From f72b9a7658cea71ee1edf4ae678a2c8043d9e5bf Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Tue, 4 Oct 2011 22:19:45 -0400 Subject: Begin work on safely allowing concurrent edits on data, giving better form interface. --- src/controllers/Config.class.php | 30 +++++++++++++++++ src/controllers/Users.class.php | 71 +++++++++++++++------------------------- src/lib/Form.class.php | 57 ++++++++++++++++++++++++++++++++ 3 files changed, 113 insertions(+), 45 deletions(-) create mode 100644 src/controllers/Config.class.php create mode 100644 src/lib/Form.class.php diff --git a/src/controllers/Config.class.php b/src/controllers/Config.class.php new file mode 100644 index 0000000..37d1f09 --- /dev/null +++ b/src/controllers/Config.class.php @@ -0,0 +1,30 @@ +isAdmin()) { + $this->http401($routed, $remainder); + return; + } + + $method = $_SERVER['REQUEST_METHOD']; + switch ($method) { + case 'PUT': $_POST = $_PUT; + case 'POST': + // We're PUTing an updated configuration. + $this->update(); + break; + } + $this->show_index(); + } + private function show_index() { + + } + private function update() { + + } +} diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index a5d23fc..b8c9244 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -251,50 +251,31 @@ class Users extends Controller { */ private function update_users() { $attribs = $this->getIndexAttribs(); + $form = new Form(null, null); foreach ($attribs as $attrib) { $key = $attrib['key']; if (isset($_POST[$key]) && is_array($_POST[$key])) { $old = $_POST['_old'][$key]; foreach ($_POST[$key] as $uid => $value) { - $doit = true; - $forked = false; - $have_old = isset($old[$uid]); - if ($have_old) { - @$value_base = $old[$uid]; - $we_changed_it = $value_base != $value; - if ($we_changed_it) { - $user = Auth::getObj($uid); - $value_fork = $this->getConf($user,$key); - $value_fork = $value_fork['value']; - if ($value_fork===false) $value_fork = 'false'; - if ($value_fork===true) $value_fork = 'true'; - - $someone_else_changed_it = $value_fork != $value_base; - if ($someone_else_changed_it) { - if ($value == $value_fork) { - // we might as well not have - $we_changed_it = false; - } else { - $forked = true; - } - } - } - if (!$we_changed_it) { - $doit = false;// nothing to do - } - } - if ($doit) { - $this->setConf($uid, $key, $value); - } - if ($forked) { + // FIXME + $form->setter = create_function('$k,$v', "return Users::setConf($uid, \$k, \$v)"); + $form->getter = create_function('$k' , "return Users::getConf($uid, \$k)"); + @$value_old = $_POST[$key]; + $set = $form->updateValue($value, $value_old); + if (is_string($set)) { echo "
\n";
-						echo "Error: Value changed elsewhere, and I don't have real handling for this yet.\n";
+						echo "Error: Value changed elsewhere, ".
+							"and I don't have real handling ".
+							"for this yet.\n";
 						echo "UID: $uid\n";
 						echo "Name: ".$user->getName()."\n";
 						echo "Key: $key\n";
-						echo "Value: Original  : "; var_dump($value_base);
-						echo "Value: Other edit: "; var_dump($value_fork);
-						echo "Value: This edit : "; var_dump($value);
+						echo "Value: Original  : ";
+						var_dump($value_base);
+						echo "Value: Other edit: ";
+						var_dump($value_fork);
+						echo "Value: This edit : ";
+						var_dump($value);
 						echo "
"; } } @@ -319,20 +300,20 @@ class Users extends Controller { $vars['users'] = array(); $uids = $db->listUsers(); foreach ($uids as $uid) { - $user = Auth::getObj($uid); $vars['users'][$uid] = array(); foreach ($vars['attribs'] as $attrib) { $key = $attrib['key']; - $props = $this->getConf($user, $key); + $props = $this->getConf($uid, $key); $vars['users'][$uid][$key] = $props; } } $this->showView('users/index', $vars); } - private function getConf($user, $key) { + public static function getConf($uid, $key) { + $user = Auth::getObj($uid); $logged_in_user = Auth::getObj(Login::isLoggedIn()); - $uid = $user->getUID(); + $post_key = $key."[$uid]"; @$value = $_POST[$post_key]; $editable = $user->canEdit(); @@ -363,25 +344,25 @@ class Users extends Controller { 'post_key'=>$post_key, 'editable'=>$editable); } - private function setConf($uid, $key, $value) { + public static function setConf($uid, $key, $value) { // So, this rocks because we don't have to check permissions, // the User object does that. $user = Auth::getObj($uid); switch ($key) { case 'auth_name': - $user->setName($value); + return $user->setName($value); break; case 'auth_user': - $user->setUser($value=='true'); + return $user->setUser($value=='true'); break; case 'auth_admin': - $user->setAdmin($value=='true'); + return $user->setAdmin($value=='true'); break; case 'auth_delete': - if ($value=='true') $user->delete(); + if ($value=='true') return $user->delete(); default: - $user->setConf($key, $value); + return $user->setConf($key, $value); break; } } diff --git a/src/lib/Form.class.php b/src/lib/Form.class.php new file mode 100644 index 0000000..725bac5 --- /dev/null +++ b/src/lib/Form.class.php @@ -0,0 +1,57 @@ +getter = $get; + $this->setter = $set; + } + private function getConf($key) { + call_user_func($getter, $key); + } + public function setConf($key, $value) { + call_user_func($setter, $key, $value); + } + private function getConfString($key) { + $raw = $this->getConf($key); + $value = $raw['value']; + if ($value===false) return 'false'; + if ($value===true) return 'true'; + return $value; + } + + public function updateValue($value, $value_base=null) { + $doit = true; + $forked = false; + $have_old = ($value_base!==null); + if ($have_old) { + @$value_base = $old[$uid]; + $we_changed_it = $value_base != $value; + if ($we_changed_it) { + $value_fork = $this->getConfString($key); + $someone_else_changed_it = + $value_fork != $value_base; + if ($someone_else_changed_it) { + if ($value == $value_fork) { + // we might as well not have + $we_changed_it = false; + } else { + $forked = true; + } + } + } + if (!$we_changed_it) { + $doit = false;// nothing to do + } + } + if ($doit) { + return $this->setConf($key, $value); + } + if ($forked) { + return $value_fork; + } + } +} -- cgit v1.2.3-54-g00ecf From 2a71bacfc5536279bbc5e238fb6a07c03e85d12d Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 5 Oct 2011 00:18:51 -0400 Subject: Edit individual.html to allow showing multiple users at once. Add a hack to the Users.class controller to show all users for the "all" username. Mark "all" as forbiddent in the Auth.class model. --- src/controllers/Users.class.php | 54 +++++++++++++++++++------------ src/models/Auth.class.php | 6 ++-- src/views/pages/users/individual.html.php | 12 +++++-- 3 files changed, 46 insertions(+), 26 deletions(-) diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index 27efbcd..170d25f 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -77,26 +77,34 @@ class Users extends Controller { } public function individual($routed, $remainder) { - $username = implode('/', $remainder); - global $mm; // also used for pluginmanager $db = $mm->database(); - $uid = $db->getUID($username); - $user = Auth::getObj($uid); - - if ($user->isGroup()) $uid = false; // ignore groups. - - if ($uid===false) { - $this->http404($routed, $remainder); + $pm = $mm->pluginManager(); + + $username = implode('/', $remainder); + if ($username == 'all') { + $uids = $db->listUsers(); } else { + $uids = array($db->getUID($username)); + } + + $vars = array(); + + if (count($uids)<2) { + $user = Auth::getObj($uid); + + if ($user->isGroup()) $uid = false; // ignore groups. + + if ($uid===false) { + $this->http404($routed, $remainder); + exit(); + } if (!$user->canRead()) { $this->http401($routed, $remainder); exit(); } - $vars = array(); $method = $_SERVER['REQUEST_METHOD']; - switch ($method) { case 'PUT': $_POST = $_PUT; case 'POST': @@ -106,19 +114,23 @@ class Users extends Controller { } break; } - - $config_options = array(); - $mm->pluginManager()->callHook('userConfig', &$config_options); - - $vars['config_options'] = $config_options; - $vars['user'] = $user; - $vars['groups'] = $db->listGroupNames(); - require_once('ContactMethod.class.php'); - $this->showView('users/individual', $vars); } + + $config_options = array(); + $pm->callHook('userConfig', &$config_options); + + $vars['users'] = array(); + foreach ($uids as $uid) { + $vars['users'][] = Auth::getObj($uid); + } + $vars['username'] = $username; + $vars['config_options'] = $config_options; + $vars['groups'] = $db->listGroupNames(); + require_once('ContactMethod.class.php'); + $this->showView('users/individual', $vars); } - public function http404($routed, $rnemainder) { + public function http404($routed, $remainder) { $username = implode('/', $remainder); $this->showView('users/404', array('username'=>$username)); diff --git a/src/models/Auth.class.php b/src/models/Auth.class.php index 25570bf..b51aef9 100644 --- a/src/models/Auth.class.php +++ b/src/models/Auth.class.php @@ -26,12 +26,12 @@ class Auth { // Current rules: // * Not in "$illegal_names" // * Does not contain '.' - // * Less <256 characters - $illegal_names = array('', 'new', 'index'); + // * Fewer than 256 characters + $illegal_names = array('', 'new', 'index', 'all'); return true && (!in_array($name, $illegal_names)) && (strpos($name,'.')===false) - && (strlen($name)<=256); + && (strlen($name)<256); } protected $db = null; diff --git a/src/views/pages/users/individual.html.php b/src/views/pages/users/individual.html.php index c630515..39360b7 100644 --- a/src/views/pages/users/individual.html.php +++ b/src/views/pages/users/individual.html.php @@ -1,6 +1,7 @@ 1) { + $t->header("Users: $username"); +} else { + $t->header("User: $username"); +} + +foreach($users as $user) { $username = $user->getName(); -$t->header("User: $username"); $t->tag('h1', array(), ($user->canEdit()?'Edit':'View')." User $username (UID: ".$user->getUID().")"); @@ -136,4 +143,5 @@ if ($user->canEdit()) { $t->tag('input', array('type'=>'submit', 'value'=>'Save')); } $t->closeTag('form'); +} $t->footer(); -- cgit v1.2.3-54-g00ecf From e99a2ea7e361fdc5bab219bea6d9b967b5df486c Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 00:51:28 -0400 Subject: Add auth_uid as a parameter for forms in the Users controller. --- src/controllers/Users.class.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index 170d25f..a4403e3 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -359,6 +359,10 @@ class Users extends Controller { $editable = $user->canEdit(); switch ($key) { + case 'auth_uid': + $value = $user->getUID(); + $editable = false; + break; case 'auth_name': $value = $user->getName(); break; @@ -390,6 +394,8 @@ class Users extends Controller { $user = Auth::getObj($uid); switch ($key) { + case 'auth_uid': + break; case 'auth_name': $user->setName($value); break; -- cgit v1.2.3-54-g00ecf From 4ea4d8c5f718b79851372243244554ee7a039427 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 01:03:21 -0400 Subject: Improve usability of scss. (a lot of form style stuff) --- style.scss | 86 ++++++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 56 insertions(+), 30 deletions(-) diff --git a/style.scss b/style.scss index 627df42..7a86e20 100644 --- a/style.scss +++ b/style.scss @@ -1,3 +1,9 @@ +@mixin box-shadow($shadow) { + -webkit-box-shadow: $shadow; + -moz-box-shadow: $shadow; + box-shadow: $shadow; +} + body.loggedin { div.infobar * { margin: 0 1em; @@ -26,33 +32,60 @@ body { } } div.main { - form fieldset li { - clear: both; - padding: .5em 0; - label { - width: 25%; - float: left; - } - input, textarea { - width: 60%; - float: left; - } - input[type="password"] { - width: 30%; - } - p.form_data { - margin-left: 25%; - } - &.wide { + form { + fieldset li { clear: both; padding: .5em 0; label { - width: 100%; - float: none; + width: 25%; + float: left; } input, textarea { - width: 100%; - float: none; + width: 60%; + float: left; + } + input[type="password"] { + width: 30%; + } + p.form_data { + margin-left: 25%; + } + &.wide { + clear: both; + padding: .5em 0; + label { + width: 100%; + float: none; + } + input, textarea { + width: 100%; + float: none; + } + } + } + table { + border: solid 1px black; + border-collapse: collapse; + border-spacing: 0; + td, th { + border: solid 1px black; + padding: 0; + .cell_width { + display: block; + overflow: hidden; + height: 0px; + @extend input[type="text"]; + } + input { + outline: solid 1px black; + width: 100%; + background: transparent; + border: 0; + &:focus { + outline-color: blue; + @include box-shadow(inset 0 0 1pt 1pt rgba(0,0,1,.5)); + } + } } } } @@ -67,19 +100,12 @@ a { } input[type="text"], textarea { font-family: monospace; + font-size: 12pt; } iframe { width: 100%; height: 100%; } -table, td { - border: solid 1px black; -} -table input { - border: none; - width: 100%; - background: transparent; -} .error { font-weight: bold; color: red; -- cgit v1.2.3-54-g00ecf From f21d82c9eff383d2c1c45c94af5f6c355e3258b2 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 01:05:11 -0400 Subject: Properly use thead and tbody. --- src/views/pages/users/index.html.php | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/src/views/pages/users/index.html.php b/src/views/pages/users/index.html.php index 7f51592..caedf5c 100644 --- a/src/views/pages/users/index.html.php +++ b/src/views/pages/users/index.html.php @@ -13,14 +13,27 @@ $t->openTag('form', array('action'=>$t->url('users/index'), $t->tag('input', array('type'=>'submit', 'value'=>'Save/Update')); -$t->openTag('table'); +$t->openTag('table', array('class'=>'sortable', 'id'=>'bar')); +$t->openTag('thead'); $t->openTag('tr'); foreach ($attribs as $attrib) { $t->tag('th', array(), $attrib['name']); } -$t->tag('th'); +$t->tag('th', array(), '-'); $t->closeTag('tr'); +$t->closeTag('thead'); + +$t->openTag('tfoot'); +$t->openTag('tr'); +foreach ($attribs as $attrib) { + $t->tag('th', array(), $attrib['name']); +} +$t->tag('th', array(), '-'); +$t->closeTag('tr'); +$t->closeTag('tfoot'); + +$t->openTag('tbody'); foreach ($users as $user) { $t->openTag('tr'); @@ -48,6 +61,7 @@ foreach ($users as $user) { $arr['value'] = 'true'; $arr['type'] = 'checkbox'; } else { + $t->tag('span', array('class'=>'cell_width'), $value); $arr['value'] = $value; $arr['type'] = 'text'; } @@ -66,13 +80,7 @@ foreach ($users as $user) { $t->closeTag('tr'); } -$t->openTag('tr'); -foreach ($attribs as $attrib) { - $t->tag('th', array(), $attrib['name']); -} -$t->tag('th'); -$t->closeTag('tr'); - +$t->closeTag('tbody'); $t->closeTag('table'); $t->tag('input', array('type'=>'submit', -- cgit v1.2.3-54-g00ecf From 89c35c47f375d5b45e1e219327600b5bba5569f1 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 03:15:03 -0400 Subject: Begin adding a userlist visable to non-authenticated users. --- src/controllers/Users.class.php | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index a4403e3..f7dc604 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -417,18 +417,27 @@ class Users extends Controller { return array('key'=>$key, 'name'=>$name); } private function getIndexAttribs() { + $user = Auth::getObj(Login::isLoggedIn()); + $attribs = array(); - $attribs[] = $this->attrib('auth_user', 'Active'); - if (Auth::getObj(Login::isLoggedIn())->isAdmin()) { - $attribs[] = $this->attrib('auth_admin', 'Admin'); - $attribs[] = $this->attrib('auth_delete', 'Delete'); + if ($user->isUser()) { + $attribs[] = $this->attrib('auth_uid', 'UID'); + $attribs[] = $this->attrib('auth_user', 'Active'); + if ($user->isAdmin()) { + $attribs[] = $this->attrib('auth_admin', 'Admin'); + $attribs[] = $this->attrib('auth_delete', 'Delete'); + } + $attribs[] = $this->attrib('lastname','Last'); + $attribs[] = $this->attrib('firstname','First'); + $attribs[] = $this->attrib('hsclass','Class of'); + $attribs[] = $this->attrib('phone','Phone number'); + $attribs[] = $this->attrib('email','Email'); + } else { + $attribs[] = $this->attrib('auth_uid', 'UID'); + $attribs[] = $this->attrib('lastname','Last'); + $attribs[] = $this->attrib('firstname','First'); + $attribs[] = $this->attrib('auth_name', 'Username'); } - $attribs[] = $this->attrib('lastname','Last'); - $attribs[] = $this->attrib('firstname','First'); - $attribs[] = $this->attrib('hsclass','Class of'); - $attribs[] = $this->attrib('phone','Phone number'); - $attribs[] = $this->attrib('email','Email'); - $attribs[] = $this->attrib('auth_name', 'Username'); return $attribs; } -- cgit v1.2.3-54-g00ecf From 0fd0403876aacecfde74fca0641530875f09200f Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 9 Oct 2011 03:25:12 -0400 Subject: Move Users->[gs]etConf into a new DB.class.php, add in some wrappers for equivalent stuff with plugin and system config. --- src/controllers/Users.class.php | 73 ++-------------------- src/lib/DB.class.php | 131 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 136 insertions(+), 68 deletions(-) create mode 100644 src/lib/DB.class.php diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php index a4403e3..54e4675 100644 --- a/src/controllers/Users.class.php +++ b/src/controllers/Users.class.php @@ -1,6 +1,7 @@ showView('users/500'); } else { Login::login($username, $password); - $this->setConf($uid, 'email', $vars['email']); + DB::set('users', $uid, 'email', $vars['email']); $this->showView('users/created', array('username'=>$username)); } @@ -284,8 +285,7 @@ class Users extends Controller { @$value_base = $old[$uid]; $we_changed_it = $value_base != $value; if ($we_changed_it) { - $user = Auth::getObj($uid); - $value_fork = $this->getConf($user,$key); + $value_fork = DB::get('users', $uid, $key); $value_fork = $value_fork['value']; if ($value_fork===false) $value_fork = 'false'; if ($value_fork===true) $value_fork = 'true'; @@ -305,7 +305,7 @@ class Users extends Controller { } } if ($doit) { - $this->setConf($uid, $key, $value); + DB::set('users', $uid, $key, $value); } if ($forked) { echo "
\n";
@@ -340,79 +340,16 @@ class Users extends Controller {
 		$vars['users'] = array();
 		$uids = $db->listUsers();
 		foreach ($uids as $uid) {
-			$user = Auth::getObj($uid);
 			$vars['users'][$uid] = array();
 			foreach ($vars['attribs'] as $attrib) {
 				$key = $attrib['key'];
-				$props = $this->getConf($user, $key);
+				$props = DB::get('users', $uid, $key);
 				$vars['users'][$uid][$key] = $props;
 			}
 		}
 		$this->showView('users/index', $vars);
 	}
-	
-	private function getConf($user, $key) {
-		$logged_in_user = Auth::getObj(Login::isLoggedIn());
-		$uid = $user->getUID();
-		$post_key = $key."[$uid]";
-		@$value = $_POST[$post_key];
-		$editable = $user->canEdit();
-		
-		switch ($key) {
-		case 'auth_uid':
-			$value = $user->getUID();
-			$editable = false;
-			break;
-		case 'auth_name':
-			$value = $user->getName();
-			break;
-		case 'auth_user':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = $user->isUser();
-			break;
-		case 'auth_admin':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = $user->isAdmin();
-			break;
-		case 'auth_delete':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = false;
-			break;
-		default:
-			$value = $user->getConf($key);
-			if ($value===false) $value='';
-			break;
-		}
 		
-		return array('value'=>$value,
-		             'post_key'=>$post_key,
-		             'editable'=>$editable);
-	}
-	private function setConf($uid, $key, $value) {
-		// So, this rocks because we don't have to check permissions,
-		// the User object does that.
-		$user = Auth::getObj($uid);
-		
-		switch ($key) {
-		case 'auth_uid':
-			break;
-		case 'auth_name':
-			$user->setName($value);
-			break;
-		case 'auth_user':
-			$user->setUser($value=='true');
-			break;
-		case 'auth_admin':
-			$user->setAdmin($value=='true');
-			break;
-		case 'auth_delete':
-			if ($value=='true') $user->delete();
-		default: 
-			$user->setConf($key, $value);
-			break;
-		}
-	}
-	
 	function attrib($key, $name) {
 		return array('key'=>$key, 'name'=>$name);
 	}
diff --git a/src/lib/DB.class.php b/src/lib/DB.class.php
new file mode 100644
index 0000000..9f14161
--- /dev/null
+++ b/src/lib/DB.class.php
@@ -0,0 +1,131 @@
+canEdit();
+		
+		switch ($key) {
+		case 'auth_uid':
+			$value = $user->getUID();
+			$editable = false;
+			break;
+		case 'auth_name':
+			$value = $user->getName();
+			break;
+		case 'auth_user':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = $user->isUser();
+			break;
+		case 'auth_admin':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = $user->isAdmin();
+			break;
+		case 'auth_delete':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = false;
+			break;
+		default:
+			$value = $user->getConf($key);
+			if ($value===false) $value='';
+			break;
+		}
+		
+		return array('value'=>$value,
+		             'post_key'=>$post_key,
+		             'editable'=>$editable);
+	}
+	private static function user_set($uid, $key, $value) {
+		$user = Auth::getObj($uid);
+		
+		switch ($key) {
+		case 'auth_uid':
+			return false;
+			break;
+		case 'auth_name':
+			return $user->setName($value);
+			break;
+		case 'auth_user':
+			return $user->setUser($value=='true');
+			break;
+		case 'auth_admin':
+			return $user->setAdmin($value=='true');
+			break;
+		case 'auth_delete':
+			if ($value=='true') return $user->delete();
+		default: 
+			return $user->setConf($key, $value);
+			break;
+		}
+	}
+	
+	private static function admin_get($plugin, $key) {
+		global $mm; $db = $mm->database();
+		$user = Auth::getObj(Login::isLoggedIn());
+		if ($user->isAdmin()) {
+			$editable = true;
+			switch ($plugin) {
+			case 'system':
+				$value = $db->getSysConf($key);
+				break;
+			default:
+				$value =  $db->getPluginConf($plugin, $key);
+				break;
+			}
+		} else {
+			$editable = false;
+			$value = false;
+		}
+		
+		return array('value'=>$value,
+		             'post_key'=>'to be implemented',// FIXME
+		             'editable'=>$editable);
+	}
+	private static function admin_set($plugin, $key, $value) {
+		global $mm; $db = $mm->database();
+		$user = Auth::getObj(Login::isLoggedIn());
+		if (!$user->isAdmin()) {
+			return false;
+		}
+		switch ($plugin) {
+		case 'system':
+			return $db->setSysConf($key, $value);
+		default:
+			return $db->setPluginConf($plugin, $key, $value);
+		}
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3-54-g00ecf


From 7e91c2872778407172fa42208be1aa7e466b97e3 Mon Sep 17 00:00:00 2001
From: Luke Shumaker 
Date: Sun, 9 Oct 2011 14:17:09 -0400
Subject: Don't show full name to anon users, comment out security check for
 index.

---
 src/controllers/Users.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index f7dc604..c69701f 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -329,11 +329,13 @@ class Users extends Controller {
 	private function show_index($routed, $remainder) {
 		global $mm; $db = $mm->database();
 		
+		/*
 		$logged_in_user = Auth::getObj(Login::isLoggedIn());
 		if (!$logged_in_user->isUser()) {
 			$this->http401($routed, $remainder);
 			exit();
 		}
+		*/
 		
 		$vars = array();
 		$vars['attribs'] = $this->getIndexAttribs();
@@ -434,8 +436,6 @@ class Users extends Controller {
 			$attribs[] = $this->attrib('email','Email');
 		} else {
 			$attribs[] = $this->attrib('auth_uid', 'UID');
-			$attribs[] = $this->attrib('lastname','Last');
-			$attribs[] = $this->attrib('firstname','First');
 			$attribs[] = $this->attrib('auth_name', 'Username');
 		}
 		return $attribs;
-- 
cgit v1.2.3-54-g00ecf


From 855d769094d175cadda67c1c451279243533aaa5 Mon Sep 17 00:00:00 2001
From: Luke Shumaker 
Date: Sun, 9 Oct 2011 14:27:17 -0400
Subject: Allow username lookup even if $user->canRead()==false

---
 src/models/Auth.class.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/models/Auth.class.php b/src/models/Auth.class.php
index b51aef9..031ee26 100644
--- a/src/models/Auth.class.php
+++ b/src/models/Auth.class.php
@@ -113,7 +113,6 @@ class Auth {
 
 	// [user|group]name ////////////////////////////////////////////////////
 	public function getName() {
-		if (!$this->canRead()) return false;
 		return $this->db->getUsername($this->uid);
 	}
 	public function setName($new_name) {
-- 
cgit v1.2.3-54-g00ecf


From 01003f1761631394360697530d3418c1acaf1cd9 Mon Sep 17 00:00:00 2001
From: Luke Shumaker 
Date: Sun, 9 Oct 2011 14:57:49 -0400
Subject: Add the system config option 'anon_userlist' to control if an
 anonymous userlist is visible or not.

---
 src/controllers/Users.class.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index 24bb8aa..ac6b06a 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -308,13 +308,12 @@ class Users extends Controller {
 	private function show_index($routed, $remainder) {
 		global $mm; $db = $mm->database();
 		
-		/*
 		$logged_in_user = Auth::getObj(Login::isLoggedIn());
-		if (!$logged_in_user->isUser()) {
+		$anon_userlist = $db->getSysConf('anon_userlist')=='true';
+		if (!$anon_userlist && !$logged_in_user->isUser()) {
 			$this->http401($routed, $remainder);
 			exit();
 		}
-		*/
 		
 		$vars = array();
 		$vars['attribs'] = $this->getIndexAttribs();
-- 
cgit v1.2.3-54-g00ecf


From 710942016b2a363f1301259dac01410188707d85 Mon Sep 17 00:00:00 2001
From: Luke Shumaker 
Date: Sun, 9 Oct 2011 14:58:30 -0400
Subject: Change users/index.html a bit depending on if logged in or not.

---
 src/views/pages/users/index.html.php | 58 +++++++++++++++++++-----------------
 1 file changed, 30 insertions(+), 28 deletions(-)

diff --git a/src/views/pages/users/index.html.php b/src/views/pages/users/index.html.php
index daed9f7..d004c54 100644
--- a/src/views/pages/users/index.html.php
+++ b/src/views/pages/users/index.html.php
@@ -2,6 +2,7 @@
 $t = $VARS['template'];
 $attribs = $VARS['attribs'];
 $users = $VARS['users'];
+require_once('Login.class.php');
 
 $t->header('Users');
 
@@ -10,35 +11,34 @@ $t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet."))
 $t->openTag('form', array('action'=>$t->url('users/index'),
                           'method'=>'post'));
 
-$t->tag('input', array('type'=>'submit',
-                       'value'=>'Save/Update'));
+if (Login::isLoggedIn()) {
+	$t->tag('input', array('type'=>'submit',
+	                       'value'=>'Save/Update'));
+}
 
 $t->openTag('table', array('class'=>'sortable', 'id'=>'bar'));
 
-$t->openTag('thead');
-$t->openTag('tr');
-foreach ($attribs as $attrib) {
-	switch ($attrib['type']) {
-	case 'bool': $class = 'small'; break;
-	default: $class = ''; break;
+function table_head($attribs, $t) {
+	$t->openTag('tr');
+	foreach ($attribs as $attrib) {
+		switch ($attrib['type']) {
+		case 'bool': $class = 'small'; break;
+		default: $class = ''; break;
+		}
+		$t->tag('th', array('class'=>$class), $attrib['name']);
+	}
+	if (Login::isLoggedIn()) {
+		$t->tag('th', array(), '-');
 	}
-	$t->tag('th', array('class'=>$class), $attrib['name']);
+	$t->closeTag('tr');
 }
-$t->tag('th', array(), '-');
-$t->closeTag('tr');
+
+$t->openTag('thead');
+table_head($attribs, $t);
 $t->closeTag('thead');
 
 $t->openTag('tfoot');
-$t->openTag('tr');
-foreach ($attribs as $attrib) {
-	switch ($attrib['type']) {
-	case 'bool': $class = 'small'; break;
-	default: $class = ''; break;
-	}
-	$t->tag('th', array('class'=>$class), $attrib['name']);
-}
-$t->tag('th', array(), '-');
-$t->closeTag('tr');
+table_head($attribs, $t);
 $t->closeTag('tfoot');
 
 $t->openTag('tbody');
@@ -85,18 +85,20 @@ foreach ($users as $user) {
 		$t->closeTag('td');
 	}
 	
-	$t->openTag('td');
-	$t->link($t->url('users/'.$user['auth_name']['value']), 'More');
-	$t->closeTag('td');
-	
+	if (Login::isLoggedIn()) {
+		$t->openTag('td');
+		$t->link($t->url('users/'.$user['auth_name']['value']), 'More');
+		$t->closeTag('td');
+	}
 	$t->closeTag('tr');
 }
 
 $t->closeTag('tbody');
 $t->closeTag('table');
 
-$t->tag('input', array('type'=>'submit',
-                       'value'=>'Save/Update'));
-$t->closeTag('form');
+if (Login::isLoggedIn()) {
+	$t->tag('input', array('type'=>'submit',
+	                       'value'=>'Save/Update'));
+}
 
 $t->footer();
-- 
cgit v1.2.3-54-g00ecf


From 2e769649abf4f9b3712287e24eb42c5a93a8035e Mon Sep 17 00:00:00 2001
From: Luke Shumaker 
Date: Sun, 9 Oct 2011 15:41:59 -0400
Subject: Link to the userlist from the user registration page, if
 anon_userlist is enabled.

---
 src/controllers/Users.class.php    |  7 ++++++-
 src/views/pages/users/new.html.php | 10 ++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index ac6b06a..dbd5120 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -72,8 +72,13 @@ class Users extends Controller {
 			exit();
 		}
 		if (!isset($vars['errors'])) $vars['errors'] = array();
-		global $mm; $pm = $mm->pluginManager();
+		
+		global $mm;
+		$pm = $mm->pluginManager();
+		$db = $mm->database();
+		
 		$vars['antispam_html'] = $pm->callHook('antispam_html');
+		$vars['userlist'] = $db->getSysConf('anon_userlist');
 		$this->showView('users/new', $vars);
 	}
 	
diff --git a/src/views/pages/users/new.html.php b/src/views/pages/users/new.html.php
index 8b6bdf8..9df376f 100644
--- a/src/views/pages/users/new.html.php
+++ b/src/views/pages/users/new.html.php
@@ -7,6 +7,16 @@ $t->openTag('form', array('method'=>'post',
                           'action'=>$t->url('users')));
 
 $t->openFieldset("New User: Step 1");
+
+if ($VARS['userlist']) {
+	$t->inputP("If you may have already created a username, please, ".
+	           "please check the ".
+	           $t->link($t->url('users/'), 'user-list', true).
+	           " to find your old username, instead of creating a new ".
+	           "user. If you don't like the name, you can log in and ".
+	           "change it.");
+}
+
 if (in_array('illegal name', $VARS['errors'])) {
 	$t->inputP("That is a forbidden username.", true);
 }
-- 
cgit v1.2.3-54-g00ecf


From 93b1163cba7edf1a0a7e7ae787e06434de119dad Mon Sep 17 00:00:00 2001
From: Luke Shumaker 
Date: Sun, 9 Oct 2011 15:46:25 -0400
Subject: Fix the markup with the spreadsheet link in the user index.

---
 src/views/pages/users/index.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/views/pages/users/index.html.php b/src/views/pages/users/index.html.php
index caedf5c..2650c5a 100644
--- a/src/views/pages/users/index.html.php
+++ b/src/views/pages/users/index.html.php
@@ -5,7 +5,7 @@ $users = $VARS['users'];
 
 $t->header('Users');
 
-$t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet."));
+$t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet.", true));
 
 $t->openTag('form', array('action'=>$t->url('users/index'),
                           'method'=>'post'));
-- 
cgit v1.2.3-54-g00ecf