source: admin/users_actions.php @ 3627:9bccfc2257ad

Visit:

Revision 3627:9bccfc2257ad, 8.7 KB checked in by franck <carnet.franck.paul@…>, 8 years ago (diff)

Use PHP 5.5+ new password functions, closes #2182

Warnings:

$core->auth->crypt($pwd) doesn't return twice the same result for a single $pwd, so if you need this old behaviour use the $core->auth->cryptLegacy($pwd) instead.
$core->auth->checkPassword($pwd) must be used with an uncrypted password string as argument.
if you need a unique UID/key, use http::browserUID(DC_MASTER_KEY.$core->auth->userID().$core->auth->cryptLegacy($core->auth->userID())). (may be refined in future)

Rev	Line
[860]	1	<?php
	2	# -- BEGIN LICENSE BLOCK ---------------------------------------
	3	#
	4	# This file is part of Dotclear 2.
	5	#
[1179]	6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
[860]	7	# Licensed under the GPL version 2.0 license.
	8	# See LICENSE file or
	9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
	10	#
	11	# -- END LICENSE BLOCK -----------------------------------------
	12
	13	require dirname(__FILE__).'/../inc/admin/prepend.php';
	14
	15	dcPage::checkSuper();
	16
	17	$users = array();
	18	if (!empty($_POST['users']) && is_array($_POST['users']))
	19	{
	20	foreach ($_POST['users'] as $u)
	21	{
	22	if ($core->userExists($u)) {
	23	$users[] = $u;
	24	}
	25	}
	26	}
	27
	28	$blogs = array();
	29	if (!empty($_POST['blogs']) && is_array($_POST['blogs']))
	30	{
	31	foreach ($_POST['blogs'] as $b)
	32	{
	33	if ($core->blogExists($b)) {
	34	$blogs[] = $b;
	35	}
	36	}
	37	}
	38
	39	/* Actions
	40	-------------------------------------------------------- */
	41	if (!empty($_POST['action']) && !empty($_POST['users']))
	42	{
	43	$action = $_POST['action'];
[2566]	44
[860]	45	if (isset($_POST['redir']) && strpos($_POST['redir'],'://') === false)
	46	{
	47	$redir = $_POST['redir'];
	48	}
	49	else
	50	{
[2720]	51	$redir = $core->adminurl->get("admin.users", array(
	52	'q' => $_POST['q'],
	53	'sortby' => $_POST['sortby'],
	54	'order' => $_POST['order'],
	55	'page' => $_POST['page'],
	56	'nb' => $_POST['nb']
	57	));
[860]	58	}
[2566]	59
[860]	60	if (empty($users)) {
	61	$core->error->add(__('No blog or user given.'));
	62	}
[2566]	63
[860]	64	# --BEHAVIOR-- adminUsersActions
	65	$core->callBehavior('adminUsersActions',$core,$users,$blogs,$action,$redir);
[2566]	66
[860]	67	# Delete users
	68	if ($action == 'deleteuser' && !empty($users))
	69	{
	70	foreach ($users as $u)
	71	{
	72	try
	73	{
	74	if ($u == $core->auth->userID()) {
[1941]	75	throw new Exception(__('You cannot delete yourself.'));
[860]	76	}
[2566]	77
[860]	78	# --BEHAVIOR-- adminBeforeUserDelete
	79	$core->callBehavior('adminBeforeUserDelete',$u);
[2566]	80
[860]	81	$core->delUser($u);
	82	}
	83	catch (Exception $e)
	84	{
	85	$core->error->add($e->getMessage());
	86	}
	87	}
	88	if (!$core->error->flag()) {
[2256]	89	dcPage::addSuccessNotice(__('User has been successfully deleted.'));
	90	http::redirect($redir);
[860]	91	}
	92	}
[2566]	93
[860]	94	# Update users perms
	95	if ($action == 'updateperm' && !empty($users) && !empty($blogs))
	96	{
	97	try
	98	{
[3627]	99	if (empty($_POST['your_pwd']) \|\| !$core->auth->checkPassword($_POST['your_pwd'])) {
[860]	100	throw new Exception(__('Password verification failed'));
	101	}
[2566]	102
[860]	103	foreach ($users as $u)
	104	{
	105	foreach ($blogs as $b)
	106	{
	107	$set_perms = array();
[2566]	108
[860]	109	if (!empty($_POST['perm'][$b]))
	110	{
	111	foreach ($_POST['perm'][$b] as $perm_id => $v)
	112	{
	113	if ($v) {
	114	$set_perms[$perm_id] = true;
	115	}
	116	}
	117	}
[2566]	118
[860]	119	$core->setUserBlogPermissions($u,$b,$set_perms,true);
	120	}
	121	}
	122	}
	123	catch (Exception $e)
	124	{
	125	$core->error->add($e->getMessage());
	126	}
	127	if (!$core->error->flag()) {
[2256]	128	dcPage::addSuccessNotice(__('User has been successfully updated.'));
	129	http::redirect($redir);
[860]	130	}
	131	}
	132	}
	133
	134	/* DISPLAY
	135	-------------------------------------------------------- */
[1358]	136	if (!empty($users) && empty($blogs) && $action == 'blogs') {
	137	$breadcrumb = dcPage::breadcrumb(
	138	array(
	139	__('System') => '',
[2720]	140	__('Users') => $core->adminurl->get("admin.users"),
[2166]	141	__('Permissions') => ''
[1358]	142	));
	143	} else {
	144	$breadcrumb = dcPage::breadcrumb(
	145	array(
	146	__('System') => '',
[2720]	147	__('Users') => $core->adminurl->get("admin.users"),
[2166]	148	__('Actions') => ''
[1358]	149	));
	150	}
	151
[860]	152	dcPage::open(
	153	__('Users'),
	154	dcPage::jsLoad('js/_users_actions.js').
	155	# --BEHAVIOR-- adminUsersActionsHeaders
[1358]	156	$core->callBehavior('adminUsersActionsHeaders'),
	157	$breadcrumb
[860]	158	);
	159
	160	if (!isset($action)) {
	161	dcPage::close();
	162	exit;
	163	}
	164
	165	$hidden_fields = '';
	166	foreach($users as $u) {
	167	$hidden_fields .= form::hidden(array('users[]'),$u);
	168	}
	169
	170	if (isset($_POST['redir']) && strpos($_POST['redir'],'://') === false)
	171	{
	172	$hidden_fields .= form::hidden(array('redir'),html::escapeURL($_POST['redir']));
	173	}
	174	else
	175	{
	176	$hidden_fields .=
	177	form::hidden(array('q'),html::escapeHTML($_POST['q'])).
	178	form::hidden(array('sortby'),$_POST['sortby']).
	179	form::hidden(array('order'),$_POST['order']).
	180	form::hidden(array('page'),$_POST['page']).
	181	form::hidden(array('nb'),$_POST['nb']);
	182	}
	183
[1499]	184	echo '<p><a class="back" href="'.html::escapeURL($redir).'">'.__('Back to user profile').'</a></p>';
	185
[860]	186	# --BEHAVIOR-- adminUsersActionsContent
	187	$core->callBehavior('adminUsersActionsContent',$core,$action,$hidden_fields);
	188
	189	# Blog list where to set permissions
	190	if (!empty($users) && empty($blogs) && $action == 'blogs')
	191	{
	192	try {
	193	$rs = $core->getBlogs();
	194	$nb_blog = $rs->count();
	195	} catch (Exception $e) { }
[2566]	196
[860]	197	foreach ($users as $u) {
[2720]	198	$user_list[] = '<a href="'.$core->adminurl->get("admin.user",array('id' => $u)).'">'.$u.'</a>';
[860]	199	}
[2566]	200
[1332]	201	echo
[860]	202	'<p>'.sprintf(
	203	__('Choose one or more blogs to which you want to give permissions to users %s.'),
	204	implode(', ',$user_list)
	205	).'</p>';
[2566]	206
[860]	207	if ($nb_blog == 0)
	208	{
	209	echo '<p><strong>'.__('No blog').'</strong></p>';
	210	}
	211	else
	212	{
	213	echo
[2720]	214	'<form action="'.$core->adminurl->get("admin.user.actions").'" method="post" id="form-blogs">'.
[2108]	215	'<div class="table-outer clear">'.
[2002]	216	'<table><tr>'.
[860]	217	'<th class="nowrap" colspan="2">'.__('Blog ID').'</th>'.
	218	'<th class="nowrap">'.__('Blog name').'</th>'.
[3046]	219	'<th class="nowrap">'.__('URL').'</th>'.
[860]	220	'<th class="nowrap">'.__('Entries').'</th>'.
	221	'<th class="nowrap">'.__('Status').'</th>'.
	222	'</tr>';
[2566]	223
[860]	224	while ($rs->fetch())
	225	{
[3045]	226	$img_status = $rs->blog_status == 1 ? 'check-on' : ($rs->blog_status == 0 ? 'check-off' : 'check-wrn');
[860]	227	$txt_status = $core->getBlogStatus($rs->blog_status);
	228	$img_status = sprintf('<img src="images/%1$s.png" alt="%2$s" title="%2$s" />',$img_status,$txt_status);
[2566]	229
[860]	230	echo
	231	'<tr class="line">'.
	232	'<td class="nowrap">'.
	233	form::checkbox(array('blogs[]'),$rs->blog_id,'','','',false,'title="'.__('select').' '.$rs->blog_id.'"').'</td>'.
	234	'<td class="nowrap">'.$rs->blog_id.'</td>'.
	235	'<td class="maximal">'.html::escapeHTML($rs->blog_name).'</td>'.
[3046]	236	'<td class="nowrap"><a class="outgoing" href="'.html::escapeHTML($rs->blog_url).'">'.html::escapeHTML($rs->blog_url).
	237	' <img src="images/outgoing-blue.png" alt="" /></a></td>'.
[860]	238	'<td class="nowrap">'.$core->countBlogPosts($rs->blog_id).'</td>'.
	239	'<td class="status">'.$img_status.'</td>'.
	240	'</tr>';
	241	}
[2566]	242
[860]	243	echo
[2002]	244	'</table></div>'.
[860]	245	'<p class="checkboxes-helpers"></p>'.
[3182]	246	'<p><input id="do-action" type="submit" value="'.__('Set permissions').'" />'.
[860]	247	$hidden_fields.
	248	form::hidden(array('action'),'perms').
	249	$core->formNonce().'</p>'.
	250	'</form>';
	251	}
	252	}
	253	# Permissions list for each selected blogs
	254	elseif (!empty($blogs) && !empty($users) && $action == 'perms')
	255	{
	256	$user_perm = array();
	257	if (count($users) == 1) {
[2566]	258	$user_perm = $core->getUserPermissions($users[0]);
[860]	259	}
[2566]	260
[860]	261	foreach ($users as $u) {
[2720]	262	$user_list[] = '<a href="'.$core->adminurl->get("admin.user",array('id' => $u)).'">'.$u.'</a>';
[860]	263	}
[2566]	264
	265	echo
[860]	266	'<p>'.sprintf(
	267	__('You are about to change permissions on the following blogs for users %s.'),
	268	implode(', ',$user_list)
	269	).'</p>'.
[2720]	270	'<form id="permissions-form" action="'.$core->adminurl->get("admin.user.actions").'" method="post">';
[2566]	271
[860]	272	foreach ($blogs as $b)
	273	{
[2720]	274	echo '<h3>'.('Blog:').' <a href="'.$core->adminurl->get("admin.blog",array('id' => html::escapeHTML($b))).'">'.html::escapeHTML($b).'</a>'.
[860]	275	form::hidden(array('blogs[]'),$b).'</h3>';
[2212]	276	$unknown_perms = $user_perm;
[860]	277	foreach ($core->auth->getPermissionsTypes() as $perm_id => $perm)
	278	{
	279	$checked = false;
[2566]	280
[860]	281	if (count($users) == 1) {
	282	$checked = isset($user_perm[$b]['p'][$perm_id]) && $user_perm[$b]['p'][$perm_id];
	283	}
[2212]	284	if (isset($unknown_perms[$b]['p'][$perm_id])) {
	285	unset ($unknown_perms[$b]['p'][$perm_id]);
	286	}
[2566]	287
[860]	288	echo
	289	'<p><label for="perm'.html::escapeHTML($b).html::escapeHTML($perm_id).'" class="classic">'.
	290	form::checkbox(array('perm['.html::escapeHTML($b).']['.html::escapeHTML($perm_id).']','perm'.html::escapeHTML($b).html::escapeHTML($perm_id)),
	291	1,$checked).' '.
	292	__($perm).'</label></p>';
	293	}
[2212]	294	if (isset($unknown_perms[$b])) {
[2566]	295
[2212]	296	foreach ($unknown_perms[$b]['p'] as $perm_id => $v) {
	297	$checked = isset($user_perm[$b]['p'][$perm_id]) && $user_perm[$b]['p'][$perm_id];
	298	echo
	299	'<p><label for="perm'.html::escapeHTML($b).html::escapeHTML($perm_id).'" class="classic">'.
	300	form::checkbox(
	301	array('perm['.html::escapeHTML($b).']['.html::escapeHTML($perm_id).']',
	302	'perm'.html::escapeHTML($b).html::escapeHTML($perm_id)),
	303	1,$checked).' '.
	304	sprintf(__('[%s] (unreferenced permission)'),$perm_id).'</label></p>';
	305	}
	306	}
[860]	307	}
[2566]	308
[860]	309	echo
[3183]	310	'<p class="checkboxes-helpers"></p>'.
[1499]	311	'<div class="fieldset">'.
	312	'<h3>'.__('Validate permissions').'</h3>'.
[1870]	313	'<p><label for="your_pwd" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('Your password:').'</label>'.
[1399]	314	form::password('your_pwd',20,255).'</p>'.
[860]	315	'<p><input type="submit" accesskey="s" value="'.__('Save').'" />'.
	316	$hidden_fields.
	317	form::hidden(array('action'),'updateperm').
	318	$core->formNonce().'</p>'.
[1499]	319	'</div>'.
[860]	320	'</form>';
	321	}
	322
[2436]	323	dcPage::helpBlock('core_users');
[860]	324	dcPage::close();

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/users_actions.php @ 3627:9bccfc2257ad

Download in other formats:

Sites map