diff options
Diffstat (limited to 'admin/user_search.php')
-rw-r--r-- | admin/user_search.php | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/admin/user_search.php b/admin/user_search.php new file mode 100644 index 000000000..2fd21d9c4 --- /dev/null +++ b/admin/user_search.php @@ -0,0 +1,125 @@ +<?php +// +-----------------------------------------------------------------------+ +// | user_search.php | +// +-----------------------------------------------------------------------+ +// | application : PhpWebGallery <http://phpwebgallery.net> | +// | branch : BSF (Best So Far) | +// +-----------------------------------------------------------------------+ +// | file : $RCSfile$ +// | last update : $Date$ +// | last modifier : $Author$ +// | revision : $Revision$ +// +-----------------------------------------------------------------------+ +// | This program is free software; you can redistribute it and/or modify | +// | it under the terms of the GNU General Public License as published by | +// | the Free Software Foundation | +// | | +// | This program is distributed in the hope that it will be useful, but | +// | WITHOUT ANY WARRANTY; without even the implied warranty of | +// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | +// | General Public License for more details. | +// | | +// | You should have received a copy of the GNU General Public License | +// | along with this program; if not, write to the Free Software | +// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | +// | USA. | +// +-----------------------------------------------------------------------+ + +if( !defined("IN_ADMIN") ) +{ + die ("Hacking attempt!"); +} + +include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); + +$userdata = array(); +if ( isset( $_POST['submituser'] ) ) +{ + $userdata = getuserdata($_POST['username']); + if (!$userdata) echo "Utilisateur inexistant"; +} + +if ( isset( $_POST['submit'] ) ) +{ + // cleaning the user_access table for this user + $query = 'DELETE FROM '.USER_ACCESS_TABLE; + $query.= ' WHERE user_id = '.$_GET['user_id']; + $query.= ';'; + mysql_query( $query ); + // selecting all private categories + $query = 'SELECT id FROM '.CATEGORIES_TABLE; + $query.= " WHERE status = 'private'"; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = $row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.USER_ACCESS_TABLE; + $query.= ' (user_id,cat_id) VALUES'; + $query.= ' ('.$_GET['user_id'].','.$row['id'].')'; + $query.= ';'; + mysql_query ( $query ); + } + } + check_favorites( $_GET['user_id'] ); + synchronize_user( $_GET['user_id'] ); +} + +$user_id = (!empty($userdata['id']))?$userdata['id']:''; + +$template->set_filenames( array('user'=>'admin/user_perm.tpl') ); +$template->assign_vars(array( + 'L_SELECT_USERNAME'=>$lang['Select_username'], + 'L_LOOKUP_USER'=>$lang['Look_up_user'], + 'L_FIND_USERNAME'=>$lang['Find_username'], + 'L_AUTH_USER'=>$lang['permuser_only_private'], + 'L_SUBMIT'=>$lang['submit'], + 'L_AUTHORIZED'=>$lang['permuser_authorized'], + 'L_FORBIDDEN'=>$lang['permuser_forbidden'], + 'L_PARENT_FORBIDDEN'=>$lang['permuser_parent_forbidden'], + + 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_search'), + 'F_AUTH_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_search&user_id='.$user_id), + 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') + )); + +if (!$userdata) +{ + $template->assign_block_vars('search',array()); +} +else +{ + $template->assign_block_vars('permission',array()); + $restrictions = get_user_restrictions( $userdata['id'], $userdata['status'], + false, false ); + + // only private categories are listed + $query = 'SELECT id FROM '.CATEGORIES_TABLE; + $query.= " WHERE status = 'private';"; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $is_user_allowed = is_user_allowed( $row['id'], $restrictions ); + $url = PHPWG_ROOT_PATH.'admin.php?page=cat_perm&cat_id='.$row['id']; + $cat_infos = get_cat_info( $row['id'] ); + $template->assign_block_vars('permission.category',array( + 'CAT_NAME'=> get_cat_display_name($cat_infos['name'],' > ', 'font-weight:bold;' ), + 'CAT_ID'=>$row['id'], + 'AUTH_YES'=>!$is_user_allowed?'checked="checked"':'', + 'AUTH_NO' =>$is_user_allowed?'checked="checked"':'', + 'CAT_URL'=>add_session_id($url) + )); + + // any subcat forbidden for this user ? + if ( $is_user_allowed == 2 ) + { + $template->assign_block_vars('permission.category.parent_forbidden',array()); + } + } +} + +//----------------------------------------------------------- sending html code +$template->assign_var_from_handle('ADMIN_CONTENT', 'user'); +?> |