1 | <?php
|
---|
2 | /*
|
---|
3 | * User Manager
|
---|
4 | *
|
---|
5 | * Dokuwiki Admin Plugin
|
---|
6 | *
|
---|
7 | * This version of the user manager has been modified to only work with
|
---|
8 | * objectified version of auth system
|
---|
9 | *
|
---|
10 | * @author neolao <[email protected]>
|
---|
11 | * @author Chris Smith <[email protected]>
|
---|
12 | */
|
---|
13 | // must be run within Dokuwiki
|
---|
14 | if(!defined('DOKU_INC')) die();
|
---|
15 |
|
---|
16 | if(!defined('DOKU_PLUGIN_IMAGES')) define('DOKU_PLUGIN_IMAGES',DOKU_BASE.'lib/plugins/usermanager/images/');
|
---|
17 |
|
---|
18 | /**
|
---|
19 | * All DokuWiki plugins to extend the admin function
|
---|
20 | * need to inherit from this class
|
---|
21 | */
|
---|
22 | class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
|
---|
23 |
|
---|
24 | var $_auth = null; // auth object
|
---|
25 | var $_user_total = 0; // number of registered users
|
---|
26 | var $_filter = array(); // user selection filter(s)
|
---|
27 | var $_start = 0; // index of first user to be displayed
|
---|
28 | var $_last = 0; // index of the last user to be displayed
|
---|
29 | var $_pagesize = 20; // number of users to list on one page
|
---|
30 | var $_edit_user = ''; // set to user selected for editing
|
---|
31 | var $_edit_userdata = array();
|
---|
32 | var $_disabled = ''; // if disabled set to explanatory string
|
---|
33 |
|
---|
34 | /**
|
---|
35 | * Constructor
|
---|
36 | */
|
---|
37 | function admin_plugin_usermanager(){
|
---|
38 | global $auth;
|
---|
39 |
|
---|
40 | $this->setupLocale();
|
---|
41 |
|
---|
42 | if (!isset($auth)) {
|
---|
43 | $this->disabled = $this->lang['noauth'];
|
---|
44 | } else if (!$auth->canDo('getUsers')) {
|
---|
45 | $this->disabled = $this->lang['nosupport'];
|
---|
46 | } else {
|
---|
47 |
|
---|
48 | // we're good to go
|
---|
49 | $this->_auth = & $auth;
|
---|
50 |
|
---|
51 | }
|
---|
52 | }
|
---|
53 |
|
---|
54 | /**
|
---|
55 | * return some info
|
---|
56 | */
|
---|
57 | function getInfo(){
|
---|
58 |
|
---|
59 | return array(
|
---|
60 | 'author' => 'Chris Smith',
|
---|
61 | 'email' => '[email protected]',
|
---|
62 | 'date' => '2008-09-17',
|
---|
63 | 'name' => 'User Manager',
|
---|
64 | 'desc' => 'Manage users '.$this->disabled,
|
---|
65 | 'url' => 'http://dokuwiki.org/plugin:usermanager',
|
---|
66 | );
|
---|
67 | }
|
---|
68 | /**
|
---|
69 | * return prompt for admin menu
|
---|
70 | */
|
---|
71 | function getMenuText($language) {
|
---|
72 |
|
---|
73 | if (!is_null($this->_auth))
|
---|
74 | return parent::getMenuText($language);
|
---|
75 |
|
---|
76 | return $this->getLang('menu').' '.$this->disabled;
|
---|
77 | }
|
---|
78 |
|
---|
79 | /**
|
---|
80 | * return sort order for position in admin menu
|
---|
81 | */
|
---|
82 | function getMenuSort() {
|
---|
83 | return 2;
|
---|
84 | }
|
---|
85 |
|
---|
86 | /**
|
---|
87 | * handle user request
|
---|
88 | */
|
---|
89 | function handle() {
|
---|
90 | global $ID;
|
---|
91 |
|
---|
92 | if (is_null($this->_auth)) return false;
|
---|
93 |
|
---|
94 | // extract the command and any specific parameters
|
---|
95 | // submit button name is of the form - fn[cmd][param(s)]
|
---|
96 | $fn = $_REQUEST['fn'];
|
---|
97 |
|
---|
98 | if (is_array($fn)) {
|
---|
99 | $cmd = key($fn);
|
---|
100 | $param = is_array($fn[$cmd]) ? key($fn[$cmd]) : null;
|
---|
101 | } else {
|
---|
102 | $cmd = $fn;
|
---|
103 | $param = null;
|
---|
104 | }
|
---|
105 |
|
---|
106 | if ($cmd != "search") {
|
---|
107 | if (!empty($_REQUEST['start']))
|
---|
108 | $this->_start = $_REQUEST['start'];
|
---|
109 | $this->_filter = $this->_retrieveFilter();
|
---|
110 | }
|
---|
111 |
|
---|
112 | switch($cmd){
|
---|
113 | case "add" : $this->_addUser(); break;
|
---|
114 | case "delete" : $this->_deleteUser(); break;
|
---|
115 | case "modify" : $this->_modifyUser(); break;
|
---|
116 | case "edit" : $this->_editUser($param); break;
|
---|
117 | case "search" : $this->_setFilter($param);
|
---|
118 | $this->_start = 0;
|
---|
119 | break;
|
---|
120 | }
|
---|
121 |
|
---|
122 | $this->_user_total = $this->_auth->canDo('getUserCount') ? $this->_auth->getUserCount($this->_filter) : -1;
|
---|
123 |
|
---|
124 | // page handling
|
---|
125 | switch($cmd){
|
---|
126 | case 'start' : $this->_start = 0; break;
|
---|
127 | case 'prev' : $this->_start -= $this->_pagesize; break;
|
---|
128 | case 'next' : $this->_start += $this->_pagesize; break;
|
---|
129 | case 'last' : $this->_start = $this->_user_total; break;
|
---|
130 | }
|
---|
131 | $this->_validatePagination();
|
---|
132 | }
|
---|
133 |
|
---|
134 | /**
|
---|
135 | * output appropriate html
|
---|
136 | */
|
---|
137 | function html() {
|
---|
138 | global $ID;
|
---|
139 |
|
---|
140 | if(is_null($this->_auth)) {
|
---|
141 | print $this->lang['badauth'];
|
---|
142 | return false;
|
---|
143 | }
|
---|
144 |
|
---|
145 | $user_list = $this->_auth->retrieveUsers($this->_start, $this->_pagesize, $this->_filter);
|
---|
146 | $users = array_keys($user_list);
|
---|
147 |
|
---|
148 | $page_buttons = $this->_pagination();
|
---|
149 | $delete_disable = $this->_auth->canDo('delUser') ? '' : 'disabled="disabled"';
|
---|
150 |
|
---|
151 | $editable = $this->_auth->canDo('UserMod');
|
---|
152 |
|
---|
153 | print $this->locale_xhtml('intro');
|
---|
154 | print $this->locale_xhtml('list');
|
---|
155 |
|
---|
156 | ptln("<div id=\"user__manager\">");
|
---|
157 | ptln("<div class=\"level2\">");
|
---|
158 |
|
---|
159 | if ($this->_user_total > 0) {
|
---|
160 | ptln("<p>".sprintf($this->lang['summary'],$this->_start+1,$this->_last,$this->_user_total,$this->_auth->getUserCount())."</p>");
|
---|
161 | } else {
|
---|
162 | ptln("<p>".sprintf($this->lang['nonefound'],$this->_auth->getUserCount())."</p>");
|
---|
163 | }
|
---|
164 | ptln("<form action=\"".wl($ID)."\" method=\"post\">");
|
---|
165 | formSecurityToken();
|
---|
166 | ptln(" <table class=\"inline\">");
|
---|
167 | ptln(" <thead>");
|
---|
168 | ptln(" <tr>");
|
---|
169 | ptln(" <th> </th><th>".$this->lang["user_id"]."</th><th>".$this->lang["user_name"]."</th><th>".$this->lang["user_mail"]."</th><th>".$this->lang["user_groups"]."</th>");
|
---|
170 | ptln(" </tr>");
|
---|
171 |
|
---|
172 | ptln(" <tr>");
|
---|
173 | ptln(" <td class=\"rightalign\"><input type=\"image\" src=\"".DOKU_PLUGIN_IMAGES."search.png\" name=\"fn[search][new]\" title=\"".$this->lang['search_prompt']."\" alt=\"".$this->lang['search']."\" class=\"button\" /></td>");
|
---|
174 | ptln(" <td><input type=\"text\" name=\"userid\" class=\"edit\" value=\"".$this->_htmlFilter('user')."\" /></td>");
|
---|
175 | ptln(" <td><input type=\"text\" name=\"username\" class=\"edit\" value=\"".$this->_htmlFilter('name')."\" /></td>");
|
---|
176 | ptln(" <td><input type=\"text\" name=\"usermail\" class=\"edit\" value=\"".$this->_htmlFilter('mail')."\" /></td>");
|
---|
177 | ptln(" <td><input type=\"text\" name=\"usergroups\" class=\"edit\" value=\"".$this->_htmlFilter('grps')."\" /></td>");
|
---|
178 | ptln(" </tr>");
|
---|
179 | ptln(" </thead>");
|
---|
180 |
|
---|
181 | if ($this->_user_total) {
|
---|
182 | ptln(" <tbody>");
|
---|
183 | foreach ($user_list as $user => $userinfo) {
|
---|
184 | extract($userinfo);
|
---|
185 | $groups = join(', ',$grps);
|
---|
186 | ptln(" <tr class=\"user_info\">");
|
---|
187 | ptln(" <td class=\"centeralign\"><input type=\"checkbox\" name=\"delete[".$user."]\" ".$delete_disable." /></td>");
|
---|
188 | if ($editable) {
|
---|
189 | ptln(" <td><a href=\"".wl($ID,array('fn[edit]['.hsc($user).']' => 1,
|
---|
190 | 'do' => 'admin',
|
---|
191 | 'page' => 'usermanager',
|
---|
192 | 'sectok' => getSecurityToken())).
|
---|
193 | "\" title=\"".$this->lang['edit_prompt']."\">".hsc($user)."</a></td>");
|
---|
194 | } else {
|
---|
195 | ptln(" <td>".hsc($user)."</td>");
|
---|
196 | }
|
---|
197 | ptln(" <td>".hsc($name)."</td><td>".hsc($mail)."</td><td>".hsc($groups)."</td>");
|
---|
198 | ptln(" </tr>");
|
---|
199 | }
|
---|
200 | ptln(" </tbody>");
|
---|
201 | }
|
---|
202 |
|
---|
203 | ptln(" <tbody>");
|
---|
204 | ptln(" <tr><td colspan=\"5\" class=\"centeralign\">");
|
---|
205 | ptln(" <span class=\"medialeft\">");
|
---|
206 | ptln(" <input type=\"submit\" name=\"fn[delete]\" ".$delete_disable." class=\"button\" value=\"".$this->lang['delete_selected']."\" id=\"usrmgr__del\" />");
|
---|
207 | ptln(" </span>");
|
---|
208 | ptln(" <span class=\"mediaright\">");
|
---|
209 | ptln(" <input type=\"submit\" name=\"fn[start]\" ".$page_buttons['start']." class=\"button\" value=\"".$this->lang['start']."\" />");
|
---|
210 | ptln(" <input type=\"submit\" name=\"fn[prev]\" ".$page_buttons['prev']." class=\"button\" value=\"".$this->lang['prev']."\" />");
|
---|
211 | ptln(" <input type=\"submit\" name=\"fn[next]\" ".$page_buttons['next']." class=\"button\" value=\"".$this->lang['next']."\" />");
|
---|
212 | ptln(" <input type=\"submit\" name=\"fn[last]\" ".$page_buttons['last']." class=\"button\" value=\"".$this->lang['last']."\" />");
|
---|
213 | ptln(" </span>");
|
---|
214 | ptln(" <input type=\"submit\" name=\"fn[search][clear]\" class=\"button\" value=\"".$this->lang['clear']."\" />");
|
---|
215 | ptln(" <input type=\"hidden\" name=\"do\" value=\"admin\" />");
|
---|
216 | ptln(" <input type=\"hidden\" name=\"page\" value=\"usermanager\" />");
|
---|
217 |
|
---|
218 | $this->_htmlFilterSettings(2);
|
---|
219 |
|
---|
220 | ptln(" </td></tr>");
|
---|
221 | ptln(" </tbody>");
|
---|
222 | ptln(" </table>");
|
---|
223 |
|
---|
224 | ptln("</form>");
|
---|
225 | ptln("</div>");
|
---|
226 |
|
---|
227 | $style = $this->_edit_user ? " class=\"edit_user\"" : "";
|
---|
228 |
|
---|
229 | if ($this->_auth->canDo('addUser')) {
|
---|
230 | ptln("<div".$style.">");
|
---|
231 | print $this->locale_xhtml('add');
|
---|
232 | ptln(" <div class=\"level2\">");
|
---|
233 |
|
---|
234 | $this->_htmlUserForm('add',null,array(),4);
|
---|
235 |
|
---|
236 | ptln(" </div>");
|
---|
237 | ptln("</div>");
|
---|
238 | }
|
---|
239 |
|
---|
240 | if($this->_edit_user && $this->_auth->canDo('UserMod')){
|
---|
241 | ptln("<div".$style." id=\"scroll__here\">");
|
---|
242 | print $this->locale_xhtml('edit');
|
---|
243 | ptln(" <div class=\"level2\">");
|
---|
244 |
|
---|
245 | $this->_htmlUserForm('modify',$this->_edit_user,$this->_edit_userdata,4);
|
---|
246 |
|
---|
247 | ptln(" </div>");
|
---|
248 | ptln("</div>");
|
---|
249 | }
|
---|
250 | ptln("</div>");
|
---|
251 | }
|
---|
252 |
|
---|
253 |
|
---|
254 | /**
|
---|
255 | * @todo disable fields which the backend can't change
|
---|
256 | */
|
---|
257 | function _htmlUserForm($cmd,$user='',$userdata=array(),$indent=0) {
|
---|
258 | global $conf;
|
---|
259 | global $ID;
|
---|
260 |
|
---|
261 | $name = $mail = $groups = '';
|
---|
262 | $notes = array();
|
---|
263 |
|
---|
264 | if ($user) {
|
---|
265 | extract($userdata);
|
---|
266 | if (!empty($grps)) $groups = join(',',$grps);
|
---|
267 | } else {
|
---|
268 | $notes[] = sprintf($this->lang['note_group'],$conf['defaultgroup']);
|
---|
269 | }
|
---|
270 |
|
---|
271 | ptln("<form action=\"".wl($ID)."\" method=\"post\">",$indent);
|
---|
272 | formSecurityToken();
|
---|
273 | ptln(" <table class=\"inline\">",$indent);
|
---|
274 | ptln(" <thead>",$indent);
|
---|
275 | ptln(" <tr><th>".$this->lang["field"]."</th><th>".$this->lang["value"]."</th></tr>",$indent);
|
---|
276 | ptln(" </thead>",$indent);
|
---|
277 | ptln(" <tbody>",$indent);
|
---|
278 |
|
---|
279 | $this->_htmlInputField($cmd."_userid", "userid", $this->lang["user_id"], $user, $this->_auth->canDo("modLogin"), $indent+6);
|
---|
280 | $this->_htmlInputField($cmd."_userpass", "userpass", $this->lang["user_pass"], "", $this->_auth->canDo("modPass"), $indent+6);
|
---|
281 | $this->_htmlInputField($cmd."_username", "username", $this->lang["user_name"], $name, $this->_auth->canDo("modName"), $indent+6);
|
---|
282 | $this->_htmlInputField($cmd."_usermail", "usermail", $this->lang["user_mail"], $mail, $this->_auth->canDo("modMail"), $indent+6);
|
---|
283 | $this->_htmlInputField($cmd."_usergroups","usergroups",$this->lang["user_groups"],$groups,$this->_auth->canDo("modGroups"),$indent+6);
|
---|
284 |
|
---|
285 | if ($this->_auth->canDo("modPass")) {
|
---|
286 | $notes[] = $this->lang['note_pass'];
|
---|
287 | if ($user) {
|
---|
288 | $notes[] = $this->lang['note_notify'];
|
---|
289 | }
|
---|
290 |
|
---|
291 | ptln("<tr><td><label for=\"".$cmd."_usernotify\" >".$this->lang["user_notify"].": </label></td><td><input type=\"checkbox\" id=\"".$cmd."_usernotify\" name=\"usernotify\" value=\"1\" /></td></tr>", $indent);
|
---|
292 | }
|
---|
293 |
|
---|
294 | ptln(" </tbody>",$indent);
|
---|
295 | ptln(" <tbody>",$indent);
|
---|
296 | ptln(" <tr>",$indent);
|
---|
297 | ptln(" <td colspan=\"2\">",$indent);
|
---|
298 | ptln(" <input type=\"hidden\" name=\"do\" value=\"admin\" />",$indent);
|
---|
299 | ptln(" <input type=\"hidden\" name=\"page\" value=\"usermanager\" />",$indent);
|
---|
300 |
|
---|
301 | // save current $user, we need this to access details if the name is changed
|
---|
302 | if ($user)
|
---|
303 | ptln(" <input type=\"hidden\" name=\"userid_old\" value=\"".$user."\" />",$indent);
|
---|
304 |
|
---|
305 | $this->_htmlFilterSettings($indent+10);
|
---|
306 |
|
---|
307 | ptln(" <input type=\"submit\" name=\"fn[".$cmd."]\" class=\"button\" value=\"".$this->lang[$cmd]."\" />",$indent);
|
---|
308 | ptln(" </td>",$indent);
|
---|
309 | ptln(" </tr>",$indent);
|
---|
310 | ptln(" </tbody>",$indent);
|
---|
311 | ptln(" </table>",$indent);
|
---|
312 |
|
---|
313 | foreach ($notes as $note)
|
---|
314 | ptln("<div class=\"fn\">".$note."</div>",$indent);
|
---|
315 |
|
---|
316 | ptln("</form>",$indent);
|
---|
317 | }
|
---|
318 |
|
---|
319 | function _htmlInputField($id, $name, $label, $value, $cando, $indent=0) {
|
---|
320 | $class = $cando ? '' : ' class="disabled"';
|
---|
321 | $disabled = $cando ? '' : ' disabled="disabled"';
|
---|
322 | echo str_pad('',$indent);
|
---|
323 |
|
---|
324 | if($name == 'userpass'){
|
---|
325 | $fieldtype = 'password';
|
---|
326 | $autocomp = 'autocomplete="off"';
|
---|
327 | }else{
|
---|
328 | $fieldtype = 'text';
|
---|
329 | $autocomp = '';
|
---|
330 | }
|
---|
331 |
|
---|
332 |
|
---|
333 | echo "<tr $class>";
|
---|
334 | echo "<td><label for=\"$id\" >$label: </label></td>";
|
---|
335 | echo "<td>";
|
---|
336 | if($cando){
|
---|
337 | echo "<input type=\"$fieldtype\" id=\"$id\" name=\"$name\" value=\"$value\" class=\"edit\" $autocomp />";
|
---|
338 | }else{
|
---|
339 | echo "<input type=\"hidden\" name=\"$name\" value=\"$value\" />";
|
---|
340 | echo "<input type=\"$fieldtype\" id=\"$id\" name=\"$name\" value=\"$value\" class=\"edit disabled\" disabled=\"disabled\" />";
|
---|
341 | }
|
---|
342 | echo "</td>";
|
---|
343 | echo "</tr>";
|
---|
344 | }
|
---|
345 |
|
---|
346 | function _htmlFilter($key) {
|
---|
347 | if (empty($this->_filter)) return '';
|
---|
348 | return (isset($this->_filter[$key]) ? hsc($this->_filter[$key]) : '');
|
---|
349 | }
|
---|
350 |
|
---|
351 | function _htmlFilterSettings($indent=0) {
|
---|
352 |
|
---|
353 | ptln("<input type=\"hidden\" name=\"start\" value=\"".$this->_start."\" />",$indent);
|
---|
354 |
|
---|
355 | foreach ($this->_filter as $key => $filter) {
|
---|
356 | ptln("<input type=\"hidden\" name=\"filter[".$key."]\" value=\"".hsc($filter)."\" />",$indent);
|
---|
357 | }
|
---|
358 | }
|
---|
359 |
|
---|
360 | function _addUser(){
|
---|
361 | if (!checkSecurityToken()) return false;
|
---|
362 | if (!$this->_auth->canDo('addUser')) return false;
|
---|
363 |
|
---|
364 | list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser();
|
---|
365 | if (empty($user)) return false;
|
---|
366 |
|
---|
367 | if ($this->_auth->canDo('modPass')){
|
---|
368 | if (empty($pass)){
|
---|
369 | if(!empty($_REQUEST['usernotify'])){
|
---|
370 | $pass = auth_pwgen();
|
---|
371 | } else {
|
---|
372 | msg($this->lang['add_fail'], -1);
|
---|
373 | return false;
|
---|
374 | }
|
---|
375 | }
|
---|
376 | } else {
|
---|
377 | if (!empty($pass)){
|
---|
378 | msg($this->lang['add_fail'], -1);
|
---|
379 | return false;
|
---|
380 | }
|
---|
381 | }
|
---|
382 |
|
---|
383 | if ($this->_auth->canDo('modName')){
|
---|
384 | if (empty($name)){
|
---|
385 | msg($this->lang['add_fail'], -1);
|
---|
386 | return false;
|
---|
387 | }
|
---|
388 | } else {
|
---|
389 | if (!empty($name)){
|
---|
390 | return false;
|
---|
391 | }
|
---|
392 | }
|
---|
393 |
|
---|
394 | if ($this->_auth->canDo('modMail')){
|
---|
395 | if (empty($mail)){
|
---|
396 | msg($this->lang['add_fail'], -1);
|
---|
397 | return false;
|
---|
398 | }
|
---|
399 | } else {
|
---|
400 | if (!empty($mail)){
|
---|
401 | return false;
|
---|
402 | }
|
---|
403 | }
|
---|
404 |
|
---|
405 | if ($ok = $this->_auth->triggerUserMod('create', array($user,$pass,$name,$mail,$grps))) {
|
---|
406 |
|
---|
407 | msg($this->lang['add_ok'], 1);
|
---|
408 |
|
---|
409 | if (!empty($_REQUEST['usernotify']) && $pass) {
|
---|
410 | $this->_notifyUser($user,$pass);
|
---|
411 | }
|
---|
412 | } else {
|
---|
413 | msg($this->lang['add_fail'], -1);
|
---|
414 | }
|
---|
415 |
|
---|
416 | return $ok;
|
---|
417 | }
|
---|
418 |
|
---|
419 | /**
|
---|
420 | * Delete user
|
---|
421 | */
|
---|
422 | function _deleteUser(){
|
---|
423 | global $conf;
|
---|
424 |
|
---|
425 | if (!checkSecurityToken()) return false;
|
---|
426 | if (!$this->_auth->canDo('delUser')) return false;
|
---|
427 |
|
---|
428 | $selected = $_REQUEST['delete'];
|
---|
429 | if (!is_array($selected) || empty($selected)) return false;
|
---|
430 | $selected = array_keys($selected);
|
---|
431 |
|
---|
432 | if(in_array($_SERVER['REMOTE_USER'], $selected)) {
|
---|
433 | msg("You can't delete yourself!", -1);
|
---|
434 | return false;
|
---|
435 | }
|
---|
436 |
|
---|
437 | $count = $this->_auth->triggerUserMod('delete', array($selected));
|
---|
438 | if ($count == count($selected)) {
|
---|
439 | $text = str_replace('%d', $count, $this->lang['delete_ok']);
|
---|
440 | msg("$text.", 1);
|
---|
441 | } else {
|
---|
442 | $part1 = str_replace('%d', $count, $this->lang['delete_ok']);
|
---|
443 | $part2 = str_replace('%d', (count($selected)-$count), $this->lang['delete_fail']);
|
---|
444 | msg("$part1, $part2",-1);
|
---|
445 | }
|
---|
446 |
|
---|
447 | // invalidate all sessions
|
---|
448 | io_saveFile($conf['cachedir'].'/sessionpurge',time());
|
---|
449 |
|
---|
450 | return true;
|
---|
451 | }
|
---|
452 |
|
---|
453 | /**
|
---|
454 | * Edit user (a user has been selected for editing)
|
---|
455 | */
|
---|
456 | function _editUser($param) {
|
---|
457 | if (!checkSecurityToken()) return false;
|
---|
458 | if (!$this->_auth->canDo('UserMod')) return false;
|
---|
459 |
|
---|
460 | $user = cleanID(preg_replace('/.*:/','',$param));
|
---|
461 | $userdata = $this->_auth->getUserData($user);
|
---|
462 |
|
---|
463 | // no user found?
|
---|
464 | if (!$userdata) {
|
---|
465 | msg($this->lang['edit_usermissing'],-1);
|
---|
466 | return false;
|
---|
467 | }
|
---|
468 |
|
---|
469 | $this->_edit_user = $user;
|
---|
470 | $this->_edit_userdata = $userdata;
|
---|
471 |
|
---|
472 | return true;
|
---|
473 | }
|
---|
474 |
|
---|
475 | /**
|
---|
476 | * Modify user (modified user data has been recieved)
|
---|
477 | */
|
---|
478 | function _modifyUser(){
|
---|
479 | global $conf;
|
---|
480 |
|
---|
481 | if (!checkSecurityToken()) return false;
|
---|
482 | if (!$this->_auth->canDo('UserMod')) return false;
|
---|
483 |
|
---|
484 | // get currently valid user data
|
---|
485 | $olduser = cleanID(preg_replace('/.*:/','',$_REQUEST['userid_old']));
|
---|
486 | $oldinfo = $this->_auth->getUserData($olduser);
|
---|
487 |
|
---|
488 | // get new user data subject to change
|
---|
489 | list($newuser,$newpass,$newname,$newmail,$newgrps) = $this->_retrieveUser();
|
---|
490 | if (empty($newuser)) return false;
|
---|
491 |
|
---|
492 | $changes = array();
|
---|
493 | if ($newuser != $olduser) {
|
---|
494 |
|
---|
495 | if (!$this->_auth->canDo('modLogin')) { // sanity check, shouldn't be possible
|
---|
496 | msg($this->lang['update_fail'],-1);
|
---|
497 | return false;
|
---|
498 | }
|
---|
499 |
|
---|
500 | // check if $newuser already exists
|
---|
501 | if ($this->_auth->getUserData($newuser)) {
|
---|
502 | msg(sprintf($this->lang['update_exists'],$newuser),-1);
|
---|
503 | $re_edit = true;
|
---|
504 | } else {
|
---|
505 | $changes['user'] = $newuser;
|
---|
506 | }
|
---|
507 | }
|
---|
508 |
|
---|
509 | // generate password if left empty and notification is on
|
---|
510 | if(!empty($_REQUEST['usernotify']) && empty($newpass)){
|
---|
511 | $newpass = auth_pwgen();
|
---|
512 | }
|
---|
513 |
|
---|
514 | if (!empty($newpass) && $this->_auth->canDo('modPass'))
|
---|
515 | $changes['pass'] = $newpass;
|
---|
516 | if (!empty($newname) && $this->_auth->canDo('modName') && $newname != $oldinfo['name'])
|
---|
517 | $changes['name'] = $newname;
|
---|
518 | if (!empty($newmail) && $this->_auth->canDo('modMail') && $newmail != $oldinfo['mail'])
|
---|
519 | $changes['mail'] = $newmail;
|
---|
520 | if (!empty($newgrps) && $this->_auth->canDo('modGroups') && $newgrps != $oldinfo['grps'])
|
---|
521 | $changes['grps'] = $newgrps;
|
---|
522 |
|
---|
523 | if ($ok = $this->_auth->triggerUserMod('modify', array($olduser, $changes))) {
|
---|
524 | msg($this->lang['update_ok'],1);
|
---|
525 |
|
---|
526 | if (!empty($_REQUEST['usernotify']) && $newpass) {
|
---|
527 | $notify = empty($changes['user']) ? $olduser : $newuser;
|
---|
528 | $this->_notifyUser($notify,$newpass);
|
---|
529 | }
|
---|
530 |
|
---|
531 | // invalidate all sessions
|
---|
532 | io_saveFile($conf['cachedir'].'/sessionpurge',time());
|
---|
533 |
|
---|
534 | } else {
|
---|
535 | msg($this->lang['update_fail'],-1);
|
---|
536 | }
|
---|
537 |
|
---|
538 | if (!empty($re_edit)) {
|
---|
539 | $this->_editUser($olduser);
|
---|
540 | }
|
---|
541 |
|
---|
542 | return $ok;
|
---|
543 | }
|
---|
544 |
|
---|
545 | /**
|
---|
546 | * send password change notification email
|
---|
547 | */
|
---|
548 | function _notifyUser($user, $password) {
|
---|
549 |
|
---|
550 | if ($sent = auth_sendPassword($user,$password)) {
|
---|
551 | msg($this->lang['notify_ok'], 1);
|
---|
552 | } else {
|
---|
553 | msg($this->lang['notify_fail'], -1);
|
---|
554 | }
|
---|
555 |
|
---|
556 | return $sent;
|
---|
557 | }
|
---|
558 |
|
---|
559 | /**
|
---|
560 | * retrieve & clean user data from the form
|
---|
561 | *
|
---|
562 | * @return array(user, password, full name, email, array(groups))
|
---|
563 | */
|
---|
564 | function _retrieveUser($clean=true) {
|
---|
565 | global $auth;
|
---|
566 |
|
---|
567 | $user[0] = ($clean) ? $auth->cleanUser($_REQUEST['userid']) : $_REQUEST['userid'];
|
---|
568 | $user[1] = $_REQUEST['userpass'];
|
---|
569 | $user[2] = $_REQUEST['username'];
|
---|
570 | $user[3] = $_REQUEST['usermail'];
|
---|
571 | $user[4] = explode(',',$_REQUEST['usergroups']);
|
---|
572 |
|
---|
573 | $user[4] = array_map('trim',$user[4]);
|
---|
574 | if($clean) $user[4] = array_map(array($auth,'cleanGroup'),$user[4]);
|
---|
575 | $user[4] = array_filter($user[4]);
|
---|
576 | $user[4] = array_unique($user[4]);
|
---|
577 | if(!count($user[4])) $user[4] = null;
|
---|
578 |
|
---|
579 | return $user;
|
---|
580 | }
|
---|
581 |
|
---|
582 | function _setFilter($op) {
|
---|
583 |
|
---|
584 | $this->_filter = array();
|
---|
585 |
|
---|
586 | if ($op == 'new') {
|
---|
587 | list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser(false);
|
---|
588 |
|
---|
589 | if (!empty($user)) $this->_filter['user'] = $user;
|
---|
590 | if (!empty($name)) $this->_filter['name'] = $name;
|
---|
591 | if (!empty($mail)) $this->_filter['mail'] = $mail;
|
---|
592 | if (!empty($grps)) $this->_filter['grps'] = join('|',$grps);
|
---|
593 | }
|
---|
594 | }
|
---|
595 |
|
---|
596 | function _retrieveFilter() {
|
---|
597 |
|
---|
598 | $t_filter = $_REQUEST['filter'];
|
---|
599 | if (!is_array($t_filter)) return array();
|
---|
600 |
|
---|
601 | // messy, but this way we ensure we aren't getting any additional crap from malicious users
|
---|
602 | $filter = array();
|
---|
603 |
|
---|
604 | if (isset($t_filter['user'])) $filter['user'] = $t_filter['user'];
|
---|
605 | if (isset($t_filter['name'])) $filter['name'] = $t_filter['name'];
|
---|
606 | if (isset($t_filter['mail'])) $filter['mail'] = $t_filter['mail'];
|
---|
607 | if (isset($t_filter['grps'])) $filter['grps'] = $t_filter['grps'];
|
---|
608 |
|
---|
609 | return $filter;
|
---|
610 | }
|
---|
611 |
|
---|
612 | function _validatePagination() {
|
---|
613 |
|
---|
614 | if ($this->_start >= $this->_user_total) {
|
---|
615 | $this->_start = $this->_user_total - $this->_pagesize;
|
---|
616 | }
|
---|
617 | if ($this->_start < 0) $this->_start = 0;
|
---|
618 |
|
---|
619 | $this->_last = min($this->_user_total, $this->_start + $this->_pagesize);
|
---|
620 | }
|
---|
621 |
|
---|
622 | /*
|
---|
623 | * return an array of strings to enable/disable pagination buttons
|
---|
624 | */
|
---|
625 | function _pagination() {
|
---|
626 |
|
---|
627 | $disabled = 'disabled="disabled"';
|
---|
628 |
|
---|
629 | $buttons['start'] = $buttons['prev'] = ($this->_start == 0) ? $disabled : '';
|
---|
630 |
|
---|
631 | if ($this->_user_total == -1) {
|
---|
632 | $buttons['last'] = $disabled;
|
---|
633 | $buttons['next'] = '';
|
---|
634 | } else {
|
---|
635 | $buttons['last'] = $buttons['next'] = (($this->_start + $this->_pagesize) >= $this->_user_total) ? $disabled : '';
|
---|
636 | }
|
---|
637 |
|
---|
638 | return $buttons;
|
---|
639 | }
|
---|
640 | }
|
---|