Context Navigation

user_list.php @ 3751

Visit:

Revision 3751, 20.0 KB (checked in by Eric, 4 years ago)

Bug 1041 fixed : manual user adding in admin's user management panel
- Double password type fields
- Add controls of the filling fields
- Alert text added in language pack - EN, FR, DE and ES are OK. IT have to be fixed.

- Subsidiary fix : Small grammatical error in FR/common.lang.php

Property svn:eol-style set to LF

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	$filter['username'] = mysql_real_escape_string($username);
53	}
54
55	if (isset($_GET['group'])
56	and -1 != $_GET['group']
57	and is_numeric($_GET['group']))
58	{
59	$filter['group'] = $_GET['group'];
60	}
61
62	if (isset($_GET['status'])
63	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
64	{
65	$filter['status'] = $_GET['status'];
66	}
67
68	// how to order the list?
69	$order_by = 'id';
70	if (isset($_GET['order_by'])
71	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
72	{
73	$order_by = $_GET['order_by'];
74	}
75
76	$direction = 'ASC';
77	if (isset($_GET['direction'])
78	and in_array($_GET['direction'], array_keys($page['direction_items'])))
79	{
80	$direction = strtoupper($_GET['direction']);
81	}
82
83	// search users depending on filters and order
84	$query = '
85	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
86	u.'.$conf['user_fields']['username'].' AS username,
87	u.'.$conf['user_fields']['email'].' AS email,
88	ui.status,
89	ui.adviser,
90	ui.enabled_high,
91	ui.level
92	FROM '.USERS_TABLE.' AS u
93	INNER JOIN '.USER_INFOS_TABLE.' AS ui
94	ON u.'.$conf['user_fields']['id'].' = ui.user_id
95	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
96	ON u.'.$conf['user_fields']['id'].' = ug.user_id
97	WHERE u.'.$conf['user_fields']['id'].' > 0';
98	if (isset($filter['username']))
99	{
100	$query.= '
101	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
102	}
103	if (isset($filter['group']))
104	{
105	$query.= '
106	AND ug.group_id = '.$filter['group'];
107	}
108	if (isset($filter['status']))
109	{
110	$query.= '
111	AND ui.status = \''.$filter['status']."'";
112	}
113	$query.= '
114	ORDER BY '.$order_by.' '.$direction.'
115	;';
116
117	$result = pwg_query($query);
118	while ($row = mysql_fetch_array($result))
119	{
120	$user = $row;
121	$user['groups'] = array();
122
123	array_push($users, $user);
124	}
125
126	// add group lists
127	$user_ids = array();
128	foreach ($users as $i => $user)
129	{
130	$user_ids[$i] = $user['id'];
131	}
132	$user_nums = array_flip($user_ids);
133
134	if (count($user_ids) > 0)
135	{
136	$query = '
137	SELECT user_id, group_id
138	FROM '.USER_GROUP_TABLE.'
139	WHERE user_id IN ('.implode(',', $user_ids).')
140	;';
141	$result = pwg_query($query);
142	while ($row = mysql_fetch_array($result))
143	{
144	array_push(
145	$users[$user_nums[$row['user_id']]]['groups'],
146	$row['group_id']
147	);
148	}
149	}
150
151	return $users;
152	}
153
154	// +-----------------------------------------------------------------------+
155	// \| initialization \|
156	// +-----------------------------------------------------------------------+
157
158	if (!defined('PHPWG_ROOT_PATH'))
159	{
160	die('Hacking attempt!');
161	}
162
163	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
164
165	// +-----------------------------------------------------------------------+
166	// \| Check Access and exit when user status is not ok \|
167	// +-----------------------------------------------------------------------+
168	check_status(ACCESS_ADMINISTRATOR);
169
170	$page['order_by_items'] = array(
171	'id' => l10n('registration_date'),
172	'username' => l10n('Username'),
173	'level' => l10n('Privacy level'),
174	'language' => l10n('language'),
175	);
176
177	$page['direction_items'] = array(
178	'asc' => l10n('ascending'),
179	'desc' => l10n('descending')
180	);
181
182	// +-----------------------------------------------------------------------+
183	// \| add a user \|
184	// +-----------------------------------------------------------------------+
185
186	if (isset($_POST['submit_add']))
187	{
188	if(empty($_POST['password']))
189	{
190	array_push($page['errors'], l10n('Password is missing'));
191	}
192	else if(empty($_POST['password_conf']))
193	{
194	array_push($page['errors'], l10n('Password confirmation is missing'));
195	}
196	else if(empty($_POST['email']))
197	{
198	array_push($page['errors'], l10n('Email address is missing'));
199	}
200	else if ($_POST['password'] != $_POST['password_conf'])
201	{
202	array_push($page['errors'], l10n('Password confirmation error'));
203	}
204	else
205	{
206	$page['errors'] = register_user(
207	$_POST['login'], $_POST['password'], $_POST['email'], false);
208
209	if (count($page['errors']) == 0)
210	{
211	array_push(
212	$page['infos'],
213	sprintf(
214	l10n('user "%s" added'),
215	$_POST['login']
216	)
217	);
218	}
219	}
220	}
221
222	// +-----------------------------------------------------------------------+
223	// \| user list \|
224	// +-----------------------------------------------------------------------+
225
226	$page['filtered_users'] = get_filtered_user_list();
227
228	// +-----------------------------------------------------------------------+
229	// \| selected users \|
230	// +-----------------------------------------------------------------------+
231
232	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
233	{
234	$collection = array();
235
236	switch ($_POST['target'])
237	{
238	case 'all' :
239	{
240	foreach($page['filtered_users'] as $local_user)
241	{
242	array_push($collection, $local_user['id']);
243	}
244	break;
245	}
246	case 'selection' :
247	{
248	if (isset($_POST['selection']))
249	{
250	$collection = $_POST['selection'];
251	}
252	break;
253	}
254	}
255
256	if (count($collection) == 0)
257	{
258	array_push($page['errors'], l10n('Select at least one user'));
259	}
260	}
261
262	// +-----------------------------------------------------------------------+
263	// \| delete users \|
264	// +-----------------------------------------------------------------------+
265	if (isset($_POST['delete']) and count($collection) > 0)
266	{
267	if (in_array($conf['guest_id'], $collection))
268	{
269	array_push($page['errors'], l10n('Guest cannot be deleted'));
270	}
271	if (($conf['guest_id'] != $conf['default_user_id']) and
272	in_array($conf['default_user_id'], $collection))
273	{
274	array_push($page['errors'], l10n('Default user cannot be deleted'));
275	}
276	if (in_array($conf['webmaster_id'], $collection))
277	{
278	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
279	}
280	if (in_array($user['id'], $collection))
281	{
282	array_push($page['errors'], l10n('You cannot delete your account'));
283	}
284
285	if (count($page['errors']) == 0)
286	{
287	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
288	{
289	foreach ($collection as $user_id)
290	{
291	delete_user($user_id);
292	}
293	array_push(
294	$page['infos'],
295	l10n_dec(
296	'%d user deleted', '%d users deleted',
297	count($collection)
298	)
299	);
300	foreach ($page['filtered_users'] as $filter_key => $filter_user)
301	{
302	if (in_array($filter_user['id'], $collection))
303	{
304	unset($page['filtered_users'][$filter_key]);
305	}
306	}
307	}
308	else
309	{
310	array_push($page['errors'], l10n('You need to confirm deletion'));
311	}
312	}
313	}
314
315	// +-----------------------------------------------------------------------+
316	// \| preferences form submission \|
317	// +-----------------------------------------------------------------------+
318
319	if (isset($_POST['pref_submit']) and count($collection) > 0)
320	{
321	if (-1 != $_POST['associate'])
322	{
323	$datas = array();
324
325	$query = '
326	SELECT user_id
327	FROM '.USER_GROUP_TABLE.'
328	WHERE group_id = '.$_POST['associate'].'
329	;';
330	$associated = array_from_query($query, 'user_id');
331
332	$associable = array_diff($collection, $associated);
333
334	if (count($associable) > 0)
335	{
336	foreach ($associable as $item)
337	{
338	array_push($datas,
339	array('group_id'=>$_POST['associate'],
340	'user_id'=>$item));
341	}
342
343	mass_inserts(USER_GROUP_TABLE,
344	array('group_id', 'user_id'),
345	$datas);
346	}
347	}
348
349	if (-1 != $_POST['dissociate'])
350	{
351	$query = '
352	DELETE FROM '.USER_GROUP_TABLE.'
353	WHERE group_id = '.$_POST['dissociate'].'
354	AND user_id IN ('.implode(',', $collection).')
355	';
356	pwg_query($query);
357	}
358
359	// properties to set for the collection (a user list)
360	$datas = array();
361	$dbfields = array('primary' => array('user_id'), 'update' => array());
362
363	$formfields =
364	array('nb_image_line', 'nb_line_page', 'template', 'language',
365	'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
366	'show_nb_hits', 'maxheight', 'status', 'enabled_high',
367	'level');
368
369	$true_false_fields = array('expand', 'show_nb_comments',
370	'show_nb_hits', 'enabled_high');
371	if ($conf['allow_adviser'])
372	{
373	array_push($formfields, 'adviser');
374	array_push($true_false_fields, 'adviser');
375	}
376
377	foreach ($formfields as $formfield)
378	{
379	// special for true/false fields
380	if (in_array($formfield, $true_false_fields))
381	{
382	$test = $formfield;
383	}
384	else
385	{
386	$test = $formfield.'_action';
387	}
388
389	if ($_POST[$test] != 'leave')
390	{
391	array_push($dbfields['update'], $formfield);
392	}
393	}
394
395	// updating elements is useful only if needed...
396	if (count($dbfields['update']) > 0)
397	{
398	$datas = array();
399
400	foreach ($collection as $user_id)
401	{
402	$data = array();
403	$data['user_id'] = $user_id;
404
405	// TODO : verify if submited values are semanticaly correct
406	foreach ($dbfields['update'] as $dbfield)
407	{
408	// if the action is 'unset', the key won't be in row and
409	// mass_updates function will set this field to NULL
410	if (in_array($dbfield, $true_false_fields)
411	or 'set' == $_POST[$dbfield.'_action'])
412	{
413	$data[$dbfield] = $_POST[$dbfield];
414	}
415	}
416
417	// special users checks
418	if
419	(
420	($conf['webmaster_id'] == $user_id) or
421	($conf['guest_id'] == $user_id) or
422	($conf['default_user_id'] == $user_id)
423	)
424	{
425	// status must not be changed
426	if (isset($data['status']))
427	{
428	if ($conf['webmaster_id'] == $user_id)
429	{
430	$data['status'] = 'webmaster';
431	}
432	else
433	{
434	$data['status'] = 'guest';
435	}
436	}
437
438	// could not be adivser
439	if (isset($data['adviser']))
440	{
441	$data['adviser'] = 'false';
442	}
443	}
444
445	array_push($datas, $data);
446	}
447
448	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
449	}
450
451	redirect(
452	get_root_url().
453	'admin.php'.
454	get_query_string_diff(array(), false)
455	);
456	}
457
458	// +-----------------------------------------------------------------------+
459	// \| groups list \|
460	// +-----------------------------------------------------------------------+
461
462	$groups[-1] = '------------';
463
464	$query = '
465	SELECT id, name
466	FROM '.GROUPS_TABLE.'
467	ORDER BY name ASC
468	;';
469	$result = pwg_query($query);
470
471	while ($row = mysql_fetch_array($result))
472	{
473	$groups[$row['id']] = $row['name'];
474	}
475
476	// +-----------------------------------------------------------------------+
477	// \| template init \|
478	// +-----------------------------------------------------------------------+
479
480	$template->set_filenames(array('user_list'=>'user_list.tpl'));
481
482	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
483
484	if (isset($_GET['start']) and is_numeric($_GET['start']))
485	{
486	$start = $_GET['start'];
487	}
488	else
489	{
490	$start = 0;
491	}
492
493	$template->assign(
494	array(
495	'U_HELP' => get_root_url().'popuphelp.php?page=user_list',
496
497	'F_ADD_ACTION' => $base_url,
498	'F_USERNAME' => @htmlentities($_GET['username']),
499	'F_FILTER_ACTION' => get_root_url().'admin.php'
500	));
501
502	// Hide radio-button if not allow to assign adviser
503	if ($conf['allow_adviser'])
504	{
505	$template->assign('adviser', true);
506	}
507
508	// Filter status options
509	$status_options[-1] = '------------';
510	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
511	{
512	$status_options[$status] = l10n('user_status_'.$status);
513	}
514	$template->assign('status_options', $status_options);
515	$template->assign('status_selected',
516	isset($_GET['status']) ? $_GET['status'] : '');
517
518	// Filter group options
519	$template->assign('group_options', $groups);
520	$template->assign('group_selected',
521	isset($_GET['group']) ? $_GET['group'] : '');
522
523	// Filter order options
524	$template->assign('order_options', $page['order_by_items']);
525	$template->assign('order_selected',
526	isset($_GET['order_by']) ? $_GET['order_by'] : '');
527
528	// Filter direction options
529	$template->assign('direction_options', $page['direction_items']);
530	$template->assign('direction_selected',
531	isset($_GET['direction']) ? $_GET['direction'] : '');
532
533
534	if (isset($_POST['pref_submit']))
535	{
536	$template->assign(
537	array(
538	'NB_IMAGE_LINE' => $_POST['nb_image_line'],
539	'NB_LINE_PAGE' => $_POST['nb_line_page'],
540	'MAXWIDTH' => $_POST['maxwidth'],
541	'MAXHEIGHT' => $_POST['maxheight'],
542	'RECENT_PERIOD' => $_POST['recent_period'],
543	));
544	}
545	else
546	{
547	$default_user = get_default_user_info(true);
548	$template->assign(
549	array(
550	'NB_IMAGE_LINE' => $default_user['nb_image_line'],
551	'NB_LINE_PAGE' => $default_user['nb_line_page'],
552	'MAXWIDTH' => $default_user['maxwidth'],
553	'MAXHEIGHT' => $default_user['maxheight'],
554	'RECENT_PERIOD' => $default_user['recent_period'],
555	));
556	}
557
558	// Template Options
559	$template->assign('template_options', get_pwg_themes());
560	$template->assign('template_selected',
561	isset($_POST['pref_submit']) ? $_POST['template'] : get_default_template());
562
563	// Language options
564	$template->assign('language_options', get_languages());
565	$template->assign('language_selected',
566	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
567
568	// Status options
569	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
570	{
571	// Only status <= can be assign
572	if (is_autorize_status(get_access_type_status($status)))
573	{
574	$pref_status_options[$status] = l10n('user_status_'.$status);
575	}
576	}
577	$template->assign('pref_status_options', $pref_status_options);
578	$template->assign('pref_status_selected',
579	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
580
581	// associate and dissociate options
582	$template->assign('association_options', $groups);
583	$template->assign('associate_selected',
584	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
585	$template->assign('dissociate_selected',
586	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
587
588
589	// user level options
590	foreach ($conf['available_permission_levels'] as $level)
591	{
592	$level_options[$level] = l10n(sprintf('Level %d', $level));
593	}
594	$template->assign('level_options', $level_options);
595	$template->assign('level_selected',
596	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
597
598	// +-----------------------------------------------------------------------+
599	// \| navigation bar \|
600	// +-----------------------------------------------------------------------+
601
602	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
603
604	$navbar = create_navigation_bar(
605	$url,
606	count($page['filtered_users']),
607	$start,
608	$conf['users_page']
609	);
610
611	$template->assign('NAVBAR', $navbar);
612
613	// +-----------------------------------------------------------------------+
614	// \| user list \|
615	// +-----------------------------------------------------------------------+
616
617	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
618	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
619
620	$visible_user_list = array();
621	foreach ($page['filtered_users'] as $num => $local_user)
622	{
623	// simulate LIMIT $start, $conf['users_page']
624	if ($num < $start)
625	{
626	continue;
627	}
628	if ($num >= $start + $conf['users_page'])
629	{
630	break;
631	}
632
633	$visible_user_list[] = $local_user;
634	}
635
636	// allow plugins to fill template var plugin_user_list_column_titles and
637	// plugin_columns/plugin_actions for each user in the list
638	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
639
640	foreach ($visible_user_list as $local_user)
641	{
642	$groups_string = preg_replace(
643	'/(\d+)/e',
644	"\$groups['$1']",
645	implode(
646	', ',
647	$local_user['groups']
648	)
649	);
650
651	if (isset($_POST['pref_submit'])
652	and isset($_POST['selection'])
653	and in_array($local_user['id'], $_POST['selection']))
654	{
655	$checked = 'checked="checked"';
656	}
657	else
658	{
659	$checked = '';
660	}
661
662	$properties = array();
663	if ( $local_user['level'] != 0 )
664	{
665	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
666	}
667	$properties[] =
668	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
669	? l10n('is_high_enabled') : l10n('is_high_disabled');
670
671	$template->append(
672	'users',
673	array(
674	'ID' => $local_user['id'],
675	'CHECKED' => $checked,
676	'U_PROFILE' => $profile_url.$local_user['id'],
677	'U_PERM' => $perm_url.$local_user['id'],
678	'USERNAME' => $local_user['username']
679	.($local_user['id'] == $conf['guest_id']
680	? '<BR />['.l10n('is_the_guest').']' : '')
681	.($local_user['id'] == $conf['default_user_id']
682	? '<BR />['.l10n('is_the_default').']' : ''),
683	'STATUS' => l10n('user_status_'.
684	$local_user['status']).(($local_user['adviser'] == 'true')
685	? '<BR />['.l10n('adviser').']' : ''),
686	'EMAIL' => get_email_address_as_display_text($local_user['email']),
687	'GROUPS' => $groups_string,
688	'PROPERTIES' => implode( ', ', $properties),
689	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
690	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
691	)
692	);
693	}
694
695	// +-----------------------------------------------------------------------+
696	// \| html code display \|
697	// +-----------------------------------------------------------------------+
698
699	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
700	?>

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/admin/user_list.php @ 3751

Download in other formats: