Context Navigation

source: trunk/admin/user_list.php @ 2297

Last change on this file since 2297 was 2297, checked in by plg, 16 years ago
Modification: new header on PHP files, PhpWebGallery renamed Piwigo.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 21.3 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23	// +-----------------------------------------------------------------------+
24	// \| PhpWebGallery - a PHP based picture gallery \|
25	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
26	// \| Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net \|
27	// +-----------------------------------------------------------------------+
28	// \| file : $Id: user_list.php 2297 2008-04-04 22:57:23Z plg $
29	// \| last update : $Date: 2008-04-04 22:57:23 +0000 (Fri, 04 Apr 2008) $
30	// \| last modifier : $Author: plg $
31	// \| revision : $Revision: 2297 $
32	// +-----------------------------------------------------------------------+
33	// \| This program is free software; you can redistribute it and/or modify \|
34	// \| it under the terms of the GNU General Public License as published by \|
35	// \| the Free Software Foundation \|
36	// \| \|
37	// \| This program is distributed in the hope that it will be useful, but \|
38	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
39	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
40	// \| General Public License for more details. \|
41	// \| \|
42	// \| You should have received a copy of the GNU General Public License \|
43	// \| along with this program; if not, write to the Free Software \|
44	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
45	// \| USA. \|
46	// +-----------------------------------------------------------------------+
47
48	/**
49	* Add users and manage users list
50	*/
51
52	// +-----------------------------------------------------------------------+
53	// \| functions \|
54	// +-----------------------------------------------------------------------+
55
56	/**
57	* returns a list of users depending on page filters (in $_GET)
58	*
59	* Each user comes with his related informations : id, username, mail
60	* address, list of groups.
61	*
62	* @return array
63	*/
64	function get_filtered_user_list()
65	{
66	global $conf, $page;
67
68	$users = array();
69
70	// filter
71	$filter = array();
72
73	if (isset($_GET['username']) and !empty($_GET['username']))
74	{
75	$username = str_replace('*', '%', $_GET['username']);
76	if (function_exists('mysql_real_escape_string'))
77	{
78	$filter['username'] = mysql_real_escape_string($username);
79	}
80	else
81	{
82	$filter['username'] = mysql_escape_string($username);
83	}
84	}
85
86	if (isset($_GET['group'])
87	and -1 != $_GET['group']
88	and is_numeric($_GET['group']))
89	{
90	$filter['group'] = $_GET['group'];
91	}
92
93	if (isset($_GET['status'])
94	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
95	{
96	$filter['status'] = $_GET['status'];
97	}
98
99	// how to order the list?
100	$order_by = 'id';
101	if (isset($_GET['order_by'])
102	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
103	{
104	$order_by = $_GET['order_by'];
105	}
106
107	$direction = 'ASC';
108	if (isset($_GET['direction'])
109	and in_array($_GET['direction'], array_keys($page['direction_items'])))
110	{
111	$direction = strtoupper($_GET['direction']);
112	}
113
114	// search users depending on filters and order
115	$query = '
116	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
117	u.'.$conf['user_fields']['username'].' AS username,
118	u.'.$conf['user_fields']['email'].' AS email,
119	ui.status,
120	ui.adviser,
121	ui.enabled_high,
122	ui.level
123	FROM '.USERS_TABLE.' AS u
124	INNER JOIN '.USER_INFOS_TABLE.' AS ui
125	ON u.'.$conf['user_fields']['id'].' = ui.user_id
126	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
127	ON u.'.$conf['user_fields']['id'].' = ug.user_id
128	WHERE u.'.$conf['user_fields']['id'].' > 0';
129	if (isset($filter['username']))
130	{
131	$query.= '
132	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
133	}
134	if (isset($filter['group']))
135	{
136	$query.= '
137	AND ug.group_id = '.$filter['group'];
138	}
139	if (isset($filter['status']))
140	{
141	$query.= '
142	AND ui.status = \''.$filter['status']."'";
143	}
144	$query.= '
145	ORDER BY '.$order_by.' '.$direction.'
146	;';
147
148	$result = pwg_query($query);
149	while ($row = mysql_fetch_array($result))
150	{
151	$user = $row;
152	$user['groups'] = array();
153
154	array_push($users, $user);
155	}
156
157	// add group lists
158	$user_ids = array();
159	foreach ($users as $i => $user)
160	{
161	$user_ids[$i] = $user['id'];
162	}
163	$user_nums = array_flip($user_ids);
164
165	if (count($user_ids) > 0)
166	{
167	$query = '
168	SELECT user_id, group_id
169	FROM '.USER_GROUP_TABLE.'
170	WHERE user_id IN ('.implode(',', $user_ids).')
171	;';
172	$result = pwg_query($query);
173	while ($row = mysql_fetch_array($result))
174	{
175	array_push(
176	$users[$user_nums[$row['user_id']]]['groups'],
177	$row['group_id']
178	);
179	}
180	}
181
182	return $users;
183	}
184
185	// +-----------------------------------------------------------------------+
186	// \| initialization \|
187	// +-----------------------------------------------------------------------+
188
189	if (!defined('PHPWG_ROOT_PATH'))
190	{
191	die('Hacking attempt!');
192	}
193
194	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
195
196	// +-----------------------------------------------------------------------+
197	// \| Check Access and exit when user status is not ok \|
198	// +-----------------------------------------------------------------------+
199	check_status(ACCESS_ADMINISTRATOR);
200
201	$page['order_by_items'] = array(
202	'id' => l10n('registration_date'),
203	'username' => l10n('Username'),
204	'level' => l10n('Privacy level'),
205	'language' => l10n('language'),
206	);
207
208	$page['direction_items'] = array(
209	'asc' => l10n('ascending'),
210	'desc' => l10n('descending')
211	);
212
213	// +-----------------------------------------------------------------------+
214	// \| add a user \|
215	// +-----------------------------------------------------------------------+
216
217	if (isset($_POST['submit_add']))
218	{
219	$page['errors'] = register_user(
220	$_POST['login'], $_POST['password'], $_POST['email'], false);
221
222	if (count($page['errors']) == 0)
223	{
224	array_push(
225	$page['infos'],
226	sprintf(
227	l10n('user "%s" added'),
228	$_POST['login']
229	)
230	);
231	}
232	}
233
234	// +-----------------------------------------------------------------------+
235	// \| user list \|
236	// +-----------------------------------------------------------------------+
237
238	$page['filtered_users'] = get_filtered_user_list();
239
240	// +-----------------------------------------------------------------------+
241	// \| selected users \|
242	// +-----------------------------------------------------------------------+
243
244	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
245	{
246	$collection = array();
247
248	switch ($_POST['target'])
249	{
250	case 'all' :
251	{
252	foreach($page['filtered_users'] as $local_user)
253	{
254	array_push($collection, $local_user['id']);
255	}
256	break;
257	}
258	case 'selection' :
259	{
260	if (isset($_POST['selection']))
261	{
262	$collection = $_POST['selection'];
263	}
264	break;
265	}
266	}
267
268	if (count($collection) == 0)
269	{
270	array_push($page['errors'], l10n('Select at least one user'));
271	}
272	}
273
274	// +-----------------------------------------------------------------------+
275	// \| delete users \|
276	// +-----------------------------------------------------------------------+
277	if (isset($_POST['delete']) and count($collection) > 0)
278	{
279	if (in_array($conf['guest_id'], $collection))
280	{
281	array_push($page['errors'], l10n('Guest cannot be deleted'));
282	}
283	if (($conf['guest_id'] != $conf['default_user_id']) and
284	in_array($conf['default_user_id'], $collection))
285	{
286	array_push($page['errors'], l10n('Default user cannot be deleted'));
287	}
288	if (in_array($conf['webmaster_id'], $collection))
289	{
290	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
291	}
292	if (in_array($user['id'], $collection))
293	{
294	array_push($page['errors'], l10n('You cannot delete your account'));
295	}
296
297	if (count($page['errors']) == 0)
298	{
299	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
300	{
301	foreach ($collection as $user_id)
302	{
303	delete_user($user_id);
304	}
305	array_push(
306	$page['infos'],
307	l10n_dec(
308	'%d user deleted', '%d users deleted',
309	count($collection)
310	)
311	);
312	foreach ($page['filtered_users'] as $filter_key => $filter_user)
313	{
314	if (in_array($filter_user['id'], $collection))
315	{
316	unset($page['filtered_users'][$filter_key]);
317	}
318	}
319	}
320	else
321	{
322	array_push($page['errors'], l10n('You need to confirm deletion'));
323	}
324	}
325	}
326
327	// +-----------------------------------------------------------------------+
328	// \| preferences form submission \|
329	// +-----------------------------------------------------------------------+
330
331	if (isset($_POST['pref_submit']) and count($collection) > 0)
332	{
333	if (-1 != $_POST['associate'])
334	{
335	$datas = array();
336
337	$query = '
338	SELECT user_id
339	FROM '.USER_GROUP_TABLE.'
340	WHERE group_id = '.$_POST['associate'].'
341	;';
342	$associated = array_from_query($query, 'user_id');
343
344	$associable = array_diff($collection, $associated);
345
346	if (count($associable) > 0)
347	{
348	foreach ($associable as $item)
349	{
350	array_push($datas,
351	array('group_id'=>$_POST['associate'],
352	'user_id'=>$item));
353	}
354
355	mass_inserts(USER_GROUP_TABLE,
356	array('group_id', 'user_id'),
357	$datas);
358	}
359	}
360
361	if (-1 != $_POST['dissociate'])
362	{
363	$query = '
364	DELETE FROM '.USER_GROUP_TABLE.'
365	WHERE group_id = '.$_POST['dissociate'].'
366	AND user_id IN ('.implode(',', $collection).')
367	';
368	pwg_query($query);
369	}
370
371	// properties to set for the collection (a user list)
372	$datas = array();
373	$dbfields = array('primary' => array('user_id'), 'update' => array());
374
375	$formfields =
376	array('nb_image_line', 'nb_line_page', 'template', 'language',
377	'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
378	'show_nb_hits', 'maxheight', 'status', 'enabled_high',
379	'level');
380
381	$true_false_fields = array('expand', 'show_nb_comments',
382	'show_nb_hits', 'enabled_high');
383	if ($conf['allow_adviser'])
384	{
385	array_push($formfields, 'adviser');
386	array_push($true_false_fields, 'adviser');
387	}
388
389	foreach ($formfields as $formfield)
390	{
391	// special for true/false fields
392	if (in_array($formfield, $true_false_fields))
393	{
394	$test = $formfield;
395	}
396	else
397	{
398	$test = $formfield.'_action';
399	}
400
401	if ($_POST[$test] != 'leave')
402	{
403	array_push($dbfields['update'], $formfield);
404	}
405	}
406
407	// updating elements is useful only if needed...
408	if (count($dbfields['update']) > 0)
409	{
410	$datas = array();
411
412	foreach ($collection as $user_id)
413	{
414	$data = array();
415	$data['user_id'] = $user_id;
416
417	// TODO : verify if submited values are semanticaly correct
418	foreach ($dbfields['update'] as $dbfield)
419	{
420	// if the action is 'unset', the key won't be in row and
421	// mass_updates function will set this field to NULL
422	if (in_array($dbfield, $true_false_fields)
423	or 'set' == $_POST[$dbfield.'_action'])
424	{
425	$data[$dbfield] = $_POST[$dbfield];
426	}
427	}
428
429	// special users checks
430	if
431	(
432	($conf['webmaster_id'] == $user_id) or
433	($conf['guest_id'] == $user_id) or
434	($conf['default_user_id'] == $user_id)
435	)
436	{
437	// status must not be changed
438	if (isset($data['status']))
439	{
440	if ($conf['webmaster_id'] == $user_id)
441	{
442	$data['status'] = 'webmaster';
443	}
444	else
445	{
446	$data['status'] = 'guest';
447	}
448	}
449
450	// could not be adivser
451	if (isset($data['adviser']))
452	{
453	$data['adviser'] = 'false';
454	}
455	}
456
457	array_push($datas, $data);
458	}
459
460	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
461	}
462
463	redirect(
464	get_root_url().
465	'admin.php'.
466	get_query_string_diff(array(), false)
467	);
468	}
469
470	// +-----------------------------------------------------------------------+
471	// \| groups list \|
472	// +-----------------------------------------------------------------------+
473
474	$groups[-1] = '------------';
475
476	$query = '
477	SELECT id, name
478	FROM '.GROUPS_TABLE.'
479	ORDER BY name ASC
480	;';
481	$result = pwg_query($query);
482
483	while ($row = mysql_fetch_array($result))
484	{
485	$groups[$row['id']] = $row['name'];
486	}
487
488	// +-----------------------------------------------------------------------+
489	// \| template init \|
490	// +-----------------------------------------------------------------------+
491
492	$template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
493
494	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
495
496	if (isset($_GET['start']) and is_numeric($_GET['start']))
497	{
498	$start = $_GET['start'];
499	}
500	else
501	{
502	$start = 0;
503	}
504
505	$template->assign(
506	array(
507	'U_HELP' => get_root_url().'popuphelp.php?page=user_list',
508
509	'F_ADD_ACTION' => $base_url,
510	'F_USERNAME' => @htmlentities($_GET['username']),
511	'F_FILTER_ACTION' => get_root_url().'admin.php'
512	));
513
514	// Hide radio-button if not allow to assign adviser
515	if ($conf['allow_adviser'])
516	{
517	$template->assign('adviser', true);
518	}
519
520	// Filter status options
521	$status_options[-1] = '------------';
522	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
523	{
524	$status_options[$status] = l10n('user_status_'.$status);
525	}
526	$template->assign('status_options', $status_options);
527	$template->assign('status_selected',
528	isset($_GET['status']) ? $_GET['status'] : '');
529
530	// Filter group options
531	$template->assign('group_options', $groups);
532	$template->assign('group_selected',
533	isset($_GET['group']) ? $_GET['group'] : '');
534
535	// Filter order options
536	$template->assign('order_options', $page['order_by_items']);
537	$template->assign('order_selected',
538	isset($_GET['order_by']) ? $_GET['order_by'] : '');
539
540	// Filter direction options
541	$template->assign('direction_options', $page['direction_items']);
542	$template->assign('direction_selected',
543	isset($_GET['direction']) ? $_GET['direction'] : '');
544
545
546	if (isset($_POST['pref_submit']))
547	{
548	$template->assign(
549	array(
550	'NB_IMAGE_LINE' => $_POST['nb_image_line'],
551	'NB_LINE_PAGE' => $_POST['nb_line_page'],
552	'MAXWIDTH' => $_POST['maxwidth'],
553	'MAXHEIGHT' => $_POST['maxheight'],
554	'RECENT_PERIOD' => $_POST['recent_period'],
555	));
556	}
557	else
558	{
559	$default_user = get_default_user_info(true);
560	$template->assign(
561	array(
562	'NB_IMAGE_LINE' => $default_user['nb_image_line'],
563	'NB_LINE_PAGE' => $default_user['nb_line_page'],
564	'MAXWIDTH' => $default_user['maxwidth'],
565	'MAXHEIGHT' => $default_user['maxheight'],
566	'RECENT_PERIOD' => $default_user['recent_period'],
567	));
568	}
569
570	// Template Options
571	$template->assign('template_options', get_pwg_themes());
572	$template->assign('template_selected',
573	isset($_POST['pref_submit']) ? $_POST['template'] : get_default_template());
574
575	// Language options
576	$template->assign('language_options', get_languages());
577	$template->assign('language_selected',
578	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
579
580	// Status options
581	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
582	{
583	// Only status <= can be assign
584	if (is_autorize_status(get_access_type_status($status)))
585	{
586	$pref_status_options[$status] = l10n('user_status_'.$status);
587	}
588	}
589	$template->assign('pref_status_options', $pref_status_options);
590	$template->assign('pref_status_selected',
591	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
592
593	// associate and dissociate options
594	$template->assign('association_options', $groups);
595	$template->assign('associate_selected',
596	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
597	$template->assign('dissociate_selected',
598	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
599
600
601	// user level options
602	foreach ($conf['available_permission_levels'] as $level)
603	{
604	$level_options[$level] = l10n(sprintf('Level %d', $level));
605	}
606	$template->assign('level_options', $level_options);
607	$template->assign('level_selected',
608	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
609
610	// +-----------------------------------------------------------------------+
611	// \| navigation bar \|
612	// +-----------------------------------------------------------------------+
613
614	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
615
616	$navbar = create_navigation_bar(
617	$url,
618	count($page['filtered_users']),
619	$start,
620	$conf['users_page']
621	);
622
623	$template->assign('NAVBAR', $navbar);
624
625	// +-----------------------------------------------------------------------+
626	// \| user list \|
627	// +-----------------------------------------------------------------------+
628
629	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
630	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
631
632	$visible_user_list = array();
633	foreach ($page['filtered_users'] as $num => $local_user)
634	{
635	// simulate LIMIT $start, $conf['users_page']
636	if ($num < $start)
637	{
638	continue;
639	}
640	if ($num >= $start + $conf['users_page'])
641	{
642	break;
643	}
644
645	$visible_user_list[] = $local_user;
646	}
647
648	// allow plugins to fill template var plugin_user_list_column_titles and
649	// plugin_columns/plugin_actions for each user in the list
650	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
651
652	foreach ($visible_user_list as $local_user)
653	{
654	$groups_string = preg_replace(
655	'/(\d+)/e',
656	"\$groups['$1']",
657	implode(
658	', ',
659	$local_user['groups']
660	)
661	);
662
663	if (isset($_POST['pref_submit'])
664	and isset($_POST['selection'])
665	and in_array($local_user['id'], $_POST['selection']))
666	{
667	$checked = 'checked="checked"';
668	}
669	else
670	{
671	$checked = '';
672	}
673
674	$properties = array();
675	if ( $local_user['level'] != 0 )
676	{
677	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
678	}
679	$properties[] =
680	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
681	? l10n('is_high_enabled') : l10n('is_high_disabled');
682
683	$template->append(
684	'users',
685	array(
686	'ID' => $local_user['id'],
687	'CHECKED' => $checked,
688	'U_PROFILE' => $profile_url.$local_user['id'],
689	'U_PERM' => $perm_url.$local_user['id'],
690	'USERNAME' => $local_user['username']
691	.($local_user['id'] == $conf['guest_id']
692	? '<BR />['.l10n('is_the_guest').']' : '')
693	.($local_user['id'] == $conf['default_user_id']
694	? '<BR />['.l10n('is_the_default').']' : ''),
695	'STATUS' => l10n('user_status_'.
696	$local_user['status']).(($local_user['adviser'] == 'true')
697	? '<BR />['.l10n('adviser').']' : ''),
698	'EMAIL' => get_email_address_as_display_text($local_user['email']),
699	'GROUPS' => $groups_string,
700	'PROPERTIES' => implode( ', ', $properties),
701	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
702	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
703	)
704	);
705	}
706
707	// +-----------------------------------------------------------------------+
708	// \| html code display \|
709	// +-----------------------------------------------------------------------+
710
711	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
712	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: