php-e107/e107_admin/administrator.php

<?php
/*
+ ----------------------------------------------------------------------------+
|     e107 website system
|
|     <EFBFBD>Steve Dunstan 2001-2002
|     http://e107.org
|     jalist@e107.org
|
|     Released under the terms and conditions of the
|     GNU General Public License (http://gnu.org).
|
|     $Source: /cvs_backup/e107_0.8/e107_admin/administrator.php,v $
|     $Revision: 1.8 $
|     $Date: 2008-11-14 06:01:06 $
|     $Author: e107coders $
+----------------------------------------------------------------------------+
*/
require_once('../class2.php');
if (!getperms('3'))
{
	header('location:'.e_BASE.'index.php');
	exit;
}
$e_sub_cat = 'admin';
require_once('auth.php');

$action = '';
$sub_action = -1;
if (e_QUERY)
{
	$tmp = explode(".", e_QUERY);
	$action = $tmp[0];					// Used when called from elsewhere
	$sub_action = varset($tmp[1],-1);	// User ID 
	unset($tmp);
}


if (isset($_POST['update_admin']))
{	// Permissions updated
	$modID = intval($_POST['a_id']);
	if ($modID == 0)
	{
		exit;
	}
	$sql->db_Select("user", "*", "user_id=".$modID);
	$row = $sql->db_Fetch();
	$a_name = $row['user_name'];

	$perm = "";

	foreach($_POST['perms'] as $value)
	{
		$value = $tp->toDB($value);
		if ($value == "0")
		{
			if (!getperms('0')) { $value = ""; break; }
			$perm = "0."; break;
		}

		if ($value)
		{
			$perm .= $value.".";
		}
    }

	admin_update($sql -> db_Update("user", "user_perms='{$perm}' WHERE user_id='{$modID}' "), 'update', ADMSLAN_56." ".$tp->toDB($_POST['ad_name'])." ".ADMSLAN_2."<br />");
	$logMsg = str_replace(array('--ID--', '--NAME--'),array($modID, $a_name),ADMSLAN_72).$perm;
	$admin_log->log_event('ADMIN_01',$logMsg,E_LOG_INFORMATIVE,'');	
	unset($modID, $ad_name, $a_perms);
}


if (isset($_POST['edit_admin']) || $action == "edit")
{
	$edid = array_keys($_POST['edit_admin']);
    $theid = intval(($sub_action < 0) ? $edid[0] : $sub_action);
	if ((!$sql->db_Select("user", "*", "user_id=".$theid))
		|| !($row = $sql->db_Fetch()))
	{
		echo "Couldn't find user ID: {$theid}, {$sub_action}, {$edid[0]}<br />";	// Debug code - shouldn't be executed
	}
	
/*  Code would never be executed - $a_perms not set at this point
	if ($a_perms == "0")
	{
		$text = "<div style='text-align:center'>$ad_name ".ADMSLAN_3."
		<br /><br />
		<a href='administrator.php'>".ADMSLAN_4."</a></div>";
		$ns->tablerender(LAN_ERROR, $text);
		require_once("footer.php");
		exit;
	}  */
}


if (isset($_POST['del_admin']) && count($_POST['del_admin']))
{
	$delid = array_keys($_POST['del_admin']);
	$aID = intval($delid[0]);
	$sql->db_Select("user", "*", "user_id= ".$aID);
	$row = $sql->db_Fetch();

	if ($row['user_id'] == 1)
	{	// CAn't delete main admin
		$text = "<div style='text-align:center'>".$row['user_name']." ".ADMSLAN_6."
		<br /><br />
		<a href='administrator.php'>".ADMSLAN_4."</a>";
		$ns->tablerender(ADMSLAN_5, $text);
		require_once("footer.php");
		exit;
	}

	admin_update($sql -> db_Update("user", "user_admin=0, user_perms='' WHERE user_id= ".$aID), 'update', ADMSLAN_61, LAN_DELETED_FAILED);
	$logMsg = str_replace(array('--ID--', '--NAME--'),array($aID, $row['user_name']),ADMSLAN_73);
	$admin_log->log_event('ADMIN_02',$logMsg,E_LOG_INFORMATIVE,'');	
}


if(isset($_POST['edit_admin']) || $action == "edit")
{
	edit_administrator($row);
}
else
{
   show_admins();
}



function show_admins()
{
    global $sql, $tp, $ns, $pref, $imode;

	$sql->db_Select("user", "*", "user_admin='1'");

	$text = "<div style='text-align:center'><div style='padding: 1px; ".ADMIN_WIDTH."; margin-left: auto; margin-right: auto;'>
	<form action='".e_SELF."' method='post' id='del_administrator'>
	<div>
	<input type='hidden' name='del_administrator_confirm' id='del_administrator_confirm' value='1' />
	<table class='fborder' style='width:99%'>
	<tr>
	<td style='width:5%' class='fcaption'>ID</td>
	<td style='width:20%' class='fcaption'>".ADMSLAN_56."</td>
	<td style='width:65%' class='fcaption'>".ADMSLAN_18."</td>
	<td style='width:10%' class='fcaption'>".LAN_OPTIONS."</td>
	</tr>";

	while ($row = $sql->db_Fetch())
	{
		$text .= "<tr>
		<td style='width:5%' class='forumheader3'>".$row['user_id']."</td>
		<td style='width:20%' class='forumheader3'><a href='".e_BASE."user.php?id.".$row['user_id']."'>".$row['user_name']."</a></td>
		<td style='width:65%' class='forumheader3'>";

		$permtxt = "";
        $text .= renderperms($row['user_perms'],$row['user_id'],"words");
   		$text .= "</td>

		<td style='width:10%; text-align:center' class='forumheader3'>";
		if($row['user_id'] != "1")
		{
    		$text .= "
			<input type='image' name='edit_admin[{$row['user_id']}]' value='edit' src='".e_IMAGE."admin_images/edit_16.png' title='".LAN_EDIT."' />
			<input type='image' name='del_admin[{$row['user_id']}]' value='del' src='".e_IMAGE."admin_images/delete_16.png' onclick=\"return jsconfirm('".$tp->toJS(ADMSLAN_59."? [".$row['user_name']."]")."') \"  title='".ADMSLAN_59."' style='border:0px' />";
    	}
		$text .= "&nbsp;</td>

		</tr>";
	}

	$text .= "</table></div>\n</form></div>\n</div>";

	$ns->tablerender(ADMSLAN_13, $text);

}




function edit_administrator($row)
{
    global $sql,$tp,$ns,$pref;
	$lanlist = explode(",",e_LANLIST);

	$a_id = $row['user_id'];
	$ad_name = $row['user_name'];
	$a_perms = $row['user_perms'];

	$text = "<div style='text-align:center'>
	<form method='post' action='".e_SELF."' id='myform' >
	<table style='".ADMIN_WIDTH."' class='fborder'>
	<tr>
	<td style='width:25%' class='forumheader3'>".ADMSLAN_16.": </td>
	<td style='width:75%' class='forumheader3'>
	";

	$text .= $ad_name;
	$text .= "<input type='hidden' name='ad_name' size='60' value='$ad_name' />";

	$text .= "
	</td>
	</tr>";

	$text .="
	<tr>
	<td style='width:25%;vertical-align:top' class='forumheader3'>".ADMSLAN_18.": <br /></td>
	<td style='width:75%' class='forumheader3'>";

	$text .= checkb("1", $a_perms).ADMSLAN_19."<br />";			// Alter site preferences
	$text .= checkb("2", $a_perms).ADMSLAN_20."<br />";			// Alter Menus
	$text .= checkb("3", $a_perms).ADMSLAN_21."<br />";			// Modify administrator permissions
	$text .= checkb("4", $a_perms).ADMSLAN_22."<br />";			// Moderate users/bans etc
	$text .= checkb("5", $a_perms).ADMSLAN_23."<br />";			// create/edit custom pages/menus
	$text .= checkb("Q", $a_perms).ADMSLAN_24."<br />";			// Manage download categories
	$text .= checkb("6", $a_perms).ADMSLAN_25."<br />";			// Upload /manage files
	$text .= checkb("Y", $a_perms).ADMSLAN_67."<br />";			// file inspector
	$text .= checkb("O", $a_perms).ADMSLAN_68."<br />";			// notify
	$text .= checkb("7", $a_perms).ADMSLAN_26."<br />";			// Oversee news categories
//	$text .= checkb("8", $a_perms).ADMSLAN_27."<br />";			// Oversee link categories
	$text .= checkb("C", $a_perms).ADMSLAN_64."<br />";			// Clear Cache - Previously moderate chatbox
	$text .= checkb("9", $a_perms).ADMSLAN_28."<br />";			// Take site down for maintenance
	$text .= checkb("W", $a_perms).ADMSLAN_65."<br /><br />";	// Configure mail settings and mailout

	$text .= checkb("D", $a_perms).ADMSLAN_29."<br />";			// Manage banners
//	$text .= checkb("E", $a_perms).ADMSLAN_30."<br />";			// Configure news feed headlines - now plugin
	$text .= checkb("F", $a_perms).ADMSLAN_31."<br />";			// Configure emoticons
	$text .= checkb("G", $a_perms).ADMSLAN_32."<br />";			// Configure front page content
	$text .= checkb("S", $a_perms).ADMSLAN_33."<br />";			// Configure system logs  (previously log/stats - now plugin)
	$text .= checkb("T", $a_perms).ADMSLAN_34."<br />";			// Configure meta tags
	$text .= checkb("V", $a_perms).ADMSLAN_35."<br />";			// Configure public file uploads
	$text .= checkb("X", $a_perms).ADMSLAN_66."<br />";			// Configure Search
	$text .= checkb("A", $a_perms).ADMSLAN_36."<br />";			// Configure Image Settings (Previously Moderate forums - NOW PLUGIN)
	$text .= checkb("B", $a_perms).ADMSLAN_37."<br />";			// Moderate comments
	$text .= checkb("H", $a_perms).ADMSLAN_39."<br />";			// Post news
	$text .= checkb("I", $a_perms).ADMSLAN_40."<br />";			// Post links
//	$text .= checkb("J", $a_perms).ADMSLAN_41."<br />";					// Post articles   - NOW PLUGIN
//	$text .= checkb("K", $a_perms).ADMSLAN_42."<br />";					// Post reviews    - NOW PLUGIN
//	$text .= checkb("L", $a_perms).ADMSLAN_43."<br />";					// Post content pages - NOW PLUGIN
	$text .= checkb("R", $a_perms).ADMSLAN_44."<br />";			// Post downloads
	$text .= checkb("U", $a_perms).ADMSLAN_45."<br />";			// Post polls
	$text .= checkb("M", $a_perms).ADMSLAN_46."<br />";			// Welcome message
	$text .= checkb("N", $a_perms).ADMSLAN_47."<br /><br />";	// Moderate submitted news

	$text .= "<br /><div class='fcaption'>".ADLAN_CL_7."</div><br />";
	$text .= checkb("Z", $a_perms).ADMSLAN_62."<br /><br />";	// Plugin Manager

	$sql->db_Select("plugin", "*", "plugin_installflag='1'");
	while ($row = $sql->db_Fetch())
	{
		$text .= checkb("P".$row['plugin_id'], $a_perms).LAN_PLUGIN." - ".$tp->toHTML($row['plugin_name'],FALSE,'RAWTEXT,defs')."<br />";
	}

// Language Rights.. --------------
	if($pref['multilanguage'])
	{
		sort($lanlist);
		$text .= "<br /><div class='fcaption'>".ADLAN_132."</div><br />\n";
		$text .= checkb($pref['sitelanguage'], $a_perms).$pref['sitelanguage']."<br />\n";
		foreach($lanlist as $langval)
		{
			$langname = $langval;
			$langval = ($langval == $pref['sitelanguage']) ? "" : $langval;
			if ($langval)
	   		{
				$text .= checkb($langval, $a_perms).$langval."<br />\n";
			}
		}
	}
	// -------------------------

	if (getperms('0'))
	{
		$text .= "<br /><br /><div class='fcaption'>".ADMSLAN_58."</div><br />";
		$text .= checkb("0", $a_perms).ADMSLAN_58."<br />";
	}

	$text .= "<br /><br />
	<a href='".e_SELF."?checkall=1' onclick=\"setCheckboxes('myform', true, 'perms[]'); return false;\">".ADMSLAN_49."</a> -
	<a href='".e_SELF."' onclick=\"setCheckboxes('myform', false, 'perms[]'); return false;\">".ADMSLAN_51."</a><br />
	<br />
	</td>
	</tr>";

	$text .= "<tr style='vertical-align:top'>
	<td colspan='2' style='text-align:center' class='forumheader'>";

	$text .= "<input class='button' type='submit' name='update_admin' value='".ADMSLAN_52."' />
	<input type='hidden' name='a_id' value='$a_id' />";

	$text .= "</td>
	</tr>
	</table>
	</form>
	</div>";

    $text .= "<div style='text-align:center'><br /><a href='".e_SELF."'>".ADMSLAN_70."</a></div>";
	$ns->tablerender(ADMSLAN_52, $text);
}



require_once("footer.php");






function checkb($arg, $perms)
{
	if (getperms($arg, $perms))
	{
		$par = "<input type='checkbox' name='perms[]' value='{$arg}' checked='checked' />\n";
	}
	else
	{
		$par = "<input type='checkbox' name='perms[]' value='{$arg}' />\n";
	}
	return $par;
}


function renderperms($perm,$id)
{
	global $pref,$sql,$pt;
	if($perm == "0")
	{
   		return ADMSLAN_58;
	}
    $sql2 = new db;
	$lanlist = explode(",",e_LANLIST);


	if(!$pt)
	{
    	$pt["1"] = ADMSLAN_19;
		$pt["2"] = ADMSLAN_20;
		$pt["3"] = ADMSLAN_21;
		$pt["4"] = ADMSLAN_22;	// Moderate users/bans etc
		$pt["5"] = ADMSLAN_23;	// create/edit custom pages/menus
		$pt["Q"] = ADMSLAN_24;	// Manage download categories
		$pt["6"] = ADMSLAN_25;	// Upload /manage files
		$pt["Y"] = ADMSLAN_67;	// file inspector
		$pt["O"] = ADMSLAN_68;	// notify
		$pt["7"] = ADMSLAN_26;
		$pt["8"] = ADMSLAN_27;
		$pt["C"] = ADMSLAN_64;
		$pt["9"] = ADMSLAN_28;
		$pt["W"] = ADMSLAN_65;
    	$pt["D"] = ADMSLAN_29;
		$pt["E"] = ADMSLAN_30;
		$pt["F"] = ADMSLAN_31;
		$pt["G"] = ADMSLAN_32;
		$pt["S"] = ADMSLAN_33;
		$pt["T"] = ADMSLAN_34;
		$pt["V"] = ADMSLAN_35;
		$pt["X"] = ADMSLAN_66;
		$pt["A"] = ADMSLAN_36;	// Configure Image Settings
		$pt["B"] = ADMSLAN_37;
		$pt["H"] = ADMSLAN_39;
		$pt["I"] = ADMSLAN_40;
		$pt["L"] = ADMSLAN_43;
		$pt["R"] = ADMSLAN_44;
		$pt["U"] = ADMSLAN_45;
		$pt["M"] = ADMSLAN_46;
		$pt["N"] = ADMSLAN_47;
		$pt["Z"] = ADMSLAN_62;
		

		$sql2->db_Select("plugin", "*", "plugin_installflag='1'");
		while ($row2 = $sql2->db_Fetch())
		{
			$pt[("P".$row2['plugin_id'])] = LAN_PLUGIN." - ".$row2['plugin_name'];
		}
	}

	$tmp = explode(".", $perm);
		$langperm = "";
		foreach($tmp as $pms)
		{
			if(in_array($pms, $lanlist))
			{
				$langperm .= $pms."&nbsp;";
			}
			else
			{
				$permtxt[] = $pms;
                if($pt[$pms])
				{
		   			$ptext[] = $pt[$pms];
				}
			}
		}

	$ret = implode(" ",$permtxt);
	if($pref['multilanguage'])
	{
		$ret .= ",&nbsp;". $langperm;
	}

	$text = "<div onclick=\"expandit('id_{$id}')\" style='cursor:pointer' title='".ADMSLAN_71."'>{$ret}</div>
	<div id='id_$id' style='display:none'><br />".implode("<br />",$ptext)."</div>";
    return $text;


}

?>