200 lines
9.5 KiB
Plaintext
200 lines
9.5 KiB
Plaintext
<?php
|
|
|
|
$module = array("help" => "account_help",
|
|
"find" => "account_find",
|
|
"admin" => "account_admin");
|
|
|
|
function account_help() {
|
|
?>
|
|
<P>The account-module is responsible for maintaining the user database. It automatically handles tasks like registration, authentication, access rights, password retrieval, user settings and much more.</P>
|
|
<P>The required administration can be accomplished through the "account" interface of the administration section. From here administrators can get a quick overview of all registered users and view/edit specific accounts using the links provided. Some useful operations include blocking specific accounts (e.g. a troublesome user) and giving/taking administration permissions. Note that you should only give these permissions to people you trust!</P>
|
|
<P>Check the documentation page for detailed information about user management.</P>
|
|
<?php
|
|
}
|
|
|
|
function account_find($keys) {
|
|
global $user;
|
|
$find = array();
|
|
$result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20");
|
|
while ($account = db_fetch_object($result)) {
|
|
array_push($find, array("subject" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=$account->userid" : "account.php?op=view&name=$account->userid"), "user" => $account->userid));
|
|
}
|
|
return $find;
|
|
}
|
|
|
|
function account_search() {
|
|
global $keys, $mod;
|
|
print search_form($keys);
|
|
print search_data($keys, $mod);
|
|
}
|
|
|
|
function account_display($order = "username") {
|
|
$result = db_query("SELECT id, userid, last_access FROM users ORDER BY last_access DESC LIMIT 50");
|
|
|
|
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
|
|
$output .= " <TR><TH>username</TH><TH>last access</TH><TH COLSPAN=\"3\">operations</TH></TR>\n";
|
|
while ($account = db_fetch_object($result)) {
|
|
$output .= " <TR><TD>". format_username($account->userid) ."</TD><TD>". format_date($account->last_access) ."</TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=account&op=view&name=$account->userid\">view</A></TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=account&op=edit&name=$account->userid\">edit</A></TD><TD ALIGN=\"center\"><A HREF=\"admin.php?mod=account&op=delete&name=$account->userid\">delete</A></TD></TR>\n";
|
|
}
|
|
$output .= "</TABLE>\n";
|
|
|
|
print $output;
|
|
}
|
|
|
|
function account_access($account) {
|
|
$data = explode(";", $account->access);
|
|
foreach ($data as $array) {
|
|
$access = explode(":", $array);
|
|
if ($access[0]) $output .= " $access[0]";
|
|
}
|
|
return $output;
|
|
}
|
|
|
|
function account_blocks($id) {
|
|
$result = db_query("SELECT * FROM layout WHERE user = '$id'");
|
|
while ($layout = db_fetch_object($result)) {
|
|
$output .= "<LI>$layout->block</LI>\n";
|
|
}
|
|
return $output;
|
|
}
|
|
|
|
function account_nodes($id) {
|
|
$result = db_query("SELECT * FROM node WHERE author = $id ORDER BY timestamp DESC");
|
|
while ($node = db_fetch_object($result)) {
|
|
$output .= "<LI><A HREF=\"node.php?id=$node->nid\">$node->title</A> ($node->type)</LI>\n";
|
|
}
|
|
return $output;
|
|
}
|
|
|
|
function account_comments($id) {
|
|
$result = db_query("SELECT * FROM comments WHERE author = '$id' ORDER BY timestamp DESC");
|
|
while ($comment = db_fetch_object($result)) {
|
|
$output .= "<LI><A HREF=\"node.php?id=$comment->lid&cid=$comment->cid&pid=$comment->pid#$comment->cid\">$comment->subject</A></LI>\n";
|
|
}
|
|
return $output;
|
|
}
|
|
|
|
function account_delete($name) {
|
|
$result = db_query("SELECT * FROM users WHERE userid = '$name' AND status = 0 AND id > 1");
|
|
if ($account = db_fetch_object($result)) {
|
|
db_query("DELETE FROM users WHERE id = '$account->id'");
|
|
}
|
|
else {
|
|
print "<P>Failed to delete account '". format_username($name) ."': the account must be blocked first.</P>";
|
|
}
|
|
}
|
|
|
|
function account_edit_save($name, $edit) {
|
|
foreach ($edit as $key=>$value) if ($key != "access") $query .= "$key = '". addslashes($value) ."', ";
|
|
db_query("UPDATE users SET $query access = '' WHERE userid = '$name'");
|
|
if ($edit[access]) foreach ($edit[access] as $key=>$value) user_set(user_load($name), "access", $value, 1);
|
|
|
|
watchdog("message", "account: modified user '$name'");
|
|
}
|
|
|
|
function account_edit($name) {
|
|
global $access, $account;
|
|
|
|
function access($name, $module) {
|
|
global $access, $account;
|
|
$access .= "<OPTION VALUE=\"$name\"". (user_access($account, $name) ? " SELECTED" : "") .">$name</OPTION>";
|
|
}
|
|
|
|
$status = array(0 => "blocked", 1 => "not confirmed", 2 => "open");
|
|
|
|
$result = db_query("SELECT * FROM users WHERE userid = '$name'");
|
|
|
|
if ($account = db_fetch_object($result)) {
|
|
foreach ($status as $key=>$value) {
|
|
$stat .= " <OPTION VALUE=\"$key\"". (($account->status == $key) ? " SELECTED" : "") .">$value</OPTION>\n";
|
|
}
|
|
|
|
module_iterate("access");
|
|
|
|
$output .= "<FORM ACTION=\"admin.php?mod=account\" METHOD=\"post\">\n";
|
|
$output .= "<B>ID:</B><BR>$account->id<P>\n";
|
|
$output .= "<B>Username:</B><BR>". check_output($account->userid) ."<P>\n";
|
|
$output .= "<B>Status:</B><BR><SELECT NAME=\"edit[status]\">\n$stat</SELECT><P>\n";
|
|
$output .= "<B>Administrator access:</B><BR><SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT><P>\n";
|
|
$output .= "<B>Real name:</B><BR><INPUT NAME=\"edit[name]\" SIZE=\"55\" VALUE=\"". check_textfield($account->name). "\"><P>\n";
|
|
$output .= "<B>Real e-mail address:</B><BR><INPUT NAME=\"edit[real_email]\" SIZE=\"55\" VALUE=\"". check_textfield($account->real_email) ."\"><P>\n";
|
|
$output .= "<B>Fake e-mail address:</B><BR><INPUT NAME=\"edit[fake_email]\" SIZE=\"55\" VALUE=\"". check_textfield($account->fake_email) ."\"><P>\n";
|
|
$output .= "<B>URL of homepage:</B><BR><INPUT NAME=\"edit[url]\" SIZE=\"55\" VALUE=\"". check_textfield($account->url) ."\"><P>\n";
|
|
$output .= "<B>Bio information:</B><BR><TEXTAREA NAME=\"edit[bio]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">". check_textarea($account->bio) ."</TEXTAREA><P>\n";
|
|
$output .= "<B>Signature:</B><BR><TEXTAREA NAME=\"edit[signature]\" COLS=\"35\" ROWS=\"5\" WRAP=\"virtual\">". check_textarea($account->signature) ."</TEXTAREA><P>\n";
|
|
$output .= "<INPUT TYPE=\"hidden\" NAME=\"name\" VALUE=\"$account->userid\">\n";
|
|
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"View account\">\n";
|
|
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save account\">\n";
|
|
$output .= "</FORM>\n";
|
|
print "$output";
|
|
}
|
|
}
|
|
|
|
function account_view($name) {
|
|
$status = array(0 => "blocked", 1 => "not confirmed", 2 => "open");
|
|
|
|
$result = db_query("SELECT * FROM users WHERE userid = '$name'");
|
|
|
|
if ($account = db_fetch_object($result)) {
|
|
$output .= "<FORM ACTION=\"admin.php?mod=account\" METHOD=\"post\">\n";
|
|
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
|
|
$output .= " <TR><TH>ID:</TH><TD>$account->id</TD></TR>\n";
|
|
$output .= " <TR><TH>Username:</TH><TD>$account->userid</TD></TR>\n";
|
|
$output .= " <TR><TH>Status:</TH><TD>". $status[$account->status] ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Access:</TH><TD>". check_output(account_access($account)) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Real name:</TH><TD>". check_output($account->name) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Real e-mail address:</TH><TD>". format_email($account->real_email) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Fake e-mail address:</TH><TD>". check_output($account->fake_email) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>URL of homepage:</TH><TD>". format_url($account->url) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Last access:</TH><TD>". format_date($account->last_access) ." from ". check_output($account->last_host) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>User rating:</TH><TD>". check_output($account->rating) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Bio information:</TH><TD>". check_output($account->bio) ."</TD></TR>\n";
|
|
$output .= " <TR><TH><B>Signature:</TH><TD>". check_output($account->signature) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Theme:</TH><TD>". check_output($account->theme) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Timezone:</TH><TD>". check_output($account->timezone / 3600) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Selected blocks:</TH><TD>". check_output(account_blocks($account->id)) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Submitted nodes:</TH><TD>". check_output(account_nodes($account->id)) ."</TD></TR>\n";
|
|
$output .= " <TR><TH>Submitted comments:</TH><TD>". check_output(account_comments($account->id)) ."</TD></TR>\n";
|
|
$output .= " <TR><TD ALIGN=\"center\" COLSPAN=\"2\"><INPUT TYPE=\"hidden\" NAME=\"name\" VALUE=\"$account->userid\"><INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Edit account\"><INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Delete account\"></TD></TR>\n";
|
|
$output .= "</TABLE>\n";
|
|
$output .= "</FORM>\n";
|
|
print "$output";
|
|
}
|
|
}
|
|
|
|
function account_admin() {
|
|
global $op, $edit, $order, $name;
|
|
|
|
print "<SMALL><A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>\n";
|
|
|
|
switch ($op) {
|
|
case "Delete account":
|
|
case "delete":
|
|
account_delete(check_input($name));
|
|
account_display();
|
|
break;
|
|
case "Edit account":
|
|
case "edit":
|
|
account_edit(check_input($name));
|
|
break;
|
|
case "help":
|
|
account_help();
|
|
break;
|
|
case "search":
|
|
account_search();
|
|
break;
|
|
case "View account":
|
|
case "view":
|
|
account_view($name);
|
|
break;
|
|
case "Save account":
|
|
account_edit_save(check_input($name), $edit);
|
|
account_view(check_input($name));
|
|
break;
|
|
default:
|
|
account_display();
|
|
}
|
|
}
|
|
|
|
?>
|