Context Navigation

source: branches/2.0singleton/services/admins.php @ 131

Last change on this file since 131 was 130, checked in by scdev, 18 years ago
finished updating DB:: to $db->
File size: 19.6 KB

Line
1	<?php
2	/**
3	* admins.php
4	* Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information
5	*/
6
7	// require_once dirname(__FILE__) . '/_config.inc.php';
8
9	$auth->requireLogin();
10	$app->sslOn();
11
12	require_once 'codebase/lib/PageNumbers.inc.php';
13	require_once 'codebase/lib/SessionCache.inc.php';
14	require_once 'codebase/lib/FormValidator.inc.php';
15	require_once 'codebase/lib/SortOrder.inc.php';
16	require_once 'codebase/lib/TemplateGlue.inc.php';
17	require_once 'codebase/lib/Prefs.inc.php';
18	require_once 'codebase/lib/RecordLock.inc.php';
19	require_once 'codebase/lib/RecordVersion.inc.php';
20
21
22	/******************************************************************************
23	* CONFIG
24	*****************************************************************************/
25
26	// Titles and navigation header.
27	$nav->addPage(_("Administrators"), $_SERVER['PHP_SELF']);
28
29	// The object to validate form input.
30	$fv = new FormValidator();
31
32	// Instantiate a sorting object with the default sort and order. Add SQL for each column.
33	$so = new SortOrder('admin_tbl.admin_id', 'DESC');
34	$so->setColumn('admin_tbl.admin_id', 'admin_tbl.admin_id ASC', 'admin_tbl.admin_id DESC');
35	$so->setColumn('admin_tbl.username', 'admin_tbl.username ASC', 'admin_tbl.username DESC');
36	$so->setColumn('admin_tbl.userpass', 'admin_tbl.userpass ASC', 'admin_tbl.userpass DESC');
37	$so->setColumn('admin_tbl.first_name', 'admin_tbl.first_name ASC', 'admin_tbl.first_name DESC');
38	$so->setColumn('admin_tbl.last_name', 'admin_tbl.last_name ASC', 'admin_tbl.last_name DESC');
39	$so->setColumn('admin_tbl.email', 'admin_tbl.email ASC', 'admin_tbl.email DESC');
40	$so->setColumn('admin_tbl.user_type', 'admin_tbl.user_type ASC', 'admin_tbl.user_type DESC');
41	$so->setColumn('admin_tbl.seconds_online', 'admin_tbl.seconds_online ASC', 'admin_tbl.seconds_online DESC');
42	$so->setColumn('admin_tbl.last_login_datetime', 'admin_tbl.last_login_datetime ASC', 'admin_tbl.last_login_datetime DESC');
43	$so->setColumn('admin_tbl.last_access_datetime', 'admin_tbl.last_access_datetime ASC', 'admin_tbl.last_access_datetime DESC');
44	$so->setColumn('admin_tbl.last_login_ip', 'admin_tbl.last_login_ip ASC', 'admin_tbl.last_login_ip DESC');
45	$so->setColumn('admin_tbl.added_by_user_id', 'admin_tbl.added_by_user_id ASC', 'admin_tbl.added_by_user_id DESC');
46	$so->setColumn('admin_tbl.modified_by_user_id', 'admin_tbl.modified_by_user_id ASC', 'admin_tbl.modified_by_user_id DESC');
47	$so->setColumn('admin_tbl.added_datetime', 'admin_tbl.added_datetime ASC', 'admin_tbl.added_datetime DESC');
48	$so->setColumn('admin_tbl.modified_datetime', 'admin_tbl.modified_datetime ASC', 'admin_tbl.modified_datetime DESC');
49
50	// Instantiate page numbers. Total items are set and calculation is done in the getRecordList function.
51	$page = new PageNumbers();
52	$page->setPerPage(getFormData('per_page'), 50);
53	$page->setPageNumber(getFormData('page_number'));
54
55	// Search limiters retain their values between page requests.
56	$app->carryQuery('search_query');
57
58
59	/******************************************************************************
60	* MAIN
61	*****************************************************************************/
62
63	// We may want to use the add/edit interface from another script, so this
64	// allows us to remember which page we came from so we can go back there.
65	if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) {
66	$app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admins');
67	}
68
69	if (getFormData('break_list_cache', false)) {
70	// Break the cache because we are changing the list data.
71	SessionCache::breakCache($_SERVER['PHP_SELF']);
72	}
73
74	// What action to take.
75	switch (getFormData('op')) {
76
77	case 'add' :
78	// Initialize variables for the form template.
79	$frm =& addRecordForm();
80	$nav->addPage(_("Add Admin"));
81	$main_template = 'admin_form.ihtml';
82	break;
83
84	case 'edit' :
85	// Initialize variables for the form template.
86	$frm =& editRecordForm(getFormData('admin_id'));
87	$nav->addPage(_("Edit Admin"));
88	$main_template = 'admin_form.ihtml';
89	break;
90
91	case 'del' :
92	deleteRecord(getFormData('admin_id'));
93	if ($app->validBoomerangURL('admins')) {
94	// Display boomerang page.
95	$app->dieBoomerangURL('admins');
96	}
97	// Display default page.
98	$app->dieURL($_SERVER['PHP_SELF']);
99	break;
100
101	case 'insert' :
102	if (getFormdata('cancel', false)) {
103	if ($app->validBoomerangURL('admins')) {
104	// Display boomerang page.
105	$app->dieBoomerangURL('admins');
106	}
107	// Display default page.
108	$app->dieURL($_SERVER['PHP_SELF']);
109	}
110	validateInput();
111	if ($fv->anyErrors()) {
112	$frm =& addRecordForm();
113	$frm = array_merge($frm, getFormData());
114	$nav->addPage(_("Add Admin"));
115	$main_template = 'admin_form.ihtml';
116	} else {
117	$admin_id = insertRecord(getFormData());
118	if (getFormdata('repeat', false)) {
119	// Display function again.
120	$app->dieURL($_SERVER['PHP_SELF'] . '?op=add');
121	} else if ($app->validBoomerangURL('admins')) {
122	// Display boomerang page.
123	$app->dieBoomerangURL('admins');
124	}
125	// Display default page.
126	$app->dieURL($_SERVER['PHP_SELF']);
127	}
128	break;
129
130	case 'update' :
131	if (getFormdata('reset', false)) {
132	$app->raiseMsg(_("Saved values have been reloaded."), MSG_NOTICE, __FILE__, __LINE__);
133	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . getFormData('admin_id'));
134	}
135	if (getFormdata('cancel', false)) {
136	// Remove lock
137	$lock->select('admin_tbl', 'admin_id', getFormData('admin_id'));
138	$lock->remove();
139	if ($app->validBoomerangURL('admins')) {
140	// Display boomerang page.
141	$app->dieBoomerangURL('admins');
142	}
143	// Display default page.
144	$app->dieURL($_SERVER['PHP_SELF']);
145	}
146	validateInput();
147	if ($fv->anyErrors()) {
148	$frm =& editRecordForm(getFormData('admin_id'));
149	$frm = array_merge($frm, getFormData());
150	$nav->addPage(_("Edit Admin"));
151	$main_template = 'admin_form.ihtml';
152	} else {
153	updateRecord(getFormData());
154	if (getFormdata('repeat', false)) {
155	// Display edit function with next available ID.
156	$qid = $db->query("SELECT admin_id FROM admin_tbl WHERE admin_id > '" . $db->escapeString(getFormData('admin_id')) . "' ORDER BY admin_id ASC LIMIT 1");
157	if (list($next_id) = mysql_fetch_row($qid)) {
158	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . $next_id);
159	} else {
160	$app->raiseMsg(_("Cannot edit next, the end of the list was reached"), MSG_NOTICE, __FILE__, __LINE__);
161	}
162	} else if ($app->validBoomerangURL('admins')) {
163	// Display boomerang page.
164	$app->dieBoomerangURL('admins');
165	}
166	// Display default page.
167	$app->dieURL($_SERVER['PHP_SELF']);
168	}
169	break;
170
171	default :
172	$list =& getRecordList();
173	$main_template = 'admin_list.ihtml';
174	break;
175	}
176
177	/******************************************************************************
178	* TEMPLATE INITIALIZATION
179	*****************************************************************************/
180
181	include 'header.ihtml';
182	include 'codebase/services/templates/' . $main_template;
183	include 'footer.ihtml';
184
185	/******************************************************************************
186	* FUNCTIONS
187	*****************************************************************************/
188
189
190	function validateInput()
191	{
192	global $fv, $auth;
193
194	// If the username was changed during edit, verify.
