Context Navigation

user_list.php @ 880

Last change on this file since 880 was 880, checked in by plg, 19 years ago

bug 160 fixed: (part one of the bug) hard coded column name of users table had to be replaced by the configurable column name. This correction was made by a full rewrite of filtered users list management. The other bug (not submited in bugtracker) that needed this rewrite was that when you choose "all" as target for mass users modification, you expected to apply modification on filtered users, not all users.

bug 160 fixed: (part two of the bug) hard coded column name for primary key in mass_updates function.

modification: configuration parameter users_page is now located in the correct file (include/config_default.inc.php instead of admin/user_list.php)

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 20.4 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2005-10-05 19:41:37 +0000 (Wed, 05 Oct 2005) $
10	// \| last modifier : $Author: plg $
11	// \| revision : $Revision: 880 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	/**
29	* Add users and manage users list
30	*/
31
32	// +-----------------------------------------------------------------------+
33	// \| functions \|
34	// +-----------------------------------------------------------------------+
35
36	/**
37	* returns a list of users depending on page filters (in $_GET)
38	*
39	* Each user comes with his related informations : id, username, mail
40	* address, list of groups.
41	*
42	* @return array
43	*/
44	function get_filtered_user_list()
45	{
46	global $conf, $page;
47
48	$users = array();
49
50	// filter
51	$filter = array();
52
53	if (isset($_GET['username']) and !empty($_GET['username']))
54	{
55	$username = str_replace('*', '%', $_GET['username']);
56	if (function_exists('mysql_real_escape_string'))
57	{
58	$filter['username'] = mysql_real_escape_string($username);
59	}
60	else
61	{
62	$filter['username'] = mysql_escape_string($username);
63	}
64	}
65
66	if (isset($_GET['group'])
67	and -1 != $_GET['group']
68	and is_numeric($_GET['group']))
69	{
70	$filter['group'] = $_GET['group'];
71	}
72
73	if (isset($_GET['status'])
74	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
75	{
76	$filter['status'] = $_GET['status'];
77	}
78
79	// how to order the list?
80	$order_by = 'id';
81	if (isset($_GET['order_by'])
82	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
83	{
84	$order_by = $_GET['order_by'];
85	}
86
87	$direction = 'ASC';
88	if (isset($_GET['direction'])
89	and in_array($_GET['direction'], array_keys($page['direction_items'])))
90	{
91	$direction = strtoupper($_GET['direction']);
92	}
93
94	// search users depending on filters and order
95	$query = '
96	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
97	u.'.$conf['user_fields']['username'].' AS username,
98	u.'.$conf['user_fields']['email'].' AS email,
99	ui.status
100	FROM '.USERS_TABLE.' AS u
101	INNER JOIN '.USER_INFOS_TABLE.' AS ui
102	ON u.'.$conf['user_fields']['id'].' = ui.user_id
103	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
104	ON u.'.$conf['user_fields']['id'].' = ug.user_id
105	WHERE u.'.$conf['user_fields']['id'].' != '.$conf['guest_id'];
106	if (isset($filter['username']))
107	{
108	$query.= '
109	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
110	}
111	if (isset($filter['group']))
112	{
113	$query.= '
114	AND ug.group_id = '.$filter['group'];
115	}
116	if (isset($filter['status']))
117	{
118	$query.= '
119	AND ui.status = \''.$filter['status']."'";
120	}
121	$query.= '
122	ORDER BY '.$order_by.' '.$direction.'
123	;';
124
125	$result = pwg_query($query);
126	while ($row = mysql_fetch_array($result))
127	{
128	$user = $row;
129	$user['groups'] = array();
130
131	array_push($users, $user);
132	}
133
134	// add group lists
135	$user_ids = array();
136	foreach ($users as $i => $user)
137	{
138	$user_ids[$i] = $user['id'];
139	}
140	$user_nums = array_flip($user_ids);
141
142	if (count($user_ids) > 0)
143	{
144	$query = '
145	SELECT user_id, group_id
146	FROM '.USER_GROUP_TABLE.'
147	WHERE user_id IN ('.implode(',', $user_ids).')
148	;';
149	$result = pwg_query($query);
150	while ($row = mysql_fetch_array($result))
151	{
152	array_push(
153	$users[$user_nums[$row['user_id']]]['groups'],
154	$row['group_id']
155	);
156	}
157	}
158
159	return $users;
160	}
161
162	// +-----------------------------------------------------------------------+
163	// \| initialization \|
164	// +-----------------------------------------------------------------------+
165
166	if (!defined('PHPWG_ROOT_PATH'))
167	{
168	die('Hacking attempt!');
169	}
170	include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
171
172	$page['order_by_items'] = array(
173	'id' => $lang['registration_date'],
174	'username' => $lang['Username']
175	);
176
177	$page['direction_items'] = array(
178	'asc' => $lang['ascending'],
179	'desc' => $lang['descending']
180	);
181
182	$page['filtered_users'] = get_filtered_user_list();
183
184	// +-----------------------------------------------------------------------+
185	// \| add a user \|
186	// +-----------------------------------------------------------------------+
187
188	if (isset($_POST['submit_add']))
189	{
190	$page['errors'] = register_user($_POST['login'], $_POST['password'], '');
191	}
192
193	// +-----------------------------------------------------------------------+
194	// \| selected users \|
195	// +-----------------------------------------------------------------------+
196
197	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
198	{
199	$collection = array();
200
201	switch ($_POST['target'])
202	{
203	case 'all' :
204	{
205	foreach($page['filtered_users'] as $local_user)
206	{
207	array_push($collection, $local_user['id']);
208	}
209	break;
210	}
211	case 'selection' :
212	{
213	if (isset($_POST['selection']))
214	{
215	$collection = $_POST['selection'];
216	}
217	break;
218	}
219	}
220
221	if (count($collection) == 0)
222	{
223	array_push($page['errors'], l10n('Select at least one user'));
224	}
225	}
226
227	// +-----------------------------------------------------------------------+
228	// \| delete users \|
229	// +-----------------------------------------------------------------------+
230
231	if (isset($_POST['delete']) and count($collection) > 0)
232	{
233	if (in_array($conf['webmaster_id'], $collection))
234	{
235	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
236	}
237	else
238	{
239	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
240	{
241	foreach ($collection as $user_id)
242	{
243	delete_user($user_id);
244	}
245	array_push(
246	$page['infos'],
247	sprintf(
248	l10n('%d users deleted'),
249	count($collection)
250	)
251	);
252	}
253	else
254	{
255	array_push($page['errors'], l10n('You need to confirm deletion'));
256	}
257	}
258	}
259
260	// +-----------------------------------------------------------------------+
261	// \| preferences form submission \|
262	// +-----------------------------------------------------------------------+
263
264	if (isset($_POST['pref_submit']) and count($collection) > 0)
265	{
266	if (-1 != $_POST['associate'])
267	{
268	$datas = array();
269
270	$query = '
271	SELECT user_id
272	FROM '.USER_GROUP_TABLE.'
273	WHERE group_id = '.$_POST['associate'].'
274	;';
275	$associated = array_from_query($query, 'user_id');
276
277	$associable = array_diff($collection, $associated);
278
279	if (count($associable) > 0)
280	{
281	foreach ($associable as $item)
282	{
283	array_push($datas,
284	array('group_id'=>$_POST['associate'],
285	'user_id'=>$item));
286	}
287
288	mass_inserts(USER_GROUP_TABLE,
289	array('group_id', 'user_id'),
290	$datas);
291	}
292	}
293
294	if (-1 != $_POST['dissociate'])
295	{
296	$query = '
297	DELETE FROM '.USER_GROUP_TABLE.'
298	WHERE group_id = '.$_POST['dissociate'].'
299	AND user_id IN ('.implode(',', $collection).')
300	';
301	pwg_query($query);
302	}
303
304	// properties to set for the collection (a user list)
305	$datas = array();
306	$dbfields = array('primary' => array('user_id'), 'update' => array());
307
308	$formfields =
309	array('nb_image_line', 'nb_line_page', 'template', 'language',
310	'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
311	'maxheight', 'status');
312
313	$true_false_fields = array('expand', 'show_nb_comments');
314
315	foreach ($formfields as $formfield)
316	{
317	// special for true/false fields
318	if (in_array($formfield, $true_false_fields))
319	{
320	$test = $formfield;
321	}
322	else
323	{
324	$test = $formfield.'_action';
325	}
326
327	if ($_POST[$test] != 'leave')
328	{
329	array_push($dbfields['update'], $formfield);
330	}
331	}
332
333	// updating elements is useful only if needed...
334	if (count($dbfields['update']) > 0)
335	{
336	$datas = array();
337
338	foreach ($collection as $user_id)
339	{
340	$data = array();
341	$data['user_id'] = $user_id;
342
343	// TODO : verify if submited values are semanticaly correct
344	foreach ($dbfields['update'] as $dbfield)
345	{
346	// if the action is 'unset', the key won't be in row and
347	// mass_updates function will set this field to NULL
348	if (in_array($dbfield, $true_false_fields)
349	or 'set' == $_POST[$dbfield.'_action'])
350	{
351	$data[$dbfield] = $_POST[$dbfield];
352	}
353	}
354
355	// Webmaster status must not be changed
356	if ($conf['webmaster_id'] == $user_id and isset($data['status']))
357	{
358	$data['status'] = 'admin';
359	}
360
361	array_push($datas, $data);
362	}
363
364	// echo '<pre>';
365	// print_r($datas);
366	// echo '</pre>';
367
368	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
369	}
370	}
371
372	// +-----------------------------------------------------------------------+
373	// \| groups list \|
374	// +-----------------------------------------------------------------------+
375
376	$groups = array();
377
378	$query = '
379	SELECT id, name
380	FROM '.GROUPS_TABLE.'
381	;';
382	$result = pwg_query($query);
383
384	while ($row = mysql_fetch_array($result))
385	{
386	$groups[$row['id']] = $row['name'];
387	}
388
389	// +-----------------------------------------------------------------------+
390	// \| template init \|
391	// +-----------------------------------------------------------------------+
392
393	$template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
394
395	$base_url = add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_list');
396
397	if (isset($_GET['start']) and is_numeric($_GET['start']))
398	{
399	$start = $_GET['start'];
400	}
401	else
402	{
403	$start = 0;
404	}
405
406	$template->assign_vars(
407	array(
408	'L_AUTH_USER'=>$lang['permuser_only_private'],
409	'L_GROUP_ADD_USER' => $lang['group_add_user'],
410	'L_SUBMIT'=>$lang['submit'],
411	'L_STATUS'=>$lang['user_status'],
412	'L_USERNAME' => $lang['login'],
413	'L_PASSWORD' => $lang['password'],
414	'L_EMAIL' => $lang['mail_address'],
415	'L_ORDER_BY' => $lang['order_by'],
416	'L_ACTIONS' => $lang['actions'],
417	'L_PERMISSIONS' => $lang['permissions'],
418	'L_USERS_LIST' => $lang['title_liste_users'],
419	'L_LANGUAGE' => $lang['language'],
420	'L_NB_IMAGE_LINE' => $lang['nb_image_per_row'],
421	'L_NB_LINE_PAGE' => $lang['nb_row_per_page'],
422	'L_TEMPLATE' => $lang['theme'],
423	'L_RECENT_PERIOD' => $lang['recent_period'],
424	'L_EXPAND' => $lang['auto_expand'],
425	'L_SHOW_NB_COMMENTS' => $lang['show_nb_comments'],
426	'L_MAXWIDTH' => $lang['maxwidth'],
427	'L_MAXHEIGHT' => $lang['maxheight'],
428	'L_YES' => $lang['yes'],
429	'L_NO' => $lang['no'],
430	'L_SUBMIT' => $lang['submit'],
431	'L_RESET' => $lang['reset'],
432	'L_DELETE' => $lang['user_delete'],
433	'L_DELETE_HINT' => $lang['user_delete_hint'],
434
435	'U_HELP' => PHPWG_ROOT_PATH.'/popuphelp.php?page=user_list',
436
437	'F_ADD_ACTION' => $base_url,
438	'F_USERNAME' => @$_GET['username'],
439	'F_FILTER_ACTION' => PHPWG_ROOT_PATH.'admin.php'
440	));
441
442	if (isset($_GET['id']))
443	{
444	$template->assign_block_vars('session', array('ID' => $_GET['id']));
445	}
446
447	foreach ($page['order_by_items'] as $item => $label)
448	{
449	$selected = (isset($_GET['order_by']) and $_GET['order_by'] == $item) ?
450	'selected="selected"' : '';
451	$template->assign_block_vars(
452	'order_by',
453	array(
454	'VALUE' => $item,
455	'CONTENT' => $label,
456	'SELECTED' => $selected
457	));
458	}
459
460	foreach ($page['direction_items'] as $item => $label)
461	{
462	$selected = (isset($_GET['direction']) and $_GET['direction'] == $item) ?
463	'selected="selected"' : '';
464	$template->assign_block_vars(
465	'direction',
466	array(
467	'VALUE' => $item,
468	'CONTENT' => $label,
469	'SELECTED' => $selected
470	));
471	}
472
473	$blockname = 'group_option';
474
475	$template->assign_block_vars(
476	$blockname,
477	array(
478	'VALUE'=> -1,
479	'CONTENT' => '------------',
480	'SELECTED' => ''
481	));
482
483	foreach ($groups as $group_id => $group_name)
484	{
485	$selected = (isset($_GET['group']) and $_GET['group'] == $group_id) ?
486	'selected="selected"' : '';
487	$template->assign_block_vars(
488	$blockname,
489	array(
490	'VALUE' => $group_id,
491	'CONTENT' => $group_name,
492	'SELECTED' => $selected
493	));
494	}
495
496	$blockname = 'status_option';
497
498	$template->assign_block_vars(
499	$blockname,
500	array(
501	'VALUE'=> -1,
502	'CONTENT' => '------------',
503	'SELECTED' => ''
504	));
505
506	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
507	{
508	$selected = (isset($_GET['status']) and $_GET['status'] == $status) ?
509	'selected="selected"' : '';
510	$template->assign_block_vars(
511	$blockname,
512	array(
513	'VALUE' => $status,
514	'CONTENT' => $lang['user_status_'.$status],
515	'SELECTED' => $selected
516	));
517	}
518
519	// ---
520	// $user['template'] = $conf['default_template'];
521	// $user['nb_image_line'] = $conf['nb_image_line'];
522	// $user['nb_line_page'] = $conf['nb_line_page'];
523	// $user['language'] = $conf['default_language'];
524	// $user['maxwidth'] = $conf['default_maxwidth'];
525	// $user['maxheight'] = $conf['default_maxheight'];
526	// $user['recent_period'] = $conf['recent_period'];
527	// $user['expand'] = $conf['auto_expand'];
528	// $user['show_nb_comments'] = $conf['show_nb_comments'];
529	// ---
530
531	if (isset($_POST['pref_submit']))
532	{
533	// echo '<pre>'; print_r($_POST); echo '</pre>';
534	$template->assign_vars(
535	array(
536	'NB_IMAGE_LINE' => $_POST['nb_image_line'],
537	'NB_LINE_PAGE' => $_POST['nb_line_page'],
538	'MAXWIDTH' => $_POST['maxwidth'],
539	'MAXHEIGHT' => $_POST['maxheight'],
540	'RECENT_PERIOD' => $_POST['recent_period'],
541	'EXPAND_YES' => 'true' == $_POST['expand'] ? 'checked="checked"' : '',
542	'EXPAND_NO' => 'false' == $_POST['expand'] ? 'checked="checked"' : '',
543	'SHOW_NB_COMMENTS_YES' =>
544	'true' == $_POST['show_nb_comments'] ? 'checked="checked"' : '',
545	'SHOW_NB_COMMENTS_NO' =>
546	'false' == $_POST['show_nb_comments'] ? 'checked="checked"' : ''
547	));
548	}
549	else
550	{
551	$template->assign_vars(
552	array(
553	'NB_IMAGE_LINE' => $conf['nb_image_line'],
554	'NB_LINE_PAGE' => $conf['nb_line_page'],
555	'MAXWIDTH' => @$conf['default_maxwidth'],
556	'MAXHEIGHT' => @$conf['default_maxheight'],
557	'RECENT_PERIOD' => $conf['recent_period'],
558	));
559	}
560
561	$blockname = 'template_option';
562
563	foreach (get_templates() as $pwg_template)
564	{
565	if (isset($_POST['pref_submit']))
566	{
567	$selected = $_POST['template']==$pwg_template ? 'selected="selected"' : '';
568	}
569	else if ($conf['default_template'] == $pwg_template)
570	{
571	$selected = 'selected="selected"';
572	}
573	else
574	{
575	$selected = '';
576	}
577
578	$template->assign_block_vars(
579	$blockname,
580	array(
581	'VALUE'=> $pwg_template,
582	'CONTENT' => $pwg_template,
583	'SELECTED' => $selected
584	));
585	}
586
587	$blockname = 'language_option';
588
589	foreach (get_languages() as $language_code => $language_name)
590	{
591	if (isset($_POST['pref_submit']))
592	{
593	$selected = $_POST['language']==$language_code ? 'selected="selected"':'';
594	}
595	else if ($conf['default_language'] == $language_code)
596	{
597	$selected = 'selected="selected"';
598	}
599	else
600	{
601	$selected = '';
602	}
603
604	$template->assign_block_vars(
605	$blockname,
606	array(
607	'VALUE'=> $language_code,
608	'CONTENT' => $language_name,
609	'SELECTED' => $selected
610	));
611	}
612
613	$blockname = 'pref_status_option';
614
615	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
616	{
617	if (isset($_POST['pref_submit']))
618	{
619	$selected = $_POST['status'] == $status ? 'selected="selected"' : '';
620	}
621	else if ('guest' == $status)
622	{
623	$selected = 'selected="selected"';
624	}
625	else
626	{
627	$selected = '';
628	}
629
630	$template->assign_block_vars(
631	$blockname,
632	array(
633	'VALUE' => $status,
634	'CONTENT' => $lang['user_status_'.$status],
635	'SELECTED' => $selected
636	));
637	}
638
639	// associate
640	$blockname = 'associate_option';
641
642	$template->assign_block_vars(
643	$blockname,
644	array(
645	'VALUE'=> -1,
646	'CONTENT' => '------------',
647	'SELECTED' => ''
648	));
649
650	foreach ($groups as $group_id => $group_name)
651	{
652	if (isset($_POST['pref_submit']))
653	{
654	$selected = $_POST['associate'] == $group_id ? 'selected="selected"' : '';
655	}
656	else
657	{
658	$selected = '';
659	}
660
661	$template->assign_block_vars(
662	$blockname,
663	array(
664	'VALUE' => $group_id,
665	'CONTENT' => $group_name,
666	'SELECTED' => $selected
667	));
668	}
669
670	// dissociate
671	$blockname = 'dissociate_option';
672
673	$template->assign_block_vars(
674	$blockname,
675	array(
676	'VALUE'=> -1,
677	'CONTENT' => '------------',
678	'SELECTED' => ''
679	));
680
681	foreach ($groups as $group_id => $group_name)
682	{
683	if (isset($_POST['pref_submit']))
684	{
685	$selected = $_POST['dissociate'] == $group_id ? 'selected="selected"' : '';
686	}
687	else
688	{
689	$selected = '';
690	}
691
692	$template->assign_block_vars(
693	$blockname,
694	array(
695	'VALUE' => $group_id,
696	'CONTENT' => $group_name,
697	'SELECTED' => $selected
698	));
699	}
700
701	// +-----------------------------------------------------------------------+
702	// \| navigation bar \|
703	// +-----------------------------------------------------------------------+
704
705	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
706
707	$navbar = create_navigation_bar(
708	$url,
709	count($page['filtered_users']),
710	$start,
711	$conf['users_page'],
712	''
713	);
714
715	$template->assign_vars(array('NAVBAR' => $navbar));
716
717	// +-----------------------------------------------------------------------+
718	// \| user list \|
719	// +-----------------------------------------------------------------------+
720
721	$profile_url = PHPWG_ROOT_PATH.'admin.php?page=profile&user_id=';
722	$perm_url = PHPWG_ROOT_PATH.'admin.php?page=user_perm&user_id=';
723
724	foreach ($page['filtered_users'] as $num => $local_user)
725	{
726	// simulate LIMIT $start, $conf['users_page']
727	if ($num < $start)
728	{
729	continue;
730	}
731	if ($num >= $start + $conf['users_page'])
732	{
733	break;
734	}
735
736	$groups_string = preg_replace(
737	'/(\d+)/e',
738	"\$groups['$1']",
739	implode(
740	', ',
741	$local_user['groups']
742	)
743	);
744
745	if (isset($_POST['pref_submit'])
746	and isset($_POST['selection'])
747	and in_array($local_user['id'], $_POST['selection']))
748	{
749	$checked = 'checked="checked"';
750	}
751	else
752	{
753	$checked = '';
754	}
755
756	$template->assign_block_vars(
757	'user',
758	array(
759	'CLASS' => ($num % 2 == 1) ? 'row2' : 'row1',
760	'ID' => $local_user['id'],
761	'CHECKED' => $checked,
762	'U_MOD' => add_session_id($profile_url.$local_user['id']),
763	'U_PERM' => add_session_id($perm_url.$local_user['id']),
764	'USERNAME' => $local_user['username'],
765	'STATUS' => $lang['user_status_'.$local_user['status']],
766	'EMAIL' => isset($local_user['email']) ? $local_user['email'] : '',
767	'GROUPS' => $groups_string
768	)
769	);
770	}
771
772	// +-----------------------------------------------------------------------+
773	// \| html code display \|
774	// +-----------------------------------------------------------------------+
775
776	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
777	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/admin/user_list.php @ 880

Download in other formats: