| [ Index ] | PHP Cross Reference of Mambo 4.6.5 |
|
| [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * @package Mambo 4 * @subpackage Users 5 * @author Mambo Foundation Inc see README.php 6 * @copyright (C) 2000 - 2009 Mambo Foundation Inc. 7 * See COPYRIGHT.php for copyright notices and details. 8 * @license GNU/GPL Version 2, see LICENSE.php 9 * 10 * Redistributions of files must retain the above copyright notice. 11 * 12 * Mambo is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; version 2 of the License. 15 */ 16 17 /** ensure this file is being included by a parent file */ 18 defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); 19 20 if (!$acl->acl_check( 'administration', 'manage', 'users', $my->usertype, 'components', 'com_users' )) { 21 mosRedirect( 'index2.php', T_('You are not authorized to view this resource.') ); 22 } 23 24 require_once( $mainframe->getPath( 'admin_html' ) ); 25 26 $task = trim( mosGetParam( $_REQUEST, 'task', null ) ); 27 $cid = mosGetParam( $_REQUEST, 'cid', array( 0 ) ); 28 if (!is_array( $cid )) { 29 $cid = array ( 0 ); 30 } 31 32 switch ($task) { 33 case 'new': 34 editUser( 0, $option); 35 break; 36 37 case 'edit': 38 editUser( intval( $cid[0] ), $option ); 39 break; 40 41 case 'editA': 42 editUser( $id, $option ); 43 break; 44 45 case 'save': 46 case 'apply': 47 saveUser( $option, $task ); 48 break; 49 50 case 'remove': 51 removeUsers( $cid, $option ); 52 break; 53 54 case 'block': 55 changeUserBlock( $cid, 1, $option ); 56 break; 57 58 case 'unblock': 59 changeUserBlock( $cid, 0, $option ); 60 break; 61 62 case 'logout': 63 logoutUser( $cid, $option, $task ); 64 break; 65 66 case 'flogout': 67 logoutUser( $id, $option, $task ); 68 break; 69 70 case 'cancel': 71 cancelUser( $option ); 72 break; 73 74 case 'contact': 75 $contact_id = mosGetParam( $_POST, 'contact_id', '' ); 76 mosRedirect( 'index2.php?option=com_contact&task=editA&id='. $contact_id ); 77 break; 78 79 default: 80 showUsers( $option ); 81 break; 82 } 83 84 function showUsers( $option ) { 85 global $database, $mainframe, $my, $acl, $mosConfig_list_limit; 86 87 $filter_type = $mainframe->getUserStateFromRequest( "filter_type{$option}", 'filter_type', 0 ); 88 $filter_logged = $mainframe->getUserStateFromRequest( "filter_logged{$option}", 'filter_logged', 0 ); 89 $limit = $mainframe->getUserStateFromRequest( "viewlistlimit", 'limit', $mosConfig_list_limit ); 90 $limitstart = $mainframe->getUserStateFromRequest( "view{$option}limitstart", 'limitstart', 0 ); 91 $search = $mainframe->getUserStateFromRequest( "search{$option}", 'search', '' ); 92 $search = $database->getEscaped( trim( strtolower( $search ) ) ); 93 $where = array(); 94 95 if (isset( $search ) && $search!= "") { 96 $where[] = "(a.username LIKE '%$search%' OR a.email LIKE '%$search%' OR a.name LIKE '%$search%')"; 97 } 98 if ( $filter_type ) { 99 if ( $filter_type == 'Public Frontend' ) { 100 $where[] = "a.usertype = 'Registered' OR a.usertype = 'Author' OR a.usertype = 'Editor' OR a.usertype = 'Publisher'"; 101 } else if ( $filter_type == 'Public Backend' ) { 102 $where[] = "a.usertype = 'Manager' OR a.usertype = 'Administrator' OR a.usertype = 'Super Administrator'"; 103 } else { 104 $where[] = "a.usertype = LOWER( '$filter_type' )"; 105 } 106 } 107 if ( $filter_logged == 1 ) { 108 $where[] = "s.userid = a.id"; 109 } else if ($filter_logged == 2) { 110 $where[] = "s.userid IS NULL"; 111 } 112 113 // exclude any child group id's for this user 114 //$acl->_debug = true; 115 $pgids = $acl->get_group_children( $my->gid, 'ARO', 'RECURSE' ); 116 117 if (is_array( $pgids ) && count( $pgids ) > 0) { 118 $where[] = "(a.gid NOT IN (" . implode( ',', $pgids ) . "))"; 119 } 120 121 $query = "SELECT COUNT(a.id)" 122 . "\n FROM #__users AS a"; 123 124 if ($filter_logged == 1 || $filter_logged == 2) { 125 $query .= "\n INNER JOIN #__session AS s ON s.userid = a.id"; 126 } 127 128 $query .= ( count( $where ) ? "\n WHERE " . implode( ' AND ', $where ) : '' ) 129 ; 130 $database->setQuery( $query ); 131 $total = $database->loadResult(); 132 133 require_once( $GLOBALS['mosConfig_absolute_path'] . '/administrator/includes/pageNavigation.php' ); 134 $pageNav = new mosPageNav( $total, $limitstart, $limit ); 135 136 $query = "SELECT a.*, g.name AS groupname" 137 . "\n FROM #__users AS a" 138 . "\n INNER JOIN #__core_acl_aro AS aro ON aro.value = a.id" // map user to aro 139 . "\n INNER JOIN #__core_acl_groups_aro_map AS gm ON gm.aro_id = aro.aro_id" // map aro to group 140 . "\n INNER JOIN #__core_acl_aro_groups AS g ON g.group_id = gm.group_id"; 141 142 if ($filter_logged == 1 || $filter_logged == 2) { 143 $query .= "\n INNER JOIN #__session AS s ON s.userid = a.id"; 144 } 145 146 $query .= (count( $where ) ? "\n WHERE " . implode( ' AND ', $where ) : "") 147 . "\n GROUP BY a.id" 148 . "\n LIMIT $pageNav->limitstart, $pageNav->limit" 149 ; 150 $database->setQuery( $query ); 151 $rows = $database->loadObjectList(); 152 153 if ($database->getErrorNum()) { 154 echo $database->stderr(); 155 return false; 156 } 157 158 // @RawSQLUse, trivial_implementation, SELECT, CONCEPT 159 $template = 'SELECT COUNT(s.userid) FROM #__session AS s WHERE s.userid = %d'; 160 $n = count( $rows ); 161 for ($i = 0; $i < $n; $i++) { 162 $row = &$rows[$i]; 163 $query = sprintf( $template, intval( $row->id ) ); 164 $database->setQuery( $query ); 165 $row->loggedin = $database->loadResult(); 166 } 167 168 // get list of Groups for dropdown filter 169 // @RawSQLUse, trivial_implementation, SELECT, CONCEPT 170 $query = "SELECT name AS value, name AS text" 171 . "\n FROM #__core_acl_aro_groups" 172 . "\n WHERE name != 'ROOT'" 173 . "\n AND name != 'USERS'" 174 ; 175 $types[] = mosHTML::makeOption( '0', T_('- Select Group -') ); 176 $database->setQuery( $query ); 177 $types = array_merge( $types, $database->loadObjectList() ); 178 $lists['type'] = mosHTML::selectList( $types, 'filter_type', 'class="inputbox" size="1" onchange="document.adminForm.submit( );"', 'value', 'text', "$filter_type" ); 179 180 // get list of Log Status for dropdown filter 181 $logged[] = mosHTML::makeOption( 0, T_('- Select Log Status - ')); 182 $logged[] = mosHTML::makeOption( 1, T_('Logged In')); 183 $logged[] = mosHTML::makeOption( 2, T_('Not Logged In')); 184 $lists['logged'] = mosHTML::selectList( $logged, 'filter_logged', 'class="inputbox" size="1" onchange="document.adminForm.submit( );"', 'value', 'text', "$filter_logged" ); 185 186 HTML_users::showUsers( $rows, $pageNav, $search, $option, $lists ); 187 } 188 189 function editUser( $uid='0', $option='users' ) { 190 global $database, $my, $acl; 191 192 $row = new mosUser( $database ); 193 // load the row from the db table 194 $row->load( $uid ); 195 if ( $uid ) { 196 // @RawSQLUse, trivial_implementation, SELECT, CONCEPT 197 $query = "SELECT * FROM #__contact_details WHERE user_id='". $row->id ."'"; 198 $database->setQuery( $query ); 199 $contact = $database->loadObjectList(); 200 } else { 201 $contact = NULL; 202 $row->block = 0; 203 } 204 205 // check to ensure only super admins can edit super admin info 206 if ( ( $my->gid < 25 ) && ( $row->gid == 25 ) ) { 207 mosRedirect( 'index2.php?option=com_users', T_('You are not authorized to view this resource.') ); 208 } 209 210 $my_group = strtolower( $acl->get_group_name( $row->gid, 'ARO' ) ); 211 if ( $my_group == 'super administrator' ) { 212 $lists['gid'] = '<input type="hidden" name="gid" value="'. $my->gid .'" /><strong>'.T_('Super Administrator').'