Project

General

Profile

1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id: users.php 1805 2012-11-04 00:53:51Z Luisehahne $
13
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/users/users.php $
14
 * @lastmodified    $Date: 2012-11-04 01:53:51 +0100 (Sun, 04 Nov 2012) $
15
 *
16
 */
17

    
18
 // Include config file and admin class file
19

    
20
$config_file = realpath('../../config.php');
21
if(file_exists($config_file) && !defined('WB_URL'))
22
{
23
	require_once($config_file);
24
}
25

    
26
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27

    
28
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
29
$aActionRequest = (isset(${$requestMethod})) ? ${$requestMethod} : null;
30

    
31
$action = 'cancel';
32

    
33
// Set parameter 'action' as alternative to javascript mechanism
34
$action = (isset($aActionRequest['modify']) ? 'modify' : $action );
35
$action = (isset($aActionRequest['delete']) ? 'delete' : $action );
36
$action = (isset($aActionRequest['delete_outdated']) ? 'delete_outdated' : $action );
37

    
38
switch ($action):
39
	case 'modify' :
40
			// Print header
41
			$admin = new admin('Access', 'users_modify');
42
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
43
			// Check if user id is a valid number and doesnt equal 1
44
			if($user_id == 0){
45
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
46
            }
47
			if( ($user_id < 2 ) )
48
			{
49
				// if($admin_header) { $admin->print_header(); }
50
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
51
			}
52
			// Get existing values
53
			$results = $database->query("SELECT * FROM `".TABLE_PREFIX."users` WHERE `user_id` = '".$user_id."'");
54
			$user = $results->fetchRow();
55

    
56
			// Setup template object, parse vars to it, then parse it
57
			// Create new template object
58
			$template = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep');
59
			// $template->debug = true;
60
			$template->set_file('page', 'users_form.htt');
61
			$template->set_block('page', 'main_block', 'main');
62
			$template->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
63
			$template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
64
			$template->set_var(	array(
65
						'ACTION_URL' => ADMIN_URL.'/users/save.php',
66
						'SUBMIT_TITLE' => $TEXT['SAVE'],
67
						'USER_ID' => $user['user_id'],
68
						'DISPLAY_EXTRA' => '',
69
						'DISPLAY_HOME_FOLDERS' => '',
70
						'USERNAME' => $user['username'],
71
						'DISPLAY_NAME' => $user['display_name'],
72
						'EMAIL' => $user['email'],
73
						'ADMIN_URL' => ADMIN_URL,
74
						'WB_URL' => WB_URL,
75
						'THEME_URL' => THEME_URL
76
						)
77
				);
78

    
79
			$template->set_var('FTAN', $admin->getFTAN());
80
			if($user['active'] == 1) {
81
                $template->set_var('DISABLED_CHECKED', '');
82
				$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
83
			} else {
84
                $template->set_var('ACTIVE_CHECKED', '');
85
				$template->set_var('DISABLED_CHECKED', ' checked="checked"');
86
			}
87
			// Add groups to list
88
			$template->set_block('main_block', 'group_list_block', 'group_list');
89
			$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
90
			if($results->numRows() > 0) {
91
				$template->set_var('ID', '');
92
				$template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
93
				$template->set_var('SELECTED', '');
94
				$template->parse('group_list', 'group_list_block', true);
95
				while($group = $results->fetchRow()) {
96
					$template->set_var('ID', $group['group_id']);
97
					$template->set_var('NAME', $group['name']);
98
					if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
99
						$template->set_var('SELECTED', ' selected="selected"');
100
					} else {
101
						$template->set_var('SELECTED', '');
102
					}
103
					$template->parse('group_list', 'group_list_block', true);
104
				}
105
			}
106

    
107
			// Only allow the user to add a user to the Administrators group if they belong to it
108
			if(in_array(1, $admin->get_groups_id()))
109
		    {
110
				$template->set_var('ID', '1');
111
				$users_groups = $admin->get_groups_name();
112
				$template->set_var('NAME', $users_groups[1]);
113

    
114
				$in_group = FALSE;
115
				foreach($admin->get_groups_id() as $cur_gid){
116
				    if (in_array($cur_gid, explode(",", $user['groups_id']))) {
117
				        $in_group = TRUE;
118
				    }
119
				}
120

    
121
				if($in_group) {
122
					$template->set_var('SELECTED', ' selected="selected"');
123
				} else {
124
					$template->set_var('SELECTED', '');
125
				}
126
				$template->parse('group_list', 'group_list_block', true);
127
			} else {
128
				if($results->numRows() == 0) {
129
					$template->set_var('ID', '');
130
					$template->set_var('NAME', $TEXT['NONE_FOUND']);
131
					$template->set_var('SELECTED', ' selected="selected"');
132
					$template->parse('group_list', 'group_list_block', true);
133
				}
134
			}
135

    
136
			// Generate username field name
137
			$username_fieldname = 'username_';
138
			$salt = "abchefghjkmnpqrstuvwxyz0123456789";
139
			srand((double)microtime()*1000000);
140
			$i = 0;
141
			while ($i <= 7) {
142
				$num = rand() % 33;
143
				$tmp = substr($salt, $num, 1);
144
				$username_fieldname = $username_fieldname . $tmp;
145
				$i++;
146
			}
147

    
148
			// Work-out if home folder should be shown
149
			if(!HOME_FOLDERS) {
150
				$template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
151
			}
152

    
153
			// Include the WB functions file
154
			require_once(WB_PATH.'/framework/functions.php');
155

    
156
			// Add media folders to home folder list
157
			$template->set_block('main_block', 'folder_list_block', 'folder_list');
158
			foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name)
159
		    {
160
				$template->set_var('NAME', str_replace(WB_PATH, '', $name));
161
				$template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
162
				if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
163
					$template->set_var('SELECTED', ' selected="selected"');
164
				} else {
165
					$template->set_var('SELECTED', ' ');
166
				}
167
				$template->parse('folder_list', 'folder_list_block', true);
168
			}
169

    
170
			// Insert language text and messages
171
			$template->set_var(array(
172
								'TEXT_RESET' => $TEXT['RESET'],
173
								'TEXT_CANCEL' => $TEXT['CANCEL'],
174
								'TEXT_ACTIVE' => $TEXT['ACTIVE'],
175
								'TEXT_DISABLED' => $TEXT['DISABLED'],
176
								'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
177
								'TEXT_USERNAME' => $TEXT['USERNAME'],
178
								'TEXT_PASSWORD' => $TEXT['PASSWORD'],
179
								'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
180
								'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
181
								'TEXT_EMAIL' => $TEXT['EMAIL'],
182
								'TEXT_GROUP' => $TEXT['GROUP'],
183
								'TEXT_NONE' => $TEXT['NONE'],
184
								'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'],
185
								'USERNAME_FIELDNAME' => $username_fieldname,
186
								'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'],
187
								'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER']
188
								)
189
						);
190

    
191
			// Parse template object
192
			$template->parse('show_modify_loginname', 'show_modify_loginname_block', true);
193
			$template->parse('show_add_loginname', '', true);
194
			$template->parse('main', 'main_block', false);
195
			$template->pparse('output', 'page');
196
			break;
197
		case 'delete' :
198
			// Print header
199
			$admin = new admin('Access', 'users_delete');
200

    
201
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
202
			// Check if user id is a valid number and doesnt equal 1
203

    
204
			if($user_id == 0){
205
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
206
            }
207
			if( ($user_id < 2 ) )
208
			{
209
				// if($admin_header) { $admin->print_header(); }
210
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
211
			}
212
			$sql  = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` ';
213
            $sql .= 'WHERE `user_id` = '.$user_id.'';
214
            if( ($iDeleteUser = $database->get_one($sql)) == 1 ) {
215
				// Delete the user
216
				$database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' ");
217
            } else {
218
				$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
219
            }
220

    
221
			if($database->is_error()) {
222
				$admin->print_error($database->get_error());
223
			} else {
224
				$admin->print_success($MESSAGE['USERS_DELETED']);
225
			}
226
			break;
227
		case 'delete_outdated' :
228
			$admin = new admin('Access', 'users_delete');
229
			$user_id = intval($admin->checkIDKEY('user_id_activation_id', 0, $_SERVER['REQUEST_METHOD']));
230
			// Check if user id is a valid number and doesnt equal 1
231
			if($user_id == 0){
232
    			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
233
            }
234
			if( ($user_id < 2 ) )
235
			{
236
				// if($admin_header) { $admin->print_header(); }
237
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
238
			}
239
			$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
240
			if($database->is_error()) {
241
				$admin->print_error($database->get_error());
242
			} else {
243
				$admin->print_success($MESSAGE['USERS_DELETED']);
244
			}
245
			break;
246
	default:
247
			break;
248
endswitch;
249

    
250

    
251

    
252
// Print admin footer
253
$admin->print_footer();
254

    
(4-4/4)