613 lines
22 KiB
PHP
Executable File
613 lines
22 KiB
PHP
Executable File
<?php
|
|
// ensure this file is being included by a parent file
|
|
if( !defined( '_JEXEC' ) && !defined( '_VALID_MOS' ) ) die( 'Restricted access' );
|
|
/**
|
|
* @version $Id: admin.php 242 2015-08-19 06:29:26Z soeren $
|
|
* @package eXtplorer
|
|
* @copyright soeren 2007-2015
|
|
* @author The eXtplorer project (http://extplorer.net)
|
|
* @author The The QuiX project (http://quixplorer.sourceforge.net)
|
|
* @license
|
|
* @version $Id: admin.php 242 2015-08-19 06:29:26Z soeren $
|
|
* The contents of this file are subject to the Mozilla Public License
|
|
* Version 1.1 (the "License"); you may not use this file except in
|
|
* compliance with the License. You may obtain a copy of the License at
|
|
* http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS IS"
|
|
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
|
|
* License for the specific language governing rights and limitations
|
|
* under the License.
|
|
*
|
|
* Alternatively, the contents of this file may be used under the terms
|
|
* of the GNU General Public License Version 2 or later (the "GPL"), in
|
|
* which case the provisions of the GPL are applicable instead of
|
|
* those above. If you wish to allow use of your version of this file only
|
|
* under the terms of the GPL and not to allow others to use
|
|
* your version of this file under the MPL, indicate your decision by
|
|
* deleting the provisions above and replace them with the notice and
|
|
* other provisions required by the GPL. If you do not delete
|
|
* the provisions above, a recipient may use your version of this file
|
|
* under either the MPL or the GPL."
|
|
*
|
|
*/
|
|
/**
|
|
* Comment:
|
|
* Administrative Functions
|
|
*
|
|
*
|
|
*
|
|
/**
|
|
* Creates a form to manage users + passwords
|
|
*
|
|
* @param boolean $admin
|
|
* @param string $dir
|
|
*/
|
|
function admin($admin, $dir) {
|
|
if( $GLOBALS["permissions"] < 7 || $_SESSION['credentials_extplorer']['username'] == 'admin' && $_SESSION['credentials_extplorer']['password'] == extEncodePassword('admin') ) {
|
|
$activeTab = '0';
|
|
} else {
|
|
$activeTab = '1';
|
|
}
|
|
?>
|
|
{
|
|
"xtype": "tabpanel",
|
|
"width": "450",
|
|
"id": "dialog_tabpanel",
|
|
"dialogtitle": "<?php echo ext_Lang::msg('actadmin') ?>",
|
|
"listeners": {
|
|
"afterrender": {
|
|
fn: function(cmp) {
|
|
cmp.activate(<?php echo $activeTab ?>);
|
|
}
|
|
}
|
|
},
|
|
"items":
|
|
[{
|
|
"xtype": "form",
|
|
"id": "passform",
|
|
"autoHeight": "true",
|
|
"headerAsText": false,
|
|
"labelWidth": 125,
|
|
"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
|
|
"title": "<?php echo ext_Lang::msg('actchpwd', true) ?>",
|
|
"frame": true,
|
|
"items": [{
|
|
"xtype": "textfield",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscoldpass', true ) ?>",
|
|
"name": "oldpwd",
|
|
"inputType": "password",
|
|
"allowBlank":false
|
|
},
|
|
{ "xtype": "textfield",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscnewpass', true ) ?>",
|
|
"name": "newpwd1",
|
|
"hiddenName": "newpwd1",
|
|
"inputType": "password",
|
|
"allowBlank":false
|
|
},
|
|
{ "xtype": "textfield",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>",
|
|
"name": "newpwd2",
|
|
"hiddenName": "newpwd2",
|
|
"inputType": "password",
|
|
"allowBlank":false
|
|
}],
|
|
"buttons": [{
|
|
"text": "<?php echo ext_Lang::msg( 'btnchange', true ) ?>",
|
|
"handler": function() {
|
|
frm = Ext.getCmp("passform").getForm();
|
|
