form_security_validate('manage_user_delete');
auth_reauthenticate();
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
$f_user_id = gpc_get_int( 'user_id' );
$t_user = user_get_row( $f_user_id );
# Ensure that the account to be deleted is of equal or lower access to the
# current user.
access_ensure_global_level( $t_user['access_level'] );
# check that we are not deleting the last administrator account
$t_admin_threshold = config_get_global( 'admin_site_threshold' );
if ( user_is_administrator( $f_user_id ) &&
user_count_level( $t_admin_threshold ) <= 1 ) {
trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR );
}
# If an administrator is trying to delete their own account, use
# account_delete.php instead as it is handles logging out and redirection
# of users who have just deleted their own accounts.
if ( auth_get_current_user_id() == $f_user_id ) {
form_security_purge( 'manage_user_delete' );
print_header_redirect( 'account_delete.php?account_delete_token=' . form_security_token( 'account_delete' ), true, false );
}
helper_ensure_confirmed( lang_get( 'delete_account_sure_msg' ) .
'<br/>' . lang_get( 'username_label' ) . lang_get( 'word_separator' ) . $t_user['username'],
lang_get( 'delete_account_button' ) );
function plan_write_journaling($edit, $plandata, $private, $nolinebreaks = FALSE, $writer = FALSE)
{
include_once 'plan_read.php';
include_once 'snoop.php';
include_once 'spiel.php';
include_once 'send.php';
$planowner = $writer;
// make sure all the timecodes are the same
$time = time();
// find the character encoding of the plan entry, convert it to something
// more universal
mb_detect_order("UTF-8, UTF-8, Windows-1252");
if (mb_detect_encoding($plandata) == "Windows-1252") {
$plandata = mb_convert_encoding($plandata, UTF - 8, Windows - 1252);
}
// make sure no one can post an update to someone else's plan
// this will need to be smarter if we ever implement group plans
// but probably we won't, so no biggie.
if ($planowner != $_SERVER['USER'] && !user_is_administrator()) {
$planowner = $_SERVER['USER'];
}
$plan_dir = "{$_SERVER['PWUSERS_DIR']}/{$planowner}/plan";
// Find the old snoops. We have to masquerade briefly as 'cacheuser' to do
// this without leaving a spurious snitch or getting private entries.
// We remain 'cacheuser' until after snoop_add() below.
$_SERVER['USER'] = 'cacheuser';
// find old snoops, for later clearing
$old_snoop_array = snoop_find(plan_read_local($planowner, $_SERVER['USERINFO_ARRAY']['defaultdays'] + 3 . 'd'), $planowner);
// delete the (now-invalid) cache files
cache_clear($planowner);
// leave a reminder to plan_read_local to ignore linebreaks.
if ($nolinebreaks) {
$plandata .= "<!--nolinebreaks-->";
}
if ($_POST['title']) {
$plandata .= "<!--title {$_POST['title']} -->";
}
if ($_POST['tags']) {
$plandata .= "<!--tags {$_POST['tags']} -->";
}
// if we weren't editing an existing (already-posted) entry, set the filename for the current time.
if (!$_POST['edit'] || $_POST['edit'] == $_POST['draft_edit']) {
$_POST['edit'] = ".{$time}";
}
$plan_fn = "{$plan_dir}/plan{$_POST['edit']}.txt{$_POST['private']}";
if (!file_exists($plan_fn)) {
file_put_contents("{$_SERVER['PWUSERS_DIR']}/{$planowner}/stats/lastupdate", $time);
}
if ($_FILES['attached_file']['tmp_name']) {
rename("{$_FILES['attached_file']['tmp_name']}", "{$_SERVER['USER_ROOT']}/files/{$_FILES['attached_file']['name']}");
if (strstr($_FILES['attached_file']['name'], 'jpg') || strstr($_FILES['attached_file']['name'], 'gif') || strstr($_FILES['attached_file']['name'], 'png')) {
$plandata .= "<img src='/userfiles/view/{$writer}/{$_FILES['attached_file']['name']}' />";
} else {
$plandata .= "\n<a href='/userfiles/view/{$writer}/{$_FILES['attached_file']['name']}'>{$_FILES['attached_file']['name']}</a>";
}
}
// else trigger_error("No Files Uploaded");
$plandata .= $_POST['markdown'];
$plandata .= $_POST['nofeed'];
// save old headers and footers.
if (strstr($plan_fn, 'header') || strstr($plan_fn, 'footer')) {
exec("mv {$plan_fn} {$plan_fn}.{$time}");
}
// write the update to disk.
file_put_contents($plan_fn, $plandata);
// new feature: SPIEL
// here's the part where spiels are found
// TODO(v4.5): replace spiel syntax with hashtags
if (!$private && !$edit) {
spiel_find($plandata, $planowner, $time);
}
// here's the part where sends are found
if (!$private && !$edit) {
send_find($plandata, $planowner, $time);
}
if (file_exists($plan_fn)) {
if ($private && file_exists("{$plan_dir}/plan{$edit}.txt")) {
exec("mv {$plan_dir}/plan{$edit}.txt {$plan_dir}/rem.plan{$edit}.txt");
}
if (!$private && file_exists("{$plan_dir}/plan{$edit}.txt.p")) {
exec("mv {$plan_dir}/plan{$edit}.txt.p {$plan_dir}/rem.plan{$edit}.txt.p");
}
if ($_POST['draft_edit'] && file_exists("{$plan_dir}/draft{$_POST['draft_edit']}.txt")) {
unlink("{$plan_dir}/draft{$_POST['draft_edit']}.txt");
}
// clean up old drafts
if ($drafts = files_list("{$plan_dir}/", "draft*.txt")) {
foreach ($drafts as $draft) {
if (filemtime("{$plan_dir}/{$draft}") < time() - 7 * 24 * 3600) {
unlink("{$plan_dir}/{$draft}");
}
}
}
}
@chmod($plan_fn, 0755);
// clean old snoops and add new ones
$new_snoop_array = snoop_find(plan_read_local($planowner), $planowner);
$snoops_to_remove = array_unique(array_diff($old_snoop_array, $new_snoop_array));
$snoops_to_set = array_unique(array_diff($new_snoop_array, $old_snoop_array));
$remove_status = snoop_clean($snoops_to_remove, $planowner);
//.........这里部分代码省略.........
if (print_test_row('check mssql textsize in php.ini...', ini_get('mssql.textlimit') != 4096, ini_get('mssql.textlimit'))) {
print_test_warn_row('check mssql textsize in php.ini...', ini_get('mssql.textsize') == 2147483647, ini_get('mssql.textsize'));
}
}
print_test_row('check variables_order includes GPCS', stristr(ini_get('variables_order'), 'G') && stristr(ini_get('variables_order'), 'P') && stristr(ini_get('variables_order'), 'C') && stristr(ini_get('variables_order'), 'S'), ini_get('variables_order'));
test_bug_download_threshold();
test_bug_attachments_allow_flags();
print_test_row('check mail configuration: send_reset_password = ON requires allow_blank_email = OFF', OFF == config_get_global('send_reset_password') || OFF == config_get_global('allow_blank_email'));
print_test_row('check mail configuration: send_reset_password = ON requires enable_email_notification = ON', OFF == config_get_global('send_reset_password') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires enable_email_notification = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('enable_email_notification'));
print_test_row('check mail configuration: allow_signup = ON requires send_reset_password = ON', OFF == config_get_global('allow_signup') || ON == config_get_global('send_reset_password'));
print_test_row('check language configuration: fallback_language is not \'auto\'', 'auto' != config_get_global('fallback_language'));
print_test_row('check configuration: allow_anonymous_login = ON requires anonymous_account to be set', OFF == config_get_global('allow_anonymous_login') || strlen(config_get_global('anonymous_account')) > 0);
$t_anon_user = false;
print_test_row('check configuration: anonymous_account is a valid username if set', strlen(config_get_global('anonymous_account')) > 0 ? ($t_anon_user = user_get_id_by_name(config_get_global('anonymous_account'))) !== false : TRUE);
print_test_row('check configuration: anonymous_account should not be an administrator', $t_anon_user ? !user_is_administrator($t_anon_user) : TRUE);
print_test_row('$g_bug_link_tag is not empty ("' . config_get_global('bug_link_tag') . '")', '' != config_get_global('bug_link_tag'));
print_test_row('$g_bugnote_link_tag is not empty ("' . config_get_global('bugnote_link_tag') . '")', '' != config_get_global('bugnote_link_tag'));
print_test_row('filters: dhtml_filters = ON requires use_javascript = ON', OFF == config_get_global('dhtml_filters') || ON == config_get_global('use_javascript'));
print_test_row('Phpmailer sendmail configuration requires escapeshellcmd. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellcmd'));
print_test_row('Phpmailer sendmail configuration requires escapeshellarg. Please use a different phpmailer method if this is blocked.', PHPMAILER_METHOD_SENDMAIL != config_get('phpMailer_method') || PHPMAILER_METHOD_SENDMAIL == config_get('phpMailer_method') && function_exists('escapeshellarg'));
check_zend_optimiser_version();
if (plugin_is_installed('MantisGraph')) {
plugin_push_current('MantisGraph');
print_test_row('checking gd is enabled, and version 2...', get_gd_version() == 2);
if (plugin_config_get('eczlibrary', ON) == OFF) {
$t_jpgraph_path = config_get('absolute_path') . 'library' . DIRECTORY_SEPARATOR . 'jpgraph' . DIRECTORY_SEPARATOR;
if (!file_exists($t_jpgraph_path . 'jpgraph.php')) {
print_test_row('checking we can find jpgraph class files...', false);
} else {
require_once $t_jpgraph_path . 'jpgraph.php';
/**
* Check if the current user has permissions to delete the stored query
* @param integer $p_filter_id Filter id.
* @return boolean
*/
function filter_db_can_delete_filter($p_filter_id)
{
$c_filter_id = (int) $p_filter_id;
$t_user_id = auth_get_current_user_id();
# Administrators can delete any filter
if (user_is_administrator($t_user_id)) {
return true;
}
$t_query = 'SELECT id
FROM {filters}
WHERE id=' . db_param() . '
AND user_id=' . db_param() . '
AND project_id!=' . db_param();
$t_result = db_query($t_query, array($c_filter_id, $t_user_id, -1));
if (db_result($t_result) > 0) {
return true;
}
return false;
}
$c_username = db_prepare_string($f_username);
$c_realname = db_prepare_string($f_realname);
$c_protected = db_prepare_bool($f_protected);
$c_enabled = db_prepare_bool($f_enabled);
$c_user_id = db_prepare_int($f_user_id);
$c_access_level = db_prepare_int($f_access_level);
$t_user_table = config_get('mantis_user_table');
$t_old_protected = user_get_field($f_user_id, 'protected');
# check that we are not downgrading the last administrator
$t_old_access = user_get_field($f_user_id, 'access_level');
if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) {
trigger_error(ERROR_USER_CHANGE_LAST_ADMIN, ERROR);
}
# Project specific access rights override global levels, hence, for users who are changed
# to be administrators, we have to remove project specific rights.
if ($c_access_level >= ADMINISTRATOR && !user_is_administrator($c_user_id)) {
user_delete_project_specific_access_levels($c_user_id);
}
# if the user is already protected and the admin is not removing the
# protected flag then don't update the access level and enabled flag.
# If the user was unprotected or the protected flag is being turned off
# then proceed with a full update.
if ($f_protected && $t_old_protected) {
$query = "UPDATE {$t_user_table}\n\t \t\tSET username='{$c_username}', email='{$c_email}',\n\t \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t \t\tWHERE id='{$c_user_id}'";
} else {
$query = "UPDATE {$t_user_table}\n\t \t\tSET username='{$c_username}', email='{$c_email}',\n\t \t\t\taccess_level='{$c_access_level}', enabled='{$c_enabled}',\n\t \t\t\tprotected='{$c_protected}', realname='{$c_realname}'\n\t \t\tWHERE id='{$c_user_id}'";
}
$result = db_query($query);
$t_redirect_url = 'manage_user_page.php';
html_page_top1();
if ($result) {
/**
* Returns true if the currently logged in user is has a role of administrator
* or higher, false otherwise
*
* @return true: administrator; false: otherwise.
* @access public
*/
function current_user_is_administrator()
{
return user_is_administrator(auth_get_current_user_id());
}
function menus_populate($button, $content = FALSE)
{
switch ($button) {
case "view":
$links .= "<li>\n<!--\nTHE VIEW MENUBOX\n-->\n\n\t\t<i>read your own plan. you know, in case you forgot.</i></li>\n\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/view'>view your plan</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['USER']}/bio'>view your bio</a></li>\n";
if (plan_has_archives($_SERVER['USER'])) {
$links .= "<li><a href='{$_SERVER['WEB_ROOT']}/read/{$_SERVER['USER']}/archives'>view your archives</a></li>\n";
}
if (plan_is_journaling($_SERVER['USER'])) {
$links .= "<li><hr /><a href='{$_SERVER['WEB_ROOT']}/view/all_hidden'>view your hidden entries</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/view/all_private'>view your private entries</a></li>\n";
}
break;
case "write":
$links .= "\n<!--\nTHE WRITE MENUBOX\n-->\n\n\t\t<li><i>write a plan update. you know you want to.</i></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write'>update your plan</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/bio'>edit your bio</a></li>\n";
if (user_is_administrator()) {
$links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/system'>update the system plan</a></li>\n";
}
$links .= "<li><hr/>\n</li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/css'>change plan styles</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/header'>change plan header</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/write/footer'>change plan footer</a></li>\n";
if (plan_is_journaling($_SERVER['USER'])) {
$links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/divider'>change your divider</a></li>\n";
}
$links .= "<li><hr/></li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/send'>write a send</a></li>\n";
if ($content && plan_is_journaling($_SERVER['USER']) && strstr($_SERVER['REQUEST_URI'], "/read/{$_SERVER['USER']}")) {
preg_match_all('|entry_content_([0-9]+)|', $content, $matches);
$matches = $matches[1];
if (is_array($matches)) {
$links .= "<li><hr/>edit recent entries...</li>\n";
foreach ($matches as $match) {
$links .= "<li><a href='{$_SERVER['WEB_ROOT']}/write/.{$match}'>" . formattime($match) . "</a></li>\n";
}
}
}
break;
case "snitch":
$links .= "\n<!--\nTHE SNITCH MENUBOX\n-->\n\n\t\t<li><i>snitch and other s-words.</i></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/snitch'>snitch</a></li>\n";
$links .= "<li><hr/>\n</li>\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/snoop'>snoop</a></li>\n\n\t\t<li><a href='{$_SERVER['WEB_ROOT']}/send'>send</a></li>\n";
break;
case "tools":
$links .= "\n<!--\nTHE TOOLS MENUBOX\n-->\n";
$links .= "<li><i>tools to maintain and customize your account</i></li>";
$links .= "\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/feature/' title='report a bug or request a feature'>report a bug</a><br/><hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/slogans/add' title='add your own pw.o slogan to the random selection'>add a new slogan</a><br/>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/smileys/add' title='upload a new smiley for people to use on their plans'>add a new smiley</a><br/>\n\t\t\t<hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/lists/edit/allowed' title='change who can read your private entries'>edit your allowed list</a><br/>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/edit/blocked' title='change who is prevented from reading you'>edit your blocked list</a><br/>\n\t\t\t<hr/>\n</li>" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/styles'>customize colors</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/fonts'>customize fonts</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/custom_css' title='add custom css'>customize css</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/skin' title='pick a skin'>pick a skin</a></li>\n" . "<li><hr/></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/userinfo'>user settings</a></li>\n" . "<li><a href='{$_SERVER['WEB_ROOT']}/prefs/interface'>interface prefs</a></li>\n";
// ."<li>skin preview:<br/> <!--SKIN_SELECTOR--></li>\n"
break;
case "<!--TIME-->":
$links .= "<!--LOADTIME-->";
break;
case "watched":
$links .= "\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/edit/watched' title='edit your watched list'>edit</a></li>\n\t\t\t<li class='listheader'>move\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/top'>top</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/left'>left</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/move/watched/right'>right</a></li>\n\t\t\t<!--<b>move AJAX</b>\n\t\t\t<li><a href=\"javascript:list_move('top');void(null);\">top</a></li>\n\t\t\t<li><a href=\"javascript:list_move('left');void(null);\">left</a></li>\n\t\t\t<li><a href=\"javascript:list_move('right');void(null);\">right</a></li>\n\t\t\t-->\n\t\t\t<li class='listheader'>sort\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/name/ajax','','planwatch');void(null);\" title='sort alphabetically by name'>abc</a>\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/time/ajax','','planwatch');void(null);\" title='sort by date and time'>321</a>\n\t\t\t<a href=\"javascript:loadXMLDoc('{$_SERVER['WEB_ROOT']}/lists/resort/inorder/ajax','','planwatch');void(null);\" title='do not sort, use in the order listed'>zfq</a></li>\n\t\t\t<li class='listheader'>status\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/planwatch_mark_all_read' title='mark all plans as read'>update</a>\n\t\t\t<a href='{$_SERVER['WEB_ROOT']}/lists/planwatch_mark_all_unread' title='mark all plans as unread'>reset</a></li>\n\t\t\t<!--<li><b>lists</b></li>\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/advertised_users' title='advertised users'>advertised users</a> </li>\n\t\t\t<li><a href='{$_SERVER['WEB_ROOT']}/lists/registered_users' title='registered users'>registered users</a></li>-->\n";
break;
}
return $links;
}
请发表评论