Context Navigation

source: trunk/admin/user_list.php @ 3935

Last change on this file since 3935 was 3935, checked in by Eric, 15 years ago
[Bug 1041] Switchable double/single password input with text or password type in admin using new $conf
Property svn:eol-style set to `LF`
File size: 20.8 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	$filter['username'] = mysql_real_escape_string($username);
53	}
54
55	if (isset($_GET['group'])
56	and -1 != $_GET['group']
57	and is_numeric($_GET['group']))
58	{
59	$filter['group'] = $_GET['group'];
60	}
61
62	if (isset($_GET['status'])
63	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
64	{
65	$filter['status'] = $_GET['status'];
66	}
67
68	// how to order the list?
69	$order_by = 'id';
70	if (isset($_GET['order_by'])
71	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
72	{
73	$order_by = $_GET['order_by'];
74	}
75
76	$direction = 'ASC';
77	if (isset($_GET['direction'])
78	and in_array($_GET['direction'], array_keys($page['direction_items'])))
79	{
80	$direction = strtoupper($_GET['direction']);
81	}
82
83	// search users depending on filters and order
84	$query = '
85	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
86	u.'.$conf['user_fields']['username'].' AS username,
87	u.'.$conf['user_fields']['email'].' AS email,
88	ui.status,
89	ui.adviser,
90	ui.enabled_high,
91	ui.level
92	FROM '.USERS_TABLE.' AS u
93	INNER JOIN '.USER_INFOS_TABLE.' AS ui
94	ON u.'.$conf['user_fields']['id'].' = ui.user_id
95	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
96	ON u.'.$conf['user_fields']['id'].' = ug.user_id
97	WHERE u.'.$conf['user_fields']['id'].' > 0';
98	if (isset($filter['username']))
99	{
100	$query.= '
101	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
102	}
103	if (isset($filter['group']))
104	{
105	$query.= '
106	AND ug.group_id = '.$filter['group'];
107	}
108	if (isset($filter['status']))
109	{
110	$query.= '
111	AND ui.status = \''.$filter['status']."'";
112	}
113	$query.= '
114	ORDER BY '.$order_by.' '.$direction.'
115	;';
116
117	$result = pwg_query($query);
118	while ($row = mysql_fetch_array($result))
119	{
120	$user = $row;
121	$user['groups'] = array();
122
123	array_push($users, $user);
124	}
125
126	// add group lists
127	$user_ids = array();
128	foreach ($users as $i => $user)
129	{
130	$user_ids[$i] = $user['id'];
131	}
132	$user_nums = array_flip($user_ids);
133
134	if (count($user_ids) > 0)
135	{
136	$query = '
137	SELECT user_id, group_id
138	FROM '.USER_GROUP_TABLE.'
139	WHERE user_id IN ('.implode(',', $user_ids).')
140	;';
141	$result = pwg_query($query);
142	while ($row = mysql_fetch_array($result))
143	{
144	array_push(
145	$users[$user_nums[$row['user_id']]]['groups'],
146	$row['group_id']
147	);
148	}
149	}
150
151	return $users;
152	}
153
154	// +-----------------------------------------------------------------------+
155	// \| initialization \|
156	// +-----------------------------------------------------------------------+
157
158	if (!defined('PHPWG_ROOT_PATH'))
159	{
160	die('Hacking attempt!');
161	}
162
163	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
164
165	// +-----------------------------------------------------------------------+
166	// \| Check Access and exit when user status is not ok \|
167	// +-----------------------------------------------------------------------+
168	check_status(ACCESS_ADMINISTRATOR);
169
170	$page['order_by_items'] = array(
171	'id' => l10n('registration_date'),
172	'username' => l10n('Username'),
173	'level' => l10n('Privacy level'),
174	'language' => l10n('language'),
175	);
176
177	$page['direction_items'] = array(
178	'asc' => l10n('ascending'),
179	'desc' => l10n('descending')
180	);
181
182	// +-----------------------------------------------------------------------+
183	// \| add a user \|
184	// +-----------------------------------------------------------------------+
185
186	// Check for config_default var - If True : Using double password type else single password type
187	// This feature is discussed on Piwigo's english forum
188	if ($conf['double_password_type_in_admin'] == true)
189	{
190	if (isset($_POST['submit_add']))
191	{
192	if(empty($_POST['password']))
193	{
194	array_push($page['errors'], l10n('Password is missing'));
195	}
196	else if(empty($_POST['password_conf']))
197	{
198	array_push($page['errors'], l10n('Password confirmation is missing'));
199	}
200	else if(empty($_POST['email']))
201	{
202	array_push($page['errors'], l10n('Email address is missing'));
203	}
204	else if ($_POST['password'] != $_POST['password_conf'])
205	{
206	array_push($page['errors'], l10n('Password confirmation error'));
207	}
208	else
209	{
210	$page['errors'] = register_user(
211	$_POST['login'], $_POST['password'], $_POST['email'], false);
212
213	if (count($page['errors']) == 0)
214	{
215	array_push(
216	$page['infos'],
217	sprintf(
218	l10n('user "%s" added'),
219	$_POST['login']
220	)
221	);
222	}
223	}
224	}
225	}
226	else if ($conf['double_password_type_in_admin'] == false)
227	{
228	if (isset($_POST['submit_add']))
229	{
230	$page['errors'] = register_user(
231	$_POST['login'], $_POST['password'], $_POST['email'], false);
232
233	if (count($page['errors']) == 0)
234	{
235	array_push(
236	$page['infos'],
237	sprintf(
238	l10n('user "%s" added'),
239	$_POST['login']
240	)
241	);
242	}
243	}
244	}
245
246	// +-----------------------------------------------------------------------+
247	// \| user list \|
248	// +-----------------------------------------------------------------------+
249
250	$page['filtered_users'] = get_filtered_user_list();
251
252	// +-----------------------------------------------------------------------+
253	// \| selected users \|
254	// +-----------------------------------------------------------------------+
255
256	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
257	{
258	$collection = array();
259
260	switch ($_POST['target'])
261	{
262	case 'all' :
263	{
264	foreach($page['filtered_users'] as $local_user)
265	{
266	array_push($collection, $local_user['id']);
267	}
268	break;
269	}
270	case 'selection' :
271	{
272	if (isset($_POST['selection']))
273	{
274	$collection = $_POST['selection'];
275	}
276	break;
277	}
278	}
279
280	if (count($collection) == 0)
281	{
282	array_push($page['errors'], l10n('Select at least one user'));
283	}
284	}
285
286	// +-----------------------------------------------------------------------+
287	// \| delete users \|
288	// +-----------------------------------------------------------------------+
289	if (isset($_POST['delete']) and count($collection) > 0)
290	{
291	if (in_array($conf['guest_id'], $collection))
292	{
293	array_push($page['errors'], l10n('Guest cannot be deleted'));
294	}
295	if (($conf['guest_id'] != $conf['default_user_id']) and
296	in_array($conf['default_user_id'], $collection))
297	{
298	array_push($page['errors'], l10n('Default user cannot be deleted'));
299	}
300	if (in_array($conf['webmaster_id'], $collection))
301	{
302	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
303	}
304	if (in_array($user['id'], $collection))
305	{
306	array_push($page['errors'], l10n('You cannot delete your account'));
307	}
308
309	if (count($page['errors']) == 0)
310	{
311	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
312	{
313	foreach ($collection as $user_id)
314	{
315	delete_user($user_id);
316	}
317	array_push(
318	$page['infos'],
319	l10n_dec(
320	'%d user deleted', '%d users deleted',
321	count($collection)
322	)
323	);
324	foreach ($page['filtered_users'] as $filter_key => $filter_user)
325	{
326	if (in_array($filter_user['id'], $collection))
327	{
328	unset($page['filtered_users'][$filter_key]);
329	}
330	}
331	}
332	else
333	{
334	array_push($page['errors'], l10n('You need to confirm deletion'));
335	}
336	}
337	}
338
339	// +-----------------------------------------------------------------------+
340	// \| preferences form submission \|
341	// +-----------------------------------------------------------------------+
342
343	if (isset($_POST['pref_submit']) and count($collection) > 0)
344	{
345	if (-1 != $_POST['associate'])
346	{
347	$datas = array();
348
349	$query = '
350	SELECT user_id
351	FROM '.USER_GROUP_TABLE.'
352	WHERE group_id = '.$_POST['associate'].'
353	;';
354	$associated = array_from_query($query, 'user_id');
355
356	$associable = array_diff($collection, $associated);
357
358	if (count($associable) > 0)
359	{
360	foreach ($associable as $item)
361	{
362	array_push($datas,
363	array('group_id'=>$_POST['associate'],
364	'user_id'=>$item));
365	}
366
367	mass_inserts(USER_GROUP_TABLE,
368	array('group_id', 'user_id'),
369	$datas);
370	}
371	}
372
373	if (-1 != $_POST['dissociate'])
374	{
375	$query = '
376	DELETE FROM '.USER_GROUP_TABLE.'
377	WHERE group_id = '.$_POST['dissociate'].'
378	AND user_id IN ('.implode(',', $collection).')
379	';
380	pwg_query($query);
381	}
382
383	// properties to set for the collection (a user list)
384	$datas = array();
385	$dbfields = array('primary' => array('user_id'), 'update' => array());
386
387	$formfields =
388	array('nb_image_line', 'nb_line_page', 'template', 'language',
389	'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
390	'show_nb_hits', 'maxheight', 'status', 'enabled_high',
391	'level');
392
393	$true_false_fields = array('expand', 'show_nb_comments',
394	'show_nb_hits', 'enabled_high');
395	if ($conf['allow_adviser'])
396	{
397	array_push($formfields, 'adviser');
398	array_push($true_false_fields, 'adviser');
399	}
400
401	foreach ($formfields as $formfield)
402	{
403	// special for true/false fields
404	if (in_array($formfield, $true_false_fields))
405	{
406	$test = $formfield;
407	}
408	else
409	{
410	$test = $formfield.'_action';
411	}
412
413	if ($_POST[$test] != 'leave')
414	{
415	array_push($dbfields['update'], $formfield);
416	}
417	}
418
419	// updating elements is useful only if needed...
420	if (count($dbfields['update']) > 0)
421	{
422	$datas = array();
423
424	foreach ($collection as $user_id)
425	{
426	$data = array();
427	$data['user_id'] = $user_id;
428
429	// TODO : verify if submited values are semanticaly correct
430	foreach ($dbfields['update'] as $dbfield)
431	{
432	// if the action is 'unset', the key won't be in row and
433	// mass_updates function will set this field to NULL
434	if (in_array($dbfield, $true_false_fields)
435	or 'set' == $_POST[$dbfield.'_action'])
436	{
437	$data[$dbfield] = $_POST[$dbfield];
438	}
439	}
440
441	// special users checks
442	if
443	(
444	($conf['webmaster_id'] == $user_id) or
445	($conf['guest_id'] == $user_id) or
446	($conf['default_user_id'] == $user_id)
447	)
448	{
449	// status must not be changed
450	if (isset($data['status']))
451	{
452	if ($conf['webmaster_id'] == $user_id)
453	{
454	$data['status'] = 'webmaster';
455	}
456	else
457	{
458	$data['status'] = 'guest';
459	}
460	}
461
462	// could not be adivser
463	if (isset($data['adviser']))
464	{
465	$data['adviser'] = 'false';
466	}
467	}
468
469	array_push($datas, $data);
470	}
471
472	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
473	}
474
475	redirect(
476	get_root_url().
477	'admin.php'.
478	get_query_string_diff(array(), false)
479	);
480	}
481
482	// +-----------------------------------------------------------------------+
483	// \| groups list \|
484	// +-----------------------------------------------------------------------+
485
486	$groups[-1] = '------------';
487
488	$query = '
489	SELECT id, name
490	FROM '.GROUPS_TABLE.'
491	ORDER BY name ASC
492	;';
493	$result = pwg_query($query);
494
495	while ($row = mysql_fetch_array($result))
496	{
497	$groups[$row['id']] = $row['name'];
498	}
499
500	// +-----------------------------------------------------------------------+
501	// \| template init \|
502	// +-----------------------------------------------------------------------+
503
504	$template->set_filenames(array('user_list'=>'user_list.tpl'));
505
506	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
507
508	if (isset($_GET['start']) and is_numeric($_GET['start']))
509	{
510	$start = $_GET['start'];
511	}
512	else
513	{
514	$start = 0;
515	}
516
517	$template->assign(
518	array(
519	'U_HELP' => get_root_url().'popuphelp.php?page=user_list',
520
521	'F_ADD_ACTION' => $base_url,
522	'F_USERNAME' => @htmlentities($_GET['username']),
523	'F_FILTER_ACTION' => get_root_url().'admin.php'
524	));
525
526	// Hide radio-button if not allow to assign adviser
527	if ($conf['allow_adviser'])
528	{
529	$template->assign('adviser', true);
530	}
531
532	// Display or Hide double password type
533	if ($conf['double_password_type_in_admin'])
534	{
535	$template->assign('Double_Password', true);
536	}
537
538	// Filter status options
539	$status_options[-1] = '------------';
540	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
541	{
542	$status_options[$status] = l10n('user_status_'.$status);
543	}
544	$template->assign('status_options', $status_options);
545	$template->assign('status_selected',
546	isset($_GET['status']) ? $_GET['status'] : '');
547
548	// Filter group options
549	$template->assign('group_options', $groups);
550	$template->assign('group_selected',
551	isset($_GET['group']) ? $_GET['group'] : '');
552
553	// Filter order options
554	$template->assign('order_options', $page['order_by_items']);
555	$template->assign('order_selected',
556	isset($_GET['order_by']) ? $_GET['order_by'] : '');
557
558	// Filter direction options
559	$template->assign('direction_options', $page['direction_items']);
560	$template->assign('direction_selected',
561	isset($_GET['direction']) ? $_GET['direction'] : '');
562
563
564	if (isset($_POST['pref_submit']))
565	{
566	$template->assign(
567	array(
568	'NB_IMAGE_LINE' => $_POST['nb_image_line'],
569	'NB_LINE_PAGE' => $_POST['nb_line_page'],
570	'MAXWIDTH' => $_POST['maxwidth'],
571	'MAXHEIGHT' => $_POST['maxheight'],
572	'RECENT_PERIOD' => $_POST['recent_period'],
573	));
574	}
575	else
576	{
577	$default_user = get_default_user_info(true);
578	$template->assign(
579	array(
580	'NB_IMAGE_LINE' => $default_user['nb_image_line'],
581	'NB_LINE_PAGE' => $default_user['nb_line_page'],
582	'MAXWIDTH' => $default_user['maxwidth'],
583	'MAXHEIGHT' => $default_user['maxheight'],
584	'RECENT_PERIOD' => $default_user['recent_period'],
585	));
586	}
587
588	// Template Options
589	$template->assign('template_options', get_pwg_themes());
590	$template->assign('template_selected',
591	isset($_POST['pref_submit']) ? $_POST['template'] : get_default_template());
592
593	// Language options
594	$template->assign('language_options', get_languages());
595	$template->assign('language_selected',
596	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
597
598	// Status options
599	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
600	{
601	// Only status <= can be assign
602	if (is_autorize_status(get_access_type_status($status)))
603	{
604	$pref_status_options[$status] = l10n('user_status_'.$status);
605	}
606	}
607	$template->assign('pref_status_options', $pref_status_options);
608	$template->assign('pref_status_selected',
609	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
610
611	// associate and dissociate options
612	$template->assign('association_options', $groups);
613	$template->assign('associate_selected',
614	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
615	$template->assign('dissociate_selected',
616	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
617
618
619	// user level options
620	foreach ($conf['available_permission_levels'] as $level)
621	{
622	$level_options[$level] = l10n(sprintf('Level %d', $level));
623	}
624	$template->assign('level_options', $level_options);
625	$template->assign('level_selected',
626	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
627
628	// +-----------------------------------------------------------------------+
629	// \| navigation bar \|
630	// +-----------------------------------------------------------------------+
631
632	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
633
634	$navbar = create_navigation_bar(
635	$url,
636	count($page['filtered_users']),
637	$start,
638	$conf['users_page']
639	);
640
641	$template->assign('NAVBAR', $navbar);
642
643	// +-----------------------------------------------------------------------+
644	// \| user list \|
645	// +-----------------------------------------------------------------------+
646
647	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
648	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
649
650	$visible_user_list = array();
651	foreach ($page['filtered_users'] as $num => $local_user)
652	{
653	// simulate LIMIT $start, $conf['users_page']
654	if ($num < $start)
655	{
656	continue;
657	}
658	if ($num >= $start + $conf['users_page'])
659	{
660	break;
661	}
662
663	$visible_user_list[] = $local_user;
664	}
665
666	// allow plugins to fill template var plugin_user_list_column_titles and
667	// plugin_columns/plugin_actions for each user in the list
668	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
669
670	foreach ($visible_user_list as $local_user)
671	{
672	$groups_string = preg_replace(
673	'/(\d+)/e',
674	"\$groups['$1']",
675	implode(
676	', ',
677	$local_user['groups']
678	)
679	);
680
681	if (isset($_POST['pref_submit'])
682	and isset($_POST['selection'])
683	and in_array($local_user['id'], $_POST['selection']))
684	{
685	$checked = 'checked="checked"';
686	}
687	else
688	{
689	$checked = '';
690	}
691
692	$properties = array();
693	if ( $local_user['level'] != 0 )
694	{
695	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
696	}
697	$properties[] =
698	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
699	? l10n('is_high_enabled') : l10n('is_high_disabled');
700
701	$template->append(
702	'users',
703	array(
704	'ID' => $local_user['id'],
705	'CHECKED' => $checked,
706	'U_PROFILE' => $profile_url.$local_user['id'],
707	'U_PERM' => $perm_url.$local_user['id'],
708	'USERNAME' => $local_user['username']
709	.($local_user['id'] == $conf['guest_id']
710	? '<br>['.l10n('is_the_guest').']' : '')
711	.($local_user['id'] == $conf['default_user_id']
712	? '<br>['.l10n('is_the_default').']' : ''),
713	'STATUS' => l10n('user_status_'.
714	$local_user['status']).(($local_user['adviser'] == 'true')
715	? '<br>['.l10n('adviser').']' : ''),
716	'EMAIL' => get_email_address_as_display_text($local_user['email']),
717	'GROUPS' => $groups_string,
718	'PROPERTIES' => implode( ', ', $properties),
719	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
720	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
721	)
722	);
723	}
724
725	// +-----------------------------------------------------------------------+
726	// \| html code display \|
727	// +-----------------------------------------------------------------------+
728
729	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
730	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: