XoUser   A
last analyzed

Complexity

Total Complexity 2

Size/Duplication

Total Lines 18
Duplicated Lines 0 %

Importance

Changes 0
Metric Value
wmc 2
eloc 11
dl 0
loc 18
rs 10
c 0
b 0
f 0

1 Method

Rating   Name   Duplication   Size   Complexity  
A __construct() 0 12 2
1
<?php
2
/**
3
 * Find XOOPS users
4
 *
5
 * You may not change or alter any portion of this comment or credits
6
 * of supporting developers from this source code or any supporting source code
7
 * which is considered copyrighted (c) material of the original comment or credit authors.
8
 * This program is distributed in the hope that it will be useful,
9
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11
 *
12
 * @copyright       (c) 2000-2016 XOOPS Project (www.xoops.org)
13
 * @license             GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html)
14
 * @package             kernel
15
 * @since               2.3.0
16
 * @author              Taiwen Jiang <[email protected]>
17
 */
18
/* @var  XoopsUser $xoopsUser */
19
20
include_once dirname(__DIR__) . '/mainfile.php';
21
22
xoops_header(false);
23
24
$denied = true;
25
if (!empty($_REQUEST['token'])) {
26
    if ($GLOBALS['xoopsSecurity']->validateToken($_REQUEST['token'], false)) {
27
        $denied = false;
28
    }
29
} elseif (is_object($xoopsUser) && $xoopsUser->isAdmin()) {
30
    $denied = false;
31
}
32
if ($denied) {
33
    xoops_error(_NOPERM);
34
    exit();
35
}
36
37
$token         = isset($_REQUEST['token']) ? $_REQUEST['token'] : '';
38
$name_form     = 'memberslist';
39
$name_userid   = 'uid' . (!empty($_REQUEST['multiple']) ? '[]' : '');
40
$name_username = 'uname' . (!empty($_REQUEST['multiple']) ? '[]' : '');
41
42
xoops_loadLanguage('findusers');
43
44
/**
45
 * Enter description here...
46
 *
47
 */
48
class XoopsRank extends XoopsObject
49
{
50
    /**
51
     * Construct
52
     *
53
     */
54
    public function __construct()
55
    {
56
        parent::__construct();
57
        $this->initVar('rank_id', XOBJ_DTYPE_INT, null, false);
58
        $this->initVar('rank_title', XOBJ_DTYPE_TXTBOX, null, false);
59
        $this->initVar('rank_min', XOBJ_DTYPE_INT, 0);
60
        $this->initVar('rank_max', XOBJ_DTYPE_INT, 0);
61
        $this->initVar('rank_special', XOBJ_DTYPE_INT, 0);
62
        $this->initVar('rank_image', XOBJ_DTYPE_TXTBOX, '');
63
    }
64
}
65
66
/**
67
 * Xoops Rank Handler
68
 *
69
 */
70
class XoopsRankHandler extends XoopsObjectHandler
71
{
72
    /**
73
     * Constructor
74
     *
75
     * @param XoopsDatabase $db
76
     */
77
    public function __construct(XoopsDatabase $db)
78
    {
79
        parent::__construct($db);
80
    }
81
82
    /**
83
     * Create Object
84
     *
85
     * @param  bool $isNew
86
     * @return XoopsRank
87
     */
88
    public function create($isNew = true)
89
    {
90
        $obj = new XoopsRank();
91
        if ($isNew === true) {
92
            $obj->setNew();
93
        }
94
95
        return $obj;
96
    }
97
98
    /**
99
     * Get Object
100
     *
101
     * @param  int $id
102
     * @return object
103
     */
104
    public function get($id = 0)
105
    {
106
        $object = $this->create(false);
107
        $sql    = 'SELECT * FROM ' . $this->db->prefix('ranks') . ' WHERE rank_id = ' . $this->db->quoteString($id);
0 ignored issues
show
Bug introduced by mambax7
The method quoteString() does not exist on XoopsDatabase. Since it exists in all sub-types, consider adding an abstract or default implementation to XoopsDatabase. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

107
        $sql    = 'SELECT * FROM ' . $this->db->prefix('ranks') . ' WHERE rank_id = ' . $this->db->/** @scrutinizer ignore-call */ quoteString($id);
Loading history...
108
        if (!$result = $this->db->query($sql)) {
0 ignored issues
show
Bug introduced by beckmi
The method query() does not exist on XoopsDatabase. Since it exists in all sub-types, consider adding an abstract or default implementation to XoopsDatabase. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

108
        if (!$result = $this->db->/** @scrutinizer ignore-call */ query($sql)) {
Loading history...
109
            $ret = null;
110
111
            return $ret;
112
        }
113
        while (false !== ($row = $this->db->fetchArray($result))) {
0 ignored issues
show
Bug introduced by mambax7
The method fetchArray() does not exist on XoopsDatabase. Since it exists in all sub-types, consider adding an abstract or default implementation to XoopsDatabase. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

