PageRenderTime 68ms CodeModel.GetById 37ms RepoModel.GetById 1ms app.codeStats 0ms

/tng_add_edit_user_code.php

https://github.com/neskie/Stewardship-Portal
PHP | 260 lines | 178 code | 26 blank | 56 comment | 21 complexity | 9fdccc8f14099450a61c1989648b4898 MD5 | raw file
    

  1. <?php
    2. 

  2. /*---------------------------------------------------------------
    3. 

  3. author:	alim karim
    4. 

  4. date:	May 14, 2007
    5. 

  5. file:	tng_add_edit_user.php
    6. 

    7. 

  7. desc:	webpage to add users or reset passwords for
    8. 

  8. 		existing users
    9. 

  9. ---------------------------------------------------------------*/
    10. 

  10. include_once('classes/class_login.php');
    11. 

  11. include_once('classes/class_dbconn.php');
    12. 

  12. 

  13. session_start();
    14. 

  14. //unset($_SESSION['user_list']);
    15. 

  15. //return;
    16. 

  16. 

  17. 

  18. // form is being loaded first time or
    19. 

  19. // it is being loaded through ajax
    20. 

  20. if(isset($_SESSION['obj_login'])){
    21. 

  21. 	global $user_list;
    22. 

  22. 	global $obj_list;
    23. 

  23. 	global $xslt_user;
    24. 

  24. 	
    25. 

  25. 	if(isset($_POST['ajax_action'])){
    26. 

  26. 		switch($_POST['ajax_action']){
    27. 

  27. 			// query for all users in
    28. 

  28. 			// the db
    29. 

  29. 			case "get_users":
    30. 

  30. 				get_user_list($user_list);
    31. 

  31. 				$xml = generate_object_list_xml($user_list, "");
    32. 

  32. 				echo $xml;
    33. 

  33. 			break;
    34. 

  34. 			// the caller wishes get details
    35. 

  35. 			// about a user
    36. 

  36. 			case "get_user_details":
    37. 

  37. 				$uid = $_POST['ajax_uid'];
    38. 

  38. 				$xml = get_user_details($uid);
    39. 

  39. 				echo $xml;
    40. 

  40. 			break;
    41. 

  41. 			// the caller wishes to update
    42. 

  42. 			// attributes associated with 
    43. 

  43. 			// a user
    44. 

  44. 			case "update_user":
    45. 

  45. 				$uid = $_POST['ajax_uid'];
    46. 

  46. 				$fname = $_POST['ajax_fname'];
    47. 

  47. 				$lname = $_POST['ajax_lname'];
    48. 

  48. 				$email = $_POST['ajax_email'];
    49. 

  49. 				$active = $_POST['ajax_active'];
    50. 

  50. 				$new_passwd = "";
    51. 

  51. 				if(isset($_POST['ajax_newpasswd']))
    52. 

  52. 					$new_passwd = $_POST['ajax_newpasswd'];
    53. 

  53. 				update_user($uid, $new_passwd, $fname, $lname, $email, $active);
    54. 

  54. 			break;
    55. 

  55. 			// the caller wishes to add a new
    56. 

  56. 			// user to the db
    57. 

  57. 			case "add_user":
    58. 

  58. 				$uname = $_POST['ajax_uname'];
    59. 

  59. 				$passwd = $_POST['ajax_passwd'];
    60. 

  60. 				$fname = $_POST['ajax_fname'];
    61. 

  61. 				$lname = $_POST['ajax_lname'];
    62. 

  62. 				$email = $_POST['ajax_email'];
    63. 

  63. 				$active = $_POST['ajax_active'];
    64. 

  64. 				add_user($uname, $passwd, $fname, $lname, $email, $active);
    65. 

  65. 				// regenerate the user list
    66. 

  66. 				// and send back the new list
    67. 

  67. 				// as xml
    68. 

  68. 				get_user_list($user_list);
    69. 

  69. 				$xml = generate_object_list_xml($user_list, "");
    70. 

  70. 				echo $xml;
    71. 

  71. 			break;
    72. 

  72. 		}
    73. 

  73. 	}
    74. 

  74. }
    75. 

  75. 

  76. ///
    77. 

  77. /// get_user_list()
    78. 

  78. /// get the user list from the 
    79. 

  79. /// database
    80. 

  80. ///
    81. 

  81. function get_user_list(&$user_list){
    82. 

  82. 	$user_list = array();
    83. 

  83. 	
    84. 

  84. 	$sql_str = "SELECT "
    85. 

  85. 					. "uid, " 
    86. 

  86. 					. "uname "
    87. 

  87. 				. "FROM " 
    88. 

  88. 					. "tng_user ";
    89. 

  89. 	
    90. 

  90. 

  91. 	$dbconn =& new DBConn();
    92. 

  92. 

  93. 	$dbconn->connect();
    94. 

  94. 

  95. 	$result = pg_query($dbconn->conn, $sql_str);
    96. 

  96. 	if(!$result){
    97. 

  97. 		echo "An error occurred while executing the query " . pg_last_error($dbconn->conn);
    98. 

  98. 		$dbconn->disconnect();
    99. 

  99. 		return NULL;
    100. 

  100. 	}
    101. 

  101. 	
    102. 

  102. 	$n_users = pg_num_rows($result);
    103. 

  103. 	// populate user_list array
    104. 

  104. 	// as name-value pairs
    105. 

  105. 	// i.e. the user name is the name, and the
    106. 

  106. 	// user id is the value
    107. 

  107. 	for($i = 0; $i < $n_users; $i++)
    108. 

  108. 		$user_list[pg_fetch_result($result, $i, 1)] = pg_fetch_result($result, $i, 0);
    109. 

  109. 	
    110. 

  110. 	$dbconn->disconnect();
    111. 

  111. }
    112. 

  112. 

  113. ///
    114. 

  114. /// generate_object_list_xml()
    115. 

  115. /// produce xml representing a list
    116. 

  116. /// of objects(users, forms, layers, etc) 
    117. 

  117. /// limited by $prefix (if any)
    118. 

  118. /// provided by the user.
    119. 

  119. /// note that $obj_list is a name-value pair
    120. 

  120. /// array, where the name of the object is the key
    121. 

  121. /// and the id of the object is the value
    122. 

  122. /// 
    123. 

  123. function generate_object_list_xml($obj_list, $prefix){
    124. 

  124. 	$xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n"
    125. 

  125. 		 		. "<objects>";
    126. 

  126. 	$n_objects = count($obj_list);
    127. 

  127. 	$obj_names = array_keys($obj_list);
    128. 

  128. 	
    129. 

  129. 	for($i = 0; $i < $n_objects; $i++){
    130. 

  130. 		if($prefix == ""
    131. 

  131. 			|| substr($obj_names[$i], 0, strlen($prefix)) == $prefix
    132. 

  132. 			){
    133. 

  133. 				$xml .= "<object>"
    134. 

  134. 						. "<id>"
    135. 

  135. 						. $obj_list[$obj_names[$i]]
    136. 

  136. 						. "</id>"
    137. 

  137. 						. "<name>"
    138. 

  138. 						. $obj_names[$i]
    139. 

  139. 						. "</name>"
    140. 

  140. 						. "</object>\n";
    141. 

  141. 			}
    142. 

  142. 		}
    143. 

  143. 		
    144. 

  144. 		$xml .= "</objects>";
    145. 

  145. 		return $xml;
    146. 

  146. }
    147. 

  147. 

  148. ///
    149. 

  149. /// get_user_details()
    150. 

  150. /// get user attributes
    151. 

  151. ///
    152. 

  152. function get_user_details($uid){
    153. 

  153. 	$sql_str = "SELECT "
    154. 

  154. 				. "uname, "
    155. 

  155. 				. "fname, "
    156. 

  156. 				. "lname, "
    157. 

  157. 				. "email, "
    158. 

  158. 				. "active "
    159. 

  159. 			. "FROM "
    160. 

  160. 				. "tng_user "
    161. 

  161. 			. "WHERE "
    162. 

  162. 				. "uid = " . $uid;
    163. 

  163. 

  164. 	$dbconn =& new DBConn();
    165. 

  165. 	$dbconn->connect();
    166. 

  166. 	$result = pg_query($dbconn->conn, $sql_str);
    167. 

  167. 	if(!$result){
    168. 

  168. 		echo "An error occurred while executing the query " 
    169. 

  169. 				. pg_last_error($dbconn->conn) . "\n"
    170. 

  170. 				. $sql_str;
    171. 

  171. 		$dbconn->disconnect();
    172. 

  172. 		return NULL;
    173. 

  173. 	}
    174. 

  174. 	
    175. 

  175. 	$xml = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n"
    176. 

  176. 		 		. "<user>"
    177. 

  177. 					. "<uname>" . pg_fetch_result($result, 0, 'uname') . "</uname>"
    178. 

  178. 					. "<fname>" . pg_fetch_result($result, 0, 'fname') . "</fname>"
    179. 

  179. 					. "<lname>" . pg_fetch_result($result, 0, 'lname') . "</lname>"
    180. 

  180. 					. "<email>" . pg_fetch_result($result, 0, 'email') . "</email>";
    181. 

  181. 	if(pg_fetch_result($result, 0, 'active') == "t")
    182. 

  182. 		$xml .= "<active>true</active>";
    183. 

  183. 	else
    184. 

  184. 		$xml .= "<active>false</active>";
    185. 

  185. 	$xml .= "</user>";
    186. 

  186. 	$dbconn->disconnect();
    187. 

  187. 	return $xml;
    188. 

  188. }
    189. 

  189. 

  190. ///
    191. 

  191. /// update_user()
    192. 

  192. /// update user attributes
    193. 

  193. ///
    194. 

  194. function update_user($uid, $new_passwd = "", $fname, $lname, $email, $active){
    195. 

  195. 	$sql_str = "UPDATE "
    196. 

  196. 					. "tng_user "
    197. 

  197. 				. "SET "
    198. 

  198. 					. "fname = '" . $fname . "', "
    199. 

  199. 					. "lname = '" . $lname . "', "
    200. 

  200. 					. "email = '" . $email . "', "
    201. 

  201. 					. "active = '" . $active . "' ";
    202. 

  202. 					
    203. 

  203. 	if($new_passwd != ""){
    204. 

  204. 		$md5_pass = md5($new_passwd);
    205. 

  205. 		$sql_str .= ", passwd = '" . $md5_pass . "' ";
    206. 

  206. 	}
    207. 

  207. 	
    208. 

  208. 	$sql_str .= "WHERE "
    209. 

  209. 					. "uid = " . $uid;
    210. 

  210. 

  211. 	$dbconn =& new DBConn();
    212. 

  212. 	$dbconn->connect();
    213. 

  213. 	$result = pg_query($dbconn->conn, $sql_str);
    214. 

  214. 	if(!$result){
    215. 

  215. 		echo "An error occurred while executing the query " . pg_last_error($dbconn->conn);
    216. 

  216. 		$dbconn->disconnect();
    217. 

  217. 		return NULL;
    218. 

  218. 	}
    219. 

  219. 	$dbconn->disconnect();
    220. 

  220. }
    221. 

  221. 

  222. ///
    223. 

  223. /// add_user()
    224. 

  224. /// create a user record in the
    225. 

  225. /// tng_user table
    226. 

  226. ///
    227. 

  227. function add_user($uname, $passwd, $fname, $lname, $email, $active){
    228. 

  228. 	$md5_passwd = md5($passwd);
    229. 

  229. 	
    230. 

  230. 	$sql_str = "INSERT INTO tng_user "
    231. 

  231. 					. "("
    232. 

  232. 						. "uname, "
    233. 

  233. 						. "passwd, "
    234. 

  234. 						. "fname, "
    235. 

  235. 						. "lname, "
    236. 

  236. 						. "email,  "
    237. 

  237. 						. "active "
    238. 

  238. 					. ") "
    239. 

  239. 					. "VALUES "
    240. 

  240. 					. "("
    241. 

  241. 						. "'" . $uname . "', "
    242. 

  242. 						. "'" . $md5_passwd . "', "
    243. 

  243. 						. "'" . $fname . "', "
    244. 

  244. 						. "'" . $lname . "', "
    245. 

  245. 						. "'" . $email . "', "
    246. 

  246. 						. "'" . $active . "' "
    247. 

  247. 					. ")";
    248. 

  248. 					
    249. 

  249. 	$dbconn =& new DBConn();
    250. 

  250. 	$dbconn->connect();
    251. 

  251. 	$result = pg_query($dbconn->conn, $sql_str);
    252. 

  252. 	if(!$result){
    253. 

  253. 		echo "An error occurred while executing the query " . pg_last_error($dbconn->conn);
    254. 

  254. 		$dbconn->disconnect();
    255. 

  255. 		return NULL;
    256. 

  256. 	}
    257. 

  257. 	$dbconn->disconnect();
    258. 

  258. }
    259. 

  259. 

  260. ?>
    261. 

  261.