if(frm.findField('newpwd1').getValue() != frm.findField('newpwd2').getValue() ) {
|
|
Ext.Msg.alert("Error!", "<?php echo ext_Lang::msg('miscnopassmatch', true ); ?>");
|
|
return false;
|
|
}
|
|
if(frm.findField('oldpwd').getValue() ==frm.findField('newpwd1').getValue()) {
|
|
Ext.Msg.alert("Error!", "<?php echo ext_Lang::err('miscnopassdiff', true ); ?>");
|
|
return false;
|
|
}
|
|
|
|
statusBarMessage( "Please wait...", true );
|
|
frm.submit({
|
|
//reset: true,
|
|
reset: false,
|
|
"success": function(form, action) {
|
|
statusBarMessage( action.result.message, false, true );
|
|
Ext.getCmp("dialog").destroy();
|
|
},
|
|
"failure": function(form, action) {
|
|
if( !action.result ) return;
|
|
Ext.MessageBox.alert("Error!", action.result.error);
|
|
statusBarMessage( action.result.error, false, false );
|
|
},
|
|
"scope": Ext.getCmp("passform"),
|
|
// add some vars to the request, similar to hidden fields
|
|
"params": {
|
|
option: "com_extplorer",
|
|
"action": "admin",
|
|
"action2": "chpwd",
|
|
"token": "<?php echo ext_getToken() ?>"
|
|
}
|
|
})
|
|
}
|
|
}]
|
|
|
|
|
|
<?php
|
|
if($admin) {
|
|
?>
|
|
},{
|
|
"xtype": "form",
|
|
"id": "userlist",
|
|
"autoHeight": "true",
|
|
"headerAsText": false,
|
|
"labelWidth": 125,
|
|
"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
|
|
title: "<?php echo ext_Lang::msg('actusers', true) ?>",
|
|
|
|
"frame": true,
|
|
"items": [{
|
|
<?php
|
|
$cnt=count($GLOBALS["users"]);
|
|
for($i=0;$i<$cnt;++$i) {
|
|
|
|
// Username & Home dir:
|
|
$user=$GLOBALS["users"][$i][0]; if(strlen($user)>15) $user=substr($user,0,12)."...";
|
|
$home=$GLOBALS["users"][$i][2]; if(strlen($home)>30) $home=substr($home,0,27)."...";
|
|
?>
|
|
|
|
"xtype": "radio",
|
|
"name": "nuser",
|
|
"inputValue": "<?php echo $GLOBALS["users"][$i][0] ?>",
|
|
"fieldLabel": "<?php echo $user ?>",
|
|
"boxLabel": "<?php echo '<strong>Homedir:</strong> '.$home.'; '
|
|
.($GLOBALS["users"][$i][4] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]).'; '
|
|
.$GLOBALS["users"][$i][6].'; '
|
|
.($GLOBALS["users"][$i][7] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]);
|
|
?>"
|
|
}
|
|
<?php
|
|
echo $i+1<$cnt ? ', {' : '';
|
|
}
|
|
?>
|
|
],
|
|
"buttons": [{
|
|
|
|
"text": "<?php echo ext_Lang::msg( 'btnadd', true ) ?>",
|
|
"handler": function() {
|
|
Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>",
|
|
"params": { "option": "com_extplorer","action": "admin","action2": "adduser",
|
|
"token": "<?php echo ext_getToken() ?>" },
|
|
"callback": function(oElement, bSuccess, oResponse) {
|
|
if( !bSuccess ) {
|
|
Ext.Msg.alert( "Ajax communication failure!");
|
|
}
|
|
if( oResponse && oResponse.responseText ) {
|
|
try{ json = Ext.decode( oResponse.responseText );
|
|
if( json.error && typeof json.error != 'xml' ) {
|
|
Ext.Msg.alert( "<?php echo ext_Lang::err('error', true ) ?>", json.error );
|
|
dialog.destroy();
|
|
return false;
|
|
}
|
|
} catch(e) { return false; }
|
|
|
|
Ext.getCmp("dialog_tabpanel").add( json );
|
|
Ext.getCmp("dialog_tabpanel").activate(json.id);
|
|
Ext.getCmp("dialog").syncSize();
|
|
}
|
|
}
|
|
|
|
});
|
|
}
|
|
},
|
|
{
|
|
"text": "<?php echo ext_Lang::msg( 'btnedit', true ) ?>",
|
|
"handler": function() {
|
|
frm = Ext.getCmp("userlist").getForm();
|
|
try {
|
|
theUser = frm.findField(0).getGroupValue();
|
|
} catch(e) {
|
|
Ext.Msg.alert( "Error", "<?php echo ext_Lang::err('miscselitems', true ) ?>" );
|
|
return;
|
|
}
|
|
Ext.Ajax.request( { url: "<?php echo basename($GLOBALS['script_name']) ?>",
|
|
"params": { option: "com_extplorer","action": "admin","action2": "edituser","nuser":theUser,
|
|
"token": "<?php echo ext_getToken() ?>" },
|
|
"callback": function(oElement, bSuccess, oResponse) {
|
|
if( !bSuccess ) {
|
|
Ext.Msg.alert( "Ajax communication failure!");
|
|
}
|
|
if( oResponse && oResponse.responseText ) {
|
|
try{ json = Ext.decode( oResponse.responseText );
|
|
if( json.error && typeof json.error != 'xml' ) {
|
|
Ext.Msg.alert( "<?php echo ext_Lang::err('error', true ) ?>", json.error );
|
|
dialog.destroy();
|
|
return false;
|
|
}
|
|
} catch(e) { return false; }
|
|
|
|
Ext.getCmp("dialog_tabpanel").add( json );
|
|
Ext.getCmp("dialog_tabpanel").activate(json.id);
|
|
Ext.getCmp("dialog").syncSize();
|
|
}
|
|
}
|
|
|
|
});
|
|
}
|
|
},
|
|
{
|
|
"text": "<?php echo ext_Lang::msg( 'btnremove', true ) ?>",
|
|
"handler": function() {
|
|
frm = Ext.getCmp("userlist").getForm();
|
|
try {
|
|
theUser = frm.findField(0).getGroupValue();
|
|
} catch(e) {
|
|
Ext.Msg.alert( "Error", "<?php echo ext_Lang::err('miscselitems', true ) ?>" );
|
|
return;
|
|
}
|
|
|
|
Ext.Msg.confirm( "", String.format( "<?php echo ext_Lang::err('miscdeluser', true ) ?>", theUser ), function( btn ) {
|
|
if( btn != 'yes') return;
|
|
statusBarMessage( "Please wait...", true );
|
|
frm.submit({
|
|
"success": function(form, action) {
|
|
statusBarMessage( action.result.message, false, true );
|
|
},
|
|
"failure": function(form, action) {
|
|
if( !action.result ) return;
|
|
Ext.MessageBox.alert("Error!", action.result.error);
|
|
statusBarMessage( action.result.error, false, false );
|
|
},
|
|
"scope": Ext.getCmp("userlist").getForm(),
|
|
// add some vars to the request, similar to hidden fields
|
|
"params": {
|
|
"option": "com_extplorer",
|
|
"action": "admin",
|
|
"action2": "rmuser",
|
|
"user": theUser,
|
|
"token": "<?php echo ext_getToken() ?>"
|
|
}
|
|
});
|
|
});
|
|
}
|
|
}
|
|
]
|
|
|
|
<?php
|
|
}
|
|
?>
|
|
|
|
}]
|
|
}
|
|
<?php
|
|
}
|
|
//------------------------------------------------------------------------------
|
|
function changepwd($dir) { // Change Password
|
|
if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
|
|
ext_Result::sendResult('tokencheck', false, 'Request failed: Security Token not valid.');
|
|
}
|
|
if($GLOBALS['__POST']["newpwd1"]!=$GLOBALS['__POST']["newpwd2"]) {
|
|
ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
|
|
}
|
|
|
|
$data=ext_find_user( $GLOBALS['__SESSION']['credentials_extplorer']['username'],null );
|
|
// Username not existing
|
|
if( $data === NULL ) {
|
|
ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnouserpass"]);
|
|
}
|
|
require_once( _EXT_PATH.'/libraries/PasswordHash.php');
|
|
$hasher = new PasswordHash(8, FALSE);
|
|
$result = $hasher->CheckPassword($GLOBALS['__POST']["oldpwd"], $data[1]);
|
|
if(!$result) {
|
|
$data=ext_find_user($GLOBALS['__SESSION']['credentials_extplorer']['username'],md5(stripslashes($GLOBALS['__POST']["oldpwd"])));
|
|
if($data==NULL) {
|
|
ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnouserpass"]);
|
|
}
|
|
}
|
|
|
|
$data[1]=extEncodePassword(stripslashes($GLOBALS['__POST']["newpwd1"]));
|
|
if(!ext_update_user($data[0],$data)) {
|
|
ext_Result::sendResult('changepwd', false, $data[0].": ".$GLOBALS["error_msg"]["chpass"]);
|
|
}
|
|
require_once(_EXT_PATH.'/include/authentication/extplorer.php');
|
|
$auth = new ext_extplorer_authentication();
|
|
$auth->onAuthenticate(array('username'=>$data[0],'password'=>$data[1]));
|
|
|
|
ext_Result::sendResult('changepwd', true, ext_Lang::msg('change_password_success'));
|
|
}
|
|
//------------------------------------------------------------------------------
|
|
function adduser($dir) { // Add User
|
|
if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true" && ext_checkToken($GLOBALS['__POST']["token"]) ) {
|
|
|
|
$user=stripslashes($GLOBALS['__POST']["nuser"]);
|
|
if($user=="" || $GLOBALS['__POST']["home_dir"]=="") {
|
|
ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
|
|
}
|
|
if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) {
|
|
ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
|
|
}
|
|
$data=ext_find_user($user,NULL);
|
|
if($data!=NULL) {
|
|
ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["miscuserexist"]);
|
|
}
|
|
|
|
$data=array($user,extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"])),
|
|
stripslashes($GLOBALS['__POST']["home_dir"]),stripslashes($GLOBALS['__POST']["home_url"]),
|
|
$GLOBALS['__POST']["show_hidden"],stripslashes($GLOBALS['__POST']["no_access"]),
|
|
$GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]);
|
|
|
|
if(!ext_add_user($data)) {
|
|
ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["adduser"]);
|
|
}
|
|
ext_Result::sendResult('adduser', true, $user.": The user has been added");
|
|
return;
|
|
}
|
|
|
|
show_userform();
|
|
|
|
}
|
|
//------------------------------------------------------------------------------
|
|
function edituser($dir) { // Edit User
|
|
$user=stripslashes($GLOBALS['__POST']["nuser"]);
|
|
$data=ext_find_user($user,NULL);
|
|
if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
|
|
ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.');
|
|
}
|
|
if($data==NULL) {
|
|
ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["miscnofinduser"]);
|
|
}
|
|
|
|
if($self=($user==$GLOBALS['__SESSION']['credentials_extplorer']['username'])) $dir="";
|
|
|
|
if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {
|
|
|
|
$nuser=stripslashes($GLOBALS['__POST']["nuser"]);
|
|
if($nuser=="" || $GLOBALS['__POST']["home_dir"]=="") {
|
|
ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
|
|
}
|
|
if(isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"]=="on") {
|
|
if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
|
|
$pass=extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"]));
|
|
} else {
|
|
$pass=$data[1];
|
|
}
|
|
|
|
if($self) $GLOBALS['__POST']["active"]=1;
|
|
|
|
$data=array($nuser,$pass,stripslashes($GLOBALS['__POST']["home_dir"]),
|
|
stripslashes($GLOBALS['__POST']["home_url"]),$GLOBALS['__POST']["show_hidden"],
|
|
stripslashes($GLOBALS['__POST']["no_access"]),$GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]);
|
|
|
|
if(!ext_update_user($user,$data)) {
|
|
ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["saveuser"]);
|
|
}
|
|
/*if($self) {
|
|
activate_user($nuser,NULL);
|
|
}*/
|
|
ext_Result::sendResult('edituser', true, $user.": ".ext_Lang::msg('User Profile has been updated'));
|
|
}
|
|
|
|
show_userform( $data);
|
|
}
|
|
|
|
function show_userform( $data = null ) {
|
|
if( $data == null ) { $data = array('', '', '', '', '', '', '' ); }
|
|
$formname = @$data[0] ? 'frmedituser' : 'frmadduser';
|
|
?>
|
|
{
|
|
"xtype": "form",
|
|
"id" : "<?php echo $formname ?>",
|
|
"renderTo": Ext.getCmp("dialog_tabpanel").getEl(),
|
|
"hidden": true,
|
|
"closable":true,
|
|
"autoHeight": "true",
|
|
"labelWidth": 125,
|
|
"url":"<?php echo basename( $GLOBALS['script_name']) ?>",
|
|
"title": "<?php
|
|
if( !empty( $data[0] )) {
|
|
printf($GLOBALS["messages"]["miscedituser"],$data[0]);
|
|
|
|
} else {
|
|
echo $GLOBALS["messages"]["miscadduser"];
|
|
}
|
|
?>" ,
|
|
|
|
items: [{
|
|
"xtype": "textfield",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscusername', true ) ?>",
|
|
"name": "nuser",
|
|
"value": "<?php echo @$data[0] ?>",
|
|
"width":175,
|
|
"allowBlank":false
|
|
},{
|
|
"xtype": "textfield",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscconfpass', true ) ?>",
|
|
"name": "pass1",
|
|
"inputType": "password",
|
|
"width":175
|
|
},
|
|
{ "xtype": "textfield",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>",
|
|
"name": "pass2",
|
|
"inputType": "password",
|
|
"width":175
|
|
},
|
|
<?php
|
|
if( !empty($data[0])) { ?>
|
|
{ "xtype": "checkbox",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscchpass', true ) ?>",
|
|
"name": "chpass",
|
|
"hiddenValue": "true"
|
|
},
|
|
<?php
|
|
} ?>
|
|
{
|
|
"xtype": "textfield",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'mischomedir', true ) ?>",
|
|
"name": "home_dir",
|
|
"value": "<?php echo !empty($data[2]) ? $data[2] : $_SERVER['DOCUMENT_ROOT'] ?>",
|
|
"width":175,
|
|
"allowBlank":false
|
|
},
|
|
{ "xtype": "textfield",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'mischomeurl', true ) ?>",
|
|
"name": "home_url",
|
|
"value": "<?php echo !empty($data[3]) ? $data[3] : $GLOBALS["home_url"] ?>",
|
|
"width":175,
|
|
"allowBlank":false
|
|
},{
|
|
"xtype": "combo",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscshowhidden', true ) ?>",
|
|
"store": [
|
|
["1", "<?php echo ext_Lang::msg( array('miscyesno' => 0), true ) ?>"],
|
|
["0", "<?php echo ext_Lang::msg( array('miscyesno' => 1), true ) ?>"]
|
|
],
|
|
"hiddenName": "show_hidden",
|
|
"disableKeyFilter": true,
|
|
"value": "<?php echo ( !empty($data[4]) ? $data[4] : (int)$data[4] ) ?>",
|
|
"editable": false,
|
|
"triggerAction": "all",
|
|
"mode": "local",
|
|
"allowBlank": false,
|
|
"selectOnFocus":true
|
|
},
|
|
{ "xtype": "textfield",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'mischidepattern', true ) ?>",
|
|
"name": "no_access",
|
|
"value": "<?php echo @$data[5] ?>",
|
|
"width":175,
|
|
"allowBlank":true
|
|
},
|
|
{
|
|
"xtype": "combo",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscperms', true ) ?>",
|
|
"store": [<?php
|
|
$permvalues = array(0,1,2,3,7);
|
|
$permcount = count($GLOBALS["messages"]["miscpermnames"]);
|
|
for($i=0;$i<$permcount;++$i) {
|
|
if( $permvalues[$i]==7) $index = 4;
|
|
else $index = $i;
|
|
echo '["'.$permvalues[$i].'", "'.ext_lang::msg( array('miscpermnames' => $index)).'" ]'."\n";
|
|
if( $i+1<$permcount) echo ',';
|
|
}
|
|
?>
|
|
],
|
|
"hiddenName": "permissions",
|
|
"disableKeyFilter": true,
|
|
"value": "<?php echo (int)@$data[6] ?>",
|
|
"editable": false,
|
|
"triggerAction": "all",
|
|
"mode": "local"
|
|
},
|
|
{ "xtype": "combo",
|
|
"fieldLabel": "<?php echo ext_Lang::msg( 'miscactive', true ) ?>",
|
|
"store": [
|
|
["1", "<?php echo ext_Lang::msg( array('miscyesno' => 0), true ) ?>"],
|
|
["0", "<?php echo ext_Lang::msg( array('miscyesno' => 1), true ) ?>"]
|
|
],
|
|
"hiddenName": "active",
|
|
"disableKeyFilter": true,
|
|
"value": "<?php echo ( !empty($data[7]) ? $data[7] : 0 ) ?>",
|
|
"disabled": <?php echo !empty($self) ? 'true' : 'false' ?>,
|
|
"editable": false,
|
|
"triggerAction": "all",
|
|
"mode": "local",
|
|
"allowBlank": false,
|
|
"selectOnFocus":true
|
|
}
|
|
],
|
|
|
|
"buttons": [ {
|
|
"text": "<?php echo ext_Lang::msg( 'btnsave', true ) ?>",
|
|
"handler": function() {
|
|
userform = Ext.getCmp("<?php echo $formname ?>").getForm();
|
|
if(userform.findField('nuser').getValue()=="" || userform.findField('home_dir').getValue()=="") {
|
|
Ext.Msg.alert('Status', "<?php echo ext_Lang::err('miscfieldmissed', true ); ?>");
|
|
return false;
|
|
}
|
|
if( userform.findField('chpass') ) {
|
|
if(userform.findField('chpass').getValue() &&
|
|
userform.findField('pass1').getValue() != userform.findField('pass2').getValue())
|
|
{
|
|
Ext.Msg.alert('Status', "<?php echo ext_Lang::err('miscnopassmatch', true ); ?>");
|
|
return false;
|
|
}
|
|
}
|
|
statusBarMessage( 'Please wait...', true );
|
|
userform.submit({
|
|
"success": function(form, action) {
|
|
statusBarMessage( action.result.message, false, true );
|
|
Ext.getCmp("dialog_tabpanel").remove("<?php echo $formname ?>");
|
|
},
|
|
"failure": function(form, action) {
|
|
if( !action.result ) return;
|
|
Ext.Msg.alert('Error!', action.result.error);
|
|
statusBarMessage( action.result.error, false, true );
|
|
},
|
|
"scope": userform,
|
|
// add some vars to the request, similar to hidden fields
|
|
"params": {option: 'com_extplorer',
|
|
user: "<?php echo @$data[0] ?>",
|
|
"action": 'admin',
|
|
"action2": "<?php echo @$data[0] ? 'edituser' : 'adduser' ?>",
|
|
"confirm": "true",
|
|
"token": "<?php echo ext_getToken() ?>"
|
|
}
|
|
})
|
|
}
|
|
},{
|
|
"text": "<?php echo ext_Lang::msg( 'btncancel', true ) ?>",
|
|
"handler": function() { Ext.getCmp("dialog_tabpanel").remove("<?php echo $formname ?>"); }
|
|
}]
|
|
}
|
|
<?php
|
|
}
|
|
//------------------------------------------------------------------------------
|
|
function removeuser($dir) { // Remove User
|
|
$user=stripslashes($GLOBALS['__POST']["user"]);
|
|
if( !ext_checkToken($GLOBALS['__POST']["token"]) ) {
|
|
ext_Result::sendResult('tokencheck', false, 'CSRF Token Check failed.');
|
|
}
|
|
if($user==$GLOBALS['__SESSION']['credentials_extplorer']['username']) {
|
|
ext_Result::sendResult('removeuser', false, $GLOBALS["error_msg"]["miscselfremove"]);
|
|
}
|
|
if(!ext_remove_user($user)) {
|
|
ext_Result::sendResult('removeuser', false, $user.": ".$GLOBALS["error_msg"]["deluser"]);
|
|
}
|
|
ext_Result::sendResult('removeuser', true, $user." was successfully removed." );
|
|
|
|
}
|
|
//------------------------------------------------------------------------------
|
|
function ext_show_admin($dir) { // Execute Admin Action
|
|
$pwd=(($GLOBALS["permissions"]&2)==2);
|
|
$admin=(($GLOBALS["permissions"]&4)==4);
|
|
|
|
if(!$GLOBALS["require_login"]) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["miscnofunc"]);
|
|
if(!$pwd && !$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
|
|
|
|
if(isset($GLOBALS['__GET']["action2"])) $action2 = $GLOBALS['__GET']["action2"];
|
|
elseif(isset($GLOBALS['__POST']["action2"])) $action2 = $GLOBALS['__POST']["action2"];
|
|
else $action2="";
|
|
|
|
switch($action2) {
|
|
case "chpwd":
|
|
changepwd($dir);
|
|
break;
|
|
case "adduser":
|
|
if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
|
|
adduser($dir);
|
|
break;
|
|
case "edituser":
|
|
if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
|
|
edituser($dir);
|
|
break;
|
|
case "rmuser":
|
|
if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
|
|
removeuser($dir);
|
|
break;
|
|
default:
|
|
admin($admin,$dir);
|
|
}
|
|
}
|
|
//------------------------------------------------------------------------------
|
|
|