aboutsummaryrefslogtreecommitdiffstats
path: root/admin/user_list.php
diff options
context:
space:
mode:
Diffstat (limited to 'admin/user_list.php')
-rw-r--r--admin/user_list.php700
1 files changed, 39 insertions, 661 deletions
diff --git a/admin/user_list.php b/admin/user_list.php
index 57387f6b1..a9744a0d2 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -26,492 +26,10 @@
*/
// +-----------------------------------------------------------------------+
-// | functions |
-// +-----------------------------------------------------------------------+
-
-/**
- * returns a list of users depending on page filters (in $_GET)
- *
- * Each user comes with his related informations : id, username, mail
- * address, list of groups.
- *
- * @return array
- */
-function get_filtered_user_list()
-{
- global $conf, $page;
-
- $users = array();
-
- // filter
- $filter = array();
-
- if (isset($_GET['username']) and !empty($_GET['username']))
- {
- $username = str_replace('*', '%', $_GET['username']);
- $filter['username'] = pwg_db_real_escape_string($username);
- }
-
- if (isset($_GET['group'])
- and -1 != $_GET['group']
- and is_numeric($_GET['group']))
- {
- $filter['group'] = $_GET['group'];
- }
-
- if (isset($_GET['status'])
- and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
- {
- $filter['status'] = $_GET['status'];
- }
-
- // how to order the list?
- $order_by = 'id';
- if (isset($_GET['order_by'])
- and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
- {
- $order_by = $_GET['order_by'];
- }
-
- $direction = 'ASC';
- if (isset($_GET['direction'])
- and in_array($_GET['direction'], array_keys($page['direction_items'])))
- {
- $direction = strtoupper($_GET['direction']);
- }
-
- // search users depending on filters and order
- $query = '
-SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
- u.'.$conf['user_fields']['username'].' AS username,
- u.'.$conf['user_fields']['email'].' AS email,
- ui.status,
- ui.enabled_high,
- ui.level
- FROM '.USERS_TABLE.' AS u
- INNER JOIN '.USER_INFOS_TABLE.' AS ui
- ON u.'.$conf['user_fields']['id'].' = ui.user_id
- LEFT JOIN '.USER_GROUP_TABLE.' AS ug
- ON u.'.$conf['user_fields']['id'].' = ug.user_id
- WHERE u.'.$conf['user_fields']['id'].' > 0';
- if (isset($filter['username']))
- {
- $query.= '
- AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
- }
- if (isset($filter['group']))
- {
- $query.= '
- AND ug.group_id = '.$filter['group'];
- }
- if (isset($filter['status']))
- {
- $query.= '
- AND ui.status = \''.$filter['status']."'";
- }
- $query.= '
- ORDER BY '.$order_by.' '.$direction.'
-;';
-
- $result = pwg_query($query);
- while ($row = pwg_db_fetch_assoc($result))
- {
- $user = $row;
- $user['groups'] = array();
-
- $users[] = $user;
- }
-
- // add group lists
- $user_ids = array();
- foreach ($users as $i => $user)
- {
- $user_ids[$i] = $user['id'];
- }
- $user_nums = array_flip($user_ids);
-
- if (count($user_ids) > 0)
- {
- $query = '
-SELECT user_id, group_id
- FROM '.USER_GROUP_TABLE.'
- WHERE user_id IN ('.implode(',', $user_ids).')
-;';
- $result = pwg_query($query);
- while ($row = pwg_db_fetch_assoc($result))
- {
- $users[ $user_nums[ $row['user_id'] ] ]['groups'][] = $row['group_id'];
- }
- }
-
- return $users;
-}
-
-// +-----------------------------------------------------------------------+
-// | initialization |
-// +-----------------------------------------------------------------------+
-
-if (!defined('PHPWG_ROOT_PATH'))
-{
- die('Hacking attempt!');
-}
-
-include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
-
-// +-----------------------------------------------------------------------+
-// | Check Access and exit when user status is not ok |
-// +-----------------------------------------------------------------------+
-check_status(ACCESS_ADMINISTRATOR);
-
-$page['order_by_items'] = array(
- 'id' => l10n('registration date'),
- 'username' => l10n('Username'),
- 'level' => l10n('Privacy level'),
- 'Language' => l10n('Language'),
- 'email' => l10n('Email address'),
- );
-
-$page['direction_items'] = array(
- 'asc' => l10n('ascending'),
- 'desc' => l10n('descending')
- );
-
-// +-----------------------------------------------------------------------+
-// | add a user |
-// +-----------------------------------------------------------------------+
-
-// Check for config_default var - If True : Using double password type else single password type
-// This feature is discussed on Piwigo's english forum
-if ($conf['double_password_type_in_admin'] == true)
-{
- if (isset($_POST['submit_add']))
- {
- if(empty($_POST['password']))
- {
- $page['errors'][] = l10n('Password is missing. Please enter the password.');
- }
- else if(empty($_POST['password_conf']))
- {
- $page['errors'][] = l10n('Password confirmation is missing. Please confirm the chosen password.');
- }
- else if ($_POST['password'] != $_POST['password_conf'])
- {
- $page['errors'][] = l10n('The passwords do not match');
- }
- else
- {
- register_user($_POST['login'],
- $_POST['password'],
- $_POST['email'],
- false,
- $page['errors']);
-
- if (count($page['errors']) == 0)
- {
- $page['infos'][] = l10n('user "%s" added', $_POST['login']);
- }
- }
- }
-}
-else if ($conf['double_password_type_in_admin'] == false)
-{
- if (isset($_POST['submit_add']))
- {
- register_user($_POST['login'],
- $_POST['password'],
- $_POST['email'],
- false,
- $page['errors']);
-
- if (count($page['errors']) == 0)
- {
- $page['infos'][] = l10n('user "%s" added', stripslashes($_POST['login']));
- }
- }
-}
-
-// email notification
-if (
- isset($_POST['submit_add'])
- and count($page['errors']) == 0
- and !empty($_POST['email'])
- and isset($_POST['send_password_by_mail'])
- )
-{
- include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
-
- $keyargs_content = array(
- get_l10n_args('Hello %s,', $_POST['login']),
- get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']),
- get_l10n_args('', ''),
- get_l10n_args('Here are your connection settings', ''),
- get_l10n_args('Username: %s', $_POST['login']),
- get_l10n_args('Password: %s', $_POST['password']),
- get_l10n_args('Email: %s', $_POST['email']),
- get_l10n_args('', ''),
- get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()),
- );
-
- pwg_mail(
- $_POST['email'],
- array(
- 'subject' => '['.$conf['gallery_title'].'] '.l10n('Registration'),
- 'content' => l10n_args($keyargs_content),
- 'content_format' => 'text/plain',
- )
- );
-}
-
-// +-----------------------------------------------------------------------+
-// | user list |
-// +-----------------------------------------------------------------------+
-
-$page['filtered_users'] = get_filtered_user_list();
-
-// +-----------------------------------------------------------------------+
-// | selected users |
-// +-----------------------------------------------------------------------+
-
-if (isset($_POST['delete']) or isset($_POST['pref_submit']))
-{
- $collection = array();
-
- switch ($_POST['target'])
- {
- case 'all' :
- {
- foreach($page['filtered_users'] as $local_user)
- {
- $collection[] = $local_user['id'];
- }
- break;
- }
- case 'selection' :
- {
- if (isset($_POST['selection']))
- {
- $collection = $_POST['selection'];
- }
- break;
- }
- }
-
- if (count($collection) == 0)
- {
- $page['errors'][] = l10n('Select at least one user');
- }
-}
-
-// +-----------------------------------------------------------------------+
-// | delete users |
-// +-----------------------------------------------------------------------+
-if (isset($_POST['delete']) and count($collection) > 0)
-{
- if (in_array($conf['guest_id'], $collection))
- {
- $page['errors'][] = l10n('Guest cannot be deleted');
- }
- if (($conf['guest_id'] != $conf['default_user_id']) and
- in_array($conf['default_user_id'], $collection))
- {
- $page['errors'][] = l10n('Default user cannot be deleted');
- }
- if (in_array($conf['webmaster_id'], $collection))
- {
- $page['errors'][] = l10n('Webmaster cannot be deleted');
- }
- if (in_array($user['id'], $collection))
- {
- $page['errors'][] = l10n('You cannot delete your account');
- }
-
- if (count($page['errors']) == 0)
- {
- if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
- {
- foreach ($collection as $user_id)
- {
- delete_user($user_id);
- }
-
- $page['infos'][] = l10n_dec(
- '%d user deleted', '%d users deleted',
- count($collection)
- );
-
- foreach ($page['filtered_users'] as $filter_key => $filter_user)
- {
- if (in_array($filter_user['id'], $collection))
- {
- unset($page['filtered_users'][$filter_key]);
- }
- }
- }
- else
- {
- $page['errors'][] = l10n('You need to confirm deletion');
- }
- }
-}
-
-// +-----------------------------------------------------------------------+
-// | preferences form submission |
-// +-----------------------------------------------------------------------+
-
-if (isset($_POST['pref_submit']) and count($collection) > 0)
-{
- if (-1 != $_POST['associate'])
- {
- $datas = array();
-
- $query = '
-SELECT user_id
- FROM '.USER_GROUP_TABLE.'
- WHERE group_id = '.$_POST['associate'].'
-;';
- $associated = array_from_query($query, 'user_id');
-
- $associable = array_diff($collection, $associated);
-
- if (count($associable) > 0)
- {
- foreach ($associable as $item)
- {
- $datas[] = array(
- 'group_id' => $_POST['associate'],
- 'user_id' => $item
- );
- }
-
- mass_inserts(USER_GROUP_TABLE,
- array('group_id', 'user_id'),
- $datas);
- }
- }
-
- if (-1 != $_POST['dissociate'])
- {
- $query = '
-DELETE FROM '.USER_GROUP_TABLE.'
- WHERE group_id = '.$_POST['dissociate'].'
- AND user_id IN ('.implode(',', $collection).')
-';
- pwg_query($query);
- }
-
- // properties to set for the collection (a user list)
- $datas = array();
- $dbfields = array('primary' => array('user_id'), 'update' => array());
-
- $formfields = array(
- 'nb_image_page', 'theme', 'language',
- 'recent_period', 'expand', 'show_nb_hits',
- 'status', 'enabled_high', 'level'
- );
-
- $true_false_fields = array('expand', 'show_nb_hits', 'enabled_high');
-
- if ($conf['activate_comments'])
- {
- $formfields[] = 'show_nb_comments';
- $true_false_fields[] = 'show_nb_comments';
- }
-
- foreach ($formfields as $formfield)
- {
- // special for true/false fields
- if (in_array($formfield, $true_false_fields))
- {
- $test = $formfield;
- }
- else
- {
- $test = $formfield.'_action';
- }
-
- if ($_POST[$test] != 'leave')
- {
- $dbfields['update'][] = $formfield;
- }
- }
-
- // updating elements is useful only if needed...
- if (count($dbfields['update']) > 0)
- {
- $datas = array();
-
- foreach ($collection as $user_id)
- {
- $data = array();
- $data['user_id'] = $user_id;
-
- // TODO : verify if submited values are semanticaly correct
- foreach ($dbfields['update'] as $dbfield)
- {
- // if the action is 'unset', the key won't be in row and
- // mass_updates function will set this field to NULL
- if (in_array($dbfield, $true_false_fields)
- or 'set' == $_POST[$dbfield.'_action'])
- {
- $data[$dbfield] = $_POST[$dbfield];
- }
- }
-
- // if the status is getting greater or equal to "admin", then level
- // automatically switches to "admin" (8), unless the level is also
- // defined in the same batch action.
- if (isset($data['status']) and in_array($data['status'], array('webmaster', 'admin')))
- {
- if (!isset($data['level']))
- {
- $data['level'] = 8;
- if (!in_array('level', $dbfields['update']))
- {
- $dbfields['update'][] = 'level';
- }
- }
- }
-
- // special users checks
- if
- (
- ($conf['webmaster_id'] == $user_id) or
- ($conf['guest_id'] == $user_id) or
- ($conf['default_user_id'] == $user_id)
- )
- {
- // status must not be changed
- if (isset($data['status']))
- {
- if ($conf['webmaster_id'] == $user_id)
- {
- $data['status'] = 'webmaster';
- }
- else
- {
- $data['status'] = 'guest';
- }
- }
- }
-
- $datas[] = $data;
- }
-
- mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
- }
-
- redirect(
- get_root_url().
- 'admin.php'.
- get_query_string_diff(array(), false)
- );
-}
-
-// +-----------------------------------------------------------------------+
// | groups list |
// +-----------------------------------------------------------------------+
-$groups[-1] = '------------';
+$groups = array();
$query = '
SELECT id, name
@@ -526,89 +44,53 @@ while ($row = pwg_db_fetch_assoc($result))
}
// +-----------------------------------------------------------------------+
-// | template init |
+// | template |
// +-----------------------------------------------------------------------+
$template->set_filenames(array('user_list'=>'user_list.tpl'));
-$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
+$query = '
+SELECT
+ DISTINCT u.'.$conf['user_fields']['id'].' AS id,
+ u.'.$conf['user_fields']['username'].' AS username,
+ u.'.$conf['user_fields']['email'].' AS email,
+ ui.status,
+ ui.enabled_high,
+ ui.level
+ FROM '.USERS_TABLE.' AS u
+ INNER JOIN '.USER_INFOS_TABLE.' AS ui ON u.'.$conf['user_fields']['id'].' = ui.user_id
+ WHERE u.'.$conf['user_fields']['id'].' > 0
+;';
-if (isset($_GET['start']) and is_numeric($_GET['start']))
-{
- $start = $_GET['start'];
-}
-else
+$result = pwg_query($query);
+while ($row = pwg_db_fetch_assoc($result))
{
- $start = 0;
+ $users[] = $row;
+ $user_ids[] = $row['id'];
}
$template->assign(
array(
- 'U_HELP' => get_root_url().'admin/popuphelp.php?page=user_list',
-
- 'F_ADD_ACTION' => $base_url,
- 'F_USERNAME' => @htmlentities($_GET['username'], ENT_COMPAT, 'UTF-8'),
- 'F_FILTER_ACTION' => get_root_url().'admin.php',
-
- 'ACTIVATE_COMMENTS' => $conf['activate_comments'],
- ));
-
-// Display or Hide double password type
-$template->assign('Double_Password', $conf['double_password_type_in_admin'] );
-
-// Filter status options
-$status_options[-1] = '------------';
-foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
-{
- $status_options[$status] = l10n('user_status_'.$status);
-}
-$template->assign('status_options', $status_options);
-$template->assign('status_selected',
- isset($_GET['status']) ? $_GET['status'] : '');
-
-// Filter group options
-$template->assign('group_options', $groups);
-$template->assign('group_selected',
- isset($_GET['group']) ? $_GET['group'] : '');
-
-// Filter order options
-$template->assign('order_options', $page['order_by_items']);
-$template->assign('order_selected',
- isset($_GET['order_by']) ? $_GET['order_by'] : '');
-
-// Filter direction options
-$template->assign('direction_options', $page['direction_items']);
-$template->assign('direction_selected',
- isset($_GET['direction']) ? $_GET['direction'] : '');
+ 'users' => $users,
+ 'all_users' => join(',', $user_ids),
+ )
+ );
+// echo '<pre>'; print_r($users); echo '</pre>';
-if (isset($_POST['pref_submit']))
-{
- $template->assign(
- array(
- 'NB_IMAGE_PAGE' => $_POST['nb_image_page'],
- 'RECENT_PERIOD' => $_POST['recent_period'],
- ));
-}
-else
-{
- $default_user = get_default_user_info(true);
- $template->assign(
- array(
- 'NB_IMAGE_PAGE' => $default_user['nb_image_page'],
- 'RECENT_PERIOD' => $default_user['recent_period'],
- ));
-}
+$default_user = get_default_user_info(true);
-// Template Options
-$template->assign('theme_options', get_pwg_themes());
-$template->assign('theme_selected',
- isset($_POST['pref_submit']) ? $_POST['theme'] : get_default_theme());
-
-// Language options
-$template->assign('language_options', get_languages());
-$template->assign('language_selected',
- isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
+$template->assign(
+ array(
+ 'NB_IMAGE_PAGE' => $default_user['nb_image_page'],
+ 'RECENT_PERIOD' => $default_user['recent_period'],
+ 'theme_options' => get_pwg_themes(),
+ 'theme_selected' => get_default_theme(),
+ 'language_options' => get_languages(),
+ 'language_selected' => get_default_language(),
+ 'association_options' => $groups,
+ )
+ );
// Status options
foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
@@ -620,16 +102,7 @@ foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
}
}
$template->assign('pref_status_options', $pref_status_options);
-$template->assign('pref_status_selected',
- isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
-
-// associate and dissociate options
-$template->assign('association_options', $groups);
-$template->assign('associate_selected',
- isset($_POST['pref_submit']) ? $_POST['associate'] : '');
-$template->assign('dissociate_selected',
- isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
-
+$template->assign('pref_status_selected', 'normal');
// user level options
foreach ($conf['available_permission_levels'] as $level)
@@ -637,107 +110,12 @@ foreach ($conf['available_permission_levels'] as $level)
$level_options[$level] = l10n(sprintf('Level %d', $level));
}
$template->assign('level_options', $level_options);
-$template->assign('level_selected',
- isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
-
-// +-----------------------------------------------------------------------+
-// | navigation bar |
-// +-----------------------------------------------------------------------+
-
-$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
-
-$navbar = create_navigation_bar(
- $url,
- count($page['filtered_users']),
- $start,
- $conf['users_page']
- );
+$template->assign('level_selected', $default_user['level']);
-$template->assign('navbar', $navbar);
-
-// +-----------------------------------------------------------------------+
-// | user list |
-// +-----------------------------------------------------------------------+
-
-$profile_url = get_root_url().'admin.php?page=profile&amp;user_id=';
-$perm_url = get_root_url().'admin.php?page=user_perm&amp;user_id=';
-
-$visible_user_list = array();
-foreach ($page['filtered_users'] as $num => $local_user)
-{
- // simulate LIMIT $start, $conf['users_page']
- if ($num < $start)
- {
- continue;
- }
- if ($num >= $start + $conf['users_page'])
- {
- break;
- }
-
- $visible_user_list[] = $local_user;
-}
-
-// allow plugins to fill template var plugin_user_list_column_titles and
-// plugin_columns/plugin_actions for each user in the list
-$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
-
-foreach ($visible_user_list as $local_user)
-{
- $groups_string = preg_replace(
- '/(\d+)/e',
- "\$groups['$1']",
- implode(
- ', ',
- $local_user['groups']
- )
- );
-
- if (isset($_POST['pref_submit'])
- and isset($_POST['selection'])
- and in_array($local_user['id'], $_POST['selection']))
- {
- $checked = 'checked="checked"';
- }
- else
- {
- $checked = '';
- }
-
- $properties = array();
- if ( $local_user['level'] != 0 )
- {
- $properties[] = l10n( sprintf('Level %d', $local_user['level']) );
- }
- $properties[] =
- (isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
- ? l10n('High definition') : l10n('');
-
- $template->append(
- 'users',
- array(
- 'ID' => $local_user['id'],
- 'CHECKED' => $checked,
- 'U_PROFILE' => $profile_url.$local_user['id'],
- 'U_PERM' => $perm_url.$local_user['id'],
- 'USERNAME' => stripslashes($local_user['username'])
- .($local_user['id'] == $conf['guest_id']
- ? '<br>['.l10n('guest').']' : '')
- .($local_user['id'] == $conf['default_user_id']
- ? '<br>['.l10n('default values').']' : ''),
- 'STATUS' => l10n('user_status_'.$local_user['status']),
- 'EMAIL' => get_email_address_as_display_text($local_user['email']),
- 'GROUPS' => $groups_string,
- 'PROPERTIES' => implode( ', ', $properties),
- 'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
- 'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
- )
- );
-}
// +-----------------------------------------------------------------------+
-// | html code display |
+// | html code display |
// +-----------------------------------------------------------------------+
$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
-?>
+?> \ No newline at end of file