From 37489d22644312cb12c0a069d781feb664e6c5be Mon Sep 17 00:00:00 2001 From: Nigel Osborne Date: Mon, 31 Jan 2011 00:21:07 +0000 Subject: Updating user admin code (needs careful checking) --- admin_users.php | 1053 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1053 insertions(+) create mode 100644 admin_users.php (limited to 'admin_users.php') diff --git a/admin_users.php b/admin_users.php new file mode 100644 index 0000000000..96871da465 --- /dev/null +++ b/admin_users.php @@ -0,0 +1,1053 @@ +$themedir) { + $ALL_THEME_DIRS[]=$themedir; +} +$ALL_EDIT_OPTIONS=array( + 'none' => /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Visitor'), + 'access'=> /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Member'), + 'edit' => /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Editor'), + 'accept'=> /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Moderator'), + 'admin' => /* I18N: Listbox entry; name of a role */ WT_I18N::translate('Manager') +); + +// Extract form actions (GET overrides POST if both set) +$action =safe_POST('action', $ALL_ACTIONS); +$usrlang =safe_POST('usrlang', array_keys(WT_I18N::installed_languages())); +$username =safe_POST('username', WT_REGEX_USERNAME); +$filter =safe_POST('filter' ); +$ged =safe_POST('ged' ); + +$action =safe_GET('action', $ALL_ACTIONS, $action); +$usrlang =safe_GET('usrlang', array_keys(WT_I18N::installed_languages()), $usrlang); +$username =safe_GET('username', WT_REGEX_USERNAME, $username); +$filter =safe_GET('filter', WT_REGEX_NOSCRIPT, $filter); +$ged =safe_GET('ged', WT_REGEX_NOSCRIPT, $ged); + +// Extract form variables +$oldusername =safe_POST('oldusername', WT_REGEX_USERNAME); +$oldemailaddress =safe_POST('oldemailaddress', WT_REGEX_EMAIL); +$realname =safe_POST('realname' ); +$pass1 =safe_POST('pass1', WT_REGEX_PASSWORD); +$pass2 =safe_POST('pass2', WT_REGEX_PASSWORD); +$emailaddress =safe_POST('emailaddress', WT_REGEX_EMAIL); +$user_theme =safe_POST('user_theme', $ALL_THEME_DIRS); +$user_language =safe_POST('user_language', array_keys(WT_I18N::installed_languages()), WT_LOCALE); +$new_contact_method =safe_POST('new_contact_method'); +$new_default_tab =safe_POST('new_default_tab', array_keys(WT_Module::getActiveTabs()), get_gedcom_setting(WT_GED_ID, 'GEDCOM_DEFAULT_TAB')); +$new_comment =safe_POST('new_comment', WT_REGEX_UNSAFE); +$new_comment_exp =safe_POST('new_comment_exp' ); +$new_auto_accept =safe_POST_bool('new_auto_accept'); +$canadmin =safe_POST_bool('canadmin'); +$visibleonline =safe_POST_bool('visibleonline'); +$editaccount =safe_POST_bool('editaccount'); +$verified =safe_POST_bool('verified'); +$verified_by_admin =safe_POST_bool('verified_by_admin'); + +if (empty($ged)) { + $ged=$GEDCOM; +} + +// Load all available gedcoms +$all_gedcoms = get_all_gedcoms(); +//-- sorting by gedcom filename +asort($all_gedcoms); + +// Delete a user +if ($action=='deleteuser') { + // don't delete ourselves + $user_id=get_user_id($username); + if ($user_id!=WT_USER_ID) { + delete_user($user_id); + AddToLog("deleted user ->{$username}<-", 'auth'); + } + // User data is cached, so reload the page to ensure we're up to date + header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH.WT_SCRIPT_NAME); + exit; +} + +// Save new user info to the database +if ($action=='createuser' || $action=='edituser2') { + if (($action=='createuser' || $action=='edituser2' && $username!=$oldusername) && get_user_id($username)) { + print_header(WT_I18N::translate('User administration')); + echo "", WT_I18N::translate('Duplicate user name. A user with that user name already exists. Please choose another user name.'), "
"; + } elseif (($action=='createuser' || $action=='edituser2' && $emailaddress!=$oldemailaddress) && get_user_by_email($emailaddress)) { + print_header(WT_I18N::translate('User administration')); + echo "", WT_I18N::translate('Duplicate email address. A user with that email already exists.'), "
"; + } else { + if ($pass1!=$pass2) { + print_header(WT_I18N::translate('User administration')); + echo "", WT_I18N::translate('Passwords do not match.'), "
"; + } else { + // New user + if ($action=='createuser') { + if ($user_id=create_user($username, $realname, $emailaddress, crypt($pass1))) { + set_user_setting($user_id, 'reg_timestamp', date('U')); + set_user_setting($user_id, 'sessiontime', '0'); + AddToLog("User ->{$username}<- created", 'auth'); + } else { + AddToLog("User ->{$username}<- was not created", 'auth'); + $user_id=get_user_id($username); + } + } else { + $user_id=get_user_id($oldusername); + } + // Change password + if ($action=='edituser2' && !empty($pass1)) { + set_user_password($user_id, crypt($pass1)); + AddToLog("User ->{$oldusername}<- had password changed", 'auth'); + } + // Change username + if ($action=='edituser2' && $username!=$oldusername) { + rename_user($oldusername, $username); + AddToLog("User ->{$oldusername}<- renamed to ->{$username}<-", 'auth'); + } + // Create/change settings that can be updated in the user's gedcom record? + $email_changed=($emailaddress!=getUserEmail($user_id)); + $newly_verified=($verified_by_admin && !get_user_setting($user_id, 'verified_by_admin')); + // Create/change other settings + setUserFullName ($user_id, $realname); + setUserEmail ($user_id, $emailaddress); + set_user_setting($user_id, 'theme', $user_theme); + set_user_setting($user_id, 'language', $user_language); + set_user_setting($user_id, 'contactmethod', $new_contact_method); + set_user_setting($user_id, 'defaulttab', $new_default_tab); + set_user_setting($user_id, 'comment', $new_comment); + set_user_setting($user_id, 'comment_exp', $new_comment_exp); + set_user_setting($user_id, 'auto_accept', $new_auto_accept); + set_user_setting($user_id, 'canadmin', $canadmin); + set_user_setting($user_id, 'visibleonline', $visibleonline); + set_user_setting($user_id, 'editaccount', $editaccount); + set_user_setting($user_id, 'verified', $verified); + set_user_setting($user_id, 'verified_by_admin', $verified_by_admin); + foreach ($all_gedcoms as $ged_id=>$ged_name) { + set_user_gedcom_setting($user_id, $ged_id, 'gedcomid', safe_POST_xref('gedcomid'.$ged_id)); + set_user_gedcom_setting($user_id, $ged_id, 'rootid', safe_POST_xref('rootid'.$ged_id)); + set_user_gedcom_setting($user_id, $ged_id, 'canedit', safe_POST('canedit'.$ged_id, array_keys($ALL_EDIT_OPTIONS))); + if (safe_POST_xref('gedcomid'.$ged_id)) { + set_user_gedcom_setting($user_id, $ged_id, 'RELATIONSHIP_PATH_LENGTH', safe_POST_integer('RELATIONSHIP_PATH_LENGTH'.$ged_id, 0, 10, 0)); + } else { + // Do not allow a path length to be set if the individual ID is not + set_user_gedcom_setting($user_id, $ged_id, 'RELATIONSHIP_PATH_LENGTH', null); + } + } + + // If we're verifying a new user, send them a message to let them know + if ($newly_verified && $action=='edituser2') { + WT_I18N::init($user_language); + $message=array(); + $message["to"]=$username; + $headers="From: ".$WEBTREES_EMAIL; + $message["from"]=WT_USER_NAME; + $message["subject"]=WT_I18N::translate('Approval of account at %s', WT_SERVER_NAME.WT_SCRIPT_PATH); + $message["body"]=WT_I18N::translate('The administrator at the webtrees site %s has approved your application for an account. You may now login by accessing the following link: %s', WT_SERVER_NAME.WT_SCRIPT_PATH, WT_SERVER_NAME.WT_SCRIPT_PATH); + $message["created"]=""; + $message["method"]="messaging2"; + addMessage($message); + // and send a copy to the admin + /* + $message=array(); + $message["to"]=WT_USER_NAME; + $headers="From: ".$WEBTREES_EMAIL; + $message["from"]=$username; // fake the from address - so the admin can "reply" to it. + $message["subject"]=WT_I18N::translate('Approval of account at %s', WT_SERVER_NAME.WT_SCRIPT_PATH)); + $message["body"]=WT_I18N::translate('The administrator at the webtrees site %s has approved your application for an account. You may now login by accessing the following link: %s', WT_SERVER_NAME.WT_SCRIPT_PATH, WT_SERVER_NAME.WT_SCRIPT_PATH)); + $message["created"]=""; + $message["method"]="messaging2"; + addMessage($message); */ + } + // Reload the form cleanly, to allow the user to verify their changes + header('Location: '.WT_SERVER_NAME.WT_SCRIPT_PATH."admin_users.php?action=edituser&username=".rawurlencode($username)."&ged=".rawurlencode($ged)); + exit; + } + } +} else { + print_header(WT_I18N::translate('User administration')); +// if ($ENABLE_AUTOCOMPLETE) require WT_ROOT.'js/autocomplete.js.htm'; Removed becasue it doesn't work here for multiple GEDCOMs. Can be reinstated when fixed (https://bugs.launchpad.net/webtrees/+bug/613235) +} + +// Print the form to edit a user +if ($action=="edituser") { + $user_id=get_user_id($username); + init_calendar_popup(); + ?> + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + '; + echo two_state_checkbox('canadmin', get_user_setting($user_id, 'canadmin'), ($user_id==WT_USER_ID) ? 'disabled="disabled"' : ''); + echo ''; + ?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
 
+ +
/> />
/> />
/>
  
+ +
+ +
+ +
+ + + + + + + + + $ged_name) { + echo '', + '', + //Pedigree root person + '', + // GEDCOM INDI Record ID + '', + '', + //Relationship path + '', + ''; + } + ?> +
', $ged_name, ''; + $varname='rootid'.$ged_id; + echo '', print_findindi_link($varname, "", false, false, $ged_name); + $GEDCOM=$ged_name; // library functions use global variable instead of parameter. + $person=WT_Person::getInstance($pid); + if ($person) { + echo ''; + } + echo ''; + $varname='gedcomid'.$ged_id; + echo ''; + print_findindi_link($varname, "", false, false, $ged_name); + $GEDCOM=$ged_name; // library functions use global variable instead of parameter. + $person=WT_Person::getInstance($pid); + if ($person) { + echo ' '; + } + echo ''; + $varname='canedit'.$ged_id; + echo '', + ''; + $varname = 'RELATIONSHIP_PATH_LENGTH'.$ged_id; + echo '', + '
+
+ + ';"/> +
+
+ + +', + '', + '', + 'User ID', + '', WT_I18N::translate('Real name'), '', + '', WT_I18N::translate('User name'), '', + '', WT_I18N::translate('Email'), '', + '', WT_I18N::translate('Language'), '', + '', WT_I18N::translate('Date registered'), '', + '', WT_I18N::translate('Last logged in'), '', + '', WT_I18N::translate('Verified'), '', + '', WT_I18N::translate('Approved'), '', + '', + '', + '', + '', + '', + WT_JS_START, + 'jQuery(document).ready(function() {', + ' jQuery("#user-list").dataTable( {', + ' "oLanguage": {', + ' "sLengthMenu": "Display records"', + ' },', + ' "bAutoWidth":false,', + ' "aaSorting": [[ 1, "asc" ]],', + ' "bProcessing": true,', + ' "bServerSide": true,', + ' "sAjaxSource": "', WT_SERVER_NAME, WT_SCRIPT_PATH, 'load.php?src=user_list",', + ' "aaSorting": [[ 1, "asc" ]],', + ' "bJQueryUI": true,', + ' "sPaginationType": "full_numbers"', + ' } );', + '} );', + WT_JS_END; +*/ + +//-- echo out a list of the current users +if ($action == "listusers") { +ob_start(); + $users = get_all_users(); + + // First filter the users, otherwise the javascript to unfold priviledges gets disturbed + foreach($users as $user_id=>$user_name) { + if ($filter == "warnings") { + if (get_user_setting($user_id, 'comment_exp')) { + if ((strtotime(get_user_setting($user_id, 'comment_exp')) == "-1") || (strtotime(get_user_setting($user_id, 'comment_exp')) >= time("U"))) unset($users[$user_id]); + } + else if (((date("U") - (int)get_user_setting($user_id, 'reg_timestamp')) <= 604800) || get_user_setting($user_id, 'verified')) unset($users[$user_id]); + } + else if ($filter == "adminusers") { + if (!get_user_setting($user_id, 'canadmin')) unset($users[$user_id]); + } + else if ($filter == "usunver") { + if (get_user_setting($user_id, 'verified')) unset($users[$user_id]); + } + else if ($filter == "admunver") { + if ((get_user_setting($user_id, 'verified_by_admin')) || (!get_user_setting($user_id, 'verified'))) { + unset($users[$user_id]); + } + } + else if ($filter == "language") { + if (get_user_setting($user_id, 'language') != $usrlang) { + unset($users[$user_id]); + } + } + else if ($filter == "gedadmin") { + if (get_user_gedcom_setting($user_id, $ged, 'canedit') != "admin") { + unset($users[$user_id]); + } + } + } + + // Then show the users + echo + '', + '', + '', + '', + '', + '', + '', + '', + '', + '', + '', + '', + '', + '', + '', + '', + '', + '', + ''; + foreach($users as $user_id=>$user_name) { + echo "'; + $userName = getUserFullName($user_id); + echo ""; + if (get_user_setting($user_id, "comment_exp")) { + if ((strtotime(get_user_setting($user_id, "comment_exp")) != "-1") && (strtotime(get_user_setting($user_id, "comment_exp")) < time("U"))) + echo '\n"; + echo ''; + echo ''; + echo ''; + echo ''; + + echo ''; + + + if (((date("U") - (int)get_user_setting($user_id, 'reg_timestamp')) > 604800) && !get_user_setting($user_id, 'verified')) + echo ''; + echo '', + '', + '', + '', + ''; + } + echo '', + '
', WT_I18N::translate('Message'), '', WT_I18N::translate('Real name'), '', WT_I18N::translate('User name'), '', WT_I18N::translate('Languages'), '', WT_I18N::translate('Role'), '', WT_I18N::translate('Automatically approve changes made by this user'), '', WT_I18N::translate('Theme'), '', WT_I18N::translate('Default tab'), '', WT_I18N::translate('Date registered'), '', WT_I18N::translate('Last logged in'), '', WT_I18N::translate('Verified'), '', WT_I18N::translate('Approved'), '', WT_I18N::translate('Delete'), '
"; + if ($user_id!=WT_USER_ID && get_user_setting($user_id, 'contactmethod')!='none') { + echo "
 
"; + } else { + echo ' '; + } + echo '
", $userName, ''; + if (get_user_setting($user_id, 'canadmin')) { + echo '
', WT_I18N::translate('Administrator'), '
'; + } + echo "
', $user_name; + else echo '', $user_name; + } + else echo '', $user_name; + if (get_user_setting($user_id, "comment")) { + $tempTitle = PrintReady(get_user_setting($user_id, "comment")); + echo '', $tempTitle, ''; + } + echo "', Zend_Locale::getTranslation(get_user_setting($user_id, 'language'), 'language', WT_LOCALE), ''; + echo "
    "; + foreach ($all_gedcoms as $ged_id=>$ged_name) { + $role=get_user_gedcom_setting($user_id, $ged_id, 'canedit'); + switch ($role) { + case 'admin': + case 'accept': + echo '
  • ', $ALL_EDIT_OPTIONS[$role]; + break; + case 'edit': + case 'access': + case 'none': + echo '
  • ', $ALL_EDIT_OPTIONS[$role]; + break; + default: + echo '
  • ', $ALL_EDIT_OPTIONS['none']; + break; + } + $uged = get_user_gedcom_setting($user_id, $ged_id, 'gedcomid'); + if ($uged) { + echo ' ', $ged_name, '
  • '; + } else { + echo ' ', $ged_name, ''; + } + } + echo "
"; + echo '
'; + if (get_user_setting($user_id, 'auto_accept')) echo WT_I18N::translate('Yes'); + else echo WT_I18N::translate('No'); + echo ''; + if (get_user_setting($user_id, 'theme')) { + foreach (get_theme_names() as $themename=>$themedir) { + if ($themedir == get_user_setting($user_id, 'theme')) echo $themename; + } + } else { echo WT_I18N::translate('default theme');} + echo ''; + echo get_user_setting($user_id, 'defaulttab'); + echo ''; + else echo ''; + echo format_timestamp((int)get_user_setting($user_id, 'reg_timestamp')); + echo ''; + if ((int)get_user_setting($user_id, 'reg_timestamp') > (int)get_user_setting($user_id, 'sessiontime')) { + echo WT_I18N::translate('Never'), '
', WT_I18N::time_ago(time() - (int)get_user_setting($user_id, 'reg_timestamp')); + } else { + echo format_timestamp((int)get_user_setting($user_id, 'sessiontime')), '
', WT_I18N::time_ago(time() - (int)get_user_setting($user_id, 'sessiontime')); + } + echo '
'; + if (get_user_setting($user_id, 'verified')) echo WT_I18N::translate('Yes'); + else echo WT_I18N::translate('No'); + echo ''; + if (get_user_setting($user_id, 'verified_by_admin')) echo WT_I18N::translate('Yes'); + else echo WT_I18N::translate('No'); + echo ''; + if (WT_USER_ID!=$user_id) + echo "
 
"; + echo '
'; + print_footer(); +ob_flush(); + exit; +} + +// -- echo out the form to add a new user +// NOTE: WORKING +if ($action == "createform") { + init_calendar_popup(); + ?> + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
/>
/>
  
+ +
+ +
+ + + + + + + + + $ged_name) { + echo '', + '', + //Pedigree root person + '', + // GEDCOM INDI Record ID + '', + '', + //Relationship path + '', + ''; + } + ?> +
', WT_I18N::translate('%s', get_gedcom_setting($ged_id, 'title')), ''; + $varname='rootid'.$ged_id; + echo '', print_findindi_link($varname, "", false, false, $ged_name), + ''; + $varname='gedcomid'.$ged_id; + echo '' ,print_findindi_link($varname, "", false, false, $ged_name), + ''; + $varname='canedit'.$ged_id; + echo '', + ''; + $varname = 'RELATIONSHIP_PATH_LENGTH'.$ged_id; + echo '', + '
+
+ + +
+
+ +
+ + + "; + echo ""; + ?> + + $user_name) { + $userName = getUserFullName($user_id); + if ((int)get_user_setting($user_id, 'sessiontime') == "0") + $datelogin = (int)get_user_setting($user_id, 'reg_timestamp'); + else + $datelogin = (int)get_user_setting($user_id, 'sessiontime'); + if ((mktime(0, 0, 0, (int)date("m")-$month, (int)date("d"), (int)date("Y")) > $datelogin) && get_user_setting($user_id, 'verified') && get_user_setting($user_id, 'verified_by_admin')) { + ?>$user_name) { + if (((date("U") - (int)get_user_setting($user_id, 'reg_timestamp')) > 604800) && !get_user_setting($user_id, 'verified')) { + $userName = getUserFullName($user_id); + ?>$user_name) { + if (!get_user_setting($user_id, 'verified_by_admin') && get_user_setting($user_id, 'verified')) { + $userName = getUserFullName($user_id); + ?>"; + } ?> +
", WT_I18N::translate('Number of months since the last login for a user\'s account to be considered inactive: '), "
", $userName, "

", WT_I18N::translate('User\'s account has been inactive too long: '); + echo timestamp_to_gedcom_date($datelogin)->Display(false); + $ucnt++; + ?>
" value="1" />
" value="1" />
" value="1" />
"; + echo WT_I18N::translate('Nothing found to cleanup'), "
+

+ 0) { + ?>   + +

+
$user_name) { + $var = "del_".str_replace(array(".", "-", " "), array("_", "_", "_"), $user_name); + if (safe_POST($var)=='1') { + delete_user($user_id); + AddToLog("deleted user ->{$user_name}<-", 'auth'); + echo WT_I18N::translate('Deleted user: '); echo $user_name, "
"; + } else { + $tempArray = unserialize(get_user_setting($user_id, 'canedit')); + if (is_array($tempArray)) { + foreach ($tempArray as $gedid=>$data) { + $var = "delg_".str_replace(array(".", "-", " "), "_", $gedid); + if (safe_POST($var)=='1' && get_user_gedcom_setting($user_id, $gedid, 'canedit')) { + set_user_gedcom_setting($user_id, $gedid, 'canedit', null); + echo $gedid, ":  ", WT_I18N::translate('Unset GEDCOM rights for '), $user_name, "
"; + } + } + } + $tempArray = unserialize(get_user_setting($user_id, 'rootid')); + if (is_array($tempArray)) { + foreach ($tempArray as $gedid=>$data) { + $var = "delg_".str_replace(array(".", "-", " "), "_", $gedid); + if (safe_POST($var)=='1' && get_user_gedcom_setting($user_id, $gedid, 'rootid')) { + set_user_gedcom_setting($user_id, $gedid, 'rootid', null); + echo $gedid, ":  ", WT_I18N::translate('Unset root ID for '), $user_name, "
"; + } + } + } + $tempArray = unserialize(get_user_setting($user_id, 'gedcomid')); + if (is_array($tempArray)) { + foreach ($tempArray as $gedid=>$data) { + $var = "delg_".str_replace(array(".", "-", " "), "_", $gedid); + if (safe_POST($var)=='1' && get_user_gedcom_setting($user_id, $gedid, 'gedcomid')) { + set_user_gedcom_setting($user_id, $gedid, 'gedcomid', null); + echo $gedid, ":  ", WT_I18N::translate('Unset GEDCOM ID for '), $user_name, "
"; + } + } + } + } + } +} +print_footer(); -- cgit v1.3