Changeset 3699:77a12236e993 for admin/users_actions.php
- Timestamp:
- 02/14/18 10:14:33 (8 years ago)
- Branch:
- default
- File:
-
- 1 edited
-
admin/users_actions.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
admin/users_actions.php
r3639 r3699 11 11 # -- END LICENSE BLOCK ----------------------------------------- 12 12 13 require dirname(__FILE__) .'/../inc/admin/prepend.php';13 require dirname(__FILE__) . '/../inc/admin/prepend.php'; 14 14 15 15 dcPage::checkSuper(); 16 16 17 17 $users = array(); 18 if (!empty($_POST['users']) && is_array($_POST['users'])) 19 { 20 foreach ($_POST['users'] as $u) 21 { 22 if ($core->userExists($u)) { 23 $users[] = $u; 24 } 25 } 18 if (!empty($_POST['users']) && is_array($_POST['users'])) { 19 foreach ($_POST['users'] as $u) { 20 if ($core->userExists($u)) { 21 $users[] = $u; 22 } 23 } 26 24 } 27 25 28 26 $blogs = array(); 29 if (!empty($_POST['blogs']) && is_array($_POST['blogs'])) 30 { 31 foreach ($_POST['blogs'] as $b) 32 { 33 if ($core->blogExists($b)) { 34 $blogs[] = $b; 35 } 36 } 27 if (!empty($_POST['blogs']) && is_array($_POST['blogs'])) { 28 foreach ($_POST['blogs'] as $b) { 29 if ($core->blogExists($b)) { 30 $blogs[] = $b; 31 } 32 } 37 33 } 38 34 39 35 /* Actions 40 36 -------------------------------------------------------- */ 41 if (!empty($_POST['action']) && !empty($_POST['users'])) 42 { 43 $action = $_POST['action']; 44 45 if (isset($_POST['redir']) && strpos($_POST['redir'],'://') === false) 46 { 47 $redir = $_POST['redir']; 48 } 49 else 50 { 51 $redir = $core->adminurl->get("admin.users", array( 52 'q' => $_POST['q'], 53 'sortby' => $_POST['sortby'], 54 'order' => $_POST['order'], 55 'page' => $_POST['page'], 56 'nb' => $_POST['nb'] 57 )); 58 } 59 60 if (empty($users)) { 61 $core->error->add(__('No blog or user given.')); 62 } 63 64 # --BEHAVIOR-- adminUsersActions 65 $core->callBehavior('adminUsersActions',$core,$users,$blogs,$action,$redir); 66 67 # Delete users 68 if ($action == 'deleteuser' && !empty($users)) 69 { 70 foreach ($users as $u) 71 { 72 try 73 { 74 if ($u == $core->auth->userID()) { 75 throw new Exception(__('You cannot delete yourself.')); 76 } 77 78 # --BEHAVIOR-- adminBeforeUserDelete 79 $core->callBehavior('adminBeforeUserDelete',$u); 80 81 $core->delUser($u); 82 } 83 catch (Exception $e) 84 { 85 $core->error->add($e->getMessage()); 86 } 87 } 88 if (!$core->error->flag()) { 89 dcPage::addSuccessNotice(__('User has been successfully deleted.')); 90 http::redirect($redir); 91 } 92 } 93 94 # Update users perms 95 if ($action == 'updateperm' && !empty($users) && !empty($blogs)) 96 { 97 try 98 { 99 if (empty($_POST['your_pwd']) || !$core->auth->checkPassword($_POST['your_pwd'])) { 100 throw new Exception(__('Password verification failed')); 101 } 102 103 foreach ($users as $u) 104 { 105 foreach ($blogs as $b) 106 { 107 $set_perms = array(); 108 109 if (!empty($_POST['perm'][$b])) 110 { 111 foreach ($_POST['perm'][$b] as $perm_id => $v) 112 { 113 if ($v) { 114 $set_perms[$perm_id] = true; 115 } 116 } 117 } 118 119 $core->setUserBlogPermissions($u,$b,$set_perms,true); 120 } 121 } 122 } 123 catch (Exception $e) 124 { 125 $core->error->add($e->getMessage()); 126 } 127 if (!$core->error->flag()) { 128 dcPage::addSuccessNotice(__('User has been successfully updated.')); 129 http::redirect($redir); 130 } 131 } 37 if (!empty($_POST['action']) && !empty($_POST['users'])) { 38 $action = $_POST['action']; 39 40 if (isset($_POST['redir']) && strpos($_POST['redir'], '://') === false) { 41 $redir = $_POST['redir']; 42 } else { 43 $redir = $core->adminurl->get("admin.users", array( 44 'q' => $_POST['q'], 45 'sortby' => $_POST['sortby'], 46 'order' => $_POST['order'], 47 'page' => $_POST['page'], 48 'nb' => $_POST['nb'] 49 )); 50 } 51 52 if (empty($users)) { 53 $core->error->add(__('No blog or user given.')); 54 } 55 56 # --BEHAVIOR-- adminUsersActions 57 $core->callBehavior('adminUsersActions', $core, $users, $blogs, $action, $redir); 58 59 # Delete users 60 if ($action == 'deleteuser' && !empty($users)) { 61 foreach ($users as $u) { 62 try 63 { 64 if ($u == $core->auth->userID()) { 65 throw new Exception(__('You cannot delete yourself.')); 66 } 67 68 # --BEHAVIOR-- adminBeforeUserDelete 69 $core->callBehavior('adminBeforeUserDelete', $u); 70 71 $core->delUser($u); 72 } catch (Exception $e) { 73 $core->error->add($e->getMessage()); 74 } 75 } 76 if (!$core->error->flag()) { 77 dcPage::addSuccessNotice(__('User has been successfully deleted.')); 78 http::redirect($redir); 79 } 80 } 81 82 # Update users perms 83 if ($action == 'updateperm' && !empty($users) && !empty($blogs)) { 84 try 85 { 86 if (empty($_POST['your_pwd']) || !$core->auth->checkPassword($_POST['your_pwd'])) { 87 throw new Exception(__('Password verification failed')); 88 } 89 90 foreach ($users as $u) { 91 foreach ($blogs as $b) { 92 $set_perms = array(); 93 94 if (!empty($_POST['perm'][$b])) { 95 foreach ($_POST['perm'][$b] as $perm_id => $v) { 96 if ($v) { 97 $set_perms[$perm_id] = true; 98 } 99 } 100 } 101 102 $core->setUserBlogPermissions($u, $b, $set_perms, true); 103 } 104 } 105 } catch (Exception $e) { 106 $core->error->add($e->getMessage()); 107 } 108 if (!$core->error->flag()) { 109 dcPage::addSuccessNotice(__('User has been successfully updated.')); 110 http::redirect($redir); 111 } 112 } 132 113 } 133 114 … … 135 116 -------------------------------------------------------- */ 136 117 if (!empty($users) && empty($blogs) && $action == 'blogs') { 137 138 139 __('System')=> '',140 __('Users')=> $core->adminurl->get("admin.users"),141 142 118 $breadcrumb = dcPage::breadcrumb( 119 array( 120 __('System') => '', 121 __('Users') => $core->adminurl->get("admin.users"), 122 __('Permissions') => '' 123 )); 143 124 } else { 144 145 146 __('System')=> '',147 __('Users')=> $core->adminurl->get("admin.users"),148 149 125 $breadcrumb = dcPage::breadcrumb( 126 array( 127 __('System') => '', 128 __('Users') => $core->adminurl->get("admin.users"), 129 __('Actions') => '' 130 )); 150 131 } 151 132 152 133 dcPage::open( 153 154 dcPage::jsLoad('js/_users_actions.js').155 156 157 134 __('Users'), 135 dcPage::jsLoad('js/_users_actions.js') . 136 # --BEHAVIOR-- adminUsersActionsHeaders 137 $core->callBehavior('adminUsersActionsHeaders'), 138 $breadcrumb 158 139 ); 159 140 160 141 if (!isset($action)) { 161 162 142 dcPage::close(); 143 exit; 163 144 } 164 145 165 146 $hidden_fields = ''; 166 foreach($users as $u) { 167 $hidden_fields .= form::hidden(array('users[]'),$u); 168 } 169 170 if (isset($_POST['redir']) && strpos($_POST['redir'],'://') === false) 171 { 172 $hidden_fields .= form::hidden(array('redir'),html::escapeURL($_POST['redir'])); 173 } 174 else 175 { 176 $hidden_fields .= 177 form::hidden(array('q'),html::escapeHTML($_POST['q'])). 178 form::hidden(array('sortby'),$_POST['sortby']). 179 form::hidden(array('order'),$_POST['order']). 180 form::hidden(array('page'),$_POST['page']). 181 form::hidden(array('nb'),$_POST['nb']); 182 } 183 184 echo '<p><a class="back" href="'.html::escapeURL($redir).'">'.__('Back to user profile').'</a></p>'; 147 foreach ($users as $u) { 148 $hidden_fields .= form::hidden(array('users[]'), $u); 149 } 150 151 if (isset($_POST['redir']) && strpos($_POST['redir'], '://') === false) { 152 $hidden_fields .= form::hidden(array('redir'), html::escapeURL($_POST['redir'])); 153 } else { 154 $hidden_fields .= 155 form::hidden(array('q'), html::escapeHTML($_POST['q'])) . 156 form::hidden(array('sortby'), $_POST['sortby']) . 157 form::hidden(array('order'), $_POST['order']) . 158 form::hidden(array('page'), $_POST['page']) . 159 form::hidden(array('nb'), $_POST['nb']); 160 } 161 162 echo '<p><a class="back" href="' . html::escapeURL($redir) . '">' . __('Back to user profile') . '</a></p>'; 185 163 186 164 # --BEHAVIOR-- adminUsersActionsContent 187 $core->callBehavior('adminUsersActionsContent', $core,$action,$hidden_fields);165 $core->callBehavior('adminUsersActionsContent', $core, $action, $hidden_fields); 188 166 189 167 # Blog list where to set permissions 190 if (!empty($users) && empty($blogs) && $action == 'blogs') 191 { 192 try { 193 $rs = $core->getBlogs(); 194 $nb_blog = $rs->count(); 195 } catch (Exception $e) { } 196 197 foreach ($users as $u) { 198 $user_list[] = '<a href="'.$core->adminurl->get("admin.user",array('id' => $u)).'">'.$u.'</a>'; 199 } 200 201 echo 202 '<p>'.sprintf( 203 __('Choose one or more blogs to which you want to give permissions to users %s.'), 204 implode(', ',$user_list) 205 ).'</p>'; 206 207 if ($nb_blog == 0) 208 { 209 echo '<p><strong>'.__('No blog').'</strong></p>'; 210 } 211 else 212 { 213 echo 214 '<form action="'.$core->adminurl->get("admin.user.actions").'" method="post" id="form-blogs">'. 215 '<div class="table-outer clear">'. 216 '<table><tr>'. 217 '<th class="nowrap" colspan="2">'.__('Blog ID').'</th>'. 218 '<th class="nowrap">'.__('Blog name').'</th>'. 219 '<th class="nowrap">'.__('URL').'</th>'. 220 '<th class="nowrap">'.__('Entries').'</th>'. 221 '<th class="nowrap">'.__('Status').'</th>'. 222 '</tr>'; 223 224 while ($rs->fetch()) 225 { 226 $img_status = $rs->blog_status == 1 ? 'check-on' : ($rs->blog_status == 0 ? 'check-off' : 'check-wrn'); 227 $txt_status = $core->getBlogStatus($rs->blog_status); 228 $img_status = sprintf('<img src="images/%1$s.png" alt="%2$s" title="%2$s" />',$img_status,$txt_status); 229 230 echo 231 '<tr class="line">'. 232 '<td class="nowrap">'. 233 form::checkbox(array('blogs[]'),$rs->blog_id,'','','',false,'title="'.__('select').' '.$rs->blog_id.'"').'</td>'. 234 '<td class="nowrap">'.$rs->blog_id.'</td>'. 235 '<td class="maximal">'.html::escapeHTML($rs->blog_name).'</td>'. 236 '<td class="nowrap"><a class="outgoing" href="'.html::escapeHTML($rs->blog_url).'">'.html::escapeHTML($rs->blog_url). 237 ' <img src="images/outgoing-blue.png" alt="" /></a></td>'. 238 '<td class="nowrap">'.$core->countBlogPosts($rs->blog_id).'</td>'. 239 '<td class="status">'.$img_status.'</td>'. 240 '</tr>'; 241 } 242 243 echo 244 '</table></div>'. 245 '<p class="checkboxes-helpers"></p>'. 246 '<p><input id="do-action" type="submit" value="'.__('Set permissions').'" />'. 247 $hidden_fields. 248 form::hidden(array('action'),'perms'). 249 $core->formNonce().'</p>'. 250 '</form>'; 251 } 168 if (!empty($users) && empty($blogs) && $action == 'blogs') { 169 try { 170 $rs = $core->getBlogs(); 171 $nb_blog = $rs->count(); 172 } catch (Exception $e) {} 173 174 foreach ($users as $u) { 175 $user_list[] = '<a href="' . $core->adminurl->get("admin.user", array('id' => $u)) . '">' . $u . '</a>'; 176 } 177 178 echo 179 '<p>' . sprintf( 180 __('Choose one or more blogs to which you want to give permissions to users %s.'), 181 implode(', ', $user_list) 182 ) . '</p>'; 183 184 if ($nb_blog == 0) { 185 echo '<p><strong>' . __('No blog') . '</strong></p>'; 186 } else { 187 echo 188 '<form action="' . $core->adminurl->get("admin.user.actions") . '" method="post" id="form-blogs">' . 189 '<div class="table-outer clear">' . 190 '<table><tr>' . 191 '<th class="nowrap" colspan="2">' . __('Blog ID') . '</th>' . 192 '<th class="nowrap">' . __('Blog name') . '</th>' . 193 '<th class="nowrap">' . __('URL') . '</th>' . 194 '<th class="nowrap">' . __('Entries') . '</th>' . 195 '<th class="nowrap">' . __('Status') . '</th>' . 196 '</tr>'; 197 198 while ($rs->fetch()) { 199 $img_status = $rs->blog_status == 1 ? 'check-on' : ($rs->blog_status == 0 ? 'check-off' : 'check-wrn'); 200 $txt_status = $core->getBlogStatus($rs->blog_status); 201 $img_status = sprintf('<img src="images/%1$s.png" alt="%2$s" title="%2$s" />', $img_status, $txt_status); 202 203 echo 204 '<tr class="line">' . 205 '<td class="nowrap">' . 206 form::checkbox(array('blogs[]'), $rs->blog_id, '', '', '', false, 'title="' . __('select') . ' ' . $rs->blog_id . '"') . '</td>' . 207 '<td class="nowrap">' . $rs->blog_id . '</td>' . 208 '<td class="maximal">' . html::escapeHTML($rs->blog_name) . '</td>' . 209 '<td class="nowrap"><a class="outgoing" href="' . html::escapeHTML($rs->blog_url) . '">' . html::escapeHTML($rs->blog_url) . 210 ' <img src="images/outgoing-blue.png" alt="" /></a></td>' . 211 '<td class="nowrap">' . $core->countBlogPosts($rs->blog_id) . '</td>' . 212 '<td class="status">' . $img_status . '</td>' . 213 '</tr>'; 214 } 215 216 echo 217 '</table></div>' . 218 '<p class="checkboxes-helpers"></p>' . 219 '<p><input id="do-action" type="submit" value="' . __('Set permissions') . '" />' . 220 $hidden_fields . 221 form::hidden(array('action'), 'perms') . 222 $core->formNonce() . '</p>' . 223 '</form>'; 224 } 252 225 } 253 226 # Permissions list for each selected blogs 254 elseif (!empty($blogs) && !empty($users) && $action == 'perms') 255 { 256 $user_perm = array(); 257 if (count($users) == 1) { 258 $user_perm = $core->getUserPermissions($users[0]); 259 } 260 261 foreach ($users as $u) { 262 $user_list[] = '<a href="'.$core->adminurl->get("admin.user",array('id' => $u)).'">'.$u.'</a>'; 263 } 264 265 echo 266 '<p>'.sprintf( 267 __('You are about to change permissions on the following blogs for users %s.'), 268 implode(', ',$user_list) 269 ).'</p>'. 270 '<form id="permissions-form" action="'.$core->adminurl->get("admin.user.actions").'" method="post">'; 271 272 foreach ($blogs as $b) 273 { 274 echo '<h3>'.('Blog:').' <a href="'.$core->adminurl->get("admin.blog",array('id' => html::escapeHTML($b))).'">'.html::escapeHTML($b).'</a>'. 275 form::hidden(array('blogs[]'),$b).'</h3>'; 276 $unknown_perms = $user_perm; 277 foreach ($core->auth->getPermissionsTypes() as $perm_id => $perm) 278 { 279 $checked = false; 280 281 if (count($users) == 1) { 282 $checked = isset($user_perm[$b]['p'][$perm_id]) && $user_perm[$b]['p'][$perm_id]; 283 } 284 if (isset($unknown_perms[$b]['p'][$perm_id])) { 285 unset ($unknown_perms[$b]['p'][$perm_id]); 286 } 287 288 echo 289 '<p><label for="perm'.html::escapeHTML($b).html::escapeHTML($perm_id).'" class="classic">'. 290 form::checkbox(array('perm['.html::escapeHTML($b).']['.html::escapeHTML($perm_id).']','perm'.html::escapeHTML($b).html::escapeHTML($perm_id)), 291 1,$checked).' '. 292 __($perm).'</label></p>'; 293 } 294 if (isset($unknown_perms[$b])) { 295 296 foreach ($unknown_perms[$b]['p'] as $perm_id => $v) { 297 $checked = isset($user_perm[$b]['p'][$perm_id]) && $user_perm[$b]['p'][$perm_id]; 298 echo 299 '<p><label for="perm'.html::escapeHTML($b).html::escapeHTML($perm_id).'" class="classic">'. 300 form::checkbox( 301 array('perm['.html::escapeHTML($b).']['.html::escapeHTML($perm_id).']', 302 'perm'.html::escapeHTML($b).html::escapeHTML($perm_id)), 303 1,$checked).' '. 304 sprintf(__('[%s] (unreferenced permission)'),$perm_id).'</label></p>'; 305 } 306 } 307 } 308 309 echo 310 '<p class="checkboxes-helpers"></p>'. 311 '<div class="fieldset">'. 312 '<h3>'.__('Validate permissions').'</h3>'. 313 '<p><label for="your_pwd" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('Your password:').'</label>'. 314 form::password('your_pwd',20,255,'','','',false,'required placeholder="'.__('Password').'"').'</p>'. 315 '<p><input type="submit" accesskey="s" value="'.__('Save').'" />'. 316 $hidden_fields. 317 form::hidden(array('action'),'updateperm'). 318 $core->formNonce().'</p>'. 319 '</div>'. 320 '</form>'; 227 elseif (!empty($blogs) && !empty($users) && $action == 'perms') { 228 $user_perm = array(); 229 if (count($users) == 1) { 230 $user_perm = $core->getUserPermissions($users[0]); 231 } 232 233 foreach ($users as $u) { 234 $user_list[] = '<a href="' . $core->adminurl->get("admin.user", array('id' => $u)) . '">' . $u . '</a>'; 235 } 236 237 echo 238 '<p>' . sprintf( 239 __('You are about to change permissions on the following blogs for users %s.'), 240 implode(', ', $user_list) 241 ) . '</p>' . 242 '<form id="permissions-form" action="' . $core->adminurl->get("admin.user.actions") . '" method="post">'; 243 244 foreach ($blogs as $b) { 245 echo '<h3>' . ('Blog:') . ' <a href="' . $core->adminurl->get("admin.blog", array('id' => html::escapeHTML($b))) . '">' . html::escapeHTML($b) . '</a>' . 246 form::hidden(array('blogs[]'), $b) . '</h3>'; 247 $unknown_perms = $user_perm; 248 foreach ($core->auth->getPermissionsTypes() as $perm_id => $perm) { 249 $checked = false; 250 251 if (count($users) == 1) { 252 $checked = isset($user_perm[$b]['p'][$perm_id]) && $user_perm[$b]['p'][$perm_id]; 253 } 254 if (isset($unknown_perms[$b]['p'][$perm_id])) { 255 unset($unknown_perms[$b]['p'][$perm_id]); 256 } 257 258 echo 259 '<p><label for="perm' . html::escapeHTML($b) . html::escapeHTML($perm_id) . '" class="classic">' . 260 form::checkbox(array('perm[' . html::escapeHTML($b) . '][' . html::escapeHTML($perm_id) . ']', 'perm' . html::escapeHTML($b) . html::escapeHTML($perm_id)), 261 1, $checked) . ' ' . 262 __($perm) . '</label></p>'; 263 } 264 if (isset($unknown_perms[$b])) { 265 266 foreach ($unknown_perms[$b]['p'] as $perm_id => $v) { 267 $checked = isset($user_perm[$b]['p'][$perm_id]) && $user_perm[$b]['p'][$perm_id]; 268 echo 269 '<p><label for="perm' . html::escapeHTML($b) . html::escapeHTML($perm_id) . '" class="classic">' . 270 form::checkbox( 271 array('perm[' . html::escapeHTML($b) . '][' . html::escapeHTML($perm_id) . ']', 272 'perm' . html::escapeHTML($b) . html::escapeHTML($perm_id)), 273 1, $checked) . ' ' . 274 sprintf(__('[%s] (unreferenced permission)'), $perm_id) . '</label></p>'; 275 } 276 } 277 } 278 279 echo 280 '<p class="checkboxes-helpers"></p>' . 281 '<div class="fieldset">' . 282 '<h3>' . __('Validate permissions') . '</h3>' . 283 '<p><label for="your_pwd" class="required"><abbr title="' . __('Required field') . '">*</abbr> ' . __('Your password:') . '</label>' . 284 form::password('your_pwd', 20, 255, 285 array( 286 'extra_html' => 'required placeholder="' . __('Password') . '"', 287 'autocomplete' => 'current-password' 288 ) 289 ) . '</p>' . 290 '<p><input type="submit" accesskey="s" value="' . __('Save') . '" />' . 291 $hidden_fields . 292 form::hidden(array('action'), 'updateperm') . 293 $core->formNonce() . '</p>' . 294 '</div>' . 295 '</form>'; 321 296 } 322 297
Note: See TracChangeset
for help on using the changeset viewer.