Context Navigation

source: branches/2.3/admin/user_list.php @ 18245

Last change on this file since 18245 was 14430, checked in by plg, 12 years ago
feature 2625: ability to sort user list by email address
Property svn:eol-style set to `LF`
File size: 20.9 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2011 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	$filter['username'] = pwg_db_real_escape_string($username);
53	}
54
55	if (isset($_GET['group'])
56	and -1 != $_GET['group']
57	and is_numeric($_GET['group']))
58	{
59	$filter['group'] = $_GET['group'];
60	}
61
62	if (isset($_GET['status'])
63	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
64	{
65	$filter['status'] = $_GET['status'];
66	}
67
68	// how to order the list?
69	$order_by = 'id';
70	if (isset($_GET['order_by'])
71	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
72	{
73	$order_by = $_GET['order_by'];
74	}
75
76	$direction = 'ASC';
77	if (isset($_GET['direction'])
78	and in_array($_GET['direction'], array_keys($page['direction_items'])))
79	{
80	$direction = strtoupper($_GET['direction']);
81	}
82
83	// search users depending on filters and order
84	$query = '
85	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
86	u.'.$conf['user_fields']['username'].' AS username,
87	u.'.$conf['user_fields']['email'].' AS email,
88	ui.status,
89	ui.enabled_high,
90	ui.level
91	FROM '.USERS_TABLE.' AS u
92	INNER JOIN '.USER_INFOS_TABLE.' AS ui
93	ON u.'.$conf['user_fields']['id'].' = ui.user_id
94	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
95	ON u.'.$conf['user_fields']['id'].' = ug.user_id
96	WHERE u.'.$conf['user_fields']['id'].' > 0';
97	if (isset($filter['username']))
98	{
99	$query.= '
100	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
101	}
102	if (isset($filter['group']))
103	{
104	$query.= '
105	AND ug.group_id = '.$filter['group'];
106	}
107	if (isset($filter['status']))
108	{
109	$query.= '
110	AND ui.status = \''.$filter['status']."'";
111	}
112	$query.= '
113	ORDER BY '.$order_by.' '.$direction.'
114	;';
115
116	$result = pwg_query($query);
117	while ($row = pwg_db_fetch_assoc($result))
118	{
119	$user = $row;
120	$user['groups'] = array();
121
122	array_push($users, $user);
123	}
124
125	// add group lists
126	$user_ids = array();
127	foreach ($users as $i => $user)
128	{
129	$user_ids[$i] = $user['id'];
130	}
131	$user_nums = array_flip($user_ids);
132
133	if (count($user_ids) > 0)
134	{
135	$query = '
136	SELECT user_id, group_id
137	FROM '.USER_GROUP_TABLE.'
138	WHERE user_id IN ('.implode(',', $user_ids).')
139	;';
140	$result = pwg_query($query);
141	while ($row = pwg_db_fetch_assoc($result))
142	{
143	array_push(
144	$users[$user_nums[$row['user_id']]]['groups'],
145	$row['group_id']
146	);
147	}
148	}
149
150	return $users;
151	}
152
153	// +-----------------------------------------------------------------------+
154	// \| initialization \|
155	// +-----------------------------------------------------------------------+
156
157	if (!defined('PHPWG_ROOT_PATH'))
158	{
159	die('Hacking attempt!');
160	}
161
162	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
163
164	// +-----------------------------------------------------------------------+
165	// \| Check Access and exit when user status is not ok \|
166	// +-----------------------------------------------------------------------+
167	check_status(ACCESS_ADMINISTRATOR);
168
169	$page['order_by_items'] = array(
170	'id' => l10n('registration date'),
171	'username' => l10n('Username'),
172	'level' => l10n('Privacy level'),
173	'Language' => l10n('Language'),
174	'email' => l10n('Email address'),
175	);
176
177	$page['direction_items'] = array(
178	'asc' => l10n('ascending'),
179	'desc' => l10n('descending')
180	);
181
182	// +-----------------------------------------------------------------------+
183	// \| add a user \|
184	// +-----------------------------------------------------------------------+
185
186	// Check for config_default var - If True : Using double password type else single password type
187	// This feature is discussed on Piwigo's english forum
188	if ($conf['double_password_type_in_admin'] == true)
189	{
190	if (isset($_POST['submit_add']))
191	{
192	if(empty($_POST['password']))
193	{
194	array_push($page['errors'], l10n('Password is missing. Please enter the password.'));
195	}
196	else if(empty($_POST['password_conf']))
197	{
198	array_push($page['errors'], l10n('Password confirmation is missing. Please confirm the chosen password.'));
199	}
200	else if(empty($_POST['email']))
201	{
202	array_push($page['errors'], l10n('Email address is missing. Please specify an email address.'));
203	}
204	else if ($_POST['password'] != $_POST['password_conf'])
205	{
206	array_push($page['errors'], l10n('Password confirmation error.'));
207	}
208	else
209	{
210	$page['errors'] = register_user(
211	$_POST['login'], $_POST['password'], $_POST['email'], false);
212
213	if (count($page['errors']) == 0)
214	{
215	array_push(
216	$page['infos'],
217	sprintf(
218	l10n('user "%s" added'),
219	$_POST['login']
220	)
221	);
222	}
223	}
224	}
225	}
226	else if ($conf['double_password_type_in_admin'] == false)
227	{
228	if (isset($_POST['submit_add']))
229	{
230	$page['errors'] = register_user(
231	$_POST['login'], $_POST['password'], $_POST['email'], false);
232
233	if (count($page['errors']) == 0)
234	{
235	array_push(
236	$page['infos'],
237	sprintf(
238	l10n('user "%s" added'),
239	stripslashes($_POST['login'])
240	)
241	);
242	}
243	}
244	}
245
246	// +-----------------------------------------------------------------------+
247	// \| user list \|
248	// +-----------------------------------------------------------------------+
249
250	$page['filtered_users'] = get_filtered_user_list();
251
252	// +-----------------------------------------------------------------------+
253	// \| selected users \|
254	// +-----------------------------------------------------------------------+
255
256	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
257	{
258	$collection = array();
259
260	switch ($_POST['target'])
261	{
262	case 'all' :
263	{
264	foreach($page['filtered_users'] as $local_user)
265	{
266	array_push($collection, $local_user['id']);
267	}
268	break;
269	}
270	case 'selection' :
271	{
272	if (isset($_POST['selection']))
273	{
274	$collection = $_POST['selection'];
275	}
276	break;
277	}
278	}
279
280	if (count($collection) == 0)
281	{
282	array_push($page['errors'], l10n('Select at least one user'));
283	}
284	}
285
286	// +-----------------------------------------------------------------------+
287	// \| delete users \|
288	// +-----------------------------------------------------------------------+
289	if (isset($_POST['delete']) and count($collection) > 0)
290	{
291	if (in_array($conf['guest_id'], $collection))
292	{
293	array_push($page['errors'], l10n('Guest cannot be deleted'));
294	}
295	if (($conf['guest_id'] != $conf['default_user_id']) and
296	in_array($conf['default_user_id'], $collection))
297	{
298	array_push($page['errors'], l10n('Default user cannot be deleted'));
299	}
300	if (in_array($conf['webmaster_id'], $collection))
301	{
302	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
303	}
304	if (in_array($user['id'], $collection))
305	{
306	array_push($page['errors'], l10n('You cannot delete your account'));
307	}
308
309	if (count($page['errors']) == 0)
310	{
311	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
312	{
313	foreach ($collection as $user_id)
314	{
315	delete_user($user_id);
316	}
317	array_push(
318	$page['infos'],
319	l10n_dec(
320	'%d user deleted', '%d users deleted',
321	count($collection)
322	)
323	);
324	foreach ($page['filtered_users'] as $filter_key => $filter_user)
325	{
326	if (in_array($filter_user['id'], $collection))
327	{
328	unset($page['filtered_users'][$filter_key]);
329	}
330	}
331	}
332	else
333	{
334	array_push($page['errors'], l10n('You need to confirm deletion'));
335	}
336	}
337	}
338
339	// +-----------------------------------------------------------------------+
340	// \| preferences form submission \|
341	// +-----------------------------------------------------------------------+
342
343	if (isset($_POST['pref_submit']) and count($collection) > 0)
344	{
345	if (-1 != $_POST['associate'])
346	{
347	$datas = array();
348
349	$query = '
350	SELECT user_id
351	FROM '.USER_GROUP_TABLE.'
352	WHERE group_id = '.$_POST['associate'].'
353	;';
354	$associated = array_from_query($query, 'user_id');
355
356	$associable = array_diff($collection, $associated);
357
358	if (count($associable) > 0)
359	{
360	foreach ($associable as $item)
361	{
362	array_push($datas,
363	array('group_id'=>$_POST['associate'],
364	'user_id'=>$item));
365	}
366
367	mass_inserts(USER_GROUP_TABLE,
368	array('group_id', 'user_id'),
369	$datas);
370	}
371	}
372
373	if (-1 != $_POST['dissociate'])
374	{
375	$query = '
376	DELETE FROM '.USER_GROUP_TABLE.'
377	WHERE group_id = '.$_POST['dissociate'].'
378	AND user_id IN ('.implode(',', $collection).')
379	';
380	pwg_query($query);
381	}
382
383	// properties to set for the collection (a user list)
384	$datas = array();
385	$dbfields = array('primary' => array('user_id'), 'update' => array());
386
387	$formfields =
388	array('nb_image_page', 'theme', 'language',
389	'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
390	'show_nb_hits', 'maxheight', 'status', 'enabled_high',
391	'level');
392
393	$true_false_fields = array('expand', 'show_nb_comments',
394	'show_nb_hits', 'enabled_high');
395
396	foreach ($formfields as $formfield)
397	{
398	// special for true/false fields
399	if (in_array($formfield, $true_false_fields))
400	{
401	$test = $formfield;
402	}
403	else
404	{
405	$test = $formfield.'_action';
406	}
407
408	if ($_POST[$test] != 'leave')
409	{
410	array_push($dbfields['update'], $formfield);
411	}
412	}
413
414	// updating elements is useful only if needed...
415	if (count($dbfields['update']) > 0)
416	{
417	$datas = array();
418
419	foreach ($collection as $user_id)
420	{
421	$data = array();
422	$data['user_id'] = $user_id;
423
424	// TODO : verify if submited values are semanticaly correct
425	foreach ($dbfields['update'] as $dbfield)
426	{
427	// if the action is 'unset', the key won't be in row and
428	// mass_updates function will set this field to NULL
429	if (in_array($dbfield, $true_false_fields)
430	or 'set' == $_POST[$dbfield.'_action'])
431	{
432	$data[$dbfield] = $_POST[$dbfield];
433	}
434	}
435
436	// if the status is getting greater or equal to "admin", then level
437	// automatically switches to "admin" (8), unless the level is also
438	// defined in the same batch action.
439	if (isset($data['status']) and in_array($data['status'], array('webmaster', 'admin')))
440	{
441	if (!isset($data['level']))
442	{
443	$data['level'] = 8;
444	if (!in_array('level', $dbfields['update']))
445	{
446	array_push($dbfields['update'], 'level');
447	}
448	}
449	}
450
451	// special users checks
452	if
453	(
454	($conf['webmaster_id'] == $user_id) or
455	($conf['guest_id'] == $user_id) or
456	($conf['default_user_id'] == $user_id)
457	)
458	{
459	// status must not be changed
460	if (isset($data['status']))
461	{
462	if ($conf['webmaster_id'] == $user_id)
463	{
464	$data['status'] = 'webmaster';
465	}
466	else
467	{
468	$data['status'] = 'guest';
469	}
470	}
471	}
472
473	array_push($datas, $data);
474	}
475
476	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
477	}
478
479	redirect(
480	get_root_url().
481	'admin.php'.
482	get_query_string_diff(array(), false)
483	);
484	}
485
486	// +-----------------------------------------------------------------------+
487	// \| groups list \|
488	// +-----------------------------------------------------------------------+
489
490	$groups[-1] = '------------';
491
492	$query = '
493	SELECT id, name
494	FROM '.GROUPS_TABLE.'
495	ORDER BY name ASC
496	;';
497	$result = pwg_query($query);
498
499	while ($row = pwg_db_fetch_assoc($result))
500	{
501	$groups[$row['id']] = $row['name'];
502	}
503
504	// +-----------------------------------------------------------------------+
505	// \| template init \|
506	// +-----------------------------------------------------------------------+
507
508	$template->set_filenames(array('user_list'=>'user_list.tpl'));
509
510	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
511
512	if (isset($_GET['start']) and is_numeric($_GET['start']))
513	{
514	$start = $_GET['start'];
515	}
516	else
517	{
518	$start = 0;
519	}
520
521	$template->assign(
522	array(
523	'U_HELP' => get_root_url().'admin/popuphelp.php?page=user_list',
524
525	'F_ADD_ACTION' => $base_url,
526	'F_USERNAME' => @htmlentities($_GET['username'], ENT_COMPAT, 'UTF-8'),
527	'F_FILTER_ACTION' => get_root_url().'admin.php'
528	));
529
530	// Display or Hide double password type
531	$template->assign('Double_Password', $conf['double_password_type_in_admin'] );
532
533	// Filter status options
534	$status_options[-1] = '------------';
535	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
536	{
537	$status_options[$status] = l10n('user_status_'.$status);
538	}
539	$template->assign('status_options', $status_options);
540	$template->assign('status_selected',
541	isset($_GET['status']) ? $_GET['status'] : '');
542
543	// Filter group options
544	$template->assign('group_options', $groups);
545	$template->assign('group_selected',
546	isset($_GET['group']) ? $_GET['group'] : '');
547
548	// Filter order options
549	$template->assign('order_options', $page['order_by_items']);
550	$template->assign('order_selected',
551	isset($_GET['order_by']) ? $_GET['order_by'] : '');
552
553	// Filter direction options
554	$template->assign('direction_options', $page['direction_items']);
555	$template->assign('direction_selected',
556	isset($_GET['direction']) ? $_GET['direction'] : '');
557
558
559	if (isset($_POST['pref_submit']))
560	{
561	$template->assign(
562	array(
563	'NB_IMAGE_PAGE' => $_POST['nb_image_page'],
564	'MAXWIDTH' => $_POST['maxwidth'],
565	'MAXHEIGHT' => $_POST['maxheight'],
566	'RECENT_PERIOD' => $_POST['recent_period'],
567	));
568	}
569	else
570	{
571	$default_user = get_default_user_info(true);
572	$template->assign(
573	array(
574	'NB_IMAGE_PAGE' => $default_user['nb_image_page'],
575	'MAXWIDTH' => $default_user['maxwidth'],
576	'MAXHEIGHT' => $default_user['maxheight'],
577	'RECENT_PERIOD' => $default_user['recent_period'],
578	));
579	}
580
581	// Template Options
582	$template->assign('theme_options', get_pwg_themes());
583	$template->assign('theme_selected',
584	isset($_POST['pref_submit']) ? $_POST['theme'] : get_default_theme());
585
586	// Language options
587	$template->assign('language_options', get_languages());
588	$template->assign('language_selected',
589	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
590
591	// Status options
592	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
593	{
594	// Only status <= can be assign
595	if (is_autorize_status(get_access_type_status($status)))
596	{
597	$pref_status_options[$status] = l10n('user_status_'.$status);
598	}
599	}
600	$template->assign('pref_status_options', $pref_status_options);
601	$template->assign('pref_status_selected',
602	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
603
604	// associate and dissociate options
605	$template->assign('association_options', $groups);
606	$template->assign('associate_selected',
607	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
608	$template->assign('dissociate_selected',
609	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
610
611
612	// user level options
613	foreach ($conf['available_permission_levels'] as $level)
614	{
615	$level_options[$level] = l10n(sprintf('Level %d', $level));
616	}
617	$template->assign('level_options', $level_options);
618	$template->assign('level_selected',
619	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
620
621	// +-----------------------------------------------------------------------+
622	// \| navigation bar \|
623	// +-----------------------------------------------------------------------+
624
625	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
626
627	$navbar = create_navigation_bar(
628	$url,
629	count($page['filtered_users']),
630	$start,
631	$conf['users_page']
632	);
633
634	$template->assign('navbar', $navbar);
635
636	// +-----------------------------------------------------------------------+
637	// \| user list \|
638	// +-----------------------------------------------------------------------+
639
640	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
641	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
642
643	$visible_user_list = array();
644	foreach ($page['filtered_users'] as $num => $local_user)
645	{
646	// simulate LIMIT $start, $conf['users_page']
647	if ($num < $start)
648	{
649	continue;
650	}
651	if ($num >= $start + $conf['users_page'])
652	{
653	break;
654	}
655
656	$visible_user_list[] = $local_user;
657	}
658
659	// allow plugins to fill template var plugin_user_list_column_titles and
660	// plugin_columns/plugin_actions for each user in the list
661	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
662
663	foreach ($visible_user_list as $local_user)
664	{
665	$groups_string = preg_replace(
666	'/(\d+)/e',
667	"\$groups['$1']",
668	implode(
669	', ',
670	$local_user['groups']
671	)
672	);
673
674	if (isset($_POST['pref_submit'])
675	and isset($_POST['selection'])
676	and in_array($local_user['id'], $_POST['selection']))
677	{
678	$checked = 'checked="checked"';
679	}
680	else
681	{
682	$checked = '';
683	}
684
685	$properties = array();
686	if ( $local_user['level'] != 0 )
687	{
688	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
689	}
690	$properties[] =
691	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
692	? l10n('High definition') : l10n('');
693
694	$template->append(
695	'users',
696	array(
697	'ID' => $local_user['id'],
698	'CHECKED' => $checked,
699	'U_PROFILE' => $profile_url.$local_user['id'],
700	'U_PERM' => $perm_url.$local_user['id'],
701	'USERNAME' => stripslashes($local_user['username'])
702	.($local_user['id'] == $conf['guest_id']
703	? '<br>['.l10n('guest').']' : '')
704	.($local_user['id'] == $conf['default_user_id']
705	? '<br>['.l10n('default values').']' : ''),
706	'STATUS' => l10n('user_status_'.$local_user['status']),
707	'EMAIL' => get_email_address_as_display_text($local_user['email']),
708	'GROUPS' => $groups_string,
709	'PROPERTIES' => implode( ', ', $properties),
710	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
711	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
712	)
713	);
714	}
715
716	// +-----------------------------------------------------------------------+
717	// \| html code display \|
718	// +-----------------------------------------------------------------------+
719
720	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
721	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: