Context Navigation

source: trunk/admin/user_list.php @ 25018

Last change on this file since 25018 was 25018, checked in by mistic100, 11 years ago
remove all array_push (50% slower than []) + some changes missing for feature:2978
Property svn:eol-style set to `LF`
File size: 21.5 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2013 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	$filter['username'] = pwg_db_real_escape_string($username);
53	}
54
55	if (isset($_GET['group'])
56	and -1 != $_GET['group']
57	and is_numeric($_GET['group']))
58	{
59	$filter['group'] = $_GET['group'];
60	}
61
62	if (isset($_GET['status'])
63	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
64	{
65	$filter['status'] = $_GET['status'];
66	}
67
68	// how to order the list?
69	$order_by = 'id';
70	if (isset($_GET['order_by'])
71	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
72	{
73	$order_by = $_GET['order_by'];
74	}
75
76	$direction = 'ASC';
77	if (isset($_GET['direction'])
78	and in_array($_GET['direction'], array_keys($page['direction_items'])))
79	{
80	$direction = strtoupper($_GET['direction']);
81	}
82
83	// search users depending on filters and order
84	$query = '
85	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
86	u.'.$conf['user_fields']['username'].' AS username,
87	u.'.$conf['user_fields']['email'].' AS email,
88	ui.status,
89	ui.enabled_high,
90	ui.level
91	FROM '.USERS_TABLE.' AS u
92	INNER JOIN '.USER_INFOS_TABLE.' AS ui
93	ON u.'.$conf['user_fields']['id'].' = ui.user_id
94	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
95	ON u.'.$conf['user_fields']['id'].' = ug.user_id
96	WHERE u.'.$conf['user_fields']['id'].' > 0';
97	if (isset($filter['username']))
98	{
99	$query.= '
100	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
101	}
102	if (isset($filter['group']))
103	{
104	$query.= '
105	AND ug.group_id = '.$filter['group'];
106	}
107	if (isset($filter['status']))
108	{
109	$query.= '
110	AND ui.status = \''.$filter['status']."'";
111	}
112	$query.= '
113	ORDER BY '.$order_by.' '.$direction.'
114	;';
115
116	$result = pwg_query($query);
117	while ($row = pwg_db_fetch_assoc($result))
118	{
119	$user = $row;
120	$user['groups'] = array();
121
122	$users[] = $user;
123	}
124
125	// add group lists
126	$user_ids = array();
127	foreach ($users as $i => $user)
128	{
129	$user_ids[$i] = $user['id'];
130	}
131	$user_nums = array_flip($user_ids);
132
133	if (count($user_ids) > 0)
134	{
135	$query = '
136	SELECT user_id, group_id
137	FROM '.USER_GROUP_TABLE.'
138	WHERE user_id IN ('.implode(',', $user_ids).')
139	;';
140	$result = pwg_query($query);
141	while ($row = pwg_db_fetch_assoc($result))
142	{
143	$users[ $user_nums[ $row['user_id'] ] ]['groups'][] = $row['group_id'];
144	}
145	}
146
147	return $users;
148	}
149
150	// +-----------------------------------------------------------------------+
151	// \| initialization \|
152	// +-----------------------------------------------------------------------+
153
154	if (!defined('PHPWG_ROOT_PATH'))
155	{
156	die('Hacking attempt!');
157	}
158
159	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
160
161	// +-----------------------------------------------------------------------+
162	// \| Check Access and exit when user status is not ok \|
163	// +-----------------------------------------------------------------------+
164	check_status(ACCESS_ADMINISTRATOR);
165
166	$page['order_by_items'] = array(
167	'id' => l10n('registration date'),
168	'username' => l10n('Username'),
169	'level' => l10n('Privacy level'),
170	'Language' => l10n('Language'),
171	'email' => l10n('Email address'),
172	);
173
174	$page['direction_items'] = array(
175	'asc' => l10n('ascending'),
176	'desc' => l10n('descending')
177	);
178
179	// +-----------------------------------------------------------------------+
180	// \| add a user \|
181	// +-----------------------------------------------------------------------+
182
183	// Check for config_default var - If True : Using double password type else single password type
184	// This feature is discussed on Piwigo's english forum
185	if ($conf['double_password_type_in_admin'] == true)
186	{
187	if (isset($_POST['submit_add']))
188	{
189	if(empty($_POST['password']))
190	{
191	$page['errors'][] = l10n('Password is missing. Please enter the password.');
192	}
193	else if(empty($_POST['password_conf']))
194	{
195	$page['errors'][] = l10n('Password confirmation is missing. Please confirm the chosen password.');
196	}
197	else if(empty($_POST['email']))
198	{
199	$page['errors'][] = l10n('Email address is missing. Please specify an email address.');
200	}
201	else if ($_POST['password'] != $_POST['password_conf'])
202	{
203	$page['errors'][] = l10n('The passwords do not match');
204	}
205	else
206	{
207	$page['errors'] = register_user(
208	$_POST['login'], $_POST['password'], $_POST['email'], false);
209
210	if (count($page['errors']) == 0)
211	{
212	$page['infos'][] = l10n('user "%s" added', $_POST['login']);
213	}
214	}
215	}
216	}
217	else if ($conf['double_password_type_in_admin'] == false)
218	{
219	if (isset($_POST['submit_add']))
220	{
221	$page['errors'] = register_user(
222	$_POST['login'], $_POST['password'], $_POST['email'], false);
223
224	if (count($page['errors']) == 0)
225	{
226	$page['infos'][] = l10n('user "%s" added', stripslashes($_POST['login']));
227	}
228	}
229	}
230
231	// email notification
232	if (
233	isset($_POST['submit_add'])
234	and count($page['errors']) == 0
235	and !empty($_POST['email'])
236	and isset($_POST['send_password_by_mail'])
237	)
238	{
239	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
240
241	$keyargs_content = array(
242	get_l10n_args('Hello %s,', $_POST['login']),
243	get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']),
244	get_l10n_args('', ''),
245	get_l10n_args('Here are your connection settings', ''),
246	get_l10n_args('Username: %s', $_POST['login']),
247	get_l10n_args('Password: %s', $_POST['password']),
248	get_l10n_args('Email: %s', $_POST['email']),
249	get_l10n_args('', ''),
250	get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()),
251	);
252
253	pwg_mail(
254	$_POST['email'],
255	array(
256	'subject' => '['.$conf['gallery_title'].'] '.l10n('Registration'),
257	'content' => l10n_args($keyargs_content),
258	'content_format' => 'text/plain',
259	)
260	);
261	}
262
263	// +-----------------------------------------------------------------------+
264	// \| user list \|
265	// +-----------------------------------------------------------------------+
266
267	$page['filtered_users'] = get_filtered_user_list();
268
269	// +-----------------------------------------------------------------------+
270	// \| selected users \|
271	// +-----------------------------------------------------------------------+
272
273	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
274	{
275	$collection = array();
276
277	switch ($_POST['target'])
278	{
279	case 'all' :
280	{
281	foreach($page['filtered_users'] as $local_user)
282	{
283	$collection[] = $local_user['id'];
284	}
285	break;
286	}
287	case 'selection' :
288	{
289	if (isset($_POST['selection']))
290	{
291	$collection = $_POST['selection'];
292	}
293	break;
294	}
295	}
296
297	if (count($collection) == 0)
298	{
299	$page['errors'][] = l10n('Select at least one user');
300	}
301	}
302
303	// +-----------------------------------------------------------------------+
304	// \| delete users \|
305	// +-----------------------------------------------------------------------+
306	if (isset($_POST['delete']) and count($collection) > 0)
307	{
308	if (in_array($conf['guest_id'], $collection))
309	{
310	$page['errors'][] = l10n('Guest cannot be deleted');
311	}
312	if (($conf['guest_id'] != $conf['default_user_id']) and
313	in_array($conf['default_user_id'], $collection))
314	{
315	$page['errors'][] = l10n('Default user cannot be deleted');
316	}
317	if (in_array($conf['webmaster_id'], $collection))
318	{
319	$page['errors'][] = l10n('Webmaster cannot be deleted');
320	}
321	if (in_array($user['id'], $collection))
322	{
323	$page['errors'][] = l10n('You cannot delete your account');
324	}
325
326	if (count($page['errors']) == 0)
327	{
328	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
329	{
330	foreach ($collection as $user_id)
331	{
332	delete_user($user_id);
333	}
334
335	$page['infos'][] = l10n_dec(
336	'%d user deleted', '%d users deleted',
337	count($collection)
338	);
339
340	foreach ($page['filtered_users'] as $filter_key => $filter_user)
341	{
342	if (in_array($filter_user['id'], $collection))
343	{
344	unset($page['filtered_users'][$filter_key]);
345	}
346	}
347	}
348	else
349	{
350	$page['errors'][] = l10n('You need to confirm deletion');
351	}
352	}
353	}
354
355	// +-----------------------------------------------------------------------+
356	// \| preferences form submission \|
357	// +-----------------------------------------------------------------------+
358
359	if (isset($_POST['pref_submit']) and count($collection) > 0)
360	{
361	if (-1 != $_POST['associate'])
362	{
363	$datas = array();
364
365	$query = '
366	SELECT user_id
367	FROM '.USER_GROUP_TABLE.'
368	WHERE group_id = '.$_POST['associate'].'
369	;';
370	$associated = array_from_query($query, 'user_id');
371
372	$associable = array_diff($collection, $associated);
373
374	if (count($associable) > 0)
375	{
376	foreach ($associable as $item)
377	{
378	$datas[] = array(
379	'group_id' => $_POST['associate'],
380	'user_id' => $item
381	);
382	}
383
384	mass_inserts(USER_GROUP_TABLE,
385	array('group_id', 'user_id'),
386	$datas);
387	}
388	}
389
390	if (-1 != $_POST['dissociate'])
391	{
392	$query = '
393	DELETE FROM '.USER_GROUP_TABLE.'
394	WHERE group_id = '.$_POST['dissociate'].'
395	AND user_id IN ('.implode(',', $collection).')
396	';
397	pwg_query($query);
398	}
399
400	// properties to set for the collection (a user list)
401	$datas = array();
402	$dbfields = array('primary' => array('user_id'), 'update' => array());
403
404	$formfields = array(
405	'nb_image_page', 'theme', 'language',
406	'recent_period', 'expand', 'show_nb_hits',
407	'status', 'enabled_high', 'level'
408	);
409
410	$true_false_fields = array('expand', 'show_nb_hits', 'enabled_high');
411
412	if ($conf['activate_comments'])
413	{
414	$formfields[] = 'show_nb_comments';
415	$true_false_fields[] = 'show_nb_comments';
416	}
417
418	foreach ($formfields as $formfield)
419	{
420	// special for true/false fields
421	if (in_array($formfield, $true_false_fields))
422	{
423	$test = $formfield;
424	}
425	else
426	{
427	$test = $formfield.'_action';
428	}
429
430	if ($_POST[$test] != 'leave')
431	{
432	$dbfields['update'][] = $formfield;
433	}
434	}
435
436	// updating elements is useful only if needed...
437	if (count($dbfields['update']) > 0)
438	{
439	$datas = array();
440
441	foreach ($collection as $user_id)
442	{
443	$data = array();
444	$data['user_id'] = $user_id;
445
446	// TODO : verify if submited values are semanticaly correct
447	foreach ($dbfields['update'] as $dbfield)
448	{
449	// if the action is 'unset', the key won't be in row and
450	// mass_updates function will set this field to NULL
451	if (in_array($dbfield, $true_false_fields)
452	or 'set' == $_POST[$dbfield.'_action'])
453	{
454	$data[$dbfield] = $_POST[$dbfield];
455	}
456	}
457
458	// if the status is getting greater or equal to "admin", then level
459	// automatically switches to "admin" (8), unless the level is also
460	// defined in the same batch action.
461	if (isset($data['status']) and in_array($data['status'], array('webmaster', 'admin')))
462	{
463	if (!isset($data['level']))
464	{
465	$data['level'] = 8;
466	if (!in_array('level', $dbfields['update']))
467	{
468	$dbfields['update'][] = 'level';
469	}
470	}
471	}
472
473	// special users checks
474	if
475	(
476	($conf['webmaster_id'] == $user_id) or
477	($conf['guest_id'] == $user_id) or
478	($conf['default_user_id'] == $user_id)
479	)
480	{
481	// status must not be changed
482	if (isset($data['status']))
483	{
484	if ($conf['webmaster_id'] == $user_id)
485	{
486	$data['status'] = 'webmaster';
487	}
488	else
489	{
490	$data['status'] = 'guest';
491	}
492	}
493	}
494
495	$datas[] = $data;
496	}
497
498	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
499	}
500
501	redirect(
502	get_root_url().
503	'admin.php'.
504	get_query_string_diff(array(), false)
505	);
506	}
507
508	// +-----------------------------------------------------------------------+
509	// \| groups list \|
510	// +-----------------------------------------------------------------------+
511
512	$groups[-1] = '------------';
513
514	$query = '
515	SELECT id, name
516	FROM '.GROUPS_TABLE.'
517	ORDER BY name ASC
518	;';
519	$result = pwg_query($query);
520
521	while ($row = pwg_db_fetch_assoc($result))
522	{
523	$groups[$row['id']] = $row['name'];
524	}
525
526	// +-----------------------------------------------------------------------+
527	// \| template init \|
528	// +-----------------------------------------------------------------------+
529
530	$template->set_filenames(array('user_list'=>'user_list.tpl'));
531
532	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
533
534	if (isset($_GET['start']) and is_numeric($_GET['start']))
535	{
536	$start = $_GET['start'];
537	}
538	else
539	{
540	$start = 0;
541	}
542
543	$template->assign(
544	array(
545	'U_HELP' => get_root_url().'admin/popuphelp.php?page=user_list',
546
547	'F_ADD_ACTION' => $base_url,
548	'F_USERNAME' => @htmlentities($_GET['username'], ENT_COMPAT, 'UTF-8'),
549	'F_FILTER_ACTION' => get_root_url().'admin.php',
550
551	'ACTIVATE_COMMENTS' => $conf['activate_comments'],
552	));
553
554	// Display or Hide double password type
555	$template->assign('Double_Password', $conf['double_password_type_in_admin'] );
556
557	// Filter status options
558	$status_options[-1] = '------------';
559	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
560	{
561	$status_options[$status] = l10n('user_status_'.$status);
562	}
563	$template->assign('status_options', $status_options);
564	$template->assign('status_selected',
565	isset($_GET['status']) ? $_GET['status'] : '');
566
567	// Filter group options
568	$template->assign('group_options', $groups);
569	$template->assign('group_selected',
570	isset($_GET['group']) ? $_GET['group'] : '');
571
572	// Filter order options
573	$template->assign('order_options', $page['order_by_items']);
574	$template->assign('order_selected',
575	isset($_GET['order_by']) ? $_GET['order_by'] : '');
576
577	// Filter direction options
578	$template->assign('direction_options', $page['direction_items']);
579	$template->assign('direction_selected',
580	isset($_GET['direction']) ? $_GET['direction'] : '');
581
582
583	if (isset($_POST['pref_submit']))
584	{
585	$template->assign(
586	array(
587	'NB_IMAGE_PAGE' => $_POST['nb_image_page'],
588	'RECENT_PERIOD' => $_POST['recent_period'],
589	));
590	}
591	else
592	{
593	$default_user = get_default_user_info(true);
594	$template->assign(
595	array(
596	'NB_IMAGE_PAGE' => $default_user['nb_image_page'],
597	'RECENT_PERIOD' => $default_user['recent_period'],
598	));
599	}
600
601	// Template Options
602	$template->assign('theme_options', get_pwg_themes());
603	$template->assign('theme_selected',
604	isset($_POST['pref_submit']) ? $_POST['theme'] : get_default_theme());
605
606	// Language options
607	$template->assign('language_options', get_languages());
608	$template->assign('language_selected',
609	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
610
611	// Status options
612	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
613	{
614	// Only status <= can be assign
615	if (is_autorize_status(get_access_type_status($status)))
616	{
617	$pref_status_options[$status] = l10n('user_status_'.$status);
618	}
619	}
620	$template->assign('pref_status_options', $pref_status_options);
621	$template->assign('pref_status_selected',
622	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
623
624	// associate and dissociate options
625	$template->assign('association_options', $groups);
626	$template->assign('associate_selected',
627	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
628	$template->assign('dissociate_selected',
629	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
630
631
632	// user level options
633	foreach ($conf['available_permission_levels'] as $level)
634	{
635	$level_options[$level] = l10n(sprintf('Level %d', $level));
636	}
637	$template->assign('level_options', $level_options);
638	$template->assign('level_selected',
639	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
640
641	// +-----------------------------------------------------------------------+
642	// \| navigation bar \|
643	// +-----------------------------------------------------------------------+
644
645	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
646
647	$navbar = create_navigation_bar(
648	$url,
649	count($page['filtered_users']),
650	$start,
651	$conf['users_page']
652	);
653
654	$template->assign('navbar', $navbar);
655
656	// +-----------------------------------------------------------------------+
657	// \| user list \|
658	// +-----------------------------------------------------------------------+
659
660	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
661	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
662
663	$visible_user_list = array();
664	foreach ($page['filtered_users'] as $num => $local_user)
665	{
666	// simulate LIMIT $start, $conf['users_page']
667	if ($num < $start)
668	{
669	continue;
670	}
671	if ($num >= $start + $conf['users_page'])
672	{
673	break;
674	}
675
676	$visible_user_list[] = $local_user;
677	}
678
679	// allow plugins to fill template var plugin_user_list_column_titles and
680	// plugin_columns/plugin_actions for each user in the list
681	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
682
683	foreach ($visible_user_list as $local_user)
684	{
685	$groups_string = preg_replace(
686	'/(\d+)/e',
687	"\$groups['$1']",
688	implode(
689	', ',
690	$local_user['groups']
691	)
692	);
693
694	if (isset($_POST['pref_submit'])
695	and isset($_POST['selection'])
696	and in_array($local_user['id'], $_POST['selection']))
697	{
698	$checked = 'checked="checked"';
699	}
700	else
701	{
702	$checked = '';
703	}
704
705	$properties = array();
706	if ( $local_user['level'] != 0 )
707	{
708	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
709	}
710	$properties[] =
711	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
712	? l10n('High definition') : l10n('');
713
714	$template->append(
715	'users',
716	array(
717	'ID' => $local_user['id'],
718	'CHECKED' => $checked,
719	'U_PROFILE' => $profile_url.$local_user['id'],
720	'U_PERM' => $perm_url.$local_user['id'],
721	'USERNAME' => stripslashes($local_user['username'])
722	.($local_user['id'] == $conf['guest_id']
723	? '<br>['.l10n('guest').']' : '')
724	.($local_user['id'] == $conf['default_user_id']
725	? '<br>['.l10n('default values').']' : ''),
726	'STATUS' => l10n('user_status_'.$local_user['status']),
727	'EMAIL' => get_email_address_as_display_text($local_user['email']),
728	'GROUPS' => $groups_string,
729	'PROPERTIES' => implode( ', ', $properties),
730	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
731	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
732	)
733	);
734	}
735
736	// +-----------------------------------------------------------------------+
737	// \| html code display \|
738	// +-----------------------------------------------------------------------+
739
740	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
741	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: