1 <?php |
1 <?php |
2 |
2 |
3 /* |
3 /* |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
5 * Version 1.0.2 (Coblynau) |
5 * Version 1.1.1 |
6 * Copyright (C) 2006-2007 Dan Fuhry |
6 * Copyright (C) 2006-2007 Dan Fuhry |
7 * |
7 * |
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
10 * |
10 * |
50 $db->_die(); |
50 $db->_die(); |
51 echo '<div class="info-box">The user account has been deleted.</div>'; |
51 echo '<div class="info-box">The user account has been deleted.</div>'; |
52 } |
52 } |
53 else |
53 else |
54 { |
54 { |
55 if ( $session->user_id != $user_id ) |
55 if ( $session->user_id == $user_id ) |
|
56 { |
|
57 $username = $session->username; |
|
58 $password = false; |
|
59 $email = $session->email; |
|
60 $real_name = $session->real_name; |
|
61 } |
|
62 else |
56 { |
63 { |
57 $username = $_POST['username']; |
64 $username = $_POST['username']; |
58 if ( !preg_match('#^'.$session->valid_username.'$#', $username) ) |
65 if ( !preg_match('#^'.$session->valid_username.'$#', $username) ) |
59 $errors[] = 'The username you entered contains invalid characters.'; |
66 $errors[] = 'The username you entered contains invalid characters.'; |
60 |
67 |
400 $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\''); |
407 $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\''); |
401 if($e) |
408 if($e) |
402 { |
409 { |
403 $row = $db->fetchrow(); |
410 $row = $db->fetchrow(); |
404 $db->free_result(); |
411 $db->free_result(); |
405 if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } |
412 if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "' . htmlspecialchars($_GET['user']) . '" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } |
406 else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>'; |
413 else echo '<div class="warning-box">The user account "' . htmlspecialchars($_GET['user']) . '" has NOT been activated, possibly because the account is already active.</div>'; |
407 } else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>'; |
414 } else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>'; |
408 break; |
415 break; |
409 case "sendemail": |
416 case "sendemail": |
410 if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } |
417 if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "' . htmlspecialchars($_GET['user']) . '" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); } |
411 else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>'; |
418 else echo '<div class="error-box">The user account "' . htmlspecialchars($_GET['user']) . '" has not been activated, probably because of a bad SMTP configuration.</div>'; |
412 break; |
419 break; |
413 case "deny": |
420 case "deny": |
414 $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';'); |
421 $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND time_id=\'' . $db->escape($_GET['logid']) . '\';'); |
415 if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>'; |
422 if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>'; |
416 else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>'; |
423 else echo '<div class="info-box">All activation requests for the user "' . htmlspecialchars($_GET['user']) . '" have been deleted.</div>'; |
417 break; |
424 break; |
418 } |
425 } |
419 } |
426 } |
420 $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l |
427 $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l |
421 LEFT JOIN '.table_prefix.'users AS u |
428 LEFT JOIN '.table_prefix.'users AS u |