X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl-cms.git;a=blobdiff_plain;f=admin_users.php;h=1c176731a994cc611a512e7b44dd821a2f49896d;hp=9e4a753dac1e388d5e638de2b5fb74e6fe794a56;hb=01c953a17babb9d6fedb751671d7e05bc6f33a92;hpb=9cd73aa3d18a76feb8fe640071c9e7e90abf4f8f diff --git a/admin_users.php b/admin_users.php index 9e4a753..1c17673 100644 --- a/admin_users.php +++ b/admin_users.php @@ -20,170 +20,170 @@ define('ADMIN_USERS_DB_FIELDS', 'role,name,username,last_login,last_active'); require_once(__DIR__.'/'.'inc/wfpl/format.php'); $GLOBALS['admin_users_field_to_caption'] = array( - 'name' => 'Name', - 'role' => 'Role', - 'username' => 'Username', - 'password' => 'Password', - 'last_login' => 'Last Login', - 'last_active' => 'Last Active' + 'name' => 'Name', + 'role' => 'Role', + 'username' => 'Username', + 'password' => 'Password', + 'last_login' => 'Last Login', + 'last_active' => 'Last Active' ); function admin_users_get_fields() { - $data = array(); + $data = array(); - $data['role'] = format_options(_REQUEST_cut('role'), 'role'); - $data['name'] = format_oneline(trim(_REQUEST_cut('name'))); - $data['username'] = format_auth_username(trim(_REQUEST_cut('username'))); - $data['pass1'] = format_oneline(trim(_REQUEST_cut('pass1'))); - $data['pass2'] = format_oneline(trim(_REQUEST_cut('pass2'))); + $data['role'] = format_options(_REQUEST_cut('role'), 'role'); + $data['name'] = format_oneline(trim(_REQUEST_cut('name'))); + $data['username'] = format_auth_username(trim(_REQUEST_cut('username'))); + $data['pass1'] = format_oneline(trim(_REQUEST_cut('pass1'))); + $data['pass2'] = format_oneline(trim(_REQUEST_cut('pass2'))); - return $data; + return $data; } function admin_users_main() { - session_auth_must('admin_users'); + session_auth_must('admin_users'); - $id = _REQUEST_cut('edit_id'); - if ($id) { - return admin_users_main_form($id); - } + $id = _REQUEST_cut('edit_id'); + if ($id) { + return admin_users_main_form($id); + } - $id = _REQUEST_cut('admin_users_delete_id'); - if ($id) { - return admin_users_main_delete($id); - } + $id = _REQUEST_cut('admin_users_delete_id'); + if ($id) { + return admin_users_main_delete($id); + } - if (_REQUEST_cut('new')) { - return admin_users_main_form(); - } + if (_REQUEST_cut('new')) { + return admin_users_main_form(); + } - if (_REQUEST_cut('list')) { - return admin_users_main_listing(); - } + if (_REQUEST_cut('list')) { + return admin_users_main_listing(); + } - if (_REQUEST_cut('download_csv')) { - return admin_users_csv_download(); - } + if (_REQUEST_cut('download_csv')) { + return admin_users_csv_download(); + } - if (isset($_POST['name'])) { - return admin_users_main_form(); - } + if (isset($_POST['name'])) { + return admin_users_main_form(); + } - # default action: - return admin_users_main_listing(); + # default action: + return admin_users_main_listing(); } function admin_users_main_delete($id) { - db_delete('users', 'where id=%i', $id); - message('Account deleted.'); - return './admin_users'; + db_delete('users', 'where id=%i', $id); + message('Account deleted.'); + return './admin_users'; } function admin_users_csv_download() { - require_once(__DIR__.'/'.'inc/wfpl/csv.php'); - $rows = db_get_rows('users', 'id,'.ADMIN_USERS_DB_FIELDS, 'order by id'); - $fields = explode(',', 'id,'.ADMIN_USERS_DB_FIELDS); - $header = array(); - foreach ($fields as $field) { - if (isset($GLOBALS['admin_users_field_to_caption'][$field])) { - $header[] = $GLOBALS['admin_users_field_to_caption'][$field]; - } else { - $header[] = $field; - } - } - array_unshift($rows, $header); - array2d_to_csv_download($rows, 'admin_users.csv'); + require_once(__DIR__.'/'.'inc/wfpl/csv.php'); + $rows = db_get_rows('users', 'id,'.ADMIN_USERS_DB_FIELDS, 'order by id'); + $fields = explode(',', 'id,'.ADMIN_USERS_DB_FIELDS); + $header = array(); + foreach ($fields as $field) { + if (isset($GLOBALS['admin_users_field_to_caption'][$field])) { + $header[] = $GLOBALS['admin_users_field_to_caption'][$field]; + } else { + $header[] = $field; + } + } + array_unshift($rows, $header); + array2d_to_csv_download($rows, 'admin_users.csv'); } function admin_users_main_listing() { - $data = array(); - $desc = ''; - $sort = _REQUEST_cut('sort'); - if ($sort && substr($sort, 0, 1) === '-') { - $sort = substr($sort, 1); - $desc = ' DESC '; - } else { - $data["sorting-by-$sort"] = '-'; - } - $legal_sorts = explode(',', ADMIN_USERS_DB_FIELDS); - if (!$sort || !in_array($sort, $legal_sorts)) { - $sort = 'role, name'; - } - - $data['rows'] = db_get_assocs('users', 'id,role,name,username,last_login,last_active', "order by $sort $desc limit 1000"); - tem_set('listings', $data); - render_timestamps(); + $data = array(); + $desc = ''; + $sort = _REQUEST_cut('sort'); + if ($sort && substr($sort, 0, 1) === '-') { + $sort = substr($sort, 1); + $desc = ' DESC '; + } else { + $data["sorting-by-$sort"] = '-'; + } + $legal_sorts = explode(',', ADMIN_USERS_DB_FIELDS); + if (!$sort || !in_array($sort, $legal_sorts)) { + $sort = 'role, name'; + } + + $data['rows'] = db_get_assocs('users', 'id,role,name,username,last_login,last_active', "order by $sort $desc limit 1000"); + tem_set('listings', $data); + render_timestamps(); } function admin_users_suggested_password() { - $character_set = "ABCDEFHJKLMNPQRTUWXY34789"; # removed all similar-looking characters - $code = " "; + $character_set = "ABCDEFHJKLMNPQRTUWXY34789"; # removed all similar-looking characters + $code = " "; - # PHP 4.2.0 and up seed the random number generator for you. - # Lets hope that it seeds with something harder to guess than the clock. - for($i = 0; $i < 10; ++$i) { - $code{$i} = $character_set{mt_rand(0, 24)}; # inclusive - } + # PHP 4.2.0 and up seed the random number generator for you. + # Lets hope that it seeds with something harder to guess than the clock. + for($i = 0; $i < 10; ++$i) { + $code{$i} = $character_set{mt_rand(0, 24)}; # inclusive + } - return $code; + return $code; } function admin_users_main_form($id = false) { - if ($id) { - tem_set('id', $id); - } - - pulldown('role', [ - ['admin', 'Site Administrator'], - ['disabled', 'Account Disabled'] - ]); - - if (isset($_POST['name'])) { - $data = admin_users_get_fields(); - - if (strlen($data['username']) < 1) { - message("Oop, Username is required"); - $data['username_bad'] = true; - } elseif ($data['pass1'] !== $data['pass2']) { - message("Oop, passwords didn't match. Please enter your desired password carefully (twice)."); - $data['password_bad'] = true; - } else { - # password hash is slow, so only do it if we're really doing a db write - if (isset($data['pass1']) && strlen($data['pass1']) > 0) { - # hash password for db storage - if (!function_exists('password_hash')) { - require_once(__DIR__.'/'.'inc/password_funcs_backported.php'); - } - $data['password'] = password_hash($data['pass1'], PASSWORD_DEFAULT); - } - unset($data['pass1']); - unset($data['pass2']); - if ($id) { - db_update_assoc('users', $data, 'where id=%i', $id); - message('Account updated.'); - } else { - db_insert_assoc('users', $data); - message('Account saved.'); - } - return './admin_users'; - } - # else fall through to display the form again. Field values are in $data - } elseif ($id) { - # we've recieved an edit id, but no data. So we grab the values to be edited from the database - $data = db_get_assoc('users', ADMIN_USERS_DB_FIELDS, 'where id=%i', $id); - } else { - # form not submitted, you can set default values like so: - #$data = array('name' => 'Yes'); - $data = array(); - } - - tem_set('password_suggestions', [ - admin_users_suggested_password(), - admin_users_suggested_password(), - admin_users_suggested_password(), - admin_users_suggested_password(), - admin_users_suggested_password() - ]); - tem_set('form', $data); + if ($id) { + tem_set('id', $id); + } + + pulldown('role', [ + ['admin', 'Site Administrator'], + ['disabled', 'Account Disabled'] + ]); + + if (isset($_POST['name'])) { + $data = admin_users_get_fields(); + + if (strlen($data['username']) < 1) { + message("Oop, Username is required"); + $data['username_bad'] = true; + } elseif ($data['pass1'] !== $data['pass2']) { + message("Oop, passwords didn't match. Please enter your desired password carefully (twice)."); + $data['password_bad'] = true; + } else { + # password hash is slow, so only do it if we're really doing a db write + if (isset($data['pass1']) && strlen($data['pass1']) > 0) { + # hash password for db storage + if (!function_exists('password_hash')) { + require_once(__DIR__.'/'.'inc/password_funcs_backported.php'); + } + $data['password'] = password_hash($data['pass1'], PASSWORD_DEFAULT); + } + unset($data['pass1']); + unset($data['pass2']); + if ($id) { + db_update_assoc('users', $data, 'where id=%i', $id); + message('Account updated.'); + } else { + db_insert_assoc('users', $data); + message('Account saved.'); + } + return './admin_users'; + } + # else fall through to display the form again. Field values are in $data + } elseif ($id) { + # we've recieved an edit id, but no data. So we grab the values to be edited from the database + $data = db_get_assoc('users', ADMIN_USERS_DB_FIELDS, 'where id=%i', $id); + } else { + # form not submitted, you can set default values like so: + #$data = array('name' => 'Yes'); + $data = array(); + } + + tem_set('password_suggestions', [ + admin_users_suggested_password(), + admin_users_suggested_password(), + admin_users_suggested_password(), + admin_users_suggested_password(), + admin_users_suggested_password() + ]); + tem_set('form', $data); }