Website Baker PHP Cross Reference Content Management Systems

Source: /admin/users/users.php - 212 lines - 7725 bytes - Summary - Text - Print

   1  <?php
   2  /**
   3   *
   4   * @category        admin
   5   * @package         users
   6   * @author          Ryan Djurovich, WebsiteBaker Project
   7   * @copyright       2009-2011, Website Baker Org. e.V.
   8   * @link            http://www.websitebaker2.org/
   9   * @license         http://www.gnu.org/licenses/gpl.html
  10   * @platform        WebsiteBaker 2.8.x
  11   * @requirements    PHP 5.2.2 and higher
  12   * @version         $Id: users.php 1625 2012-02-29 00:50:57Z Luisehahne $
  13   * @filesource        $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/branches/2.8.x/wb/admin/users/users.php $
  14   * @lastmodified    $Date: 2012-02-29 01:50:57 +0100 (Mi, 29. Feb 2012) $
  15   *
  16  */
  17  
  18   // Include config file and admin class file
  19  require('../../config.php');
  20  require_once (WB_PATH.'/framework/class.admin.php');
  21  
  22  $action = 'cancel';
  23  // Set parameter 'action' as alternative to javascript mechanism
  24  $action = (isset($_POST['modify']) ? 'modify' : $action );
  25  $action = (isset($_POST['delete']) ? 'delete' : $action );
  26  
  27  switch ($action):
  28      case 'modify' :
  29              // Print header
  30              $admin = new admin('Access', 'users_modify');
  31              $user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
  32              // Check if user id is a valid number and doesnt equal 1
  33              if($user_id == 0){
  34              $admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
  35              }
  36              if( ($user_id < 2 ) )
  37              {
  38                  // if($admin_header) { $admin->print_header(); }
  39                  $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
  40              }
  41              // Get existing values
  42              $results = $database->query("SELECT * FROM `".TABLE_PREFIX."users` WHERE `user_id` = '".$user_id."'");
  43              $user = $results->fetchRow();
  44  
  45              // Setup template object, parse vars to it, then parse it
  46              // Create new template object
  47              $template = new Template(dirname($admin->correct_theme_source('users_form.htt')));
  48              // $template->debug = true;
  49              $template->set_file('page', 'users_form.htt');
  50              $template->set_block('page', 'main_block', 'main');
  51              $template->set_var(    array(
  52                                  'ACTION_URL' => ADMIN_URL.'/users/save.php',
  53                                  'SUBMIT_TITLE' => $TEXT['SAVE'],
  54                                  'USER_ID' => $user['user_id'],
  55                                  'USERNAME' => $user['username'],
  56                                  'DISPLAY_NAME' => $user['display_name'],
  57                                  'EMAIL' => $user['email'],
  58                                  'ADMIN_URL' => ADMIN_URL,
  59                                  'WB_URL' => WB_URL,
  60                                  'THEME_URL' => THEME_URL
  61                                  )
  62                          );
  63  
  64              $template->set_var('FTAN', $admin->getFTAN());
  65              if($user['active'] == 1) {
  66                  $template->set_var('ACTIVE_CHECKED', ' checked="checked"');
  67              } else {
  68                  $template->set_var('DISABLED_CHECKED', ' checked="checked"');
  69              }
  70              // Add groups to list
  71              $template->set_block('main_block', 'group_list_block', 'group_list');
  72              $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
  73              if($results->numRows() > 0) {
  74                  $template->set_var('ID', '');
  75                  $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
  76                  $template->set_var('SELECTED', '');
  77                  $template->parse('group_list', 'group_list_block', true);
  78                  while($group = $results->fetchRow()) {
  79                      $template->set_var('ID', $group['group_id']);
  80                      $template->set_var('NAME', $group['name']);
  81                      if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
  82                          $template->set_var('SELECTED', ' selected="selected"');
  83                      } else {
  84                          $template->set_var('SELECTED', '');
  85                      }
  86                      $template->parse('group_list', 'group_list_block', true);
  87                  }
  88              }
  89  
  90              // Only allow the user to add a user to the Administrators group if they belong to it
  91              if(in_array(1, $admin->get_groups_id()))
  92              {
  93                  $template->set_var('ID', '1');
  94                  $users_groups = $admin->get_groups_name();
  95                  $template->set_var('NAME', $users_groups[1]);
  96  
  97                  $in_group = FALSE;
  98                  foreach($admin->get_groups_id() as $cur_gid){
  99                      if (in_array($cur_gid, explode(",", $user['groups_id']))) {
 100                          $in_group = TRUE;
 101                      }
 102                  }
 103  
 104                  if($in_group) {
 105                      $template->set_var('SELECTED', ' selected="selected"');
 106                  } else {
 107                      $template->set_var('SELECTED', '');
 108                  }
 109                  $template->parse('group_list', 'group_list_block', true);
 110              } else {
 111                  if($results->numRows() == 0) {
 112                      $template->set_var('ID', '');
 113                      $template->set_var('NAME', $TEXT['NONE_FOUND']);
 114                      $template->set_var('SELECTED', ' selected="selected"');
 115                      $template->parse('group_list', 'group_list_block', true);
 116                  }
 117              }
 118  
 119              // Generate username field name
 120              $username_fieldname = 'username_';
 121              $salt = "abchefghjkmnpqrstuvwxyz0123456789";
 122              srand((double)microtime()*1000000);
 123              $i = 0;
 124              while ($i <= 7) {
 125                  $num = rand() % 33;
 126                  $tmp = substr($salt, $num, 1);
 127                  $username_fieldname = $username_fieldname . $tmp;
 128                  $i++;
 129              }
 130  
 131              // Work-out if home folder should be shown
 132              if(!HOME_FOLDERS) {
 133                  $template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
 134              }
 135  
 136              // Include the WB functions file
 137              require_once (WB_PATH.'/framework/functions.php');
 138  
 139              // Add media folders to home folder list
 140              $template->set_block('main_block', 'folder_list_block', 'folder_list');
 141              foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name)
 142              {
 143                  $template->set_var('NAME', str_replace(WB_PATH, '', $name));
 144                  $template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
 145                  if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
 146                      $template->set_var('SELECTED', ' selected="selected"');
 147                  } else {
 148                      $template->set_var('SELECTED', ' ');
 149                  }
 150                  $template->parse('folder_list', 'folder_list_block', true);
 151              }
 152  
 153              // Insert language text and messages
 154              $template->set_var(array(
 155                                  'TEXT_RESET' => $TEXT['RESET'],
 156                                  'TEXT_CANCEL' => $TEXT['CANCEL'],
 157                                  'TEXT_ACTIVE' => $TEXT['ACTIVE'],
 158                                  'TEXT_DISABLED' => $TEXT['DISABLED'],
 159                                  'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
 160                                  'TEXT_USERNAME' => $TEXT['USERNAME'],
 161                                  'TEXT_PASSWORD' => $TEXT['PASSWORD'],
 162                                  'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
 163                                  'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
 164                                  'TEXT_EMAIL' => $TEXT['EMAIL'],
 165                                  'TEXT_GROUP' => $TEXT['GROUP'],
 166                                  'TEXT_NONE' => $TEXT['NONE'],
 167                                  'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'],
 168                                  'USERNAME_FIELDNAME' => $username_fieldname,
 169                                  'CHANGING_PASSWORD' => $MESSAGE['USERS']['CHANGING_PASSWORD'],
 170                                  'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER']
 171                                  )
 172                          );
 173  
 174              // Parse template object
 175              $template->parse('main', 'main_block', false);
 176              $template->pparse('output', 'page');
 177              // Print admin footer
 178              $admin->print_footer();
 179              break;
 180          case 'delete' :
 181              // Print header
 182              $admin = new admin('Access', 'users_delete');
 183              $user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
 184              // Check if user id is a valid number and doesnt equal 1
 185              if($user_id == 0){
 186              $admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
 187              }
 188              if( ($user_id < 2 ) )
 189              {
 190                  // if($admin_header) { $admin->print_header(); }
 191                  $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
 192              }
 193              $sql  = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` ';
 194              $sql .= 'WHERE `user_id` = '.$user_id.'';
 195              if( ($iDeleteUser = $database->get_one($sql)) == 1 ) {
 196                  // Delete the user
 197                  $database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' ");
 198              } else {
 199                  $database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
 200              }
 201  
 202              if($database->is_error()) {
 203                  $admin->print_error($database->get_error());
 204              } else {
 205                  $admin->print_success($MESSAGE['USERS_DELETED']);
 206              }
 207              // Print admin footer
 208              $admin->print_footer();
 209              break;
 210      default:
 211              break;
 212  endswitch;

title

Description

title

Description

title

Description

title

title

Body