From f72b9a7658cea71ee1edf4ae678a2c8043d9e5bf Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Tue, 4 Oct 2011 22:19:45 -0400
Subject: Begin work on safely allowing concurrent edits on data, giving better
 form interface.

---
 src/controllers/Config.class.php | 30 +++++++++++++++++
 src/controllers/Users.class.php  | 71 +++++++++++++++-------------------------
 src/lib/Form.class.php           | 57 ++++++++++++++++++++++++++++++++
 3 files changed, 113 insertions(+), 45 deletions(-)
 create mode 100644 src/controllers/Config.class.php
 create mode 100644 src/lib/Form.class.php

diff --git a/src/controllers/Config.class.php b/src/controllers/Config.class.php
new file mode 100644
index 0000000..37d1f09
--- /dev/null
+++ b/src/controllers/Config.class.php
@@ -0,0 +1,30 @@
+<?php
+require_once('Auth.class.php');
+
+Router::register('config', 'Config', 'index');
+
+class Config extends Controller {
+	public function index($routed, $remainder) {
+		$uid = Login::isLoggedIn();
+		if ($uid===false || !Auth::getObj($uid)->isAdmin()) {
+			$this->http401($routed, $remainder);
+			return;
+		}
+		
+		$method = $_SERVER['REQUEST_METHOD'];
+		switch ($method) {
+		case 'PUT': $_POST = $_PUT;
+		case 'POST':
+			// We're PUTing an updated configuration.
+			$this->update();
+			break;
+		}
+		$this->show_index();
+	}
+	private function show_index() {
+		
+	}
+	private function update() {
+		
+	}
+}
diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index a5d23fc..b8c9244 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -251,50 +251,31 @@ class Users extends Controller {
 	 */
 	private function update_users() {
 		$attribs = $this->getIndexAttribs();
+		$form = new Form(null, null);
 		foreach ($attribs as $attrib) {
 			$key = $attrib['key'];
 			if (isset($_POST[$key]) && is_array($_POST[$key])) {
 				$old = $_POST['_old'][$key];
 				foreach ($_POST[$key] as $uid => $value) {
-					$doit = true;
-					$forked = false;
-					$have_old = isset($old[$uid]);
-					if ($have_old) {
-						@$value_base = $old[$uid];
-						$we_changed_it = $value_base != $value;
-						if ($we_changed_it) {
-							$user = Auth::getObj($uid);
-							$value_fork = $this->getConf($user,$key);
-							$value_fork = $value_fork['value'];
-							if ($value_fork===false) $value_fork = 'false';
-							if ($value_fork===true)  $value_fork = 'true';
-							
-							$someone_else_changed_it = $value_fork != $value_base;
-							if ($someone_else_changed_it) {
-								if ($value == $value_fork) {
-									// we might as well not have
-									$we_changed_it = false;
-								} else {
-									$forked = true;
-								}
-							}
-						}
-						if (!$we_changed_it) {
-							$doit = false;// nothing to do
-						}
-					}
-					if ($doit) {
-						$this->setConf($uid, $key, $value);
-					}
-					if ($forked) {
+					// FIXME
+					$form->setter = create_function('$k,$v', "return Users::setConf($uid, \$k, \$v)");
+					$form->getter = create_function('$k'   , "return Users::getConf($uid, \$k)");
+					@$value_old = $_POST[$key];
+					$set = $form->updateValue($value, $value_old);
+					if (is_string($set)) {
 						echo "<pre>\n";
-						echo "Error: Value changed elsewhere, and I don't have real handling for this yet.\n";
+						echo "Error: Value changed elsewhere, ".
+							"and I don't have real handling ".
+							"for this yet.\n";
 						echo "UID: $uid\n";
 						echo "Name: ".$user->getName()."\n";
 						echo "Key: $key\n";
-						echo "Value: Original  : "; var_dump($value_base);
-						echo "Value: Other edit: "; var_dump($value_fork);
-						echo "Value: This edit : "; var_dump($value);
+						echo "Value: Original  : ";
+						var_dump($value_base);
+						echo "Value: Other edit: ";
+						var_dump($value_fork);
+						echo "Value: This edit : ";
+						var_dump($value);
 						echo "</pre>";
 					}
 				}
@@ -319,20 +300,20 @@ class Users extends Controller {
 		$vars['users'] = array();
 		$uids = $db->listUsers();
 		foreach ($uids as $uid) {
-			$user = Auth::getObj($uid);
 			$vars['users'][$uid] = array();
 			foreach ($vars['attribs'] as $attrib) {
 				$key = $attrib['key'];
-				$props = $this->getConf($user, $key);
+				$props = $this->getConf($uid, $key);
 				$vars['users'][$uid][$key] = $props;
 			}
 		}
 		$this->showView('users/index', $vars);
 	}
 	
-	private function getConf($user, $key) {
+	public static function getConf($uid, $key) {
+		$user = Auth::getObj($uid);
 		$logged_in_user = Auth::getObj(Login::isLoggedIn());
-		$uid = $user->getUID();
+
 		$post_key = $key."[$uid]";
 		@$value = $_POST[$post_key];
 		$editable = $user->canEdit();
@@ -363,25 +344,25 @@ class Users extends Controller {
 		             'post_key'=>$post_key,
 		             'editable'=>$editable);
 	}
-	private function setConf($uid, $key, $value) {
+	public static function setConf($uid, $key, $value) {
 		// So, this rocks because we don't have to check permissions,
 		// the User object does that.
 		$user = Auth::getObj($uid);
 		
 		switch ($key) {
 		case 'auth_name':
-			$user->setName($value);
+			return $user->setName($value);
 			break;
 		case 'auth_user':
-			$user->setUser($value=='true');
+			return $user->setUser($value=='true');
 			break;
 		case 'auth_admin':
-			$user->setAdmin($value=='true');
+			return $user->setAdmin($value=='true');
 			break;
 		case 'auth_delete':
-			if ($value=='true') $user->delete();
+			if ($value=='true') return $user->delete();
 		default: 
-			$user->setConf($key, $value);
+			return $user->setConf($key, $value);
 			break;
 		}
 	}
diff --git a/src/lib/Form.class.php b/src/lib/Form.class.php
new file mode 100644
index 0000000..725bac5
--- /dev/null
+++ b/src/lib/Form.class.php
@@ -0,0 +1,57 @@
+<?php
+
+require_once('Auth.class.php');
+
+class Form {
+	public $getter = null;
+	public $setter = null;
+	public function __constructor($get, $set) {
+		$this->getter = $get;
+		$this->setter = $set;
+	}
+	private function getConf($key) {
+		call_user_func($getter, $key);
+	}
+	public function setConf($key, $value) {
+		call_user_func($setter, $key, $value);
+	}
+	private function getConfString($key) {
+		$raw = $this->getConf($key);
+		$value = $raw['value'];
+		if ($value===false) return 'false';
+		if ($value===true)  return 'true';
+		return $value;
+	}
+
+	public function updateValue($value, $value_base=null) {
+		$doit = true;
+		$forked = false;
+		$have_old = ($value_base!==null);
+		if ($have_old) {
+			@$value_base = $old[$uid];
+			$we_changed_it = $value_base != $value;
+			if ($we_changed_it) {
+				$value_fork = $this->getConfString($key);
+				$someone_else_changed_it =
+					$value_fork != $value_base;
+				if ($someone_else_changed_it) {
+					if ($value == $value_fork) {
+						// we might as well not have
+						$we_changed_it = false;
+					} else {
+						$forked = true;
+					}
+				}
+			}
+			if (!$we_changed_it) {
+				$doit = false;// nothing to do
+			}
+		}
+		if ($doit) {
+			return $this->setConf($key, $value);
+		}
+		if ($forked) {
+			return $value_fork;
+		}
+	}
+}
-- 
cgit v1.2.3


From 2a71bacfc5536279bbc5e238fb6a07c03e85d12d Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Wed, 5 Oct 2011 00:18:51 -0400
Subject: Edit individual.html to allow showing multiple users at once. Add a
 hack to the Users.class controller to show all users for the "all" username. 
 Mark "all" as forbiddent in the Auth.class model.

---
 src/controllers/Users.class.php           | 54 +++++++++++++++++++------------
 src/models/Auth.class.php                 |  6 ++--
 src/views/pages/users/individual.html.php | 12 +++++--
 3 files changed, 46 insertions(+), 26 deletions(-)

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index 27efbcd..170d25f 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -77,26 +77,34 @@ class Users extends Controller {
 	}
 	
 	public function individual($routed, $remainder) {
-		$username = implode('/', $remainder);
-		
 		global $mm; // also used for pluginmanager
 		$db = $mm->database();
-		$uid = $db->getUID($username);
-		$user = Auth::getObj($uid);
-		
-		if ($user->isGroup()) $uid = false; // ignore groups.
-		
-		if ($uid===false) {
-			$this->http404($routed, $remainder);
+		$pm = $mm->pluginManager();
+
+		$username = implode('/', $remainder);
+		if ($username == 'all') {
+			$uids = $db->listUsers();
 		} else {
+			$uids = array($db->getUID($username));
+		}
+
+		$vars = array();
+		
+		if (count($uids)<2) {
+			$user = Auth::getObj($uid);
+			
+			if ($user->isGroup()) $uid = false; // ignore groups.
+			
+			if ($uid===false) {
+				$this->http404($routed, $remainder);
+				exit();
+			}
 			if (!$user->canRead()) {
 				$this->http401($routed, $remainder);
 				exit();
 			}
 			
-			$vars = array();
 			$method = $_SERVER['REQUEST_METHOD'];
-			
 			switch ($method) {
 			case 'PUT': $_POST = $_PUT;
 			case 'POST':
@@ -106,19 +114,23 @@ class Users extends Controller {
 				}
 				break;
 			}
-			
-			$config_options = array();
-			$mm->pluginManager()->callHook('userConfig', &$config_options);
-			
-			$vars['config_options'] = $config_options;
-			$vars['user'] = $user;
-			$vars['groups'] = $db->listGroupNames();
-			require_once('ContactMethod.class.php');
-			$this->showView('users/individual', $vars);
 		}
+		
+		$config_options = array();
+		$pm->callHook('userConfig', &$config_options);
+
+		$vars['users'] = array();
+		foreach ($uids as $uid) {
+			$vars['users'][] = Auth::getObj($uid);
+		}
+		$vars['username'] = $username;
+		$vars['config_options'] = $config_options;
+		$vars['groups'] = $db->listGroupNames();
+		require_once('ContactMethod.class.php');
+		$this->showView('users/individual', $vars);
 	}
 	
-	public function http404($routed, $rnemainder) {
+	public function http404($routed, $remainder) {
 		$username = implode('/', $remainder);
 		$this->showView('users/404',
 		                array('username'=>$username));
diff --git a/src/models/Auth.class.php b/src/models/Auth.class.php
index 25570bf..b51aef9 100644
--- a/src/models/Auth.class.php
+++ b/src/models/Auth.class.php
@@ -26,12 +26,12 @@ class Auth {
 		// Current rules:
 		// * Not in "$illegal_names"
 		// * Does not contain '.'
-		// * Less <256 characters
-		$illegal_names = array('', 'new', 'index');
+		// * Fewer than 256 characters
+		$illegal_names = array('', 'new', 'index', 'all');
 		return true
 			&& (!in_array($name, $illegal_names))
 			&& (strpos($name,'.')===false)
-			&& (strlen($name)<=256);
+			&& (strlen($name)<256);
 	}
 	
 	protected $db = null;
diff --git a/src/views/pages/users/individual.html.php b/src/views/pages/users/individual.html.php
index c630515..39360b7 100644
--- a/src/views/pages/users/individual.html.php
+++ b/src/views/pages/users/individual.html.php
@@ -1,6 +1,7 @@
 <?php global $VARS, $CONTACT_METHODS;
 $t = $VARS['template'];
-$user = $VARS['user'];
+$users = $VARS['users'];
+$username = $VARS['username'];
 
 function inputText($user, $key, $label, $hint='') {
 	global $VARS; $t = $VARS['template'];
@@ -56,8 +57,14 @@ function inputField($user, $arr) {
 
 ////////////////////////////////////////////////////////////////////////////////
 
+if (count($users)>1) {
+	$t->header("Users: $username");
+} else {
+	$t->header("User: $username");
+}
+
+foreach($users as $user) {
 $username = $user->getName();
-$t->header("User: $username");
 
 $t->tag('h1', array(), ($user->canEdit()?'Edit':'View')." User <q>$username</q> (UID: ".$user->getUID().")");
 
@@ -136,4 +143,5 @@ if ($user->canEdit()) {
 	$t->tag('input', array('type'=>'submit', 'value'=>'Save'));
 }
 $t->closeTag('form');
+}
 $t->footer();
-- 
cgit v1.2.3


From e99a2ea7e361fdc5bab219bea6d9b967b5df486c Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 00:51:28 -0400
Subject: Add auth_uid as a parameter for forms in the Users controller.

---
 src/controllers/Users.class.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index 170d25f..a4403e3 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -359,6 +359,10 @@ class Users extends Controller {
 		$editable = $user->canEdit();
 		
 		switch ($key) {
+		case 'auth_uid':
+			$value = $user->getUID();
+			$editable = false;
+			break;
 		case 'auth_name':
 			$value = $user->getName();
 			break;
@@ -390,6 +394,8 @@ class Users extends Controller {
 		$user = Auth::getObj($uid);
 		
 		switch ($key) {
+		case 'auth_uid':
+			break;
 		case 'auth_name':
 			$user->setName($value);
 			break;
-- 
cgit v1.2.3


From 4ea4d8c5f718b79851372243244554ee7a039427 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 01:03:21 -0400
Subject: Improve usability of scss. (a lot of form style stuff)

---
 style.scss | 86 ++++++++++++++++++++++++++++++++++++++++----------------------
 1 file changed, 56 insertions(+), 30 deletions(-)

diff --git a/style.scss b/style.scss
index 627df42..7a86e20 100644
--- a/style.scss
+++ b/style.scss
@@ -1,3 +1,9 @@
+@mixin box-shadow($shadow) {
+	-webkit-box-shadow: $shadow;
+	   -moz-box-shadow: $shadow;
+	        box-shadow: $shadow;
+}
+
 body.loggedin {
 	div.infobar * {
 		margin: 0 1em;
@@ -26,33 +32,60 @@ body {
 		}
 	}
 	div.main {
-		form fieldset li {
-			clear: both;
-			padding: .5em 0;
-			label {
-				width: 25%;
-				float: left;
-			}
-			input, textarea {
-				width: 60%;
-				float: left;
-			}
-			input[type="password"] {
-				width: 30%;
-			}
-			p.form_data {
-				margin-left: 25%;
-			}
-			&.wide {
+		form {
+			fieldset li {
 				clear: both;
 				padding: .5em 0;
 				label {
-					width: 100%;
-					float: none;
+					width: 25%;
+					float: left;
 				}
 				input, textarea {
-					width: 100%;
-					float: none;
+					width: 60%;
+					float: left;
+				}
+				input[type="password"] {
+					width: 30%;
+				}
+				p.form_data {
+					margin-left: 25%;
+				}
+				&.wide {
+					clear: both;
+					padding: .5em 0;
+					label {
+						width: 100%;
+						float: none;
+					}
+					input, textarea {
+						width: 100%;
+						float: none;
+					}
+				}
+			}
+			table {
+				border: solid 1px black;
+				border-collapse: collapse;
+				border-spacing: 0;
+				td, th {
+					border: solid 1px black;
+					padding: 0;
+					.cell_width {
+						display: block;
+						overflow: hidden;
+						height: 0px;
+						@extend input[type="text"];
+					}
+					input {
+						outline: solid 1px black;
+						width: 100%;
+						background: transparent;
+						border: 0;
+						&:focus {
+							outline-color: blue;
+							@include box-shadow(inset 0 0 1pt 1pt rgba(0,0,1,.5));
+						}
+					}
 				}
 			}
 		}
@@ -67,19 +100,12 @@ a {
 }
 input[type="text"], textarea {
 	font-family: monospace;
+	font-size: 12pt;
 }
 iframe {
 	width: 100%;
 	height: 100%;
 }
-table, td {
-	border: solid 1px black;
-}
-table input {
-	border: none;
-	width: 100%;
-	background: transparent;
-}
 .error {
 	font-weight: bold;
 	color: red;
-- 
cgit v1.2.3


From f21d82c9eff383d2c1c45c94af5f6c355e3258b2 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 01:05:11 -0400
Subject: Properly use thead and tbody.

---
 src/views/pages/users/index.html.php | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/views/pages/users/index.html.php b/src/views/pages/users/index.html.php
index 7f51592..caedf5c 100644
--- a/src/views/pages/users/index.html.php
+++ b/src/views/pages/users/index.html.php
@@ -13,14 +13,27 @@ $t->openTag('form', array('action'=>$t->url('users/index'),
 $t->tag('input', array('type'=>'submit',
                        'value'=>'Save/Update'));
 
-$t->openTag('table');
+$t->openTag('table', array('class'=>'sortable', 'id'=>'bar'));
 
+$t->openTag('thead');
 $t->openTag('tr');
 foreach ($attribs as $attrib) {
 	$t->tag('th', array(), $attrib['name']);
 }
-$t->tag('th');
+$t->tag('th', array(), '-');
 $t->closeTag('tr');
+$t->closeTag('thead');
+
+$t->openTag('tfoot');
+$t->openTag('tr');
+foreach ($attribs as $attrib) {
+	$t->tag('th', array(), $attrib['name']);
+}
+$t->tag('th', array(), '-');
+$t->closeTag('tr');
+$t->closeTag('tfoot');
+
+$t->openTag('tbody');
 
 foreach ($users as $user) {
 	$t->openTag('tr');
@@ -48,6 +61,7 @@ foreach ($users as $user) {
 			$arr['value'] = 'true';
 			$arr['type'] = 'checkbox';
 		} else {
+			$t->tag('span', array('class'=>'cell_width'), $value);
 			$arr['value'] = $value;
 			$arr['type'] = 'text';
 		}
@@ -66,13 +80,7 @@ foreach ($users as $user) {
 	$t->closeTag('tr');
 }
 
-$t->openTag('tr');
-foreach ($attribs as $attrib) {
-	$t->tag('th', array(), $attrib['name']);
-}
-$t->tag('th');
-$t->closeTag('tr');
-
+$t->closeTag('tbody');
 $t->closeTag('table');
 
 $t->tag('input', array('type'=>'submit',
-- 
cgit v1.2.3


From 89c35c47f375d5b45e1e219327600b5bba5569f1 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 03:15:03 -0400
Subject: Begin adding a userlist visable to non-authenticated users.

