diff options
Diffstat (limited to 'BSF/admin/user_list.php')
| -rw-r--r-- | BSF/admin/user_list.php | 688 |
1 files changed, 688 insertions, 0 deletions
diff --git a/BSF/admin/user_list.php b/BSF/admin/user_list.php new file mode 100644 index 000000000..635424b6a --- /dev/null +++ b/BSF/admin/user_list.php @@ -0,0 +1,688 @@ +<?php +// +-----------------------------------------------------------------------+ +// | Piwigo - a PHP based picture gallery | +// +-----------------------------------------------------------------------+ +// | Copyright(C) 2008 Piwigo Team http://piwigo.org | +// | Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net | +// | Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick | +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +/** + * Add users and manage users list + */ + +// +-----------------------------------------------------------------------+ +// | functions | +// +-----------------------------------------------------------------------+ + +/** + * returns a list of users depending on page filters (in $_GET) + * + * Each user comes with his related informations : id, username, mail + * address, list of groups. + * + * @return array + */ +function get_filtered_user_list() +{ + global $conf, $page; + + $users = array(); + + // filter + $filter = array(); + + if (isset($_GET['username']) and !empty($_GET['username'])) + { + $username = str_replace('*', '%', $_GET['username']); + if (function_exists('mysql_real_escape_string')) + { + $filter['username'] = mysql_real_escape_string($username); + } + else + { + $filter['username'] = mysql_escape_string($username); + } + } + + if (isset($_GET['group']) + and -1 != $_GET['group'] + and is_numeric($_GET['group'])) + { + $filter['group'] = $_GET['group']; + } + + if (isset($_GET['status']) + and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status'))) + { + $filter['status'] = $_GET['status']; + } + + // how to order the list? + $order_by = 'id'; + if (isset($_GET['order_by']) + and in_array($_GET['order_by'], array_keys($page['order_by_items']))) + { + $order_by = $_GET['order_by']; + } + + $direction = 'ASC'; + if (isset($_GET['direction']) + and in_array($_GET['direction'], array_keys($page['direction_items']))) + { + $direction = strtoupper($_GET['direction']); + } + + // search users depending on filters and order + $query = ' +SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id, + u.'.$conf['user_fields']['username'].' AS username, + u.'.$conf['user_fields']['email'].' AS email, + ui.status, + ui.adviser, + ui.enabled_high, + ui.level + FROM '.USERS_TABLE.' AS u + INNER JOIN '.USER_INFOS_TABLE.' AS ui + ON u.'.$conf['user_fields']['id'].' = ui.user_id + LEFT JOIN '.USER_GROUP_TABLE.' AS ug + ON u.'.$conf['user_fields']['id'].' = ug.user_id + WHERE u.'.$conf['user_fields']['id'].' > 0'; + if (isset($filter['username'])) + { + $query.= ' + AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\''; + } + if (isset($filter['group'])) + { + $query.= ' + AND ug.group_id = '.$filter['group']; + } + if (isset($filter['status'])) + { + $query.= ' + AND ui.status = \''.$filter['status']."'"; + } + $query.= ' + ORDER BY '.$order_by.' '.$direction.' +;'; + + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + $user = $row; + $user['groups'] = array(); + + array_push($users, $user); + } + + // add group lists + $user_ids = array(); + foreach ($users as $i => $user) + { + $user_ids[$i] = $user['id']; + } + $user_nums = array_flip($user_ids); + + if (count($user_ids) > 0) + { + $query = ' +SELECT user_id, group_id + FROM '.USER_GROUP_TABLE.' + WHERE user_id IN ('.implode(',', $user_ids).') +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push( + $users[$user_nums[$row['user_id']]]['groups'], + $row['group_id'] + ); + } + } + + return $users; +} + +// +-----------------------------------------------------------------------+ +// | initialization | +// +-----------------------------------------------------------------------+ + +if (!defined('PHPWG_ROOT_PATH')) +{ + die('Hacking attempt!'); +} + +include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); + +// +-----------------------------------------------------------------------+ +// | Check Access and exit when user status is not ok | +// +-----------------------------------------------------------------------+ +check_status(ACCESS_ADMINISTRATOR); + +$page['order_by_items'] = array( + 'id' => l10n('registration_date'), + 'username' => l10n('Username'), + 'level' => l10n('Privacy level'), + 'language' => l10n('language'), + ); + +$page['direction_items'] = array( + 'asc' => l10n('ascending'), + 'desc' => l10n('descending') + ); + +// +-----------------------------------------------------------------------+ +// | add a user | +// +-----------------------------------------------------------------------+ + +if (isset($_POST['submit_add'])) +{ + $page['errors'] = register_user( + $_POST['login'], $_POST['password'], $_POST['email'], false); + + if (count($page['errors']) == 0) + { + array_push( + $page['infos'], + sprintf( + l10n('user "%s" added'), + $_POST['login'] + ) + ); + } +} + +// +-----------------------------------------------------------------------+ +// | user list | +// +-----------------------------------------------------------------------+ + +$page['filtered_users'] = get_filtered_user_list(); + +// +-----------------------------------------------------------------------+ +// | selected users | +// +-----------------------------------------------------------------------+ + +if (isset($_POST['delete']) or isset($_POST['pref_submit'])) +{ + $collection = array(); + + switch ($_POST['target']) + { + case 'all' : + { + foreach($page['filtered_users'] as $local_user) + { + array_push($collection, $local_user['id']); + } + break; + } + case 'selection' : + { + if (isset($_POST['selection'])) + { + $collection = $_POST['selection']; + } + break; + } + } + + if (count($collection) == 0) + { + array_push($page['errors'], l10n('Select at least one user')); + } +} + +// +-----------------------------------------------------------------------+ +// | delete users | +// +-----------------------------------------------------------------------+ +if (isset($_POST['delete']) and count($collection) > 0) +{ + if (in_array($conf['guest_id'], $collection)) + { + array_push($page['errors'], l10n('Guest cannot be deleted')); + } + if (($conf['guest_id'] != $conf['default_user_id']) and + in_array($conf['default_user_id'], $collection)) + { + array_push($page['errors'], l10n('Default user cannot be deleted')); + } + if (in_array($conf['webmaster_id'], $collection)) + { + array_push($page['errors'], l10n('Webmaster cannot be deleted')); + } + if (in_array($user['id'], $collection)) + { + array_push($page['errors'], l10n('You cannot delete your account')); + } + + if (count($page['errors']) == 0) + { + if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion']) + { + foreach ($collection as $user_id) + { + delete_user($user_id); + } + array_push( + $page['infos'], + l10n_dec( + '%d user deleted', '%d users deleted', + count($collection) + ) + ); + foreach ($page['filtered_users'] as $filter_key => $filter_user) + { + if (in_array($filter_user['id'], $collection)) + { + unset($page['filtered_users'][$filter_key]); + } + } + } + else + { + array_push($page['errors'], l10n('You need to confirm deletion')); + } + } +} + +// +-----------------------------------------------------------------------+ +// | preferences form submission | +// +-----------------------------------------------------------------------+ + +if (isset($_POST['pref_submit']) and count($collection) > 0) +{ + if (-1 != $_POST['associate']) + { + $datas = array(); + + $query = ' +SELECT user_id + FROM '.USER_GROUP_TABLE.' + WHERE group_id = '.$_POST['associate'].' +;'; + $associated = array_from_query($query, 'user_id'); + + $associable = array_diff($collection, $associated); + + if (count($associable) > 0) + { + foreach ($associable as $item) + { + array_push($datas, + array('group_id'=>$_POST['associate'], + 'user_id'=>$item)); + } + + mass_inserts(USER_GROUP_TABLE, + array('group_id', 'user_id'), + $datas); + } + } + + if (-1 != $_POST['dissociate']) + { + $query = ' +DELETE FROM '.USER_GROUP_TABLE.' + WHERE group_id = '.$_POST['dissociate'].' + AND user_id IN ('.implode(',', $collection).') +'; + pwg_query($query); + } + + // properties to set for the collection (a user list) + $datas = array(); + $dbfields = array('primary' => array('user_id'), 'update' => array()); + + $formfields = + array('nb_image_line', 'nb_line_page', 'template', 'language', + 'recent_period', 'maxwidth', 'expand', 'show_nb_comments', + 'show_nb_hits', 'maxheight', 'status', 'enabled_high', + 'level'); + + $true_false_fields = array('expand', 'show_nb_comments', + 'show_nb_hits', 'enabled_high'); + if ($conf['allow_adviser']) + { + array_push($formfields, 'adviser'); + array_push($true_false_fields, 'adviser'); + } + + foreach ($formfields as $formfield) + { + // special for true/false fields + if (in_array($formfield, $true_false_fields)) + { + $test = $formfield; + } + else + { + $test = $formfield.'_action'; + } + + if ($_POST[$test] != 'leave') + { + array_push($dbfields['update'], $formfield); + } + } + + // updating elements is useful only if needed... + if (count($dbfields['update']) > 0) + { + $datas = array(); + + foreach ($collection as $user_id) + { + $data = array(); + $data['user_id'] = $user_id; + + // TODO : verify if submited values are semanticaly correct + foreach ($dbfields['update'] as $dbfield) + { + // if the action is 'unset', the key won't be in row and + // mass_updates function will set this field to NULL + if (in_array($dbfield, $true_false_fields) + or 'set' == $_POST[$dbfield.'_action']) + { + $data[$dbfield] = $_POST[$dbfield]; + } + } + + // special users checks + if + ( + ($conf['webmaster_id'] == $user_id) or + ($conf['guest_id'] == $user_id) or + ($conf['default_user_id'] == $user_id) + ) + { + // status must not be changed + if (isset($data['status'])) + { + if ($conf['webmaster_id'] == $user_id) + { + $data['status'] = 'webmaster'; + } + else + { + $data['status'] = 'guest'; + } + } + + // could not be adivser + if (isset($data['adviser'])) + { + $data['adviser'] = 'false'; + } + } + + array_push($datas, $data); + } + + mass_updates(USER_INFOS_TABLE, $dbfields, $datas); + } + + redirect( + get_root_url(). + 'admin.php'. + get_query_string_diff(array(), false) + ); +} + +// +-----------------------------------------------------------------------+ +// | groups list | +// +-----------------------------------------------------------------------+ + +$groups[-1] = '------------'; + +$query = ' +SELECT id, name + FROM '.GROUPS_TABLE.' + ORDER BY name ASC +;'; +$result = pwg_query($query); + +while ($row = mysql_fetch_array($result)) +{ + $groups[$row['id']] = $row['name']; +} + +// +-----------------------------------------------------------------------+ +// | template init | +// +-----------------------------------------------------------------------+ + +$template->set_filenames(array('user_list'=>'admin/user_list.tpl')); + +$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list'; + +if (isset($_GET['start']) and is_numeric($_GET['start'])) +{ + $start = $_GET['start']; +} +else +{ + $start = 0; +} + +$template->assign( + array( + 'U_HELP' => get_root_url().'popuphelp.php?page=user_list', + + 'F_ADD_ACTION' => $base_url, + 'F_USERNAME' => @htmlentities($_GET['username']), + 'F_FILTER_ACTION' => get_root_url().'admin.php' + )); + +// Hide radio-button if not allow to assign adviser +if ($conf['allow_adviser']) +{ + $template->assign('adviser', true); +} + +// Filter status options +$status_options[-1] = '------------'; +foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) +{ + $status_options[$status] = l10n('user_status_'.$status); +} +$template->assign('status_options', $status_options); +$template->assign('status_selected', + isset($_GET['status']) ? $_GET['status'] : ''); + +// Filter group options +$template->assign('group_options', $groups); +$template->assign('group_selected', + isset($_GET['group']) ? $_GET['group'] : ''); + +// Filter order options +$template->assign('order_options', $page['order_by_items']); +$template->assign('order_selected', + isset($_GET['order_by']) ? $_GET['order_by'] : ''); + +// Filter direction options +$template->assign('direction_options', $page['direction_items']); +$template->assign('direction_selected', + isset($_GET['direction']) ? $_GET['direction'] : ''); + + +if (isset($_POST['pref_submit'])) +{ + $template->assign( + array( + 'NB_IMAGE_LINE' => $_POST['nb_image_line'], + 'NB_LINE_PAGE' => $_POST['nb_line_page'], + 'MAXWIDTH' => $_POST['maxwidth'], + 'MAXHEIGHT' => $_POST['maxheight'], + 'RECENT_PERIOD' => $_POST['recent_period'], + )); +} +else +{ + $default_user = get_default_user_info(true); + $template->assign( + array( + 'NB_IMAGE_LINE' => $default_user['nb_image_line'], + 'NB_LINE_PAGE' => $default_user['nb_line_page'], + 'MAXWIDTH' => $default_user['maxwidth'], + 'MAXHEIGHT' => $default_user['maxheight'], + 'RECENT_PERIOD' => $default_user['recent_period'], + )); +} + +// Template Options +$template->assign('template_options', get_pwg_themes()); +$template->assign('template_selected', + isset($_POST['pref_submit']) ? $_POST['template'] : get_default_template()); + +// Language options +$template->assign('language_options', get_languages()); +$template->assign('language_selected', + isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language()); + +// Status options +foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) +{ + // Only status <= can be assign + if (is_autorize_status(get_access_type_status($status))) + { + $pref_status_options[$status] = l10n('user_status_'.$status); + } +} +$template->assign('pref_status_options', $pref_status_options); +$template->assign('pref_status_selected', + isset($_POST['pref_submit']) ? $_POST['status'] : 'normal'); + +// associate and dissociate options +$template->assign('association_options', $groups); +$template->assign('associate_selected', + isset($_POST['pref_submit']) ? $_POST['associate'] : ''); +$template->assign('dissociate_selected', + isset($_POST['pref_submit']) ? $_POST['dissociate'] : ''); + + +// user level options +foreach ($conf['available_permission_levels'] as $level) +{ + $level_options[$level] = l10n(sprintf('Level %d', $level)); +} +$template->assign('level_options', $level_options); +$template->assign('level_selected', + isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']); + +// +-----------------------------------------------------------------------+ +// | navigation bar | +// +-----------------------------------------------------------------------+ + +$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start')); + +$navbar = create_navigation_bar( + $url, + count($page['filtered_users']), + $start, + $conf['users_page'] + ); + +$template->assign('NAVBAR', $navbar); + +// +-----------------------------------------------------------------------+ +// | user list | +// +-----------------------------------------------------------------------+ + +$profile_url = get_root_url().'admin.php?page=profile&user_id='; +$perm_url = get_root_url().'admin.php?page=user_perm&user_id='; + +$visible_user_list = array(); +foreach ($page['filtered_users'] as $num => $local_user) +{ + // simulate LIMIT $start, $conf['users_page'] + if ($num < $start) + { + continue; + } + if ($num >= $start + $conf['users_page']) + { + break; + } + + $visible_user_list[] = $local_user; +} + +// allow plugins to fill template var plugin_user_list_column_titles and +// plugin_columns/plugin_actions for each user in the list +$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list); + +foreach ($visible_user_list as $local_user) +{ + $groups_string = preg_replace( + '/(\d+)/e', + "\$groups['$1']", + implode( + ', ', + $local_user['groups'] + ) + ); + + if (isset($_POST['pref_submit']) + and isset($_POST['selection']) + and in_array($local_user['id'], $_POST['selection'])) + { + $checked = 'checked="checked"'; + } + else + { + $checked = ''; + } + + $properties = array(); + if ( $local_user['level'] != 0 ) + { + $properties[] = l10n( sprintf('Level %d', $local_user['level']) ); + } + $properties[] = + (isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true')) + ? l10n('is_high_enabled') : l10n('is_high_disabled'); + + $template->append( + 'users', + array( + 'ID' => $local_user['id'], + 'CHECKED' => $checked, + 'U_PROFILE' => $profile_url.$local_user['id'], + 'U_PERM' => $perm_url.$local_user['id'], + 'USERNAME' => $local_user['username'] + .($local_user['id'] == $conf['guest_id'] + ? '<BR />['.l10n('is_the_guest').']' : '') + .($local_user['id'] == $conf['default_user_id'] + ? '<BR />['.l10n('is_the_default').']' : ''), + 'STATUS' => l10n('user_status_'. + $local_user['status']).(($local_user['adviser'] == 'true') + ? '<BR />['.l10n('adviser').']' : ''), + 'EMAIL' => get_email_address_as_display_text($local_user['email']), + 'GROUPS' => $groups_string, + 'PROPERTIES' => implode( ', ', $properties), + 'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(), + 'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(), + ) + ); +} + +// +-----------------------------------------------------------------------+ +// | html code display | +// +-----------------------------------------------------------------------+ + +$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list'); +?> |