1]; $config = array_merge($dconfig, $config); $SUBDOMAIN = "main"; $TITLE = $title ?: "main"; $LINKS = [ ["href" => "/manage/event.php", "text" => "Events"], ["href" => "/manage/users.php", "text" => "Users"], ["href" => "/manage/user-notes.php", "text" => "Notes"], ]; $CSS = ["/styles/master.css"]; $SEARCH = []; if (strstr($_SERVER["SCRIPT_FILENAME"], "users.php")) { $SEARCH = ["method" => "get", "action" => "/manage/users.php", "placeholder" => "Search profiles", "name" => "search"]; $CSS[] = "/styles/user-autocomplete.css"; } if (strstr($_SERVER["SCRIPT_FILENAME"], "event.php")) { $SEARCH = ["method" => "get", "action" => "/manage/event.php", "placeholder" => "Search Events", "name" => "search"]; } if (strstr($_SERVER["SCRIPT_FILENAME"], "user-notes.php")) { $SEARCH = ["method" => "get", "action" => "/manage/user-notes.php", "placeholder" => "Search notes (keyword, ID or sect:)", "name" => "keyword"]; } if (isset($_SESSION['credentials'])) { array_unshift($LINKS, ["href" => "/manage/users.php?username=" . $_SESSION["credentials"][0], "text" => "My Profile"]); $LINKS[] = ["href" => "/login.php?action=logout", "text" => "Logout"]; } include __DIR__ . "/../shared/templates/header.inc"; if ($config["columns"] > 1) { echo '

'; } else { echo '

'; } } function foot($secondscreen = null) { $SECONDSCREEN = $secondscreen; $JS = [ "/js/master.js", ]; if (strstr($_SERVER["SCRIPT_FILENAME"], "users.php")) { array_push( $JS, "//people.php.net/js/jquery.autocomplete.min.js", "//people.php.net/js/userlisting.php", "//people.php.net/js/search.js" ); } ?>

$message

"; } function warn($message) { echo format_warn($message); } // ----------------------------------------------------------------------------------- function array_to_url($array,$overlay=[]) { $params = []; foreach($array as $k => $v) { $params[$k] = rawurlencode($k) . "=" . rawurlencode($v); } foreach($overlay as $k => $v) { if ($array[$k] == $v) { $params["forward"] = $array["forward"] ? "forward=0" : "forward=1"; continue; } $params["forward"] = "forward=0"; $params[$k] = rawurlencode($k) . "=" . rawurlencode($v); } return implode("&", $params); } /** * @param int $begin * @param int $rows * @param int $skip * @param int $total */ function show_prev_next($begin, $rows, $skip, $total, $extra = [], $table = true) {?>

0) { printf("« Previous %d", $_SERVER['PHP_SELF'], array_to_url($extra, ["begin" => max(0,$begin-$skip)]), min($skip,$begin)); } ?>

Next %d »", $_SERVER['PHP_SELF'], array_to_url($extra, ["begin" => $begin+$skip]), min($skip,$total-($begin+$skip))); } ?>

safeQuery("SELECT id, name FROM country ORDER BY name"); foreach ($res as $row) { echo "{$row['name']}"; } } function verify_ssh_keys($string) { return count(get_ssh_keys($string)) > 0; } function get_ssh_keys($string) { $results = []; if (preg_match_all('@(ssh-(?:rsa|dss) ([^\s]+) ([^\s]*))@', $string, $matches, PREG_SET_ORDER)) { foreach ($matches as $match) { $results[] = ['key' => $match[1], 'name' => $match[3]]; } } return $results; } // ----------------------------------------------------------------------------------- // function find_group_address_from_notes_for(DB $pdo, $id) { $note = $pdo->single("SELECT note FROM users_note WHERE userid = ? LIMIT 1", [$id]); $cc = ""; if (preg_match("/\[group: (\w+)\]/", $note, $matches)) { switch($matches[1]) { case "php": $cc = "internals@lists.php.net"; break; case "pear": $cc = "pear-group@lists.php.net"; break; case "pecl": $cc = "pecl-dev@lists.php.net"; break; case "doc": $cc = "phpdoc@lists.php.net"; break; } } return $cc; } define("MT_USER_APPROVE_MAIL", "group@php.net"); define("MT_USER_REMOVE_MAIL", "group@php.net"); function user_approve(DB $pdo, $id) { $res = $pdo->safeQueryReturnsAffectedRows("UPDATE users SET cvsaccess=1, enable=1 WHERE userid=?", [$id]); if ($res) { $cc = find_group_address_from_notes_for($pdo, $id); $mailtext = $cc ? $cc : EMAIL_DEFAULT_CC; $userinfo = fetch_user($pdo, $id); $message = mt_approve_user($userinfo, $mailtext); /* Notify the user */ mail($userinfo["email"], "VCS Account Request: $userinfo[username]", $message, "From: PHP Group ", "-fnoreply@php.net"); /* Notify the public records */ $to = MT_USER_APPROVE_MAIL . ($cc ? ",$cc" : ""); $subject = "Re: VCS Account Request: $userinfo[username]"; $message = "VCS Account Approved: $userinfo[username] approved by {$_SESSION["username"]} \o/"; $headers = "From: PHP Group \r\nIn-Reply-To: "; mail($to, $subject, $message, $headers, "-fnoreply@php.net"); warn("record $id ($userinfo[username]) approved"); return true; } else { warn("wasn't able to grant access to id $id."); return false; } } function user_remove(DB $pdo, $id) { $userinfo = fetch_user($pdo, $id); $res = $pdo->safeQueryReturnsAffectedRows("DELETE FROM users WHERE userid=?", [$id]); if ($res) { $cc = find_group_address_from_notes_for($pdo, $id); $message = $userinfo['cvsaccess'] ? mt_remove_user($userinfo) : mt_deny_user($userinfo); /* Notify the user */ mail($userinfo['email'],"VCS Account Request: $userinfo[username]",$message,"From: PHP Group ", "-fnoreply@php.net"); $to = MT_USER_REMOVE_MAIL . ($cc ? ",$cc" : ""); $subject = "Re: VCS Account Request: $userinfo[username]"; $message = $userinfo['cvsaccess'] ? "VCS Account Deleted: $userinfo[username] deleted by {$_SESSION["username"]} /o\\" : "VCS Account Rejected: $userinfo[username] rejected by {$_SESSION["username"]} /o\\"; /* Notify public records */ mail($to, $subject, $message,"From: PHP Group \r\nIn-Reply-To: ", "-fnoreply@php.net"); $pdo->safeQuery("DELETE FROM users_note WHERE userid=?", [$id]); $pdo->safeQuery("DELETE FROM users_profile WHERE userid=?", [$id]); warn("record $id ($userinfo[username]) removed"); return true; } else { warn("wasn't able to delete id $id."); return false; } } function is_admin($user) { $admins = [ "jimw", "rasmus", "sas", "stas", "mj", "philip", "davidc", "derick", "cmb", "kalle", "krakjoe", "pollita", "ilutov", "bukka", ]; return in_array($user, $admins); } function is_mirror_site_admin($user) { return is_admin($user); } # returns false if $user is not allowed to modify $userid function can_modify(DB $pdo, $user,$userid) { if (is_admin($user)) return true; $query = "SELECT 1 FROM users WHERE userid = ? AND (email = ? OR username = ?)"; $res = $pdo->single($query, [$userid, $user, $user]); return (bool) $res; } function fetch_user(DB $pdo, $user): array { if ((int)$user) { return $pdo->row( "SELECT * FROM users LEFT JOIN users_note USING (userid) WHERE users.userid = ?", [$user]); } return $pdo->row( "SELECT * FROM users LEFT JOIN users_note USING (userid) WHERE username = ? OR email = ?", [$user, $user]); } function invalid_input($in) { if (!empty($in['email']) && strlen($in['email']) && !is_emailable_address($in['email'])) { return "'". hsc($in['email']) ."' does not look like a valid email address"; } if (!empty($in['username']) && !preg_match("/^[-\w]+\$/",$in['username'])) { return "'". hsc($in['username']) ."' is not a valid username"; } if (!empty($in['rawpasswd']) && $in['rawpasswd'] != $in['rawpasswd2']) { return "the passwords you specified did not match!"; } if (!empty($in['sshkey']) && !verify_ssh_keys($in['sshkey'])) { return "the ssh key doesn't seem to have the necessary format"; } return false; } function validateAction($k) { switch($k) { case "approve": case "remove": return $k; default: warn("that action ('" . hsc($k) . "') is not understood."); } return false; } function display_options($options,$current) { foreach ($options as $k => $v) { echo '', html_entity_decode($v,ENT_QUOTES), "\n"; } }