GSP/Panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Panel/modules/user_admin/edit_user.php
copilot-swe-agent[bot] e44519c030
Apply automated PHP8 safety transforms 
Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/89922108-1604-44ae-949d-358d32b9d70a

Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com>
2026-04-23 14:01:37 +00:00

324 lines
12 KiB
PHP
Raw Blame History

<?php
/*
*
* OGP - Open Game Panel
* Copyright (C) 2008 - 2018 The OGP Development Team
*
* http://www.opengamepanel.org/
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*/
function exec_ogp_module() {
global $db, $settings;
// Check if the user_id is set in the uri first. Prevents notices if it's been removed.
if(!isset($_REQUEST['user_id']) === true){
print_failure(get_lang('valid_user'));
return;
}
$my_user_id = $_SESSION['user_id']; #who we're logged in as
$user_id = $_REQUEST['user_id'];
$isAdmin = $db->isAdmin($my_user_id);
$mySubUsers = $db->getUsersSubUsersIds($_SESSION['user_id']);
// Check that the user_id parameter corresponds to a valid user.
if(($userInfo = $db->getUserById($user_id)) === null)
{
print_failure(get_lang('valid_user'));
return;
}
// Allow user to modify owned subuser account information
else if ( ! $isAdmin && $my_user_id !== $user_id && @!in_array($user_id, $mySubUsers))
{
print_failure(get_lang('no_rights'));
return;
}
if ( $isAdmin )
{
$users = $db->getUserList();
foreach ((array)$users as $user)
{
if ( $db->isAdmin($user['user_id']) )
{
$first_admin_id = $user['user_id'];
break;
}
}
if( $db->isAdmin($user_id) and ( $first_admin_id != $my_user_id ) and ( $user_id != $my_user_id ) )
{
print_failure(get_lang('no_rights'));
return;
}
}
echo "<h2>".($my_user_id !== $user_id ? get_lang_f('editing_profile', htmlentities($userInfo['users_login'])) : get_lang('your_profile'))."</h2>";
echo "<div align='center'>";
require_once("includes/form_table_class.php");
if ( ( isset($_POST['new_password']) || isset($_POST['retype_new_password']) ) &&
$_POST['new_password'] !== $_POST['retype_new_password'] )
{
print_failure(get_lang('password_mismatch'));
}
# If we are editing our own profile we need to enter our current password as well
# elseif (isset($_POST['edit_user']) &&
# ($my_user_id === $user_id) &&
# !$db->is_valid_login($my_user_id,$_REQUEST['current_password']))
#{
# print_failure(get_lang('current_password_mismatch'));
#}
else if (isset($_POST['edit_user']))
{
$user_id = sanitizeInputStr($_POST['user_id']);
$newlang = sanitizeInputStr($_POST['newlang']);
$login = sanitizeInputStr($_POST['login']);
$firstname = sanitizeInputStr($_POST['first_name']);
$lastname = sanitizeInputStr($_POST['last_name']);
$email = sanitizeInputStr($_POST['email_address']);
$city = sanitizeInputStr($_POST['city']);
$province = sanitizeInputStr($_POST['province']);
$country = sanitizeInputStr($_POST['country']);
$phone = sanitizeInputStr($_POST['phone_number']);
$phone = preg_replace("/[^0-9]/", "", $phone);
$theme = sanitizeInputStr($_POST['theme']);
$page_limit = sanitizeInputStr($_POST['page_limit']);
// OGP needs to set the new theme and language in the current session, only if I'm modifying my own user profile.
if ( $my_user_id == $user_id )
{
$_SESSION['users_theme'] = $theme;
$_SESSION['users_lang'] = $newlang;
}
$fields['users_lang'] = $newlang;
$fields['users_fname'] = $firstname;
$fields['users_lname'] = $lastname;
$fields['users_phone'] = $phone;
$fields['users_city'] = $city;
$fields['users_province'] = $province;
$fields['users_country'] = $country;
if( isset($settings['editable_email']) )
{
if( $settings['editable_email'] == "1" OR ( $settings['editable_email'] == "0" and $isAdmin ) )
$fields['users_email'] = $email;
}
elseif( !isset( $settings['editable_email'] ) )
{
$fields['users_email'] = $email;
}
if ( $isAdmin )
{
$mins = sanitizeInputStr($_POST['minutes']);
$hours = sanitizeInputStr($_POST['hours']);
$months = sanitizeInputStr($_POST['month']);
$days = sanitizeInputStr($_POST['days']);
$years = sanitizeInputStr($_POST['years']);
if($months == 'X' || $days == 'X' || $years == 'X' || $hours == 'X' || $mins == 'X')
$expire_timestamp = "X";
else
$expire_timestamp = mktime( $hours, $mins, 0, $months, $days, $years);
$fields['users_role'] = sanitizeInputStr($_POST['newrole']);
$fields['users_comment'] = sanitizeInputStr($_POST['comment']);
$fields['user_expires'] = $expire_timestamp;
$fields['users_login'] = $login;
// Handle email preference
if(isset($_POST['user_receives_emails']) && is_numeric($_POST['user_receives_emails'])){
$fields['user_receives_emails'] = sanitizeInputStr($_POST['user_receives_emails']);
}
}
//when someone changes the profile to admin
if (isset($userInfo['users_role']) && isset($_POST['newrole']) && $userInfo['users_role'] != $_POST['newrole']) {
$client_ip = getClientIPAddress();
//WEBHOOK Discord=======================================================================================
// Create new webhook in your Discord channel settings and copy&paste URL
//=======================================================================================================
$webhookurl = "https://discord.com/api/webhooks/1087810639390576650/sspI3frko8FLD6ybvzG-_BXhG4wjH7yujFBxffgtTw34uAL_AdrDxY36C-khqs--cEMu";
//========================================================================================================
$msg = "User Role Changed :warning: \nIP: ".$client_ip." \nUser: ".$login." \nUser Role: ".$userInfo['users_role']." \nNew Role: ".$_POST['newrole'];
$json_data = array ('content'=>"$msg");
$make_json = json_encode($json_data);
$ch = curl_init( $webhookurl );
curl_setopt( $ch, CURLOPT_HTTPHEADER, array('Content-type: application/json'));
curl_setopt( $ch, CURLOPT_POST, 1);
curl_setopt( $ch, CURLOPT_POSTFIELDS, $make_json);
curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt( $ch, CURLOPT_HEADER, 0);
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec( $ch );
//end WEBHOOK Discord
}
if ( empty($theme) )
$fields['users_theme'] = NULL;
else
$fields['users_theme'] = $theme;
if (empty($page_limit) || !is_numeric($page_limit) || $page_limit < 10){
$fields['users_page_limit'] = 25;
}else{
if($page_limit > 9999){
$page_limit = 9999;
}
$fields['users_page_limit'] = $page_limit;
}
if ( isset($_POST['new_password']) && !empty($_POST['new_password']) )
$fields['users_passwd'] = md5($_POST['new_password']);
if ( !$db->editUser($fields,$user_id) )
{
print_failure(get_lang_f('failed_to_update_user_profile_error', $db->getError()));
}
else
{
print_success(get_lang_f('profile_of_user_modified_successfully',$login));
$db->logger(get_lang_f('profile_of_user_modified_successfully',$login));
}
global $view;
if ( $isAdmin )
{
$view->refresh("?m=user_admin");
}
else
{
if(isset($_SESSION['REFER']))
$view->refresh($_SESSION['REFER']);
else
$view->refresh("?m=user_admin&amp;p=edit_user&user_id=".$_SESSION['user_id']);
}
return;
}
$ft = new FormTable();
$ft->start_form('?m=user_admin&amp;p=edit_user');
$ft->add_field_hidden('user_id',$user_id);
$ft->start_table();
$login_option = ( !$isAdmin ) ? 'readonly="readonly"' : "";
$ft->add_field('string','login',$userInfo['users_login'],64,$login_option);
if ( $my_user_id === $user_id )
{
$ft->add_field('password','current_password','', 64);
}
$ft->add_field('password','new_password','', 64);
$ft->add_field('password','retype_new_password','', 64);
$locale_files = makefilelist("lang/", ".|..|.svn", true, "folders");
array_push($locale_files,"-");
sort($locale_files);
$ft->add_custom_field('language',
create_drop_box_from_array($locale_files,"newlang",@$userInfo['users_lang']));
require_once('modules/settings/functions.php');
$theme = "";
$add_empty = FALSE;
if ( isset($userInfo['users_theme']) )
{
$theme = $userInfo['users_theme'];
$add_empty = TRUE;
}
$ft->add_custom_field('theme', get_theme_html_str($theme, $add_empty));
$ft->add_field('string','page_limit',$userInfo['users_page_limit'], 64);
$ft->add_field('string','first_name',$userInfo['users_fname'], 64);
$ft->add_field('string','last_name',$userInfo['users_lname'], 64);
$ft->add_field('string','phone_number',$userInfo['users_phone'], 64);
$email_option = ( !$isAdmin and isset( $settings['editable_email'] ) and $settings['editable_email'] == "0" ) ? 'readonly="readonly"' : "";
$ft->add_field('string','email_address',$userInfo['users_email'],64,$email_option);
$ft->add_field('string','city',$userInfo['users_city'], 64);
$ft->add_field('string','province',$userInfo['users_province'], 64);
$ft->add_field('string','country',$userInfo['users_country'], 64);
$ft->add_field('string','api_token',$db->getApiToken($userInfo['user_id']), 64, "readonly");
// Receives email notifications (for admins only --- really)
if ( $isAdmin ) {
$ft->add_field('on_off','user_receives_emails',$userInfo['user_receives_emails']);
}
if ( $isAdmin && $userInfo['users_role'] != "subuser" ) {
$ft->add_custom_field('user_role',
create_drop_box_from_array(array('user', 'admin','banned'),"newrole", $userInfo['users_role']));
$ft->add_field('text','comment',$userInfo['users_comment'], 48);
?>
<tr>
<td align='right'><?php print_lang('expires'); ?>:</td>
<?php
$timediff = $userInfo["user_expires"];
//echo "Timediff is $timediff<br>";
if(read_expire($timediff) !== 'X')
{
$exday = date("j", is_numeric($timediff) ? (int)$timediff : strtotime($timediff));
$exyear = date("Y", is_numeric($timediff) ? (int)$timediff : strtotime($timediff));
$exmonth = date("m", is_numeric($timediff) ? (int)$timediff : strtotime($timediff));
$exhour = date("H", is_numeric($timediff) ? (int)$timediff : strtotime($timediff));
$exmin = date("i", is_numeric($timediff) ? (int)$timediff : strtotime($timediff));
}
else
{
$exday = "X";
$exyear = "X";
$exmonth = "X";
$exhour = "X";
$exmin = "X";
}
$minutes = range(0,59);
$pad_length = 2;
foreach ((array)$minutes as &$minute)
{
$minute = str_pad($minute, $pad_length, "0", STR_PAD_LEFT);
}
$months = array('X' => 'X', '1' => 'Jan', '2' => 'Feb', '3' => 'Mar', '4' => 'Apr', '5' => 'May', '6' => 'Jun', '7' => 'July',
'8' => 'Aug', '9' => 'Sep', '10' => 'Oct', '11' => 'Nov', '12' => 'Dec');
#The ugliness below is to populate the expiration fields with what is in the db
#Looks bad, but it works well
echo "<td align='left'>";
$x_array = array('X');
echo create_drop_box_from_array(array_merge($x_array,range(1,31)),"days",$exday,true);
echo create_drop_box_from_array($months,"month",$exmonth,false);
echo create_drop_box_from_array(array_merge($x_array,range(date('Y')-1,date('Y')+10)),
"years",$exyear,true);
echo " - ";
echo create_drop_box_from_array(array_merge($x_array,range(0,23)),"hours",$exhour,true);
echo ":";
echo create_drop_box_from_array(array_merge($x_array,$minutes),"minutes",$exmin,true);
echo "<tr><td colspan='2' class='info'>".get_lang('expires_info')."</td></tr>";
}
$ft->end_table();
$ft->add_button("submit","edit_user",get_lang('save_profile'));
$ft->end_form();
echo "</div>";
}
?>
Reference in a new issue View git blame Copy permalink