2 # MantisBT - A PHP based bugtracking system
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
19 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
20 * @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net
21 * @link http://www.mantisbt.org
24 * @uses access_api.php
25 * @uses authentication_api.php
26 * @uses config_api.php
27 * @uses constant_inc.php
28 * @uses database_api.php
32 * @uses helper_api.php
35 * @uses logging_api.php
37 * @uses string_api.php
39 * @uses user_pref_api.php
42 require_once( 'core.php' );
43 require_api( 'access_api.php' );
44 require_api( 'authentication_api.php' );
45 require_api( 'config_api.php' );
46 require_api( 'constant_inc.php' );
47 require_api( 'database_api.php' );
48 require_api( 'email_api.php' );
49 require_api( 'form_api.php' );
50 require_api( 'gpc_api.php' );
51 require_api( 'helper_api.php' );
52 require_api( 'html_api.php' );
53 require_api( 'lang_api.php' );
54 require_api( 'logging_api.php' );
55 require_api( 'print_api.php' );
56 require_api( 'string_api.php' );
57 require_api( 'user_api.php' );
58 require_api( 'user_pref_api.php' );
60 form_security_validate('manage_user_update');
62 auth_reauthenticate();
63 access_ensure_global_level( config_get( 'manage_user_threshold' ) );
65 $f_protected = gpc_get_bool( 'protected' );
66 $f_enabled = gpc_get_bool( 'enabled' );
67 $f_email = gpc_get_string( 'email', '' );
68 $f_username = gpc_get_string( 'username', '' );
69 $f_realname = gpc_get_string( 'realname', '' );
70 $f_access_level = gpc_get_int( 'access_level' );
71 $f_user_id = gpc_get_int( 'user_id' );
73 if ( config_get( 'enable_email_notification' ) == ON
) {
74 $f_send_email_notification = gpc_get_bool( 'send_email_notification' );
76 $f_send_email_notification = 0;
79 user_ensure_exists( $f_user_id );
81 $f_email = trim( $f_email );
82 $f_username = trim( $f_username );
84 $t_old_username = user_get_field( $f_user_id, 'username' );
86 if ( $f_send_email_notification ) {
87 $t_old_realname = user_get_field( $f_user_id, 'realname' );
88 $t_old_email = user_get_email( $f_user_id );
89 $t_old_access_level = user_get_field( $f_user_id, 'access_level' );
92 # check that the username is unique
93 if ( 0 != strcasecmp( $t_old_username, $f_username )
94 && false == user_is_name_unique( $f_username ) ) {
95 trigger_error( ERROR_USER_NAME_NOT_UNIQUE
, ERROR
);
98 # strip extra space from real name
99 $t_realname = string_normalize( $f_realname );
101 user_ensure_name_valid( $f_username );
102 user_ensure_realname_valid( $f_realname );
103 user_ensure_realname_unique( $f_username, $f_realname );
105 $f_email = email_append_domain( $f_email );
106 email_ensure_valid( $f_email );
107 email_ensure_not_disposable( $f_email );
110 $c_username = $f_username;
111 $c_realname = $t_realname;
112 $c_protected = db_prepare_bool( $f_protected );
113 $c_enabled = db_prepare_bool( $f_enabled );
114 $c_user_id = db_prepare_int( $f_user_id );
115 $c_access_level = db_prepare_int( $f_access_level );
117 $t_user_table = db_get_table( 'user' );
119 $t_old_protected = user_get_field( $f_user_id, 'protected' );
121 # check that we are not downgrading the last administrator
122 $t_admin_threshold = config_get_global( 'admin_site_threshold' );
123 if ( user_is_administrator( $f_user_id ) &&
124 $f_access_level < $t_admin_threshold &&
125 user_count_level( $t_admin_threshold ) <= 1 ) {
126 trigger_error( ERROR_USER_CHANGE_LAST_ADMIN
, ERROR
);
129 # Project specific access rights override global levels, hence, for users who are changed
130 # to be administrators, we have to remove project specific rights.
131 if ( ( $f_access_level >= $t_admin_threshold ) && ( !user_is_administrator( $f_user_id ) ) ) {
132 user_delete_project_specific_access_levels( $f_user_id );
135 # if the user is already protected and the admin is not removing the
136 # protected flag then don't update the access level and enabled flag.
137 # If the user was unprotected or the protected flag is being turned off
138 # then proceed with a full update.
139 $query_params = Array();
140 if ( $f_protected && $t_old_protected ) {
141 $query = "UPDATE $t_user_table
142 SET username=" . db_param() . ", email=" . db_param() . ",
143 protected=" . db_param() . ", realname=" . db_param() . "
144 WHERE id=" . db_param();
145 $query_params = Array( $c_username, $c_email, $c_protected, $c_realname, $c_user_id );
147 $query = "UPDATE $t_user_table
148 SET username=" . db_param() . ", email=" . db_param() . ",
149 access_level=" . db_param() . ", enabled=" . db_param() . ",
150 protected=" . db_param() . ", realname=" . db_param() . "
151 WHERE id=" . db_param();
152 $query_params = Array( $c_username, $c_email, $c_access_level, $c_enabled, $c_protected, $c_realname, $c_user_id );
155 $result = db_query_bound( $query, $query_params );
157 if ( $f_send_email_notification ) {
158 lang_push( user_pref_get_language( $f_user_id ) );
160 if ( strcmp( $f_username, $t_old_username ) ) {
161 $t_changes .= lang_get( 'username_label' ) . lang_get( 'word_separator' ) . $t_old_username . ' => ' . $f_username . "\n";
163 if ( strcmp( $t_realname, $t_old_realname ) ) {
164 $t_changes .= lang_get( 'realname_label' ) . lang_get( 'word_separator' ) . $t_old_realname . ' => ' . $t_realname . "\n";
166 if ( strcmp( $f_email, $t_old_email ) ) {
167 $t_changes .= lang_get( 'email_label' ) . lang_get( 'word_separator' ) . $t_old_email . ' => ' . $f_email . "\n";
169 if ( strcmp( $f_access_level, $t_old_access_level ) ) {
170 $t_old_access_string = get_enum_element( 'access_levels', $t_old_access_level );
171 $t_new_access_string = get_enum_element( 'access_levels', $f_access_level );
172 $t_changes .= lang_get( 'access_level_label' ) . lang_get( 'word_separator' ) . $t_old_access_string . ' => ' . $t_new_access_string . "\n\n";
174 if ( !empty( $t_changes ) ) {
175 $t_subject = '[' . config_get( 'window_title' ) . '] ' . lang_get( 'email_user_updated_subject' );
176 $t_updated_msg = lang_get( 'email_user_updated_msg' );
177 $t_message = $t_updated_msg . "\n\n" . config_get( 'path' ) . 'account_page.php' . "\n\n" . $t_changes;
178 email_store( $f_email, $t_subject, $t_message );
179 log_event( LOG_EMAIL
, sprintf( 'Account update notification sent to ' . $f_username . ' (' . $f_email . ')' ) );
180 if ( config_get( 'email_send_using_cronjob' ) == OFF
) {
187 $t_redirect_url = 'manage_user_edit_page.php?user_id=' . $c_user_id;
189 form_security_purge('manage_user_update');
191 html_page_top( null, $result ?
$t_redirect_url : null );
197 if ( $f_protected && $t_old_protected ) { # PROTECTED
198 echo lang_get( 'manage_user_protected_msg' ) . '<br />';
199 } else if ( $result ) { # SUCCESS
200 echo lang_get( 'operation_successful' ) . '<br />';
202 print_sql_error( $query );
205 print_bracket_link( $t_redirect_url, lang_get( 'proceed' ) );
