| [ Index ] |
PHP Cross Reference of Textpattern 4.0.8 |
[Summary view] [Print] [Text view]
1 <?php 2 3 /* 4 This is Textpattern 5 6 Copyright 2005 by Dean Allen 7 www.textpattern.com 8 All rights reserved 9 10 Use of this software indicates acceptance of the Textpattern license agreement 11 12 $HeadURL: https://textpattern.googlecode.com/svn/releases/4.0.8/source/textpattern/include/txp_admin.php $ 13 $LastChangedRevision: 3013 $ 14 15 */ 16 17 if (!defined('txpinterface')) 18 { 19 die('txpinterface is undefined.'); 20 } 21 22 $levels = array( 23 1 => gTxt('publisher'), 24 2 => gTxt('managing_editor'), 25 3 => gTxt('copy_editor'), 26 4 => gTxt('staff_writer'), 27 5 => gTxt('freelancer'), 28 6 => gTxt('designer'), 29 0 => gTxt('none') 30 ); 31 32 if ($event == 'admin') 33 { 34 require_privs('admin'); 35 36 include_once txpath.'/lib/txplib_admin.php'; 37 38 $available_steps = array( 39 'admin_multi_edit', 40 'admin_change_pageby', 41 'author_list', 42 'author_save', 43 'author_save_new', 44 'change_email', 45 'change_pass' 46 ); 47 48 if (!$step or !in_array($step, $available_steps)) 49 { 50 admin(); 51 } 52 53 else 54 { 55 $step(); 56 } 57 } 58 59 // ------------------------------------------------------------- 60 61 function admin($message = '') 62 { 63 global $txp_user; 64 65 pagetop(gTxt('site_administration'), $message); 66 67 if (is_disabled('mail')) 68 { 69 echo tag(gTxt('warn_mail_unavailable'), 'p',' id="warning" '); 70 } 71 72 $email = fetch('email', 'txp_users', 'name', $txp_user); 73 74 if (has_privs('admin.edit')) 75 { 76 echo author_form(); 77 } 78 79 if (has_privs('admin.list')) 80 { 81 echo author_list(); 82 } 83 84 echo new_pass_form(); 85 86 if (!has_privs('admin.edit')) 87 { 88 echo change_email_form($email); 89 } 90 } 91 92 // ------------------------------------------------------------- 93 94 function change_email() 95 { 96 global $txp_user; 97 98 $new_email = gps('new_email'); 99 100 if (!is_valid_email($new_email)) 101 { 102 admin(gTxt('email_required')); 103 return; 104 } 105 106 $rs = safe_update('txp_users', "email = '".doSlash($new_email)."'", "name = '".doSlash($txp_user)."'"); 107 108 if ($rs) 109 { 110 admin( 111 gTxt('email_changed', array('{email}' => $new_email)) 112 ); 113 } 114 } 115 116 // ------------------------------------------------------------- 117 118 function author_save() 119 { 120 require_privs('admin.edit'); 121 122 extract(doSlash(psa(array('privs', 'user_id', 'RealName', 'email')))); 123 $privs = assert_int($privs); 124 $user_id = assert_int($user_id); 125 126 if (!is_valid_email($email)) 127 { 128 admin(gTxt('email_required')); 129 return; 130 } 131 132 $rs = safe_update('txp_users', " 133 privs = $privs, 134 RealName = '$RealName', 135 email = '$email'", 136 "user_id = $user_id" 137 ); 138 139 if ($rs) 140 { 141 admin( 142 gTxt('author_updated', array('{name}' => $RealName)) 143 ); 144 } 145 } 146 147 // ------------------------------------------------------------- 148 149 function change_pass() 150 { 151 global $txp_user; 152 153 extract(doSlash(psa(array('new_pass', 'mail_password')))); 154 155 if (empty($new_pass)) 156 { 157 admin(gTxt('password_required')); 158 return; 159 } 160 161 $rs = safe_update('txp_users', "pass = password(lower('$new_pass'))", "name = '".doSlash($txp_user)."'"); 162 163 if ($rs) 164 { 165 $message = gTxt('password_changed'); 166 167 if ($mail_password) 168 { 169 $email = fetch('email', 'txp_users', 'name', $txp_user); 170 171 send_new_password($new_pass, $email, $txp_user); 172 173 $message .= sp.gTxt('and_mailed_to').sp.$email; 174 } 175 176 else 177 { 178 echo comment(mysql_error()); 179 } 180 181 $message .= '.'; 182 183 admin($message); 184 } 185 } 186 187 // ------------------------------------------------------------- 188 189 function author_save_new() 190 { 191 require_privs('admin.edit'); 192 193 extract(doSlash(psa(array('privs', 'name', 'email', 'RealName')))); 194 195 $privs = assert_int($privs); 196 $length = function_exists('mb_strlen') ? mb_strlen($name, '8bit') : strlen($name); 197 198 if ($name and $length <= 64 and is_valid_email($email)) 199 { 200 $password = doSlash(generate_password(6)); 201 $nonce = doSlash(md5(uniqid(mt_rand(), TRUE))); 202 203 $rs = safe_insert('txp_users', " 204 privs = $privs, 205 name = '$name', 206 email = '$email', 207 RealName = '$RealName', 208 nonce = '$nonce', 209 pass = password(lower('$password')) 210 "); 211 212 if ($rs) 213 { 214 send_password($RealName, $name, $email, $password); 215 216 admin( 217 gTxt('password_sent_to').sp.$email 218 ); 219 220 return; 221 } 222 } 223 224 admin(gTxt('error_adding_new_author')); 225 } 226 227 // ------------------------------------------------------------- 228 229 function privs($priv = '') 230 { 231 global $levels; 232 return selectInput('privs', $levels, $priv); 233 } 234 235 // ------------------------------------------------------------- 236 237 function get_priv_level($priv) 238 { 239 global $levels; 240 return $levels[$priv]; 241 } 242 243 // ------------------------------------------------------------- 244 245 function new_pass_form() 246 { 247 return '<div style="margin: 3em auto auto auto; text-align: center;">'. 248 form( 249 tag(gTxt('change_password'), 'h3'). 250 251 graf('<label for="new_pass">'.gTxt('new_password').'</label> '. 252 fInput('password', 'new_pass', '', 'edit', '', '', '20', '1', 'new_pass'). 253 checkbox('mail_password', '1', true, '', 'mail_password').'<label for="mail_password">'.gTxt('mail_it').'</label> '. 254 fInput('submit', 'change_pass', gTxt('submit'), 'smallerbox'). 255 eInput('admin'). 256 sInput('change_pass') 257 ,' style="text-align: center;"') 258 ).'</div>'; 259 } 260 261 // ------------------------------------------------------------- 262 263 function change_email_form($email) 264 { 265 return '<div style="margin: 3em auto auto auto; text-align: center;">'. 266 form( 267 tag(gTxt('change_email_address'), 'h3'). 268 graf('<label for="new_email">'.gTxt('new_email').'</label> '. 269 fInput('text', 'new_email', $email, 'edit', '', '', '20', '2', 'new_email'). 270 fInput('submit', 'change_email', gTxt('submit'), 'smallerbox'). 271 eInput('admin'). 272 sInput('change_email') 273 ,' style="text-align: center;"') 274 ).'</div>'; 275 } 276 277 // ------------------------------------------------------------- 278 279 function author_list() 280 { 281 global $txp_user, $author_list_pageby; 282 283 extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method'))); 284 285 if (!in_array($sort, array('name', 'RealName', 'email', 'privs', 'last_login'))) $sort = 'name'; 286 287 $dir = ($dir == 'desc') ? 'desc' : 'asc'; 288 $sort_sql = $sort.' '.$dir; 289 $switch_dir = ($dir == 'desc') ? 'asc' : 'desc'; 290 291 $total = getCount('txp_users', '1=1'); 292 $limit = max($author_list_pageby, 15); 293 294 list($page, $offset, $numPages) = pager($total, $limit, $page); 295 296 $rs = safe_rows_start('*, unix_timestamp(last_access) as last_login', 'txp_users', '1 = 1 order by '.$sort_sql.' limit '.$offset.', '.$limit); 297 298 if ($rs) 299 { 300 echo '<form action="index.php" method="post" name="longform" onsubmit="return verify(\''.gTxt('are_you_sure').'\')">'. 301 302 startTable('list'). 303 304 tr( 305 column_head('login_name', 'name', 'admin', true, $switch_dir, '', '', ('name' == $sort) ? $dir : ''). 306 column_head('real_name', 'RealName', 'admin', true, $switch_dir, '', '', ('RealName' == $sort) ? $dir : ''). 307 column_head('email', 'email', 'admin', true, $switch_dir, '', '', ('email' == $sort) ? $dir : ''). 308 column_head('privileges', 'privs', 'admin', true, $switch_dir, '', '', ('privs' == $sort) ? $dir : ''). 309 column_head('last_login', 'last_login', 'admin', true, $switch_dir, '', '', ('last_login' == $sort) ? $dir : ''). 310 hCell(). 311 hCell() 312 ); 313 314 while ($a = nextRow($rs)) 315 { 316 extract(doSpecial($a)); 317 318 echo tr( 319 td($name). 320 td($RealName). 321 td('<a href="mailto:'.$email.'">'.$email.'</a>'). 322 td(get_priv_level($privs)). 323 td($last_login ? safe_strftime('%b %Y', $last_login) : ''). 324 td((has_privs('admin.edit')) ? eLink('admin', 'author_edit', 'user_id', $user_id, gTxt('edit')) : ''). 325 td((has_privs('admin.edit') and $txp_user != $a['name']) ? fInput('checkbox', 'selected[]', $a['name']) : '') 326 ); 327 } 328 329 echo n.n.tr( 330 tda( 331 select_buttons(). 332 author_multiedit_form($page, $sort, $dir, $crit, $search_method) 333 , ' colspan="6" style="text-align: right; border: none;"') 334 ). 335 336 endTable(). 337 '</form>'. 338 339 nav_form('admin', $page, $numPages, $sort, $dir, $crit, $search_method). 340 341 pageby_form('admin', $author_list_pageby); 342 } 343 } 344 345 // ------------------------------------------------------------- 346 347 function author_form() 348 { 349 global $step, $txp_user; 350 351 $vars = array('user_id', 'name', 'RealName', 'email', 'privs'); 352 353 extract(gpsa($vars)); 354 355 if ($user_id && $step == 'author_edit') 356 { 357 $user_id = assert_int($user_id); 358 extract(safe_row('*', 'txp_users', "user_id = $user_id")); 359 } 360 361 if ($step == 'author_save' or $step == 'author_save_new') 362 { 363 foreach ($vars as $var) 364 { 365 $$var = ''; 366 } 367 } 368 369 $caption = gTxt(($step == 'author_edit') ? 'edit_author' : 'add_new_author'); 370 371 return form( 372 373 hed($caption, 3,' style="text-align: center;"'). 374 375 startTable('edit'). 376 377 tr( 378 fLabelCell('login_name'). 379 ($user_id && $step == 'author_edit' ? td(strong($name)) : fInputCell('name', $name)) 380 ). 381 382 tr( 383 fLabelCell('real_name'). 384 fInputCell('RealName', $RealName) 385 ). 386 387 tr( 388 fLabelCell('email'). 389 fInputCell('email', $email) 390 ). 391 392 tr( 393 fLabelCell('privileges'). 394 td( 395 ($txp_user != $name 396 ? privs($privs) 397 : hInput('privs', $privs).strong(get_priv_level($privs)) 398 ) 399 .sp.popHelp('about_privileges') 400 ) 401 ). 402 403 tr( 404 td(). 405 td( 406 fInput('submit', '', gTxt('save'), 'publish').($user_id ? '' : sp.popHelp('add_new_author')) 407 ) 408 ). 409 410 endTable(). 411 412 eInput('admin'). 413 ($user_id ? hInput('user_id', $user_id).sInput('author_save') : sInput('author_save_new')) 414 ); 415 } 416 417 // ------------------------------------------------------------- 418 419 function admin_change_pageby() 420 { 421 event_change_pageby('author'); 422 admin(); 423 } 424 425 // ------------------------------------------------------------- 426 427 function author_multiedit_form($page, $sort, $dir, $crit, $search_method) 428 { 429 $methods = array( 430 'changeprivilege' => gTxt('changeprivilege'), 431 'resetpassword' => gTxt('resetpassword'), 432 'delete' => gTxt('delete') 433 ); 434 435 return event_multiedit_form('admin', $methods, $page, $sort, $dir, $crit, $search_method); 436 } 437 438 // ------------------------------------------------------------- 439 440 function admin_multi_edit() 441 { 442 global $txp_user; 443 444 require_privs('admin.edit'); 445 446 $selected = ps('selected'); 447 $method = ps('edit_method'); 448 $changed = array(); 449 450 if (!$selected or !is_array($selected)) 451 { 452 return admin(); 453 } 454 455 $names = safe_column('name', 'txp_users', "name IN ('".join("','", doSlash($selected))."') AND name != '".doSlash($txp_user)."'"); 456 457 if (!$names) return admin(); 458 459 switch ($method) 460 { 461 case 'delete': 462 463 if (safe_delete('txp_users', "name IN ('".join("','", doSlash($names))."')")) 464 { 465 $changed = $names; 466 $msg = 'author_deleted'; 467 } 468 469 break; 470 471 case 'changeprivilege': 472 473 global $levels; 474 475 $privilege = ps('privs'); 476 477 if (!isset($levels[$privilege])) return admin(); 478 479 if (safe_update('txp_users', 'privs = '.intval($privilege), "name IN ('".join("','", doSlash($names))."')")) 480 { 481 $changed = $names; 482 $msg = 'author_updated'; 483 } 484 485 break; 486 487 case 'resetpassword': 488 489 $failed = array(); 490 491 foreach ($names as $name) 492 { 493 $passwd = generate_password(6); 494 495 if (safe_update('txp_users', "pass = password(lower('".doSlash($passwd)."'))", "name = '".doSlash($name)."'")); 496 { 497 $email = safe_field('email', 'txp_users', "name = '".doSlash($name)."'"); 498 499 if (send_new_password($passwd, $email, $name)) 500 { 501 $changed[] = $name; 502 $msg = 'author_updated'; 503 } 504 else 505 { 506 return admin(gTxt('could_not_mail').' '.htmlspecialchars($name)); 507 } 508 } 509 } 510 511 break; 512 } 513 514 if ($changed) 515 { 516 return admin(gTxt($msg, array('{name}' => htmlspecialchars(join(', ', $changed))))); 517 } 518 519 admin(); 520 } 521 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu May 21 23:03:01 2009 | Cross-referenced by PHPXref 0.7 |