908 /*

   909 function page_Admin_UserManager() {

   910   global $db, $session, $paths, $template, $plugins; // Common objects

   911   global $lang;

   912   if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )

   913   {

   914     $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);

   915     echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';

   916     echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';

   917     return;

   918   }

   919   

   920   if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) )

   921   {

   922     $_POST['go'] = true;

   923     $_POST['username'] = $_GET['user'];

   924   }

   925   

   926   if(isset($_POST['go']))

   927   {

   928     // We need the user ID before we can do anything

   929     $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');

   930     if ( !$q )

   931     {

   932       die('Error selecting user ID: '.mysql_error());

   933     }

   934     if ( $db->numrows() < 1 )

   935     {

   936       echo('User does not exist, please enter another username.');

   937       return;

   938     }

   939     $r = $db->fetchrow();

   940     $db->free_result();

   941     if(isset($_POST['save']))

   942     {

   943       $_POST['level'] = intval($_POST['level']);

   944       

   945       $new_level = $_POST['level'];

   946       $old_level = intval($r['user_level']);

   947       

   948       if ( defined('ENANO_DEMO_MODE') )

   949       {

   950         echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';

   951         $re = Array('permission denied');

   952       }

   953       else

   954       {

   955         $re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);

   956       }

   957       

   958       if($re == 'success')

   959       {

   960         

   961         if ( $new_level != $old_level )

   962         {

   963           $user_id = intval($r['user_id']);

   964           // We need to update group memberships

   965           if ( $old_level == USER_LEVEL_ADMIN ) 

   966           {

   967             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');

   968             if ( !$q )

   969               $db->_die();

   970             $session->remove_user_from_group($user_id, GROUP_ID_ADMIN);

   971           }

   972           else if ( $old_level == USER_LEVEL_MOD ) 

   973           {

   974             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');

   975             if ( !$q )

   976               $db->_die();

   977             $session->remove_user_from_group($user_id, GROUP_ID_MOD);

   978           }

   979           

   980           if ( $new_level == USER_LEVEL_ADMIN )

   981           {

   982             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');

   983             if ( !$q )

   984               $db->_die();

   985             $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);

   986           }

   987           else if ( $new_level == USER_LEVEL_MOD )

   988           {

   989             $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');

   990             if ( !$q )

   991               $db->_die();

   992             $session->add_user_to_group($user_id, GROUP_ID_MOD, false);

   993           }

   994         }

   995         

   996         // update account activation

   997         if ( isset($_POST['account_active']) )

   998         {

   999           // activate account

  1000           $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=1 WHERE user_id=' . intval($r['user_id']) . ';');

  1001           if ( !$q )

  1002             $db->_die();

  1003         }

  1004         else

  1005         {

  1006           // deactivate account and throw away the old key

  1007           $actkey = sha1 ( microtime() . mt_rand() );

  1008           $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . intval($r['user_id']) . ';');

  1009           if ( !$q )

  1010             $db->_die();

  1011         }

  1012         

  1013         echo('<div class="info-box">Your changes have been saved.</div>');

  1014       }

  1015       else

  1016       {

  1017         echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');

  1018       }

  1019       $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');

  1020       if ( !$q )

  1021       {

  1022         die('Error selecting user ID: '.mysql_error());

  1023       }

  1024       if($db->numrows($q) < 1)

  1025       {

  1026         die('User does not exist, please enter another username.');

  1027       }

  1028       $r = mysql_fetch_object($q);

  1029       $db->free_result();

  1030     }

  1031     elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))

  1032     {

  1033       if ( defined('ENANO_DEMO_MODE') )

  1034       {

  1035         echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';

  1036       }

  1037       else

  1038       {

  1039         $q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');

  1040         if($q)

  1041         {

  1042           echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';

  1043         }

  1044         else

  1045         {

  1046           echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';

  1047         }

  1048       }

  1049     }

  1050     else

  1051     {

  1052       $disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : '';

  1053       $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" style="margin-right: 7px;" ' : '';

  1054       $meter         = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td></td><td><div id="pwmeter"></div><p><small>Password complexity requirements are not enforced here.</small></p></td></tr>' : '';

  1055       echo('

  1056       <h3>Edit User Info</h3>

  1057       <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">

  1058         <table border="0" style="margin-left: 0.2in;">   

  1059           <tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr>

  1060           <tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" '.$evt_get_score.'/></td></tr>

  1061           '.$meter.'

  1062           <tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr>

  1063           <tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>

  1064           ' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '

  1065           <tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>

  1066           <tr><td></td><td><label><input type="checkbox" name="account_active"' . ( $r['account_active'] == '1' ? ' checked="checked"' : '' ) . ' /> Account is active</label><br /><small>If this is unchecked, the activation key will be reset, meaning that any activation e-mails sent will be invalidated.</small></td></tr>

  1067           <tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>

  1068           <tr><td align="center" colspan="2">

  1069           <input type="submit" name="save" value="Save Changes" /></td></tr>

  1070         </table>

  1071       </form>

  1072       ');

  1073     }

  1074   }

  1075   else if(isset($_POST['clearsessions'])) 

  1076   {

  1077     if ( defined('ENANO_DEMO_MODE') )

  1078     {

  1079       echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';

  1080     }

  1081     else

  1082     {

  1083       // Get the current session information so the user doesn't get logged out

  1084       $aes = new AESCrypt();

  1085       $sk = md5(strrev($session->sid_super));

  1086       $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);

  1087       if ( !$qb )

  1088       {

  1089         die('Error selecting session key info block B: '.$db->get_error());

  1090       }

  1091       if ( $db->numrows($qb) < 1 )

  1092       {

  1093         die('Error: cannot read admin session info block B, aborting table clear process');

  1094       }

  1095       $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);

  1096       if ( !$qa )

  1097       {

  1098         die('Error selecting session key info block A: '.$db->get_error());

  1099       }

  1100       if ( $db->numrows($qa) < 1 )

  1101       {

  1102         die('Error: cannot read user session info block A, aborting table clear process');

  1103       }

  1104       $ra = mysql_fetch_object($qa);

  1105       $rb = mysql_fetch_object($qb);

  1106       $db->free_result($qa);

  1107       $db->free_result($qb);

  1108       

  1109       $db->sql_query('DELETE FROM '.table_prefix.'session_keys;');

  1110       $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');

  1111       

  1112       echo('

  1113         <div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>

  1114       ');

  1115     }

  1116   }   

  1117   echo('

  1118   <h3>User Management</h3>

  1119   <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">

  1120     <p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>

  1121     <h3>Clear session keys table</h3>

  1122      <p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p>

  1123      <p><input type="submit" name="clearsessions" value="Clear session keys table" /></p>

  1124   </form>

  1125   ');

  1126   if(isset($_GET['action']) && isset($_GET['user']))

  1127   {

  1128     switch($_GET['action'])

  1129     {

  1130       case "activate":

  1131         $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');

  1132         if($e)

  1133         {

  1134           $row = $db->fetchrow();

  1135           $db->free_result();

  1136           if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }

  1137           else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';

  1138         } else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';

  1139         break;

  1140       case "sendemail":

  1141         if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }

  1142         else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';

  1143         break;

  1144       case "deny":

  1145         $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');

  1146         if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';

  1147         else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';

  1148         break;

  1149     }

  1150   }

  1151   $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l

  1152                          LEFT JOIN '.table_prefix.'users AS u

  1153                            ON ( u.username = l.edit_summary OR u.username IS NULL )

  1154                          WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');

  1155   if($q)

  1156   {

  1157     if($db->numrows() > 0)

  1158     {

  1159       $n = $db->numrows();

  1160       if($n == 1) $s = $n . ' user is';

  1161       else $s = $n . ' users are';

  1162       echo '<h3>'.$s . ' awaiting account activation</h3>';

  1163       echo '<div class="tblholder">

  1164             <table border="0" cellspacing="1" cellpadding="4" width="100%">

  1165             <tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th>COPPA user</th><th colspan="3">Actions</th></tr>';

  1166       $cls = 'row2';

  1167       while($row = $db->fetchrow())

  1168       {

  1169         if($cls == 'row2') $cls = 'row1';

  1170         else $cls = 'row2';

  1171         $coppa = ( $row['user_coppa'] == '1' ) ? '<b>Yes</b>' : 'No';

  1172         echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&amp;action=activate&amp;user='.$row['edit_summary'].'&amp;logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&amp;action=sendemail&amp;user='.$row['edit_summary'].'&amp;logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&amp;action=deny&amp;user='.$row['edit_summary'].'&amp;logid='.$row['time_id']).'">Deny request</a></td></tr>';

  1173       }

  1174       echo '</table>';

  1175     }

  1176     $db->free_result();

  1177   }

  1178 }

  1179 */

  1180 

  2546     header('Content-disposition: attachment, filename="'.$filename.'";');

  2547     header('Content-type: application/transact-sql');