Context Navigation

admins.php

Last change on this file was 377, checked in by quinn, 14 years ago
Releasing trunk as stable version 2.1.5
File size: 22.2 KB

Line
1	<?php
2	/**
3	* The Strangecode Codebase - a general application development framework for PHP
4	* For details visit the project site: <http://trac.strangecode.com/codebase/>
5	* Copyright 2001-2010 Strangecode, LLC
6	*
7	* This file is part of The Strangecode Codebase.
8	*
9	* The Strangecode Codebase is free software: you can redistribute it and/or
10	* modify it under the terms of the GNU General Public License as published by the
11	* Free Software Foundation, either version 3 of the License, or (at your option)
12	* any later version.
13	*
14	* The Strangecode Codebase is distributed in the hope that it will be useful, but
15	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
16	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
17	* details.
18	*
19	* You should have received a copy of the GNU General Public License along with
20	* The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	/**
24	* admins.php
25	*/
26
27	// require_once dirname(__FILE__) . '/_config.inc.php';
28
29	$auth->requireLogin();
30	$app->sslOn();
31
32	require_once 'codebase/lib/PageNumbers.inc.php';
33	require_once 'codebase/lib/Cache.inc.php';
34	require_once 'codebase/lib/FormValidator.inc.php';
35	require_once 'codebase/lib/SortOrder.inc.php';
36	require_once 'codebase/lib/TemplateGlue.inc.php';
37	require_once 'codebase/lib/Prefs.inc.php';
38	require_once 'codebase/lib/Lock.inc.php';
39	require_once 'codebase/lib/Version.inc.php';
40
41
42	/********************************************************************
43	* CONFIG
44	********************************************************************/
45
46	// Titles and navigation header.
47	$nav->add(_("Administrators"), null);
48
49	// The object to validate form input.
50	$fv = new FormValidator();
51
52	// Configure the prefs object.
53	$tmp_prefs = new Prefs('admins');
54	$tmp_prefs->setParam(array('persistent' => false));
55
56	// Configure the cache object.
57	$cache = new Cache('admins');
58	$cache->setParam(array('enable' => true));
59
60	// Instantiate a sorting object with the default sort and order. Add SQL for each column.
61	$so = new SortOrder('admin_id', 'DESC');
62	$so->setColumn('admin_id', $auth->getParam('db_primary_key') . ' ASC', $auth->getParam('db_primary_key') . ' DESC');
63	$so->setColumn('username', $auth->getParam('db_username_column') . ' ASC', $auth->getParam('db_username_column') . ' DESC');
64	$so->setColumn('userpass', $auth->getParam('db_table') . '.userpass ASC', $auth->getParam('db_table') . '.userpass DESC');
65	$so->setColumn('first_name', $auth->getParam('db_table') . '.first_name ASC', $auth->getParam('db_table') . '.first_name DESC');
66	$so->setColumn('last_name', $auth->getParam('db_table') . '.last_name ASC', $auth->getParam('db_table') . '.last_name DESC');
67	$so->setColumn('email', $auth->getParam('db_table') . '.email ASC', $auth->getParam('db_table') . '.email DESC');
68	$so->setColumn('user_type', $auth->getParam('db_table') . '.user_type ASC', $auth->getParam('db_table') . '.user_type DESC');
69	$so->setColumn('seconds_online', $auth->getParam('db_table') . '.seconds_online ASC', $auth->getParam('db_table') . '.seconds_online DESC');
70	$so->setColumn('last_login_datetime', $auth->getParam('db_table') . '.last_login_datetime ASC', $auth->getParam('db_table') . '.last_login_datetime DESC');
71	$so->setColumn('last_access_datetime', $auth->getParam('db_table') . '.last_access_datetime ASC', $auth->getParam('db_table') . '.last_access_datetime DESC');
72	$so->setColumn('last_login_ip', $auth->getParam('db_table') . '.last_login_ip ASC', $auth->getParam('db_table') . '.last_login_ip DESC');
73	$so->setColumn('added_by_user_id', $auth->getParam('db_table') . '.added_by_user_id ASC', $auth->getParam('db_table') . '.added_by_user_id DESC');
74	$so->setColumn('modified_by_user_id', $auth->getParam('db_table') . '.modified_by_user_id ASC', $auth->getParam('db_table') . '.modified_by_user_id DESC');
75	$so->setColumn('added_datetime', $auth->getParam('db_table') . '.added_datetime ASC', $auth->getParam('db_table') . '.added_datetime DESC');
76	$so->setColumn('modified_datetime', $auth->getParam('db_table') . '.modified_datetime ASC', $auth->getParam('db_table') . '.modified_datetime DESC');
77
78	// Instantiate page numbers. Total items are set and calculation is done in the getRecordList function.
79	$page = new PageNumbers();
80	$page->setPerPage(getFormData('per_page'), 50);
81	$page->setPageNumber(getFormData('page_number'));
82
83	// Search limiters retain their values between page requests.
84	$app->carryQuery('search_query');
85
86
87	/********************************************************************
88	* MAIN
89	********************************************************************/
90
91	// We may want to use the add/edit interface from another script, so this
92	// allows us to remember which page we came from so we can go back there.
93	if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) {
94	$app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admins');
95	}
96
97	if (getFormData('break_list_cache', false)) {
98	// Remove any stale cached list data.
99	$cache->delete('list');
100	}
101
102	// What action to take.
103	switch (getFormData('op')) {
104
105	case 'add' :
106	// Initialize variables for the form template.
107	$frm =& addRecordForm();
108	$nav->add(_("Add Administrator"));
109	$main_template = 'admin_form.ihtml';
110	break;
111
112	case 'edit' :
113	// Initialize variables for the form template.
114	$frm =& editRecordForm(getFormData('admin_id'));
115	$nav->add(_("Edit Administrator"));
116	$main_template = 'admin_form.ihtml';
117	break;
118
119	case 'del' :
120	deleteRecord(getFormData('admin_id'));
121	if ($app->validBoomerangURL('admins')) {
122	// Display boomerang page.
123	$app->dieBoomerangURL('admins');
124	}
125	// Display default page.
126	$app->dieURL($_SERVER['PHP_SELF']);
127	break;
128
129	case 'insert' :
130	if (getFormdata('cancel', false)) {
131	if ($app->validBoomerangURL('admins')) {
132	// Display boomerang page.
133	$app->dieBoomerangURL('admins');
134	}
135	// Display default page.
136	$app->dieURL($_SERVER['PHP_SELF']);
137	}
138	validateInput();
139	if ($fv->anyErrors()) {
140	$frm =& addRecordForm();
141	$frm = array_merge($frm, getFormData());
142	$nav->add(_("Add Administrator"));
143	$main_template = 'admin_form.ihtml';
144	} else {
145	$admin_id = insertRecord(getFormData());
146	if (getFormdata('repeat', false)) {
147	// Display function again.
148	$app->dieURL($_SERVER['PHP_SELF'] . '?op=add');
149	} else if ($app->validBoomerangURL('admins')) {
150	// Display boomerang page.
151	$app->dieBoomerangURL('admins');
152	}
153	// Display default page.
154	$app->dieURL($_SERVER['PHP_SELF']);
155	}
156	break;
157
158	case 'update' :
159	if (getFormdata('reset', false)) {
160	$app->raiseMsg(_("Saved values have been reloaded."), MSG_NOTICE, __FILE__, __LINE__);
161	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . getFormData('admin_id'));
162	}
163	if (getFormdata('cancel', false)) {
164	// Remove lock
165	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), getFormData('admin_id'));
166	$lock->remove();
167	if ($app->validBoomerangURL('admins')) {
168	// Display boomerang page.
169	$app->dieBoomerangURL('admins');
170	}
171	// Display default page.
172	$app->dieURL($_SERVER['PHP_SELF']);
173	}
174	validateInput();
175	if ($fv->anyErrors()) {
176	$frm =& editRecordForm(getFormData('admin_id'));
177	$frm = array_merge($frm, getFormData());
178	$nav->add(_("Edit Administrator"));
179	$main_template = 'admin_form.ihtml';
180	} else {
181	updateRecord(getFormData());
182	if (getFormdata('repeat', false)) {
183	// Display edit function with next available ID.
184	$qid = $db->query("SELECT " . $auth->getParam('db_primary_key') . " FROM " . $auth->getParam('db_table') . " WHERE " . $auth->getParam('db_primary_key') . " > '" . $db->escapeString(getFormData('admin_id')) . "' ORDER BY " . $auth->getParam('db_primary_key') . " ASC LIMIT 1");
185	if (list($next_id) = mysql_fetch_row($qid)) {
186	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . $next_id);
187	} else {
188	$app->raiseMsg(_("Cannot edit next, the end of the list was reached"), MSG_NOTICE, __FILE__, __LINE__);
189	}
190	} else if ($app->validBoomerangURL('admins')) {
191	// Display boomerang page.
192	$app->dieBoomerangURL('admins');
193	}
194	// Display default page.
195	$app->dieURL($_SERVER['PHP_SELF']);
196	}
197	break;
198
199	default :
200	$list =& getRecordList();
201	$main_template = 'admin_list.ihtml';
202	break;
203	}
204
205	/******************************************************************************
206	* TEMPLATE INITIALIZATION
207	*****************************************************************************/
208
209	include 'header.ihtml';
210	include 'codebase/services/templates/' . $main_template;
211	include 'footer.ihtml';
212
213	/********************************************************************
214	* FUNCTIONS
215	********************************************************************/
216
217
218	function validateInput()
219	{
220	global $fv, $auth;
221
222	// If the username was changed during edit, verify.
223	if (((getFormData('username') != getFormData('old_username')) && 'update' == getFormData('op'))
224	\|\| 'insert' == getFormData('op')) {
225	if ($auth->usernameExists(getFormData('username'))) {
226	$fv->addError('username', sprintf(_("The username %s already exists. Please choose another."), getFormData('username')));
227	}
228	}
229
230	if (getFormData('user_type') == 'root' && 'root' != $auth->get('user_type')) {
231	$fv->addError('user_type', sprintf(_("You do not have clearance to create a user with root privileges."), null));
232	}
233
234	$fv->numericRange('admin_id', -32768, 32767, _("<strong>Admin id</strong> must be a valid number between -32768 and 32767."));
235
236	$fv->isEmpty('username', _("<strong>Username</strong> cannot be blank."));
237	$fv->stringLength('username', 0, 255, _("<strong>Username</strong> must contain less than 256 characters."));
238
239	$fv->isEmpty('userpass', _("<strong>Passwords</strong> cannot be blank."));
240	$fv->stringLength('userpass', 6, 36, _("<strong>Passwords</strong> must be between 6 and 36 characters long."));
241
242	$fv->stringLength('first_name', 0, 255, _("<strong>First name</strong> must contain less than 256 characters."));
243
244	$fv->stringLength('last_name', 0, 255, _("<strong>Last name</strong> must contain less than 256 characters."));
245
246	$fv->isEmpty('email', _("<strong>Email</strong> cannot be blank."));
247	$fv->stringLength('email', 0, 255, _("<strong>Email</strong> must contain less than 256 characters."));
248	$fv->validateEmail('email');
249
250	$fv->isEmpty('user_type', _("<strong>User type</strong> cannot be blank."));
251	$fv->stringLength('user_type', 0, 255, _("<strong>User type</strong> has an invalid selection."));
252	}
253
254	function &addRecordForm()
255	{
256	// Set default values for the reset of the fields.
257	$frm = array(
258	'admin_id' => '',
259	'old_username' => '',
260	'username' => '',
261	'userpass' => '',
262	'first_name' => '',
263	'last_name' => '',
264	'email' => '',
265	'user_type' => '',
266	'seconds_online' => '0',
267	'last_login_datetime' => '0000-00-00 00:00:00',
268	'last_access_datetime' => '0000-00-00 00:00:00',
269	'last_login_ip' => '0.0.0.0',
270	'added_by_user_id' => '',
271	'modified_by_user_id' => '',
272	'added_datetime' => '0000-00-00 00:00:00',
273	'modified_datetime' => '0000-00-00 00:00:00',
274	'new_op' => 'insert',
275	'submit_buttons' => array(
276	'submit' => _("Add Administrator"),
277	'repeat' => _("Add & repeat"),
278	'cancel' => _("Cancel"),
279	),
280	);
281
282	return $frm;
283	}
284
285	function &editRecordForm($id)
286	{
287	global $auth;
288	global $lock;
289	$app =& App::getInstance();
290	$db =& DB::getInstance();
291
292	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $id);
293	if ($lock->isLocked() && !$lock->isMine()) {
294	$lock->dieErrorPage();
295	}
296
297	// Get the information for the form.
298	$qid = $db->query("
299	SELECT *,
300	" . $auth->getParam('db_primary_key') . " AS admin_id
301	FROM " . $auth->getParam('db_table') . "
302	WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($id) . "'
303	");
304	if (!$frm = mysql_fetch_assoc($qid)) {
305	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
306	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
307	$app->dieBoomerangURL();
308	}
309
310	// Lock this record.
311	$lock->set($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $id, $frm['username']);
312
313	// Set misc values for the form.
314	$frm = array_merge(array(
315	'admin_id' => '',
316	'old_username' => $frm['username'],
317	'username' => '',
318	// 'userpass' => '****************',
319	'first_name' => '',
320	'last_name' => '',
321	'email' => '',
322	'user_type' => '',
323	'seconds_online' => '0',
324	'last_login_datetime' => '0000-00-00 00:00:00',
325	'last_access_datetime' => '0000-00-00 00:00:00',
326	'last_login_ip' => '0.0.0.0',
327	'added_by_user_id' => '',
328	'modified_by_user_id' => '',
329	'added_datetime' => '0000-00-00 00:00:00',
330	'modified_datetime' => '0000-00-00 00:00:00',
331	'new_op' => 'update',
332	'old_username' => $frm['username'],
333	'submit_buttons' => array(
334	'submit' => _("Save changes"),
335	'repeat' => _("Save & edit next"),
336	'reset' => _("Reset"),
337	'cancel' => _("Cancel"),
338	),
339	), $frm, array('userpass' => '****************'));
340
341	return $frm;
342	}
343
344	function deleteRecord($id)
345	{
346	global $auth;
347	global $lock;
348	global $cache;
349	$app =& App::getInstance();
350	$db =& DB::getInstance();
351
352	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $id);
353	if ($lock->isLocked() && !$lock->isMine()) {
354	$lock->dieErrorPage();
355	}
356
357	// Remove any stale cached list data.
358	$cache->delete('list');
359
360	// Get the information for this object.
361	$qid = $db->query("
362	SELECT " . $auth->getParam('db_username_column') . ", user_type from " . $auth->getParam('db_table') . "
363	WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($id) . "'
364	");
365	if (! list($name, $user_type) = mysql_fetch_row($qid)) {
366	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
367	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
368	$app->dieBoomerangURL();
369	}
370
371	// Get the information for this object.
372	$qid = $db->query("SELECT COUNT(*) from " . $auth->getParam('db_table') . "");
373	list($num_admins) = mysql_fetch_row($qid);
374	if ('root' == $user_type && 'root' != $auth->get('user_type')) {
375	// Only root users can delete root users!
376	$app->raiseMsg(_("You do not have clearance to delete a root administrator."), MSG_NOTICE, __FILE__, __LINE__);
377	} else if ($num_admins <= 1) {
378	// There must always be at least one admnistrator!
379	$app->raiseMsg(_("You cannot delete the only administrator in the database. There must be at least one to log in and create other users."), MSG_NOTICE, __FILE__, __LINE__);
380	} else if ($auth->get('user_id') == $id) {
381	// Do not delete yourself!
382	$app->raiseMsg(_("You cannot delete yourself."), MSG_NOTICE, __FILE__, __LINE__);
383	} else {
384	// Delete the record.
385	$db->query("DELETE FROM " . $auth->getParam('db_table') . " WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($id) . "'");
386	$app->raiseMsg(sprintf(_("The admin <em>%s</em> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__);
387	}
388
389	// Unlock record.
390	$lock->remove();
391	}
392
393	function insertRecord($frm)
394	{
395	global $auth;
396	global $cache;
397	$app =& App::getInstance();
398	$db =& DB::getInstance();
399
400	// Remove any stale cached list data.
401	$cache->delete('list');
402
403	// Insert record data.
404	$db->query("
405	INSERT INTO " . $auth->getParam('db_table') . " (
406	" . $auth->getParam('db_username_column') . ",
407	first_name,
408	last_name,
409	email,
410	user_type,
411	added_by_user_id,
412	added_datetime
413	) VALUES (
414	'" . $db->escapeString($frm['username']) . "',
415	'" . $db->escapeString($frm['first_name']) . "',
416	'" . $db->escapeString($frm['last_name']) . "',
417	'" . $db->escapeString($frm['email']) . "',
418	'" . $db->escapeString($frm['user_type']) . "',
419	'" . $db->escapeString($auth->get('user_id')) . "',
420	NOW()
421	)
422	");
423	$last_insert_id = mysql_insert_id($db->getDBH());
424
425	// Set admin password.
426	$auth->setPassword($last_insert_id, $frm['userpass']);
427
428	// Create version.
429	$version = Version::getInstance($auth);
430	$version->create($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $last_insert_id, $frm['username']);
431
432	$app->raiseMsg(sprintf(_("The Administrator <em>%s</em> has been added."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
433
434	return $last_insert_id;
435	}
436
437	function updateRecord($frm)
438	{
439	global $auth;
440	global $lock;
441	global $cache;
442	$app =& App::getInstance();
443	$db =& DB::getInstance();
444
445	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $frm['admin_id']);
446	if ($lock->isLocked() && !$lock->isMine()) {
447	$lock->dieErrorPage();
448	}
449
450	// Remove any stale cached list data.
451	$cache->delete('list');
452
453	// If the userpass is left blank or with the filler **** characters, we don't want to update it.
454	if (!empty($frm['userpass']) && !preg_match('/[\*]{4,}/', $frm['userpass'])) {
455	// Set user password.
456	$auth->setPassword($frm['admin_id'], $frm['userpass']);
457	}
458
459	// Update record data.
460	$db->query("
461	UPDATE " . $auth->getParam('db_table') . " SET
462	" . $auth->getParam('db_username_column') . " = '" . $db->escapeString($frm['username']) . "',
463	first_name = '" . $db->escapeString($frm['first_name']) . "',
464	last_name = '" . $db->escapeString($frm['last_name']) . "',
465	email = '" . $db->escapeString($frm['email']) . "',
466	user_type = '" . $db->escapeString($frm['user_type']) . "',
467	modified_by_user_id = '" . $db->escapeString($auth->get('user_id')) . "',
468	modified_datetime = NOW()
469	WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($frm['admin_id']) . "'
470	");
471
472	// Create version.
473	$version = Version::getInstance($auth);
474	$version->create($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $frm['admin_id'], $frm['username']);
475
476	$app->raiseMsg(sprintf(_("The Administrator <em>%s</em> has been updated."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
477
478	// Unlock record.
479	$lock->remove();
480	}
481
482	function &getRecordList()
483	{
484	global $page;
485	global $so;
486	global $tmp_prefs;
487	global $cache;
488	global $auth;
489	$db =& DB::getInstance();
490
491	$where_clause = '';
492
493	// Build search query if available.
494	if (getFormData('search_query', false)) {
495	$qry_words = preg_split('/[^\w]/', getFormData('search_query'));
496	for ($i=0; $i<sizeof($qry_words); $i++) {
497	$where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . "
498	(
499	" . $auth->getParam('db_table') . "." . $auth->getParam('db_username_column') . " LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
500	OR " . $auth->getParam('db_table') . ".first_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
501	OR " . $auth->getParam('db_table') . ".last_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
502	OR " . $auth->getParam('db_table') . ".email LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
503	)
504	";
505	}
506	}
507
508	// Count the total number of records so we can do something about the page numbers.
509	$qid = $db->query("
510	SELECT COUNT(*)
511	FROM " . $auth->getParam('db_table') . "
512	$where_clause
513	");
514	list($num_results) = mysql_fetch_row($qid);
515
516	// Set page numbers now we know (needed for next step).
517	$page->setTotalItems($num_results);
518	$page->calculate();
519
520	// Final SQL, with sort and page limiters.
521	$sql = "
522	SELECT
523	" . $auth->getParam('db_table') . ".*,
524	" . $auth->getParam('db_table') . "." . $auth->getParam('db_primary_key') . " AS admin_id,
525	a1." . $auth->getParam('db_username_column') . " AS added_admin_username,
526	a2." . $auth->getParam('db_username_column') . " AS modified_admin_username
527	FROM " . $auth->getParam('db_table') . "
528	LEFT JOIN " . $auth->getParam('db_table') . " a1 ON (" . $auth->getParam('db_table') . ".added_by_user_id = a1." . $auth->getParam('db_primary_key') . ")
529	LEFT JOIN " . $auth->getParam('db_table') . " a2 ON (" . $auth->getParam('db_table') . ".modified_by_user_id = a2." . $auth->getParam('db_primary_key') . ")
530	$where_clause
531	" . $so->getSortOrderSQL() . "
532	" . $page->getLimitSQL() . "
533	";
534
535	// Use a cash hash to determine if the result-set has changed.
536	// A unique key for this query, with the total_items in case db records
537	// were added since the last cache. This identifies a unique set of
538	// cached data, but we must refer to the list that is cached by a more
539	// generic name. so that we can flush the cache (if records updated)
540	// without knowing the hash.
541	$cache_hash = md5($sql . '\|' . $page->total_items);
542	if ($tmp_prefs->get('cache_hash') != $cache_hash) {
543	$cache->delete('list');
544	$tmp_prefs->set('cache_hash', $cache_hash);
545	}
546
547	// First try to return from the cache.
548	if ($cache->exists('list')) {
549	$list = $cache->get('list');
550	return $list;
551	}
552
553	// The list was not cached, so issue the real query.
554	$qid = $db->query($sql);
555	while ($row = mysql_fetch_assoc($qid)) {
556	$list[] = $row;
557	}
558
559	// Save this list into the cache.
560	if (isset($list) && !empty($list)) {
561	$cache->set('list', $list);
562	}
563
564	return $list;
565	}
566
567	?>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: tags/2.1.5/services/admins.php

Download in other formats: