aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to 'admin')
-rw-r--r--admin/group_list.php8
-rw-r--r--admin/search.php3
-rw-r--r--admin/user_list.php265
-rw-r--r--admin/user_modify.php225
-rw-r--r--admin/user_search.php4
5 files changed, 12 insertions, 493 deletions
diff --git a/admin/group_list.php b/admin/group_list.php
index 3fbec59de..d399a6d69 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -34,10 +34,18 @@ include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
$error = array();
if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) )
{
+ // destruction of the access linked to the group
+ $query = 'DELETE FROM '.GROUP_ACCESS_TABLE;
+ $query.= ' WHERE group_id = '.$_POST['group_id'];
+ $query.= ';';
+ pwg_query( $query );
+
+ // destruction of the users links for this group
$query = 'DELETE FROM ' . USER_GROUP_TABLE;
$query.= ' WHERE group_id = '.$_POST['group_id'];
pwg_query( $query );
+ // destruction of the group
$query = 'DELETE FROM ' . GROUPS_TABLE;
$query.= ' WHERE id = '.$_POST['group_id'];
$query.= ';';
diff --git a/admin/search.php b/admin/search.php
index 485f8322a..f1716ff84 100644
--- a/admin/search.php
+++ b/admin/search.php
@@ -73,7 +73,8 @@ if ( !empty($search_match) )
$sql = "SELECT username
FROM " . USERS_TABLE . "
WHERE username LIKE '" . str_replace("\'", "''", $username_search) . "'
- ORDER BY username";
+ AND id <> ".ANONYMOUS."
+ ORDER BY username";
if ( !($result = pwg_query($sql)) )
{
die('Could not obtain search results');
diff --git a/admin/user_list.php b/admin/user_list.php
deleted file mode 100644
index c15980d72..000000000
--- a/admin/user_list.php
+++ /dev/null
@@ -1,265 +0,0 @@
-<?php
-// +-----------------------------------------------------------------------+
-// | PhpWebGallery - a PHP based picture gallery |
-// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net |
-// +-----------------------------------------------------------------------+
-// | branch : BSF (Best So Far)
-// | file : $RCSfile$
-// | last update : $Date$
-// | last modifier : $Author$
-// | revision : $Revision$
-// +-----------------------------------------------------------------------+
-// | This program is free software; you can redistribute it and/or modify |
-// | it under the terms of the GNU General Public License as published by |
-// | the Free Software Foundation |
-// | |
-// | This program is distributed in the hope that it will be useful, but |
-// | WITHOUT ANY WARRANTY; without even the implied warranty of |
-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
-// | General Public License for more details. |
-// | |
-// | You should have received a copy of the GNU General Public License |
-// | along with this program; if not, write to the Free Software |
-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
-// | USA. |
-// +-----------------------------------------------------------------------+
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
-
-
-
-//----------------------------------------------------- template initialization
-$sub = $vtp->Open( './template/'.$user['template'].'/admin/user_list.vtp' );
-$tpl = array( 'listuser_confirm','listuser_modify_hint','listuser_modify',
- 'listuser_permission','listuser_permission_hint',
- 'listuser_delete_hint','listuser_delete','yes','no',
- 'listuser_button_all','listuser_button_invert',
- 'listuser_button_create_address','title_add','login','password',
- 'add','errors_title' );
-templatize_array( $tpl, 'lang', $sub );
-$vtp->setGlobalVar( $sub, 'user_template', $user['template'] );
-//------------------------------------------------------------------ add a user
-$errors = array();
-if ( isset( $_POST['submit_add_user'] ) )
-{
- $errors = register_user(
- $_POST['username'], $_POST['password'], $_POST['password'], '', 'guest' );
-}
-//-------------------------------------------------------------- errors display
-if ( sizeof( $errors ) != 0 )
-{
- $vtp->addSession( $sub, 'errors' );
- foreach ( $errors as $error ) {
- $vtp->addSession( $sub, 'li' );
- $vtp->setVar( $sub, 'li.li', $error );
- $vtp->closeSession( $sub, 'li' );
- }
- $vtp->closeSession( $sub, 'errors' );
-}
-else if ( isset( $_POST['submit_add_user'] ) )
-{
- $_POST = array();
-}
-//--------------------------------------------------------------- delete a user
-if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
-{
- $query = 'SELECT username';
- $query.= ' FROM '.USERS_TABLE;
- $query.= ' WHERE id = '.$_GET['delete'];
- $query.= ';';
- $row = mysql_fetch_array( pwg_query( $query ) );
- // confirm user deletion ?
- if ( !isset( $_GET['confirm'] ) )
- {
- $vtp->addSession( $sub, 'deletion' );
- $vtp->setVar( $sub, 'deletion.login', $row['username'] );
- $yes_url = './admin.php?page=user_list&amp;delete='.$_GET['delete'];
- $yes_url.= '&amp;confirm=1';
- $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) );
- $no_url = './admin.php?page=user_list';
- $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) );
- $vtp->closeSession( $sub, 'deletion' );
- }
- // user deletion confirmed
- else
- {
- $vtp->addSession( $sub, 'confirmation' );
- if ( $row['username'] != 'guest'
- and $row['username'] != $conf['webmaster'] )
- {
- $query = 'SELECT COUNT(*) AS nb_result';
- $query.= ' FROM '.USERS_TABLE;
- $query.= ' WHERE id = '.$_GET['delete'];
- $query.= ';';
- $row2 = mysql_fetch_array( pwg_query( $query ) );
- if ( $row2['nb_result'] > 0 )
- {
- delete_user( $_GET['delete'] );
- $vtp->setVar( $sub, 'confirmation.class', 'info' );
- $info = '"'.$row['username'].'" '.$lang['listuser_info_deletion'];
- $vtp->setVar( $sub, 'confirmation.info', $info );
- }
- else
- {
- $vtp->setVar( $sub, 'confirmation.class', 'erreur' );
- $vtp->setVar( $sub, 'confirmation.info', $lang['user_err_unknown'] );
- }
- }
- else
- {
- $vtp->setVar( $sub, 'confirmation.class', 'erreur' );
- $vtp->setVar( $sub, 'confirmation.info', $lang['user_err_modify'] );
- }
- $vtp->closeSession( $sub, 'confirmation' );
- }
-}
-//------------------------------------------------------------------ users list
-else
-{
- // add a user
- $vtp->addSession( $sub, 'add_user' );
- $action = './admin.php?'.$_SERVER['QUERY_STRING'];
- $vtp->setVar( $sub, 'add_user.form_action', $action );
- if (isset( $_POST['username']))
- $vtp->setVar( $sub, 'add_user.f_username', $_POST['username'] );
- $vtp->closeSession( $sub, 'add_user' );
-
- $vtp->addSession( $sub, 'users' );
-
- $action = './admin.php?'.$_SERVER['QUERY_STRING'];
- if ( !isset( $_GET['mail'] ) )
- {
- $action.= '&amp;mail=true';
- }
- $vtp->setVar( $sub, 'users.form_action', $action );
-
- $query = 'SELECT id,username,status,mail_address';
- $query.= ' FROM '.USERS_TABLE;
- $query.= ' ORDER BY status ASC, username ASC';
- $query.= ';';
- $result = pwg_query( $query );
-
- $current_status = '';
- while ( $row = mysql_fetch_array( $result ) )
- {
- // display the line indicating the status of the next users
- if ( $row['status'] != $current_status )
- {
- if ( $current_status != '' )
- {
- $vtp->closeSession( $sub, 'category' );
- }
- $vtp->addSession( $sub, 'category' );
- $title = $lang['listuser_user_group'].' ';
- switch ( $row['status'] )
- {
- case 'admin' : $title.= $lang['adduser_status_admin']; break;
- case 'guest' : $title.= $lang['adduser_status_guest']; break;
- }
- $vtp->setVar( $sub, 'category.title', $title );
- $current_status = $row['status'];
- }
- $vtp->addSession( $sub, 'user' );
- // checkbox for mail management if the user has a mail address
- if ( isset( $row['mail_address'] ) and $row['username'] != 'guest' )
- {
- $vtp->addSession( $sub, 'checkbox' );
- $vtp->setVar( $sub, 'checkbox.name', 'mail-'.$row['id'] );
- $vtp->closeSession( $sub, 'checkbox' );
- }
- // use a special color for the login of the user ?
- if ( $row['username'] == $conf['webmaster'] )
- {
- $vtp->setVar( $sub, 'user.color', 'red' );
- }
- if ( $row['username'] == 'guest' )
- {
- $vtp->setVar( $sub, 'user.color', 'green' );
- $vtp->setVar( $sub, 'user.login', $lang['guest'] );
- }
- else
- {
- $vtp->setVar( $sub, 'user.login', $row['username'] );
- }
- // modify or not modify ?
