Context Navigation

user_list.php @ 808

Last change on this file since 808 was 808, checked in by plg, 19 years ago

new : external authentication in another users table. Previous users table is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured.

modification : profile.php is not reachable through administration anymore (not useful).

modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed.

deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user

modification : $userforbidden_categories equals at least "-1" so that category_id NOT IN ($userforbidden_categories) can always be used.

modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table.

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 19.3 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2005-08-08 20:52:19 +0000 (Mon, 08 Aug 2005) $
10	// \| last modifier : $Author: plg $
11	// \| revision : $Revision: 808 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	/**
29	* Add users and manage users list
30	*/
31
32	// +-----------------------------------------------------------------------+
33	// \| initialization \|
34	// +-----------------------------------------------------------------------+
35
36	if (!defined('PHPWG_ROOT_PATH'))
37	{
38	die('Hacking attempt!');
39	}
40	include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
41
42	// +-----------------------------------------------------------------------+
43	// \| add a user \|
44	// +-----------------------------------------------------------------------+
45
46	if (isset($_POST['submit_add']))
47	{
48	$page['errors'] = register_user($_POST['login'], $_POST['password'], '');
49	}
50
51	// +-----------------------------------------------------------------------+
52	// \| preferences form submission \|
53	// +-----------------------------------------------------------------------+
54
55	if (isset($_POST['pref_submit']))
56	{
57	$collection = array();
58
59	switch ($_POST['target'])
60	{
61	case 'all' :
62	{
63	$query = '
64	SELECT id
65	FROM '.USERS_TABLE.'
66	WHERE id != '.$conf['guest_id'].'
67	;';
68	$collection = array_from_query($query, 'id');
69	break;
70	}
71	case 'selection' :
72	{
73	if (isset($_POST['selection']))
74	{
75	$collection = $_POST['selection'];
76	}
77	break;
78	}
79	}
80
81	if (count($collection) > 0)
82	{
83	if (-1 != $_POST['associate'])
84	{
85	$datas = array();
86
87	$query = '
88	SELECT user_id
89	FROM '.USER_GROUP_TABLE.'
90	WHERE group_id = '.$_POST['associate'].'
91	;';
92	$associated = array_from_query($query, 'user_id');
93
94	$associable = array_diff($collection, $associated);
95
96	if (count($associable) > 0)
97	{
98	foreach ($associable as $item)
99	{
100	array_push($datas,
101	array('group_id'=>$_POST['associate'],
102	'user_id'=>$item));
103	}
104
105	mass_inserts(USER_GROUP_TABLE,
106	array('group_id', 'user_id'),
107	$datas);
108	}
109	}
110
111	if (-1 != $_POST['dissociate'])
112	{
113	$query = '
114	DELETE FROM '.USER_GROUP_TABLE.'
115	WHERE group_id = '.$_POST['dissociate'].'
116	AND user_id IN ('.implode(',', $collection).')
117	';
118	pwg_query($query);
119	}
120
121	// properties to set for the collection (a user list)
122	$datas = array();
123	$dbfields = array('primary' => array('user_id'), 'update' => array());
124
125	$formfields =
126	array('nb_image_line', 'nb_line_page', 'template', 'language',
127	'recent_period', 'expand', 'show_nb_comments', 'maxwidth',
128	'maxheight', 'status');
129
130	foreach ($formfields as $formfield)
131	{
132	if ($_POST[$formfield.'_action'] != 'leave')
133	{
134	array_push($dbfields['update'], $formfield);
135	}
136	}
137
138	// updating elements is useful only if needed...
139	if (count($dbfields['update']) > 0)
140	{
141	$datas = array();
142
143	foreach ($collection as $user_id)
144	{
145	$data = array();
146	$data['user_id'] = $user_id;
147
148	// TODO : verify if submited values are semanticaly correct
149	foreach ($dbfields['update'] as $dbfield)
150	{
151	// if the action is 'unset', the key won't be in row and
152	// mass_updates function will set this field to NULL
153	if ('set' == $_POST[$dbfield.'_action'])
154	{
155	$data[$dbfield] = $_POST[$dbfield];
156	}
157	}
158
159	// Webmaster (user_id = 1) status must not be changed
160	if (1 == $user_id and isset($data['status']))
161	{
162	$data['status'] = 'admin';
163	}
164
165	array_push($datas, $data);
166	}
167
168	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
169	}
170	}
171	else
172	{
173	array_push($page['errors'], l10n('Select at least one user'));
174	}
175	}
176
177	// +-----------------------------------------------------------------------+
178	// \| groups list \|
179	// +-----------------------------------------------------------------------+
180
181	$groups = array();
182
183	$query = '
184	SELECT id, name
185	FROM '.GROUPS_TABLE.'
186	;';
187	$result = pwg_query($query);
188
189	while ($row = mysql_fetch_array($result))
190	{
191	$groups[$row['id']] = $row['name'];
192	}
193
194	// +-----------------------------------------------------------------------+
195	// \| template init \|
196	// +-----------------------------------------------------------------------+
197
198	$template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
199
200	$base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list');
201
202	$conf['users_page'] = 20;
203
204	if (isset($_GET['start']) and is_numeric($_GET['start']))
205	{
206	$start = $_GET['start'];
207	}
208	else
209	{
210	$start = 0;
211	}
212
213	$template->assign_vars(
214	array(
215	'L_AUTH_USER'=>$lang['permuser_only_private'],
216	'L_GROUP_ADD_USER' => $lang['group_add_user'],
217	'L_SUBMIT'=>$lang['submit'],
218	'L_STATUS'=>$lang['user_status'],
219	'L_USERNAME' => $lang['login'],
220	'L_PASSWORD' => $lang['password'],
221	'L_EMAIL' => $lang['mail_address'],
222	'L_ORDER_BY' => $lang['order_by'],
223	'L_ACTIONS' => $lang['actions'],
224	'L_PERMISSIONS' => $lang['permissions'],
225	'L_USERS_LIST' => $lang['title_liste_users'],
226	'L_LANGUAGE' => $lang['language'],
227	'L_NB_IMAGE_LINE' => $lang['nb_image_per_row'],
228	'L_NB_LINE_PAGE' => $lang['nb_row_per_page'],
229	'L_TEMPLATE' => $lang['theme'],
230	'L_RECENT_PERIOD' => $lang['recent_period'],
231	'L_EXPAND' => $lang['auto_expand'],
232	'L_SHOW_NB_COMMENTS' => $lang['show_nb_comments'],
233	'L_MAXWIDTH' => $lang['maxwidth'],
234	'L_MAXHEIGHT' => $lang['maxheight'],
235	'L_YES' => $lang['yes'],
236	'L_NO' => $lang['no'],
237	'L_SUBMIT' => $lang['submit'],
238	'L_RESET' => $lang['reset'],
239	'L_DELETE' => $lang['user_delete'],
240	'L_DELETE_HINT' => $lang['user_delete_hint'],
241
242	'F_ADD_ACTION' => $base_url,
243	'F_USERNAME' => @$_GET['username'],
244	'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php'
245	));
246
247	if (isset($_GET['id']))
248	{
249	$template->assign_block_vars('session', array('ID' => $_GET['id']));
250	}
251
252	$order_by_items = array('id' => $lang['registration_date'],
253	'username' => $lang['login']);
254
255	foreach ($order_by_items as $item => $label)
256	{
257	$selected = (isset($_GET['order_by']) and $_GET['order_by'] == $item) ?
258	'selected="selected"' : '';
259	$template->assign_block_vars(
260	'order_by',
261	array(
262	'VALUE' => $item,
263	'CONTENT' => $label,
264	'SELECTED' => $selected
265	));
266	}
267
268	$direction_items = array('asc' => $lang['ascending'],
269	'desc' => $lang['descending']);
270
271	foreach ($direction_items as $item => $label)
272	{
273	$selected = (isset($_GET['direction']) and $_GET['direction'] == $item) ?
274	'selected="selected"' : '';
275	$template->assign_block_vars(
276	'direction',
277	array(
278	'VALUE' => $item,
279	'CONTENT' => $label,
280	'SELECTED' => $selected
281	));
282	}
283
284	$blockname = 'group_option';
285
286	$template->assign_block_vars(
287	$blockname,
288	array(
289	'VALUE'=> -1,
290	'CONTENT' => '------------',
291	'SELECTED' => ''
292	));
293
294	foreach ($groups as $group_id => $group_name)
295	{
296	$selected = (isset($_GET['group']) and $_GET['group'] == $group_id) ?
297	'selected="selected"' : '';
298	$template->assign_block_vars(
299	$blockname,
300	array(
301	'VALUE' => $group_id,
302	'CONTENT' => $group_name,
303	'SELECTED' => $selected
304	));
305	}
306
307	$blockname = 'status_option';
308
309	$template->assign_block_vars(
310	$blockname,
311	array(
312	'VALUE'=> -1,
313	'CONTENT' => '------------',
314	'SELECTED' => ''
315	));
316
317	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
318	{
319	$selected = (isset($_GET['status']) and $_GET['status'] == $status) ?
320	'selected="selected"' : '';
321	$template->assign_block_vars(
322	$blockname,
323	array(
324	'VALUE' => $status,
325	'CONTENT' => $lang['user_status_'.$status],
326	'SELECTED' => $selected
327	));
328	}
329
330	// ---
331	// $user['template'] = $conf['default_template'];
332	// $user['nb_image_line'] = $conf['nb_image_line'];
333	// $user['nb_line_page'] = $conf['nb_line_page'];
334	// $user['language'] = $conf['default_language'];
335	// $user['maxwidth'] = $conf['default_maxwidth'];
336	// $user['maxheight'] = $conf['default_maxheight'];
337	// $user['recent_period'] = $conf['recent_period'];
338	// $user['expand'] = $conf['auto_expand'];
339	// $user['show_nb_comments'] = $conf['show_nb_comments'];
340	// ---
341
342	if (isset($_POST['pref_submit']))
343	{
344	// echo '<pre>'; print_r($_POST); echo '</pre>';
345	$template->assign_vars(
346	array(
347	'NB_IMAGE_LINE' => $_POST['nb_image_line'],
348	'NB_LINE_PAGE' => $_POST['nb_line_page'],
349	'MAXWIDTH' => $_POST['maxwidth'],
350	'MAXHEIGHT' => $_POST['maxheight'],
351	'RECENT_PERIOD' => $_POST['recent_period'],
352	'EXPAND_YES' => 'true' == $_POST['expand'] ? 'checked="checked"' : '',
353	'EXPAND_NO' => 'false' == $_POST['expand'] ? 'checked="checked"' : '',
354	'SHOW_NB_COMMENTS_YES' =>
355	'true' == $_POST['show_nb_comments'] ? 'checked="checked"' : '',
356	'SHOW_NB_COMMENTS_NO' =>
357	'false' == $_POST['show_nb_comments'] ? 'checked="checked"' : ''
358	));
359	}
360	else
361	{
362	$template->assign_vars(
363	array(
364	'NB_IMAGE_LINE' => $conf['nb_image_line'],
365	'NB_LINE_PAGE' => $conf['nb_line_page'],
366	'MAXWIDTH' => @$conf['default_maxwidth'],
367	'MAXHEIGHT' => @$conf['default_maxheight'],
368	'RECENT_PERIOD' => $conf['recent_period'],
369	'EXPAND_YES' => $conf['auto_expand'] ? 'checked="checked"' : '',
370	'EXPAND_NO' => !$conf['auto_expand'] ? 'checked="checked"' : '',
371	'SHOW_NB_COMMENTS_YES' =>
372	$conf['show_nb_comments'] ? 'checked="checked"' : '',
373	'SHOW_NB_COMMENTS_NO' =>
374	!$conf['show_nb_comments'] ? 'checked="checked"' : ''
375	));
376	}
377
378	$blockname = 'template_option';
379
380	foreach (get_templates() as $pwg_template)
381	{
382	if (isset($_POST['pref_submit']))
383	{
384	$selected = $_POST['template']==$pwg_template ? 'selected="selected"' : '';
385	}
386	else if ($conf['default_template'] == $pwg_template)
387	{
388	$selected = 'selected="selected"';
389	}
390	else
391	{
392	$selected = '';
393	}
394
395	$template->assign_block_vars(
396	$blockname,
397	array(
398	'VALUE'=> $pwg_template,
399	'CONTENT' => $pwg_template,
400	'SELECTED' => $selected
401	));
402	}
403
404	$blockname = 'language_option';
405
406	foreach (get_languages() as $language_code => $language_name)
407	{
408	if (isset($_POST['pref_submit']))
409	{
410	$selected = $_POST['language']==$language_code ? 'selected="selected"':'';
411	}
412	else if ($conf['default_language'] == $language_code)
413	{
414	$selected = 'selected="selected"';
415	}
416	else
417	{
418	$selected = '';
419	}
420
421	$template->assign_block_vars(
422	$blockname,
423	array(
424	'VALUE'=> $language_code,
425	'CONTENT' => $language_name,
426	'SELECTED' => $selected
427	));
428	}
429
430	$blockname = 'pref_status_option';
431
432	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
433	{
434	if (isset($_POST['pref_submit']))
435	{
436	$selected = $_POST['status'] == $status ? 'selected="selected"' : '';
437	}
438	else if ('guest' == $status)
439	{
440	$selected = 'selected="selected"';
441	}
442	else
443	{
444	$selected = '';
445	}
446
447	$template->assign_block_vars(
448	$blockname,
449	array(
450	'VALUE' => $status,
451	'CONTENT' => $lang['user_status_'.$status],
452	'SELECTED' => $selected
453	));
454	}
455
456	// associate
457	$blockname = 'associate_option';
458
459	$template->assign_block_vars(
460	$blockname,
461	array(
462	'VALUE'=> -1,
463	'CONTENT' => '------------',
464	'SELECTED' => ''
465	));
466
467	foreach ($groups as $group_id => $group_name)
468	{
469	if (isset($_POST['pref_submit']))
470	{
471	$selected = $_POST['associate'] == $group_id ? 'selected="selected"' : '';
472	}
473	else
474	{
475	$selected = '';
476	}
477
478	$template->assign_block_vars(
479	$blockname,
480	array(
481	'VALUE' => $group_id,
482	'CONTENT' => $group_name,
483	'SELECTED' => $selected
484	));
485	}
486
487	// dissociate
488	$blockname = 'dissociate_option';
489
490	$template->assign_block_vars(
491	$blockname,
492	array(
493	'VALUE'=> -1,
494	'CONTENT' => '------------',
495	'SELECTED' => ''
496	));
497
498	foreach ($groups as $group_id => $group_name)
499	{
500	if (isset($_POST['pref_submit']))
501	{
502	$selected = $_POST['dissociate'] == $group_id ? 'selected="selected"' : '';
503	}
504	else
505	{
506	$selected = '';
507	}
508
509	$template->assign_block_vars(
510	$blockname,
511	array(
512	'VALUE' => $group_id,
513	'CONTENT' => $group_name,
514	'SELECTED' => $selected
515	));
516	}
517
518	// +-----------------------------------------------------------------------+
519	// \| filter \|
520	// +-----------------------------------------------------------------------+
521
522	$filter = array();
523
524	if (isset($_GET['username']) and !empty($_GET['username']))
525	{
526	$username = str_replace('*', '%', $_GET['username']);
527	if (function_exists('mysql_real_escape_string'))
528	{
529	$username = mysql_real_escape_string($username);
530	}
531	else
532	{
533	$username = mysql_escape_string($username);
534	}
535
536	if (!empty($username))
537	{
538	$filter['username'] = $username;
539	}
540	}
541
542	if (isset($_GET['group'])
543	and -1 != $_GET['group']
544	and is_numeric($_GET['group']))
545	{
546	$filter['group'] = $_GET['group'];
547	}
548
549	if (isset($_GET['status'])
550	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
551	{
552	$filter['status'] = $_GET['status'];
553	}
554
555	// +-----------------------------------------------------------------------+
556	// \| navigation bar \|
557	// +-----------------------------------------------------------------------+
558
559	$query = '
560	SELECT COUNT(DISTINCT u.'.$conf['user_fields']['id'].')
561	FROM '.USERS_TABLE.' AS u
562	INNER JOIN '.USER_INFOS_TABLE.' AS ui
563	ON u.'.$conf['user_fields']['id'].' = ui.user_id
564	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
565	ON u.'.$conf['user_fields']['id'].' = ug.user_id
566	WHERE u.'.$conf['user_fields']['id'].' != '.$conf['guest_id'];
567	if (isset($filter['username']))
568	{
569	$query.= '
570	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
571	}
572	if (isset($filter['group']))
573	{
574	$query.= '
575	AND ug.group_id = '.$filter['group'];
576	}
577	if (isset($filter['status']))
578	{
579	$query.= '
580	AND ui.status = \''.$filter['status']."'";
581	}
582	$query.= '
583	;';
584	list($counter) = mysql_fetch_row(pwg_query($query));
585
586	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
587
588	$navbar = create_navigation_bar($url,
589	$counter,
590	$start,
591	$conf['users_page'],
592	'');
593
594	$template->assign_vars(array('NAVBAR' => $navbar));
595
596	// +-----------------------------------------------------------------------+
597	// \| user list \|
598	// +-----------------------------------------------------------------------+
599
600	$profile_url = PHPWG_ROOT_PATH.'admin.php?page=profile&user_id=';
601	$perm_url = PHPWG_ROOT_PATH.'admin.php?page=user_perm&user_id=';
602
603	$users = array();
604	$user_ids = array();
605
606	$order_by = 'id';
607	if (isset($_GET['order_by'])
608	and in_array($_GET['order_by'], array_keys($order_by_items)))
609	{
610	$order_by = $_GET['order_by'];
611	}
612
613	$direction = 'ASC';
614	if (isset($_GET['direction'])
615	and in_array($_GET['direction'], array_keys($direction_items)))
616	{
617	$direction = strtoupper($_GET['direction']);
618	}
619
620	$query = '
621	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
622	u.'.$conf['user_fields']['username'].' AS username,
623	u.'.$conf['user_fields']['email'].' AS email,
624	ui.status
625	FROM '.USERS_TABLE.' AS u
626	INNER JOIN '.USER_INFOS_TABLE.' AS ui
627	ON u.'.$conf['user_fields']['id'].' = ui.user_id
628	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
629	ON u.'.$conf['user_fields']['id'].' = ug.user_id
630	WHERE id != '.$conf['guest_id'];
631	if (isset($filter['username']))
632	{
633	$query.= '
634	AND username LIKE \''.$filter['username'].'\'';
635	}
636	if (isset($filter['group']))
637	{
638	$query.= '
639	AND ug.group_id = '.$filter['group'];
640	}
641	if (isset($filter['status']))
642	{
643	$query.= '
644	AND ui.status = \''.$filter['status']."'";
645	}
646	$query.= '
647	ORDER BY '.$order_by.' '.$direction.'
648	LIMIT '.$start.', '.$conf['users_page'].'
649	;';
650	$result = pwg_query($query);
651	while ($row = mysql_fetch_array($result))
652	{
653	array_push($users, $row);
654	array_push($user_ids, $row['id']);
655	$user_groups[$row['id']] = array();
656	}
657
658	if (count($user_ids) > 0)
659	{
660	$query = '
661	SELECT user_id, group_id
662	FROM '.USER_GROUP_TABLE.'
663	WHERE user_id IN ('.implode(',', $user_ids).')
664	;';
665	$result = pwg_query($query);
666	while ($row = mysql_fetch_array($result))
667	{
668	array_push($user_groups[$row['user_id']], $row['group_id']);
669	}
670
671	foreach ($users as $num => $item)
672	{
673	$groups_string = preg_replace('/(\d+)/e',
674	"\$groups['$1']",
675	implode(', ', $user_groups[$item['id']]));
676
677	if (isset($_POST['pref_submit'])
678	and isset($_POST['selection'])
679	and in_array($item['id'], $_POST['selection']))
680	{
681	$checked = 'checked="checked"';
682	}
683	else
684	{
685	$checked = '';
686	}
687
688	$template->assign_block_vars(
689	'user',
690	array(
691	'CLASS' => ($num % 2 == 1) ? 'row2' : 'row1',
692	'ID'=>$item['id'],
693	'CHECKED'=>$checked,
694	'U_MOD'=>add_session_id($profile_url.$item['id']),
695	'U_PERM'=>add_session_id($perm_url.$item['id']),
696	'USERNAME'=>$item['username'],
697	'STATUS'=>$lang['user_status_'.$item['status']],
698	'EMAIL'=>isset($item['email']) ? $item['email'] : '',
699	'GROUPS'=>$groups_string
700	));
701	}
702	}
703
704	// +-----------------------------------------------------------------------+
705	// \| html code display \|
706	// +-----------------------------------------------------------------------+
707
708	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
709	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/admin/user_list.php @ 808

Download in other formats: