Context Navigation

source: tags/version_1_3/admin/ajout.php @ 14166

Last change on this file since 14166 was 2, checked in by z0rglub, 21 years ago
Initial revision
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 10.5 KB

Line
1	<?php
2	/***************************************************************************
3	* ajout.php is a part of PhpWebGallery *
4	* ------------------- *
5	* last update : Tuesday, July 16, 2002 *
6	* email : pierrick@z0rglub.com *
7	* *
8	***************************************************************************/
9
10	/***************************************************************************
11	* *
12	* This program is free software; you can redistribute it and/or modify *
13	* it under the terms of the GNU General Public License as published by *
14	* the Free Software Foundation; *
15	* *
16	***************************************************************************/
17
18	include_once( "./include/isadmin.inc.php" );
19	$error = array();
20	$absent = false;
21
22	$row = mysql_fetch_array( mysql_query( "select pseudo,status,mail_address from $prefixeTable"."users where id = '".$HTTP_GET_VARS['user_id']."';" ) );
23	$pseudo = $row['pseudo'];
24	$status = $row['status'];
25	$mail_address = $row['mail_address'];
26	if ( $pseudo == "visiteur" \|\| ( $pseudo == $conf['webmaster'] && $user['pseudo'] != $conf['webmaster'] ) )
27	{
28	echo "<div class=\"erreur\">".$lang['user_err_modify']."</div>";
29	$absent = true;
30	}
31	if ( $HTTP_GET_VARS['mode'] == "modif" )
32	{
33	if ( $pseudo == "" )
34	{
35	echo"<div class=\"info\">".$lang['user_err_unknown']."</div>";
36	$absent = true;
37	}
38	}
39	if ( !$absent )
40	{
41	if ( $HTTP_GET_VARS['valider'] == 1 )
42	{
43	$i = 0;
44	// le pseudo ne doit pas
45	// 1. être vide
46	// 2. commencer ou se terminer par un espace
47	// 3. comporter les caractères ' ou "
48	// 4. être déjà utilisé
49	// Notes sur le pseudo du webmaster :
50	// - lorsque l'on trouve plusieurs occurences consécutives du caractère espace, on réduit à une seule occurence
51	if ( $HTTP_GET_VARS['mode'] != "modif" )
52	{
53	if ( $HTTP_POST_VARS['pseudo'] == "" )
54	{
55	$error[$i++] = $lang['reg_err_login1'];
56	}
57	$pseudo = ereg_replace( "[ ]{2,}", " ", $HTTP_POST_VARS['pseudo'] );
58	if ( ereg( "^.* $", $pseudo) )
59	{
60	$error[$i++] = $lang['reg_err_login2'];
61	}
62	if ( ereg( "^ .*$", $pseudo) )
63	{
64	$error[$i++] = $lang['reg_err_login3'];
65	}
66	if ( ereg( "'",$pseudo ) \|\| ereg( "\"",$pseudo ) )
67	{
68	$error[$i++] = $lang['reg_err_login4'];
69	}
70	else
71	{
72	$query = "select id from $prefixeTable"."users where pseudo = '$pseudo';";
73	$result = mysql_query( $query );
74	if ( mysql_num_rows( $result ) > 0 )
75	{
76	$error[$i++] = "<li>".$lang['reg_err_login5']."</li>";
77	}
78	}
79	}
80	// le mail doit être conforme à qqch du type : nom@serveur.com
81	if( $HTTP_POST_VARS['mail_address'] != "" && !ereg( "([_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)+)", $HTTP_POST_VARS['mail_address'] ) )
82	{
83	$error[$i++] = $lang['reg_err_mail_address'];
84	}
85	// mis à jour des variables pour ne pas afficher celles issue de la BD
86	$pseudo = $HTTP_POST_VARS['pseudo'];
87	$password = $HTTP_POST_VARS['password'];
88	$status = $HTTP_POST_VARS['status'];
89	$mail_address = $HTTP_POST_VARS['mail_address'];
90	// on met à jour les paramètres de l'applicaiton dans le cas où il n'y aucune erreur
91	if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['mode'] != "modif" )
92	{
93	// 1.récupération des valeurs par défaut de l'application pour nombre_image_ligne,nombre_ligne_page,couleur,language
94	$row = mysql_fetch_array( mysql_query( "select nombre_image_ligne,nombre_ligne_page,theme,language from $prefixeTable"."users where pseudo = 'visiteur';" ) );
95	// 2.ajout du nouvel utilisateur
96	$query = "insert into $prefixeTable"."users (pseudo,password,mail_address,nombre_image_ligne,nombre_ligne_page,theme,language,status) values ('$pseudo','".md5( $HTTP_POST_VARS['password'] )."',";
97	if ( $HTTP_POST_VARS['mail_address'] != "" )
98	{
99	$query.= "'".$HTTP_POST_VARS['mail_address']."'";
100	}
101	else
102	{
103	$query.= "NULL";
104	}
105	$query.= ",'".$row['nombre_image_ligne']."','".$row['nombre_ligne_page']."','".$row['theme']."','".$row['language']."','".$HTTP_POST_VARS['status']."');";
106	mysql_query( $query );
107	// 3. récupérer l'identifiant de l'utilisateur nouvellement créé
108	$row = mysql_fetch_array( mysql_query( "select id from $prefixeTable"."users where pseudo = '$pseudo';" ) );
109	$user_id = $row['id'];
110	// 4.ajouter les restrictions au nouvel utilisateur, les mêmes que celles de l'utilisateur par défaut
111	$query = "select cat_id ";
112	$query.= "from $prefixeTable"."restrictions as r,$prefixeTable"."users as u ";
113	$query.= "where u.id = r.user_id ";
114	$query.= "and u.pseudo = 'visiteur';";
115	$result = mysql_query( $query );
116	while( $row = mysql_fetch_array( $result ) )
117	{
118	mysql_query ( "insert into $prefixeTable"."restrictions (user_id,cat_id) values ('$user_id','".$row['cat_id']."');" );
119	}
120	}
121	if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['mode'] == "modif" )
122	{
123	$query = "update $prefixeTable"."users";
124	$query.= " set status = '".$HTTP_POST_VARS['status']."'";
125	if ( $HTTP_POST_VARS['use_new_pwd'] == 1 )
126	{
127	$query.= ", password = '".md5( $HTTP_POST_VARS['password'] )."'";
128	}
129	$query.= ", mail_address = ";
130	if ( $HTTP_POST_VARS['mail_address'] != "" )
131	{
132	$query.= "'".$HTTP_POST_VARS['mail_address']."'";
133	}
134	else
135	{
136	$query.= "NULL";
137	}
138	$query.= " where id = '".$HTTP_GET_VARS['user_id']."';";
139	mysql_query( $query );
140	}
141	}
142	if ( sizeof( $error ) > 0 )
143	{
144	echo "<div class=\"erreur\">".$lang['adduser_err_message'].sizeof( $error )." :";
145	echo "<ul>";
146	for ( $i = 0; $i < sizeof( $error ); $i++ )
147	{
148	echo "<li>".$error[$i]."</li>";
149	}
150	echo "</ul>";
151	echo "</div>";
152	}
153	if ( sizeof( $error ) == 0 && $HTTP_GET_VARS['valider'] == 1 )
154	{
155	echo"<div class=\"info\">".$lang['adduser_info_message']."\"$pseudo\" ";
156	if ( $HTTP_POST_VARS['use_new_pwd'] == 1 )
157	{
158	echo $lang['adduser_info_password_updated']." ";
159	}
160	echo"[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
161	}
162	if ( $HTTP_GET_VARS['valider'] != 1 \|\| $HTTP_GET_VARS['mode'] != "modif" \|\| sizeof( $error ) > 0 )
163	{
164	if ( $HTTP_GET_VARS['mode'] != "modif" && sizeof( $error ) == 0 )
165	{
166	unset( $pseudo, $password, $status, $mail_address );
167	}
168	if ( !isset( $HTTP_POST_VARS['use_new_pwd'] ) \|\| $HTTP_POST_VARS['use_new_pwd'] != 1 )
169	{
170	unset( $password );
171	}
172	$action = "./admin.php?page=ajout&valider=1";
173	if ( $HTTP_GET_VARS['mode'] == "modif" )
174	{
175	$action.= "&mode=modif&user_id=".$HTTP_GET_VARS['user_id'];
176	}
177	echo"<form method=\"post\" action=\"".add_session_id_to_url( $action )."\">
178	<table style=\"width:100%;\">
179	<tr align=\"center\" valign=\"middle\">
180	<td>
181	<table style=\"margin-left:auto;margin-right:auto;\">
182	<tr>
183	<th colspan=\"2\">".$lang['adduser_fill_form']."</th>
184	</tr>
185	<tr>
186	<td colspan=\"2\"><div style=\"margin-bottom:0px;\"> </div></td>
187	</tr>
188	<tr>
189	<td>".$lang['adduser_login']."</td>
190	<td>";
191	if ( $HTTP_GET_VARS['mode'] == "modif" )
192	{
193	echo"<span style=\"color:red;\">$pseudo [".$lang['adduser_unmodify']."]</span>";
194	echo"<input type=\"hidden\" name=\"pseudo\" value=\"$pseudo\"/>";
195	}
196	else
197	{
198	echo"<input type=\"text\" name=\"pseudo\" value=\"$pseudo\"/>";
199	}
200	echo"
201	</td>
202	</tr>";
203	echo"
204	<tr>
205	<td>";
206	if ( $HTTP_GET_VARS['mode'] == "modif" )
207	{
208	echo $lang['new']." ".$lang['password']."<input type=\"checkbox\" name=\"use_new_pwd\" value=\"1\"";
209	if ( isset( $HTTP_POST_VARS['use_new_pwd'] ) && $HTTP_POST_VARS['use_new_pwd'] == 1 )
210	{
211	echo " checked=\"checked\"";
212	}
213	echo " />";
214	}
215	else
216	{
217	echo $lang['password'];
218	}
219	echo"</td>
220	<td>";
221	echo"<input type=\"text\" name=\"password\" value=\"$password\"/></td>
222	</tr>";
223	echo"
224	<tr>
225	<td>".$lang['reg_mail_address']."</td>";
226	echo "
227	<td><input type=\"text\" name=\"mail_address\" value=\"$mail_address\"/></td>
228	</tr>";
229	echo"
230	<tr>
231	<td>".$lang['adduser_status']."</td>
232	<td>";
233	if ( $pseudo == $conf['webmaster'] )
234	{
235	echo "<span style=\"color:red;\">$status [".$lang['adduser_unmodify']."]</span>
236	<input type=\"hidden\" name=\"status\" value=\"$status\"/>";
237	}
238	else
239	{
240	echo"
241	<select name=\"status\">";
242	// on récupère toutes les status possibles dans la base
243	// par l'intermédiaire de la fonction get_enums
244	$option = get_enums( $prefixeTable."users", "status" );
245	for ( $i = 0; $i < sizeof( $option ); $i++ )
246	{
247	if ( isset( $status ) )
248	{
249	echo"
250	<option value=\"$option[$i]\"";
251	if ( $option[$i] == $status )
252	{
253	echo" selected=\"selected\"";
254	}
255	echo">";
256	switch ( $option[$i] )
257	{
258	case "admin" :
259	{
260	echo $lang['adduser_status_admin'];
261	break;
262	}
263	case "membre" :
264	{
265	echo $lang['adduser_status_member'];
266	break;
267	}
268	case "visiteur" :
269	{
270	echo $lang['adduser_status_guest'];
271	break;
272	}
273	}
274	echo"</option>";
275	}
276	else
277	{
278	echo"
279	<option value=\"$option[$i]\"";
280	if ( $option[$i] == "visiteur" )
281	{
282	echo" selected=\"selected\"";
283	}
284	echo">";
285	switch ( $option[$i] )
286	{
287	case "admin" :
288	{
289	echo $lang['adduser_status_admin'];
290	break;
291	}
292	case "membre" :
293	{
294	echo $lang['adduser_status_member'];
295	break;
296	}
297	case "visiteur" :
298	{
299	echo $lang['adduser_status_guest'];
300	break;
301	}
302	}
303	echo"</option>";
304	}
305	}
306	echo"
307	</select>";
308	}
309	echo"
310	</td>
311	</tr>
312	<tr>
313	<td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"".$lang['submit']."\"/></td>
314	</tr>
315	</table>
316	</td>
317	</tr>
318	</table>
319	</form>";
320	if ( $HTTP_GET_VARS['mode'] == "modif" )
321	{
322	echo "<div style=\"text-align:center;margin-bottom:10px;\">[ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
323	}
324	}
325	}
326	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: