + else + { + $errors[] = 'Session manager denied public encryption key lookup request'; + } + } + + $email = $_POST['email']; + if ( !preg_match('/^(?:[\w\d]+\.?)+@((?:(?:[\w\d]\-?)+\.)+\w{2,4}|localhost)$/', $email) ) + $errors[] = 'You have entered an invalid e-mail address.'; + + $real_name = $_POST['real_name']; + } + + $signature = RenderMan::preprocess_text($_POST['signature'], true, true); + + $user_level = intval($_POST['user_level']); + if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN ) + $errors[] = 'Invalid user level'; + + $imaddr_aim = htmlspecialchars($_POST['imaddr_aim']); + $imaddr_msn = htmlspecialchars($_POST['imaddr_msn']); + $imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']); + $imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']); + $homepage = htmlspecialchars($_POST['homepage']); + $location = htmlspecialchars($_POST['location']); + $occupation = htmlspecialchars($_POST['occupation']); + $hobbies = htmlspecialchars($_POST['hobbies']); + $email_public = ( isset($_POST['email_public']) ) ? '1' : '0'; + + if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) ) + { + $imaddr_msn = "$imaddr_msn@hotmail.com"; + } + + if ( substr($homepage, 0, 7) != 'http://' ) + { + $homepage = "http://$homepage"; + } + + if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) ) + { + $homepage = ''; + } + + if ( count($errors) > 0 ) + { + echo '
+ Your request could not be processed due to the following validation errors: + +
'; + $form = new Admin_UserManager_SmartForm(); + $form->user_id = $user_id; + $form->username = $username; + $form->email = $email; + $form->real_name = $real_name; + $form->signature = $signature; + $form->user_level = $user_level; + $form->im = array( + 'aim' => $imaddr_aim, + 'yahoo' => $imaddr_yahoo, + 'msn' => $imaddr_msn, + 'xmpp' => $imaddr_xmpp + ); + $form->contact = array( + 'homepage' => $homepage, + 'location' => $location, + 'job' => $occupation, + 'hobbies' => $hobbies + ); + $form->email_public = ( isset($_POST['email_public']) ); + $form->account_active = ( isset($_POST['account_active']) ); + echo $form->render(); + return false; + } + else + { + $q = $db->sql_query('SELECT u.user_level FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';'); + if ( !$q ) + $db->_die(); + + if ( $db->numrows() < 1 ) + { + echo 'Couldn\'t select user data: no rows returned'; + } + + $row = $db->fetchrow(); + $existing_level =& $row['user_level']; + $db->free_result(); + + $to_update_users = array(); + if ( $user_id != $session->user_id ) + { + $to_update_users['username'] = $username; + if ( $password ) + { + $password = $aes->encrypt($password, $session->private_key, ENC_HEX); + $to_update_users['password'] = $password; + } + $to_update_users['email'] = $email; + $to_update_users['real_name'] = $real_name; + } + $to_update_users['signature'] = $signature; + $to_update_users['user_level'] = $user_level; + + if ( isset($_POST['account_active']) ) + { + $to_update_users['account_active'] = "1"; + } + else + { + $to_update_users['account_active'] = "0"; + $to_update_users['activation_key'] = sha1($session->dss_rand()); + } + + $to_update_users_extra = array(); + $to_update_users_extra['user_aim'] = $imaddr_aim; + $to_update_users_extra['user_msn'] = $imaddr_msn; + $to_update_users_extra['user_yahoo'] = $imaddr_yahoo; + $to_update_users_extra['user_xmpp'] = $imaddr_xmpp; + $to_update_users_extra['user_homepage'] = $homepage; + $to_update_users_extra['user_location'] = $location; + $to_update_users_extra['user_job'] = $occupation; + $to_update_users_extra['user_hobbies'] = $hobbies; + $to_update_users_extra['email_public'] = ( $email_public ) ? '1' : '0'; + + $update_sql = ''; + + foreach ( $to_update_users as $key => $unused_crap ) + { + $value =& $to_update_users[$key]; + $value = $db->escape($value); + $update_sql .= ( empty($update_sql) ? '' : ',' ) . "$key='$value'"; + } + + $update_sql = 'UPDATE '.table_prefix."users SET $update_sql WHERE user_id=$user_id;"; + + $update_sql_extra = ''; + + foreach ( $to_update_users_extra as $key => $unused_crap ) + { + $value =& $to_update_users_extra[$key]; + $value = $db->escape($value); + $update_sql_extra .= ( empty($update_sql_extra) ? '' : ',' ) . "$key='$value'"; + } + + $update_sql_extra = 'UPDATE '.table_prefix."users_extra SET $update_sql_extra WHERE user_id=$user_id;"; + + if ( !$db->sql_query($update_sql) ) + $db->_die(); + + if ( !$db->sql_query($update_sql_extra) ) + $db->_die(); + + if ( $existing_level != $user_level ) + { + // We need to update group memberships + if ( $existing_level == USER_LEVEL_ADMIN ) + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); + if ( !$q ) + $db->_die(); + $session->remove_user_from_group($user_id, GROUP_ID_ADMIN); + } + else if ( $existing_level == USER_LEVEL_MOD ) + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); + if ( !$q ) + $db->_die(); + $session->remove_user_from_group($user_id, GROUP_ID_MOD); + } + + if ( $user_level == USER_LEVEL_ADMIN ) + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); + if ( !$q ) + $db->_die(); + $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false); + } + else if ( $user_level == USER_LEVEL_MOD ) + { + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($username) . '");'); + if ( !$q ) + $db->_die(); + $session->add_user_to_group($user_id, GROUP_ID_MOD, false); + } + } + + echo '
Your changes have been saved.
'; + } + } + + # + # END VALIDATION + # + } + else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) ) + { + if ( isset($_GET['user']) ) + { + $username =& $_GET['user']; + } + else if ( isset($_POST['username']) ) + { + $username =& $_POST['username']; + } + else + { + echo 'No username provided'; + return false; + } + $q = $db->sql_query('SELECT u.user_id AS authoritative_uid, u.username, u.email, u.real_name, u.signature, u.account_active, u.user_level, x.* FROM '.table_prefix.'users AS u + LEFT JOIN '.table_prefix.'users_extra AS x + ON ( u.user_id = x.user_id OR x.user_id IS NULL ) + WHERE lcase(u.username) = \'' . $db->escape(strtolower($username)) . '\' OR u.username = \'' . $db->escape($username) . '\';'); + if ( !$q ) + $db->_die(); + + if ( $db->numrows() < 1 ) + { + echo '
The username you entered could not be found.
'; + } + else + { + $row = $db->fetchrow(); + $row['user_id'] = $row['authoritative_uid']; + $form = new Admin_UserManager_SmartForm(); + $form->user_id = $row['user_id']; + $form->username = $row['username']; + $form->email = $row['email']; + $form->real_name = $row['real_name']; + $form->signature = $row['signature']; + $form->user_level= $row['user_level']; + $form->account_active = ( $row['account_active'] == 1 ); + $form->email_public = ( $row['email_public'] == 1 ); + $form->im = array( + 'aim' => $row['user_aim'], + 'yahoo' => $row['user_yahoo'], + 'msn' => $row['user_msn'], + 'xmpp' => $row['user_xmpp'] + ); + $form->contact = array( + 'homepage' => $row['user_homepage'], + 'location' => $row['user_location'], + 'job' => $row['user_job'], + 'hobbies' => $row['user_hobbies'], + ); + $form->email_public = ( $row['email_public'] == 1 ); + $html = $form->render(); + if ( !$html ) + { + echo 'Internal error: form processor returned false'; + } + else + { + echo $html; + } + return true; + } + } + else if ( isset($_POST['action']['clear_sessions']) ) + { + if ( defined('ENANO_DEMO_MODE') ) + { + echo '
Sorry Charlie, no can do. You might mess up other people logged into the demo site.
'; + } + else + { + // Get the current session information so the user doesn't get logged out + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $sk = md5(strrev($session->sid_super)); + $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN); + if ( !$qb ) + { + die('Error selecting session key info block B: '.$db->get_error()); + } + if ( $db->numrows($qb) < 1 ) + { + die('Error: cannot read admin session info block B, aborting table clear process'); + } + $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER); + if ( !$qa ) + { + die('Error selecting session key info block A: '.$db->get_error()); + } + if ( $db->numrows($qa) < 1 ) + { + die('Error: cannot read user session info block A, aborting table clear process'); + } + $ra = $db->fetchrow($qa); + $rb = $db->fetchrow($qb); + $db->free_result($qa); + $db->free_result($qb); + + $db->sql_query('DELETE FROM '.table_prefix.'session_keys;'); + $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra['session_key'].'\', \''.$ra['salt'].'\', \''.$session->user_id.'\', \''.$ra['auth_level'].'\', \''.$ra['source_ip'].'\', '.$ra['time'].' ),( \''.$rb['session_key'].'\', \''.$rb['salt'].'\', \''.$session->user_id.'\', \''.$rb['auth_level'].'\', \''.$rb['source_ip'].'\', '.$rb['time'].' )'); + + echo '
The session key table has been cleared. Your database should be a little bit smaller now.
'; + } + } + echo ''; + echo '

