1
|
|
|
<?php |
2
|
|
|
/*************************************************************************** |
3
|
|
|
* for license information see LICENSE.md |
4
|
|
|
***************************************************************************/ |
5
|
|
|
|
6
|
|
|
use Doctrine\DBAL\Connection; |
7
|
|
|
use OcLegacy\Admin\Gdpr\GdprHandler; |
8
|
|
|
|
9
|
|
|
require __DIR__ . '/lib2/web.inc.php'; |
10
|
|
|
|
11
|
|
|
$tpl->name = 'adminuser'; |
12
|
|
|
$tpl->menuitem = MNU_ADMIN_USER; |
13
|
|
|
|
14
|
|
|
$login->verify(); |
15
|
|
|
if ($login->userid == 0) { |
16
|
|
|
$tpl->redirect_login(); |
17
|
|
|
} |
18
|
|
|
|
19
|
|
|
if (($login->admin & ADMIN_USER) != ADMIN_USER) { |
20
|
|
|
$tpl->error(ERROR_NO_ACCESS); |
21
|
|
|
} |
22
|
|
|
|
23
|
|
|
if (isset($_REQUEST['success']) && $_REQUEST['success']) { |
24
|
|
|
$tpl->assign('success', '1'); |
25
|
|
|
} |
26
|
|
|
|
27
|
|
|
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'display'; |
28
|
|
|
|
29
|
|
|
if ($action === 'searchuser') { |
30
|
|
|
searchUser(); |
31
|
|
|
} elseif ($action === 'gdpr-deletion') { |
32
|
|
|
gdprDeletion(); |
33
|
|
|
} elseif ($action === 'sendcode') { |
34
|
|
|
sendCode(); |
35
|
|
|
} elseif ($action === 'formaction') { |
36
|
|
|
formAction(); |
37
|
|
|
} elseif ($action === 'display') { |
38
|
|
|
$tpl->display(); |
39
|
|
|
} |
40
|
|
|
|
41
|
|
|
$tpl->error(ERROR_UNKNOWN); |
42
|
|
|
|
43
|
|
|
function gdprDeletion() { |
44
|
|
|
global $tpl; |
45
|
|
|
|
46
|
|
|
$userId = isset($_REQUEST['userid']) ? $_REQUEST['userid'] + 0 : 0; |
47
|
|
|
$execute = isset($_POST['execute']); |
48
|
|
|
|
49
|
|
|
$user = new user($userId); |
50
|
|
|
if ($user->exist() === false) { |
51
|
|
|
$tpl->error(ERROR_UNKNOWN); |
52
|
|
|
} |
53
|
|
|
|
54
|
|
|
$gdprHandler = AppKernel::Container()->get(GdprHandler::class); |
55
|
|
|
$tpl->assign($gdprHandler->handle($user, $execute)); |
56
|
|
|
|
57
|
|
|
$tpl->assign('showGdprDeletion', true); |
58
|
|
|
$tpl->display(); |
59
|
|
|
} |
60
|
|
|
|
61
|
|
|
function sendCode() |
62
|
|
|
{ |
63
|
|
|
global $tpl; |
64
|
|
|
|
65
|
|
|
$userId = isset($_REQUEST['userid']) ? $_REQUEST['userid'] + 0 : 0; |
66
|
|
|
|
67
|
|
|
$user = new user($userId); |
68
|
|
|
if ($user->exist() === false) { |
69
|
|
|
$tpl->error(ERROR_UNKNOWN); |
70
|
|
|
} |
71
|
|
|
|
72
|
|
|
// send a new confirmation |
73
|
|
|
$user->sendRegistrationCode(); |
74
|
|
|
|
75
|
|
|
$tpl->redirect('adminuser.php?action=searchuser&msg=sendcodecommit&username=' . urlencode($user->getUsername())); |
76
|
|
|
} |
77
|
|
|
|
78
|
|
|
function formAction() |
79
|
|
|
{ |
80
|
|
|
global $tpl, $translate; |
81
|
|
|
|
82
|
|
|
$commit = isset($_REQUEST['chkcommit']) ? $_REQUEST['chkcommit'] + 0 : 0; |
83
|
|
|
$delete = isset($_REQUEST['chkdelete']) ? $_REQUEST['chkdelete'] + 0 : 0; |
84
|
|
|
$deleteGdpr = isset($_REQUEST['chkdeletegdpr']) ? $_REQUEST['chkdeletegdpr'] + 0 : 0; |
85
|
|
|
$disable = isset($_REQUEST['chkdisable']) ? $_REQUEST['chkdisable'] + 0 : 0; |
86
|
|
|
$emailProblem = isset($_REQUEST['chkemail']) ? $_REQUEST['chkemail'] + 0 : 0; |
87
|
|
|
$dataLicense = isset($_REQUEST['chkdl']) ? true : false; |
88
|
|
|
$userId = isset($_REQUEST['userid']) ? $_REQUEST['userid'] + 0 : 0; |
89
|
|
|
$disduelicense = isset($_REQUEST['chkdisduelicense']) ? $_REQUEST['chkdisduelicense'] + 0 : 0; |
90
|
|
|
|
91
|
|
|
$user = new user($userId); |
92
|
|
|
if ($user->exist() === false) { |
93
|
|
|
$tpl->error(ERROR_UNKNOWN); |
94
|
|
|
} |
95
|
|
|
$username = $user->getUsername(); |
96
|
|
|
|
97
|
|
|
if ($delete + $disable + $disduelicense + $deleteGdpr > 1) { |
98
|
|
|
$tpl->error($translate->t('Please select only one of the delete/disable options!', '', '', 0)); |
99
|
|
|
} |
100
|
|
|
|
101
|
|
|
if ($commit == 0) { |
102
|
|
|
$tpl->error($translate->t('You have to check that you are sure!', '', '', 0)); |
103
|
|
|
} |
104
|
|
|
|
105
|
|
|
if ($disduelicense == 1) { |
106
|
|
|
$errorMessage = $user->disduelicense(); |
107
|
|
|
if ($errorMessage !== true) { |
108
|
|
|
$tpl->error($errorMessage); |
109
|
|
|
} |
110
|
|
|
} elseif ($disable == 1) { |
111
|
|
|
if ($user->disable() == false) { |
|
|
|
|
112
|
|
|
$tpl->error(ERROR_UNKNOWN); |
113
|
|
|
} |
114
|
|
|
} elseif ($delete == 1) { |
115
|
|
|
if ($user->delete() == false) { |
|
|
|
|
116
|
|
|
$tpl->error(ERROR_UNKNOWN); |
117
|
|
|
} |
118
|
|
|
} elseif ($deleteGdpr == 1) { |
119
|
|
|
$tpl->redirect('adminuser.php?action=gdpr-deletion&userid=' . $userId); |
120
|
|
|
} elseif ($emailProblem == 1) { |
121
|
|
|
$user->addEmailProblem($dataLicense); |
122
|
|
|
} |
123
|
|
|
|
124
|
|
|
$tpl->redirect('adminuser.php?action=searchuser&username=' . urlencode($username) . |
125
|
|
|
'&success=' . ($disduelicense + $disable)); |
126
|
|
|
} |
127
|
|
|
|
128
|
|
|
function searchUser() |
129
|
|
|
{ |
130
|
|
|
global $tpl, $opt; |
131
|
|
|
|
132
|
|
|
$username = isset($_REQUEST['username']) ? $_REQUEST['username'] : ''; |
133
|
|
|
$msg = isset($_REQUEST['msg']) ? $_REQUEST['msg'] : ''; |
134
|
|
|
|
135
|
|
|
$tpl->assign('username', $username); |
136
|
|
|
$tpl->assign('msg', $msg); |
137
|
|
|
|
138
|
|
|
/** @var Connection $connection */ |
139
|
|
|
$connection = AppKernel::Container()->get(Connection::class); |
140
|
|
|
$r = $connection->fetchAssoc( |
141
|
|
|
'SELECT `user_id`, |
142
|
|
|
`username`, |
143
|
|
|
`email`, |
144
|
|
|
`email_problems`, |
145
|
|
|
`date_created`, |
146
|
|
|
`last_modified`, |
147
|
|
|
`is_active_flag`, |
148
|
|
|
`activation_code`, |
149
|
|
|
`first_name`, |
150
|
|
|
`last_name`, |
151
|
|
|
`last_login`, |
152
|
|
|
`data_license`=:dataLicense AS `license_declined` |
153
|
|
|
FROM `user` |
154
|
|
|
WHERE `username`= :user |
155
|
|
|
OR `email`=:user', |
156
|
|
|
[ |
157
|
|
|
'user' => $username, |
158
|
|
|
'dataLicense' => NEW_DATA_LICENSE_ACTIVELY_DECLINED |
159
|
|
|
] |
160
|
|
|
); |
161
|
|
|
|
162
|
|
|
if (!$r) { |
163
|
|
|
$tpl->assign('error', 'userunknown'); |
164
|
|
|
$tpl->display(); |
165
|
|
|
} |
166
|
|
|
|
167
|
|
|
$tpl->assign('showdetails', true); |
168
|
|
|
|
169
|
|
|
$r['hidden'] = (int) $connection->fetchColumn( |
170
|
|
|
'SELECT COUNT(*) FROM `caches` WHERE `user_id`=:userId', [':userId' => $r['user_id']] |
171
|
|
|
); |
172
|
|
|
$r['hidden_active'] = (int) $connection->fetchColumn( |
173
|
|
|
'SELECT COUNT(*) FROM `caches` WHERE `user_id`= :userId AND `status`=1', |
174
|
|
|
[':userId' => $r['user_id']] |
175
|
|
|
); |
176
|
|
|
$r['logentries'] = (int) $connection->fetchColumn( |
177
|
|
|
'SELECT COUNT(*) FROM `cache_logs` WHERE `user_id`= :userId', |
178
|
|
|
[':userId' => $r['user_id']] |
179
|
|
|
); |
180
|
|
|
$r['deleted_logentries'] = (int) $connection->fetchColumn( |
181
|
|
|
'SELECT COUNT(*) FROM `cache_logs_archived` WHERE `user_id`= :userId', |
182
|
|
|
[':userId' => $r['user_id']] |
183
|
|
|
); |
184
|
|
|
$r['reports'] = (int) $connection->fetchColumn( |
185
|
|
|
'SELECT COUNT(*) FROM `cache_reports` WHERE `userid`= :userId', |
186
|
|
|
[':userId' => $r['user_id']] |
187
|
|
|
); |
188
|
|
|
|
189
|
|
|
$tpl->assign('user', $r); |
190
|
|
|
|
191
|
|
|
$user = new user($r['user_id']); |
192
|
|
|
if (!$user->exist()) { |
193
|
|
|
$tpl->error(ERROR_UNKNOWN); |
194
|
|
|
} |
195
|
|
|
$tpl->assign('candisable', $user->canDisable()); |
196
|
|
|
$tpl->assign('candelete', $user->canDelete()); |
197
|
|
|
$tpl->assign('cansetemail', !$user->missedDataLicenseMail() && $r['email'] != ""); |
198
|
|
|
$tpl->assign('licensefunctions', $opt['logic']['license']['admin']); |
199
|
|
|
|
200
|
|
|
$tpl->display(); |
201
|
|
|
} |
202
|
|
|
|
When comparing two booleans, it is generally considered safer to use the strict comparison operator.