Changeset 27179 for extensions/Password_Policy/admin/PP_admin.php
- Timestamp:
- Feb 4, 2014, 7:12:43 PM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/Password_Policy/admin/PP_admin.php
r25089 r27179 14 14 //ini_set('display_errors', true); 15 15 16 include_once(PHPWG_ROOT_PATH.'admin/include/tabsheet.class.php'); 16 17 include_once (PHPWG_ROOT_PATH.'/include/constants.php'); 17 18 … … 25 26 $error = array(); 26 27 28 $my_base_url = get_admin_plugin_menu_link(__FILE__); 29 27 30 $PP_Password_Test_Score = 0; 28 31 … … 33 36 $version = $plugin['version']; 34 37 38 // ------------------------------------------ 39 // Template initialization for forms and data 40 // ------------------------------------------ 41 $themeconf = $template->get_template_vars('themeconf'); 42 $PP_theme = $themeconf['id']; 35 43 36 44 // +----------------------------------------------------------+ … … 58 66 } 59 67 68 69 // +-----------------------------------------------------------------------+ 70 // | Tabssheet | 71 // +-----------------------------------------------------------------------+ 72 if (!isset($_GET['tab'])) 73 $page['tab'] = 'config'; 74 else 75 $page['tab'] = $_GET['tab']; 76 77 $tabsheet = new tabsheet(); 78 $tabsheet->add('config', 79 l10n('PP_config_tab'), 80 $my_base_url.'&tab=config'); 81 $tabsheet->add('userlist', 82 l10n('PP_Users_List_Tab'), 83 $my_base_url.'&tab=userlist'); 84 $tabsheet->select($page['tab']); 85 $tabsheet->assign(); 86 87 88 // +-----------------------------------------------------------------------+ 89 // | Tabssheet select | 90 // +-----------------------------------------------------------------------+ 91 92 switch ($page['tab']) 93 { 94 // ************************************************************************* 95 // +-----------------------------------------------------------------------+ 96 // | Config tab | 97 // +-----------------------------------------------------------------------+ 98 // ************************************************************************* 99 case 'config': 60 100 61 101 if (isset($_POST['submit']) and isset($_POST['PP_Password_Enforced']) and isset($_POST['PP_AdminPassword_Enforced']) and isset($_POST['PP_PwdReset']) and isset($_POST['PP_LogFailedPassw'])) … … 92 132 93 133 $conf_PP = unserialize($conf['PasswordPolicy']); 94 95 // ------------------------------------------96 // Template initialization for forms and data97 // ------------------------------------------98 $themeconf=$template->get_template_vars('themeconf');99 $PP_theme=$themeconf['id'];100 134 101 135 $template->assign( … … 136 170 $template->set_filename('plugin_admin_content', dirname(__FILE__) . '/template/PP_admin.tpl'); 137 171 $template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content'); 172 173 break; 174 175 176 // ************************************************************************* 177 // +-----------------------------------------------------------------------+ 178 // | Users list page | 179 // +-----------------------------------------------------------------------+ 180 // ************************************************************************* 181 case 'userlist': 182 183 $conf_PP = unserialize($conf['PasswordPolicy']); 184 185 if ((isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET']=='true') or (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK']=='true')) 186 { 187 // +-----------------------------------------------------------------------+ 188 // | initialization | 189 // +-----------------------------------------------------------------------+ 190 191 if (!defined('PHPWG_ROOT_PATH')) 192 { 193 die('Hacking attempt!'); 194 } 195 196 include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); 197 198 // +-----------------------------------------------------------------------+ 199 // | Check Access and exit when user status is not ok | 200 // +-----------------------------------------------------------------------+ 201 check_status(ACCESS_ADMINISTRATOR); 202 203 204 // +-----------------------------------------------------------------------+ 205 // | user list | 206 // +-----------------------------------------------------------------------+ 207 208 $page['filtered_users'] = pp_get_user_list(); 209 210 // +-----------------------------------------------------------------------+ 211 // | selected users | 212 // +-----------------------------------------------------------------------+ 213 if (isset($_POST['pwdreset']) or isset($_POST['unlock'])) 214 { 215 $collection = array(); 216 217 switch ($_POST['target']) 218 { 219 case 'all' : 220 { 221 foreach($page['filtered_users'] as $local_user) 222 { 223 array_push($collection, $local_user['id']); 224 } 225 break; 226 } 227 case 'selection' : 228 { 229 if (isset($_POST['selection'])) 230 { 231 $collection = $_POST['selection']; 232 } 233 break; 234 } 235 } 236 237 if (count($collection) == 0) 238 { 239 array_push($page['errors'], l10n('Select at least one user')); 240 } 241 } 242 243 // +-----------------------------------------------------------------------+ 244 // | Reset pwd | 245 // +-----------------------------------------------------------------------+ 246 if (isset($_POST['pwdreset']) and count($collection) > 0) 247 { 248 if (in_array($conf['guest_id'], $collection)) 249 { 250 array_push($page['errors'], l10n('PP_Guest cannot be pwdreset')); 251 } 252 if (($conf['guest_id'] != $conf['default_user_id']) and 253 in_array($conf['default_user_id'], $collection)) 254 { 255 array_push($page['errors'], l10n('PP_Default user cannot be pwdreset')); 256 } 257 if (in_array($conf['webmaster_id'], $collection)) 258 { 259 array_push($page['errors'], l10n('PP_Webmaster cannot be pwdreset')); 260 } 261 if (in_array($user['id'], $collection)) 262 { 263 array_push($page['errors'], l10n('PP_You cannot pwdreset your account')); 264 } 265 266 // Generic accounts exclusion (including Adult_Content generic users) 267 // ------------------------------------------------------------------ 268 $query =' 269 SELECT u.id 270 FROM '.USERS_TABLE.' AS u 271 INNER JOIN '.USER_INFOS_TABLE.' AS ui 272 ON u.id = ui.user_id 273 WHERE ui.status = "generic" 274 ;'; 275 276 $result = pwg_query($query); 277 278 while ($row = pwg_db_fetch_assoc($result)) 279 { 280 if (in_array($row['id'], $collection)) 281 { 282 array_push($page['errors'], l10n('PP_Generic cannot be pwdreset')); 283 } 284 } 285 286 // Admins accounts exclusion 287 // -------------------------- 288 $query =' 289 SELECT u.id 290 FROM '.USERS_TABLE.' AS u 291 INNER JOIN '.USER_INFOS_TABLE.' AS ui 292 ON u.id = ui.user_id 293 WHERE ui.status = "admin" 294 ;'; 295 296 $result = pwg_query($query); 297 298 while ($row = pwg_db_fetch_assoc($result)) 299 { 300 if (in_array($row['id'], $collection)) 301 { 302 array_push($page['errors'], l10n('PP_Admins cannot be pwdreset')); 303 } 304 } 305 306 307 if (count($page['errors']) == 0) 308 { 309 if (isset($_POST['confirm_pwdreset']) and 1 == $_POST['confirm_pwdreset']) 310 { 311 foreach ($collection as $user_id) 312 { 313 PP_Set_PwdReset($user_id); 314 } 315 array_push( 316 $page['infos'], 317 l10n_dec( 318 'PP %d user pwdreseted', 'PP %d users pwdreseted', 319 count($collection) 320 ) 321 ); 322 $template->append('infos', l10n_dec( 323 'PP %d user pwdreseted', 'PP %d users pwdreseted', 324 count($collection))); 325 } 326 else 327 { 328 array_push($page['errors'], l10n('PP_You need to confirm pwdreset')); 329 } 330 } 331 } 332 333 334 // +-----------------------------------------------------------------------+ 335 // | Unlock accounts | 336 // +-----------------------------------------------------------------------+ 337 if (isset($_POST['unlock']) and count($collection) > 0) 338 { 339 if (in_array($conf['guest_id'], $collection)) 340 { 341 array_push($page['errors'], l10n('PP_Guest is not unlockable')); 342 } 343 if (($conf['guest_id'] != $conf['default_user_id']) and 344 in_array($conf['default_user_id'], $collection)) 345 { 346 array_push($page['errors'], l10n('PP_Default user is not unlockable')); 347 } 348 if (in_array($conf['webmaster_id'], $collection)) 349 { 350 array_push($page['errors'], l10n('PP_Webmaster is not unlockable')); 351 } 352 if (in_array($user['id'], $collection)) 353 { 354 array_push($page['errors'], l10n('PP_You cannot unlock your account')); 355 } 356 357 // Generic accounts exclusion (including Adult_Content generic users) 358 // ------------------------------------------------------------------ 359 $query =' 360 SELECT u.id 361 FROM '.USERS_TABLE.' AS u 362 INNER JOIN '.USER_INFOS_TABLE.' AS ui 363 ON u.id = ui.user_id 364 WHERE ui.status = "generic" 365 ;'; 366 367 $result = pwg_query($query); 368 369 while ($row = pwg_db_fetch_assoc($result)) 370 { 371 if (in_array($row['id'], $collection)) 372 { 373 array_push($page['errors'], l10n('PP_Generic is not unlockable')); 374 } 375 } 376 377 // Admins accounts exclusion 378 // -------------------------- 379 $query =' 380 SELECT u.id 381 FROM '.USERS_TABLE.' AS u 382 INNER JOIN '.USER_INFOS_TABLE.' AS ui 383 ON u.id = ui.user_id 384 WHERE ui.status = "admin" 385 ;'; 386 387 $result = pwg_query($query); 388 389 while ($row = pwg_db_fetch_assoc($result)) 390 { 391 if (in_array($row['id'], $collection)) 392 { 393 array_push($page['errors'], l10n('PP_Admins is not unlockable')); 394 } 395 } 396 397 398 if (count($page['errors']) == 0) 399 { 400 if (isset($_POST['confirm_unlock']) and 1 == $_POST['confirm_unlock']) 401 { 402 foreach ($collection as $user_id) 403 { 404 PP_unlock_user($user_id); 405 } 406 array_push( 407 $page['infos'], 408 l10n_dec( 409 'PP %d user unlocked', 'PP %d users unlocked', 410 count($collection) 411 ) 412 ); 413 $template->append('infos', l10n_dec( 414 'PP %d user unlocked', 'PP %d users unlocked', 415 count($collection))); 416 } 417 else 418 { 419 array_push($page['errors'], l10n('PP_You need to confirm unlock')); 420 } 421 } 422 } 423 424 425 // +-----------------------------------------------------------------------+ 426 // | user list | 427 // +-----------------------------------------------------------------------+ 428 429 $visible_user_list = array(); 430 foreach ($page['filtered_users'] as $num => $local_user) 431 { 432 $visible_user_list[] = $local_user; 433 } 434 435 foreach ($visible_user_list as $local_user) 436 { 437 if (!empty($local_user)) 438 { 439 $query = ' 440 SELECT DISTINCT id, PP_pwdreset 441 FROM '.USERS_TABLE.' 442 WHERE id IN ('.$local_user['id'].') 443 ;'; 444 $result = pwg_query($query); 445 446 while ($row = pwg_db_fetch_assoc($result)) 447 { 448 if ($row['PP_pwdreset'] == 'false') 449 { 450 $pwdreset = l10n('PP_PwdReset_Done'); 451 } 452 else if ($row['PP_pwdreset'] == 'true') 453 { 454 $pwdreset = l10n('PP_PwdReset_Todo'); 455 } 456 else $pwdreset = l10n('PP_PwdReset_NA'); 457 } 458 459 460 $query = ' 461 SELECT DISTINCT id, PP_lock 462 FROM '.USERS_TABLE.' 463 WHERE id IN ('.$local_user['id'].') 464 ;'; 465 $result = pwg_query($query); 466 467 while ($row = pwg_db_fetch_assoc($result)) 468 { 469 if ($row['PP_lock'] == 'false') 470 { 471 $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/nolock.png" title="'.l10n('PP_User Not Locked').'" alt="'.l10n('PP_User Not Locked').'"/><div style="display: none">'.l10n('PP_User Not Locked').'</div>'; 472 } 473 else if ($row['PP_lock'] == 'true') 474 { 475 $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/lock.png" title="'.l10n('PP_User Locked').'" alt="'.l10n('PP_User Locked').'"/><div style="display: none">'.l10n('PP_User Locked').'</div>'; 476 } 477 else $LockedUser = '<img src="'.PP_PATH.'admin/template/icons/nolock.png" title="'.l10n('PP_User Not Locked').'" alt="'.l10n('PP_User Not Locked').'"/><div style="display: none">'.l10n('PP_User Not Locked').'</div>'; 478 } 479 } 480 481 // Template initialization 482 // ----------------------- 483 $template->append( 484 'users', 485 array( 486 'ID' => $local_user['id'], 487 'USERNAME' => stripslashes($local_user['username']) 488 .($local_user['id'] == $conf['guest_id'] 489 ? '<BR>['.l10n('guest').']' : '') 490 .($local_user['id'] == $conf['default_user_id'] 491 ? '<BR>['.l10n('default values').']' : ''), 492 'STATUS' => l10n('user_status_'.$local_user['status']), 493 'EMAIL' => $local_user['email'], 494 'PWD_LOCKED' => $LockedUser, 495 'PWDRESET' => $pwdreset, 496 ) 497 ); 498 } 499 500 501 // Set extra template variables 502 // ---------------------------- 503 $Conf_Pwreset = false; 504 $Conf_Logfailblock = false; 505 506 if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET']=='true') 507 { 508 $Conf_Pwreset = true; 509 } 510 511 if (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK']=='true') 512 { 513 $Conf_Logfailblock = true; 514 } 515 516 // ----------------- Debugging code ----------------- 517 //$converted_res1 = ($Conf_Pwreset) ? 'true' : 'false'; 518 //$converted_res2 = ($Conf_Logfailblock) ? 'true' : 'false'; 519 //PPLog($conf_PP['PWDRESET'],$converted_res1,$conf_PP['LOGFAILBLOCK'],$converted_res2); 520 521 // Template initialization - Extra variables 522 // ----------------------------------------- 523 $template->assign( 524 array( 525 'PP_VERSION' => $version, 526 'PP_PATH' => PP_PATH, 527 'PP_THEME' => $PP_theme, 528 'PWRESET' => $Conf_Pwreset, 529 'LOGFAILBLOCK' => $Conf_Logfailblock, 530 ) 531 ); 532 533 // +-----------------------------------------------------------------------+ 534 // | errors display | 535 // +-----------------------------------------------------------------------+ 536 if (isset($errors) and count($errors) != 0) 537 { 538 $template->assign('errors',array()); 539 foreach ($errors as $error) 540 { 541 array_push($page['errors'], $error); 542 } 543 } 544 545 // +-----------------------------------------------------------------------+ 546 // | templates display | 547 // +-----------------------------------------------------------------------+ 548 $template->set_filename('plugin_admin_content', dirname(__FILE__) . '/template/PP_userlist.tpl'); 549 $template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content'); 550 } 551 else 552 { 553 array_push($page['errors'], l10n('PP_Err_Userlist_Settings')); 554 } 555 556 break; 557 } 138 558 ?>
Note: See TracChangeset
for help on using the changeset viewer.