Context Navigation

source: trunk/admin/user_list.php @ 4423

Last change on this file since 4423 was 4325, checked in by nikrou, 14 years ago

Feature 1244 resolved
Replace all mysql functions in core code by ones independant of database engine

Fix small php code synxtax : hash must be accessed with [ ] and not { }.

Property svn:eol-style set to LF

File size: 20.8 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2009 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	$filter['username'] = pwg_db_real_escape_string($username);
53	}
54
55	if (isset($_GET['group'])
56	and -1 != $_GET['group']
57	and is_numeric($_GET['group']))
58	{
59	$filter['group'] = $_GET['group'];
60	}
61
62	if (isset($_GET['status'])
63	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
64	{
65	$filter['status'] = $_GET['status'];
66	}
67
68	// how to order the list?
69	$order_by = 'id';
70	if (isset($_GET['order_by'])
71	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
72	{
73	$order_by = $_GET['order_by'];
74	}
75
76	$direction = 'ASC';
77	if (isset($_GET['direction'])
78	and in_array($_GET['direction'], array_keys($page['direction_items'])))
79	{
80	$direction = strtoupper($_GET['direction']);
81	}
82
83	// search users depending on filters and order
84	$query = '
85	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
86	u.'.$conf['user_fields']['username'].' AS username,
87	u.'.$conf['user_fields']['email'].' AS email,
88	ui.status,
89	ui.adviser,
90	ui.enabled_high,
91	ui.level
92	FROM '.USERS_TABLE.' AS u
93	INNER JOIN '.USER_INFOS_TABLE.' AS ui
94	ON u.'.$conf['user_fields']['id'].' = ui.user_id
95	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
96	ON u.'.$conf['user_fields']['id'].' = ug.user_id
97	WHERE u.'.$conf['user_fields']['id'].' > 0';
98	if (isset($filter['username']))
99	{
100	$query.= '
101	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
102	}
103	if (isset($filter['group']))
104	{
105	$query.= '
106	AND ug.group_id = '.$filter['group'];
107	}
108	if (isset($filter['status']))
109	{
110	$query.= '
111	AND ui.status = \''.$filter['status']."'";
112	}
113	$query.= '
114	ORDER BY '.$order_by.' '.$direction.'
115	;';
116
117	$result = pwg_query($query);
118	while ($row = pwg_db_fetch_assoc($result))
119	{
120	$user = $row;
121	$user['groups'] = array();
122
123	array_push($users, $user);
124	}
125
126	// add group lists
127	$user_ids = array();
128	foreach ($users as $i => $user)
129	{
130	$user_ids[$i] = $user['id'];
131	}
132	$user_nums = array_flip($user_ids);
133
134	if (count($user_ids) > 0)
135	{
136	$query = '
137	SELECT user_id, group_id
138	FROM '.USER_GROUP_TABLE.'
139	WHERE user_id IN ('.implode(',', $user_ids).')
140	;';
141	$result = pwg_query($query);
142	while ($row = pwg_db_fetch_assoc($result))
143	{
144	array_push(
145	$users[$user_nums[$row['user_id']]]['groups'],
146	$row['group_id']
147	);
148	}
149	}
150
151	return $users;
152	}
153
154	// +-----------------------------------------------------------------------+
155	// \| initialization \|
156	// +-----------------------------------------------------------------------+
157
158	if (!defined('PHPWG_ROOT_PATH'))
159	{
160	die('Hacking attempt!');
161	}
162
163	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
164
165	// +-----------------------------------------------------------------------+
166	// \| Check Access and exit when user status is not ok \|
167	// +-----------------------------------------------------------------------+
168	check_status(ACCESS_ADMINISTRATOR);
169
170	$page['order_by_items'] = array(
171	'id' => l10n('registration_date'),
172	'username' => l10n('Username'),
173	'level' => l10n('Privacy level'),
174	'language' => l10n('language'),
175	);
176
177	$page['direction_items'] = array(
178	'asc' => l10n('ascending'),
179	'desc' => l10n('descending')
180	);
181
182	// +-----------------------------------------------------------------------+
183	// \| add a user \|
184	// +-----------------------------------------------------------------------+
185
186	// Check for config_default var - If True : Using double password type else single password type
187	// This feature is discussed on Piwigo's english forum
188	if ($conf['double_password_type_in_admin'] == true)
189	{
190	if (isset($_POST['submit_add']))
191	{
192	if(empty($_POST['password']))
193	{
194	array_push($page['errors'], l10n('Password is missing'));
195	}
196	else if(empty($_POST['password_conf']))
197	{
198	array_push($page['errors'], l10n('Password confirmation is missing'));
199	}
200	else if(empty($_POST['email']))
201	{
202	array_push($page['errors'], l10n('Email address is missing'));
203	}
204	else if ($_POST['password'] != $_POST['password_conf'])
205	{
206	array_push($page['errors'], l10n('Password confirmation error'));
207	}
208	else
209	{
210	$page['errors'] = register_user(
211	$_POST['login'], $_POST['password'], $_POST['email'], false);
212
213	if (count($page['errors']) == 0)
214	{
215	array_push(
216	$page['infos'],
217	sprintf(
218	l10n('user "%s" added'),
219	$_POST['login']
220	)
221	);
222	}
223	}
224	}
225	}
226	else if ($conf['double_password_type_in_admin'] == false)
227	{
228	if (isset($_POST['submit_add']))
229	{
230	$page['errors'] = register_user(
231	$_POST['login'], $_POST['password'], $_POST['email'], false);
232
233	if (count($page['errors']) == 0)
234	{
235	array_push(
236	$page['infos'],
237	sprintf(
238	l10n('user "%s" added'),
239	$_POST['login']
240	)
241	);
242	}
243	}
244	}
245
246	// +-----------------------------------------------------------------------+
247	// \| user list \|
248	// +-----------------------------------------------------------------------+
249
250	$page['filtered_users'] = get_filtered_user_list();
251
252	// +-----------------------------------------------------------------------+
253	// \| selected users \|
254	// +-----------------------------------------------------------------------+
255
256	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
257	{
258	$collection = array();
259
260	switch ($_POST['target'])
261	{
262	case 'all' :
263	{
264	foreach($page['filtered_users'] as $local_user)
265	{
266	array_push($collection, $local_user['id']);
267	}
268	break;
269	}
270	case 'selection' :
271	{
272	if (isset($_POST['selection']))
273	{
274	$collection = $_POST['selection'];
275	}
276	break;
277	}
278	}
279
280	if (count($collection) == 0)
281	{
282	array_push($page['errors'], l10n('Select at least one user'));
283	}
284	}
285
286	// +-----------------------------------------------------------------------+
287	// \| delete users \|
288	// +-----------------------------------------------------------------------+
289	if (isset($_POST['delete']) and count($collection) > 0)
290	{
291	if (in_array($conf['guest_id'], $collection))
292	{
293	array_push($page['errors'], l10n('Guest cannot be deleted'));
294	}
295	if (($conf['guest_id'] != $conf['default_user_id']) and
296	in_array($conf['default_user_id'], $collection))
297	{
298	array_push($page['errors'], l10n('Default user cannot be deleted'));
299	}
300	if (in_array($conf['webmaster_id'], $collection))
301	{
302	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
303	}
304	if (in_array($user['id'], $collection))
305	{
306	array_push($page['errors'], l10n('You cannot delete your account'));
307	}
308
309	if (count($page['errors']) == 0)
310	{
311	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
312	{
313	foreach ($collection as $user_id)
314	{
315	delete_user($user_id);
316	}
317	array_push(
318	$page['infos'],
319	l10n_dec(
320	'%d user deleted', '%d users deleted',
321	count($collection)
322	)
323	);
324	foreach ($page['filtered_users'] as $filter_key => $filter_user)
325	{
326	if (in_array($filter_user['id'], $collection))
327	{
328	unset($page['filtered_users'][$filter_key]);
329	}
330	}
331	}
332	else
333	{
334	array_push($page['errors'], l10n('You need to confirm deletion'));
335	}
336	}
337	}
338
339	// +-----------------------------------------------------------------------+
340	// \| preferences form submission \|
341	// +-----------------------------------------------------------------------+
342
343	if (isset($_POST['pref_submit']) and count($collection) > 0)
344	{
345	if (-1 != $_POST['associate'])
346	{
347	$datas = array();
348
349	$query = '
350	SELECT user_id
351	FROM '.USER_GROUP_TABLE.'
352	WHERE group_id = '.$_POST['associate'].'
353	;';
354	$associated = array_from_query($query, 'user_id');
355
356	$associable = array_diff($collection, $associated);
357
358	if (count($associable) > 0)
359	{
360	foreach ($associable as $item)
361	{
362	array_push($datas,
363	array('group_id'=>$_POST['associate'],
364	'user_id'=>$item));
365	}
366
367	mass_inserts(USER_GROUP_TABLE,
368	array('group_id', 'user_id'),
369	$datas);
370	}
371	}
372
373	if (-1 != $_POST['dissociate'])
374	{
375	$query = '
376	DELETE FROM '.USER_GROUP_TABLE.'
377	WHERE group_id = '.$_POST['dissociate'].'
378	AND user_id IN ('.implode(',', $collection).')
379	';
380	pwg_query($query);
381	}
382
383	// properties to set for the collection (a user list)
384	$datas = array();
385	$dbfields = array('primary' => array('user_id'), 'update' => array());
386
387	$formfields =
388	array('nb_image_line', 'nb_line_page', 'template', 'language',
389	'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
390	'show_nb_hits', 'maxheight', 'status', 'enabled_high',
391	'level');
392
393	$true_false_fields = array('expand', 'show_nb_comments',
394	'show_nb_hits', 'enabled_high');
395	if ($conf['allow_adviser'])
396	{
397	array_push($formfields, 'adviser');
398	array_push($true_false_fields, 'adviser');
399	}
400
401	foreach ($formfields as $formfield)
402	{
403	// special for true/false fields
404	if (in_array($formfield, $true_false_fields))
405	{
406	$test = $formfield;
407	}
408	else
409	{
410	$test = $formfield.'_action';
411	}
412
413	if ($_POST[$test] != 'leave')
414	{
415	array_push($dbfields['update'], $formfield);
416	}
417	}
418
419	// updating elements is useful only if needed...
420	if (count($dbfields['update']) > 0)
421	{
422	$datas = array();
423
424	foreach ($collection as $user_id)
425	{
426	$data = array();
427	$data['user_id'] = $user_id;
428
429	// TODO : verify if submited values are semanticaly correct
430	foreach ($dbfields['update'] as $dbfield)
431	{
432	// if the action is 'unset', the key won't be in row and
433	// mass_updates function will set this field to NULL
434	if (in_array($dbfield, $true_false_fields)
435	or 'set' == $_POST[$dbfield.'_action'])
436	{
437	$data[$dbfield] = $_POST[$dbfield];
438	}
439	}
440
441	// special users checks
442	if
443	(
444	($conf['webmaster_id'] == $user_id) or
445	($conf['guest_id'] == $user_id) or
446	($conf['default_user_id'] == $user_id)
447	)
448	{
449	// status must not be changed
450	if (isset($data['status']))
451	{
452	if ($conf['webmaster_id'] == $user_id)
453	{
454	$data['status'] = 'webmaster';
455	}
456	else
457	{
458	$data['status'] = 'guest';
459	}
460	}
461
462	// could not be adivser
463	if (isset($data['adviser']))
464	{
465	$data['adviser'] = 'false';
466	}
467	}
468
469	array_push($datas, $data);
470	}
471
472	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
473	}
474
475	redirect(
476	get_root_url().
477	'admin.php'.
478	get_query_string_diff(array(), false)
479	);
480	}
481
482	// +-----------------------------------------------------------------------+
483	// \| groups list \|
484	// +-----------------------------------------------------------------------+
485
486	$groups[-1] = '------------';
487
488	$query = '
489	SELECT id, name
490	FROM '.GROUPS_TABLE.'
491	ORDER BY name ASC
492	;';
493	$result = pwg_query($query);
494
495	while ($row = pwg_db_fetch_assoc($result))
496	{
497	$groups[$row['id']] = $row['name'];
498	}
499
500	// +-----------------------------------------------------------------------+
501	// \| template init \|
502	// +-----------------------------------------------------------------------+
503
504	$template->set_filenames(array('user_list'=>'user_list.tpl'));
505
506	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
507
508	if (isset($_GET['start']) and is_numeric($_GET['start']))
509	{
510	$start = $_GET['start'];
511	}
512	else
513	{
514	$start = 0;
515	}
516
517	$template->assign(
518	array(
519	'U_HELP' => get_root_url().'popuphelp.php?page=user_list',
520
521	'F_ADD_ACTION' => $base_url,
522	'F_USERNAME' => @htmlentities($_GET['username']),
523	'F_FILTER_ACTION' => get_root_url().'admin.php'
524	));
525
526	// Hide radio-button if not allow to assign adviser
527	if ($conf['allow_adviser'])
528	{
529	$template->assign('adviser', true);
530	}
531
532	// Display or Hide double password type
533	$template->assign('Double_Password', $conf['double_password_type_in_admin'] );
534
535	// Filter status options
536	$status_options[-1] = '------------';
537	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
538	{
539	$status_options[$status] = l10n('user_status_'.$status);
540	}
541	$template->assign('status_options', $status_options);
542	$template->assign('status_selected',
543	isset($_GET['status']) ? $_GET['status'] : '');
544
545	// Filter group options
546	$template->assign('group_options', $groups);
547	$template->assign('group_selected',
548	isset($_GET['group']) ? $_GET['group'] : '');
549
550	// Filter order options
551	$template->assign('order_options', $page['order_by_items']);
552	$template->assign('order_selected',
553	isset($_GET['order_by']) ? $_GET['order_by'] : '');
554
555	// Filter direction options
556	$template->assign('direction_options', $page['direction_items']);
557	$template->assign('direction_selected',
558	isset($_GET['direction']) ? $_GET['direction'] : '');
559
560
561	if (isset($_POST['pref_submit']))
562	{
563	$template->assign(
564	array(
565	'NB_IMAGE_LINE' => $_POST['nb_image_line'],
566	'NB_LINE_PAGE' => $_POST['nb_line_page'],
567	'MAXWIDTH' => $_POST['maxwidth'],
568	'MAXHEIGHT' => $_POST['maxheight'],
569	'RECENT_PERIOD' => $_POST['recent_period'],
570	));
571	}
572	else
573	{
574	$default_user = get_default_user_info(true);
575	$template->assign(
576	array(
577	'NB_IMAGE_LINE' => $default_user['nb_image_line'],
578	'NB_LINE_PAGE' => $default_user['nb_line_page'],
579	'MAXWIDTH' => $default_user['maxwidth'],
580	'MAXHEIGHT' => $default_user['maxheight'],
581	'RECENT_PERIOD' => $default_user['recent_period'],
582	));
583	}
584
585	// Template Options
586	$template->assign('template_options', get_pwg_themes());
587	$template->assign('template_selected',
588	isset($_POST['pref_submit']) ? $_POST['template'] : get_default_template());
589
590	// Language options
591	$template->assign('language_options', get_languages());
592	$template->assign('language_selected',
593	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
594
595	// Status options
596	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
597	{
598	// Only status <= can be assign
599	if (is_autorize_status(get_access_type_status($status)))
600	{
601	$pref_status_options[$status] = l10n('user_status_'.$status);
602	}
603	}
604	$template->assign('pref_status_options', $pref_status_options);
605	$template->assign('pref_status_selected',
606	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
607
608	// associate and dissociate options
609	$template->assign('association_options', $groups);
610	$template->assign('associate_selected',
611	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
612	$template->assign('dissociate_selected',
613	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
614
615
616	// user level options
617	foreach ($conf['available_permission_levels'] as $level)
618	{
619	$level_options[$level] = l10n(sprintf('Level %d', $level));
620	}
621	$template->assign('level_options', $level_options);
622	$template->assign('level_selected',
623	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
624
625	// +-----------------------------------------------------------------------+
626	// \| navigation bar \|
627	// +-----------------------------------------------------------------------+
628
629	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
630
631	$navbar = create_navigation_bar(
632	$url,
633	count($page['filtered_users']),
634	$start,
635	$conf['users_page']
636	);
637
638	$template->assign('NAVBAR', $navbar);
639
640	// +-----------------------------------------------------------------------+
641	// \| user list \|
642	// +-----------------------------------------------------------------------+
643
644	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
645	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
646
647	$visible_user_list = array();
648	foreach ($page['filtered_users'] as $num => $local_user)
649	{
650	// simulate LIMIT $start, $conf['users_page']
651	if ($num < $start)
652	{
653	continue;
654	}
655	if ($num >= $start + $conf['users_page'])
656	{
657	break;
658	}
659
660	$visible_user_list[] = $local_user;
661	}
662
663	// allow plugins to fill template var plugin_user_list_column_titles and
664	// plugin_columns/plugin_actions for each user in the list
665	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
666
667	foreach ($visible_user_list as $local_user)
668	{
669	$groups_string = preg_replace(
670	'/(\d+)/e',
671	"\$groups['$1']",
672	implode(
673	', ',
674	$local_user['groups']
675	)
676	);
677
678	if (isset($_POST['pref_submit'])
679	and isset($_POST['selection'])
680	and in_array($local_user['id'], $_POST['selection']))
681	{
682	$checked = 'checked="checked"';
683	}
684	else
685	{
686	$checked = '';
687	}
688
689	$properties = array();
690	if ( $local_user['level'] != 0 )
691	{
692	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
693	}
694	$properties[] =
695	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
696	? l10n('is_high_enabled') : l10n('is_high_disabled');
697
698	$template->append(
699	'users',
700	array(
701	'ID' => $local_user['id'],
702	'CHECKED' => $checked,
703	'U_PROFILE' => $profile_url.$local_user['id'],
704	'U_PERM' => $perm_url.$local_user['id'],
705	'USERNAME' => stripslashes($local_user['username'])
706	.($local_user['id'] == $conf['guest_id']
707	? '<br>['.l10n('is_the_guest').']' : '')
708	.($local_user['id'] == $conf['default_user_id']
709	? '<br>['.l10n('is_the_default').']' : ''),
710	'STATUS' => l10n('user_status_'.
711	$local_user['status']).(($local_user['adviser'] == 'true')
712	? '<br>['.l10n('adviser').']' : ''),
713	'EMAIL' => get_email_address_as_display_text($local_user['email']),
714	'GROUPS' => $groups_string,
715	'PROPERTIES' => implode( ', ', $properties),
716	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
717	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
718	)
719	);
720	}
721
722	// +-----------------------------------------------------------------------+
723	// \| html code display \|
724	// +-----------------------------------------------------------------------+
725
726	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
727	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: