Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id: users.php 1475 2011-07-12 23:07:10Z Luisehahne $
14
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/users/users.php $
15
 * @lastmodified    $Date: 2011-07-13 01:07:10 +0200 (Wed, 13 Jul 2011) $
16
 *
17
*/
18

    
19
 // Include config file and admin class file
20
require('../../config.php');
21
require_once(WB_PATH.'/framework/class.admin.php');
22

    
23
$action = 'cancel';
24
// Set parameter 'action' as alternative to javascript mechanism
25
$action = (isset($_POST['modify']) ? 'modify' : $action );
26
$action = (isset($_POST['delete']) ? 'delete' : $action );
27

    
28
switch ($action):
29
	case 'modify' :
30
			// Print header
31
			$admin = new admin('Access', 'users_modify');
32
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
33
			// Check if user id is a valid number and doesnt equal 1
34
			if( ($user_id < 2 ) )
35
			{
36
				// if($admin_header) { $admin->print_header(); }
37
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
38
			}
39
			// Get existing values
40
			$results = $database->query("SELECT * FROM ".TABLE_PREFIX."users WHERE user_id = '".$user_id."'");
41
			$user = $results->fetchRow();
42

    
43
			// Setup template object
44
			$template = new Template(THEME_PATH.'/templates');
45
			$template->set_file('page', 'users_form.htt');
46
			$template->set_block('page', 'main_block', 'main');
47
			$template->set_var(	array(
48
								'ACTION_URL' => ADMIN_URL.'/users/save.php',
49
								'SUBMIT_TITLE' => $TEXT['SAVE'],
50
								'USER_ID' => $user['user_id'],
51
								'USERNAME' => $user['username'],
52
								'DISPLAY_NAME' => $user['display_name'],
53
								'EMAIL' => $user['email'],
54
								'ADMIN_URL' => ADMIN_URL,
55
								'WB_URL' => WB_URL,
56
								'THEME_URL' => THEME_URL
57
								)
58
						);
59

    
60
			$template->set_var('FTAN', $admin->getFTAN());
61
			if($user['active'] == 1) {
62
				$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
63
			} else {
64
				$template->set_var('DISABLED_CHECKED', ' checked="checked"');
65
			}
66
			// Add groups to list
67
			$template->set_block('main_block', 'group_list_block', 'group_list');
68
			$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
69
			if($results->numRows() > 0) {
70
				$template->set_var('ID', '');
71
				$template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
72
				$template->set_var('SELECTED', '');
73
				$template->parse('group_list', 'group_list_block', true);
74
				while($group = $results->fetchRow()) {
75
					$template->set_var('ID', $group['group_id']);
76
					$template->set_var('NAME', $group['name']);
77
					if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
78
						$template->set_var('SELECTED', ' selected="selected"');
79
					} else {
80
						$template->set_var('SELECTED', '');
81
					}
82
					$template->parse('group_list', 'group_list_block', true);
83
				}
84
			}
85

    
86
			// Only allow the user to add a user to the Administrators group if they belong to it
87
			if(in_array(1, $admin->get_groups_id()))
88
		    {
89
				$template->set_var('ID', '1');
90
				$users_groups = $admin->get_groups_name();
91
				$template->set_var('NAME', $users_groups[1]);
92

    
93
				$in_group = FALSE;
94
				foreach($admin->get_groups_id() as $cur_gid){
95
				    if (in_array($cur_gid, explode(",", $user['groups_id']))) {
96
				        $in_group = TRUE;
97
				    }
98
				}
99

    
100
				if($in_group) {
101
					$template->set_var('SELECTED', ' selected="selected"');
102
				} else {
103
					$template->set_var('SELECTED', '');
104
				}
105
				$template->parse('group_list', 'group_list_block', true);
106
			} else {
107
				if($results->numRows() == 0) {
108
					$template->set_var('ID', '');
109
					$template->set_var('NAME', $TEXT['NONE_FOUND']);
110
					$template->set_var('SELECTED', ' selected="selected"');
111
					$template->parse('group_list', 'group_list_block', true);
112
				}
113
			}
114

    
115
			// Generate username field name
116
			$username_fieldname = 'username_';
117
			$salt = "abchefghjkmnpqrstuvwxyz0123456789";
118
			srand((double)microtime()*1000000);
119
			$i = 0;
120
			while ($i <= 7) {
121
				$num = rand() % 33;
122
				$tmp = substr($salt, $num, 1);
123
				$username_fieldname = $username_fieldname . $tmp;
124
				$i++;
125
			}
126

    
127
			// Work-out if home folder should be shown
128
			if(!HOME_FOLDERS) {
129
				$template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
130
			}
131

    
132
			// Include the WB functions file
133
			require_once(WB_PATH.'/framework/functions.php');
134

    
135
			// Add media folders to home folder list
136
			$template->set_block('main_block', 'folder_list_block', 'folder_list');
137
			foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name)
138
		    {
139
				$template->set_var('NAME', str_replace(WB_PATH, '', $name));
140
				$template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
141
				if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
142
					$template->set_var('SELECTED', ' selected="selected"');
143
				} else {
144
					$template->set_var('SELECTED', ' ');
145
				}
146
				$template->parse('folder_list', 'folder_list_block', true);
147
			}
148

    
149
			// Insert language text and messages
150
			$template->set_var(array(
151
								'TEXT_RESET' => $TEXT['RESET'],
152
								'TEXT_ACTIVE' => $TEXT['ACTIVE'],
153
								'TEXT_DISABLED' => $TEXT['DISABLED'],
154
								'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
155
								'TEXT_USERNAME' => $TEXT['USERNAME'],
156
								'TEXT_PASSWORD' => $TEXT['PASSWORD'],
157
								'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
158
								'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
159
								'TEXT_EMAIL' => $TEXT['EMAIL'],
160
								'TEXT_GROUP' => $TEXT['GROUP'],
161
								'TEXT_NONE' => $TEXT['NONE'],
162
								'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'],
163
								'USERNAME_FIELDNAME' => $username_fieldname,
164
								'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'],
165
								'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER']
166
								)
167
						);
168

    
169
			// Parse template object
170
			$template->parse('main', 'main_block', false);
171
			$template->pparse('output', 'page');
172
			break;
173
		case 'delete' :
174
			// Print header
175
			$admin = new admin('Access', 'users_delete');
176
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
177
			// Check if user id is a valid number and doesnt equal 1
178
			if( ($user_id < 2 ) )
179
			{
180
				// if($admin_header) { $admin->print_header(); }
181
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
182
			}
183
			// Delete the user
184
			$database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' ");
185
			if($database->is_error()) {
186
				$admin->print_error($database->get_error());
187
			} else {
188
				$admin->print_success($MESSAGE['USERS']['DELETED']);
189
			}
190
			break;
191
	default:
192
			break;
193
endswitch;
194

    
195
// Print admin footer
196
$admin->print_footer();
(4-4/4)