archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

2003.05.13 user_add and user_modify added

Browse source 
git-svn-id: http://piwigo.org/svn/trunk@9 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
z0rglub 2003-05-13 10:02:06 +00:00
commit b7b705f268
19 changed files with 470 additions and 790 deletions
Download patch file Download diff file Expand all files Collapse all files

97
admin/admin.php
View file

@ -1,9 +1,9 @@
<?php
/***************************************************************************
* admin.php is a part of PhpWebGallery *
* admin.php *
* ------------------- *
* last update : Tuesday, July 16, 2002 *
* email : pierrick@z0rglub.com *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@ -27,68 +27,31 @@ $vtp->setGlobalVar( $handle, 'menu_title', $lang['menu_title'] );
$page_valide = false;
switch ( $_GET['page'] )
{
case 'ajout':
{
$titre = $lang['title_add'];
$page_valide = true;
break;
}
case 'user_add':
$titre = $lang['title_add']; $page_valide = true; break;
case 'user_list':
{
$titre = $lang['title_liste_users'];
$page_valide = true;
break;
}
$titre = $lang['title_liste_users']; $page_valide = true; break;
case 'user_modify':
$titre = $lang['title_modify']; $page_valide = true; break;
case 'historique':
{
$titre = $lang['title_history'];
$page_valide = true;
break;
}
$titre = $lang['title_history']; $page_valide = true; break;
case 'miseajour':
{
$titre = $lang['title_update'];
$page_valide = true;
break;
}
$titre = $lang['title_update']; $page_valide = true; break;
case 'configuration':
{
$titre = $lang['title_configuration'];
$page_valide = true;
break;
}
$titre = $lang['title_configuration']; $page_valide = true; break;
case 'manuel':
{
$titre = $lang['title_instructions'];
$page_valide = true;
break;
}
$titre = $lang['title_instructions']; $page_valide = true; break;
case 'perm':
{
$titre = $lang['title_permissions'];
$page_valide = true;
break;
}
$titre = $lang['title_permissions']; $page_valide = true; break;
case 'cat':
{
$titre = $lang['title_categories'];
$page_valide = true;
break;
}
$titre = $lang['title_categories']; $page_valide = true; break;
case 'edit_cat':
{
$titre = $lang['title_edit_cat'];
$page_valide = true;
break;
}
$titre = $lang['title_edit_cat']; $page_valide = true; break;
case 'infos_images':
{
$titre = $lang['title_info_images'];
$page_valide = true;
break;
}
$titre = $lang['title_info_images']; $page_valide = true; break;
case 'waiting':
$titre = $lang['title_waiting']; $page_valide = true; break;
case 'thumbnail':
{
$titre = $lang['title_thumbnails'];
if ( isset( $_GET['dir'] ) )
{
@ -107,20 +70,10 @@ switch ( $_GET['page'] )
}
$page_valide = true;
break;
}
case 'waiting':
{
$titre = $lang['title_waiting'];
$page_valide = true;
break;
}
default:
{
$titre = $lang['title_default'];
break;
}
$titre = $lang['title_default']; break;
}
$vtp->setGlobalVar( $handle, 'title', $titre );
$vtp->setGlobalVar( $handle, 'title', $titre );
//--------------------------------------------------------------------- summary
$link_start = './admin.php?page=';
// configuration
@ -147,7 +100,8 @@ $vtp->closeSession( $handle, 'summary' );
// user add
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '&nbsp;&nbsp;' );
$vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'ajout' ) );
$vtp->setVar(
$handle, 'summary.link', add_session_id( $link_start.'user_add' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_add_user'] );
$vtp->closeSession( $handle, 'summary' );
// categories
@ -211,10 +165,9 @@ if ( $page_valide )
}
else
{
$vtp->setVar( $handle, 'sub',
'<div style="text-align:center">'.
$lang['default_message'].
'</div>' );
$vtp->setVar(
$handle, 'sub',
'<div style="text-align:center">'.$lang['default_message'].'</div>' );
}
//----------------------------------------------------------- html code display
$code = $vtp->Display( $handle, 0 );

326
admin/ajout.php
View file

@ -1,326 +0,0 @@
<?php
/***************************************************************************
* ajout.php is a part of PhpWebGallery *
* ------------------- *
* last update : Tuesday, July 16, 2002 *
* email : pierrick@z0rglub.com *
* *
***************************************************************************/
/***************************************************************************
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; *
* *
***************************************************************************/
include_once( "./include/isadmin.inc.php" );
$error = array();
$absent = false;
$row = mysql_fetch_array( mysql_query( "select pseudo,status,mail_address from $prefixeTable"."users where id = '".$HTTP_GET_VARS['user_id']."';" ) );
$pseudo = $row['pseudo'];
$status = $row['status'];
$mail_address = $row['mail_address'];
if ( $pseudo == "visiteur" || ( $pseudo == $conf['webmaster'] && $user['pseudo'] != $conf['webmaster'] ) )
{
echo "<div class=\"erreur\">".$lang['user_err_modify']."</div>";
$absent = true;
}
if ( $HTTP_GET_VARS['mode'] == "modif" )
{
if ( $pseudo == "" )
{
echo"<div class=\"info\">".$lang['user_err_unknown']."</div>";
$absent = true;
}
}
if ( !$absent )
{
if ( $HTTP_GET_VARS['valider'] == 1 )
{
$i = 0;
// le pseudo ne doit pas
// 1. être vide
// 2. commencer ou se terminer par un espace
// 3. comporter les caractères ' ou "
// 4. être déjà utilisé
// Notes sur le pseudo du webmaster :
// - lorsque l'on trouve plusieurs occurences consécutives du caractère espace, on réduit à une seule occurence
if ( $HTTP_GET_VARS['mode'] != "modif" )
{
if ( $HTTP_POST_VARS['pseudo'] == "" )
{
$error[$i++] = $lang['reg_err_login1'];
}
$pseudo = ereg_replace( "[ ]{2,}", " ", $HTTP_POST_VARS['pseudo'] );
if ( ereg( "^.* $", $pseudo) )
{
$error[$i++] = $lang['reg_err_login2'];
}
if ( ereg( "^ .*$", $pseudo) )
{
$error[$i++] = $lang['reg_err_login3'];
}
if ( ereg( "'",$pseudo ) || ereg( "\"",$pseudo ) )
{
$error[$i++] = $lang['reg_err_login4'];
}
else
{
$query = "select id from $prefixeTable"."users where pseudo = '$pseudo';";
$result = mysql_query( $query );
if ( mysql_num_rows( $result ) > 0 )
{
$error[$i++] = "<li>".$lang['reg_err_login5']."</li>";
}
}
}
// le mail doit être conforme à qqch du type : nom@serveur.com
if( $HTTP_POST_VARS['mail_address'] != "" && !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)", $HTTP_POST_VARS['mail_address'] ) )
{
$error[$i++] = $lang['reg_err_mail_address'];
}
// mis à jour des variables pour ne pas afficher celles issue de la BD
$pseudo = $HTTP_POST_VARS['pseudo'];
$password = $HTTP_POST_VARS['password'];
$status = $HTTP_POST_VARS['status'];
$mail_address = $HTTP_POST_VARS['mail_address'];
// on met à jour les paramètres de l'applicaiton dans le cas où il n'y aucune erreur
if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['mode'] != "modif" )
{
// 1.récupération des valeurs par défaut de l'application pour nombre_image_ligne,nombre_ligne_page,couleur,language
$row = mysql_fetch_array( mysql_query( "select nombre_image_ligne,nombre_ligne_page,theme,language from $prefixeTable"."users where pseudo = 'visiteur';" ) );
// 2.ajout du nouvel utilisateur
$query = "insert into $prefixeTable"."users (pseudo,password,mail_address,nombre_image_ligne,nombre_ligne_page,theme,language,status) values ('$pseudo','".md5( $HTTP_POST_VARS['password'] )."',";
if ( $HTTP_POST_VARS['mail_address'] != "" )
{
$query.= "'".$HTTP_POST_VARS['mail_address']."'";
}
else
{
$query.= "NULL";
}
$query.= ",'".$row['nombre_image_ligne']."','".$row['nombre_ligne_page']."','".$row['theme']."','".$row['language']."','".$HTTP_POST_VARS['status']."');";
mysql_query( $query );
// 3. récupérer l'identifiant de l'utilisateur nouvellement créé
$row = mysql_fetch_array( mysql_query( "select id from $prefixeTable"."users where pseudo = '$pseudo';" ) );
$user_id = $row['id'];
// 4.ajouter les restrictions au nouvel utilisateur, les mêmes que celles de l'utilisateur par défaut
$query = "select cat_id ";
$query.= "from $prefixeTable"."restrictions as r,$prefixeTable"."users as u ";
$query.= "where u.id = r.user_id ";
$query.= "and u.pseudo = 'visiteur';";
$result = mysql_query( $query );
while( $row = mysql_fetch_array( $result ) )
{
mysql_query ( "insert into $prefixeTable"."restrictions (user_id,cat_id) values ('$user_id','".$row['cat_id']."');" );
}
}
if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['mode'] == "modif" )
{
$query = "update $prefixeTable"."users";
$query.= " set status = '".$HTTP_POST_VARS['status']."'";
if ( $HTTP_POST_VARS['use_new_pwd'] == 1 )
{
$query.= ", password = '".md5( $HTTP_POST_VARS['password'] )."'";
}
$query.= ", mail_address = ";
if ( $HTTP_POST_VARS['mail_address'] != "" )
{
$query.= "'".$HTTP_POST_VARS['mail_address']."'";
}
else
{
$query.= "NULL";
}
$query.= " where id = '".$HTTP_GET_VARS['user_id']."';";
mysql_query( $query );
}
}
if ( sizeof( $error ) > 0 )
{
echo "<div class=\"erreur\">".$lang['adduser_err_message'].sizeof( $error )." :";
echo "<ul>";
for ( $i = 0; $i < sizeof( $error ); $i++ )
{
echo "<li>".$error[$i]."</li>";
}
echo "</ul>";
echo "</div>";
}
if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['valider'] == 1 )
{
echo"<div class=\"info\">".$lang['adduser_info_message']."\"$pseudo\" ";
if ( $HTTP_POST_VARS['use_new_pwd'] == 1 )
{
echo $lang['adduser_info_password_updated']." ";
}
echo"[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
}
if ( $HTTP_GET_VARS['valider'] != 1 || $HTTP_GET_VARS['mode'] != "modif" || sizeof( $error ) > 0 )
{
if ( $HTTP_GET_VARS['mode'] != "modif" && sizeof( $error ) == 0 )
{
unset( $pseudo, $password, $status, $mail_address );
}
if ( !isset( $HTTP_POST_VARS['use_new_pwd'] ) || $HTTP_POST_VARS['use_new_pwd'] != 1 )
{
unset( $password );
}
$action = "./admin.php?page=ajout&amp;valider=1";
if ( $HTTP_GET_VARS['mode'] == "modif" )
{
$action.= "&amp;mode=modif&amp;user_id=".$HTTP_GET_VARS['user_id'];
}
echo"<form method=\"post\" action=\"".add_session_id_to_url( $action )."\">
<table style=\"width:100%;\">
<tr align=\"center\" valign=\"middle\">
<td>
<table style=\"margin-left:auto;margin-right:auto;\">
<tr>
<th colspan=\"2\">".$lang['adduser_fill_form']."</th>
</tr>
<tr>
<td colspan=\"2\"><div style=\"margin-bottom:0px;\">&nbsp;</div></td>
</tr>
<tr>
<td>".$lang['adduser_login']."</td>
<td>";
if ( $HTTP_GET_VARS['mode'] == "modif" )
{
echo"<span style=\"color:red;\">$pseudo [".$lang['adduser_unmodify']."]</span>";
echo"<input type=\"hidden\" name=\"pseudo\" value=\"$pseudo\"/>";
}
else
{
echo"<input type=\"text\" name=\"pseudo\" value=\"$pseudo\"/>";
}
echo"
</td>
</tr>";
echo"
<tr>
<td>";
if ( $HTTP_GET_VARS['mode'] == "modif" )
{
echo $lang['new']." ".$lang['password']."<input type=\"checkbox\" name=\"use_new_pwd\" value=\"1\"";
if ( isset( $HTTP_POST_VARS['use_new_pwd'] ) && $HTTP_POST_VARS['use_new_pwd'] == 1 )
{
echo " checked=\"checked\"";
}
echo " />";
}
else
{
echo $lang['password'];
}
echo"</td>
<td>";
echo"<input type=\"text\" name=\"password\" value=\"$password\"/></td>
</tr>";
echo"
<tr>
<td>".$lang['reg_mail_address']."</td>";
echo "
<td><input type=\"text\" name=\"mail_address\" value=\"$mail_address\"/></td>
</tr>";
echo"
<tr>
<td>".$lang['adduser_status']."</td>
<td>";
if ( $pseudo == $conf['webmaster'] )
{
echo "<span style=\"color:red;\">$status [".$lang['adduser_unmodify']."]</span>
<input type=\"hidden\" name=\"status\" value=\"$status\"/>";
}
else
{
echo"
<select name=\"status\">";
// on récupère toutes les status possibles dans la base
// par l'intermédiaire de la fonction get_enums
$option = get_enums( $prefixeTable."users", "status" );
for ( $i = 0; $i < sizeof( $option ); $i++ )
{
if ( isset( $status ) )
{
echo"
<option value=\"$option[$i]\"";
if ( $option[$i] == $status )
{
echo" selected=\"selected\"";
}
echo">";
switch ( $option[$i] )
{
case "admin" :
{
echo $lang['adduser_status_admin'];
break;
}
case "membre" :
{
echo $lang['adduser_status_member'];
break;
}
case "visiteur" :
{
echo $lang['adduser_status_guest'];
break;
}
}
echo"</option>";
}
else
{
echo"
<option value=\"$option[$i]\"";
if ( $option[$i] == "visiteur" )
{
echo" selected=\"selected\"";
}
echo">";
switch ( $option[$i] )
{
case "admin" :
{
echo $lang['adduser_status_admin'];
break;
}
case "membre" :
{
echo $lang['adduser_status_member'];
break;
}
case "visiteur" :
{
echo $lang['adduser_status_guest'];
break;
}
}
echo"</option>";
}
}
echo"
</select>";
}
echo"
</td>
</tr>
<tr>
<td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"".$lang['submit']."\"/></td>
</tr>
</table>
</td>
</tr>
</table>
</form>";
if ( $HTTP_GET_VARS['mode'] == "modif" )
{
echo "<div style=\"text-align:center;margin-bottom:10px;\">[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
}
}
}
?>

9
admin/configuration.php
View file

@ -1,9 +1,9 @@
<?
/***************************************************************************
* configuration.php is a part of PhpWebGallery *
* configuration.php *
* ------------------- *
* last update : Tuesday, July 16, 2002 *
* email : pierrick@z0rglub.com *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@ -293,7 +293,8 @@ else
$query.= $default_user_infos[$i];
}
$query .= ' from '.$prefixeTable.'users';
$query.= " where pseudo ='visiteur';";
$query.= " where username = 'guest'";
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );

288
admin/user_add.php
View file

@ -1,9 +1,9 @@
<?php
/***************************************************************************
* ajout.php is a part of PhpWebGallery *
* user_add.php *
* ------------------- *
* last update : Tuesday, July 16, 2002 *
* email : pierrick@z0rglub.com *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@ -14,242 +14,68 @@
* the Free Software Foundation; *
* *
***************************************************************************/
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_add.vtp' );
$tpl = array( 'adduser_info_message', 'adduser_info_back',
'adduser_fill_form', 'login', 'password', 'mail_address',
'adduser_status', 'submit' );
templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------- form criteria check
$error = array();
$absent = false;
$query = 'select';
$query.= ' pseudo,status,mail_address';
$query.= ' from '.$prefixeTable.'users';
$query.= ' where id = '.$_GET['user_id'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$pseudo = $row['pseudo'];
$status = $row['status'];
$mail_address = $row['mail_address'];
if ( $pseudo == 'visiteur' ||
( $pseudo == $conf['webmaster']
&& $user['pseudo'] != $conf['webmaster'] ) )
if ( isset( $_POST['submit'] ) )
{
echo "<div class=\"erreur\">".$lang['user_err_modify']."</div>";
$absent = true;
$error = register_user(
$_POST['username'], $_POST['password'], $_POST['password'],
$_POST['mail_address'], $_POST['status'] );
}
if ( $_GET['mode'] == 'modif' )
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
if ( $pseudo == '' )
$vtp->addSession( $sub, 'errors' );
for ( $i = 0; $i < sizeof( $error ); $i++ )
{
echo"<div class=\"info\">".$lang['user_err_unknown']."</div>";
$absent = true;
$vtp->addSession( $sub, 'li' );
$vtp->setVar( $sub, 'li.li', $error[$i] );
$vtp->closeSession( $sub, 'li' );
}
$vtp->closeSession( $sub, 'errors' );
}
if ( !$absent )
//---------------------------------------------------------------- confirmation
if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
{
if ( $_GET['valider'] == 1 )
{
if ( $_GET['mode'] != 'modif' )
{
$error = register_user( $_POST['pseudo'], $_POST['password'],
$_POST['password'], $_POST['mail_address'],
$_POST['status'] );
}
else
{
$use_new_password = false;
if ( $_POST['use_new_pwd'] == 1)
{
$use_new_password = true;
}
$error = update_user( $_GET['user_id'], $_POST['mail_address'],
$_POST['status'], $use_new_password,
$_POST['password'] );
}
}
if ( sizeof( $error ) > 0 )
{
echo "<div class=\"erreur\">".$lang['adduser_err_message'].sizeof( $error )." :";
echo "<ul>";
for ( $i = 0; $i < sizeof( $error ); $i++ )
{
echo "<li>".$error[$i]."</li>";
}
echo "</ul>";
echo "</div>";
}
if ( sizeof( $error ) == 0 && $_GET['valider'] == 1 )
{
echo"<div class=\"info\">".$lang['adduser_info_message']."\"$pseudo\" ";
if ( $_POST['use_new_pwd'] == 1 )
{
echo $lang['adduser_info_password_updated']." ";
}
echo"[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
}
if ( $_GET['valider'] != 1 || $_GET['mode'] != "modif" || sizeof( $error ) > 0 )
{
if ( $_GET['mode'] != "modif" && sizeof( $error ) == 0 )
{
unset( $pseudo, $password, $status, $mail_address );
}
if ( !isset( $_POST['use_new_pwd'] ) || $_POST['use_new_pwd'] != 1 )
{
unset( $password );
}
$action = "./admin.php?page=ajout&amp;valider=1";
if ( $_GET['mode'] == "modif" )
{
$action.= "&amp;mode=modif&amp;user_id=".$_GET['user_id'];
}
echo"<form method=\"post\" action=\"".add_session_id_to_url( $action )."\">
<table style=\"width:100%;\">
<tr align=\"center\" valign=\"middle\">
<td>
<table style=\"margin-left:auto;margin-right:auto;\">
<tr>
<th colspan=\"2\">".$lang['adduser_fill_form']."</th>
</tr>
<tr>
<td colspan=\"2\"><div style=\"margin-bottom:0px;\">&nbsp;</div></td>
</tr>
<tr>
<td>".$lang['adduser_login']."</td>
<td>";
if ( $_GET['mode'] == "modif" )
{
echo"<span style=\"color:red;\">$pseudo [".$lang['adduser_unmodify']."]</span>";
echo"<input type=\"hidden\" name=\"pseudo\" value=\"$pseudo\"/>";
}
else
{
echo"<input type=\"text\" name=\"pseudo\" value=\"$pseudo\"/>";
}
echo"
</td>
</tr>";
echo"
<tr>
<td>";
if ( $_GET['mode'] == "modif" )
{
echo $lang['new']." ".$lang['password']."<input type=\"checkbox\" name=\"use_new_pwd\" value=\"1\"";
if ( isset( $_POST['use_new_pwd'] ) && $_POST['use_new_pwd'] == 1 )
{
echo " checked=\"checked\"";
}
echo " />";
}
else
{
echo $lang['password'];
}
echo"</td>
<td>";
echo"<input type=\"text\" name=\"password\" value=\"$password\"/></td>
</tr>";
echo"
<tr>
<td>".$lang['reg_mail_address']."</td>";
echo "
<td><input type=\"text\" name=\"mail_address\" value=\"$mail_address\"/></td>
</tr>";
echo"
<tr>
<td>".$lang['adduser_status']."</td>
<td>";
if ( $pseudo == $conf['webmaster'] )
{
echo "<span style=\"color:red;\">$status [".$lang['adduser_unmodify']."]</span>
<input type=\"hidden\" name=\"status\" value=\"$status\"/>";
}
else
{
echo"
<select name=\"status\">";
// on récupère toutes les status possibles dans la base
// par l'intermédiaire de la fonction get_enums
$option = get_enums( $prefixeTable."users", "status" );
for ( $i = 0; $i < sizeof( $option ); $i++ )
{
if ( isset( $status ) )
{
echo"
<option value=\"$option[$i]\"";
if ( $option[$i] == $status )
{
echo" selected=\"selected\"";
}
echo">";
switch ( $option[$i] )
{
case "admin" :
{
echo $lang['adduser_status_admin'];
break;
}
case "membre" :
{
echo $lang['adduser_status_member'];
break;
}
case "visiteur" :
{
echo $lang['adduser_status_guest'];
break;
}
}
echo"</option>";
}
else
{
echo"
<option value=\"$option[$i]\"";
if ( $option[$i] == "visiteur" )
{
echo" selected=\"selected\"";
}
echo">";
switch ( $option[$i] )
{
case "admin" :
{
echo $lang['adduser_status_admin'];
break;
}
case "membre" :
{
echo $lang['adduser_status_member'];
break;
}
case "visiteur" :
{
echo $lang['adduser_status_guest'];
break;
}
}
echo"</option>";
}
}
echo"
</select>";
}
echo"
</td>
</tr>
<tr>
<td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"".$lang['submit']."\"/></td>
</tr>
</table>
</td>
</tr>
</table>
</form>";
if ( $_GET['mode'] == "modif" )
{
echo "<div style=\"text-align:center;margin-bottom:10px;\">[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
}
}
$vtp->addSession( $sub, 'confirmation' );
$vtp->setVar( $sub, 'confirmation.username', $_POST['username'] );
$url = add_session_id( './admin.php?page=user_list' );
$vtp->setVar( $sub, 'confirmation.url', $url );
$vtp->closeSession( $sub, 'confirmation' );
// reset all values
unset( $_POST );
}
//------------------------------------------------------------------------ form
$action = add_session_id( './admin.php?page=user_add' );
$vtp->setVar( $sub, 'form_action', $action );
$vtp->setVar( $sub, 'user:username', $_POST['username'] );
$vtp->setVar( $sub, 'user:password', $_POST['password'] );
$vtp->setVar( $sub, 'user:mail_address', $_POST['mail_address'] );
if ( !isset( $_POST['status'] ) )
{
$_POST['status'] = 'guest';
}
$option = get_enums( $prefixeTable.'users', 'status' );
for ( $i = 0; $i < sizeof( $option ); $i++ )
{
$vtp->addSession( $sub, 'status_option' );
$vtp->setVar( $sub, 'status_option.value', $option[$i] );
$vtp->setVar( $sub, 'status_option.option',
$lang['adduser_status_'.$option[$i]] );
if( $option[$i] == $_POST['status'] )
{
$vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' );
}
$vtp->closeSession( $sub, 'status_option' );
}
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?>

57
admin/user_list.php
View file

@ -1,9 +1,9 @@
<?php
/***************************************************************************
* liste_users.php is a part of PhpWebGallery *
* user_list.php *
* ------------------- *
* last update : Tuesday, July 16, 2002 *
* email : pierrick@z0rglub.com *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
* *
***************************************************************************/
@ -38,9 +38,9 @@ $vtp->setGlobalVar( $sub, 'listuser_button_invert',
$vtp->setGlobalVar( $sub, 'listuser_button_create_address',
$lang['listuser_button_create_address'] );
//--------------------------------------------------------------- delete a user
if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) )
if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
{
$query = 'select pseudo';
$query = 'select username';
$query.= ' from '.$prefixeTable.'users';
$query.= ' where id = '.$_GET['delete'];
$query.= ';';
@ -49,7 +49,7 @@ if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) )
if ( $_GET['confirm'] != 1 )
{
$vtp->addSession( $sub, 'deletion' );
$vtp->setVar( $sub, 'deletion.login', $row['pseudo'] );
$vtp->setVar( $sub, 'deletion.login', $row['username'] );
$yes_url = './admin.php?page=user_list&amp;delete='.$_GET['delete'];
$yes_url.= '&amp;confirm=1';
$vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) );
@ -61,7 +61,8 @@ if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) )
else
{
$vtp->addSession( $sub, 'confirmation' );
if ( $row['pseudo'] != 'visiteur' && $row['pseudo'] != $conf['webmaster'] )
if ( $row['username'] != 'guest'
and $row['username'] != $conf['webmaster'] )
{
$query = 'select count(*) as nb_result';
$query.= ' from '.$prefixeTable.'users';
@ -72,7 +73,7 @@ if ( isset ( $_GET['delete'] ) && is_numeric( $_GET['delete'] ) )
{
delete_user( $_GET['delete'] );
$vtp->setVar( $sub, 'confirmation.class', 'info' );
$info = '"'.$row['pseudo'].'" '.$lang['listuser_info_deletion'];
$info = '"'.$row['username'].'" '.$lang['listuser_info_deletion'];
$vtp->setVar( $sub, 'confirmation.info', $info );
}
else
@ -101,9 +102,9 @@ else
}
$vtp->setVar( $sub, 'users.form_action', $action );
$query = 'select id,pseudo,status,mail_address';
$query = 'select id,username,status,mail_address';
$query.= ' from '.$prefixeTable.'users';
$query.= ' order by status asc, pseudo asc';
$query.= ' order by status asc, username asc';
$query.= ';';
$result = mysql_query( $query );
@ -126,7 +127,7 @@ else
$title.= $lang['adduser_status_admin'];
break;
}
case 'visiteur' :
case 'guest' :
{
$title.= $lang['adduser_status_guest'];
break;
@ -137,26 +138,33 @@ else
}
$vtp->addSession( $sub, 'user' );
// checkbox for mail management if the user has a mail address
if ( $row['mail_address'] != '' && $row['pseudo'] != 'visiteur' )
if ( $row['mail_address'] != '' and $row['username'] != 'guest' )
{
$vtp->addSession( $sub, 'checkbox' );
$vtp->setVar( $sub, 'checkbox.name', 'mail-'.$row['id'] );
$vtp->closeSession( $sub, 'checkbox' );
}
// use a special color for the login of the user ?
if ( $row['pseudo'] == $conf['webmaster'] )
if ( $row['username'] == $conf['webmaster'] )
{
$vtp->setVar( $sub, 'user.color', 'red' );
}
if ( $row['pseudo'] == "visiteur" )
if ( $row['username'] == 'guest' )
{
$vtp->setVar( $sub, 'user.color', 'green' );
}
$vtp->setVar( $sub, 'user.login', $row['pseudo'] );
if ( $row['username'] == 'guest' )
{
$vtp->setVar( $sub, 'user.login', $lang['guest'] );
}
else
{
$vtp->setVar( $sub, 'user.login', $row['username'] );
}
// modify or not modify ?
if ( $row['pseudo'] == "visiteur"
|| ( $row['pseudo'] == $conf['webmaster']
&& $user['pseudo'] != $conf['webmaster'] ) )
if ( $row['username'] == 'guest'
or ( $row['username'] == $conf['webmaster']
and $user['username'] != $conf['webmaster'] ) )
{
$vtp->addSession( $sub, 'not_modify' );
$vtp->closeSession( $sub, 'not_modify' );
@ -164,14 +172,14 @@ else
else
{
$vtp->addSession( $sub, 'modify' );
$url = './admin.php?page=user_add&amp;mode=modif&amp;user_id=';
$url = './admin.php?page=user_modify&amp;user_id=';
$url.= $row['id'];
$vtp->setVar( $sub, 'modify.url', add_session_id( $url ) );
$vtp->setVar( $sub, 'modify.login', $row['pseudo'] );
$vtp->setVar( $sub, 'modify.login', $row['username'] );
$vtp->closeSession( $sub, 'modify' );
}
// manage permission or not ?
if ( $row['pseudo'] == $conf['webmaster'] )
if ( $row['username'] == $conf['webmaster'] )
{
$vtp->addSession( $sub, 'not_permission' );
$vtp->closeSession( $sub, 'not_permission' );
@ -181,11 +189,12 @@ else
$vtp->addSession( $sub, 'permission' );
$url = './admin.php?page=perm&amp;user_id='.$row['id'];
$vtp->setVar( $sub, 'permission.url', add_session_id( $url ) );
$vtp->setVar( $sub, 'permission.login', $row['pseudo'] );
$vtp->setVar( $sub, 'permission.login', $row['username'] );
$vtp->closeSession( $sub, 'permission' );
}
// is the user deletable or not ?
if ( $row['pseudo'] == 'visiteur' || $row['pseudo'] == $conf['webmaster'] )
if ( $row['username'] == 'guest'
or $row['username'] == $conf['webmaster'] )
{
$vtp->addSession( $sub, 'not_delete' );
$vtp->closeSession( $sub, 'not_delete' );
@ -195,7 +204,7 @@ else
$vtp->addSession( $sub, 'delete' );
$url = './admin.php?page=user_list&amp;delete='.$row['id'];
$vtp->setVar( $sub, 'delete.url', add_session_id( $url ) );
$vtp->setVar( $sub, 'delete.login', $row['pseudo'] );
$vtp->setVar( $sub, 'delete.login', $row['username'] );
$vtp->closeSession( $sub, 'delete' );
}
$vtp->closeSession( $sub, 'user' );

100
admin/user_modify.php
View file

@ -18,11 +18,16 @@ include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_modify.vtp' );
$error = array();
$tpl = array( 'user_err_modify', 'user_err_unknown' );
templatize_array( $tpl, 'lang' );
$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form',
'login', 'new', 'password', 'mail_address', 'adduser_status',
'submit', 'adduser_info_password_updated' );
templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------- form criteria check
$error = array();
$display_form = true;
// retrieving information in the database about the user identified by its
// id in $_GET['user_id']
$query = 'select';
$query.= ' username,status,mail_address';
$query.= ' from '.$prefixeTable.'users';
@ -30,34 +35,95 @@ $query.= ' where id = '.$_GET['user_id'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$username = $row['username'];
$status = $row['status'];
$mail_address = $row['mail_address'];
if ( $username == 'guest'
or ( $username == $conf['webmaster']
// user is not modifiable if :
// 1. the selected user is the user "guest"
// 2. the selected user is the webmaster and the user making the modification
// is not the webmaster
if ( $row['username'] == 'guest'
or ( $row['username'] == $conf['webmaster']
and $user['username'] != $conf['webmaster'] ) )
{
$vtp->addSession( $sub, 'err_modify' );
$vtp->closeSession( $sub, 'err_modify' );
array_push( $error, $lang['user_err_modify'] );
$display_form = false;
}
if ( $username == '' )
// if the user was not found in the database, no modification possible
if ( $row['username'] == '' )
{
$vtp->addSession( $sub, 'err_unknown' );
$vtp->closeSession( $sub, 'err_unknown' );
array_push( $error, $lang['user_err_unknown'] );
$display_form = false;
}
if ( $display_form and isset( $_POST['submit'] ) )
if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
{
// shall we use a new password and overwrite the old one ?
$use_new_password = false;
if ( $_POST['use_new_pwd'] == 1)
{
$use_new_password = true;
}
$error = update_user(
$_GET['user_id'], $_POST['mail_address'], $_POST['status'],
$use_new_password, $POST['password'] );
$error = array_merge( $error, update_user(
$_GET['user_id'], $_POST['mail_address'],
$_POST['status'], $use_new_password,
$_POST['password'] ) );
}
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
$vtp->addSession( $sub, 'errors' );
for ( $i = 0; $i < sizeof( $error ); $i++ )
{
$vtp->addSession( $sub, 'li' );
$vtp->setVar( $sub, 'li.li', $error[$i] );
$vtp->closeSession( $sub, 'li' );
}
$vtp->closeSession( $sub, 'errors' );
}
//---------------------------------------------------------------- confirmation
if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
{
$vtp->addSession( $sub, 'confirmation' );
$vtp->setVar( $sub, 'confirmation.username', $row['username'] );
$url = add_session_id( './admin.php?page=user_list' );
$vtp->setVar( $sub, 'confirmation.url', $url );
$vtp->closeSession( $sub, 'confirmation' );
if ( $use_new_pwd )
{
$vtp->addSession( $sub, 'password_updated' );
$vtp->closeSession( $sub, 'password_updated' );
}
$display_form = false;
}
//------------------------------------------------------------------------ form
if ( $display_form )
{
$vtp->addSession( $sub, 'form' );
$action = './admin.php?page=user_modify&amp;user_id='.$_GET['user_id'];
$vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) );
$vtp->setVar( $sub, 'form.user:username', $row['username'] );
$vtp->setVar( $sub, 'form.user:password', $_POST['password'] );
$vtp->setVar( $sub, 'form.user:mail_address', $_POST['mail_address'] );
if ( !isset( $_POST['status'] ) )
{
$_POST['status'] = 'guest';
}
$option = get_enums( $prefixeTable.'users', 'status' );
for ( $i = 0; $i < sizeof( $option ); $i++ )
{
$vtp->addSession( $sub, 'status_option' );
$vtp->setVar( $sub, 'status_option.value', $option[$i] );
$vtp->setVar( $sub, 'status_option.option',
$lang['adduser_status_'.$option[$i]] );
if( $option[$i] == $_POST['status'] )
{
$vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' );
}
$vtp->closeSession( $sub, 'status_option' );
}
$url = add_session_id( './admin.php?page=user_list' );
$vtp->setVar( $sub, 'form.url_back', $url );
$vtp->closeSession( $sub, 'form' );
}
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?>