Context Navigation

source: tags/build-Butterfly02/admin/user_list.php @ 18701

Last change on this file since 18701 was 2299, checked in by plg, 16 years ago

Bug fixed: as rvelices notified me by email, my header replacement script was
bugged (r2297 was repeating new and old header).

By the way, I've also removed the replacement keywords. We were using them
because it was a common usage with CVS but it is advised not to use them with
Subversion. Personnaly, it is a problem when I search differences between 2
Piwigo installations outside Subversion.

Property svn:eol-style set to LF
Property svn:keywords set to Author Date Id Revision

File size: 19.7 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based picture gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	if (function_exists('mysql_real_escape_string'))
53	{
54	$filter['username'] = mysql_real_escape_string($username);
55	}
56	else
57	{
58	$filter['username'] = mysql_escape_string($username);
59	}
60	}
61
62	if (isset($_GET['group'])
63	and -1 != $_GET['group']
64	and is_numeric($_GET['group']))
65	{
66	$filter['group'] = $_GET['group'];
67	}
68
69	if (isset($_GET['status'])
70	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
71	{
72	$filter['status'] = $_GET['status'];
73	}
74
75	// how to order the list?
76	$order_by = 'id';
77	if (isset($_GET['order_by'])
78	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
79	{
80	$order_by = $_GET['order_by'];
81	}
82
83	$direction = 'ASC';
84	if (isset($_GET['direction'])
85	and in_array($_GET['direction'], array_keys($page['direction_items'])))
86	{
87	$direction = strtoupper($_GET['direction']);
88	}
89
90	// search users depending on filters and order
91	$query = '
92	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
93	u.'.$conf['user_fields']['username'].' AS username,
94	u.'.$conf['user_fields']['email'].' AS email,
95	ui.status,
96	ui.adviser,
97	ui.enabled_high,
98	ui.level
99	FROM '.USERS_TABLE.' AS u
100	INNER JOIN '.USER_INFOS_TABLE.' AS ui
101	ON u.'.$conf['user_fields']['id'].' = ui.user_id
102	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
103	ON u.'.$conf['user_fields']['id'].' = ug.user_id
104	WHERE u.'.$conf['user_fields']['id'].' > 0';
105	if (isset($filter['username']))
106	{
107	$query.= '
108	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
109	}
110	if (isset($filter['group']))
111	{
112	$query.= '
113	AND ug.group_id = '.$filter['group'];
114	}
115	if (isset($filter['status']))
116	{
117	$query.= '
118	AND ui.status = \''.$filter['status']."'";
119	}
120	$query.= '
121	ORDER BY '.$order_by.' '.$direction.'
122	;';
123
124	$result = pwg_query($query);
125	while ($row = mysql_fetch_array($result))
126	{
127	$user = $row;
128	$user['groups'] = array();
129
130	array_push($users, $user);
131	}
132
133	// add group lists
134	$user_ids = array();
135	foreach ($users as $i => $user)
136	{
137	$user_ids[$i] = $user['id'];
138	}
139	$user_nums = array_flip($user_ids);
140
141	if (count($user_ids) > 0)
142	{
143	$query = '
144	SELECT user_id, group_id
145	FROM '.USER_GROUP_TABLE.'
146	WHERE user_id IN ('.implode(',', $user_ids).')
147	;';
148	$result = pwg_query($query);
149	while ($row = mysql_fetch_array($result))
150	{
151	array_push(
152	$users[$user_nums[$row['user_id']]]['groups'],
153	$row['group_id']
154	);
155	}
156	}
157
158	return $users;
159	}
160
161	// +-----------------------------------------------------------------------+
162	// \| initialization \|
163	// +-----------------------------------------------------------------------+
164
165	if (!defined('PHPWG_ROOT_PATH'))
166	{
167	die('Hacking attempt!');
168	}
169
170	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
171
172	// +-----------------------------------------------------------------------+
173	// \| Check Access and exit when user status is not ok \|
174	// +-----------------------------------------------------------------------+
175	check_status(ACCESS_ADMINISTRATOR);
176
177	$page['order_by_items'] = array(
178	'id' => l10n('registration_date'),
179	'username' => l10n('Username'),
180	'level' => l10n('Privacy level'),
181	'language' => l10n('language'),
182	);
183
184	$page['direction_items'] = array(
185	'asc' => l10n('ascending'),
186	'desc' => l10n('descending')
187	);
188
189	// +-----------------------------------------------------------------------+
190	// \| add a user \|
191	// +-----------------------------------------------------------------------+
192
193	if (isset($_POST['submit_add']))
194	{
195	$page['errors'] = register_user(
196	$_POST['login'], $_POST['password'], $_POST['email'], false);
197
198	if (count($page['errors']) == 0)
199	{
200	array_push(
201	$page['infos'],
202	sprintf(
203	l10n('user "%s" added'),
204	$_POST['login']
205	)
206	);
207	}
208	}
209
210	// +-----------------------------------------------------------------------+
211	// \| user list \|
212	// +-----------------------------------------------------------------------+
213
214	$page['filtered_users'] = get_filtered_user_list();
215
216	// +-----------------------------------------------------------------------+
217	// \| selected users \|
218	// +-----------------------------------------------------------------------+
219
220	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
221	{
222	$collection = array();
223
224	switch ($_POST['target'])
225	{
226	case 'all' :
227	{
228	foreach($page['filtered_users'] as $local_user)
229	{
230	array_push($collection, $local_user['id']);
231	}
232	break;
233	}
234	case 'selection' :
235	{
236	if (isset($_POST['selection']))
237	{
238	$collection = $_POST['selection'];
239	}
240	break;
241	}
242	}
243
244	if (count($collection) == 0)
245	{
246	array_push($page['errors'], l10n('Select at least one user'));
247	}
248	}
249
250	// +-----------------------------------------------------------------------+
251	// \| delete users \|
252	// +-----------------------------------------------------------------------+
253	if (isset($_POST['delete']) and count($collection) > 0)
254	{
255	if (in_array($conf['guest_id'], $collection))
256	{
257	array_push($page['errors'], l10n('Guest cannot be deleted'));
258	}
259	if (($conf['guest_id'] != $conf['default_user_id']) and
260	in_array($conf['default_user_id'], $collection))
261	{
262	array_push($page['errors'], l10n('Default user cannot be deleted'));
263	}
264	if (in_array($conf['webmaster_id'], $collection))
265	{
266	array_push($page['errors'], l10n('Webmaster cannot be deleted'));
267	}
268	if (in_array($user['id'], $collection))
269	{
270	array_push($page['errors'], l10n('You cannot delete your account'));
271	}
272
273	if (count($page['errors']) == 0)
274	{
275	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
276	{
277	foreach ($collection as $user_id)
278	{
279	delete_user($user_id);
280	}
281	array_push(
282	$page['infos'],
283	l10n_dec(
284	'%d user deleted', '%d users deleted',
285	count($collection)
286	)
287	);
288	foreach ($page['filtered_users'] as $filter_key => $filter_user)
289	{
290	if (in_array($filter_user['id'], $collection))
291	{
292	unset($page['filtered_users'][$filter_key]);
293	}
294	}
295	}
296	else
297	{
298	array_push($page['errors'], l10n('You need to confirm deletion'));
299	}
300	}
301	}
302
303	// +-----------------------------------------------------------------------+
304	// \| preferences form submission \|
305	// +-----------------------------------------------------------------------+
306
307	if (isset($_POST['pref_submit']) and count($collection) > 0)
308	{
309	if (-1 != $_POST['associate'])
310	{
311	$datas = array();
312
313	$query = '
314	SELECT user_id
315	FROM '.USER_GROUP_TABLE.'
316	WHERE group_id = '.$_POST['associate'].'
317	;';
318	$associated = array_from_query($query, 'user_id');
319
320	$associable = array_diff($collection, $associated);
321
322	if (count($associable) > 0)
323	{
324	foreach ($associable as $item)
325	{
326	array_push($datas,
327	array('group_id'=>$_POST['associate'],
328	'user_id'=>$item));
329	}
330
331	mass_inserts(USER_GROUP_TABLE,
332	array('group_id', 'user_id'),
333	$datas);
334	}
335	}
336
337	if (-1 != $_POST['dissociate'])
338	{
339	$query = '
340	DELETE FROM '.USER_GROUP_TABLE.'
341	WHERE group_id = '.$_POST['dissociate'].'
342	AND user_id IN ('.implode(',', $collection).')
343	';
344	pwg_query($query);
345	}
346
347	// properties to set for the collection (a user list)
348	$datas = array();
349	$dbfields = array('primary' => array('user_id'), 'update' => array());
350
351	$formfields =
352	array('nb_image_line', 'nb_line_page', 'template', 'language',
353	'recent_period', 'maxwidth', 'expand', 'show_nb_comments',
354	'show_nb_hits', 'maxheight', 'status', 'enabled_high',
355	'level');
356
357	$true_false_fields = array('expand', 'show_nb_comments',
358	'show_nb_hits', 'enabled_high');
359	if ($conf['allow_adviser'])
360	{
361	array_push($formfields, 'adviser');
362	array_push($true_false_fields, 'adviser');
363	}
364
365	foreach ($formfields as $formfield)
366	{
367	// special for true/false fields
368	if (in_array($formfield, $true_false_fields))
369	{
370	$test = $formfield;
371	}
372	else
373	{
374	$test = $formfield.'_action';
375	}
376
377	if ($_POST[$test] != 'leave')
378	{
379	array_push($dbfields['update'], $formfield);
380	}
381	}
382
383	// updating elements is useful only if needed...
384	if (count($dbfields['update']) > 0)
385	{
386	$datas = array();
387
388	foreach ($collection as $user_id)
389	{
390	$data = array();
391	$data['user_id'] = $user_id;
392
393	// TODO : verify if submited values are semanticaly correct
394	foreach ($dbfields['update'] as $dbfield)
395	{
396	// if the action is 'unset', the key won't be in row and
397	// mass_updates function will set this field to NULL
398	if (in_array($dbfield, $true_false_fields)
399	or 'set' == $_POST[$dbfield.'_action'])
400	{
401	$data[$dbfield] = $_POST[$dbfield];
402	}
403	}
404
405	// special users checks
406	if
407	(
408	($conf['webmaster_id'] == $user_id) or
409	($conf['guest_id'] == $user_id) or
410	($conf['default_user_id'] == $user_id)
411	)
412	{
413	// status must not be changed
414	if (isset($data['status']))
415	{
416	if ($conf['webmaster_id'] == $user_id)
417	{
418	$data['status'] = 'webmaster';
419	}
420	else
421	{
422	$data['status'] = 'guest';
423	}
424	}
425
426	// could not be adivser
427	if (isset($data['adviser']))
428	{
429	$data['adviser'] = 'false';
430	}
431	}
432
433	array_push($datas, $data);
434	}
435
436	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
437	}
438
439	redirect(
440	get_root_url().
441	'admin.php'.
442	get_query_string_diff(array(), false)
443	);
444	}
445
446	// +-----------------------------------------------------------------------+
447	// \| groups list \|
448	// +-----------------------------------------------------------------------+
449
450	$groups[-1] = '------------';
451
452	$query = '
453	SELECT id, name
454	FROM '.GROUPS_TABLE.'
455	ORDER BY name ASC
456	;';
457	$result = pwg_query($query);
458
459	while ($row = mysql_fetch_array($result))
460	{
461	$groups[$row['id']] = $row['name'];
462	}
463
464	// +-----------------------------------------------------------------------+
465	// \| template init \|
466	// +-----------------------------------------------------------------------+
467
468	$template->set_filenames(array('user_list'=>'admin/user_list.tpl'));
469
470	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
471
472	if (isset($_GET['start']) and is_numeric($_GET['start']))
473	{
474	$start = $_GET['start'];
475	}
476	else
477	{
478	$start = 0;
479	}
480
481	$template->assign(
482	array(
483	'U_HELP' => get_root_url().'popuphelp.php?page=user_list',
484
485	'F_ADD_ACTION' => $base_url,
486	'F_USERNAME' => @htmlentities($_GET['username']),
487	'F_FILTER_ACTION' => get_root_url().'admin.php'
488	));
489
490	// Hide radio-button if not allow to assign adviser
491	if ($conf['allow_adviser'])
492	{
493	$template->assign('adviser', true);
494	}
495
496	// Filter status options
497	$status_options[-1] = '------------';
498	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
499	{
500	$status_options[$status] = l10n('user_status_'.$status);
501	}
502	$template->assign('status_options', $status_options);
503	$template->assign('status_selected',
504	isset($_GET['status']) ? $_GET['status'] : '');
505
506	// Filter group options
507	$template->assign('group_options', $groups);
508	$template->assign('group_selected',
509	isset($_GET['group']) ? $_GET['group'] : '');
510
511	// Filter order options
512	$template->assign('order_options', $page['order_by_items']);
513	$template->assign('order_selected',
514	isset($_GET['order_by']) ? $_GET['order_by'] : '');
515
516	// Filter direction options
517	$template->assign('direction_options', $page['direction_items']);
518	$template->assign('direction_selected',
519	isset($_GET['direction']) ? $_GET['direction'] : '');
520
521
522	if (isset($_POST['pref_submit']))
523	{
524	$template->assign(
525	array(
526	'NB_IMAGE_LINE' => $_POST['nb_image_line'],
527	'NB_LINE_PAGE' => $_POST['nb_line_page'],
528	'MAXWIDTH' => $_POST['maxwidth'],
529	'MAXHEIGHT' => $_POST['maxheight'],
530	'RECENT_PERIOD' => $_POST['recent_period'],
531	));
532	}
533	else
534	{
535	$default_user = get_default_user_info(true);
536	$template->assign(
537	array(
538	'NB_IMAGE_LINE' => $default_user['nb_image_line'],
539	'NB_LINE_PAGE' => $default_user['nb_line_page'],
540	'MAXWIDTH' => $default_user['maxwidth'],
541	'MAXHEIGHT' => $default_user['maxheight'],
542	'RECENT_PERIOD' => $default_user['recent_period'],
543	));
544	}
545
546	// Template Options
547	$template->assign('template_options', get_pwg_themes());
548	$template->assign('template_selected',
549	isset($_POST['pref_submit']) ? $_POST['template'] : get_default_template());
550
551	// Language options
552	$template->assign('language_options', get_languages());
553	$template->assign('language_selected',
554	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
555
556	// Status options
557	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
558	{
559	// Only status <= can be assign
560	if (is_autorize_status(get_access_type_status($status)))
561	{
562	$pref_status_options[$status] = l10n('user_status_'.$status);
563	}
564	}
565	$template->assign('pref_status_options', $pref_status_options);
566	$template->assign('pref_status_selected',
567	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
568
569	// associate and dissociate options
570	$template->assign('association_options', $groups);
571	$template->assign('associate_selected',
572	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
573	$template->assign('dissociate_selected',
574	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
575
576
577	// user level options
578	foreach ($conf['available_permission_levels'] as $level)
579	{
580	$level_options[$level] = l10n(sprintf('Level %d', $level));
581	}
582	$template->assign('level_options', $level_options);
583	$template->assign('level_selected',
584	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
585
586	// +-----------------------------------------------------------------------+
587	// \| navigation bar \|
588	// +-----------------------------------------------------------------------+
589
590	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
591
592	$navbar = create_navigation_bar(
593	$url,
594	count($page['filtered_users']),
595	$start,
596	$conf['users_page']
597	);
598
599	$template->assign('NAVBAR', $navbar);
600
601	// +-----------------------------------------------------------------------+
602	// \| user list \|
603	// +-----------------------------------------------------------------------+
604
605	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
606	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
607
608	$visible_user_list = array();
609	foreach ($page['filtered_users'] as $num => $local_user)
610	{
611	// simulate LIMIT $start, $conf['users_page']
612	if ($num < $start)
613	{
614	continue;
615	}
616	if ($num >= $start + $conf['users_page'])
617	{
618	break;
619	}
620
621	$visible_user_list[] = $local_user;
622	}
623
624	// allow plugins to fill template var plugin_user_list_column_titles and
625	// plugin_columns/plugin_actions for each user in the list
626	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
627
628	foreach ($visible_user_list as $local_user)
629	{
630	$groups_string = preg_replace(
631	'/(\d+)/e',
632	"\$groups['$1']",
633	implode(
634	', ',
635	$local_user['groups']
636	)
637	);
638
639	if (isset($_POST['pref_submit'])
640	and isset($_POST['selection'])
641	and in_array($local_user['id'], $_POST['selection']))
642	{
643	$checked = 'checked="checked"';
644	}
645	else
646	{
647	$checked = '';
648	}
649
650	$properties = array();
651	if ( $local_user['level'] != 0 )
652	{
653	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
654	}
655	$properties[] =
656	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
657	? l10n('is_high_enabled') : l10n('is_high_disabled');
658
659	$template->append(
660	'users',
661	array(
662	'ID' => $local_user['id'],
663	'CHECKED' => $checked,
664	'U_PROFILE' => $profile_url.$local_user['id'],
665	'U_PERM' => $perm_url.$local_user['id'],
666	'USERNAME' => $local_user['username']
667	.($local_user['id'] == $conf['guest_id']
668	? '<BR />['.l10n('is_the_guest').']' : '')
669	.($local_user['id'] == $conf['default_user_id']
670	? '<BR />['.l10n('is_the_default').']' : ''),
671	'STATUS' => l10n('user_status_'.
672	$local_user['status']).(($local_user['adviser'] == 'true')
673	? '<BR />['.l10n('adviser').']' : ''),
674	'EMAIL' => get_email_address_as_display_text($local_user['email']),
675	'GROUPS' => $groups_string,
676	'PROPERTIES' => implode( ', ', $properties),
677	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
678	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
679	)
680	);
681	}
682
683	// +-----------------------------------------------------------------------+
684	// \| html code display \|
685	// +-----------------------------------------------------------------------+
686
687	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
688	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: