diff options
Diffstat (limited to 'admin')
| -rw-r--r-- | admin/group_list.php | 8 | ||||
| -rw-r--r-- | admin/search.php | 3 | ||||
| -rw-r--r-- | admin/user_list.php | 265 | ||||
| -rw-r--r-- | admin/user_modify.php | 225 | ||||
| -rw-r--r-- | admin/user_search.php | 4 |
5 files changed, 12 insertions, 493 deletions
diff --git a/admin/group_list.php b/admin/group_list.php index 3fbec59de..d399a6d69 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -34,10 +34,18 @@ include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); $error = array(); if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) ) { + // destruction of the access linked to the group + $query = 'DELETE FROM '.GROUP_ACCESS_TABLE; + $query.= ' WHERE group_id = '.$_POST['group_id']; + $query.= ';'; + pwg_query( $query ); + + // destruction of the users links for this group $query = 'DELETE FROM ' . USER_GROUP_TABLE; $query.= ' WHERE group_id = '.$_POST['group_id']; pwg_query( $query ); + // destruction of the group $query = 'DELETE FROM ' . GROUPS_TABLE; $query.= ' WHERE id = '.$_POST['group_id']; $query.= ';'; diff --git a/admin/search.php b/admin/search.php index 485f8322a..f1716ff84 100644 --- a/admin/search.php +++ b/admin/search.php @@ -73,7 +73,8 @@ if ( !empty($search_match) ) $sql = "SELECT username FROM " . USERS_TABLE . " WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "' - ORDER BY username"; + AND id <> ".ANONYMOUS." + ORDER BY username"; if ( !($result = pwg_query($sql)) ) { die('Could not obtain search results'); diff --git a/admin/user_list.php b/admin/user_list.php deleted file mode 100644 index c15980d72..000000000 --- a/admin/user_list.php +++ /dev/null @@ -1,265 +0,0 @@ -<?php -// +-----------------------------------------------------------------------+ -// | PhpWebGallery - a PHP based picture gallery | -// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net | -// +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) -// | file : $RCSfile$ -// | last update : $Date$ -// | last modifier : $Author$ -// | revision : $Revision$ -// +-----------------------------------------------------------------------+ -// | This program is free software; you can redistribute it and/or modify | -// | it under the terms of the GNU General Public License as published by | -// | the Free Software Foundation | -// | | -// | This program is distributed in the hope that it will be useful, but | -// | WITHOUT ANY WARRANTY; without even the implied warranty of | -// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | -// | General Public License for more details. | -// | | -// | You should have received a copy of the GNU General Public License | -// | along with this program; if not, write to the Free Software | -// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | -// | USA. | -// +-----------------------------------------------------------------------+ -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); - - - -//----------------------------------------------------- template initialization -$sub = $vtp->Open( './template/'.$user['template'].'/admin/user_list.vtp' ); -$tpl = array( 'listuser_confirm','listuser_modify_hint','listuser_modify', - 'listuser_permission','listuser_permission_hint', - 'listuser_delete_hint','listuser_delete','yes','no', - 'listuser_button_all','listuser_button_invert', - 'listuser_button_create_address','title_add','login','password', - 'add','errors_title' ); -templatize_array( $tpl, 'lang', $sub ); -$vtp->setGlobalVar( $sub, 'user_template', $user['template'] ); -//------------------------------------------------------------------ add a user -$errors = array(); -if ( isset( $_POST['submit_add_user'] ) ) -{ - $errors = register_user( - $_POST['username'], $_POST['password'], $_POST['password'], '', 'guest' ); -} -//-------------------------------------------------------------- errors display -if ( sizeof( $errors ) != 0 ) -{ - $vtp->addSession( $sub, 'errors' ); - foreach ( $errors as $error ) { - $vtp->addSession( $sub, 'li' ); - $vtp->setVar( $sub, 'li.li', $error ); - $vtp->closeSession( $sub, 'li' ); - } - $vtp->closeSession( $sub, 'errors' ); -} -else if ( isset( $_POST['submit_add_user'] ) ) -{ - $_POST = array(); -} -//--------------------------------------------------------------- delete a user -if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) -{ - $query = 'SELECT username'; - $query.= ' FROM '.USERS_TABLE; - $query.= ' WHERE id = '.$_GET['delete']; - $query.= ';'; - $row = mysql_fetch_array( pwg_query( $query ) ); - // confirm user deletion ? - if ( !isset( $_GET['confirm'] ) ) - { - $vtp->addSession( $sub, 'deletion' ); - $vtp->setVar( $sub, 'deletion.login', $row['username'] ); - $yes_url = './admin.php?page=user_list&delete='.$_GET['delete']; - $yes_url.= '&confirm=1'; - $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) ); - $no_url = './admin.php?page=user_list'; - $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) ); - $vtp->closeSession( $sub, 'deletion' ); - } - // user deletion confirmed - else - { - $vtp->addSession( $sub, 'confirmation' ); - if ( $row['username'] != 'guest' - and $row['username'] != $conf['webmaster'] ) - { - $query = 'SELECT COUNT(*) AS nb_result'; - $query.= ' FROM '.USERS_TABLE; - $query.= ' WHERE id = '.$_GET['delete']; - $query.= ';'; - $row2 = mysql_fetch_array( pwg_query( $query ) ); - if ( $row2['nb_result'] > 0 ) - { - delete_user( $_GET['delete'] ); - $vtp->setVar( $sub, 'confirmation.class', 'info' ); - $info = '"'.$row['username'].'" '.$lang['listuser_info_deletion']; - $vtp->setVar( $sub, 'confirmation.info', $info ); - } - else - { - $vtp->setVar( $sub, 'confirmation.class', 'erreur' ); - $vtp->setVar( $sub, 'confirmation.info', $lang['user_err_unknown'] ); - } - } - else - { - $vtp->setVar( $sub, 'confirmation.class', 'erreur' ); - $vtp->setVar( $sub, 'confirmation.info', $lang['user_err_modify'] ); - } - $vtp->closeSession( $sub, 'confirmation' ); - } -} -//------------------------------------------------------------------ users list -else -{ - // add a user - $vtp->addSession( $sub, 'add_user' ); - $action = './admin.php?'.$_SERVER['QUERY_STRING']; - $vtp->setVar( $sub, 'add_user.form_action', $action ); - if (isset( $_POST['username'])) - $vtp->setVar( $sub, 'add_user.f_username', $_POST['username'] ); - $vtp->closeSession( $sub, 'add_user' ); - - $vtp->addSession( $sub, 'users' ); - - $action = './admin.php?'.$_SERVER['QUERY_STRING']; - if ( !isset( $_GET['mail'] ) ) - { - $action.= '&mail=true'; - } - $vtp->setVar( $sub, 'users.form_action', $action ); - - $query = 'SELECT id,username,status,mail_address'; - $query.= ' FROM '.USERS_TABLE; - $query.= ' ORDER BY status ASC, username ASC'; - $query.= ';'; - $result = pwg_query( $query ); - - $current_status = ''; - while ( $row = mysql_fetch_array( $result ) ) - { - // display the line indicating the status of the next users - if ( $row['status'] != $current_status ) - { - if ( $current_status != '' ) - { - $vtp->closeSession( $sub, 'category' ); - } - $vtp->addSession( $sub, 'category' ); - $title = $lang['listuser_user_group'].' '; - switch ( $row['status'] ) - { - case 'admin' : $title.= $lang['adduser_status_admin']; break; - case 'guest' : $title.= $lang['adduser_status_guest']; break; - } - $vtp->setVar( $sub, 'category.title', $title ); - $current_status = $row['status']; - } - $vtp->addSession( $sub, 'user' ); - // checkbox for mail management if the user has a mail address - if ( isset( $row['mail_address'] ) and $row['username'] != 'guest' ) - { - $vtp->addSession( $sub, 'checkbox' ); - $vtp->setVar( $sub, 'checkbox.name', 'mail-'.$row['id'] ); - $vtp->closeSession( $sub, 'checkbox' ); - } - // use a special color for the login of the user ? - if ( $row['username'] == $conf['webmaster'] ) - { - $vtp->setVar( $sub, 'user.color', 'red' ); - } - if ( $row['username'] == 'guest' ) - { - $vtp->setVar( $sub, 'user.color', 'green' ); - $vtp->setVar( $sub, 'user.login', $lang['guest'] ); - } - else - { - $vtp->setVar( $sub, 'user.login', $row['username'] ); - } - // modify or not modify ? - if ( $row['username'] == 'guest' - or ( $row['username'] == $conf['webmaster'] - and $user['username'] != $conf['webmaster'] ) ) - { - $vtp->addSession( $sub, 'not_modify' ); - $vtp->closeSession( $sub, 'not_modify' ); - } - else - { - $vtp->addSession( $sub, 'modify' ); - $url = './admin.php?page=user_modify&user_id='; - $url.= $row['id']; - $vtp->setVar( $sub, 'modify.url', add_session_id( $url ) ); - $vtp->setVar( $sub, 'modify.login', $row['username'] ); - $vtp->closeSession( $sub, 'modify' ); - } - // manage permission or not ? - if ( $row['username'] == $conf['webmaster'] - and $user['username'] != $conf['webmaster'] ) - { - $vtp->addSession( $sub, 'not_permission' ); - $vtp->closeSession( $sub, 'not_permission' ); - } - else - { - $vtp->addSession( $sub, 'permission' ); - $url = './admin.php?page=user_perm&user_id='.$row['id']; - $vtp->setVar( $sub, 'permission.url', add_session_id( $url ) ); - $vtp->setVar( $sub, 'permission.login', $row['username'] ); - $vtp->closeSession( $sub, 'permission' ); - } - // is the user deletable or not ? - if ( $row['username'] == 'guest' - or $row['username'] == $conf['webmaster'] ) - { - $vtp->addSession( $sub, 'not_delete' ); - $vtp->closeSession( $sub, 'not_delete' ); - } - else - { - $vtp->addSession( $sub, 'delete' ); - $url = './admin.php?page=user_list&delete='.$row['id']; - $vtp->setVar( $sub, 'delete.url', add_session_id( $url ) ); - $vtp->setVar( $sub, 'delete.login', $row['username'] ); - $vtp->closeSession( $sub, 'delete' ); - } - $vtp->closeSession( $sub, 'user' ); - } - $vtp->closeSession( $sub, 'category' ); - // mail management : creation of the mail address if asked by administrator - if ( isset( $_POST['submit_generate_mail'] ) and isset( $_GET['mail'] ) ) - { - $mails = array(); - $query = 'SELECT id,mail_address'; - $query.= ' FROM '.USERS_TABLE; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - if ( isset( $_POST['mail-'.$row['id']] ) ) - array_push( $mails, $row['mail_address'] ); - } - $mail_destination = ''; - foreach ( $mails as $i => $mail_address ) { - if ( $i > 0 ) $mail_destination.= ','; - $mail_destination.= $mail_address; - } - if ( sizeof( $mails ) > 0 ) - { - $vtp->addSession( $sub, 'mail_link' ); - $vtp->setVar( $sub, 'mail_link.mailto', $mail_destination ); - $vtp->setVar( $sub, 'mail_link.mail_address_start', - substr( $mail_destination, 0, 50 ) ); - $vtp->closeSession( $sub, 'mail_link' ); - } - } - $vtp->closeSession( $sub, 'users' ); -} -//----------------------------------------------------------- sending html code -$vtp->Parse( $handle , 'sub', $sub ); -?> diff --git a/admin/user_modify.php b/admin/user_modify.php deleted file mode 100644 index 8ac6f5f81..000000000 --- a/admin/user_modify.php +++ /dev/null @@ -1,225 +0,0 @@ -<?php -// +-----------------------------------------------------------------------+ -// | PhpWebGallery - a PHP based picture gallery | -// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net | -// +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) -// | file : $RCSfile$ -// | last update : $Date$ -// | last modifier : $Author$ -// | revision : $Revision$ -// +-----------------------------------------------------------------------+ -// | This program is free software; you can redistribute it and/or modify | -// | it under the terms of the GNU General Public License as published by | -// | the Free Software Foundation | -// | | -// | This program is distributed in the hope that it will be useful, but | -// | WITHOUT ANY WARRANTY; without even the implied warranty of | -// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | -// | General Public License for more details. | -// | | -// | You should have received a copy of the GNU General Public License | -// | along with this program; if not, write to the Free Software | -// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | -// | USA. | -// +-----------------------------------------------------------------------+ -include_once( './admin/include/isadmin.inc.php' ); -//----------------------------------------------------- template initialization -$sub = $vtp->Open( './template/'.$user['template'].'/admin/user_modify.vtp' ); -$error = array(); -$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form', - 'login', 'new', 'password', 'mail_address', 'adduser_status', - 'submit', 'adduser_info_password_updated','menu_groups', - 'dissociate','adduser_associate' ); -templatize_array( $tpl, 'lang', $sub ); -//--------------------------------------------------------- form criteria check -$error = array(); -$display_form = true; - -// retrieving information in the database about the user identified by its -// id in $_GET['user_id'] -$query = 'select'; -$query.= ' username,status,mail_address'; -$query.= ' from '.USERS_TABLE; -$query.= ' where id = '.$_GET['user_id']; -$query.= ';'; -$row = mysql_fetch_array( pwg_query( $query ) ); -$page['username'] = $row['username']; -$page['status'] = $row['status']; -if ( !isset( $row['mail_address'] ) ) $row['mail_address'] = ''; -$page['mail_address'] = $row['mail_address']; -// user is not modifiable if : -// 1. the selected user is the user "guest" -// 2. the selected user is the webmaster and the user making the modification -// is not the webmaster -if ( $row['username'] == 'guest' - or ( $row['username'] == $conf['webmaster'] - and $user['username'] != $conf['webmaster'] ) ) -{ - array_push( $error, $lang['user_err_modify'] ); - $display_form = false; -} -// if the user was not found in the database, no modification possible -if ( $row['username'] == '' ) -{ - array_push( $error, $lang['user_err_unknown'] ); - $display_form = false; -} - -if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) -{ - // shall we use a new password and overwrite the old one ? - $use_new_password = false; - if ( isset( $_POST['use_new_pwd'] ) ) $use_new_password = true; - // if we try to update the webmaster infos, we have to set the status to - // 'admin' - if ( $row['username'] == $conf['webmaster'] ) - $_POST['status'] = 'admin'; - - $error = array_merge( $error, update_user( - $_GET['user_id'], $_POST['mail_address'], - $_POST['status'], $use_new_password, - $_POST['password'] ) ); -} -// association with groups management -if ( isset( $_POST['submit'] ) ) -{ - // deletion of checked groups - $query = 'SELECT id,name'; - $query.= ' FROM '.PREFIX_TABLE.'groups'; - $query.= ' ORDER BY id ASC'; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - $dissociate = 'dissociate-'.$row['id']; - if ( isset( $_POST[$dissociate] ) ) - { - $query = 'DELETE FROM '.PREFIX_TABLE.'user_group'; - $query.= ' WHERE user_id = '.$_GET['user_id']; - $query.= ' AND group_id ='.$row['id']; - $query.= ';'; - pwg_query( $query ); - } - } - // create a new association between the user and a group - $query = 'INSERT INTO '.PREFIX_TABLE.'user_group'; - $query.= ' (user_id,group_id) VALUES'; - $query.= ' ('.$_GET['user_id'].','.$_POST['associate'].')'; - $query.= ';'; - pwg_query( $query ); - // synchronize category informations for this user - synchronize_user( $_GET['user_id'] ); -} -//-------------------------------------------------------------- errors display -if ( sizeof( $error ) != 0 ) -{ - $vtp->addSession( $sub, 'errors' ); - for ( $i = 0; $i < sizeof( $error ); $i++ ) - { - $vtp->addSession( $sub, 'li' ); - $vtp->setVar( $sub, 'li.li', $error[$i] ); - $vtp->closeSession( $sub, 'li' ); - } - $vtp->closeSession( $sub, 'errors' ); -} -//---------------------------------------------------------------- confirmation -if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) -{ - $vtp->addSession( $sub, 'confirmation' ); - $vtp->setVar( $sub, 'confirmation.username', $page['username'] ); - $url = add_session_id( './admin.php?page=user_list' ); - $vtp->setVar( $sub, 'confirmation.url', $url ); - $vtp->closeSession( $sub, 'confirmation' ); - if ( $use_new_password ) - { - $vtp->addSession( $sub, 'password_updated' ); - $vtp->closeSession( $sub, 'password_updated' ); - } -} -//------------------------------------------------------------------------ form -if ( $display_form ) -{ - $vtp->addSession( $sub, 'form' ); - $action = './admin.php?page=user_modify&user_id='.$_GET['user_id']; - $vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) ); - $vtp->setVar( $sub, 'form.user:username', $page['username'] ); - if ( isset( $_POST['mail_address'] ) ) - { - $page['mail_address'] = $_POST['mail_address']; - } - $vtp->setVar( $sub, 'form.user:mail_address', $page['mail_address'] ); - // change status only if the user is not the webmaster - if ( $page['username'] != $conf['webmaster'] ) - { - $vtp->addSession( $sub, 'status' ); - if ( isset( $_POST['status'] ) ) - { - $page['status'] = $_POST['status']; - } - $option = get_enums( PREFIX_TABLE.'users', 'status' ); - for ( $i = 0; $i < sizeof( $option ); $i++ ) - { - $vtp->addSession( $sub, 'status_option' ); - $vtp->setVar( $sub, 'status_option.value', $option[$i] ); - $vtp->setVar( $sub, 'status_option.option', - $lang['adduser_status_'.$option[$i]] ); - if( $option[$i] == $page['status'] ) - { - $vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' ); - } - $vtp->closeSession( $sub, 'status_option' ); - } - $vtp->closeSession( $sub, 'status' ); - } - // groups linked with this user - $query = 'SELECT id,name'; - $query.= ' FROM '.PREFIX_TABLE.'user_group, '.PREFIX_TABLE.'groups'; - $query.= ' WHERE group_id = id'; - $query.= ' AND user_id = '.$_GET['user_id']; - $query.= ';'; - $result = pwg_query( $query ); - $user_groups = array(); - if ( mysql_num_rows( $result ) > 0 ) - { - $vtp->addSession( $sub, 'groups' ); - while ( $row = mysql_fetch_array( $result ) ) - { - $vtp->addSession( $sub, 'group' ); - $vtp->setVar( $sub, 'group.name', $row['name'] ); - $vtp->setVar( $sub, 'group.dissociate_id', $row['id'] ); - $vtp->closeSession( $sub, 'group' ); - array_push( $user_groups, $row['id'] ); - } - $vtp->closeSession( $sub, 'groups' ); - } - // empty group not to take into account - $vtp->addSession( $sub, 'associate_group' ); - $vtp->setVar( $sub, 'associate_group.value', 'undef' ); - $vtp->setVar( $sub, 'associate_group.option', '' ); - $vtp->closeSession( $sub, 'associate_group' ); - // groups not linked yet to the user - $query = 'SELECT id,name'; - $query.= ' FROM '.PREFIX_TABLE.'groups'; - $query.= ' ORDER BY id ASC'; - $query.= ';'; - $result = pwg_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - if ( !in_array( $row['id'], $user_groups ) ) - { - $vtp->addSession( $sub, 'associate_group' ); - $vtp->setVar( $sub, 'associate_group.value', $row['id'] ); - $vtp->setVar( $sub, 'associate_group.option', $row['name'] ); - $vtp->closeSession( $sub, 'associate_group' ); - } - } - - $url = add_session_id( './admin.php?page=user_list' ); - $vtp->setVar( $sub, 'form.url_back', $url ); - $vtp->closeSession( $sub, 'form' ); -} -//----------------------------------------------------------- sending html code -$vtp->Parse( $handle , 'sub', $sub ); -?> diff --git a/admin/user_search.php b/admin/user_search.php index 0d7d17bbd..220928992 100644 --- a/admin/user_search.php +++ b/admin/user_search.php @@ -78,8 +78,8 @@ $template->assign_vars(array( 'L_FORBIDDEN'=>$lang['forbidden'], 'L_PARENT_FORBIDDEN'=>$lang['permuser_parent_forbidden'], - 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_search'), - 'F_AUTH_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_search&user_id='.$user_id), + 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'), + 'F_AUTH_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile&user_id='.$user_id), 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') )); |