0'; if (isset($filter['username'])) { $query.= ' AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\''; } if (isset($filter['group'])) { $query.= ' AND ug.group_id = '.$filter['group']; } if (isset($filter['status'])) { $query.= ' AND ui.status = \''.$filter['status']."'"; } $query.= ' ORDER BY '.$order_by.' '.$direction.' ;'; $result = pwg_query($query); while ($row = mysql_fetch_array($result)) { $user = $row; $user['groups'] = array(); array_push($users, $user); } // add group lists $user_ids = array(); foreach ($users as $i => $user) { $user_ids[$i] = $user['id']; } $user_nums = array_flip($user_ids); if (count($user_ids) > 0) { $query = ' SELECT user_id, group_id FROM '.USER_GROUP_TABLE.' WHERE user_id IN ('.implode(',', $user_ids).') ;'; $result = pwg_query($query); while ($row = mysql_fetch_array($result)) { array_push( $users[$user_nums[$row['user_id']]]['groups'], $row['group_id'] ); } } return $users; } // +-----------------------------------------------------------------------+ // | initialization | // +-----------------------------------------------------------------------+ if (!defined('PHPWG_ROOT_PATH')) { die('Hacking attempt!'); } include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); // +-----------------------------------------------------------------------+ // | Check Access and exit when user status is not ok | // +-----------------------------------------------------------------------+ check_status(ACCESS_ADMINISTRATOR); $page['order_by_items'] = array( 'id' => $lang['registration_date'], 'username' => $lang['Username'] ); $page['direction_items'] = array( 'asc' => $lang['ascending'], 'desc' => $lang['descending'] ); // +-----------------------------------------------------------------------+ // | add a user | // +-----------------------------------------------------------------------+ if (isset($_POST['submit_add'])) { $page['errors'] = register_user( $_POST['login'], $_POST['password'], $_POST['email']); if (count($page['errors']) == 0) { array_push( $page['infos'], sprintf( l10n('user "%s" added'), $_POST['login'] ) ); } } // +-----------------------------------------------------------------------+ // | user list | // +-----------------------------------------------------------------------+ $page['filtered_users'] = get_filtered_user_list(); // +-----------------------------------------------------------------------+ // | selected users | // +-----------------------------------------------------------------------+ if (isset($_POST['delete']) or isset($_POST['pref_submit'])) { $collection = array(); switch ($_POST['target']) { case 'all' : { foreach($page['filtered_users'] as $local_user) { array_push($collection, $local_user['id']); } break; } case 'selection' : { if (isset($_POST['selection'])) { $collection = $_POST['selection']; } break; } } if (count($collection) == 0) { array_push($page['errors'], l10n('Select at least one user')); } } // +-----------------------------------------------------------------------+ // | delete users | // +-----------------------------------------------------------------------+ if (isset($_POST['delete']) and count($collection) > 0) { if (in_array($conf['guest_id'], $collection)) { array_push($page['errors'], l10n('Guest cannot be deleted')); } if (($conf['guest_id'] != $conf['default_user_id']) and in_array($conf['default_user_id'], $collection)) { array_push($page['errors'], l10n('Default user cannot be deleted')); } if (in_array($conf['webmaster_id'], $collection)) { array_push($page['errors'], l10n('Webmaster cannot be deleted')); } if (in_array($user['id'], $collection)) { array_push($page['errors'], l10n('You cannot delete your account')); } if (count($page['errors']) == 0) { if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion']) { foreach ($collection as $user_id) { delete_user($user_id); } array_push( $page['infos'], l10n_dec( '%d user deleted', '%d users deleted', count($collection) ) ); foreach ($page['filtered_users'] as $filter_key => $filter_user) { if (in_array($filter_user['id'], $collection)) { unset($page['filtered_users'][$filter_key]); } } } else { array_push($page['errors'], l10n('You need to confirm deletion')); } } } // +-----------------------------------------------------------------------+ // | preferences form submission | // +-----------------------------------------------------------------------+ if (isset($_POST['pref_submit']) and count($collection) > 0) { if (-1 != $_POST['associate']) { $datas = array(); $query = ' SELECT user_id FROM '.USER_GROUP_TABLE.' WHERE group_id = '.$_POST['associate'].' ;'; $associated = array_from_query($query, 'user_id'); $associable = array_diff($collection, $associated); if (count($associable) > 0) { foreach ($associable as $item) { array_push($datas, array('group_id'=>$_POST['associate'], 'user_id'=>$item)); } mass_inserts(USER_GROUP_TABLE, array('group_id', 'user_id'), $datas); } } if (-1 != $_POST['dissociate']) { $query = ' DELETE FROM '.USER_GROUP_TABLE.' WHERE group_id = '.$_POST['dissociate'].' AND user_id IN ('.implode(',', $collection).') '; pwg_query($query); } // properties to set for the collection (a user list) $datas = array(); $dbfields = array('primary' => array('user_id'), 'update' => array()); $formfields = array('nb_image_line', 'nb_line_page', 'template', 'language', 'recent_period', 'maxwidth', 'expand', 'show_nb_comments', 'show_nb_hits', 'maxheight', 'status', 'enabled_high', 'level'); $true_false_fields = array('expand', 'show_nb_comments', 'show_nb_hits', 'enabled_high'); if ($conf['allow_adviser']) { array_push($formfields, 'adviser'); array_push($true_false_fields, 'adviser'); } foreach ($formfields as $formfield) { // special for true/false fields if (in_array($formfield, $true_false_fields)) { $test = $formfield; } else { $test = $formfield.'_action'; } if ($_POST[$test] != 'leave') { array_push($dbfields['update'], $formfield); } } // updating elements is useful only if needed... if (count($dbfields['update']) > 0) { $datas = array(); foreach ($collection as $user_id) { $data = array(); $data['user_id'] = $user_id; // TODO : verify if submited values are semanticaly correct foreach ($dbfields['update'] as $dbfield) { // if the action is 'unset', the key won't be in row and // mass_updates function will set this field to NULL if (in_array($dbfield, $true_false_fields) or 'set' == $_POST[$dbfield.'_action']) { $data[$dbfield] = $_POST[$dbfield]; } } // special users checks if ( ($conf['webmaster_id'] == $user_id) or ($conf['guest_id'] == $user_id) or ($conf['default_user_id'] == $user_id) ) { // status must not be changed if (isset($data['status'])) { if ($conf['webmaster_id'] == $user_id) { $data['status'] = 'webmaster'; } else { $data['status'] = 'guest'; } } // could not be adivser if (isset($data['adviser'])) { $data['adviser'] = 'false'; } } array_push($datas, $data); } mass_updates(USER_INFOS_TABLE, $dbfields, $datas); } redirect( PHPWG_ROOT_PATH. 'admin.php'. get_query_string_diff( array( 'start' ) ) ); } // +-----------------------------------------------------------------------+ // | groups list | // +-----------------------------------------------------------------------+ $groups = array(); $query = ' SELECT id, name FROM '.GROUPS_TABLE.' ORDER BY name ASC ;'; $result = pwg_query($query); while ($row = mysql_fetch_array($result)) { $groups[$row['id']] = $row['name']; } // +-----------------------------------------------------------------------+ // | template init | // +-----------------------------------------------------------------------+ $template->set_filenames(array('user_list'=>'admin/user_list.tpl')); $base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list'; if (isset($_GET['start']) and is_numeric($_GET['start'])) { $start = $_GET['start']; } else { $start = 0; } $template->assign_vars( array( 'U_HELP' => PHPWG_ROOT_PATH.'popuphelp.php?page=user_list', 'F_ADD_ACTION' => $base_url, 'F_USERNAME' => @htmlentities($_GET['username']), 'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php' )); if (isset($_GET['id'])) { $template->assign_block_vars('session', array('ID' => $_GET['id'])); } // Hide radio-button if not allow to assign adviser if ($conf['allow_adviser']) { $template->assign_block_vars('adviser', array()); } foreach ($page['order_by_items'] as $item => $label) { $selected = (isset($_GET['order_by']) and $_GET['order_by'] == $item) ? 'selected="selected"' : ''; $template->assign_block_vars( 'order_by', array( 'VALUE' => $item, 'CONTENT' => $label, 'SELECTED' => $selected )); } foreach ($page['direction_items'] as $item => $label) { $selected = (isset($_GET['direction']) and $_GET['direction'] == $item) ? 'selected="selected"' : ''; $template->assign_block_vars( 'direction', array( 'VALUE' => $item, 'CONTENT' => $label, 'SELECTED' => $selected )); } $blockname = 'group_option'; $template->assign_block_vars( $blockname, array( 'VALUE'=> -1, 'CONTENT' => '------------', 'SELECTED' => '' )); foreach ($groups as $group_id => $group_name) { $selected = (isset($_GET['group']) and $_GET['group'] == $group_id) ? 'selected="selected"' : ''; $template->assign_block_vars( $blockname, array( 'VALUE' => $group_id, 'CONTENT' => $group_name, 'SELECTED' => $selected )); } $blockname = 'status_option'; $template->assign_block_vars( $blockname, array( 'VALUE'=> -1, 'CONTENT' => '------------', 'SELECTED' => '' )); foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) { $selected = (isset($_GET['status']) and $_GET['status'] == $status) ? 'selected="selected"' : ''; $template->assign_block_vars( $blockname, array( 'VALUE' => $status, 'CONTENT' => $lang['user_status_'.$status], 'SELECTED' => $selected )); } if (isset($_POST['pref_submit'])) { // echo '
'; print_r($_POST); echo ''; $template->assign_vars( array( 'ADVISER_YES' => 'true' == (isset($_POST['adviser']) and $_POST['adviser']) ? 'checked="checked"' : '', 'ADVISER_NO' => 'false' == (isset($_POST['adviser']) and $_POST['adviser']) ? 'checked="checked"' : '', 'NB_IMAGE_LINE' => $_POST['nb_image_line'], 'NB_LINE_PAGE' => $_POST['nb_line_page'], 'MAXWIDTH' => $_POST['maxwidth'], 'MAXHEIGHT' => $_POST['maxheight'], 'RECENT_PERIOD' => $_POST['recent_period'], 'EXPAND_YES' => 'true' == $_POST['expand'] ? 'checked="checked"' : '', 'EXPAND_NO' => 'false' == $_POST['expand'] ? 'checked="checked"' : '', 'SHOW_NB_COMMENTS_YES' => 'true' == $_POST['show_nb_comments'] ? 'checked="checked"' : '', 'SHOW_NB_COMMENTS_NO' => 'false' == $_POST['show_nb_comments'] ? 'checked="checked"' : '', 'SHOW_NB_HITS_YES' => 'true' == $_POST['show_nb_hits'] ? 'checked="checked"' : '', 'SHOW_NB_HITS_NO' => 'false' == $_POST['show_nb_hits'] ? 'checked="checked"' : '', 'ENABLED_HIGH_YES' => 'true' == $_POST['enabled_high'] ? 'checked="checked"' : '', 'ENABLED_HIGH_NO' => 'false' == $_POST['enabled_high'] ? 'checked="checked"' : '', )); } else { $default_user = get_default_user_info(true); $template->assign_vars( array( 'NB_IMAGE_LINE' => $default_user['nb_image_line'], 'NB_LINE_PAGE' => $default_user['nb_line_page'], 'MAXWIDTH' => $default_user['maxwidth'], 'MAXHEIGHT' => $default_user['maxheight'], 'RECENT_PERIOD' => $default_user['recent_period'], )); } $blockname = 'template_option'; foreach (get_pwg_themes() as $pwg_template) { if (isset($_POST['pref_submit'])) { $selected = $_POST['template']==$pwg_template ? 'selected="selected"' : ''; } else if (get_default_template() == $pwg_template) { $selected = 'selected="selected"'; } else { $selected = ''; } $template->assign_block_vars( $blockname, array( 'VALUE'=> $pwg_template, 'CONTENT' => $pwg_template, 'SELECTED' => $selected )); } $blockname = 'language_option'; foreach (get_languages() as $language_code => $language_name) { if (isset($_POST['pref_submit'])) { $selected = $_POST['language']==$language_code ? 'selected="selected"':''; } else if (get_default_language() == $language_code) { $selected = 'selected="selected"'; } else { $selected = ''; } $template->assign_block_vars( $blockname, array( 'VALUE'=> $language_code, 'CONTENT' => $language_name, 'SELECTED' => $selected )); } $blockname = 'pref_status_option'; foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) { if (isset($_POST['pref_submit'])) { $selected = $_POST['status'] == $status ? 'selected="selected"' : ''; } else if ('normal' == $status) { $selected = 'selected="selected"'; } else { $selected = ''; } // Only status <= can be assign if (is_autorize_status(get_access_type_status($status))) { $template->assign_block_vars( $blockname, array( 'VALUE' => $status, 'CONTENT' => $lang['user_status_'.$status], 'SELECTED' => $selected )); } } // associate $blockname = 'associate_option'; $template->assign_block_vars( $blockname, array( 'VALUE'=> -1, 'CONTENT' => '------------', 'SELECTED' => '' )); foreach ($groups as $group_id => $group_name) { if (isset($_POST['pref_submit'])) { $selected = $_POST['associate'] == $group_id ? 'selected="selected"' : ''; } else { $selected = ''; } $template->assign_block_vars( $blockname, array( 'VALUE' => $group_id, 'CONTENT' => $group_name, 'SELECTED' => $selected )); } // dissociate $blockname = 'dissociate_option'; $template->assign_block_vars( $blockname, array( 'VALUE'=> -1, 'CONTENT' => '------------', 'SELECTED' => '' )); foreach ($groups as $group_id => $group_name) { if (isset($_POST['pref_submit'])) { $selected = $_POST['dissociate'] == $group_id ? 'selected="selected"' : ''; } else { $selected = ''; } $template->assign_block_vars( $blockname, array( 'VALUE' => $group_id, 'CONTENT' => $group_name, 'SELECTED' => $selected )); } // user level options $blockname = 'level_option'; foreach ($conf['available_permission_levels'] as $level) { $template->assign_block_vars( $blockname, array( 'VALUE' => $level, 'CONTENT' => l10n( sprintf('Level %d', $level) ), 'SELECTED' => $level==$default_user['level'] ? 'selected="selected"' : '', )); } // +-----------------------------------------------------------------------+ // | navigation bar | // +-----------------------------------------------------------------------+ $url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start')); $navbar = create_navigation_bar( $url, count($page['filtered_users']), $start, $conf['users_page'] ); $template->assign_vars(array('NAVBAR' => $navbar)); // +-----------------------------------------------------------------------+ // | user list | // +-----------------------------------------------------------------------+ $profile_url = get_root_url().'admin.php?page=profile&user_id='; $perm_url = get_root_url().'admin.php?page=user_perm&user_id='; $visible_user_list = array(); foreach ($page['filtered_users'] as $num => $local_user) { // simulate LIMIT $start, $conf['users_page'] if ($num < $start) { continue; } if ($num >= $start + $conf['users_page']) { break; } $visible_user_list[] = $local_user; } $visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list); foreach ($visible_user_list as $num => $local_user) { $groups_string = preg_replace( '/(\d+)/e', "\$groups['$1']", implode( ', ', $local_user['groups'] ) ); if (isset($_POST['pref_submit']) and isset($_POST['selection']) and in_array($local_user['id'], $_POST['selection'])) { $checked = 'checked="checked"'; } else { $checked = ''; } $properties = array(); $properties[] = (isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true')) ? $lang['is_high_enabled'] : $lang['is_high_disabled']; $properties[] = l10n( sprintf('Level %d', $local_user['level']) ); $template->assign_block_vars( 'user', array( 'CLASS' => ($num % 2 == 1) ? 'row2' : 'row1', 'ID' => $local_user['id'], 'CHECKED' => $checked, 'U_PROFILE' => $profile_url.$local_user['id'], 'U_PERM' => $perm_url.$local_user['id'], 'USERNAME' => $local_user['username'] .($local_user['id'] == $conf['guest_id'] ? '