[2] | 1 | <?php |
---|
| 2 | /*************************************************************************** |
---|
[9] | 3 | * user_list.php * |
---|
[2] | 4 | * ------------------- * |
---|
[9] | 5 | * application : PhpWebGallery 1.3 * |
---|
| 6 | * author : Pierrick LE GALL <pierrick@z0rglub.com> * |
---|
[2] | 7 | * * |
---|
| 8 | ***************************************************************************/ |
---|
| 9 | |
---|
| 10 | /*************************************************************************** |
---|
| 11 | * * |
---|
| 12 | * This program is free software; you can redistribute it and/or modify * |
---|
| 13 | * it under the terms of the GNU General Public License as published by * |
---|
| 14 | * the Free Software Foundation; * |
---|
| 15 | * * |
---|
| 16 | ***************************************************************************/ |
---|
| 17 | include_once( './include/isadmin.inc.php' ); |
---|
| 18 | //----------------------------------------------------- template initialization |
---|
| 19 | $sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_list.vtp' ); |
---|
| 20 | // language |
---|
| 21 | $vtp->setGlobalVar( $sub, 'listuser_confirm', $lang['listuser_confirm'] ); |
---|
| 22 | $vtp->setGlobalVar( $sub, 'listuser_modify_hint', |
---|
| 23 | $lang['listuser_modify_hint'] ); |
---|
| 24 | $vtp->setGlobalVar( $sub, 'listuser_modify', $lang['listuser_modify'] ); |
---|
| 25 | $vtp->setGlobalVar( $sub, 'listuser_permission', |
---|
| 26 | $lang['listuser_permission'] ); |
---|
| 27 | $vtp->setGlobalVar( $sub, 'listuser_permission_hint', |
---|
| 28 | $lang['listuser_permission_hint'] ); |
---|
| 29 | $vtp->setGlobalVar( $sub, 'listuser_delete_hint', |
---|
| 30 | $lang['listuser_delete_hint'] ); |
---|
| 31 | $vtp->setGlobalVar( $sub, 'listuser_delete', $lang['listuser_delete'] ); |
---|
| 32 | $vtp->setGlobalVar( $sub, 'yes', $lang['yes'] ); |
---|
| 33 | $vtp->setGlobalVar( $sub, 'no', $lang['no'] ); |
---|
| 34 | $vtp->setGlobalVar( $sub, 'listuser_button_all', |
---|
| 35 | $lang['listuser_button_all'] ); |
---|
| 36 | $vtp->setGlobalVar( $sub, 'listuser_button_invert', |
---|
| 37 | $lang['listuser_button_invert'] ); |
---|
| 38 | $vtp->setGlobalVar( $sub, 'listuser_button_create_address', |
---|
| 39 | $lang['listuser_button_create_address'] ); |
---|
| 40 | //--------------------------------------------------------------- delete a user |
---|
[9] | 41 | if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) |
---|
[2] | 42 | { |
---|
[9] | 43 | $query = 'select username'; |
---|
[10] | 44 | $query.= ' from '.PREFIX_TABLE.'users'; |
---|
[2] | 45 | $query.= ' where id = '.$_GET['delete']; |
---|
| 46 | $query.= ';'; |
---|
| 47 | $row = mysql_fetch_array( mysql_query( $query ) ); |
---|
| 48 | // confirm user deletion ? |
---|
| 49 | if ( $_GET['confirm'] != 1 ) |
---|
| 50 | { |
---|
| 51 | $vtp->addSession( $sub, 'deletion' ); |
---|
[9] | 52 | $vtp->setVar( $sub, 'deletion.login', $row['username'] ); |
---|
[2] | 53 | $yes_url = './admin.php?page=user_list&delete='.$_GET['delete']; |
---|
| 54 | $yes_url.= '&confirm=1'; |
---|
| 55 | $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) ); |
---|
| 56 | $no_url = './admin.php?page=user_list'; |
---|
| 57 | $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) ); |
---|
| 58 | $vtp->closeSession( $sub, 'deletion' ); |
---|
| 59 | } |
---|
| 60 | // user deletion confirmed |
---|
| 61 | else |
---|
| 62 | { |
---|
| 63 | $vtp->addSession( $sub, 'confirmation' ); |
---|
[9] | 64 | if ( $row['username'] != 'guest' |
---|
| 65 | and $row['username'] != $conf['webmaster'] ) |
---|
[2] | 66 | { |
---|
| 67 | $query = 'select count(*) as nb_result'; |
---|
[10] | 68 | $query.= ' from '.PREFIX_TABLE.'users'; |
---|
[2] | 69 | $query.= ' where id = '.$_GET['delete']; |
---|
| 70 | $query.= ';'; |
---|
| 71 | $row2 = mysql_fetch_array( mysql_query( $query ) ); |
---|
| 72 | if ( $row2['nb_result'] > 0 ) |
---|
| 73 | { |
---|
| 74 | delete_user( $_GET['delete'] ); |
---|
| 75 | $vtp->setVar( $sub, 'confirmation.class', 'info' ); |
---|
[9] | 76 | $info = '"'.$row['username'].'" '.$lang['listuser_info_deletion']; |
---|
[2] | 77 | $vtp->setVar( $sub, 'confirmation.info', $info ); |
---|
| 78 | } |
---|
| 79 | else |
---|
| 80 | { |
---|
| 81 | $vtp->setVar( $sub, 'confirmation.class', 'erreur' ); |
---|
| 82 | $vtp->setVar( $sub, 'confirmation.info', $lang['user_err_unknown'] ); |
---|
| 83 | } |
---|
| 84 | } |
---|
| 85 | else |
---|
| 86 | { |
---|
| 87 | $vtp->setVar( $sub, 'confirmation.class', 'erreur' ); |
---|
| 88 | $vtp->setVar( $sub, 'confirmation.info', $lang['user_err_modify'] ); |
---|
| 89 | } |
---|
| 90 | $vtp->closeSession( $sub, 'confirmation' ); |
---|
| 91 | } |
---|
| 92 | } |
---|
| 93 | //------------------------------------------------------------------ users list |
---|
| 94 | else |
---|
| 95 | { |
---|
| 96 | $vtp->addSession( $sub, 'users' ); |
---|
| 97 | |
---|
| 98 | $action = './admin.php?'.$_SERVER['QUERY_STRING']; |
---|
| 99 | if ( !isset( $_GET['mail'] ) ) |
---|
| 100 | { |
---|
| 101 | $action.= '&mail=true'; |
---|
| 102 | } |
---|
| 103 | $vtp->setVar( $sub, 'users.form_action', $action ); |
---|
| 104 | |
---|
[9] | 105 | $query = 'select id,username,status,mail_address'; |
---|
[10] | 106 | $query.= ' from '.PREFIX_TABLE.'users'; |
---|
[9] | 107 | $query.= ' order by status asc, username asc'; |
---|
[2] | 108 | $query.= ';'; |
---|
| 109 | $result = mysql_query( $query ); |
---|
| 110 | |
---|
| 111 | $current_status = ''; |
---|
| 112 | while ( $row = mysql_fetch_array( $result ) ) |
---|
| 113 | { |
---|
| 114 | // display the line indicating the status of the next users |
---|
| 115 | if ( $row['status'] != $current_status ) |
---|
| 116 | { |
---|
| 117 | if ( $current_status != '' ) |
---|
| 118 | { |
---|
| 119 | $vtp->closeSession( $sub, 'category' ); |
---|
| 120 | } |
---|
| 121 | $vtp->addSession( $sub, 'category' ); |
---|
| 122 | $title = $lang['listuser_user_group'].' '; |
---|
| 123 | switch ( $row['status'] ) |
---|
| 124 | { |
---|
| 125 | case 'admin' : |
---|
| 126 | { |
---|
| 127 | $title.= $lang['adduser_status_admin']; |
---|
| 128 | break; |
---|
| 129 | } |
---|
[9] | 130 | case 'guest' : |
---|
[2] | 131 | { |
---|
| 132 | $title.= $lang['adduser_status_guest']; |
---|
| 133 | break; |
---|
| 134 | } |
---|
| 135 | } |
---|
| 136 | $vtp->setVar( $sub, 'category.title', $title ); |
---|
| 137 | $current_status = $row['status']; |
---|
| 138 | } |
---|
| 139 | $vtp->addSession( $sub, 'user' ); |
---|
| 140 | // checkbox for mail management if the user has a mail address |
---|
[9] | 141 | if ( $row['mail_address'] != '' and $row['username'] != 'guest' ) |
---|
[2] | 142 | { |
---|
| 143 | $vtp->addSession( $sub, 'checkbox' ); |
---|
| 144 | $vtp->setVar( $sub, 'checkbox.name', 'mail-'.$row['id'] ); |
---|
| 145 | $vtp->closeSession( $sub, 'checkbox' ); |
---|
| 146 | } |
---|
| 147 | // use a special color for the login of the user ? |
---|
[9] | 148 | if ( $row['username'] == $conf['webmaster'] ) |
---|
[2] | 149 | { |
---|
| 150 | $vtp->setVar( $sub, 'user.color', 'red' ); |
---|
| 151 | } |
---|
[9] | 152 | if ( $row['username'] == 'guest' ) |
---|
[2] | 153 | { |
---|
| 154 | $vtp->setVar( $sub, 'user.color', 'green' ); |
---|
| 155 | } |
---|
[9] | 156 | if ( $row['username'] == 'guest' ) |
---|
| 157 | { |
---|
| 158 | $vtp->setVar( $sub, 'user.login', $lang['guest'] ); |
---|
| 159 | } |
---|
| 160 | else |
---|
| 161 | { |
---|
| 162 | $vtp->setVar( $sub, 'user.login', $row['username'] ); |
---|
| 163 | } |
---|
[2] | 164 | // modify or not modify ? |
---|
[9] | 165 | if ( $row['username'] == 'guest' |
---|
| 166 | or ( $row['username'] == $conf['webmaster'] |
---|
| 167 | and $user['username'] != $conf['webmaster'] ) ) |
---|
[2] | 168 | { |
---|
| 169 | $vtp->addSession( $sub, 'not_modify' ); |
---|
| 170 | $vtp->closeSession( $sub, 'not_modify' ); |
---|
| 171 | } |
---|
| 172 | else |
---|
| 173 | { |
---|
| 174 | $vtp->addSession( $sub, 'modify' ); |
---|
[9] | 175 | $url = './admin.php?page=user_modify&user_id='; |
---|
[2] | 176 | $url.= $row['id']; |
---|
| 177 | $vtp->setVar( $sub, 'modify.url', add_session_id( $url ) ); |
---|
[9] | 178 | $vtp->setVar( $sub, 'modify.login', $row['username'] ); |
---|
[2] | 179 | $vtp->closeSession( $sub, 'modify' ); |
---|
| 180 | } |
---|
| 181 | // manage permission or not ? |
---|
[9] | 182 | if ( $row['username'] == $conf['webmaster'] ) |
---|
[2] | 183 | { |
---|
| 184 | $vtp->addSession( $sub, 'not_permission' ); |
---|
| 185 | $vtp->closeSession( $sub, 'not_permission' ); |
---|
| 186 | } |
---|
| 187 | else |
---|
| 188 | { |
---|
| 189 | $vtp->addSession( $sub, 'permission' ); |
---|
| 190 | $url = './admin.php?page=perm&user_id='.$row['id']; |
---|
| 191 | $vtp->setVar( $sub, 'permission.url', add_session_id( $url ) ); |
---|
[9] | 192 | $vtp->setVar( $sub, 'permission.login', $row['username'] ); |
---|
[2] | 193 | $vtp->closeSession( $sub, 'permission' ); |
---|
| 194 | } |
---|
| 195 | // is the user deletable or not ? |
---|
[9] | 196 | if ( $row['username'] == 'guest' |
---|
| 197 | or $row['username'] == $conf['webmaster'] ) |
---|
[2] | 198 | { |
---|
| 199 | $vtp->addSession( $sub, 'not_delete' ); |
---|
| 200 | $vtp->closeSession( $sub, 'not_delete' ); |
---|
| 201 | } |
---|
| 202 | else |
---|
| 203 | { |
---|
| 204 | $vtp->addSession( $sub, 'delete' ); |
---|
| 205 | $url = './admin.php?page=user_list&delete='.$row['id']; |
---|
| 206 | $vtp->setVar( $sub, 'delete.url', add_session_id( $url ) ); |
---|
[9] | 207 | $vtp->setVar( $sub, 'delete.login', $row['username'] ); |
---|
[2] | 208 | $vtp->closeSession( $sub, 'delete' ); |
---|
| 209 | } |
---|
| 210 | $vtp->closeSession( $sub, 'user' ); |
---|
| 211 | } |
---|
| 212 | $vtp->closeSession( $sub, 'category' ); |
---|
| 213 | // mail management : creation of the mail address if asked by administrator |
---|
| 214 | if ( isset( $_GET['mail'] ) ) |
---|
| 215 | { |
---|
| 216 | $mail_address = array(); |
---|
| 217 | $i = 0; |
---|
| 218 | $query = 'select'; |
---|
| 219 | $query.= ' id,mail_address'; |
---|
[10] | 220 | $query.= ' from '.PREFIX_TABLE.'users'; |
---|
[2] | 221 | $query.= ';'; |
---|
| 222 | $result = mysql_query( $query ); |
---|
| 223 | while ( $row = mysql_fetch_array( $result ) ) |
---|
| 224 | { |
---|
| 225 | $key = 'mail-'.$row['id']; |
---|
| 226 | if ( $_POST[$key] == 1 ) |
---|
| 227 | { |
---|
| 228 | $mail_address[$i++] = $row['mail_address']; |
---|
| 229 | } |
---|
| 230 | } |
---|
| 231 | $mail_destination = ''; |
---|
| 232 | for ( $i = 0; $i < sizeof( $mail_address ); $i++ ) |
---|
| 233 | { |
---|
| 234 | $mail_destination.= $mail_address[$i]; |
---|
| 235 | if ( sizeof( $mail_address ) > 1 ) |
---|
| 236 | { |
---|
| 237 | $mail_destination.= ';'; |
---|
| 238 | } |
---|
| 239 | } |
---|
| 240 | if ( sizeof( $mail_address ) > 0 ) |
---|
| 241 | { |
---|
| 242 | $vtp->addSession( $sub, 'mail_link' ); |
---|
| 243 | $vtp->setVar( $sub, 'mail_link.mailto', $mail_destination ); |
---|
| 244 | $vtp->setVar( $sub, 'mail_link.mail_address_start', |
---|
| 245 | substr( $mail_destination, 0, 50 ) ); |
---|
| 246 | $vtp->closeSession( $sub, 'mail_link' ); |
---|
| 247 | } |
---|
| 248 | } |
---|
| 249 | $vtp->closeSession( $sub, 'users' ); |
---|
| 250 | } |
---|
| 251 | //----------------------------------------------------------- sending html code |
---|
| 252 | $vtp->Parse( $handle , 'sub', $sub ); |
---|
| 253 | ?> |
---|