| [ Index ] |
|
Code source de b2evolution 2.1.0-beta |
1 <?php 2 /** 3 * This file implements the UI controller for settings management. 4 * 5 * This file is part of the evoCore framework - {@link http://evocore.net/} 6 * See also {@link http://sourceforge.net/projects/evocms/}. 7 * 8 * @copyright (c)2003-2007 by Francois PLANQUE - {@link http://fplanque.net/} 9 * Parts of this file are copyright (c)2004-2006 by Daniel HAHLER - {@link http://thequod.de/contact}. 10 * 11 * {@internal License choice 12 * - If you have received this file as part of a package, please find the license.txt file in 13 * the same folder or the closest folder above for complete license terms. 14 * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/) 15 * then you must choose one of the following licenses before using the file: 16 * - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php 17 * - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php 18 * }} 19 * 20 * {@internal Open Source relicensing agreement: 21 * Daniel HAHLER grants Francois PLANQUE the right to license 22 * Daniel HAHLER's contributions to this file and the b2evolution project 23 * under any OSI approved OSS license (http://www.opensource.org/licenses/). 24 * }} 25 * 26 * @package admin 27 * 28 * {@internal Below is a list of authors who have contributed to design/coding of this file: }} 29 * @author fplanque: Francois PLANQUE 30 * @author blueyed: Daniel HAHLER 31 * 32 * @todo separate object inits and permission checks 33 * 34 * @version $Id: users.ctrl.php,v 1.3 2007/09/03 23:47:37 blueyed Exp $ 35 */ 36 if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' ); 37 38 /** 39 * @var AdminUI_general 40 */ 41 global $AdminUI; 42 43 44 $AdminUI->set_path( 'users' ); 45 46 param_action( 'list' ); 47 48 param( 'user_ID', 'integer', NULL ); // Note: should NOT be memorized (would kill navigation/sorting) use memorize_param() if needed 49 param( 'grp_ID', 'integer', NULL ); // Note: should NOT be memorized: -- " -- 50 51 /** 52 * @global boolean true, if user is only allowed to edit his profile 53 */ 54 $user_profile_only = ! $current_User->check_perm( 'users', 'view' ); 55 56 if( $user_profile_only ) 57 { // User has no permissions to view: he can only edit his profile 58 59 if( (isset($user_ID) && $user_ID != $current_User->ID) 60 || isset($grp_ID) ) 61 { // User is trying to edit something he should not: add error message (Should be prevented by UI) 62 $Messages->add( T_('You have no permission to view other users or groups!'), 'error' ); 63 } 64 65 // Make sure the user only edits himself: 66 $user_ID = $current_User->ID; 67 $grp_ID = NULL; 68 if( ! in_array( $action, array( 'userupdate', 'edit_user', 'default_settings' ) ) ) 69 { 70 $action = 'edit_user'; 71 } 72 } 73 74 /* 75 * Load editable objects and set $action (while checking permissions) 76 */ 77 78 $UserCache = & get_Cache( 'UserCache' ); 79 $GroupCache = & get_Cache( 'GroupCache' ); 80 81 if( ! is_null($user_ID) ) 82 { // User selected 83 if( $action == 'userupdate' && $user_ID == 0 ) 84 { // we create a new user 85 $edited_User = new User(); 86 $edited_User->set_datecreated( $localtimenow ); 87 } 88 elseif( ($edited_User = & $UserCache->get_by_ID( $user_ID, false )) === false ) 89 { // We could not find the User to edit: 90 unset( $edited_User ); 91 forget_param( 'user_ID' ); 92 $Messages->head = T_('Cannot edit user!'); 93 $Messages->add( T_('Requested user does not exist any longer.'), 'error' ); 94 $action = 'list'; 95 } 96 elseif( $action == 'list' ) 97 { // 'list' is default, $user_ID given 98 if( $user_ID == $current_User->ID || $current_User->check_perm( 'users', 'edit' ) ) 99 { 100 $action = 'edit_user'; 101 } 102 else 103 { 104 $action = 'view_user'; 105 } 106 } 107 108 if( $action != 'view_user' && $action != 'list' ) 109 { // check edit permissions 110 if( ! $current_User->check_perm( 'users', 'edit' ) 111 && $edited_User->ID != $current_User->ID ) 112 { // user is only allowed to _view_ other user's profiles 113 $Messages->add( T_('You have no permission to edit other users!'), 'error' ); 114 $action = 'view_user'; 115 } 116 elseif( $demo_mode ) 117 { // Demo mode restrictions: admin/demouser cannot be edited 118 if( $edited_User->ID == 1 || $edited_User->login == 'demouser' ) 119 { 120 $Messages->add( T_('You cannot edit the admin and demouser profile in demo mode!'), 'error' ); 121 122 if( strpos( $action, 'delete_' ) === 0 || $action == 'promote' ) 123 { // Fallback to list/view action 124 $action = 'list'; 125 } 126 else 127 { 128 $action = 'view_user'; 129 } 130 } 131 } 132 } 133 } 134 elseif( $grp_ID !== NULL ) 135 { // Group selected 136 if( $action == 'groupupdate' && $grp_ID == 0 ) 137 { // New Group: 138 $edited_Group = new Group(); 139 } 140 elseif( ($edited_Group = & $GroupCache->get_by_ID( $grp_ID, false )) === false ) 141 { // We could not find the Group to edit: 142 unset( $edited_Group ); 143 forget_param( 'grp_ID' ); 144 $Messages->head = T_('Cannot edit group!'); 145 $Messages->add( T_('Requested group does not exist any longer.'), 'error' ); 146 $action = 'list'; 147 } 148 elseif( $action == 'list' ) 149 { // 'list' is default, $grp_ID given 150 if( $current_User->check_perm( 'users', 'edit' ) ) 151 { 152 $action = 'edit_group'; 153 } 154 else 155 { 156 $action = 'view_group'; 157 } 158 } 159 160 if( $action != 'view_group' && $action != 'list' ) 161 { // check edit permissions 162 if( !$current_User->check_perm( 'users', 'edit' ) ) 163 { 164 $Messages->add( T_('You have no permission to edit groups!'), 'error' ); 165 $action = 'view_group'; 166 } 167 elseif( $demo_mode ) 168 { // Additional checks for demo mode: no changes to admin's and demouser's group allowed 169 $admin_User = & $UserCache->get_by_ID(1); 170 $demo_User = & $UserCache->get_by_login('demouser'); 171 if( $edited_Group->ID == $admin_User->Group->ID 172 || $edited_Group->ID == $demo_User->group_ID ) 173 { 174 $Messages->add( T_('You cannot edit the groups of user «admin» or «demouser» in demo mode!'), 'error' ); 175 $action = 'view_group'; 176 } 177 } 178 } 179 } 180 181 182 /* 183 * Perform actions, if there were no errors: 184 */ 185 if( !$Messages->count('error') ) 186 { // no errors 187 switch( $action ) 188 { 189 case 'new_user': 190 // We want to create a new user: 191 if( isset( $edited_User ) ) 192 { // We want to use a template 193 $new_User = $edited_User; // Copy ! 194 $new_User->set( 'ID', 0 ); 195 $edited_User = & $new_User; 196 } 197 else 198 { // We use an empty user: 199 $edited_User = & new User(); 200 } 201 202 // Determine if the user must validate before using the system: 203 $edited_User->set( 'validated', ! $Settings->get('newusers_mustvalidate') ); 204 break; 205 206 207 case 'change_admin_skin': 208 // Skin switch from menu 209 param( 'new_admin_skin', 'string', true ); 210 param( 'redirect_to', 'string', '' ); 211 212 $UserSettings->set( 'admin_skin', $new_admin_skin ); 213 $UserSettings->dbupdate(); 214 $Messages->add( sprintf( T_('Admin skin changed to «%s»'), $new_admin_skin ), 'success' ); 215 216 header_nocache(); 217 header_redirect(); 218 /* EXITED */ 219 break; 220 221 222 case 'userupdate': 223 // Update existing user OR create new user: 224 if( empty($edited_User) || !is_object($edited_User) ) 225 { 226 $Messages->add( 'No user set!' ); // Needs no translation, should be prevented by UI. 227 $action = 'list'; 228 break; 229 } 230 231 $reload_page = false; // We set it to true, if a setting changes that needs a page reload (locale, admin skin, ..) 232 233 if( !$current_User->check_perm( 'users', 'edit' ) && $edited_User->ID != $current_User->ID ) 234 { // user is only allowed to update him/herself 235 $Messages->add( T_('You are only allowed to update your own profile!'), 'error' ); 236 $action = 'view_user'; 237 break; 238 } 239 240 param( 'edited_user_login', 'string' ); 241 param_check_not_empty( 'edited_user_login', T_('You must provide a login!') ); 242 // We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes: 243 $edited_user_login = strtolower( $edited_user_login ); 244 245 if( $current_User->check_perm( 'users', 'edit' ) ) 246 { // changing level/group is allowed (not in profile mode) 247 param_integer_range( 'edited_user_level', 0, 10, T_('User level must be between %d and %d.') ); 248 $edited_User->set( 'level', $edited_user_level ); 249 250 param( 'edited_user_validated', 'integer', 0 ); 251 if( $edited_User->set( 'validated', $edited_user_validated ) && $edited_User->ID == $current_User->ID ) 252 { // validated value has changed for the current user 253 $reload_page = true; 254 } 255 param( 'edited_user_grp_ID', 'integer', true ); 256 $edited_user_Group = $GroupCache->get_by_ID( $edited_user_grp_ID ); 257 $edited_User->set_Group( $edited_user_Group ); 258 // echo 'new group = '; 259 // $edited_User->Group->disp('name'); 260 } 261 262 // check if new login already exists for another user_ID 263 $query = ' 264 SELECT user_ID 265 FROM T_users 266 WHERE user_login = '.$DB->quote($edited_user_login).' 267 AND user_ID != '.$edited_User->ID; 268 if( $q = $DB->get_var( $query ) ) 269 { 270 param_error( 'edited_user_login', 271 sprintf( T_('This login already exists. Do you want to <a %s>edit the existing user</a>?'), 272 'href="?ctrl=users&user_ID='.$q.'"' ) ); 273 } 274 275 param( 'edited_user_firstname', 'string', true ); 276 param( 'edited_user_lastname', 'string', true ); 277 278 param( 'edited_user_nickname', 'string', true ); 279 param_check_not_empty( 'edited_user_nickname', T_('Please enter a nickname (can be the same as your login).') ); 280 281 param( 'edited_user_idmode', 'string', true ); 282 param( 'edited_user_locale', 'string', true ); 283 284 param( 'edited_user_email', 'string', true ); 285 param_check_not_empty( 'edited_user_email', T_('Please enter an e-mail address.') ); 286 param_check_email( 'edited_user_email', true ); 287 288 param( 'edited_user_url', 'string', true ); 289 param_check_url( 'edited_user_url', $comments_allowed_uri_scheme ); 290 291 param( 'edited_user_icq', 'string', true ); 292 param_check_number( 'edited_user_icq', T_('The ICQ UIN can only be a number, no letters allowed.') ); 293 294 param( 'edited_user_aim', 'string', true ); 295 296 param( 'edited_user_msn', 'string', true ); 297 param_check_email( 'edited_user_msn', false ); 298 299 param( 'edited_user_yim', 'string', true ); 300 param( 'edited_user_allow_msgform', 'integer', 0 ); 301 param( 'edited_user_notify', 'integer', 0 ); 302 param( 'edited_user_showonline', 'integer', 0 ); 303 param( 'edited_user_set_login_multiple_sessions', 'integer', 0 ); 304 305 param( 'edited_user_pass1', 'string', true ); 306 param( 'edited_user_pass2', 'string', true ); 307 if( ! param_check_passwords( 'edited_user_pass1', 'edited_user_pass2', ($edited_User->ID == 0) ) ) // required for new users 308 { // passwords not the same or empty: empty them for the form 309 $edited_user_pass1 = ''; 310 $edited_user_pass2 = ''; 311 } 312 313 $edited_User->set( 'login', $edited_user_login ); 314 $edited_User->set( 'firstname', $edited_user_firstname ); 315 $edited_User->set( 'lastname', $edited_user_lastname ); 316 $edited_User->set( 'nickname', $edited_user_nickname ); 317 $edited_User->set( 'idmode', $edited_user_idmode ); 318 if( $edited_User->set( 'locale', $edited_user_locale ) && $edited_User->ID == $current_User->ID ) 319 { // locale value has changed for the current user 320 $reload_page = true; 321 } 322 $edited_User->set( 'email', $edited_user_email ); 323 $edited_User->set( 'url', $edited_user_url ); 324 $edited_User->set( 'icq', $edited_user_icq ); 325 $edited_User->set( 'aim', $edited_user_aim ); 326 $edited_User->set( 'msn', $edited_user_msn ); 327 $edited_User->set( 'yim', $edited_user_yim ); 328 $edited_User->set( 'allow_msgform', $edited_user_allow_msgform ); 329 $edited_User->set( 'notify', $edited_user_notify ); 330 $edited_User->set( 'showonline', $edited_user_showonline ); 331 332 // Features 333 param( 'edited_user_admin_skin', 'string', true ); 334 param_integer_range( 'edited_user_action_icon_threshold', 1, 5, T_('The threshold must be between 1 and 5.') ); 335 param_integer_range( 'edited_user_action_word_threshold', 1, 5, T_('The threshold must be between 1 and 5.') ); 336 param( 'edited_user_legend', 'integer', 0 ); 337 param( 'edited_user_bozo', 'integer', 0 ); 338 param( 'edited_user_focusonfirst', 'integer', 0 ); 339 param( 'edited_user_results_per_page', 'integer', null ); 340 341 if( $Messages->count( 'error' ) ) 342 { // We have found validation errors: 343 $action = 'edit_user'; 344 break; 345 } 346 347 // OK, no error. 348 $new_pass = ''; 349 350 if( !empty($edited_user_pass2) ) 351 { // Password provided, we must encode it 352 $new_pass = md5( $edited_user_pass2 ); 353 354 $edited_User->set( 'pass', $new_pass ); // set password 355 } 356 357 if( $edited_User->ID != 0 ) 358 { // Commit update to the DB: 359 $update_r = $edited_User->dbupdate(); 360 361 if( $edited_User->ID == $current_User->ID ) 362 { // User updates his profile: 363 if( $update_r ) 364 { 365 $Messages->add( T_('Your profile has been updated.'), 'success' ); 366 } 367 else 368 { 369 $Messages->add( T_('Your profile has not been changed.'), 'note' ); 370 } 371 } 372 else 373 { 374 $Messages->add( T_('User updated.'), 'success' ); 375 } 376 } 377 else 378 { // Insert user into DB 379 $edited_User->dbinsert(); 380 $Messages->add( T_('New user created.'), 'success' ); 381 } 382 383 // Now that the User exists in the DB and has an ID, update the settings: 384 385 $UserSettings->set( 'login_multiple_sessions', $edited_user_set_login_multiple_sessions, $edited_User->ID ); 386 387 if( $UserSettings->set( 'admin_skin', $edited_user_admin_skin, $edited_User->ID ) 388 && ($edited_User->ID == $current_User->ID) ) 389 { // admin_skin has changed or was set the first time for the current user 390 $reload_page = true; 391 } 392 393 // Action icon params: 394 $UserSettings->set( 'action_icon_threshold', $edited_user_action_icon_threshold, $edited_User->ID ); 395 $UserSettings->set( 'action_word_threshold', $edited_user_action_word_threshold, $edited_User->ID ); 396 $UserSettings->set( 'display_icon_legend', $edited_user_legend, $edited_User->ID ); 397 398 // Set bozo validador activation 399 $UserSettings->set( 'control_form_abortions', $edited_user_bozo, $edited_User->ID ); 400 401 // Focus on first 402 $UserSettings->set( 'focus_on_first_input', $edited_user_focusonfirst, $edited_User->ID ); 403 404 // Results per page 405 if( isset($edited_user_results_per_page) ) 406 { 407 $UserSettings->set( 'results_per_page', $edited_user_results_per_page, $edited_User->ID ); 408 } 409 410 // Update user settings: 411 if( $UserSettings->dbupdate() ) $Messages->add( T_('User feature settings have been changed.'), 'success'); 412 413 // PluginUserSettings 414 $any_plugin_settings_updated = false; 415 $Plugins->restart(); 416 while( $loop_Plugin = & $Plugins->get_next() ) 417 { 418 $pluginusersettings = $loop_Plugin->GetDefaultUserSettings( $tmp_params = array('for_editing'=>true) ); 419 420 if( empty($pluginusersettings) ) 421 { 422 continue; 423 } 424 425 load_funcs('plugins/_plugin.funcs.php'); 426 427 // Loop through settings for this plugin: 428 foreach( $loop_Plugin->GetDefaultUserSettings( $dummy = array('for_editing' => true) ) as $set_name => $set_meta ) 429 { 430 autoform_set_param_from_request( $set_name, $set_meta, $loop_Plugin, 'UserSettings', $edited_User ); 431 } 432 433 // Let the plugin handle custom fields: 434 $ok_to_update = $Plugins->call_method( $loop_Plugin->ID, 'PluginUserSettingsUpdateAction', $tmp_params = array( 435 'User' => & $edited_User, 'action' => 'save' ) ); 436 437 if( $ok_to_update === false ) 438 { 439 $loop_Plugin->UserSettings->reset(); 440 } 441 elseif( $loop_Plugin->UserSettings->dbupdate() ) 442 { 443 $any_plugin_settings_updated = true; 444 } 445 } 446 if( $any_plugin_settings_updated ) 447 { 448 $Messages->add( T_('Usersettings of Plugins have been updated.'), 'success' ); 449 } 450 451 if( $user_profile_only ) 452 { 453 $action = 'edit_user'; 454 } 455 456 if( $reload_page ) 457 { // reload the current page through header redirection: 458 if( $action != 'edit_user' ) 459 { 460 $action = 'list'; 461 } 462 header_redirect( regenerate_url( '', 'user_ID='.$edited_User->ID.'&action='.$action, '', '&' ) ); // will save $Messages into Session 463 } 464 break; 465 466 467 case 'default_settings': 468 $reload_page = false; // We set it to true, if a setting changes that needs a page reload (locale, admin skin, ..) 469 470 // Admin skin: 471 $cur_admin_skin = $UserSettings->get('admin_skin'); 472 473 $UserSettings->delete( 'admin_skin', $edited_User->ID ); 474 if( $cur_admin_skin 475 && $UserSettings->get('admin_skin', $edited_User->ID ) != $cur_admin_skin 476 && ($edited_User->ID == $current_User->ID) ) 477 { // admin_skin has changed: 478 $reload_page = true; 479 } 480 481 // Remove all UserSettings where a default exists: 482 foreach( $UserSettings->get_defaults() as $k => $v ) 483 { 484 $UserSettings->delete( $k, $edited_User->ID ); 485 } 486 487 // Update user settings: 488 if( $UserSettings->dbupdate() ) $Messages->add( T_('User feature settings have been changed.'), 'success'); 489 490 // PluginUserSettings 491 $any_plugin_settings_updated = false; 492 $Plugins->restart(); 493 while( $loop_Plugin = & $Plugins->get_next() ) 494 { 495 $pluginusersettings = $loop_Plugin->GetDefaultUserSettings( $tmp_params = array('for_editing'=>true) ); 496 497 if( empty($pluginusersettings) ) 498 { 499 continue; 500 } 501 502 foreach( $pluginusersettings as $k => $l_meta ) 503 { 504 if( isset($l_meta['layout']) || ! empty($l_meta['no_edit']) ) 505 { // a layout "setting" or not for editing 506 continue; 507 } 508 509 $loop_Plugin->UserSettings->delete($k, $edited_User->ID); 510 } 511 512 // Let the plugin handle custom fields: 513 $ok_to_update = $Plugins->call_method( $loop_Plugin->ID, 'PluginUserSettingsUpdateAction', $tmp_params = array( 514 'User' => & $edited_User, 'action' => 'reset' ) ); 515 516 if( $ok_to_update === false ) 517 { 518 $loop_Plugin->UserSettings->reset(); 519 } 520 elseif( $loop_Plugin->UserSettings->dbupdate() ) 521 { 522 $any_plugin_settings_updated = true; 523 } 524 } 525 if( $any_plugin_settings_updated ) 526 { 527 $Messages->add( T_('Usersettings of Plugins have been updated.'), 'success' ); 528 } 529 530 // Always display the profile again: 531 $action = 'edit_user'; 532 533 if( $reload_page ) 534 { // reload the current page through header redirection: 535 header_redirect( regenerate_url( '', 'user_ID='.$edited_User->ID.'&action='.$action, '', '&' ) ); // will save $Messages into Session 536 } 537 break; 538 539 540 case 'promote': 541 param( 'prom', 'string', true ); 542 543 if( !isset($edited_User) 544 || ! in_array( $prom, array('up', 'down') ) 545 || ( $prom == 'up' && $edited_User->get('level') > 9 ) 546 || ( $prom == 'down' && $edited_User->get('level') < 1 ) 547 ) 548 { 549 $Messages->add( T_('Invalid promotion.'), 'error' ); 550 } 551 else 552 { 553 $sql = ' 554 UPDATE T_users 555 SET user_level = user_level '.( $prom == 'up' ? '+' : '-' ).' 1 556 WHERE user_ID = '.$edited_User->ID; 557 558 if( $DB->query( $sql ) ) 559 { 560 $Messages->add( T_('User level changed.'), 'success' ); 561 } 562 else 563 { 564 $Messages->add( sprintf( 'Couldn\'t change %s\'s level.', $edited_User->login ), 'error' ); 565 } 566 } 567 break; 568 569 570 case 'delete_user': 571 /* 572 * Delete user 573 */ 574 if( !isset($edited_User) ) 575 debug_die( 'no User set' ); 576 577 if( $edited_User->ID == $current_User->ID ) 578 { 579 $Messages->add( T_('You can\'t delete yourself!'), 'error' ); 580 $action = 'view_user'; 581 break; 582 } 583 if( $edited_User->ID == 1 ) 584 { 585 $Messages->add( T_('You can\'t delete User #1!'), 'error' ); 586 $action = 'view_user'; 587 break; 588 } 589 590 if( param( 'confirm', 'integer', 0 ) ) 591 { // confirmed, Delete from DB: 592 $msg = sprintf( T_('User «%s» [%s] deleted.'), $edited_User->dget( 'fullname' ), $edited_User->dget( 'login' ) ); 593 $edited_User->dbdelete( $Messages ); 594 unset($edited_User); 595 forget_param('user_ID'); 596 $Messages->add( $msg, 'success' ); 597 $action = 'list'; 598 } 599 else 600 { // not confirmed, Check for restrictions: 601 memorize_param( 'user_ID', 'integer', true ); 602 if( ! $edited_User->check_delete( sprintf( T_('Cannot delete User «%s» [%s]'), $edited_User->dget( 'fullname' ), $edited_User->dget( 'login' ) ) ) ) 603 { // There are restrictions: 604 $action = 'view_user'; 605 } 606 } 607 break; 608 609 610 case 'del_settings_set': 611 // Delete a set of an array type setting: 612 param( 'plugin_ID', 'integer', true ); 613 param( 'set_path' ); 614 615 $admin_Plugins = & get_Cache('Plugins_admin'); 616 $admin_Plugins->restart(); 617 $edit_Plugin = & $admin_Plugins->get_by_ID($plugin_ID); 618 619 load_funcs('plugins/_plugin.funcs.php'); 620 _set_setting_by_path( $edit_Plugin, 'UserSettings', $set_path, NULL ); 621 622 $edit_Plugin->Settings->dbupdate(); 623 624 $action = 'edit_user'; 625 626 break; 627 628 629 case 'add_settings_set': // delegates to edit_settings 630 // Add a new set to an array type setting: 631 param( 'plugin_ID', 'integer', true ); 632 param( 'set_path', 'string', '' ); 633 634 $admin_Plugins = & get_Cache('Plugins_admin'); 635 $admin_Plugins->restart(); 636 $edit_Plugin = & $admin_Plugins->get_by_ID($plugin_ID); 637 638 load_funcs('plugins/_plugin.funcs.php'); 639 _set_setting_by_path( $edit_Plugin, 'UserSettings', $set_path, array() ); 640 641 $edit_Plugin->Settings->dbupdate(); 642 643 $action = 'edit_user'; 644 645 break; 646 647 648 // ---- GROUPS -------------------------------------------------------------------------------------- 649 650 case 'new_group': 651 // We want to create a new group: 652 if( isset( $edited_Group ) ) 653 { // We want to use a template 654 $new_Group = $edited_Group; // Copy ! 655 $new_Group->set( 'ID', 0 ); 656 $edited_Group = & $new_Group; 657 } 658 else 659 { // We use an empty group: 660 $edited_Group = & new Group(); 661 } 662 break; 663 664 665 case 'groupupdate': 666 if( empty($edited_Group) || !is_object($edited_Group) ) 667 { 668 $Messages->add( 'No group set!' ); // Needs no translation, should be prevented by UI. 669 $action = 'list'; 670 break; 671 } 672 param( 'edited_grp_name', 'string' ); 673 674 param_check_not_empty( 'edited_grp_name', T_('You must provide a group name!') ); 675 676 // check if the group name already exists for another group 677 $query = 'SELECT grp_ID FROM T_groups 678 WHERE grp_name = '.$DB->quote($edited_grp_name).' 679 AND grp_ID != '.$edited_Group->ID; 680 if( $q = $DB->get_var( $query ) ) 681 { 682 param_error( 'edited_grp_name', 683 sprintf( T_('This group name already exists! Do you want to <a %s>edit the existing group</a>?'), 684 'href="?ctrl=users&grp_ID='.$q.'"' ) ); 685 } 686 687 $edited_Group->set( 'name', $edited_grp_name ); 688 689 $edited_Group->set( 'perm_blogs', param( 'edited_grp_perm_blogs', 'string', true ) ); 690 $edited_Group->set( 'perm_spamblacklist', param( 'edited_grp_perm_spamblacklist', 'string', true ) ); 691 $edited_Group->set( 'perm_templates', param( 'edited_grp_perm_templates', 'integer', 0 ) ); 692 $edited_Group->set( 'perm_stats', param( 'edited_grp_perm_stats', 'string', true ) ); 693 $edited_Group->set( 'perm_options', param( 'edited_grp_perm_options', 'string', true ) ); 694 $edited_Group->set( 'perm_files', param( 'edited_grp_perm_files', 'string', true ) ); 695 696 if( $edited_Group->ID != 1 ) 697 { // Groups others than #1 can be prevented from logging in or editing users 698 $edited_Group->set( 'perm_admin', param( 'edited_grp_perm_admin', 'string', true ) ); 699 $edited_Group->set( 'perm_users', param( 'edited_grp_perm_users', 'string', true ) ); 700 } 701 702 if( $Messages->count( 'error' ) ) 703 { // We have found validation errors: 704 $action = 'edit_group'; 705 break; 706 } 707 708 if( $edited_Group->ID == 0 ) 709 { // Insert into the DB: 710 $edited_Group->dbinsert(); 711 $Messages->add( T_('New group created.'), 'success' ); 712 } 713 else 714 { // Commit update to the DB: 715 $edited_Group->dbupdate(); 716 $Messages->add( T_('Group updated.'), 'success' ); 717 } 718 // Commit changes in cache: 719 $GroupCache->add( $edited_Group ); 720 break; 721 722 723 case 'delete_group': 724 /* 725 * Delete group 726 */ 727 if( !isset($edited_Group) ) 728 debug_die( 'no Group set' ); 729 730 if( $edited_Group->ID == 1 ) 731 { 732 $Messages->add( T_('You can\'t delete Group #1!'), 'error' ); 733 $action = 'view_group'; 734 break; 735 } 736 if( $edited_Group->ID == $Settings->get('newusers_grp_ID' ) ) 737 { 738 $Messages->add( T_('You can\'t delete the default group for new users!'), 'error' ); 739 $action = 'view_group'; 740 break; 741 } 742 743 if( param( 'confirm', 'integer', 0 ) ) 744 { // confirmed, Delete from DB: 745 $msg = sprintf( T_('Group «%s» deleted.'), $edited_Group->dget( 'name' ) ); 746 $edited_Group->dbdelete( $Messages ); 747 unset($edited_Group); 748 forget_param('grp_ID'); 749 $Messages->add( $msg, 'success' ); 750 $action = 'list'; 751 } 752 else 753 { // not confirmed, Check for restrictions: 754 memorize_param( 'grp_ID', 'integer', true ); 755 if( ! $edited_Group->check_delete( sprintf( T_('Cannot delete Group «%s»'), $edited_Group->dget( 'name' ) ) ) ) 756 { // There are restrictions: 757 $action = 'view_group'; 758 } 759 } 760 break; 761 } 762 } 763 764 765 // We might delegate to this action from above: 766 if( $action == 'edit_user' ) 767 { 768 $Plugins->trigger_event( 'PluginUserSettingsEditAction', $tmp_params = array( 'User' => & $edited_User ) ); 769 770 $Session->delete( 'core.changepwd.request_id' ); // delete the request_id for password change request (from /htsrv/login.php) 771 } 772 773 774 // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect) 775 $AdminUI->disp_html_head(); 776 777 // Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions) 778 $AdminUI->disp_body_top(); 779 780 781 /* 782 * Display appropriate payload: 783 */ 784 switch( $action ) 785 { 786 case 'nil': 787 // Display NO payload! 788 break; 789 790 791 case 'delete_user': 792 // We need to ask for confirmation: 793 $edited_User->confirm_delete( 794 sprintf( T_('Delete user «%s» [%s]?'), $edited_User->dget( 'fullname' ), $edited_User->dget( 'login' ) ), 795 $action, get_memorized( 'action' ) ); 796 case 'new_user': 797 case 'view_user': 798 case 'edit_user': 799 // Display user form: 800 $AdminUI->disp_view( 'users/views/_user.form.php' ); 801 break; 802 803 804 case 'delete_group': 805 // We need to ask for confirmation: 806 $edited_Group->confirm_delete( 807 sprintf( T_('Delete group «%s»?'), $edited_Group->dget( 'name' ) ), 808 $action, get_memorized( 'action' ) ); 809 case 'new_group': 810 case 'edit_group': 811 case 'view_group': 812 // Display group form: 813 $AdminUI->disp_view( 'users/views/_group.form.php' ); 814 break; 815 816 817 case 'promote': 818 default: 819 // Display user list: 820 // NOTE: we don't want this (potentially very long) list to be displayed again and again) 821 $AdminUI->disp_payload_begin(); 822 $AdminUI->disp_view( 'users/views/_user_list.view.php' ); 823 $AdminUI->disp_payload_end(); 824 } 825 826 827 // Display body bottom, debug info and close </html>: 828 $AdminUI->disp_global_footer(); 829 830 /* 831 * $Log: users.ctrl.php,v $ 832 * Revision 1.3 2007/09/03 23:47:37 blueyed 833 * Use singleton Plugins_admin 834 * 835 * Revision 1.2 2007/07/09 20:11:53 fplanque 836 * admin skin switcher 837 * 838 * Revision 1.1 2007/06/25 11:01:44 fplanque 839 * MODULES (refactored MVC) 840 * 841 * Revision 1.51 2007/06/19 20:41:11 fplanque 842 * renamed generic functions to autoform_* 843 * 844 * Revision 1.50 2007/06/19 18:47:27 fplanque 845 * Nuked unnecessary Param (or I'm missing something badly :/) 846 * 847 * Revision 1.49 2007/05/26 22:21:32 blueyed 848 * Made $limit for Results configurable per user 849 * 850 * Revision 1.48 2007/04/26 00:11:15 fplanque 851 * (c) 2007 852 * 853 * Revision 1.47 2007/03/08 00:46:17 blueyed 854 * Fixed check for disallowing demouser-group-changes in demomode 855 * 856 * Revision 1.46 2007/02/21 22:21:30 blueyed 857 * "Multiple sessions" user setting 858 * 859 * Revision 1.45 2007/02/21 21:17:20 blueyed 860 * When resetting values to defaults, just delete all of them (defaults). 861 * 862 * Revision 1.44 2006/12/06 22:30:07 fplanque 863 * Fixed this use case: 864 * Users cannot register themselves. 865 * Admin creates users that are validated by default. (they don't have to validate) 866 * Admin can invalidate a user. (his email, address actually) 867 * 868 * Revision 1.43 2006/12/05 02:54:37 blueyed 869 * Go to user profile after resetting to defaults; fixed handling of action in case of redirecting 870 * 871 * Revision 1.42 2006/12/03 19:01:57 blueyed 872 * doc 873 * 874 * Revision 1.41 2006/12/03 16:37:14 fplanque 875 * doc 876 * 877 * Revision 1.40 2006/11/24 18:27:23 blueyed 878 * Fixed link to b2evo CVS browsing interface in file docblocks 879 * 880 * Revision 1.39 2006/11/24 18:06:02 blueyed 881 * Handle saving of $Messages centrally in header_redirect() 882 * 883 * Revision 1.38 2006/11/15 21:14:04 blueyed 884 * "Restore defaults" in user profile 885 * 886 * Revision 1.37 2006/11/13 20:49:52 fplanque 887 * doc/cleanup :/ 888 * 889 * Revision 1.36 2006/11/09 23:40:57 blueyed 890 * Fixed Plugin UserSettings array type editing; Added jquery and use it for AJAHifying Plugin (User)Settings editing of array types 891 * 892 * Revision 1.35 2006/10/30 19:00:36 blueyed 893 * Lazy-loading of Plugin (User)Settings for PHP5 through overloading 894 */ 895 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 23:58:50 2007 | par Balluche grâce à PHPXref 0.7 |
|
|