JasonWoof Got questions, comments, patches, etc.? Contact Jason Woofenden
update .git-ftp include (for css rename)
[wfpl-cms.git] / admin_users.php
1 <?php
2
3 # This form requires wfpl. See: http://sametwice.com/wfpl
4
5 # This form was initially auto-generated. If you would like to alter the
6 # parameters and generate a new one try this URL:
7 #
8 # http://metaform.localhost.jasonwoof.com/?file_name=admin_users&table_name=users&singular=account&plural=accounts&opt_email=No&opt_db=Yes&opt_listing=Yes&opt_display=No&opt_pass=No&opt_public_form=No&opt_public_display=No&fields=name%0D%0Ausername%0D%0Atextbox+password%0D%0Arole%0D%0Aint+last_active%0D%0Aint+last_login&edit=yes
9
10
11 # SETUP
12
13 # To save results to a database, you'll need to create the users table.
14 # The file admin_users.sql should help with this
15 #
16 # if you rename any of the database fields, you'll need to update this:
17 define('ADMIN_USERS_DB_FIELDS', 'role,name,username,last_login,last_active');
18
19
20 require_once(__DIR__.'/'.'inc/wfpl/format.php');
21
22 $GLOBALS['admin_users_field_to_caption'] = array(
23         'name' => 'Name',
24         'role' => 'Role',
25         'username' => 'Username',
26         'password' => 'Password',
27         'last_login' => 'Last Login',
28         'last_active' => 'Last Active'
29 );
30
31 function admin_users_get_fields() {
32         $data = array();
33
34         $data['role'] = format_options(_REQUEST_cut('role'), 'role');
35         $data['name'] = format_oneline(trim(_REQUEST_cut('name')));
36         $data['username'] = format_auth_username(trim(_REQUEST_cut('username')));
37         $data['pass1'] = format_oneline(trim(_REQUEST_cut('pass1')));
38         $data['pass2'] = format_oneline(trim(_REQUEST_cut('pass2')));
39
40         return $data;
41 }
42
43
44 function admin_users_main() {
45         session_auth_must('admin_users');
46
47         $id = _REQUEST_cut('edit_id');
48         if ($id) {
49                 return admin_users_main_form($id);
50         }
51
52         $id = _REQUEST_cut('admin_users_delete_id');
53         if ($id) {
54                 return admin_users_main_delete($id);
55         }
56
57         if (_REQUEST_cut('new')) {
58                 return admin_users_main_form();
59         }
60
61         if (_REQUEST_cut('list')) {
62                 return admin_users_main_listing();
63         }
64
65         if (_REQUEST_cut('download_csv')) {
66                 return admin_users_csv_download();
67         }
68
69         if (isset($_POST['name'])) {
70                 return admin_users_main_form();
71         }
72
73         # default action:
74         return admin_users_main_listing();
75 }
76
77 function admin_users_main_delete($id) {
78         db_delete('users', 'where id=%i', $id);
79         message('Account deleted.');
80         return './admin_users';
81 }
82
83 function admin_users_csv_download() {
84         require_once(__DIR__.'/'.'inc/wfpl/csv.php');
85         $rows = db_get_rows('users', 'id,'.ADMIN_USERS_DB_FIELDS, 'order by id');
86         $fields = explode(',', 'id,'.ADMIN_USERS_DB_FIELDS);
87         $header = array();
88         foreach ($fields as $field) {
89                 if (isset($GLOBALS['admin_users_field_to_caption'][$field])) {
90                         $header[] = $GLOBALS['admin_users_field_to_caption'][$field];
91                 } else {
92                         $header[] = $field;
93                 }
94         }
95         array_unshift($rows, $header);
96         array2d_to_csv_download($rows, 'admin_users.csv');
97 }
98
99 function admin_users_main_listing() {
100         $data = array();
101         $desc = '';
102         $sort = _REQUEST_cut('sort');
103         if ($sort && substr($sort, 0, 1) === '-') {
104                 $sort = substr($sort, 1);
105                 $desc = ' DESC ';
106         } else {
107                 $data["sorting-by-$sort"] = '-';
108         }
109         $legal_sorts = explode(',', ADMIN_USERS_DB_FIELDS);
110         if (!$sort || !in_array($sort, $legal_sorts)) {
111                 $sort = 'role, name';
112         }
113
114         $data['rows'] = db_get_assocs('users', 'id,role,name,username,last_login,last_active', "order by $sort $desc limit 1000");
115         tem_set('listings', $data);
116         render_timestamps();
117 }
118
119 function admin_users_suggested_password() {
120         $character_set = "ABCDEFHJKLMNPQRTUWXY34789"; # removed all similar-looking characters
121         $code = "          ";
122
123         # PHP 4.2.0 and up seed the random number generator for you.
124         # Lets hope that it seeds with something harder to guess than the clock.
125         for($i = 0; $i < 10; ++$i) {
126                 $code{$i} = $character_set{mt_rand(0, 24)}; # inclusive
127         }
128
129         return $code;
130 }
131
132 function admin_users_main_form($id = false) {
133         if ($id) {
134                 tem_set('id', $id);
135         }
136
137         pulldown('role', [
138                 ['admin', 'Site Administrator'],
139                 ['disabled', 'Account Disabled']
140         ]);
141
142         if (isset($_POST['name'])) {
143                 $data = admin_users_get_fields();
144
145                 if (strlen($data['username']) < 1) {
146                         message("Oop, Username is required");
147                         $data['username_bad'] = true;
148                 } elseif ($data['pass1'] !== $data['pass2']) {
149                         message("Oop, passwords didn't match. Please enter your desired password carefully (twice).");
150                         $data['password_bad'] = true;
151                 } else {
152                         # password hash is slow, so only do it if we're really doing a db write
153                         if (isset($data['pass1']) && strlen($data['pass1']) > 0) {
154                                 # hash password for db storage
155                                 if (!function_exists('password_hash')) {
156                                         require_once(DOCROOT . 'inc/password_funcs_backported.php');
157                                 }
158                                 $data['password'] = password_hash($data['pass1'], PASSWORD_DEFAULT);
159                         }
160                         unset($data['pass1']);
161                         unset($data['pass2']);
162                         if ($id) {
163                                 db_update_assoc('users', $data, 'where id=%i', $id);
164                                 message('Account updated.');
165                         } else {
166                                 db_insert_assoc('users', $data);
167                                 message('Account saved.');
168                         }
169                         return './admin_users';
170                 }
171                 # else fall through to display the form again. Field values are in $data
172         } elseif ($id) {
173                 # we've recieved an edit id, but no data. So we grab the values to be edited from the database
174                 $data = db_get_assoc('users', ADMIN_USERS_DB_FIELDS, 'where id=%i', $id);
175         } else {
176                 # form not submitted, you can set default values like so:
177                 #$data = array('name' => 'Yes');
178                 $data = array();
179         }
180
181         tem_set('password_suggestions', [
182                 admin_users_suggested_password(),
183                 admin_users_suggested_password(),
184                 admin_users_suggested_password(),
185                 admin_users_suggested_password(),
186                 admin_users_suggested_password()
187         ]);
188         tem_set('form', $data);
189 }