- if ( $row['username'] == 'guest'
- or ( $row['username'] == $conf['webmaster']
- and $user['username'] != $conf['webmaster'] ) )
- {
- $vtp->addSession( $sub, 'not_modify' );
- $vtp->closeSession( $sub, 'not_modify' );
- }
- else
- {
- $vtp->addSession( $sub, 'modify' );
- $url = './admin.php?page=user_modify&amp;user_id=';
- $url.= $row['id'];
- $vtp->setVar( $sub, 'modify.url', add_session_id( $url ) );
- $vtp->setVar( $sub, 'modify.login', $row['username'] );
- $vtp->closeSession( $sub, 'modify' );
- }
- // manage permission or not ?
- if ( $row['username'] == $conf['webmaster']
- and $user['username'] != $conf['webmaster'] )
- {
- $vtp->addSession( $sub, 'not_permission' );
- $vtp->closeSession( $sub, 'not_permission' );
- }
- else
- {
- $vtp->addSession( $sub, 'permission' );
- $url = './admin.php?page=user_perm&amp;user_id='.$row['id'];
- $vtp->setVar( $sub, 'permission.url', add_session_id( $url ) );
- $vtp->setVar( $sub, 'permission.login', $row['username'] );
- $vtp->closeSession( $sub, 'permission' );
- }
- // is the user deletable or not ?
- if ( $row['username'] == 'guest'
- or $row['username'] == $conf['webmaster'] )
- {
- $vtp->addSession( $sub, 'not_delete' );
- $vtp->closeSession( $sub, 'not_delete' );
- }
- else
- {
- $vtp->addSession( $sub, 'delete' );
- $url = './admin.php?page=user_list&amp;delete='.$row['id'];
- $vtp->setVar( $sub, 'delete.url', add_session_id( $url ) );
- $vtp->setVar( $sub, 'delete.login', $row['username'] );
- $vtp->closeSession( $sub, 'delete' );
- }
- $vtp->closeSession( $sub, 'user' );
- }
- $vtp->closeSession( $sub, 'category' );
- // mail management : creation of the mail address if asked by administrator
- if ( isset( $_POST['submit_generate_mail'] ) and isset( $_GET['mail'] ) )
- {
- $mails = array();
- $query = 'SELECT id,mail_address';
- $query.= ' FROM '.USERS_TABLE;
- $query.= ';';
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- if ( isset( $_POST['mail-'.$row['id']] ) )
- array_push( $mails, $row['mail_address'] );
- }
- $mail_destination = '';
- foreach ( $mails as $i => $mail_address ) {
- if ( $i > 0 ) $mail_destination.= ',';
- $mail_destination.= $mail_address;
- }
- if ( sizeof( $mails ) > 0 )
- {
- $vtp->addSession( $sub, 'mail_link' );
- $vtp->setVar( $sub, 'mail_link.mailto', $mail_destination );
- $vtp->setVar( $sub, 'mail_link.mail_address_start',
- substr( $mail_destination, 0, 50 ) );
- $vtp->closeSession( $sub, 'mail_link' );
- }
- }
- $vtp->closeSession( $sub, 'users' );
-}
-//----------------------------------------------------------- sending html code
-$vtp->Parse( $handle , 'sub', $sub );
-?>
diff --git a/admin/user_modify.php b/admin/user_modify.php
deleted file mode 100644
index 8ac6f5f81..000000000
--- a/admin/user_modify.php
+++ /dev/null
@@ -1,225 +0,0 @@
-<?php
-// +-----------------------------------------------------------------------+
-// | PhpWebGallery - a PHP based picture gallery |
-// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net |
-// +-----------------------------------------------------------------------+
-// | branch : BSF (Best So Far)
-// | file : $RCSfile$
-// | last update : $Date$
-// | last modifier : $Author$
-// | revision : $Revision$
-// +-----------------------------------------------------------------------+
-// | This program is free software; you can redistribute it and/or modify |
-// | it under the terms of the GNU General Public License as published by |
-// | the Free Software Foundation |
-// | |
-// | This program is distributed in the hope that it will be useful, but |
-// | WITHOUT ANY WARRANTY; without even the implied warranty of |
-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
-// | General Public License for more details. |
-// | |
-// | You should have received a copy of the GNU General Public License |
-// | along with this program; if not, write to the Free Software |
-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
-// | USA. |
-// +-----------------------------------------------------------------------+
-include_once( './admin/include/isadmin.inc.php' );
-//----------------------------------------------------- template initialization
-$sub = $vtp->Open( './template/'.$user['template'].'/admin/user_modify.vtp' );
-$error = array();
-$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form',
- 'login', 'new', 'password', 'mail_address', 'adduser_status',
- 'submit', 'adduser_info_password_updated','menu_groups',
- 'dissociate','adduser_associate' );
-templatize_array( $tpl, 'lang', $sub );
-//--------------------------------------------------------- form criteria check
-$error = array();
-$display_form = true;
-
-// retrieving information in the database about the user identified by its
-// id in $_GET['user_id']
-$query = 'select';
-$query.= ' username,status,mail_address';
-$query.= ' from '.USERS_TABLE;
-$query.= ' where id = '.$_GET['user_id'];
-$query.= ';';
-$row = mysql_fetch_array( pwg_query( $query ) );
-$page['username'] = $row['username'];
-$page['status'] = $row['status'];
-if ( !isset( $row['mail_address'] ) ) $row['mail_address'] = '';
-$page['mail_address'] = $row['mail_address'];
-// user is not modifiable if :
-// 1. the selected user is the user "guest"
-// 2. the selected user is the webmaster and the user making the modification
-// is not the webmaster
-if ( $row['username'] == 'guest'
- or ( $row['username'] == $conf['webmaster']
- and $user['username'] != $conf['webmaster'] ) )
-{
- array_push( $error, $lang['user_err_modify'] );
- $display_form = false;
-}
-// if the user was not found in the database, no modification possible
-if ( $row['username'] == '' )
-{
- array_push( $error, $lang['user_err_unknown'] );
- $display_form = false;
-}
-
-if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
-{
- // shall we use a new password and overwrite the old one ?
- $use_new_password = false;
- if ( isset( $_POST['use_new_pwd'] ) ) $use_new_password = true;
- // if we try to update the webmaster infos, we have to set the status to
- // 'admin'
- if ( $row['username'] == $conf['webmaster'] )
- $_POST['status'] = 'admin';
-
- $error = array_merge( $error, update_user(
- $_GET['user_id'], $_POST['mail_address'],
- $_POST['status'], $use_new_password,
- $_POST['password'] ) );
-}
-// association with groups management
-if ( isset( $_POST['submit'] ) )
-{
- // deletion of checked groups
- $query = 'SELECT id,name';
- $query.= ' FROM '.PREFIX_TABLE.'groups';
- $query.= ' ORDER BY id ASC';
- $query.= ';';
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- $dissociate = 'dissociate-'.$row['id'];
- if ( isset( $_POST[$dissociate] ) )
- {
- $query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
- $query.= ' WHERE user_id = '.$_GET['user_id'];
- $query.= ' AND group_id ='.$row['id'];
- $query.= ';';
- pwg_query( $query );
- }
- }
- // create a new association between the user and a group
- $query = 'INSERT INTO '.PREFIX_TABLE.'user_group';
- $query.= ' (user_id,group_id) VALUES';
- $query.= ' ('.$_GET['user_id'].','.$_POST['associate'].')';
- $query.= ';';
- pwg_query( $query );
- // synchronize category informations for this user
- synchronize_user( $_GET['user_id'] );
-}
-//-------------------------------------------------------------- errors display
-if ( sizeof( $error ) != 0 )
-{
- $vtp->addSession( $sub, 'errors' );
- for ( $i = 0; $i < sizeof( $error ); $i++ )
- {
- $vtp->addSession( $sub, 'li' );
- $vtp->setVar( $sub, 'li.li', $error[$i] );
- $vtp->closeSession( $sub, 'li' );
- }
- $vtp->closeSession( $sub, 'errors' );
-}
-//---------------------------------------------------------------- confirmation
-if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
-{
- $vtp->addSession( $sub, 'confirmation' );
- $vtp->setVar( $sub, 'confirmation.username', $page['username'] );
- $url = add_session_id( './admin.php?page=user_list' );
- $vtp->setVar( $sub, 'confirmation.url', $url );
- $vtp->closeSession( $sub, 'confirmation' );
- if ( $use_new_password )
- {
- $vtp->addSession( $sub, 'password_updated' );
- $vtp->closeSession( $sub, 'password_updated' );
- }
-}
-//------------------------------------------------------------------------ form
-if ( $display_form )
-{
- $vtp->addSession( $sub, 'form' );
- $action = './admin.php?page=user_modify&amp;user_id='.$_GET['user_id'];
- $vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) );
- $vtp->setVar( $sub, 'form.user:username', $page['username'] );
- if ( isset( $_POST['mail_address'] ) )
- {
- $page['mail_address'] = $_POST['mail_address'];
- }
- $vtp->setVar( $sub, 'form.user:mail_address', $page['mail_address'] );
- // change status only if the user is not the webmaster
- if ( $page['username'] != $conf['webmaster'] )
- {
- $vtp->addSession( $sub, 'status' );
- if ( isset( $_POST['status'] ) )
- {
- $page['status'] = $_POST['status'];
- }
- $option = get_enums( PREFIX_TABLE.'users', 'status' );
- for ( $i = 0; $i < sizeof( $option ); $i++ )
- {
- $vtp->addSession( $sub, 'status_option' );
- $vtp->setVar( $sub, 'status_option.value', $option[$i] );
- $vtp->setVar( $sub, 'status_option.option',
- $lang['adduser_status_'.$option[$i]] );
- if( $option[$i] == $page['status'] )
- {
- $vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' );
- }
- $vtp->closeSession( $sub, 'status_option' );
- }
- $vtp->closeSession( $sub, 'status' );
- }
- // groups linked with this user
- $query = 'SELECT id,name';
- $query.= ' FROM '.PREFIX_TABLE.'user_group, '.PREFIX_TABLE.'groups';
- $query.= ' WHERE group_id = id';
- $query.= ' AND user_id = '.$_GET['user_id'];
- $query.= ';';
- $result = pwg_query( $query );
- $user_groups = array();
- if ( mysql_num_rows( $result ) > 0 )
- {
- $vtp->addSession( $sub, 'groups' );
- while ( $row = mysql_fetch_array( $result ) )
- {
- $vtp->addSession( $sub, 'group' );
- $vtp->setVar( $sub, 'group.name', $row['name'] );
- $vtp->setVar( $sub, 'group.dissociate_id', $row['id'] );
- $vtp->closeSession( $sub, 'group' );
- array_push( $user_groups, $row['id'] );
- }
- $vtp->closeSession( $sub, 'groups' );
- }
- // empty group not to take into account
- $vtp->addSession( $sub, 'associate_group' );
- $vtp->setVar( $sub, 'associate_group.value', 'undef' );
- $vtp->setVar( $sub, 'associate_group.option', '' );
- $vtp->closeSession( $sub, 'associate_group' );
- // groups not linked yet to the user
- $query = 'SELECT id,name';
- $query.= ' FROM '.PREFIX_TABLE.'groups';
- $query.= ' ORDER BY id ASC';
- $query.= ';';
- $result = pwg_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- if ( !in_array( $row['id'], $user_groups ) )
- {
- $vtp->addSession( $sub, 'associate_group' );
- $vtp->setVar( $sub, 'associate_group.value', $row['id'] );
- $vtp->setVar( $sub, 'associate_group.option', $row['name'] );
- $vtp->closeSession( $sub, 'associate_group' );
- }
- }
-
- $url = add_session_id( './admin.php?page=user_list' );
- $vtp->setVar( $sub, 'form.url_back', $url );
- $vtp->closeSession( $sub, 'form' );
-}
-//----------------------------------------------------------- sending html code
-$vtp->Parse( $handle , 'sub', $sub );
-?>
diff --git a/admin/user_search.php b/admin/user_search.php
index 0d7d17bbd..220928992 100644
--- a/admin/user_search.php
+++ b/admin/user_search.php
@@ -78,8 +78,8 @@ $template->assign_vars(array(
'L_FORBIDDEN'=>$lang['forbidden'],
'L_PARENT_FORBIDDEN'=>$lang['permuser_parent_forbidden'],
- 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_search'),
- 'F_AUTH_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_search&amp;user_id='.$user_id),
+ 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'),
+ 'F_AUTH_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile&amp;user_id='.$user_id),
'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
));