113
        while (false !== ($row = $this->db->/** @scrutinizer ignore-call */ fetchArray($result))) {
Loading history...
114
            $object->assignVars($row);
115
        }
116
117
        return $object;
118
    }
119
120
    /**
121
     * Get List
122
     *
123
     * @param  CriteriaElement $criteria
124
     * @param  int             $limit
125
     * @param  int             $start
126
     * @return array
127
     */
128
    public function getList(CriteriaElement $criteria = null, $limit = 0, $start = 0)
129
    {
130
        $ret = array();
131
        if ($criteria == null) {
132
            $criteria = new CriteriaCompo();
133
        }
134
135
        $sql = 'SELECT rank_id, rank_title FROM ' . $this->db->prefix('ranks');
136
        if (isset($criteria) && is_subclass_of($criteria, 'CriteriaElement')) {
137
            $sql .= ' ' . $criteria->renderWhere();
0 ignored issues
show
Bug introduced by beckmi
The method renderWhere() does not exist on CriteriaElement. Did you maybe mean render()? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

137
            $sql .= ' ' . $criteria->/** @scrutinizer ignore-call */ renderWhere();

This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.

This is most likely a typographical error or the method has been renamed.

Loading history...
138
            if ($criteria->getSort() != '') {
139
                $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
140
            }
141
            $limit = $criteria->getLimit();
142
            $start = $criteria->getStart();
143
        }
144
        $result = $this->db->query($sql, $limit, $start);
145
        if (!$result) {
146
            return $ret;
147
        }
148
        $myts = MyTextSanitizer::getInstance();
149
        while (false !== ($myrow = $this->db->fetchArray($result))) {
150
            $ret[$myrow['rank_id']] = $myts->htmlSpecialChars($myrow['rank_title']);
151
        }
152
153
        return $ret;
154
    }
155
}
156
157
/**
158
 * Xoops Users Extend Class
159
 *
160
 */
161
class XoUser extends XoopsUser
162
{
163
    /**
164
     * Enter Constructor
165
     *
166
     */
167
    public function __construct()
168
    {
169
        parent::__construct();
170
        $unsets = array(
171
            'actkey',
172
            'pass',
173
            'theme',
174
            'umode',
175
            'uorder',
176
            'notify_mode');
177
        foreach ($unsets as $var) {
178
            unset($this->vars[$var]);
179
        }
180
    }
181
}
182
183
/**
184
 * XoUser Handler
185
 *
186
 */
187
class XoUserHandler extends XoopsObjectHandler
188
{
189
    /**
190
     * Enter description here...
191
     *
192
     * @param XoopsDatabase $db
193
     */
194
    public function __construct(XoopsDatabase $db)
195
    {
196
        parent::__construct($db);
197
    }
198
199
    /**
200
     * Create
201
     *
202
     * @param  bool $isNew
203
     * @return XoUser
204
     */
205
    public function create($isNew = true)
206
    {
207
        $obj = new XoUser();
208
        if ($isNew === true) {
209
            $obj->setNew();
210
        }
211
212
        return $obj;
213
    }
214
215
    /**
216
     * Get Count
217
     *
218
     * @param  CriteriaElement $criteria
219
     * @param  array           $groups
220
     * @return int
221
     */
222
    public function getCount(CriteriaElement $criteria = null, $groups = array())
223
    {
224
        if (!is_array($groups)) {
0 ignored issues
show
introduced by beckmi
The condition is_array($groups) is always true.
Loading history...
225
            $groups = array(
226
                $groups);
227
        }
228
        $groups = array_filter($groups);
229
        if (empty($groups)) {
230
            $sql = '    SELECT COUNT(DISTINCT u.uid) FROM ' . $this->db->prefix('users') . ' AS u' . '    WHERE 1=1';
231
        } else {
232
            $sql = '    SELECT COUNT(DISTINCT u.uid) FROM ' . $this->db->prefix('users') . ' AS u' . '    LEFT JOIN ' . $this->db->prefix('groups_users_link') . ' AS g ON g.uid = u.uid' . '    WHERE g.groupid IN (' . implode(', ', array_map('intval', $groups)) . ')';
233
        }
234
        if (isset($criteria) && is_subclass_of($criteria, 'CriteriaElement')) {
235
            // Use the direct renderer, assuming no `uid` in criteria
236
            if ($render = $criteria->render()) {
237
                $sql .= ' AND ' . $render;
238
            }
239
        }
240
        $result = $this->db->query($sql);
241
        list($count) = $this->db->fetchRow($result);
0 ignored issues
show
Bug introduced by mambax7
The method fetchRow() does not exist on XoopsDatabase. Since it exists in all sub-types, consider adding an abstract or default implementation to XoopsDatabase. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-call  annotation

241
        /** @scrutinizer ignore-call */ 
242
        list($count) = $this->db->fetchRow($result);
Loading history...
242
243
        return $count;
244
    }
245
246
    /**
247
     * GetAll
248
     *
249
     * @param  CriteriaElement $criteria
250
     * @param  array           $groups
251
     * @return object
252
     */
253
    public function getAll(CriteriaElement $criteria = null, $groups = array())
254
    {
255
        if (!is_array($groups)) {
0 ignored issues
show
introduced by beckmi
The condition is_array($groups) is always true.
Loading history...
256
            $groups = array(
257
                $groups);
258
        }
259
        $groups = array_filter($groups);
260
        $limit  = null;
261
        $start  = null;
262
        if (empty($groups)) {
263
            $sql = '    SELECT u.* FROM ' . $this->db->prefix('users') . ' AS u' . '    WHERE 1=1';
264
        } else {
265
            $sql = '    SELECT u.* FROM ' . $this->db->prefix('users') . ' AS u' . '    LEFT JOIN ' . $this->db->prefix('groups_users_link') . ' AS g ON g.uid = u.uid' . '    WHERE g.groupid IN (' . implode(', ', array_map('intval', $groups)) . ')';
266
        }
267
        if (isset($criteria) && is_subclass_of($criteria, 'CriteriaElement')) {
268
            if ($render = $criteria->render()) {
269
                $sql .= ' AND ' . $render;
270
            }
271
            if ($sort = $criteria->getSort()) {
272
                $sql .= ' ORDER BY ' . $sort . ' ' . $criteria->getOrder();
273
                $orderSet = true;
274
            }
275
            $limit = $criteria->getLimit();
276
            $start = $criteria->getStart();
277
        }
278
        if (empty($orderSet)) {
279
            $sql .= ' ORDER BY u.uid ASC';
280
        }
281
        $result = $this->db->query($sql, $limit, $start);
282
        $ret    = array();
283
        while (false !== ($myrow = $this->db->fetchArray($result))) {
284
            $object = $this->create(false);
285
            $object->assignVars($myrow);
286
            $ret[$myrow['uid']] = $object;
287
            unset($object);
288
        }
289
290
        return $ret;
0 ignored issues
show
Bug Best Practice introduced by beckmi
The expression return $ret returns the type array which is incompatible with the documented return type object.
Loading history...
291
    }
292
}
293
294
$rank_handler = new XoopsRankHandler($xoopsDB);
295
$user_handler = new XoUserHandler($xoopsDB);
296
297
$items_match = array(
298
    'uname'     => _MA_USER_UNAME,
299
    'name'      => _MA_USER_REALNAME,
300
    'email'     => _MA_USER_EMAIL,
301
    'user_icq'  => _MA_USER_ICQ,
302
    'user_aim'  => _MA_USER_AIM,
303
    'user_yim'  => _MA_USER_YIM,
304
    'user_msnm' => _MA_USER_MSNM);
305
306
$items_range = array(
307
    'user_regdate' => _MA_USER_RANGE_USER_REGDATE,
308
    'last_login'   => _MA_USER_RANGE_LAST_LOGIN,
309
    'posts'        => _MA_USER_RANGE_POSTS);
310
311
define('FINDUSERS_MODE_SIMPLE', 0);
312
define('FINDUSERS_MODE_ADVANCED', 1);
313
define('FINDUSERS_MODE_QUERY', 2);
314
315
$modes = array(
316
    FINDUSERS_MODE_SIMPLE   => _MA_USER_MODE_SIMPLE,
317
    FINDUSERS_MODE_ADVANCED => _MA_USER_MODE_ADVANCED,
318
    FINDUSERS_MODE_QUERY    => _MA_USER_MODE_QUERY);
319
320
if (empty($_POST['user_submit'])) {
321
    include_once $GLOBALS['xoops']->path('class/xoopsformloader.php');
322
323
    $form = new XoopsThemeForm(_MA_USER_FINDUS, 'user_findform', 'findusers.php', 'post', true);
324
    $mode = (int)(@$_REQUEST['mode']);
325
    if (FINDUSERS_MODE_QUERY == $mode) {
326
        $form->addElement(new XoopsFormTextArea(_MA_USER_QUERY, 'query', @$_POST['query']));
327
    } else {
328
        if (FINDUSERS_MODE_ADVANCED == $mode) {
329
            foreach ($items_match as $var => $title) {
330
                $text       = new XoopsFormText('', $var, 30, 100, @$_POST[$var]);
331
                $match      = new XoopsFormSelectMatchOption('', "{$var}_match", @$_POST["{$var}_match"]);
332
                $match_tray = new XoopsFormElementTray($title, '&nbsp;');
333
                $match_tray->addElement($match);
334
                $match_tray->addElement($text);
335
                $form->addElement($match_tray);
336
                unset($text, $match, $match_tray);
337
            }
338
339
            $url_text        = new XoopsFormText(_MA_USER_URLC, 'url', 30, 100, @$_POST['url']);
340
            $location_text   = new XoopsFormText(_MA_USER_LOCATION, 'user_from', 30, 100, @$_POST['user_from']);
341
            $occupation_text = new XoopsFormText(_MA_USER_OCCUPATION, 'user_occ', 30, 100, @$_POST['user_occ']);
342
            $interest_text   = new XoopsFormText(_MA_USER_INTEREST, 'user_intrest', 30, 100, @$_POST['user_intrest']);
343
            foreach ($items_range as $var => $title) {
344
                $more       = new XoopsFormText('', "{$var}_more", 10, 5, @$_POST["{$var}_more"]);
345
                $less       = new XoopsFormText('', "{$var}_less", 10, 5, @$_POST["{$var}_less"]);
346
                $range_tray = new XoopsFormElementTray($title, '&nbsp;-&nbsp;&nbsp;');
347
                $range_tray->addElement($less);
348
                $range_tray->addElement($more);
349
                $form->addElement($range_tray);
350
                unset($more, $less, $range_tray);
351
            }
352
353
            $mailok_radio = new XoopsFormRadio(_MA_USER_SHOWMAILOK, 'user_mailok', empty($_POST['user_mailok']) ? 'both' : $_POST['user_mailok']);
354
            $mailok_radio->addOptionArray(array(
355
                                              'mailok' => _MA_USER_MAILOK,
356
                                              'mailng' => _MA_USER_MAILNG,
357
                                              'both' => _MA_USER_BOTH));
358
            $avatar_radio = new XoopsFormRadio(_MA_USER_HASAVATAR, 'user_avatar', empty($_POST['user_avatar']) ? 'both' : $_POST['user_avatar']);
359
            $avatar_radio->addOptionArray(array(
360
                                              'y' => _YES,
361
                                              'n' => _NO,
362
                                              'both' => _MA_USER_BOTH));
363
364
            $level_radio = new XoopsFormRadio(_MA_USER_LEVEL, 'level', @$_POST['level']);
365
            $levels      = array(
366
                0 => _ALL,
367
                1 => _MA_USER_LEVEL_ACTIVE,
368
                2 => _MA_USER_LEVEL_INACTIVE,
369
                3 => _MA_USER_LEVEL_DISABLED);
370
            $level_radio->addOptionArray($levels);
371
372
            /* @var XoopsMemberHandler $member_handler */
373
            $member_handler = xoops_getHandler('member');
374
            $groups         = $member_handler->getGroupList();
375
            $groups[0]      = _ALL;
376
            $group_select   = new XoopsFormSelect(_MA_USER_GROUP, 'groups', @$_POST['groups'], 3, true);
377
            $group_select->addOptionArray($groups);
378
379
            $ranks       = $rank_handler->getList();
380
            $ranks[0]    = _ALL;
381
            $rank_select = new XoopsFormSelect(_MA_USER_RANK, 'rank', (int)(@$_POST['rank']));
382
            $rank_select->addOptionArray($ranks);
383
            $form->addElement($url_text);
384
            $form->addElement($location_text);
385
            $form->addElement($occupation_text);
386
            $form->addElement($interest_text);
387
            $form->addElement($mailok_radio);
388
            $form->addElement($avatar_radio);
389
            $form->addElement($level_radio);
390
            $form->addElement($group_select);
391
            $form->addElement($rank_select);
392
        } else {
393
            foreach (array(
394
                         'uname',
395
                         'email') as $var) {
396
                $title      = $items_match[$var];
397
                $text       = new XoopsFormText('', $var, 30, 100, @$_POST[$var]);
398
                $match      = new XoopsFormSelectMatchOption('', "{$var}_match", @$_POST["{$var}_match"]);
399
                $match_tray = new XoopsFormElementTray($title, '&nbsp;');
400
                $match_tray->addElement($match);
401
                $match_tray->addElement($text);
402
                $form->addElement($match_tray);
403
                unset($text, $match, $match_tray);
404
            }
405
        }
406
407
        $sort_select = new XoopsFormSelect(_MA_USER_SORT, 'user_sort', @$_POST['user_sort']);
408
        $sort_select->addOptionArray(array(
409
                                         'uname' => _MA_USER_UNAME,
410
                                         'last_login' => _MA_USER_LASTLOGIN,
411
                                         'user_regdate' => _MA_USER_REGDATE,
412
                                         'posts' => _MA_USER_POSTS));
413
        $order_select = new XoopsFormSelect(_MA_USER_ORDER, 'user_order', @$_POST['user_order']);
414
        $order_select->addOptionArray(array(
415
                                          'ASC' => _MA_USER_ASC,
416
                                          'DESC' => _MA_USER_DESC));
417
418
        $form->addElement($sort_select);
419
        $form->addElement($order_select);
420
    }
421
    $form->addElement(new XoopsFormText(_MA_USER_LIMIT, 'limit', 6, 6, empty($_REQUEST['limit']) ? 50 : (int)$_REQUEST['limit']));
422
    $form->addElement(new XoopsFormHidden('mode', $mode));
423
    $form->addElement(new XoopsFormHidden('target', @$_REQUEST['target']));
424
    $form->addElement(new XoopsFormHidden('multiple', @$_REQUEST['multiple']));
425
    $form->addElement(new XoopsFormHidden('token', $token));
426
    $form->addElement(new XoopsFormButton('', 'user_submit', _SUBMIT, 'submit'));
427
428
    $acttotal   = $user_handler->getCount(new Criteria('level', 0, '>'));
429
    $inacttotal = $user_handler->getCount(new Criteria('level', 0, '<='));
430
    echo '</html><body>';
431
    echo "<h2 style='text-align:left;'>" . _MA_USER_FINDUS . ' - ' . $modes[$mode] . '</h2>';
432
    $modes_switch = array();
433
    foreach ($modes as $_mode => $title) {
434
        if ($mode == $_mode) {
435
            continue;
436
        }
437
        $modes_switch[] = "<a href='findusers.php?target=" . htmlspecialchars(@$_REQUEST['target'], ENT_QUOTES) . '&amp;multiple=' . htmlspecialchars(@$_REQUEST['multiple'], ENT_QUOTES) . '&amp;token=' . htmlspecialchars($token, ENT_QUOTES) . "&amp;mode={$_mode}'>{$title}</a>";
438
    }
439
    echo '<h4>' . implode(' | ', $modes_switch) . '</h4>';
440
    echo '(' . sprintf(_MA_USER_ACTUS, "<span style='color:#ff0000;'>$acttotal</span>") . ' ' . sprintf(_MA_USER_INACTUS, "<span style='color:#ff0000;'>$inacttotal</span>") . ')';
441
    $form->display();
442
} else {
443
    $myts  = MyTextSanitizer::getInstance();
444
    $limit = empty($_POST['limit']) ? 50 : (int)$_POST['limit'];
445
    $start = (int)(@$_POST['start']);
446
    if (!isset($_POST['query'])) {
447
        $criteria = new CriteriaCompo();
448
        foreach (array_keys($items_match) as $var) {
449
            if (!empty($_POST[$var])) {
450
                $match = (!empty($_POST["{$var}_match"])) ? (int)$_POST["{$var}_match"] : XOOPS_MATCH_START;
451
                $value = str_replace('_', "\\\_", $myts->addSlashes(trim($_POST[$var])));
452
                switch ($match) {
453
                    case XOOPS_MATCH_START:
454
                        $criteria->add(new Criteria($var, $value . '%', 'LIKE'));
455
                        break;
456
                    case XOOPS_MATCH_END:
457
                        $criteria->add(new Criteria($var, '%' . $value, 'LIKE'));
458
                        break;
459
                    case XOOPS_MATCH_EQUAL:
460
                        $criteria->add(new Criteria($var, $value));
461
                        break;
462
                    case XOOPS_MATCH_CONTAIN:
463
                        $criteria->add(new Criteria($var, '%' . $value . '%', 'LIKE'));
464
                        break;
465
                }
466
            }
467
        }
468
        if (!empty($_POST['url'])) {
469
            $url = formatURL(trim($_POST['url']));
470
            $criteria->add(new Criteria('url', $url . '%', 'LIKE'));
471
        }
472
        if (!empty($_POST['user_from'])) {
473
            $criteria->add(new Criteria('user_from', '%' . $myts->addSlashes(trim($_POST['user_from'])) . '%', 'LIKE'));
474
        }
475
        if (!empty($_POST['user_intrest'])) {
476
            $criteria->add(new Criteria('user_intrest', '%' . $myts->addSlashes(trim($_POST['user_intrest'])) . '%', 'LIKE'));
477
        }
478
        if (!empty($_POST['user_occ'])) {
479
            $criteria->add(new Criteria('user_occ', '%' . $myts->addSlashes(trim($_POST['user_occ'])) . '%', 'LIKE'));
480
        }
481
        foreach (array(
482
                     'last_login',
483
                     'user_regdate') as $var) {
484
            if (!empty($_POST["{$var}_more"]) && is_numeric($_POST["{$var}_more"])) {
485
                $time = time() - (60 * 60 * 24 * (int)trim($_POST["{$var}_more"]));
486
                if ($time > 0) {
487
                    $criteria->add(new Criteria($var, $time, '<='));
488
                }
489
            }
490
            if (!empty($_POST["{$var}_less"]) && is_numeric($_POST["{$var}_less"])) {
491
                $time = time() - (60 * 60 * 24 * (int)trim($_POST["{$var}_less"]));
492
                if ($time > 0) {
493
                    $criteria->add(new Criteria($var, $time, '>='));
494
                }
495
            }
496
        }
497
        if (!empty($_POST['posts_more']) && is_numeric($_POST['posts_more'])) {
498
            $criteria->add(new Criteria('posts', (int)$_POST['posts_more'], '<='));
499
        }
500
        if (!empty($_POST['posts_less']) && is_numeric($_POST['posts_less'])) {
501
            $criteria->add(new Criteria('posts', (int)$_POST['posts_less'], '>='));
502
        }
503
        if (!empty($_POST['user_mailok'])) {
504
            if ($_POST['user_mailok'] === 'mailng') {
505
                $criteria->add(new Criteria('user_mailok', 0));
506
            } elseif ($_POST['user_mailok'] === 'mailok') {
507
                $criteria->add(new Criteria('user_mailok', 1));
508
            }
509
        }
510
        if (!empty($_POST['user_avatar'])) {
511
            if ($_POST['user_avatar'] === 'y') {
512
                $criteria->add(new Criteria('user_avatar', "('', 'blank.gif')", 'NOT IN'));
513
            } elseif ($_POST['user_avatar'] === 'n') {
514
                $criteria->add(new Criteria('user_avatar', "('', 'blank.gif')", 'IN'));
515
            }
516
        }
517
        if (!empty($_POST['level'])) {
518
            $level_value = array(
519
                1 => 1,
520
                2 => 0,
521
                3 => -1);
522
            $level       = isset($level_value[(int)$_POST['level']]) ? $level_value[(int)$_POST['level']] : 1;
523
            $criteria->add(new Criteria('level', $level));
524
        }
525
        if (!empty($_POST['rank'])) {
526
            $rank_obj = $rank_handler->get($_POST['rank']);
527
            if ($rank_obj->getVar('rank_special')) {
528
                $criteria->add(new Criteria('rank', (int)$_POST['rank']));
529
            } else {
530
                if ($rank_obj->getVar('rank_min')) {
531
                    $criteria->add(new Criteria('posts', $rank_obj->getVar('rank_min'), '>='));
532
                }
533
                if ($rank_obj->getVar('rank_max')) {
534
                    $criteria->add(new Criteria('posts', $rank_obj->getVar('rank_max'), '<='));
535
                }
536
            }
537
        }
538
        $total     = $user_handler->getCount($criteria, @$_POST['groups']);
539
        $validsort = array(
540
            'uname',
541
            'email',
542
            'last_login',
543
            'user_regdate',
544
            'posts');
545
        $sort      = (!in_array($_POST['user_sort'], $validsort)) ? 'uname' : $_POST['user_sort'];
546
        $order     = 'ASC';
547
        if (isset($_POST['user_order']) && $_POST['user_order'] === 'DESC') {
548
            $order = 'DESC';
549
        }
550
        $criteria->setSort($sort);
551
        $criteria->setOrder($order);
552
        $criteria->setLimit($limit);
553
        $criteria->setStart($start);
554
        $foundusers = $user_handler->getAll($criteria, @$_POST['groups']);
555
    } else {
556
        $query = trim($_POST['query']);
557
        // Query with alias
558
        if (preg_match("/select[\s]+.*[\s]+from[\s]+(" . $xoopsDB->prefix('users') . "[\s]+as[\s]+(\S+).*)/i", $query, $matches)) {
559
            $alias    = $matches[2];
560
            $subquery = $matches[1];
561
562
            // Query without alias
563
        } elseif (preg_match("/select[\s]+.*[\s]+from[\s]+(" . $xoopsDB->prefix('users') . "\b.*)/i", $query, $matches)) {
564
            $alias    = '';
565
            $subquery = $matches[1];
566
567
            // Invalid query
568
        } else {
569
            $query    = 'SELECT * FROM ' . $xoopsDB->prefix('users');
570
            $subquery = $xoopsDB->prefix('users');
571
        }
572
        $sql_count = 'SELECT COUNT(DISTINCT ' . (empty($alias) ? '' : $alias . '.') . 'uid) FROM ' . $subquery;
573
        $result    = $xoopsDB->query($sql_count);
574
        list($total) = $xoopsDB->fetchRow($result);
575
        $result     = $xoopsDB->query($query, $limit, $start);
576
        $foundusers = array();
577
        while (false !== ($myrow = $xoopsDB->fetchArray($result))) {
578
            $object = $user_handler->create(false);
579
            $object->assignVars($myrow);
580
            $foundusers[$myrow['uid']] = $object;
581
            unset($object);
582
        }
583
    }
584
585
    echo $js_adduser = '
586
        <script type="text/javascript">
587
        var multiple=' . (int)$_REQUEST['multiple'] . ';
588
        function addusers()
589
        {
590
            var sel_str = "";
591
            var num = 0;
592
            var mForm = document.forms["' . $name_form . '"];
593
            for (var i=0;i!=mForm.elements.length;i++) {
594
                var id=mForm.elements[i];
595
                if ( ( (multiple > 0 && id.type == "checkbox") || (multiple == 0 && id.type == "radio") ) && (id.checked == true) && ( id.name == "' . $name_userid . '" ) ) {
596
                    var name = mForm.elements[++i];
597
                    var len = id.value.length + name.value.length;
598
                    sel_str += len + ":" + id.value + ":" + name.value;
599
                    num ++;
600
                }
601
            }
602
            if (num == 0) {
603
                alert("' . _MA_USER_NOUSERSELECTED . '");
604
                return false;
605
            }
606
            sel_str = num + ":" + sel_str;
607
            window.opener.addusers(sel_str);
608
            alert("' . _MA_USER_USERADDED . '");
609
            if (multiple == 0) {
610
                window.close();
611
                window.opener.focus();
612
            }
613
            return true;
614
        }
615
        </script>
616
    ';
617
618
    echo '</html><body>';
619
    echo "<a href='findusers.php?target=" . htmlspecialchars(@$_POST['target'], ENT_QUOTES) . '&amp;multiple=' . (int)(@$_POST['multiple']) . '&amp;token=' . htmlspecialchars($token, ENT_QUOTES) . "'>" . _MA_USER_FINDUS . "</a>&nbsp;<span style='font-weight:bold;'>&raquo;</span>&nbsp;" . _MA_USER_RESULTS . '<br><br>';
620
    if (empty($start) && empty($foundusers)) {
621
        echo '<h4>' . _MA_USER_NOFOUND, '</h4>';
622
        $hiddenform = "<form name='findnext' action='findusers.php' method='post'>";
623
        foreach ($_POST as $k => $v) {
624
            if ($k === 'XOOPS_TOKEN_REQUEST') {
625
                // regenerate token value
626
                $hiddenform .= $GLOBALS['xoopsSecurity']->getTokenHTML() . "\n";
627
            } else {
628
                $hiddenform .= "<input type='hidden' name='" . htmlspecialchars($k, ENT_QUOTES) . "' value='" . htmlspecialchars($myts->stripSlashesGPC($v), ENT_QUOTES) . "' />\n";
0 ignored issues
show
Deprecated Code introduced by mambax7
The function MyTextSanitizer::stripSlashesGPC() has been deprecated: as of XOOPS 2.5.11 and will be removed in next XOOPS version ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

628
                $hiddenform .= "<input type='hidden' name='" . htmlspecialchars($k, ENT_QUOTES) . "' value='" . htmlspecialchars(/** @scrutinizer ignore-deprecated */ $myts->stripSlashesGPC($v), ENT_QUOTES) . "' />\n";

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
629
            }
630
        }
631
        if (!isset($_POST['limit'])) {
632
            $hiddenform .= "<input type='hidden' name='limit' value='{$limit}' />\n";
633
        }
634
        if (!isset($_POST['start'])) {
635
            $hiddenform .= "<input type='hidden' name='start' value='{$start}' />\n";
636
        }
637
        $hiddenform .= "<input type='hidden' name='token' value='" . htmlspecialchars($token, ENT_QUOTES) . "' />\n";
638
        $hiddenform .= '</form>';
639
640
        echo '<div>' . $hiddenform;
641
        echo "<a href='#' onclick='document.findnext.start.value=0;document.findnext.user_submit.value=0;document.findnext.submit();'>" . _MA_USER_SEARCHAGAIN . "</a>\n";
642
        echo '</div>';
643
    } elseif ($start < $total) {
644
        if (!empty($total)) {
645
            echo sprintf(_MA_USER_USERSFOUND, $total) . '<br>';
646
        }
647
        if (!empty($foundusers)) {
648
            echo "<form action='findusers.php' method='post' name='{$name_form}' id='{$name_form}'>
649
            <table width='100%' border='0' cellspacing='1' cellpadding='4' class='outer'>
650
            <tr>
651
            <th align='center' width='5px'>";
652
            if (!empty($_POST['multiple'])) {
653
                echo "<input type='checkbox' name='memberslist_checkall' id='memberslist_checkall' onclick='xoopsCheckAll(\"{$name_form}\", \"memberslist_checkall\");' />";
654
            }
655
            echo "</th>
656
            <th align='center'>" . _MA_USER_UNAME . "</th>
657
            <th align='center'>" . _MA_USER_REALNAME . "</th>
658
            <th align='center'>" . _MA_USER_REGDATE . "</th>
659
            <th align='center'>" . _MA_USER_LASTLOGIN . "</th>
660
            <th align='center'>" . _MA_USER_POSTS . '</th>
661
            </tr>';
662
            $ucount = 0;
663
            foreach (array_keys($foundusers) as $j) {
0 ignored issues
show
Bug introduced by beckmi
It seems like $foundusers can also be of type object; however, parameter $array of array_keys() does only seem to accept array, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

663
            foreach (array_keys(/** @scrutinizer ignore-type */ $foundusers) as $j) {
Loading history...
664
                $class = 'odd';
665
                if ($ucount % 2 == 0) {
666
                    $class = 'even';
667
                }
668
                ++$ucount;
669
                $fuser_name = $foundusers[$j]->getVar('name') ?: '&nbsp;';
670
                echo "<tr class='$class'>
671
                    <td align='center'>";
672
                if (!empty($_POST['multiple'])) {
673
                    echo "<input type='checkbox' name='{$name_userid}' id='{$name_userid}' value='" . $foundusers[$j]->getVar('uid') . "' />";
674
                    echo "<input type='hidden' name='{$name_username}' id='{$name_username}' value='" . $foundusers[$j]->getVar('uname') . "' />";
675
                } else {
676
                    echo "<input type='radio' name='{$name_userid}' id='{$name_userid}' value='" . $foundusers[$j]->getVar('uid') . "' />";
677
                    echo "<input type='hidden' name='{$name_username}' id='{$name_username}' value='" . $foundusers[$j]->getVar('uname') . "' />";
678
                }
679
                echo "</td>
680
                    <td><a href='" . XOOPS_URL . '/userinfo.php?uid=' . $foundusers[$j]->getVar('uid') . "' target='_blank'>" . $foundusers[$j]->getVar('uname') . '</a></td>
681
                    <td>' . $fuser_name . "</td>
682
                    <td align='center'>" . ($foundusers[$j]->getVar('user_regdate') ? date('Y-m-d', $foundusers[$j]->getVar('user_regdate')) : '') . "</td>
683
                    <td align='center'>" . ($foundusers[$j]->getVar('last_login') ? date('Y-m-d H:i', $foundusers[$j]->getVar('last_login')) : '') . "</td>
684
                    <td align='center'>" . $foundusers[$j]->getVar('posts') . '</td>';
685
                echo "</tr>\n";
686
            }
687
            echo "<tr class='foot'><td colspan='6'>";
688
689
            // placeholder for external applications
690
            if (empty($_POST['target'])) {
691
                echo "<select name='fct'><option value='users'>" . _DELETE . "</option><option value='mailusers'>" . _MA_USER_SENDMAIL . '</option>';
692
                echo '</select>&nbsp;';
693
                echo $GLOBALS['xoopsSecurity']->getTokenHTML() . "<input type='submit' value='" . _SUBMIT . "' />";
694
695
                // Add selected users
696
            } else {
697
                echo "<input type='button' value='" . _MA_USER_ADD_SELECTED . "' onclick='addusers();' />";
698
            }
699
            echo "<input type='hidden' name='token' value='" . htmlspecialchars($token, ENT_QUOTES) . "' />\n";
700
            echo "</td></tr></table></form>\n";
701
        }
702
703
        $hiddenform = "<form name='findnext' action='findusers.php' method='post'>";
704
        foreach ($_POST as $k => $v) {
705
            if ($k === 'XOOPS_TOKEN_REQUEST') {
706
                // regenerate token value
707
                $hiddenform .= $GLOBALS['xoopsSecurity']->getTokenHTML() . "\n";
708
            } else {
709
                $hiddenform .= "<input type='hidden' name='" . htmlspecialchars($k, ENT_QUOTES) . "' value='" . htmlspecialchars($myts->stripSlashesGPC($v), ENT_QUOTES) . "' />\n";
0 ignored issues
show
Deprecated Code introduced by mambax7
The function MyTextSanitizer::stripSlashesGPC() has been deprecated: as of XOOPS 2.5.11 and will be removed in next XOOPS version ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

709
                $hiddenform .= "<input type='hidden' name='" . htmlspecialchars($k, ENT_QUOTES) . "' value='" . htmlspecialchars(/** @scrutinizer ignore-deprecated */ $myts->stripSlashesGPC($v), ENT_QUOTES) . "' />\n";

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
710
            }
711
        }
712
        if (!isset($_POST['limit'])) {
713
            $hiddenform .= "<input type='hidden' name='limit' value='" . $limit . "' />\n";
714
        }
715
        if (!isset($_POST['start'])) {
716
            $hiddenform .= "<input type='hidden' name='start' value='" . $start . "' />\n";
717
        }
718
        $hiddenform .= "<input type='hidden' name='token' value='" . htmlspecialchars($token, ENT_QUOTES) . "' />\n";
719
        if (!isset($total) || ($totalpages = ceil($total / $limit)) > 1) {
720
            $prev = $start - $limit;
721
            if ($start - $limit >= 0) {
722
                $hiddenform .= "<a href='#0' onclick='document.findnext.start.value=" . $prev . ";document.findnext.submit();'>" . _MA_USER_PREVIOUS . "</a>&nbsp;\n";
723
            }
724
            $counter     = 1;
725
            $currentpage = ($start + $limit) / $limit;
726
            if (!isset($total)) {
727
                while ($counter <= $currentpage) {
728
                    if ($counter == $currentpage) {
729
                        $hiddenform .= '<strong>' . $counter . '</strong> ';
730
                    } elseif (($counter > $currentpage - 4 && $counter < $currentpage + 4) || $counter == 1) {
731
                        $hiddenform .= "<a href='#" . $counter . "' onclick='document.findnext.start.value=" . ($counter - 1) * $limit . ";document.findnext.submit();'>" . $counter . '</a> ';
732
                        if ($counter == 1 && $currentpage > 5) {
733
                            $hiddenform .= '... ';
734
                        }
735
                    }
736
                    ++$counter;
737
                }
738
            } else {
739
                while ($counter <= $totalpages) {
740
                    if ($counter == $currentpage) {
741
                        $hiddenform .= '<strong>' . $counter . '</strong> ';
742
                    } elseif (($counter > $currentpage - 4 && $counter < $currentpage + 4) || $counter == 1 || $counter == $totalpages) {
743
                        if ($counter == $totalpages && $currentpage < $totalpages - 4) {
744
                            $hiddenform .= '... ';
745
                        }
746
                        $hiddenform .= "<a href='#" . $counter . "' onclick='document.findnext.start.value=" . ($counter - 1) * $limit . ";document.findnext.submit();'>" . $counter . '</a> ';
747
                        if ($counter == 1 && $currentpage > 5) {
748
                            $hiddenform .= '... ';
749
                        }
750
                    }
751
                    ++$counter;
752
                }
753
            }
754
755
            $next = $start + $limit;
756
            if ((isset($total) && $total > $next) || (!isset($total) && count($foundusers) >= $limit)) {
757
                $hiddenform .= "&nbsp;<a href='#" . $total . "' onclick='document.findnext.start.value=" . $next . ";document.findnext.submit();'>" . _MA_USER_NEXT . "</a>\n";
758
            }
759
        }
760
        $hiddenform .= '</form>';
761
762
        echo '<div>' . $hiddenform;
763
        if (isset($total)) {
764
            echo '<br>' . sprintf(_MA_USER_USERSFOUND, $total) . '&nbsp;';
765
        }
766
        echo "<a href='#' onclick='document.findnext.start.value=0;document.findnext.user_submit.value=0;document.findnext.submit();'>" . _MA_USER_SEARCHAGAIN . "</a>\n";
767
        echo '</div>';
768
    }
769
}
770
771
xoops_footer();
772