Context Navigation

user_manager_settings.php @ 1304

Revision 1304, 31.9 KB (checked in by nick_ramsay, 3 years ago)
[Trunk] Hotaru 1.1.2, with more to follow soon.

Line
1	<?php
2	/**
3	* File: plugins/user_manager/user_manager_settings.php
4	* Purpose: The functions that do the hard work such as adding, deleting and sorting categories.
5	*
6	* PHP version 5
7	*
8	* LICENSE: Hotaru CMS is free software: you can redistribute it and/or
9	* modify it under the terms of the GNU General Public License as
10	* published by the Free Software Foundation, either version 3 of
11	* the License, or (at your option) any later version.
12	*
13	* Hotaru CMS is distributed in the hope that it will be useful, but WITHOUT
14	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
15	* FITNESS FOR A PARTICULAR PURPOSE.
16	*
17	* You should have received a copy of the GNU General Public License along
18	* with Hotaru CMS. If not, see http://www.gnu.org/licenses/.
19	*
20	* @category Content Management System
21	* @package HotaruCMS
22	* @author Nick Ramsay <admin@hotarucms.org>
23	* @copyright Copyright (c) 2009, Hotaru CMS
24	* @license http://www.gnu.org/copyleft/gpl.html GNU General Public License
25	* @link http://www.hotarucms.org/
26	*/
27
28	class UserManagerSettings
29	{
30	/**
31	* Main function that calls others
32	*
33	* @return bool
34	*/
35	public function settings($h)
36	{
37	if (($h->cage->get->testPage('subpage') == 'default_perms')
38	\|\| ($h->cage->post->testPage('subpage') == 'default_perms')) {
39	$this->defaultPerms($h);
40	return true;
41	}
42
43	if (($h->cage->get->testPage('subpage') == 'default_settings')
44	\|\| ($h->cage->post->testPage('subpage') == 'default_settings')) {
45	$this->defaultSettings($h);
46	return true;
47	}
48
49	// grab the number of pending users:
50	$sql = "SELECT COUNT(user_id) FROM " . TABLE_USERS . " WHERE user_role = %s";
51	$num_pending = $h->db->get_var($h->db->prepare($sql, 'pending'));
52	if (!$num_pending) { $num_pending = "0"; }
53	$h->vars['num_pending'] = $num_pending;
54
55
56	// check if all new users are automatically set to pending or not
57	$user_signin_settings = $h->getSerializedSettings('user_signin');
58	$h->vars['regStatus'] = $user_signin_settings['registration_status'];
59	$h->vars['useEmailConf'] = $user_signin_settings['emailconf_enabled'];
60
61	// clear variables:
62	$h->vars['search_term'] = '';
63	if ($h->vars['regStatus'] == 'pending') {
64	$h->vars['user_filter'] = 'pending';
65	} else {
66	$h->vars['user_filter'] = 'all';
67	}
68
69	// Get unique statuses for Filter form:
70	$h->vars['roles'] = $h->getUniqueRoles();
71
72	$u = new UserBase();
73
74	// if checkboxes
75	if (($h->cage->get->getAlpha('type') == 'checkboxes') && ($h->cage->get->keyExists('user_man')))
76	{
77	foreach ($h->cage->get->keyExists('user_man') as $id => $checked) {
78	$h->message = $h->lang["user_man_checkboxes_role_changed"]; // default "Changed role" message
79	$u->id = $id;
80	$u->getUserBasic($h, $id);
81	$new_role = $h->cage->get->testAlnumLines('checkbox_action');
82	if ($new_role != $u->role) {
83	// change role:
84	$u->role = $new_role;
85	$new_perms = $u->getDefaultPermissions($h, $new_role);
86	$u->setAllPermissions($new_perms);
87	$u->updatePermissions($h);
88	$u->updateUserBasic($h, $id);
89	$h->message = $h->lang["user_man_checkboxes_role_changed"];
90
91	if ($new_role == 'killspammed' \|\| $new_role == 'deleted') {
92	$h->deleteComments($u->id); // includes child comments from other users
93	$h->deletePosts($u->id); // includes tags and votes for self-submitted posts
94	if ($h->cage->get->keyExists('addblockedlist')) {
95	$h->addToBlockedList($type = 'user', $value = $u->name, false);
96	$h->addToBlockedList($type = 'email', $value = $u->email, false);
97	}
98	$h->pluginHook('user_man_killspam_delete', '', array($u));
99	if ($new_role == 'deleted') {
100	$u->deleteUser($h);
101	$h->clearCache('db_cache', false); // clears them from User Manager list
102	}
103	}
104	}
105
106	}
107	}
108
109
110	// if search
111	$search_term = '';
112	if ($h->cage->get->getAlpha('type') == 'search') {
113	$search_term = $h->cage->get->sanitizeTags('search_value');
114	if (strlen($search_term) < 3) {
115	$h->message = $h->lang["user_man_search_too_short"];
116	$h->messageType = 'red';
117	} else {
118	$h->vars['search_term'] = $search_term; // used to refill the search box after a search
119	$where_clause = " WHERE user_username LIKE %s OR user_email LIKE %s";
120	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
121	$search_term = '%' . $search_term . '%';
122	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
123	$count = $h->db->get_var($h->db->prepare($count_sql, $search_term, $search_term));
124	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
125	$query = $h->db->prepare($sql, $search_term, $search_term);
126	}
127	}
128
129
130	// if filter
131	$filter = '';
132	if ($h->cage->get->getAlpha('type') == 'filter') {
133	$filter = $h->cage->get->testAlnumLines('user_filter');
134	$h->vars['user_filter'] = $filter; // used to refill the filter box after use
135	switch ($filter) {
136	case 'all':
137	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
138	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $sort_clause;
139	$count = $h->db->get_var($h->db->prepare($count_sql));
140	$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
141	$query = $h->db->prepare($sql);
142	break;
143	case 'not_killspammed':
144	$where_clause = " WHERE user_role != %s";
145	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
146	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
147	$count = $h->db->get_var($h->db->prepare($count_sql, 'killspammed'));
148	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
149	$query = $h->db->prepare($sql, 'killspammed');
150	break;
151	case 'admin':
152	$where_clause = " WHERE user_role = %s";
153	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
154	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
155	$count = $h->db->get_var($h->db->prepare($count_sql, 'admin'));
156	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
157	$query = $h->db->prepare($sql, 'admin');
158	break;
159	case 'supermod':
160	$where_clause = " WHERE user_role = %s";
161	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
162	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
163	$count = $h->db->get_var($h->db->prepare($count_sql, 'supermod'));
164	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
165	$query = $h->db->prepare($sql, 'supermod');
166	break;
167	case 'moderator':
168	$where_clause = " WHERE user_role = %s";
169	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
170	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
171	$count = $h->db->get_var($h->db->prepare($count_sql, 'moderator'));
172	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
173	$query = $h->db->prepare($sql, 'moderator');
174	break;
175	case 'member':
176	$where_clause = " WHERE user_role = %s";
177	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
178	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
179	$count = $h->db->get_var($h->db->prepare($count_sql, 'member'));
180	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
181	$query = $h->db->prepare($sql, 'member');
182	break;
183	case 'pending':
184	$where_clause = " WHERE user_role = %s";
185	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
186	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
187	$count = $h->db->get_var($h->db->prepare($count_sql, 'pending'));
188	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
189	$query = $h->db->prepare($sql, 'pending');
190	break;
191	case 'undermod':
192	$where_clause = " WHERE user_role = %s";
193	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
194	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
195	$count = $h->db->get_var($h->db->prepare($count_sql, 'undermod'));
196	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
197	$query = $h->db->prepare($sql, 'undermod');
198	break;
199	case 'suspended':
200	$where_clause = " WHERE user_role = %s";
201	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
202	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
203	$count = $h->db->get_var($h->db->prepare($count_sql, 'suspended'));
204	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
205	$query = $h->db->prepare($sql, 'suspended');
206	break;
207	case 'banned':
208	$where_clause = " WHERE user_role = %s";
209	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
210	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
211	$count = $h->db->get_var($h->db->prepare($count_sql, 'banned'));
212	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
213	$query = $h->db->prepare($sql, 'banned');
214	break;
215	case 'killspammed':
216	$where_clause = " WHERE user_role = %s";
217	$sort_clause = ' ORDER BY user_date DESC'; // ordered by registration date
218	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
219	$count = $h->db->get_var($h->db->prepare($count_sql, 'killspammed'));
220	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
221	$query = $h->db->prepare($sql, 'killspammed');
222	break;
223	case 'newest':
224	$sort_clause = ' ORDER BY user_date DESC'; // same as "all"
225	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS;
226	$count = $h->db->get_var($h->db->prepare($count_sql));
227	$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
228	$query = $h->db->prepare($sql);
229	break;
230	case 'oldest':
231	$sort_clause = ' ORDER BY user_date ASC';
232	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS;
233	$count = $h->db->get_var($h->db->prepare($count_sql));
234	$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
235	$query = $h->db->prepare($sql);
236	break;
237	case 'last_visited':
238	$sort_clause = ' ORDER BY user_lastvisit DESC';
239	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS;
240	$count = $h->db->get_var($h->db->prepare($count_sql));
241	$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
242	$query = $h->db->prepare($sql);
243	break;
244	default:
245	$where_clause = " WHERE user_role = %s"; $sort_clause = ' ORDER BY user_date DESC'; // ordered newest first for convenience
246	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
247	$count = $h->db->get_var($h->db->prepare($count_sql, $filter));
248	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
249	$query = $h->db->prepare($sql, $filter); // filter = 'admin', 'member', etc.
250	break;
251	}
252	}
253
254	if(!isset($query)) {
255	// default list
256
257	// if all new users are set to 'pending' show pending list as default...
258	if ($h->vars['regStatus'] == 'pending') {
259	$where_clause = " WHERE user_role = %s";
260	$sort_clause = ' ORDER BY user_date DESC';
261	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $where_clause . $sort_clause;
262	$count = $h->db->get_var($h->db->prepare($count_sql, 'pending'));
263	$sql = "SELECT * FROM " . TABLE_USERS . $where_clause . $sort_clause;
264	$query = $h->db->prepare($sql, 'pending');
265	}
266	// else show all users by newest...
267	else
268	{
269	$sort_clause = ' ORDER BY user_date DESC'; // ordered by newest
270	$count_sql = "SELECT count(*) AS number FROM " . TABLE_USERS . $sort_clause;
271	$count = $h->db->get_var($h->db->prepare($count_sql));
272	$sql = "SELECT * FROM " . TABLE_USERS . $sort_clause;
273	$query = $h->db->prepare($sql);
274	}
275	}
276
277	$pagedResults = $h->pagination($query, $count, 30, 'users');
278
279	if ($pagedResults) {
280	$h->vars['user_man_rows'] = $this->drawRows($h, $pagedResults, $filter, $search_term);
281	} elseif ($h->vars['user_filter'] == 'pending') {
282	$h->message = $h->lang['user_man_no_pending_users'];
283	$h->messageType = 'green';
284	}
285
286	// Show template:
287	$h->displayTemplate('user_man_main', 'user_manager');
288	}
289
290
291	/**
292	* Draw Rows
293	*/
294	public function drawRows($h, $pagedResults, $filter = '', $search_term = '')
295	{
296	$output = "";
297	$alt = 0;
298
299	if (!$pagedResults->items) { return ""; }
300
301	foreach ($pagedResults->items as $user)
302	{ //when $story is false loop terminates
303	$alt++;
304
305	$account_link = BASEURL . "index.php?page=account&user=" . $user->user_username;
306	$perms_link = BASEURL . "index.php?page=permissions&user=" . $user->user_username;
307	if ($user->user_role == 'admin') { $disable = 'disabled'; } else { $disable = ''; }
308
309	// add icons to user role:
310	$user_icon = '';
311	if ($h->vars['useEmailConf']) {
312	if ($user->user_role == 'pending' && $user->user_email_valid == 0) {
313	$user_icon .= " <img src = '" . BASEURL . "content/plugins/user_manager/images/email.png' title='" . $h->lang["user_man_user_email_icon"] . "'>";
314	}
315	}
316	// plugins can add other icons here
317	$h->vars['user_manager_role'] = array($user_icon, $user->user_role, $user);
318	$h->pluginHook('user_manager_role');
319	$user_icon = $h->vars['user_manager_role'][0];
320
321	$output .= "<tr class='table_row_" . $alt % 2 . "'>\n";
322	$output .= "<td class='um_id'>" . $user->user_id . "</td>\n";
323	$output .= "<td class='um_role'>" . $user->user_role . $user_icon . "</td>\n";
324	$output .= "<td class='um_username'><a class='table_drop_down' href='#' title='" . $h->lang["user_man_show_content"] . "'>";
325	$output .= $user->user_username . "</a></td>\n";
326	$output .= "<td class='um_joined'>" . date('d M y', strtotime($user->user_date)) . "</a></td>\n";
327	$output .= "<td class='um_account'>" . "<a href='" . $account_link . "'>" . $h->lang["user_man_account"] . "</a>\n";
328	$output .= "<td class='um_perms'>" . "<a href='" . $perms_link . "'>" . $h->lang["user_man_perms"] . "</a>\n";
329	$output .= "<td class='um_check'><input type='checkbox' name='user_man[" . $user->user_id . "]' value='" . $user->user_id . "' " . $disable . "></td>\n";
330	$output .= "</tr>\n";
331
332	$output .= "<tr class='table_tr_details' style='display:none;'>\n";
333	$output .= "<td colspan=7 class='table_description um_description'>\n";
334	$output .= "<a class='table_hide_details' style='float: right;' href='#'>[" . $h->lang["admin_theme_plugins_close"] . "]</a>";
335
336	if ($user->user_role == 'pending') {
337	// show register date info:
338	$output .= $user->user_username . " " . $h->lang["user_man_user_registered_on"] ." " . date('H:i:s \o\n l, F jS Y', strtotime($user->user_date));
339	if ($h->vars['useEmailConf']) {
340	if ($user->user_email_valid == 0) {
341	$output .= $h->lang["user_man_user_email_not_validated"] . "\n";
342	} else {
343	$output .= $h->lang["user_man_user_email_validated"] . "\n";
344	}
345	}
346	} else {
347	// show last login amd submissions info:
348	$output .= $user->user_username . " " . $h->lang["user_man_user_last_logged_in"] ." " . date('H:i:s \o\n l, F jS Y', strtotime($user->user_lastlogin)) . ".<br />\n";
349	$output .= $h->lang["user_man_user_submissions_1"] . " " . $user->user_username . $h->lang["user_man_user_submissions_2"] . " <a href='" . $h->url(array('user'=>$user->user_username)) . "'>" . $h->lang['user_man_here'] . ".</a>\n";
350	}
351
352	// plugin hook (StopSpam plugin adds a note about why a user is pending)
353	$h->vars['user_manager_details'] = array($output, $user);
354	$h->pluginHook('user_manager_details');
355	$output = $h->vars['user_manager_details'][0]; // $output
356	$output .= "<br />";
357
358	$output .= "<i>" . $h->lang['user_man_email'] . "</i> <a href='mailto:" . $user->user_email . "'>$user->user_email</a>";
359	$output .= "</td></tr>";
360	}
361
362	if ($pagedResults) {
363	$h->vars['user_man_navi'] = $h->pageBar($pagedResults);
364	}
365
366	return $output;
367	}
368
369
370	/**
371	* Edit Default Permissions
372	*/
373	public function defaultPerms($h)
374	{
375	$role = $h->cage->get->testAlpha('role');
376	if (!$role) { $role = $h->cage->post->testAlpha('role'); }
377	if ($role) {
378	$h->vars['user_man_role'] = $role;
379	} else {
380	$h->vars['user_man_role'] = 'member';
381	}
382
383	$h->vars['user_man_perms_existing'] = ""; // disable applying changes to other users by default
384
385	// prevent non-admin user viewing permissions of admin user
386	if (($h->vars['user_man_role'] == 'admin') && ($h->currentUser->role != 'admin')) {
387	$h->showMessage($h->lang["user_man_admin_access_denied"], 'red');
388	return true;
389	}
390
391	// if the form has been submitted...
392	if (($h->cage->post->testAlnumLines('subpage') == 'default_perms') && (($h->cage->post->testAlpha('submitted') == 'true'))) {
393
394	// No CSRF check here because all plugin setting pages are already checked.
395
396	// get all existing site permissions:
397	$sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
398	$old_perms = $h->db->get_var($h->db->prepare($sql, 'permissions'));
399	$new_perms = unserialize($old_perms);
400	foreach ($new_perms as $perm => $roles) {
401	if ($perm == 'options') { continue; }
402	$updated = false;
403	foreach ($roles as $role => $value) {
404	if ($role == $h->vars['user_man_role']) {
405	$new_perms[$perm][$role] = $h->cage->post->testAlnumLines($perm);
406	$updated = true;
407	}
408	}
409	// if no permission found for this role so make one:
410	if (!$updated) {
411	$new_perms[$perm][$h->vars['user_man_role']] = $h->cage->post->testAlnumLines($perm);
412	}
413	}
414
415	// save updated site permissions:
416	$sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";
417	$h->db->query($h->db->prepare($sql, serialize($new_perms), $h->currentUser->id, 'permissions'));
418
419	$h->message = $h->lang["user_man_perms_updated"];
420	$h->messageType = 'green';
421	}
422
423	// revert to original defaults for this usergroup
424	if (($h->cage->get->testAlnumLines('subpage') == 'default_perms') && (($h->cage->get->testAlpha('revert') == 'true'))) {
425
426	// get original base permissions:
427	$sql = "SELECT miscdata_default FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
428	$base_perms = $h->db->get_var($h->db->prepare($sql, 'permissions'));
429	if (!$base_perms) { $base_perms = array(); } else { $base_perms = unserialize($base_perms); }
430	//echo "BASE PERMS: " . "<br />";
431	//echo "<pre>"; print_r($base_perms); echo "</pre>";
432
433	// get site permissions:
434	$sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
435	$site_perms = $h->db->get_var($h->db->prepare($sql, 'permissions'));
436	if (!$site_perms) { $site_perms = array(); } else { $site_perms = unserialize($site_perms); }
437	//echo "SITE PERMS: " . "<br />";
438	//echo "<pre>"; print_r($site_perms); echo "</pre>";
439
440	// remove role from site perms
441	foreach ($site_perms as $perm => $roles) {
442	if ($perm == 'options') { unset($site_perms[$perm]); continue; }
443	foreach ($roles as $role => $value) {
444	if ($role == $h->vars['user_man_role']) {
445	unset($site_perms[$perm][$role]);
446	}
447	}
448	}
449
450	//merge arrays
451	$site_perms = array_merge($site_perms, $base_perms);
452
453	//echo "MERGED PERMS: " . "<br />";
454	//echo "<pre>"; print_r($site_perms); echo "</pre>";
455
456	// save updated site permissions:
457	$sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";
458	$h->db->query($h->db->prepare($sql, serialize($site_perms), $h->currentUser->id, 'permissions'));
459
460	$h->message = $h->lang["user_man_perms_reverted"];
461	$h->messageType = 'green';
462	}
463
464	// revert all usergroups to original defaults
465	if (($h->cage->get->testAlnumLines('subpage') == 'default_perms') && (($h->cage->get->testAlpha('revert') == 'all'))) {
466
467	// get original base permissions:
468	$sql = "SELECT miscdata_default FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
469	$base_perms = $h->db->get_var($h->db->prepare($sql, 'permissions'));
470
471	// overwrite site permissions:
472	if ($base_perms) {
473	$sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";
474	$h->db->query($h->db->prepare($sql, $base_perms, $h->currentUser->id, 'permissions'));
475	}
476
477	$h->message = $h->lang["user_man_all_perms_reverted"];
478	$h->messageType = 'green';
479	}
480
481	// wipe all defaults and reinstall plugins
482	if (($h->cage->get->testAlnumLines('subpage') == 'default_perms') && (($h->cage->get->testAlpha('revert') == 'complete'))) {
483
484	// delete defaults:
485	$sql = "DELETE FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
486	$h->db->query($h->db->prepare($sql, 'permissions'));
487
488	// Default permissions
489	$perms['options']['can_access_admin'] = array('yes', 'no');
490	$perms['can_access_admin']['admin'] = 'yes';
491	$perms['can_access_admin']['supermod'] = 'yes';
492	$perms['can_access_admin']['default'] = 'no';
493	$perms = serialize($perms);
494
495	$sql = "INSERT INTO " . TABLE_MISCDATA . " (miscdata_key, miscdata_value, miscdata_default, miscdata_updateby) VALUES (%s, %s, %s, %d)";
496	$h->db->query($h->db->prepare($sql, 'permissions', $perms, $perms, $h->currentUser->id));
497
498	$h->message = $h->lang["user_man_all_perms_deleted"];
499	$h->messageType = 'green';
500	}
501
502
503	// get permissions from the database
504	$h->vars['tempPermissionsCache'] = array(); // clear the cache
505	$perm_options = $h->getDefaultPermissions('', 'site', true);
506	$default_perms = $h->getDefaultPermissions($h->vars['user_man_role'], 'site');
507
508	// update existing users?
509	if ($h->cage->post->keyExists('apply_perms')) {
510	$sql = "UPDATE " . TABLE_USERS . " SET user_permissions = %s, user_updateby = %d WHERE user_role = %s";
511	$h->db->query($h->db->prepare($sql, serialize($default_perms), $h->currentUser->id, $h->vars['user_man_role']));
512	}
513
514	$h->vars['perm_options'] = '';
515	foreach ($perm_options as $key => $options) {
516	$h->vars['perm_options'] .= "<tr><td>" . make_name($key) . ": </td>\n";
517	foreach($options as $value) {
518	if (isset($default_perms[$key]) && ($default_perms[$key] == $value)) { $checked = 'checked'; } else { $checked = ''; }
519	if ($key == 'can_access_admin' && ($h->vars['user_man_role'] == 'admin')) { $disabled = 'disabled'; } else { $disabled = ''; }
520	$h->vars['perm_options'] .= "<td><input type='radio' name='" . $key . "' value='" . $value . "' " . $checked . " " . $disabled . "> " . $value . "  </td>\n";
521	}
522	$h->vars['perm_options'] .= "</tr>";
523	}
524
525	// Show template:
526	$h->displayTemplate('user_man_perms', 'user_manager');
527	}
528
529
530	/**
531	* Edit Default Settings
532	*/
533	public function defaultSettings($h)
534	{
535	// prevent non-admin user viewing permissions of admin user
536	if ($h->currentUser->role != 'admin') {
537	$h->showMessage($h->lang["user_man_admin_access_denied"], 'red');
538	return true;
539	}
540
541	$h->vars['user_man_user_settings_existing'] = ""; // disable forcing changes on other users by default
542
543	// if the form has been submitted...
544	if (($h->cage->post->testAlnumLines('subpage') == 'default_settings') && (($h->cage->post->testAlpha('submitted') == 'true'))) {
545
546	// No CSRF check here because all plugin setting pages are already checked.
547
548	// plugin hook
549	$h->pluginHook('user_settings_pre_save');
550
551	// save updated site permissions:
552	$sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";
553	$h->db->query($h->db->prepare($sql, serialize($h->vars['settings']), $h->currentUser->id, 'user_settings'));
554
555	$default_settings = $h->vars['settings'];
556
557	$h->message = $h->lang["user_man_user_settings_updated"];
558	$h->messageType = 'green';
559	}
560
561	// revert all to original defaults
562	if (($h->cage->get->testAlnumLines('subpage') == 'default_settings') && (($h->cage->get->testAlpha('revert') == 'all'))) {
563
564	// get original base settings:
565	$sql = "SELECT miscdata_default FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
566	$base_settings = $h->db->get_var($h->db->prepare($sql, 'user_settings'));
567
568	// overwrite site settings:
569	if ($base_settings) {
570	$sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";
571	$h->db->query($h->db->prepare($sql, $base_settings, $h->currentUser->id, 'user_settings'));
572	}
573
574	$default_settings = unserialize($base_settings);
575
576	$h->message = $h->lang["user_man_all_user_settings_reverted"];
577	$h->messageType = 'green';
578	}
579
580	// wipe all defaults and reinstall plugins
581	if (($h->cage->get->testAlnumLines('subpage') == 'default_settings') && (($h->cage->get->testAlpha('revert') == 'complete'))) {
582
583	// delete defaults:
584	$sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_default = %s, miscdata_updateby = %d WHERE miscdata_key = %s";
585	$h->db->query($h->db->prepare($sql, '', '', $h->currentUser->id, 'user_settings'));
586
587	$default_settings = array();
588
589	$h->message = $h->lang["user_man_all_user_settings_deleted"];
590	$h->messageType = 'green';
591	}
592
593
594	// get default settings from the database if we don't already have them:
595	if (!isset($default_settings)) {
596	$sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
597	$default_settings = $h->db->get_var($h->db->prepare($sql, 'user_settings'));
598	$default_settings = unserialize($default_settings);
599	}
600
601	// update existing users?
602	if ($h->cage->post->keyExists('force_settings')) {
603	$sql = "UPDATE " . TABLE_USERMETA . " SET usermeta_value = %s, usermeta_updateby = %d WHERE usermeta_key = %s";
604	$h->db->query($h->db->prepare($sql, serialize($default_settings), $h->currentUser->id, 'user_settings'));
605	}
606
607	$h->vars['settings'] = $default_settings;
608
609	// Show template:
610	$h->displayTemplate('user_man_user_settings', 'user_manager');
611	}
612	}
613	?>

Note: See TracBrowser for help on using the browser.

Hotaru CMS

Context Navigation

root/trunk/content/plugins/user_manager/user_manager_settings.php @ 1304

Download in other formats: