Changeset 136 for trunk/services/admins.php
- Timestamp:
- Jun 3, 2006 7:47:48 PM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/services/admins.php
r111 r136 8 8 9 9 $auth->requireLogin(); 10 App::sslOn();10 $app->sslOn(); 11 11 12 12 require_once 'codebase/lib/PageNumbers.inc.php'; 13 require_once 'codebase/lib/ SessionCache.inc.php';13 require_once 'codebase/lib/Cache.inc.php'; 14 14 require_once 'codebase/lib/FormValidator.inc.php'; 15 15 require_once 'codebase/lib/SortOrder.inc.php'; … … 29 29 // The object to validate form input. 30 30 $fv = new FormValidator(); 31 32 $cache =& Cache::getInstance(); 31 33 32 34 // Instantiate a sorting object with the default sort and order. Add SQL for each column. … … 54 56 55 57 // Search limiters retain their values between page requests. 56 App::carryQuery('search_query');58 $app->carryQuery('search_query'); 57 59 58 60 … … 64 66 // allows us to remember which page we came from so we can go back there. 65 67 if (getFormData('boomerang', false) && isset($_SERVER['HTTP_REFERER'])) { 66 App::setBoomerangURL($_SERVER['HTTP_REFERER'], 'admins');68 $app->setBoomerangURL($_SERVER['HTTP_REFERER'], 'admins'); 67 69 } 68 70 69 71 if (getFormData('break_list_cache', false)) { 70 72 // Break the cache because we are changing the list data. 71 SessionCache::breakCache($_SERVER['PHP_SELF']);73 $cache->delete($_SERVER['PHP_SELF']); 72 74 } 73 75 … … 91 93 case 'del' : 92 94 deleteRecord(getFormData('admin_id')); 93 if ( App::validBoomerangURL('admins')) {95 if ($app->validBoomerangURL('admins')) { 94 96 // Display boomerang page. 95 App::dieBoomerangURL('admins');97 $app->dieBoomerangURL('admins'); 96 98 } 97 99 // Display default page. 98 App::dieURL($_SERVER['PHP_SELF']);100 $app->dieURL($_SERVER['PHP_SELF']); 99 101 break; 100 102 101 103 case 'insert' : 102 104 if (getFormdata('cancel', false)) { 103 if ( App::validBoomerangURL('admins')) {105 if ($app->validBoomerangURL('admins')) { 104 106 // Display boomerang page. 105 App::dieBoomerangURL('admins');107 $app->dieBoomerangURL('admins'); 106 108 } 107 109 // Display default page. 108 App::dieURL($_SERVER['PHP_SELF']);110 $app->dieURL($_SERVER['PHP_SELF']); 109 111 } 110 112 validateInput(); … … 118 120 if (getFormdata('repeat', false)) { 119 121 // Display function again. 120 App::dieURL($_SERVER['PHP_SELF'] . '?op=add');121 } else if ( App::validBoomerangURL('admins')) {122 $app->dieURL($_SERVER['PHP_SELF'] . '?op=add'); 123 } else if ($app->validBoomerangURL('admins')) { 122 124 // Display boomerang page. 123 App::dieBoomerangURL('admins');125 $app->dieBoomerangURL('admins'); 124 126 } 125 127 // Display default page. 126 App::dieURL($_SERVER['PHP_SELF']);128 $app->dieURL($_SERVER['PHP_SELF']); 127 129 } 128 130 break; … … 130 132 case 'update' : 131 133 if (getFormdata('reset', false)) { 132 App::raiseMsg(_("Saved values have been reloaded."), MSG_NOTICE, __FILE__, __LINE__);133 App::dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . getFormData('admin_id'));134 $app->raiseMsg(_("Saved values have been reloaded."), MSG_NOTICE, __FILE__, __LINE__); 135 $app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . getFormData('admin_id')); 134 136 } 135 137 if (getFormdata('cancel', false)) { … … 137 139 $lock->select('admin_tbl', 'admin_id', getFormData('admin_id')); 138 140 $lock->remove(); 139 if ( App::validBoomerangURL('admins')) {141 if ($app->validBoomerangURL('admins')) { 140 142 // Display boomerang page. 141 App::dieBoomerangURL('admins');143 $app->dieBoomerangURL('admins'); 142 144 } 143 145 // Display default page. 144 App::dieURL($_SERVER['PHP_SELF']);146 $app->dieURL($_SERVER['PHP_SELF']); 145 147 } 146 148 validateInput(); … … 154 156 if (getFormdata('repeat', false)) { 155 157 // Display edit function with next available ID. 156 $qid = DB::query("SELECT admin_id FROM admin_tbl WHERE admin_id > '" . DB::escapeString(getFormData('admin_id')) . "' ORDER BY admin_id ASC LIMIT 1");158 $qid = $db->query("SELECT admin_id FROM admin_tbl WHERE admin_id > '" . $db->escapeString(getFormData('admin_id')) . "' ORDER BY admin_id ASC LIMIT 1"); 157 159 if (list($next_id) = mysql_fetch_row($qid)) { 158 App::dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . $next_id);160 $app->dieURL($_SERVER['PHP_SELF'] . '?op=edit&admin_id=' . $next_id); 159 161 } else { 160 App::raiseMsg(_("Cannot edit next, the end of the list was reached"), MSG_NOTICE, __FILE__, __LINE__);162 $app->raiseMsg(_("Cannot edit next, the end of the list was reached"), MSG_NOTICE, __FILE__, __LINE__); 161 163 } 162 } else if ( App::validBoomerangURL('admins')) {164 } else if ($app->validBoomerangURL('admins')) { 163 165 // Display boomerang page. 164 App::dieBoomerangURL('admins');166 $app->dieBoomerangURL('admins'); 165 167 } 166 168 // Display default page. 167 App::dieURL($_SERVER['PHP_SELF']);169 $app->dieURL($_SERVER['PHP_SELF']); 168 170 } 169 171 break; … … 258 260 { 259 261 global $lock; 260 262 $app =& App::getInstance(); 263 $db =& DB::getInstance(); 264 261 265 $lock->select('admin_tbl', 'admin_id', $id); 262 266 if ($lock->isLocked() && !$lock->isMine()) { … … 265 269 266 270 // Get the information for the form. 267 $qid = DB::query("271 $qid = $db->query(" 268 272 SELECT * 269 273 FROM admin_tbl 270 WHERE admin_id = '" . DB::escapeString($id) . "'274 WHERE admin_id = '" . $db->escapeString($id) . "' 271 275 "); 272 276 if (!$frm = mysql_fetch_assoc($qid)) { 273 App::logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);274 App::raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);275 App::dieBoomerangURL();277 $app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__); 278 $app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__); 279 $app->dieBoomerangURL(); 276 280 } 277 281 … … 313 317 { 314 318 global $auth, $lock; 315 319 $app =& App::getInstance(); 320 $db =& DB::getInstance(); 321 $cache =& Cache::getInstance(); 322 316 323 $lock->select('admin_tbl', 'admin_id', $id); 317 324 if ($lock->isLocked() && !$lock->isMine()) { … … 320 327 321 328 // Break the cache because we are changing the list data. 322 SessionCache::breakCache($_SERVER['PHP_SELF']);329 $cache->delete($_SERVER['PHP_SELF']); 323 330 324 331 // Get the information for this object. 325 $qid = DB::query("332 $qid = $db->query(" 326 333 SELECT username, user_type from admin_tbl 327 WHERE admin_id = '" . DB::escapeString($id) . "'334 WHERE admin_id = '" . $db->escapeString($id) . "' 328 335 "); 329 336 if (! list($name, $user_type) = mysql_fetch_row($qid)) { 330 App::logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__);331 App::raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__);332 App::dieBoomerangURL();337 $app->logMsg('Could not find record with admin_id: ' . $id, LOG_WARNING, __FILE__, __LINE__); 338 $app->raiseMsg(sprintf(_("The requested record %s could not be found."), $id), MSG_ERR, __FILE__, __LINE__); 339 $app->dieBoomerangURL(); 333 340 } 334 341 335 342 // Get the information for this object. 336 $qid = DB::query("SELECT COUNT(*) from admin_tbl");343 $qid = $db->query("SELECT COUNT(*) from admin_tbl"); 337 344 list($num_admins) = mysql_fetch_row($qid); 338 345 if ('root' == $user_type && 'root' != $auth->getVal('user_type')) { 339 346 // Only root users can delete root users! 340 App::raiseMsg(_("You do not have clearance to delete a root administrator."), MSG_NOTICE, __FILE__, __LINE__);347 $app->raiseMsg(_("You do not have clearance to delete a root administrator."), MSG_NOTICE, __FILE__, __LINE__); 341 348 } else if ($num_admins <= 1) { 342 349 // There must always be at least one admnistrator! 343 App::raiseMsg(_("You cannot delete the only administrator in the database. There must be at least one to log in and create other users."), MSG_NOTICE, __FILE__, __LINE__);350 $app->raiseMsg(_("You cannot delete the only administrator in the database. There must be at least one to log in and create other users."), MSG_NOTICE, __FILE__, __LINE__); 344 351 } else if ($auth->getVal('user_id') == $id) { 345 352 // Do not delete yourself! 346 App::raiseMsg(_("You cannot delete yourself."), MSG_NOTICE, __FILE__, __LINE__);353 $app->raiseMsg(_("You cannot delete yourself."), MSG_NOTICE, __FILE__, __LINE__); 347 354 } else { 348 355 // Delete the record. 349 DB::query("DELETE FROM admin_tbl WHERE admin_id = '" . DB::escapeString($id) . "'");350 App::raiseMsg(sprintf(_("The admin <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__);356 $db->query("DELETE FROM admin_tbl WHERE admin_id = '" . $db->escapeString($id) . "'"); 357 $app->raiseMsg(sprintf(_("The admin <strong>%s</strong> has been deleted."), $name), MSG_SUCCESS, __FILE__, __LINE__); 351 358 } 352 359 … … 358 365 { 359 366 global $auth; 360 367 $app =& App::getInstance(); 368 $db =& DB::getInstance(); 369 $cache =& Cache::getInstance(); 370 361 371 // Break the cache because we are changing the list data. 362 SessionCache::breakCache($_SERVER['PHP_SELF']);372 $cache->delete($_SERVER['PHP_SELF']); 363 373 364 374 // Insert record data. 365 DB::query("375 $db->query(" 366 376 INSERT INTO admin_tbl ( 367 377 username, … … 373 383 added_datetime 374 384 ) VALUES ( 375 '" . DB::escapeString($frm['username']) . "',376 '" . DB::escapeString($frm['first_name']) . "',377 '" . DB::escapeString($frm['last_name']) . "',378 '" . DB::escapeString($frm['email']) . "',379 '" . DB::escapeString($frm['user_type']) . "',380 '" . DB::escapeString($auth->getVal('user_id')) . "',385 '" . $db->escapeString($frm['username']) . "', 386 '" . $db->escapeString($frm['first_name']) . "', 387 '" . $db->escapeString($frm['last_name']) . "', 388 '" . $db->escapeString($frm['email']) . "', 389 '" . $db->escapeString($frm['user_type']) . "', 390 '" . $db->escapeString($auth->getVal('user_id')) . "', 381 391 NOW() 382 392 ) 383 393 "); 384 $last_insert_id = mysql_insert_id( DB::getDBH());394 $last_insert_id = mysql_insert_id($db->getDBH()); 385 395 386 396 // Set admin password. … … 391 401 $version->create('admin_tbl', 'admin_id', $last_insert_id, $frm['username']); 392 402 393 App::raiseMsg(sprintf(_("The Admin <strong>%s</strong> has been added."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);403 $app->raiseMsg(sprintf(_("The Admin <strong>%s</strong> has been added."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__); 394 404 395 405 return $last_insert_id; … … 399 409 { 400 410 global $auth, $lock; 401 411 $app =& App::getInstance(); 412 $db =& DB::getInstance(); 413 $cache =& Cache::getInstance(); 414 402 415 $lock->select('admin_tbl', 'admin_id', $frm['admin_id']); 403 416 if ($lock->isLocked() && !$lock->isMine()) { … … 406 419 407 420 // Break the cache because we are changing the list data. 408 SessionCache::breakCache($_SERVER['PHP_SELF']);421 $cache->delete($_SERVER['PHP_SELF']); 409 422 410 423 // If the userpass is left blank or with the filler **** characters, we don't want to update it. … … 415 428 416 429 // Update record data. 417 DB::query("430 $db->query(" 418 431 UPDATE admin_tbl SET 419 username = '" . DB::escapeString($frm['username']) . "',420 first_name = '" . DB::escapeString($frm['first_name']) . "',421 last_name = '" . DB::escapeString($frm['last_name']) . "',422 email = '" . DB::escapeString($frm['email']) . "',423 user_type = '" . DB::escapeString($frm['user_type']) . "',424 modified_by_user_id = '" . DB::escapeString($auth->getVal('user_id')) . "',432 username = '" . $db->escapeString($frm['username']) . "', 433 first_name = '" . $db->escapeString($frm['first_name']) . "', 434 last_name = '" . $db->escapeString($frm['last_name']) . "', 435 email = '" . $db->escapeString($frm['email']) . "', 436 user_type = '" . $db->escapeString($frm['user_type']) . "', 437 modified_by_user_id = '" . $db->escapeString($auth->getVal('user_id')) . "', 425 438 modified_datetime = NOW() 426 WHERE admin_id = '" . DB::escapeString($frm['admin_id']) . "'439 WHERE admin_id = '" . $db->escapeString($frm['admin_id']) . "' 427 440 "); 428 441 … … 431 444 $version->create('admin_tbl', 'admin_id', $frm['admin_id'], $frm['username']); 432 445 433 App::raiseMsg(sprintf(_("The Admin <strong>%s</strong> has been updated."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__);446 $app->raiseMsg(sprintf(_("The Admin <strong>%s</strong> has been updated."), $frm['username']), MSG_SUCCESS, __FILE__, __LINE__); 434 447 435 448 // Unlock record. … … 441 454 global $page; 442 455 global $so; 443 456 $db =& DB::getInstance(); 457 $prefs =& Prefs::getInstance(); 458 $cache =& Cache::getInstance(); 459 444 460 $where_clause = ''; 445 461 … … 450 466 $where_clause .= (empty($where_clause) ? 'WHERE' : 'AND') . " 451 467 ( 452 admin_tbl.username LIKE '%" . DB::escapeString($qry_words[$i]) . "%'453 OR admin_tbl.first_name LIKE '%" . DB::escapeString($qry_words[$i]) . "%'454 OR admin_tbl.last_name LIKE '%" . DB::escapeString($qry_words[$i]) . "%'455 OR admin_tbl.email LIKE '%" . DB::escapeString($qry_words[$i]) . "%'468 admin_tbl.username LIKE '%" . $db->escapeString($qry_words[$i]) . "%' 469 OR admin_tbl.first_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%' 470 OR admin_tbl.last_name LIKE '%" . $db->escapeString($qry_words[$i]) . "%' 471 OR admin_tbl.email LIKE '%" . $db->escapeString($qry_words[$i]) . "%' 456 472 ) 457 473 "; … … 460 476 461 477 // Count the total number of records so we can do something about the page numbers. 462 $qid = DB::query("478 $qid = $db->query(" 463 479 SELECT COUNT(*) 464 480 FROM admin_tbl … … 491 507 // without knowing the hash. 492 508 $cache_hash = md5($sql . '|' . $page->total_items); 493 if ( Prefs::getValue('cache_hash', $_SERVER['PHP_SELF']) != $cache_hash) {494 SessionCache::breakCache($_SERVER['PHP_SELF']);495 Prefs::setValue('cache_hash', $cache_hash, $_SERVER['PHP_SELF']);496 } 497 498 if ( SessionCache::isCached($_SERVER['PHP_SELF']) && false) {509 if ($prefs->get('cache_hash', $_SERVER['PHP_SELF']) != $cache_hash) { 510 $cache->delete($_SERVER['PHP_SELF']); 511 $prefs->set('cache_hash', $cache_hash, $_SERVER['PHP_SELF']); 512 } 513 514 if ($cache->exists($_SERVER['PHP_SELF']) && false) { 499 515 // Get the cached results. 500 $list = SessionCache::getCache($_SERVER['PHP_SELF']);516 $list = $cache->get($_SERVER['PHP_SELF']); 501 517 } else { 502 518 // If the list is not already cached, query now. 503 $qid = DB::query($sql);519 $qid = $db->query($sql); 504 520 // Fill an array with the items for this page. 505 521 while ($row = mysql_fetch_assoc($qid)) { … … 509 525 if (isset($list) && !empty($list)) { 510 526 // Cache the results. 511 SessionCache::putCache($list, $_SERVER['PHP_SELF']);527 $cache->set($list, $_SERVER['PHP_SELF']); 512 528 } 513 529 }
Note: See TracChangeset
for help on using the changeset viewer.