Subversion Repositories svnkaklik

Rev

Details | Last modification | View Log

Rev Author Line No. Line
6 kaklik 1
<?php
2
/*************************
3
  Coppermine Photo Gallery
4
  ************************
5
  Copyright (c) 2003-2005 Coppermine Dev Team
6
  v1.1 originaly written by Gregory DEMAR
7
 
8
  This program is free software; you can redistribute it and/or modify
9
  it under the terms of the GNU General Public License as published by
10
  the Free Software Foundation; either version 2 of the License, or
11
  (at your option) any later version.
12
  ********************************************
13
  Coppermine version: 1.3.3
14
  $Source: /cvsroot/coppermine/stable/usermgr.php,v $
15
  $Revision: 1.7 $
16
  $Author: gaugau $
17
  $Date: 2005/04/19 03:17:11 $
18
**********************************************/
19
 
20
define('IN_COPPERMINE', true);
21
define('USERMGR_PHP', true);
22
define('PROFILE_PHP', true);
23
 
24
require('include/init.inc.php');
25
 
26
if (defined('UDB_INTEGRATION')) udb_edit_users();
27
 
28
if (USER_ID !='') {
29
 if (GALLERY_ADMIN_MODE) {
30
  $lim_user = 0;
31
 }
32
 elseif ($CONFIG['allow_memberlist']) {
33
  $lim_user = 1;
34
  show_memberlist;
35
 }
36
 else {
37
  $lim_user = 2;
38
  cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
39
 }
40
}
41
else {
42
 $lim_user = 3;
43
 cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
44
}
45
 
46
function show_memberlist()
47
{
48
        db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
49
        pageheader($lang_usermgr_php['title']);
50
        list_users();
51
        pagefooter();
52
        ob_end_flush();
53
}
54
 
55
 
56
 
57
function list_users()
58
{
59
    global $CONFIG, $PHP_SELF, $HTTP_GET_VARS;
60
    global $lang_usermgr_php, $lang_byte_units, $register_date_fmt;
61
    global $lim_user;
62
 
63
 
64
    $sort_codes = array('name_a' => 'user_name ASC',
65
        'name_d' => 'user_name DESC',
66
        'group_a' => 'group_name ASC',
67
        'group_d' => 'group_name DESC',
68
        'reg_a' => 'user_regdate ASC',
69
        'reg_d' => 'user_regdate DESC',
70
        'pic_a' => 'pic_count ASC',
71
        'pic_d' => 'pic_count DESC',
72
        'disku_a' => 'disk_usage ASC',
73
        'disku_d' => 'disk_usage DESC',
74
        'lv_a' => 'user_lastvisit ASC',
75
        'lv_d' => 'user_lastvisit DESC',
76
        );
77
 
78
    $sort = (!isset($HTTP_GET_VARS['sort']) || !isset($sort_codes[$HTTP_GET_VARS['sort']])) ? 'reg_d' : $HTTP_GET_VARS['sort'];
79
 
80
    $tab_tmpl = array('left_text' => '<td width="100%%" align="left" valign="middle" class="tableh1_compact" style="white-space: nowrap"><b>' . $lang_usermgr_php['u_user_on_p_pages'] . '</b></td>' . "\n",
81
        'tab_header' => '',
82
        'tab_trailer' => '',
83
        'active_tab' => '<td><img src="images/spacer.gif" width="1" height="1"></td>' . "\n" . '<td align="center" valign="middle" class="tableb_compact"><b>%d</b></td>',
84
        'inactive_tab' => '<td><img src="images/spacer.gif" width="1" height="1"></td>' . "\n" . '<td align="center" valign="middle" class="navmenu"><a href="' . $PHP_SELF . '?page=%d&sort=' . $sort . '"<b>%d</b></a></td>' . "\n"
85
        );
86
 
87
    $result = db_query("SELECT count(*) FROM {$CONFIG['TABLE_USERS']} WHERE 1");
88
    $nbEnr = mysql_fetch_array($result);
89
    $user_count = $nbEnr[0];
90
    mysql_free_result($result);
91
 
92
    if (!$user_count) cpg_die(CRITICAL_ERROR, $lang_usermgr_php['err_no_users'], __FILE__, __LINE__);
93
 
94
    $user_per_page = 25;
95
    $page = isset($HTTP_GET_VARS['page']) ? (int)$HTTP_GET_VARS['page'] : 1;
96
    $lower_limit = ($page-1) * $user_per_page;
97
    $total_pages = ceil($user_count / $user_per_page);
98
 
99
    $sql = "SELECT user_id, user_name, UNIX_TIMESTAMP(user_regdate) as user_regdate, UNIX_TIMESTAMP(user_lastvisit) as user_lastvisit, user_active, ".
100
           "COUNT(pid) as pic_count, ROUND(SUM(total_filesize)/1024) as disk_usage, group_name, group_quota ".
101
           "FROM {$CONFIG['TABLE_USERS']} AS u ".
102
           "INNER JOIN {$CONFIG['TABLE_USERGROUPS']} AS g ON user_group = group_id ".
103
           "LEFT JOIN {$CONFIG['TABLE_PICTURES']} AS p ON p.owner_id = u.user_id ".
104
           "GROUP BY user_id ".
105
           "ORDER BY " . $sort_codes[$sort] . " ".
106
           "LIMIT $lower_limit, $user_per_page;";
107
 
108
    $result = db_query($sql);
109
 
110
    $tabs = create_tabs($user_count, $page, $total_pages, $tab_tmpl);
111
 
112
    starttable('100%');
113
    if (!$lim_user) {
114
     echo <<< EOT
115
 
116
        <tr>
117
                <td class="tableh1"><b><span class="statlink">{$lang_usermgr_php['name']}</span></b></td>
118
                <td class="tableh1"><b><span class="statlink">{$lang_usermgr_php['group']}</span></b></td>
119
                <td class="tableh1"><b><span class="statlink">{$lang_usermgr_php['registered_on']}</span></b></td>
120
                <td class="tableh1"><b><span class="statlink">{$lang_usermgr_php['last_visit']}</span></b></td>
121
                <td class="tableh1" colspan="2" align="center"><b><span class="statlink">{$lang_usermgr_php['operations']}</span></b></td>
122
                <td class="tableh1" align="center"><b><span class="statlink">{$lang_usermgr_php['pictures']}</span></b></td>
123
                <td class="tableh1" colspan="2" align="center"><b><span class="statlink">{$lang_usermgr_php['disk_space']}</span></b></td>
124
        </tr>
125
EOT;
126
    }
127
    else {
128
     echo <<< EOT
129
 
130
        <tr>
131
                <td class="tableh1"><b><span class="statlink">{$lang_usermgr_php['name']}</span></b></td>
132
                <td class="tableh1"><b><span class="statlink">{$lang_usermgr_php['group']}</span></b></td>
133
                <td class="tableh1"><b><span class="statlink">{$lang_usermgr_php['registered_on']}</span></b></td>
134
                <td class="tableh1"><b><span class="statlink">{$lang_usermgr_php['last_visit']}</span></b></td>
135
                <td class="tableh1" align="center"><b><span class="statlink">{$lang_usermgr_php['pictures']}</span></b></td>
136
                <td class="tableh1" colspan="2" align="center"><b><span class="statlink">{$lang_usermgr_php['disk_space']}</span></b></td>
137
        </tr>
138
EOT;
139
    }
140
 
141
 
142
    while ($user = mysql_fetch_array($result)) {
143
        if ($user['user_active'] == 'NO') $user['group_name'] = '<i>' . $lang_usermgr_php['inactive'] . '</i>';
144
        $user['user_regdate'] = localised_date($user['user_regdate'], $register_date_fmt);
145
        if ($user['user_lastvisit']) {
146
            $user['user_lastvisit'] = localised_date($user['user_lastvisit'], $register_date_fmt);
147
        }
148
        else {
149
            $user['user_lastvisit'] = $lang_usermgr_php['never'];
150
        }
151
 
152
        $usr_link = '<a href="profile.php?uid=' . $user['user_id'] . '">' . $user['user_name'];
153
        if ($user['pic_count']) {
154
            $usr_link .= '</a> (<a href="thumbnails.php?album=lastupby&uid=' . $user['user_id'] . '">' . $lang_usermgr_php['latest_upload'] . '</a>)';
155
        } else {
156
            $usr_link .= '</a>';
157
        }
158
 
159
 
160
        if (!$lim_user) {
161
         echo <<< EOT
162
        <tr>
163
                <td class="tableb">$usr_link</td>
164
                <td class="tableb">{$user['group_name']}</td>
165
                <td class="tableb">{$user['user_regdate']}</td>
166
                <td class="tableb">{$user['user_lastvisit']}</td>
167
                <td class="tableb" align="center"><div class="admin_menu"><a href="$PHP_SELF?op=edit&user_id={$user['user_id']}">{$lang_usermgr_php['edit']}</a></div></td>
168
                <td class="tableb"  align="center"><div class="admin_menu"><a href="delete.php?id={$user['user_id']}&what=user"  onclick="return confirm('{$lang_usermgr_php['confirm_del']}');">{$lang_usermgr_php['delete']}</a></div></td>
169
                <td class="tableb" align="center">{$user['pic_count']}</td>
170
                <td class="tableb" align="right">{$user['disk_usage']}&nbsp;{$lang_byte_units[1]}</td>
171
                <td class="tableb" align="right">{$user['group_quota']}&nbsp;{$lang_byte_units[1]}</td>
172
        </tr>
173
 
174
EOT;
175
        } else {
176
                  echo <<< EOT
177
        <tr>
178
                <td class="tableb">$usr_link</td>
179
                <td class="tableb">{$user['group_name']}</td>
180
                <td class="tableb">{$user['user_regdate']}</td>
181
                <td class="tableb">{$user['user_lastvisit']}</td>
182
                <td class="tableb" align="center">{$user['pic_count']}</td>
183
                <td class="tableb" align="right">{$user['disk_usage']}&nbsp;{$lang_byte_units[1]}</td>
184
                <td class="tableb" align="right">{$user['group_quota']}&nbsp;{$lang_byte_units[1]}</td>
185
        </tr>
186
 
187
EOT;
188
        }
189
 
190
    } // while
191
    mysql_free_result($result);
192
 
193
    $lb = "<select name=\"album_listbox\" class=\"listbox\" onChange=\"if(this.options[this.selectedIndex].value) window.location.href='$PHP_SELF?page=$page&sort='+this.options[this.selectedIndex].value;\">\n";
194
    foreach($sort_codes as $key => $value) {
195
        $selected = ($key == $sort) ? "SELECTED" : "";
196
        $lb .= "        <option value=\"" . $key . "\" $selected>" . $lang_usermgr_php[$key] . "</option>\n";
197
    }
198
    $lb .= "</select>\n";
199
 
200
    if (!$lim_user) {
201
     echo <<<EOT
202
        <tr>
203
                <form method="post" action="$PHP_SELF?op=new_user">
204
                <td colspan="9" align="center" class="tablef">
205
                <table cellpadding="0" cellspacing="0">
206
                <tr>
207
                        <td><input type="submit" value="{$lang_usermgr_php['create_new_user']}" class="button"></td>
208
                        <td><img src="images/spacer.gif" width="50" height="1" alt="" /></td>
209
                        <td><b>{$lang_usermgr_php['sort_by']}</b></td>
210
                        <td><img src="images/spacer.gif" width="10" height="1" alt="" /></td>
211
                        <td>$lb</td>
212
                </tr>
213
                </table>
214
                </td>
215
                </form>
216
        </tr>
217
EOT;
218
    }
219
    echo <<<EOT
220
        <tr>
221
                <td colspan="9" style="padding: 0px;">
222
                        <table width="100%" cellspacing="0" cellpadding="0">
223
                                <tr>
224
                                        $tabs
225
                                </tr>
226
                        </table>
227
                </td>
228
        </tr>
229
 
230
EOT;
231
 
232
 
233
    endtable();
234
}
235
 
236
function edit_user($user_id)
237
{
238
    global $CONFIG, $PHP_SELF;
239
    global $lang_usermgr_php, $lang_yes, $lang_no;
240
 
241
    $form_data = array(
242
        array('input', 'user_name', $lang_usermgr_php['name'], 25),
243
        array('password', 'user_password', $lang_usermgr_php['password'], 25),
244
        array('yesno', 'user_active', $lang_usermgr_php['user_active']),
245
        array('group_list', 'user_group', $lang_usermgr_php['user_group']),
246
        array('input', 'user_email', $lang_usermgr_php['user_email'], 255),
247
        array('input', 'user_location', $lang_usermgr_php['user_location'], 255),
248
        array('input', 'user_interests', $lang_usermgr_php['user_interests'], 255),
249
        array('input', 'user_website', $lang_usermgr_php['user_web_site'], 255),
250
        array('input', 'user_occupation', $lang_usermgr_php['user_occupation'], 255)
251
        );
252
 