---
 src/controllers/Users.class.php | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index a4403e3..f7dc604 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -417,18 +417,27 @@ class Users extends Controller {
 		return array('key'=>$key, 'name'=>$name);
 	}
 	private function getIndexAttribs() {
+		$user = Auth::getObj(Login::isLoggedIn());
+		
 		$attribs = array();
-		$attribs[] = $this->attrib('auth_user', 'Active');
-		if (Auth::getObj(Login::isLoggedIn())->isAdmin()) {
-			$attribs[] = $this->attrib('auth_admin', 'Admin');
-			$attribs[] = $this->attrib('auth_delete', 'Delete');
+		if ($user->isUser()) {
+			$attribs[] = $this->attrib('auth_uid', 'UID');
+			$attribs[] = $this->attrib('auth_user', 'Active');
+			if ($user->isAdmin()) {
+				$attribs[] = $this->attrib('auth_admin', 'Admin');
+				$attribs[] = $this->attrib('auth_delete', 'Delete');
+			}
+			$attribs[] = $this->attrib('lastname','Last');
+			$attribs[] = $this->attrib('firstname','First');
+			$attribs[] = $this->attrib('hsclass','Class of');
+			$attribs[] = $this->attrib('phone','Phone number');
+			$attribs[] = $this->attrib('email','Email');
+		} else {
+			$attribs[] = $this->attrib('auth_uid', 'UID');
+			$attribs[] = $this->attrib('lastname','Last');
+			$attribs[] = $this->attrib('firstname','First');
+			$attribs[] = $this->attrib('auth_name', 'Username');
 		}
-		$attribs[] = $this->attrib('lastname','Last');
-		$attribs[] = $this->attrib('firstname','First');
-		$attribs[] = $this->attrib('hsclass','Class of');
-		$attribs[] = $this->attrib('phone','Phone number');
-		$attribs[] = $this->attrib('email','Email');
-		$attribs[] = $this->attrib('auth_name', 'Username');
 		return $attribs;
 	}
 	
-- 
cgit v1.2.3


From 0fd0403876aacecfde74fca0641530875f09200f Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 03:25:12 -0400
Subject: Move Users->[gs]etConf into a new DB.class.php, add in some wrappers
 for equivalent stuff with plugin and system config.

---
 src/controllers/Users.class.php |  73 ++--------------------
 src/lib/DB.class.php            | 131 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 136 insertions(+), 68 deletions(-)
 create mode 100644 src/lib/DB.class.php

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index a4403e3..54e4675 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -1,6 +1,7 @@
 <?php
 require_once('Login.class.php');
 require_once('Auth.class.php');
+require_once('DB.class.php');
 
 Router::register('users/new'  , 'Users', 'new_user');
 Router::register('users/index', 'Users', 'index_file');
@@ -188,7 +189,7 @@ class Users extends Controller {
 				$this->showView('users/500');
 			} else {
 				Login::login($username, $password);
-				$this->setConf($uid, 'email', $vars['email']);
+				DB::set('users', $uid, 'email', $vars['email']);
 				$this->showView('users/created',
 				                array('username'=>$username));
 			}
@@ -284,8 +285,7 @@ class Users extends Controller {
 						@$value_base = $old[$uid];
 						$we_changed_it = $value_base != $value;
 						if ($we_changed_it) {
-							$user = Auth::getObj($uid);
-							$value_fork = $this->getConf($user,$key);
+							$value_fork = DB::get('users', $uid, $key);
 							$value_fork = $value_fork['value'];
 							if ($value_fork===false) $value_fork = 'false';
 							if ($value_fork===true)  $value_fork = 'true';
@@ -305,7 +305,7 @@ class Users extends Controller {
 						}
 					}
 					if ($doit) {
-						$this->setConf($uid, $key, $value);
+						DB::set('users', $uid, $key, $value);
 					}
 					if ($forked) {
 						echo "<pre>\n";
@@ -340,79 +340,16 @@ class Users extends Controller {
 		$vars['users'] = array();
 		$uids = $db->listUsers();
 		foreach ($uids as $uid) {
-			$user = Auth::getObj($uid);
 			$vars['users'][$uid] = array();
 			foreach ($vars['attribs'] as $attrib) {
 				$key = $attrib['key'];
-				$props = $this->getConf($user, $key);
+				$props = DB::get('users', $uid, $key);
 				$vars['users'][$uid][$key] = $props;
 			}
 		}
 		$this->showView('users/index', $vars);
 	}
-	
-	private function getConf($user, $key) {
-		$logged_in_user = Auth::getObj(Login::isLoggedIn());
-		$uid = $user->getUID();
-		$post_key = $key."[$uid]";
-		@$value = $_POST[$post_key];
-		$editable = $user->canEdit();
-		
-		switch ($key) {
-		case 'auth_uid':
-			$value = $user->getUID();
-			$editable = false;
-			break;
-		case 'auth_name':
-			$value = $user->getName();
-			break;
-		case 'auth_user':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = $user->isUser();
-			break;
-		case 'auth_admin':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = $user->isAdmin();
-			break;
-		case 'auth_delete':
-			$editable = $editable && $logged_in_user->isAdmin();
-			$value = false;
-			break;
-		default:
-			$value = $user->getConf($key);
-			if ($value===false) $value='';
-			break;
-		}
 		
-		return array('value'=>$value,
-		             'post_key'=>$post_key,
-		             'editable'=>$editable);
-	}
-	private function setConf($uid, $key, $value) {
-		// So, this rocks because we don't have to check permissions,
-		// the User object does that.
-		$user = Auth::getObj($uid);
-		
-		switch ($key) {
-		case 'auth_uid':
-			break;
-		case 'auth_name':
-			$user->setName($value);
-			break;
-		case 'auth_user':
-			$user->setUser($value=='true');
-			break;
-		case 'auth_admin':
-			$user->setAdmin($value=='true');
-			break;
-		case 'auth_delete':
-			if ($value=='true') $user->delete();
-		default: 
-			$user->setConf($key, $value);
-			break;
-		}
-	}
-	
 	function attrib($key, $name) {
 		return array('key'=>$key, 'name'=>$name);
 	}
diff --git a/src/lib/DB.class.php b/src/lib/DB.class.php
new file mode 100644
index 0000000..9f14161
--- /dev/null
+++ b/src/lib/DB.class.php
@@ -0,0 +1,131 @@
+<?php
+
+require_once('Auth.class.php');
+require_once('Login.class.php');
+
+class DB {
+	public static function get($table, $unit, $key) {
+		switch ($table) {
+		case 'conf':
+		case 'plugins':
+			return self::admin_get($unit, $key);
+			break;
+		case 'users':
+			return self::user_get($unit, $key);
+			break;
+		default:
+			return false;
+		}
+	}
+	public static function set($table, $unit, $key, $value) {
+		switch ($table) {
+		case 'conf':
+		case 'plugins':
+			return self::admin_get($unit, $key, $value);
+			break;
+		case 'users':
+			return self::user_set($unit, $key, $value);
+			break;
+		default:
+			return false;
+		}
+	}
+	
+	private static function user_get($uid, $key) {
+		$user = Auth::getObj($uid);
+		$logged_in_user = Auth::getObj(Login::isLoggedIn());
+		
+		$post_key = $key."[$uid]";
+		@$value = $_POST[$post_key];
+		$editable = $user->canEdit();
+		
+		switch ($key) {
+		case 'auth_uid':
+			$value = $user->getUID();
+			$editable = false;
+			break;
+		case 'auth_name':
+			$value = $user->getName();
+			break;
+		case 'auth_user':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = $user->isUser();
+			break;
+		case 'auth_admin':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = $user->isAdmin();
+			break;
+		case 'auth_delete':
+			$editable = $editable && $logged_in_user->isAdmin();
+			$value = false;
+			break;
+		default:
+			$value = $user->getConf($key);
+			if ($value===false) $value='';
+			break;
+		}
+		
+		return array('value'=>$value,
+		             'post_key'=>$post_key,
+		             'editable'=>$editable);
+	}
+	private static function user_set($uid, $key, $value) {
+		$user = Auth::getObj($uid);
+		
+		switch ($key) {
+		case 'auth_uid':
+			return false;
+			break;
+		case 'auth_name':
+			return $user->setName($value);
+			break;
+		case 'auth_user':
+			return $user->setUser($value=='true');
+			break;
+		case 'auth_admin':
+			return $user->setAdmin($value=='true');
+			break;
+		case 'auth_delete':
+			if ($value=='true') return $user->delete();
+		default: 
+			return $user->setConf($key, $value);
+			break;
+		}
+	}
+	
+	private static function admin_get($plugin, $key) {
+		global $mm; $db = $mm->database();
+		$user = Auth::getObj(Login::isLoggedIn());
+		if ($user->isAdmin()) {
+			$editable = true;
+			switch ($plugin) {
+			case 'system':
+				$value = $db->getSysConf($key);
+				break;
+			default:
+				$value =  $db->getPluginConf($plugin, $key);
+				break;
+			}
+		} else {
+			$editable = false;
+			$value = false;
+		}
+		
+		return array('value'=>$value,
+		             'post_key'=>'to be implemented',// FIXME
+		             'editable'=>$editable);
+	}
+	private static function admin_set($plugin, $key, $value) {
+		global $mm; $db = $mm->database();
+		$user = Auth::getObj(Login::isLoggedIn());
+		if (!$user->isAdmin()) {
+			return false;
+		}
+		switch ($plugin) {
+		case 'system':
+			return $db->setSysConf($key, $value);
+		default:
+			return $db->setPluginConf($plugin, $key, $value);
+		}
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 7e91c2872778407172fa42208be1aa7e466b97e3 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 14:17:09 -0400
Subject: Don't show full name to anon users, comment out security check for
 index.

---
 src/controllers/Users.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index f7dc604..c69701f 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -329,11 +329,13 @@ class Users extends Controller {
 	private function show_index($routed, $remainder) {
 		global $mm; $db = $mm->database();
 		
+		/*
 		$logged_in_user = Auth::getObj(Login::isLoggedIn());
 		if (!$logged_in_user->isUser()) {
 			$this->http401($routed, $remainder);
 			exit();
 		}
+		*/
 		
 		$vars = array();
 		$vars['attribs'] = $this->getIndexAttribs();
@@ -434,8 +436,6 @@ class Users extends Controller {
 			$attribs[] = $this->attrib('email','Email');
 		} else {
 			$attribs[] = $this->attrib('auth_uid', 'UID');
-			$attribs[] = $this->attrib('lastname','Last');
-			$attribs[] = $this->attrib('firstname','First');
 			$attribs[] = $this->attrib('auth_name', 'Username');
 		}
 		return $attribs;
-- 
cgit v1.2.3


From 855d769094d175cadda67c1c451279243533aaa5 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 14:27:17 -0400
Subject: Allow username lookup even if $user->canRead()==false

---
 src/models/Auth.class.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/models/Auth.class.php b/src/models/Auth.class.php
index b51aef9..031ee26 100644
--- a/src/models/Auth.class.php
+++ b/src/models/Auth.class.php
@@ -113,7 +113,6 @@ class Auth {
 
 	// [user|group]name ////////////////////////////////////////////////////
 	public function getName() {
-		if (!$this->canRead()) return false;
 		return $this->db->getUsername($this->uid);
 	}
 	public function setName($new_name) {
-- 
cgit v1.2.3


From 01003f1761631394360697530d3418c1acaf1cd9 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 14:57:49 -0400
Subject: Add the system config option 'anon_userlist' to control if an
 anonymous userlist is visible or not.

---
 src/controllers/Users.class.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index 24bb8aa..ac6b06a 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -308,13 +308,12 @@ class Users extends Controller {
 	private function show_index($routed, $remainder) {
 		global $mm; $db = $mm->database();
 		
-		/*
 		$logged_in_user = Auth::getObj(Login::isLoggedIn());
-		if (!$logged_in_user->isUser()) {
+		$anon_userlist = $db->getSysConf('anon_userlist')=='true';
+		if (!$anon_userlist && !$logged_in_user->isUser()) {
 			$this->http401($routed, $remainder);
 			exit();
 		}
-		*/
 		
 		$vars = array();
 		$vars['attribs'] = $this->getIndexAttribs();
-- 
cgit v1.2.3


From 710942016b2a363f1301259dac01410188707d85 Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 14:58:30 -0400
Subject: Change users/index.html a bit depending on if logged in or not.

---
 src/views/pages/users/index.html.php | 58 +++++++++++++++++++-----------------
 1 file changed, 30 insertions(+), 28 deletions(-)

diff --git a/src/views/pages/users/index.html.php b/src/views/pages/users/index.html.php
index daed9f7..d004c54 100644
--- a/src/views/pages/users/index.html.php
+++ b/src/views/pages/users/index.html.php
@@ -2,6 +2,7 @@
 $t = $VARS['template'];
 $attribs = $VARS['attribs'];
 $users = $VARS['users'];
+require_once('Login.class.php');
 
 $t->header('Users');
 
@@ -10,35 +11,34 @@ $t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet."))
 $t->openTag('form', array('action'=>$t->url('users/index'),
                           'method'=>'post'));
 
-$t->tag('input', array('type'=>'submit',
-                       'value'=>'Save/Update'));
+if (Login::isLoggedIn()) {
+	$t->tag('input', array('type'=>'submit',
+	                       'value'=>'Save/Update'));
+}
 
 $t->openTag('table', array('class'=>'sortable', 'id'=>'bar'));
 
-$t->openTag('thead');
-$t->openTag('tr');
-foreach ($attribs as $attrib) {
-	switch ($attrib['type']) {
-	case 'bool': $class = 'small'; break;
-	default: $class = ''; break;
+function table_head($attribs, $t) {
+	$t->openTag('tr');
+	foreach ($attribs as $attrib) {
+		switch ($attrib['type']) {
+		case 'bool': $class = 'small'; break;
+		default: $class = ''; break;
+		}
+		$t->tag('th', array('class'=>$class), $attrib['name']);
+	}
+	if (Login::isLoggedIn()) {
+		$t->tag('th', array(), '-');
 	}
-	$t->tag('th', array('class'=>$class), $attrib['name']);
+	$t->closeTag('tr');
 }
-$t->tag('th', array(), '-');
-$t->closeTag('tr');
+
+$t->openTag('thead');
+table_head($attribs, $t);
 $t->closeTag('thead');
 
 $t->openTag('tfoot');
-$t->openTag('tr');
-foreach ($attribs as $attrib) {
-	switch ($attrib['type']) {
-	case 'bool': $class = 'small'; break;
-	default: $class = ''; break;
-	}
-	$t->tag('th', array('class'=>$class), $attrib['name']);
-}
-$t->tag('th', array(), '-');
-$t->closeTag('tr');
+table_head($attribs, $t);
 $t->closeTag('tfoot');
 
 $t->openTag('tbody');
@@ -85,18 +85,20 @@ foreach ($users as $user) {
 		$t->closeTag('td');
 	}
 	
-	$t->openTag('td');
-	$t->link($t->url('users/'.$user['auth_name']['value']), 'More');
-	$t->closeTag('td');
-	
+	if (Login::isLoggedIn()) {
+		$t->openTag('td');
+		$t->link($t->url('users/'.$user['auth_name']['value']), 'More');
+		$t->closeTag('td');
+	}
 	$t->closeTag('tr');
 }
 
 $t->closeTag('tbody');
 $t->closeTag('table');
 
-$t->tag('input', array('type'=>'submit',
-                       'value'=>'Save/Update'));
-$t->closeTag('form');
+if (Login::isLoggedIn()) {
+	$t->tag('input', array('type'=>'submit',
+	                       'value'=>'Save/Update'));
+}
 
 $t->footer();
-- 
cgit v1.2.3


From 2e769649abf4f9b3712287e24eb42c5a93a8035e Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 15:41:59 -0400
Subject: Link to the userlist from the user registration page, if
 anon_userlist is enabled.

---
 src/controllers/Users.class.php    |  7 ++++++-
 src/views/pages/users/new.html.php | 10 ++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index ac6b06a..dbd5120 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -72,8 +72,13 @@ class Users extends Controller {
 			exit();
 		}
 		if (!isset($vars['errors'])) $vars['errors'] = array();
-		global $mm; $pm = $mm->pluginManager();
+		
+		global $mm;
+		$pm = $mm->pluginManager();
+		$db = $mm->database();
+		
 		$vars['antispam_html'] = $pm->callHook('antispam_html');
+		$vars['userlist'] = $db->getSysConf('anon_userlist');
 		$this->showView('users/new', $vars);
 	}
 	
diff --git a/src/views/pages/users/new.html.php b/src/views/pages/users/new.html.php
index 8b6bdf8..9df376f 100644
--- a/src/views/pages/users/new.html.php
+++ b/src/views/pages/users/new.html.php
@@ -7,6 +7,16 @@ $t->openTag('form', array('method'=>'post',
                           'action'=>$t->url('users')));
 
 $t->openFieldset("New User: Step 1");
+
+if ($VARS['userlist']) {
+	$t->inputP("If you may have already created a username, please, ".
+	           "<em>please</em> check the ".
+	           $t->link($t->url('users/'), 'user-list', true).
+	           " to find your old username, instead of creating a new ".
+	           "user. If you don't like the name, you can log in and ".
+	           "change it.");
+}
+
 if (in_array('illegal name', $VARS['errors'])) {
 	$t->inputP("That is a forbidden username.", true);
 }
-- 
cgit v1.2.3


From 93b1163cba7edf1a0a7e7ae787e06434de119dad Mon Sep 17 00:00:00 2001
From: Luke Shumaker <LukeShu@sbcglobal.net>
Date: Sun, 9 Oct 2011 15:46:25 -0400
Subject: Fix the markup with the spreadsheet link in the user index.

---
 src/views/pages/users/index.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/views/pages/users/index.html.php b/src/views/pages/users/index.html.php
index caedf5c..2650c5a 100644
--- a/src/views/pages/users/index.html.php
+++ b/src/views/pages/users/index.html.php
@@ -5,7 +5,7 @@ $users = $VARS['users'];
 
 $t->header('Users');
 
-$t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet."));
+$t->paragraph($t->link($t->url('users.csv'), "Download this as a spreadsheet.", true));
 
 $t->openTag('form', array('action'=>$t->url('users/index'),
                           'method'=>'post'));
-- 
cgit v1.2.3