diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/controllers/Config.class.php | 30 | ||||
-rw-r--r-- | src/controllers/Users.class.php | 151 | ||||
-rw-r--r-- | src/lib/DB.class.php | 164 | ||||
-rw-r--r-- | src/models/Auth.class.php | 1 | ||||
-rw-r--r-- | src/views/pages/users/index.html.php | 74 | ||||
-rw-r--r-- | src/views/pages/users/new.html.php | 10 |
6 files changed, 295 insertions, 135 deletions
diff --git a/src/controllers/Config.class.php b/src/controllers/Config.class.php new file mode 100644 index 0000000..37d1f09 --- /dev/null +++ b/src/controllers/Config.class.php @@ -0,0 +1,30 @@ +<?php +require_once('Auth.class.php'); + +Router::register('config', 'Config', 'index'); + +class Config extends Controller { + public function index($routed, $remainder) { + $uid = Login::isLoggedIn(); + if ($uid===false || !Auth::getObj($uid)->isAdmin()) { + $this->http401($routed, $remainder); + return; + } + + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing an updated configuration. + $this->update(); + break; + } + $this->show_index(); + } + private function show_index() { + + } + private function update() { + + } +} diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index 170d25f..dbd5120 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -1,6 +1,7 @@ <?php require_once('Login.class.php'); require_once('Auth.class.php'); +require_once('DB.class.php'); Router::register('users/new' , 'Users', 'new_user'); Router::register('users/index', 'Users', 'index_file'); @@ -71,8 +72,13 @@ class Users extends Controller { exit(); } if (!isset($vars['errors'])) $vars['errors'] = array(); - global $mm; $pm = $mm->pluginManager(); + + global $mm; + $pm = $mm->pluginManager(); + $db = $mm->database(); + $vars['antispam_html'] = $pm->callHook('antispam_html'); + $vars['userlist'] = $db->getSysConf('anon_userlist'); $this->showView('users/new', $vars); } @@ -188,7 +194,7 @@ class Users extends Controller { $this->showView('users/500'); } else { Login::login($username, $password); - $this->setConf($uid, 'email', $vars['email']); + DB::set('users', $uid, 'email', $vars['email']); $this->showView('users/created', array('username'=>$username)); } @@ -272,50 +278,28 @@ class Users extends Controller { */ private function update_users() { $attribs = $this->getIndexAttribs(); + $form = new Form(null, null); foreach ($attribs as $attrib) { $key = $attrib['key']; if (isset($_POST[$key]) && is_array($_POST[$key])) { $old = $_POST['_old'][$key]; foreach ($_POST[$key] as $uid => $value) { - $doit = true; - $forked = false; - $have_old = isset($old[$uid]); - if ($have_old) { - @$value_base = $old[$uid]; - $we_changed_it = $value_base != $value; - if ($we_changed_it) { - $user = Auth::getObj($uid); - $value_fork = $this->getConf($user,$key); - $value_fork = $value_fork['value']; - if ($value_fork===false) $value_fork = 'false'; - if ($value_fork===true) $value_fork = 'true'; - - $someone_else_changed_it = $value_fork != $value_base; - if ($someone_else_changed_it) { - if ($value == $value_fork) { - // we might as well not have - $we_changed_it = false; - } else { - $forked = true; - } - } - } - if (!$we_changed_it) { - $doit = false;// nothing to do - } - } - if ($doit) { - $this->setConf($uid, $key, $value); - } - if ($forked) { + @$value_base = $old[$uid]; + $set = DB::set('users', $uid, $key, $value, $value_base); + if (is_string($set)) { echo "<pre>\n"; - echo "Error: Value changed elsewhere, and I don't have real handling for this yet.\n"; + echo "Error: Value changed elsewhere, ". + "and I don't have real handling ". + "for this yet.\n"; echo "UID: $uid\n"; echo "Name: ".$user->getName()."\n"; echo "Key: $key\n"; - echo "Value: Original : "; var_dump($value_base); - echo "Value: Other edit: "; var_dump($value_fork); - echo "Value: This edit : "; var_dump($value); + echo "Value: Original : "; + var_dump($value_base); + echo "Value: Other edit: "; + var_dump($value_fork); + echo "Value: This edit : "; + var_dump($value); echo "</pre>"; } } @@ -330,7 +314,8 @@ class Users extends Controller { global $mm; $db = $mm->database(); $logged_in_user = Auth::getObj(Login::isLoggedIn()); - if (!$logged_in_user->isUser()) { + $anon_userlist = $db->getSysConf('anon_userlist')=='true'; + if (!$anon_userlist && !$logged_in_user->isUser()) { $this->http401($routed, $remainder); exit(); } @@ -340,89 +325,39 @@ class Users extends Controller { $vars['users'] = array(); $uids = $db->listUsers(); foreach ($uids as $uid) { - $user = Auth::getObj($uid); $vars['users'][$uid] = array(); foreach ($vars['attribs'] as $attrib) { $key = $attrib['key']; - $props = $this->getConf($user, $key); + $props = DB::get('users', $uid, $key); $vars['users'][$uid][$key] = $props; } } $this->showView('users/index', $vars); } - private function getConf($user, $key) { - $logged_in_user = Auth::getObj(Login::isLoggedIn()); - $uid = $user->getUID(); - $post_key = $key."[$uid]"; - @$value = $_POST[$post_key]; - $editable = $user->canEdit(); - - switch ($key) { - case 'auth_name': - $value = $user->getName(); - break; - case 'auth_user': - $editable = $editable && $logged_in_user->isAdmin(); - $value = $user->isUser(); - break; - case 'auth_admin': - $editable = $editable && $logged_in_user->isAdmin(); - $value = $user->isAdmin(); - break; - case 'auth_delete': - $editable = $editable && $logged_in_user->isAdmin(); - $value = false; - break; - default: - $value = $user->getConf($key); - if ($value===false) $value=''; - break; - } - - return array('value'=>$value, - 'post_key'=>$post_key, - 'editable'=>$editable); - } - private function setConf($uid, $key, $value) { - // So, this rocks because we don't have to check permissions, - // the User object does that. - $user = Auth::getObj($uid); - - switch ($key) { - case 'auth_name': - $user->setName($value); - break; - case 'auth_user': - $user->setUser($value=='true'); - break; - case 'auth_admin': - $user->setAdmin($value=='true'); - break; - case 'auth_delete': - if ($value=='true') $user->delete(); - default: - $user->setConf($key, $value); - break; - } - } - - function attrib($key, $name) { - return array('key'=>$key, 'name'=>$name); + function attrib($key, $name, $type='string') { + return array('key'=>$key, 'name'=>$name, 'type'=>$type); } private function getIndexAttribs() { + $user = Auth::getObj(Login::isLoggedIn()); + $attribs = array(); - $attribs[] = $this->attrib('auth_user', 'Active'); - if (Auth::getObj(Login::isLoggedIn())->isAdmin()) { - $attribs[] = $this->attrib('auth_admin', 'Admin'); - $attribs[] = $this->attrib('auth_delete', 'Delete'); + if ($user->isUser()) { + $attribs[] = $this->attrib('auth_uid', 'UID'); + $attribs[] = $this->attrib('auth_user', 'Active', 'bool'); + if ($user->isAdmin()) { + $attribs[] = $this->attrib('auth_admin', 'Admin', 'bool'); + $attribs[] = $this->attrib('auth_delete', 'Delete', 'bool'); + } + $attribs[] = $this->attrib('lastname','Last'); + $attribs[] = $this->attrib('firstname','First'); + $attribs[] = $this->attrib('hsclass','Class of'); + $attribs[] = $this->attrib('phone','Phone number'); + $attribs[] = $this->attrib('email','Email'); + } else { + $attribs[] = $this->attrib('auth_uid', 'UID'); + $attribs[] = $this->attrib('auth_name', 'Username'); } - $attribs[] = $this->attrib('lastname','Last'); - $attribs[] = $this->attrib('firstname','First'); - $attribs[] = $this->attrib('hsclass','Class of'); - $attribs[] = $this->attrib('phone','Phone number'); - $attribs[] = $this->attrib('email','Email'); - $attribs[] = $this->attrib('auth_name', 'Username'); return $attribs; } diff --git a/src/lib/DB.class.php b/src/lib/DB.class.php new file mode 100644 index 0000000..5954726 --- /dev/null +++ b/src/lib/DB.class.php @@ -0,0 +1,164 @@ +<?php + +require_once('Auth.class.php'); +require_once('Login.class.php'); + +class DB { + public static function set($table, $unit, $key, $value, $orig_value) { + $value_base = $orig_value; + + $doit = true; + $forked = false; + $have_old = ($value_base!==null); + if ($have_old) { + $we_changed_it = $value_base != $value; + if ($we_changed_it) { + $value_fork = $this->getConfString($key); + $someone_else_changed_it = + $value_fork != $value_base; + if ($someone_else_changed_it) { + if ($value == $value_fork) { + // we might as well not have + $we_changed_it = false; + } else { + $forked = true; + } + } + } + if (!$we_changed_it) { + $doit = false;// nothing to do + } + } + if ($doit) { + return $this->setConf($key, $value); + } + if ($forked) { + return $value_fork; + } + } + + public static function get($table, $unit, $key) { + switch ($table) { + case 'conf': + case 'plugins': + return self::admin_get($unit, $key); + break; + case 'users': + return self::user_get($unit, $key); + break; + default: + return false; + } + } + public static function raw_set($table, $unit, $key, $value) { + switch ($table) { + case 'conf': + case 'plugins': + return self::admin_get($unit, $key, $value); + break; + case 'users': + return self::user_set($unit, $key, $value); + break; + default: + return false; + } + } + + private static function user_get($uid, $key) { + $user = Auth::getObj($uid); + $logged_in_user = Auth::getObj(Login::isLoggedIn()); + + $post_key = $key."[$uid]"; + @$value = $_POST[$post_key]; + $editable = $user->canEdit(); + + switch ($key) { + case 'auth_uid': + $value = $user->getUID(); + $editable = false; + break; + case 'auth_name': + $value = $user->getName(); + break; + case 'auth_user': + $editable = $editable && $logged_in_user->isAdmin(); + $value = $user->isUser()?'true':'false'; + break; + case 'auth_admin': + $editable = $editable && $logged_in_user->isAdmin(); + $value = $user->isAdmin()?'true':'false'; + break; + case 'auth_delete': + $editable = $editable && $logged_in_user->isAdmin(); + $value = 'false'; + break; + default: + $value = $user->getConf($key); + if ($value===false) $value=''; + break; + } + + return array('value'=>$value, + 'post_key'=>$post_key, + 'editable'=>$editable); + } + private static function user_set($uid, $key, $value) { + $user = Auth::getObj($uid); + + switch ($key) { + case 'auth_uid': + return false; + break; + case 'auth_name': + return $user->setName($value); + break; + case 'auth_user': + return $user->setUser($value=='true'); + break; + case 'auth_admin': + return $user->setAdmin($value=='true'); + break; + case 'auth_delete': + if ($value=='true') return $user->delete(); + default: + return $user->setConf($key, $value); + break; + } + } + + private static function admin_get($plugin, $key) { + global $mm; $db = $mm->database(); + $user = Auth::getObj(Login::isLoggedIn()); + if ($user->isAdmin()) { + $editable = true; + switch ($plugin) { + case 'system': + $value = $db->getSysConf($key); + break; + default: + $value = $db->getPluginConf($plugin, $key); + break; + } + } else { + $editable = false; + $value = false; + } + + return array('value'=>$value, + 'post_key'=>'to be implemented',// FIXME + 'editable'=>$editable); + } + private static function admin_set($plugin, $key, $value) { + global $mm; $db = $mm->database(); + $user = Auth::getObj(Login::isLoggedIn()); + if (!$user->isAdmin()) { + return false; + } + switch ($plugin) { + case 'system': + return $db->setSysConf($key, $value); + default: + return $db->setPluginConf($plugin, $key, $value); + } + } +} diff --git a/src/models/Auth.class.php b/src/models/Auth.class.php index b51aef9..031ee26 100644 --- a/src/models/Auth.class.php +++ b/src/models/Auth.class.php @@ -113,7 +113,6 @@ class Auth { // [user|group]name //////////////////////////////////////////////////// public function getName() { - if (!$this->canRead()) return false; return $this->db->getUsername($this->uid); } public function setName($new_name) { diff --git a/src/views/pages/users/index.html.php b/src/views/pages/users/index.html.php index 366fb8a..dfeff15 100644 --- a/src/views/pages/users/index.html.php +++ b/src/views/pages/users/index.html.php @@ -2,26 +2,47 @@ $t = $VARS['template']; $attribs = $VARS['attribs']; $users = $VARS['users']; +require_once('Login.class.php'); $t->header('Users'); -$t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet.")); +$t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet.", true)); $t->paragraph($t->link($t->url('users/all'), "See details for all users.")); $t->openTag('form', array('action'=>$t->url('users/index'), 'method'=>'post')); -$t->tag('input', array('type'=>'submit', - 'value'=>'Save/Update')); +if (Login::isLoggedIn()) { + $t->tag('input', array('type'=>'submit', + 'value'=>'Save/Update')); +} -$t->openTag('table'); +$t->openTag('table', array('class'=>'sortable', 'id'=>'bar')); -$t->openTag('tr'); -foreach ($attribs as $attrib) { - $t->tag('th', array(), $attrib['name']); +function table_head($attribs, $t) { + $t->openTag('tr'); + foreach ($attribs as $attrib) { + switch ($attrib['type']) { + case 'bool': $class = 'small'; break; + default: $class = ''; break; + } + $t->tag('th', array('class'=>$class), $attrib['name']); + } + if (Login::isLoggedIn()) { + $t->tag('th', array(), '-'); + } + $t->closeTag('tr'); } -$t->tag('th'); -$t->closeTag('tr'); + +$t->openTag('thead'); +table_head($attribs, $t); +$t->closeTag('thead'); + +$t->openTag('tfoot'); +table_head($attribs, $t); +$t->closeTag('tfoot'); + +$t->openTag('tbody'); foreach ($users as $user) { $t->openTag('tr'); @@ -30,11 +51,15 @@ foreach ($users as $user) { $t->openTag('td'); $props = $user[$attrib['key']]; - - $value = $props['value']; + + $bool = $attrib['type']=='bool'; + if ($bool) { + $value = $props['value']=='true'; + } else { + $value = $props['value']; + } $editable = $props['editable']; $post_key = $props['post_key']; - $bool = is_bool($value); $arr = array('name'=>$post_key); if (!$editable) { @@ -49,6 +74,7 @@ foreach ($users as $user) { $arr['value'] = 'true'; $arr['type'] = 'checkbox'; } else { + $t->tag('span', array('class'=>'cell_width'), $value); $arr['value'] = $value; $arr['type'] = 'text'; } @@ -60,24 +86,20 @@ foreach ($users as $user) { $t->closeTag('td'); } - $t->openTag('td'); - $t->link($t->url('users/'.$user['auth_name']['value']), 'More'); - $t->closeTag('td'); - + if (Login::isLoggedIn()) { + $t->openTag('td'); + $t->link($t->url('users/'.$user['auth_name']['value']), 'More'); + $t->closeTag('td'); + } $t->closeTag('tr'); } -$t->openTag('tr'); -foreach ($attribs as $attrib) { - $t->tag('th', array(), $attrib['name']); -} -$t->tag('th'); -$t->closeTag('tr'); - +$t->closeTag('tbody'); $t->closeTag('table'); -$t->tag('input', array('type'=>'submit', - 'value'=>'Save/Update')); -$t->closeTag('form'); +if (Login::isLoggedIn()) { + $t->tag('input', array('type'=>'submit', + 'value'=>'Save/Update')); +} $t->footer(); diff --git a/src/views/pages/users/new.html.php b/src/views/pages/users/new.html.php index 8b6bdf8..9df376f 100644 --- a/src/views/pages/users/new.html.php +++ b/src/views/pages/users/new.html.php @@ -7,6 +7,16 @@ $t->openTag('form', array('method'=>'post', 'action'=>$t->url('users'))); $t->openFieldset("New User: Step 1"); + +if ($VARS['userlist']) { + $t->inputP("If you may have already created a username, please, ". + "<em>please</em> check the ". + $t->link($t->url('users/'), 'user-list', true). + " to find your old username, instead of creating a new ". + "user. If you don't like the name, you can log in and ". + "change it."); +} + if (in_array('illegal name', $VARS['errors'])) { $t->inputP("That is a forbidden username.", true); } |