Context Navigation

source: trunk/admin/user_list.php @ 25116

Last change on this file since 25116 was 25116, checked in by mistic100, 11 years ago
bug 2988: register_user() must returns new user id
Property svn:eol-style set to `LF`
File size: 21.6 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| Piwigo - a PHP based photo gallery \|
4	// +-----------------------------------------------------------------------+
5	// \| Copyright(C) 2008-2013 Piwigo Team http://piwigo.org \|
6	// \| Copyright(C) 2003-2008 PhpWebGallery Team http://phpwebgallery.net \|
7	// \| Copyright(C) 2002-2003 Pierrick LE GALL http://le-gall.net/pierrick \|
8	// +-----------------------------------------------------------------------+
9	// \| This program is free software; you can redistribute it and/or modify \|
10	// \| it under the terms of the GNU General Public License as published by \|
11	// \| the Free Software Foundation \|
12	// \| \|
13	// \| This program is distributed in the hope that it will be useful, but \|
14	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
15	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
16	// \| General Public License for more details. \|
17	// \| \|
18	// \| You should have received a copy of the GNU General Public License \|
19	// \| along with this program; if not, write to the Free Software \|
20	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
21	// \| USA. \|
22	// +-----------------------------------------------------------------------+
23
24	/**
25	* Add users and manage users list
26	*/
27
28	// +-----------------------------------------------------------------------+
29	// \| functions \|
30	// +-----------------------------------------------------------------------+
31
32	/**
33	* returns a list of users depending on page filters (in $_GET)
34	*
35	* Each user comes with his related informations : id, username, mail
36	* address, list of groups.
37	*
38	* @return array
39	*/
40	function get_filtered_user_list()
41	{
42	global $conf, $page;
43
44	$users = array();
45
46	// filter
47	$filter = array();
48
49	if (isset($_GET['username']) and !empty($_GET['username']))
50	{
51	$username = str_replace('*', '%', $_GET['username']);
52	$filter['username'] = pwg_db_real_escape_string($username);
53	}
54
55	if (isset($_GET['group'])
56	and -1 != $_GET['group']
57	and is_numeric($_GET['group']))
58	{
59	$filter['group'] = $_GET['group'];
60	}
61
62	if (isset($_GET['status'])
63	and in_array($_GET['status'], get_enums(USER_INFOS_TABLE, 'status')))
64	{
65	$filter['status'] = $_GET['status'];
66	}
67
68	// how to order the list?
69	$order_by = 'id';
70	if (isset($_GET['order_by'])
71	and in_array($_GET['order_by'], array_keys($page['order_by_items'])))
72	{
73	$order_by = $_GET['order_by'];
74	}
75
76	$direction = 'ASC';
77	if (isset($_GET['direction'])
78	and in_array($_GET['direction'], array_keys($page['direction_items'])))
79	{
80	$direction = strtoupper($_GET['direction']);
81	}
82
83	// search users depending on filters and order
84	$query = '
85	SELECT DISTINCT u.'.$conf['user_fields']['id'].' AS id,
86	u.'.$conf['user_fields']['username'].' AS username,
87	u.'.$conf['user_fields']['email'].' AS email,
88	ui.status,
89	ui.enabled_high,
90	ui.level
91	FROM '.USERS_TABLE.' AS u
92	INNER JOIN '.USER_INFOS_TABLE.' AS ui
93	ON u.'.$conf['user_fields']['id'].' = ui.user_id
94	LEFT JOIN '.USER_GROUP_TABLE.' AS ug
95	ON u.'.$conf['user_fields']['id'].' = ug.user_id
96	WHERE u.'.$conf['user_fields']['id'].' > 0';
97	if (isset($filter['username']))
98	{
99	$query.= '
100	AND u.'.$conf['user_fields']['username'].' LIKE \''.$filter['username'].'\'';
101	}
102	if (isset($filter['group']))
103	{
104	$query.= '
105	AND ug.group_id = '.$filter['group'];
106	}
107	if (isset($filter['status']))
108	{
109	$query.= '
110	AND ui.status = \''.$filter['status']."'";
111	}
112	$query.= '
113	ORDER BY '.$order_by.' '.$direction.'
114	;';
115
116	$result = pwg_query($query);
117	while ($row = pwg_db_fetch_assoc($result))
118	{
119	$user = $row;
120	$user['groups'] = array();
121
122	$users[] = $user;
123	}
124
125	// add group lists
126	$user_ids = array();
127	foreach ($users as $i => $user)
128	{
129	$user_ids[$i] = $user['id'];
130	}
131	$user_nums = array_flip($user_ids);
132
133	if (count($user_ids) > 0)
134	{
135	$query = '
136	SELECT user_id, group_id
137	FROM '.USER_GROUP_TABLE.'
138	WHERE user_id IN ('.implode(',', $user_ids).')
139	;';
140	$result = pwg_query($query);
141	while ($row = pwg_db_fetch_assoc($result))
142	{
143	$users[ $user_nums[ $row['user_id'] ] ]['groups'][] = $row['group_id'];
144	}
145	}
146
147	return $users;
148	}
149
150	// +-----------------------------------------------------------------------+
151	// \| initialization \|
152	// +-----------------------------------------------------------------------+
153
154	if (!defined('PHPWG_ROOT_PATH'))
155	{
156	die('Hacking attempt!');
157	}
158
159	include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
160
161	// +-----------------------------------------------------------------------+
162	// \| Check Access and exit when user status is not ok \|
163	// +-----------------------------------------------------------------------+
164	check_status(ACCESS_ADMINISTRATOR);
165
166	$page['order_by_items'] = array(
167	'id' => l10n('registration date'),
168	'username' => l10n('Username'),
169	'level' => l10n('Privacy level'),
170	'Language' => l10n('Language'),
171	'email' => l10n('Email address'),
172	);
173
174	$page['direction_items'] = array(
175	'asc' => l10n('ascending'),
176	'desc' => l10n('descending')
177	);
178
179	// +-----------------------------------------------------------------------+
180	// \| add a user \|
181	// +-----------------------------------------------------------------------+
182
183	// Check for config_default var - If True : Using double password type else single password type
184	// This feature is discussed on Piwigo's english forum
185	if ($conf['double_password_type_in_admin'] == true)
186	{
187	if (isset($_POST['submit_add']))
188	{
189	if(empty($_POST['password']))
190	{
191	$page['errors'][] = l10n('Password is missing. Please enter the password.');
192	}
193	else if(empty($_POST['password_conf']))
194	{
195	$page['errors'][] = l10n('Password confirmation is missing. Please confirm the chosen password.');
196	}
197	else if(empty($_POST['email']))
198	{
199	$page['errors'][] = l10n('Email address is missing. Please specify an email address.');
200	}
201	else if ($_POST['password'] != $_POST['password_conf'])
202	{
203	$page['errors'][] = l10n('The passwords do not match');
204	}
205	else
206	{
207	register_user($_POST['login'],
208	$_POST['password'],
209	$_POST['email'],
210	false,
211	$page['errors']);
212
213	if (count($page['errors']) == 0)
214	{
215	$page['infos'][] = l10n('user "%s" added', $_POST['login']);
216	}
217	}
218	}
219	}
220	else if ($conf['double_password_type_in_admin'] == false)
221	{
222	if (isset($_POST['submit_add']))
223	{
224	register_user($_POST['login'],
225	$_POST['password'],
226	$_POST['email'],
227	false,
228	$page['errors']);
229
230	if (count($page['errors']) == 0)
231	{
232	$page['infos'][] = l10n('user "%s" added', stripslashes($_POST['login']));
233	}
234	}
235	}
236
237	// email notification
238	if (
239	isset($_POST['submit_add'])
240	and count($page['errors']) == 0
241	and !empty($_POST['email'])
242	and isset($_POST['send_password_by_mail'])
243	)
244	{
245	include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
246
247	$keyargs_content = array(
248	get_l10n_args('Hello %s,', $_POST['login']),
249	get_l10n_args('Thank you for registering at %s!', $conf['gallery_title']),
250	get_l10n_args('', ''),
251	get_l10n_args('Here are your connection settings', ''),
252	get_l10n_args('Username: %s', $_POST['login']),
253	get_l10n_args('Password: %s', $_POST['password']),
254	get_l10n_args('Email: %s', $_POST['email']),
255	get_l10n_args('', ''),
256	get_l10n_args('If you think you\'ve received this email in error, please contact us at %s', get_webmaster_mail_address()),
257	);
258
259	pwg_mail(
260	$_POST['email'],
261	array(
262	'subject' => '['.$conf['gallery_title'].'] '.l10n('Registration'),
263	'content' => l10n_args($keyargs_content),
264	'content_format' => 'text/plain',
265	)
266	);
267	}
268
269	// +-----------------------------------------------------------------------+
270	// \| user list \|
271	// +-----------------------------------------------------------------------+
272
273	$page['filtered_users'] = get_filtered_user_list();
274
275	// +-----------------------------------------------------------------------+
276	// \| selected users \|
277	// +-----------------------------------------------------------------------+
278
279	if (isset($_POST['delete']) or isset($_POST['pref_submit']))
280	{
281	$collection = array();
282
283	switch ($_POST['target'])
284	{
285	case 'all' :
286	{
287	foreach($page['filtered_users'] as $local_user)
288	{
289	$collection[] = $local_user['id'];
290	}
291	break;
292	}
293	case 'selection' :
294	{
295	if (isset($_POST['selection']))
296	{
297	$collection = $_POST['selection'];
298	}
299	break;
300	}
301	}
302
303	if (count($collection) == 0)
304	{
305	$page['errors'][] = l10n('Select at least one user');
306	}
307	}
308
309	// +-----------------------------------------------------------------------+
310	// \| delete users \|
311	// +-----------------------------------------------------------------------+
312	if (isset($_POST['delete']) and count($collection) > 0)
313	{
314	if (in_array($conf['guest_id'], $collection))
315	{
316	$page['errors'][] = l10n('Guest cannot be deleted');
317	}
318	if (($conf['guest_id'] != $conf['default_user_id']) and
319	in_array($conf['default_user_id'], $collection))
320	{
321	$page['errors'][] = l10n('Default user cannot be deleted');
322	}
323	if (in_array($conf['webmaster_id'], $collection))
324	{
325	$page['errors'][] = l10n('Webmaster cannot be deleted');
326	}
327	if (in_array($user['id'], $collection))
328	{
329	$page['errors'][] = l10n('You cannot delete your account');
330	}
331
332	if (count($page['errors']) == 0)
333	{
334	if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])
335	{
336	foreach ($collection as $user_id)
337	{
338	delete_user($user_id);
339	}
340
341	$page['infos'][] = l10n_dec(
342	'%d user deleted', '%d users deleted',
343	count($collection)
344	);
345
346	foreach ($page['filtered_users'] as $filter_key => $filter_user)
347	{
348	if (in_array($filter_user['id'], $collection))
349	{
350	unset($page['filtered_users'][$filter_key]);
351	}
352	}
353	}
354	else
355	{
356	$page['errors'][] = l10n('You need to confirm deletion');
357	}
358	}
359	}
360
361	// +-----------------------------------------------------------------------+
362	// \| preferences form submission \|
363	// +-----------------------------------------------------------------------+
364
365	if (isset($_POST['pref_submit']) and count($collection) > 0)
366	{
367	if (-1 != $_POST['associate'])
368	{
369	$datas = array();
370
371	$query = '
372	SELECT user_id
373	FROM '.USER_GROUP_TABLE.'
374	WHERE group_id = '.$_POST['associate'].'
375	;';
376	$associated = array_from_query($query, 'user_id');
377
378	$associable = array_diff($collection, $associated);
379
380	if (count($associable) > 0)
381	{
382	foreach ($associable as $item)
383	{
384	$datas[] = array(
385	'group_id' => $_POST['associate'],
386	'user_id' => $item
387	);
388	}
389
390	mass_inserts(USER_GROUP_TABLE,
391	array('group_id', 'user_id'),
392	$datas);
393	}
394	}
395
396	if (-1 != $_POST['dissociate'])
397	{
398	$query = '
399	DELETE FROM '.USER_GROUP_TABLE.'
400	WHERE group_id = '.$_POST['dissociate'].'
401	AND user_id IN ('.implode(',', $collection).')
402	';
403	pwg_query($query);
404	}
405
406	// properties to set for the collection (a user list)
407	$datas = array();
408	$dbfields = array('primary' => array('user_id'), 'update' => array());
409
410	$formfields = array(
411	'nb_image_page', 'theme', 'language',
412	'recent_period', 'expand', 'show_nb_hits',
413	'status', 'enabled_high', 'level'
414	);
415
416	$true_false_fields = array('expand', 'show_nb_hits', 'enabled_high');
417
418	if ($conf['activate_comments'])
419	{
420	$formfields[] = 'show_nb_comments';
421	$true_false_fields[] = 'show_nb_comments';
422	}
423
424	foreach ($formfields as $formfield)
425	{
426	// special for true/false fields
427	if (in_array($formfield, $true_false_fields))
428	{
429	$test = $formfield;
430	}
431	else
432	{
433	$test = $formfield.'_action';
434	}
435
436	if ($_POST[$test] != 'leave')
437	{
438	$dbfields['update'][] = $formfield;
439	}
440	}
441
442	// updating elements is useful only if needed...
443	if (count($dbfields['update']) > 0)
444	{
445	$datas = array();
446
447	foreach ($collection as $user_id)
448	{
449	$data = array();
450	$data['user_id'] = $user_id;
451
452	// TODO : verify if submited values are semanticaly correct
453	foreach ($dbfields['update'] as $dbfield)
454	{
455	// if the action is 'unset', the key won't be in row and
456	// mass_updates function will set this field to NULL
457	if (in_array($dbfield, $true_false_fields)
458	or 'set' == $_POST[$dbfield.'_action'])
459	{
460	$data[$dbfield] = $_POST[$dbfield];
461	}
462	}
463
464	// if the status is getting greater or equal to "admin", then level
465	// automatically switches to "admin" (8), unless the level is also
466	// defined in the same batch action.
467	if (isset($data['status']) and in_array($data['status'], array('webmaster', 'admin')))
468	{
469	if (!isset($data['level']))
470	{
471	$data['level'] = 8;
472	if (!in_array('level', $dbfields['update']))
473	{
474	$dbfields['update'][] = 'level';
475	}
476	}
477	}
478
479	// special users checks
480	if
481	(
482	($conf['webmaster_id'] == $user_id) or
483	($conf['guest_id'] == $user_id) or
484	($conf['default_user_id'] == $user_id)
485	)
486	{
487	// status must not be changed
488	if (isset($data['status']))
489	{
490	if ($conf['webmaster_id'] == $user_id)
491	{
492	$data['status'] = 'webmaster';
493	}
494	else
495	{
496	$data['status'] = 'guest';
497	}
498	}
499	}
500
501	$datas[] = $data;
502	}
503
504	mass_updates(USER_INFOS_TABLE, $dbfields, $datas);
505	}
506
507	redirect(
508	get_root_url().
509	'admin.php'.
510	get_query_string_diff(array(), false)
511	);
512	}
513
514	// +-----------------------------------------------------------------------+
515	// \| groups list \|
516	// +-----------------------------------------------------------------------+
517
518	$groups[-1] = '------------';
519
520	$query = '
521	SELECT id, name
522	FROM '.GROUPS_TABLE.'
523	ORDER BY name ASC
524	;';
525	$result = pwg_query($query);
526
527	while ($row = pwg_db_fetch_assoc($result))
528	{
529	$groups[$row['id']] = $row['name'];
530	}
531
532	// +-----------------------------------------------------------------------+
533	// \| template init \|
534	// +-----------------------------------------------------------------------+
535
536	$template->set_filenames(array('user_list'=>'user_list.tpl'));
537
538	$base_url = PHPWG_ROOT_PATH.'admin.php?page=user_list';
539
540	if (isset($_GET['start']) and is_numeric($_GET['start']))
541	{
542	$start = $_GET['start'];
543	}
544	else
545	{
546	$start = 0;
547	}
548
549	$template->assign(
550	array(
551	'U_HELP' => get_root_url().'admin/popuphelp.php?page=user_list',
552
553	'F_ADD_ACTION' => $base_url,
554	'F_USERNAME' => @htmlentities($_GET['username'], ENT_COMPAT, 'UTF-8'),
555	'F_FILTER_ACTION' => get_root_url().'admin.php',
556
557	'ACTIVATE_COMMENTS' => $conf['activate_comments'],
558	));
559
560	// Display or Hide double password type
561	$template->assign('Double_Password', $conf['double_password_type_in_admin'] );
562
563	// Filter status options
564	$status_options[-1] = '------------';
565	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
566	{
567	$status_options[$status] = l10n('user_status_'.$status);
568	}
569	$template->assign('status_options', $status_options);
570	$template->assign('status_selected',
571	isset($_GET['status']) ? $_GET['status'] : '');
572
573	// Filter group options
574	$template->assign('group_options', $groups);
575	$template->assign('group_selected',
576	isset($_GET['group']) ? $_GET['group'] : '');
577
578	// Filter order options
579	$template->assign('order_options', $page['order_by_items']);
580	$template->assign('order_selected',
581	isset($_GET['order_by']) ? $_GET['order_by'] : '');
582
583	// Filter direction options
584	$template->assign('direction_options', $page['direction_items']);
585	$template->assign('direction_selected',
586	isset($_GET['direction']) ? $_GET['direction'] : '');
587
588
589	if (isset($_POST['pref_submit']))
590	{
591	$template->assign(
592	array(
593	'NB_IMAGE_PAGE' => $_POST['nb_image_page'],
594	'RECENT_PERIOD' => $_POST['recent_period'],
595	));
596	}
597	else
598	{
599	$default_user = get_default_user_info(true);
600	$template->assign(
601	array(
602	'NB_IMAGE_PAGE' => $default_user['nb_image_page'],
603	'RECENT_PERIOD' => $default_user['recent_period'],
604	));
605	}
606
607	// Template Options
608	$template->assign('theme_options', get_pwg_themes());
609	$template->assign('theme_selected',
610	isset($_POST['pref_submit']) ? $_POST['theme'] : get_default_theme());
611
612	// Language options
613	$template->assign('language_options', get_languages());
614	$template->assign('language_selected',
615	isset($_POST['pref_submit']) ? $_POST['language'] : get_default_language());
616
617	// Status options
618	foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
619	{
620	// Only status <= can be assign
621	if (is_autorize_status(get_access_type_status($status)))
622	{
623	$pref_status_options[$status] = l10n('user_status_'.$status);
624	}
625	}
626	$template->assign('pref_status_options', $pref_status_options);
627	$template->assign('pref_status_selected',
628	isset($_POST['pref_submit']) ? $_POST['status'] : 'normal');
629
630	// associate and dissociate options
631	$template->assign('association_options', $groups);
632	$template->assign('associate_selected',
633	isset($_POST['pref_submit']) ? $_POST['associate'] : '');
634	$template->assign('dissociate_selected',
635	isset($_POST['pref_submit']) ? $_POST['dissociate'] : '');
636
637
638	// user level options
639	foreach ($conf['available_permission_levels'] as $level)
640	{
641	$level_options[$level] = l10n(sprintf('Level %d', $level));
642	}
643	$template->assign('level_options', $level_options);
644	$template->assign('level_selected',
645	isset($_POST['pref_submit']) ? $_POST['level'] : $default_user['level']);
646
647	// +-----------------------------------------------------------------------+
648	// \| navigation bar \|
649	// +-----------------------------------------------------------------------+
650
651	$url = PHPWG_ROOT_PATH.'admin.php'.get_query_string_diff(array('start'));
652
653	$navbar = create_navigation_bar(
654	$url,
655	count($page['filtered_users']),
656	$start,
657	$conf['users_page']
658	);
659
660	$template->assign('navbar', $navbar);
661
662	// +-----------------------------------------------------------------------+
663	// \| user list \|
664	// +-----------------------------------------------------------------------+
665
666	$profile_url = get_root_url().'admin.php?page=profile&user_id=';
667	$perm_url = get_root_url().'admin.php?page=user_perm&user_id=';
668
669	$visible_user_list = array();
670	foreach ($page['filtered_users'] as $num => $local_user)
671	{
672	// simulate LIMIT $start, $conf['users_page']
673	if ($num < $start)
674	{
675	continue;
676	}
677	if ($num >= $start + $conf['users_page'])
678	{
679	break;
680	}
681
682	$visible_user_list[] = $local_user;
683	}
684
685	// allow plugins to fill template var plugin_user_list_column_titles and
686	// plugin_columns/plugin_actions for each user in the list
687	$visible_user_list = trigger_event('loc_visible_user_list', $visible_user_list);
688
689	foreach ($visible_user_list as $local_user)
690	{
691	$groups_string = preg_replace(
692	'/(\d+)/e',
693	"\$groups['$1']",
694	implode(
695	', ',
696	$local_user['groups']
697	)
698	);
699
700	if (isset($_POST['pref_submit'])
701	and isset($_POST['selection'])
702	and in_array($local_user['id'], $_POST['selection']))
703	{
704	$checked = 'checked="checked"';
705	}
706	else
707	{
708	$checked = '';
709	}
710
711	$properties = array();
712	if ( $local_user['level'] != 0 )
713	{
714	$properties[] = l10n( sprintf('Level %d', $local_user['level']) );
715	}
716	$properties[] =
717	(isset($local_user['enabled_high']) and ($local_user['enabled_high'] == 'true'))
718	? l10n('High definition') : l10n('');
719
720	$template->append(
721	'users',
722	array(
723	'ID' => $local_user['id'],
724	'CHECKED' => $checked,
725	'U_PROFILE' => $profile_url.$local_user['id'],
726	'U_PERM' => $perm_url.$local_user['id'],
727	'USERNAME' => stripslashes($local_user['username'])
728	.($local_user['id'] == $conf['guest_id']
729	? '<br>['.l10n('guest').']' : '')
730	.($local_user['id'] == $conf['default_user_id']
731	? '<br>['.l10n('default values').']' : ''),
732	'STATUS' => l10n('user_status_'.$local_user['status']),
733	'EMAIL' => get_email_address_as_display_text($local_user['email']),
734	'GROUPS' => $groups_string,
735	'PROPERTIES' => implode( ', ', $properties),
736	'plugin_columns' => isset($local_user['plugin_columns']) ? $local_user['plugin_columns'] : array(),
737	'plugin_actions' => isset($local_user['plugin_actions']) ? $local_user['plugin_actions'] : array(),
738	)
739	);
740	}
741
742	// +-----------------------------------------------------------------------+
743	// \| html code display \|
744	// +-----------------------------------------------------------------------+
745
746	$template->assign_var_from_handle('ADMIN_CONTENT', 'user_list');
747	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: