authInfo->getPerms('user'); if(!$msz->authInfo->isLoggedIn) Template::throwError(403); $currentUser = $msz->authInfo->userInfo; $canManageUsers = $viewerPerms->check(Perm::U_USERS_MANAGE); $canManagePerms = $viewerPerms->check(Perm::U_PERMS_MANAGE); $canManageNotes = $viewerPerms->check(Perm::U_NOTES_MANAGE); $canManageWarnings = $viewerPerms->check(Perm::U_WARNINGS_MANAGE); $canManageBans = $viewerPerms->check(Perm::U_BANS_MANAGE); $canImpersonate = $viewerPerms->check(Perm::U_CAN_IMPERSONATE); $canSendTestMail = $currentUser->super; $hasAccess = $canManageUsers || $canManageNotes || $canManageWarnings || $canManageBans; if(!$hasAccess) Template::throwError(403); $notices = []; $userId = (string)filter_input(INPUT_GET, 'u', FILTER_SANITIZE_NUMBER_INT); try { $userInfo = $msz->usersCtx->users->getUser($userId, 'id'); } catch(RuntimeException $ex) { Template::throwError(404); } $currentUserRank = $msz->usersCtx->users->getUserRank($currentUser); $userRank = $msz->usersCtx->users->getUserRank($userInfo); $canEdit = $canManageUsers && ($currentUser->super || (string)$currentUser->id === $userInfo->id || $currentUserRank > $userRank); $canEditPerms = $canEdit && $canManagePerms; $permsInfos = $msz->perms->getPermissionInfo(userInfo: $userInfo, categoryNames: Perm::INFO_FOR_USER); $permsLists = Perm::createList(Perm::LISTS_FOR_USER); $permsNeedRecalc = false; if(CSRF::validateRequest() && $canEdit) { if(!empty($_POST['impersonate_user'])) { if(!$canImpersonate) { $notices[] = 'You must be a super user to do this.'; } elseif(!is_string($_POST['impersonate_user']) || $_POST['impersonate_user'] !== 'meow') { $notices[] = 'You didn\'t say the magic word.'; } else { $allowToImpersonate = $currentUser->super; if(!$allowToImpersonate) { $allowImpersonateUsers = $msz->config->getArray(sprintf('impersonate.allow.u%s', $currentUser->id)); $allowToImpersonate = in_array($userInfo->id, $allowImpersonateUsers, true); } if($allowToImpersonate) { $msz->createAuditLog('USER_IMPERSONATE', [$userInfo->id, $userInfo->name]); $tokenBuilder = $msz->authInfo->tokenInfo->toBuilder(); $tokenBuilder->setImpersonatedUserId($userInfo->id); $tokenInfo = $tokenBuilder->toInfo(); AuthTokenCookie::apply($msz->authCtx->createAuthTokenPacker()->pack($tokenInfo)); Tools::redirect($msz->urls->format('index')); return; } else $notices[] = 'You aren\'t allowed to impersonate this user.'; } } if(!empty($_POST['send_test_email'])) { if(!$canSendTestMail) { $notices[] = 'You must be a super user to do this.'; } elseif(!is_string($_POST['send_test_email']) || $_POST['send_test_email'] !== 'yes_send_it') { $notices[] = 'Invalid request thing shut the fuck up.'; } else { $testMail = Mailer::sendMessage( [$userInfo->emailAddress => $userInfo->name], 'Flashii Test E-mail', 'You were sent this e-mail to validate if you can receive e-mails from Flashii. You may discard it.' ); if(!$testMail) $notices[] = 'Failed to send test e-mail.'; } } if(!empty($_POST['roles']) && is_array($_POST['roles'])) { // Read user input array and throw intval on em $applyRoles = []; foreach($_POST['roles'] as $item) { if(!ctype_digit($item)) die('Invalid item encountered in roles list.'); $applyRoles[] = (string)$item; } $existingRoles = []; foreach(iterator_to_array($msz->usersCtx->roles->getRoles(userInfo: $userInfo)) as $roleInfo) $existingRoles[$roleInfo->id] = $roleInfo; $removeRoles = []; foreach($existingRoles as $roleInfo) { if($roleInfo->default || !($currentUser->super || $userRank > $roleInfo->rank)) continue; if(!in_array($roleInfo->id, $applyRoles)) $removeRoles[] = $roleInfo; } if(!empty($removeRoles)) $msz->usersCtx->users->removeRoles($userInfo, $removeRoles); $addRoles = []; foreach($applyRoles as $roleId) { try { $roleInfo = $existingRoles[$roleId] ?? $msz->usersCtx->roles->getRole($roleId); } catch(RuntimeException $ex) { continue; } if(!$currentUser->super && $userRank <= $roleInfo->rank) continue; if(!in_array($roleInfo, $existingRoles)) $addRoles[] = $roleInfo; } if(!empty($addRoles)) $msz->usersCtx->users->addRoles($userInfo, $addRoles); if(!empty($addRoles) || !empty($removeRoles)) $permsNeedRecalc = true; } if(!empty($_POST['user']) && is_array($_POST['user'])) { $setCountry = (string)($_POST['user']['country'] ?? ''); $setTitle = (string)($_POST['user']['title'] ?? ''); $displayRole = (string)($_POST['user']['display_role'] ?? 0); if(!$msz->usersCtx->users->hasRole($userInfo, $displayRole)) $notices[] = 'User does not have the role you\'re trying to assign as primary.'; $countryValidation = strlen($setCountry) === 2 && ctype_alpha($setCountry) && ctype_upper($setCountry); if(!$countryValidation) $notices[] = 'Country code was invalid.'; if(strlen($setTitle) > 64) $notices[] = 'User title was invalid.'; if(empty($notices)) { $msz->usersCtx->users->updateUser( userInfo: $userInfo, displayRoleInfo: $displayRole, countryCode: (string)($_POST['user']['country'] ?? 'XX'), title: (string)($_POST['user']['title'] ?? '') ); } } if(!empty($_POST['colour']) && is_array($_POST['colour'])) { $setColour = null; if(!empty($_POST['colour']['enable'])) { $setColour = \Index\Colour\Colour::parse((string)($_POST['colour']['hex'] ?? '')); if($setColour->shouldInherit()) $notices[] = 'Invalid colour specified.'; } if(empty($notices)) $msz->usersCtx->users->updateUser(userInfo: $userInfo, colour: $setColour); } if(!empty($_POST['password']) && is_array($_POST['password'])) { $passwordNewValue = (string)($_POST['password']['new'] ?? ''); $passwordConfirmValue = (string)($_POST['password']['confirm'] ?? ''); if(!empty($passwordNewValue)) { if($passwordNewValue !== $passwordConfirmValue) $notices[] = 'Confirm password does not match.'; else { $passwordValidation = $msz->usersCtx->users->validatePassword($passwordNewValue); if($passwordValidation !== '') $notices[] = $msz->usersCtx->users->validatePasswordText($passwordValidation); } if(empty($notices)) $msz->usersCtx->users->updateUser(userInfo: $userInfo, password: $passwordNewValue); } } if($canEditPerms && filter_has_var(INPUT_POST, 'perms')) { $permsApply = Perm::convertSubmission( filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY), Perm::INFO_FOR_USER ); foreach($permsApply as $categoryName => $values) $msz->perms->setPermissions($categoryName, $values['allow'], $values['deny'], userInfo: $userInfo); $permsNeedRecalc = true; } if($permsNeedRecalc) $msz->perms->precalculatePermissions( $msz->forumCtx->categories, [$userInfo->id] ); Tools::redirect($msz->urls->format('manage-user', ['user' => $userInfo->id])); return; } $rolesAll = iterator_to_array($msz->usersCtx->roles->getRoles()); $userRoleIds = $msz->usersCtx->users->hasRoles($userInfo, $rolesAll); Template::render('manage.users.user', [ 'user_info' => $userInfo, 'manage_notices' => $notices, 'manage_roles' => $rolesAll, 'manage_user_has_roles' => $userRoleIds, 'can_edit_user' => $canEdit, 'can_edit_perms' => $canEdit && $canEditPerms, 'can_manage_notes' => $canManageNotes, 'can_manage_warnings' => $canManageWarnings, 'can_manage_bans' => $canManageBans, 'can_impersonate' => $canImpersonate, 'can_send_test_mail' => $canSendTestMail, 'perms_lists' => $permsLists, 'perms_infos' => $permsInfos, ]);