Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6
 * @author          WebsiteBaker Project
7
 * @copyright       Ryan Djurovich
8
 * @copyright       WebsiteBaker Org. e.V.
9
 * @link            http://websitebaker.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.3
12
 * @requirements    PHP 5.3.6 and higher
13
 * @version         $Id: users.php 2 2017-07-02 15:14:29Z Manuela $
14
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/trunk/admin/users/users.php $
15
 * @lastmodified    $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
16
 *
17
 */
18

    
19
 // Include config file and admin class file
20
if ( !defined( 'WB_PATH' ) ){ require( dirname(dirname((__DIR__))).'/config.php' ); }
21
if ( !class_exists('admin', false) ) { require(WB_PATH.'/framework/class.admin.php'); }
22

    
23
$action = 'cancel';
24
// Set parameter 'action' as alternative to javascript mechanism
25
$action = (isset($_POST['modify']) ? 'modify' : $action );
26
$action = (isset($_POST['delete']) ? 'delete' : $action );
27

    
28
$oTrans = Translate::getInstance();
29
$oTrans->enableAddon(ADMIN_DIRECTORY.'\\users');
30
/*
31
print '<pre  class="mod-pre rounded">function <span>'.__FUNCTION__.'( '.''.' );</span>  filename: <span>'.basename(__FILE__).'</span>  line: '.__LINE__.' -> <br />';
32
print_r( $oTrans ); print '</pre>'; flush (); //  ob_flush();;sleep(10); die();
33
*/
34

    
35
switch ($action):
36
    case 'modify' :
37
            // Print header
38
            $admin = new admin('Access', 'users_modify');
39
            $user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
40
            // Check if user id is a valid number and doesnt equal 1
41
            if($user_id == 0){
42
            $admin->print_error($oTrans->MESSAGE_GENERIC_FORGOT_OPTIONS );
43
            }
44
            if( ($user_id < 2 ) )
45
            {
46
                // if($admin_header) { $admin->print_header(); }
47
                $admin->print_error($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS, ADMIN_URL );
48
            }
49
            // Get existing values
50

    
51
            $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ;
52
            $sql .= 'WHERE user_id != 1 ';
53
            $sql .=   'AND user_id = '.$user_id.' ';
54

    
55
            $results = $database->query($sql);
56

    
57
            $user = $results->fetchRow(MYSQLI_ASSOC);
58
            // Setup template object, parse vars to it, then parse it
59
            // Create new template object
60
            $template = new Template(dirname($admin->correct_theme_source('users_form.htt')), 'remove');
61
            // $template->debug = true;
62
            $template->set_file('page', 'users_form.htt');
63
            $template->set_block('page', 'main_block', 'main');
64
            $template->set_block('main_block', 'user_add_block', 'user_add');
65

    
66
            $template->set_var(array(
67
                                'ACTION_URL' => ADMIN_URL.'/users/save.php',
68
                                'SUBMIT_TITLE' => $oTrans->TEXT_SAVE,
69
                                'USER_ID' => $user['user_id'],
70
                                'USERNAME' => $user['username'],
71
                                'DISPLAY_NAME' => $user['display_name'],
72
                                'EMAIL' => $user['email'],
73
                                'ADMIN_URL' => ADMIN_URL,
74
                                'WB_URL' => WB_URL,
75
                                'THEME_URL' => THEME_URL
76
                                )
77
                        );
78

    
79
            $template->set_var('FTAN', $admin->getFTAN());
80
            $template->set_var('READONLY', 'readonly="readonly"' );
81
            if($user['active'] == 1) {
82
                $template->set_var('ACTIVE_CHECKED', ' checked="checked"');
83
            } else {
84
                $template->set_var('DISABLED_CHECKED', ' checked="checked"');
85
            }
86
            // Add groups to list
87
            $template->set_block('main_block', 'group_list_block', 'group_list');
88
            $sql  = 'SELECT `group_id`, `name` FROM `'.TABLE_PREFIX.'groups` '
89
                  . 'WHERE `group_id` != 1 '
90
                  . 'ORDER BY `name`';
91
            $results = $database->query($sql);
92
            if ($database->query($sql))
93
            {
94
                $template->set_var('ID', '');
95
                $template->set_var('NAME', $oTrans->TEXT_PLEASE_SELECT.'...');
96
                $template->set_var('SELECTED', '');
97
                $template->parse('group_list', 'group_list_block', true);
98
                while($group = $results->fetchRow(MYSQLI_ASSOC))
99
                {
100
                    $template->set_var('ID', $group['group_id']);
101
                    $template->set_var('NAME', $group['name']);
102
                    $template->set_var('SELECTED', '');
103
                    if ($admin->is_group_match($group['group_id'], $user['groups_id']))
104
                    {
105
                        $template->set_var('SELECTED', ' selected="selected"');
106
                    }
107
                    $template->parse('group_list', 'group_list_block', true);
108
                }
109
            }
110

    
111
            // Only allow the user to add a user to the Administrators group if they belong to it
112
            if ($admin->ami_group_member('1'))
113
            {
114
                $template->set_var('ID', '1');
115
                $users_groups = $admin->get_groups_name();
116
                $template->set_var('NAME', $users_groups[1]);
117
                if ($admin->is_group_match('1', $user['groups_id']))
118
                {
119
                    $template->set_var('SELECTED', ' selected="selected"');
120
                } else {
121
                    $template->set_var('SELECTED', '');
122
                }
123
                $template->parse('group_list', 'group_list_block', true);
124
            } else {
125
                if($results->numRows() == 0)
126
                {
127
                    $template->set_var('ID', '');
128
                    $template->set_var('NAME', $oTrans->TEXT_NONE_FOUND);
129
                    $template->set_var('SELECTED', ' selected="selected"');
130
                    $template->parse('group_list', 'group_list_block', true);
131
                }
132
            }
133

    
134
            // Generate username field name
135
            $username_fieldname = 'username_';
136
            $salt = "abchefghjkmnpqrstuvwxyz0123456789";
137
            srand((double)microtime()*1000000);
138
            $i = 0;
139
            while ($i <= 7) {
140
                $num = rand() % 33;
141
                $tmp = substr($salt, $num, 1);
142
                $username_fieldname = $username_fieldname . $tmp;
143
                $i++;
144
            }
145

    
146
            // Work-out if home folder should be shown
147
            if(!HOME_FOLDERS) {
148
                $template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
149
            }
150

    
151
            // Include the WB functions file
152
            require_once(WB_PATH.'/framework/functions.php');
153

    
154
            // Add media folders to home folder list
155
            $template->set_block('main_block', 'folder_list_block', 'folder_list');
156
            foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name)
157
            {
158
                $template->set_var('NAME', str_replace(WB_PATH, '', $name));
159
                $template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
160
                if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
161
                    $template->set_var('SELECTED', ' selected="selected"');
162
                } else {
163
                    $template->set_var('SELECTED', ' ');
164
                }
165
                $template->parse('folder_list', 'folder_list_block', true);
166
            }
167

    
168
            // Insert language text and messages
169
            $template->set_var(array(
170
                                'TEXT_RESET' => $oTrans->TEXT_RESET,
171
                                'TEXT_CANCEL' => $oTrans->TEXT_CANCEL,
172
                                'TEXT_ACTIVE' => $oTrans->TEXT_ACTIVE,
173
                                'TEXT_DISABLED' => $oTrans->TEXT_DISABLED,
174
                                'TEXT_PLEASE_SELECT' => $oTrans->TEXT_PLEASE_SELECT,
175
                                'TEXT_USERNAME' => $oTrans->TEXT_USERNAME,
176
                                'TEXT_PASSWORD' => $oTrans->TEXT_PASSWORD,
177
                                'TEXT_RETYPE_PASSWORD' => $oTrans->TEXT_RETYPE_PASSWORD,
178
                                'TEXT_DISPLAY_NAME' => $oTrans->TEXT_DISPLAY_NAME,
179
                                'TEXT_EMAIL' => $oTrans->TEXT_EMAIL,
180
                                'TEXT_GROUP' => $oTrans->TEXT_GROUP,
181
                                'TEXT_NONE' => $oTrans->TEXT_NONE,
182
                                'TEXT_HOME_FOLDER' => $oTrans->TEXT_HOME_FOLDER,
183
                                'USERNAME_FIELDNAME' => $username_fieldname,
184
                                'CHANGING_PASSWORD' => $oTrans->MESSAGE_USERS_CHANGING_PASSWORD,
185
                                'HEADING_MODIFY_USER' => $oTrans->HEADING_MODIFY_USER,
186
                                'CANCEL_LINK' => ADMIN_URL.'/users/index.php',
187
                                )
188
                        );
189

    
190
            $template->set_block( 'user_add_block', '');
191
            // Parse template object
192
            $template->parse('main', 'main_block', false);
193
            $template->pparse('output', 'page');
194
            // Print admin footer
195
            $admin->print_footer();
196
            break;
197
        case 'delete' :
198
            // Print header
199
            $admin = new admin('Access', 'users_delete');
200
            $user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
201
            // Check if user id is a valid number and doesnt equal 1
202
            if($user_id == 0){
203
            $admin->print_error($oTrans->MESSAGE_GENERIC_FORGOT_OPTIONS );
204
            }
205
            if( ($user_id < 2 ) )
206
            {
207
                // if($admin_header) { $admin->print_header(); }
208
                $admin->print_error($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS, ADMIN_URL  );
209
            }
210
            $sql  = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` ';
211
            $sql .= 'WHERE `user_id` = '.$user_id.'';
212
            if( ($iDeleteUser = $database->get_one($sql)) == 1 ) {
213
                $sMessage = $oTrans->MESSAGE_USERS_DEACTIVATED;
214
                // Delete the user
215
                $database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' ");
216
            } else {
217
                $sMessage = $oTrans->MESSAGE_USERS_DELETED;
218
                $database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
219
            }
220

    
221
            if($database->is_error()) {
222
                $admin->print_error($database->get_error());
223
            } else {
224
                $admin->print_success($sMessage);
225
            }
226
            // Print admin footer
227
            $admin->print_footer();
228
            break;
229
    default:
230
            break;
231
endswitch;
(5-5/5)