User administration panel

'; + echo '

From this panel you can modify or delete user accounts.

'; + echo ' + + + + + + +
Search for user:
+ If your browser supports AJAX, this will provide suggestions for you. + 		' . $template->username_field('username') . ' + +
'; + echo '

Clear session key table

'; + echo '

It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. If you do this, all users besides you will be logged off, so be sure to do this at a time when traffic is low.

'; + echo '

'; + echo ''; + + if(isset($_GET['action']) && isset($_GET['user'])) + { + switch($_GET['action']) + { + case "activate": + $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\''); + if($e) + { + $row = $db->fetchrow(); + $db->free_result(); + if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '
The user account "'.$_GET['user'].'" has been activated.
'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } + else echo '
The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.
'; + } else echo '
Error activating account: '.mysql_error().'
'; + break; + case "sendemail": + if($session->send_activation_mail($_GET['user'])) { echo '
The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.
'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } + else echo '
The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.
'; + break; + case "deny": + $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';'); + if(!$e) echo '
Error during row deletion: '.mysql_error().'
'; + else echo '
All activation requests for the user "'.$_GET['user'].'" have been deleted.
'; + break; + } + } + $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l + LEFT JOIN '.table_prefix.'users AS u + ON ( u.username = l.edit_summary OR u.username IS NULL ) + WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;'); + if($q) + { + if($db->numrows() > 0) + { + $n = $db->numrows(); + if($n == 1) $s = $n . ' user is'; + else $s = $n . ' users are'; + echo '

'.$s . ' awaiting account activation

'; + echo '
+ + '; + $cls = 'row2'; + while($row = $db->fetchrow()) + { + if($cls == 'row2') $cls = 'row1'; + else $cls = 'row2'; + $coppa = ( $row['user_coppa'] == '1' ) ? 'Yes' : 'No'; + echo ''; + } + echo '
Date of requestRequested byRequested forCOPPA userActions
'.date('F d, Y h:i a', $row['time_id']).''.$row['author'].''.$row['edit_summary'].'' . $coppa . 'Activate nowSend activation e-mailDeny request
'; + } + $db->free_result(); + } + +} + +/** + * Smart form class for the user manager. + * @package Enano + * @subpackage Administration + */ + +class Admin_UserManager_SmartForm +{ + + /** + * Universally Unique Identifier (UUID) for this editor instance. Used to unique-itize Javascript functions and whatnot. + * @var string + */ + + var $uuid = ''; + + /** + * User ID that we're editing. + * @var int + */ + + var $user_id = 0; + + /** + * Username + * @var string + */ + + var $username = ''; + + /** + * E-mail address + * @var string + */ + + var $email = ''; + + /** + * Real name + * @var string + */ + + var $real_name = ''; + + /** + * Signature + * @var string + */ + + var $signature = ''; + + /** + * IM contact information + * @var array + */ + + var $im = array(); + + /** + * Real-life contact info + * @var array + */ + + var $contact = array(); + + /** + * User level + * @var int + */ + + var $user_level = USER_LEVEL_MEMBER; + + /** + * Account activated + * @var bool + */ + + var $account_active = true; + + /** + * Email public switch + * @var bool + */ + + var $email_public = false; + + /** + * Constructor. + */ + + function __construct() + { + $this->uuid = md5( mt_rand() . microtime() ); + } + + /** + * PHP4 constructor. + */ + + function Admin_UserManager_SmartForm() + { + $this->__construct(); + } + + /** + * Renders and returns the finished form. + * @return string + */ + + function render() + { + global $db, $session, $paths, $template, $plugins; // Common objects + if ( file_exists( ENANO_ROOT . "/themes/$template->theme/admin_usermanager_form.tpl" ) ) + { + $parser = $template->makeParser('admin_usermanager_form.tpl'); + } + else + { + $tpl_code = << + + + +
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Editing user: {USERNAME} +
+ Basic options +
+ Username:
+ Must be at least 2 characters in length + 		+ disabled="disabled" /> You cannot change your own username. To change your username you must log into a different administrative account. +
+ Password: + +
+ Password strength requirements are not enforced here. + + 		+ + +
+ E-mail address: + + disabled="disabled" /> To change your e-mail address, please use the user preferences panel. +
+ Real name: + + disabled="disabled" /> To change your real name on file, please use the user preferences panel. +
+ Signature: + + {SIGNATURE_FIELD} +
+ Instant messenger contact information +
AIM handle:
WLM handle:
If you don't specify the domain (@whatever.com), "@hotmail.com" will be assumed.
Yahoo! IM handle:
Jabber/XMPP handle:
+ Extra contact information +
Homepage:
Please remember the http:// prefix.
Location:
Job:
Hobbies:

If this is checked, the user's e-mail address will be displayed on your the page. To protect the address from spambots, it will be encrypted.		checked="checked" size="30" />
+ Administrator-only options +
User account is active
+ If this is unchecked, the existing activation key will be overwritten in the database, thus invalidating any activation e-mails sent to the user. +
+ User's site access level
+ If this is changed, the relevant group memberships will be updated accordingly. + 		+ +
+ Delete user account + + + +
+ + +
+
+ +
+ {AES_JAVASCRIPT} + +EOF; + $parser = $template->makeParserText($tpl_code); + } + + $this->username = htmlspecialchars($this->username); + $this->email = htmlspecialchars($this->email); + $this->user_id = intval($this->user_id); + $this->real_name = htmlspecialchars($this->real_name); + $this->signature = htmlspecialchars($this->signature); + $this->user_level = intval($this->user_level); + + $im_aim = ( isset($this->im['aim']) ) ? $this->im['aim'] : false; + $im_yahoo = ( isset($this->im['yahoo']) ) ? $this->im['yahoo'] : false; + $im_msn = ( isset($this->im['msn']) ) ? $this->im['msn'] : false; + $im_xmpp = ( isset($this->im['xmpp']) ) ? $this->im['xmpp'] : false; + + $homepage = ( isset($this->contact['homepage']) ) ? $this->contact['homepage'] : false; + $location = ( isset($this->contact['location']) ) ? $this->contact['location'] : false; + $job = ( isset($this->contact['job']) ) ? $this->contact['job'] : false; + $hobbies = ( isset($this->contact['hobbies']) ) ? $this->contact['hobbies'] : false; + + if ( empty($this->username) ) + { + // @error One or more required parameters not set + return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->username)'; + } + + if ( empty($this->user_id) ) + { + // @error One or more required parameters not set + return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->user_id)'; + } + + if ( empty($this->email) ) + { + // @error One or more required parameters not set + return 'Admin_UserManager_SmartForm::render: Invalid parameter ($form->email)'; + } + + $form_action = makeUrlNS('Special', 'Administration', 'module=' . $paths->cpage['module'], true); + $aes_javascript = $session->aes_javascript("useredit_$this->uuid", 'new_password', 'use_crypt', 'crypt_key', 'crypt_data', 'challenge_data'); + + $parser->assign_vars(array( + 'UUID' => $this->uuid, + 'USERNAME' => $this->username, + 'EMAIL' => $this->email, + 'USER_ID' => $this->user_id, + 'MD5_CHALLENGE' => $session->dss_rand(), + 'PUBLIC_KEY' => $session->rijndael_genkey(), + 'REAL_NAME' => $this->real_name, + 'SIGNATURE_FIELD' => $template->tinymce_textarea('signature', $this->signature, 10, 50), + 'USER_LEVEL_MEMBER' => USER_LEVEL_CHPREF, + 'USER_LEVEL_MOD' => USER_LEVEL_MOD, + 'USER_LEVEL_ADMIN' => USER_LEVEL_ADMIN, + 'AES_JAVASCRIPT' => $aes_javascript, + 'IM_AIM' => $im_aim, + 'IM_YAHOO' => $im_yahoo, + 'IM_WLM' => $im_msn, + 'IM_XMPP' => $im_xmpp, + 'HOMEPAGE' => $homepage, + 'LOCATION' => $location, + 'JOB' => $job, + 'HOBBIES' => $hobbies, + 'FORM_ACTION' => $form_action + )); + + $parser->assign_bool(array( + 'password_meter' => ( getConfig('pw_strength_enable') == '1' ), + 'ul_member' => ( $this->user_level == USER_LEVEL_CHPREF ), + 'ul_mod' => ( $this->user_level == USER_LEVEL_MOD ), + 'ul_admin' => ( $this->user_level == USER_LEVEL_ADMIN ), + 'account_active' => ( $this->account_active === true ), + 'email_public' => ( $this->email_public === true ), + 'same_user' => ( $this->user_id == $session->user_id ) + )); + + $parsed = $parser->run(); + return $parsed; + } + +} + +?>