X-Git-Url: https://jasonwoof.com/gitweb/?a=blobdiff_plain;f=admin_users.php;fp=admin_users.php;h=ba3a46ceb8f25b74ce3ad69f42cb9a1dc9e32e13;hb=15f391c463f08014a2af7b80920c4832877ad09f;hp=0000000000000000000000000000000000000000;hpb=981eb0d01458cebf032955ef788c8c88a3a99428;p=wfpl-cms.git

diff --git a/admin_users.php b/admin_users.php
new file mode 100644
index 0000000..ba3a46c
--- /dev/null
+++ b/admin_users.php
@@ -0,0 +1,189 @@
+<?php
+
+# This form requires wfpl. See: http://sametwice.com/wfpl
+
+# This form was initially auto-generated. If you would like to alter the
+# parameters and generate a new one try this URL:
+#
+# http://metaform.localhost.jasonwoof.com/?file_name=admin_users&table_name=users&singular=account&plural=accounts&opt_email=No&opt_db=Yes&opt_listing=Yes&opt_display=No&opt_pass=No&opt_public_form=No&opt_public_display=No&fields=name%0D%0Ausername%0D%0Atextbox+password%0D%0Arole%0D%0Aint+last_active%0D%0Aint+last_login&edit=yes
+
+
+# SETUP
+
+# To save results to a database, you'll need to create the users table.
+# The file admin_users.sql should help with this
+#
+# if you rename any of the database fields, you'll need to update this:
+define('ADMIN_USERS_DB_FIELDS', 'role,name,username,last_login,last_active');
+
+
+require_once(__DIR__.'/'.'inc/wfpl/format.php');
+
+$GLOBALS['admin_users_field_to_caption'] = array(
+	'name' => 'Name',
+	'role' => 'Role',
+	'username' => 'Username',
+	'password' => 'Password',
+	'last_login' => 'Last Login',
+	'last_active' => 'Last Active'
+);
+
+function admin_users_get_fields() {
+	$data = array();
+
+	$data['role'] = format_options(_REQUEST_cut('role'), 'role');
+	$data['name'] = format_oneline(trim(_REQUEST_cut('name')));
+	$data['username'] = format_oneline(trim(_REQUEST_cut('username')));
+	$data['pass1'] = format_oneline(trim(_REQUEST_cut('pass1')));
+	$data['pass2'] = format_oneline(trim(_REQUEST_cut('pass2')));
+
+	return $data;
+}
+
+
+function admin_users_main() {
+	session_auth_must('admin_users');
+
+	$id = _REQUEST_cut('edit_id');
+	if ($id) {
+		return admin_users_main_form($id);
+	}
+
+	$id = _REQUEST_cut('admin_users_delete_id');
+	if ($id) {
+		return admin_users_main_delete($id);
+	}
+
+	if (_REQUEST_cut('new')) {
+		return admin_users_main_form();
+	}
+
+	if (_REQUEST_cut('list')) {
+		return admin_users_main_listing();
+	}
+
+	if (_REQUEST_cut('download_csv')) {
+		return admin_users_csv_download();
+	}
+
+	if (isset($_POST['name'])) {
+		return admin_users_main_form();
+	}
+
+	# default action:
+	return admin_users_main_listing();
+}
+
+function admin_users_main_delete($id) {
+	db_delete('users', 'where id=%i', $id);
+	message('Account deleted.');
+	return './admin_users';
+}
+
+function admin_users_csv_download() {
+	require_once(__DIR__.'/'.'inc/wfpl/csv.php');
+	$rows = db_get_rows('users', 'id,'.ADMIN_USERS_DB_FIELDS, 'order by id');
+	$fields = explode(',', 'id,'.ADMIN_USERS_DB_FIELDS);
+	$header = array();
+	foreach ($fields as $field) {
+		if (isset($GLOBALS['admin_users_field_to_caption'][$field])) {
+			$header[] = $GLOBALS['admin_users_field_to_caption'][$field];
+		} else {
+			$header[] = $field;
+		}
+	}
+	array_unshift($rows, $header);
+	array2d_to_csv_download($rows, 'admin_users.csv');
+}
+
+function admin_users_main_listing() {
+	$data = array();
+	$desc = '';
+	$sort = _REQUEST_cut('sort');
+	if ($sort && substr($sort, 0, 1) === '-') {
+		$sort = substr($sort, 1);
+		$desc = ' DESC ';
+	} else {
+		$data["sorting-by-$sort"] = '-';
+	}
+	$legal_sorts = explode(',', ADMIN_USERS_DB_FIELDS);
+	if (!$sort || !in_array($sort, $legal_sorts)) {
+		$sort = 'role, name';
+	}
+
+	$data['rows'] = db_get_assocs('users', 'id,role,name,username,last_login,last_active', "order by $sort $desc limit 1000");
+	tem_set('listings', $data);
+	render_timestamps();
+}
+
+function admin_users_suggested_password() {
+	$character_set = "ABCDEFHJKLMNPQRTUWXY34789"; # removed all similar-looking characters
+	$code = "          ";
+
+	# PHP 4.2.0 and up seed the random number generator for you.
+	# Lets hope that it seeds with something harder to guess than the clock.
+	for($i = 0; $i < 10; ++$i) {
+		$code{$i} = $character_set{mt_rand(0, 24)}; # inclusive
+	}
+
+	return $code;
+}
+
+function admin_users_main_form($id = false) {
+	if ($id) {
+		tem_set('id', $id);
+	}
+
+	pulldown('role', [
+		['admin', 'Site Administrator'],
+		['disabled', 'Account Disabled']
+	]);
+
+	if (isset($_POST['name'])) {
+		$data = admin_users_get_fields();
+
+		if (strlen($data['username']) < 1) {
+			message("Oop, Username is required");
+			$data['username_bad'] = true;
+		} elseif ($data['pass1'] !== $data['pass2']) {
+			message("Oop, passwords didn't match. Please enter your desired password carefully (twice).");
+			$data['password_bad'] = true;
+		} else {
+			# password hash is slow, so only do it if we're really doing a db write
+			if (isset($data['pass1']) && strlen($data['pass1']) > 0) {
+				# hash password for db storage
+				if (!function_exists('password_hash')) {
+					require_once(DOCROOT . 'inc/password_funcs_backported.php');
+				}
+				$data['password'] = password_hash($data['pass1'], PASSWORD_DEFAULT);
+			}
+			unset($data['pass1']);
+			unset($data['pass2']);
+			if ($id) {
+				db_update_assoc('users', $data, 'where id=%i', $id);
+				message('Account updated.');
+			} else {
+				db_insert_assoc('users', $data);
+				message('Account saved.');
+			}
+			return './admin_users';
+		}
+		# else fall through to display the form again. Field values are in $data
+	} elseif ($id) {
+		# we've recieved an edit id, but no data. So we grab the values to be edited from the database
+		$data = db_get_assoc('users', ADMIN_USERS_DB_FIELDS, 'where id=%i', $id);
+	} else {
+		# form not submitted, you can set default values like so:
+		#$data = array('name' => 'Yes');
+		$data = array();
+	}
+
+	tem_set('password_suggestions', [
+		admin_users_suggested_password(),
+		admin_users_suggested_password(),
+		admin_users_suggested_password(),
+		admin_users_suggested_password(),
+		admin_users_suggested_password()
+	]);
+	tem_set('form', $data);
+}