| [ Index ] |
|
Code source de GeekLog 1.4.1 |
1 <?php 2 3 /* Reminder: always indent with 4 spaces (no tabs). */ 4 // +---------------------------------------------------------------------------+ 5 // | Geeklog 1.4 | 6 // +---------------------------------------------------------------------------+ 7 // | user.php | 8 // | | 9 // | Geeklog user administration page. | 10 // +---------------------------------------------------------------------------+ 11 // | Copyright (C) 2000-2006 by the following authors: | 12 // | | 13 // | Authors: Tony Bibbs - tony AT tonybibbs DOT com | 14 // | Mark Limburg - mlimburg AT users DOT sourceforge DOT net | 15 // | Jason Whittenburg - jwhitten AT securitygeeks DOT com | 16 // | Dirk Haun - dirk AT haun-online DOT de | 17 // +---------------------------------------------------------------------------+ 18 // | | 19 // | This program is free software; you can redistribute it and/or | 20 // | modify it under the terms of the GNU General Public License | 21 // | as published by the Free Software Foundation; either version 2 | 22 // | of the License, or (at your option) any later version. | 23 // | | 24 // | This program is distributed in the hope that it will be useful, | 25 // | but WITHOUT ANY WARRANTY; without even the implied warranty of | 26 // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 27 // | GNU General Public License for more details. | 28 // | | 29 // | You should have received a copy of the GNU General Public License | 30 // | along with this program; if not, write to the Free Software Foundation, | 31 // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 32 // | | 33 // +---------------------------------------------------------------------------+ 34 // 35 // $Id: user.php,v 1.180 2006/12/28 09:27:54 dhaun Exp $ 36 37 // Set this to true to get various debug messages from this script 38 $_USER_VERBOSE = false; 39 40 require_once ('../lib-common.php'); 41 require_once ('auth.inc.php'); 42 require_once ($_CONF['path_system'] . 'lib-user.php'); 43 44 $display = ''; 45 46 // Make sure user has access to this page 47 if (!SEC_hasRights('user.edit')) { 48 $retval .= COM_siteHeader ('menu', $MESSAGE[30]); 49 $retval .= COM_startBlock ($MESSAGE[30], '', 50 COM_getBlockTemplate ('_msg_block', 'header')); 51 $retval .= $MESSAGE[37]; 52 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 53 $retval .= COM_siteFooter (); 54 COM_accessLog("User {$_USER['username']} tried to illegally access the user administration screen."); 55 echo $retval; 56 exit; 57 } 58 59 /** 60 * Display a list of checkboxes for the user's group assignments 61 * 62 * @param string $table DB Table to pull data from 63 * @param string $selection Comma delimited list of fields to pull from table 64 * @param string $where Where clause of SQL statement 65 * @param string $selected Value to set to CHECKED 66 * @return string HTML with Checkbox code 67 * @see function COM_checkList 68 * 69 */ 70 function GROUP_checkList ($table, $selection, $where='', $selected='') 71 { 72 global $_TABLES, $LANG_ACCESS; 73 74 $retval = ''; 75 76 $sql = "SELECT $selection FROM $table"; 77 if (!empty ($where)) { 78 $sql .= " WHERE $where"; 79 } 80 $result = DB_query ($sql); 81 $nrows = DB_numRows ($result); 82 83 if (empty ($selected)) { 84 $S = array (); 85 } else { 86 $S = explode (' ', $selected); 87 } 88 89 for ($i = 0; $i < $nrows; $i++) { 90 $A = DB_fetchArray ($result, true); 91 92 $readonly = false; 93 $input = '<input type="checkbox"'; 94 95 for ($x = 0; $x < count ($S); $x++) { 96 if ($A[0] == $S[$x]) { 97 $input .= ' checked="checked"'; 98 99 if (($A[1] == 'All Users') || ($A[1] == 'Logged-in Users')) { 100 $readonly = true; 101 } 102 } 103 } 104 if ($A[1] == 'Remote Users') { 105 $readonly = true; 106 } 107 108 if ($readonly) { 109 $input .= ' disabled="disabled">' 110 . '<input type="hidden" name="' . $table . '[]" value="' 111 . $A[0] . '" checked="checked">'; 112 $retval .= '<span title="' . $LANG_ACCESS['readonly'] . '">' 113 . $input . stripslashes ($A[1]) . '</span><br>' . LB; 114 } else { 115 $input .= ' name="' . $table . '[]" value="' . $A[0] . '"'; 116 $retval .= $input . '>' . stripslashes ($A[1]) . '<br>' . LB; 117 } 118 } 119 120 return $retval; 121 } 122 123 /** 124 * Shows the user edit form 125 * 126 * @param int $uid User to edit 127 * @param int $msg Error message to display 128 * @return string HTML for user edit form 129 * 130 */ 131 function edituser($uid = '', $msg = '') 132 { 133 global $_CONF, $_TABLES, $_USER, $LANG28, $LANG_ACCESS, $LANG_ADMIN, 134 $MESSAGE; 135 136 $retval = ''; 137 138 if (!empty ($msg)) { 139 $retval .= COM_startBlock ($LANG28[22], '', 140 COM_getBlockTemplate ('_msg_block', 'header')) 141 . $MESSAGE[$msg] 142 . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 143 } 144 145 if (!empty ($msg) && !empty ($uid) && ($uid > 1)) { 146 // an error occured while editing a user - if it was a new account, 147 // don't bother trying to read the user's data from the database ... 148 $cnt = DB_count ($_TABLES['users'], 'uid', $uid); 149 if ($cnt == 0) { 150 $uid = ''; 151 } 152 } 153 154 if (!empty ($uid) && ($uid > 1)) { 155 $result = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid = '$uid'"); 156 $A = DB_fetchArray($result); 157 if (empty ($A['uid'])) { 158 return COM_refresh ($_CONF['site_admin_url'] . '/user.php'); 159 } 160 161 if (SEC_inGroup('Root',$uid) AND !SEC_inGroup('Root')) { 162 // the current admin user isn't Root but is trying to change 163 // a root account. Deny them and log it. 164 $retval .= COM_startBlock ($LANG28[1], '', 165 COM_getBlockTemplate ('_msg_block', 'header')); 166 $retval .= $LANG_ACCESS['editrootmsg']; 167 COM_accessLog("User {$_USER['username']} tried to edit a Root account with insufficient privileges."); 168 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 169 return $retval; 170 } 171 $curtime = COM_getUserDateTimeFormat($A['regdate']); 172 $lastlogin = DB_getItem ($_TABLES['userinfo'], 'lastlogin', "uid = '$uid'"); 173 $lasttime = COM_getUserDateTimeFormat ($lastlogin); 174 } else { 175 $A['uid'] = ''; 176 $uid = ''; 177 $curtime = COM_getUserDateTimeFormat(); 178 $lastlogin = ''; 179 $lasttime = ''; 180 $A['status'] = USER_ACCOUNT_ACTIVE; 181 } 182 183 $retval .= COM_startBlock ($LANG28[1], '', 184 COM_getBlockTemplate ('_admin_block', 'header')); 185 186 $user_templates = new Template($_CONF['path_layout'] . 'admin/user'); 187 $user_templates->set_file (array ('form' => 'edituser.thtml', 188 'groupedit' => 'groupedit.thtml')); 189 $user_templates->set_var('site_url', $_CONF['site_url']); 190 $user_templates->set_var('site_admin_url', $_CONF['site_admin_url']); 191 $user_templates->set_var('layout_url', $_CONF['layout_url']); 192 $user_templates->set_var('lang_save', $LANG_ADMIN['save']); 193 if (!empty($uid) && ($A['uid'] != $_USER['uid']) && SEC_hasRights('user.delete')) { 194 $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] 195 . '" name="mode"%s>'; 196 $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; 197 $user_templates->set_var ('delete_option', 198 sprintf ($delbutton, $jsconfirm)); 199 $user_templates->set_var ('delete_option_no_confirmation', 200 sprintf ($delbutton, '')); 201 } 202 $user_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); 203 204 $user_templates->set_var('lang_userid', $LANG28[2]); 205 if (empty ($A['uid'])) { 206 $user_templates->set_var ('user_id', 'n/a'); 207 } else { 208 $user_templates->set_var ('user_id', $A['uid']); 209 } 210 $user_templates->set_var('lang_regdate', $LANG28[14]); 211 $user_templates->set_var('regdate_timestamp', $curtime[1]); 212 $user_templates->set_var('user_regdate', $curtime[0]); 213 $user_templates->set_var('lang_lastlogin', $LANG28[35]); 214 if (empty ($lastlogin)) { 215 $user_templates->set_var('user_lastlogin', $LANG28[36]); 216 } else { 217 $user_templates->set_var('user_lastlogin', $lasttime[0]); 218 } 219 $user_templates->set_var('lang_username', $LANG28[3]); 220 if (isset ($A['username'])) { 221 $user_templates->set_var('username', $A['username']); 222 } else { 223 $user_templates->set_var('username', ''); 224 } 225 226 if ($_CONF['allow_user_photo'] && ($A['uid'] > 0)) { 227 $photo = USER_getPhoto ($A['uid'], $A['photo'], $A['email'], -1); 228 $user_templates->set_var ('user_photo', $photo); 229 if (empty ($A['photo'])) { 230 $user_templates->set_var ('lang_delete_photo', ''); 231 $user_templates->set_var ('delete_photo_option', ''); 232 } else { 233 $user_templates->set_var ('lang_delete_photo', $LANG28[28]); 234 $user_templates->set_var ('delete_photo_option', 235 '<input type="checkbox" name="delete_photo">'); 236 } 237 } else { 238 $user_templates->set_var ('user_photo', ''); 239 $user_templates->set_var ('lang_delete_photo', ''); 240 $user_templates->set_var ('delete_photo_option', ''); 241 } 242 243 $user_templates->set_var('lang_fullname', $LANG28[4]); 244 if (isset ($A['fullname'])) { 245 $user_templates->set_var ('user_fullname', 246 htmlspecialchars ($A['fullname'])); 247 } else { 248 $user_templates->set_var ('user_fullname', ''); 249 } 250 $user_templates->set_var('lang_password', $LANG28[5]); 251 $user_templates->set_var('lang_password_conf', $LANG28[39]); 252 $user_templates->set_var('lang_emailaddress', $LANG28[7]); 253 if (isset ($A['email'])) { 254 $user_templates->set_var('user_email', htmlspecialchars($A['email'])); 255 } else { 256 $user_templates->set_var('user_email', ''); 257 } 258 $user_templates->set_var('lang_homepage', $LANG28[8]); 259 if (isset ($A['homepage'])) { 260 $user_templates->set_var ('user_homepage', 261 htmlspecialchars ($A['homepage'])); 262 } else { 263 $user_templates->set_var ('user_homepage', ''); 264 } 265 $user_templates->set_var('do_not_use_spaces', ''); 266 267 $statusarray = array (USER_ACCOUNT_AWAITING_ACTIVATION => $LANG28[43], 268 USER_ACCOUNT_ACTIVE => $LANG28[45] 269 ); 270 271 $allow_ban = true; 272 273 if ($A['uid'] == $_USER['uid']) { 274 $allow_ban = false; // do not allow to ban yourself 275 } else if (SEC_inGroup('Root',$A['uid'])) { // is this user a root user? 276 $count_root_sql = "SELECT COUNT(ug_uid) AS root_count FROM {$_TABLES['group_assignments']} " 277 . "WHERE ug_main_grp_id = 1 GROUP BY ug_uid;"; 278 $count_root_result = DB_query($count_root_sql); 279 $C = DB_fetchArray($count_root_result); // how many are left? 280 if ($C['root_count'] < 2) { 281 $allow_ban = false; // prevent banning the last root user 282 } 283 } 284 285 if ($allow_ban) { 286 $statusarray[USER_ACCOUNT_DISABLED] = $LANG28[42]; 287 } 288 289 if ($_CONF['usersubmission'] == 1) { 290 $statusarray[USER_ACCOUNT_AWAITING_APPROVAL] = $LANG28[44]; 291 } 292 asort($statusarray); 293 $statusselect = '<select name="userstatus">'; 294 foreach ($statusarray as $key => $value) { 295 $statusselect .= '<option value="' . $key . '"'; 296 if ($key == $A['status']) { 297 $statusselect .= ' selected="selected"'; 298 } 299 $statusselect .= '>' . $value . '</option>' . LB; 300 } 301 $statusselect .= '</select><input type="hidden" name="oldstatus" value="' 302 . $A['status'] . '">'; 303 $user_templates->set_var('user_status', $statusselect); 304 $user_templates->set_var('lang_user_status', $LANG28[46]); 305 306 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userEdit'))) { 307 if (!empty ($uid) && ($uid > 1)) { 308 $user_templates->set_var('customfields', CUSTOM_userEdit($uid) ); 309 } else { 310 $user_templates->set_var('customfields', CUSTOM_userEdit($A['uid']) ); 311 } 312 } 313 314 if (SEC_hasRights('group.edit')) { 315 $user_templates->set_var('lang_securitygroups', $LANG_ACCESS['securitygroups']); 316 $user_templates->set_var('lang_groupinstructions', $LANG_ACCESS['securitygroupsmsg']); 317 318 if (!empty($uid)) { 319 $usergroups = SEC_getUserGroups($uid); 320 if (is_array($usergroups) && !empty($uid)) { 321 $selected = implode(' ',$usergroups); 322 } else { 323 $selected = ''; 324 } 325 } else { 326 $selected = DB_getItem($_TABLES['groups'],'grp_id',"grp_name='All Users'") . ' '; 327 $selected .= DB_getItem($_TABLES['groups'],'grp_id',"grp_name='Logged-in Users'"); 328 } 329 $thisUsersGroups = SEC_getUserGroups (); 330 $remoteGroup = DB_getItem ($_TABLES['groups'], 'grp_id', 331 "grp_name='Remote Users'"); 332 if (!empty ($remoteGroup)) { 333 $thisUsersGroups[] = $remoteGroup; 334 } 335 $where = 'grp_id IN (' . implode (',', $thisUsersGroups) . ')'; 336 $user_templates->set_var ('group_options', 337 GROUP_checkList ($_TABLES['groups'], 'grp_id,grp_name', 338 $where, $selected)); 339 $user_templates->parse('group_edit', 'groupedit', true); 340 } else { 341 // user doesn't have the rights to edit a user's groups so set to -1 342 // so we know not to handle the groups array when we save 343 $user_templates->set_var ('group_edit', 344 '<input type="hidden" name="groups" value="-1">'); 345 } 346 $user_templates->parse('output', 'form'); 347 $retval .= $user_templates->finish($user_templates->get_var('output')); 348 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); 349 350 return $retval; 351 } 352 353 function listusers() 354 { 355 global $_CONF, $_TABLES, $LANG_ADMIN, $LANG28, $_IMAGE_TYPE; 356 357 require_once( $_CONF['path_system'] . 'lib-admin.php' ); 358 359 $display = ''; 360 361 if ($_CONF['lastlogin']) { 362 $login_text = $LANG28[41]; 363 $login_field = 'lastlogin'; 364 } else { 365 $login_text = $LANG28[40]; 366 $login_field = 'regdate'; 367 } 368 369 $header_arr = array( # dislay 'text' and use table field 'field' 370 array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), 371 array('text' => $LANG28[37], 'field' => $_TABLES['users'] . '.uid', 'sort' => true), 372 array('text' => $LANG28[3], 'field' => 'username', 'sort' => true), 373 array('text' => $LANG28[4], 'field' => 'fullname', 'sort' => true), 374 array('text' => $login_text, 'field' => $login_field, 'sort' => true) 375 ); 376 377 $header_arr[] = array('text' => $LANG28[7], 'field' => 'email', 'sort' => true); 378 379 $defsort_arr = array('field' => $_TABLES['users'] . '.uid', 380 'direction' => 'ASC'); 381 382 $menu_arr = array ( 383 array('url' => $_CONF['site_admin_url'] . '/user.php?mode=edit', 384 'text' => $LANG_ADMIN['create_new']), 385 array('url' => $_CONF['site_admin_url'] . '/user.php?mode=importform', 386 'text' => $LANG28[23]), 387 array('url' => $_CONF['site_admin_url'] . '/user.php?mode=batchdelete', 388 'text' => $LANG28[54]), 389 array('url' => $_CONF['site_admin_url'], 390 'text' => $LANG_ADMIN['admin_home']) 391 ); 392 393 $text_arr = array('has_menu' => true, 394 'has_extras' => true, 395 'title' => $LANG28[11], 396 'instructions' => $LANG28[12], 397 'icon' => $_CONF['layout_url'] . '/images/icons/user.' . $_IMAGE_TYPE, 398 'form_url' => $_CONF['site_admin_url'] . "/user.php", 399 'help_url' => '' 400 ); 401 402 if ($_CONF['lastlogin']) { 403 $join_userinfo="LEFT JOIN {$_TABLES['userinfo']} ON {$_TABLES['users']}.uid={$_TABLES['userinfo']}.uid "; 404 $select_userinfo=",lastlogin"; 405 } 406 $sql = "SELECT {$_TABLES['users']}.uid,username,fullname,email,photo,status,regdate$select_userinfo " 407 . "FROM {$_TABLES['users']} $join_userinfo WHERE 1=1"; 408 409 $query_arr = array('table' => 'users', 410 'sql' => $sql, 411 'query_fields' => array('username', 'email', 'fullname'), 412 'default_filter' => "AND {$_TABLES['users']}.uid > 1"); 413 414 $display .= ADMIN_list ("user", "ADMIN_getListField_users", $header_arr, $text_arr, 415 $query_arr, $menu_arr, $defsort_arr); 416 return $display; 417 } 418 419 /** 420 * Saves user to the database 421 * 422 * @param int $uid user id 423 * @param string $usernmae (short) user name 424 * @param string $fullname user's full name 425 * @param string $email user's email address 426 * @param string $regdate date the user registered with the site 427 * @param string $homepage user's homepage URL 428 * @param array $groups groups the user belongs to 429 * @param string $delete_photo delete user's photo if == 'on' 430 * @return string HTML redirect or error message 431 * 432 */ 433 function saveusers ($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus=3, $oldstatus=3) 434 { 435 global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE; 436 437 $retval = ''; 438 $userChanged = false; 439 440 if ($_USER_VERBOSE) COM_errorLog("**** entering saveusers****",1); 441 if ($_USER_VERBOSE) COM_errorLog("group size at beginning = " . sizeof($groups),1); 442 443 if ($passwd != $passwd_conf) { // passwords don't match 444 return edituser ($uid, 67); 445 } 446 447 if (!empty ($username) && !empty ($email)) { 448 449 if (!COM_isEmail ($email)) { 450 return edituser ($uid, 52); 451 } 452 453 $uname = addslashes ($username); 454 if (empty ($uid)) { 455 $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)', 456 "username = '$uname'"); 457 } else { 458 $uservice = DB_getItem ($_TABLES['users'], 'remoteservice', "uid = $uid"); 459 if ($uservice != '') { 460 $uservice = addslashes($uservice); 461 $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)', 462 "username = '$uname' AND uid <> $uid AND remoteservice = '$uservice'"); 463 } else { 464 $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)', 465 "username = '$uname' AND uid <> $uid AND (remoteservice = '' OR remoteservice is null)"); 466 } 467 } 468 if ($ucount > 0) { 469 // Admin just changed a user's username to one that already exists 470 return edituser ($uid, 51); 471 } 472 473 $emailaddr = addslashes ($email); 474 if (empty ($uid)) { 475 $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)', 476 "email = '$emailaddr'"); 477 } else { 478 $ucount = DB_getItem ($_TABLES['users'], 'COUNT(*)', 479 "email = '$emailaddr' AND uid <> $uid"); 480 } 481 if ($ucount > 0) { 482 // Admin just changed a user's email to one that already exists 483 return edituser ($uid, 56); 484 } 485 486 if (empty ($uid) || !empty ($passwd)) { 487 $passwd = md5 ($passwd); 488 } else { 489 $passwd = DB_getItem ($_TABLES['users'], 'passwd', "uid = $uid"); 490 } 491 492 if (empty ($uid)) { 493 if (empty ($passwd)) { 494 // no password? create one ... 495 srand ((double) microtime () * 1000000); 496 $passwd = rand (); 497 $passwd = md5 ($passwd); 498 $passwd = substr ($passwd, 1, 8); 499 $passwd = md5 ($passwd); 500 } 501 502 $uid = USER_createAccount ($username, $email, $passwd, $fullname, 503 $homepage); 504 if (($uid > 1) && ($_CONF['usersubmission'] == 1)) { 505 // we don't want to queue new users created by a User Admin 506 DB_query ("UPDATE {$_TABLES['users']} SET status = " . USER_ACCOUNT_AWAITING_ACTIVATION . " WHERE uid = $uid"); 507 } 508 } else { 509 $fullname = addslashes ($fullname); 510 $homepage = addslashes ($homepage); 511 $curphoto = DB_getItem($_TABLES['users'],'photo',"uid = $uid"); 512 if (!empty ($curphoto) && ($delete_photo == 'on')) { 513 USER_deletePhoto ($curphoto); 514 $curphoto = ''; 515 } 516 517 if (($_CONF['allow_user_photo'] == 1) && !empty ($curphoto)) { 518 $curusername = DB_getItem ($_TABLES['users'], 'username', 519 "uid = $uid"); 520 if ($curusername != $username) { 521 // user has been renamed - rename the photo, too 522 $newphoto = preg_replace ('/' . $curusername . '/', 523 $username, $curphoto, 1); 524 $imgpath = $_CONF['path_images'] . 'userphotos/'; 525 if (rename ($imgpath . $curphoto, 526 $imgpath . $newphoto) === false) { 527 $display = COM_siteHeader ('menu', $LANG28[22]); 528 $display .= COM_errorLog ('Could not rename userphoto "' 529 . $curphoto . '" to "' . $newphoto . '".'); 530 $display .= COM_siteFooter (); 531 return $display; 532 } 533 $curphoto = $newphoto; 534 } 535 } 536 537 $curphoto = addslashes ($curphoto); 538 DB_query("UPDATE {$_TABLES['users']} SET username = '$username', fullname = '$fullname', passwd = '$passwd', email = '$email', homepage = '$homepage', photo = '$curphoto', status='$userstatus' WHERE uid = $uid"); 539 if ($_CONF['custom_registration'] AND (function_exists('CUSTOM_userSave'))) { 540 CUSTOM_userSave($uid); 541 } 542 if( ($_CONF['usersubmission'] == 1) && ($oldstatus == USER_ACCOUNT_AWAITING_APPROVAL) 543 && ($userstatus == USER_ACCOUNT_ACTIVE) ) { 544 //USER_sendActivationEmail($username, $email); 545 USER_createAndSendPassword ($username, $email, $uid); 546 } 547 $userChanged = true; 548 } 549 550 // if groups is -1 then this user isn't allowed to change any groups so ignore 551 if (is_array ($groups) && SEC_inGroup ('Group Admin')) { 552 if (!SEC_inGroup ('Root')) { 553 $rootgrp = DB_getItem ($_TABLES['groups'], 'grp_id', 554 "grp_name = 'Root'"); 555 if (in_array ($rootgrp, $groups)) { 556 COM_accessLog ("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user $username."); 557 echo COM_refresh ($_CONF['site_admin_url'] . '/index.php'); 558 exit; 559 } 560 } 561 562 // make sure the Remote Users group is in $groups 563 if (SEC_inGroup ('Remote Users', $uid)) { 564 $remUsers = DB_getItem ($_TABLES['groups'], 'grp_id', 565 "grp_name = 'Remote Users'"); 566 if (!in_array ($remUsers, $groups)) { 567 $groups[] = $remUsers; 568 } 569 } 570 571 if ($_USER_VERBOSE) { 572 COM_errorLog("deleting all group_assignments for user $uid/$username",1); 573 } 574 575 // remove user from all groups that the User Admin is a member of 576 $UserAdminGroups = SEC_getUserGroups (); 577 $whereGroup = 'ug_main_grp_id IN (' 578 . implode (',', $UserAdminGroups) . ')'; 579 DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = $uid) AND " . $whereGroup); 580 581 // make sure to add user to All Users and Logged-in Users groups 582 $allUsers = DB_getItem ($_TABLES['groups'], 'grp_id', 583 "grp_name = 'All Users'"); 584 if (!in_array ($allUsers, $groups)) { 585 $groups[] = $allUsers; 586 } 587 $logUsers = DB_getItem ($_TABLES['groups'], 'grp_id', 588 "grp_name = 'Logged-in Users'"); 589 if (!in_array ($logUsers, $groups)) { 590 $groups[] = $logUsers; 591 } 592 593 foreach ($groups as $userGroup) { 594 if (in_array ($userGroup, $UserAdminGroups)) { 595 if ($_USER_VERBOSE) { 596 COM_errorLog ("adding group_assignment " . $userGroup 597 . " for $username", 1); 598 } 599 $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ($userGroup, $uid)"; 600 DB_query ($sql); 601 } 602 } 603 } 604 605 if ($userChanged) { 606 PLG_userInfoChanged ($uid); 607 } 608 609 $errors = DB_error(); 610 if (empty($errors)) { 611 echo COM_refresh($_CONF['site_admin_url'] . '/user.php?msg=21'); 612 } else { 613 $retval .= COM_siteHeader ('menu', $LANG28[22]); 614 $retval .= COM_errorLog ('Error in saveusers in ' 615 . $_CONF['site_admin_url'] . '/user.php'); 616 $retval .= COM_siteFooter (); 617 echo $retval; 618 exit; 619 } 620 } else { 621 $retval = COM_siteHeader('menu', $LANG28[1]); 622 $retval .= COM_errorLog($LANG28[10]); 623 if (DB_count($_TABLES['users'],'uid',$uid) > 0) { 624 $retval .= edituser($uid); 625 } else { 626 $retval .= edituser(); 627 } 628 $retval .= COM_siteFooter(); 629 echo $retval; 630 exit; 631 } 632 633 if ($_USER_VERBOSE) COM_errorLog("***************leaving saveusers*****************",1); 634 635 return $retval; 636 } 637 638 /** 639 * This function allows the batch deletion of users that are inactive 640 * It shows the form that will filter user that will be deleted 641 * 642 * @return string HTML Form 643 */ 644 function batchdelete() 645 { 646 global $_CONF, $_TABLES, $LANG_ADMIN, $LANG01, $LANG28, $_IMAGE_TYPE; 647 648 $display = ''; 649 if (!$_CONF['lastlogin']) { 650 $retval = '<br>'. $_LANG28[55]; 651 return $retval; 652 } 653 654 require_once( $_CONF['path_system'] . 'lib-admin.php' ); 655 656 $usr_type = ''; 657 if (isset($_REQUEST['usr_type'])) { 658 $usr_type = COM_applyFilter($_REQUEST['usr_type']); 659 } else { 660 $usr_type = 'phantom'; 661 } 662 $usr_time_arr = array(); 663 $usr_time = ''; 664 if (isset($_REQUEST['usr_time'])) { 665 $usr_time_arr = $_REQUEST['usr_time']; 666 } else { 667 $usr_time_arr['phantom'] = 2; 668 $usr_time_arr['short'] = 6; 669 $usr_time_arr['old'] = 24; 670 $usr_time_arr['recent'] = 1; 671 } 672 $usr_time = $usr_time_arr[$usr_type]; 673 674 // list of options for user display 675 // sel => form-id 676 // desc => title 677 // txt1 => text before input-field 678 // txt2 => text after input field 679 $opt_arr = array( 680 array('sel' => 'phantom', 'desc' => $LANG28[57], 'txt1' => $LANG28[60], 'txt2' => $LANG28[61]), 681 array('sel' => 'short', 'desc' => $LANG28[58], 'txt1' => $LANG28[62], 'txt2' => $LANG28[63]), 682 array('sel' => 'old', 'desc' => $LANG28[59], 'txt1' => $LANG28[64], 'txt2' => $LANG28[65]), 683 array('sel' => 'recent', 'desc' => $LANG28[74], 'txt1' => $LANG28[75], 'txt2' => $LANG28[76]) 684 ); 685 686 $user_templates = new Template($_CONF['path_layout'] . 'admin/user'); 687 $user_templates->set_file (array ('form' => 'batchdelete.thtml', 688 'options' => 'batchdelete_options.thtml')); 689 $user_templates->set_var ('site_admin_url', $_CONF['site_admin_url']); 690 $user_templates->set_var ('usr_type', $usr_type); 691 $user_templates->set_var ('usr_time', $usr_time); 692 $user_templates->set_var ('lang_instruction', $LANG28[56]); 693 $user_templates->set_var ('lang_updatelist', $LANG28[66]); 694 695 for ($i = 0; $i < count ($opt_arr); $i++) { 696 $selector = ''; 697 if ($usr_type == $opt_arr[$i]['sel']) { 698 $selector = ' checked="checked"'; 699 } 700 $user_templates->set_var ('sel_id', $opt_arr[$i]['sel']); 701 $user_templates->set_var ('selector', $selector); 702 $user_templates->set_var ('lang_description', $opt_arr[$i]['desc']); 703 $user_templates->set_var ('lang_text_start', $opt_arr[$i]['txt1']); 704 $user_templates->set_var ('lang_text_end', $opt_arr[$i]['txt2']); 705 $user_templates->set_var ('id_value', $usr_time_arr[$opt_arr[$i]['sel']]); 706 $user_templates->parse('options_list', 'options', true); 707 } 708 $user_templates->parse('form', 'form'); 709 $desc = $user_templates->finish($user_templates->get_var('form')); 710 711 $header_arr = array( # dislay 'text' and use table field 'field' 712 array('text' => $LANG28[37], 'field' => $_TABLES['users'] . '.uid', 'sort' => true), 713 array('text' => $LANG28[3], 'field' => 'username', 'sort' => true), 714 array('text' => $LANG28[4], 'field' => 'fullname', 'sort' => true) 715 ); 716 717 switch ($usr_type) { 718 case 'phantom': 719 $header_arr[] = array('text' => $LANG28[14], 'field' => 'regdate', 'sort' => true); 720 $header_arr[] = array('text' => $LANG28[41], 'field' => 'lastlogin_short', 'sort' => true); 721 $header_arr[] = array('text' => $LANG28[67], 'field' => 'phantom_date', 'sort' => true); 722 $list_sql = ", UNIX_TIMESTAMP()- UNIX_TIMESTAMP(regdate) as phantom_date"; 723 $filter_sql = "lastlogin = 0 AND UNIX_TIMESTAMP()- UNIX_TIMESTAMP(regdate) > " . ($usr_time * 2592000) . " AND"; 724 $sort = 'regdate'; 725 break; 726 case 'short': 727 $header_arr[] = array('text' => $LANG28[14], 'field' => 'regdate', 'sort' => true); 728 $header_arr[] = array('text' => $LANG28[41], 'field' => 'lastlogin_short', 'sort' => true); 729 $header_arr[] = array('text' => $LANG28[68], 'field' => 'online_hours', 'sort' => true); 730 $header_arr[] = array('text' => $LANG28[69], 'field' => 'offline_months', 'sort' => true); 731 $list_sql = ", (lastlogin - UNIX_TIMESTAMP(regdate)) AS online_hours, (UNIX_TIMESTAMP() - lastlogin) AS offline_months"; 732 $filter_sql = "lastlogin > 0 AND lastlogin - UNIX_TIMESTAMP(regdate) < 86400 " 733 . "AND UNIX_TIMESTAMP() - lastlogin > " . ($usr_time * 2592000) . " AND"; 734 $sort = 'lastlogin'; 735 break; 736 case 'old': 737 $header_arr[] = array('text' => $LANG28[41], 'field' => 'lastlogin_short', 'sort' => true); 738 $header_arr[] = array('text' => $LANG28[69], 'field' => 'offline_months', 'sort' => true); 739 $list_sql = ", (UNIX_TIMESTAMP() - lastlogin) AS offline_months"; 740 $filter_sql = "lastlogin > 0 AND (UNIX_TIMESTAMP() - lastlogin) > " . ($usr_time * 2592000) . " AND"; 741 $sort = 'lastlogin'; 742 break; 743 case 'recent': 744 $header_arr[] = array('text' => $LANG28[14], 'field' => 'regdate', 'sort' => true); 745 $header_arr[] = array('text' => $LANG28[41], 'field' => 'lastlogin_short', 'sort' => true); 746 $list_sql = ""; 747 $filter_sql = "(UNIX_TIMESTAMP() - UNIX_TIMESTAMP(regdate)) < " . ($usr_time * 2592000) . " AND"; 748 $sort = 'regdate'; 749 break; 750 } 751 752 $header_arr[] = array('text' => $LANG28[7], 'field' => 'email', 'sort' => true); 753 754 $menu_arr = array ( 755 array('url' => $_CONF['site_admin_url'] . '/user.php', 756 'text' => $LANG28[11]), 757 array('url' => $_CONF['site_admin_url'] . '/user.php?mode=importform', 758 'text' => $LANG28[23]), 759 array('url' => $_CONF['site_admin_url'], 760 'text' => $LANG_ADMIN['admin_home']) 761 ); 762 763 $text_arr = array('has_menu' => true, 764 'has_extras' => true, 765 'title' => $LANG28[54], 766 'instructions' => "$desc", 767 'icon' => $_CONF['layout_url'] . '/images/icons/user.' . $_IMAGE_TYPE, 768 'form_url' => $_CONF['site_admin_url'] . "/user.php?mode=batchdelete&usr_type=$usr_type&usr_time=$usr_time", 769 'help_url' => '' 770 ); 771 772 $defsort_arr = array('field' => $sort, 773 'direction' => 'ASC'); 774 775 $join_userinfo = "LEFT JOIN {$_TABLES['userinfo']} ON {$_TABLES['users']}.uid={$_TABLES['userinfo']}.uid "; 776 $select_userinfo = ", lastlogin as lastlogin_short $list_sql "; 777 778 $sql = "SELECT {$_TABLES['users']}.uid,username,fullname,email,photo,status,regdate$select_userinfo " 779 . "FROM {$_TABLES['users']} $join_userinfo WHERE 1=1"; 780 781 $query_arr = array ( 782 'table' => 'users', 783 'sql' => $sql, 784 'query_fields' => array('username', 'email', 'fullname'), 785 'default_filter' => "AND $filter_sql {$_TABLES['users']}.uid > 1" 786 ); 787 $listoptions = array('chkdelete' => true, 'chkfield' => 'uid'); 788 789 $display .= ADMIN_list ("user", "ADMIN_getListField_users", $header_arr, $text_arr, 790 $query_arr, $menu_arr, $defsort_arr, '', '', $listoptions); 791 792 $display .= "<input type=\"hidden\" name=\"mode\" value=\"batchdeleteexec\"></form>" . LB; 793 return $display; 794 // 795 796 } 797 /** 798 * This function deletes the users selected in the batchdeletelist function 799 * 800 * @return string HTML with success or error message 801 * 802 */ 803 function batchdeleteexec() 804 { 805 global $_CONF, $LANG28; 806 $msg = ''; 807 $user_list = array(); 808 if (isset($_POST['delitem'])) { 809 $user_list = $_POST['delitem']; 810 } 811 812 if (count($user_list) == 0) { 813 $msg = $LANG28[72] . "<br>"; 814 } 815 $c = 0; 816 817 if (isset($_POST['delitem']) AND is_array($_POST['delitem'])) { 818 foreach($_POST['delitem'] as $delitem) { 819 $delitem = COM_applyFilter($delitem); 820 if (!USER_deleteAccount ($delitem)) { 821 $msg .= "<strong>{$LANG28[2]} $delitem {$LANG28[70]}</strong><br>\n"; 822 } else { 823 $c++; // count the deleted users 824 } 825 } 826 } 827 828 // Since this function is used for deletion only, its necessary to say that 829 // zero where deleted instead of just leaving this message away. 830 COM_numberFormat($c); // just in case we have more than 999).. 831 $msg .= "{$LANG28[71]}: $c<br>\n"; 832 return $msg; 833 } 834 835 836 /** 837 * This function allows the administrator to import batches of users 838 * 839 * @param string $file file to import 840 * @return string HTML with success or error message 841 * 842 */ 843 function importusers ($file) 844 { 845 global $_CONF, $_TABLES, $LANG04, $LANG28; 846 847 // Setting this to true will cause import to print processing status to 848 // webpage and to the error.log file 849 $verbose_import = true; 850 851 $retval = ''; 852 853 // Bulk import implies admin authorisation: 854 $_CONF['usersubmission'] = 0; 855 856 // First, upload the file 857 require_once ($_CONF['path_system'] . 'classes/upload.class.php'); 858 859 $upload = new upload (); 860 $upload->setPath ($_CONF['path_data']); 861 $upload->setAllowedMimeTypes (array ('text/plain' => '.txt')); 862 $upload->setFileNames ('user_import_file.txt'); 863 if ($upload->uploadFiles ()) { 864 // Good, file got uploaded, now install everything 865 $thefile = current ($_FILES); 866 $filename = $_CONF['path_data'] . 'user_import_file.txt'; 867 } else { 868 // A problem occurred, print debug information 869 $retval = COM_siteHeader ('menu', $LANG28[22]); 870 $retval .= COM_startBlock ($LANG28[24], '', 871 COM_getBlockTemplate ('_msg_block', 'header')); 872 $retval .= $upload->printErrors (); 873 $retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer')); 874 875 return $retval; 876 } 877 878 $users = file ($filename); 879 880 $retval .= COM_siteHeader ('menu', $LANG28[24]); 881 $retval .= COM_startBlock ($LANG28[31], '', 882 COM_getBlockTemplate ('_admin_block', 'header')); 883 884 // Following variables track import processing statistics 885 $successes = 0; 886 $failures = 0; 887 foreach ($users as $line) { 888 $line = rtrim ($line); 889 if (empty ($line)) { 890 continue; 891 } 892 893 list ($full_name, $u_name, $email) = explode ("\t", $line); 894 895 $full_name = strip_tags ($full_name); 896 $u_name = COM_applyFilter ($u_name); 897 $email = COM_applyFilter ($email); 898 899 if ($verbose_import) { 900 $retval .="<br><b>Working on username=$u_name, fullname=$full_name, and email=$email</b><br>\n"; 901 COM_errorLog ("Working on username=$u_name, fullname=$full_name, and email=$email",1); 902 } 903 904 // prepare for database 905 $userName = trim ($u_name); 906 $fullName = trim ($full_name); 907 $emailAddr = trim ($email); 908 909 if (COM_isEmail ($email)) { 910 // email is valid form 911 $ucount = DB_count ($_TABLES['users'], 'username', 912 addslashes ($userName)); 913 $ecount = DB_count ($_TABLES['users'], 'email', 914 addslashes ($emailAddr)); 915 916 if ($ucount == 0 && ecount == 0) { 917 // user doesn't already exist 918 $uid = USER_createAccount ($userName, $emailAddr, '', 919 $fullName); 920 921 USER_createAndSendPassword ($userName, $emailAddr, $uid); 922 923 if ($verbose_import) { 924 $retval .= "<br> Account for <b>$u_name</b> created successfully.<br>\n"; 925 COM_errorLog("Account for $u_name created successfully",1); 926 } 927 $successes++; 928 } else { 929 if ($verbose_import) { 930 $retval .= "<br><b>$u_name</b> or <b>$email</b> already exists, account not created.<br>\n"; // user already exists 931 COM_errorLog("$u_name,$email: username or email already exists, account not created",1); 932 } 933 $failures++; 934 } // end if $ucount == 0 && ecount == 0 935 } else { 936 if ($verbose_import) { 937 $retval .= "<br><b>$email</b> is not a valid email address, account not created<br>\n"; // malformed email 938 COM_errorLog("$email is not a valid email address, account not created",1); 939 } 940 $failures++; 941 } // end if COM_isEmail($email) 942 } // end foreach 943 944 unlink ($filename); 945 946 $retval .= '<p>' . sprintf ($LANG28[32], $successes, $failures); 947 948 $retval .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); 949 $retval .