PageRenderTime 25ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 0ms

/admin/units/users.php

https://gitlab.com/kidaa/quantum
PHP | 200 lines | 178 code | 22 blank | 0 comment | 30 complexity | 8aab49755e41df383850a3d6b7e46ce3 MD5 | raw file
Possible License(s): GPL-2.0, MPL-2.0-no-copyleft-exception 
    

  1. <?php
    2. 

  2. namespace A;
    3. 

  3. 

  4. class Users extends \AUnit {
    5. 

  5. 

  6.     private function updateUsers() {
    7. 

  7.         foreach ($_POST['fp'] as $id) {
    8. 

  8.             switch ($_POST['action']) {
    9. 

  9.                 case 'activate':
    10. 

  10.                     $this->engine->db->query("UPDATE " . DB_PREF . "users SET `enabled`=1 WHERE id=" . (int)$id);
    11. 

  11.                     break;
    12. 

  12.                 case 'deactivate':
    13. 

  13.                     $this->engine->db->query("UPDATE " . DB_PREF . "users SET `enabled`=0 WHERE id=" . (int)$id);
    14. 

  14.                     break;
    15. 

  15.                 case 'remove':
    16. 

  16.                     $this->engine->db->query("DELETE FROM " . DB_PREF . "users WHERE id=" . (int)$id);
    17. 

  17.                     break;
    18. 

  18.                 default:
    19. 

  19.                     break;
    20. 

  20.             }
    21. 

  21.         }
    22. 

  22.         $_SESSION['msg'] = 'success';
    23. 

  23.         $this->engine->url->redirect($this->engine->url->full);
    24. 

  24.     }
    25. 

  25. 

  26.     private function getPageCount($search, $search_query, $limit) {
    27. 

  27.         if ($search == '') {
    28. 

  28.             $q = $this->engine->db->query("SELECT COUNT(1) as count FROM " . DB_PREF . "users");
    29. 

  29.         } else {
    30. 

  30.             $q = $this->engine->db->query("SELECT COUNT(1) as count FROM " . DB_PREF . "users WHERE " . $search_query);
    31. 

  31.         }
    32. 

  32. 

  33.         $all_vals = 0;
    34. 

  34.         if ($q->num_rows > 0) {
    35. 

  35.             $f = $q->row;
    36. 

  36.             $all_vals = (int)$f['count'];
    37. 

  37.         }
    38. 

  38.         return ceil($all_vals / $limit) > 1 ? ceil($all_vals / $limit) : 1;
    39. 

  39.     }
    40. 

  40. 

  41.     private function getUsers($search, $search_query, $start, $limit) {
    42. 

  42.         $users = array();
    43. 

  43.         if ($search == '') {
    44. 

  44.             $q = $this->engine->db->query("SELECT " . DB_PREF . "users.*, " . DB_PREF .
    45. 

  45.                 "user_group.description as ug FROM " . DB_PREF . "users, " . DB_PREF . "user_group WHERE " . DB_PREF .
    46. 

  46.                 "user_group.id = " . DB_PREF . "users.user_group LIMIT " . (int)$start . ", " . (int)$limit);
    47. 

  47.         } else {
    48. 

  48.             $q = $this->engine->db->query("SELECT " . DB_PREF . "users.*, " . DB_PREF .
    49. 

  49.                 "user_group.description as ug FROM " . DB_PREF . "users, " . DB_PREF . "user_group WHERE " . DB_PREF .
    50. 

  50.                 "user_group.id = " . DB_PREF . "users.user_group AND " . $search_query . " LIMIT " . (int)$start .
    51. 

  51.                 ", " . (int)$limit);
    52. 

  52.         }
    53. 

  53.         resizeImage(ROOT_DIR . 'upload/images/no-image.jpg', 50, 50, false);
    54. 

  54.         foreach ($q->rows as $user) {
    55. 

  55.             $users[$user['id']]['photo'] = resizeImage($user['photo'], 50, 50, false);
    56. 

  56.             $users[$user['id']]['name'] = $user['name'];
    57. 

  57.             $users[$user['id']]['description'] = $user['description'];
    58. 

  58.             $users[$user['id']]['email'] = $user['email'];
    59. 

  59.             $users[$user['id']]['joined'] = date("Y-M-d D h:i:s", $user['joined']);
    60. 

  60.             $users[$user['id']]['enabled'] = (bool)$user['enabled'];
    61. 

  61.             $users[$user['id']]['user_group'] = $user['ug'];
    62. 

  62.         }
    63. 

  63.         return $users;
    64. 

  64.     }
    65. 

  65. 

  66.     private function updateUser() {
    67. 

  67.         $query = '';
    68. 

  68.         if (isset($_POST['chp']) && isset($_POST['pass'])) {
    69. 

  69.             $query = ", `password`='" . md5(md5($_POST['pass'])) . "'";
    70. 

  70.         }
    71. 

  71.         $this->engine->db->query("UPDATE " . DB_PREF . "users SET `name`='" .
    72. 

  72.             $this->engine->db->escape($_POST['uname']) . "', `photo`='" . $this->engine->db->escape($_POST['photo']) .
    73. 

  73.             "', `email`='" . $this->engine->db->escape($_POST['email']) . "', `user_group`='" .
    74. 

  74.             $this->engine->db->escape($_POST['group']) . "', `description`='" .
    75. 

  75.             $this->engine->db->escape($_POST['description']) . "', `birth`='" .
    76. 

  76.             $this->engine->db->escape(strtotime($_POST['birth'])) . "'" . $query . " WHERE id=" . (int)$_GET['id']);
    77. 

  77.         $_SESSION['msg'] = 'success';
    78. 

  78.         $this->engine->url->redirect($this->engine->url->full);
    79. 

  79.     }
    80. 

  80. 

  81.     private function addUser() {
    82. 

  82.         $this->engine->db->query("INSERT INTO " . DB_PREF . "users (`name`, `photo`, `email`, `user_group`, " .
    83. 

  83.             "`description`, `birth`, `joined`, `password`) VALUES ('" . $this->engine->db->escape($_POST["uname"]) .
    84. 

  84.             "', '" . $this->engine->db->escape($_POST["photo"]) . "', '" . $this->engine->db->escape($_POST["email"]) .
    85. 

  85.             "', '" . $this->engine->db->escape($_POST["group"]) . "', '" . $this->engine->db->escape($_POST["description"]) .
    86. 

  86.             "', '" . $this->engine->db->escape(strtotime($_POST["birth"])) . "', '" . strtotime('now') . "', '" .
    87. 

  87.             $this->engine->db->escape($_POST["pass"]) . "');");
    88. 

  88.         $_SESSION['msg'] = 'success';
    89. 

  89.         $this->engine->url->redirect(PRTCL . "://" . $this->engine->host . ADM_PATH . "index.php?page=users&view=tiny&id=" .
    90. 

  90.             $this->engine->db->getLastId());
    91. 

  91.     }
    92. 

  92. 

  93.     private function getUserGroups() {
    94. 

  94.         $q = $this->engine->db->query("SELECT * FROM " . DB_PREF . "user_group");
    95. 

  95.         $user_groups = array();
    96. 

  96.         foreach ($q->rows as $f) {
    97. 

  97.             $user_groups[$f['id']] = $f['description'];
    98. 

  98.         }
    99. 

  99.         return $user_groups;
    100. 

  100.     }
    101. 

  101. 

  102.     private function getUser() {
    103. 

  103.         $q = $this->engine->db->query("SELECT * FROM " . DB_PREF . "users WHERE id=" . (int)$_GET['id']);
    104. 

  104.         $user = $q->row;
    105. 

  105.         resizeImage(ROOT_DIR . 'upload/images/no-image.jpg', 150, 130, false);
    106. 

  106.         if (!empty($user)) {
    107. 

  107.             $user['photo']      = ($user['photo'] <> '') ? $user['photo'] : ROOT_DIR . 'upload/images/no-image.jpg';
    108. 

  108.             $user['thumb']      = resizeImage($user['photo'], 150, 130, false);
    109. 

  109.             $user['birth']      = date("d-m-Y", $user['birth']);
    110. 

  110.             $user['joined']     = date("Y-M-d D h:i:s", $user['joined']);
    111. 

  111.             $user['last_login'] = ($user['last_login'] > 1000) ? date("Y-M-d D h:i:s", $user['last_login']) : $this->language['never'];
    112. 

  112.             $user['adm_last_login'] = ($user['adm_last_login'] > 1000) ? date("Y-M-d D h:i:s", $user['adm_last_login']) : $this->language['never'];
    113. 

  113.         } else {
    114. 

  114.             $user = array(
    115. 

  115.                 'name'           => '',
    116. 

  116.                 'email'          => '',
    117. 

  117.                 'user_group'     => 5,
    118. 

  118.                 'description'    => '',
    119. 

  119.                 'photo'          => ROOT_DIR . 'upload/images/no-image.jpg',
    120. 

  120.                 'thumb'          => resizeImage(ROOT_DIR . 'upload/images/no-image.jpg', 150, 130, false),
    121. 

  121.                 'birth'          => date("d-m-Y"),
    122. 

  122.                 'joined'         => date("Y-M-d D h:i:s"),
    123. 

  123.                 'last_login'     => $this->language['never'],
    124. 

  124.                 'adm_last_login' => $this->language['never']
    125. 

  125.             );
    126. 

  126. 

  127.         }
    128. 

  128.         return $user;
    129. 

  129.     }
    130. 

  130. 

  131.     public function index() {
    132. 

  132.         if ($_SESSION['access'] > 2) {
    133. 

  133.             die('Access denied');
    134. 

  134.         }
    135. 

  135. 

  136.         if (isset($_POST['fp'])) {
    137. 

  137.             $this->updateUsers();
    138. 

  138.         }
    139. 

  139. 

  140.         if (isset($_POST['uname']) && (int)$_GET['id'] > 0) {
    141. 

  141.             $this->updateUser();
    142. 

  142.         }
    143. 

  143. 

  144.         if (isset($_POST['uname']) && $_GET['id'] == 'new') {
    145. 

  145.             $this->addUser();
    146. 

  146.         }
    147. 

  147. 

  148.         if (!isset($_GET["page_n"]) || (int)$_GET['page_n'] < 1) {
    149. 

  149.             $_GET["page_n"] = 1;
    150. 

  150.         }
    151. 

  151. 

  152.         if (!isset($_GET["per_page"]) || (int)$_GET['per_page'] < 1) {
    153. 

  153.             $_GET['per_page'] = 10;
    154. 

  154.         }
    155. 

  155. 

  156.         if (isset($_SESSION['msg']) && $_SESSION['msg'] == 'success') {
    157. 

  157.             $this->data['text_message'] = $this->language['changes_applied'];
    158. 

  158.             $this->data['class_message'] = 'success';
    159. 

  159.             unset($_SESSION['msg']);
    160. 

  160.         }
    161. 

  161. 

  162.         if (isset($_GET['view']) && $_GET['view'] == 'tiny') {
    163. 

  163.             $this->data['user_groups'] = $this->getUserGroups();
    164. 

  164.             $this->data['user'] = $this->getUser();
    165. 

  165.             $this->engine->document->addHeaderString('<script type="text/javascript" src="template/js/qfinder/qfinder.js"></script>');
    166. 

  166. 

  167.             $this->data['breadcrumbs'][] = array(
    168. 

  168.                 'caption'   => $this->language['home'],
    169. 

  169.                 'link'      => ADM_PATH
    170. 

  170.             );
    171. 

  171.             $this->data['breadcrumbs'][] = array(
    172. 

  172.                 'caption'   => $this->language['users'],
    173. 

  173.                 'link'      => 'index.php?page=users'
    174. 

  174.             );
    175. 

  175.             $this->data['breadcrumb_cur'] = $this->language['user'];
    176. 

  176. 

  177.             $this->template = 'template/user.tpl';
    178. 

  178.         } else {
    179. 

  179.             $start = ((int)$_GET["page_n"] - 1) * (int)$_GET["per_page"];
    180. 

  180.             $limit = (int)$_GET["per_page"];
    181. 

  181.             $search = isset($_GET["search"]) ? $_GET["search"] : '';
    182. 

  182.             $search_query = "(" . DB_PREF . "users.`name` LIKE '%" . $search . "%' OR " . DB_PREF .
    183. 

  183.                 "users.`email` LIKE '%" . $search . "%' OR " . DB_PREF . "users.`description` LIKE '%" .
    184. 

  184.                 $search . "%')";
    185. 

  185.             $this->data['users'] = $this->getUsers($search, $search_query, $start, $limit);
    186. 

  186.             $this->data['search'] = $search;
    187. 

  187.             $this->data['page_count'] = $this->getPageCount($search, $search_query, $limit);
    188. 

  188.             $this->engine->document->addHeaderString('<link href="template/css/bootstrap-toggle-buttons.css" rel="stylesheet" media="screen">');
    189. 

  189.             $this->engine->document->addHeaderString('<script src="template/js/jquery.toggle.buttons.js"></script>');
    190. 

  190. 

  191.             $this->data['breadcrumbs'][] = array(
    192. 

  192.                 'caption'   => $this->language['home'],
    193. 

  193.                 'link'      => ADM_PATH
    194. 

  194.             );
    195. 

  195.             $this->data['breadcrumb_cur'] = $this->language['users'];
    196. 

  196. 

  197.             $this->template = 'template/users.tpl';
    198. 

  198.         }
    199. 

  199.     }
    200. 

  200. }
    201.