253
    $sql = "SELECT * FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$user_id'";
254
    $result = db_query($sql);
255
    if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_usermgr_php['err_unknown_user'], __FILE__, __LINE__);
256
    $user_data = mysql_fetch_array($result);
257
    mysql_free_result($result);
258
 
259
    starttable(500, $lang_usermgr_php['modify_user'], 2);
260
    echo <<<EOT
261
        <form method="post" action="$PHP_SELF?op=update&user_id=$user_id">
262
 
263
EOT;
264
 
265
    foreach ($form_data as $element) switch ($element[0]) {
266
        case 'input' :
267
            $user_data[$element[1]] = $user_data[$element[1]];
268
            echo <<<EOT
269
        <tr>
270
            <td width="40%" class="tableb">
271
                        {$element[2]}
272
        </td>
273
        <td width="60%" class="tableb" valign="top">
274
                <input type="text" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="{$user_data[$element[1]]}" class="textinput">
275
                </td>
276
        </tr>
277
 
278
EOT;
279
            break;
280
 
281
        case 'password' :
282
            echo <<<EOT
283
        <tr>
284
            <td width="40%" class="tableb">
285
                        {$element[2]}
286
        </td>
287
        <td width="60%" class="tableb" valign="top">
288
                <input type="input" style="width: 100%" name="{$element[1]}" maxlength="{$element[3]}" value="" class="textinput">
289
                </td>
290
        </tr>
291
 
292
EOT;
293
            break;
294
 
295
        case 'yesno' :
296
            $value = $user_data[$element[1]];
297
            $yes_selected = ($value == 'YES') ? 'selected' : '';
298
            $no_selected = ($value == 'NO') ? 'selected' : '';
299
            echo <<< EOT
300
        <tr>
301
            <td class="tableb">
302
                        {$element[2]}
303
        </td>
304
                <td class="tableb">
305
                        <select name="{$element[1]}" class="listbox">
306
                                <option value="YES" $yes_selected>$lang_yes</option>
307
                                <option value="NO" $no_selected>$lang_no</option>
308
                        </select>
309
                </td>
310
        </tr>
311
 
312
EOT;
313
            break;
314
 
315
        case 'group_list' :
316
            $sql = "SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']} ORDER BY group_name";
317
            $result = db_query($sql);
318
            $group_list = db_fetch_rowset($result);
319
            mysql_free_result($result);
320
 
321
            $sel_group = $user_data[$element[1]];
322
            $user_group_list = ($user_data['user_group_list'] == '') ? ',' . $sel_group . ',' : ',' . $user_data['user_group_list'] . ',' . $sel_group . ',';
323
 
324
            echo <<<EOT
325
        <tr>
326
            <td class="tableb">
327
                        {$element[2]}
328
        </td>
329
        <td class="tableb" valign="top">
330
                <select name="{$element[1]}" class="listbox">
331
 
332
EOT;
333
            $group_cb = '';
334
            foreach($group_list as $group) {
335
                echo '                        <option value="' . $group['group_id'] . '"' . ($group['group_id'] == $sel_group ? ' selected' : '') . '>' . $group['group_name'] . "</option>\n";
336
                $checked = strpos(' ' . $user_group_list, ',' . $group['group_id'] . ',') ? 'checked' : '';
337
                $group_cb .= '<input name="group_list[]" type="checkbox" value="' . $group['group_id'] . '" ' . $checked . '>' . $group['group_name'] . "<br />\n";
338
            }
339
            echo <<<EOT
340
                        </select><br />
341
                        $group_cb
342
                </td>
343
        </tr>
344
 
345
EOT;
346
            break;
347
 
348
        default:
349
            cpg_die(CRITICAL_ERROR, 'Invalid action for form creation ' . $element[0], __FILE__, __LINE__);
350
    }
351
 
352
    echo <<<EOT
353
        <tr>
354
                <td colspan="2" class="tableh2">
355
                        <b>{$lang_usermgr_php['notes']}</b>
356
                </td>
357
        </tr>
358
        <tr>
359
                <td colspan="2" class="tableb">
360
                        <ul>
361
                        {$lang_usermgr_php['note_list']}
362
                        </ul>
363
                </td>
364
        </tr>
365
        <tr>
366
                <td colspan="2" align="center" class="tablef">
367
                        <input type="submit" value="{$lang_usermgr_php['modify_user']}" class="button">
368
                </td>
369
                </form>
370
        </tr>
371
 
372
EOT;
373
 
374
    endtable();
375
}
376
 
377
function update_user($user_id)
378
{
379
    global $CONFIG, $PHP_SELF, $HTTP_POST_VARS;
380
    global $lang_usermgr_php, $lang_register_php;
381
 
382
    $user_name = addslashes(trim($HTTP_POST_VARS['user_name']));
383
    $user_password = addslashes(trim($HTTP_POST_VARS['user_password']));
384
    $user_email = addslashes(trim($HTTP_POST_VARS['user_email']));
385
    $user_location = addslashes($HTTP_POST_VARS['user_location']);
386
    $user_interests = addslashes($HTTP_POST_VARS['user_interests']);
387
    $user_website = addslashes($HTTP_POST_VARS['user_website']);
388
    $user_occupation = addslashes($HTTP_POST_VARS['user_occupation']);
389
    $user_active = $HTTP_POST_VARS['user_active'];
390
    $user_group = $HTTP_POST_VARS['user_group'];
391
    $group_list = isset($HTTP_POST_VARS['group_list']) ? $HTTP_POST_VARS['group_list'] : '';
392
 
393
    $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "' AND user_id != $user_id";
394
    $result = db_query($sql);
395
 
396
    if (mysql_num_rows($result)) {
397
        cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
398
        return false;
399
    }
400
    mysql_free_result($result);
401
 
402
    if (strlen($user_name) < 2) cpg_die(ERROR, $lang_register_php['err_uname_short'], __FILE__, __LINE__);
403
    if (strlen($user_password) && strlen($user_password) < 2) cpg_die(ERROR, $lang_register_php['err_password_short'], __FILE__, __LINE__);
404
 
405
    if (is_array($group_list)) {
406
        $user_group_list = '';
407
        foreach($group_list as $group) $user_group_list .= ($group != $user_group) ? $group . ',' : '';
408
        $user_group_list = substr($user_group_list, 0, -1);
409
    } else {
410
        $user_group_list = '';
411
    }
412
 
413
    $sql_update = "UPDATE {$CONFIG['TABLE_USERS']} " . "SET " . "user_name           = '$user_name', " . "user_email          = '$user_email', " . "user_active    = '$user_active', " . "user_group           = '$user_group', " . "user_location  = '$user_location', " . "user_interests = '$user_interests', " . "user_website          = '$user_website', " . "user_occupation= '$user_occupation', " . "user_group_list      = '$user_group_list'";
414
    if (strlen($user_password)) $sql_update .= ", user_password = '$user_password'";
415
    $sql_update .= " WHERE user_id = '$user_id'";
416
 
417
    db_query($sql_update);
418
}
419
 
420
$op = isset($HTTP_GET_VARS['op']) ? $HTTP_GET_VARS['op'] : '';
421
 
422
switch ($op) {
423
    case 'edit' :
424
        $user_id = isset($HTTP_GET_VARS['user_id']) ? (int)$HTTP_GET_VARS['user_id'] : -1;
425
 
426
        if (USER_ID == $user_id) cpg_die(ERROR, $lang_usermgr_php['err_edit_self'], __FILE__, __LINE__);
427
 
428
        pageheader($lang_usermgr_php['title']);
429
        edit_user($user_id);
430
        pagefooter();
431
        ob_end_flush();
432
        break;
433
 
434
    case 'update' :
435
        $user_id = isset($HTTP_GET_VARS['user_id']) ? (int)$HTTP_GET_VARS['user_id'] : -1;
436
 
437
        update_user($user_id);
438
 
439
        db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
440
 
441
        pageheader($lang_usermgr_php['title']);
442
        list_users();
443
        pagefooter();
444
        ob_end_flush();
445
        break;
446
 
447
    case 'new_user' :
448
        db_query("INSERT INTO {$CONFIG['TABLE_USERS']}(user_regdate, user_active) VALUES (NOW(), 'YES')");
449
 
450
        $user_id = mysql_insert_id();
451
 
452
        pageheader($lang_usermgr_php['title']);
453
        edit_user($user_id);
454
        pagefooter();
455
        ob_end_flush();
456
        break;
457
 
458
    default :
459
        db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
460
 
461
        pageheader($lang_usermgr_php['title']);
462
        list_users();
463
        pagefooter();
464
        ob_end_flush();
465
        break;
466
}
467
 
468
?>