Context Navigation

source: trunk/admin/user_list.php @ 2639

Last change on this file since 2639 was 2530, checked in by vdigital, 16 years ago
Wigo becomes "goto". Admin tpl files are moved.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 19.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	if (function_exists('mysql_real_escape_string'))
53	{
54	$filter['username'] = mysql_real_escape_string($username);
55	}
56	else
57	{
58	$filter['username'] = mysql_escape_string($username);
59	}
60	}
61
62	if (isset($_GET['group'])
63	and -1 != $_GET['group']
64	and is_numeric($_GET['group']))
65	{
66	$filter['group'] = $_GET['group'];
67	}
68
69	if (isset($_GET['status'])
70	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
71	{
72	$filter['status'] = $_GET['status'];
73	}
74
75	// how to order the list?
76	$order_by = 'id';
77	if (isset($_GET['order_by'])
78	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
79	{
80	$order_by = $_GET['order_by'];
81	}
82
83	$direction = 'ASC';
84	if (isset($_GET['direction'])
85	and in_array($_GET['direction'], array_keys($page['direction_items'])))
86	{
87	$direction = strtoupper($_GET['direction']);
88	}
89
90	// search users depending on filters and order
91	$query = '
92	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
93	u.'.$conf['user_fields']['username'].' AS username,
94	u.'.$conf['user_fields']['email'].' AS email,
95	ui.status,
96	ui.adviser,
97	ui.enabled_high,
98	ui.level
99	FROM '.USERS_TABLE.' AS u
100	INNER JOIN '.USER_INFOS_TABLE.' AS ui
101	ON u.'.$conf['user_fields']['id'].' = ui.user_id
102	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
103	ON u.'.$conf['user_fields']['id'].' = ug.user_id
104	WHERE u.'.$conf['user_fields']['id'].' > 0';
105	if (isset($filter['username']))
106	{
107	$query.= '
108	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
109	}
110	if (isset($filter['group']))
111	{
112	$query.= '
113	AND ug.group_id = '.$filter['group'];
114	}
115	if (isset($filter['status']))
116	{
117	$query.= '
118	AND ui.status = \''.$filter['status']."'";
119	}
120	$query.= '
121	ORDER BY '.$order_by.' '.$direction.'
122	;';
123
124	$result = pwg_query($query);
125	while ($row = mysql_fetch_array($result))
126	{
127	$user = $row;
128	$user['groups'] = array();
129
130	array_push($users, $user);
131	}
132
133	// add group lists
134	$user_ids = array();
135	foreach ($users as $i => $user)
136	{
137	$user_ids[$i] = $user['id'];
138	}
139	$user_nums = array_flip($user_ids);
140
141	if (count($user_ids) > 0)
142	{
143	$query = '
144	SELECT user_id, group_id
145	FROM '.USER_GROUP_TABLE.'
146	WHERE user_id IN ('.implode(',', $user_ids).')
147	;';
148	$result = pwg_query($query);
149	while ($row = mysql_fetch_array($result))
150	{
151	array_push(
152	$users[$user_nums[$row['user_id']]]['groups'],
153	$row['group_id']
154	);
155	}
156	}
157
158	return $users;
159	}
160
161	// +-----------------------------------------------------------------------+
162	// \| initialization \|
163	// +-----------------------------------------------------------------------+
164
165	if (!defined('PHPWG_ROOT_PATH'))
166	{
167	die('Hacking attempt!');
168	}
169
170	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
171
172	// +-----------------------------------------------------------------------+
173	// \| Check Access and exit when user status is not ok \|
174	// +-----------------------------------------------------------------------+
175	check_status(ACCESS_ADMINISTRATOR);
176
177	$page['order_by_items'] = array(
178	'id' => l10n('registration_date'),
179	'username' => l10n('Username'),
180	'level' => l10n('Privacy level'),
181	'language' => l10n('language'),
182	);
183
184	$page['direction_items'] = array(
185	'asc' => l10n('ascending'),
186	'desc' => l10n('descending')
187	);
188
189	// +-----------------------------------------------------------------------+
190	// \| add a user \|
191	// +-----------------------------------------------------------------------+
192
193	if (isset($_POST['submit_add']))
194	{
195	$page['errors'] = register_user(
196	$_POST['login'], $_POST['password'], $_POST['email'], false);
197
198	if (count($page['errors']) == 0)
199	{
200	array_push(
201	$page['infos'],
202	sprintf(
203	l10n('user "%s" added'),
204	$_POST['login']
205	)
206	);
207	}
208	}
209
210	// +-----------------------------------------------------------------------+
211	// \| user list \|
212	// +-----------------------------------------------------------------------+
213
214	$page['filtered_users'] = get_filtered_user_list();
215
216	// +-----------------------------------------------------------------------+
217	// \| selected users \|
218	// +-----------------------------------------------------------------------+
219
220	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
221	{
222	$collection = array();
223
224	switch ($_POST['target'])
225	{
226	case 'all' :
227	{
228	foreach($page['filtered_users'] as $local_user)
229	{
230	array_push($collection, $local_user['id']);
231	}
232	break;
233	}
234	case 'selection' :
235	{
236	if (isset($_POST['selection']))
237	{
238	$collection = $_POST['selection'];
239	}
240	break;
241	}
242	}
243
244	if (count($collection) == 0)
245	{
246	array_push($page['errors'], l10n('Select at least one user'));
247	}
248	}
249
250	// +-----------------------------------------------------------------------+
251	// \| delete users \|
252	// +-----------------------------------------------------------------------+
253	if (isset($_POST['delete']) and count($collection) > 0)
254	{
255	if (in_array($conf['guest_id'], $collection))
256	{
257	array_push($page['errors'], l10n('Guest cannot be deleted'));
258	}
259	if (($conf['guest_id'] != $conf['default_user_id']) and
260	in_array($conf['default_user_id'], $collection))
261	{
262	array_push($page['errors'], l10n('Default user cannot be deleted'));
263	}
264	if (in_array($conf['webmaster_id'], $collection))
265	{
266	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
267	}
268	if (in_array($user['id'], $collection))
269	{
270	array_push($page['errors'], l10n('You cannot delete your account'));
271	}
272
273	if (count($page['errors']) == 0)
274	{
275	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
276	{
277	foreach ($collection as $user_id)
278	{
279	delete_user($user_id);
280	}
281	array_push(
282	$page['infos'],
283	l10n_dec(
284	'%d user deleted', '%d users deleted',
285	count($collection)
286	)
287	);
288	foreach ($page['filtered_users'] as $filter_key => $filter_user)
289	{
290	if (in_array($filter_user['id'], $collection))
291	{
292	unset($page['filtered_users'][$filter_key]);
293	}
294	}
295	}
296	else
297	{
298	array_push($page['errors'], l10n('You need to confirm deletion'));
299	}
300	}
301	}
302
303	// +-----------------------------------------------------------------------+
304	// \| preferences form submission \|
305	// +-----------------------------------------------------------------------+
306
307	if (isset($_POST['pref_submit']) and count($collection) > 0)
308	{
309	if (-1 != $_POST['associate'])
310	{
311	$datas = array();
312
313	$query = '
314	SELECT user_id
315	FROM '.USER_GROUP_TABLE.'
316	WHERE group_id = '.$_POST['associate'].'
317	;';
318	$associated = array_from_query($query, 'user_id');
319
320	$associable = array_diff($collection, $associated);
321
322	if (count($associable) > 0)
323	{
324	foreach ($associable as $item)
325	{
326	array_push($datas,
327	array('group_id'=>$_POST['associate'],
328	'user_id'=>$item));
329	}
330
331	mass_inserts(USER_GROUP_TABLE,
332	array('group_id', 'user_id'),
333	$datas);
334	}
335	}
336
337	if (-1 != $_POST['dissociate'])
338	{
339	$query = '
340	DELETE FROM '.USER_GROUP_TABLE.'
341	WHERE group_id = '.$_POST['dissociate'].'
342	AND user_id IN ('.implode(',', $collection).')
343	';
344	pwg_query($query);
345	}
346
347	// properties to set for the collection (a user list)
348	$datas = array();
349	$dbfields = array('primary' => array('user_id'), 'update' => array());
350
351	$formfields =
352	array('nb_image_line', 'nb_line_page', 'template', 'language',
353	'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
354	'show_nb_hits', 'maxheight', 'status', 'enabled_high',
355	'level');
356
357	$true_false_fields = array('expand', 'show_nb_comments',
358	'show_nb_hits', 'enabled_high');
359	if ($conf['allow_adviser'])
360	{
361	array_push($formfields, 'adviser');
362	array_push($true_false_fields, 'adviser');
363	}
364
365	foreach ($formfields as $formfield)
366	{
367	// special for true/false fields
368	if (in_array($formfield, $true_false_fields))
369	{
370	$test = $formfield;
371	}
372	else
373	{
374	$test = $formfield.'_action';
375	}
376
377	if ($_POST[$test] != 'leave')
378	{
379	array_push($dbfields['update'], $formfield);
380	}
381	}
382
383	// updating elements is useful only if needed...
384	if (count($dbfields['update']) > 0)
385	{
386	$datas = array();
387
388	foreach ($collection as $user_id)
389	{
390	$data = array();
391	$data['user_id'] = $user_id;
392
393	// TODO : verify if submited values are semanticaly correct
394	foreach ($dbfields['update'] as $dbfield)
395	{
396	// if the action is 'unset', the key won't be in row and
397	// mass_updates function will set this field to NULL
398	if (in_array($dbfield, $true_false_fields)
399	or 'set' == $_POST[$dbfield.'_action'])
400	{
401	$data[$dbfield] = $_POST[$dbfield];
402	}
403	}
404
405	// special users checks
406	if
407	(
408	($conf['webmaster_id'] == $user_id) or
409	($conf['guest_id'] == $user_id) or
410	($conf['default_user_id'] == $user_id)
411	)
412	{
413	// status must not be changed
414	if (isset($data['status']))
415	{
416	if ($conf['webmaster_id'] == $user_id)
417	{
418	$data['status'] = 'webmaster';
419	}
420	else
421	{
422	$data['status'] = 'guest';
423	}
424	}
425
426	// could not be adivser
427	if (isset($data['adviser']))
428	{
429	$data['adviser'] = 'false';
430	}
431	}
432
433	array_push($datas, $data);
434	}
435
436	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
437	}
438
439	redirect(
440	get_root_url().
441	'admin.php'.
442	get_query_string_diff(array(), false)
443	);
444	}
445
446	// +-----------------------------------------------------------------------+
447	// \| groups list \|
448	// +-----------------------------------------------------------------------+
449
450	$groups[-1] = '------------';
451
452	$query = '
453	SELECT id, name
454	FROM '.GROUPS_TABLE.'
455	ORDER BY name ASC
456	;';
457	$result = pwg_query($query);
458
459	while ($row = mysql_fetch_array($result))
460	{
461	$groups[$row['id']] = $row['name'];
462	}
463
464	// +-----------------------------------------------------------------------+
465	// \| template init \|
466	// +-----------------------------------------------------------------------+
467
468	$template->set_filenames(array('user_list'=>'user_list.tpl'));
469
470	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
471
472	if (isset($_GET['start']) and is_numeric($_GET['start']))
473	{
474	$start = $_GET['start'];
475	}
476	else
477	{
478	$start = 0;
479	}
480
481	$template->assign(
482	array(
483	'U_HELP' => get_root_url().'popuphelp.php?page=user_list',
484
485	'F_ADD_ACTION' => $base_url,
486	'F_USERNAME' => @htmlentities($_GET['username']),
487	'F_FILTER_ACTION' => get_root_url().'admin.php'
488	));
489
490	// Hide radio-button if not allow to assign adviser
491	if ($conf['allow_adviser'])
492	{
493	$template->assign('adviser', true);
494	}
495
496	// Filter status options
497	$status_options[-1] = '------------';
498	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
499	{
500	$status_options[$status] = l10n('user_status_'.$status);
501	}
502	$template->assign('status_options', $status_options);
503	$template->assign('status_selected',
504	isset($_GET['status']) ? $_GET['status'] : '');
505
506	// Filter group options
507	$template->assign('group_options', $groups);
508	$template->assign('group_selected',
509	isset($_GET['group']) ? $_GET['group'] : '');
510
511	// Filter order options
512	$template->assign('order_options', $page['order_by_items']);
513	$template->assign('order_selected',
514	isset($_GET['order_by']) ? $_GET['order_by'] : '');
515
516	// Filter direction options
517	$template->assign('direction_options', $page['direction_items']);
518	$template->assign('direction_selected',
519	isset($_GET['direction']) ? $_GET['direction'] : '');
520
521
522	if (isset($_POST['pref_submit']))
523	{
524	$template->assign(
525	array(
526	'NB_IMAGE_LINE' => $_POST['nb_image_line'],
527	'NB_LINE_PAGE' => $_POST['nb_line_page'],
528	'MAXWIDTH' => $_POST['maxwidth'],
529	'MAXHEIGHT' => $_POST['maxheight'],
530	'RECENT_PERIOD' => $_POST['recent_period'],
531	));
532	}
533	else
534	{
535	$default_user = get_default_user_info(true);
536	$template->assign(
537	array(
538	'NB_IMAGE_LINE' => $default_user['nb_image_line'],
539	'NB_LINE_PAGE' => $default_user['nb_line_page'],
540	'MAXWIDTH' => $default_user['maxwidth'],
541	'MAXHEIGHT' => $default_user['maxheight'],
542	'RECENT_PERIOD' => $default_user['recent_period'],
543	));
544	}
545
546	// Template Options
547	$template->assign('template_options', get_pwg_themes());
548	$template->assign('template_selected',
549	isset($_POST['pref_submit']) ? $_POST['template'] : get_default_template());
550
551	// Language options
552	$template->assign('language_options', get_languages());
553	$template->assign('language_selected',
554	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
555
556	// Status options
557	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
558	{
559	// Only status <= can be assign
560	if (is_autorize_status(get_access_type_status($status)))
561	{
562	$pref_status_options[$status] = l10n('user_status_'.$status);
563	}
564	}
565	$template->assign('pref_status_options', $pref_status_options);
566	$template->assign('pref_status_selected',
567	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
568
569	// associate and dissociate options
570	$template->assign('association_options', $groups);
571	$template->assign('associate_selected',
572	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
573	$template->assign('dissociate_selected',
574	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
575
576
577	// user level options
578	foreach ($conf['available_permission_levels'] as $level)
579	{
580	$level_options[$level] = l10n(sprintf('Level %d', $level));
581	}
582	$template->assign('level_options', $level_options);
583	$template->assign('level_selected',
584	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
585
586	// +-----------------------------------------------------------------------+
587	// \| navigation bar \|
588	// +-----------------------------------------------------------------------+
589
590	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
591
592	$navbar = create_navigation_bar(
593	$url,
594	count($page['filtered_users']),
595	$start,
596	$conf['users_page']
597	);
598
599	$template->assign('NAVBAR', $navbar);
600
601	// +-----------------------------------------------------------------------+
602	// \| user list \|
603	// +-----------------------------------------------------------------------+
604
605	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
606	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
607
608	$visible_user_list = array();
609	foreach ($page['filtered_users'] as $num => $local_user)
610	{
611	// simulate LIMIT $start, $conf['users_page']
612	if ($num < $start)
613	{
614	continue;
615	}
616	if ($num >= $start + $conf['users_page'])
617	{
618	break;
619	}
620
621	$visible_user_list[] = $local_user;
622	}
623
624	// allow plugins to fill template var plugin_user_list_column_titles and
625	// plugin_columns/plugin_actions for each user in the list
626	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
627
628	foreach ($visible_user_list as $local_user)
629	{
630	$groups_string = preg_replace(
631	'/(\d+)/e',
632	"\$groups['$1']",
633	implode(
634	', ',
635	$local_user['groups']
636	)
637	);
638
639	if (isset($_POST['pref_submit'])
640	and isset($_POST['selection'])
641	and in_array($local_user['id'], $_POST['selection']))
642	{
643	$checked = 'checked="checked"';
644	}
645	else
646	{
647	$checked = '';
648	}
649
650	$properties = array();
651	if ( $local_user['level'] != 0 )
652	{
653	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
654	}
655	$properties[] =
656	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
657	? l10n('is_high_enabled') : l10n('is_high_disabled');
658
659	$template->append(
660	'users',
661	array(
662	'ID' => $local_user['id'],
663	'CHECKED' => $checked,
664	'U_PROFILE' => $profile_url.$local_user['id'],
665	'U_PERM' => $perm_url.$local_user['id'],
666	'USERNAME' => $local_user['username']
667	.($local_user['id'] == $conf['guest_id']
668	? '<BR />['.l10n('is_the_guest').']' : '')
669	.($local_user['id'] == $conf['default_user_id']
670	? '<BR />['.l10n('is_the_default').']' : ''),
671	'STATUS' => l10n('user_status_'.
672	$local_user['status']).(($local_user['adviser'] == 'true')
673	? '<BR />['.l10n('adviser').']' : ''),
674	'EMAIL' => get_email_address_as_display_text($local_user['email']),
675	'GROUPS' => $groups_string,
676	'PROPERTIES' => implode( ', ', $properties),
677	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
678	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
679	)
680	);
681	}
682
683	// +-----------------------------------------------------------------------+
684	// \| html code display \|
685	// +-----------------------------------------------------------------------+
686
687	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
688	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: