Context Navigation

source: trunk/admin/user_list.php @ 3049

Last change on this file since 3049 was 3049, checked in by plg, 15 years ago
Administration: happy new year 2009, all PHP headers updated.
Property svn:eol-style set to `LF` Property svn:keywords set to `Author Date Id Revision`
File size: 19.6 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	$filter['username'] = mysql_real_escape_string($username);
53	}
54
55	if (isset($_GET['group'])
56	and -1 != $_GET['group']
57	and is_numeric($_GET['group']))
58	{
59	$filter['group'] = $_GET['group'];
60	}
61
62	if (isset($_GET['status'])
63	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
64	{
65	$filter['status'] = $_GET['status'];
66	}
67
68	// how to order the list?
69	$order_by = 'id';
70	if (isset($_GET['order_by'])
71	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
72	{
73	$order_by = $_GET['order_by'];
74	}
75
76	$direction = 'ASC';
77	if (isset($_GET['direction'])
78	and in_array($_GET['direction'], array_keys($page['direction_items'])))
79	{
80	$direction = strtoupper($_GET['direction']);
81	}
82
83	// search users depending on filters and order
84	$query = '
85	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
86	u.'.$conf['user_fields']['username'].' AS username,
87	u.'.$conf['user_fields']['email'].' AS email,
88	ui.status,
89	ui.adviser,
90	ui.enabled_high,
91	ui.level
92	FROM '.USERS_TABLE.' AS u
93	INNER JOIN '.USER_INFOS_TABLE.' AS ui
94	ON u.'.$conf['user_fields']['id'].' = ui.user_id
95	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
96	ON u.'.$conf['user_fields']['id'].' = ug.user_id
97	WHERE u.'.$conf['user_fields']['id'].' > 0';
98	if (isset($filter['username']))
99	{
100	$query.= '
101	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
102	}
103	if (isset($filter['group']))
104	{
105	$query.= '
106	AND ug.group_id = '.$filter['group'];
107	}
108	if (isset($filter['status']))
109	{
110	$query.= '
111	AND ui.status = \''.$filter['status']."'";
112	}
113	$query.= '
114	ORDER BY '.$order_by.' '.$direction.'
115	;';
116
117	$result = pwg_query($query);
118	while ($row = mysql_fetch_array($result))
119	{
120	$user = $row;
121	$user['groups'] = array();
122
123	array_push($users, $user);
124	}
125
126	// add group lists
127	$user_ids = array();
128	foreach ($users as $i => $user)
129	{
130	$user_ids[$i] = $user['id'];
131	}
132	$user_nums = array_flip($user_ids);
133
134	if (count($user_ids) > 0)
135	{
136	$query = '
137	SELECT user_id, group_id
138	FROM '.USER_GROUP_TABLE.'
139	WHERE user_id IN ('.implode(',', $user_ids).')
140	;';
141	$result = pwg_query($query);
142	while ($row = mysql_fetch_array($result))
143	{
144	array_push(
145	$users[$user_nums[$row['user_id']]]['groups'],
146	$row['group_id']
147	);
148	}
149	}
150
151	return $users;
152	}
153
154	// +-----------------------------------------------------------------------+
155	// \| initialization \|
156	// +-----------------------------------------------------------------------+
157
158	if (!defined('PHPWG_ROOT_PATH'))
159	{
160	die('Hacking attempt!');
161	}
162
163	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
164
165	// +-----------------------------------------------------------------------+
166	// \| Check Access and exit when user status is not ok \|
167	// +-----------------------------------------------------------------------+
168	check_status(ACCESS_ADMINISTRATOR);
169
170	$page['order_by_items'] = array(
171	'id' => l10n('registration_date'),
172	'username' => l10n('Username'),
173	'level' => l10n('Privacy level'),
174	'language' => l10n('language'),
175	);
176
177	$page['direction_items'] = array(
178	'asc' => l10n('ascending'),
179	'desc' => l10n('descending')
180	);
181
182	// +-----------------------------------------------------------------------+
183	// \| add a user \|
184	// +-----------------------------------------------------------------------+
185
186	if (isset($_POST['submit_add']))
187	{
188	$page['errors'] = register_user(
189	$_POST['login'], $_POST['password'], $_POST['email'], false);
190
191	if (count($page['errors']) == 0)
192	{
193	array_push(
194	$page['infos'],
195	sprintf(
196	l10n('user "%s" added'),
197	$_POST['login']
198	)
199	);
200	}
201	}
202
203	// +-----------------------------------------------------------------------+
204	// \| user list \|
205	// +-----------------------------------------------------------------------+
206
207	$page['filtered_users'] = get_filtered_user_list();
208
209	// +-----------------------------------------------------------------------+
210	// \| selected users \|
211	// +-----------------------------------------------------------------------+
212
213	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
214	{
215	$collection = array();
216
217	switch ($_POST['target'])
218	{
219	case 'all' :
220	{
221	foreach($page['filtered_users'] as $local_user)
222	{
223	array_push($collection, $local_user['id']);
224	}
225	break;
226	}
227	case 'selection' :
228	{
229	if (isset($_POST['selection']))
230	{
231	$collection = $_POST['selection'];
232	}
233	break;
234	}
235	}
236
237	if (count($collection) == 0)
238	{
239	array_push($page['errors'], l10n('Select at least one user'));
240	}
241	}
242
243	// +-----------------------------------------------------------------------+
244	// \| delete users \|
245	// +-----------------------------------------------------------------------+
246	if (isset($_POST['delete']) and count($collection) > 0)
247	{
248	if (in_array($conf['guest_id'], $collection))
249	{
250	array_push($page['errors'], l10n('Guest cannot be deleted'));
251	}
252	if (($conf['guest_id'] != $conf['default_user_id']) and
253	in_array($conf['default_user_id'], $collection))
254	{
255	array_push($page['errors'], l10n('Default user cannot be deleted'));
256	}
257	if (in_array($conf['webmaster_id'], $collection))
258	{
259	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
260	}
261	if (in_array($user['id'], $collection))
262	{
263	array_push($page['errors'], l10n('You cannot delete your account'));
264	}
265
266	if (count($page['errors']) == 0)
267	{
268	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
269	{
270	foreach ($collection as $user_id)
271	{
272	delete_user($user_id);
273	}
274	array_push(
275	$page['infos'],
276	l10n_dec(
277	'%d user deleted', '%d users deleted',
278	count($collection)
279	)
280	);
281	foreach ($page['filtered_users'] as $filter_key => $filter_user)
282	{
283	if (in_array($filter_user['id'], $collection))
284	{
285	unset($page['filtered_users'][$filter_key]);
286	}
287	}
288	}
289	else
290	{
291	array_push($page['errors'], l10n('You need to confirm deletion'));
292	}
293	}
294	}
295
296	// +-----------------------------------------------------------------------+
297	// \| preferences form submission \|
298	// +-----------------------------------------------------------------------+
299
300	if (isset($_POST['pref_submit']) and count($collection) > 0)
301	{
302	if (-1 != $_POST['associate'])
303	{
304	$datas = array();
305
306	$query = '
307	SELECT user_id
308	FROM '.USER_GROUP_TABLE.'
309	WHERE group_id = '.$_POST['associate'].'
310	;';
311	$associated = array_from_query($query, 'user_id');
312
313	$associable = array_diff($collection, $associated);
314
315	if (count($associable) > 0)
316	{
317	foreach ($associable as $item)
318	{
319	array_push($datas,
320	array('group_id'=>$_POST['associate'],
321	'user_id'=>$item));
322	}
323
324	mass_inserts(USER_GROUP_TABLE,
325	array('group_id', 'user_id'),
326	$datas);
327	}
328	}
329
330	if (-1 != $_POST['dissociate'])
331	{
332	$query = '
333	DELETE FROM '.USER_GROUP_TABLE.'
334	WHERE group_id = '.$_POST['dissociate'].'
335	AND user_id IN ('.implode(',', $collection).')
336	';
337	pwg_query($query);
338	}
339
340	// properties to set for the collection (a user list)
341	$datas = array();
342	$dbfields = array('primary' => array('user_id'), 'update' => array());
343
344	$formfields =
345	array('nb_image_line', 'nb_line_page', 'template', 'language',
346	'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
347	'show_nb_hits', 'maxheight', 'status', 'enabled_high',
348	'level');
349
350	$true_false_fields = array('expand', 'show_nb_comments',
351	'show_nb_hits', 'enabled_high');
352	if ($conf['allow_adviser'])
353	{
354	array_push($formfields, 'adviser');
355	array_push($true_false_fields, 'adviser');
356	}
357
358	foreach ($formfields as $formfield)
359	{
360	// special for true/false fields
361	if (in_array($formfield, $true_false_fields))
362	{
363	$test = $formfield;
364	}
365	else
366	{
367	$test = $formfield.'_action';
368	}
369
370	if ($_POST[$test] != 'leave')
371	{
372	array_push($dbfields['update'], $formfield);
373	}
374	}
375
376	// updating elements is useful only if needed...
377	if (count($dbfields['update']) > 0)
378	{
379	$datas = array();
380
381	foreach ($collection as $user_id)
382	{
383	$data = array();
384	$data['user_id'] = $user_id;
385
386	// TODO : verify if submited values are semanticaly correct
387	foreach ($dbfields['update'] as $dbfield)
388	{
389	// if the action is 'unset', the key won't be in row and
390	// mass_updates function will set this field to NULL
391	if (in_array($dbfield, $true_false_fields)
392	or 'set' == $_POST[$dbfield.'_action'])
393	{
394	$data[$dbfield] = $_POST[$dbfield];
395	}
396	}
397
398	// special users checks
399	if
400	(
401	($conf['webmaster_id'] == $user_id) or
402	($conf['guest_id'] == $user_id) or
403	($conf['default_user_id'] == $user_id)
404	)
405	{
406	// status must not be changed
407	if (isset($data['status']))
408	{
409	if ($conf['webmaster_id'] == $user_id)
410	{
411	$data['status'] = 'webmaster';
412	}
413	else
414	{
415	$data['status'] = 'guest';
416	}
417	}
418
419	// could not be adivser
420	if (isset($data['adviser']))
421	{
422	$data['adviser'] = 'false';
423	}
424	}
425
426	array_push($datas, $data);
427	}
428
429	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
430	}
431
432	redirect(
433	get_root_url().
434	'admin.php'.
435	get_query_string_diff(array(), false)
436	);
437	}
438
439	// +-----------------------------------------------------------------------+
440	// \| groups list \|
441	// +-----------------------------------------------------------------------+
442
443	$groups[-1] = '------------';
444
445	$query = '
446	SELECT id, name
447	FROM '.GROUPS_TABLE.'
448	ORDER BY name ASC
449	;';
450	$result = pwg_query($query);
451
452	while ($row = mysql_fetch_array($result))
453	{
454	$groups[$row['id']] = $row['name'];
455	}
456
457	// +-----------------------------------------------------------------------+
458	// \| template init \|
459	// +-----------------------------------------------------------------------+
460
461	$template->set_filenames(array('user_list'=>'user_list.tpl'));
462
463	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
464
465	if (isset($_GET['start']) and is_numeric($_GET['start']))
466	{
467	$start = $_GET['start'];
468	}
469	else
470	{
471	$start = 0;
472	}
473
474	$template->assign(
475	array(
476	'U_HELP' => get_root_url().'popuphelp.php?page=user_list',
477
478	'F_ADD_ACTION' => $base_url,
479	'F_USERNAME' => @htmlentities($_GET['username']),
480	'F_FILTER_ACTION' => get_root_url().'admin.php'
481	));
482
483	// Hide radio-button if not allow to assign adviser
484	if ($conf['allow_adviser'])
485	{
486	$template->assign('adviser', true);
487	}
488
489	// Filter status options
490	$status_options[-1] = '------------';
491	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
492	{
493	$status_options[$status] = l10n('user_status_'.$status);
494	}
495	$template->assign('status_options', $status_options);
496	$template->assign('status_selected',
497	isset($_GET['status']) ? $_GET['status'] : '');
498
499	// Filter group options
500	$template->assign('group_options', $groups);
501	$template->assign('group_selected',
502	isset($_GET['group']) ? $_GET['group'] : '');
503
504	// Filter order options
505	$template->assign('order_options', $page['order_by_items']);
506	$template->assign('order_selected',
507	isset($_GET['order_by']) ? $_GET['order_by'] : '');
508
509	// Filter direction options
510	$template->assign('direction_options', $page['direction_items']);
511	$template->assign('direction_selected',
512	isset($_GET['direction']) ? $_GET['direction'] : '');
513
514
515	if (isset($_POST['pref_submit']))
516	{
517	$template->assign(
518	array(
519	'NB_IMAGE_LINE' => $_POST['nb_image_line'],
520	'NB_LINE_PAGE' => $_POST['nb_line_page'],
521	'MAXWIDTH' => $_POST['maxwidth'],
522	'MAXHEIGHT' => $_POST['maxheight'],
523	'RECENT_PERIOD' => $_POST['recent_period'],
524	));
525	}
526	else
527	{
528	$default_user = get_default_user_info(true);
529	$template->assign(
530	array(
531	'NB_IMAGE_LINE' => $default_user['nb_image_line'],
532	'NB_LINE_PAGE' => $default_user['nb_line_page'],
533	'MAXWIDTH' => $default_user['maxwidth'],
534	'MAXHEIGHT' => $default_user['maxheight'],
535	'RECENT_PERIOD' => $default_user['recent_period'],
536	));
537	}
538
539	// Template Options
540	$template->assign('template_options', get_pwg_themes());
541	$template->assign('template_selected',
542	isset($_POST['pref_submit']) ? $_POST['template'] : get_default_template());
543
544	// Language options
545	$template->assign('language_options', get_languages());
546	$template->assign('language_selected',
547	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
548
549	// Status options
550	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
551	{
552	// Only status <= can be assign
553	if (is_autorize_status(get_access_type_status($status)))
554	{
555	$pref_status_options[$status] = l10n('user_status_'.$status);
556	}
557	}
558	$template->assign('pref_status_options', $pref_status_options);
559	$template->assign('pref_status_selected',
560	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
561
562	// associate and dissociate options
563	$template->assign('association_options', $groups);
564	$template->assign('associate_selected',
565	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
566	$template->assign('dissociate_selected',
567	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
568
569
570	// user level options
571	foreach ($conf['available_permission_levels'] as $level)
572	{
573	$level_options[$level] = l10n(sprintf('Level %d', $level));
574	}
575	$template->assign('level_options', $level_options);
576	$template->assign('level_selected',
577	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
578
579	// +-----------------------------------------------------------------------+
580	// \| navigation bar \|
581	// +-----------------------------------------------------------------------+
582
583	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
584
585	$navbar = create_navigation_bar(
586	$url,
587	count($page['filtered_users']),
588	$start,
589	$conf['users_page']
590	);
591
592	$template->assign('NAVBAR', $navbar);
593
594	// +-----------------------------------------------------------------------+
595	// \| user list \|
596	// +-----------------------------------------------------------------------+
597
598	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
599	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
600
601	$visible_user_list = array();
602	foreach ($page['filtered_users'] as $num => $local_user)
603	{
604	// simulate LIMIT $start, $conf['users_page']
605	if ($num < $start)
606	{
607	continue;
608	}
609	if ($num >= $start + $conf['users_page'])
610	{
611	break;
612	}
613
614	$visible_user_list[] = $local_user;
615	}
616
617	// allow plugins to fill template var plugin_user_list_column_titles and
618	// plugin_columns/plugin_actions for each user in the list
619	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
620
621	foreach ($visible_user_list as $local_user)
622	{
623	$groups_string = preg_replace(
624	'/(\d+)/e',
625	"\$groups['$1']",
626	implode(
627	', ',
628	$local_user['groups']
629	)
630	);
631
632	if (isset($_POST['pref_submit'])
633	and isset($_POST['selection'])
634	and in_array($local_user['id'], $_POST['selection']))
635	{
636	$checked = 'checked="checked"';
637	}
638	else
639	{
640	$checked = '';
641	}
642
643	$properties = array();
644	if ( $local_user['level'] != 0 )
645	{
646	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
647	}
648	$properties[] =
649	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
650	? l10n('is_high_enabled') : l10n('is_high_disabled');
651
652	$template->append(
653	'users',
654	array(
655	'ID' => $local_user['id'],
656	'CHECKED' => $checked,
657	'U_PROFILE' => $profile_url.$local_user['id'],
658	'U_PERM' => $perm_url.$local_user['id'],
659	'USERNAME' => $local_user['username']
660	.($local_user['id'] == $conf['guest_id']
661	? '<BR />['.l10n('is_the_guest').']' : '')
662	.($local_user['id'] == $conf['default_user_id']
663	? '<BR />['.l10n('is_the_default').']' : ''),
664	'STATUS' => l10n('user_status_'.
665	$local_user['status']).(($local_user['adviser'] == 'true')
666	? '<BR />['.l10n('adviser').']' : ''),
667	'EMAIL' => get_email_address_as_display_text($local_user['email']),
668	'GROUPS' => $groups_string,
669	'PROPERTIES' => implode( ', ', $properties),
670	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
671	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
672	)
673	);
674	}
675
676	// +-----------------------------------------------------------------------+
677	// \| html code display \|
678	// +-----------------------------------------------------------------------+
679
680	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
681	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: