common_settingAdminSettSSLChecked[$_SCROTT['settSSL']] = "checked"; $this->common_settingAdminSettSSLDisabled = "disabled"; } else $this->common_settingAdminSettSSLChecked[Setting::settSSL()] = "checked"; if (Setting::allowPublicSignup()) $this->common_settingAdminAllowPublicSignupChecked = "checked"; /* Admin all-users settings tab */ $userTbl = new User(); $this->common_settingAllUsers = $userTbl->getAllUsers_orderByAdminByName(); /* Setting modal - what tabs to display? */ if (isset($this->obj)) { if ($this->obj->type == "group") { $this->group = new Group($this->obj->guid); $this->common_settingShowTab['group'] = true; } } } /* * Save changes to user group settings */ function saveSettingGroup($input, $attachment) { $form = new Form(); $form->field_text("guid"); $form->field_text("name"); $form->field_bool("perm0"); $form->field_bool("perm1"); $form->field_bool("perm2"); $form->field_bool("perm3"); $form->field_bool("perm4"); $form->field_bool("perm5"); $form->field_bool("perm6"); $form->field_bool("perm7"); $form->field_bool("perm8"); if (!$form->populate($input)) { $this->logFormErrors($form); return; } $user = $this->getCurrentUser(); $group = new Group($form->guid); if (!$user || $group->type != "group" || !$group->canModify($user)) { $this->logError("You do not have permission to modify this group"); return; } if (isset($input['rmImage'])) { if ($group->rmHeadImage()) $this->logNotice("Image removed"); else $this->logError("Error removing group image"); return; } $group->name = $form->name; if ($group->canModifyPermissions($user)) { $perms = 0; if ($form->perm0) $perms |= 0x100; if ($form->perm1) $perms |= 0x080; if ($form->perm2) $perms |= 0x040; if ($form->perm3) $perms |= 0x020; if ($form->perm4) $perms |= 0x010; if ($form->perm5) $perms |= 0x008; if ($form->perm6) $perms |= 0x004; if ($form->perm7) $perms |= 0x002; if ($form->perm8) $perms |= 0x001; $group->perms = $perms; } $group->saveObj(); if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $group->guid)) $this->logNotice("Image uploaded"); else $this->logFormErrors($form); } /* * Save changes to user account settings */ function saveSettingUser($input, $attachment) { $form = new Form(); $form->field_bool("setPasswd"); $form->field_text("curPasswd", null, false); $form->field_text("newPasswd", null, false); $form->field_text("confPasswd", null, false); $form->field_text("alias", "", false); $form->field_text("email", "", false); $form->field_text("emailConfKey", null, false); if (!$form->populate($input)) { $this->logFormErrors($form); return; } $user = $this->getCurrentUser(); if (!$user) { $this->logError("Not logged in"); return; } if (isset($input['rmImage'])) { if ($user->rmHeadImage()) $this->logNotice("Image removed"); else $this->logError("Error removing user image"); return; } if ($form->setPasswd) { if ($user->validatePassword($form->curPasswd)) { if ($form->newPasswd == $form->confPasswd) { $user->setPassword($form->newPasswd); $this->logNotice("Password updated successfully"); } else $this->logWarning("Password not changed -- Passwords did not match"); } else $this->logWarning("Password not changed -- Current password was incorrect"); } $user->alias = $form->alias; if ($form->email != $user->email) $user->setEmail($form->email); else if ($form->emailConfKey != "") { if (!$user->confirmEmailKey($form->emailConfKey)) $this->logWarning("Email not confirmed -- Key was incorrect"); } $user->saveObj(); if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid)) $this->logNotice("Image uploaded"); else $this->logFormErrors($form); } /* * Save changes to admin settings */ function saveSettingAdmin($input) { $form = new Form(); $form->field_enum("settSSL", array("force", "neither", "forbid"), Setting::settSSL()); $form->field_bool("allowPublicSignup"); if (!$form->populate($input)) { $this->logFormErrors($form); return; } $user = $this->getCurrentUser(); if (!$user || $user->admin == 0) { $this->logError("Admin permissions required"); return; } Setting::settSSL($form->settSSL); Setting::allowPublicSignup($form->allowPublicSignup); } /* * Allow an admin to create a new user account */ function saveSettingAllusersAdduser($input) { $form = new Form(); $form->field_text("username"); $form->field_text("password", null, false); $form->field_text("cPassword", null, false); $form->field_bool("admin"); $form->field_text("alias", "", false); $form->field_text("email", "", false); if (!$form->populate($input)) { $this->logFormErrors($form); return; } $user = $this->getCurrentUser(); if (!$user || $user->admin == 0) { $this->logError("Admin permissions required"); return; } if ($form->password != $form->cPassword) { $this->logError("Passwords do not match"); return; } $user = new User(); if (!$user->createNewUser($form->username, $form->password)) { $this->logError("Username " . $form->username . " is not available"); return; } if ($form->admin) $user->admin = 1; $user->alias = $form->alias; $user->setEmail($form->email); $user->saveObj(); $this->logNotice("Created new user " . $form->username); } /* * Allow an admin to edit user accounts */ function saveSettingAllusersEdituser($input, $attachment) { $form = new Form(); $form->field_text("guid"); $form->field_bool("setPasswd"); $form->field_text("newPasswd", null, false); $form->field_text("confPasswd", null, false); $form->field_bool("admin"); $form->field_text("alias", "", false); $form->field_text("email", "", false); if (!$form->populate($input)) { $this->logFormErrors($form); return; } $user = $this->getCurrentUser(); if (!$user || $user->admin == 0) { $this->logError("Admin permissions required"); return; } $user = new User($form->guid); if ($user->type != "user") { $this->logError("Invalid user GUID"); return; } if (isset($input['rmImage'])) { if ($user->rmHeadImage()) $this->logNotice("Image removed"); else $this->logError("Error removing user image"); return; } if ($form->setPasswd) { if ($form->newPasswd == $form->confPasswd) { $user->setPassword($form->newPasswd); $this->logNotice("Password for " . $user->name . " updated successfully"); } else $this->logWarning("Password not changed -- Passwords did not match"); } $user->admin = $form->admin; $user->alias = $form->alias; if ($form->email != $user->email) $user->setEmail($form->email); $user->saveObj(); if ($form->saveFile($attachment, $this->HEAD_IMG_MAX_SIZE, $this->HEAD_IMG_MIME, "assets/img/heads/" . $user->guid)) $this->logNotice("Image uploaded"); else $this->logFormErrors($form); } /* * Allow admin to remove user accounts */ function saveSettingAllusersDeluser($input) { $form = new Form(); $form->field_text("guid"); if (!$form->populate($input)) { $this->logFormErrors($form); return; } $user = $this->getCurrentUser(); if (!$user || $user->admin == 0) { $this->logError("Admin permissions required"); return; } $user = new User($form->guid); if ($user->type != "user") { $this->logError("Invalid user GUID"); return; } if ($user->admin && $user->getNumAdmins() == 1) { $this->logError("Account not deleted - Cannot remove the last admin account"); return; } $user->delObj(); if (!$this->getCurrentUser()) { /* did user delete their own account? */ $this->redirectTo($this->ar() . "/"); } } ?>