These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /*************************************************************************** |
||
3 | * for license information see LICENSE.md |
||
4 | ***************************************************************************/ |
||
5 | |||
6 | use Doctrine\DBAL\Connection; |
||
7 | |||
8 | require __DIR__ . '/lib2/web.inc.php'; |
||
9 | |||
10 | $tpl->name = 'adminuser'; |
||
11 | $tpl->menuitem = MNU_ADMIN_USER; |
||
12 | |||
13 | $login->verify(); |
||
14 | if ($login->userid == 0) { |
||
15 | $tpl->redirect_login(); |
||
16 | } |
||
17 | |||
18 | if (($login->admin & ADMIN_USER) != ADMIN_USER) { |
||
19 | $tpl->error(ERROR_NO_ACCESS); |
||
20 | } |
||
21 | |||
22 | if (isset($_REQUEST['success']) && $_REQUEST['success']) { |
||
23 | $tpl->assign('success', '1'); |
||
24 | } |
||
25 | |||
26 | $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'display'; |
||
27 | |||
28 | if ($action === 'searchuser') { |
||
29 | searchUser(); |
||
30 | } elseif ($action === 'sendcode') { |
||
31 | sendCode(); |
||
32 | } elseif ($action === 'formaction') { |
||
33 | formAction(); |
||
34 | } elseif ($action === 'display') { |
||
35 | $tpl->display(); |
||
36 | } |
||
37 | |||
38 | $tpl->error(ERROR_UNKNOWN); |
||
39 | |||
40 | function sendCode() |
||
41 | { |
||
42 | global $tpl; |
||
43 | |||
44 | $userId = isset($_REQUEST['userid']) ? $_REQUEST['userid'] + 0 : 0; |
||
45 | |||
46 | $user = new user($userId); |
||
47 | if ($user->exist() === false) { |
||
48 | $tpl->error(ERROR_UNKNOWN); |
||
49 | } |
||
50 | |||
51 | // send a new confirmation |
||
52 | $user->sendRegistrationCode(); |
||
53 | |||
54 | $tpl->redirect('adminuser.php?action=searchuser&msg=sendcodecommit&username=' . urlencode($user->getUsername())); |
||
55 | } |
||
56 | |||
57 | function formAction() |
||
58 | { |
||
59 | global $tpl, $translate; |
||
60 | |||
61 | $commit = isset($_REQUEST['chkcommit']) ? $_REQUEST['chkcommit'] + 0 : 0; |
||
62 | $delete = isset($_REQUEST['chkdelete']) ? $_REQUEST['chkdelete'] + 0 : 0; |
||
63 | $disable = isset($_REQUEST['chkdisable']) ? $_REQUEST['chkdisable'] + 0 : 0; |
||
64 | $emailProblem = isset($_REQUEST['chkemail']) ? $_REQUEST['chkemail'] + 0 : 0; |
||
65 | $dataLicense = isset($_REQUEST['chkdl']) ? true : false; |
||
66 | $userId = isset($_REQUEST['userid']) ? $_REQUEST['userid'] + 0 : 0; |
||
67 | $disduelicense = isset($_REQUEST['chkdisduelicense']) ? $_REQUEST['chkdisduelicense'] + 0 : 0; |
||
68 | |||
69 | $user = new user($userId); |
||
70 | if ($user->exist() === false) { |
||
71 | $tpl->error(ERROR_UNKNOWN); |
||
72 | } |
||
73 | $username = $user->getUsername(); |
||
74 | |||
75 | if ($delete + $disable + $disduelicense > 1) { |
||
76 | $tpl->error($translate->t('Please select only one of the delete/disable options!', '', '', 0)); |
||
77 | } |
||
78 | |||
79 | if ($commit == 0) { |
||
80 | $tpl->error($translate->t('You have to check that you are sure!', '', '', 0)); |
||
81 | } |
||
82 | |||
83 | if ($disduelicense == 1) { |
||
84 | $errorMessage = $user->disduelicense(); |
||
85 | if ($errorMessage !== true) { |
||
86 | $tpl->error($errorMessage); |
||
87 | } |
||
88 | } elseif ($disable == 1) { |
||
89 | if ($user->disable() == false) { |
||
0 ignored issues
–
show
|
|||
90 | $tpl->error(ERROR_UNKNOWN); |
||
91 | } |
||
92 | } elseif ($delete == 1) { |
||
93 | if ($user->delete() == false) { |
||
0 ignored issues
–
show
|
|||
94 | $tpl->error(ERROR_UNKNOWN); |
||
95 | } |
||
96 | } elseif ($emailProblem == 1) { |
||
97 | $user->addEmailProblem($dataLicense); |
||
98 | } |
||
99 | |||
100 | $tpl->redirect('adminuser.php?action=searchuser&username=' . urlencode($username) . |
||
101 | '&success=' . ($disduelicense + $disable)); |
||
102 | } |
||
103 | |||
104 | function searchUser() |
||
105 | { |
||
106 | global $tpl, $opt; |
||
107 | |||
108 | $username = isset($_REQUEST['username']) ? $_REQUEST['username'] : ''; |
||
109 | $msg = isset($_REQUEST['msg']) ? $_REQUEST['msg'] : ''; |
||
110 | |||
111 | $tpl->assign('username', $username); |
||
112 | $tpl->assign('msg', $msg); |
||
113 | |||
114 | /** @var Connection $connection */ |
||
115 | $connection = AppKernel::Container()->get(Connection::class); |
||
116 | $r = $connection->fetchAssoc( |
||
117 | 'SELECT `user_id`, |
||
118 | `username`, |
||
119 | `email`, |
||
120 | `email_problems`, |
||
121 | `date_created`, |
||
122 | `last_modified`, |
||
123 | `is_active_flag`, |
||
124 | `activation_code`, |
||
125 | `first_name`, |
||
126 | `last_name`, |
||
127 | `last_login`, |
||
128 | `data_license`=:dataLicense AS `license_declined` |
||
129 | FROM `user` |
||
130 | WHERE `username`= :user |
||
131 | OR `email`=:user', |
||
132 | [ |
||
133 | 'user' => $username, |
||
134 | 'dataLicense' => NEW_DATA_LICENSE_ACTIVELY_DECLINED |
||
135 | ] |
||
136 | ); |
||
137 | |||
138 | if (!$r) { |
||
0 ignored issues
–
show
The expression
$r of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using empty($expr) instead to make it clear that you intend to check for an array without elements.
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using
Loading history...
|
|||
139 | $tpl->assign('error', 'userunknown'); |
||
140 | $tpl->display(); |
||
141 | } |
||
142 | |||
143 | $tpl->assign('showdetails', true); |
||
144 | |||
145 | $r['hidden'] = (int) $connection->fetchColumn( |
||
146 | 'SELECT COUNT(*) FROM `caches` WHERE `user_id`=:userId', [':userId' => $r['user_id']] |
||
147 | ); |
||
148 | $r['hidden_active'] = (int) $connection->fetchColumn( |
||
149 | 'SELECT COUNT(*) FROM `caches` WHERE `user_id`= :userId AND `status`=1', |
||
150 | [':userId' => $r['user_id']] |
||
151 | ); |
||
152 | $r['logentries'] = (int) $connection->fetchColumn( |
||
153 | 'SELECT COUNT(*) FROM `cache_logs` WHERE `user_id`= :userId', |
||
154 | [':userId' => $r['user_id']] |
||
155 | ); |
||
156 | $r['deleted_logentries'] = (int) $connection->fetchColumn( |
||
157 | 'SELECT COUNT(*) FROM `cache_logs_archived` WHERE `user_id`= :userId', |
||
158 | [':userId' => $r['user_id']] |
||
159 | ); |
||
160 | $r['reports'] = (int) $connection->fetchColumn( |
||
161 | 'SELECT COUNT(*) FROM `cache_reports` WHERE `userid`= :userId', |
||
162 | [':userId' => $r['user_id']] |
||
163 | ); |
||
164 | |||
165 | $tpl->assign('user', $r); |
||
166 | |||
167 | $user = new user($r['user_id']); |
||
168 | if (!$user->exist()) { |
||
169 | $tpl->error(ERROR_UNKNOWN); |
||
170 | } |
||
171 | $tpl->assign('candisable', $user->canDisable()); |
||
172 | $tpl->assign('candelete', $user->canDelete()); |
||
173 | $tpl->assign('cansetemail', !$user->missedDataLicenseMail() && $r['email'] != ""); |
||
174 | $tpl->assign('licensefunctions', $opt['logic']['license']['admin']); |
||
175 | |||
176 | $tpl->display(); |
||
177 | } |
||
178 |
When comparing two booleans, it is generally considered safer to use the strict comparison operator.