Context Navigation

source: trunk/admin/user_list.php @ 12886

Last change on this file since 12886 was 12886, checked in by mistic100, 12 years ago
feature:2021 change contents of the mail + add option on admin/user_list
Property svn:eol-style set to `LF`
File size: 21.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	$filter['username'] = pwg_db_real_escape_string($username);
53	}
54
55	if (isset($_GET['group'])
56	and -1 != $_GET['group']
57	and is_numeric($_GET['group']))
58	{
59	$filter['group'] = $_GET['group'];
60	}
61
62	if (isset($_GET['status'])
63	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
64	{
65	$filter['status'] = $_GET['status'];
66	}
67
68	// how to order the list?
69	$order_by = 'id';
70	if (isset($_GET['order_by'])
71	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
72	{
73	$order_by = $_GET['order_by'];
74	}
75
76	$direction = 'ASC';
77	if (isset($_GET['direction'])
78	and in_array($_GET['direction'], array_keys($page['direction_items'])))
79	{
80	$direction = strtoupper($_GET['direction']);
81	}
82
83	// search users depending on filters and order
84	$query = '
85	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
86	u.'.$conf['user_fields']['username'].' AS username,
87	u.'.$conf['user_fields']['email'].' AS email,
88	ui.status,
89	ui.enabled_high,
90	ui.level
91	FROM '.USERS_TABLE.' AS u
92	INNER JOIN '.USER_INFOS_TABLE.' AS ui
93	ON u.'.$conf['user_fields']['id'].' = ui.user_id
94	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
95	ON u.'.$conf['user_fields']['id'].' = ug.user_id
96	WHERE u.'.$conf['user_fields']['id'].' > 0';
97	if (isset($filter['username']))
98	{
99	$query.= '
100	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
101	}
102	if (isset($filter['group']))
103	{
104	$query.= '
105	AND ug.group_id = '.$filter['group'];
106	}
107	if (isset($filter['status']))
108	{
109	$query.= '
110	AND ui.status = \''.$filter['status']."'";
111	}
112	$query.= '
113	ORDER BY '.$order_by.' '.$direction.'
114	;';
115
116	$result = pwg_query($query);
117	while ($row = pwg_db_fetch_assoc($result))
118	{
119	$user = $row;
120	$user['groups'] = array();
121
122	array_push($users, $user);
123	}
124
125	// add group lists
126	$user_ids = array();
127	foreach ($users as $i => $user)
128	{
129	$user_ids[$i] = $user['id'];
130	}
131	$user_nums = array_flip($user_ids);
132
133	if (count($user_ids) > 0)
134	{
135	$query = '
136	SELECT user_id, group_id
137	FROM '.USER_GROUP_TABLE.'
138	WHERE user_id IN ('.implode(',', $user_ids).')
139	;';
140	$result = pwg_query($query);
141	while ($row = pwg_db_fetch_assoc($result))
142	{
143	array_push(
144	$users[$user_nums[$row['user_id']]]['groups'],
145	$row['group_id']
146	);
147	}
148	}
149
150	return $users;
151	}
152
153	// +-----------------------------------------------------------------------+
154	// \| initialization \|
155	// +-----------------------------------------------------------------------+
156
157	if (!defined('PHPWG_ROOT_PATH'))
158	{
159	die('Hacking attempt!');
160	}
161
162	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
163
164	// +-----------------------------------------------------------------------+
165	// \| Check Access and exit when user status is not ok \|
166	// +-----------------------------------------------------------------------+
167	check_status(ACCESS_ADMINISTRATOR);
168
169	$page['order_by_items'] = array(
170	'id' => l10n('registration date'),
171	'username' => l10n('Username'),
172	'level' => l10n('Privacy level'),
173	'Language' => l10n('Language'),
174	);
175
176	$page['direction_items'] = array(
177	'asc' => l10n('ascending'),
178	'desc' => l10n('descending')
179	);
180
181	// +-----------------------------------------------------------------------+
182	// \| add a user \|
183	// +-----------------------------------------------------------------------+
184
185	// Check for config_default var - If True : Using double password type else single password type
186	// This feature is discussed on Piwigo's english forum
187	if ($conf['double_password_type_in_admin'] == true)
188	{
189	if (isset($_POST['submit_add']))
190	{
191	if(empty($_POST['password']))
192	{
193	array_push($page['errors'], l10n('Password is missing. Please enter the password.'));
194	}
195	else if(empty($_POST['password_conf']))
196	{
197	array_push($page['errors'], l10n('Password confirmation is missing. Please confirm the chosen password.'));
198	}
199	else if(empty($_POST['email']))
200	{
201	array_push($page['errors'], l10n('Email address is missing. Please specify an email address.'));
202	}
203	else if ($_POST['password'] != $_POST['password_conf'])
204	{
205	array_push($page['errors'], l10n('The passwords do not match'));
206	}
207	else
208	{
209	$page['errors'] = register_user(
210	$_POST['login'], $_POST['password'], $_POST['email'], false);
211
212	if (count($page['errors']) == 0)
213	{
214	array_push(
215	$page['infos'],
216	sprintf(
217	l10n('user "%s" added'),
218	$_POST['login']
219	)
220	);
221	}
222	}
223	}
224	}
225	else if ($conf['double_password_type_in_admin'] == false)
226	{
227	if (isset($_POST['submit_add']))
228	{
229	$page['errors'] = register_user(
230	$_POST['login'], $_POST['password'], $_POST['email'], false);
231
232	if (count($page['errors']) == 0)
233	{
234	array_push(
235	$page['infos'],
236	sprintf(
237	l10n('user "%s" added'),
238	stripslashes($_POST['login'])
239	)
240	);
241	}
242	}
243	}
244
245	// email notification
246	if (
247	isset($_POST['submit_add'])
248	and count($page['errors']) == 0
249	and !empty($_POST['email'])
250	and isset($_POST['send_password_by_mail'])
251	)
252	{
253	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
254
255	$keyargs_content = array(
256	get_l10n_args('Hello %s,', $_POST['login']),
257	get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']),
258	get_l10n_args('', ''),
259	get_l10n_args('Here are your connection settings', ''),
260	get_l10n_args('Username: %s', $_POST['login']),
261	get_l10n_args('Password: %s', $_POST['password']),
262	get_l10n_args('Email: %s', $_POST['email']),
263	get_l10n_args('', ''),
264	get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()),
265	);
266
267	pwg_mail(
268	$_POST['email'],
269	array(
270	'subject' => '['.$conf['gallery_title'].'] '.l10n('Registration'),
271	'content' => l10n_args($keyargs_content),
272	'content_format' => 'text/plain',
273	)
274	);
275	}
276
277	// +-----------------------------------------------------------------------+
278	// \| user list \|
279	// +-----------------------------------------------------------------------+
280
281	$page['filtered_users'] = get_filtered_user_list();
282
283	// +-----------------------------------------------------------------------+
284	// \| selected users \|
285	// +-----------------------------------------------------------------------+
286
287	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
288	{
289	$collection = array();
290
291	switch ($_POST['target'])
292	{
293	case 'all' :
294	{
295	foreach($page['filtered_users'] as $local_user)
296	{
297	array_push($collection, $local_user['id']);
298	}
299	break;
300	}
301	case 'selection' :
302	{
303	if (isset($_POST['selection']))
304	{
305	$collection = $_POST['selection'];
306	}
307	break;
308	}
309	}
310
311	if (count($collection) == 0)
312	{
313	array_push($page['errors'], l10n('Select at least one user'));
314	}
315	}
316
317	// +-----------------------------------------------------------------------+
318	// \| delete users \|
319	// +-----------------------------------------------------------------------+
320	if (isset($_POST['delete']) and count($collection) > 0)
321	{
322	if (in_array($conf['guest_id'], $collection))
323	{
324	array_push($page['errors'], l10n('Guest cannot be deleted'));
325	}
326	if (($conf['guest_id'] != $conf['default_user_id']) and
327	in_array($conf['default_user_id'], $collection))
328	{
329	array_push($page['errors'], l10n('Default user cannot be deleted'));
330	}
331	if (in_array($conf['webmaster_id'], $collection))
332	{
333	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
334	}
335	if (in_array($user['id'], $collection))
336	{
337	array_push($page['errors'], l10n('You cannot delete your account'));
338	}
339
340	if (count($page['errors']) == 0)
341	{
342	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
343	{
344	foreach ($collection as $user_id)
345	{
346	delete_user($user_id);
347	}
348	array_push(
349	$page['infos'],
350	l10n_dec(
351	'%d user deleted', '%d users deleted',
352	count($collection)
353	)
354	);
355	foreach ($page['filtered_users'] as $filter_key => $filter_user)
356	{
357	if (in_array($filter_user['id'], $collection))
358	{
359	unset($page['filtered_users'][$filter_key]);
360	}
361	}
362	}
363	else
364	{
365	array_push($page['errors'], l10n('You need to confirm deletion'));
366	}
367	}
368	}
369
370	// +-----------------------------------------------------------------------+
371	// \| preferences form submission \|
372	// +-----------------------------------------------------------------------+
373
374	if (isset($_POST['pref_submit']) and count($collection) > 0)
375	{
376	if (-1 != $_POST['associate'])
377	{
378	$datas = array();
379
380	$query = '
381	SELECT user_id
382	FROM '.USER_GROUP_TABLE.'
383	WHERE group_id = '.$_POST['associate'].'
384	;';
385	$associated = array_from_query($query, 'user_id');
386
387	$associable = array_diff($collection, $associated);
388
389	if (count($associable) > 0)
390	{
391	foreach ($associable as $item)
392	{
393	array_push($datas,
394	array('group_id'=>$_POST['associate'],
395	'user_id'=>$item));
396	}
397
398	mass_inserts(USER_GROUP_TABLE,
399	array('group_id', 'user_id'),
400	$datas);
401	}
402	}
403
404	if (-1 != $_POST['dissociate'])
405	{
406	$query = '
407	DELETE FROM '.USER_GROUP_TABLE.'
408	WHERE group_id = '.$_POST['dissociate'].'
409	AND user_id IN ('.implode(',', $collection).')
410	';
411	pwg_query($query);
412	}
413
414	// properties to set for the collection (a user list)
415	$datas = array();
416	$dbfields = array('primary' => array('user_id'), 'update' => array());
417
418	$formfields =
419	array('nb_image_page', 'theme', 'language',
420	'recent_period', 'expand', 'show_nb_comments',
421	'show_nb_hits', 'status', 'enabled_high',
422	'level');
423
424	$true_false_fields = array('expand', 'show_nb_comments',
425	'show_nb_hits', 'enabled_high');
426
427	foreach ($formfields as $formfield)
428	{
429	// special for true/false fields
430	if (in_array($formfield, $true_false_fields))
431	{
432	$test = $formfield;
433	}
434	else
435	{
436	$test = $formfield.'_action';
437	}
438
439	if ($_POST[$test] != 'leave')
440	{
441	array_push($dbfields['update'], $formfield);
442	}
443	}
444
445	// updating elements is useful only if needed...
446	if (count($dbfields['update']) > 0)
447	{
448	$datas = array();
449
450	foreach ($collection as $user_id)
451	{
452	$data = array();
453	$data['user_id'] = $user_id;
454
455	// TODO : verify if submited values are semanticaly correct
456	foreach ($dbfields['update'] as $dbfield)
457	{
458	// if the action is 'unset', the key won't be in row and
459	// mass_updates function will set this field to NULL
460	if (in_array($dbfield, $true_false_fields)
461	or 'set' == $_POST[$dbfield.'_action'])
462	{
463	$data[$dbfield] = $_POST[$dbfield];
464	}
465	}
466
467	// if the status is getting greater or equal to "admin", then level
468	// automatically switches to "admin" (8), unless the level is also
469	// defined in the same batch action.
470	if (isset($data['status']) and in_array($data['status'], array('webmaster', 'admin')))
471	{
472	if (!isset($data['level']))
473	{
474	$data['level'] = 8;
475	if (!in_array('level', $dbfields['update']))
476	{
477	array_push($dbfields['update'], 'level');
478	}
479	}
480	}
481
482	// special users checks
483	if
484	(
485	($conf['webmaster_id'] == $user_id) or
486	($conf['guest_id'] == $user_id) or
487	($conf['default_user_id'] == $user_id)
488	)
489	{
490	// status must not be changed
491	if (isset($data['status']))
492	{
493	if ($conf['webmaster_id'] == $user_id)
494	{
495	$data['status'] = 'webmaster';
496	}
497	else
498	{
499	$data['status'] = 'guest';
500	}
501	}
502	}
503
504	array_push($datas, $data);
505	}
506
507	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
508	}
509
510	redirect(
511	get_root_url().
512	'admin.php'.
513	get_query_string_diff(array(), false)
514	);
515	}
516
517	// +-----------------------------------------------------------------------+
518	// \| groups list \|
519	// +-----------------------------------------------------------------------+
520
521	$groups[-1] = '------------';
522
523	$query = '
524	SELECT id, name
525	FROM '.GROUPS_TABLE.'
526	ORDER BY name ASC
527	;';
528	$result = pwg_query($query);
529
530	while ($row = pwg_db_fetch_assoc($result))
531	{
532	$groups[$row['id']] = $row['name'];
533	}
534
535	// +-----------------------------------------------------------------------+
536	// \| template init \|
537	// +-----------------------------------------------------------------------+
538
539	$template->set_filenames(array('user_list'=>'user_list.tpl'));
540
541	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
542
543	if (isset($_GET['start']) and is_numeric($_GET['start']))
544	{
545	$start = $_GET['start'];
546	}
547	else
548	{
549	$start = 0;
550	}
551
552	$template->assign(
553	array(
554	'U_HELP' => get_root_url().'admin/popuphelp.php?page=user_list',
555
556	'F_ADD_ACTION' => $base_url,
557	'F_USERNAME' => @htmlentities($_GET['username'], ENT_COMPAT, 'UTF-8'),
558	'F_FILTER_ACTION' => get_root_url().'admin.php'
559	));
560
561	// Display or Hide double password type
562	$template->assign('Double_Password', $conf['double_password_type_in_admin'] );
563
564	// Filter status options
565	$status_options[-1] = '------------';
566	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
567	{
568	$status_options[$status] = l10n('user_status_'.$status);
569	}
570	$template->assign('status_options', $status_options);
571	$template->assign('status_selected',
572	isset($_GET['status']) ? $_GET['status'] : '');
573
574	// Filter group options
575	$template->assign('group_options', $groups);
576	$template->assign('group_selected',
577	isset($_GET['group']) ? $_GET['group'] : '');
578
579	// Filter order options
580	$template->assign('order_options', $page['order_by_items']);
581	$template->assign('order_selected',
582	isset($_GET['order_by']) ? $_GET['order_by'] : '');
583
584	// Filter direction options
585	$template->assign('direction_options', $page['direction_items']);
586	$template->assign('direction_selected',
587	isset($_GET['direction']) ? $_GET['direction'] : '');
588
589
590	if (isset($_POST['pref_submit']))
591	{
592	$template->assign(
593	array(
594	'NB_IMAGE_PAGE' => $_POST['nb_image_page'],
595	'RECENT_PERIOD' => $_POST['recent_period'],
596	));
597	}
598	else
599	{
600	$default_user = get_default_user_info(true);
601	$template->assign(
602	array(
603	'NB_IMAGE_PAGE' => $default_user['nb_image_page'],
604	'RECENT_PERIOD' => $default_user['recent_period'],
605	));
606	}
607
608	// Template Options
609	$template->assign('theme_options', get_pwg_themes());
610	$template->assign('theme_selected',
611	isset($_POST['pref_submit']) ? $_POST['theme'] : get_default_theme());
612
613	// Language options
614	$template->assign('language_options', get_languages());
615	$template->assign('language_selected',
616	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
617
618	// Status options
619	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
620	{
621	// Only status <= can be assign
622	if (is_autorize_status(get_access_type_status($status)))
623	{
624	$pref_status_options[$status] = l10n('user_status_'.$status);
625	}
626	}
627	$template->assign('pref_status_options', $pref_status_options);
628	$template->assign('pref_status_selected',
629	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
630
631	// associate and dissociate options
632	$template->assign('association_options', $groups);
633	$template->assign('associate_selected',
634	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
635	$template->assign('dissociate_selected',
636	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
637
638
639	// user level options
640	foreach ($conf['available_permission_levels'] as $level)
641	{
642	$level_options[$level] = l10n(sprintf('Level %d', $level));
643	}
644	$template->assign('level_options', $level_options);
645	$template->assign('level_selected',
646	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
647
648	// +-----------------------------------------------------------------------+
649	// \| navigation bar \|
650	// +-----------------------------------------------------------------------+
651
652	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
653
654	$navbar = create_navigation_bar(
655	$url,
656	count($page['filtered_users']),
657	$start,
658	$conf['users_page']
659	);
660
661	$template->assign('navbar', $navbar);
662
663	// +-----------------------------------------------------------------------+
664	// \| user list \|
665	// +-----------------------------------------------------------------------+
666
667	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
668	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
669
670	$visible_user_list = array();
671	foreach ($page['filtered_users'] as $num => $local_user)
672	{
673	// simulate LIMIT $start, $conf['users_page']
674	if ($num < $start)
675	{
676	continue;
677	}
678	if ($num >= $start + $conf['users_page'])
679	{
680	break;
681	}
682
683	$visible_user_list[] = $local_user;
684	}
685
686	// allow plugins to fill template var plugin_user_list_column_titles and
687	// plugin_columns/plugin_actions for each user in the list
688	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
689
690	foreach ($visible_user_list as $local_user)
691	{
692	$groups_string = preg_replace(
693	'/(\d+)/e',
694	"\$groups['$1']",
695	implode(
696	', ',
697	$local_user['groups']
698	)
699	);
700
701	if (isset($_POST['pref_submit'])
702	and isset($_POST['selection'])
703	and in_array($local_user['id'], $_POST['selection']))
704	{
705	$checked = 'checked="checked"';
706	}
707	else
708	{
709	$checked = '';
710	}
711
712	$properties = array();
713	if ( $local_user['level'] != 0 )
714	{
715	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
716	}
717	$properties[] =
718	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
719	? l10n('High definition') : l10n('');
720
721	$template->append(
722	'users',
723	array(
724	'ID' => $local_user['id'],
725	'CHECKED' => $checked,
726	'U_PROFILE' => $profile_url.$local_user['id'],
727	'U_PERM' => $perm_url.$local_user['id'],
728	'USERNAME' => stripslashes($local_user['username'])
729	.($local_user['id'] == $conf['guest_id']
730	? '<br>['.l10n('guest').']' : '')
731	.($local_user['id'] == $conf['default_user_id']
732	? '<br>['.l10n('default values').']' : ''),
733	'STATUS' => l10n('user_status_'.$local_user['status']),
734	'EMAIL' => get_email_address_as_display_text($local_user['email']),
735	'GROUPS' => $groups_string,
736	'PROPERTIES' => implode( ', ', $properties),
737	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
738	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
739	)
740	);
741	}
742
743	// +-----------------------------------------------------------------------+
744	// \| html code display \|
745	// +-----------------------------------------------------------------------+
746
747	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
748	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: