source: admin/users_actions.php @ 2720:bc400ebfc2e9

Visit:

Revision 2720:bc400ebfc2e9, 8.4 KB checked in by Dsls, 11 years ago (diff)
One step further towards php hardcoded links annihilation in admin sources, more to come...

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	require dirname(__FILE__).'/../inc/admin/prepend.php';
14
15	dcPage::checkSuper();
16
17	$users = array();
18	if (!empty($_POST['users']) && is_array($_POST['users']))
19	{
20	foreach ($_POST['users'] as $u)
21	{
22	if ($core->userExists($u)) {
23	$users[] = $u;
24	}
25	}
26	}
27
28	$blogs = array();
29	if (!empty($_POST['blogs']) && is_array($_POST['blogs']))
30	{
31	foreach ($_POST['blogs'] as $b)
32	{
33	if ($core->blogExists($b)) {
34	$blogs[] = $b;
35	}
36	}
37	}
38
39	/* Actions
40	-------------------------------------------------------- */
41	if (!empty($_POST['action']) && !empty($_POST['users']))
42	{
43	$action = $_POST['action'];
44
45	if (isset($_POST['redir']) && strpos($_POST['redir'],'://') === false)
46	{
47	$redir = $_POST['redir'];
48	}
49	else
50	{
51	$redir = $core->adminurl->get("admin.users", array(
52	'q' => $_POST['q'],
53	'sortby' => $_POST['sortby'],
54	'order' => $_POST['order'],
55	'page' => $_POST['page'],
56	'nb' => $_POST['nb']
57	));
58	}
59
60	if (empty($users)) {
61	$core->error->add(__('No blog or user given.'));
62	}
63
64	# --BEHAVIOR-- adminUsersActions
65	$core->callBehavior('adminUsersActions',$core,$users,$blogs,$action,$redir);
66
67	# Delete users
68	if ($action == 'deleteuser' && !empty($users))
69	{
70	foreach ($users as $u)
71	{
72	try
73	{
74	if ($u == $core->auth->userID()) {
75	throw new Exception(__('You cannot delete yourself.'));
76	}
77
78	# --BEHAVIOR-- adminBeforeUserDelete
79	$core->callBehavior('adminBeforeUserDelete',$u);
80
81	$core->delUser($u);
82	}
83	catch (Exception $e)
84	{
85	$core->error->add($e->getMessage());
86	}
87	}
88	if (!$core->error->flag()) {
89	dcPage::addSuccessNotice(__('User has been successfully deleted.'));
90	http::redirect($redir);
91	}
92	}
93
94	# Update users perms
95	if ($action == 'updateperm' && !empty($users) && !empty($blogs))
96	{
97	try
98	{
99	if (empty($_POST['your_pwd']) \|\| !$core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY,$_POST['your_pwd']))) {
100	throw new Exception(__('Password verification failed'));
101	}
102
103	foreach ($users as $u)
104	{
105	foreach ($blogs as $b)
106	{
107	$set_perms = array();
108
109	if (!empty($_POST['perm'][$b]))
110	{
111	foreach ($_POST['perm'][$b] as $perm_id => $v)
112	{
113	if ($v) {
114	$set_perms[$perm_id] = true;
115	}
116	}
117	}
118
119	$core->setUserBlogPermissions($u,$b,$set_perms,true);
120	}
121	}
122	}
123	catch (Exception $e)
124	{
125	$core->error->add($e->getMessage());
126	}
127	if (!$core->error->flag()) {
128	dcPage::addSuccessNotice(__('User has been successfully updated.'));
129	http::redirect($redir);
130	}
131	}
132	}
133
134	/* DISPLAY
135	-------------------------------------------------------- */
136	if (!empty($users) && empty($blogs) && $action == 'blogs') {
137	$breadcrumb = dcPage::breadcrumb(
138	array(
139	__('System') => '',
140	__('Users') => $core->adminurl->get("admin.users"),
141	__('Permissions') => ''
142	));
143	} else {
144	$breadcrumb = dcPage::breadcrumb(
145	array(
146	__('System') => '',
147	__('Users') => $core->adminurl->get("admin.users"),
148	__('Actions') => ''
149	));
150	}
151
152	dcPage::open(
153	__('Users'),
154	dcPage::jsLoad('js/_users_actions.js').
155	# --BEHAVIOR-- adminUsersActionsHeaders
156	$core->callBehavior('adminUsersActionsHeaders'),
157	$breadcrumb
158	);
159
160	if (!isset($action)) {
161	dcPage::close();
162	exit;
163	}
164
165	$hidden_fields = '';
166	foreach($users as $u) {
167	$hidden_fields .= form::hidden(array('users[]'),$u);
168	}
169
170	if (isset($_POST['redir']) && strpos($_POST['redir'],'://') === false)
171	{
172	$hidden_fields .= form::hidden(array('redir'),html::escapeURL($_POST['redir']));
173	}
174	else
175	{
176	$hidden_fields .=
177	form::hidden(array('q'),html::escapeHTML($_POST['q'])).
178	form::hidden(array('sortby'),$_POST['sortby']).
179	form::hidden(array('order'),$_POST['order']).
180	form::hidden(array('page'),$_POST['page']).
181	form::hidden(array('nb'),$_POST['nb']);
182	}
183
184	echo '<p><a class="back" href="'.html::escapeURL($redir).'">'.__('Back to user profile').'</a></p>';
185
186	# --BEHAVIOR-- adminUsersActionsContent
187	$core->callBehavior('adminUsersActionsContent',$core,$action,$hidden_fields);
188
189	# Blog list where to set permissions
190	if (!empty($users) && empty($blogs) && $action == 'blogs')
191	{
192	try {
193	$rs = $core->getBlogs();
194	$nb_blog = $rs->count();
195	} catch (Exception $e) { }
196
197	foreach ($users as $u) {
198	$user_list[] = '<a href="'.$core->adminurl->get("admin.user",array('id' => $u)).'">'.$u.'</a>';
199	}
200
201	echo
202	'<p>'.sprintf(
203	__('Choose one or more blogs to which you want to give permissions to users %s.'),
204	implode(', ',$user_list)
205	).'</p>';
206
207	if ($nb_blog == 0)
208	{
209	echo '<p><strong>'.__('No blog').'</strong></p>';
210	}
211	else
212	{
213	echo
214	'<form action="'.$core->adminurl->get("admin.user.actions").'" method="post" id="form-blogs">'.
215	'<div class="table-outer clear">'.
216	'<table><tr>'.
217	'<th class="nowrap" colspan="2">'.__('Blog ID').'</th>'.
218	'<th class="nowrap">'.__('Blog name').'</th>'.
219	'<th class="nowrap">'.__('Entries').'</th>'.
220	'<th class="nowrap">'.__('Status').'</th>'.
221	'</tr>';
222
223	while ($rs->fetch())
224	{
225	$img_status = $rs->blog_status == 1 ? 'check-on' : 'check-off';
226	$txt_status = $core->getBlogStatus($rs->blog_status);
227	$img_status = sprintf('<img src="images/%1$s.png" alt="%2$s" title="%2$s" />',$img_status,$txt_status);
228
229	echo
230	'<tr class="line">'.
231	'<td class="nowrap">'.
232	form::checkbox(array('blogs[]'),$rs->blog_id,'','','',false,'title="'.__('select').' '.$rs->blog_id.'"').'</td>'.
233	'<td class="nowrap">'.$rs->blog_id.'</td>'.
234	'<td class="maximal">'.html::escapeHTML($rs->blog_name).'</td>'.
235	'<td class="nowrap">'.$core->countBlogPosts($rs->blog_id).'</td>'.
236	'<td class="status">'.$img_status.'</td>'.
237	'</tr>';
238	}
239
240	echo
241	'</table></div>'.
242	'<p class="checkboxes-helpers"></p>'.
243	'<p><input type="submit" value="'.__('Set permissions').'" />'.
244	$hidden_fields.
245	form::hidden(array('action'),'perms').
246	$core->formNonce().'</p>'.
247	'</form>';
248	}
249	}
250	# Permissions list for each selected blogs
251	elseif (!empty($blogs) && !empty($users) && $action == 'perms')
252	{
253	$user_perm = array();
254	if (count($users) == 1) {
255	$user_perm = $core->getUserPermissions($users[0]);
256	}
257
258	foreach ($users as $u) {
259	$user_list[] = '<a href="'.$core->adminurl->get("admin.user",array('id' => $u)).'">'.$u.'</a>';
260	}
261
262	echo
263	'<p>'.sprintf(
264	__('You are about to change permissions on the following blogs for users %s.'),
265	implode(', ',$user_list)
266	).'</p>'.
267	'<form id="permissions-form" action="'.$core->adminurl->get("admin.user.actions").'" method="post">';
268
269	foreach ($blogs as $b)
270	{
271	echo '<h3>'.('Blog:').' <a href="'.$core->adminurl->get("admin.blog",array('id' => html::escapeHTML($b))).'">'.html::escapeHTML($b).'</a>'.
272	form::hidden(array('blogs[]'),$b).'</h3>';
273	$unknown_perms = $user_perm;
274	foreach ($core->auth->getPermissionsTypes() as $perm_id => $perm)
275	{
276	$checked = false;
277
278	if (count($users) == 1) {
279	$checked = isset($user_perm[$b]['p'][$perm_id]) && $user_perm[$b]['p'][$perm_id];
280	}
281	if (isset($unknown_perms[$b]['p'][$perm_id])) {
282	unset ($unknown_perms[$b]['p'][$perm_id]);
283	}
284
285	echo
286	'<p><label for="perm'.html::escapeHTML($b).html::escapeHTML($perm_id).'" class="classic">'.
287	form::checkbox(array('perm['.html::escapeHTML($b).']['.html::escapeHTML($perm_id).']','perm'.html::escapeHTML($b).html::escapeHTML($perm_id)),
288	1,$checked).' '.
289	__($perm).'</label></p>';
290	}
291	if (isset($unknown_perms[$b])) {
292
293	foreach ($unknown_perms[$b]['p'] as $perm_id => $v) {
294	$checked = isset($user_perm[$b]['p'][$perm_id]) && $user_perm[$b]['p'][$perm_id];
295	echo
296	'<p><label for="perm'.html::escapeHTML($b).html::escapeHTML($perm_id).'" class="classic">'.
297	form::checkbox(
298	array('perm['.html::escapeHTML($b).']['.html::escapeHTML($perm_id).']',
299	'perm'.html::escapeHTML($b).html::escapeHTML($perm_id)),
300	1,$checked).' '.
301	sprintf(__('[%s] (unreferenced permission)'),$perm_id).'</label></p>';
302	}
303	}
304	}
305
306	echo
307	'<div class="fieldset">'.
308	'<h3>'.__('Validate permissions').'</h3>'.
309	'<p><label for="your_pwd" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('Your password:').'</label>'.
310	form::password('your_pwd',20,255).'</p>'.
311	'<p><input type="submit" accesskey="s" value="'.__('Save').'" />'.
312	$hidden_fields.
313	form::hidden(array('action'),'updateperm').
314	$core->formNonce().'</p>'.
315	'</div>'.
316	'</form>';
317	}
318
319	dcPage::helpBlock('core_users');
320	dcPage::close();

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/users_actions.php @ 2720:bc400ebfc2e9

Download in other formats:

Sites map