Revision 1815
Added by Dietmar about 12 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
13 | 13 |
|
14 | 14 |
|
15 | 15 |
|
16 |
11 Nov-2012 Build 1815 Dietmar Woellbrink (Luisehahne) |
|
17 |
! Complex code refactoring users management |
|
16 | 18 |
10 Nov-2012 Build 1814 Dietmar Woellbrink (Luisehahne) |
17 | 19 |
! update jQuery to jQuery 1.8.2 and jQuery UI 1.9.1 |
18 | 20 |
10 Nov-2012 Build 1813 Dietmar Woellbrink (Luisehahne) |
branches/2.8.x/wb/upgrade-script.php | ||
---|---|---|
821 | 821 |
|
822 | 822 |
foreach($aUsers AS $user_id => $value){ |
823 | 823 |
// choose group_id from groups_id - workaround for still remaining calls to group_id (to be cleaned-up) |
824 |
$groups_id = explode(',', $aUsers[$user_id]['groups_id']); |
|
824 |
$aGroups_id = explode(',', $aUsers[$user_id]['groups_id']); |
|
825 |
$groups_id = $aUsers[$user_id]['groups_id']; |
|
825 | 826 |
$group_id = 0; |
826 | 827 |
//if user is in administrator-group, get this group else just get the first one |
827 |
if($admin->is_group_match($groups_id,'1')) { $group_id = 1; } else { $group_id = intval($groups_id[0]); } |
|
828 |
unset($groups_id); |
|
828 |
if($admin->is_group_match($aGroups_id,'1')) { $group_id = 1; $groups_id = '1'; } else { $group_id = intval($aGroups_id[0]); } |
|
829 | 829 |
|
830 | 830 |
$sMessage = "<span>Updating group_id ".$TEXT['DISPLAY_NAME']." " .$aUsers[$user_id]['display_name']."</span>"; |
831 | 831 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` '; |
832 |
$sql .= 'SET `group_id` = '.$group_id.' '; |
|
832 |
$sql .= 'SET `group_id` = '.$group_id.', '; |
|
833 |
$sql .= '`groups_id` = '.$groups_id.' '; |
|
833 | 834 |
$sql .= 'WHERE `user_id` = '.intval($user_id); |
834 | 835 |
|
835 | 836 |
if($oRes = $database->query($sql)){ } |
branches/2.8.x/wb/admin/skel/themes/htt/users.htt | ||
---|---|---|
13 | 13 |
</tr> |
14 | 14 |
</table> |
15 | 15 |
<div class="account"> |
16 |
<form name="users" action="users.php" method="post" class="left">
|
|
16 |
<form name="users" action="index.php" method="post" class="left">
|
|
17 | 17 |
<input type="hidden" name="userstatus" value="{USER_STATUS}" /> |
18 | 18 |
{FTAN} |
19 | 19 |
|
branches/2.8.x/wb/admin/skel/themes/htt/users_form.htt | ||
---|---|---|
8 | 8 |
</script> |
9 | 9 |
<div class="account"> |
10 | 10 |
|
11 |
<h2 class="left" style="{DISPLAY_EXTRA}">{HEADING_MODIFY_USER}</h2>
|
|
11 |
<h3 class="left bold" style="{DISPLAY_EXTRA}">{HEADING_MODIFY_USER}</h3>
|
|
12 | 12 |
|
13 |
<form name="user" action="{ACTION_URL}" method="post" class="{DISPLAY_ADD} left settings_table">
|
|
13 |
<form action="{ACTION_URL}" method="post" class="{DISPLAY_ADD} left settings_table"> |
|
14 | 14 |
<input type="hidden" name="user_id" value="{USER_ID}" /> |
15 | 15 |
<input type="hidden" name="username_fieldname" value="{USERNAME_FIELDNAME}" /> |
16 |
<input type="hidden" name="BackLink" value="{BACK_LINK}" /> |
|
16 | 17 |
{FTAN} |
17 | 18 |
<table> |
18 | 19 |
<!-- BEGIN show_modify_loginname_block --> |
... | ... | |
46 | 47 |
</tr> |
47 | 48 |
<tr style="{DISPLAY_EXTRA}"> |
48 | 49 |
<td colspan="2" style=""> |
49 |
<div class="warning value_input" style="max-width:700px; margin-right: 20%; float: right;">{CHANGING_PASSWORD}</div>
|
|
50 |
<div class="warning value_input" style="max-width:650px; margin-right: 23%; float: right;">{CHANGING_PASSWORD}</div>
|
|
50 | 51 |
</td> |
51 | 52 |
</tr> |
52 | 53 |
<tr> |
... | ... | |
72 | 73 |
</select> |
73 | 74 |
</td> |
74 | 75 |
</tr> |
76 |
|
|
77 |
<!-- BEGIN show_change_group_list_block --> |
|
75 | 78 |
<tr> |
79 |
<td colspan="2" style=""> |
|
80 |
<div class="warning value_input" style="max-width:650px; margin-right: 23%; float: right;">{CHANGING_GROUPS}</div> |
|
81 |
</td> |
|
82 |
</tr> |
|
83 |
<!-- END show_change_group_list_block --> |
|
84 |
|
|
85 |
<tr> |
|
76 | 86 |
<td class="rightTop">{TEXT_GROUP}:</td> |
77 | 87 |
<td class="value_input"> |
78 | 88 |
<select name="groups[]" multiple="multiple" size="5"> |
... | ... | |
93 | 103 |
</tr> |
94 | 104 |
<tr> |
95 | 105 |
<td colspan="2" class="center"> |
96 |
<input type="submit" name="submit" value="{SUBMIT_TITLE}" />
|
|
106 |
<input type="submit" name="{SUB_ACTION}" value="{SUBMIT_TITLE}" />
|
|
97 | 107 |
<input type="reset" name="reset" value="{TEXT_RESET}" /> |
98 |
<input type="button" style="width: 100px; margin-top: 5px;" onclick="javascript:window.location='index.php';" value="{TEXT_CANCEL}" />
|
|
108 |
<input type="button" style="width: 100px; margin-top: 5px;" onclick="javascript:window.location='{CANCEL_URL}';" value="{TEXT_CANCEL}" />
|
|
99 | 109 |
</td> |
100 | 110 |
</tr> |
101 | 111 |
</table> |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
51 | 51 |
|
52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3'); |
54 |
if(!defined('REVISION')) define('REVISION', '1814');
|
|
54 |
if(!defined('REVISION')) define('REVISION', '1815');
|
|
55 | 55 |
if(!defined('SP')) define('SP', ''); |
branches/2.8.x/wb/admin/users/users.php | ||
---|---|---|
1 |
<?php |
|
2 |
/** |
|
3 |
* |
|
4 |
* @category admin |
|
5 |
* @package users |
|
6 |
* @author Ryan Djurovich, WebsiteBaker Project |
|
7 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
8 |
* @link http://www.websitebaker2.org/ |
|
9 |
* @license http://www.gnu.org/licenses/gpl.html |
|
10 |
* @platform WebsiteBaker 2.8.x |
|
11 |
* @requirements PHP 5.2.2 and higher |
|
12 |
* @version $Id$ |
|
13 |
* @filesource $HeadURL$ |
|
14 |
* @lastmodified $Date$ |
|
15 |
* |
|
16 |
*/ |
|
17 |
|
|
18 |
// Include config file and admin class file |
|
19 |
|
|
20 |
$config_file = realpath('../../config.php'); |
|
21 |
if(file_exists($config_file) && !defined('WB_URL')) |
|
22 |
{ |
|
23 |
require_once($config_file); |
|
24 |
} |
|
25 |
|
|
26 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } |
|
27 |
|
|
28 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
29 |
$aActionRequest = (isset(${$requestMethod})) ? ${$requestMethod} : null; |
|
30 |
|
|
31 |
$action = 'cancel'; |
|
32 |
|
|
33 |
// Set parameter 'action' as alternative to javascript mechanism |
|
34 |
$action = (isset($aActionRequest['modify']) ? 'modify' : $action ); |
|
35 |
$action = (isset($aActionRequest['delete']) ? 'delete' : $action ); |
|
36 |
$action = (isset($aActionRequest['delete_outdated']) ? 'delete_outdated' : $action ); |
|
37 |
|
|
38 |
switch ($action): |
|
39 |
case 'modify' : |
|
40 |
// Print header |
|
41 |
$admin = new admin('Access', 'users_modify'); |
|
42 |
$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD'])); |
|
43 |
// Check if user id is a valid number and doesnt equal 1 |
|
44 |
if($user_id == 0){ |
|
45 |
$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
46 |
} |
|
47 |
if( ($user_id < 2 ) ) |
|
48 |
{ |
|
49 |
// if($admin_header) { $admin->print_header(); } |
|
50 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
51 |
} |
|
52 |
// Get existing values |
|
53 |
$results = $database->query("SELECT * FROM `".TABLE_PREFIX."users` WHERE `user_id` = '".$user_id."'"); |
|
54 |
$user = $results->fetchRow(); |
|
55 |
|
|
56 |
// Setup template object, parse vars to it, then parse it |
|
57 |
// Create new template object |
|
58 |
$template = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep'); |
|
59 |
// $template->debug = true; |
|
60 |
$template->set_file('page', 'users_form.htt'); |
|
61 |
$template->set_block('page', 'main_block', 'main'); |
|
62 |
$template->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname'); |
|
63 |
$template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname'); |
|
64 |
$template->set_var( array( |
|
65 |
'ACTION_URL' => ADMIN_URL.'/users/save.php', |
|
66 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
67 |
'USER_ID' => $user['user_id'], |
|
68 |
'DISPLAY_EXTRA' => '', |
|
69 |
'DISPLAY_HOME_FOLDERS' => '', |
|
70 |
'USERNAME' => $user['username'], |
|
71 |
'DISPLAY_NAME' => $user['display_name'], |
|
72 |
'EMAIL' => $user['email'], |
|
73 |
'ADMIN_URL' => ADMIN_URL, |
|
74 |
'WB_URL' => WB_URL, |
|
75 |
'THEME_URL' => THEME_URL |
|
76 |
) |
|
77 |
); |
|
78 |
|
|
79 |
$template->set_var('FTAN', $admin->getFTAN()); |
|
80 |
if($user['active'] == 1) { |
|
81 |
$template->set_var('DISABLED_CHECKED', ''); |
|
82 |
$template->set_var('ACTIVE_CHECKED', ' checked="checked"'); |
|
83 |
} else { |
|
84 |
$template->set_var('ACTIVE_CHECKED', ''); |
|
85 |
$template->set_var('DISABLED_CHECKED', ' checked="checked"'); |
|
86 |
} |
|
87 |
// Add groups to list |
|
88 |
$template->set_block('main_block', 'group_list_block', 'group_list'); |
|
89 |
$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name"); |
|
90 |
if($results->numRows() > 0) { |
|
91 |
$template->set_var('ID', ''); |
|
92 |
$template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); |
|
93 |
$template->set_var('SELECTED', ''); |
|
94 |
$template->parse('group_list', 'group_list_block', true); |
|
95 |
while($group = $results->fetchRow()) { |
|
96 |
$template->set_var('ID', $group['group_id']); |
|
97 |
$template->set_var('NAME', $group['name']); |
|
98 |
if(in_array($group['group_id'], explode(",",$user['groups_id']))) { |
|
99 |
$template->set_var('SELECTED', ' selected="selected"'); |
|
100 |
} else { |
|
101 |
$template->set_var('SELECTED', ''); |
|
102 |
} |
|
103 |
$template->parse('group_list', 'group_list_block', true); |
|
104 |
} |
|
105 |
} |
|
106 |
|
|
107 |
// Only allow the user to add a user to the Administrators group if they belong to it |
|
108 |
if(in_array(1, $admin->get_groups_id())) |
|
109 |
{ |
|
110 |
$template->set_var('ID', '1'); |
|
111 |
$users_groups = $admin->get_groups_name(); |
|
112 |
$template->set_var('NAME', $users_groups[1]); |
|
113 |
|
|
114 |
$in_group = FALSE; |
|
115 |
foreach($admin->get_groups_id() as $cur_gid){ |
|
116 |
if (in_array($cur_gid, explode(",", $user['groups_id']))) { |
|
117 |
$in_group = TRUE; |
|
118 |
} |
|
119 |
} |
|
120 |
|
|
121 |
if($in_group) { |
|
122 |
$template->set_var('SELECTED', ' selected="selected"'); |
|
123 |
} else { |
|
124 |
$template->set_var('SELECTED', ''); |
|
125 |
} |
|
126 |
$template->parse('group_list', 'group_list_block', true); |
|
127 |
} else { |
|
128 |
if($results->numRows() == 0) { |
|
129 |
$template->set_var('ID', ''); |
|
130 |
$template->set_var('NAME', $TEXT['NONE_FOUND']); |
|
131 |
$template->set_var('SELECTED', ' selected="selected"'); |
|
132 |
$template->parse('group_list', 'group_list_block', true); |
|
133 |
} |
|
134 |
} |
|
135 |
|
|
136 |
// Generate username field name |
|
137 |
$username_fieldname = 'username_'; |
|
138 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
139 |
srand((double)microtime()*1000000); |
|
140 |
$i = 0; |
|
141 |
while ($i <= 7) { |
|
142 |
$num = rand() % 33; |
|
143 |
$tmp = substr($salt, $num, 1); |
|
144 |
$username_fieldname = $username_fieldname . $tmp; |
|
145 |
$i++; |
|
146 |
} |
|
147 |
|
|
148 |
// Work-out if home folder should be shown |
|
149 |
if(!HOME_FOLDERS) { |
|
150 |
$template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;'); |
|
151 |
} |
|
152 |
|
|
153 |
// Include the WB functions file |
|
154 |
require_once(WB_PATH.'/framework/functions.php'); |
|
155 |
|
|
156 |
// Add media folders to home folder list |
|
157 |
$template->set_block('main_block', 'folder_list_block', 'folder_list'); |
|
158 |
foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) |
|
159 |
{ |
|
160 |
$template->set_var('NAME', str_replace(WB_PATH, '', $name)); |
|
161 |
$template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)); |
|
162 |
if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) { |
|
163 |
$template->set_var('SELECTED', ' selected="selected"'); |
|
164 |
} else { |
|
165 |
$template->set_var('SELECTED', ' '); |
|
166 |
} |
|
167 |
$template->parse('folder_list', 'folder_list_block', true); |
|
168 |
} |
|
169 |
|
|
170 |
// Insert language text and messages |
|
171 |
$template->set_var(array( |
|
172 |
'TEXT_RESET' => $TEXT['RESET'], |
|
173 |
'TEXT_CANCEL' => $TEXT['CANCEL'], |
|
174 |
'TEXT_ACTIVE' => $TEXT['ACTIVE'], |
|
175 |
'TEXT_DISABLED' => $TEXT['DISABLED'], |
|
176 |
'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], |
|
177 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
178 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
179 |
'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], |
|
180 |
'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], |
|
181 |
'TEXT_EMAIL' => $TEXT['EMAIL'], |
|
182 |
'TEXT_GROUP' => $TEXT['GROUP'], |
|
183 |
'TEXT_NONE' => $TEXT['NONE'], |
|
184 |
'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], |
|
185 |
'USERNAME_FIELDNAME' => $username_fieldname, |
|
186 |
'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'], |
|
187 |
'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER'] |
|
188 |
) |
|
189 |
); |
|
190 |
|
|
191 |
// Parse template object |
|
192 |
$template->parse('show_modify_loginname', 'show_modify_loginname_block', true); |
|
193 |
$template->parse('show_add_loginname', '', true); |
|
194 |
$template->parse('main', 'main_block', false); |
|
195 |
$template->pparse('output', 'page'); |
|
196 |
break; |
|
197 |
case 'delete' : |
|
198 |
// Print header |
|
199 |
$admin = new admin('Access', 'users_delete'); |
|
200 |
|
|
201 |
$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD'])); |
|
202 |
// Check if user id is a valid number and doesnt equal 1 |
|
203 |
|
|
204 |
if($user_id == 0){ |
|
205 |
$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
206 |
} |
|
207 |
if( ($user_id < 2 ) ) |
|
208 |
{ |
|
209 |
// if($admin_header) { $admin->print_header(); } |
|
210 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
211 |
} |
|
212 |
$sql = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` '; |
|
213 |
$sql .= 'WHERE `user_id` = '.$user_id.''; |
|
214 |
if( ($iDeleteUser = $database->get_one($sql)) == 1 ) { |
|
215 |
// Delete the user |
|
216 |
$database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' "); |
|
217 |
} else { |
|
218 |
$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id); |
|
219 |
} |
|
220 |
|
|
221 |
if($database->is_error()) { |
|
222 |
$admin->print_error($database->get_error()); |
|
223 |
} else { |
|
224 |
$admin->print_success($MESSAGE['USERS_DELETED']); |
|
225 |
} |
|
226 |
break; |
|
227 |
case 'delete_outdated' : |
|
228 |
$admin = new admin('Access', 'users_delete'); |
|
229 |
$user_id = intval($admin->checkIDKEY('user_id_activation_id', 0, $_SERVER['REQUEST_METHOD'])); |
|
230 |
// Check if user id is a valid number and doesnt equal 1 |
|
231 |
if($user_id == 0){ |
|
232 |
$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
233 |
} |
|
234 |
if( ($user_id < 2 ) ) |
|
235 |
{ |
|
236 |
// if($admin_header) { $admin->print_header(); } |
|
237 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
238 |
} |
|
239 |
$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id); |
|
240 |
if($database->is_error()) { |
|
241 |
$admin->print_error($database->get_error()); |
|
242 |
} else { |
|
243 |
$admin->print_success($MESSAGE['USERS_DELETED']); |
|
244 |
} |
|
245 |
break; |
|
246 |
default: |
|
247 |
break; |
|
248 |
endswitch; |
|
249 |
|
|
250 |
|
|
251 |
|
|
252 |
// Print admin footer |
|
253 |
$admin->print_footer(); |
|
254 |
|
|
255 | 0 |
branches/2.8.x/wb/admin/users/user_list.php | ||
---|---|---|
1 |
<?php |
|
2 |
|
|
3 |
/** |
|
4 |
* |
|
5 |
* @category admin |
|
6 |
* @package pages |
|
7 |
* @author Ryan Djurovich (2004-2009), WebsiteBaker Project |
|
8 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
9 |
* @link http://www.websitebaker2.org/ |
|
10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
11 |
* @platform WebsiteBaker 2.8.x |
|
12 |
* @requirements PHP 5.2.2 and higher |
|
13 |
* @version $Id$ |
|
14 |
* @filesource $HeadURL$ |
|
15 |
* @lastmodified $Date$ |
|
16 |
* |
|
17 |
*/ |
|
18 |
|
|
19 |
/* -------------------------------------------------------- */ |
|
20 |
// Must include code to stop this file being accessed directly |
|
21 |
if(!defined('WB_URL')) { |
|
22 |
require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php'); |
|
23 |
throw new IllegalFileException(); |
|
24 |
} |
|
25 |
/* -------------------------------------------------------- */ |
|
26 |
|
|
27 |
function show_userlist($admin, &$aActionRequest) |
|
28 |
{ |
|
29 |
global $TEXT, $MESSAGE, $HEADING, $MENU; |
|
30 |
$database = WbDatabase::getInstance(); |
|
31 |
$iUserStatus = 1; |
|
32 |
$iUserStatus = ( ( $admin->get_get('status')==1 ) ? 0 : $iUserStatus ); |
|
33 |
unset($_GET); |
|
34 |
|
|
35 |
// Setup template object, parse vars to it, then parse it |
|
36 |
// Create new template object |
|
37 |
$oTpl = new Template(dirname($admin->correct_theme_source('users.htt')),'keep'); |
|
38 |
// $oTpl->debug = true; |
|
39 |
|
|
40 |
$oTpl->set_file('page', 'users.htt'); |
|
41 |
$oTpl->set_block('page', 'main_block', 'main'); |
|
42 |
$oTpl->set_block("main_block", "manage_groups_block", "groups"); |
|
43 |
|
|
44 |
$oTpl->set_var('ADMIN_URL', ADMIN_URL); |
|
45 |
$oTpl->set_var('FTAN', $admin->getFTAN()); |
|
46 |
$oTpl->set_var('USER_STATUS', $iUserStatus ); |
|
47 |
$oTpl->set_var('groups', ''); |
|
48 |
$oTpl->set_var('DISPLAY_ADD', ''); |
|
49 |
$oTpl->set_var('DISPLAY_MODIFY', ''); |
|
50 |
$oTpl->set_var('DISABLED_CHECKED', ''); |
|
51 |
$oTpl->set_var('HEADING_MODIFY_USER', ''); |
|
52 |
$oTpl->set_var('DISPLAY_HOME_FOLDERS', ''); |
|
53 |
|
|
54 |
$UserStatusActive = 'url('.THEME_URL.'/images/user.png)'; |
|
55 |
$UserStatusInactive = 'url('.THEME_URL.'/images/user_red.png)'; |
|
56 |
|
|
57 |
$sUserTitle = ($iUserStatus == 0) ? $MENU['USERS'].' '.strtolower($TEXT['ACTIVE']) : $MENU['USERS'].' '.strtolower($TEXT['DELETED']) ; |
|
58 |
|
|
59 |
$oTpl->set_var('TEXT_USERS', $sUserTitle.' '.$TEXT['SHOW'] ); |
|
60 |
$oTpl->set_var('STATUS_ICON', ( ($iUserStatus==0) ? $UserStatusActive : $UserStatusInactive) ); |
|
61 |
|
|
62 |
// Get existing value from database |
|
63 |
$sql = 'SELECT `user_id`, `username`, `display_name`, `active` FROM `'.TABLE_PREFIX.'users` ' ; |
|
64 |
$sql .= 'WHERE user_id != 1 '; |
|
65 |
$sql .= 'AND active = '.$iUserStatus.' '; |
|
66 |
$sql .= 'ORDER BY `display_name`,`username`'; |
|
67 |
|
|
68 |
// $query = "SELECT user_id, username, display_name, active FROM ".TABLE_PREFIX."users WHERE user_id != '1' ORDER BY display_name,username"; |
|
69 |
$oRes = $database->query($sql); |
|
70 |
if($database->is_error()) { |
|
71 |
$admin->print_error($database->get_error(), 'index.php'); |
|
72 |
} |
|
73 |
|
|
74 |
$sUserList = $TEXT['LIST_OPTIONS'].' '; |
|
75 |
$sUserList .= ($iUserStatus == 1) ? $MENU['USERS'].' '.strtolower($TEXT['ACTIVE']) : $MENU['USERS'].' '.strtolower($TEXT['DELETED']) ; |
|
76 |
// Insert values into the modify/remove menu |
|
77 |
$oTpl->set_block('main_block', 'list_block', 'list'); |
|
78 |
if($oRes->numRows() > 0) { |
|
79 |
// Insert first value to say please select |
|
80 |
$oTpl->set_var('VALUE', ''); |
|
81 |
$oTpl->set_var('NAME', $sUserList); |
|
82 |
$oTpl->set_var('STATUS', 'class="user-active"' ); |
|
83 |
$oTpl->parse('list', 'list_block', true); |
|
84 |
// Loop through users |
|
85 |
while($user = $oRes->fetchRow(MYSQL_ASSOC)) { |
|
86 |
$oTpl->set_var('VALUE',$admin->getIDKEY($user['user_id'])); |
|
87 |
$oTpl->set_var('STATUS', ($user['active']==false ? 'class="user-inactive"' : 'class="user-active"') ); |
|
88 |
$oTpl->set_var('NAME', $user['display_name'].' ('.$user['username'].')'); |
|
89 |
$oTpl->parse('list', 'list_block', true); |
|
90 |
} |
|
91 |
} else { |
|
92 |
// Insert single value to say no users were found |
|
93 |
$oTpl->set_var('NAME', $TEXT['NONE_FOUND']); |
|
94 |
$oTpl->parse('list', 'list_block', true); |
|
95 |
} |
|
96 |
|
|
97 |
// Insert permissions values |
|
98 |
if($admin->get_permission('users_add') != true) { |
|
99 |
$oTpl->set_var('DISPLAY_ADD', 'hide'); |
|
100 |
} |
|
101 |
if($admin->get_permission('users_modify') != true) { |
|
102 |
$oTpl->set_var('DISPLAY_MODIFY', 'hide'); |
|
103 |
} |
|
104 |
if($admin->get_permission('users_delete') != true) { |
|
105 |
$oTpl->set_var('DISPLAY_DELETE', 'hide'); |
|
106 |
} |
|
107 |
$HeaderTitle = $HEADING['MODIFY_DELETE_USER'].' '; |
|
108 |
$HeaderTitle .= (($iUserStatus == 1) ? strtolower($TEXT['ACTIVE']) : strtolower($TEXT['DELETED'])); |
|
109 |
// Insert language headings |
|
110 |
$oTpl->set_var(array( |
|
111 |
'HEADING_MODIFY_DELETE_USER' => $HeaderTitle, |
|
112 |
'HEADING_ADD_USER' => $HEADING['ADD_USER'] |
|
113 |
) |
|
114 |
); |
|
115 |
// insert urls |
|
116 |
$oTpl->set_var(array( |
|
117 |
'ADMIN_URL' => ADMIN_URL, |
|
118 |
'WB_URL' => WB_URL, |
|
119 |
'THEME_URL' => THEME_URL |
|
120 |
) |
|
121 |
); |
|
122 |
// Insert language text and messages |
|
123 |
$oTpl->set_var(array( |
|
124 |
'DISPLAY_WAITING_ACTIVATION' => '', |
|
125 |
'TEXT_MODIFY' => $TEXT['MODIFY'], |
|
126 |
'TEXT_DELETE' => $TEXT['DELETE'], |
|
127 |
'TEXT_MANAGE_GROUPS' => ( $admin->get_permission('groups') == true ) ? $TEXT['MANAGE_GROUPS'] : "**", |
|
128 |
'CONFIRM_DELETE' => (($iUserStatus == 1) ? $TEXT['ARE_YOU_SURE'] : $MESSAGE['USERS_CONFIRM_DELETE']) |
|
129 |
) |
|
130 |
); |
|
131 |
|
|
132 |
$oTpl->set_block('main_block', 'show_confirmed_activation_block', 'show_confirmed_activation'); |
|
133 |
if($admin->ami_group_member('1')) { |
|
134 |
$oTpl->set_block('show_confirmed_activation_block', 'list_confirmed_activation_block', 'list_confirmed_activation'); |
|
135 |
$oTpl->set_var('DISPLAY_WAITING_ACTIVATION', 'Users awaiting for activation'); |
|
136 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` '; |
|
137 |
$sql .= 'WHERE `confirm_timeout` != 0 '; |
|
138 |
$sql .= 'AND `active` = 0 '; |
|
139 |
$sql .= 'AND `user_id` != 1 '; |
|
140 |
if( ($oRes = $database->query($sql)) ) { |
|
141 |
$oTpl->set_var('DISPLAY_DELETE', ''); |
|
142 |
// $oTpl->set_var('NAME', 'User waiting for activation'); |
|
143 |
// $oTpl->set_var('STATUS', '' ); |
|
144 |
// Loop through users |
|
145 |
if($nNumRows = $oRes->numRows()) { |
|
146 |
while($aUser = $oRes->fetchRow(MYSQL_ASSOC)) { |
|
147 |
$oTpl->set_var('VALUE',$admin->getIDKEY($aUser['user_id'])); |
|
148 |
$oTpl->set_var('STATUS', '') ; |
|
149 |
$oTpl->set_var('NAME', $aUser['display_name'].' ('.$aUser['username'].')'.' ['.$aUser['email'].']'); |
|
150 |
$oTpl->parse('list_confirmed_activation', 'list_confirmed_activation_block', true); |
|
151 |
} |
|
152 |
$oTpl->parse('show_confirmed_activation', 'show_confirmed_activation_block',true); |
|
153 |
} |
|
154 |
} else { $nNumRows = 0; } |
|
155 |
|
|
156 |
} else { |
|
157 |
$nNumRows = 0; |
|
158 |
} |
|
159 |
|
|
160 |
if ( $nNumRows == 0){ |
|
161 |
$oTpl->parse('show_confirmed_activation', ''); |
|
162 |
} |
|
163 |
|
|
164 |
if ( $admin->get_permission('groups') == true ) $oTpl->parse("groups", "manage_groups_block", true); |
|
165 |
// Parse template object |
|
166 |
$oTpl->parse('main', 'main_block', false); |
|
167 |
|
|
168 |
$output = $oTpl->finish($oTpl->parse('output', 'page')); |
|
169 |
// Setup template object, parse vars to it, then parse it |
|
170 |
// Create new template object |
|
171 |
$oTpl = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep'); |
|
172 |
// $oTpl->debug = true; |
|
173 |
$oTpl->set_file('page', 'users_form.htt'); |
|
174 |
$oTpl->set_block('page', 'main_block', 'main'); |
|
175 |
$oTpl->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname'); |
|
176 |
$oTpl->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname'); |
|
177 |
|
|
178 |
$oTpl->set_block('main_block', 'show_change_group_list_block', 'show_change_group_list'); |
|
179 |
|
|
180 |
$oTpl->parse('show_change_group_list', ''); |
|
181 |
// $oTpl->parse('show_change_group_list', 'show_change_group_list_block', true); |
|
182 |
|
|
183 |
$oTpl->set_var( array( |
|
184 |
'ACTION_URL' => ADMIN_URL.'/users/index.php', |
|
185 |
'FTAN' => $admin->getFTAN(), |
|
186 |
'DISPLAY_EXTRA' => 'display:none;', |
|
187 |
'ACTIVE_CHECKED' => ' checked="checked"', |
|
188 |
'DISABLED_CHECKED' => '', |
|
189 |
'NO_RIGHTS' => 'hide', |
|
190 |
'CHANGING_GROUPS' => '', |
|
191 |
'DISPLAY_ADD' => '', |
|
192 |
'DISPLAY_MODIFY' => '', |
|
193 |
'HEADING_MODIFY_USER' => '', |
|
194 |
'DISPLAY_HOME_FOLDERS' => '', |
|
195 |
'SUBMIT_TITLE' => $TEXT['ADD'], |
|
196 |
) |
|
197 |
); |
|
198 |
|
|
199 |
|
|
200 |
// insert urls |
|
201 |
$oTpl->set_var(array( |
|
202 |
'USER_ID' => '', |
|
203 |
'USERNAME' => '', |
|
204 |
'DISPLAY_NAME' => '', |
|
205 |
'EMAIL' => '', |
|
206 |
'ADMIN_URL' => ADMIN_URL, |
|
207 |
'WB_URL' => WB_URL, |
|
208 |
'SUB_ACTION' => 'add', |
|
209 |
'CANCEL_URL' => $aActionRequest['cancel_url'], |
|
210 |
'THEME_URL' => THEME_URL |
|
211 |
) |
|
212 |
); |
|
213 |
|
|
214 |
// Add groups to list |
|
215 |
$oTpl->set_block('main_block', 'group_list_block', 'group_list'); |
|
216 |
$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1'"); |
|
217 |
if($results->numRows() > 0) { |
|
218 |
$oTpl->set_var('ID', ''); |
|
219 |
$oTpl->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); |
|
220 |
$oTpl->set_var('SELECTED', ' selected="selected"'); |
|
221 |
$oTpl->parse('group_list', 'group_list_block', true); |
|
222 |
while($group = $results->fetchRow()) { |
|
223 |
$oTpl->set_var('ID', $group['group_id']); |
|
224 |
$oTpl->set_var('NAME', $group['name']); |
|
225 |
$oTpl->set_var('SELECTED', ''); |
|
226 |
$oTpl->parse('group_list', 'group_list_block', true); |
|
227 |
} |
|
228 |
} |
|
229 |
// Only allow the user to add a user to the Administrators group if they belong to it |
|
230 |
if(in_array(1, $admin->get_groups_id())) { |
|
231 |
$users_groups = $admin->get_groups_name(); |
|
232 |
$oTpl->set_var('ID', '1'); |
|
233 |
$oTpl->set_var('NAME', $users_groups[1]); |
|
234 |
$oTpl->set_var('SELECTED', ''); |
|
235 |
$oTpl->parse('group_list', 'group_list_block', true); |
|
236 |
} else { |
|
237 |
if($results->numRows() == 0) { |
|
238 |
$oTpl->set_var('ID', ''); |
|
239 |
$oTpl->set_var('NAME', $TEXT['NONE_FOUND']); |
|
240 |
$oTpl->parse('group_list', 'group_list_block', true); |
|
241 |
} |
|
242 |
} |
|
243 |
|
|
244 |
// Insert permissions values |
|
245 |
if($admin->get_permission('users_add') != true) { |
|
246 |
$oTpl->set_var('DISPLAY_ADD', 'hide'); |
|
247 |
} |
|
248 |
|
|
249 |
// Generate username field name |
|
250 |
$username_fieldname = 'username_'; |
|
251 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
252 |
srand((double)microtime()*1000000); |
|
253 |
$i = 0; |
|
254 |
while ($i <= 7) { |
|
255 |
$num = rand() % 33; |
|
256 |
$tmp = substr($salt, $num, 1); |
|
257 |
$username_fieldname = $username_fieldname . $tmp; |
|
258 |
$i++; |
|
259 |
} |
|
260 |
|
|
261 |
// Work-out if home folder should be shown |
|
262 |
if(!HOME_FOLDERS) { |
|
263 |
$oTpl->set_var('DISPLAY_HOME_FOLDERS', 'display:none;'); |
|
264 |
} |
|
265 |
|
|
266 |
// Include the WB functions file |
|
267 |
require_once(WB_PATH.'/framework/functions.php'); |
|
268 |
|
|
269 |
// Add media folders to home folder list |
|
270 |
$oTpl->set_block('main_block', 'folder_list_block', 'folder_list'); |
|
271 |
foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) { |
|
272 |
$oTpl->set_var('NAME', str_replace(WB_PATH, '', $name)); |
|
273 |
$oTpl->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)); |
|
274 |
$oTpl->set_var('SELECTED', ' '); |
|
275 |
$oTpl->parse('folder_list', 'folder_list_block', true); |
|
276 |
} |
|
277 |
|
|
278 |
// Insert language text and messages |
|
279 |
$oTpl->set_var(array( |
|
280 |
'TEXT_CANCEL' => $TEXT['CANCEL'], |
|
281 |
'TEXT_RESET' => $TEXT['RESET'], |
|
282 |
'TEXT_ACTIVE' => $TEXT['ACTIVE'], |
|
283 |
'TEXT_DISABLED' => $TEXT['DISABLED'], |
|
284 |
'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], |
|
285 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
286 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
287 |
'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], |
|
288 |
'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], |
|
289 |
'TEXT_EMAIL' => $TEXT['EMAIL'], |
|
290 |
'TEXT_GROUP' => $TEXT['GROUP'], |
|
291 |
'TEXT_NONE' => $TEXT['NONE'], |
|
292 |
'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], |
|
293 |
'USERNAME_FIELDNAME' => $username_fieldname, |
|
294 |
'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'] |
|
295 |
) |
|
296 |
); |
|
297 |
|
|
298 |
// Parse template for add user form |
|
299 |
$oTpl->parse('show_modify_loginname', '', true); |
|
300 |
$oTpl->parse('show_add_loginname', 'show_add_loginname_block', true); |
|
301 |
$oTpl->parse('main', 'main_block', false); |
|
302 |
$output .= $oTpl->finish($oTpl->parse('output', 'page')); |
|
303 |
|
|
304 |
return $output; |
|
305 |
|
|
306 |
} |
|
0 | 307 |
branches/2.8.x/wb/admin/users/save.php | ||
---|---|---|
15 | 15 |
* |
16 | 16 |
*/ |
17 | 17 |
|
18 |
$config_file = realpath('../../config.php'); |
|
19 |
if(file_exists($config_file) && !defined('WB_URL')) |
|
20 |
{ |
|
21 |
require_once($config_file); |
|
18 |
/* -------------------------------------------------------- */ |
|
19 |
// Must include code to stop this file being accessed directly |
|
20 |
if(!defined('WB_URL')) { |
|
21 |
require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php'); |
|
22 |
throw new IllegalFileException(); |
|
22 | 23 |
} |
24 |
/* -------------------------------------------------------- */ |
|
23 | 25 |
|
24 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } |
|
26 |
function save_user($admin, &$aActionRequest) |
|
27 |
{ |
|
28 |
global $TEXT, $MESSAGE; |
|
29 |
// Create a javascript back link |
|
30 |
// $js_back = ADMIN_URL.'/users/index.php'; |
|
31 |
unset($aActionRequest['save']); |
|
32 |
$aActionRequest['modify']= 'change'; |
|
33 |
$database = WbDatabase::getInstance(); |
|
34 |
$bRetVal = 0; |
|
35 |
$iMinPassLength = 6; |
|
25 | 36 |
|
26 |
// suppress to print the header, so no new FTAN will be set |
|
27 |
$admin = new admin('Access', 'users_modify', false); |
|
37 |
if( !$admin->checkFTAN() ) |
|
38 |
{ |
|
39 |
msgQueue::add($MESSAGE['GENERIC_SECURITY_ACCESS']); |
|
40 |
return $bRetVal; |
|
41 |
} |
|
28 | 42 |
|
29 |
// Create a javascript back link |
|
30 |
$js_back = ADMIN_URL.'/users/index.php'; |
|
43 |
// Check if user id is a valid number and doesnt equal 1 |
|
44 |
if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) { |
|
45 |
msgQueue::add('::'.$MESSAGE['GENERIC_NOT_UPGRADED']); |
|
46 |
return $bRetVal; |
|
47 |
} else { |
|
48 |
$user_id = intval($aActionRequest['user_id']); |
|
49 |
} |
|
31 | 50 |
|
32 |
if( !$admin->checkFTAN() ) |
|
33 |
{ |
|
34 |
$admin->print_header(); |
|
35 |
$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back); |
|
36 |
} |
|
37 |
// After check print the header |
|
38 |
$admin->print_header(); |
|
51 |
if( ($user_id < 2 ) ) |
|
52 |
{ |
|
53 |
// if($admin_header) { $admin->print_header(); } |
|
54 |
msgQueue::add($MESSAGE['GENERIC_SECURITY_OFFENSE']); |
|
55 |
return $bRetVal; |
|
56 |
} |
|
57 |
// Get existing values |
|
58 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ; |
|
59 |
$sql .= 'WHERE user_id = '.$user_id.' '; |
|
60 |
$sql .= 'AND user_id != 1 '; |
|
39 | 61 |
|
40 |
// Check if user id is a valid number and doesnt equal 1 |
|
41 |
if(!isset($_POST['user_id']) OR !is_numeric($_POST['user_id']) OR $_POST['user_id'] == 1) { |
|
42 |
header("Location: index.php"); |
|
43 |
exit(0); |
|
44 |
} else { |
|
45 |
$user_id = intval($_POST['user_id']); |
|
46 |
} |
|
62 |
if($oRes = $database->query($sql)){ |
|
63 |
$olduser = $oRes->fetchRow(MYSQL_ASSOC); |
|
64 |
} |
|
47 | 65 |
|
48 |
// Gather details entered |
|
49 |
$groups_id = (isset($_POST['groups'])) ? implode(",", $admin->add_slashes($_POST['groups'])) : ''; |
|
50 |
$active = $admin->add_slashes($_POST['active'][0]); |
|
51 |
$username_fieldname = $admin->get_post_escaped('username_fieldname'); |
|
52 |
$username = strtolower($admin->get_post_escaped($username_fieldname)); |
|
53 |
$password = $admin->get_post('password'); |
|
54 |
$password2 = $admin->get_post('password2'); |
|
55 |
$display_name = $admin->get_post_escaped('display_name'); |
|
56 |
$email = $admin->get_post_escaped('email'); |
|
57 |
$home_folder = $admin->get_post_escaped('home_folder'); |
|
66 |
// Gather details entered |
|
67 |
if($admin->is_group_match($admin->get_groups_id(), '1' )){ |
|
68 |
$groups_id = (isset($aActionRequest['groups'])) ? implode(",", $admin->add_slashes($aActionRequest['groups'])) : ''; |
|
69 |
} else { |
|
70 |
$groups_id = $olduser['group_id']; |
|
71 |
} |
|
72 |
// there will be an additional ',' when "Please Choose" was selected, too |
|
73 |
$groups_id = trim($groups_id, ','); |
|
74 |
$active = intval(strip_tags($admin->StripCodeFromText($aActionRequest['active'][0]))); |
|
75 |
$username_fieldname = strip_tags($admin->StripCodeFromText($aActionRequest['username_fieldname'])); |
|
76 |
$username = strtolower(strip_tags($admin->StripCodeFromText($aActionRequest[$username_fieldname]))); |
|
77 |
$password = strip_tags($admin->StripCodeFromText($aActionRequest['password'])); |
|
78 |
$password2 = strip_tags($admin->StripCodeFromText($aActionRequest['password2'])); |
|
79 |
$display_name = strip_tags($admin->StripCodeFromText($aActionRequest['display_name'])); |
|
80 |
$email = strip_tags($admin->StripCodeFromText($aActionRequest['email'])); |
|
81 |
$home_folder = strip_tags($admin->StripCodeFromText($aActionRequest['home_folder'])); |
|
58 | 82 |
|
59 |
// Check values |
|
60 |
if($groups_id == "") { |
|
61 |
$admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back); |
|
62 |
} |
|
63 |
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) |
|
64 |
{ |
|
83 |
// Check values |
|
84 |
if($groups_id == "") { |
|
85 |
msgQueue::add($MESSAGE['USERS_NO_GROUP']); |
|
86 |
} else { |
|
87 |
$aGroups_id = explode(',', $groups_id); |
|
88 |
//if user is in administrator-group, get this group else just get the first one |
|
89 |
if($admin->is_group_match($groups_id,'1')) { $group_id = 1; } else { $group_id = intval($aGroups_id[0]); } |
|
90 |
} |
|
65 | 91 |
|
66 |
// print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong> basename: '.basename(__FILE__).' line: '.__LINE__.' -> <br />'; |
|
67 |
// print_r( $_POST ); print '</pre>'; |
|
68 |
$admin->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '. |
|
69 |
$MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); |
|
70 |
} |
|
71 |
if($password != "") { |
|
72 |
if(strlen($password) < 6 ) { |
|
73 |
$admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back); |
|
74 |
} |
|
75 |
if($password != $password2) { |
|
76 |
$admin->print_error($MESSAGE['USERS_PASSWORD_MISMATCH'], $js_back); |
|
77 |
} |
|
78 |
} |
|
92 |
//$admin->is_group_match($admin->get_groups_id(), '1' ) |
|
93 |
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) |
|
94 |
{ |
|
95 |
msgQueue::add( $MESSAGE['USERS_NAME_INVALID_CHARS']); |
|
96 |
} |
|
79 | 97 |
|
80 |
if($email != "") |
|
81 |
{ |
|
82 |
if($admin->validate_email($email) == false) |
|
83 |
{ |
|
84 |
$admin->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back); |
|
85 |
} |
|
86 |
} else { // e-mail must be present |
|
87 |
$admin->print_error($MESSAGE['SIGNUP_NO_EMAIL'], $js_back); |
|
88 |
} |
|
98 |
if($password != "") { |
|
99 |
if(strlen($password) < $iMinPassLength ) { |
|
100 |
msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']); |
|
101 |
} |
|
89 | 102 |
|
90 |
// Check if the email already exists |
|
91 |
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."' AND user_id <> '".$user_id."' "); |
|
92 |
if($results->numRows() > 0) |
|
93 |
{ |
|
94 |
if(isset($MESSAGE['USERS_EMAIL_TAKEN'])) |
|
95 |
{ |
|
96 |
$admin->print_error($MESSAGE['USERS_EMAIL_TAKEN'], $js_back); |
|
97 |
} else { |
|
98 |
$admin->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back); |
|
99 |
} |
|
100 |
} |
|
103 |
$pattern = '/[^'.$admin->password_chars.']/'; |
|
104 |
if (preg_match($pattern, $password)) { |
|
105 |
msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']); |
|
106 |
} |
|
101 | 107 |
|
102 |
// Prevent from renaming user to "admin" |
|
103 |
if($username != 'admin') { |
|
104 |
$username_code = ", username = '$username'"; |
|
105 |
} else { |
|
106 |
$username_code = ''; |
|
107 |
} |
|
108 |
if(($password != $password2) ) { |
|
109 |
msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']); |
|
110 |
} |
|
111 |
} |
|
112 |
// check that display_name is unique in whoole system (prevents from User-faking) |
|
113 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; |
|
114 |
$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"'; |
|
115 |
if( $database->get_one($sql) > 0 ){ |
|
116 |
msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')'); |
|
117 |
msgQueue::add($MESSAGE['MEDIA_CANNOT_RENAME']); |
|
118 |
} |
|
119 |
// |
|
120 |
if( ($admin->get_user_id() != '1' ) ) |
|
121 |
{ |
|
122 |
if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) { |
|
123 |
msgQueue::add( $TEXT['ERROR'].' '.$TEXT['DISPLAY_NAME'].' ('.$display_name.')' ); |
|
124 |
} |
|
125 |
} |
|
108 | 126 |
|
109 |
// Update the database |
|
110 |
if($password == "") { |
|
111 |
$query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email' WHERE user_id = '$user_id'"; |
|
112 |
} else { |
|
113 |
// MD5 supplied password |
|
114 |
$md5_password = md5($password); |
|
115 |
$query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email', password = '$md5_password' WHERE user_id = '$user_id'"; |
|
116 |
} |
|
117 |
$database->query($query); |
|
118 |
if($database->is_error()) { |
|
119 |
$admin->print_error($database->get_error(),$js_back); |
|
120 |
} else { |
|
121 |
$admin->print_success($MESSAGE['USERS_SAVED']); |
|
122 |
} |
|
127 |
$display_name = ( $display_name == '' ? $olduser['display_name'] : $display_name ); |
|
123 | 128 |
|
124 |
// Print admin footer |
|
125 |
$admin->print_footer(); |
|
129 |
if($email != "") |
|
130 |
{ |
|
131 |
if($admin->validate_email($email) == false) |
|
132 |
{ |
|
133 |
msgQueue::add($MESSAGE['USERS_INVALID_EMAIL'].' ('.$email.')'); |
|
134 |
} |
|
135 |
} else { // e-mail must be present |
|
136 |
msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']); |
|
137 |
} |
|
138 |
|
|
139 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '. |
|
140 |
'WHERE `email` LIKE \''.$email.'\' '. |
|
141 |
'AND `user_id` <> '.(int)$user_id; |
|
142 |
// Check if the email already exists |
|
143 |
if( ($iFoundUser = $database->get_one($sql)) != null ) { |
|
144 |
if($iFoundUser) { |
|
145 |
if(isset($MESSAGE['USERS_EMAIL_TAKEN'])) |
|
146 |
{ |
|
147 |
msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN'].' ('.$email.')'); |
|
148 |
} else { |
|
149 |
msgQueue::add($MESSAGE['USERS_INVALID_EMAIL'].' ('.$email.')'); |
|
150 |
} |
|
151 |
} |
|
152 |
} |
|
153 |
|
|
154 |
$bRetVal = $user_id; |
|
155 |
|
|
156 |
// no error then save |
|
157 |
if( !msgQueue::getError() ) |
|
158 |
{ |
|
159 |
if($admin->is_group_match($groups_id,'1')) { $group_id = 1; $groups_id = '1'; } |
|
160 |
// Prevent from renaming user to "admin" |
|
161 |
if($username != 'admin') { |
|
162 |
$username_code = ", username = '$username'"; |
|
163 |
} else { |
|
164 |
$username_code = ''; |
|
165 |
} |
|
166 |
|
|
167 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` SET '; |
|
168 |
// Update the database |
|
169 |
if($password == "") { |
|
170 |
$sql .= '`group_id` = '.intval($group_id).', '. |
|
171 |
'`groups_id` = \''.mysql_real_escape_string($groups_id).'\', '. |
|
172 |
'`username` = \''.mysql_real_escape_string($username).'\', '. |
|
173 |
'`active` = '.intval($active).', '. |
|
174 |
'`display_name` = \''.mysql_real_escape_string($display_name).'\', '. |
|
175 |
'`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '. |
|
176 |
'`email` = \''.mysql_real_escape_string($email).'\' '. |
|
177 |
'WHERE `user_id` = '.intval($user_id).''; |
|
178 |
|
|
179 |
} else { |
|
180 |
|
|
181 |
$sql .= '`group_id` = '.intval($group_id).', '. |
|
182 |
'`groups_id` = \''.mysql_real_escape_string($groups_id).'\', '. |
|
183 |
'`username` = \''.mysql_real_escape_string($username).'\', '. |
|
184 |
'`password` = \''.md5($password).'\', '. |
|
185 |
'`active` = '.intval($active).', '. |
|
186 |
'`display_name` = \''.mysql_real_escape_string($display_name).'\', '. |
|
187 |
'`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '. |
|
188 |
'`email` = \''.mysql_real_escape_string($email).'\' '. |
|
189 |
'WHERE `user_id` = '.intval($user_id).''; |
|
190 |
|
|
191 |
} |
|
192 |
if($database->query($sql)) { |
|
193 |
msgQueue::add($MESSAGE['USERS_SAVED'], true); |
|
194 |
$bRetVal = $user_id; |
|
195 |
} |
|
196 |
if($database->is_error()) { |
|
197 |
msgQueue::add( implode('<br />',explode(';',$database->get_error())) ); |
|
198 |
} |
|
199 |
} else { |
|
200 |
msgQueue::add($MESSAGE['GENERIC_NOT_UPGRADED']); |
|
201 |
} |
|
202 |
|
|
203 |
// return $admin->getIDKEY($user_id); |
|
204 |
//if($admin_header) { $admin->print_header(); } |
|
205 |
return $bRetVal; |
|
206 |
} |
branches/2.8.x/wb/admin/users/user_form.php | ||
---|---|---|
1 |
<?php |
|
2 |
|
|
3 |
/** |
|
4 |
* |
|
5 |
* @category admin |
|
6 |
* @package pages |
|
7 |
* @author Ryan Djurovich (2004-2009), WebsiteBaker Project |
|
8 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
9 |
* @link http://www.websitebaker2.org/ |
|
10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
11 |
* @platform WebsiteBaker 2.8.x |
|
12 |
* @requirements PHP 5.2.2 and higher |
|
13 |
* @version $Id$ |
|
14 |
* @filesource $HeadURL$ |
|
15 |
* @lastmodified $Date$ |
|
16 |
* |
|
17 |
*/ |
|
18 |
|
|
19 |
/* -------------------------------------------------------- */ |
|
20 |
// Must include code to stop this file being accessed directly |
|
21 |
if(!defined('WB_URL')) { |
|
22 |
require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php'); |
|
23 |
throw new IllegalFileException(); |
|
24 |
} |
|
25 |
/* -------------------------------------------------------- */ |
|
26 |
|
|
27 |
function show_usermask($admin, &$aActionRequest) |
|
28 |
{ |
|
29 |
global $TEXT, $MESSAGE, $HEADING, $MENU; |
|
30 |
$database = WbDatabase::getInstance(); |
|
31 |
|
|
32 |
$user_id = intval($aActionRequest['user_id']); |
|
33 |
$user = array( |
|
34 |
'user_id' => 0, |
|
35 |
'username'=> '', |
|
36 |
'display_name'=> '', |
|
37 |
'email'=> '', |
|
38 |
); |
|
39 |
|
|
40 |
// Get existing values |
|
41 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ; |
|
42 |
$sql .= 'WHERE user_id = '.$user_id.' '; |
|
43 |
$sql .= 'AND user_id != 1 '; |
|
44 |
|
|
45 |
if($oRes = $database->query($sql)){ |
|
46 |
$user = $oRes->fetchRow(MYSQL_ASSOC); |
|
47 |
} |
|
48 |
|
|
49 |
$sNoRightsToChangeGroups = (($admin->get_user_id()==1)) ? 'hide' : ''; |
|
50 |
$sNoRightsToChangeGroups = (($user['group_id']==1)) ? $sNoRightsToChangeGroups : 'hide'; |
|
51 |
// Setup template object, parse vars to it, then parse it |
|
52 |
// Create new template object |
|
53 |
$oTpl = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep'); |
|
54 |
// $oTpl->debug = true; |
|
55 |
$oTpl->set_file('page', 'users_form.htt'); |
|
56 |
$oTpl->set_block('page', 'main_block', 'main'); |
|
57 |
$oTpl->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname'); |
|
58 |
$oTpl->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname'); |
|
59 |
$oTpl->set_block('main_block', 'show_change_group_list_block', 'show_change_group_list'); |
|
60 |
|
|
61 |
if( ( $admin->get_user_id() != '1' ) ) |
|
62 |
{ |
|
63 |
$oTpl->set_var('CHANGING_GROUPS', 'You are not allowed to change the groups'); |
|
64 |
$oTpl->parse('show_change_group_list', 'show_change_group_list_block'); |
|
65 |
} else { |
|
66 |
$oTpl->parse('show_change_group_list', ''); |
|
67 |
} |
|
68 |
|
|
69 |
$oTpl->set_var( array( |
|
70 |
'ACTION_URL' => ADMIN_URL.'/users/index.php', |
|
71 |
'SUB_ACTION' => 'save', |
|
72 |
'BACK_LINK' => (isset($aActionRequest['BackLink'])) ? $aActionRequest['BackLink'] : '', |
|
73 |
'CANCEL_URL' => $aActionRequest['cancel_url'], |
|
74 |
'SUBMIT_TITLE' => $TEXT['SAVE'], |
|
75 |
'USER_ID' => $user['user_id'], |
|
76 |
// 'NO_RIGHTS' => 'hide', |
|
77 |
// 'CHANGING_GROUPS' => '', |
|
78 |
'DISPLAY_EXTRA' => '', |
|
79 |
'DISPLAY_HOME_FOLDERS' => '', |
|
80 |
'USERNAME' => $user['username'], |
|
81 |
'DISPLAY_NAME' => $user['display_name'], |
|
82 |
'EMAIL' => $user['email'], |
|
83 |
'ADMIN_URL' => ADMIN_URL, |
|
84 |
'WB_URL' => WB_URL, |
|
85 |
'THEME_URL' => THEME_URL |
|
86 |
) |
|
87 |
); |
|
88 |
|
|
89 |
$oTpl->set_var('FTAN', $admin->getFTAN()); |
|
90 |
if($user['active'] == 1) { |
|
91 |
$oTpl->set_var('DISABLED_CHECKED', ''); |
|
92 |
$oTpl->set_var('ACTIVE_CHECKED', ' checked="checked"'); |
|
93 |
} else { |
|
94 |
$oTpl->set_var('ACTIVE_CHECKED', ''); |
|
95 |
$oTpl->set_var('DISABLED_CHECKED', ' checked="checked"'); |
|
96 |
} |
|
97 |
// $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name"); |
|
98 |
// Add groups to list |
|
99 |
$oTpl->set_block('main_block', 'group_list_block', 'group_list'); |
|
100 |
$sql = 'SELECT `group_id`,`name` FROM `'.TABLE_PREFIX.'groups` '; |
|
101 |
$sql .= 'WHERE `group_id` != 1 ORDER BY `name`'; |
|
102 |
if($oRes = $database->query($sql)) { |
|
103 |
$oTpl->set_var('ID', ''); |
|
104 |
$oTpl->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); |
|
105 |
$oTpl->set_var('SELECTED', ''); |
|
106 |
$oTpl->parse('group_list', 'group_list_block', true); |
|
107 |
while($group = $oRes->fetchRow(MYSQL_ASSOC)) { |
|
108 |
$oTpl->set_var('ID', $group['group_id']); |
|
109 |
$oTpl->set_var('NAME', $group['name']); |
|
110 |
if(in_array($group['group_id'], explode(",",$user['groups_id']))) { |
|
111 |
$oTpl->set_var('SELECTED', ' selected="selected"'); |
|
112 |
} else { |
|
113 |
$oTpl->set_var('SELECTED', ''); |
|
114 |
} |
|
115 |
$oTpl->parse('group_list', 'group_list_block', true); |
|
116 |
} |
|
117 |
} |
|
118 |
|
|
119 |
// $in_group = false; |
|
120 |
// || ($admin->ami_group_member('1')) |
|
121 |
// Only allow the user to add a user to the Administrators group if they belong to it |
|
122 |
if( ($admin->is_group_match($user['groups_id'], '1') ) || ($admin->ami_group_member('1')) ) |
|
123 |
{ |
|
124 |
if( ($in_group = ($admin->ami_group_member('1'))) == false ) { |
|
125 |
$sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'groups` '; |
|
126 |
$sql .= 'WHERE `group_id` = 1 ORDER BY `name`'; |
|
127 |
if( ($sGroupName = $database->get_one($sql)) != null ) { |
|
128 |
$in_group = true; |
|
129 |
$oTpl->set_var('ID', '1'); |
|
130 |
$oTpl->set_var('NAME', $sGroupName); |
|
131 |
} |
|
132 |
} else { |
|
133 |
if( $in_group = ($admin->is_group_match($admin->get_groups_id(), '1')) ) { |
|
134 |
$sGroupName = $admin->get_groups_name(); |
|
135 |
$oTpl->set_var('ID', '1'); |
|
136 |
$oTpl->set_var('NAME', $sGroupName[1]); |
|
137 |
$in_group = $user['group_id'] == 1; |
|
138 |
} |
|
139 |
} |
|
140 |
|
|
141 |
if($in_group) { |
|
142 |
$oTpl->set_var('SELECTED', ' selected="selected"'); |
|
143 |
} else { |
|
144 |
$oTpl->set_var('SELECTED', ''); |
|
145 |
} |
|
146 |
$oTpl->parse('group_list', 'group_list_block', true); |
|
147 |
} else { |
|
148 |
if($oRes->numRows() == 0) { |
|
149 |
$oTpl->set_var('ID', ''); |
|
150 |
$oTpl->set_var('NAME', $TEXT['NONE_FOUND']); |
|
151 |
$oTpl->set_var('SELECTED', ' selected="selected"'); |
|
152 |
$oTpl->parse('group_list', 'group_list_block', true); |
|
153 |
} |
|
154 |
} |
|
155 |
|
|
156 |
// Generate username field name |
|
157 |
$username_fieldname = 'username_'; |
|
158 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
159 |
srand((double)microtime()*1000000); |
|
160 |
$i = 0; |
|
161 |
while ($i <= 7) { |
|
162 |
$num = rand() % 33; |
|
163 |
$tmp = substr($salt, $num, 1); |
|
164 |
$username_fieldname = $username_fieldname . $tmp; |
|
165 |
$i++; |
|
166 |
} |
|
167 |
|
|
168 |
// Work-out if home folder should be shown |
|
169 |
if(!HOME_FOLDERS) { |
|
170 |
$oTpl->set_var('DISPLAY_HOME_FOLDERS', 'display:none;'); |
|
171 |
} |
|
172 |
|
|
173 |
// Include the WB functions file |
|
174 |
require_once(WB_PATH.'/framework/functions.php'); |
|
175 |
|
|
176 |
// Add media folders to home folder list |
|
177 |
$oTpl->set_block('main_block', 'folder_list_block', 'folder_list'); |
|
178 |
foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) |
|
179 |
{ |
|
180 |
$oTpl->set_var('NAME', str_replace(WB_PATH, '', $name)); |
|
181 |
$oTpl->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)); |
|
182 |
if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) { |
|
183 |
$oTpl->set_var('SELECTED', ' selected="selected"'); |
|
184 |
} else { |
|
185 |
$oTpl->set_var('SELECTED', ' '); |
|
186 |
} |
|
187 |
$oTpl->parse('folder_list', 'folder_list_block', true); |
|
188 |
} |
|
189 |
|
|
190 |
// Insert language text and messages |
|
191 |
$oTpl->set_var(array( |
|
192 |
'TEXT_RESET' => $TEXT['RESET'], |
|
193 |
'TEXT_CANCEL' => $TEXT['CANCEL'], |
|
194 |
'TEXT_ACTIVE' => $TEXT['ACTIVE'], |
|
195 |
'TEXT_DISABLED' => $TEXT['DISABLED'], |
|
196 |
'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], |
|
197 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
198 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
199 |
'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], |
|
200 |
'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], |
|
201 |
'TEXT_EMAIL' => $TEXT['EMAIL'], |
|
202 |
'TEXT_GROUP' => $TEXT['GROUP'], |
|
203 |
'TEXT_NONE' => $TEXT['NONE'], |
|
204 |
'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], |
|
205 |
'USERNAME_FIELDNAME' => $username_fieldname, |
|
206 |
'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'], |
|
207 |
'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER'] |
|
208 |
) |
|
209 |
); |
|
210 |
|
|
211 |
// Parse template object |
|
212 |
$oTpl->parse('show_modify_loginname', 'show_modify_loginname_block', true); |
|
213 |
$oTpl->parse('show_add_loginname', '', true); |
|
214 |
$oTpl->parse('main', 'main_block', false); |
|
215 |
// $oTpl->pparse('output', 'page'); |
|
216 |
$output = $oTpl->finish($oTpl->parse('output', 'page')); |
|
217 |
|
|
218 |
return $output; |
|
219 |
} |
|
0 | 220 |
branches/2.8.x/wb/admin/users/delete.php | ||
---|---|---|
1 |
<?php |
|
2 |
|
|
3 |
/** |
|
4 |
* |
|
5 |
* @category admin |
|
6 |
* @package pages |
|
7 |
* @author Ryan Djurovich (2004-2009), WebsiteBaker Project |
|
8 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
9 |
* @link http://www.websitebaker2.org/ |
|
10 |
* @license http://www.gnu.org/licenses/gpl.html |
|
11 |
* @platform WebsiteBaker 2.8.x |
|
12 |
* @requirements PHP 5.2.2 and higher |
|
13 |
* @version $Id$ |
|
14 |
* @filesource $HeadURL$ |
|
15 |
* @lastmodified $Date$ |
|
16 |
* |
|
17 |
*/ |
|
18 |
|
|
19 |
/* -------------------------------------------------------- */ |
|
20 |
// Must include code to stop this file being accessed directly |
|
21 |
if(!defined('WB_URL')) { |
|
22 |
require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php'); |
|
23 |
throw new IllegalFileException(); |
|
24 |
} |
|
25 |
/* -------------------------------------------------------- */ |
|
26 |
function delete_user($admin, &$aActionRequest) |
|
27 |
{ |
|
28 |
global $TEXT, $MESSAGE; |
|
29 |
$database = WbDatabase::getInstance(); |
|
30 |
$aUserID = array(); |
|
31 |
$bRetVal = false; |
|
32 |
if(isset($aActionRequest['user_id']) && !is_array($aActionRequest['user_id'])) { |
|
33 |
$aUserID[] = $aActionRequest['user_id']; |
|
34 |
} else { |
|
35 |
$aUserID = $aActionRequest['user_id']; |
|
36 |
} |
|
37 |
|
|
38 |
foreach ( $aUserID AS $key => $value) |
|
39 |
{ |
|
40 |
switch ($_SERVER['REQUEST_METHOD']) : |
|
41 |
case 'GET': // insert/update user |
|
42 |
$_GET['user_id'] =$aUserID[$key]; |
|
43 |
break; |
|
44 |
default: // show userlist with empty modify mask |
|
45 |
$_POST['user_id'] =$aUserID[$key]; |
|
46 |
endswitch; // end of switch |
|
47 |
$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD'])); |
|
48 |
|
|
49 |
// Check if user id is a valid number and doesnt equal 1 |
|
50 |
if($user_id == 0){ |
|
51 |
msgQueue::add($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
52 |
return $bRetVal; |
|
53 |
} |
|
54 |
|
|
55 |
if( ($user_id < 2 ) ) |
|
56 |
{ |
|
57 |
// if($admin_header) { $admin->print_header(); } |
|
58 |
msgQueue::add($MESSAGE['GENERIC_SECURITY_ACCESS'] ); |
|
59 |
return $bRetVal; |
|
60 |
} |
|
61 |
|
|
62 |
if( ($msg = msgQueue::getError()) == '') |
|
63 |
{ |
|
64 |
$sql = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` '. |
|
65 |
'WHERE `user_id` = '.$user_id; |
|
66 |
if( ($iDeleteUser = $database->get_one($sql)) != null ) { |
|
67 |
if($iDeleteUser) { |
|
68 |
// Delete the user |
|
69 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` SET '. |
|
70 |
'`active` = 0 '. |
|
71 |
'WHERE `user_id` = '.$user_id; |
|
72 |
if( $database->query($sql) ) { |
|
73 |
msgQueue::add($TEXT['USERS_DELETED'], true); |
|
74 |
} |
|
75 |
} else { |
|
76 |
$sql = 'DELETE FROM `'.TABLE_PREFIX.'users` '. |
|
77 |
'WHERE `user_id` = '.$user_id; |
|
78 |
if( $database->query($sql) ) { |
|
79 |
msgQueue::add($MESSAGE['USERS_DELETED'], true); |
|
80 |
} |
|
81 |
} |
|
82 |
$bRetVal = true; |
|
83 |
} |
|
84 |
if($database->is_error()) { |
|
85 |
msgQueue::add( implode('<br />',explode(';',$database->get_error())) ); |
|
86 |
$bRetVal = false; |
|
87 |
} |
|
88 |
} |
|
89 |
} |
|
90 |
if(isset($aActionRequest['clearmsg'])) { msgQueue::clear(); } |
|
91 |
return $user_id; |
|
92 |
} |
|
93 |
|
|
94 |
if(!isset($aActionRequest)) { |
|
95 |
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
96 |
$aActionRequest = (isset(${$requestMethod})) ? ${$requestMethod} : null; |
|
97 |
$aActionRequest['clearmsg'] = true; |
|
98 |
} |
|
0 | 99 |
branches/2.8.x/wb/admin/users/disallowedNames | ||
---|---|---|
1 |
admin |
|
2 |
asshole |
|
3 |
porno |
|
4 |
arsch |
|
5 |
fuck |
|
6 |
fick |
|
7 |
shit |
|
8 |
scheiss |
|
9 |
viagra |
branches/2.8.x/wb/admin/users/index.php | ||
---|---|---|
15 | 15 |
* |
16 | 16 |
*/ |
17 | 17 |
|
18 |
$config_file = realpath('../../config.php'); |
|
19 |
if(file_exists($config_file) && !defined('WB_URL')) |
|
20 |
{ |
|
21 |
require_once($config_file); |
|
22 |
} |
|
18 |
/** |
|
19 |
* checks if a given string is part of a line in a defined file |
|
20 |
* @param string $sString |
|
21 |
* @param string $sListFile |
|
22 |
* @return bool TRUE if at least one match is found, otherwise FALSE |
|
23 |
*/ |
|
24 |
function findStringInFileList( $sString, $sListFile) |
|
25 |
{ |
|
26 |
$aMatch = array(); |
|
27 |
if(is_readable($sListFile)) { |
|
28 |
$aList = file($sListFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); |
|
29 |
$aMatch = preg_grep('/'.preg_quote($sString, '/').'/i',$aList); |
|
30 |
} |
|
31 |
return (sizeof($aMatch)>0); |
|
32 |
} |
|
23 | 33 |
|
24 |
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); } |
|
34 |
function admin_users_index($aActionRequest) |
|
35 |
{ |
|
36 |
global $MESSAGE; |
|
37 |
$database = WbDatabase::getInstance(); |
|
25 | 38 |
|
26 |
$admin = new admin('Access', 'users'); |
|
39 |
$sAdminPath = dirname(str_replace('\\', '/', __FILE__)); |
|
40 |
$sAdminName = basename($sAdminPath); |
|
41 |
$output = ''; |
|
42 |
$aActionRequest['requestMethod'] = '_'.strtoupper($_SERVER['REQUEST_METHOD']); |
|
43 |
$action = 'show'; |
|
44 |
// Set parameter 'action' as alternative to javascript mechanism |
|
45 |
$action = (isset($aActionRequest['add']) ? 'add' : $action ); |
|
46 |
$action = (isset($aActionRequest['save']) ? 'save' : $action ); |
|
47 |
$action = (isset($aActionRequest['modify']) ? 'modify' : $action ); |
|
48 |
$action = (isset($aActionRequest['delete']) ? 'delete' : $action ); |
|
49 |
$action = (isset($aActionRequest['delete_outdated']) ? 'delete_outdated' : $action ); |
|
27 | 50 |
|
28 |
$iUserStatus = 1;
|
|
29 |
$iUserStatus = ( ( $admin->get_get('status')==1 ) ? 0 : $iUserStatus );
|
|
30 |
unset($_GET);
|
|
51 |
switch($action) :
|
|
52 |
case 'delete': // delete the user
|
|
53 |
$admin = new admin('Access', 'users_delete',false);
|
|
31 | 54 |
|
32 |
// Setup template object, parse vars to it, then parse it |
|
33 |
// Create new template object |
|
34 |
$template = new Template(dirname($admin->correct_theme_source('users.htt')),'keep'); |
|
35 |
// $template->debug = true; |
|
55 |
include($sAdminPath.'/delete.php'); |
|
56 |
$output = delete_user($admin,$aActionRequest); |
|
36 | 57 |
|
37 |
$template->set_file('page', 'users.htt'); |
|
38 |
$template->set_block('page', 'main_block', 'main'); |
|
39 |
$template->set_block("main_block", "manage_groups_block", "groups"); |
|
40 |
$template->set_var('ADMIN_URL', ADMIN_URL); |
|
41 |
$template->set_var('FTAN', $admin->getFTAN()); |
|
42 |
$template->set_var('USER_STATUS', $iUserStatus ); |
|
43 |
$template->set_var('DISPLAY_ADD', ''); |
|
44 |
$template->set_var('DISPLAY_MODIFY', ''); |
|
45 |
$template->set_var('DISABLED_CHECKED', ''); |
|
46 |
$template->set_var('HEADING_MODIFY_USER', ''); |
|
47 |
$template->set_var('DISPLAY_HOME_FOLDERS', ''); |
|
58 |
if( ($msg = msgQueue::getError()) != '') |
|
59 |
{ |
|
60 |
} |
|
48 | 61 |
|
49 |
$UserStatusActive = 'url('.THEME_URL.'/images/user.png)'; |
|
50 |
$UserStatusInactive = 'url('.THEME_URL.'/images/user_red.png)'; |
|
62 |
$aActionRequest['cancel_url'] = ADMIN_URL.'/access/index.php'; |
|
63 |
$admin = new admin('Access', 'users'); |
|
64 |
include($sAdminPath.'/user_list.php'); |
|
65 |
$output .= show_userlist($admin, $aActionRequest); |
|
66 |
break; |
|
67 |
case 'add': // insert/update user |
|
68 |
$admin = new admin('Access', 'users_add',false); |
|
69 |
include($sAdminPath.'/add.php'); |
|
70 |
$output = add_user($admin,$aActionRequest); |
|
71 |
$aActionRequest['cancel_url'] = ADMIN_URL.'/access/index.php'; |
|
72 |
$admin = new admin('Access', 'users'); |
|
73 |
include($sAdminPath.'/user_list.php'); |
|
74 |
$output .= show_userlist($admin, $aActionRequest); |
|
75 |
break; |
|
76 |
case 'save': // insert/update user |
|
77 |
$admin = new admin('Access', 'users_modify',false); |
|
78 |
// hold the cancel_url if request comes outside from users |
|
79 |
if(isset($aActionRequest['BackLink'])) { |
|
80 |
$sBackLink = $aActionRequest['BackLink']; |
|
81 |
$aActionRequest['cancel_url'] = $sBackLink; |
|
82 |
$aActionRequest['BackLink'] = $sBackLink; |
|
83 |
} |
|
84 |
include($sAdminPath.'/save.php'); |
|
85 |
$user_id = save_user($admin, $aActionRequest); |
|
86 |
$admin = new admin('Access', 'users_modify'); |
|
87 |
include($sAdminPath.'/user_form.php'); |
|
88 |
$aActionRequest['user_id'] = $user_id; |
|
89 |
$output = show_usermask($admin,$aActionRequest); |
|
90 |
break; |
|
91 |
case 'modify': // insert/update user |
|
92 |
// first check acess to auth users can change his own preferences |
|
93 |
$admin = new admin('Preferences', 'preferences_view',false); |
|
94 |
$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD'])); |
|
95 |
// Check if user id is a valid number and doesnt equal 1 |
|
96 |
$aActionRequest['user_id'] = $user_id; |
|
97 |
if($user_id == 0){ |
|
98 |
msgQueue::add($MESSAGE['GENERIC_FORGOT_OPTIONS'] ); |
|
99 |
} |
|
51 | 100 |
|
52 |
$sUserTitle = ($iUserStatus == 0) ? $MENU['USERS'].' '.strtolower($TEXT['ACTIVE']) : $MENU['USERS'].' '.strtolower($TEXT['DELETED']) ; |
|
101 |
if( ($user_id == $admin->get_user_id() ) ) |
|
102 |
{ |
|
103 |
$sQueryString = (isset($_SERVER['QUERY_STRING'])&& ($_SERVER['QUERY_STRING']!='')) ? $_SERVER['QUERY_STRING'] : 'tool=uaerat'; |
|
104 |
$admin->send_header(ADMIN_URL.'/preferences/index.php?'.$sQueryString); |
|
105 |
} |
|
53 | 106 |
|
54 |
$template->set_var('TEXT_USERS', $sUserTitle.' '.$TEXT['SHOW'] ); |
|
55 |
$template->set_var('STATUS_ICON', ( ($iUserStatus==0) ? $UserStatusActive : $UserStatusInactive) ); |
|
107 |
$admin = new admin('Access', 'users_modify'); |
|
56 | 108 |
|
57 |
// Get existing value from database |
|
58 |
$sql = 'SELECT `user_id`, `username`, `display_name`, `active` FROM `'.TABLE_PREFIX.'users` ' ; |
|
59 |
$sql .= 'WHERE user_id != 1 '; |
Also available in: Unified diff
! Complex code refactoring users management