Context Navigation

source: trunk/services/admins.php @ 502

Last change on this file since 502 was 497, checked in by anonymous, 10 years ago
Beginning the process of adapting codebase to foundation styles.
File size: 22.3 KB

Line
1	<?php
2	/**
3	* The Strangecode Codebase - a general application development framework for PHP
4	* For details visit the project site: <http://trac.strangecode.com/codebase/>
5	* Copyright 2001-2012 Strangecode, LLC
6	*
7	* This file is part of The Strangecode Codebase.
8	*
9	* The Strangecode Codebase is free software: you can redistribute it and/or
10	* modify it under the terms of the GNU General Public License as published by the
11	* Free Software Foundation, either version 3 of the License, or (at your option)
12	* any later version.
13	*
14	* The Strangecode Codebase is distributed in the hope that it will be useful, but
15	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
16	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
17	* details.
18	*
19	* You should have received a copy of the GNU General Public License along with
20	* The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	/**
24	* admins.php
25	*/
26
27	// require_once dirname(__FILE__) . '/_config.inc.php';
28
29	$app->sslOn();
30	$auth->requireLogin();
31
32	require_once 'codebase/lib/PageNumbers.inc.php';
33	require_once 'codebase/lib/Cache.inc.php';
34	require_once 'codebase/lib/FormValidator.inc.php';
35	require_once 'codebase/lib/SortOrder.inc.php';
36	require_once 'codebase/lib/HTML.inc.php';
37	require_once 'codebase/lib/Prefs.inc.php';
38	require_once 'codebase/lib/Lock.inc.php';
39	require_once 'codebase/lib/Version.inc.php';
40
41
42	/********************************************************************
43	* CONFIG
44	********************************************************************/
45
46	// Titles and navigation header.
47	$nav->add(_("Administrators"), null);
48
49	// The object to validate form input.
50	$fv = new FormValidator();
51
52	// Configure the prefs object.
53	$tmp_prefs = new Prefs('admins');
54	$tmp_prefs->setParam(array('persistent' => false));
55
56	// Configure the cache object.
57	$cache =& Cache::getInstance('admins');
58	$cache->setParam(array('enabled' => false)); // Better leave disabled; the list gets out of sync with the db otherwise, somehow.
59
60	// Instantiate a sorting object with the default sort and order. Add SQL for each column.
61	$so = new SortOrder('admin_id', 'DESC');
62	$so->setColumn('admin_id', $auth->getParam('db_primary_key') . ' ASC', $auth->getParam('db_primary_key') . ' DESC');
63	$so->setColumn('username', $auth->getParam('db_username_column') . ' ASC', $auth->getParam('db_username_column') . ' DESC');
64	$so->setColumn('userpass', $auth->getParam('db_table') . '.userpass ASC', $auth->getParam('db_table') . '.userpass DESC');
65	$so->setColumn('first_name', $auth->getParam('db_table') . '.first_name ASC', $auth->getParam('db_table') . '.first_name DESC');
66	$so->setColumn('last_name', $auth->getParam('db_table') . '.last_name ASC', $auth->getParam('db_table') . '.last_name DESC');
67	$so->setColumn('email', $auth->getParam('db_table') . '.email ASC', $auth->getParam('db_table') . '.email DESC');
68	$so->setColumn('seconds_online', $auth->getParam('db_table') . '.seconds_online ASC', $auth->getParam('db_table') . '.seconds_online DESC');
69	$so->setColumn('last_login_datetime', $auth->getParam('db_table') . '.last_login_datetime ASC', $auth->getParam('db_table') . '.last_login_datetime DESC');
70	$so->setColumn('last_access_datetime', $auth->getParam('db_table') . '.last_access_datetime ASC', $auth->getParam('db_table') . '.last_access_datetime DESC');
71	$so->setColumn('last_login_ip', $auth->getParam('db_table') . '.last_login_ip ASC', $auth->getParam('db_table') . '.last_login_ip DESC');
72	$so->setColumn('added_by_user_id', $auth->getParam('db_table') . '.added_by_user_id ASC', $auth->getParam('db_table') . '.added_by_user_id DESC');
73	$so->setColumn('modified_by_user_id', $auth->getParam('db_table') . '.modified_by_user_id ASC', $auth->getParam('db_table') . '.modified_by_user_id DESC');
74	$so->setColumn('added_datetime', $auth->getParam('db_table') . '.added_datetime ASC', $auth->getParam('db_table') . '.added_datetime DESC');
75	$so->setColumn('modified_datetime', $auth->getParam('db_table') . '.modified_datetime ASC', $auth->getParam('db_table') . '.modified_datetime DESC');
76
77	// Instantiate page numbers. Total items are set and calculation is done in the getRecordList function.
78	$page = new PageNumbers();
79	$page->setPerPage(getFormData('per_page'), 50);
80	$page->setPageNumber(getFormData('page_number'));
81
82	// Query parameters to retain only locally.
83	$locally_carried_queries = array(
84	'search_query',
85	);
86
87	/********************************************************************
88	* MAIN
89	********************************************************************/
90
91	// We may want to use the add/edit interface from another script, so this
92	// allows us to remember which page we came from so we can go back there.
93	if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) {
94	$app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admins');
95	}
96
97	if (getFormData('break_list_cache', false)) {
98	// Remove any stale cached list data.
99	$cache->delete('list');
100	}
101
102	// What action to take.
103	switch (getFormData('op')) {
104
105	case 'add' :
106	// Initialize variables for the form template.
107	$frm =& addRecordForm();
108	$nav->add(_("Add Administrator"));
109	$main_template = 'admin_form.ihtml';
110	break;
111
112	case 'edit' :
113	// Initialize variables for the form template.
114	$frm =& editRecordForm(getFormData('admin_id'));
115	$nav->add(_("Edit Administrator"));
116	$main_template = 'admin_form.ihtml';
117	break;
118
119	case 'del' :
120	deleteRecord(getFormData('admin_id'));
121	if ($app->validBoomerangURL('admins')) {
122	// Display boomerang page.
123	$app->dieBoomerangURL('admins', $locally_carried_queries);
124	}
125	// Display default page.
126	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
127	break;
128
129	case 'insert' :
130	if (getFormdata('cancel', false)) {
131	if ($app->validBoomerangURL('admins')) {
132	// Display boomerang page.
133	$app->dieBoomerangURL('admins', $locally_carried_queries);
134	}
135	// Display default page.
136	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
137	}
138	validateInput();
139	if ($fv->anyErrors()) {
140	$frm =& addRecordForm();
141	$frm = array_merge($frm, getFormData());
142	$nav->add(_("Add Administrator"));
143	$main_template = 'admin_form.ihtml';
144	} else {
145	$admin_id = insertRecord(getFormData());
146	if (getFormdata('repeat', false)) {
147	// Display function again.
148	$app->dieURL($_SERVER['PHP_SELF'] . '?op=add', $locally_carried_queries);
149	} else if ($app->validBoomerangURL('admins')) {
150	// Display boomerang page.
151	$app->dieBoomerangURL('admins', $locally_carried_queries);
152	}
153	// Display default page.
154	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
155	}
156	break;
157
158	case 'update' :
159	if (getFormdata('reset', false)) {
160	$app->raiseMsg(_("Saved values have been reloaded."), MSG_NOTICE, __FILE__, __LINE__);
161	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . getFormData('admin_id'), $locally_carried_queries);
162	}
163	if (getFormdata('cancel', false)) {
164	// Remove lock
165	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), getFormData('admin_id'));
166	$lock->remove();
167	if ($app->validBoomerangURL('admins')) {
168	// Display boomerang page.
169	$app->dieBoomerangURL('admins', $locally_carried_queries);
170	}
171	// Display default page.
172	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
173	}
174	validateInput();
175	if ($fv->anyErrors()) {
176	$frm =& editRecordForm(getFormData('admin_id'));
177	$frm = array_merge($frm, getFormData());
178	$nav->add(_("Edit Administrator"));
179	$main_template = 'admin_form.ihtml';
180	} else {
181	updateRecord(getFormData());
182	if (getFormdata('repeat', false)) {
183	// Display edit function with next available ID.
184	$qid = $db->query("SELECT " . $auth->getParam('db_primary_key') . " FROM " . $auth->getParam('db_table') . " WHERE " . $auth->getParam('db_primary_key') . " > '" . $db->escapeString(getFormData('admin_id')) . "' ORDER BY " . $auth->getParam('db_primary_key') . " ASC LIMIT 1");
185	if (list($next_id) = mysql_fetch_row($qid)) {
186	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . $next_id, $locally_carried_queries);
187	} else {
188	$app->raiseMsg(_("Cannot edit next, the end of the list was reached"), MSG_NOTICE, __FILE__, __LINE__);
189	}
190	} else if ($app->validBoomerangURL('admins')) {
191	// Display boomerang page.
192	$app->dieBoomerangURL('admins', $locally_carried_queries);
193	}
194	// Display default page.
195	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
196	}
197	break;
198
199	default :
200	$list =& getRecordList();
201	$main_template = 'admin_list.ihtml';
202	break;
203	}
204
205	/******************************************************************************
206	* TEMPLATE INITIALIZATION
207	*****************************************************************************/
208
209	include 'header.ihtml';
210	$app->carryQuery($locally_carried_queries);
211	include 'codebase/services/templates/' . $main_template;
212	include 'footer.ihtml';
213
214	/********************************************************************
215	* FUNCTIONS
216	********************************************************************/
217
218
219	function validateInput()
220	{
221	global $fv, $auth;
222
223	// If the username was changed during edit, verify.
224	if (((getFormData('username') != getFormData('old_username')) && 'update' == getFormData('op'))
225	\|\| 'insert' == getFormData('op')) {
226	if ($auth->usernameExists(getFormData('username'))) {
227	$fv->addError('username', sprintf(_("The username %s already exists. Please choose another."), getFormData('username')));
228	}
229	}
230
231	$fv->numericRange('admin_id', 0, 32767, _("<strong>Admin id</strong> must be a valid number between 0 and 32767."));
232
233	$fv->isEmpty('username', _("<strong>Username</strong> cannot be blank."));
234	$fv->stringLength('username', 0, 255, _("<strong>Username</strong> must contain less than 256 characters."));
235
236	$fv->isEmpty('userpass', _("<strong>Passwords</strong> cannot be blank."));
237	$fv->stringLength('userpass', 8, 36, _("<strong>Passwords</strong> must be between 8 and 36 characters long."));
238
239	$fv->stringLength('first_name', 0, 255, _("<strong>First name</strong> must contain less than 256 characters."));
240
241	$fv->stringLength('last_name', 0, 255, _("<strong>Last name</strong> must contain less than 256 characters."));
242
243	$fv->isEmpty('email', _("<strong>Email</strong> cannot be blank."));
244	$fv->validateEmail('email');
245	}
246
247	function &addRecordForm()
248	{
249	// Set default values for the reset of the fields.
250	$frm = array(
251	'admin_id' => '',
252	'old_username' => '',
253	'username' => '',
254	'userpass' => '',
255	'first_name' => '',
256	'last_name' => '',
257	'email' => '',
258	'seconds_online' => '0',
259	'last_login_datetime' => '0000-00-00 00:00:00',
260	'last_access_datetime' => '0000-00-00 00:00:00',
261	'last_login_ip' => '0.0.0.0',
262	'added_by_user_id' => '',
263	'modified_by_user_id' => '',
264	'added_datetime' => '0000-00-00 00:00:00',
265	'modified_datetime' => '0000-00-00 00:00:00',
266	'new_op' => 'insert',
267	'submit_buttons' => array(
268	array('name' => 'submit', 'value' => _("Add Administrator"), 'class' => 'small button', 'accesskey' => 's'),
269	array('name' => 'repeat', 'value' => _("Add & repeat"), 'class' => 'small button secondary', 'accesskey' => 'r'),
270	array('name' => 'cancel', 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'c'),
271	),
272	);
273
274	return $frm;
275	}
276
277	function &editRecordForm($id)
278	{
279	global $auth;
280	global $lock;
281	global $locally_carried_queries;
282	$app =& App::getInstance();
283	$db =& DB::getInstance();
284
285	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $id);
286	if ($lock->isLocked() && !$lock->isMine()) {
287	$lock->dieErrorPage();
288	}
289
290	// Get the information for the form.
291	$qid = $db->query("
292	SELECT *,
293	" . $auth->getParam('db_primary_key') . " AS admin_id
294	FROM " . $auth->getParam('db_table') . "
295	WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($id) . "'
296	");
297	if (!$frm = mysql_fetch_assoc($qid)) {
298	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
299	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
300	$app->dieBoomerangURL('admins', $locally_carried_queries);
301	}
302
303	// Lock this record.
304	$lock->set($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $id, $frm['username']);
305
306	// Set misc values for the form.
307	$frm = array_merge(array(
308	'admin_id' => '',
309	'old_username' => $frm['username'],
310	'username' => '',
311	// 'userpass' => '****************',
312	'first_name' => '',
313	'last_name' => '',
314	'email' => '',
315	'seconds_online' => '0',
316	'last_login_datetime' => '0000-00-00 00:00:00',
317	'last_access_datetime' => '0000-00-00 00:00:00',
318	'last_login_ip' => '0.0.0.0',
319	'added_by_user_id' => '',
320	'modified_by_user_id' => '',
321	'added_datetime' => '0000-00-00 00:00:00',
322	'modified_datetime' => '0000-00-00 00:00:00',
323	'new_op' => 'update',
324	'old_username' => $frm['username'],
325	'submit_buttons' => array(
326	array('name' => 'submit', 'value' => _("Save changes"), 'class' => 'small button', 'accesskey' => 's'),
327	array('name' => 'repeat', 'value' => _("Save & edit next"), 'class' => 'small button secondary', 'accesskey' => 'e'),
328	array('name' => 'reset', 'value' => _("Reset"), 'class' => 'small button secondary', 'accesskey' => 'r'),
329	array('name' => 'cancel', 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'c'),
330	),
331	), $frm, array('userpass' => 'â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢'));
332
333	return $frm;
334	}
335
336	function deleteRecord($id)
337	{
338	global $auth;
339	global $lock;
340	global $cache;
341	global $locally_carried_queries;
342	$app =& App::getInstance();
343	$db =& DB::getInstance();
344
345	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $id);
346	if ($lock->isLocked() && !$lock->isMine()) {
347	$lock->dieErrorPage();
348	}
349
350	// Remove any stale cached list data.
351	$cache->delete('list');
352
353	// Get the information for this object.
354	$qid = $db->query("
355	SELECT " . $auth->getParam('db_username_column') . "
356	FROM " . $auth->getParam('db_table') . "
357	WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($id) . "'
358	");
359	if (! list($name) = mysql_fetch_row($qid)) {
360	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
361	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
362	$app->dieBoomerangURL('admins', $locally_carried_queries);
363	}
364
365	// Get the information for this object.
366	$qid = $db->query("SELECT COUNT(*) from " . $auth->getParam('db_table') . "");
367	list($num_admins) = mysql_fetch_row($qid);
368	if ($num_admins <= 1) {
369	// There must always be at least one admnistrator!
370	$app->raiseMsg(_("You cannot delete the only user in the database. There must be at least one to log in and create other users."), MSG_NOTICE, __FILE__, __LINE__);
371	} else if ($auth->get('user_id') == $id) {
372	// Do not delete yourself!
373	$app->raiseMsg(_("You cannot delete yourself."), MSG_NOTICE, __FILE__, __LINE__);
374	} else {
375	// Delete the record.
376	$db->query("DELETE FROM " . $auth->getParam('db_table') . " WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($id) . "'");
377	$app->raiseMsg(sprintf(_("The admin <em>%s</em> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__);
378	}
379
380	// Unlock record.
381	$lock->remove();
382	}
383
384	function insertRecord($frm)
385	{
386	global $auth;
387	global $cache;
388	$app =& App::getInstance();
389	$db =& DB::getInstance();
390
391	// Remove any stale cached list data.
392	$cache->delete('list');
393
394	// Insert record data.
395	$db->query("
396	INSERT INTO " . $auth->getParam('db_table') . " (
397	" . $auth->getParam('db_username_column') . ",
398	first_name,
399	last_name,
400	email,
401	added_by_user_id,
402	added_datetime
403	) VALUES (
404	'" . $db->escapeString($frm['username']) . "',
405	'" . $db->escapeString($frm['first_name']) . "',
406	'" . $db->escapeString($frm['last_name']) . "',
407	'" . $db->escapeString($frm['email']) . "',
408	'" . $db->escapeString($auth->get('user_id')) . "',
409	NOW()
410	)
411	");
412	$last_insert_id = mysql_insert_id($db->getDBH());
413
414	// Set admin password.
415	$auth->setPassword($last_insert_id, $frm['userpass']);
416
417	// Create version.
418	$version = Version::getInstance($auth);
419	$version->create($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $last_insert_id, $frm['username']);
420
421	$app->raiseMsg(sprintf(_("The user <em>%s</em> has been added."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
422
423	return $last_insert_id;
424	}
425
426	function updateRecord($frm)
427	{
428	global $auth;
429	global $lock;
430	global $cache;
431	$app =& App::getInstance();
432	$db =& DB::getInstance();
433
434	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $frm['admin_id']);
435	if ($lock->isLocked() && !$lock->isMine()) {
436	$lock->dieErrorPage();
437	}
438
439	// Remove any stale cached list data.
440	$cache->delete('list');
441
442	// If the userpass is left blank or with the filler **** characters, we don't want to update it.
443	if (!empty($frm['userpass']) && !preg_match('/[\*]{4,}/', $frm['userpass'])) {
444	// Set user password.
445	$auth->setPassword($frm['admin_id'], $frm['userpass']);
446	}
447
448	// Update record data.
449	$db->query("
450	UPDATE " . $auth->getParam('db_table') . " SET
451	" . $auth->getParam('db_username_column') . " = '" . $db->escapeString($frm['username']) . "',
452	first_name = '" . $db->escapeString($frm['first_name']) . "',
453	last_name = '" . $db->escapeString($frm['last_name']) . "',
454	email = '" . $db->escapeString($frm['email']) . "',
455	modified_by_user_id = '" . $db->escapeString($auth->get('user_id')) . "',
456	modified_datetime = NOW()
457	WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($frm['admin_id']) . "'
458	");
459
460	// Create version.
461	$version = Version::getInstance($auth);
462	$version->create($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $frm['admin_id'], $frm['username']);
463
464	$app->raiseMsg(sprintf(_("The user <em>%s</em> has been updated."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
465
466	// Unlock record.
467	$lock->remove();
468	}
469
470	function &getRecordList()
471	{
472	global $page;
473	global $so;
474	global $tmp_prefs;
475	global $cache;
476	global $auth;
477	$db =& DB::getInstance();
478
479	$where_clause = '';
480
481	// Build search query if available.
482	if (getFormData('search_query', false)) {
483	$qry_words = preg_split('/[^\w]/', getFormData('search_query'));
484	for ($i=0; $i<sizeof($qry_words); $i++) {
485	$where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . "
486	(
487	" . $auth->getParam('db_table') . "." . $auth->getParam('db_username_column') . " LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
488	OR " . $auth->getParam('db_table') . ".first_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
489	OR " . $auth->getParam('db_table') . ".last_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
490	OR " . $auth->getParam('db_table') . ".email LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
491	)
492	";
493	}
494	}
495
496	// Count the total number of records so we can do something about the page numbers.
497	$qid = $db->query("
498	SELECT COUNT(*)
499	FROM " . $auth->getParam('db_table') . "
500	$where_clause
501	");
502	list($num_results) = mysql_fetch_row($qid);
503
504	// Set page numbers now we know (needed for next step).
505	$page->setTotalItems($num_results);
506	$page->calculate();
507
508	// Final SQL, with sort and page limiters.
509	$sql = "
510	SELECT
511	" . $auth->getParam('db_table') . ".*,
512	" . $auth->getParam('db_table') . "." . $auth->getParam('db_primary_key') . " AS admin_id,
513	a1." . $auth->getParam('db_username_column') . " AS added_admin_username,
514	a2." . $auth->getParam('db_username_column') . " AS modified_admin_username
515	FROM " . $auth->getParam('db_table') . "
516	LEFT JOIN " . $auth->getParam('db_table') . " a1 ON (" . $auth->getParam('db_table') . ".added_by_user_id = a1." . $auth->getParam('db_primary_key') . ")
517	LEFT JOIN " . $auth->getParam('db_table') . " a2 ON (" . $auth->getParam('db_table') . ".modified_by_user_id = a2." . $auth->getParam('db_primary_key') . ")
518	$where_clause
519	" . $so->getSortOrderSQL() . "
520	" . $page->getLimitSQL() . "
521	";
522
523	// Use a cash hash to determine if the result-set has changed.
524	// A unique key for this query, with the total_items in case db records
525	// were added since the last cache. This identifies a unique set of
526	// cached data, but we must refer to the list that is cached by a more
527	// generic name. so that we can flush the cache (if records updated)
528	// without knowing the hash.
529	$cache_hash = md5($sql . '\|' . $page->total_items);
530	if ($tmp_prefs->get('cache_hash') != $cache_hash) {
531	$cache->delete('list');
532	$tmp_prefs->set('cache_hash', $cache_hash);
533	}
534
535	// First try to return from the cache.
536	if ($cache->exists('list')) {
537	$list = $cache->get('list');
538	return $list;
539	}
540
541	// The list was not cached, so issue the real query.
542	$qid = $db->query($sql);
543	while ($row = mysql_fetch_assoc($qid)) {
544	$list[] = $row;
545	}
546
547	// Save this list into the cache.
548	if (isset($list) && !empty($list)) {
549	$cache->set('list', $list);
550	}
551
552	return $list;
553	}
554

Note: See TracBrowser for help on using the repository browser.

Download in other formats: