Revision 1815
Added by Luisehahne about 13 years ago
| branches/2.8.x/CHANGELOG | ||
|---|---|---|
| 13 | 13 |
|
| 14 | 14 |
|
| 15 | 15 |
|
| 16 |
11 Nov-2012 Build 1815 Dietmar Woellbrink (Luisehahne) |
|
| 17 |
! Complex code refactoring users management |
|
| 16 | 18 |
10 Nov-2012 Build 1814 Dietmar Woellbrink (Luisehahne) |
| 17 | 19 |
! update jQuery to jQuery 1.8.2 and jQuery UI 1.9.1 |
| 18 | 20 |
10 Nov-2012 Build 1813 Dietmar Woellbrink (Luisehahne) |
| branches/2.8.x/wb/upgrade-script.php | ||
|---|---|---|
| 821 | 821 |
|
| 822 | 822 |
foreach($aUsers AS $user_id => $value){
|
| 823 | 823 |
// choose group_id from groups_id - workaround for still remaining calls to group_id (to be cleaned-up) |
| 824 |
$groups_id = explode(',', $aUsers[$user_id]['groups_id']);
|
|
| 824 |
$aGroups_id = explode(',', $aUsers[$user_id]['groups_id']);
|
|
| 825 |
$groups_id = $aUsers[$user_id]['groups_id']; |
|
| 825 | 826 |
$group_id = 0; |
| 826 | 827 |
//if user is in administrator-group, get this group else just get the first one |
| 827 |
if($admin->is_group_match($groups_id,'1')) { $group_id = 1; } else { $group_id = intval($groups_id[0]); }
|
|
| 828 |
unset($groups_id); |
|
| 828 |
if($admin->is_group_match($aGroups_id,'1')) { $group_id = 1; $groups_id = '1'; } else { $group_id = intval($aGroups_id[0]); }
|
|
| 829 | 829 |
|
| 830 | 830 |
$sMessage = "<span>Updating group_id ".$TEXT['DISPLAY_NAME']." " .$aUsers[$user_id]['display_name']."</span>"; |
| 831 | 831 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '; |
| 832 |
$sql .= 'SET `group_id` = '.$group_id.' '; |
|
| 832 |
$sql .= 'SET `group_id` = '.$group_id.', '; |
|
| 833 |
$sql .= '`groups_id` = '.$groups_id.' '; |
|
| 833 | 834 |
$sql .= 'WHERE `user_id` = '.intval($user_id); |
| 834 | 835 |
|
| 835 | 836 |
if($oRes = $database->query($sql)){ }
|
| branches/2.8.x/wb/admin/skel/themes/htt/users.htt | ||
|---|---|---|
| 13 | 13 |
</tr> |
| 14 | 14 |
</table> |
| 15 | 15 |
<div class="account"> |
| 16 |
<form name="users" action="users.php" method="post" class="left">
|
|
| 16 |
<form name="users" action="index.php" method="post" class="left">
|
|
| 17 | 17 |
<input type="hidden" name="userstatus" value="{USER_STATUS}" />
|
| 18 | 18 |
{FTAN}
|
| 19 | 19 |
|
| branches/2.8.x/wb/admin/skel/themes/htt/users_form.htt | ||
|---|---|---|
| 8 | 8 |
</script> |
| 9 | 9 |
<div class="account"> |
| 10 | 10 |
|
| 11 |
<h2 class="left" style="{DISPLAY_EXTRA}">{HEADING_MODIFY_USER}</h2>
|
|
| 11 |
<h3 class="left bold" style="{DISPLAY_EXTRA}">{HEADING_MODIFY_USER}</h3>
|
|
| 12 | 12 |
|
| 13 |
<form name="user" action="{ACTION_URL}" method="post" class="{DISPLAY_ADD} left settings_table">
|
|
| 13 |
<form action="{ACTION_URL}" method="post" class="{DISPLAY_ADD} left settings_table">
|
|
| 14 | 14 |
<input type="hidden" name="user_id" value="{USER_ID}" />
|
| 15 | 15 |
<input type="hidden" name="username_fieldname" value="{USERNAME_FIELDNAME}" />
|
| 16 |
<input type="hidden" name="BackLink" value="{BACK_LINK}" />
|
|
| 16 | 17 |
{FTAN}
|
| 17 | 18 |
<table> |
| 18 | 19 |
<!-- BEGIN show_modify_loginname_block --> |
| ... | ... | |
| 46 | 47 |
</tr> |
| 47 | 48 |
<tr style="{DISPLAY_EXTRA}">
|
| 48 | 49 |
<td colspan="2" style=""> |
| 49 |
<div class="warning value_input" style="max-width:700px; margin-right: 20%; float: right;">{CHANGING_PASSWORD}</div>
|
|
| 50 |
<div class="warning value_input" style="max-width:650px; margin-right: 23%; float: right;">{CHANGING_PASSWORD}</div>
|
|
| 50 | 51 |
</td> |
| 51 | 52 |
</tr> |
| 52 | 53 |
<tr> |
| ... | ... | |
| 72 | 73 |
</select> |
| 73 | 74 |
</td> |
| 74 | 75 |
</tr> |
| 76 |
|
|
| 77 |
<!-- BEGIN show_change_group_list_block --> |
|
| 75 | 78 |
<tr> |
| 79 |
<td colspan="2" style=""> |
|
| 80 |
<div class="warning value_input" style="max-width:650px; margin-right: 23%; float: right;">{CHANGING_GROUPS}</div>
|
|
| 81 |
</td> |
|
| 82 |
</tr> |
|
| 83 |
<!-- END show_change_group_list_block --> |
|
| 84 |
|
|
| 85 |
<tr> |
|
| 76 | 86 |
<td class="rightTop">{TEXT_GROUP}:</td>
|
| 77 | 87 |
<td class="value_input"> |
| 78 | 88 |
<select name="groups[]" multiple="multiple" size="5"> |
| ... | ... | |
| 93 | 103 |
</tr> |
| 94 | 104 |
<tr> |
| 95 | 105 |
<td colspan="2" class="center"> |
| 96 |
<input type="submit" name="submit" value="{SUBMIT_TITLE}" />
|
|
| 106 |
<input type="submit" name="{SUB_ACTION}" value="{SUBMIT_TITLE}" />
|
|
| 97 | 107 |
<input type="reset" name="reset" value="{TEXT_RESET}" />
|
| 98 |
<input type="button" style="width: 100px; margin-top: 5px;" onclick="javascript:window.location='index.php';" value="{TEXT_CANCEL}" />
|
|
| 108 |
<input type="button" style="width: 100px; margin-top: 5px;" onclick="javascript:window.location='{CANCEL_URL}';" value="{TEXT_CANCEL}" />
|
|
| 99 | 109 |
</td> |
| 100 | 110 |
</tr> |
| 101 | 111 |
</table> |
| branches/2.8.x/wb/admin/interface/version.php | ||
|---|---|---|
| 51 | 51 |
|
| 52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
| 53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3');
|
| 54 |
if(!defined('REVISION')) define('REVISION', '1814');
|
|
| 54 |
if(!defined('REVISION')) define('REVISION', '1815');
|
|
| 55 | 55 |
if(!defined('SP')) define('SP', '');
|
| branches/2.8.x/wb/admin/users/users.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
/** |
|
| 3 |
* |
|
| 4 |
* @category admin |
|
| 5 |
* @package users |
|
| 6 |
* @author Ryan Djurovich, WebsiteBaker Project |
|
| 7 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
| 8 |
* @link http://www.websitebaker2.org/ |
|
| 9 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 10 |
* @platform WebsiteBaker 2.8.x |
|
| 11 |
* @requirements PHP 5.2.2 and higher |
|
| 12 |
* @version $Id$ |
|
| 13 |
* @filesource $HeadURL$ |
|
| 14 |
* @lastmodified $Date$ |
|
| 15 |
* |
|
| 16 |
*/ |
|
| 17 |
|
|
| 18 |
// Include config file and admin class file |
|
| 19 |
|
|
| 20 |
$config_file = realpath('../../config.php');
|
|
| 21 |
if(file_exists($config_file) && !defined('WB_URL'))
|
|
| 22 |
{
|
|
| 23 |
require_once($config_file); |
|
| 24 |
} |
|
| 25 |
|
|
| 26 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
|
|
| 27 |
|
|
| 28 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
| 29 |
$aActionRequest = (isset(${$requestMethod})) ? ${$requestMethod} : null;
|
|
| 30 |
|
|
| 31 |
$action = 'cancel'; |
|
| 32 |
|
|
| 33 |
// Set parameter 'action' as alternative to javascript mechanism |
|
| 34 |
$action = (isset($aActionRequest['modify']) ? 'modify' : $action ); |
|
| 35 |
$action = (isset($aActionRequest['delete']) ? 'delete' : $action ); |
|
| 36 |
$action = (isset($aActionRequest['delete_outdated']) ? 'delete_outdated' : $action ); |
|
| 37 |
|
|
| 38 |
switch ($action): |
|
| 39 |
case 'modify' : |
|
| 40 |
// Print header |
|
| 41 |
$admin = new admin('Access', 'users_modify');
|
|
| 42 |
$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
|
|
| 43 |
// Check if user id is a valid number and doesnt equal 1 |
|
| 44 |
if($user_id == 0){
|
|
| 45 |
$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
| 46 |
} |
|
| 47 |
if( ($user_id < 2 ) ) |
|
| 48 |
{
|
|
| 49 |
// if($admin_header) { $admin->print_header(); }
|
|
| 50 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
| 51 |
} |
|
| 52 |
// Get existing values |
|
| 53 |
$results = $database->query("SELECT * FROM `".TABLE_PREFIX."users` WHERE `user_id` = '".$user_id."'");
|
|
| 54 |
$user = $results->fetchRow(); |
|
| 55 |
|
|
| 56 |
// Setup template object, parse vars to it, then parse it |
|
| 57 |
// Create new template object |
|
| 58 |
$template = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep');
|
|
| 59 |
// $template->debug = true; |
|
| 60 |
$template->set_file('page', 'users_form.htt');
|
|
| 61 |
$template->set_block('page', 'main_block', 'main');
|
|
| 62 |
$template->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
|
|
| 63 |
$template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
|
|
| 64 |
$template->set_var( array( |
|
| 65 |
'ACTION_URL' => ADMIN_URL.'/users/save.php', |
|
| 66 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
| 67 |
'USER_ID' => $user['user_id'], |
|
| 68 |
'DISPLAY_EXTRA' => '', |
|
| 69 |
'DISPLAY_HOME_FOLDERS' => '', |
|
| 70 |
'USERNAME' => $user['username'], |
|
| 71 |
'DISPLAY_NAME' => $user['display_name'], |
|
| 72 |
'EMAIL' => $user['email'], |
|
| 73 |
'ADMIN_URL' => ADMIN_URL, |
|
| 74 |
'WB_URL' => WB_URL, |
|
| 75 |
'THEME_URL' => THEME_URL |
|
| 76 |
) |
|
| 77 |
); |
|
| 78 |
|
|
| 79 |
$template->set_var('FTAN', $admin->getFTAN());
|
|
| 80 |
if($user['active'] == 1) {
|
|
| 81 |
$template->set_var('DISABLED_CHECKED', '');
|
|
| 82 |
$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
|
|
| 83 |
} else {
|
|
| 84 |
$template->set_var('ACTIVE_CHECKED', '');
|
|
| 85 |
$template->set_var('DISABLED_CHECKED', ' checked="checked"');
|
|
| 86 |
} |
|
| 87 |
// Add groups to list |
|
| 88 |
$template->set_block('main_block', 'group_list_block', 'group_list');
|
|
| 89 |
$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
|
|
| 90 |
if($results->numRows() > 0) {
|
|
| 91 |
$template->set_var('ID', '');
|
|
| 92 |
$template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
|
|
| 93 |
$template->set_var('SELECTED', '');
|
|
| 94 |
$template->parse('group_list', 'group_list_block', true);
|
|
| 95 |
while($group = $results->fetchRow()) {
|
|
| 96 |
$template->set_var('ID', $group['group_id']);
|
|
| 97 |
$template->set_var('NAME', $group['name']);
|
|
| 98 |
if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
|
|
| 99 |
$template->set_var('SELECTED', ' selected="selected"');
|
|
| 100 |
} else {
|
|
| 101 |
$template->set_var('SELECTED', '');
|
|
| 102 |
} |
|
| 103 |
$template->parse('group_list', 'group_list_block', true);
|
|
| 104 |
} |
|
| 105 |
} |
|
| 106 |
|
|
| 107 |
// Only allow the user to add a user to the Administrators group if they belong to it |
|
| 108 |
if(in_array(1, $admin->get_groups_id())) |
|
| 109 |
{
|
|
| 110 |
$template->set_var('ID', '1');
|
|
| 111 |
$users_groups = $admin->get_groups_name(); |
|
| 112 |
$template->set_var('NAME', $users_groups[1]);
|
|
| 113 |
|
|
| 114 |
$in_group = FALSE; |
|
| 115 |
foreach($admin->get_groups_id() as $cur_gid){
|
|
| 116 |
if (in_array($cur_gid, explode(",", $user['groups_id']))) {
|
|
| 117 |
$in_group = TRUE; |
|
| 118 |
} |
|
| 119 |
} |
|
| 120 |
|
|
| 121 |
if($in_group) {
|
|
| 122 |
$template->set_var('SELECTED', ' selected="selected"');
|
|
| 123 |
} else {
|
|
| 124 |
$template->set_var('SELECTED', '');
|
|
| 125 |
} |
|
| 126 |
$template->parse('group_list', 'group_list_block', true);
|
|
| 127 |
} else {
|
|
| 128 |
if($results->numRows() == 0) {
|
|
| 129 |
$template->set_var('ID', '');
|
|
| 130 |
$template->set_var('NAME', $TEXT['NONE_FOUND']);
|
|
| 131 |
$template->set_var('SELECTED', ' selected="selected"');
|
|
| 132 |
$template->parse('group_list', 'group_list_block', true);
|
|
| 133 |
} |
|
| 134 |
} |
|
| 135 |
|
|
| 136 |
// Generate username field name |
|
| 137 |
$username_fieldname = 'username_'; |
|
| 138 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
| 139 |
srand((double)microtime()*1000000); |
|
| 140 |
$i = 0; |
|
| 141 |
while ($i <= 7) {
|
|
| 142 |
$num = rand() % 33; |
|
| 143 |
$tmp = substr($salt, $num, 1); |
|
| 144 |
$username_fieldname = $username_fieldname . $tmp; |
|
| 145 |
$i++; |
|
| 146 |
} |
|
| 147 |
|
|
| 148 |
// Work-out if home folder should be shown |
|
| 149 |
if(!HOME_FOLDERS) {
|
|
| 150 |
$template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
|
|
| 151 |
} |
|
| 152 |
|
|
| 153 |
// Include the WB functions file |
|
| 154 |
require_once(WB_PATH.'/framework/functions.php'); |
|
| 155 |
|
|
| 156 |
// Add media folders to home folder list |
|
| 157 |
$template->set_block('main_block', 'folder_list_block', 'folder_list');
|
|
| 158 |
foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) |
|
| 159 |
{
|
|
| 160 |
$template->set_var('NAME', str_replace(WB_PATH, '', $name));
|
|
| 161 |
$template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
|
|
| 162 |
if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
|
|
| 163 |
$template->set_var('SELECTED', ' selected="selected"');
|
|
| 164 |
} else {
|
|
| 165 |
$template->set_var('SELECTED', ' ');
|
|
| 166 |
} |
|
| 167 |
$template->parse('folder_list', 'folder_list_block', true);
|
|
| 168 |
} |
|
| 169 |
|
|
| 170 |
// Insert language text and messages |
|
| 171 |
$template->set_var(array( |
|
| 172 |
'TEXT_RESET' => $TEXT['RESET'], |
|
| 173 |
'TEXT_CANCEL' => $TEXT['CANCEL'], |
|
| 174 |
'TEXT_ACTIVE' => $TEXT['ACTIVE'], |
|
| 175 |
'TEXT_DISABLED' => $TEXT['DISABLED'], |
|
| 176 |
'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], |
|
| 177 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
| 178 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
| 179 |
'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], |
|
| 180 |
'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], |
|
| 181 |
'TEXT_EMAIL' => $TEXT['EMAIL'], |
|
| 182 |
'TEXT_GROUP' => $TEXT['GROUP'], |
|
| 183 |
'TEXT_NONE' => $TEXT['NONE'], |
|
| 184 |
'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], |
|
| 185 |
'USERNAME_FIELDNAME' => $username_fieldname, |
|
| 186 |
'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'], |
|
| 187 |
'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER'] |
|
| 188 |
) |
|
| 189 |
); |
|
| 190 |
|
|
| 191 |
// Parse template object |
|
| 192 |
$template->parse('show_modify_loginname', 'show_modify_loginname_block', true);
|
|
| 193 |
$template->parse('show_add_loginname', '', true);
|
|
| 194 |
$template->parse('main', 'main_block', false);
|
|
| 195 |
$template->pparse('output', 'page');
|
|
| 196 |
break; |
|
| 197 |
case 'delete' : |
|
| 198 |
// Print header |
|
| 199 |
$admin = new admin('Access', 'users_delete');
|
|
| 200 |
|
|
| 201 |
$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
|
|
| 202 |
// Check if user id is a valid number and doesnt equal 1 |
|
| 203 |
|
|
| 204 |
if($user_id == 0){
|
|
| 205 |
$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
| 206 |
} |
|
| 207 |
if( ($user_id < 2 ) ) |
|
| 208 |
{
|
|
| 209 |
// if($admin_header) { $admin->print_header(); }
|
|
| 210 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
| 211 |
} |
|
| 212 |
$sql = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` '; |
|
| 213 |
$sql .= 'WHERE `user_id` = '.$user_id.''; |
|
| 214 |
if( ($iDeleteUser = $database->get_one($sql)) == 1 ) {
|
|
| 215 |
// Delete the user |
|
| 216 |
$database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' ");
|
|
| 217 |
} else {
|
|
| 218 |
$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
|
|
| 219 |
} |
|
| 220 |
|
|
| 221 |
if($database->is_error()) {
|
|
| 222 |
$admin->print_error($database->get_error()); |
|
| 223 |
} else {
|
|
| 224 |
$admin->print_success($MESSAGE['USERS_DELETED']); |
|
| 225 |
} |
|
| 226 |
break; |
|
| 227 |
case 'delete_outdated' : |
|
| 228 |
$admin = new admin('Access', 'users_delete');
|
|
| 229 |
$user_id = intval($admin->checkIDKEY('user_id_activation_id', 0, $_SERVER['REQUEST_METHOD']));
|
|
| 230 |
// Check if user id is a valid number and doesnt equal 1 |
|
| 231 |
if($user_id == 0){
|
|
| 232 |
$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
| 233 |
} |
|
| 234 |
if( ($user_id < 2 ) ) |
|
| 235 |
{
|
|
| 236 |
// if($admin_header) { $admin->print_header(); }
|
|
| 237 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
| 238 |
} |
|
| 239 |
$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
|
|
| 240 |
if($database->is_error()) {
|
|
| 241 |
$admin->print_error($database->get_error()); |
|
| 242 |
} else {
|
|
| 243 |
$admin->print_success($MESSAGE['USERS_DELETED']); |
|
| 244 |
} |
|
| 245 |
break; |
|
| 246 |
default: |
|
| 247 |
break; |
|
| 248 |
endswitch; |
|
| 249 |
|
|
| 250 |
|
|
| 251 |
|
|
| 252 |
// Print admin footer |
|
| 253 |
$admin->print_footer(); |
|
| 254 |
|
|
| 255 | 0 | |
| branches/2.8.x/wb/admin/users/user_list.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* |
|
| 5 |
* @category admin |
|
| 6 |
* @package pages |
|
| 7 |
* @author Ryan Djurovich (2004-2009), WebsiteBaker Project |
|
| 8 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL$ |
|
| 15 |
* @lastmodified $Date$ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 18 |
|
|
| 19 |
/* -------------------------------------------------------- */ |
|
| 20 |
// Must include code to stop this file being accessed directly |
|
| 21 |
if(!defined('WB_URL')) {
|
|
| 22 |
require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php'); |
|
| 23 |
throw new IllegalFileException(); |
|
| 24 |
} |
|
| 25 |
/* -------------------------------------------------------- */ |
|
| 26 |
|
|
| 27 |
function show_userlist($admin, &$aActionRequest) |
|
| 28 |
{
|
|
| 29 |
global $TEXT, $MESSAGE, $HEADING, $MENU; |
|
| 30 |
$database = WbDatabase::getInstance(); |
|
| 31 |
$iUserStatus = 1; |
|
| 32 |
$iUserStatus = ( ( $admin->get_get('status')==1 ) ? 0 : $iUserStatus );
|
|
| 33 |
unset($_GET); |
|
| 34 |
|
|
| 35 |
// Setup template object, parse vars to it, then parse it |
|
| 36 |
// Create new template object |
|
| 37 |
$oTpl = new Template(dirname($admin->correct_theme_source('users.htt')),'keep');
|
|
| 38 |
// $oTpl->debug = true; |
|
| 39 |
|
|
| 40 |
$oTpl->set_file('page', 'users.htt');
|
|
| 41 |
$oTpl->set_block('page', 'main_block', 'main');
|
|
| 42 |
$oTpl->set_block("main_block", "manage_groups_block", "groups");
|
|
| 43 |
|
|
| 44 |
$oTpl->set_var('ADMIN_URL', ADMIN_URL);
|
|
| 45 |
$oTpl->set_var('FTAN', $admin->getFTAN());
|
|
| 46 |
$oTpl->set_var('USER_STATUS', $iUserStatus );
|
|
| 47 |
$oTpl->set_var('groups', '');
|
|
| 48 |
$oTpl->set_var('DISPLAY_ADD', '');
|
|
| 49 |
$oTpl->set_var('DISPLAY_MODIFY', '');
|
|
| 50 |
$oTpl->set_var('DISABLED_CHECKED', '');
|
|
| 51 |
$oTpl->set_var('HEADING_MODIFY_USER', '');
|
|
| 52 |
$oTpl->set_var('DISPLAY_HOME_FOLDERS', '');
|
|
| 53 |
|
|
| 54 |
$UserStatusActive = 'url('.THEME_URL.'/images/user.png)';
|
|
| 55 |
$UserStatusInactive = 'url('.THEME_URL.'/images/user_red.png)';
|
|
| 56 |
|
|
| 57 |
$sUserTitle = ($iUserStatus == 0) ? $MENU['USERS'].' '.strtolower($TEXT['ACTIVE']) : $MENU['USERS'].' '.strtolower($TEXT['DELETED']) ; |
|
| 58 |
|
|
| 59 |
$oTpl->set_var('TEXT_USERS', $sUserTitle.' '.$TEXT['SHOW'] );
|
|
| 60 |
$oTpl->set_var('STATUS_ICON', ( ($iUserStatus==0) ? $UserStatusActive : $UserStatusInactive) );
|
|
| 61 |
|
|
| 62 |
// Get existing value from database |
|
| 63 |
$sql = 'SELECT `user_id`, `username`, `display_name`, `active` FROM `'.TABLE_PREFIX.'users` ' ; |
|
| 64 |
$sql .= 'WHERE user_id != 1 '; |
|
| 65 |
$sql .= 'AND active = '.$iUserStatus.' '; |
|
| 66 |
$sql .= 'ORDER BY `display_name`,`username`'; |
|
| 67 |
|
|
| 68 |
// $query = "SELECT user_id, username, display_name, active FROM ".TABLE_PREFIX."users WHERE user_id != '1' ORDER BY display_name,username"; |
|
| 69 |
$oRes = $database->query($sql); |
|
| 70 |
if($database->is_error()) {
|
|
| 71 |
$admin->print_error($database->get_error(), 'index.php'); |
|
| 72 |
} |
|
| 73 |
|
|
| 74 |
$sUserList = $TEXT['LIST_OPTIONS'].' '; |
|
| 75 |
$sUserList .= ($iUserStatus == 1) ? $MENU['USERS'].' '.strtolower($TEXT['ACTIVE']) : $MENU['USERS'].' '.strtolower($TEXT['DELETED']) ; |
|
| 76 |
// Insert values into the modify/remove menu |
|
| 77 |
$oTpl->set_block('main_block', 'list_block', 'list');
|
|
| 78 |
if($oRes->numRows() > 0) {
|
|
| 79 |
// Insert first value to say please select |
|
| 80 |
$oTpl->set_var('VALUE', '');
|
|
| 81 |
$oTpl->set_var('NAME', $sUserList);
|
|
| 82 |
$oTpl->set_var('STATUS', 'class="user-active"' );
|
|
| 83 |
$oTpl->parse('list', 'list_block', true);
|
|
| 84 |
// Loop through users |
|
| 85 |
while($user = $oRes->fetchRow(MYSQL_ASSOC)) {
|
|
| 86 |
$oTpl->set_var('VALUE',$admin->getIDKEY($user['user_id']));
|
|
| 87 |
$oTpl->set_var('STATUS', ($user['active']==false ? 'class="user-inactive"' : 'class="user-active"') );
|
|
| 88 |
$oTpl->set_var('NAME', $user['display_name'].' ('.$user['username'].')');
|
|
| 89 |
$oTpl->parse('list', 'list_block', true);
|
|
| 90 |
} |
|
| 91 |
} else {
|
|
| 92 |
// Insert single value to say no users were found |
|
| 93 |
$oTpl->set_var('NAME', $TEXT['NONE_FOUND']);
|
|
| 94 |
$oTpl->parse('list', 'list_block', true);
|
|
| 95 |
} |
|
| 96 |
|
|
| 97 |
// Insert permissions values |
|
| 98 |
if($admin->get_permission('users_add') != true) {
|
|
| 99 |
$oTpl->set_var('DISPLAY_ADD', 'hide');
|
|
| 100 |
} |
|
| 101 |
if($admin->get_permission('users_modify') != true) {
|
|
| 102 |
$oTpl->set_var('DISPLAY_MODIFY', 'hide');
|
|
| 103 |
} |
|
| 104 |
if($admin->get_permission('users_delete') != true) {
|
|
| 105 |
$oTpl->set_var('DISPLAY_DELETE', 'hide');
|
|
| 106 |
} |
|
| 107 |
$HeaderTitle = $HEADING['MODIFY_DELETE_USER'].' '; |
|
| 108 |
$HeaderTitle .= (($iUserStatus == 1) ? strtolower($TEXT['ACTIVE']) : strtolower($TEXT['DELETED'])); |
|
| 109 |
// Insert language headings |
|
| 110 |
$oTpl->set_var(array( |
|
| 111 |
'HEADING_MODIFY_DELETE_USER' => $HeaderTitle, |
|
| 112 |
'HEADING_ADD_USER' => $HEADING['ADD_USER'] |
|
| 113 |
) |
|
| 114 |
); |
|
| 115 |
// insert urls |
|
| 116 |
$oTpl->set_var(array( |
|
| 117 |
'ADMIN_URL' => ADMIN_URL, |
|
| 118 |
'WB_URL' => WB_URL, |
|
| 119 |
'THEME_URL' => THEME_URL |
|
| 120 |
) |
|
| 121 |
); |
|
| 122 |
// Insert language text and messages |
|
| 123 |
$oTpl->set_var(array( |
|
| 124 |
'DISPLAY_WAITING_ACTIVATION' => '', |
|
| 125 |
'TEXT_MODIFY' => $TEXT['MODIFY'], |
|
| 126 |
'TEXT_DELETE' => $TEXT['DELETE'], |
|
| 127 |
'TEXT_MANAGE_GROUPS' => ( $admin->get_permission('groups') == true ) ? $TEXT['MANAGE_GROUPS'] : "**",
|
|
| 128 |
'CONFIRM_DELETE' => (($iUserStatus == 1) ? $TEXT['ARE_YOU_SURE'] : $MESSAGE['USERS_CONFIRM_DELETE']) |
|
| 129 |
) |
|
| 130 |
); |
|
| 131 |
|
|
| 132 |
$oTpl->set_block('main_block', 'show_confirmed_activation_block', 'show_confirmed_activation');
|
|
| 133 |
if($admin->ami_group_member('1')) {
|
|
| 134 |
$oTpl->set_block('show_confirmed_activation_block', 'list_confirmed_activation_block', 'list_confirmed_activation');
|
|
| 135 |
$oTpl->set_var('DISPLAY_WAITING_ACTIVATION', 'Users awaiting for activation');
|
|
| 136 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` '; |
|
| 137 |
$sql .= 'WHERE `confirm_timeout` != 0 '; |
|
| 138 |
$sql .= 'AND `active` = 0 '; |
|
| 139 |
$sql .= 'AND `user_id` != 1 '; |
|
| 140 |
if( ($oRes = $database->query($sql)) ) {
|
|
| 141 |
$oTpl->set_var('DISPLAY_DELETE', '');
|
|
| 142 |
// $oTpl->set_var('NAME', 'User waiting for activation');
|
|
| 143 |
// $oTpl->set_var('STATUS', '' );
|
|
| 144 |
// Loop through users |
|
| 145 |
if($nNumRows = $oRes->numRows()) {
|
|
| 146 |
while($aUser = $oRes->fetchRow(MYSQL_ASSOC)) {
|
|
| 147 |
$oTpl->set_var('VALUE',$admin->getIDKEY($aUser['user_id']));
|
|
| 148 |
$oTpl->set_var('STATUS', '') ;
|
|
| 149 |
$oTpl->set_var('NAME', $aUser['display_name'].' ('.$aUser['username'].')'.' ['.$aUser['email'].']');
|
|
| 150 |
$oTpl->parse('list_confirmed_activation', 'list_confirmed_activation_block', true);
|
|
| 151 |
} |
|
| 152 |
$oTpl->parse('show_confirmed_activation', 'show_confirmed_activation_block',true);
|
|
| 153 |
} |
|
| 154 |
} else { $nNumRows = 0; }
|
|
| 155 |
|
|
| 156 |
} else {
|
|
| 157 |
$nNumRows = 0; |
|
| 158 |
} |
|
| 159 |
|
|
| 160 |
if ( $nNumRows == 0){
|
|
| 161 |
$oTpl->parse('show_confirmed_activation', '');
|
|
| 162 |
} |
|
| 163 |
|
|
| 164 |
if ( $admin->get_permission('groups') == true ) $oTpl->parse("groups", "manage_groups_block", true);
|
|
| 165 |
// Parse template object |
|
| 166 |
$oTpl->parse('main', 'main_block', false);
|
|
| 167 |
|
|
| 168 |
$output = $oTpl->finish($oTpl->parse('output', 'page'));
|
|
| 169 |
// Setup template object, parse vars to it, then parse it |
|
| 170 |
// Create new template object |
|
| 171 |
$oTpl = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep');
|
|
| 172 |
// $oTpl->debug = true; |
|
| 173 |
$oTpl->set_file('page', 'users_form.htt');
|
|
| 174 |
$oTpl->set_block('page', 'main_block', 'main');
|
|
| 175 |
$oTpl->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
|
|
| 176 |
$oTpl->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
|
|
| 177 |
|
|
| 178 |
$oTpl->set_block('main_block', 'show_change_group_list_block', 'show_change_group_list');
|
|
| 179 |
|
|
| 180 |
$oTpl->parse('show_change_group_list', '');
|
|
| 181 |
// $oTpl->parse('show_change_group_list', 'show_change_group_list_block', true);
|
|
| 182 |
|
|
| 183 |
$oTpl->set_var( array( |
|
| 184 |
'ACTION_URL' => ADMIN_URL.'/users/index.php', |
|
| 185 |
'FTAN' => $admin->getFTAN(), |
|
| 186 |
'DISPLAY_EXTRA' => 'display:none;', |
|
| 187 |
'ACTIVE_CHECKED' => ' checked="checked"', |
|
| 188 |
'DISABLED_CHECKED' => '', |
|
| 189 |
'NO_RIGHTS' => 'hide', |
|
| 190 |
'CHANGING_GROUPS' => '', |
|
| 191 |
'DISPLAY_ADD' => '', |
|
| 192 |
'DISPLAY_MODIFY' => '', |
|
| 193 |
'HEADING_MODIFY_USER' => '', |
|
| 194 |
'DISPLAY_HOME_FOLDERS' => '', |
|
| 195 |
'SUBMIT_TITLE' => $TEXT['ADD'], |
|
| 196 |
) |
|
| 197 |
); |
|
| 198 |
|
|
| 199 |
|
|
| 200 |
// insert urls |
|
| 201 |
$oTpl->set_var(array( |
|
| 202 |
'USER_ID' => '', |
|
| 203 |
'USERNAME' => '', |
|
| 204 |
'DISPLAY_NAME' => '', |
|
| 205 |
'EMAIL' => '', |
|
| 206 |
'ADMIN_URL' => ADMIN_URL, |
|
| 207 |
'WB_URL' => WB_URL, |
|
| 208 |
'SUB_ACTION' => 'add', |
|
| 209 |
'CANCEL_URL' => $aActionRequest['cancel_url'], |
|
| 210 |
'THEME_URL' => THEME_URL |
|
| 211 |
) |
|
| 212 |
); |
|
| 213 |
|
|
| 214 |
// Add groups to list |
|
| 215 |
$oTpl->set_block('main_block', 'group_list_block', 'group_list');
|
|
| 216 |
$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1'");
|
|
| 217 |
if($results->numRows() > 0) {
|
|
| 218 |
$oTpl->set_var('ID', '');
|
|
| 219 |
$oTpl->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
|
|
| 220 |
$oTpl->set_var('SELECTED', ' selected="selected"');
|
|
| 221 |
$oTpl->parse('group_list', 'group_list_block', true);
|
|
| 222 |
while($group = $results->fetchRow()) {
|
|
| 223 |
$oTpl->set_var('ID', $group['group_id']);
|
|
| 224 |
$oTpl->set_var('NAME', $group['name']);
|
|
| 225 |
$oTpl->set_var('SELECTED', '');
|
|
| 226 |
$oTpl->parse('group_list', 'group_list_block', true);
|
|
| 227 |
} |
|
| 228 |
} |
|
| 229 |
// Only allow the user to add a user to the Administrators group if they belong to it |
|
| 230 |
if(in_array(1, $admin->get_groups_id())) {
|
|
| 231 |
$users_groups = $admin->get_groups_name(); |
|
| 232 |
$oTpl->set_var('ID', '1');
|
|
| 233 |
$oTpl->set_var('NAME', $users_groups[1]);
|
|
| 234 |
$oTpl->set_var('SELECTED', '');
|
|
| 235 |
$oTpl->parse('group_list', 'group_list_block', true);
|
|
| 236 |
} else {
|
|
| 237 |
if($results->numRows() == 0) {
|
|
| 238 |
$oTpl->set_var('ID', '');
|
|
| 239 |
$oTpl->set_var('NAME', $TEXT['NONE_FOUND']);
|
|
| 240 |
$oTpl->parse('group_list', 'group_list_block', true);
|
|
| 241 |
} |
|
| 242 |
} |
|
| 243 |
|
|
| 244 |
// Insert permissions values |
|
| 245 |
if($admin->get_permission('users_add') != true) {
|
|
| 246 |
$oTpl->set_var('DISPLAY_ADD', 'hide');
|
|
| 247 |
} |
|
| 248 |
|
|
| 249 |
// Generate username field name |
|
| 250 |
$username_fieldname = 'username_'; |
|
| 251 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
| 252 |
srand((double)microtime()*1000000); |
|
| 253 |
$i = 0; |
|
| 254 |
while ($i <= 7) {
|
|
| 255 |
$num = rand() % 33; |
|
| 256 |
$tmp = substr($salt, $num, 1); |
|
| 257 |
$username_fieldname = $username_fieldname . $tmp; |
|
| 258 |
$i++; |
|
| 259 |
} |
|
| 260 |
|
|
| 261 |
// Work-out if home folder should be shown |
|
| 262 |
if(!HOME_FOLDERS) {
|
|
| 263 |
$oTpl->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
|
|
| 264 |
} |
|
| 265 |
|
|
| 266 |
// Include the WB functions file |
|
| 267 |
require_once(WB_PATH.'/framework/functions.php'); |
|
| 268 |
|
|
| 269 |
// Add media folders to home folder list |
|
| 270 |
$oTpl->set_block('main_block', 'folder_list_block', 'folder_list');
|
|
| 271 |
foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) {
|
|
| 272 |
$oTpl->set_var('NAME', str_replace(WB_PATH, '', $name));
|
|
| 273 |
$oTpl->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
|
|
| 274 |
$oTpl->set_var('SELECTED', ' ');
|
|
| 275 |
$oTpl->parse('folder_list', 'folder_list_block', true);
|
|
| 276 |
} |
|
| 277 |
|
|
| 278 |
// Insert language text and messages |
|
| 279 |
$oTpl->set_var(array( |
|
| 280 |
'TEXT_CANCEL' => $TEXT['CANCEL'], |
|
| 281 |
'TEXT_RESET' => $TEXT['RESET'], |
|
| 282 |
'TEXT_ACTIVE' => $TEXT['ACTIVE'], |
|
| 283 |
'TEXT_DISABLED' => $TEXT['DISABLED'], |
|
| 284 |
'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], |
|
| 285 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
| 286 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
| 287 |
'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], |
|
| 288 |
'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], |
|
| 289 |
'TEXT_EMAIL' => $TEXT['EMAIL'], |
|
| 290 |
'TEXT_GROUP' => $TEXT['GROUP'], |
|
| 291 |
'TEXT_NONE' => $TEXT['NONE'], |
|
| 292 |
'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], |
|
| 293 |
'USERNAME_FIELDNAME' => $username_fieldname, |
|
| 294 |
'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'] |
|
| 295 |
) |
|
| 296 |
); |
|
| 297 |
|
|
| 298 |
// Parse template for add user form |
|
| 299 |
$oTpl->parse('show_modify_loginname', '', true);
|
|
| 300 |
$oTpl->parse('show_add_loginname', 'show_add_loginname_block', true);
|
|
| 301 |
$oTpl->parse('main', 'main_block', false);
|
|
| 302 |
$output .= $oTpl->finish($oTpl->parse('output', 'page'));
|
|
| 303 |
|
|
| 304 |
return $output; |
|
| 305 |
|
|
| 306 |
} |
|
| 0 | 307 | |
| branches/2.8.x/wb/admin/users/save.php | ||
|---|---|---|
| 15 | 15 |
* |
| 16 | 16 |
*/ |
| 17 | 17 |
|
| 18 |
$config_file = realpath('../../config.php');
|
|
| 19 |
if(file_exists($config_file) && !defined('WB_URL'))
|
|
| 20 |
{
|
|
| 21 |
require_once($config_file); |
|
| 18 |
/* -------------------------------------------------------- */ |
|
| 19 |
// Must include code to stop this file being accessed directly |
|
| 20 |
if(!defined('WB_URL')) {
|
|
| 21 |
require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php'); |
|
| 22 |
throw new IllegalFileException(); |
|
| 22 | 23 |
} |
| 24 |
/* -------------------------------------------------------- */ |
|
| 23 | 25 |
|
| 24 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
|
|
| 26 |
function save_user($admin, &$aActionRequest) |
|
| 27 |
{
|
|
| 28 |
global $TEXT, $MESSAGE; |
|
| 29 |
// Create a javascript back link |
|
| 30 |
// $js_back = ADMIN_URL.'/users/index.php'; |
|
| 31 |
unset($aActionRequest['save']); |
|
| 32 |
$aActionRequest['modify']= 'change'; |
|
| 33 |
$database = WbDatabase::getInstance(); |
|
| 34 |
$bRetVal = 0; |
|
| 35 |
$iMinPassLength = 6; |
|
| 25 | 36 |
|
| 26 |
// suppress to print the header, so no new FTAN will be set |
|
| 27 |
$admin = new admin('Access', 'users_modify', false);
|
|
| 37 |
if( !$admin->checkFTAN() ) |
|
| 38 |
{
|
|
| 39 |
msgQueue::add($MESSAGE['GENERIC_SECURITY_ACCESS']); |
|
| 40 |
return $bRetVal; |
|
| 41 |
} |
|
| 28 | 42 |
|
| 29 |
// Create a javascript back link |
|
| 30 |
$js_back = ADMIN_URL.'/users/index.php'; |
|
| 43 |
// Check if user id is a valid number and doesnt equal 1 |
|
| 44 |
if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) {
|
|
| 45 |
msgQueue::add('::'.$MESSAGE['GENERIC_NOT_UPGRADED']);
|
|
| 46 |
return $bRetVal; |
|
| 47 |
} else {
|
|
| 48 |
$user_id = intval($aActionRequest['user_id']); |
|
| 49 |
} |
|
| 31 | 50 |
|
| 32 |
if( !$admin->checkFTAN() ) |
|
| 33 |
{
|
|
| 34 |
$admin->print_header(); |
|
| 35 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back); |
|
| 36 |
} |
|
| 37 |
// After check print the header |
|
| 38 |
$admin->print_header(); |
|
| 51 |
if( ($user_id < 2 ) ) |
|
| 52 |
{
|
|
| 53 |
// if($admin_header) { $admin->print_header(); }
|
|
| 54 |
msgQueue::add($MESSAGE['GENERIC_SECURITY_OFFENSE']); |
|
| 55 |
return $bRetVal; |
|
| 56 |
} |
|
| 57 |
// Get existing values |
|
| 58 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ; |
|
| 59 |
$sql .= 'WHERE user_id = '.$user_id.' '; |
|
| 60 |
$sql .= 'AND user_id != 1 '; |
|
| 39 | 61 |
|
| 40 |
// Check if user id is a valid number and doesnt equal 1 |
|
| 41 |
if(!isset($_POST['user_id']) OR !is_numeric($_POST['user_id']) OR $_POST['user_id'] == 1) {
|
|
| 42 |
header("Location: index.php");
|
|
| 43 |
exit(0); |
|
| 44 |
} else {
|
|
| 45 |
$user_id = intval($_POST['user_id']); |
|
| 46 |
} |
|
| 62 |
if($oRes = $database->query($sql)){
|
|
| 63 |
$olduser = $oRes->fetchRow(MYSQL_ASSOC); |
|
| 64 |
} |
|
| 47 | 65 |
|
| 48 |
// Gather details entered |
|
| 49 |
$groups_id = (isset($_POST['groups'])) ? implode(",", $admin->add_slashes($_POST['groups'])) : '';
|
|
| 50 |
$active = $admin->add_slashes($_POST['active'][0]); |
|
| 51 |
$username_fieldname = $admin->get_post_escaped('username_fieldname');
|
|
| 52 |
$username = strtolower($admin->get_post_escaped($username_fieldname)); |
|
| 53 |
$password = $admin->get_post('password');
|
|
| 54 |
$password2 = $admin->get_post('password2');
|
|
| 55 |
$display_name = $admin->get_post_escaped('display_name');
|
|
| 56 |
$email = $admin->get_post_escaped('email');
|
|
| 57 |
$home_folder = $admin->get_post_escaped('home_folder');
|
|
| 66 |
// Gather details entered |
|
| 67 |
if($admin->is_group_match($admin->get_groups_id(), '1' )){
|
|
| 68 |
$groups_id = (isset($aActionRequest['groups'])) ? implode(",", $admin->add_slashes($aActionRequest['groups'])) : '';
|
|
| 69 |
} else {
|
|
| 70 |
$groups_id = $olduser['group_id']; |
|
| 71 |
} |
|
| 72 |
// there will be an additional ',' when "Please Choose" was selected, too |
|
| 73 |
$groups_id = trim($groups_id, ','); |
|
| 74 |
$active = intval(strip_tags($admin->StripCodeFromText($aActionRequest['active'][0]))); |
|
| 75 |
$username_fieldname = strip_tags($admin->StripCodeFromText($aActionRequest['username_fieldname'])); |
|
| 76 |
$username = strtolower(strip_tags($admin->StripCodeFromText($aActionRequest[$username_fieldname]))); |
|
| 77 |
$password = strip_tags($admin->StripCodeFromText($aActionRequest['password'])); |
|
| 78 |
$password2 = strip_tags($admin->StripCodeFromText($aActionRequest['password2'])); |
|
| 79 |
$display_name = strip_tags($admin->StripCodeFromText($aActionRequest['display_name'])); |
|
| 80 |
$email = strip_tags($admin->StripCodeFromText($aActionRequest['email'])); |
|
| 81 |
$home_folder = strip_tags($admin->StripCodeFromText($aActionRequest['home_folder'])); |
|
| 58 | 82 |
|
| 59 |
// Check values |
|
| 60 |
if($groups_id == "") {
|
|
| 61 |
$admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back); |
|
| 62 |
} |
|
| 63 |
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
|
|
| 64 |
{
|
|
| 83 |
// Check values |
|
| 84 |
if($groups_id == "") {
|
|
| 85 |
msgQueue::add($MESSAGE['USERS_NO_GROUP']); |
|
| 86 |
} else {
|
|
| 87 |
$aGroups_id = explode(',', $groups_id);
|
|
| 88 |
//if user is in administrator-group, get this group else just get the first one |
|
| 89 |
if($admin->is_group_match($groups_id,'1')) { $group_id = 1; } else { $group_id = intval($aGroups_id[0]); }
|
|
| 90 |
} |
|
| 65 | 91 |
|
| 66 |
// print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong> basename: '.basename(__FILE__).' line: '.__LINE__.' -> <br />'; |
|
| 67 |
// print_r( $_POST ); print '</pre>'; |
|
| 68 |
$admin->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '. |
|
| 69 |
$MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); |
|
| 70 |
} |
|
| 71 |
if($password != "") {
|
|
| 72 |
if(strlen($password) < 6 ) {
|
|
| 73 |
$admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back); |
|
| 74 |
} |
|
| 75 |
if($password != $password2) {
|
|
| 76 |
$admin->print_error($MESSAGE['USERS_PASSWORD_MISMATCH'], $js_back); |
|
| 77 |
} |
|
| 78 |
} |
|
| 92 |
//$admin->is_group_match($admin->get_groups_id(), '1' ) |
|
| 93 |
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
|
|
| 94 |
{
|
|
| 95 |
msgQueue::add( $MESSAGE['USERS_NAME_INVALID_CHARS']); |
|
| 96 |
} |
|
| 79 | 97 |
|
| 80 |
if($email != "") |
|
| 81 |
{
|
|
| 82 |
if($admin->validate_email($email) == false) |
|
| 83 |
{
|
|
| 84 |
$admin->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back); |
|
| 85 |
} |
|
| 86 |
} else { // e-mail must be present
|
|
| 87 |
$admin->print_error($MESSAGE['SIGNUP_NO_EMAIL'], $js_back); |
|
| 88 |
} |
|
| 98 |
if($password != "") {
|
|
| 99 |
if(strlen($password) < $iMinPassLength ) {
|
|
| 100 |
msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']); |
|
| 101 |
} |
|
| 89 | 102 |
|
| 90 |
// Check if the email already exists |
|
| 91 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."' AND user_id <> '".$user_id."' ");
|
|
| 92 |
if($results->numRows() > 0) |
|
| 93 |
{
|
|
| 94 |
if(isset($MESSAGE['USERS_EMAIL_TAKEN'])) |
|
| 95 |
{
|
|
| 96 |
$admin->print_error($MESSAGE['USERS_EMAIL_TAKEN'], $js_back); |
|
| 97 |
} else {
|
|
| 98 |
$admin->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back); |
|
| 99 |
} |
|
| 100 |
} |
|
| 103 |
$pattern = '/[^'.$admin->password_chars.']/'; |
|
| 104 |
if (preg_match($pattern, $password)) {
|
|
| 105 |
msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']); |
|
| 106 |
} |
|
| 101 | 107 |
|
| 102 |
// Prevent from renaming user to "admin" |
|
| 103 |
if($username != 'admin') {
|
|
| 104 |
$username_code = ", username = '$username'"; |
|
| 105 |
} else {
|
|
| 106 |
$username_code = ''; |
|
| 107 |
} |
|
| 108 |
if(($password != $password2) ) {
|
|
| 109 |
msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']); |
|
| 110 |
} |
|
| 111 |
} |
|
| 112 |
// check that display_name is unique in whoole system (prevents from User-faking) |
|
| 113 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; |
|
| 114 |
$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"'; |
|
| 115 |
if( $database->get_one($sql) > 0 ){
|
|
| 116 |
msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')');
|
|
| 117 |
msgQueue::add($MESSAGE['MEDIA_CANNOT_RENAME']); |
|
| 118 |
} |
|
| 119 |
// |
|
| 120 |
if( ($admin->get_user_id() != '1' ) ) |
|
| 121 |
{
|
|
| 122 |
if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) {
|
|
| 123 |
msgQueue::add( $TEXT['ERROR'].' '.$TEXT['DISPLAY_NAME'].' ('.$display_name.')' );
|
|
| 124 |
} |
|
| 125 |
} |
|
| 108 | 126 |
|
| 109 |
// Update the database |
|
| 110 |
if($password == "") {
|
|
| 111 |
$query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email' WHERE user_id = '$user_id'"; |
|
| 112 |
} else {
|
|
| 113 |
// MD5 supplied password |
|
| 114 |
$md5_password = md5($password); |
|
| 115 |
$query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email', password = '$md5_password' WHERE user_id = '$user_id'"; |
|
| 116 |
} |
|
| 117 |
$database->query($query); |
|
| 118 |
if($database->is_error()) {
|
|
| 119 |
$admin->print_error($database->get_error(),$js_back); |
|
| 120 |
} else {
|
|
| 121 |
$admin->print_success($MESSAGE['USERS_SAVED']); |
|
| 122 |
} |
|
| 127 |
$display_name = ( $display_name == '' ? $olduser['display_name'] : $display_name ); |
|
| 123 | 128 |
|
| 124 |
// Print admin footer |
|
| 125 |
$admin->print_footer(); |
|
| 129 |
if($email != "") |
|
| 130 |
{
|
|
| 131 |
if($admin->validate_email($email) == false) |
|
| 132 |
{
|
|
| 133 |
msgQueue::add($MESSAGE['USERS_INVALID_EMAIL'].' ('.$email.')');
|
|
| 134 |
} |
|
| 135 |
} else { // e-mail must be present
|
|
| 136 |
msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']); |
|
| 137 |
} |
|
| 138 |
|
|
| 139 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '. |
|
| 140 |
'WHERE `email` LIKE \''.$email.'\' '. |
|
| 141 |
'AND `user_id` <> '.(int)$user_id; |
|
| 142 |
// Check if the email already exists |
|
| 143 |
if( ($iFoundUser = $database->get_one($sql)) != null ) {
|
|
| 144 |
if($iFoundUser) {
|
|
| 145 |
if(isset($MESSAGE['USERS_EMAIL_TAKEN'])) |
|
| 146 |
{
|
|
| 147 |
msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN'].' ('.$email.')');
|
|
| 148 |
} else {
|
|
| 149 |
msgQueue::add($MESSAGE['USERS_INVALID_EMAIL'].' ('.$email.')');
|
|
| 150 |
} |
|
| 151 |
} |
|
| 152 |
} |
|
| 153 |
|
|
| 154 |
$bRetVal = $user_id; |
|
| 155 |
|
|
| 156 |
// no error then save |
|
| 157 |
if( !msgQueue::getError() ) |
|
| 158 |
{
|
|
| 159 |
if($admin->is_group_match($groups_id,'1')) { $group_id = 1; $groups_id = '1'; }
|
|
| 160 |
// Prevent from renaming user to "admin" |
|
| 161 |
if($username != 'admin') {
|
|
| 162 |
$username_code = ", username = '$username'"; |
|
| 163 |
} else {
|
|
| 164 |
$username_code = ''; |
|
| 165 |
} |
|
| 166 |
|
|
| 167 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` SET '; |
|
| 168 |
// Update the database |
|
| 169 |
if($password == "") {
|
|
| 170 |
$sql .= '`group_id` = '.intval($group_id).', '. |
|
| 171 |
'`groups_id` = \''.mysql_real_escape_string($groups_id).'\', '. |
|
| 172 |
'`username` = \''.mysql_real_escape_string($username).'\', '. |
|
| 173 |
'`active` = '.intval($active).', '. |
|
| 174 |
'`display_name` = \''.mysql_real_escape_string($display_name).'\', '. |
|
| 175 |
'`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '. |
|
| 176 |
'`email` = \''.mysql_real_escape_string($email).'\' '. |
|
| 177 |
'WHERE `user_id` = '.intval($user_id).''; |
|
| 178 |
|
|
| 179 |
} else {
|
|
| 180 |
|
|
| 181 |
$sql .= '`group_id` = '.intval($group_id).', '. |
|
| 182 |
'`groups_id` = \''.mysql_real_escape_string($groups_id).'\', '. |
|
| 183 |
'`username` = \''.mysql_real_escape_string($username).'\', '. |
|
| 184 |
'`password` = \''.md5($password).'\', '. |
|
| 185 |
'`active` = '.intval($active).', '. |
|
| 186 |
'`display_name` = \''.mysql_real_escape_string($display_name).'\', '. |
|
| 187 |
'`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '. |
|
| 188 |
'`email` = \''.mysql_real_escape_string($email).'\' '. |
|
| 189 |
'WHERE `user_id` = '.intval($user_id).''; |
|
| 190 |
|
|
| 191 |
} |
|
| 192 |
if($database->query($sql)) {
|
|
| 193 |
msgQueue::add($MESSAGE['USERS_SAVED'], true); |
|
| 194 |
$bRetVal = $user_id; |
|
| 195 |
} |
|
| 196 |
if($database->is_error()) {
|
|
| 197 |
msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
|
|
| 198 |
} |
|
| 199 |
} else {
|
|
| 200 |
msgQueue::add($MESSAGE['GENERIC_NOT_UPGRADED']); |
|
| 201 |
} |
|
| 202 |
|
|
| 203 |
// return $admin->getIDKEY($user_id); |
|
| 204 |
//if($admin_header) { $admin->print_header(); }
|
|
| 205 |
return $bRetVal; |
|
| 206 |
} |
|
| branches/2.8.x/wb/admin/users/user_form.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* |
|
| 5 |
* @category admin |
|
| 6 |
* @package pages |
|
| 7 |
* @author Ryan Djurovich (2004-2009), WebsiteBaker Project |
|
| 8 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL$ |
|
| 15 |
* @lastmodified $Date$ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 18 |
|
|
| 19 |
/* -------------------------------------------------------- */ |
|
| 20 |
// Must include code to stop this file being accessed directly |
|
| 21 |
if(!defined('WB_URL')) {
|
|
| 22 |
require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php'); |
|
| 23 |
throw new IllegalFileException(); |
|
| 24 |
} |
|
| 25 |
/* -------------------------------------------------------- */ |
|
| 26 |
|
|
| 27 |
function show_usermask($admin, &$aActionRequest) |
|
| 28 |
{
|
|
| 29 |
global $TEXT, $MESSAGE, $HEADING, $MENU; |
|
| 30 |
$database = WbDatabase::getInstance(); |
|
| 31 |
|
|
| 32 |
$user_id = intval($aActionRequest['user_id']); |
|
| 33 |
$user = array( |
|
| 34 |
'user_id' => 0, |
|
| 35 |
'username'=> '', |
|
| 36 |
'display_name'=> '', |
|
| 37 |
'email'=> '', |
|
| 38 |
); |
|
| 39 |
|
|
| 40 |
// Get existing values |
|
| 41 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ; |
|
| 42 |
$sql .= 'WHERE user_id = '.$user_id.' '; |
|
| 43 |
$sql .= 'AND user_id != 1 '; |
|
| 44 |
|
|
| 45 |
if($oRes = $database->query($sql)){
|
|
| 46 |
$user = $oRes->fetchRow(MYSQL_ASSOC); |
|
| 47 |
} |
|
| 48 |
|
|
| 49 |
$sNoRightsToChangeGroups = (($admin->get_user_id()==1)) ? 'hide' : ''; |
|
| 50 |
$sNoRightsToChangeGroups = (($user['group_id']==1)) ? $sNoRightsToChangeGroups : 'hide'; |
|
| 51 |
// Setup template object, parse vars to it, then parse it |
|
| 52 |
// Create new template object |
|
| 53 |
$oTpl = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep');
|
|
| 54 |
// $oTpl->debug = true; |
|
| 55 |
$oTpl->set_file('page', 'users_form.htt');
|
|
| 56 |
$oTpl->set_block('page', 'main_block', 'main');
|
|
| 57 |
$oTpl->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
|
|
| 58 |
$oTpl->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
|
|
| 59 |
$oTpl->set_block('main_block', 'show_change_group_list_block', 'show_change_group_list');
|
|
| 60 |
|
|
| 61 |
if( ( $admin->get_user_id() != '1' ) ) |
|
| 62 |
{
|
|
| 63 |
$oTpl->set_var('CHANGING_GROUPS', 'You are not allowed to change the groups');
|
|
| 64 |
$oTpl->parse('show_change_group_list', 'show_change_group_list_block');
|
|
| 65 |
} else {
|
|
| 66 |
$oTpl->parse('show_change_group_list', '');
|
|
| 67 |
} |
|
| 68 |
|
|
| 69 |
$oTpl->set_var( array( |
|
| 70 |
'ACTION_URL' => ADMIN_URL.'/users/index.php', |
|
| 71 |
'SUB_ACTION' => 'save', |
|
| 72 |
'BACK_LINK' => (isset($aActionRequest['BackLink'])) ? $aActionRequest['BackLink'] : '', |
|
| 73 |
'CANCEL_URL' => $aActionRequest['cancel_url'], |
|
| 74 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
| 75 |
'USER_ID' => $user['user_id'], |
|
| 76 |
// 'NO_RIGHTS' => 'hide', |
|
| 77 |
// 'CHANGING_GROUPS' => '', |
|
| 78 |
'DISPLAY_EXTRA' => '', |
|
| 79 |
'DISPLAY_HOME_FOLDERS' => '', |
|
| 80 |
'USERNAME' => $user['username'], |
|
| 81 |
'DISPLAY_NAME' => $user['display_name'], |
|
| 82 |
'EMAIL' => $user['email'], |
|
| 83 |
'ADMIN_URL' => ADMIN_URL, |
|
| 84 |
'WB_URL' => WB_URL, |
|
| 85 |
'THEME_URL' => THEME_URL |
|
| 86 |
) |
|
| 87 |
); |
|
| 88 |
|
|
| 89 |
$oTpl->set_var('FTAN', $admin->getFTAN());
|
|
| 90 |
if($user['active'] == 1) {
|
|
| 91 |
$oTpl->set_var('DISABLED_CHECKED', '');
|
|
| 92 |
$oTpl->set_var('ACTIVE_CHECKED', ' checked="checked"');
|
|
| 93 |
} else {
|
|
| 94 |
$oTpl->set_var('ACTIVE_CHECKED', '');
|
|
| 95 |
$oTpl->set_var('DISABLED_CHECKED', ' checked="checked"');
|
|
| 96 |
} |
|
| 97 |
// $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
|
|
| 98 |
// Add groups to list |
|
| 99 |
$oTpl->set_block('main_block', 'group_list_block', 'group_list');
|
|
| 100 |
$sql = 'SELECT `group_id`,`name` FROM `'.TABLE_PREFIX.'groups` '; |
|
| 101 |
$sql .= 'WHERE `group_id` != 1 ORDER BY `name`'; |
|
| 102 |
if($oRes = $database->query($sql)) {
|
|
| 103 |
$oTpl->set_var('ID', '');
|
|
| 104 |
$oTpl->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
|
|
| 105 |
$oTpl->set_var('SELECTED', '');
|
|
| 106 |
$oTpl->parse('group_list', 'group_list_block', true);
|
|
| 107 |
while($group = $oRes->fetchRow(MYSQL_ASSOC)) {
|
|
| 108 |
$oTpl->set_var('ID', $group['group_id']);
|
|
| 109 |
$oTpl->set_var('NAME', $group['name']);
|
|
| 110 |
if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
|
|
| 111 |
$oTpl->set_var('SELECTED', ' selected="selected"');
|
|
| 112 |
} else {
|
|
| 113 |
$oTpl->set_var('SELECTED', '');
|
|
| 114 |
} |
|
| 115 |
$oTpl->parse('group_list', 'group_list_block', true);
|
|
| 116 |
} |
|
| 117 |
} |
|
| 118 |
|
|
| 119 |
// $in_group = false; |
|
| 120 |
// || ($admin->ami_group_member('1'))
|
|
| 121 |
// Only allow the user to add a user to the Administrators group if they belong to it |
|
| 122 |
if( ($admin->is_group_match($user['groups_id'], '1') ) || ($admin->ami_group_member('1')) )
|
|
| 123 |
{
|
|
| 124 |
if( ($in_group = ($admin->ami_group_member('1'))) == false ) {
|
|
| 125 |
$sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'groups` '; |
|
| 126 |
$sql .= 'WHERE `group_id` = 1 ORDER BY `name`'; |
|
| 127 |
if( ($sGroupName = $database->get_one($sql)) != null ) {
|
|
| 128 |
$in_group = true; |
|
| 129 |
$oTpl->set_var('ID', '1');
|
|
| 130 |
$oTpl->set_var('NAME', $sGroupName);
|
|
| 131 |
} |
|
| 132 |
} else {
|
|
| 133 |
if( $in_group = ($admin->is_group_match($admin->get_groups_id(), '1')) ) {
|
|
| 134 |
$sGroupName = $admin->get_groups_name(); |
|
| 135 |
$oTpl->set_var('ID', '1');
|
|
| 136 |
$oTpl->set_var('NAME', $sGroupName[1]);
|
|
| 137 |
$in_group = $user['group_id'] == 1; |
|
| 138 |
} |
|
| 139 |
} |
|
| 140 |
|
|
| 141 |
if($in_group) {
|
|
| 142 |
$oTpl->set_var('SELECTED', ' selected="selected"');
|
|
| 143 |
} else {
|
|
| 144 |
$oTpl->set_var('SELECTED', '');
|
|
| 145 |
} |
|
| 146 |
$oTpl->parse('group_list', 'group_list_block', true);
|
|
| 147 |
} else {
|
|
| 148 |
if($oRes->numRows() == 0) {
|
|
| 149 |
$oTpl->set_var('ID', '');
|
|
| 150 |
$oTpl->set_var('NAME', $TEXT['NONE_FOUND']);
|
|
| 151 |
$oTpl->set_var('SELECTED', ' selected="selected"');
|
|
| 152 |
$oTpl->parse('group_list', 'group_list_block', true);
|
|
| 153 |
} |
|
| 154 |
} |
|
| 155 |
|
|
| 156 |
// Generate username field name |
|
| 157 |
$username_fieldname = 'username_'; |
|
| 158 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
| 159 |
srand((double)microtime()*1000000); |
|
| 160 |
$i = 0; |
|
| 161 |
while ($i <= 7) {
|
|
| 162 |
$num = rand() % 33; |
|
| 163 |
$tmp = substr($salt, $num, 1); |
|
| 164 |
$username_fieldname = $username_fieldname . $tmp; |
|
| 165 |
$i++; |
|
| 166 |
} |
|
| 167 |
|
|
| 168 |
// Work-out if home folder should be shown |
|
| 169 |
if(!HOME_FOLDERS) {
|
|
| 170 |
$oTpl->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
|
|
| 171 |
} |
|
| 172 |
|
|
| 173 |
// Include the WB functions file |
|
| 174 |
require_once(WB_PATH.'/framework/functions.php'); |
|
| 175 |
|
|
| 176 |
// Add media folders to home folder list |
|
| 177 |
$oTpl->set_block('main_block', 'folder_list_block', 'folder_list');
|
|
| 178 |
foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) |
|
| 179 |
{
|
|
| 180 |
$oTpl->set_var('NAME', str_replace(WB_PATH, '', $name));
|
|
| 181 |
$oTpl->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
|
|
| 182 |
if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
|
|
| 183 |
$oTpl->set_var('SELECTED', ' selected="selected"');
|
|
| 184 |
} else {
|
|
| 185 |
$oTpl->set_var('SELECTED', ' ');
|
|
| 186 |
} |
|
| 187 |
$oTpl->parse('folder_list', 'folder_list_block', true);
|
|
| 188 |
} |
|
| 189 |
|
|
| 190 |
// Insert language text and messages |
|
| 191 |
$oTpl->set_var(array( |
|
| 192 |
'TEXT_RESET' => $TEXT['RESET'], |
|
| 193 |
'TEXT_CANCEL' => $TEXT['CANCEL'], |
|
| 194 |
'TEXT_ACTIVE' => $TEXT['ACTIVE'], |
|
| 195 |
'TEXT_DISABLED' => $TEXT['DISABLED'], |
|
| 196 |
'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], |
|
| 197 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
| 198 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
| 199 |
'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], |
|
| 200 |
'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], |
|
| 201 |
'TEXT_EMAIL' => $TEXT['EMAIL'], |
|
| 202 |
'TEXT_GROUP' => $TEXT['GROUP'], |
|
| 203 |
'TEXT_NONE' => $TEXT['NONE'], |
|
| 204 |
'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], |
|
| 205 |
'USERNAME_FIELDNAME' => $username_fieldname, |
|
| 206 |
'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'], |
|
| 207 |
'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER'] |
|
| 208 |
) |
|
| 209 |
); |
|
| 210 |
|
|
| 211 |
// Parse template object |
|
| 212 |
$oTpl->parse('show_modify_loginname', 'show_modify_loginname_block', true);
|
|
| 213 |
$oTpl->parse('show_add_loginname', '', true);
|
|
| 214 |
$oTpl->parse('main', 'main_block', false);
|
|
| 215 |
// $oTpl->pparse('output', 'page');
|
|
| 216 |
$output = $oTpl->finish($oTpl->parse('output', 'page'));
|
|
| 217 |
|
|
| 218 |
return $output; |
|
| 219 |
} |
|
| 0 | 220 | |
| branches/2.8.x/wb/admin/users/delete.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* |
|
| 5 |
* @category admin |
|
| 6 |
* @package pages |
|
| 7 |
* @author Ryan Djurovich (2004-2009), WebsiteBaker Project |
|
| 8 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
| 9 |
* @link http://www.websitebaker2.org/ |
|
| 10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 11 |
* @platform WebsiteBaker 2.8.x |
|
| 12 |
* @requirements PHP 5.2.2 and higher |
|
| 13 |
* @version $Id$ |
|
| 14 |
* @filesource $HeadURL$ |
|
| 15 |
* @lastmodified $Date$ |
|
| 16 |
* |
|
| 17 |
*/ |
|
| 18 |
|
|
| 19 |
/* -------------------------------------------------------- */ |
|
| 20 |
// Must include code to stop this file being accessed directly |
|
| 21 |
if(!defined('WB_URL')) {
|
|
| 22 |
require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php'); |
|
| 23 |
throw new IllegalFileException(); |
|
| 24 |
} |
|
| 25 |
/* -------------------------------------------------------- */ |
|
| 26 |
function delete_user($admin, &$aActionRequest) |
|
| 27 |
{
|
|
| 28 |
global $TEXT, $MESSAGE; |
|
| 29 |
$database = WbDatabase::getInstance(); |
|
| 30 |
$aUserID = array(); |
|
| 31 |
$bRetVal = false; |
|
| 32 |
if(isset($aActionRequest['user_id']) && !is_array($aActionRequest['user_id'])) {
|
|
| 33 |
$aUserID[] = $aActionRequest['user_id']; |
|
| 34 |
} else {
|
|
| 35 |
$aUserID = $aActionRequest['user_id']; |
|
| 36 |
} |
|
| 37 |
|
|
| 38 |
foreach ( $aUserID AS $key => $value) |
|
| 39 |
{
|
|
| 40 |
switch ($_SERVER['REQUEST_METHOD']) : |
|
| 41 |
case 'GET': // insert/update user |
|
| 42 |
$_GET['user_id'] =$aUserID[$key]; |
|
| 43 |
break; |
|
| 44 |
default: // show userlist with empty modify mask |
|
| 45 |
$_POST['user_id'] =$aUserID[$key]; |
|
| 46 |
endswitch; // end of switch |
|
| 47 |
$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
|
|
| 48 |
|
|
| 49 |
// Check if user id is a valid number and doesnt equal 1 |
|
| 50 |
if($user_id == 0){
|
|
| 51 |
msgQueue::add($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
| 52 |
return $bRetVal; |
|
| 53 |
} |
|
| 54 |
|
|
| 55 |
if( ($user_id < 2 ) ) |
|
| 56 |
{
|
|
| 57 |
// if($admin_header) { $admin->print_header(); }
|
|
| 58 |
msgQueue::add($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
| 59 |
return $bRetVal; |
|
| 60 |
} |
|
| 61 |
|
|
| 62 |
if( ($msg = msgQueue::getError()) == '') |
|
| 63 |
{
|
|
| 64 |
$sql = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` '. |
|
| 65 |
'WHERE `user_id` = '.$user_id; |
|
| 66 |
if( ($iDeleteUser = $database->get_one($sql)) != null ) {
|
|
| 67 |
if($iDeleteUser) {
|
|
| 68 |
// Delete the user |
|
| 69 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` SET '. |
|
| 70 |
'`active` = 0 '. |
|
| 71 |
'WHERE `user_id` = '.$user_id; |
|
| 72 |
if( $database->query($sql) ) {
|
|
| 73 |
msgQueue::add($TEXT['USERS_DELETED'], true); |
|
| 74 |
} |
|
| 75 |
} else {
|
|
| 76 |
$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` '. |
|
| 77 |
'WHERE `user_id` = '.$user_id; |
|
| 78 |
if( $database->query($sql) ) {
|
|
| 79 |
msgQueue::add($MESSAGE['USERS_DELETED'], true); |
|
| 80 |
} |
|
| 81 |
} |
|
| 82 |
$bRetVal = true; |
|
| 83 |
} |
|
| 84 |
if($database->is_error()) {
|
|
| 85 |
msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
|
|
| 86 |
$bRetVal = false; |
|
| 87 |
} |
|
| 88 |
} |
|
| 89 |
} |
|
| 90 |
if(isset($aActionRequest['clearmsg'])) { msgQueue::clear(); }
|
|
| 91 |
return $user_id; |
|
| 92 |
} |
|
| 93 |
|
|
| 94 |
if(!isset($aActionRequest)) {
|
|
| 95 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
| 96 |
$aActionRequest = (isset(${$requestMethod})) ? ${$requestMethod} : null;
|
|
| 97 |
$aActionRequest['clearmsg'] = true; |
|
| 98 |
} |
|
| 0 | 99 | |
| branches/2.8.x/wb/admin/users/disallowedNames | ||
|---|---|---|
| 1 |
admin |
|
| 2 |
asshole |
|
| 3 |
porno |
|
| 4 |
arsch |
|
| 5 |
fuck |
|
| 6 |
fick |
|
| 7 |
shit |
|
| 8 |
scheiss |
|
| 9 |
viagra |
|
| branches/2.8.x/wb/admin/users/index.php | ||
|---|---|---|
| 15 | 15 |
* |
| 16 | 16 |
*/ |
| 17 | 17 |
|
| 18 |
$config_file = realpath('../../config.php');
|
|
| 19 |
if(file_exists($config_file) && !defined('WB_URL'))
|
|
| 20 |
{
|
|
| 21 |
require_once($config_file); |
|
| 22 |
} |
|
| 18 |
/** |
|
| 19 |
* checks if a given string is part of a line in a defined file |
|
| 20 |
* @param string $sString |
|
| 21 |
* @param string $sListFile |
|
| 22 |
* @return bool TRUE if at least one match is found, otherwise FALSE |
|
| 23 |
*/ |
|
| 24 |
function findStringInFileList( $sString, $sListFile) |
|
| 25 |
{
|
|
| 26 |
$aMatch = array(); |
|
| 27 |
if(is_readable($sListFile)) {
|
|
| 28 |
$aList = file($sListFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); |
|
| 29 |
$aMatch = preg_grep('/'.preg_quote($sString, '/').'/i',$aList);
|
|
| 30 |
} |
|
| 31 |
return (sizeof($aMatch)>0); |
|
| 32 |
} |
|
| 23 | 33 |
|
| 24 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
|
|
| 34 |
function admin_users_index($aActionRequest) |
|
| 35 |
{
|
|
| 36 |
global $MESSAGE; |
|
| 37 |
$database = WbDatabase::getInstance(); |
|
| 25 | 38 |
|
| 26 |
$admin = new admin('Access', 'users');
|
|
| 39 |
$sAdminPath = dirname(str_replace('\\', '/', __FILE__));
|
|
| 40 |
$sAdminName = basename($sAdminPath); |
|
| 41 |
$output = ''; |
|
| 42 |
$aActionRequest['requestMethod'] = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
| 43 |
$action = 'show'; |
|
| 44 |
// Set parameter 'action' as alternative to javascript mechanism |
|
| 45 |
$action = (isset($aActionRequest['add']) ? 'add' : $action ); |
|
| 46 |
$action = (isset($aActionRequest['save']) ? 'save' : $action ); |
|
| 47 |
$action = (isset($aActionRequest['modify']) ? 'modify' : $action ); |
|
| 48 |
$action = (isset($aActionRequest['delete']) ? 'delete' : $action ); |
|
| 49 |
$action = (isset($aActionRequest['delete_outdated']) ? 'delete_outdated' : $action ); |
|
| 27 | 50 |
|
| 28 |
$iUserStatus = 1;
|
|
| 29 |
$iUserStatus = ( ( $admin->get_get('status')==1 ) ? 0 : $iUserStatus );
|
|
| 30 |
unset($_GET);
|
|
| 51 |
switch($action) :
|
|
| 52 |
case 'delete': // delete the user
|
|
| 53 |
$admin = new admin('Access', 'users_delete',false);
|
|
| 31 | 54 |
|
| 32 |
// Setup template object, parse vars to it, then parse it |
|
| 33 |
// Create new template object |
|
| 34 |
$template = new Template(dirname($admin->correct_theme_source('users.htt')),'keep');
|
|
| 35 |
// $template->debug = true; |
|
| 55 |
include($sAdminPath.'/delete.php'); |
|
| 56 |
$output = delete_user($admin,$aActionRequest); |
|
| 36 | 57 |
|
| 37 |
$template->set_file('page', 'users.htt');
|
|
| 38 |
$template->set_block('page', 'main_block', 'main');
|
|
| 39 |
$template->set_block("main_block", "manage_groups_block", "groups");
|
|
| 40 |
$template->set_var('ADMIN_URL', ADMIN_URL);
|
|
| 41 |
$template->set_var('FTAN', $admin->getFTAN());
|
|
| 42 |
$template->set_var('USER_STATUS', $iUserStatus );
|
|
| 43 |
$template->set_var('DISPLAY_ADD', '');
|
|
| 44 |
$template->set_var('DISPLAY_MODIFY', '');
|
|
| 45 |
$template->set_var('DISABLED_CHECKED', '');
|
|
| 46 |
$template->set_var('HEADING_MODIFY_USER', '');
|
|
| 47 |
$template->set_var('DISPLAY_HOME_FOLDERS', '');
|
|
| 58 |
if( ($msg = msgQueue::getError()) != '') |
|
| 59 |
{
|
|
| 60 |
} |
|
| 48 | 61 |
|
| 49 |
$UserStatusActive = 'url('.THEME_URL.'/images/user.png)';
|
|
| 50 |
$UserStatusInactive = 'url('.THEME_URL.'/images/user_red.png)';
|
|
| 62 |
$aActionRequest['cancel_url'] = ADMIN_URL.'/access/index.php'; |
|
| 63 |
$admin = new admin('Access', 'users');
|
|
| 64 |
include($sAdminPath.'/user_list.php'); |
|
| 65 |
$output .= show_userlist($admin, $aActionRequest); |
|
| 66 |
break; |
|
| 67 |
case 'add': // insert/update user |
|
| 68 |
$admin = new admin('Access', 'users_add',false);
|
|
| 69 |
include($sAdminPath.'/add.php'); |
|
| 70 |
$output = add_user($admin,$aActionRequest); |
|
| 71 |
$aActionRequest['cancel_url'] = ADMIN_URL.'/access/index.php'; |
|
| 72 |
$admin = new admin('Access', 'users');
|
|
| 73 |
include($sAdminPath.'/user_list.php'); |
|
| 74 |
$output .= show_userlist($admin, $aActionRequest); |
|
| 75 |
break; |
|
| 76 |
case 'save': // insert/update user |
|
| 77 |
$admin = new admin('Access', 'users_modify',false);
|
|
| 78 |
// hold the cancel_url if request comes outside from users |
|
| 79 |
if(isset($aActionRequest['BackLink'])) {
|
|
| 80 |
$sBackLink = $aActionRequest['BackLink']; |
|
| 81 |
$aActionRequest['cancel_url'] = $sBackLink; |
|
| 82 |
$aActionRequest['BackLink'] = $sBackLink; |
|
| 83 |
} |
|
| 84 |
include($sAdminPath.'/save.php'); |
|
| 85 |
$user_id = save_user($admin, $aActionRequest); |
|
| 86 |
$admin = new admin('Access', 'users_modify');
|
|
| 87 |
include($sAdminPath.'/user_form.php'); |
|
| 88 |
$aActionRequest['user_id'] = $user_id; |
|
| 89 |
$output = show_usermask($admin,$aActionRequest); |
|
| 90 |
break; |
|
| 91 |
case 'modify': // insert/update user |
|
| 92 |
// first check acess to auth users can change his own preferences |
|
| 93 |
$admin = new admin('Preferences', 'preferences_view',false);
|
|
| 94 |
$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
|
|
| 95 |
// Check if user id is a valid number and doesnt equal 1 |
|
| 96 |
$aActionRequest['user_id'] = $user_id; |
|
| 97 |
if($user_id == 0){
|
|
| 98 |
msgQueue::add($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
| 99 |
} |
|
| 51 | 100 |
|
| 52 |
$sUserTitle = ($iUserStatus == 0) ? $MENU['USERS'].' '.strtolower($TEXT['ACTIVE']) : $MENU['USERS'].' '.strtolower($TEXT['DELETED']) ; |
|
| 101 |
if( ($user_id == $admin->get_user_id() ) ) |
|
| 102 |
{
|
|
| 103 |
$sQueryString = (isset($_SERVER['QUERY_STRING'])&& ($_SERVER['QUERY_STRING']!='')) ? $_SERVER['QUERY_STRING'] : 'tool=uaerat'; |
|
| 104 |
$admin->send_header(ADMIN_URL.'/preferences/index.php?'.$sQueryString); |
|
| 105 |
} |
|
| 53 | 106 |
|
| 54 |
$template->set_var('TEXT_USERS', $sUserTitle.' '.$TEXT['SHOW'] );
|
|
| 55 |
$template->set_var('STATUS_ICON', ( ($iUserStatus==0) ? $UserStatusActive : $UserStatusInactive) );
|
|
| 107 |
$admin = new admin('Access', 'users_modify');
|
|
| 56 | 108 |
|
| 57 |
// Get existing value from database |
|
| 58 |
$sql = 'SELECT `user_id`, `username`, `display_name`, `active` FROM `'.TABLE_PREFIX.'users` ' ; |
|
| 59 |
$sql .= 'WHERE user_id != 1 '; |
|
Also available in: Unified diff
! Complex code refactoring users management