Context Navigation

source: trunk/services/admins.php @ 612

Last change on this file since 612 was 601, checked in by anonymous, 7 years ago
Updated every instance of 'zero' date 0000-00-00 to use 1000-01-01 if mysql version >= 5.7.4
File size: 22.1 KB

Line
1	<?php
2	/**
3	* The Strangecode Codebase - a general application development framework for PHP
4	* For details visit the project site: <http://trac.strangecode.com/codebase/>
5	* Copyright 2001-2012 Strangecode, LLC
6	*
7	* This file is part of The Strangecode Codebase.
8	*
9	* The Strangecode Codebase is free software: you can redistribute it and/or
10	* modify it under the terms of the GNU General Public License as published by the
11	* Free Software Foundation, either version 3 of the License, or (at your option)
12	* any later version.
13	*
14	* The Strangecode Codebase is distributed in the hope that it will be useful, but
15	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
16	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
17	* details.
18	*
19	* You should have received a copy of the GNU General Public License along with
20	* The Strangecode Codebase. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	/**
24	* admins.php
25	*/
26
27	// require_once dirname(__FILE__) . '/_config.inc.php';
28
29	$app->sslOn();
30	$auth->requireLogin();
31
32	require_once 'codebase/lib/PageNumbers.inc.php';
33	require_once 'codebase/lib/Cache.inc.php';
34	require_once 'codebase/lib/FormValidator.inc.php';
35	require_once 'codebase/lib/SortOrder.inc.php';
36	require_once 'codebase/lib/HTML.inc.php';
37	require_once 'codebase/lib/Prefs.inc.php';
38	require_once 'codebase/lib/Lock.inc.php';
39	require_once 'codebase/lib/Version.inc.php';
40
41
42	/********************************************************************
43	* CONFIG
44	********************************************************************/
45
46	// Titles and navigation header.
47	$nav->add(_("Administrators"), null);
48	$nav->set('id', 'admins');
49
50	// The object to validate form input.
51	$fv = new FormValidator();
52
53	// Configure the prefs object.
54	$tmp_prefs = new Prefs('admins');
55	$tmp_prefs->setParam(array('persistent' => false));
56
57	// Configure the cache object.
58	$cache =& Cache::getInstance('admins');
59	$cache->setParam(array('enabled' => false)); // Better leave disabled; the list gets out of sync with the db otherwise, somehow.
60
61	// Instantiate a sorting object with the default sort and order. Add SQL for each column.
62	$so = new SortOrder('admin_id', 'DESC');
63	$so->setColumn('admin_id', $auth->getParam('db_primary_key') . ' ASC', $auth->getParam('db_primary_key') . ' DESC');
64	$so->setColumn('username', $auth->getParam('db_username_column') . ' ASC', $auth->getParam('db_username_column') . ' DESC');
65	$so->setColumn('userpass', $auth->getParam('db_table') . '.userpass ASC', $auth->getParam('db_table') . '.userpass DESC');
66	$so->setColumn('first_name', $auth->getParam('db_table') . '.first_name ASC', $auth->getParam('db_table') . '.first_name DESC');
67	$so->setColumn('last_name', $auth->getParam('db_table') . '.last_name ASC', $auth->getParam('db_table') . '.last_name DESC');
68	$so->setColumn('email', $auth->getParam('db_table') . '.email ASC', $auth->getParam('db_table') . '.email DESC');
69	$so->setColumn('seconds_online', $auth->getParam('db_table') . '.seconds_online ASC', $auth->getParam('db_table') . '.seconds_online DESC');
70	$so->setColumn('last_login_datetime', $auth->getParam('db_table') . '.last_login_datetime ASC', $auth->getParam('db_table') . '.last_login_datetime DESC');
71	$so->setColumn('last_access_datetime', $auth->getParam('db_table') . '.last_access_datetime ASC', $auth->getParam('db_table') . '.last_access_datetime DESC');
72	$so->setColumn('last_login_ip', $auth->getParam('db_table') . '.last_login_ip ASC', $auth->getParam('db_table') . '.last_login_ip DESC');
73	$so->setColumn('added_by_user_id', $auth->getParam('db_table') . '.added_by_user_id ASC', $auth->getParam('db_table') . '.added_by_user_id DESC');
74	$so->setColumn('modified_by_user_id', $auth->getParam('db_table') . '.modified_by_user_id ASC', $auth->getParam('db_table') . '.modified_by_user_id DESC');
75	$so->setColumn('added_datetime', $auth->getParam('db_table') . '.added_datetime ASC', $auth->getParam('db_table') . '.added_datetime DESC');
76	$so->setColumn('modified_datetime', $auth->getParam('db_table') . '.modified_datetime ASC', $auth->getParam('db_table') . '.modified_datetime DESC');
77
78	// Instantiate page numbers. Total items are set and calculation is done in the getRecordList function.
79	$page = new PageNumbers();
80	$page->setPerPage(getFormData('per_page'), 50);
81	$page->setPageNumber(getFormData('page_number'));
82
83	// Query parameters to retain only locally.
84	$locally_carried_queries = array(
85	'search_query',
86	);
87
88	/********************************************************************
89	* MAIN
90	********************************************************************/
91
92	// We may want to use the add/edit interface from another script, so this
93	// allows us to remember which page we came from so we can go back there.
94	if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) {
95	$app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admins');
96	}
97
98	if (getFormData('break_list_cache', false)) {
99	// Remove any stale cached list data.
100	$cache->delete('list');
101	}
102
103	// What action to take.
104	switch (getFormData('op')) {
105
106	case 'add' :
107	// Initialize variables for the form template.
108	$frm =& addRecordForm();
109	$nav->add(_("Add Administrator"));
110	$main_template = 'admin_form.ihtml';
111	break;
112
113	case 'edit' :
114	// Initialize variables for the form template.
115	$frm =& editRecordForm(getFormData('admin_id'));
116	$nav->add(_("Edit Administrator"));
117	$main_template = 'admin_form.ihtml';
118	break;
119
120	case 'del' :
121	deleteRecord(getFormData('admin_id'));
122	if ($app->validBoomerangURL('admins')) {
123	// Display boomerang page.
124	$app->dieBoomerangURL('admins', $locally_carried_queries);
125	}
126	// Display default page.
127	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
128	break;
129
130	case 'insert' :
131	if (getFormdata('cancel', false)) {
132	if ($app->validBoomerangURL('admins')) {
133	// Display boomerang page.
134	$app->dieBoomerangURL('admins', $locally_carried_queries);
135	}
136	// Display default page.
137	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
138	}
139	validateInput();
140	if ($fv->anyErrors()) {
141	$frm =& addRecordForm();
142	$frm = array_merge($frm, getFormData());
143	$nav->add(_("Add Administrator"));
144	$main_template = 'admin_form.ihtml';
145	} else {
146	$admin_id = insertRecord(getFormData());
147	if (getFormdata('repeat', false)) {
148	// Display function again.
149	$app->dieURL($_SERVER['PHP_SELF'] . '?op=add', $locally_carried_queries);
150	} else if ($app->validBoomerangURL('admins')) {
151	// Display boomerang page.
152	$app->dieBoomerangURL('admins', $locally_carried_queries);
153	}
154	// Display default page.
155	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
156	}
157	break;
158
159	case 'update' :
160	if (getFormdata('reset', false)) {
161	$app->raiseMsg(_("Saved values have been reloaded."), MSG_NOTICE, __FILE__, __LINE__);
162	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . getFormData('admin_id'), $locally_carried_queries);
163	}
164	if (getFormdata('cancel', false)) {
165	// Remove lock
166	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), getFormData('admin_id'));
167	$lock->remove();
168	if ($app->validBoomerangURL('admins')) {
169	// Display boomerang page.
170	$app->dieBoomerangURL('admins', $locally_carried_queries);
171	}
172	// Display default page.
173	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
174	}
175	validateInput();
176	if ($fv->anyErrors()) {
177	$frm =& editRecordForm(getFormData('admin_id'));
178	$frm = array_merge($frm, getFormData());
179	$nav->add(_("Edit Administrator"));
180	$main_template = 'admin_form.ihtml';
181	} else {
182	updateRecord(getFormData());
183	if (getFormdata('repeat', false)) {
184	// Display edit function with next available ID.
185	$qid = $db->query("SELECT " . $auth->getParam('db_primary_key') . " FROM " . $auth->getParam('db_table') . " WHERE " . $auth->getParam('db_primary_key') . " > '" . $db->escapeString(getFormData('admin_id')) . "' ORDER BY " . $auth->getParam('db_primary_key') . " ASC LIMIT 1");
186	if (list($next_id) = mysql_fetch_row($qid)) {
187	$app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . $next_id, $locally_carried_queries);
188	} else {
189	$app->raiseMsg(_("Cannot edit next, the end of the list was reached"), MSG_NOTICE, __FILE__, __LINE__);
190	}
191	} else if ($app->validBoomerangURL('admins')) {
192	// Display boomerang page.
193	$app->dieBoomerangURL('admins', $locally_carried_queries);
194	}
195	// Display default page.
196	$app->dieURL($_SERVER['PHP_SELF'], $locally_carried_queries);
197	}
198	break;
199
200	default :
201	$list =& getRecordList();
202	$main_template = 'admin_list.ihtml';
203	break;
204	}
205
206	/******************************************************************************
207	* TEMPLATE INITIALIZATION
208	*****************************************************************************/
209
210	include 'header.ihtml';
211	$app->carryQuery($locally_carried_queries);
212	include 'codebase/services/templates/' . $main_template;
213	include 'footer.ihtml';
214
215	/********************************************************************
216	* FUNCTIONS
217	********************************************************************/
218
219
220	function validateInput()
221	{
222	global $fv, $auth;
223
224	// If the username was changed during edit, verify.
225	if (((getFormData('username') != getFormData('old_username')) && 'update' == getFormData('op'))
226	\|\| 'insert' == getFormData('op')) {
227	if ($auth->usernameExists(getFormData('username'))) {
228	$fv->addError('username', sprintf(_("The username %s already exists. Please choose another."), getFormData('username')));
229	}
230	}
231
232	$fv->numericRange('admin_id', 0, 32767, _("<strong>Admin id</strong> must be a valid number between 0 and 32767."));
233
234	$fv->isEmpty('username', _("<strong>Username</strong> cannot be blank."));
235	$fv->stringLength('username', 0, 255, _("<strong>Username</strong> must contain less than 256 characters."));
236
237	$fv->isEmpty('userpass', _("<strong>Passwords</strong> cannot be blank."));
238	$fv->stringLength('userpass', 8, 36, _("<strong>Passwords</strong> must be between 8 and 36 characters long."));
239
240	$fv->stringLength('first_name', 0, 255, _("<strong>First name</strong> must contain less than 256 characters."));
241
242	$fv->stringLength('last_name', 0, 255, _("<strong>Last name</strong> must contain less than 256 characters."));
243
244	$fv->isEmpty('email', _("<strong>Email</strong> cannot be blank."));
245	$fv->validateEmail('email');
246	}
247
248	function &addRecordForm()
249	{
250	// Set default values for the reset of the fields.
251	$frm = array(
252	'admin_id' => '',
253	'old_username' => '',
254	'username' => '',
255	'userpass' => '',
256	'first_name' => '',
257	'last_name' => '',
258	'email' => '',
259	'seconds_online' => '0',
260	'last_login_datetime' => '',
261	'last_access_datetime' => '',
262	'last_login_ip' => '0.0.0.0',
263	'added_by_user_id' => '',
264	'modified_by_user_id' => '',
265	'added_datetime' => '',
266	'modified_datetime' => '',
267	'new_op' => 'insert',
268	'submit_buttons' => array(
269	array('name' => 'submit', 'value' => _("Add Administrator"), 'class' => 'small button', 'accesskey' => 's'),
270	array('name' => 'repeat', 'value' => _("Add & repeat"), 'class' => 'small button secondary', 'accesskey' => 'r'),
271	array('name' => 'cancel', 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'c'),
272	),
273	);
274
275	return $frm;
276	}
277
278	function &editRecordForm($id)
279	{
280	global $auth;
281	global $lock;
282	global $locally_carried_queries;
283	$app =& App::getInstance();
284	$db =& DB::getInstance();
285
286	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $id);
287	if ($lock->isLocked() && !$lock->isMine()) {
288	$lock->dieErrorPage();
289	}
290
291	// Get the information for the form.
292	$qid = $db->query("
293	SELECT *,
294	" . $auth->getParam('db_primary_key') . " AS admin_id
295	FROM " . $auth->getParam('db_table') . "
296	WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($id) . "'
297	");
298	if (!$frm = mysql_fetch_assoc($qid)) {
299	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
300	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
301	$app->dieBoomerangURL('admins', $locally_carried_queries);
302	}
303
304	// Lock this record.
305	$lock->set($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $id, $frm['username']);
306
307	// Set misc values for the form.
308	$frm = array_merge(array(
309	'admin_id' => '',
310	'old_username' => $frm['username'],
311	'username' => '',
312	// 'userpass' => '****************',
313	'first_name' => '',
314	'last_name' => '',
315	'email' => '',
316	'seconds_online' => '0',
317	'last_login_datetime' => '',
318	'last_access_datetime' => '',
319	'last_login_ip' => '0.0.0.0',
320	'added_by_user_id' => '',
321	'modified_by_user_id' => '',
322	'added_datetime' => '',
323	'modified_datetime' => '',
324	'new_op' => 'update',
325	'old_username' => $frm['username'],
326	'submit_buttons' => array(
327	array('name' => 'submit', 'value' => _("Save changes"), 'class' => 'small button', 'accesskey' => 's'),
328	array('name' => 'repeat', 'value' => _("Save & edit next"), 'class' => 'small button secondary', 'accesskey' => 'e'),
329	array('name' => 'reset', 'value' => _("Reset"), 'class' => 'small button secondary', 'accesskey' => 'r'),
330	array('name' => 'cancel', 'value' => _("Cancel"), 'class' => 'small button secondary', 'accesskey' => 'c'),
331	),
332	), $frm, array('userpass' => 'â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢â¢'));
333
334	return $frm;
335	}
336
337	function deleteRecord($id)
338	{
339	global $auth;
340	global $lock;
341	global $cache;
342	global $locally_carried_queries;
343	$app =& App::getInstance();
344	$db =& DB::getInstance();
345
346	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $id);
347	if ($lock->isLocked() && !$lock->isMine()) {
348	$lock->dieErrorPage();
349	}
350
351	// Remove any stale cached list data.
352	$cache->delete('list');
353
354	// Get the information for this object.
355	$qid = $db->query("
356	SELECT " . $auth->getParam('db_username_column') . "
357	FROM " . $auth->getParam('db_table') . "
358	WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($id) . "'
359	");
360	if (! list($name) = mysql_fetch_row($qid)) {
361	$app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);
362	$app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);
363	$app->dieBoomerangURL('admins', $locally_carried_queries);
364	}
365
366	// Get the information for this object.
367	$qid = $db->query("SELECT COUNT(*) from " . $auth->getParam('db_table') . "");
368	list($num_admins) = mysql_fetch_row($qid);
369	if ($num_admins <= 1) {
370	// There must always be at least one admnistrator!
371	$app->raiseMsg(_("You cannot delete the only user in the database. There must be at least one to log in and create other users."), MSG_NOTICE, __FILE__, __LINE__);
372	} else if ($auth->get('user_id') == $id) {
373	// Do not delete yourself!
374	$app->raiseMsg(_("You cannot delete yourself."), MSG_NOTICE, __FILE__, __LINE__);
375	} else {
376	// Delete the record.
377	$db->query("DELETE FROM " . $auth->getParam('db_table') . " WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($id) . "'");
378	$app->raiseMsg(sprintf(_("The admin <em>%s</em> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__);
379	}
380
381	// Unlock record.
382	$lock->remove();
383	}
384
385	function insertRecord($frm)
386	{
387	global $auth;
388	global $cache;
389	$app =& App::getInstance();
390	$db =& DB::getInstance();
391
392	// Remove any stale cached list data.
393	$cache->delete('list');
394
395	// Insert record data.
396	$db->query("
397	INSERT INTO " . $auth->getParam('db_table') . " (
398	" . $auth->getParam('db_username_column') . ",
399	first_name,
400	last_name,
401	email,
402	added_by_user_id,
403	added_datetime
404	) VALUES (
405	'" . $db->escapeString($frm['username']) . "',
406	'" . $db->escapeString($frm['first_name']) . "',
407	'" . $db->escapeString($frm['last_name']) . "',
408	'" . $db->escapeString($frm['email']) . "',
409	'" . $db->escapeString($auth->get('user_id')) . "',
410	NOW()
411	)
412	");
413	$last_insert_id = mysql_insert_id($db->getDBH());
414
415	// Set admin password.
416	$auth->setPassword($last_insert_id, $frm['userpass']);
417
418	// Create version.
419	$version = Version::getInstance($auth);
420	$version->create($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $last_insert_id, $frm['username']);
421
422	$app->raiseMsg(sprintf(_("The user <em>%s</em> has been added."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
423
424	return $last_insert_id;
425	}
426
427	function updateRecord($frm)
428	{
429	global $auth;
430	global $lock;
431	global $cache;
432	$app =& App::getInstance();
433	$db =& DB::getInstance();
434
435	$lock->select($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $frm['admin_id']);
436	if ($lock->isLocked() && !$lock->isMine()) {
437	$lock->dieErrorPage();
438	}
439
440	// Remove any stale cached list data.
441	$cache->delete('list');
442
443	// If the userpass is left blank or with the filler **** characters, we don't want to update it.
444	if (!empty($frm['userpass']) && !preg_match('/[\*]{4,}/', $frm['userpass'])) {
445	// Set user password.
446	$auth->setPassword($frm['admin_id'], $frm['userpass']);
447	}
448
449	// Update record data.
450	$db->query("
451	UPDATE " . $auth->getParam('db_table') . " SET
452	" . $auth->getParam('db_username_column') . " = '" . $db->escapeString($frm['username']) . "',
453	first_name = '" . $db->escapeString($frm['first_name']) . "',
454	last_name = '" . $db->escapeString($frm['last_name']) . "',
455	email = '" . $db->escapeString($frm['email']) . "',
456	modified_by_user_id = '" . $db->escapeString($auth->get('user_id')) . "',
457	modified_datetime = NOW()
458	WHERE " . $auth->getParam('db_primary_key') . " = '" . $db->escapeString($frm['admin_id']) . "'
459	");
460
461	// Create version.
462	$version = Version::getInstance($auth);
463	$version->create($auth->getParam('db_table'), $auth->getParam('db_primary_key'), $frm['admin_id'], $frm['username']);
464
465	$app->raiseMsg(sprintf(_("The user <em>%s</em> has been updated."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);
466
467	// Unlock record.
468	$lock->remove();
469	}
470
471	function &getRecordList()
472	{
473	global $page;
474	global $so;
475	global $tmp_prefs;
476	global $cache;
477	global $auth;
478	$db =& DB::getInstance();
479
480	$where_clause = '';
481
482	// Build search query if available.
483	if (getFormData('search_query', false)) {
484	$qry_words = preg_split('/[^\w]/', getFormData('search_query'));
485	for ($i=0; $i<sizeof($qry_words); $i++) {
486	$where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . "
487	(
488	" . $auth->getParam('db_table') . "." . $auth->getParam('db_username_column') . " LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
489	OR " . $auth->getParam('db_table') . ".first_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
490	OR " . $auth->getParam('db_table') . ".last_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
491	OR " . $auth->getParam('db_table') . ".email LIKE '%" . $db->escapeString($qry_words[$i]) . "%'
492	)
493	";
494	}
495	}
496
497	// Count the total number of records so we can do something about the page numbers.
498	$qid = $db->query("
499	SELECT COUNT(*)
500	FROM " . $auth->getParam('db_table') . "
501	$where_clause
502	");
503	list($num_results) = mysql_fetch_row($qid);
504
505	// Set page numbers now we know (needed for next step).
506	$page->setTotalItems($num_results);
507	$page->calculate();
508
509	// Final SQL, with sort and page limiters.
510	$sql = "
511	SELECT
512	" . $auth->getParam('db_table') . ".*,
513	" . $auth->getParam('db_table') . "." . $auth->getParam('db_primary_key') . " AS admin_id,
514	a1." . $auth->getParam('db_username_column') . " AS added_admin_username,
515	a2." . $auth->getParam('db_username_column') . " AS modified_admin_username
516	FROM " . $auth->getParam('db_table') . "
517	LEFT JOIN " . $auth->getParam('db_table') . " a1 ON (" . $auth->getParam('db_table') . ".added_by_user_id = a1." . $auth->getParam('db_primary_key') . ")
518	LEFT JOIN " . $auth->getParam('db_table') . " a2 ON (" . $auth->getParam('db_table') . ".modified_by_user_id = a2." . $auth->getParam('db_primary_key') . ")
519	$where_clause
520	" . $so->getSortOrderSQL() . "
521	" . $page->getLimitSQL() . "
522	";
523
524	// Use a cash hash to determine if the result-set has changed.
525	// A unique key for this query, with the total_items in case db records
526	// were added since the last cache. This identifies a unique set of
527	// cached data, but we must refer to the list that is cached by a more
528	// generic name. so that we can flush the cache (if records updated)
529	// without knowing the hash.
530	$cache_hash = md5($sql . '\|' . $page->total_items);
531	if ($tmp_prefs->get('cache_hash') != $cache_hash) {
532	$cache->delete('list');
533	$tmp_prefs->set('cache_hash', $cache_hash);
534	}
535
536	// First try to return from the cache.
537	if ($cache->exists('list')) {
538	$list = $cache->get('list');
539	return $list;
540	}
541
542	// The list was not cached, so issue the real query.
543	$qid = $db->query($sql);
544	while ($row = mysql_fetch_assoc($qid)) {
545	$list[] = $row;
546	}
547
548	// Save this list into the cache.
549	if (isset($list) && !empty($list)) {
550	$cache->set('list', $list);
551	}
552
553	return $list;
554	}
555

Note: See TracBrowser for help on using the repository browser.

Download in other formats: