Context Navigation

source: branches/2.5/admin/user_list.php @ 21187

Last change on this file since 21187 was 19703, checked in by plg, 12 years ago
update Piwigo headers to 2013 (the end of the world didn't occur as expected on r12922)
Property svn:eol-style set to `LF`
File size: 21.9 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2013 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	$filter['username'] = pwg_db_real_escape_string($username);
53	}
54
55	if (isset($_GET['group'])
56	and -1 != $_GET['group']
57	and is_numeric($_GET['group']))
58	{
59	$filter['group'] = $_GET['group'];
60	}
61
62	if (isset($_GET['status'])
63	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
64	{
65	$filter['status'] = $_GET['status'];
66	}
67
68	// how to order the list?
69	$order_by = 'id';
70	if (isset($_GET['order_by'])
71	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
72	{
73	$order_by = $_GET['order_by'];
74	}
75
76	$direction = 'ASC';
77	if (isset($_GET['direction'])
78	and in_array($_GET['direction'], array_keys($page['direction_items'])))
79	{
80	$direction = strtoupper($_GET['direction']);
81	}
82
83	// search users depending on filters and order
84	$query = '
85	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
86	u.'.$conf['user_fields']['username'].' AS username,
87	u.'.$conf['user_fields']['email'].' AS email,
88	ui.status,
89	ui.enabled_high,
90	ui.level
91	FROM '.USERS_TABLE.' AS u
92	INNER JOIN '.USER_INFOS_TABLE.' AS ui
93	ON u.'.$conf['user_fields']['id'].' = ui.user_id
94	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
95	ON u.'.$conf['user_fields']['id'].' = ug.user_id
96	WHERE u.'.$conf['user_fields']['id'].' > 0';
97	if (isset($filter['username']))
98	{
99	$query.= '
100	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
101	}
102	if (isset($filter['group']))
103	{
104	$query.= '
105	AND ug.group_id = '.$filter['group'];
106	}
107	if (isset($filter['status']))
108	{
109	$query.= '
110	AND ui.status = \''.$filter['status']."'";
111	}
112	$query.= '
113	ORDER BY '.$order_by.' '.$direction.'
114	;';
115
116	$result = pwg_query($query);
117	while ($row = pwg_db_fetch_assoc($result))
118	{
119	$user = $row;
120	$user['groups'] = array();
121
122	array_push($users, $user);
123	}
124
125	// add group lists
126	$user_ids = array();
127	foreach ($users as $i => $user)
128	{
129	$user_ids[$i] = $user['id'];
130	}
131	$user_nums = array_flip($user_ids);
132
133	if (count($user_ids) > 0)
134	{
135	$query = '
136	SELECT user_id, group_id
137	FROM '.USER_GROUP_TABLE.'
138	WHERE user_id IN ('.implode(',', $user_ids).')
139	;';
140	$result = pwg_query($query);
141	while ($row = pwg_db_fetch_assoc($result))
142	{
143	array_push(
144	$users[$user_nums[$row['user_id']]]['groups'],
145	$row['group_id']
146	);
147	}
148	}
149
150	return $users;
151	}
152
153	// +-----------------------------------------------------------------------+
154	// \| initialization \|
155	// +-----------------------------------------------------------------------+
156
157	if (!defined('PHPWG_ROOT_PATH'))
158	{
159	die('Hacking attempt!');
160	}
161
162	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
163
164	// +-----------------------------------------------------------------------+
165	// \| Check Access and exit when user status is not ok \|
166	// +-----------------------------------------------------------------------+
167	check_status(ACCESS_ADMINISTRATOR);
168
169	$page['order_by_items'] = array(
170	'id' => l10n('registration date'),
171	'username' => l10n('Username'),
172	'level' => l10n('Privacy level'),
173	'Language' => l10n('Language'),
174	'email' => l10n('Email address'),
175	);
176
177	$page['direction_items'] = array(
178	'asc' => l10n('ascending'),
179	'desc' => l10n('descending')
180	);
181
182	// +-----------------------------------------------------------------------+
183	// \| add a user \|
184	// +-----------------------------------------------------------------------+
185
186	// Check for config_default var - If True : Using double password type else single password type
187	// This feature is discussed on Piwigo's english forum
188	if ($conf['double_password_type_in_admin'] == true)
189	{
190	if (isset($_POST['submit_add']))
191	{
192	if(empty($_POST['password']))
193	{
194	array_push($page['errors'], l10n('Password is missing. Please enter the password.'));
195	}
196	else if(empty($_POST['password_conf']))
197	{
198	array_push($page['errors'], l10n('Password confirmation is missing. Please confirm the chosen password.'));
199	}
200	else if(empty($_POST['email']))
201	{
202	array_push($page['errors'], l10n('Email address is missing. Please specify an email address.'));
203	}
204	else if ($_POST['password'] != $_POST['password_conf'])
205	{
206	array_push($page['errors'], l10n('The passwords do not match'));
207	}
208	else
209	{
210	$page['errors'] = register_user(
211	$_POST['login'], $_POST['password'], $_POST['email'], false);
212
213	if (count($page['errors']) == 0)
214	{
215	array_push(
216	$page['infos'],
217	sprintf(
218	l10n('user "%s" added'),
219	$_POST['login']
220	)
221	);
222	}
223	}
224	}
225	}
226	else if ($conf['double_password_type_in_admin'] == false)
227	{
228	if (isset($_POST['submit_add']))
229	{
230	$page['errors'] = register_user(
231	$_POST['login'], $_POST['password'], $_POST['email'], false);
232
233	if (count($page['errors']) == 0)
234	{
235	array_push(
236	$page['infos'],
237	sprintf(
238	l10n('user "%s" added'),
239	stripslashes($_POST['login'])
240	)
241	);
242	}
243	}
244	}
245
246	// email notification
247	if (
248	isset($_POST['submit_add'])
249	and count($page['errors']) == 0
250	and !empty($_POST['email'])
251	and isset($_POST['send_password_by_mail'])
252	)
253	{
254	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
255
256	$keyargs_content = array(
257	get_l10n_args('Hello %s,', $_POST['login']),
258	get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']),
259	get_l10n_args('', ''),
260	get_l10n_args('Here are your connection settings', ''),
261	get_l10n_args('Username: %s', $_POST['login']),
262	get_l10n_args('Password: %s', $_POST['password']),
263	get_l10n_args('Email: %s', $_POST['email']),
264	get_l10n_args('', ''),
265	get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()),
266	);
267
268	pwg_mail(
269	$_POST['email'],
270	array(
271	'subject' => '['.$conf['gallery_title'].'] '.l10n('Registration'),
272	'content' => l10n_args($keyargs_content),
273	'content_format' => 'text/plain',
274	)
275	);
276	}
277
278	// +-----------------------------------------------------------------------+
279	// \| user list \|
280	// +-----------------------------------------------------------------------+
281
282	$page['filtered_users'] = get_filtered_user_list();
283
284	// +-----------------------------------------------------------------------+
285	// \| selected users \|
286	// +-----------------------------------------------------------------------+
287
288	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
289	{
290	$collection = array();
291
292	switch ($_POST['target'])
293	{
294	case 'all' :
295	{
296	foreach($page['filtered_users'] as $local_user)
297	{
298	array_push($collection, $local_user['id']);
299	}
300	break;
301	}
302	case 'selection' :
303	{
304	if (isset($_POST['selection']))
305	{
306	$collection = $_POST['selection'];
307	}
308	break;
309	}
310	}
311
312	if (count($collection) == 0)
313	{
314	array_push($page['errors'], l10n('Select at least one user'));
315	}
316	}
317
318	// +-----------------------------------------------------------------------+
319	// \| delete users \|
320	// +-----------------------------------------------------------------------+
321	if (isset($_POST['delete']) and count($collection) > 0)
322	{
323	if (in_array($conf['guest_id'], $collection))
324	{
325	array_push($page['errors'], l10n('Guest cannot be deleted'));
326	}
327	if (($conf['guest_id'] != $conf['default_user_id']) and
328	in_array($conf['default_user_id'], $collection))
329	{
330	array_push($page['errors'], l10n('Default user cannot be deleted'));
331	}
332	if (in_array($conf['webmaster_id'], $collection))
333	{
334	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
335	}
336	if (in_array($user['id'], $collection))
337	{
338	array_push($page['errors'], l10n('You cannot delete your account'));
339	}
340
341	if (count($page['errors']) == 0)
342	{
343	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
344	{
345	foreach ($collection as $user_id)
346	{
347	delete_user($user_id);
348	}
349	array_push(
350	$page['infos'],
351	l10n_dec(
352	'%d user deleted', '%d users deleted',
353	count($collection)
354	)
355	);
356	foreach ($page['filtered_users'] as $filter_key => $filter_user)
357	{
358	if (in_array($filter_user['id'], $collection))
359	{
360	unset($page['filtered_users'][$filter_key]);
361	}
362	}
363	}
364	else
365	{
366	array_push($page['errors'], l10n('You need to confirm deletion'));
367	}
368	}
369	}
370
371	// +-----------------------------------------------------------------------+
372	// \| preferences form submission \|
373	// +-----------------------------------------------------------------------+
374
375	if (isset($_POST['pref_submit']) and count($collection) > 0)
376	{
377	if (-1 != $_POST['associate'])
378	{
379	$datas = array();
380
381	$query = '
382	SELECT user_id
383	FROM '.USER_GROUP_TABLE.'
384	WHERE group_id = '.$_POST['associate'].'
385	;';
386	$associated = array_from_query($query, 'user_id');
387
388	$associable = array_diff($collection, $associated);
389
390	if (count($associable) > 0)
391	{
392	foreach ($associable as $item)
393	{
394	array_push($datas,
395	array('group_id'=>$_POST['associate'],
396	'user_id'=>$item));
397	}
398
399	mass_inserts(USER_GROUP_TABLE,
400	array('group_id', 'user_id'),
401	$datas);
402	}
403	}
404
405	if (-1 != $_POST['dissociate'])
406	{
407	$query = '
408	DELETE FROM '.USER_GROUP_TABLE.'
409	WHERE group_id = '.$_POST['dissociate'].'
410	AND user_id IN ('.implode(',', $collection).')
411	';
412	pwg_query($query);
413	}
414
415	// properties to set for the collection (a user list)
416	$datas = array();
417	$dbfields = array('primary' => array('user_id'), 'update' => array());
418
419	$formfields = array(
420	'nb_image_page', 'theme', 'language',
421	'recent_period', 'expand', 'show_nb_hits',
422	'status', 'enabled_high', 'level'
423	);
424
425	$true_false_fields = array('expand', 'show_nb_hits', 'enabled_high');
426
427	if ($conf['activate_comments'])
428	{
429	array_push($formfields, 'show_nb_comments');
430	array_push($true_false_fields, 'show_nb_comments');
431	}
432
433	foreach ($formfields as $formfield)
434	{
435	// special for true/false fields
436	if (in_array($formfield, $true_false_fields))
437	{
438	$test = $formfield;
439	}
440	else
441	{
442	$test = $formfield.'_action';
443	}
444
445	if ($_POST[$test] != 'leave')
446	{
447	array_push($dbfields['update'], $formfield);
448	}
449	}
450
451	// updating elements is useful only if needed...
452	if (count($dbfields['update']) > 0)
453	{
454	$datas = array();
455
456	foreach ($collection as $user_id)
457	{
458	$data = array();
459	$data['user_id'] = $user_id;
460
461	// TODO : verify if submited values are semanticaly correct
462	foreach ($dbfields['update'] as $dbfield)
463	{
464	// if the action is 'unset', the key won't be in row and
465	// mass_updates function will set this field to NULL
466	if (in_array($dbfield, $true_false_fields)
467	or 'set' == $_POST[$dbfield.'_action'])
468	{
469	$data[$dbfield] = $_POST[$dbfield];
470	}
471	}
472
473	// if the status is getting greater or equal to "admin", then level
474	// automatically switches to "admin" (8), unless the level is also
475	// defined in the same batch action.
476	if (isset($data['status']) and in_array($data['status'], array('webmaster', 'admin')))
477	{
478	if (!isset($data['level']))
479	{
480	$data['level'] = 8;
481	if (!in_array('level', $dbfields['update']))
482	{
483	array_push($dbfields['update'], 'level');
484	}
485	}
486	}
487
488	// special users checks
489	if
490	(
491	($conf['webmaster_id'] == $user_id) or
492	($conf['guest_id'] == $user_id) or
493	($conf['default_user_id'] == $user_id)
494	)
495	{
496	// status must not be changed
497	if (isset($data['status']))
498	{
499	if ($conf['webmaster_id'] == $user_id)
500	{
501	$data['status'] = 'webmaster';
502	}
503	else
504	{
505	$data['status'] = 'guest';
506	}
507	}
508	}
509
510	array_push($datas, $data);
511	}
512
513	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
514	}
515
516	redirect(
517	get_root_url().
518	'admin.php'.
519	get_query_string_diff(array(), false)
520	);
521	}
522
523	// +-----------------------------------------------------------------------+
524	// \| groups list \|
525	// +-----------------------------------------------------------------------+
526
527	$groups[-1] = '------------';
528
529	$query = '
530	SELECT id, name
531	FROM '.GROUPS_TABLE.'
532	ORDER BY name ASC
533	;';
534	$result = pwg_query($query);
535
536	while ($row = pwg_db_fetch_assoc($result))
537	{
538	$groups[$row['id']] = $row['name'];
539	}
540
541	// +-----------------------------------------------------------------------+
542	// \| template init \|
543	// +-----------------------------------------------------------------------+
544
545	$template->set_filenames(array('user_list'=>'user_list.tpl'));
546
547	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
548
549	if (isset($_GET['start']) and is_numeric($_GET['start']))
550	{
551	$start = $_GET['start'];
552	}
553	else
554	{
555	$start = 0;
556	}
557
558	$template->assign(
559	array(
560	'U_HELP' => get_root_url().'admin/popuphelp.php?page=user_list',
561
562	'F_ADD_ACTION' => $base_url,
563	'F_USERNAME' => @htmlentities($_GET['username'], ENT_COMPAT, 'UTF-8'),
564	'F_FILTER_ACTION' => get_root_url().'admin.php',
565
566	'ACTIVATE_COMMENTS' => $conf['activate_comments'],
567	));
568
569	// Display or Hide double password type
570	$template->assign('Double_Password', $conf['double_password_type_in_admin'] );
571
572	// Filter status options
573	$status_options[-1] = '------------';
574	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
575	{
576	$status_options[$status] = l10n('user_status_'.$status);
577	}
578	$template->assign('status_options', $status_options);
579	$template->assign('status_selected',
580	isset($_GET['status']) ? $_GET['status'] : '');
581
582	// Filter group options
583	$template->assign('group_options', $groups);
584	$template->assign('group_selected',
585	isset($_GET['group']) ? $_GET['group'] : '');
586
587	// Filter order options
588	$template->assign('order_options', $page['order_by_items']);
589	$template->assign('order_selected',
590	isset($_GET['order_by']) ? $_GET['order_by'] : '');
591
592	// Filter direction options
593	$template->assign('direction_options', $page['direction_items']);
594	$template->assign('direction_selected',
595	isset($_GET['direction']) ? $_GET['direction'] : '');
596
597
598	if (isset($_POST['pref_submit']))
599	{
600	$template->assign(
601	array(
602	'NB_IMAGE_PAGE' => $_POST['nb_image_page'],
603	'RECENT_PERIOD' => $_POST['recent_period'],
604	));
605	}
606	else
607	{
608	$default_user = get_default_user_info(true);
609	$template->assign(
610	array(
611	'NB_IMAGE_PAGE' => $default_user['nb_image_page'],
612	'RECENT_PERIOD' => $default_user['recent_period'],
613	));
614	}
615
616	// Template Options
617	$template->assign('theme_options', get_pwg_themes());
618	$template->assign('theme_selected',
619	isset($_POST['pref_submit']) ? $_POST['theme'] : get_default_theme());
620
621	// Language options
622	$template->assign('language_options', get_languages());
623	$template->assign('language_selected',
624	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
625
626	// Status options
627	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
628	{
629	// Only status <= can be assign
630	if (is_autorize_status(get_access_type_status($status)))
631	{
632	$pref_status_options[$status] = l10n('user_status_'.$status);
633	}
634	}
635	$template->assign('pref_status_options', $pref_status_options);
636	$template->assign('pref_status_selected',
637	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
638
639	// associate and dissociate options
640	$template->assign('association_options', $groups);
641	$template->assign('associate_selected',
642	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
643	$template->assign('dissociate_selected',
644	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
645
646
647	// user level options
648	foreach ($conf['available_permission_levels'] as $level)
649	{
650	$level_options[$level] = l10n(sprintf('Level %d', $level));
651	}
652	$template->assign('level_options', $level_options);
653	$template->assign('level_selected',
654	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
655
656	// +-----------------------------------------------------------------------+
657	// \| navigation bar \|
658	// +-----------------------------------------------------------------------+
659
660	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
661
662	$navbar = create_navigation_bar(
663	$url,
664	count($page['filtered_users']),
665	$start,
666	$conf['users_page']
667	);
668
669	$template->assign('navbar', $navbar);
670
671	// +-----------------------------------------------------------------------+
672	// \| user list \|
673	// +-----------------------------------------------------------------------+
674
675	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
676	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
677
678	$visible_user_list = array();
679	foreach ($page['filtered_users'] as $num => $local_user)
680	{
681	// simulate LIMIT $start, $conf['users_page']
682	if ($num < $start)
683	{
684	continue;
685	}
686	if ($num >= $start + $conf['users_page'])
687	{
688	break;
689	}
690
691	$visible_user_list[] = $local_user;
692	}
693
694	// allow plugins to fill template var plugin_user_list_column_titles and
695	// plugin_columns/plugin_actions for each user in the list
696	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
697
698	foreach ($visible_user_list as $local_user)
699	{
700	$groups_string = preg_replace(
701	'/(\d+)/e',
702	"\$groups['$1']",
703	implode(
704	', ',
705	$local_user['groups']
706	)
707	);
708
709	if (isset($_POST['pref_submit'])
710	and isset($_POST['selection'])
711	and in_array($local_user['id'], $_POST['selection']))
712	{
713	$checked = 'checked="checked"';
714	}
715	else
716	{
717	$checked = '';
718	}
719
720	$properties = array();
721	if ( $local_user['level'] != 0 )
722	{
723	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
724	}
725	$properties[] =
726	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
727	? l10n('High definition') : l10n('');
728
729	$template->append(
730	'users',
731	array(
732	'ID' => $local_user['id'],
733	'CHECKED' => $checked,
734	'U_PROFILE' => $profile_url.$local_user['id'],
735	'U_PERM' => $perm_url.$local_user['id'],
736	'USERNAME' => stripslashes($local_user['username'])
737	.($local_user['id'] == $conf['guest_id']
738	? '<br>['.l10n('guest').']' : '')
739	.($local_user['id'] == $conf['default_user_id']
740	? '<br>['.l10n('default values').']' : ''),
741	'STATUS' => l10n('user_status_'.$local_user['status']),
742	'EMAIL' => get_email_address_as_display_text($local_user['email']),
743	'GROUPS' => $groups_string,
744	'PROPERTIES' => implode( ', ', $properties),
745	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
746	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
747	)
748	);
749	}
750
751	// +-----------------------------------------------------------------------+
752	// \| html code display \|
753	// +-----------------------------------------------------------------------+
754
755	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
756	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: