view_users();
$icon_array['ok'] = cpg_fetch_icon('ok', 1);
$icon_array['search'] = cpg_fetch_icon('search', 1);
$icon_array['add_user'] = cpg_fetch_icon('add_user', 2);
$icon_array['edit'] = cpg_fetch_icon('edit', 2);
if (USER_ID !='') {
if (GALLERY_ADMIN_MODE) {
$lim_user = 0;
$number_of_columns = 10;
}
elseif ($CONFIG['allow_memberlist']) {
$lim_user = 1;
$number_of_columns = 9;
show_memberlist;
}
else {
$lim_user = 2;
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
}
else {
$lim_user = 3;
cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);
}
function show_memberlist()
{
cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
pageheader($lang_usermgr_php['title']);
list_users();
pagefooter();
}
function list_group_alb_access($group_id) { //shows a list of albums a specific group can see. Categories are listed with albums for clarity
global $CONFIG, $group_id, $aid, $icon_array;
$query = "
SELECT
group_id, albums.aid AS aid, group_name, categories.name AS category, albums.title AS album
FROM
{$CONFIG['TABLE_USERGROUPS']} AS groups,
{$CONFIG['TABLE_ALBUMS']} AS albums
LEFT JOIN
{$CONFIG['TABLE_CATEGORIES']} AS categories
ON
albums.category = categories.cid
WHERE
group_id = $group_id AND albums.visibility = groups.group_id
ORDER BY
category, album";
$result = cpg_db_query($query);
$albs = cpg_db_fetch_rowset($result);
mysql_free_result($result);
foreach($albs as $album) {
$aid = $album['aid'];
echo '
' . $album['category'] . '
' . $album['album'] . '
' . cpg_fetch_icon('edit', 0) . '
';
}
}
function list_groups_alb_access() //shows a list of albums each group can see. Categories are listed with albums for clarity
{
global $CONFIG;
global $lang_usermgr_php, $lang_common, $group_id, $icon_array;
starttable(500, $lang_usermgr_php['groups_alb_access'].' '.cpg_display_help('f=users.htm&as=user_cp_edit_permission_by_group&ae=user_cp_edit_permission_by_group_end', '450', '300'), 3);
$sql = "
SELECT
group_id, group_name, categories.name AS category, albums.title AS album
FROM
{$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums
LEFT JOIN
{$CONFIG['TABLE_CATEGORIES']} AS categories
ON
albums.category = categories.cid
WHERE
albums.visibility = groups.group_id
GROUP BY
group_name
ORDER BY
group_name, category, album
";
$result = cpg_db_query($sql);
$groups = cpg_db_fetch_rowset($result);
mysql_free_result($result);
echo "
{$lang_usermgr_php['category']}
{$lang_common['album']}
{$lang_usermgr_php['modify']}
";
foreach($groups as $group) {
$group_name = $group['group_name'];
$group_id = $group['group_id'];
echo '' . $group_name . ' ';
list_group_alb_access($group_id);
}
endtable();
}
function list_users($search = '')
{
global $CONFIG, $cpg_udb, $CPG_PHP_SELF, $LINEBREAK; //, $PHP_SELF;
global $lang_usermgr_php, $lang_byte_units, $lang_date, $lang_common, $icon_array;
global $lim_user, $number_of_columns, $template_tab_display;
global $USER_DATA;
$superCage = Inspekt::makeSuperCage();
list($timestamp, $form_token) = getFormToken();
$number_of_columns_minus_one = $number_of_columns - 1;
$number_of_columns_minus_three = $number_of_columns - 3;
$number_of_columns_minus_four = $number_of_columns - 4;
$sort_codes = array('name_a' => 'user_name ASC',
'name_d' => 'user_name DESC',
'group_a' => 'group_name ASC',
'group_d' => 'group_name DESC',
'reg_a' => 'user_regdate ASC',
'reg_d' => 'user_regdate DESC',
'pic_a' => 'pic_count ASC',
'pic_d' => 'pic_count DESC',
'disku_a' => 'disk_usage ASC',
'disku_d' => 'disk_usage DESC',
'lv_a' => 'user_lastvisit ASC',
'lv_d' => 'user_lastvisit DESC',
);
$sort = 'reg_d';
if ($superCage->get->keyExists('sort') && ($matches = $superCage->get->getMatched('sort', '/^[a-z_]+$/'))) {
if ($sort_codes[$matches[0]]) {
$sort = $matches[0];
}
}
$makereadonly = ($CONFIG['bridge_enable']) ? 'style="display:none;" disabled="disabled" ':'';
$user_count = $cpg_udb->get_user_count();
if (!$user_count) {
cpg_die(CRITICAL_ERROR, $lang_usermgr_php['err_no_users'], __FILE__, __LINE__);
}
$user_per_page = 25;
$page = $superCage->get->testInt('page') ? $superCage->get->getInt('page') : 1; $lower_limit = ($page-1) * $user_per_page;
$lower_limit = ($page-1) * $user_per_page;
if ($search) {
$username = '&username='.$search;
$users_search = $cpg_udb->get_users(
array(
'users_per_page' => $user_count,
'lower_limit' => 0,
'search' => $search,
'sort' => $sort
)
);
$user_count = count($users_search);
}
$tab_tmpl = $template_tab_display;
$tab_tmpl['page_link'] = strtr($tab_tmpl['page_link'], array('{LINK}' => 'usermgr.php?sort=' . $sort . '&page=%d'.$username));
$tab_tmpl['left_text'] = strtr($tab_tmpl['left_text'], array('{LEFT_TEXT}' => $lang_usermgr_php['u_user_on_p_pages']));
$users = $cpg_udb->get_users(
array(
'users_per_page' => $user_per_page,
'lower_limit' => $lower_limit,
'search' => $search,
'sort' => $sort
)
);
$total_pages = ceil($user_count / $user_per_page);
$tabs = create_tabs($user_count, $page, $total_pages, $tab_tmpl);
$lb = '';
$lb .= $lang_usermgr_php['sort_by'].': ';
$lb .= "" . $LINEBREAK;
foreach($sort_codes as $key => $value) {
$selected = ($key == $sort) ? 'selected="selected"' : "";
$lb .= ' ' . $lang_usermgr_php[$key] . ' ' . $LINEBREAK;
}
$lb .= ' ' . $LINEBREAK;
$lb .= ' ' . $LINEBREAK;
echo <<
EOT;
echo '';
starttable('100%');
echo <<< EOT
EOT;
} else {
echo <<< EOT
{$lang_usermgr_php['total']}
$totalCommentCount_fmt
$pictures_quota_footer
EOT;
}
// Accept footer addons for the user manager
echo CPGPluginAPI::filter('usermgr_footer','');
if ($tabs) {
echo <<
EOT;
}
endtable();
}
function edit_user($user_id)
{
global $CONFIG, $CPG_PHP_SELF; //, $PHP_SELF;
global $lang_usermgr_php, $lang_common, $icon_array, $op;
$form_data = array(
array('input', 'user_name', cpg_fetch_icon('my_profile', 2) . $lang_usermgr_php['name'], 25),
array('password', 'user_password', cpg_fetch_icon('key_enter', 2) . $lang_usermgr_php['password'], 25),
array('yesno', 'user_active', cpg_fetch_icon('online', 2) . $lang_usermgr_php['user_active']),
array('group_list', 'user_group', cpg_fetch_icon('groups_mgr', 2) . $lang_usermgr_php['user_group']),
array('input', 'user_email', cpg_fetch_icon('mail', 2) . $lang_usermgr_php['user_email'], 255)
);
if ($CONFIG['user_profile1_name'] != '') {
$form_data[] = array('input', 'user_profile1', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile1_name'], 255);
}
if ($CONFIG['user_profile2_name'] != '') {
$form_data[] = array('input', 'user_profile2', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile2_name'], 255);
}
if ($CONFIG['user_profile3_name'] != '') {
$form_data[] = array('input', 'user_profile3', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile3_name'], 255);
}
if ($CONFIG['user_profile4_name'] != '') {
$form_data[] = array('input', 'user_profile4', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile4_name'], 255);
}
if ($CONFIG['user_profile5_name'] != '') {
$form_data[] = array('input', 'user_profile5', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile5_name'], 255);
}
if ($CONFIG['user_profile6_name'] != '') {
$form_data[] = array('textarea', 'user_profile6', cpg_fetch_icon('blank', 2) . $CONFIG['user_profile6_name'], 255);
}
//$form_data = CPGPluginAPI::filter('usermgr_form_list', array(0 => $form_data, 1 => $user_id);
list($timestamp, $form_token) = getFormToken();
if ($user_id != 'new_user') {
$sql = "SELECT * FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$user_id'";
$result = cpg_db_query($sql);
if (!mysql_num_rows($result)) {
cpg_die(CRITICAL_ERROR, $lang_usermgr_php['err_unknown_user'], __FILE__, __LINE__);
}
$user_data = mysql_fetch_array($result);
mysql_free_result($result);
if (mysql_num_rows(cpg_db_query("SELECT user_name FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '" . addslashes($user_data['user_name']) . "' AND brute_force=0 LIMIT 1"))){
$user_status = $lang_usermgr_php['user_is_banned'];
} elseif ($user_data['user_active'] == 'YES') {
$user_status = $lang_usermgr_php['status_active'];
} else {
$user_status = $lang_usermgr_php['status_inactive'];
}
} else {
// If this is a new user then add a checkbox for 'send login data to user' option
$form_data[] = array('checkbox', 'send_login_data', $lang_usermgr_php['send_login_data']);
}
$status_icon = cpg_fetch_icon('online', 2);
echo <<
EOT;
if ($op == 'new_user') {
starttable(500, $icon_array['add_user'] . $lang_usermgr_php['create_new_user'], 2);
} else {
starttable(500, $icon_array['edit'] . $lang_usermgr_php['modify_user'], 2);
echo <<< EOT
{$status_icon}{$lang_usermgr_php['status']}
{$user_status}
EOT;
}
$loopCounter = 0;
foreach ($form_data as $element) {
if ($loopCounter/2 == floor($loopCounter/2)) {
$row_style_class = 'tableb tableb_alternate';
} else {
$row_style_class = 'tableb';
}
$loopCounter++;
switch ($element[0]) {
case 'input' :
$user_data[$element[1]] = $user_data[$element[1]];
if ($element[2]) echo <<
{$element[2]}
EOT;
break;
case 'textarea' :
$value = $user_data[$element[1]];
if ($element[2]) echo <<
{$element[2]}
EOT;
break;
case 'password' :
echo <<
{$element[2]}
EOT;
break;
case 'yesno' :
$value = $user_data[$element[1]];
$yes_selected = ($value == 'YES' || $op == 'new_user') ? 'checked="checked"' : '';
$no_selected = ($value == 'NO') ? 'checked="checked"' : '';
echo <<< EOT
{$element[2]}
{$lang_common['yes']}
{$lang_common['no']}
EOT;
break;
case 'group_list' :
$sql = "SELECT group_id, group_name FROM {$CONFIG['TABLE_USERGROUPS']} ORDER BY group_name";
$result = cpg_db_query($sql);
$group_list = cpg_db_fetch_rowset($result);
mysql_free_result($result);
$sel_group = $user_data[$element[1]];
$user_group_list = ($user_data['user_group_list'] == '') ? ',' . $sel_group . ',' : ',' . $user_data['user_group_list'] . ',' . $sel_group . ',';
echo <<
{$element[2]}
EOT;
$group_cb = '';
foreach($group_list as $group) {
echo ' ' . $group['group_name'] . ' ' . $LINEBREAK;
if ($group['group_id'] != 3) {
$checked = strpos(' ' . $user_group_list, ',' . $group['group_id'] . ',') ? 'checked="checked"' : '';
$group_cb .= ' ' . $group['group_name'] . ' ' . $LINEBREAK;
}
}
$assignedGroupsHelp = cpg_display_help('f=users.htm&as=user_cp_edit_permission_by_group&ae=user_cp_edit_permission_by_group_end', '450', '300');
echo <<
$group_cb
{$assignedGroupsHelp}
EOT;
break;
case 'checkbox':
echo <<< EOT
{$element[2]}
EOT;
break;
default:
cpg_die(CRITICAL_ERROR, 'Invalid action for form creation ' . $element[0], __FILE__, __LINE__);
}
}
if ($op == 'new_user') {
echo <<
{$icon_array['ok']}{$lang_usermgr_php['submit']}
EOT;
} else {
echo <<
{$lang_usermgr_php['notes']}
{$lang_usermgr_php['note_list']}
{$icon_array['ok']}{$lang_usermgr_php['modify_user']}
EOT;
}
endtable();
echo '';
}
function update_user($user_id)
{
global $CONFIG;
global $lang_usermgr_php, $lang_register_php, $icon_array;
$superCage = Inspekt::makeSuperCage();
$user_name = $superCage->post->getEscaped('user_name');
$user_password = $superCage->post->getEscaped('user_password');
$user_email = $superCage->post->getEscaped('user_email');
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$user_active = $superCage->post->getAlpha('user_active');
$user_group = $superCage->post->getInt('user_group');
$group_list = $superCage->post->keyExists('group_list') ? $superCage->post->getInt('group_list') : '';
if ($user_id == 'new_user') {
cpg_db_query("INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_profile6) VALUES (NOW(), '')");
$user_id = mysql_insert_id();
log_write('New user "'.$user_name.'" created', CPG_ACCESS_LOG);
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('$user_name', $catid, $user_id)");
}
}
$sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '$user_name' AND user_id != $user_id";
$result = cpg_db_query($sql);
if (mysql_num_rows($result)) {
cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
return false;
}
mysql_free_result($result);
if (utf_strlen($user_name) < 2) cpg_die(ERROR, $lang_register_php['username_warning2'], __FILE__, __LINE__);
if ($user_password && utf_strlen($user_password) < 2) cpg_die(ERROR, $lang_register_php['password_warning1'], __FILE__, __LINE__);
// Save old user data (we need it later to determine if we need to send the activation confirmation email)
$user_data = mysql_fetch_assoc(cpg_db_query("SELECT user_name, user_active, user_email, user_actkey FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '$user_id'"));
if (is_array($group_list)) {
$user_group_list = '';
foreach($group_list as $group) $user_group_list .= ($group != $user_group) ? $group . ',' : '';
$user_group_list = substr($user_group_list, 0, -1);
} else {
$user_group_list = '';
}
$sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " .
"user_name = '$user_name', " .
"user_email = '$user_email', " .
"user_active = '$user_active', " .
"user_group = '$user_group', " .
"user_profile1 = '$profile1', " .
"user_profile2 = '$profile2', " .
"user_profile3 = '$profile3', " .
"user_profile4 = '$profile4', " .
"user_profile5 = '$profile5', " .
"user_profile6 = '$profile6', " .
"user_group_list = '$user_group_list'";
if (!empty($user_password)) $sql_update .= ", user_password = '".(md5($user_password))."'";
if ($user_active == 'YES') $sql_update .= ", user_actkey = ''";
$sql_update .= " WHERE user_id = '$user_id'";
cpg_db_query($sql_update);
// Update comments' author name
cpg_db_query("UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author = '$user_name' WHERE author_id = $user_id");
// If send login data checkbox is checked then send the username and password to the user in an email
if ($superCage->post->keyExists('send_login_data') && trim($user_email)) {
require('include/mailer.inc.php');
$template_vars = array(
'{SITE_NAME}' => $CONFIG['gallery_name'],
'{SITE_LINK}' => $CONFIG['site_url'],
'{USER_NAME}' => trim($user_name),
'{USER_PASS}' => trim($user_password),
);
if (!cpg_mail(trim($user_email), $lang_usermgr_php['send_login_email_subject'], nl2br(strtr($lang_usermgr_php['send_login_data_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_usermgr_php['failed_sending_email'], __FILE__, __LINE__);
}
} elseif ($user_data['user_actkey'] && $user_data['user_active'] == 'NO' && $user_active == 'YES') {
// send activation confirmation email (only once)
require('include/mailer.inc.php');
$template_vars = array(
'{SITE_LINK}' => $CONFIG['site_url'],
'{USER_NAME}' => $user_data['user_name'],
'{SITE_NAME}' => $CONFIG['gallery_name'],
);
cpg_mail($user_data['user_email'], sprintf($lang_register_php['notify_user_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['activated_email'], $template_vars)));
}
}
$op = (GALLERY_ADMIN_MODE && ($matches = $superCage->get->getMatched('op', '/^[a-z_]+$/'))) ? $matches[0] : '';
//Check if the form token is valid
if($op != '' && !checkFormToken()){
cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__);
}
switch ($op) {
case 'edit' :
$user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1;
if (USER_ID == $user_id) cpg_die(ERROR, $lang_usermgr_php['err_edit_self'], __FILE__, __LINE__);
$cpg_udb->edit_users($user_id);
pageheader($lang_usermgr_php['title']);
edit_user($user_id);
pagefooter();
break;
case 'update' :
$user_id = $superCage->get->keyExists('user_id') ? $superCage->get->getInt('user_id') : -1;
$cpg_udb->edit_users($user_id);
update_user($user_id);
cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
pageheader($lang_usermgr_php['title']);
list_users();
pagefooter();
break;
case 'new_user' :
pageheader($lang_usermgr_php['title']);
edit_user('new_user');
pagefooter();
break;
case 'groups_alb_access' : //show what albums user groups can see
pageheader($lang_usermgr_php['groups_alb_access']);
list_groups_alb_access();
pagefooter();
break;
case 'group_alb_access' : //show what albums specific group can see
$group_id = $superCage->get->getInt('gid');
$sql = "
SELECT group_name
FROM {$CONFIG['TABLE_USERGROUPS']} AS groups, {$CONFIG['TABLE_ALBUMS']} AS albums
WHERE group_id = $group_id AND albums.visibility = groups.group_id
";
$result = cpg_db_query($sql);
$group = mysql_fetch_array($result);
if (!mysql_num_rows($result)) {
pageheader($lang_usermgr_php['group_no_access']);
msg_box($lang_usermgr_php['notice'].' '.cpg_display_help('f=groups.htm&as=group_cp_assigned&ae=group_cp_assigned_end', '450', '300'), $lang_usermgr_php['group_no_access']);
} else {
mysql_free_result($result);
$group_name = $group['group_name'];
pageheader(sprintf($lang_usermgr_php['group_can_access'], $group_name));
starttable(500, sprintf($lang_usermgr_php['group_can_access'], $group_name).' '.cpg_display_help('f=groups.htm&as=group_cp_assigned&ae=group_cp_assigned_end', '450', '300'), 3);
echo "
{$lang_usermgr_php['category']}
{$lang_common['album']}
{$lang_usermgr_php['modify']}
";
list_group_alb_access($group_id);
endtable();
}
pagefooter();
break;
default :
cpg_db_query("DELETE FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '' LIMIT 1");
pageheader($lang_usermgr_php['title']);
if ($superCage->post->keyExists('username') || $superCage->get->keyExists('username')) {
$name = $superCage->post->keyExists('username') ? $superCage->post->getEscaped('username'): $superCage->get->getEscaped('username');
$wildcards = array("*" => "%", "?" => "_");
$search = strtr($name, $wildcards);
}
if (isset($search) == false) {$search = '';}
list_users($search);
pagefooter();
break;
}
?>