| [ Index ] |
|
Code source de Serendipity 1.2 |
1 <?php # $Id: users.inc.php 1816 2007-08-06 10:18:39Z garvinhicking $ 2 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team) 3 # All rights reserved. See LICENSE file for licensing details 4 5 if (IN_serendipity !== true) { 6 die ('Don\'t hack!'); 7 } 8 9 if (!serendipity_checkPermission('adminUsers')) { 10 return; 11 } 12 13 require_once (S9Y_INCLUDE_PATH . 'include/functions_installer.inc.php'); 14 15 /* Delete a user */ 16 if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) { 17 $user = serendipity_fetchUsers($serendipity['POST']['user']); 18 if (($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $user[0]['userlevel'] >= $serendipity['serendipityUserlevel']) || !serendipity_checkPermission('adminUsersDelete')) { 19 echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . CREATE_NOT_AUTHORIZED . '</div>'; 20 } elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) { 21 echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>'; 22 } else { 23 $group_intersect = serendipity_intersectGroup($user[0]['authorid']); 24 25 if (serendipity_checkPermission('adminUsersMaintainOthers') || 26 (serendipity_checkPermission('adminUsersMaintainSame') && $group_intersect)) { 27 serendipity_deleteAuthor($user[0]['authorid']); 28 printf('<div class="serendipityAdminMsgSuccess"><img style="height: 22px; width: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_success.png') . '" alt="" />' . DELETED_USER . '</div>', $serendipity['POST']['user'], $user[0]['realname']); 29 serendipity_plugin_api::hook_event('backend_users_delete', $user[0]); 30 } else { 31 echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>'; 32 } 33 } 34 } 35 36 37 /* Save new user */ 38 if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) { 39 if (($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $_POST['userlevel'] >= $serendipity['serendipityUserlevel']) || !serendipity_checkPermission('adminUsersCreateNew')) { 40 echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . CREATE_NOT_AUTHORIZED . '</div>'; 41 } else { 42 $serendipity['POST']['user'] = serendipity_addAuthor($_POST['username'], $_POST['pass'], $_POST['realname'], $_POST['email'], $_POST['userlevel']); 43 44 $valid_groups = serendipity_getGroups($serendipity['authorid'], true); 45 /* Save all the properties */ 46 $config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE); 47 foreach($config as $category) { 48 foreach ($category['items'] as $item) { 49 if (in_array('groups', $item['flags'])) { 50 if (serendipity_checkPermission('adminUsersMaintainOthers')) { 51 52 // Void, no fixing neccessarry 53 54 } elseif (serendipity_checkPermission('adminUsersMaintainSame')) { 55 // Check that no user may assign groups he's not allowed to. 56 foreach($_POST[$item['var']] AS $groupkey => $groupval) { 57 if (in_array($groupval, $valid_groups)) { 58 continue; 59 } elseif ($groupval == 2 && in_array(3, $valid_groups)) { 60 // Admin is allowed to assign users to chief editors 61 continue; 62 } elseif ($groupval == 1 && in_array(2, $valid_groups)) { 63 // Chief is allowed to assign users to editors 64 continue; 65 } 66 67 unset($_POST[$item['var']][$groupkey]); 68 } 69 70 } else { 71 continue; 72 } 73 74 if (count($_POST[$item['var']]) < 1) { 75 echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . WARNING_NO_GROUPS_SELECTED . '</div>'; 76 } else { 77 serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false); 78 } 79 continue; 80 } 81 82 if (serendipity_checkConfigItemFlags($item, 'local')) { 83 serendipity_set_user_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user'], ($serendipity['authorid'] == $serendipity['POST']['authorid'] ? true : false)); 84 } 85 86 if (serendipity_checkConfigItemFlags($item, 'configuration')) { 87 serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user']); 88 } 89 } 90 } 91 92 serendipity_plugin_api::hook_event('backend_users_add', $serendipity['POST']['user']); 93 printf('<div class="serendipityAdminMsgSuccess"><img style="height: 22px; width: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_success.png') . '" alt="" />' . CREATED_USER . '</div>', '#' . $serendipity['POST']['user'] . ', ' . $_POST['realname']); 94 } 95 } 96 97 98 /* Edit a user */ 99 if (isset($_POST['SAVE_EDIT']) && serendipity_checkFormToken()) { 100 $user = serendipity_fetchUsers($serendipity['POST']['user']); 101 if (!serendipity_checkPermission('adminUsersMaintainOthers') && $user[0]['userlevel'] >= $serendipity['serendipityUserlevel']) { 102 echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . CREATE_NOT_AUTHORIZED . '</div>'; 103 } elseif ($_POST['userlevel'] > $serendipity['serendipityUserlevel']) { 104 echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>'; 105 } else { 106 $valid_groups = serendipity_getGroups($serendipity['authorid'], true); 107 $config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE); 108 foreach($config as $category) { 109 foreach ($category['items'] as $item) { 110 if (in_array('groups', $item['flags'])) { 111 if (serendipity_checkPermission('adminUsersMaintainOthers')) { 112 113 // Void, no fixing neccessarry 114 115 } elseif (serendipity_checkPermission('adminUsersMaintainSame')) { 116 117 // Check that no user may assign groups he's not allowed to. 118 foreach($_POST[$item['var']] AS $groupkey => $groupval) { 119 if (in_array($groupval, $valid_groups)) { 120 continue; 121 } elseif ($groupval == 2 && in_array(3, $valid_groups)) { 122 // Admin is allowed to assign users to chief editors 123 continue; 124 } elseif ($groupval == 1 && in_array(2, $valid_groups)) { 125 // Chief is allowed to assign users to editors 126 continue; 127 } 128 129 unset($_POST[$item['var']][$groupkey]); 130 } 131 132 } else { 133 continue; 134 } 135 136 if (count($_POST[$item['var']]) < 1) { 137 echo '<div class="serendipityAdminMsgError"><img style="width: 22px; height: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_error.png') . '" alt="" />' . WARNING_NO_GROUPS_SELECTED . '</div>'; 138 } else { 139 serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false); 140 } 141 continue; 142 } 143 144 if (serendipity_checkConfigItemFlags($item, 'local')) { 145 serendipity_set_user_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user'], ($serendipity['authorid'] == $serendipity['POST']['user'] ? true : false)); 146 } 147 148 if (serendipity_checkConfigItemFlags($item, 'configuration')) { 149 serendipity_set_config_var($item['var'], $_POST[$item['var']], $serendipity['POST']['user']); 150 } 151 } 152 } 153 154 $pl_data = array( 155 'id' => $serendipity['POST']['authorid'], 156 'authorid' => $serendipity['POST']['authorid'], 157 'username' => $_POST['username'], 158 'realname' => $_POST['realname'], 159 'email' => $_POST['email'] 160 ); 161 serendipity_updatePermalink($pl_data, 'author'); 162 163 serendipity_plugin_api::hook_event('backend_users_edit', $pl_data); 164 printf('<div class="serendipityAdminMsgSuccess"><img style="height: 22px; width: 22px; border: 0px; padding-right: 4px; vertical-align: middle" src="' . serendipity_getTemplateFile('admin/img/admin_msg_success.png') . '" alt="" />' . MODIFIED_USER . '</div>', $_POST['realname']); 165 } 166 } 167 168 if ($serendipity['GET']['adminAction'] != 'delete') { 169 ?> 170 <table width="100%"> 171 <tr> 172 <td><strong><?php echo USER; ?></strong></td> 173 <td width="100" align="center"><strong><?php echo USER_LEVEL ?></strong></td> 174 <td width="200"> </td> 175 </tr> 176 <tr> 177 <td colspan="3"> 178 <?php 179 if (serendipity_checkPermission('adminUsersMaintainOthers')) { 180 $users = serendipity_fetchUsers(''); 181 } elseif (serendipity_checkPermission('adminUsersMaintainSame')) { 182 $users = serendipity_fetchUsers('', serendipity_getGroups($serendipity['authorid'], true)); 183 } else { 184 $users = serendipity_fetchUsers($serendipity['authorid']); 185 } 186 187 $i = 0; 188 if (is_array($users)) { 189 foreach($users as $user) { 190 if ($user['userlevel'] < $serendipity['serendipityUserlevel'] || $user['authorid'] == $serendipity['authorid'] || $serendipity['serendipityUserlevel'] >= USERLEVEL_ADMIN ) { 191 if ( $user['userlevel'] >= USERLEVEL_ADMIN ) { 192 $img = serendipity_getTemplateFile('admin/img/user_admin.png'); 193 } elseif ( $user['userlevel'] >= USERLEVEL_CHIEF ) { 194 $img = serendipity_getTemplateFile('admin/img/user_chief.png'); 195 } else { 196 $img = serendipity_getTemplateFile('admin/img/user_editor.png'); 197 } 198 ?> 199 <div class="serendipity_admin_list_item serendipity_admin_list_item_<?php echo ($i++ % 2) ? 'even' : 'uneven' ?>"> 200 <table width="100%"> 201 <tr> 202 <?php /* TODO: Add username to list once tom figures out how to fix uneven rowstyles */ ?> 203 <td><img src="<?php echo $img ?>" alt="" style="border: 0px none ; vertical-align: bottom; display: inline;" /> <?php echo htmlspecialchars($user['realname']); ?></td> 204 <td width="100" align="center"><?php echo $user['userlevel']; ?></td> 205 <td width="200" align="right"> <a href="?serendipity[adminModule]=users&serendipity[adminAction]=edit&serendipity[userid]=<?php echo $user['authorid'] ?>#editform" title="<?php echo EDIT . " " . $user['realname']; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/edit.png'); ?>" alt="<?php echo EDIT . " " . $user['realname']; ?>" /><?php echo EDIT ?></a> 206 <a href="?<?php echo serendipity_setFormToken('url'); ?>&serendipity[adminModule]=users&serendipity[adminAction]=delete&serendipity[userid]=<?php echo $user['authorid'] ?>" title="<?php echo DELETE . " " . $user['realname']; ?>" class="serendipityIconLink"><img src="<?php echo serendipity_getTemplateFile('admin/img/delete.png'); ?>" alt="<?php echo DELETE . " " . $user['realname']; ?>" /><?php echo DELETE ?></a></td> 207 </tr> 208 </table> 209 </div> 210 <?php 211 } 212 } 213 } 214 ?> 215 </tr> 216 </tr> 217 <?php if ( !isset($_POST['NEW']) && serendipity_checkPermission('adminUsersCreateNew')) { ?> 218 <tr> 219 <td colspan="3" align="right"> 220 <form action="?serendipity[adminModule]=users" method="post"> 221 <input type="submit" name="NEW" value="<?php echo CREATE_NEW_USER; ?>" class="serendipityPrettyButton input_button" /> 222 </form> 223 </td> 224 </tr> 225 <?php } ?> 226 </table> 227 228 <?php 229 } 230 231 232 if ( ($serendipity['GET']['adminAction'] == 'edit' && serendipity_checkPermission('adminUsersDelete')) || (isset($_POST['NEW']) && serendipity_checkPermission('adminUsersCreateNew')) ) { 233 ?> 234 <br /> 235 <br /> 236 <hr noshade="noshade"> 237 <form action="?serendipity[adminModule]=users#editform" method="post"> 238 <?php echo serendipity_setFormToken(); ?> 239 <div> 240 <h3> 241 <?php 242 if ($serendipity['GET']['adminAction'] == 'edit') { 243 echo '<a id="editform"></a>'; 244 $user = serendipity_fetchUsers($serendipity['GET']['userid']); 245 $group_intersect = serendipity_intersectGroup($user[0]['authorid']); 246 247 if ($user[0]['userlevel'] >= $serendipity['serendipityUserlevel'] && $user[0]['authorid'] != $serendipity['authorid'] && !serendipity_checkPermission('adminUsersMaintainOthers')) { 248 echo '<strong>' . CREATE_NOT_AUTHORIZED . '</strong><br />'; 249 echo EDIT; 250 $from = array(); 251 } elseif (serendipity_checkPermission('adminUsersMaintainOthers') || 252 (serendipity_checkPermission('adminUsersMaintainSame') && $group_intersect)) { 253 echo EDIT; 254 $from = &$user[0]; 255 unset($from['password']); 256 echo '<input type="hidden" name="serendipity[user]" value="' . $from['authorid'] . '" />'; 257 } else { 258 echo '<strong>' . CREATE_NOT_AUTHORIZED . '</strong><br />'; 259 echo EDIT; 260 $from = array(); 261 } 262 } else { 263 echo CREATE; 264 $from = array(); 265 } 266 ?> 267 </h3> 268 269 <?php 270 $config = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE); 271 if (!empty($serendipity['GET']['userid'])) { 272 $from['groups'] = serendipity_getGroups($serendipity['GET']['userid']); 273 } else { 274 $from['groups'] = array(); 275 } 276 277 serendipity_printConfigTemplate($config, $from, true, false, true, true); 278 279 if ($serendipity['GET']['adminAction'] == 'edit') { ?> 280 <input type="submit" name="SAVE_EDIT" value="<?php echo SAVE; ?>" class="serendipityPrettyButton input_button" /> 281 <?php } else { ?> 282 <input type="submit" name="SAVE_NEW" value="<?php echo CREATE_NEW_USER; ?>" class="serendipityPrettyButton input_button" /> 283 <?php } ?> 284 285 </div> 286 </form> 287 <?php 288 } elseif ($serendipity['GET']['adminAction'] == 'delete' && serendipity_checkPermission('adminUsersDelete')) { 289 $user = serendipity_fetchUsers($serendipity['GET']['userid']); 290 $group_intersect = serendipity_intersectGroup($user[0]['authorid']); 291 292 if (serendipity_checkPermission('adminUsersMaintainOthers') || 293 (serendipity_checkPermission('adminUsersMaintainSame') && $group_intersect)) { 294 ?> 295 <form action="?serendipity[adminModule]=users" method="post"> 296 <div> 297 <?php printf(DELETE_USER, $serendipity['GET']['userid'], $user[0]['realname']); ?> 298 <br /><br /> 299 <?php echo serendipity_setFormToken(); ?> 300 <input type="hidden" name="serendipity[user]" value="<?php echo $serendipity['GET']['userid']; ?>" /> 301 <input type="submit" name="DELETE_YES" value="<?php echo DUMP_IT; ?>" class="serendipityPrettyButton input_button" /> 302 <input type="submit" name="NO" value="<?php echo NOT_REALLY; ?>" class="serendipityPrettyButton input_button" /> 303 </div> 304 </form> 305 <?php 306 } 307 } 308 309 /* vim: set sts=4 ts=4 expandtab : */ 310 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sat Nov 24 09:00:37 2007 | par Balluche grâce à PHPXref 0.7 |
|
|