PageRenderTime 54ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 1ms

/campsite/src/include/phorum/include/admin/users.php

https://github.com/joechrysler/Campsite
PHP | 463 lines | 354 code | 88 blank | 21 comment | 45 complexity | 1063e0173f81f985c8383976189acead MD5 | raw file
Possible License(s): BSD-3-Clause, AGPL-1.0, LGPL-2.1, Apache-2.0
  1. <?php
  2. ////////////////////////////////////////////////////////////////////////////////
  3. // //
  4. // Copyright (C) 2006 Phorum Development Team //
  5. // http://www.phorum.org //
  6. // //
  7. // This program is free software. You can redistribute it and/or modify //
  8. // it under the terms of either the current Phorum License (viewable at //
  9. // phorum.org) or the Phorum License that was distributed with this file //
  10. // //
  11. // This program is distributed in the hope that it will be useful, //
  12. // but WITHOUT ANY WARRANTY, without even the implied warranty of //
  13. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
  14. // //
  15. // You should have received a copy of the Phorum License //
  16. // along with this program. //
  17. ////////////////////////////////////////////////////////////////////////////////
  18. if(!defined("PHORUM_ADMIN")) return;
  19. include('./include/format_functions.php');
  20. $error="";
  21. if(count($_POST)){
  22. if( isset($_POST['action']) && $_POST['action'] == "deleteUsers") {
  23. $count=count($_POST['deleteIds']);
  24. if($count > 0) {
  25. foreach($_POST['deleteIds'] as $id => $deluid) {
  26. phorum_user_delete($deluid);
  27. }
  28. phorum_admin_okmsg("$count User(s) deleted.");
  29. }
  30. } else {
  31. $user_data=$_POST;
  32. switch( $_POST["section"] ) {
  33. case "forums":
  34. if($_POST["new_forum"]){
  35. if(!is_array($_POST["new_forum_permissions"])){
  36. $permission=0;
  37. } else {
  38. $permission = 0;
  39. foreach($_POST["new_forum_permissions"] as $perm=>$check){
  40. $permission = $permission | $perm;
  41. }
  42. }
  43. $user_data["forum_permissions"][$_POST["new_forum"]]=$permission;
  44. }
  45. if(isset($_POST["delforum"])){
  46. foreach($_POST["delforum"] as $fid=>$val){
  47. unset($user_data["forum_permissions"][$fid]);
  48. unset($_POST["forums"][$fid]);
  49. }
  50. }
  51. if(isset($_POST["forums"])){
  52. foreach($_POST["forums"] as $forum_id){
  53. $permission=0;
  54. if(isset($user_data["forum_permissions"][$forum_id])){
  55. foreach($user_data["forum_permissions"][$forum_id] as $perm=>$check){
  56. $permission = $permission | $perm;
  57. }
  58. }
  59. $user_data["forum_permissions"][$forum_id]=$permission;
  60. }
  61. }
  62. if(empty($user_data["forum_permissions"])) $user_data["forum_permissions"]=array();
  63. unset($user_data["delforum"]);
  64. unset($user_data["new_forum"]);
  65. unset($user_data["new_forum_permissions"]);
  66. break;
  67. case "groups":
  68. $groupdata = array();
  69. if($_POST["new_group"]){
  70. // set the new group permission to approved
  71. $groupdata[$_POST["new_group"]] = PHORUM_USER_GROUP_APPROVED;
  72. }
  73. if(isset($_POST["group_perm"])){
  74. foreach($_POST["group_perm"] as $group_id=>$perm){
  75. // as long as we aren't removing them from the group, accept other values
  76. if ($perm != PHORUM_USER_GROUP_REMOVE){
  77. $groupdata[$group_id] = $perm;
  78. }
  79. }
  80. }
  81. phorum_user_save_groups($_POST["user_id"], $groupdata);
  82. break;
  83. }
  84. if(isset($_POST['password1']) && !empty($_POST['password1']) && !empty($_POST['password2']) && $_POST['password1'] != $_POST['password2']) {
  85. $error="Passwords don't match!";
  86. } elseif(!empty($_POST['password1']) && !empty($_POST['password2'])) {
  87. $user_data['password']=$_POST['password1'];
  88. }
  89. // clean up
  90. unset($user_data["module"]);
  91. unset($user_data["section"]);
  92. unset($user_data["password1"]);
  93. unset($user_data["password2"]);
  94. if(empty($error)){
  95. phorum_user_save($user_data);
  96. phorum_admin_okmsg("User Saved");
  97. }
  98. }
  99. }
  100. if ($error) {
  101. phorum_admin_error($error);
  102. }
  103. include_once "./include/admin/PhorumInputForm.php";
  104. include_once "./include/profile_functions.php";
  105. include_once "./include/users.php";
  106. if(!defined("PHORUM_ORIGINAL_USER_CODE") || PHORUM_ORIGINAL_USER_CODE!==true){
  107. echo "Phorum User Admin only works with the Phorum User System.";
  108. return;
  109. }
  110. if(!isset($_GET["edit"]) && !isset($_POST['section'])){
  111. if(empty($_REQUEST["user_id"])){
  112. $frm = new PhorumInputForm ("", "get", "Search");
  113. $frm->addbreak("Phorum User Admin");
  114. $frm->hidden("module", "users");
  115. $frm->addrow("Search", "Username or email contains: " . $frm->text_box("search", htmlspecialchars($_REQUEST["search"]), 30) . " &bull; <a href=\"{$_SERVER['PHP_SELF']}?module=users&search=\">Find All Users</a>");
  116. $frm->addrow("", "Post count " .
  117. $frm->select_tag("posts_op", array("gte" => ">=", "lte" => "<="), $_REQUEST["posts_op"]) .
  118. $frm->text_box("posts", htmlspecialchars($_REQUEST["posts"]), 5) .
  119. " and last active " .
  120. // these are flipped because we're going back in time
  121. $frm->select_tag("lastactive_op", array("gte" => "<=", "lte" => ">="), $_REQUEST["lastactive_op"]) .
  122. $frm->text_box("lastactive", htmlspecialchars($_REQUEST["lastactive"]), 5) . " days ago");
  123. $frm->show();
  124. }
  125. ?>
  126. <hr class=\"PhorumAdminHR\" />
  127. <script type="text/javascript">
  128. <!--
  129. function CheckboxControl(form, onoff) {
  130. for (var i = 0; i < form.elements.length; i++)
  131. if (form.elements[i].type == "checkbox")
  132. form.elements[i].checked = onoff;
  133. }
  134. // -->
  135. </script>
  136. <?php
  137. $search=$_REQUEST["search"];
  138. $url_safe_search=urlencode($_REQUEST["search"]);
  139. $url_safe_search.="&posts=".urlencode($_REQUEST["posts"]);
  140. $url_safe_search.="&posts_op=".urlencode($_REQUEST["posts_op"]);
  141. $url_safe_search.="&lastactive=".urlencode($_REQUEST["lastactive"]);
  142. $url_safe_search.="&lastactive_op=".urlencode($_REQUEST["lastactive_op"]);
  143. $users=phorum_db_search_users($_REQUEST["search"]);
  144. if (isset($_REQUEST["posts"]) && $_REQUEST["posts"] != "" && $_REQUEST["posts"] >= 0) {
  145. $cmpfn = phorum_admin_gen_compare($_REQUEST["posts_op"]);
  146. $users = phorum_admin_filter_arr($users, "posts", $_REQUEST["posts"], $cmpfn);
  147. }
  148. if(isset($_REQUEST["lastactive"]) && $_REQUEST["lastactive"] != "" && $_REQUEST["lastactive"] >= 0) {
  149. $time = time() - ($_REQUEST["lastactive"] * 86400);
  150. $cmpfn = phorum_admin_gen_compare($_REQUEST["lastactive_op"]);
  151. $users = phorum_admin_filter_arr($users, "date_last_active", $time, $cmpfn);
  152. }
  153. $total=count($users);
  154. // count active
  155. $total_active=0;
  156. $total_poster=0;
  157. foreach($users as $user){
  158. if ($user['active']==1) {
  159. $total_active++;
  160. if (intval($user['posts'])) $total_poster++;
  161. }
  162. }
  163. settype($_REQUEST["start"], "integer");
  164. $display=30;
  165. $users=array_slice($users, $_REQUEST["start"], $display);
  166. if(count($users)) {
  167. $nav="";
  168. if($_REQUEST["start"]>0){
  169. $old_start=$_REQUEST["start"]-$display;
  170. $nav.="<a href=\"$_SERVER[PHP_SELF]?module=users&search=$url_safe_search&start=$old_start\">Previous Page</a>";
  171. }
  172. $nav.="&nbsp;&nbsp;";
  173. if($_REQUEST["start"]+$display<$total){
  174. $new_start=$_REQUEST["start"]+$display;
  175. $nav.="<a href=\"$_SERVER[PHP_SELF]?module=users&search=$url_safe_search&start=$new_start\">Next Page</a>";
  176. }
  177. echo <<<EOT
  178. <form name="UsersForm" action="{$_SERVER['PHP_SELF']}" method="post">
  179. <input type="hidden" name="module" value="users">
  180. <input type="hidden" name="action" value="deleteUsers">
  181. <table border="0" cellspacing="1" cellpadding="0"
  182. class="PhorumAdminTable" width="100%">
  183. <tr>
  184. <td>$total users found ($total_active active, $total_poster posting)</td>
  185. <td colspan="3">Showing $display users at a time
  186. <td colspan="2" align="right">$nav</td>
  187. </tr>
  188. <tr>
  189. <td class="PhorumAdminTableHead">User</td>
  190. <td class="PhorumAdminTableHead">Email</td>
  191. <td class="PhorumAdminTableHead">Status</td>
  192. <td class="PhorumAdminTableHead">Posts</td>
  193. <td class="PhorumAdminTableHead">Last Activity</td>
  194. <td class="PhorumAdminTableHead">Delete</td>
  195. </tr>
  196. EOT;
  197. foreach($users as $user){
  198. switch($user['active']){
  199. case PHORUM_USER_ACTIVE:
  200. $status = "Active";
  201. break;
  202. case PHORUM_USER_PENDING_EMAIL:
  203. case PHORUM_USER_PENDING_BOTH:
  204. $status = "Pending Confirmation";
  205. break;
  206. case PHORUM_USER_PENDING_MOD:
  207. $status = "Pending Moderator Approval";
  208. default:
  209. $status = "Deactivated";
  210. }
  211. $posts = intval($user['posts']);
  212. $ta_class = "PhorumAdminTableRow".($ta_class == "PhorumAdminTableRow" ? "Alt" : "");
  213. echo "<tr>\n";
  214. echo " <td class=\"".$ta_class."\"><a href=\"$_SERVER[PHP_SELF]?module=users&user_id={$user['user_id']}&edit=1\">".htmlspecialchars($user['username'])."</a></td>\n";
  215. echo " <td class=\"".$ta_class."\">".htmlspecialchars($user['email'])."</td>\n";
  216. echo " <td class=\"".$ta_class."\">{$status}</td>\n";
  217. echo " <td class=\"".$ta_class."\" style=\"text-align:right\">{$posts}</td>\n";
  218. echo " <td class=\"".$ta_class."\" align=\"right\">".(intval($user['date_last_active']) ? strftime($PHORUM['short_date'], intval($user['date_last_active'])) : "&nbsp;")."</td>\n";
  219. echo " <td class=\"".$ta_class."\"><input type=\"checkbox\" name=\"deleteIds[]\" value=\"{$user['user_id']}\"></td>\n";
  220. echo "</tr>\n";
  221. }
  222. echo <<<EOT
  223. <tr>
  224. <td colspan="6" align="right">
  225. <input type="button" value="Check All"
  226. onClick="CheckboxControl(this.form, true);">
  227. <input type="button" value="Clear All"
  228. onClick="CheckboxControl(this.form, false);">
  229. <input type="submit" name="submit" value="Delete Selected Users"
  230. onClick="return confirm('Really delete the selected user(s)?')">
  231. </td>
  232. </tr>
  233. </table>
  234. </form>
  235. EOT;
  236. } else {
  237. echo "No Users Found.";
  238. }
  239. }
  240. // display edit form
  241. if(isset($_REQUEST["user_id"])){
  242. $user=phorum_user_get($_REQUEST["user_id"]);
  243. if(count($user)){
  244. $frm = new PhorumInputForm ("", "post", "Update");
  245. $frm->hidden("module", "users");
  246. $frm->hidden("section", "main");
  247. $frm->hidden("user_id", $_REQUEST["user_id"]);
  248. $frm->hidden("fk_campsite_user_id", $user["fk_campsite_user_id"]);
  249. $frm->addbreak("Edit User");
  250. $frm->addrow("User Name", htmlspecialchars($user["username"])."&nbsp;&nbsp;<a href=\"#forums\">Edit Forum Permissions</a>&nbsp;&nbsp;<a href=\"#groups\">Edit Groups</a>");
  251. $frm->addrow("Email", $frm->text_box("email", $user["email"], 50));
  252. $frm->addrow("Password (Enter to change)", $frm->text_box("password1",""));
  253. $frm->addrow("Password (Confirmation)", $frm->text_box("password2",""));
  254. $frm->addrow("Signature", $frm->textarea("signature", htmlspecialchars($user["signature"])));
  255. $frm->addrow("Active", $frm->select_tag("active", array("No", "Yes"), $user["active"]));
  256. $frm->addrow("Administrator", $frm->select_tag("admin", array("No", "Yes"), $user["admin"]));
  257. $frm->addrow("Registration Date", phorum_date("%m/%d/%Y %I:%M%p",$user['date_added']));
  258. $row=$frm->addrow("Date last active", phorum_date("%m/%d/%Y %I:%M%p",$user['date_last_active']));
  259. $frm->addhelp($row, "Date last active", "This shows the date, when the user was last seen in the forum. Check your setting on \"Track user usage\" in the \"General Settings\". As long as this setting is not enabled, the activity will not be tracked.");
  260. $frm->show();
  261. echo "<br /><hr class=\"PhorumAdminHR\" /><br /><a name=\"forums\"></a>";
  262. $frm = new PhorumInputForm ("", "post", "Update");
  263. $frm->hidden("user_id", $_REQUEST["user_id"]);
  264. $frm->hidden("module", "users");
  265. $frm->hidden("section", "forums");
  266. $row=$frm->addbreak("Edit Forum Permissions");
  267. $frm->addhelp($row, "Forum Permissions", "These are permissions set exclusively for this user. You need to grant all permisssions you want the user to have for a forum here. No permissions from groups or a forum's properties will be used once the user has specific permissions for a forum.");
  268. $forums=phorum_db_get_forums();
  269. $perm_frm = $frm->checkbox("new_forum_permissions[".PHORUM_USER_ALLOW_READ."]", 1, "Read")."&nbsp;&nbsp;".
  270. $frm->checkbox("new_forum_permissions[".PHORUM_USER_ALLOW_REPLY."]", 1, "Reply")."&nbsp;&nbsp;".
  271. $frm->checkbox("new_forum_permissions[".PHORUM_USER_ALLOW_NEW_TOPIC."]", 1, "Create&nbsp;New&nbsp;Topics")."&nbsp;&nbsp;".
  272. $frm->checkbox("new_forum_permissions[".PHORUM_USER_ALLOW_EDIT."]", 1, "Edit&nbsp;Their&nbsp;Posts")."<br />".
  273. $frm->checkbox("new_forum_permissions[".PHORUM_USER_ALLOW_ATTACH."]", 1, "Attach&nbsp;Files")."<br />".
  274. $frm->checkbox("new_forum_permissions[".PHORUM_USER_ALLOW_MODERATE_MESSAGES."]", 1, "Moderate Messages")."&nbsp;&nbsp;".
  275. $frm->checkbox("new_forum_permissions[".PHORUM_USER_ALLOW_MODERATE_USERS."]", 1, "Moderate Users")."&nbsp;&nbsp;";
  276. $arr[]="Add A Forum...";
  277. foreach($forums as $forum_id=>$forum){
  278. if(!isset($user["forum_permissions"][$forum_id]))
  279. $arr[$forum_id]=$forum["name"];
  280. }
  281. if(count($arr)>1)
  282. $frm->addrow($frm->select_tag("new_forum", $arr), $perm_frm);
  283. if(is_array($user["forum_permissions"])){
  284. foreach($user["forum_permissions"] as $forum_id=>$perms){
  285. $perm_frm = $frm->checkbox("forum_permissions[$forum_id][".PHORUM_USER_ALLOW_READ."]", 1, "Read", ($perms & PHORUM_USER_ALLOW_READ))."&nbsp;&nbsp;".
  286. $frm->checkbox("forum_permissions[$forum_id][".PHORUM_USER_ALLOW_REPLY."]", 1, "Reply", ($perms & PHORUM_USER_ALLOW_REPLY))."&nbsp;&nbsp;".
  287. $frm->checkbox("forum_permissions[$forum_id][".PHORUM_USER_ALLOW_NEW_TOPIC."]", 1, "Create&nbsp;New&nbsp;Topics", ($perms & PHORUM_USER_ALLOW_NEW_TOPIC))."&nbsp;&nbsp;".
  288. $frm->checkbox("forum_permissions[$forum_id][".PHORUM_USER_ALLOW_EDIT."]", 1, "Edit&nbsp;Their&nbsp;Posts", ($perms & PHORUM_USER_ALLOW_EDIT))."<br />".
  289. $frm->checkbox("forum_permissions[$forum_id][".PHORUM_USER_ALLOW_ATTACH."]", 1, "Attach&nbsp;Files", ($perms & PHORUM_USER_ALLOW_ATTACH))."<br />".
  290. $frm->checkbox("forum_permissions[$forum_id][".PHORUM_USER_ALLOW_MODERATE_MESSAGES."]", 1, "Moderate Messages", ($perms & PHORUM_USER_ALLOW_MODERATE_MESSAGES))."&nbsp;&nbsp;".
  291. $frm->checkbox("forum_permissions[$forum_id][".PHORUM_USER_ALLOW_MODERATE_USERS."]", 1, "Moderate Users", ($perms & PHORUM_USER_ALLOW_MODERATE_USERS))."&nbsp;&nbsp;".
  292. $frm->hidden("forums[$forum_id]", $forum_id);
  293. $row=$frm->addrow($forums[$forum_id]["name"]."<br />".$frm->checkbox("delforum[$forum_id]", 1, "Delete"), $perm_frm);
  294. }
  295. }
  296. $frm->show();
  297. echo "<br /><hr class=\"PhorumAdminHR\" /><br /><a name=\"groups\"></a>";
  298. $frm = new PhorumInputForm ("", "post", "Update");
  299. $frm->hidden("user_id", $_REQUEST["user_id"]);
  300. $frm->hidden("module", "users");
  301. $frm->hidden("section", "groups");
  302. $extra_opts = "";
  303. // if its an admin, let the user know that the admin will be able to act as a moderator no matter what
  304. if ($user["admin"]){
  305. $row=$frm->addbreak("Edit Groups (Admins can act as a moderator of every group, regardless of these values)");
  306. }
  307. else{
  308. $row=$frm->addbreak("Edit Groups");
  309. }
  310. $groups= phorum_db_get_groups();
  311. $usergroups = phorum_user_get_groups($_REQUEST["user_id"]);
  312. $arr=array("Add A Group...");
  313. foreach($groups as $group_id=>$group){
  314. if(!isset($usergroups[$group_id]))
  315. $arr[$group_id]=$group["name"];
  316. }
  317. if(count($arr)>1)
  318. $frm->addrow("Add A Group", $frm->select_tag("new_group", $arr));
  319. if(is_array($usergroups)){
  320. $group_options = array(PHORUM_USER_GROUP_REMOVE => "< Remove User From Group >",
  321. PHORUM_USER_GROUP_SUSPENDED => "Suspended",
  322. PHORUM_USER_GROUP_UNAPPROVED => "Unapproved",
  323. PHORUM_USER_GROUP_APPROVED => "Approved",
  324. PHORUM_USER_GROUP_MODERATOR => "Group Moderator");
  325. foreach($usergroups as $group_id => $group_perm){
  326. $group_info = phorum_db_get_groups($group_id);
  327. $frm->hidden("groups[$group_id]", "$group_id");
  328. $frm->addrow($group_info[$group_id]["name"], $frm->select_tag("group_perm[$group_id]", $group_options, $group_perm, $extra_opts));
  329. }
  330. }
  331. $frm->show();
  332. } else {
  333. echo "User Not Found.";
  334. }
  335. }
  336. ?>