</strong>'; 213 } else if ( $my->gid == 24 && $row->gid == 24 ) { 214 $lists['gid'] = '<input type="hidden" name="gid" value="'. $my->gid .'" /><strong>'.T_('Administrator').'</strong>'; 215 } else { 216 // ensure user can't add group higher than themselves 217 $my_groups = $acl->get_object_groups( 'users', $my->id, 'ARO' ); 218 if (is_array( $my_groups ) && count( $my_groups ) > 0) { 219 $ex_groups = $acl->get_group_children( $my_groups[0], 'ARO', 'RECURSE' ); 220 if (!$ex_groups) $ex_groups = array(); 221 } else { 222 $ex_groups = array(); 223 } 224 225 $gtree = $acl->get_group_children_tree( null, 'USERS', false ); 226 227 // remove users 'above' me 228 $i = 0; 229 while ($i < count( $gtree )) { 230 if (in_array( $gtree[$i]->value, $ex_groups )) { 231 array_splice( $gtree, $i, 1 ); 232 } else { 233 $i++; 234 } 235 } 236 237 $lists['gid'] = mosHTML::selectList( $gtree, 'gid', 'size="10"', 'value', 'text', $row->gid ); 238 } 239 240 // build the html select list 241 $lists['block'] = mosHTML::yesnoRadioList( 'block', 'class="inputbox" size="1"', $row->block ); 242 // build the html select list 243 $lists['sendEmail'] = mosHTML::yesnoRadioList( 'sendEmail', 'class="inputbox" size="1"', $row->sendEmail ); 244 245 HTML_users::edituser( $row, $contact, $lists, $option, $uid ); 246 } 247 248 function saveUser( $option, $task ) { 249 global $database, $my, $acl; 250 global $mosConfig_live_site, $mosConfig_mailfrom, $mosConfig_fromname, $mosConfig_sitename; 251 252 if (!mosMainframe::validFormId($option,'edit',$my)) { 253 mosRedirect('index2.php', T_('Failed form hash')); 254 } 255 256 $row = new mosUser( $database ); 257 if (!$row->bind( $_POST )) { 258 echo "<script> alert('".$row->getError()."'); window.history.go(-1); </script>\n"; 259 exit(); 260 } 261 262 // sanitize 263 $row->id = intval($row->id); 264 $row->gid = intval($row->gid); 265 266 $isNew = !$row->id; 267 $pwd = ''; 268 269 // disallow super administrator blocking self 270 $super_gid = $acl->get_group_id('super administrator'); 271 if ( $row->id == $my->id && ($my->gid == $super_gid) ) $row->block = 0; 272 273 // MD5 hash convert passwords 274 if ($isNew) { 275 // new user stuff 276 if ($row->password == '') { 277 $pwd = mosMakePassword(); 278 $row->password = md5( $pwd ); 279 } else { 280 $pwd = $row->password; 281 $row->password = md5( $row->password ); 282 } 283 $row->registerDate = date( 'Y-m-d H:i:s' ); 284 } else { 285 // existing user stuff 286 if ($row->password == '') { 287 // password set to null if empty 288 $row->password = null; 289 } else { 290 $pwd = $row->password; 291 $row->password = md5( $pwd ); 292 } 293 } 294 295 // save usertype to usetype column 296 // @RawSQLUse, trivial_implementation, SELECT, CONCEPT 297 $query = "SELECT name" 298 . "\n FROM #__core_acl_aro_groups" 299 . "\n WHERE group_id = $row->gid" 300 ; 301 $database->setQuery( $query ); 302 $usertype = $database->loadResult(); 303 $row->usertype = $usertype; 304 305 if (!$row->check()) { 306 echo "<script> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; 307 exit(); 308 } 309 if (!$row->store()) { 310 echo "<script> alert('".$row->getError()."'); window.history.go(-2); </script>\n"; 311 exit(); 312 } 313 $row->checkin(); 314 315 $loginfo = new mosLoginDetails($row->username, $pwd); 316 $mambothandler =& mosMambotHandler::getInstance(); 317 $mambothandler->loadBotGroup('authenticator'); 318 // update the ACL 319 if ( !$isNew ) { 320 if ($pwd) $mambothandler->trigger('userChange', array($loginfo)); 321 if ($row->block) $mambothandler->trigger('userBlock', array($loginfo)); 322 else $mambothandler->trigger('userUnblock', array($loginfo)); 323 // @RawSQLUse, trivial_implementation, SELECT 324 $query = "SELECT aro_id FROM #__core_acl_aro WHERE value='$row->id'"; 325 $database->setQuery( $query ); 326 $aro_id = $database->loadResult(); 327 328 // @RawSQLUse, trivial_implementation, UPDATE 329 $query = "UPDATE #__core_acl_groups_aro_map" 330 . "\n SET group_id = '$row->gid'" 331 . "\n WHERE aro_id = '$aro_id'" 332 ; 333 $database->setQuery( $query ); 334 $database->query() or die( $database->stderr() ); 335 } 336 337 // for new users, email username and password 338 if ($isNew) { 339 $mambothandler->trigger('userRegister', array($loginfo)); 340 $mambothandler->trigger('userActivate', array($loginfo)); 341 if ($row->block) $mambothandler->trigger('userBlock', array($loginfo)); 342 // @RawSQLUse, trivial_implementation, SELECT, CONCEPT 343 $query = "SELECT email FROM #__users WHERE id=$my->id"; 344 $database->setQuery( $query ); 345 $adminEmail = $database->loadResult(); 346 347 $subject = T_('New User Details'); 348 $message = sprintf ( T_('Hello %s, 349 350 351 You have been added as a user to %s by an Administrator. 352 353 This email contains your username and password to log into the %s 354 355 Username - %s 356 Password - %s 357 358 359 Please do not respond to this message as it is automatically generated and is for information purposes only'), $row->name, $mosConfig_sitename, $mosConfig_live_site, $row->username, $pwd ); 360 361 if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") { 362 $adminName = $mosConfig_fromname; 363 $adminEmail = $mosConfig_mailfrom; 364 } else { 365 // @RawSQLUse, trivial_implementation, SELECT 366 $query = "SELECT name, email FROM #__users WHERE usertype='super administrator'"; 367 $database->setQuery( $query ); 368 $rows = $database->loadObjectList(); 369 $row = $rows[0]; 370 $adminName = $row->name; 371 $adminEmail = $row->email; 372 } 373 mosMail( $adminEmail, $adminName, $row->email, $subject, $message ); 374 } 375 376 switch ( $task ) { 377 case 'apply': 378 $msg = sprintf(T_('Successfully Saved changes to User: %s'), $row->name); 379 mosRedirect( 'index2.php?option=com_users&task=editA&hidemainmenu=1&id='. $row->id, $msg ); 380 381 case 'save': 382 default: 383 $msg = sprintf(T_('Successfully Saved User: %s'), $row->name); 384 mosRedirect( 'index2.php?option=com_users', $msg ); 385 386 break; 387 } 388 } 389 390 /** 391 * Cancels an edit operation 392 * @param option component option to call 393 */ 394 function cancelUser( $option ) { 395 mosRedirect( 'index2.php?option='. $option .'&task=view' ); 396 } 397 398 function removeUsers( $cid, $option ) { 399 global $database, $acl, $my; 400 401 if (!is_array( $cid ) || count( $cid ) < 1) { 402 $msg = T_("Select an item to delete"); 403 mosRedirect( 'index2.php?option='. $option, $msg ); 404 } 405 406 if ( in_array($my->id, $cid) ) { 407 $msg = T_("You cannot delete yourself!"); 408 mosRedirect( 'index2.php?option='. $option, $msg ); 409 } 410 411 // count super/admin gids within $cid 412 $super_gid = $acl->get_group_id('super administrator'); 413 $admin_gid = $acl->get_group_id('administrator'); 414 $cids = implode( ',', $cid ); 415 $database->setQuery("SELECT COUNT(id) FROM #__users WHERE id IN ($cids) AND gid IN ($super_gid,$admin_gid)"); 416 if ( $database->getErrorMsg() ) { 417 echo $database->stderr(); 418 return; 419 } 420 $admin_count = (int) $database->loadResult(); 421 422 // disallow deleting administrators / super administrators if not super administrator 423 if ( $admin_count && ($my->gid !== $super_gid) ) { 424 $msg = T_("You cannot delete another `Administrator` only `Super Administrators` have this power"); 425 mosRedirect( 'index2.php?option='. $option, $msg ); 426 } 427 428 if ( count( $cid ) ) { 429 $obj = new mosUser( $database ); 430 $deleted = array(); 431 foreach ($cid as $id) { 432 $obj->delete( $id ); 433 $deleted[] = $id; 434 $msg = $obj->getError(); 435 } 436 if (count($deleted)) { 437 $mambothandler =& mosMambotHandler::getInstance(); 438 $mambothandler->loadBotGroup('authenticator'); 439 $cids = implode(',', $deleted); 440 // @RawSQLUse, trivial_implementation, SELECT, CONCEPT 441 $query = "SELECT username FROM #__users WHERE id IN ($cids)"; 442 $database->setQuery($query); 443 $results = $database->loadResultArray(); 444 if ($results) foreach ($results as $result) { 445 $loginfo = new mosLoginDetails($result->username); 446 $mambothandler->trigger('userDelete', array($loginfo)); 447 } 448 } 449 } 450 mosRedirect( 'index2.php?option='. $option, $msg ); 451 } 452 453 /** 454 * Blocks or Unblocks one or more user records 455 * @param array An array of unique category id numbers 456 * @param integer 0 if unblock, 1 if blocking 457 * @param string The current url option 458 */ 459 function changeUserBlock( $cid=null, $block=1, $option ) { 460 global $database, $my, $acl; 461 462 if (count( $cid ) < 1) { 463 $action = $block ? T_('block') : T_('unblock'); 464 echo "<script> alert('".sprintf(T_('Select an item to %s'),$action)."'); window.history.go(-1);</script>\n"; 465 exit; 466 } 467 468 // super administrator can not block self 469 $super_gid = $acl->get_group_id('super administrator'); 470 if ( in_array($my->id, $cid) && ($my->gid == $super_gid) ) { 471 $msg = T_("You cannot block yourself!"); 472 mosRedirect( 'index2.php?option='. $option, $msg ); 473 } 474 475 $cids = implode( ',', $cid ); 476 477 // @RawSQLUse, trivial_implementation, SELECT, CONCEPT 478 $query = "UPDATE #__users SET block='$block' WHERE id IN ($cids)"; 479 $database->setQuery( $query ); 480 if (!$database->query()) { 481 echo "<script> alert('".$database->getErrorMsg()."'); window.history.go(-1); </script>\n"; 482 exit(); 483 } 484 $mambothandler =& mosMambotHandler::getInstance(); 485 $mambothandler->loadBotGroup('authenticator'); 486 // @RawSQLUse, trivial_implementation, SELECT, CONCEPT 487 $query = "SELECT username FROM #__users WHERE id IN ($cids)"; 488 $database->setQuery($query); 489 $results = $database->loadResultArray(); 490 if ($results) foreach ($results as $result) { 491 $loginfo = new mosLoginDetails($result->username); 492 if ($block) $mambothandler->trigger('userBlock', array($loginfo)); 493 else $mambothandler->trigger('userUnblock', array($loginfo)); 494 } 495 mosRedirect( 'index2.php?option='. $option ); 496 } 497 498 /** 499 * @param array An array of unique user id numbers 500 * @param string The current url option 501 */ 502 function logoutUser( $cid=null, $option, $task ) { 503 global $database, $my; 504 505 $cids = $cid; 506 if ( is_array( $cid ) ) { 507 if (count( $cid ) < 1) { 508 mosRedirect( 'index2.php?option='. $option, T_('Please select a user') ); 509 } 510 $cids = implode( ',', $cid ); 511 } 512 513 // @RawSQLUse, trivial_implementation, SELECT, CONCEPT 514 $query = "DELETE FROM #__session WHERE userid IN ($cids)"; 515 $database->setQuery( $query ); 516 $database->query(); 517 518 switch ( $task ) { 519 case 'flogout': 520 mosRedirect( 'index2.php', $database->getErrorMsg() ); 521 break; 522 523 default: 524 mosRedirect( 'index2.php?option='. $option, $database->getErrorMsg() ); 525 break; 526 } 527 } 528 529 function is_email($email){ 530 $rBool=false; 531 532 if(preg_match("/[\w\.\-]+@\w+[\w\.\-]*?\.\w{1,4}/", $email)){ 533 $rBool=true; 534 } 535 return $rBool; 536 } 537 538 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Feb 8 00:05:01 2012 | Cross-referenced by PHPXref 0.7 |
| Mambo API: Mambo is Free software released under the GNU/General Public License, Version 2 |