Project

General

Profile

« Previous | Next » 

Revision 1815

Added by Dietmar about 12 years ago

! Complex code refactoring users management

View differences:

branches/2.8.x/CHANGELOG
13 13

  
14 14

  
15 15

  
16
11 Nov-2012 Build 1815 Dietmar Woellbrink (Luisehahne)
17
! Complex code refactoring users management
16 18
10 Nov-2012 Build 1814 Dietmar Woellbrink (Luisehahne)
17 19
! update jQuery to jQuery 1.8.2 and jQuery UI 1.9.1
18 20
10 Nov-2012 Build 1813 Dietmar Woellbrink (Luisehahne)
branches/2.8.x/wb/upgrade-script.php
821 821

  
822 822
        foreach($aUsers AS $user_id => $value){
823 823
                // choose group_id from groups_id - workaround for still remaining calls to group_id (to be cleaned-up)
824
                $groups_id = explode(',', $aUsers[$user_id]['groups_id']);
824
                $aGroups_id = explode(',', $aUsers[$user_id]['groups_id']);
825
                $groups_id = $aUsers[$user_id]['groups_id'];
825 826
                $group_id = 0;
826 827
                //if user is in administrator-group, get this group else just get the first one
827
                if($admin->is_group_match($groups_id,'1')) { $group_id = 1; } else { $group_id = intval($groups_id[0]); }
828
                unset($groups_id);
828
                if($admin->is_group_match($aGroups_id,'1')) { $group_id = 1; $groups_id = '1'; } else { $group_id = intval($aGroups_id[0]); }
829 829

  
830 830
                $sMessage = "<span>Updating group_id ".$TEXT['DISPLAY_NAME']." " .$aUsers[$user_id]['display_name']."</span>";
831 831
                $sql  = 'UPDATE `'.TABLE_PREFIX.'users` ';
832
                $sql .= 'SET `group_id` = '.$group_id.' ';
832
                $sql .= 'SET `group_id`  = '.$group_id.', ';
833
                $sql .=     '`groups_id` = '.$groups_id.' ';
833 834
                $sql .= 'WHERE `user_id` = '.intval($user_id);
834 835

  
835 836
                if($oRes = $database->query($sql)){  }
branches/2.8.x/wb/admin/skel/themes/htt/users.htt
13 13
     </tr>
14 14
</table>
15 15
<div class="account">
16
<form name="users" action="users.php" method="post" class="left">
16
<form name="users" action="index.php" method="post" class="left">
17 17
<input type="hidden" name="userstatus" value="{USER_STATUS}" />
18 18
{FTAN}
19 19

  
branches/2.8.x/wb/admin/skel/themes/htt/users_form.htt
8 8
</script>
9 9
<div class="account">
10 10

  
11
<h2 class="left" style="{DISPLAY_EXTRA}">{HEADING_MODIFY_USER}</h2>
11
<h3 class="left bold" style="{DISPLAY_EXTRA}">{HEADING_MODIFY_USER}</h3>
12 12

  
13
<form name="user" action="{ACTION_URL}" method="post" class="{DISPLAY_ADD} left settings_table">
13
<form action="{ACTION_URL}" method="post" class="{DISPLAY_ADD} left settings_table">
14 14
<input type="hidden" name="user_id" value="{USER_ID}" />
15 15
<input type="hidden" name="username_fieldname" value="{USERNAME_FIELDNAME}" />
16
<input type="hidden" name="BackLink" value="{BACK_LINK}" />
16 17
{FTAN}
17 18
<table>
18 19
<!-- BEGIN show_modify_loginname_block -->
......
46 47
</tr>
47 48
<tr style="{DISPLAY_EXTRA}">
48 49
	<td colspan="2" style="">
49
		<div class="warning value_input" style="max-width:700px; margin-right: 20%; float: right;">{CHANGING_PASSWORD}</div>
50
		<div class="warning value_input" style="max-width:650px; margin-right: 23%; float: right;">{CHANGING_PASSWORD}</div>
50 51
	</td>
51 52
</tr>
52 53
<tr>
......
72 73
		</select>
73 74
	</td>
74 75
</tr>
76

  
77
<!-- BEGIN show_change_group_list_block -->
75 78
<tr>
79
	<td colspan="2" style="">
80
		<div class="warning value_input" style="max-width:650px; margin-right: 23%; float: right;">{CHANGING_GROUPS}</div>
81
	</td>
82
</tr>
83
<!-- END show_change_group_list_block -->
84

  
85
<tr>
76 86
	<td class="rightTop">{TEXT_GROUP}:</td>
77 87
	<td class="value_input">
78 88
		<select name="groups[]" multiple="multiple" size="5">
......
93 103
</tr>
94 104
<tr>
95 105
	<td colspan="2" class="center">
96
		<input type="submit" name="submit" value="{SUBMIT_TITLE}" />
106
		<input type="submit" name="{SUB_ACTION}" value="{SUBMIT_TITLE}" />
97 107
		<input type="reset" name="reset" value="{TEXT_RESET}" />
98
		<input type="button" style="width: 100px; margin-top: 5px;" onclick="javascript:window.location='index.php';" value="{TEXT_CANCEL}" />
108
		<input type="button" style="width: 100px; margin-top: 5px;" onclick="javascript:window.location='{CANCEL_URL}';" value="{TEXT_CANCEL}" />
99 109
	</td>
100 110
</tr>
101 111
</table>
branches/2.8.x/wb/admin/interface/version.php
51 51

  
52 52
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53 53
if(!defined('VERSION')) define('VERSION', '2.8.3');
54
if(!defined('REVISION')) define('REVISION', '1814');
54
if(!defined('REVISION')) define('REVISION', '1815');
55 55
if(!defined('SP')) define('SP', '');
branches/2.8.x/wb/admin/users/users.php
1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6
 * @author          Ryan Djurovich, WebsiteBaker Project
7
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
 */
17

  
18
 // Include config file and admin class file
19

  
20
$config_file = realpath('../../config.php');
21
if(file_exists($config_file) && !defined('WB_URL'))
22
{
23
	require_once($config_file);
24
}
25

  
26
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
27

  
28
$requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
29
$aActionRequest = (isset(${$requestMethod})) ? ${$requestMethod} : null;
30

  
31
$action = 'cancel';
32

  
33
// Set parameter 'action' as alternative to javascript mechanism
34
$action = (isset($aActionRequest['modify']) ? 'modify' : $action );
35
$action = (isset($aActionRequest['delete']) ? 'delete' : $action );
36
$action = (isset($aActionRequest['delete_outdated']) ? 'delete_outdated' : $action );
37

  
38
switch ($action):
39
	case 'modify' :
40
			// Print header
41
			$admin = new admin('Access', 'users_modify');
42
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
43
			// Check if user id is a valid number and doesnt equal 1
44
			if($user_id == 0){
45
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
46
            }
47
			if( ($user_id < 2 ) )
48
			{
49
				// if($admin_header) { $admin->print_header(); }
50
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
51
			}
52
			// Get existing values
53
			$results = $database->query("SELECT * FROM `".TABLE_PREFIX."users` WHERE `user_id` = '".$user_id."'");
54
			$user = $results->fetchRow();
55

  
56
			// Setup template object, parse vars to it, then parse it
57
			// Create new template object
58
			$template = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep');
59
			// $template->debug = true;
60
			$template->set_file('page', 'users_form.htt');
61
			$template->set_block('page', 'main_block', 'main');
62
			$template->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
63
			$template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
64
			$template->set_var(	array(
65
						'ACTION_URL' => ADMIN_URL.'/users/save.php',
66
						'SUBMIT_TITLE' => $TEXT['SAVE'],
67
						'USER_ID' => $user['user_id'],
68
						'DISPLAY_EXTRA' => '',
69
						'DISPLAY_HOME_FOLDERS' => '',
70
						'USERNAME' => $user['username'],
71
						'DISPLAY_NAME' => $user['display_name'],
72
						'EMAIL' => $user['email'],
73
						'ADMIN_URL' => ADMIN_URL,
74
						'WB_URL' => WB_URL,
75
						'THEME_URL' => THEME_URL
76
						)
77
				);
78

  
79
			$template->set_var('FTAN', $admin->getFTAN());
80
			if($user['active'] == 1) {
81
                $template->set_var('DISABLED_CHECKED', '');
82
				$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
83
			} else {
84
                $template->set_var('ACTIVE_CHECKED', '');
85
				$template->set_var('DISABLED_CHECKED', ' checked="checked"');
86
			}
87
			// Add groups to list
88
			$template->set_block('main_block', 'group_list_block', 'group_list');
89
			$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
90
			if($results->numRows() > 0) {
91
				$template->set_var('ID', '');
92
				$template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
93
				$template->set_var('SELECTED', '');
94
				$template->parse('group_list', 'group_list_block', true);
95
				while($group = $results->fetchRow()) {
96
					$template->set_var('ID', $group['group_id']);
97
					$template->set_var('NAME', $group['name']);
98
					if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
99
						$template->set_var('SELECTED', ' selected="selected"');
100
					} else {
101
						$template->set_var('SELECTED', '');
102
					}
103
					$template->parse('group_list', 'group_list_block', true);
104
				}
105
			}
106

  
107
			// Only allow the user to add a user to the Administrators group if they belong to it
108
			if(in_array(1, $admin->get_groups_id()))
109
		    {
110
				$template->set_var('ID', '1');
111
				$users_groups = $admin->get_groups_name();
112
				$template->set_var('NAME', $users_groups[1]);
113

  
114
				$in_group = FALSE;
115
				foreach($admin->get_groups_id() as $cur_gid){
116
				    if (in_array($cur_gid, explode(",", $user['groups_id']))) {
117
				        $in_group = TRUE;
118
				    }
119
				}
120

  
121
				if($in_group) {
122
					$template->set_var('SELECTED', ' selected="selected"');
123
				} else {
124
					$template->set_var('SELECTED', '');
125
				}
126
				$template->parse('group_list', 'group_list_block', true);
127
			} else {
128
				if($results->numRows() == 0) {
129
					$template->set_var('ID', '');
130
					$template->set_var('NAME', $TEXT['NONE_FOUND']);
131
					$template->set_var('SELECTED', ' selected="selected"');
132
					$template->parse('group_list', 'group_list_block', true);
133
				}
134
			}
135

  
136
			// Generate username field name
137
			$username_fieldname = 'username_';
138
			$salt = "abchefghjkmnpqrstuvwxyz0123456789";
139
			srand((double)microtime()*1000000);
140
			$i = 0;
141
			while ($i <= 7) {
142
				$num = rand() % 33;
143
				$tmp = substr($salt, $num, 1);
144
				$username_fieldname = $username_fieldname . $tmp;
145
				$i++;
146
			}
147

  
148
			// Work-out if home folder should be shown
149
			if(!HOME_FOLDERS) {
150
				$template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
151
			}
152

  
153
			// Include the WB functions file
154
			require_once(WB_PATH.'/framework/functions.php');
155

  
156
			// Add media folders to home folder list
157
			$template->set_block('main_block', 'folder_list_block', 'folder_list');
158
			foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name)
159
		    {
160
				$template->set_var('NAME', str_replace(WB_PATH, '', $name));
161
				$template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
162
				if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
163
					$template->set_var('SELECTED', ' selected="selected"');
164
				} else {
165
					$template->set_var('SELECTED', ' ');
166
				}
167
				$template->parse('folder_list', 'folder_list_block', true);
168
			}
169

  
170
			// Insert language text and messages
171
			$template->set_var(array(
172
								'TEXT_RESET' => $TEXT['RESET'],
173
								'TEXT_CANCEL' => $TEXT['CANCEL'],
174
								'TEXT_ACTIVE' => $TEXT['ACTIVE'],
175
								'TEXT_DISABLED' => $TEXT['DISABLED'],
176
								'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
177
								'TEXT_USERNAME' => $TEXT['USERNAME'],
178
								'TEXT_PASSWORD' => $TEXT['PASSWORD'],
179
								'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
180
								'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
181
								'TEXT_EMAIL' => $TEXT['EMAIL'],
182
								'TEXT_GROUP' => $TEXT['GROUP'],
183
								'TEXT_NONE' => $TEXT['NONE'],
184
								'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'],
185
								'USERNAME_FIELDNAME' => $username_fieldname,
186
								'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'],
187
								'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER']
188
								)
189
						);
190

  
191
			// Parse template object
192
			$template->parse('show_modify_loginname', 'show_modify_loginname_block', true);
193
			$template->parse('show_add_loginname', '', true);
194
			$template->parse('main', 'main_block', false);
195
			$template->pparse('output', 'page');
196
			break;
197
		case 'delete' :
198
			// Print header
199
			$admin = new admin('Access', 'users_delete');
200

  
201
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
202
			// Check if user id is a valid number and doesnt equal 1
203

  
204
			if($user_id == 0){
205
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
206
            }
207
			if( ($user_id < 2 ) )
208
			{
209
				// if($admin_header) { $admin->print_header(); }
210
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
211
			}
212
			$sql  = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` ';
213
            $sql .= 'WHERE `user_id` = '.$user_id.'';
214
            if( ($iDeleteUser = $database->get_one($sql)) == 1 ) {
215
				// Delete the user
216
				$database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' ");
217
            } else {
218
				$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
219
            }
220

  
221
			if($database->is_error()) {
222
				$admin->print_error($database->get_error());
223
			} else {
224
				$admin->print_success($MESSAGE['USERS_DELETED']);
225
			}
226
			break;
227
		case 'delete_outdated' :
228
			$admin = new admin('Access', 'users_delete');
229
			$user_id = intval($admin->checkIDKEY('user_id_activation_id', 0, $_SERVER['REQUEST_METHOD']));
230
			// Check if user id is a valid number and doesnt equal 1
231
			if($user_id == 0){
232
    			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
233
            }
234
			if( ($user_id < 2 ) )
235
			{
236
				// if($admin_header) { $admin->print_header(); }
237
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
238
			}
239
			$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
240
			if($database->is_error()) {
241
				$admin->print_error($database->get_error());
242
			} else {
243
				$admin->print_success($MESSAGE['USERS_DELETED']);
244
			}
245
			break;
246
	default:
247
			break;
248
endswitch;
249

  
250

  
251

  
252
// Print admin footer
253
$admin->print_footer();
254

  
255 0

  
branches/2.8.x/wb/admin/users/user_list.php
1
<?php
2

  
3
/**
4
 *
5
 * @category        admin
6
 * @package         pages
7
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
8
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18

  
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_URL')) {
22
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
23
	throw new IllegalFileException();
24
}
25
/* -------------------------------------------------------- */
26

  
27
	function show_userlist($admin, &$aActionRequest)
28
	{
29
		global $TEXT, $MESSAGE, $HEADING, $MENU;
30
		$database = WbDatabase::getInstance();
31
        $iUserStatus = 1;
32
        $iUserStatus = ( ( $admin->get_get('status')==1 ) ? 0 : $iUserStatus );
33
        unset($_GET);
34

  
35
        // Setup template object, parse vars to it, then parse it
36
        // Create new template object
37
        $oTpl = new Template(dirname($admin->correct_theme_source('users.htt')),'keep');
38
        // $oTpl->debug = true;
39

  
40
        $oTpl->set_file('page', 'users.htt');
41
        $oTpl->set_block('page', 'main_block', 'main');
42
        $oTpl->set_block("main_block", "manage_groups_block", "groups");
43

  
44
        $oTpl->set_var('ADMIN_URL', ADMIN_URL);
45
        $oTpl->set_var('FTAN', $admin->getFTAN());
46
        $oTpl->set_var('USER_STATUS', $iUserStatus );
47
        $oTpl->set_var('groups', '');
48
        $oTpl->set_var('DISPLAY_ADD', '');
49
        $oTpl->set_var('DISPLAY_MODIFY', '');
50
        $oTpl->set_var('DISABLED_CHECKED', '');
51
        $oTpl->set_var('HEADING_MODIFY_USER', '');
52
        $oTpl->set_var('DISPLAY_HOME_FOLDERS', '');
53

  
54
        $UserStatusActive = 'url('.THEME_URL.'/images/user.png)';
55
        $UserStatusInactive = 'url('.THEME_URL.'/images/user_red.png)';
56

  
57
        $sUserTitle = ($iUserStatus == 0) ? $MENU['USERS'].' '.strtolower($TEXT['ACTIVE']) : $MENU['USERS'].' '.strtolower($TEXT['DELETED']) ;
58

  
59
        $oTpl->set_var('TEXT_USERS', $sUserTitle.' '.$TEXT['SHOW'] );
60
        $oTpl->set_var('STATUS_ICON', ( ($iUserStatus==0) ? $UserStatusActive : $UserStatusInactive) );
61

  
62
        // Get existing value from database
63
        $sql  = 'SELECT `user_id`, `username`, `display_name`, `active` FROM `'.TABLE_PREFIX.'users` ' ;
64
        $sql .= 'WHERE user_id != 1 ';
65
        $sql .=     'AND active = '.$iUserStatus.' ';
66
        $sql .= 'ORDER BY `display_name`,`username`';
67

  
68
//        $query = "SELECT user_id, username, display_name, active FROM ".TABLE_PREFIX."users WHERE user_id != '1' ORDER BY display_name,username";
69
        $oRes = $database->query($sql);
70
        if($database->is_error()) {
71
        	$admin->print_error($database->get_error(), 'index.php');
72
        }
73

  
74
        $sUserList  = $TEXT['LIST_OPTIONS'].' ';
75
        $sUserList .= ($iUserStatus == 1) ? $MENU['USERS'].' '.strtolower($TEXT['ACTIVE']) : $MENU['USERS'].' '.strtolower($TEXT['DELETED']) ;
76
        // Insert values into the modify/remove menu
77
        $oTpl->set_block('main_block', 'list_block', 'list');
78
        if($oRes->numRows() > 0) {
79
        	// Insert first value to say please select
80
        	$oTpl->set_var('VALUE', '');
81
        	$oTpl->set_var('NAME', $sUserList);
82
        	$oTpl->set_var('STATUS', 'class="user-active"' );
83
        	$oTpl->parse('list', 'list_block', true);
84
        	// Loop through users
85
        	while($user = $oRes->fetchRow(MYSQL_ASSOC)) {
86
        		$oTpl->set_var('VALUE',$admin->getIDKEY($user['user_id']));
87
        		$oTpl->set_var('STATUS', ($user['active']==false ? 'class="user-inactive"' : 'class="user-active"') );
88
        		$oTpl->set_var('NAME', $user['display_name'].' ('.$user['username'].')');
89
        		$oTpl->parse('list', 'list_block', true);
90
        	}
91
        } else {
92
        	// Insert single value to say no users were found
93
        	$oTpl->set_var('NAME', $TEXT['NONE_FOUND']);
94
        	$oTpl->parse('list', 'list_block', true);
95
        }
96

  
97
        // Insert permissions values
98
        if($admin->get_permission('users_add') != true) {
99
        	$oTpl->set_var('DISPLAY_ADD', 'hide');
100
        }
101
        if($admin->get_permission('users_modify') != true) {
102
        	$oTpl->set_var('DISPLAY_MODIFY', 'hide');
103
        }
104
        if($admin->get_permission('users_delete') != true) {
105
        	$oTpl->set_var('DISPLAY_DELETE', 'hide');
106
        }
107
        $HeaderTitle = $HEADING['MODIFY_DELETE_USER'].' ';
108
        $HeaderTitle .= (($iUserStatus == 1) ? strtolower($TEXT['ACTIVE']) : strtolower($TEXT['DELETED']));
109
        // Insert language headings
110
        $oTpl->set_var(array(
111
        		'HEADING_MODIFY_DELETE_USER' => $HeaderTitle,
112
        		'HEADING_ADD_USER' => $HEADING['ADD_USER']
113
        		)
114
        );
115
        // insert urls
116
        $oTpl->set_var(array(
117
                'ADMIN_URL' => ADMIN_URL,
118
                'WB_URL' => WB_URL,
119
                'THEME_URL' => THEME_URL
120
        		)
121
        );
122
        // Insert language text and messages
123
        $oTpl->set_var(array(
124
        		'DISPLAY_WAITING_ACTIVATION' => '',
125
        		'TEXT_MODIFY' => $TEXT['MODIFY'],
126
        		'TEXT_DELETE' => $TEXT['DELETE'],
127
        		'TEXT_MANAGE_GROUPS' => ( $admin->get_permission('groups') == true ) ? $TEXT['MANAGE_GROUPS'] : "**",
128
        		'CONFIRM_DELETE' => (($iUserStatus == 1) ? $TEXT['ARE_YOU_SURE'] : $MESSAGE['USERS_CONFIRM_DELETE'])
129
        		)
130
        );
131

  
132
        $oTpl->set_block('main_block', 'show_confirmed_activation_block', 'show_confirmed_activation');
133
        if($admin->ami_group_member('1')) {
134
                $oTpl->set_block('show_confirmed_activation_block', 'list_confirmed_activation_block', 'list_confirmed_activation');
135
            	$oTpl->set_var('DISPLAY_WAITING_ACTIVATION', 'Users awaiting for activation');
136
        		$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'users` ';
137
        		$sql .= 'WHERE `confirm_timeout` != 0 ';
138
                $sql .=   'AND `active` = 0 ';
139
                $sql .=   'AND `user_id` != 1 ';
140
                if( ($oRes = $database->query($sql)) ) {
141
                	$oTpl->set_var('DISPLAY_DELETE', '');
142
        //        	$oTpl->set_var('NAME', 'User waiting for activation');
143
        //        	$oTpl->set_var('STATUS', '' );
144
                	// Loop through users
145
                    if($nNumRows = $oRes->numRows()) {
146
                    	while($aUser = $oRes->fetchRow(MYSQL_ASSOC)) {
147
                    		$oTpl->set_var('VALUE',$admin->getIDKEY($aUser['user_id']));
148
                       		$oTpl->set_var('STATUS', '') ;
149
                    		$oTpl->set_var('NAME', $aUser['display_name'].' ('.$aUser['username'].')'.' ['.$aUser['email'].']');
150
                    		$oTpl->parse('list_confirmed_activation', 'list_confirmed_activation_block', true);
151
                    	}
152
                    	$oTpl->parse('show_confirmed_activation', 'show_confirmed_activation_block',true);
153
                    }
154
                } else { $nNumRows = 0; }
155

  
156
        } else {
157
            $nNumRows = 0;
158
        }
159

  
160
        if ( $nNumRows == 0){
161
        	$oTpl->parse('show_confirmed_activation', '');
162
        }
163

  
164
        if ( $admin->get_permission('groups') == true ) $oTpl->parse("groups", "manage_groups_block", true);
165
        // Parse template object
166
        $oTpl->parse('main', 'main_block', false);
167

  
168
		$output = $oTpl->finish($oTpl->parse('output', 'page'));
169
        // Setup template object, parse vars to it, then parse it
170
        // Create new template object
171
        $oTpl = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep');
172
        // $oTpl->debug = true;
173
        $oTpl->set_file('page', 'users_form.htt');
174
        $oTpl->set_block('page', 'main_block', 'main');
175
        $oTpl->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
176
        $oTpl->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
177

  
178
		$oTpl->set_block('main_block', 'show_change_group_list_block', 'show_change_group_list');
179

  
180
		$oTpl->parse('show_change_group_list', '');
181
//		$oTpl->parse('show_change_group_list', 'show_change_group_list_block', true);
182

  
183
		$oTpl->set_var(	array(
184
    			   'ACTION_URL'   => ADMIN_URL.'/users/index.php',
185
    			   'FTAN'   => $admin->getFTAN(),
186
    			   'DISPLAY_EXTRA'   => 'display:none;',
187
    			   'ACTIVE_CHECKED'   => ' checked="checked"',
188
    			   'DISABLED_CHECKED'   => '',
189
    			   'NO_RIGHTS' => 'hide',
190
    			   'CHANGING_GROUPS' => '',
191
    			   'DISPLAY_ADD' => '',
192
    			   'DISPLAY_MODIFY' => '',
193
    			   'HEADING_MODIFY_USER' => '',
194
    			   'DISPLAY_HOME_FOLDERS' => '',
195
    			   'SUBMIT_TITLE' => $TEXT['ADD'],
196
    			   )
197
			);
198

  
199

  
200
        // insert urls
201
        $oTpl->set_var(array(
202
        		'USER_ID' => '',
203
        		'USERNAME' => '',
204
        		'DISPLAY_NAME' => '',
205
        		'EMAIL' => '',
206
        		'ADMIN_URL' => ADMIN_URL,
207
        		'WB_URL' => WB_URL,
208
                'SUB_ACTION' => 'add',
209
                'CANCEL_URL' => $aActionRequest['cancel_url'],
210
        		'THEME_URL' => THEME_URL
211
        		)
212
        );
213

  
214
        // Add groups to list
215
        $oTpl->set_block('main_block', 'group_list_block', 'group_list');
216
        $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1'");
217
        if($results->numRows() > 0) {
218
        	$oTpl->set_var('ID', '');
219
        	$oTpl->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
220
        	$oTpl->set_var('SELECTED', ' selected="selected"');
221
        	$oTpl->parse('group_list', 'group_list_block', true);
222
        	while($group = $results->fetchRow()) {
223
        		$oTpl->set_var('ID', $group['group_id']);
224
        		$oTpl->set_var('NAME', $group['name']);
225
        		$oTpl->set_var('SELECTED', '');
226
        		$oTpl->parse('group_list', 'group_list_block', true);
227
        	}
228
        }
229
        // Only allow the user to add a user to the Administrators group if they belong to it
230
        if(in_array(1, $admin->get_groups_id())) {
231
        	$users_groups = $admin->get_groups_name();
232
        	$oTpl->set_var('ID', '1');
233
        	$oTpl->set_var('NAME', $users_groups[1]);
234
        	$oTpl->set_var('SELECTED', '');
235
        	$oTpl->parse('group_list', 'group_list_block', true);
236
        } else {
237
        	if($results->numRows() == 0) {
238
        		$oTpl->set_var('ID', '');
239
        		$oTpl->set_var('NAME', $TEXT['NONE_FOUND']);
240
        		$oTpl->parse('group_list', 'group_list_block', true);
241
        	}
242
        }
243

  
244
        // Insert permissions values
245
        if($admin->get_permission('users_add') != true) {
246
        	$oTpl->set_var('DISPLAY_ADD', 'hide');
247
        }
248

  
249
        // Generate username field name
250
        $username_fieldname = 'username_';
251
        $salt = "abchefghjkmnpqrstuvwxyz0123456789";
252
        srand((double)microtime()*1000000);
253
        $i = 0;
254
        while ($i <= 7) {
255
        	$num = rand() % 33;
256
        	$tmp = substr($salt, $num, 1);
257
        	$username_fieldname = $username_fieldname . $tmp;
258
        	$i++;
259
        }
260

  
261
        // Work-out if home folder should be shown
262
        if(!HOME_FOLDERS) {
263
        	$oTpl->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
264
        }
265

  
266
        // Include the WB functions file
267
        require_once(WB_PATH.'/framework/functions.php');
268

  
269
        // Add media folders to home folder list
270
        $oTpl->set_block('main_block', 'folder_list_block', 'folder_list');
271
        foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name) {
272
        	$oTpl->set_var('NAME', str_replace(WB_PATH, '', $name));
273
        	$oTpl->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
274
        	$oTpl->set_var('SELECTED', ' ');
275
        	$oTpl->parse('folder_list', 'folder_list_block', true);
276
        }
277

  
278
        // Insert language text and messages
279
        $oTpl->set_var(array(
280
        			'TEXT_CANCEL' => $TEXT['CANCEL'],
281
        			'TEXT_RESET' => $TEXT['RESET'],
282
        			'TEXT_ACTIVE' => $TEXT['ACTIVE'],
283
        			'TEXT_DISABLED' => $TEXT['DISABLED'],
284
        			'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
285
        			'TEXT_USERNAME' => $TEXT['USERNAME'],
286
        			'TEXT_PASSWORD' => $TEXT['PASSWORD'],
287
        			'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
288
        			'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
289
        			'TEXT_EMAIL' => $TEXT['EMAIL'],
290
        			'TEXT_GROUP' => $TEXT['GROUP'],
291
        			'TEXT_NONE' => $TEXT['NONE'],
292
        			'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'],
293
        			'USERNAME_FIELDNAME' => $username_fieldname,
294
        			'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD']
295
        			)
296
        	);
297

  
298
        // Parse template for add user form
299
        $oTpl->parse('show_modify_loginname', '', true);
300
        $oTpl->parse('show_add_loginname', 'show_add_loginname_block', true);
301
        $oTpl->parse('main', 'main_block', false);
302
		$output .= $oTpl->finish($oTpl->parse('output', 'page'));
303

  
304
        return $output;
305

  
306
    }
0 307

  
branches/2.8.x/wb/admin/users/save.php
15 15
 *
16 16
 */
17 17

  
18
$config_file = realpath('../../config.php');
19
if(file_exists($config_file) && !defined('WB_URL'))
20
{
21
	require_once($config_file);
18
/* -------------------------------------------------------- */
19
// Must include code to stop this file being accessed directly
20
if(!defined('WB_URL')) {
21
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
22
	throw new IllegalFileException();
22 23
}
24
/* -------------------------------------------------------- */
23 25

  
24
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
26
	function save_user($admin, &$aActionRequest)
27
	{
28
		global $TEXT, $MESSAGE;
29
        // Create a javascript back link
30
//        $js_back = ADMIN_URL.'/users/index.php';
31
        unset($aActionRequest['save']);
32
        $aActionRequest['modify']= 'change';
33
		$database = WbDatabase::getInstance();
34
        $bRetVal = 0;
35
    	$iMinPassLength = 6;
25 36

  
26
// suppress to print the header, so no new FTAN will be set
27
$admin = new admin('Access', 'users_modify', false);
37
        if( !$admin->checkFTAN() )
38
        {
39
        	msgQueue::add($MESSAGE['GENERIC_SECURITY_ACCESS']);
40
            return $bRetVal;
41
        }
28 42

  
29
// Create a javascript back link
30
$js_back = ADMIN_URL.'/users/index.php';
43
        // Check if user id is a valid number and doesnt equal 1
44
        if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) {
45
        	msgQueue::add('::'.$MESSAGE['GENERIC_NOT_UPGRADED']);
46
            return $bRetVal;
47
        } else {
48
        	$user_id = intval($aActionRequest['user_id']);
49
        }
31 50

  
32
if( !$admin->checkFTAN() )
33
{
34
	$admin->print_header();
35
	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
36
}
37
// After check print the header
38
$admin->print_header();
51
		if( ($user_id < 2 ) )
52
		{
53
			// if($admin_header) { $admin->print_header(); }
54
        	msgQueue::add($MESSAGE['GENERIC_SECURITY_OFFENSE']);
55
            return $bRetVal;
56
		}
57
		// Get existing values
58
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ;
59
        $sql .= 'WHERE user_id = '.$user_id.' ';
60
        $sql .=   'AND user_id != 1 ';
39 61

  
40
// Check if user id is a valid number and doesnt equal 1
41
if(!isset($_POST['user_id']) OR !is_numeric($_POST['user_id']) OR $_POST['user_id'] == 1) {
42
	header("Location: index.php");
43
	exit(0);
44
} else {
45
	$user_id = intval($_POST['user_id']);
46
}
62
        if($oRes = $database->query($sql)){
63
            $olduser = $oRes->fetchRow(MYSQL_ASSOC);
64
        }
47 65

  
48
// Gather details entered
49
$groups_id = (isset($_POST['groups'])) ? implode(",", $admin->add_slashes($_POST['groups'])) : '';
50
$active = $admin->add_slashes($_POST['active'][0]);
51
$username_fieldname = $admin->get_post_escaped('username_fieldname');
52
$username = strtolower($admin->get_post_escaped($username_fieldname));
53
$password = $admin->get_post('password');
54
$password2 = $admin->get_post('password2');
55
$display_name = $admin->get_post_escaped('display_name');
56
$email = $admin->get_post_escaped('email');
57
$home_folder = $admin->get_post_escaped('home_folder');
66
        // Gather details entered
67
        if($admin->is_group_match($admin->get_groups_id(), '1' )){
68
            $groups_id = (isset($aActionRequest['groups'])) ? implode(",", $admin->add_slashes($aActionRequest['groups'])) : '';
69
        } else {
70
            $groups_id = $olduser['group_id'];
71
        }
72
        // there will be an additional ',' when "Please Choose" was selected, too
73
        $groups_id = trim($groups_id, ',');
74
        $active = intval(strip_tags($admin->StripCodeFromText($aActionRequest['active'][0])));
75
        $username_fieldname = strip_tags($admin->StripCodeFromText($aActionRequest['username_fieldname']));
76
        $username = strtolower(strip_tags($admin->StripCodeFromText($aActionRequest[$username_fieldname])));
77
        $password = strip_tags($admin->StripCodeFromText($aActionRequest['password']));
78
        $password2 = strip_tags($admin->StripCodeFromText($aActionRequest['password2']));
79
        $display_name = strip_tags($admin->StripCodeFromText($aActionRequest['display_name']));
80
        $email = strip_tags($admin->StripCodeFromText($aActionRequest['email']));
81
        $home_folder = strip_tags($admin->StripCodeFromText($aActionRequest['home_folder']));
58 82

  
59
// Check values
60
if($groups_id == "") {
61
	$admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back);
62
}
63
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
64
{
83
        // Check values
84
        if($groups_id == "") {
85
        	msgQueue::add($MESSAGE['USERS_NO_GROUP']);
86
        } else {
87
            $aGroups_id = explode(',', $groups_id);
88
            //if user is in administrator-group, get this group else just get the first one
89
            if($admin->is_group_match($groups_id,'1')) { $group_id = 1; } else { $group_id = intval($aGroups_id[0]); }
90
        }
65 91

  
66
//	print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong>  basename: '.basename(__FILE__).'  line: '.__LINE__.' -> <br />';
67
//	print_r( $_POST ); print '</pre>';
68
	$admin->print_error( $MESSAGE['USERS_NAME_INVALID_CHARS'].' / '.
69
	                  $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back);
70
}
71
if($password != "") {
72
	if(strlen($password) < 6 ) {
73
		$admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back);
74
	}
75
	if($password != $password2) {
76
		$admin->print_error($MESSAGE['USERS_PASSWORD_MISMATCH'], $js_back);
77
	}
78
}
92
//$admin->is_group_match($admin->get_groups_id(), '1' )
93
        if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
94
        {
95
        	msgQueue::add( $MESSAGE['USERS_NAME_INVALID_CHARS']);
96
        }
79 97

  
80
if($email != "")
81
{
82
	if($admin->validate_email($email) == false)
83
    {
84
        $admin->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back);
85
	}
86
} else { // e-mail must be present
87
	$admin->print_error($MESSAGE['SIGNUP_NO_EMAIL'], $js_back);
88
}
98
        if($password != "") {
99
        	if(strlen($password) < $iMinPassLength ) {
100
        		msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']);
101
        	}
89 102

  
90
// Check if the email already exists
91
$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."' AND user_id <> '".$user_id."' ");
92
if($results->numRows() > 0)
93
{
94
	if(isset($MESSAGE['USERS_EMAIL_TAKEN']))
95
    {
96
		$admin->print_error($MESSAGE['USERS_EMAIL_TAKEN'], $js_back);
97
	} else {
98
		$admin->print_error($MESSAGE['USERS_INVALID_EMAIL'], $js_back);
99
	}
100
}
103
			$pattern = '/[^'.$admin->password_chars.']/';
104
			if (preg_match($pattern, $password)) {
105
				msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']);
106
        	}
101 107

  
102
// Prevent from renaming user to "admin"
103
if($username != 'admin') {
104
	$username_code = ", username = '$username'";
105
} else {
106
	$username_code = '';
107
}
108
        	if(($password != $password2) ) {
109
        		msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']);
110
        	}
111
        }
112
// check that display_name is unique in whoole system (prevents from User-faking)
113
    	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
114
    	$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"';
115
    	if( $database->get_one($sql) > 0 ){
116
            msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')');
117
            msgQueue::add($MESSAGE['MEDIA_CANNOT_RENAME']);
118
        }
119
//
120
		if( ($admin->get_user_id() != '1' ) )
121
		{
122
            if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) {
123
                msgQueue::add( $TEXT['ERROR'].' '.$TEXT['DISPLAY_NAME'].' ('.$display_name.')' );
124
            }
125
		}
108 126

  
109
// Update the database
110
if($password == "") {
111
	$query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email' WHERE user_id = '$user_id'";
112
} else {
113
	// MD5 supplied password
114
	$md5_password = md5($password);
115
	$query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email', password = '$md5_password' WHERE user_id = '$user_id'";
116
}
117
$database->query($query);
118
if($database->is_error()) {
119
	$admin->print_error($database->get_error(),$js_back);
120
} else {
121
	$admin->print_success($MESSAGE['USERS_SAVED']);
122
}
127
    	$display_name = ( $display_name == '' ? $olduser['display_name'] : $display_name );
123 128

  
124
// Print admin footer
125
$admin->print_footer();
129
        if($email != "")
130
        {
131
        	if($admin->validate_email($email) == false)
132
            {
133
                msgQueue::add($MESSAGE['USERS_INVALID_EMAIL'].' ('.$email.')');
134
        	}
135
        } else { // e-mail must be present
136
        	msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']);
137
        }
138

  
139
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '.
140
                'WHERE `email` LIKE \''.$email.'\' '.
141
                  'AND `user_id` <> '.(int)$user_id;
142
        // Check if the email already exists
143
        if( ($iFoundUser = $database->get_one($sql)) != null ) {
144
            if($iFoundUser) {
145
            	if(isset($MESSAGE['USERS_EMAIL_TAKEN']))
146
                {
147
            		msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN'].' ('.$email.')');
148
            	} else {
149
            		msgQueue::add($MESSAGE['USERS_INVALID_EMAIL'].' ('.$email.')');
150
            	}
151
            }
152
        }
153

  
154
        $bRetVal = $user_id;
155

  
156
// no error then save
157
        if( !msgQueue::getError() )
158
        {
159
            if($admin->is_group_match($groups_id,'1')) { $group_id = 1; $groups_id = '1'; }
160
          // Prevent from renaming user to "admin"
161
            if($username != 'admin') {
162
            	$username_code = ", username = '$username'";
163
            } else {
164
            	$username_code = '';
165
            }
166

  
167
			$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET ';
168
            // Update the database
169
            if($password == "") {
170
                $sql .= '`group_id`     = '.intval($group_id).', '.
171
                        '`groups_id`    = \''.mysql_real_escape_string($groups_id).'\', '.
172
                        '`username` = \''.mysql_real_escape_string($username).'\', '.
173
                        '`active` = '.intval($active).', '.
174
                        '`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
175
                        '`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '.
176
                        '`email` = \''.mysql_real_escape_string($email).'\' '.
177
                        'WHERE `user_id` = '.intval($user_id).'';
178

  
179
            } else {
180

  
181
                $sql .= '`group_id`     = '.intval($group_id).', '.
182
                        '`groups_id`    = \''.mysql_real_escape_string($groups_id).'\', '.
183
                        '`username` = \''.mysql_real_escape_string($username).'\', '.
184
                        '`password` = \''.md5($password).'\', '.
185
                        '`active` = '.intval($active).', '.
186
                        '`display_name` = \''.mysql_real_escape_string($display_name).'\', '.
187
                        '`home_folder` = \''.mysql_real_escape_string($home_folder).'\', '.
188
                        '`email` = \''.mysql_real_escape_string($email).'\' '.
189
                        'WHERE `user_id` = '.intval($user_id).'';
190

  
191
            }
192
            if($database->query($sql)) {
193
            	msgQueue::add($MESSAGE['USERS_SAVED'], true);
194
                $bRetVal = $user_id;
195
            }
196
            if($database->is_error()) {
197
               msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
198
            }
199
       } else {
200
            	msgQueue::add($MESSAGE['GENERIC_NOT_UPGRADED']);
201
       }
202

  
203
//        return $admin->getIDKEY($user_id);
204
//if($admin_header) { $admin->print_header(); }
205
        return $bRetVal;
206
    }
branches/2.8.x/wb/admin/users/user_form.php
1
<?php
2

  
3
/**
4
 *
5
 * @category        admin
6
 * @package         pages
7
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
8
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18

  
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_URL')) {
22
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
23
	throw new IllegalFileException();
24
}
25
/* -------------------------------------------------------- */
26

  
27
	function show_usermask($admin, &$aActionRequest)
28
	{
29
		global $TEXT, $MESSAGE, $HEADING, $MENU;
30
		$database = WbDatabase::getInstance();
31

  
32
    	$user_id = intval($aActionRequest['user_id']);
33
        $user = array(
34
            'user_id' => 0,
35
            'username'=> '',
36
            'display_name'=> '',
37
            'email'=> '',
38
        );
39

  
40
		// Get existing values
41
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ;
42
        $sql .= 'WHERE user_id = '.$user_id.' ';
43
        $sql .=   'AND user_id != 1 ';
44

  
45
        if($oRes = $database->query($sql)){
46
            $user = $oRes->fetchRow(MYSQL_ASSOC);
47
        }
48

  
49
        $sNoRightsToChangeGroups = (($admin->get_user_id()==1)) ? 'hide' : '';
50
        $sNoRightsToChangeGroups = (($user['group_id']==1)) ? $sNoRightsToChangeGroups : 'hide';
51
		// Setup template object, parse vars to it, then parse it
52
		// Create new template object
53
		$oTpl = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep');
54
//		$oTpl->debug = true;
55
		$oTpl->set_file('page', 'users_form.htt');
56
		$oTpl->set_block('page', 'main_block', 'main');
57
		$oTpl->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
58
		$oTpl->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
59
		$oTpl->set_block('main_block', 'show_change_group_list_block', 'show_change_group_list');
60

  
61
		if( ( $admin->get_user_id() != '1' ) )
62
		{
63
            $oTpl->set_var('CHANGING_GROUPS', 'You are not allowed to change the groups');
64
    		$oTpl->parse('show_change_group_list', 'show_change_group_list_block');
65
		} else {
66
    		$oTpl->parse('show_change_group_list', '');
67
		}
68

  
69
		$oTpl->set_var(	array(
70
    			   'ACTION_URL'   => ADMIN_URL.'/users/index.php',
71
    			   'SUB_ACTION'   => 'save',
72
                   'BACK_LINK'    => (isset($aActionRequest['BackLink'])) ? $aActionRequest['BackLink'] : '',
73
                   'CANCEL_URL'   => $aActionRequest['cancel_url'],
74
    			   'SUBMIT_TITLE' => $TEXT['SAVE'],
75
                   'USER_ID' => $user['user_id'],
76
//    			   'NO_RIGHTS' => 'hide',
77
//    			   'CHANGING_GROUPS' => '',
78
    			   'DISPLAY_EXTRA' => '',
79
    			   'DISPLAY_HOME_FOLDERS' => '',
80
    			   'USERNAME' => $user['username'],
81
    			   'DISPLAY_NAME' => $user['display_name'],
82
    			   'EMAIL' => $user['email'],
83
    			   'ADMIN_URL' => ADMIN_URL,
84
    			   'WB_URL' => WB_URL,
85
    			   'THEME_URL' => THEME_URL
86
    			   )
87
			);
88

  
89
		$oTpl->set_var('FTAN', $admin->getFTAN());
90
		if($user['active'] == 1) {
91
            $oTpl->set_var('DISABLED_CHECKED', '');
92
			$oTpl->set_var('ACTIVE_CHECKED', ' checked="checked"');
93
		} else {
94
            $oTpl->set_var('ACTIVE_CHECKED', '');
95
			$oTpl->set_var('DISABLED_CHECKED', ' checked="checked"');
96
		}
97
//		$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
98
		// Add groups to list
99
		$oTpl->set_block('main_block', 'group_list_block', 'group_list');
100
    	$sql  = 'SELECT `group_id`,`name` FROM `'.TABLE_PREFIX.'groups` ';
101
    	$sql .= 'WHERE `group_id` != 1 ORDER BY `name`';
102
		if($oRes = $database->query($sql)) {
103
			$oTpl->set_var('ID', '');
104
			$oTpl->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
105
			$oTpl->set_var('SELECTED', '');
106
			$oTpl->parse('group_list', 'group_list_block', true);
107
			while($group = $oRes->fetchRow(MYSQL_ASSOC)) {
108
				$oTpl->set_var('ID', $group['group_id']);
109
				$oTpl->set_var('NAME', $group['name']);
110
				if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
111
					$oTpl->set_var('SELECTED', ' selected="selected"');
112
				} else {
113
					$oTpl->set_var('SELECTED', '');
114
				}
115
				$oTpl->parse('group_list', 'group_list_block', true);
116
			}
117
		}
118

  
119
//		$in_group = false;
120
//  || ($admin->ami_group_member('1'))
121
// Only allow the user to add a user to the Administrators group if they belong to it
122
		if( ($admin->is_group_match($user['groups_id'], '1') ) || ($admin->ami_group_member('1')) )
123
	    {
124
            if( ($in_group = ($admin->ami_group_member('1'))) == false ) {
125
            	$sql  = 'SELECT `name` FROM `'.TABLE_PREFIX.'groups` ';
126
            	$sql .= 'WHERE `group_id` = 1 ORDER BY `name`';
127
                if( ($sGroupName = $database->get_one($sql)) != null ) {
128
            		$in_group = true;
129
        			$oTpl->set_var('ID', '1');
130
        			$oTpl->set_var('NAME', $sGroupName);
131
                }
132
            } else {
133
                if( $in_group = ($admin->is_group_match($admin->get_groups_id(), '1')) ) {
134
        			$sGroupName = $admin->get_groups_name();
135
        			$oTpl->set_var('ID', '1');
136
        			$oTpl->set_var('NAME', $sGroupName[1]);
137
                    $in_group = $user['group_id'] == 1;
138
                }
139
            }
140

  
141
			if($in_group) {
142
				$oTpl->set_var('SELECTED', ' selected="selected"');
143
			} else {
144
				$oTpl->set_var('SELECTED', '');
145
			}
146
			$oTpl->parse('group_list', 'group_list_block', true);
147
		} else {
148
			if($oRes->numRows() == 0) {
149
				$oTpl->set_var('ID', '');
150
				$oTpl->set_var('NAME', $TEXT['NONE_FOUND']);
151
				$oTpl->set_var('SELECTED', ' selected="selected"');
152
				$oTpl->parse('group_list', 'group_list_block', true);
153
			}
154
		}
155

  
156
		// Generate username field name
157
		$username_fieldname = 'username_';
158
		$salt = "abchefghjkmnpqrstuvwxyz0123456789";
159
		srand((double)microtime()*1000000);
160
		$i = 0;
161
		while ($i <= 7) {
162
			$num = rand() % 33;
163
			$tmp = substr($salt, $num, 1);
164
			$username_fieldname = $username_fieldname . $tmp;
165
			$i++;
166
		}
167

  
168
		// Work-out if home folder should be shown
169
		if(!HOME_FOLDERS) {
170
			$oTpl->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
171
		}
172

  
173
		// Include the WB functions file
174
		require_once(WB_PATH.'/framework/functions.php');
175

  
176
		// Add media folders to home folder list
177
		$oTpl->set_block('main_block', 'folder_list_block', 'folder_list');
178
		foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name)
179
	    {
180
			$oTpl->set_var('NAME', str_replace(WB_PATH, '', $name));
181
			$oTpl->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
182
			if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
183
				$oTpl->set_var('SELECTED', ' selected="selected"');
184
			} else {
185
				$oTpl->set_var('SELECTED', ' ');
186
			}
187
			$oTpl->parse('folder_list', 'folder_list_block', true);
188
		}
189

  
190
		// Insert language text and messages
191
		$oTpl->set_var(array(
192
                    'TEXT_RESET' => $TEXT['RESET'],
193
                    'TEXT_CANCEL' => $TEXT['CANCEL'],
194
                    'TEXT_ACTIVE' => $TEXT['ACTIVE'],
195
                    'TEXT_DISABLED' => $TEXT['DISABLED'],
196
                    'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
197
                    'TEXT_USERNAME' => $TEXT['USERNAME'],
198
                    'TEXT_PASSWORD' => $TEXT['PASSWORD'],
199
                    'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
200
                    'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
201
                    'TEXT_EMAIL' => $TEXT['EMAIL'],
202
                    'TEXT_GROUP' => $TEXT['GROUP'],
203
                    'TEXT_NONE' => $TEXT['NONE'],
204
                    'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'],
205
                    'USERNAME_FIELDNAME' => $username_fieldname,
206
                    'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'],
207
                    'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER']
208
                    )
209
                );
210

  
211
		// Parse template object
212
		$oTpl->parse('show_modify_loginname', 'show_modify_loginname_block', true);
213
		$oTpl->parse('show_add_loginname', '', true);
214
		$oTpl->parse('main', 'main_block', false);
215
//			$oTpl->pparse('output', 'page');
216
		$output = $oTpl->finish($oTpl->parse('output', 'page'));
217

  
218
        return $output;
219
    }
0 220

  
branches/2.8.x/wb/admin/users/delete.php
1
<?php
2

  
3
/**
4
 *
5
 * @category        admin
6
 * @package         pages
7
 * @author          Ryan Djurovich (2004-2009), WebsiteBaker Project
8
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18

  
19
/* -------------------------------------------------------- */
20
// Must include code to stop this file being accessed directly
21
if(!defined('WB_URL')) {
22
	require_once(dirname(dirname(dirname(__FILE__))).'/framework/globalExceptionHandler.php');
23
	throw new IllegalFileException();
24
}
25
/* -------------------------------------------------------- */
26
function delete_user($admin, &$aActionRequest)
27
{
28
	global $TEXT, $MESSAGE;
29
	$database = WbDatabase::getInstance();
30
    $aUserID = array();
31
    $bRetVal = false;
32
    if(isset($aActionRequest['user_id']) && !is_array($aActionRequest['user_id'])) {
33
        $aUserID[] = $aActionRequest['user_id'];
34
    } else {
35
        $aUserID = $aActionRequest['user_id'];
36
    }
37

  
38
    foreach ( $aUserID AS $key => $value)
39
    {
40
        switch ($_SERVER['REQUEST_METHOD']) :
41
			case 'GET': // insert/update user
42
                $_GET['user_id'] =$aUserID[$key];
43
				break;
44
			default: // show userlist with empty modify mask
45
                $_POST['user_id'] =$aUserID[$key];
46
		endswitch; // end of switch
47
		$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
48

  
49
		// Check if user id is a valid number and doesnt equal 1
50
		if($user_id == 0){
51
			msgQueue::add($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
52
            return $bRetVal;
53
        }
54

  
55
		if( ($user_id < 2 ) )
56
		{
57
			// if($admin_header) { $admin->print_header(); }
58
			msgQueue::add($MESSAGE['GENERIC_SECURITY_ACCESS'] );
59
            return $bRetVal;
60
		}
61

  
62
		if( ($msg = msgQueue::getError()) == '')
63
		{
64
			$sql  = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` '.
65
                    'WHERE `user_id` = '.$user_id;
66
            if( ($iDeleteUser = $database->get_one($sql)) != null ) {
67
                if($iDeleteUser) {
68
    				// Delete the user
69
        			$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET '.
70
                            '`active` = 0 '.
71
                            'WHERE `user_id` = '.$user_id;
72
                    if( $database->query($sql) ) {
73
                        msgQueue::add($TEXT['USERS_DELETED'], true);
74
                    }
75
                } else {
76
        			$sql  = 'DELETE FROM `'.TABLE_PREFIX.'users` '.
77
                            'WHERE `user_id` = '.$user_id;
78
                    if( $database->query($sql) ) {
79
                        msgQueue::add($MESSAGE['USERS_DELETED'], true);
80
                    }
81
                }
82
                $bRetVal = true;
83
            }
84
            if($database->is_error()) {
85
                msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
86
                $bRetVal = false;
87
           }
88
		}
89
    }
90
    if(isset($aActionRequest['clearmsg'])) { msgQueue::clear();  }
91
    return $user_id;
92
}
93

  
94
if(!isset($aActionRequest)) {
95
    $requestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
96
    $aActionRequest = (isset(${$requestMethod})) ? ${$requestMethod} : null;
97
    $aActionRequest['clearmsg'] = true;
98
}
0 99

  
branches/2.8.x/wb/admin/users/disallowedNames
1
admin
2
asshole
3
porno
4
arsch
5
fuck
6
fick
7
shit
8
scheiss
9
viagra
branches/2.8.x/wb/admin/users/index.php
15 15
 *
16 16
 */
17 17

  
18
$config_file = realpath('../../config.php');
19
if(file_exists($config_file) && !defined('WB_URL'))
20
{
21
	require_once($config_file);
22
}
18
    /**
19
     * checks if a given string is part of a line in a defined file
20
     * @param string $sString
21
     * @param string $sListFile
22
     * @return bool TRUE if at least one match is found, otherwise FALSE
23
     */
24
    function findStringInFileList( $sString, $sListFile)
25
    {
26
     $aMatch = array();
27
     if(is_readable($sListFile)) {
28
      $aList = file($sListFile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
29
      $aMatch = preg_grep('/'.preg_quote($sString, '/').'/i',$aList);
30
     }
31
     return (sizeof($aMatch)>0);
32
    }
23 33

  
24
if(!class_exists('admin', false)){ include(WB_PATH.'/framework/class.admin.php'); }
34
	function admin_users_index($aActionRequest)
35
	{
36
		global $MESSAGE;
37
		$database = WbDatabase::getInstance();
25 38

  
26
$admin = new admin('Access', 'users');
39
        $sAdminPath = dirname(str_replace('\\', '/', __FILE__));
40
        $sAdminName = basename($sAdminPath);
41
        $output = '';
42
        $aActionRequest['requestMethod'] = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
43
        $action = 'show';
44
        // Set parameter 'action' as alternative to javascript mechanism
45
        $action = (isset($aActionRequest['add'])    ? 'add'    : $action );
46
        $action = (isset($aActionRequest['save'])   ? 'save'   : $action );
47
        $action = (isset($aActionRequest['modify']) ? 'modify' : $action );
48
        $action = (isset($aActionRequest['delete']) ? 'delete' : $action );
49
        $action = (isset($aActionRequest['delete_outdated']) ? 'delete_outdated' : $action );
27 50

  
28
$iUserStatus = 1;
29
$iUserStatus = ( ( $admin->get_get('status')==1 ) ? 0 : $iUserStatus );
30
unset($_GET);
51
		switch($action) :
52
			case 'delete': // delete the user
53
    			$admin = new admin('Access', 'users_delete',false);
31 54

  
32
// Setup template object, parse vars to it, then parse it
33
// Create new template object
34
$template = new Template(dirname($admin->correct_theme_source('users.htt')),'keep');
35
// $template->debug = true;
55
				include($sAdminPath.'/delete.php');
56
    			$output = delete_user($admin,$aActionRequest);
36 57

  
37
$template->set_file('page', 'users.htt');
38
$template->set_block('page', 'main_block', 'main');
39
$template->set_block("main_block", "manage_groups_block", "groups");
40
$template->set_var('ADMIN_URL', ADMIN_URL);
41
$template->set_var('FTAN', $admin->getFTAN());
42
$template->set_var('USER_STATUS', $iUserStatus );
43
$template->set_var('DISPLAY_ADD', '');
44
$template->set_var('DISPLAY_MODIFY', '');
45
$template->set_var('DISABLED_CHECKED', '');
46
$template->set_var('HEADING_MODIFY_USER', '');
47
$template->set_var('DISPLAY_HOME_FOLDERS', '');
58
        		if( ($msg = msgQueue::getError()) != '')
59
        		{
60
        		}
48 61

  
49
$UserStatusActive = 'url('.THEME_URL.'/images/user.png)';
50
$UserStatusInactive = 'url('.THEME_URL.'/images/user_red.png)';
62
                $aActionRequest['cancel_url'] = ADMIN_URL.'/access/index.php';
63
				$admin = new admin('Access', 'users');
64
				include($sAdminPath.'/user_list.php');
65
				$output .= show_userlist($admin, $aActionRequest);
66
				break;
67
			case 'add': // insert/update user
68
                $admin = new admin('Access', 'users_add',false);
69
				include($sAdminPath.'/add.php');
70
    			$output = add_user($admin,$aActionRequest);
71
                $aActionRequest['cancel_url'] = ADMIN_URL.'/access/index.php';
72
				$admin = new admin('Access', 'users');
73
				include($sAdminPath.'/user_list.php');
74
				$output .= show_userlist($admin, $aActionRequest);
75
				break;
76
			case 'save': // insert/update user
77
    			$admin = new admin('Access', 'users_modify',false);
78
// hold the cancel_url if request comes outside from users
79
                if(isset($aActionRequest['BackLink'])) {
80
                    $sBackLink = $aActionRequest['BackLink'];
81
                    $aActionRequest['cancel_url'] = $sBackLink;
82
                    $aActionRequest['BackLink'] = $sBackLink;
83
                }
84
     			include($sAdminPath.'/save.php');
85
                $user_id = save_user($admin, $aActionRequest);
86
    			$admin = new admin('Access', 'users_modify');
87
     			include($sAdminPath.'/user_form.php');
88
                $aActionRequest['user_id'] = $user_id;
89
    			$output = show_usermask($admin,$aActionRequest);
90
				break;
91
			case 'modify': // insert/update user
92
// first check acess to auth users can change his own preferences
93
    			$admin = new admin('Preferences', 'preferences_view',false);
94
    			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
95
// Check if user id is a valid number and doesnt equal 1
96
                $aActionRequest['user_id'] = $user_id;
97
    			if($user_id == 0){
98
        			msgQueue::add($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
99
                }
51 100

  
52
$sUserTitle = ($iUserStatus == 0) ? $MENU['USERS'].' '.strtolower($TEXT['ACTIVE']) : $MENU['USERS'].' '.strtolower($TEXT['DELETED']) ;
101
    			if( ($user_id == $admin->get_user_id() ) )
102
    			{
103
                    $sQueryString = (isset($_SERVER['QUERY_STRING'])&& ($_SERVER['QUERY_STRING']!='')) ? $_SERVER['QUERY_STRING'] :  'tool=uaerat';
104
                    $admin->send_header(ADMIN_URL.'/preferences/index.php?'.$sQueryString);
105
    			}
53 106

  
54
$template->set_var('TEXT_USERS', $sUserTitle.' '.$TEXT['SHOW'] );
55
$template->set_var('STATUS_ICON', ( ($iUserStatus==0) ? $UserStatusActive : $UserStatusInactive) );
107
    			$admin = new admin('Access', 'users_modify');
56 108

  
57
// Get existing value from database
58
$sql  = 'SELECT `user_id`, `username`, `display_name`, `active` FROM `'.TABLE_PREFIX.'users` ' ;
59
$sql .= 'WHERE user_id != 1 ';
... This diff was truncated because it exceeds the maximum size that can be displayed.

Also available in: Unified diff