archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
piwigo/admin/user_list.php
rub bcb81f3efd Resolved issue 0000693: guest & default users can to be deleted 
git-svn-id: http://piwigo.org/svn/trunk@2024 68402e56-0260-453c-a942-63ccdbb3a9ee
2007-05-25 15:51:40 +00:00

843 lines
22 KiB
PHP
Raw Blame History

<?php
// +-----------------------------------------------------------------------+
// | PhpWebGallery - a PHP based picture gallery |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
// | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | file : $Id$
// | last update : $Date$
// | last modifier : $Author$
// | revision : $Revision$
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
/**
* Add users and manage users list
*/
// +-----------------------------------------------------------------------+
// | functions |
// +-----------------------------------------------------------------------+
/**
* returns a list of users depending on page filters (in $_GET)
*
* Each user comes with his related informations : id, username, mail
* address, list of groups.
*
* @return array
*/
function get_filtered_user_list()
{
global $conf, $page;
$users = array();
// filter
$filter = array();
if (isset($_GET['username']) and !empty($_GET['username']))
{
$username = str_replace('*', '%', $_GET['username']);
if (function_exists('mysql_real_escape_string'))
{
$filter['username'] = mysql_real_escape_string($username);
}
else
{
$filter['username'] = mysql_escape_string($username);
}
}
if (isset($_GET['group'])
and -1 != $_GET['group']
and is_numeric($_GET['group']))
{
$filter['group'] = $_GET['group'];
}
if (isset($_GET['status'])
and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
{
$filter['status'] = $_GET['status'];
}
// how to order the list?
$order_by = 'id';
if (isset($_GET['order_by'])
and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
{
$order_by = $_GET['order_by'];
}
$direction = 'ASC';
if (isset($_GET['direction'])
and in_array($_GET['direction'], array_keys($page['direction_items'])))
{
$direction = strtoupper($_GET['direction']);
}
// search users depending on filters and order
$query = '
SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
u.'.$conf['user_fields']['username'].' AS username,
u.'.$conf['user_fields']['email'].' AS email,
ui.status,
ui.adviser,
ui.enabled_high
FROM '.USERS_TABLE.' AS u
INNER JOIN '.USER_INFOS_TABLE.' AS ui
ON u.'.$conf['user_fields']['id'].' = ui.user_id
LEFT JOIN '.USER_GROUP_TABLE.' AS ug
ON u.'.$conf['user_fields']['id'].' = ug.user_id
WHERE u.'.$conf['user_fields']['id'].' > 0';
if (isset($filter['username']))
{
$query.= '
AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
}
if (isset($filter['group']))
{
$query.= '
AND ug.group_id = '.$filter['group'];
}
if (isset($filter['status']))
{
$query.= '
AND ui.status = \''.$filter['status']."'";
}
$query.= '
ORDER BY '.$order_by.' '.$direction.'
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
$user = $row;
$user['groups'] = array();
array_push($users, $user);
}
// add group lists
$user_ids = array();
foreach ($users as $i => $user)
{
$user_ids[$i] = $user['id'];
}
$user_nums = array_flip($user_ids);
if (count($user_ids) > 0)
{
$query = '
SELECT user_id, group_id
FROM '.USER_GROUP_TABLE.'
WHERE user_id IN ('.implode(',', $user_ids).')
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
array_push(
$users[$user_nums[$row['user_id']]]['groups'],
$row['group_id']
);
}
}
return $users;
}
// +-----------------------------------------------------------------------+
// | initialization |
// +-----------------------------------------------------------------------+
if (!defined('PHPWG_ROOT_PATH'))
{
die('Hacking attempt!');
}
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
// | Check Access and exit when user status is not ok |
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
$page['order_by_items'] = array(
'id' => $lang['registration_date'],
'username' => $lang['Username']
);
$page['direction_items'] = array(
'asc' => $lang['ascending'],
'desc' => $lang['descending']
);
// +-----------------------------------------------------------------------+
// | add a user |
// +-----------------------------------------------------------------------+
if (isset($_POST['submit_add']))
{
$page['errors'] = register_user(
$_POST['login'], $_POST['password'], $_POST['email']);
if (count($page['errors']) == 0)
{
array_push(
$page['infos'],
sprintf(
l10n('user "%s" added'),
$_POST['login']
)
);
}
}
// +-----------------------------------------------------------------------+
// | user list |
// +-----------------------------------------------------------------------+
$page['filtered_users'] = get_filtered_user_list();
// +-----------------------------------------------------------------------+
// | selected users |
// +-----------------------------------------------------------------------+
if (isset($_POST['delete']) or isset($_POST['pref_submit']))
{
$collection = array();
switch ($_POST['target'])
{
case 'all' :
{
foreach($page['filtered_users'] as $local_user)
{
array_push($collection, $local_user['id']);
}
break;
}
case 'selection' :
{
if (isset($_POST['selection']))
{
$collection = $_POST['selection'];
}
break;
}
}
if (count($collection) == 0)
{
array_push($page['errors'], l10n('Select at least one user'));
}
}
// +-----------------------------------------------------------------------+
// | delete users |
// +-----------------------------------------------------------------------+
if (isset($_POST['delete']) and count($collection) > 0)
{
if (in_array($conf['guest_id'], $collection))
{
array_push($page['errors'], l10n('Guest cannot be deleted'));
}
if (($conf['guest_id'] != $conf['default_user_id']) and
in_array($conf['default_user_id'], $collection))
{
array_push($page['errors'], l10n('Default user cannot be deleted'));
}
if (in_array($conf['webmaster_id'], $collection))
{
array_push($page['errors'], l10n('Webmaster cannot be deleted'));
}
if (in_array($user['id'], $collection))
{
array_push($page['errors'], l10n('You cannot delete your account'));
}
if (count($page['errors']) == 0)
{
if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
{
foreach ($collection as $user_id)
{
delete_user($user_id);
}
array_push(
$page['infos'],
l10n_dec(
'%d user deleted', '%d users deleted',
count($collection)
)
);
foreach ($page['filtered_users'] as $filter_key => $filter_user)
{
if (in_array($filter_user['id'], $collection))
{
unset($page['filtered_users'][$filter_key]);
}
}
}
else
{
array_push($page['errors'], l10n('You need to confirm deletion'));
}
}
}
// +-----------------------------------------------------------------------+
// | preferences form submission |
// +-----------------------------------------------------------------------+
if (isset($_POST['pref_submit']) and count($collection) > 0)
{
if (-1 != $_POST['associate'])
{
$datas = array();
$query = '
SELECT user_id
FROM '.USER_GROUP_TABLE.'
WHERE group_id = '.$_POST['associate'].'
;';
$associated = array_from_query($query, 'user_id');
$associable = array_diff($collection, $associated);
if (count($associable) > 0)
{
foreach ($associable as $item)
{
array_push($datas,
array('group_id'=>$_POST['associate'],
'user_id'=>$item));
}
mass_inserts(USER_GROUP_TABLE,
array('group_id', 'user_id'),
$datas);
}
}
if (-1 != $_POST['dissociate'])
{
$query = '
DELETE FROM '.USER_GROUP_TABLE.'
WHERE group_id = '.$_POST['dissociate'].'
AND user_id IN ('.implode(',', $collection).')
';
pwg_query($query);
}
// properties to set for the collection (a user list)
$datas = array();
$dbfields = array('primary' => array('user_id'), 'update' => array());
$formfields =
array('nb_image_line', 'nb_line_page', 'template', 'language',
'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
'show_nb_hits', 'maxheight', 'status', 'enabled_high');
$true_false_fields = array('expand', 'show_nb_comments',
'show_nb_hits', 'enabled_high');
if ($conf['allow_adviser'])
{
array_push($formfields, 'adviser');
array_push($true_false_fields, 'adviser');
}
foreach ($formfields as $formfield)
{
// special for true/false fields
if (in_array($formfield, $true_false_fields))
{
$test = $formfield;
}
else
{
$test = $formfield.'_action';
}
if ($_POST[$test] != 'leave')
{
array_push($dbfields['update'], $formfield);
}
}
// updating elements is useful only if needed...
if (count($dbfields['update']) > 0)
{
$datas = array();
foreach ($collection as $user_id)
{
$data = array();
$data['user_id'] = $user_id;
// TODO : verify if submited values are semanticaly correct
foreach ($dbfields['update'] as $dbfield)
{
// if the action is 'unset', the key won't be in row and
// mass_updates function will set this field to NULL
if (in_array($dbfield, $true_false_fields)
or 'set' == $_POST[$dbfield.'_action'])
{
$data[$dbfield] = $_POST[$dbfield];
}
}
// special users checks
if
(
($conf['webmaster_id'] == $user_id) or
($conf['guest_id'] == $user_id) or
($conf['default_user_id'] == $user_id)
)
{
// status must not be changed
if (isset($data['status']))
{
if ($conf['webmaster_id'] == $user_id)
{
$data['status'] = 'webmaster';
}
else
{
$data['status'] = 'guest';
}
}
// could not be adivser
if (isset($data['adviser']))
{
$data['adviser'] = 'false';
}
}
array_push($datas, $data);
}
mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
}
redirect(
PHPWG_ROOT_PATH.
'admin.php'.
get_query_string_diff(
array(
'start'
)
)
);
}
// +-----------------------------------------------------------------------+
// | groups list |
// +-----------------------------------------------------------------------+
$groups = array();
$query = '
SELECT id, name
FROM '.GROUPS_TABLE.'
ORDER BY name ASC
;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
$groups[$row['id']] = $row['name'];
}
// +-----------------------------------------------------------------------+
// | template init |
// +-----------------------------------------------------------------------+
$template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
if (isset($_GET['start']) and is_numeric($_GET['start']))
{
$start = $_GET['start'];
}
else
{
$start = 0;
}
$template->assign_vars(
array(
'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list',
'F_ADD_ACTION' => $base_url,
'F_USERNAME' => @htmlentities($_GET['username']),
'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php'
));
if (isset($_GET['id']))
{
$template->assign_block_vars('session', array('ID' => $_GET['id']));
}
// Hide radio-button if not allow to assign adviser
if ($conf['allow_adviser'])
{
$template->assign_block_vars('adviser', array());
}
foreach ($page['order_by_items'] as $item => $label)
{
$selected = (isset($_GET['order_by']) and $_GET['order_by'] == $item) ?
'selected="selected"' : '';
$template->assign_block_vars(
'order_by',
array(
'VALUE' => $item,
'CONTENT' => $label,
'SELECTED' => $selected
));
}
foreach ($page['direction_items'] as $item => $label)
{
$selected = (isset($_GET['direction']) and $_GET['direction'] == $item) ?
'selected="selected"' : '';
$template->assign_block_vars(
'direction',
array(
'VALUE' => $item,
'CONTENT' => $label,
'SELECTED' => $selected
));
}
$blockname = 'group_option';
$template->assign_block_vars(
$blockname,
array(
'VALUE'=> -1,
'CONTENT' => '------------',
'SELECTED' => ''
));
foreach ($groups as $group_id => $group_name)
{
$selected = (isset($_GET['group']) and $_GET['group'] == $group_id) ?
'selected="selected"' : '';
$template->assign_block_vars(
$blockname,
array(
'VALUE' => $group_id,
'CONTENT' => $group_name,
'SELECTED' => $selected
));
}
$blockname = 'status_option';
$template->assign_block_vars(
$blockname,
array(
'VALUE'=> -1,
'CONTENT' => '------------',
'SELECTED' => ''
));
foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
{
$selected = (isset($_GET['status']) and $_GET['status'] == $status) ?
'selected="selected"' : '';
$template->assign_block_vars(
$blockname,
array(
'VALUE' => $status,
'CONTENT' => $lang['user_status_'.$status],
'SELECTED' => $selected
));
}
if (isset($_POST['pref_submit']))
{
// echo '<pre>'; print_r($_POST); echo '</pre>';
$template->assign_vars(
array(
'ADVISER_YES' => 'true' == (isset($_POST['adviser']) and $_POST['adviser']) ? 'checked="checked"' : '',
'ADVISER_NO' => 'false' == (isset($_POST['adviser']) and $_POST['adviser']) ? 'checked="checked"' : '',
'NB_IMAGE_LINE' => $_POST['nb_image_line'],
'NB_LINE_PAGE' => $_POST['nb_line_page'],
'MAXWIDTH' => $_POST['maxwidth'],
'MAXHEIGHT' => $_POST['maxheight'],
'RECENT_PERIOD' => $_POST['recent_period'],
'EXPAND_YES' => 'true' == $_POST['expand'] ? 'checked="checked"' : '',
'EXPAND_NO' => 'false' == $_POST['expand'] ? 'checked="checked"' : '',
'SHOW_NB_COMMENTS_YES' =>
'true' == $_POST['show_nb_comments'] ? 'checked="checked"' : '',
'SHOW_NB_COMMENTS_NO' =>
'false' == $_POST['show_nb_comments'] ? 'checked="checked"' : '',
'SHOW_NB_HITS_YES' =>
'true' == $_POST['show_nb_hits'] ? 'checked="checked"' : '',
'SHOW_NB_HITS_NO' =>
'false' == $_POST['show_nb_hits'] ? 'checked="checked"' : '',
'ENABLED_HIGH_YES' => 'true' == $_POST['enabled_high'] ? 'checked="checked"' : '',
'ENABLED_HIGH_NO' => 'false' == $_POST['enabled_high'] ? 'checked="checked"' : '',
));
}
else
{
$default_user = get_default_user_info(true);
$template->assign_vars(
array(
'NB_IMAGE_LINE' => $default_user['nb_image_line'],
'NB_LINE_PAGE' => $default_user['nb_line_page'],
'MAXWIDTH' => $default_user['maxwidth'],
'MAXHEIGHT' => $default_user['maxheight'],
'RECENT_PERIOD' => $default_user['recent_period'],
));
}
$blockname = 'template_option';
foreach (get_pwg_themes() as $pwg_template)
{
if (isset($_POST['pref_submit']))
{
$selected = $_POST['template']==$pwg_template ? 'selected="selected"' : '';
}
else if (get_default_template() == $pwg_template)
{
$selected = 'selected="selected"';
}
else
{
$selected = '';
}
$template->assign_block_vars(
$blockname,
array(
'VALUE'=> $pwg_template,
'CONTENT' => $pwg_template,
'SELECTED' => $selected
));
}
$blockname = 'language_option';
foreach (get_languages() as $language_code => $language_name)
{
if (isset($_POST['pref_submit']))
{
$selected = $_POST['language']==$language_code ? 'selected="selected"':'';
}
else if (get_default_language() == $language_code)
{
$selected = 'selected="selected"';
}
else
{
$selected = '';
}
$template->assign_block_vars(
$blockname,
array(
'VALUE'=> $language_code,
'CONTENT' => $language_name,
'SELECTED' => $selected
));
}
$blockname = 'pref_status_option';
foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
{
if (isset($_POST['pref_submit']))
{
$selected = $_POST['status'] == $status ? 'selected="selected"' : '';
}
else if ('normal' == $status)
{
$selected = 'selected="selected"';
}
else
{
$selected = '';
}
// Only status <= can be assign
if (is_autorize_status(get_access_type_status($status)))
{
$template->assign_block_vars(
$blockname,
array(
'VALUE' => $status,
'CONTENT' => $lang['user_status_'.$status],
'SELECTED' => $selected
));
}
}
// associate
$blockname = 'associate_option';
$template->assign_block_vars(
$blockname,
array(
'VALUE'=> -1,
'CONTENT' => '------------',
'SELECTED' => ''
));
foreach ($groups as $group_id => $group_name)
{
if (isset($_POST['pref_submit']))
{
$selected = $_POST['associate'] == $group_id ? 'selected="selected"' : '';
}
else
{
$selected = '';
}
$template->assign_block_vars(
$blockname,
array(
'VALUE' => $group_id,
'CONTENT' => $group_name,
'SELECTED' => $selected
));
}
// dissociate
$blockname = 'dissociate_option';
$template->assign_block_vars(
$blockname,
array(
'VALUE'=> -1,
'CONTENT' => '------------',
'SELECTED' => ''
));
foreach ($groups as $group_id => $group_name)
{
if (isset($_POST['pref_submit']))
{
$selected = $_POST['dissociate'] == $group_id ? 'selected="selected"' : '';
}
else
{
$selected = '';
}
$template->assign_block_vars(
$blockname,
array(
'VALUE' => $group_id,
'CONTENT' => $group_name,
'SELECTED' => $selected
));
}
// +-----------------------------------------------------------------------+
// | navigation bar |
// +-----------------------------------------------------------------------+
$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
$navbar = create_navigation_bar(
$url,
count($page['filtered_users']),
$start,
$conf['users_page']
);
$template->assign_vars(array('NAVBAR' => $navbar));
// +-----------------------------------------------------------------------+
// | user list |
// +-----------------------------------------------------------------------+
$profile_url = get_root_url().'admin.php?page=profile&amp;user_id=';
$perm_url = get_root_url().'admin.php?page=user_perm&amp;user_id=';
foreach ($page['filtered_users'] as $num => $local_user)
{
// simulate LIMIT $start, $conf['users_page']
if ($num < $start)
{
continue;
}
if ($num >= $start + $conf['users_page'])
{
break;
}
$groups_string = preg_replace(
'/(\d+)/e',
"\$groups['$1']",
implode(
', ',
$local_user['groups']
)
);
if (isset($_POST['pref_submit'])
and isset($_POST['selection'])
and in_array($local_user['id'], $_POST['selection']))
{
$checked = 'checked="checked"';
}
else
{
$checked = '';
}
$template->assign_block_vars(
'user',
array(
'CLASS' => ($num % 2 == 1) ? 'row2' : 'row1',
'ID' => $local_user['id'],
'CHECKED' => $checked,
'U_PROFILE' => $profile_url.$local_user['id'],
'U_PERM' => $perm_url.$local_user['id'],
'USERNAME' => $local_user['username']
.($local_user['id'] == $conf['guest_id']
? '<BR />['.l10n('is_the_guest').']' : '')
.($local_user['id'] == $conf['default_user_id']
? '<BR />['.l10n('is_the_default').']' : ''),
'STATUS' => $lang['user_status_'.
$local_user['status']].(($local_user['adviser'] == 'true')
? '<BR />['.l10n('adviser').']' : ''),
'EMAIL' => get_email_address_as_display_text($local_user['email']),
'GROUPS' => $groups_string,
'PROPERTIES' =>
(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
? $lang['is_high_enabled'] : $lang['is_high_disabled']
)
);
}
// +-----------------------------------------------------------------------+
// | html code display |
// +-----------------------------------------------------------------------+
$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
?>
Reference in a new issue View git blame Copy permalink