[175] | 1 | <?php |
---|
| 2 | # -- BEGIN LICENSE BLOCK --------------------------------------- |
---|
| 3 | # |
---|
| 4 | # This file is part of Dotclear 2. |
---|
| 5 | # |
---|
[1179] | 6 | # Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear |
---|
[175] | 7 | # Licensed under the GPL version 2.0 license. |
---|
| 8 | # See LICENSE file or |
---|
| 9 | # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html |
---|
| 10 | # |
---|
| 11 | # -- END LICENSE BLOCK ----------------------------------------- |
---|
| 12 | |
---|
| 13 | require dirname(__FILE__).'/../inc/admin/prepend.php'; |
---|
| 14 | |
---|
| 15 | dcPage::checkSuper(); |
---|
| 16 | |
---|
[1305] | 17 | $page_title = __('New user'); |
---|
[175] | 18 | |
---|
| 19 | $user_id = ''; |
---|
| 20 | $user_super = ''; |
---|
| 21 | $user_pwd = ''; |
---|
| 22 | $user_change_pwd = ''; |
---|
| 23 | $user_name = ''; |
---|
| 24 | $user_firstname = ''; |
---|
| 25 | $user_displayname = ''; |
---|
| 26 | $user_email = ''; |
---|
| 27 | $user_url = ''; |
---|
| 28 | $user_lang = $core->auth->getInfo('user_lang'); |
---|
| 29 | $user_tz = $core->auth->getInfo('user_tz'); |
---|
| 30 | $user_post_status = ''; |
---|
| 31 | |
---|
| 32 | $user_options = $core->userDefaults(); |
---|
| 33 | |
---|
[1719] | 34 | # Formaters combo |
---|
| 35 | $formaters_combo = dcAdminCombos::getFormatersCombo(); |
---|
[175] | 36 | |
---|
[1719] | 37 | $status_combo = dcAdminCombos::getPostStatusesCombo(); |
---|
[175] | 38 | |
---|
| 39 | # Language codes |
---|
[1719] | 40 | $lang_combo = dcAdminCombos::getAdminLangsCombo(); |
---|
[175] | 41 | |
---|
| 42 | # Get user if we have an ID |
---|
| 43 | if (!empty($_REQUEST['id'])) |
---|
| 44 | { |
---|
| 45 | try { |
---|
| 46 | $rs = $core->getUser($_REQUEST['id']); |
---|
[2566] | 47 | |
---|
[175] | 48 | $user_id = $rs->user_id; |
---|
| 49 | $user_super = $rs->user_super; |
---|
| 50 | $user_pwd = $rs->user_pwd; |
---|
| 51 | $user_change_pwd = $rs->user_change_pwd; |
---|
| 52 | $user_name = $rs->user_name; |
---|
| 53 | $user_firstname = $rs->user_firstname; |
---|
| 54 | $user_displayname = $rs->user_displayname; |
---|
| 55 | $user_email = $rs->user_email; |
---|
| 56 | $user_url = $rs->user_url; |
---|
| 57 | $user_lang = $rs->user_lang; |
---|
| 58 | $user_tz = $rs->user_tz; |
---|
| 59 | $user_post_status = $rs->user_post_status; |
---|
[2566] | 60 | |
---|
[175] | 61 | $user_options = array_merge($user_options,$rs->options()); |
---|
[2566] | 62 | |
---|
[175] | 63 | $page_title = $user_id; |
---|
| 64 | } catch (Exception $e) { |
---|
| 65 | $core->error->add($e->getMessage()); |
---|
| 66 | } |
---|
| 67 | } |
---|
| 68 | |
---|
| 69 | # Add or update user |
---|
| 70 | if (isset($_POST['user_name'])) |
---|
| 71 | { |
---|
| 72 | try |
---|
| 73 | { |
---|
[3627] | 74 | if (empty($_POST['your_pwd']) || !$core->auth->checkPassword($_POST['your_pwd'])) { |
---|
[175] | 75 | throw new Exception(__('Password verification failed')); |
---|
| 76 | } |
---|
[2566] | 77 | |
---|
[175] | 78 | $cur = $core->con->openCursor($core->prefix.'user'); |
---|
[2566] | 79 | |
---|
[175] | 80 | $cur->user_id = $_POST['user_id']; |
---|
| 81 | $cur->user_super = $user_super = !empty($_POST['user_super']) ? 1 : 0; |
---|
[3649] | 82 | $cur->user_name = $user_name = html::escapeHTML($_POST['user_name']); |
---|
| 83 | $cur->user_firstname = $user_firstname = html::escapeHTML($_POST['user_firstname']); |
---|
| 84 | $cur->user_displayname = $user_displayname = html::escapeHTML($_POST['user_displayname']); |
---|
| 85 | $cur->user_email = $user_email = html::escapeHTML($_POST['user_email']); |
---|
| 86 | $cur->user_url = $user_url = html::escapeHTML($_POST['user_url']); |
---|
| 87 | $cur->user_lang = $user_lang = html::escapeHTML($_POST['user_lang']); |
---|
| 88 | $cur->user_tz = $user_tz = html::escapeHTML($_POST['user_tz']); |
---|
| 89 | $cur->user_post_status = $user_post_status = html::escapeHTML($_POST['user_post_status']); |
---|
[2566] | 90 | |
---|
[3391] | 91 | if ($user_id && $cur->user_id == $core->auth->userID() && $core->auth->isSuperAdmin()) { |
---|
[313] | 92 | // force super_user to true if current user |
---|
| 93 | $cur->user_super = $user_super = true; |
---|
| 94 | } |
---|
[175] | 95 | if ($core->auth->allowPassChange()) { |
---|
| 96 | $cur->user_change_pwd = !empty($_POST['user_change_pwd']) ? 1 : 0; |
---|
| 97 | } |
---|
[2566] | 98 | |
---|
[175] | 99 | if (!empty($_POST['new_pwd'])) { |
---|
| 100 | if ($_POST['new_pwd'] != $_POST['new_pwd_c']) { |
---|
| 101 | throw new Exception(__("Passwords don't match")); |
---|
| 102 | } else { |
---|
| 103 | $cur->user_pwd = $_POST['new_pwd']; |
---|
| 104 | } |
---|
| 105 | } |
---|
[2566] | 106 | |
---|
[3649] | 107 | $user_options['post_format'] = html::escapeHTML($_POST['user_post_format']); |
---|
[175] | 108 | $user_options['edit_size'] = (integer) $_POST['user_edit_size']; |
---|
[2566] | 109 | |
---|
[175] | 110 | if ($user_options['edit_size'] < 1) { |
---|
| 111 | $user_options['edit_size'] = 10; |
---|
| 112 | } |
---|
[2566] | 113 | |
---|
[175] | 114 | $cur->user_options = new ArrayObject($user_options); |
---|
[2566] | 115 | |
---|
[175] | 116 | # Udate user |
---|
| 117 | if ($user_id) |
---|
| 118 | { |
---|
| 119 | # --BEHAVIOR-- adminBeforeUserUpdate |
---|
| 120 | $core->callBehavior('adminBeforeUserUpdate',$cur,$user_id); |
---|
[2566] | 121 | |
---|
[175] | 122 | $new_id = $core->updUser($user_id,$cur); |
---|
[2566] | 123 | |
---|
[175] | 124 | # --BEHAVIOR-- adminAfterUserUpdate |
---|
| 125 | $core->callBehavior('adminAfterUserUpdate',$cur,$new_id); |
---|
[2566] | 126 | |
---|
[175] | 127 | if ($user_id == $core->auth->userID() && |
---|
| 128 | $user_id != $new_id) { |
---|
| 129 | $core->session->destroy(); |
---|
| 130 | } |
---|
[2566] | 131 | |
---|
[2256] | 132 | dcPage::addSuccessNotice(__('User has been successfully updated.')); |
---|
[2852] | 133 | $core->adminurl->redirect("admin.user",array('id' => $new_id)); |
---|
[175] | 134 | } |
---|
| 135 | # Add user |
---|
| 136 | else |
---|
| 137 | { |
---|
| 138 | if ($core->getUsers(array('user_id' => $cur->user_id),true)->f(0) > 0) { |
---|
| 139 | throw new Exception(sprintf(__('User "%s" already exists.'),html::escapeHTML($cur->user_id))); |
---|
| 140 | } |
---|
[2566] | 141 | |
---|
[175] | 142 | # --BEHAVIOR-- adminBeforeUserCreate |
---|
| 143 | $core->callBehavior('adminBeforeUserCreate',$cur); |
---|
[2566] | 144 | |
---|
[175] | 145 | $new_id = $core->addUser($cur); |
---|
[2566] | 146 | |
---|
[175] | 147 | # --BEHAVIOR-- adminAfterUserCreate |
---|
| 148 | $core->callBehavior('adminAfterUserCreate',$cur,$new_id); |
---|
[2566] | 149 | |
---|
[2256] | 150 | dcPage::addSuccessNotice(__('User has been successfully created.')); |
---|
[547] | 151 | if (!empty($_POST['saveplus'])) { |
---|
[2852] | 152 | $core->adminurl->redirect("admin.user"); |
---|
[547] | 153 | } else { |
---|
[2852] | 154 | $core->adminurl->redirect("admin.user",array('id' => $new_id)); |
---|
[547] | 155 | } |
---|
[175] | 156 | } |
---|
| 157 | } |
---|
| 158 | catch (Exception $e) |
---|
| 159 | { |
---|
| 160 | $core->error->add($e->getMessage()); |
---|
| 161 | } |
---|
| 162 | } |
---|
| 163 | |
---|
| 164 | |
---|
| 165 | /* DISPLAY |
---|
| 166 | -------------------------------------------------------- */ |
---|
| 167 | dcPage::open($page_title, |
---|
| 168 | dcPage::jsConfirmClose('user-form'). |
---|
[1583] | 169 | dcPage::jsLoad('js/jquery/jquery.pwstrength.js'). |
---|
| 170 | '<script type="text/javascript">'."\n". |
---|
| 171 | "\$(function() {\n". |
---|
| 172 | " \$('#new_pwd').pwstrength({texts: ['". |
---|
| 173 | sprintf(__('Password strength: %s'),__('very weak'))."', '". |
---|
| 174 | sprintf(__('Password strength: %s'),__('weak'))."', '". |
---|
| 175 | sprintf(__('Password strength: %s'),__('mediocre'))."', '". |
---|
| 176 | sprintf(__('Password strength: %s'),__('strong'))."', '". |
---|
| 177 | sprintf(__('Password strength: %s'),__('very strong'))."']});\n". |
---|
| 178 | "});\n". |
---|
| 179 | "</script>\n". |
---|
[2566] | 180 | |
---|
[175] | 181 | # --BEHAVIOR-- adminUserHeaders |
---|
[1358] | 182 | $core->callBehavior('adminUserHeaders'), |
---|
| 183 | |
---|
| 184 | dcPage::breadcrumb( |
---|
| 185 | array( |
---|
| 186 | __('System') => '', |
---|
[2720] | 187 | __('Users') => $core->adminurl->get("admin.users"), |
---|
[2166] | 188 | $page_title => '' |
---|
[1358] | 189 | )) |
---|
[175] | 190 | ); |
---|
| 191 | |
---|
| 192 | if (!empty($_GET['upd'])) { |
---|
[1554] | 193 | dcPage::success(__('User has been successfully updated.')); |
---|
[175] | 194 | } |
---|
| 195 | |
---|
| 196 | if (!empty($_GET['add'])) { |
---|
[1553] | 197 | dcPage::success(__('User has been successfully created.')); |
---|
[175] | 198 | } |
---|
| 199 | |
---|
[1609] | 200 | echo |
---|
[2720] | 201 | '<form action="'.$core->adminurl->get("admin.user").'" method="post" id="user-form">'. |
---|
[1609] | 202 | '<div class="two-cols">'. |
---|
| 203 | |
---|
| 204 | '<div class="col">'. |
---|
| 205 | '<h3>'.__('User profile').'</h3>'. |
---|
| 206 | |
---|
| 207 | '<p><label for="user_id" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('User ID:').'</label> '. |
---|
[3639] | 208 | form::field('user_id',20,255,html::escapeHTML($user_id),'','',false,'required placeholder="'.__('Login').'"'). |
---|
[1609] | 209 | '</p>'. |
---|
[3398] | 210 | '<p class="form-note info">'.__('At least 2 characters using letters, numbers or symbols.').'</p>'; |
---|
[175] | 211 | |
---|
| 212 | if ($user_id == $core->auth->userID()) { |
---|
| 213 | echo |
---|
| 214 | '<p class="warning">'.__('Warning:').' '. |
---|
| 215 | __('If you change your username, you will have to log in again.').'</p>'; |
---|
| 216 | } |
---|
| 217 | |
---|
| 218 | echo |
---|
[1583] | 219 | '<div class="pw-table">'. |
---|
| 220 | '<p class="pw-cell">'. |
---|
| 221 | '<label for="new_pwd" '.($user_id != '' ? '' : 'class="required"').'>'. |
---|
| 222 | ($user_id != '' ? '' : '<abbr title="'.__('Required field').'">*</abbr> '). |
---|
| 223 | ($user_id != '' ? __('New password:') : __('Password:')).'</label>'. |
---|
[3639] | 224 | form::password('new_pwd',20,255,'','','',false,' data-indicator="pwindicator" '. |
---|
| 225 | ($user_id != '' ? '' : 'required placeholder="'.__('Password').'"')). |
---|
[1583] | 226 | '</p>'. |
---|
| 227 | '<div id="pwindicator">'. |
---|
| 228 | ' <div class="bar"></div>'. |
---|
| 229 | ' <p class="label no-margin"></p>'. |
---|
| 230 | '</div>'. |
---|
| 231 | '</div>'. |
---|
[3398] | 232 | '<p class="form-note info">'.__('Password must contain at least 6 characters.').'</p>'. |
---|
[175] | 233 | |
---|
[177] | 234 | '<p><label for="new_pwd_c" '.($user_id != '' ? '' : 'class="required"').'>'. |
---|
[1399] | 235 | ($user_id != '' ? '' : '<abbr title="'.__('Required field').'">*</abbr> ').__('Confirm password:').'</label> '. |
---|
[3639] | 236 | form::password('new_pwd_c',20,255,'','','',false,($user_id != '' ? '' : 'required placeholder="'.__('Password').'"')). |
---|
[1609] | 237 | '</p>'; |
---|
[175] | 238 | |
---|
| 239 | if ($core->auth->allowPassChange()) { |
---|
| 240 | echo |
---|
| 241 | '<p><label for="user_change_pwd" class="classic">'. |
---|
[454] | 242 | form::checkbox('user_change_pwd','1',$user_change_pwd).' '. |
---|
[175] | 243 | __('Password change required to connect').'</label></p>'; |
---|
| 244 | } |
---|
| 245 | |
---|
[313] | 246 | $super_disabled = $user_super && $user_id == $core->auth->userID(); |
---|
[3274] | 247 | |
---|
[175] | 248 | echo |
---|
[3274] | 249 | '<p><label for="user_super" class="classic">'. |
---|
| 250 | form::checkbox(($super_disabled ? 'user_super_off' : 'user_super'),'1',$user_super,'','',$super_disabled). |
---|
| 251 | ' '.__('Super administrator').'</label></p>'. |
---|
| 252 | ($super_disabled ? form::hidden(array('user_super'),$user_super) : ''). |
---|
[1179] | 253 | |
---|
[1399] | 254 | '<p><label for="user_name">'.__('Last Name:').'</label> '. |
---|
[1179] | 255 | form::field('user_name',20,255,html::escapeHTML($user_name)). |
---|
[1399] | 256 | '</p>'. |
---|
[1179] | 257 | |
---|
[1399] | 258 | '<p><label for="user_firstname">'.__('First Name:').'</label> '. |
---|
[1179] | 259 | form::field('user_firstname',20,255,html::escapeHTML($user_firstname)). |
---|
[1474] | 260 | '</p>'. |
---|
[1179] | 261 | |
---|
[1474] | 262 | '<p><label for="user_displayname">'.__('Display name:').'</label> '. |
---|
[1179] | 263 | form::field('user_displayname',20,255,html::escapeHTML($user_displayname)). |
---|
[1399] | 264 | '</p>'. |
---|
[1179] | 265 | |
---|
[1399] | 266 | '<p><label for="user_email">'.__('Email:').'</label> '. |
---|
[1179] | 267 | form::field('user_email',20,255,html::escapeHTML($user_email)). |
---|
[1399] | 268 | '</p>'. |
---|
[1179] | 269 | '<p class="form-note">'.__('Mandatory for password recovering procedure.').'</p>'. |
---|
[1609] | 270 | |
---|
| 271 | '<p><label for="user_url">'.__('URL:').'</label> '. |
---|
| 272 | form::field('user_url',30,255,html::escapeHTML($user_url)). |
---|
| 273 | '</p>'. |
---|
[175] | 274 | '</div>'. |
---|
[1179] | 275 | |
---|
| 276 | '<div class="col">'. |
---|
[1609] | 277 | '<h3>'.__('Options').'</h3>'. |
---|
| 278 | '<h4>'.__('Interface').'</h4>'. |
---|
| 279 | '<p><label for="user_lang">'.__('Language:').'</label> '. |
---|
| 280 | form::combo('user_lang',$lang_combo,$user_lang,'l10n'). |
---|
[1399] | 281 | '</p>'. |
---|
[1609] | 282 | |
---|
| 283 | '<p><label for="user_tz">'.__('Timezone:').'</label> '. |
---|
| 284 | form::combo('user_tz',dt::getZones(true,true),$user_tz). |
---|
| 285 | '</p>'. |
---|
| 286 | |
---|
| 287 | '<h4>'.__('Edition').'</h4>'. |
---|
[1399] | 288 | '<p><label for="user_post_format">'.__('Preferred format:').'</label> '. |
---|
[1179] | 289 | form::combo('user_post_format',$formaters_combo,$user_options['post_format']). |
---|
[1399] | 290 | '</p>'. |
---|
[1179] | 291 | |
---|
[1399] | 292 | '<p><label for="user_post_status">'.__('Default entry status:').'</label> '. |
---|
[1179] | 293 | form::combo('user_post_status',$status_combo,$user_post_status). |
---|
[1399] | 294 | '</p>'. |
---|
[1179] | 295 | |
---|
[1399] | 296 | '<p><label for="user_edit_size">'.__('Entry edit field height:').'</label> '. |
---|
[1179] | 297 | form::field('user_edit_size',5,4,(integer) $user_options['edit_size']). |
---|
[1399] | 298 | '</p>'; |
---|
[175] | 299 | |
---|
| 300 | # --BEHAVIOR-- adminUserForm |
---|
| 301 | $core->callBehavior('adminUserForm',isset($rs) ? $rs : null); |
---|
| 302 | |
---|
[2566] | 303 | echo |
---|
[1609] | 304 | '</div>'. |
---|
| 305 | '</div>'; |
---|
| 306 | |
---|
| 307 | |
---|
[175] | 308 | echo |
---|
[1621] | 309 | '<p class="clear vertical-separator"><label for="your_pwd" class="required">'. |
---|
[1609] | 310 | '<abbr title="'.__('Required field').'">*</abbr> '.__('Your password:').'</label>'. |
---|
[3639] | 311 | form::password('your_pwd',20,255,'','','',false,'required placeholder="'.__('Password').'"').'</p>'. |
---|
[547] | 312 | '<p class="clear"><input type="submit" name="save" accesskey="s" value="'.__('Save').'" />'. |
---|
| 313 | ($user_id != '' ? '' : ' <input type="submit" name="saveplus" value="'.__('Save and create another').'" />'). |
---|
[175] | 314 | ($user_id != '' ? form::hidden('id',$user_id) : ''). |
---|
| 315 | $core->formNonce(). |
---|
| 316 | '</p>'. |
---|
| 317 | |
---|
| 318 | '</form>'; |
---|
| 319 | |
---|
| 320 | if ($user_id) |
---|
| 321 | { |
---|
[1609] | 322 | echo '<div class="clear fieldset">'. |
---|
| 323 | '<h3>'.__('Permissions').'</h3>'; |
---|
| 324 | |
---|
| 325 | if (!$user_super) |
---|
[175] | 326 | { |
---|
[1609] | 327 | echo |
---|
[2720] | 328 | '<form action="'.$core->adminurl->get("admin.user.actions").'" method="post">'. |
---|
[1609] | 329 | '<p><input type="submit" value="'.__('Add new permissions').'" />'. |
---|
[2720] | 330 | form::hidden(array('redir'),$core->adminurl->get("admin.user",array('id' => $user_id))). |
---|
[1609] | 331 | form::hidden(array('action'),'blogs'). |
---|
| 332 | form::hidden(array('users[]'),$user_id). |
---|
| 333 | $core->formNonce(). |
---|
| 334 | '</p>'. |
---|
| 335 | '</form>'; |
---|
[2566] | 336 | |
---|
[1609] | 337 | $permissions = $core->getUserPermissions($user_id); |
---|
| 338 | $perm_types = $core->auth->getPermissionsTypes(); |
---|
[2566] | 339 | |
---|
[1609] | 340 | if (count($permissions) == 0) |
---|
[175] | 341 | { |
---|
[1609] | 342 | echo '<p>'.__('No permissions so far.').'</p>'; |
---|
| 343 | } |
---|
| 344 | else |
---|
| 345 | { |
---|
| 346 | foreach ($permissions as $k => $v) |
---|
[175] | 347 | { |
---|
[1609] | 348 | if (count($v['p']) > 0) |
---|
| 349 | { |
---|
[2566] | 350 | echo |
---|
[2720] | 351 | '<form action="'.$core->adminurl->get("admin.user.actions").'" method="post" class="perm-block">'. |
---|
| 352 | '<p class="blog-perm">'.__('Blog:').' <a href="'. |
---|
[2729] | 353 | $core->adminurl->get("admin.blog",array('id' => html::escapeHTML($k))).'">'. |
---|
[1609] | 354 | html::escapeHTML($v['name']).'</a> ('.html::escapeHTML($k).')</p>'; |
---|
[2566] | 355 | |
---|
[1609] | 356 | echo '<ul class="ul-perm">'; |
---|
| 357 | foreach ($v['p'] as $p => $V) { |
---|
| 358 | if (isset($perm_types[$p])) { |
---|
| 359 | echo '<li>'.__($perm_types[$p]).'</li>'; |
---|
| 360 | } |
---|
[175] | 361 | } |
---|
[1609] | 362 | echo |
---|
| 363 | '</ul>'. |
---|
| 364 | '<p class="add-perm"><input type="submit" class="reset" value="'.__('Change permissions').'" />'. |
---|
[2720] | 365 | form::hidden(array('redir'),$core->adminurl->get("admin.user",array('id' => $user_id))). |
---|
[1609] | 366 | form::hidden(array('action'),'perms'). |
---|
| 367 | form::hidden(array('users[]'),$user_id). |
---|
| 368 | form::hidden(array('blogs[]'),$k). |
---|
| 369 | $core->formNonce(). |
---|
| 370 | '</p>'. |
---|
| 371 | '</form>'; |
---|
[175] | 372 | } |
---|
| 373 | } |
---|
[2566] | 374 | } |
---|
[1609] | 375 | |
---|
[2566] | 376 | } |
---|
[1609] | 377 | else { |
---|
[1621] | 378 | echo '<p>'.sprintf(__('%s is super admin (all rights on all blogs).'),'<strong>'.$user_id.'</strong>').'</p>'; |
---|
[2566] | 379 | } |
---|
[860] | 380 | echo '</div>'; |
---|
[175] | 381 | } |
---|
| 382 | |
---|
| 383 | dcPage::helpBlock('core_user'); |
---|
| 384 | dcPage::close(); |
---|