mirror of
				https://github.com/e107inc/e107.git
				synced 2025-10-24 19:26:21 +02:00 
			
		
		
		
	#14 User administration rewrite (set user class, quick add user not functional, work in progress);
retrieve() DB method update (work in progress);
This commit is contained in:
		| @@ -45,7 +45,7 @@ if (ADMIN) | |||||||
| 		if(e107::getUser()->getSessionDataAs()) | 		if(e107::getUser()->getSessionDataAs()) | ||||||
| 		{ // TODO - lan | 		{ // TODO - lan | ||||||
| 			$asuser = e107::getSystemUser(e107::getUser()->getSessionDataAs(), false); | 			$asuser = e107::getSystemUser(e107::getUser()->getSessionDataAs(), false); | ||||||
| 			e107::getMessage()->addInfo('Successfully logged in as '.($asuser && $asuser->getValue('name') ? $asuser->getValue('name') : 'unknown'). ' <a href="'.e_ADMIN_ABS.'users.php?logoutas">[logout]</a>'); | 			e107::getMessage()->addInfo('Successfully logged in as '.($asuser->getId()  ? $asuser->getName().' ('.$asuser->getValue('email').')' : 'unknown'). ' <a href="'.e_ADMIN_ABS.'users.php?mode=main&action=logoutas">[logout]</a>'); | ||||||
| 		} | 		} | ||||||
| 		// NEW, legacy 3rd party code fix, header called inside the footer o.O | 		// NEW, legacy 3rd party code fix, header called inside the footer o.O | ||||||
| 		if(deftrue('e_ADMIN_UI')) | 		if(deftrue('e_ADMIN_UI')) | ||||||
|   | |||||||
							
								
								
									
										1562
									
								
								e107_admin/users.php
									
									
									
									
									
								
							
							
						
						
									
										1562
									
								
								e107_admin/users.php
									
									
									
									
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @@ -138,7 +138,7 @@ class e_admin_request | |||||||
| 			$this->_id = intval($this->_request_qry[$this->_id_key]); | 			$this->_id = intval($this->_request_qry[$this->_id_key]); | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		$this->_posted_qry = $_POST; //raw? | 		$this->_posted_qry =& $_POST; //raw? | ||||||
|  |  | ||||||
| 		return $this; | 		return $this; | ||||||
| 	} | 	} | ||||||
| @@ -183,10 +183,12 @@ class e_admin_request | |||||||
| 		if(null === $value) | 		if(null === $value) | ||||||
| 		{ | 		{ | ||||||
| 			unset($this->_request_qry[$key]); | 			unset($this->_request_qry[$key]); | ||||||
|  | 			unset($_GET[$key]); | ||||||
| 			return $this; | 			return $this; | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		$this->_request_qry[$key] = $value; | 		$this->_request_qry[$key] = $value; | ||||||
|  | 		$_GET[$key] = $value; | ||||||
| 		return $this; | 		return $this; | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| @@ -410,9 +412,10 @@ class e_admin_request | |||||||
| 	 * @param string|array $merge_with [optional] override request values | 	 * @param string|array $merge_with [optional] override request values | ||||||
| 	 * @param boolean $encode if true & separator will be used, all values will be http encoded, default true | 	 * @param boolean $encode if true & separator will be used, all values will be http encoded, default true | ||||||
| 	 * @param string|array $exclude_from_query numeric array/comma separated list of vars to be excluded from current query, true - don't use current query at all | 	 * @param string|array $exclude_from_query numeric array/comma separated list of vars to be excluded from current query, true - don't use current query at all | ||||||
|  | 	 * @param boolean $keepSpecial don't exclude special vars as 'mode' and 'action' | ||||||
| 	 * @return string url encoded query string | 	 * @return string url encoded query string | ||||||
| 	 */ | 	 */ | ||||||
| 	public function buildQueryString($merge_with = array(), $encode = true, $exclude_from_query = '') | 	public function buildQueryString($merge_with = array(), $encode = true, $exclude_from_query = '', $keepSpecial = true) | ||||||
| 	{ | 	{ | ||||||
| 		$ret = $this->getQuery(); | 		$ret = $this->getQuery(); | ||||||
|  |  | ||||||
| @@ -430,7 +433,7 @@ class e_admin_request | |||||||
| 		{ | 		{ | ||||||
| 			foreach ($exclude_from_query as $var) | 			foreach ($exclude_from_query as $var) | ||||||
| 			{ | 			{ | ||||||
| 				unset($ret[$var]); | 				if($keepSpecial && $var != $this->_action_key && $var != $this->_mode_key) unset($ret[$var]); | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| @@ -3853,9 +3856,8 @@ class e_admin_ui extends e_admin_controller_ui | |||||||
| 			$this->setPosted(array()); | 			$this->setPosted(array()); | ||||||
| 			return; // always break on cancel! | 			return; // always break on cancel! | ||||||
| 		} | 		} | ||||||
| 		// TODO - investigate - strange post vale of delete triggers, switched to key |  | ||||||
| 		// for quick fix | 		$id = intval(key($posted)); | ||||||
| 		$id = intval(key($posted));//intval(array_shift($posted)); |  | ||||||
| 		if($this->deleteConfirmScreen && !$this->getPosted('etrigger_delete_confirm')) | 		if($this->deleteConfirmScreen && !$this->getPosted('etrigger_delete_confirm')) | ||||||
| 		{ | 		{ | ||||||
| 			// forward data to delete confirm screen | 			// forward data to delete confirm screen | ||||||
|   | |||||||
| @@ -1387,7 +1387,7 @@ class e107 | |||||||
|  |  | ||||||
| 	/** | 	/** | ||||||
| 	 * Retrieve User Perms (admin perms) handler singleton object | 	 * Retrieve User Perms (admin perms) handler singleton object | ||||||
| 	 * @return comment | 	 * @return e_userperms | ||||||
| 	 */ | 	 */ | ||||||
| 	public static function getUserPerms() | 	public static function getUserPerms() | ||||||
| 	{ | 	{ | ||||||
|   | |||||||
| @@ -341,25 +341,37 @@ class e_db_mysql | |||||||
| 	 * // Get single row set, $multi and indexField are ignored | 	 * // Get single row set, $multi and indexField are ignored | ||||||
| 	 * $array = e107::getDb()->retrieve('user', 'user_email, user_name', 'user_id=1'); | 	 * $array = e107::getDb()->retrieve('user', 'user_email, user_name', 'user_id=1'); | ||||||
| 	 *  | 	 *  | ||||||
| 	 * // Fetch all, don't append WHERE to the query, index by user_id | 	 * // Fetch all, don't append WHERE to the query, index by user_id, noWhere auto detected (string starts with upper case ORDER) | ||||||
| 	 * $array = e107::getDb()->retrieve('user', 'user_id, user_email, user_name', 'ORDER BY user_email LIMIT 0,20', true, true, 'user_id'); | 	 * $array = e107::getDb()->retrieve('user', 'user_id, user_email, user_name', 'ORDER BY user_email LIMIT 0,20', true, 'user_id'); | ||||||
| 	 *  | 	 *  | ||||||
| 	 * // Same as above but retrieve() is only used to fetch, not useable for single return value | 	 * // Same as above but retrieve() is only used to fetch, not useable for single return value | ||||||
| 	 * if(e107::getDb()->select('user', 'user_id, user_email, user_name', 'ORDER BY user_email LIMIT 0,20', true)) | 	 * if(e107::getDb()->select('user', 'user_id, user_email, user_name', 'ORDER BY user_email LIMIT 0,20', true)) | ||||||
| 	 * { | 	 * { | ||||||
| 	 * 		$array = e107::getDb()->retrieve(false, '', '', false, true, 'user_id'); | 	 * 		$array = e107::getDb()->retrieve(null, null, null,  true, 'user_id'); | ||||||
| 	 * } | 	 * } | ||||||
| 	 *  | 	 *  | ||||||
|  | 	 * // Using whole query example, in this case default mode is 'single'  | ||||||
|  | 	 * $array = e107::getDb()->retrieve('SELECT   | ||||||
|  | 	 * 	p.*, u.user_email, u.user_name FROM `#user` AS u  | ||||||
|  | 	 * 	LEFT JOIN `#myplug_table` AS p ON p.myplug_table=u.user_id  | ||||||
|  | 	 * 	ORDER BY u.user_email LIMIT 0,20' | ||||||
|  | 	 * ); | ||||||
|  | 	 *  | ||||||
|  | 	 * // Using whole query example, multi mode - $fields argument mapped to $multi | ||||||
|  | 	 * $array = e107::getDb()->retrieve('SELECT u.user_email, u.user_name FROM `#user` AS U ORDER BY user_email LIMIT 0,20', true); | ||||||
|  | 	 *  | ||||||
|  | 	 * // Using whole query example, multi mode with index field | ||||||
|  | 	 * $array = e107::getDb()->retrieve('SELECT u.user_email, u.user_name FROM `#user` AS U ORDER BY user_email LIMIT 0,20', null, null, true, 'user_id'); | ||||||
| 	 * </code> | 	 * </code> | ||||||
| 	 *  | 	 *  | ||||||
| 	 * @param string $table if empty, enter fetch only mode | 	 * @param string $table if empty, enter fetch only mode | ||||||
| 	 * @param string $fields comma separated list of fields or * or single field name (get one)  | 	 * @param string $fields comma separated list of fields or * or single field name (get one); if $fields is of type boolean and $where is not found, $fields overrides $multi | ||||||
| 	 * @param string $where WHERE/ORDER/LIMIT etc clause, empty to disable | 	 * @param string $where WHERE/ORDER/LIMIT etc clause, empty to disable | ||||||
| 	 * @param boolean $noWhere if true $where doesn't contain any WHERE clause (e.g. ORDER/LIMIT only), don't prepare WHERE |  | ||||||
| 	 * @param boolean $multi if true, fetch all (multi mode) | 	 * @param boolean $multi if true, fetch all (multi mode) | ||||||
| 	 * @param string $indexField field name to be used for indexing when in multi mode | 	 * @param string $indexField field name to be used for indexing when in multi mode | ||||||
|  | 	 * @param boolean $debug | ||||||
| 	 */ | 	 */ | ||||||
| 	public function retrieve($table, $fields = '*', $where=null, $noWhere = false, $multi = false, $indexField = null) | 	public function retrieve($table, $fields = null, $where=null, $multi = false, $indexField = null, $debug = false) | ||||||
| 	{ | 	{ | ||||||
| 		// fetch mode | 		// fetch mode | ||||||
| 		if(empty($table)) | 		if(empty($table)) | ||||||
| @@ -377,20 +389,47 @@ class e_db_mysql | |||||||
| 		 | 		 | ||||||
| 		// detect mode | 		// detect mode | ||||||
| 		$mode = 'one'; | 		$mode = 'one'; | ||||||
| 		if('*' !== $fields && strpos($fields, ',') === false) | 		if($table && !$where && is_bool($fields)) | ||||||
|  | 		{ | ||||||
|  | 			// table is the query, fields used for multi | ||||||
|  | 			if($fields) $mode = 'multi'; | ||||||
|  | 			else $mode = 'single'; | ||||||
|  | 			$fields = null; | ||||||
|  | 		} | ||||||
|  | 		elseif($fields && '*' !== $fields && strpos($fields, ',') === false && $where) | ||||||
| 		{ | 		{ | ||||||
| 			$mode = 'single'; | 			$mode = 'single'; | ||||||
| 		} | 		} | ||||||
| 		elseif($multi) | 		if($multi) | ||||||
| 		{ | 		{ | ||||||
| 			$mode = 'multi'; | 			$mode = 'multi'; | ||||||
| 		} | 		} | ||||||
| 		 | 		 | ||||||
|  | 		// detect query type | ||||||
|  | 		$select = true; | ||||||
|  | 		$noWhere = false; | ||||||
|  | 		if(!$fields && !$where) | ||||||
|  | 		{ | ||||||
|  | 			// gen() | ||||||
|  | 			$select = false; | ||||||
|  | 			if($mode == 'one') $mode = 'single'; | ||||||
|  | 		} | ||||||
|  | 		// auto detect noWhere - if where string starts with upper case LATIN word | ||||||
|  | 		elseif(!$where || preg_match('/^[A-Z]+\S.*$/', trim($where))) | ||||||
|  | 		{ | ||||||
|  | 			// FIXME - move auto detect to select()? | ||||||
|  | 			$noWhere = true; | ||||||
|  | 		} | ||||||
|  | 		 | ||||||
| 		// execute & fetch | 		// execute & fetch | ||||||
| 		switch ($mode)  | 		switch ($mode)  | ||||||
| 		{ | 		{ | ||||||
| 			case 'single': | 			case 'single': | ||||||
| 				if(!$this->select($table, $fields, $where, $noWhere)) | 				if($select && !$this->select($table, $fields, $where, $noWhere, $debug)) | ||||||
|  | 				{ | ||||||
|  | 					return null; | ||||||
|  | 				} | ||||||
|  | 				elseif(!$select && $this->gen($table, $debug)) | ||||||
| 				{ | 				{ | ||||||
| 					return null; | 					return null; | ||||||
| 				} | 				} | ||||||
| @@ -398,7 +437,11 @@ class e_db_mysql | |||||||
| 			break; | 			break; | ||||||
| 			 | 			 | ||||||
| 			case 'one': | 			case 'one': | ||||||
| 				if(!$this->select($table, $fields, $where, $noWhere)) | 				if($select && !$this->select($table, $fields, $where, $noWhere, $debug)) | ||||||
|  | 				{ | ||||||
|  | 					return array(); | ||||||
|  | 				} | ||||||
|  | 				elseif(!$select && $this->gen($table, $debug)) | ||||||
| 				{ | 				{ | ||||||
| 					return array(); | 					return array(); | ||||||
| 				} | 				} | ||||||
| @@ -406,9 +449,12 @@ class e_db_mysql | |||||||
| 			break; | 			break; | ||||||
| 			 | 			 | ||||||
| 			case 'multi': | 			case 'multi': | ||||||
| 				if(!$this->select($table, $fields, $where, $noWhere)) | 				if($select && !$this->select($table, $fields, $where, $noWhere, $debug)) | ||||||
|  | 				{ | ||||||
|  | 					return array(); | ||||||
|  | 				} | ||||||
|  | 				elseif(!$select && $this->gen($table, $debug)) | ||||||
| 				{ | 				{ | ||||||
| 					var_dump($this->getLastQuery()); |  | ||||||
| 					return array(); | 					return array(); | ||||||
| 				} | 				} | ||||||
| 				$ret = array(); | 				$ret = array(); | ||||||
|   | |||||||
| @@ -1410,20 +1410,13 @@ class e_userperms | |||||||
| 		 | 		 | ||||||
| 		 | 		 | ||||||
|  |  | ||||||
| 		$text .= "<div class='field-section'> | 		$text .= $this->renderCheckAllButtons()." | ||||||
| 			".$frm->admin_button('check_all', 'jstarget:perms', 'action', LAN_CHECKALL)." |  | ||||||
| 			".$frm->admin_button('uncheck_all', 'jstarget:perms', 'action', LAN_UNCHECKALL)." |  | ||||||
| 			</div> |  | ||||||
| 			 | 			 | ||||||
| 		</td> | 		</td> | ||||||
| 		</tr> | 		</tr> | ||||||
| 				</tbody> | 				</tbody> | ||||||
| 					</table> | 					</table> | ||||||
| 					<div class='buttons-bar center'> | 					".$this->renderSubmitButtons()." | ||||||
| 						<input type='hidden' name='a_id' value='{$a_id}' /> |  | ||||||
| 						".$frm->admin_button('update_admin', ADMSLAN_52, 'update')." |  | ||||||
| 						".$frm->admin_button('go_back', ADMSLAN_70)." |  | ||||||
| 					</div> |  | ||||||
| 				</fieldset> | 				</fieldset> | ||||||
| 			</form> | 			</form> | ||||||
| 		"; | 		"; | ||||||
| @@ -1431,6 +1424,28 @@ class e_userperms | |||||||
| 		$ns->tablerender(ADMSLAN_52, $text); | 		$ns->tablerender(ADMSLAN_52, $text); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|  | 	function renderCheckAllButtons() | ||||||
|  | 	{ | ||||||
|  | 		$frm = e107::getForm(); | ||||||
|  | 		return " | ||||||
|  | 			<div class='field-section'> | ||||||
|  | 				".$frm->admin_button('check_all', 'jstarget:perms', 'action', LAN_CHECKALL)." | ||||||
|  | 				".$frm->admin_button('uncheck_all', 'jstarget:perms', 'action', LAN_UNCHECKALL)." | ||||||
|  | 			</div> | ||||||
|  | 		"; | ||||||
|  | 	} | ||||||
|  | 	 | ||||||
|  | 	function renderSubmitButtons() | ||||||
|  | 	{ | ||||||
|  | 		$frm = e107::getForm(); | ||||||
|  | 		return " | ||||||
|  | 			<div class='buttons-bar center'> | ||||||
|  | 				<input type='hidden' name='a_id' value='{$a_id}' /> | ||||||
|  | 				".$frm->admin_button('update_admin', ADMSLAN_52, 'update')." | ||||||
|  | 				".$frm->admin_button('go_back', ADMSLAN_70)." | ||||||
|  | 			</div> | ||||||
|  | 		"; | ||||||
|  | 	} | ||||||
| 	 | 	 | ||||||
| 	function renderPermTable($type,$a_perms='') | 	function renderPermTable($type,$a_perms='') | ||||||
| 	{ | 	{ | ||||||
| @@ -1479,8 +1494,8 @@ class e_userperms | |||||||
| 			exit(); | 			exit(); | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		$sql->db_Select("user", "*", "user_id=".$modID); | 		$sysuser = e107::getSystemUser($modID, false); | ||||||
| 		$row = $sql->db_Fetch(); | 		$row = $sysuser->getData(); | ||||||
| 		$a_name = $row['user_name']; | 		$a_name = $row['user_name']; | ||||||
|  |  | ||||||
| 		$perm = ""; | 		$perm = ""; | ||||||
| @@ -1500,7 +1515,8 @@ class e_userperms | |||||||
| 			} | 			} | ||||||
| 	 	} | 	 	} | ||||||
| 		 | 		 | ||||||
| 		e107::getMessage()->addAuto($sql->db_Update("user", "user_perms='{$perm}' WHERE user_id='{$modID}' "), 'update', sprintf(ADMSLAN_2, $tp->toDB($_POST['ad_name'])), false, false); | 		//$sql->db_Update("user", "user_perms='{$perm}' WHERE user_id='{$modID}' ") | ||||||
|  | 		e107::getMessage()->addAuto($sysuser->set('user_perms', $perm)->save(), 'update', sprintf(ADMSLAN_2, $tp->toDB($_POST['ad_name'])), false, false); | ||||||
| 		$logMsg = str_replace(array('--ID--', '--NAME--'),array($modID, $a_name),ADMSLAN_72).$perm; | 		$logMsg = str_replace(array('--ID--', '--NAME--'),array($modID, $a_name),ADMSLAN_72).$perm; | ||||||
| 		$admin_log->log_event('ADMIN_01',$logMsg,E_LOG_INFORMATIVE,''); | 		$admin_log->log_event('ADMIN_01',$logMsg,E_LOG_INFORMATIVE,''); | ||||||
| 	} | 	} | ||||||
|   | |||||||
| @@ -166,7 +166,7 @@ define('USRLAN_160', 'Total --COUNT-- users of type --TYPE-- pruned'); | |||||||
| define('USRLAN_161', 'User ID --UID-- name --NAME-- banned'); | define('USRLAN_161', 'User ID --UID-- name --NAME-- banned'); | ||||||
| define('USRLAN_162', 'User ID --UID-- name --NAME-- unbanned'); | define('USRLAN_162', 'User ID --UID-- name --NAME-- unbanned'); | ||||||
| define('USRLAN_163', 'User ID --UID-- deleted'); | define('USRLAN_163', 'User ID --UID-- deleted'); | ||||||
| define('USRLAN_164', 'User ID --UID-- name --NAME-- made admin'); | define('USRLAN_164', 'User ID --UID-- name --NAME-- (--EMAIL--) made admin'); | ||||||
| define('USRLAN_165', 'User ID --UID-- name --NAME-- admin status revoked'); | define('USRLAN_165', 'User ID --UID-- name --NAME-- admin status revoked'); | ||||||
| define('USRLAN_166', 'User ID --UID-- name --NAME-- approved'); | define('USRLAN_166', 'User ID --UID-- name --NAME-- approved'); | ||||||
| //FIX ME USERLAN_160 - USERLAN_166 need to be reworked avoid duplication.  | //FIX ME USERLAN_160 - USERLAN_166 need to be reworked avoid duplication.  | ||||||
|   | |||||||
| @@ -14,16 +14,46 @@ $(document).ready(function() | |||||||
|     	  |     	  | ||||||
|     	  |     	  | ||||||
| 		 //check all | 		 //check all | ||||||
| 		 $("#check-all").click(function(){ | 		 $("#check-all").click(function(event){ | ||||||
| 			    $(".field-spacer").each( function() { | 		 		var val = $(this).val(), selector = '.field-spacer'; | ||||||
|  | 		 		event.preventDefault(); | ||||||
|  | 		 		// e.g. <button id="check-all" value="jstarget:perms"><span>Check All</span></button> - match all checkboxes with attribute 'name="perms[]" | ||||||
|  | 		 		if(val && val.match(/^jstarget\:/)) | ||||||
|  | 		 		{ | ||||||
|  | 		 			selector = 'input:checkbox[name^=' + val.split(':')[1] + ']'; | ||||||
|  | 				    $(selector).each( function() { | ||||||
|  | 						$(this).attr("checked",true); | ||||||
|  | 					 }); | ||||||
|  | 					 return; | ||||||
|  | 		 		} | ||||||
|  | 		 		// checkboxes children of .field-spacer | ||||||
|  | 		 		else  | ||||||
|  | 		 		{ | ||||||
|  | 				    $(selector).each( function() { | ||||||
| 						$(this).children(":checkbox").attr("checked",true); | 						$(this).children(":checkbox").attr("checked",true); | ||||||
| 					 }) | 					 }) | ||||||
|  | 		 		} | ||||||
|  |  | ||||||
| 		 }) | 		 }) | ||||||
| 		  | 		  | ||||||
| 		 $("#uncheck-all").click(function(){ | 		 $("#uncheck-all").click(function(event) { | ||||||
|  | 		 		var val = $(this).val(), selector = '.field-spacer'; | ||||||
|  | 		 		event.preventDefault(); | ||||||
|  | 		 		// e.g. <button id="uncheck-all" value="jstarget:perms"><span>Uncheck All</span></button> - match all checkboxes with attribute 'name="perms[]" | ||||||
|  | 		 		if(val && val.match(/^jstarget\:/)) | ||||||
|  | 		 		{ | ||||||
|  | 		 			selector = 'input:checkbox[name^=' + val.split(':')[1] + ']'; | ||||||
|  | 				    $(selector).each( function() { | ||||||
|  | 						$(this).attr("checked",false); | ||||||
|  | 					 }) | ||||||
|  | 		 		} | ||||||
|  | 		 		// checkboxes children of .field-spacer | ||||||
|  | 		 		else  | ||||||
|  | 		 		{ | ||||||
| 				    $(".field-spacer").each( function() { | 				    $(".field-spacer").each( function() { | ||||||
| 						$(this).children(":checkbox").attr("checked",false); | 						$(this).children(":checkbox").attr("checked",false); | ||||||
| 				 }) | 					}); | ||||||
|  | 				} | ||||||
| 		 }) | 		 }) | ||||||
| 		     		 | 		     		 | ||||||
|     		 |     		 | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user