Index: branches/RC/core/units/users/users_event_handler.php
===================================================================
diff -u -N -r9976 -r10005
--- branches/RC/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 9976)
+++ branches/RC/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 10005)
@@ -12,7 +12,8 @@
 			$permissions = Array (
 				// admin
 				'OnSetPersistantVariable'	=>	Array('self' => 'view'), // because setting to logged in user only
-				'OnUpdateRootPassword'		=>	Array('self' => true), // because setting to logged in user only
+				'OnUpdateRootPassword'		=>	Array('self' => true), 
+				'OnUpdatePassword'		=>	Array('self' => true), 
 
 				// front
 				'OnRefreshForm'				=>	Array('self' => true),
@@ -28,6 +29,7 @@
 
 				'OnItemBuild'				=>	Array('self' => true),
 				'OnMassResetSettings'	=> Array('self' => 'edit'),
+				'OnMassCloneUsers'	=> Array('self' => 'add'),
 			);
 
 			$this->permMapping = array_merge($this->permMapping, $permissions);
@@ -54,6 +56,22 @@
 			if (!$this->Application->IsAdmin()) {
 				$object->addFilter('status_filter', '%1$s.Status = '.STATUS_ACTIVE);
 			}
+			
+			if ($event->Special == 'group') {
+				$group_id = $this->Application->GetVar('g_id');
+				if ($group_id !== false) {
+					// show only users, that user doesn't belong to current group
+					$table_name = $this->Application->GetTempName(TABLE_PREFIX.'UserGroup', 'prefix:g');
+					$sql = 'SELECT PortalUserId
+							FROM '.$table_name.'
+							WHERE GroupId = '.$group_id;
+					$user_ids = $this->Conn->GetCol($sql);
+					array_push($user_ids); // Guest & Everyone groups are set dynamically
+					if ($user_ids) {
+						$object->addFilter('already_member_filter', '%1$s.PortalUserId NOT IN ('.implode(',', $user_ids).')');
+					}
+				}
+			}			
 		}
 
 
@@ -406,6 +424,7 @@
 		 */
 		function OnAfterItemCreate(&$event)
 		{
+			if ($this->Application->GetVar('skip_set_primary')) return;
 			$is_subscriber = $this->Application->GetVar('IsSubscriber');
 			if(!$is_subscriber)
 			{
@@ -1134,26 +1153,54 @@
 		 */
 		function OnUpdateRootPassword(&$event)
 		{
+			return $this->OnUpdatePassword($event);
+		}
+		
+		/**
+		 * Allows to change root password
+		 *
+		 * @param kEvent $event
+		 */
+		function OnUpdatePassword(&$event)
+		{
+			$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
+			if (!$items_info) return ;
+			list ($id, $field_values) = each($items_info);
 			$user_id = $this->Application->RecallVar('user_id');
-			if ($user_id != -1) {
-				// not "root" can't change root's password via this event
+			if ($id == $user_id && ($user_id > 0 || $user_id == -1)) {
+				$user_dummy =& $this->Application->recallObject($event->Prefix.'.-item', null, Array('skip_autoload' => true));
+				/* @var $user_dummy kDBItem */
+				
+				$user_dummy->Load($id);
+				$status_field = array_shift($this->Application->getUnitOption($event->Prefix, 'StatusField'));
+
+				if ($user_dummy->GetDBField($status_field) != STATUS_ACTIVE) {
+					// not active user is not allowed to update his record (he could not activate himself manually)
 				return false;
 			}
+			}
 
+			if ($user_id == -1) {
+				$object =& $event->getObject( Array('skip_autoload' => true) );
+				/* @var $object UsersItem */
+
 			// put salt to user's config
-			$field_options = $this->Application->getUnitOption($event->Prefix.'.RootPassword', 'Fields');
+				$field_options = $object->GetFieldOptions('RootPassword');
 			$field_options['salt'] = 'b38';
-			$this->Application->setUnitOption($event->Prefix.'.RootPassword', 'Fields', $field_options);
-
-			$object =& $event->getObject( Array('skip_autoload' => true) );
-			/* @var $object UsersItem */
-
-			$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
-			if ($items_info) {
-				list ($id, $field_values) = each($items_info);
+				$object->SetFieldOptions('RootPassword', $field_options);
+				$verify_options = $object->GetFieldOptions('VerifyRootPassword');
+				$verify_options['salt'] = 'b38';
+				$object->SetFieldOptions('VerifyRootPassword', $verify_options);
+	
+				// this is internal hack to allow root/root passwords for dev
+				if ($this->Application->isDebugMode() && $field_values['RootPassword'] == 'root') {
+					$this->Application->ConfigHash['Min_Password'] = 4;
+				}
+				
 				$this->RemoveRequiredFields($object);
 				$object->SetDBField('RootPassword', $this->Application->ConfigValue('RootPass'));
 	 			$object->SetFieldsFromHash($field_values);
+	 			$object->setID(-1);
 	 			$status = $object->Validate();
 				if ($status) {
 					// validation on, password match too
@@ -1167,8 +1214,19 @@
 				else {
 					$event->status = erFAIL;
 					$event->redirect = false;
+					return;
 				}
 			}
+			else {
+				$object =& $event->getObject();
+				$object->SetFieldsFromHash($field_values);
+				if (!$object->Update()) {
+					$event->status = erFAIL;
+					$event->redirect = false;
+				}
+			}
+			$event->SetRedirectParam('opener', 'u');
+			$event->redirect == true;
 		}
 
 		/**
@@ -1372,6 +1430,63 @@
 				$this->Application->setUnitOption($event->Prefix, 'Fields', $fields);
 			}
 		}
+		
+		/**
+		 * OnMassCloneUsers
+		 *
+		 * @param kEvent $event
+		 */
+		function OnMassCloneUsers(&$event)
+		{
+			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
+				return;
+			}
+
+			$event->status=erSUCCESS;
+			$ids = $this->StoreSelectedIDs($event);
+
+			$this->Application->SetVar('skip_set_primary', 1); // otherwise it will default primary group, search for skip_set_primary above
+			$temp_handler =& $this->Application->recallObject($event->Prefix.'_TempHandler', 'kTempTablesHandler');
+			/* @var $temp_handler kTempTablesHandler */
+			$cloned_users = $temp_handler->CloneItems($event->Prefix, '', $ids);
+			$this->clearSelectedIDs($event);
+		}
+		
+		/**
+		 * When cloning users, reset password (set random)
+		 *
+		 * @param kEvent $event
+		 */
+		function OnBeforeClone(&$event)
+		{
+			$object =& $event->getObject();
+			/* @var $object kDBItem */
+			$object->setRequired('Password', 0);
+			$object->setRequired('VerifyPassword', 0);
+			$object->SetDBField('Password', rand(100000000, 999999999));
+			$object->SetDBField('CreatedOn', adodb_mktime());
+			$object->SetDBField('ResourceId', false); // this will reset it
+			
+			// change email cause it should be unique
+			$object->NameCopy(array(), $object->GetID(), 'Email', 'copy%1$s.%2$s');
+			
+			$object->UpdateFormattersSubFields();
+		}
+		
+		/**
+		 * Copy user groups after copying user
+		 *
+		 * @param kEvent $event
+		 */
+		function OnAfterClone(&$event)
+		{
+			$id = $event->getEventParam('id');
+			$original_id = $event->getEventParam('original_id');
+	
+			$sql = 'INSERT '.TABLE_PREFIX."UserGroup SELECT $id, GroupId, MembershipExpires, PrimaryGroup, 0 FROM ".TABLE_PREFIX."UserGroup WHERE PortalUserId = $original_id";
+			$this->Conn->Query($sql);
+		}
+		
 	}
 
 ?>
\ No newline at end of file