= COM_siteFooter (); 950 951 return $retval; 952 } 953 954 /** 955 * Display "batch add" (import) form 956 * 957 * @return string HTML for import form 958 * 959 */ 960 function display_form () 961 { 962 global $_CONF, $LANG28; 963 964 $retval = '<form action="' . $_CONF['site_admin_url'] 965 . '/user.php" method="post" enctype="multipart/form-data">' 966 . $LANG28[29] . ': <input type="file" name="importfile" size="40">' 967 . '<input type="hidden" name="mode" value="import">' 968 . '<input type="submit" name="submit" value="' . $LANG28[30] 969 . '"></form>'; 970 971 return $retval; 972 } 973 974 /** 975 * Delete a user 976 * 977 * @param int $uid id of user to delete 978 * @return string HTML redirect 979 * 980 */ 981 function deleteUser ($uid) 982 { 983 global $_CONF; 984 985 if (!USER_deleteAccount ($uid)) { 986 return COM_refresh ($_CONF['site_admin_url'] . '/user.php'); 987 } 988 989 return COM_refresh ($_CONF['site_admin_url'] . '/user.php?msg=22'); 990 } 991 992 // MAIN 993 $mode = ''; 994 if (isset ($_REQUEST['mode'])) { 995 $mode = $_REQUEST['mode']; 996 } 997 998 if (isset ($_REQUEST['order'])) { 999 $order = COM_applyFilter ($_REQUEST['order'],true); 1000 } 1001 1002 if (isset ($_GET['direction'])) { 1003 $direction = COM_applyFilter ($_GET['direction']); 1004 } 1005 1006 if (isset ($_POST['passwd']) && isset ($_POST['passwd_conf']) && 1007 ($_POST['passwd'] != $_POST['passwd_conf'])) { 1008 // entered passwords were different 1009 $uid = COM_applyFilter ($_POST['uid'], true); 1010 if ($uid > 1) { 1011 $display .= COM_refresh ($_CONF['site_admin_url'] 1012 . '/user.php?mode=edit&msg=67&uid=' . $uid); 1013 } else { 1014 $display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php?msg=67'); 1015 } 1016 } else if (($mode == $LANG_ADMIN['delete']) && !empty ($LANG_ADMIN['delete'])) { // delete 1017 $uid = COM_applyFilter ($_POST['uid'], true); 1018 if ($uid > 1) { 1019 $display .= deleteUser ($uid); 1020 } else { 1021 COM_errorLog ('Attempted to delete user uid=' . $uid); 1022 $display = COM_refresh ($_CONF['site_admin_url'] . '/user.php'); 1023 } 1024 } else if (($mode == $LANG_ADMIN['save']) && !empty ($LANG_ADMIN['save'])) { // save 1025 $delphoto = ''; 1026 if (isset ($_POST['delete_photo'])) { 1027 $delphoto = $_POST['delete_photo']; 1028 } 1029 if (!isset ($_POST['oldstatus'])) { 1030 $_POST['oldstatus'] = USER_ACCOUNT_ACTIVE; 1031 } 1032 if (!isset ($_POST['userstatus'])) { 1033 $_POST['userstatus'] = USER_ACCOUNT_ACTIVE; 1034 } 1035 $display = saveusers (COM_applyFilter ($_POST['uid'], true), 1036 $_POST['username'], $_POST['fullname'], 1037 $_POST['passwd'], $_POST['passwd_conf'], $_POST['email'], 1038 $_POST['regdate'], $_POST['homepage'], 1039 $_POST[$_TABLES['groups']], 1040 $delphoto, $_POST['userstatus'], $_POST['oldstatus']); 1041 if (!empty($display)) { 1042 $tmp = COM_siteHeader('menu', $LANG28[22]); 1043 $tmp .= $display; 1044 $tmp .= COM_siteFooter(); 1045 $display = $tmp; 1046 } 1047 } else if ($mode == 'edit') { 1048 $display .= COM_siteHeader('menu', $LANG28[1]); 1049 $msg = ''; 1050 if (isset ($_GET['msg'])) { 1051 $msg = COM_applyFilter ($_GET['msg'], true); 1052 } 1053 $uid = ''; 1054 if (isset ($_GET['uid'])) { 1055 $uid = COM_applyFilter ($_GET['uid'], true); 1056 } 1057 $display .= edituser ($uid, $msg); 1058 $display .= COM_siteFooter(); 1059 } else if ($mode == 'import') { 1060 $display .= importusers ($_POST['file']); 1061 } else if ($mode == 'importform') { 1062 $display .= COM_siteHeader('menu', $LANG28[24]); 1063 $display .= COM_startBlock ($LANG28[24], '', 1064 COM_getBlockTemplate ('_admin_block', 'header')); 1065 $display .= $LANG28[25] . '<br><br>'; 1066 $display .= display_form(); 1067 $display .= COM_endBlock (COM_getBlockTemplate ('_admin_block', 'footer')); 1068 $display .= COM_siteFooter(); 1069 } else if ($mode == 'batchdelete') { 1070 $display .= COM_siteHeader ('menu', $LANG28[54]); 1071 $display .= batchdelete(); 1072 $display .= COM_siteFooter(); 1073 } else if ($mode == 'batchdeleteexec') { 1074 $msg = batchdeleteexec(); 1075 $display .= COM_siteHeader ('menu', $LANG28[11]); 1076 $timestamp = strftime( $_CONF['daytime'] ); 1077 $display .= COM_startBlock( $MESSAGE[40] . ' - ' . $timestamp, '', 1078 COM_getBlockTemplate( '_msg_block', 'header' )) 1079 . '<p style="padding:5px"><img src="' . $_CONF['layout_url'] 1080 . '/images/sysmessage.' . $_IMAGE_TYPE . '" border="0" align="left"' 1081 . ' alt="" style="padding-right:5px; padding-bottom:3px">' 1082 . $msg . '</p>' 1083 . COM_endBlock( COM_getBlockTemplate( '_msg_block', 'footer' )); 1084 $display .= batchdelete(); 1085 $display .= COM_siteFooter(); 1086 } else { // 'cancel' or no mode at all 1087 $display .= COM_siteHeader ('menu', $LANG28[11]); 1088 if (isset ($_REQUEST['msg'])) { 1089 $display .= COM_showMessage (COM_applyFilter ($_REQUEST['msg'], true)); 1090 } 1091 $display .= listusers(); 1092 $display .= COM_siteFooter(); 1093 } 1094 1095 echo $display; 1096 1097 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|