Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: users.php 1804 2012-11-01 22:50:49Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/users/users.php $
14
 * @lastmodified    $Date: 2012-11-01 23:50:49 +0100 (Thu, 01 Nov 2012) $
15
 *
16
 */
17

    
18
 // Include config file and admin class file
19

    
20
$config_file = realpath('../../config.php');
21
if(file_exists($config_file) && !defined('WB_URL'))
22
{
23
	require_once($config_file);
24
}
25

    
26
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27

    
28
$action = 'cancel';
29
// Set parameter 'action' as alternative to javascript mechanism
30
$action = (isset($_POST['modify']) ? 'modify' : $action );
31
$action = (isset($_POST['delete']) ? 'delete' : $action );
32
$action = (isset($_POST['delete_outdated']) ? 'delete_outdated' : $action );
33

    
34
switch ($action):
35
	case 'modify' :
36
			// Print header
37
			$admin = new admin('Access', 'users_modify');
38
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
39
			// Check if user id is a valid number and doesnt equal 1
40
			if($user_id == 0){
41
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
42
            }
43
			if( ($user_id < 2 ) )
44
			{
45
				// if($admin_header) { $admin->print_header(); }
46
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
47
			}
48
			// Get existing values
49
			$results = $database->query("SELECT * FROM `".TABLE_PREFIX."users` WHERE `user_id` = '".$user_id."'");
50
			$user = $results->fetchRow();
51

    
52
			// Setup template object, parse vars to it, then parse it
53
			// Create new template object
54
			$template = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep');
55
			// $template->debug = true;
56
			$template->set_file('page', 'users_form.htt');
57
			$template->set_block('page', 'main_block', 'main');
58
			$template->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
59
			$template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
60
			$template->set_var(	array(
61
						'ACTION_URL' => ADMIN_URL.'/users/save.php',
62
						'SUBMIT_TITLE' => $TEXT['SAVE'],
63
						'USER_ID' => $user['user_id'],
64
						'DISPLAY_EXTRA' => '',
65
						'DISPLAY_HOME_FOLDERS' => '',
66
						'USERNAME' => $user['username'],
67
						'DISPLAY_NAME' => $user['display_name'],
68
						'EMAIL' => $user['email'],
69
						'ADMIN_URL' => ADMIN_URL,
70
						'WB_URL' => WB_URL,
71
						'THEME_URL' => THEME_URL
72
						)
73
				);
74

    
75
			$template->set_var('FTAN', $admin->getFTAN());
76
			if($user['active'] == 1) {
77
                $template->set_var('DISABLED_CHECKED', '');
78
				$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
79
			} else {
80
                $template->set_var('ACTIVE_CHECKED', '');
81
				$template->set_var('DISABLED_CHECKED', ' checked="checked"');
82
			}
83
			// Add groups to list
84
			$template->set_block('main_block', 'group_list_block', 'group_list');
85
			$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
86
			if($results->numRows() > 0) {
87
				$template->set_var('ID', '');
88
				$template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
89
				$template->set_var('SELECTED', '');
90
				$template->parse('group_list', 'group_list_block', true);
91
				while($group = $results->fetchRow()) {
92
					$template->set_var('ID', $group['group_id']);
93
					$template->set_var('NAME', $group['name']);
94
					if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
95
						$template->set_var('SELECTED', ' selected="selected"');
96
					} else {
97
						$template->set_var('SELECTED', '');
98
					}
99
					$template->parse('group_list', 'group_list_block', true);
100
				}
101
			}
102

    
103
			// Only allow the user to add a user to the Administrators group if they belong to it
104
			if(in_array(1, $admin->get_groups_id()))
105
		    {
106
				$template->set_var('ID', '1');
107
				$users_groups = $admin->get_groups_name();
108
				$template->set_var('NAME', $users_groups[1]);
109

    
110
				$in_group = FALSE;
111
				foreach($admin->get_groups_id() as $cur_gid){
112
				    if (in_array($cur_gid, explode(",", $user['groups_id']))) {
113
				        $in_group = TRUE;
114
				    }
115
				}
116

    
117
				if($in_group) {
118
					$template->set_var('SELECTED', ' selected="selected"');
119
				} else {
120
					$template->set_var('SELECTED', '');
121
				}
122
				$template->parse('group_list', 'group_list_block', true);
123
			} else {
124
				if($results->numRows() == 0) {
125
					$template->set_var('ID', '');
126
					$template->set_var('NAME', $TEXT['NONE_FOUND']);
127
					$template->set_var('SELECTED', ' selected="selected"');
128
					$template->parse('group_list', 'group_list_block', true);
129
				}
130
			}
131

    
132
			// Generate username field name
133
			$username_fieldname = 'username_';
134
			$salt = "abchefghjkmnpqrstuvwxyz0123456789";
135
			srand((double)microtime()*1000000);
136
			$i = 0;
137
			while ($i <= 7) {
138
				$num = rand() % 33;
139
				$tmp = substr($salt, $num, 1);
140
				$username_fieldname = $username_fieldname . $tmp;
141
				$i++;
142
			}
143

    
144
			// Work-out if home folder should be shown
145
			if(!HOME_FOLDERS) {
146
				$template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
147
			}
148

    
149
			// Include the WB functions file
150
			require_once(WB_PATH.'/framework/functions.php');
151

    
152
			// Add media folders to home folder list
153
			$template->set_block('main_block', 'folder_list_block', 'folder_list');
154
			foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name)
155
		    {
156
				$template->set_var('NAME', str_replace(WB_PATH, '', $name));
157
				$template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
158
				if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
159
					$template->set_var('SELECTED', ' selected="selected"');
160
				} else {
161
					$template->set_var('SELECTED', ' ');
162
				}
163
				$template->parse('folder_list', 'folder_list_block', true);
164
			}
165

    
166
			// Insert language text and messages
167
			$template->set_var(array(
168
								'TEXT_RESET' => $TEXT['RESET'],
169
								'TEXT_CANCEL' => $TEXT['CANCEL'],
170
								'TEXT_ACTIVE' => $TEXT['ACTIVE'],
171
								'TEXT_DISABLED' => $TEXT['DISABLED'],
172
								'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
173
								'TEXT_USERNAME' => $TEXT['USERNAME'],
174
								'TEXT_PASSWORD' => $TEXT['PASSWORD'],
175
								'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
176
								'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
177
								'TEXT_EMAIL' => $TEXT['EMAIL'],
178
								'TEXT_GROUP' => $TEXT['GROUP'],
179
								'TEXT_NONE' => $TEXT['NONE'],
180
								'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'],
181
								'USERNAME_FIELDNAME' => $username_fieldname,
182
								'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'],
183
								'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER']
184
								)
185
						);
186

    
187
			// Parse template object
188
			$template->parse('show_modify_loginname', 'show_modify_loginname_block', true);
189
			$template->parse('show_add_loginname', '', true);
190
			$template->parse('main', 'main_block', false);
191
			$template->pparse('output', 'page');
192
			// Print admin footer
193
			$admin->print_footer();
194
			break;
195
		case 'delete' :
196
			// Print header
197
			$admin = new admin('Access', 'users_delete');
198

    
199
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
200
			// Check if user id is a valid number and doesnt equal 1
201

    
202
			if($user_id == 0){
203
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
204
            }
205
			if( ($user_id < 2 ) )
206
			{
207
				// if($admin_header) { $admin->print_header(); }
208
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
209
			}
210
			$sql  = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` ';
211
            $sql .= 'WHERE `user_id` = '.$user_id.'';
212
            if( ($iDeleteUser = $database->get_one($sql)) == 1 ) {
213
				// Delete the user
214
				$database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' ");
215
            } else {
216
				$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
217
            }
218

    
219
			if($database->is_error()) {
220
				$admin->print_error($database->get_error());
221
			} else {
222
				$admin->print_success($MESSAGE['USERS_DELETED']);
223
			}
224
			// Print admin footer
225
			$admin->print_footer();
226
			break;
227
		case 'delete_outdated' :
228
			$admin = new admin('Access', 'users_delete');
229

    
230
			$user_id = intval($admin->checkIDKEY('user_id_activation_id', 0, $_SERVER['REQUEST_METHOD']));
231
			// Check if user id is a valid number and doesnt equal 1
232
			if($user_id == 0){
233
    			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
234
            }
235
			if( ($user_id < 2 ) )
236
			{
237
				// if($admin_header) { $admin->print_header(); }
238
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
239
			}
240
			$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
241
			if($database->is_error()) {
242
				$admin->print_error($database->get_error());
243
			} else {
244
				$admin->print_success($MESSAGE['USERS_DELETED']);
245
			}
246
			// Print admin footer
247
			$admin->print_footer();
248

    
249

    
250
			break;
251
	default:
252
			break;
253
endswitch;
(4-4/4)