aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp/acp_users.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/acp/acp_users.php')
-rw-r--r--phpBB/includes/acp/acp_users.php135
1 files changed, 103 insertions, 32 deletions
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index 8c17fb6311..008cc02471 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -44,6 +44,11 @@ class acp_users
$user_id = request_var('u', 0);
$action = request_var('action', '');
+ // Get referer to redirect user to the appropriate page after delete action
+ $redirect = request_var('redirect', '');
+ $redirect_tag = "redirect=$redirect";
+ $redirect_url = append_sid("{$phpbb_admin_path}index.$phpEx", "i=$redirect");
+
$submit = (isset($_POST['update']) && !isset($_POST['cancel'])) ? true : false;
$form_name = 'acp_users';
@@ -52,7 +57,10 @@ class acp_users
// Whois (special case)
if ($action == 'whois')
{
- include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ if (!function_exists('user_get_id_name'))
+ {
+ include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ }
$this->page_title = 'WHOIS';
$this->tpl_name = 'simple_body';
@@ -146,9 +154,9 @@ class acp_users
}
$template->assign_vars(array(
- 'U_BACK' => $this->u_action,
+ 'U_BACK' => (empty($redirect)) ? $this->u_action : $redirect_url,
'U_MODE_SELECT' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=$id&u=$user_id"),
- 'U_ACTION' => $this->u_action . '&u=' . $user_id,
+ 'U_ACTION' => $this->u_action . '&u=' . $user_id . ((empty($redirect)) ? '' : '&' . $redirect_tag),
'S_FORM_OPTIONS' => $s_form_options,
'MANAGED_USERNAME' => $user_row['username'])
);
@@ -165,7 +173,10 @@ class acp_users
{
case 'overview':
- include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ if (!function_exists('user_get_id_name'))
+ {
+ include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ }
$user->add_lang('acp/ban');
@@ -221,19 +232,30 @@ class acp_users
user_delete($delete_type, $user_id, $user_row['username']);
add_log('admin', 'LOG_USER_DELETED', $user_row['username']);
- trigger_error($user->lang['USER_DELETED'] . adm_back_link($this->u_action));
+ trigger_error($user->lang['USER_DELETED'] . adm_back_link(
+ (empty($redirect)) ? $this->u_action : $redirect_url
+ )
+ );
}
else
{
- confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields(array(
+ $delete_confirm_hidden_fields = array(
'u' => $user_id,
'i' => $id,
'mode' => $mode,
'action' => $action,
'update' => true,
'delete' => 1,
- 'delete_type' => $delete_type))
+ 'delete_type' => $delete_type,
);
+
+ // Checks if the redirection page is specified
+ if (!empty($redirect))
+ {
+ $delete_confirm_hidden_fields['redirect'] = $redirect;
+ }
+
+ confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($delete_confirm_hidden_fields));
}
}
else
@@ -338,7 +360,10 @@ class acp_users
if ($config['email_enable'])
{
- include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+ if (!class_exists('messenger'))
+ {
+ include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+ }
$server_url = generate_board_url();
@@ -348,11 +373,6 @@ class acp_users
if ($user_row['user_type'] == USER_NORMAL)
{
user_active_flip('deactivate', $user_id, INACTIVE_REMIND);
-
- $sql = 'UPDATE ' . USERS_TABLE . "
- SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
- WHERE user_id = $user_id";
- $db->sql_query($sql);
}
else
{
@@ -361,8 +381,18 @@ class acp_users
FROM ' . USERS_TABLE . '
WHERE user_id = ' . $user_id;
$result = $db->sql_query($sql);
- $user_actkey = (string) $db->sql_fetchfield('user_actkey');
+ $user_activation_key = (string) $db->sql_fetchfield('user_actkey');
$db->sql_freeresult($result);
+
+ $user_actkey = empty($user_activation_key) ? $user_actkey : $user_activation_key;
+ }
+
+ if ($user_row['user_type'] == USER_NORMAL || empty($user_activation_key))
+ {
+ $sql = 'UPDATE ' . USERS_TABLE . "
+ SET user_actkey = '" . $db->sql_escape($user_actkey) . "'
+ WHERE user_id = $user_id";
+ $db->sql_query($sql);
}
$messenger = new messenger(false);
@@ -421,7 +451,10 @@ class acp_users
$phpbb_notifications = $phpbb_container->get('notification_manager');
$phpbb_notifications->delete_notifications('notification.type.admin_activate_user', $user_row['user_id']);
- include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+ if (!class_exists('messenger'))
+ {
+ include($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);
+ }
$messenger = new messenger(false);
@@ -1345,7 +1378,10 @@ class acp_users
case 'profile':
- include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ if (!function_exists('user_get_id_name'))
+ {
+ include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ }
$cp = $phpbb_container->get('profilefields.manager');
@@ -1504,7 +1540,10 @@ class acp_users
case 'prefs':
- include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ if (!function_exists('user_get_id_name'))
+ {
+ include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ }
$data = array(
'dateformat' => utf8_normalize_nfc(request_var('dateformat', $user_row['user_dateformat'], true)),
@@ -1553,7 +1592,7 @@ class acp_users
if ($submit)
{
$error = validate_data($data, array(
- 'dateformat' => array('string', false, 1, 30),
+ 'dateformat' => array('string', false, 1, 64),
'lang' => array('match', false, '#^[a-z_\-]{2,}$#i'),
'tz' => array('timezone'),
@@ -1774,13 +1813,12 @@ class acp_users
case 'avatar':
- include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
-
$avatars_enabled = false;
+ /** @var \phpbb\avatar\manager $phpbb_avatar_manager */
+ $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
if ($config['allow_avatar'])
{
- $phpbb_avatar_manager = $phpbb_container->get('avatar.manager');
$avatar_drivers = $phpbb_avatar_manager->get_enabled_drivers();
// This is normalised data, without the user_ prefix
@@ -1841,14 +1879,21 @@ class acp_users
$selected_driver = $phpbb_avatar_manager->clean_driver_name($request->variable('avatar_driver', $user_row['user_avatar_type']));
+ // Assign min and max values before generating avatar driver html
+ $template->assign_vars(array(
+ 'AVATAR_MIN_WIDTH' => $config['avatar_min_width'],
+ 'AVATAR_MAX_WIDTH' => $config['avatar_max_width'],
+ 'AVATAR_MIN_HEIGHT' => $config['avatar_min_height'],
+ 'AVATAR_MAX_HEIGHT' => $config['avatar_max_height'],
+ ));
+
foreach ($avatar_drivers as $current_driver)
{
$driver = $phpbb_avatar_manager->get_driver($current_driver);
$avatars_enabled = true;
- $config_name = $phpbb_avatar_manager->get_driver_config_name($driver);
$template->set_filenames(array(
- 'avatar' => "acp_avatar_options_{$config_name}.html",
+ 'avatar' => $driver->get_acp_template_name(),
));
if ($driver->prepare_form($request, $template, $user, $avatar_data, $error))
@@ -1868,8 +1913,12 @@ class acp_users
}
}
- // Replace "error" strings with their real, localised form
- $error = $phpbb_avatar_manager->localize_errors($user, $error);
+ // Avatar manager is not initialized if avatars are disabled
+ if (isset($phpbb_avatar_manager))
+ {
+ // Replace "error" strings with their real, localised form
+ $error = $phpbb_avatar_manager->localize_errors($user, $error);
+ }
$avatar = phpbb_get_user_avatar($user_row, 'USER_AVATAR', true);
@@ -1930,8 +1979,15 @@ class acp_users
case 'sig':
- include_once($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
- include_once($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+ if (!function_exists('generate_smilies'))
+ {
+ include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
+ }
+
+ if (!function_exists('display_custom_bbcodes'))
+ {
+ include($phpbb_root_path . 'includes/functions_display.' . $phpEx);
+ }
$enable_bbcode = ($config['allow_sig_bbcode']) ? (bool) $this->optionget($user_row, 'sig_bbcode') : false;
$enable_smilies = ($config['allow_sig_smilies']) ? (bool) $this->optionget($user_row, 'sig_smilies') : false;
@@ -1942,7 +1998,10 @@ class acp_users
if ($submit || $preview)
{
- include_once($phpbb_root_path . 'includes/message_parser.' . $phpEx);
+ if (!class_exists('messenger'))
+ {
+ include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
+ }
$enable_bbcode = ($config['allow_sig_bbcode']) ? ((request_var('disable_bbcode', false)) ? false : true) : false;
$enable_smilies = ($config['allow_sig_smilies']) ? ((request_var('disable_smilies', false)) ? false : true) : false;
@@ -2183,7 +2242,10 @@ class acp_users
case 'groups':
- include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ if (!function_exists('group_user_attributes'))
+ {
+ include($phpbb_root_path . 'includes/functions_user.' . $phpEx);
+ }
$user->add_lang(array('groups', 'acp/groups'));
$group_id = request_var('g', 0);
@@ -2217,6 +2279,12 @@ class acp_users
{
trigger_error($user->lang['NO_GROUP'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
}
+
+ if (!check_link_hash($request->variable('hash', ''), 'acp_users'))
+ {
+ trigger_error($user->lang['FORM_INVALID'] . adm_back_link($this->u_action), E_USER_WARNING);
+ }
+
group_user_attributes($action, $group_id, $user_id);
if ($action == 'default')
@@ -2374,8 +2442,8 @@ class acp_users
{
$template->assign_block_vars('group', array(
'U_EDIT_GROUP' => append_sid("{$phpbb_admin_path}index.$phpEx", "i=groups&mode=manage&action=edit&u=$user_id&g={$data['group_id']}&back_link=acp_users_groups"),
- 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'],
- 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'],
+ 'U_DEFAULT' => $this->u_action . "&action=default&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
+ 'U_DEMOTE_PROMOTE' => $this->u_action . '&action=' . (($data['group_leader']) ? 'demote' : 'promote') . "&u=$user_id&g=" . $data['group_id'] . '&hash=' . generate_link_hash('acp_users'),
'U_DELETE' => $this->u_action . "&action=delete&u=$user_id&g=" . $data['group_id'],
'U_APPROVE' => ($group_type == 'pending') ? $this->u_action . "&action=approve&u=$user_id&g=" . $data['group_id'] : '',
@@ -2399,7 +2467,10 @@ class acp_users
case 'perm':
- include_once($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
+ if (!class_exists('auth_admin'))
+ {
+ include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);
+ }
$auth_admin = new auth_admin();
generated by cgit v1.2.1 (git 2.21.0) at 2025-12-05 03:00:14 +0000