195	if (((getFormData('username') != getFormData('old_username')) && 'update' == getFormData('op'))
196	\|\| 'insert' == getFormData('op')) {
197	if ($auth->usernameExists(getFormData('username'))) {
198	$fv->addError('username', sprintf(_("The username <strong>%s</strong> already exists. Please choose another."), getFormData('username')));
199	}
200	}
201
202	if (getFormData('user_type') == 'root' && 'root' != $auth->getVal('user_type')) {
203	$fv->addError('user_type', sprintf(_("You do not have clearance to create a user with root privileges."), null));
204	}
205
206	$fv->numericRange('admin_id', -32768, 32767, _("<strong>Admin id</strong> must be a valid number between -32768 and 32767."));
207
208	$fv->isEmpty('username', _("<strong>Username</strong> cannot be blank."));
209	$fv->stringLength('username', 0, 255, _("<strong>Username</strong> must contain less than 256 characters."));
210
211	$fv->isEmpty('userpass', _("<strong>Passwords</strong> cannot be blank."));
212	$fv->stringLength('userpass', 6, 36, _("<strong>Passwords</strong> must be between 6 and 36 characters long."));
213
214	$fv->stringLength('first_name', 0, 255, _("<strong>First name</strong> must contain less than 256 characters."));
215
216	$fv->stringLength('last_name', 0, 255, _("<strong>Last name</strong> must contain less than 256 characters."));
217
218	$fv->isEmpty('email', _("<strong>Email</strong> cannot be blank."));
219	$fv->stringLength('email', 0, 255, _("<strong>Email</strong> must contain less than 256 characters."));
220	$fv->validateEmail('email');
221
222	$fv->isEmpty('user_type', _("<strong>User type</strong> cannot be blank."));
223	$fv->stringLength('user_type', 0, 255, _("<strong>User type</strong> has an invalid selection."));
224	}
225
226	function &addRecordForm()
227	{
228	// Set default values for the reset of the fields.
229	$frm = array(
230	'admin_id' => '',
231	'old_username' => '',
232	'username' => '',
233	'userpass' => '',
234	'first_name' => '',
235	'last_name' => '',
236	'email' => '',
237	'user_type' => '',
238	'seconds_online' => '0',
239	'last_login_datetime' => '0000-00-00 00:00:00',
240	'last_access_datetime' => '0000-00-00 00:00:00',
241	'last_login_ip' => '0.0.0.0',
242	'added_by_user_id' => '',
243	'modified_by_user_id' => '',
244	'added_datetime' => '0000-00-00 00:00:00',
245	'modified_datetime' => '0000-00-00 00:00:00',
246	'new_op' => 'insert',
247	'submit_buttons' => array(
248	'submit' => _("Add Admin"),
249	'repeat' => _("Add & repeat"),
250	'cancel' => _("Cancel"),
251	),
252	);
253
254	return $frm;
255	}
256
257	function &editRecordForm($id)
258	{
259	global $lock;
260	$app =& App::getInstance();
261	$db =& DB::getInstance();
262
263	$lock->select('admin_tbl', 'admin_id', $id);
264	if ($lock->isLocked() && !$lock->isMine()) {
265	$lock->dieErrorPage();
266	}
267
268	// Get the information for the form.
269	$qid = $db->query("
270	SELECT *
271	FROM admin_tbl
272	WHERE admin_id = '" . $db->escapeString($id) . "'
273	");
274	if (!$frm = mysql_fetch_assoc($qid)) {
275	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
276	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
277	$app->dieBoomerangURL();
278	}
279
280	// Lock this record.
281	$lock->set('admin_tbl', 'admin_id', $id, $frm['username']);
282
283	// Set misc values for the form.
284	$frm = array_merge(array(
285	'admin_id' => '',
286	'old_username' => $frm['username'],
287	'username' => '',
288	// 'userpass' => '****************',
289	'first_name' => '',
290	'last_name' => '',
291	'email' => '',
292	'user_type' => '',
293	'seconds_online' => '0',
294	'last_login_datetime' => '0000-00-00 00:00:00',
295	'last_access_datetime' => '0000-00-00 00:00:00',
296	'last_login_ip' => '0.0.0.0',
297	'added_by_user_id' => '',
298	'modified_by_user_id' => '',
299	'added_datetime' => '0000-00-00 00:00:00',
300	'modified_datetime' => '0000-00-00 00:00:00',
301	'new_op' => 'update',
302	'old_username' => $frm['username'],
303	'submit_buttons' => array(
304	'submit' => _("Save changes"),
305	'repeat' => _("Save & edit next"),
306	'reset' => _("Reset"),
307	'cancel' => _("Cancel"),
308	),
309	), $frm, array('userpass' => '****************'));
310
311	return $frm;
312	}
313
314	function deleteRecord($id)
315	{
316	global $auth, $lock;
317	$app =& App::getInstance();
318	$db =& DB::getInstance();
319
320	$lock->select('admin_tbl', 'admin_id', $id);
321	if ($lock->isLocked() && !$lock->isMine()) {
322	$lock->dieErrorPage();
323	}
324
325	// Break the cache because we are changing the list data.
326	SessionCache::breakCache($_SERVER['PHP_SELF']);
327
328	// Get the information for this object.
329	$qid = $db->query("
330	SELECT username, user_type from admin_tbl
331	WHERE admin_id = '" . $db->escapeString($id) . "'
332	");
333	if (! list($name, $user_type) = mysql_fetch_row($qid)) {
334	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
335	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
336	$app->dieBoomerangURL();
337	}
338
339	// Get the information for this object.
340	$qid = $db->query("SELECT COUNT(*) from admin_tbl");
341	list($num_admins) = mysql_fetch_row($qid);
342	if ('root' == $user_type && 'root' != $auth->getVal('user_type')) {
343	// Only root users can delete root users!
344	$app->raiseMsg(_("You do not have clearance to delete a root administrator."), MSG_NOTICE, __FILE__, __LINE__);
345	} else if ($num_admins <= 1) {
346	// There must always be at least one admnistrator!
347	$app->raiseMsg(_("You cannot delete the only administrator in the database. There must be at least one to log in and create other users."), MSG_NOTICE, __FILE__, __LINE__);
348	} else if ($auth->getVal('user_id') == $id) {
349	// Do not delete yourself!
350	$app->raiseMsg(_("You cannot delete yourself."), MSG_NOTICE, __FILE__, __LINE__);
351	} else {
352	// Delete the record.
353	$db->query("DELETE FROM admin_tbl WHERE admin_id = '" . $db->escapeString($id) . "'");
354	$app->raiseMsg(sprintf(_("The admin <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__);
355	}
356
357	// Unlock record.
358	$lock->remove();
359	}
360
361	function insertRecord($frm)
362	{
363	global $auth;
364	$app =& App::getInstance();
365	$db =& DB::getInstance();
366
367	// Break the cache because we are changing the list data.
368	SessionCache::breakCache($_SERVER['PHP_SELF']);
369
370	// Insert record data.
371	$db->query("
372	INSERT INTO admin_tbl (
373	username,
374	first_name,
375	last_name,
376	email,
377	user_type,
378	added_by_user_id,
379	added_datetime
380	) VALUES (
381	'" . $db->escapeString($frm['username']) . "',
382	'" . $db->escapeString($frm['first_name']) . "',
383	'" . $db->escapeString($frm['last_name']) . "',
384	'" . $db->escapeString($frm['email']) . "',
385	'" . $db->escapeString($frm['user_type']) . "',
386	'" . $db->escapeString($auth->getVal('user_id')) . "',
387	NOW()
388	)
389	");
390	$last_insert_id = mysql_insert_id($db->getDBH());
391
392	// Set admin password.
393	$auth->setPassword($last_insert_id, $frm['userpass']);
394
395	// Create version.
396	$version = RecordVersion::getInstance($GLOBALS['auth']);
397	$version->create('admin_tbl', 'admin_id', $last_insert_id, $frm['username']);
398
399	$app->raiseMsg(sprintf(_("The Admin <strong>%s</strong> has been added."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
400
401	return $last_insert_id;
402	}
403
404	function updateRecord($frm)
405	{
406	global $auth, $lock;
407	$app =& App::getInstance();
408	$db =& DB::getInstance();
409
410	$lock->select('admin_tbl', 'admin_id', $frm['admin_id']);
411	if ($lock->isLocked() && !$lock->isMine()) {
412	$lock->dieErrorPage();
413	}
414
415	// Break the cache because we are changing the list data.
416	SessionCache::breakCache($_SERVER['PHP_SELF']);
417
418	// If the userpass is left blank or with the filler **** characters, we don't want to update it.
419	if (!empty($frm['userpass']) && !preg_match('/[\*]{4,}/', $frm['userpass'])) {
420	// Set user password.
421	$auth->setPassword($frm['admin_id'], $frm['userpass']);
422	}
423
424	// Update record data.
425	$db->query("
426	UPDATE admin_tbl SET
427	username = '" . $db->escapeString($frm['username']) . "',
428	first_name = '" . $db->escapeString($frm['first_name']) . "',
429	last_name = '" . $db->escapeString($frm['last_name']) . "',
430	email = '" . $db->escapeString($frm['email']) . "',
431	user_type = '" . $db->escapeString($frm['user_type']) . "',
432	modified_by_user_id = '" . $db->escapeString($auth->getVal('user_id')) . "',
433	modified_datetime = NOW()
434	WHERE admin_id = '" . $db->escapeString($frm['admin_id']) . "'
435	");
436
437	// Create version.
438	$version = RecordVersion::getInstance($GLOBALS['auth']);
439	$version->create('admin_tbl', 'admin_id', $frm['admin_id'], $frm['username']);
440
441	$app->raiseMsg(sprintf(_("The Admin <strong>%s</strong> has been updated."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
442
443	// Unlock record.
444	$lock->remove();
445	}
446
447	function &getRecordList()
448	{
449	global $page;
450	global $so;
451	$db =& DB::getInstance();
452
453
454	$where_clause = '';
455
456	// Build search query if available.
457	if (getFormData('search_query', false)) {
458	$qry_words = preg_split('/[^\w]/', getFormData('search_query'));
459	for ($i=0; $i<sizeof($qry_words); $i++) {
460	$where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . "
461	(
462	admin_tbl.username LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
463	OR admin_tbl.first_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
464	OR admin_tbl.last_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
465	OR admin_tbl.email LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
466	)
467	";
468	}
469	}
470
471	// Count the total number of records so we can do something about the page numbers.
472	$qid = $db->query("
473	SELECT COUNT(*)
474	FROM admin_tbl
475	$where_clause
476	");
477	list($num_results) = mysql_fetch_row($qid);
478
479	// Set page numbers now we know (needed for next step).
480	$page->setTotalItems($num_results);
481	$page->calculate();
482
483	// Final SQL, with sort and page limiters.
484	$sql = "
485	SELECT
486	admin_tbl.*,
487	a1.username AS added_admin_username,
488	a2.username AS modified_admin_username
489	FROM admin_tbl
490	LEFT JOIN admin_tbl a1 ON (admin_tbl.added_by_user_id = a1.admin_id)
491	LEFT JOIN admin_tbl a2 ON (admin_tbl.modified_by_user_id = a2.admin_id)
492	$where_clause
493	" . $so->getSortOrderSQL() . "
494	" . $page->getLimitSQL() . "
495	";
496
497	// A unique key for this query, with the total_items in case db records
498	// were added since the last cache. This identifies a unique set of
499	// cached data, but we must refer to the list that is cached by a more
500	// generic name. so that we can flush the cache (if records updated)
501	// without knowing the hash.
502	$cache_hash = md5($sql . '\|' . $page->total_items);
503	if (Prefs::getValue('cache_hash', $_SERVER['PHP_SELF']) != $cache_hash) {
504	SessionCache::breakCache($_SERVER['PHP_SELF']);
505	Prefs::setValue('cache_hash', $cache_hash, $_SERVER['PHP_SELF']);
506	}
507
508	if (SessionCache::isCached($_SERVER['PHP_SELF']) && false) {
509	// Get the cached results.
510	$list = SessionCache::getCache($_SERVER['PHP_SELF']);
511	} else {
512	// If the list is not already cached, query now.
513	$qid = $db->query($sql);
514	// Fill an array with the items for this page.
515	while ($row = mysql_fetch_assoc($qid)) {
516	$list[] = $row;
517	}
518
519	if (isset($list) && !empty($list)) {
520	// Cache the results.
521	SessionCache::putCache($list, $_SERVER['PHP_SELF']);
522	}
523	}
524
525	return $list;
526	}
527
528	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: