Context Navigation

source: trunk/services/admins.php @ 149

Last change on this file since 149 was 147, checked in by scdev, 18 years ago
Q - Change Auth_SQL::getVal to Auth_SQL::get and Auth_SQL::setVal to Auth_SQL::set.
File size: 19.6 KB

Line
1	<?php
2	/**
3	* admins.php
4	* Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information
5	*/
6
7	// require_once dirname(__FILE__) . '/_config.inc.php';
8
9	$auth->requireLogin();
10	$app->sslOn();
11
12	require_once 'codebase/lib/PageNumbers.inc.php';
13	require_once 'codebase/lib/Cache.inc.php';
14	require_once 'codebase/lib/FormValidator.inc.php';
15	require_once 'codebase/lib/SortOrder.inc.php';
16	require_once 'codebase/lib/TemplateGlue.inc.php';
17	require_once 'codebase/lib/Prefs.inc.php';
18	require_once 'codebase/lib/Lock.inc.php';
19	require_once 'codebase/lib/Version.inc.php';
20
21
22	/********************************************************************
23	* CONFIG
24	********************************************************************/
25
26	// Titles and navigation header.
27	$nav->addPage(_("Administrators"), $_SERVER['PHP_SELF']);
28
29	// The object to validate form input.
30	$fv = new FormValidator();
31
32	$cache =& Cache::getInstance();
33
34	// Instantiate a sorting object with the default sort and order. Add SQL for each column.
35	$so = new SortOrder('admin_tbl.admin_id', 'DESC');
36	$so->setColumn('admin_tbl.admin_id', 'admin_tbl.admin_id ASC', 'admin_tbl.admin_id DESC');
37	$so->setColumn('admin_tbl.username', 'admin_tbl.username ASC', 'admin_tbl.username DESC');
38	$so->setColumn('admin_tbl.userpass', 'admin_tbl.userpass ASC', 'admin_tbl.userpass DESC');
39	$so->setColumn('admin_tbl.first_name', 'admin_tbl.first_name ASC', 'admin_tbl.first_name DESC');
40	$so->setColumn('admin_tbl.last_name', 'admin_tbl.last_name ASC', 'admin_tbl.last_name DESC');
41	$so->setColumn('admin_tbl.email', 'admin_tbl.email ASC', 'admin_tbl.email DESC');
42	$so->setColumn('admin_tbl.user_type', 'admin_tbl.user_type ASC', 'admin_tbl.user_type DESC');
43	$so->setColumn('admin_tbl.seconds_online', 'admin_tbl.seconds_online ASC', 'admin_tbl.seconds_online DESC');
44	$so->setColumn('admin_tbl.last_login_datetime', 'admin_tbl.last_login_datetime ASC', 'admin_tbl.last_login_datetime DESC');
45	$so->setColumn('admin_tbl.last_access_datetime', 'admin_tbl.last_access_datetime ASC', 'admin_tbl.last_access_datetime DESC');
46	$so->setColumn('admin_tbl.last_login_ip', 'admin_tbl.last_login_ip ASC', 'admin_tbl.last_login_ip DESC');
47	$so->setColumn('admin_tbl.added_by_user_id', 'admin_tbl.added_by_user_id ASC', 'admin_tbl.added_by_user_id DESC');
48	$so->setColumn('admin_tbl.modified_by_user_id', 'admin_tbl.modified_by_user_id ASC', 'admin_tbl.modified_by_user_id DESC');
49	$so->setColumn('admin_tbl.added_datetime', 'admin_tbl.added_datetime ASC', 'admin_tbl.added_datetime DESC');
50	$so->setColumn('admin_tbl.modified_datetime', 'admin_tbl.modified_datetime ASC', 'admin_tbl.modified_datetime DESC');
51
52	// Instantiate page numbers. Total items are set and calculation is done in the getRecordList function.
53	$page = new PageNumbers();
54	$page->setPerPage(getFormData('per_page'), 50);
55	$page->setPageNumber(getFormData('page_number'));
56
57	// Search limiters retain their values between page requests.
58	$app->carryQuery('search_query');
59
60
61	/********************************************************************
62	* MAIN
63	********************************************************************/
64
65	// We may want to use the add/edit interface from another script, so this
66	// allows us to remember which page we came from so we can go back there.
67	if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) {
68	$app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admins');
69	}
70
71	if (getFormData('break_list_cache', false)) {
72	// Break the cache because we are changing the list data.
73	$cache->delete($_SERVER['PHP_SELF']);
74	}
75
76	// What action to take.
77	switch (getFormData('op')) {
78
79	case 'add' :
80	// Initialize variables for the form template.
81	$frm =& addRecordForm();
82	$nav->addPage(_("Add Admin"));
83	$main_template = 'admin_form.ihtml';
84	break;
85
86	case 'edit' :
87	// Initialize variables for the form template.
88	$frm =& editRecordForm(getFormData('admin_id'));
89	$nav->addPage(_("Edit Admin"));
90	$main_template = 'admin_form.ihtml';
91	break;
92
93	case 'del' :
94	deleteRecord(getFormData('admin_id'));
95	if ($app->validBoomerangURL('admins')) {
96	// Display boomerang page.
97	$app->dieBoomerangURL('admins');
98	}
99	// Display default page.
100	$app->dieURL($_SERVER['PHP_SELF']);
101	break;
102
103	case 'insert' :
104	if (getFormdata('cancel', false)) {
105	if ($app->validBoomerangURL('admins')) {
106	// Display boomerang page.
107	$app->dieBoomerangURL('admins');
108	}
109	// Display default page.
110	$app->dieURL($_SERVER['PHP_SELF']);
111	}
112	validateInput();
113	if ($fv->anyErrors()) {
114	$frm =& addRecordForm();
115	$frm = array_merge($frm, getFormData());
116	$nav->addPage(_("Add Admin"));
117	$main_template = 'admin_form.ihtml';
118	} else {
119	$admin_id = insertRecord(getFormData());
120	if (getFormdata('repeat', false)) {
121	// Display function again.
122	$app->dieURL($_SERVER['PHP_SELF'] . '?op=add');
123	} else if ($app->validBoomerangURL('admins')) {
124	// Display boomerang page.
125	$app->dieBoomerangURL('admins');
126	}
127	// Display default page.
128	$app->dieURL($_SERVER['PHP_SELF']);
129	}
130	break;
131
132	case 'update' :
133	if (getFormdata('reset', false)) {
134	$app->raiseMsg(_("Saved values have been reloaded."), MSG_NOTICE, __FILE__, __LINE__);
135	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . getFormData('admin_id'));
136	}
137	if (getFormdata('cancel', false)) {
138	// Remove lock
139	$lock->select('admin_tbl', 'admin_id', getFormData('admin_id'));
140	$lock->remove();
141	if ($app->validBoomerangURL('admins')) {
142	// Display boomerang page.
143	$app->dieBoomerangURL('admins');
144	}
145	// Display default page.
146	$app->dieURL($_SERVER['PHP_SELF']);
147	}
148	validateInput();
149	if ($fv->anyErrors()) {
150	$frm =& editRecordForm(getFormData('admin_id'));
151	$frm = array_merge($frm, getFormData());
152	$nav->addPage(_("Edit Admin"));
153	$main_template = 'admin_form.ihtml';
154	} else {
155	updateRecord(getFormData());
156	if (getFormdata('repeat', false)) {
157	// Display edit function with next available ID.
158	$qid = $db->query("SELECT admin_id FROM admin_tbl WHERE admin_id > '" . $db->escapeString(getFormData('admin_id')) . "' ORDER BY admin_id ASC LIMIT 1");
159	if (list($next_id) = mysql_fetch_row($qid)) {
160	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . $next_id);
161	} else {
162	$app->raiseMsg(_("Cannot edit next, the end of the list was reached"), MSG_NOTICE, __FILE__, __LINE__);
163	}
164	} else if ($app->validBoomerangURL('admins')) {
165	// Display boomerang page.
166	$app->dieBoomerangURL('admins');
167	}
168	// Display default page.
169	$app->dieURL($_SERVER['PHP_SELF']);
170	}
171	break;
172
173	default :
174	$list =& getRecordList();
175	$main_template = 'admin_list.ihtml';
176	break;
177	}
178
179	/******************************************************************************
180	* TEMPLATE INITIALIZATION
181	*****************************************************************************/
182
183	include 'header.ihtml';
184	include 'codebase/services/templates/' . $main_template;
185	include 'footer.ihtml';
186
187	/********************************************************************
188	* FUNCTIONS
189	********************************************************************/
190
191
192	function validateInput()
193	{
194	global $fv, $auth;
195
196	// If the username was changed during edit, verify.
197	if (((getFormData('username') != getFormData('old_username')) && 'update' == getFormData('op'))
198	\|\| 'insert' == getFormData('op')) {
199	if ($auth->usernameExists(getFormData('username'))) {
200	$fv->addError('username', sprintf(_("The username %s already exists. Please choose another."), getFormData('username')));
201	}
202	}
203
204	if (getFormData('user_type') == 'root' && 'root' != $auth->get('user_type')) {
205	$fv->addError('user_type', sprintf(_("You do not have clearance to create a user with root privileges."), null));
206	}
207
208	$fv->numericRange('admin_id', -32768, 32767, _("<strong>Admin id</strong> must be a valid number between -32768 and 32767."));
209
210	$fv->isEmpty('username', _("<strong>Username</strong> cannot be blank."));
211	$fv->stringLength('username', 0, 255, _("<strong>Username</strong> must contain less than 256 characters."));
212
213	$fv->isEmpty('userpass', _("<strong>Passwords</strong> cannot be blank."));
214	$fv->stringLength('userpass', 6, 36, _("<strong>Passwords</strong> must be between 6 and 36 characters long."));
215
216	$fv->stringLength('first_name', 0, 255, _("<strong>First name</strong> must contain less than 256 characters."));
217
218	$fv->stringLength('last_name', 0, 255, _("<strong>Last name</strong> must contain less than 256 characters."));
219
220	$fv->isEmpty('email', _("<strong>Email</strong> cannot be blank."));
221	$fv->stringLength('email', 0, 255, _("<strong>Email</strong> must contain less than 256 characters."));
222	$fv->validateEmail('email');
223
224	$fv->isEmpty('user_type', _("<strong>User type</strong> cannot be blank."));
225	$fv->stringLength('user_type', 0, 255, _("<strong>User type</strong> has an invalid selection."));
226	}
227
228	function &addRecordForm()
229	{
230	// Set default values for the reset of the fields.
231	$frm = array(
232	'admin_id' => '',
233	'old_username' => '',
234	'username' => '',
235	'userpass' => '',
236	'first_name' => '',
237	'last_name' => '',
238	'email' => '',
239	'user_type' => '',
240	'seconds_online' => '0',
241	'last_login_datetime' => '0000-00-00 00:00:00',
242	'last_access_datetime' => '0000-00-00 00:00:00',
243	'last_login_ip' => '0.0.0.0',
244	'added_by_user_id' => '',
245	'modified_by_user_id' => '',
246	'added_datetime' => '0000-00-00 00:00:00',
247	'modified_datetime' => '0000-00-00 00:00:00',
248	'new_op' => 'insert',
249	'submit_buttons' => array(
250	'submit' => _("Add Admin"),
251	'repeat' => _("Add & repeat"),
252	'cancel' => _("Cancel"),
253	),
254	);
255
256	return $frm;
257	}
258
259	function &editRecordForm($id)
260	{
261	global $lock;
262	$app =& App::getInstance();
263	$db =& DB::getInstance();
264
265	$lock->select('admin_tbl', 'admin_id', $id);
266	if ($lock->isLocked() && !$lock->isMine()) {
267	$lock->dieErrorPage();
268	}
269
270	// Get the information for the form.
271	$qid = $db->query("
272	SELECT *
273	FROM admin_tbl
274	WHERE admin_id = '" . $db->escapeString($id) . "'
275	");
276	if (!$frm = mysql_fetch_assoc($qid)) {
277	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
278	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
279	$app->dieBoomerangURL();
280	}
281
282	// Lock this record.
283	$lock->set('admin_tbl', 'admin_id', $id, $frm['username']);
284
285	// Set misc values for the form.
286	$frm = array_merge(array(
287	'admin_id' => '',
288	'old_username' => $frm['username'],
289	'username' => '',
290	// 'userpass' => '****************',
291	'first_name' => '',
292	'last_name' => '',
293	'email' => '',
294	'user_type' => '',
295	'seconds_online' => '0',
296	'last_login_datetime' => '0000-00-00 00:00:00',
297	'last_access_datetime' => '0000-00-00 00:00:00',
298	'last_login_ip' => '0.0.0.0',
299	'added_by_user_id' => '',
300	'modified_by_user_id' => '',
301	'added_datetime' => '0000-00-00 00:00:00',
302	'modified_datetime' => '0000-00-00 00:00:00',
303	'new_op' => 'update',
304	'old_username' => $frm['username'],
305	'submit_buttons' => array(
306	'submit' => _("Save changes"),
307	'repeat' => _("Save & edit next"),
308	'reset' => _("Reset"),
309	'cancel' => _("Cancel"),
310	),
311	), $frm, array('userpass' => '****************'));
312
313	return $frm;
314	}
315
316	function deleteRecord($id)
317	{
318	global $auth, $lock;
319	$app =& App::getInstance();
320	$db =& DB::getInstance();
321	$cache =& Cache::getInstance();
322
323	$lock->select('admin_tbl', 'admin_id', $id);
324	if ($lock->isLocked() && !$lock->isMine()) {
325	$lock->dieErrorPage();
326	}
327
328	// Break the cache because we are changing the list data.
329	$cache->delete($_SERVER['PHP_SELF']);
330
331	// Get the information for this object.
332	$qid = $db->query("
333	SELECT username, user_type from admin_tbl
334	WHERE admin_id = '" . $db->escapeString($id) . "'
335	");
336	if (! list($name, $user_type) = mysql_fetch_row($qid)) {
337	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
338	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
339	$app->dieBoomerangURL();
340	}
341
342	// Get the information for this object.
343	$qid = $db->query("SELECT COUNT(*) from admin_tbl");
344	list($num_admins) = mysql_fetch_row($qid);
345	if ('root' == $user_type && 'root' != $auth->get('user_type')) {
346	// Only root users can delete root users!
347	$app->raiseMsg(_("You do not have clearance to delete a root administrator."), MSG_NOTICE, __FILE__, __LINE__);
348	} else if ($num_admins <= 1) {
349	// There must always be at least one admnistrator!
350	$app->raiseMsg(_("You cannot delete the only administrator in the database. There must be at least one to log in and create other users."), MSG_NOTICE, __FILE__, __LINE__);
351	} else if ($auth->get('user_id') == $id) {
352	// Do not delete yourself!
353	$app->raiseMsg(_("You cannot delete yourself."), MSG_NOTICE, __FILE__, __LINE__);
354	} else {
355	// Delete the record.
356	$db->query("DELETE FROM admin_tbl WHERE admin_id = '" . $db->escapeString($id) . "'");
357	$app->raiseMsg(sprintf(_("The admin <em>%s</em> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__);
358	}
359
360	// Unlock record.
361	$lock->remove();
362	}
363
364	function insertRecord($frm)
365	{
366	global $auth;
367	$app =& App::getInstance();
368	$db =& DB::getInstance();
369	$cache =& Cache::getInstance();
370
371	// Break the cache because we are changing the list data.
372	$cache->delete($_SERVER['PHP_SELF']);
373
374	// Insert record data.
375	$db->query("
376	INSERT INTO admin_tbl (
377	username,
378	first_name,
379	last_name,
380	email,
381	user_type,
382	added_by_user_id,
383	added_datetime
384	) VALUES (
385	'" . $db->escapeString($frm['username']) . "',
386	'" . $db->escapeString($frm['first_name']) . "',
387	'" . $db->escapeString($frm['last_name']) . "',
388	'" . $db->escapeString($frm['email']) . "',
389	'" . $db->escapeString($frm['user_type']) . "',
390	'" . $db->escapeString($auth->get('user_id')) . "',
391	NOW()
392	)
393	");
394	$last_insert_id = mysql_insert_id($db->getDBH());
395
396	// Set admin password.
397	$auth->setPassword($last_insert_id, $frm['userpass']);
398
399	// Create version.
400	$version = Version::getInstance($GLOBALS['auth']);
401	$version->create('admin_tbl', 'admin_id', $last_insert_id, $frm['username']);
402
403	$app->raiseMsg(sprintf(_("The Admin <em>%s</em> has been added."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
404
405	return $last_insert_id;
406	}
407
408	function updateRecord($frm)
409	{
410	global $auth, $lock;
411	$app =& App::getInstance();
412	$db =& DB::getInstance();
413	$cache =& Cache::getInstance();
414
415	$lock->select('admin_tbl', 'admin_id', $frm['admin_id']);
416	if ($lock->isLocked() && !$lock->isMine()) {
417	$lock->dieErrorPage();
418	}
419
420	// Break the cache because we are changing the list data.
421	$cache->delete($_SERVER['PHP_SELF']);
422
423	// If the userpass is left blank or with the filler **** characters, we don't want to update it.
424	if (!empty($frm['userpass']) && !preg_match('/[\*]{4,}/', $frm['userpass'])) {
425	// Set user password.
426	$auth->setPassword($frm['admin_id'], $frm['userpass']);
427	}
428
429	// Update record data.
430	$db->query("
431	UPDATE admin_tbl SET
432	username = '" . $db->escapeString($frm['username']) . "',
433	first_name = '" . $db->escapeString($frm['first_name']) . "',
434	last_name = '" . $db->escapeString($frm['last_name']) . "',
435	email = '" . $db->escapeString($frm['email']) . "',
436	user_type = '" . $db->escapeString($frm['user_type']) . "',
437	modified_by_user_id = '" . $db->escapeString($auth->get('user_id')) . "',
438	modified_datetime = NOW()
439	WHERE admin_id = '" . $db->escapeString($frm['admin_id']) . "'
440	");
441
442	// Create version.
443	$version = Version::getInstance($GLOBALS['auth']);
444	$version->create('admin_tbl', 'admin_id', $frm['admin_id'], $frm['username']);
445
446	$app->raiseMsg(sprintf(_("The Admin <em>%s</em> has been updated."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
447
448	// Unlock record.
449	$lock->remove();
450	}
451
452	function &getRecordList()
453	{
454	global $page;
455	global $so;
456	$db =& DB::getInstance();
457	$prefs =& Prefs::getInstance();
458	$cache =& Cache::getInstance();
459
460	$where_clause = '';
461
462	// Build search query if available.
463	if (getFormData('search_query', false)) {
464	$qry_words = preg_split('/[^\w]/', getFormData('search_query'));
465	for ($i=0; $i<sizeof($qry_words); $i++) {
466	$where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . "
467	(
468	admin_tbl.username LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
469	OR admin_tbl.first_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
470	OR admin_tbl.last_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
471	OR admin_tbl.email LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
472	)
473	";
474	}
475	}
476
477	// Count the total number of records so we can do something about the page numbers.
478	$qid = $db->query("
479	SELECT COUNT(*)
480	FROM admin_tbl
481	$where_clause
482	");
483	list($num_results) = mysql_fetch_row($qid);
484
485	// Set page numbers now we know (needed for next step).
486	$page->setTotalItems($num_results);
487	$page->calculate();
488
489	// Final SQL, with sort and page limiters.
490	$sql = "
491	SELECT
492	admin_tbl.*,
493	a1.username AS added_admin_username,
494	a2.username AS modified_admin_username
495	FROM admin_tbl
496	LEFT JOIN admin_tbl a1 ON (admin_tbl.added_by_user_id = a1.admin_id)
497	LEFT JOIN admin_tbl a2 ON (admin_tbl.modified_by_user_id = a2.admin_id)
498	$where_clause
499	" . $so->getSortOrderSQL() . "
500	" . $page->getLimitSQL() . "
501	";
502
503	// A unique key for this query, with the total_items in case db records
504	// were added since the last cache. This identifies a unique set of
505	// cached data, but we must refer to the list that is cached by a more
506	// generic name. so that we can flush the cache (if records updated)
507	// without knowing the hash.
508	$cache_hash = md5($sql . '\|' . $page->total_items);
509	if ($prefs->get('cache_hash', $_SERVER['PHP_SELF']) != $cache_hash) {
510	$cache->delete($_SERVER['PHP_SELF']);
511	$prefs->set('cache_hash', $cache_hash, $_SERVER['PHP_SELF']);
512	}
513
514	if ($cache->exists($_SERVER['PHP_SELF']) && false) {
515	// Get the cached results.
516	$list = $cache->get($_SERVER['PHP_SELF']);
517	} else {
518	// If the list is not already cached, query now.
519	$qid = $db->query($sql);
520	// Fill an array with the items for this page.
521	while ($row = mysql_fetch_assoc($qid)) {
522	$list[] = $row;
523	}
524
525	if (isset($list) && !empty($list)) {
526	// Cache the results.
527	$cache->set($list, $_SERVER['PHP_SELF']);
528	}
529	}
530
531	return $list;
532	}
533
534	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: