Location: PHPKode > projects > eXtplorer > include/admin.php
<?php
// ensure this file is being included by a parent file
if( !defined( '_JEXEC' ) && !defined( '_VALID_MOS' ) ) die( 'Restricted access' );
/**
 * @package eXtplorer
 * @copyright soeren 2007
 * @author The eXtplorer project (http://sourceforge.net/projects/extplorer)
 * @author The  The QuiX project (http://quixplorer.sourceforge.net)
 * @license
 * @version $Id: admin.php 94 2008-01-30 07:37:06Z soeren $
 * The contents of this file are subject to the Mozilla Public License
 * Version 1.1 (the "License"); you may not use this file except in
 * compliance with the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS IS"
 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
 * License for the specific language governing rights and limitations
 * under the License.
 * 
 * Alternatively, the contents of this file may be used under the terms
 * of the GNU General Public License Version 2 or later (the "GPL"), in
 * which case the provisions of the GPL are applicable instead of
 * those above. If you wish to allow use of your version of this file only
 * under the terms of the GPL and not to allow others to use
 * your version of this file under the MPL, indicate your decision by
 * deleting  the provisions above and replace  them with the notice and
 * other provisions required by the GPL.  If you do not delete
 * the provisions above, a recipient may use your version of this file
 * under either the MPL or the GPL."
 * 
*/
/**
 * Comment:
 * Administrative Functions
 * 
 */
//------------------------------------------------------------------------------
function admin($admin, $dir) {			// Change Password & Manage Users Form
	
	// Javascript functions:
	include _EXT_PATH . "/include/js_admin.php";
?>
<div style="width:auto;">
    <div class="x-box-tl"><div class="x-box-tr"><div class="x-box-tc"></div></div></div>
    <div class="x-box-ml"><div class="x-box-mr"><div class="x-box-mc">

        <h3 style="margin-bottom:5px;"><?php echo ext_Lang::msg('actadmin') ?></h3>
        <div id="adminForm">
	        <div id="passForm"></div>
	        <div id="userList"></div>
        </div>
    </div></div></div>
    <div class="x-box-bl"><div class="x-box-br"><div class="x-box-bc"></div></div></div>
</div>
	<script type="text/javascript">
	// Change Password
	var PassForm = new Ext.form.Form({
	    labelWidth: 125, // label settings here cascade unless overridden
	    url:'<?php echo basename( $GLOBALS['script_name']) ?>'
	});
	PassForm.add(
        
	    new Ext.form.TextField({
	        fieldLabel: '<?php echo ext_Lang::msg( 'miscoldpass', true ) ?>',
	        name: 'oldpwd',
	        inputType: 'password',
	        allowBlank:false
	    }),
	    new Ext.form.TextField({
	        fieldLabel: '<?php echo ext_Lang::msg( 'miscnewpass', true ) ?>',
	        name: 'newpwd1',
	        hiddenName: 'newpwd1',
	        inputType: 'password',
	        allowBlank:false
	    }),
	    new Ext.form.TextField({
	        fieldLabel: '<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>',
	        name: 'newpwd2',
	        hiddenName: 'newpwd2',
	        inputType: 'password',
	        allowBlank:false
	    })
	);
	
	PassForm.addButton('<?php echo ext_Lang::msg( 'btnchange', true ) ?>', function() {
		if( !check_pwd() ) return;
		statusBarMessage( 'Please wait...', true );
	    PassForm.submit({
	        //reset: true,
	        reset: false,
	        success: function(form, action) {	
	        	statusBarMessage( action.result.message, false, true );
	        },
	        failure: function(form, action) {
	        	if( !action.result ) return;
				Ext.MessageBox.alert('Error!', action.result.error);
				statusBarMessage( action.result.error, false, true );
	        },
	        scope: PassForm,
	        // add some vars to the request, similar to hidden fields
	        params: {
	        	option: 'com_extplorer', 
        		action: 'admin',
        		action2: 'chpwd'
	        }
	    })
	});
	PassForm.render('passForm');
	PassForm.findField('oldpwd').focus();
	<?php
	if($admin) {
		?>
		
	// Edit / Add / Remove User
	var UserForm = new Ext.form.Form({
	    labelWidth: 125, // label settings here cascade unless overridden
	    url:'<?php echo basename( $GLOBALS['script_name']) ?>'
	});
	UserForm.add(
        <?php 
		$cnt=count($GLOBALS["users"]);
		for($i=0;$i<$cnt;++$i) {
			
			// Username & Home dir:
			$user=$GLOBALS["users"][$i][0];	if(strlen($user)>15) $user=substr($user,0,12)."...";
			$home=$GLOBALS["users"][$i][2];	if(strlen($home)>30) $home=substr($home,0,27)."...";
			?>
	
			new Ext.form.Radio( {
				name: 'nuser',
				inputValue: '<?php echo $GLOBALS["users"][$i][0] ?>',
				fieldLabel: '<?php echo $user ?>',
				boxLabel: '<?php echo '<strong>Homedir:</strong> '.$home.'; '
					.($GLOBALS["users"][$i][4] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]).'; '
					.$GLOBALS["users"][$i][6].'; '
					.($GLOBALS["users"][$i][7] ? $GLOBALS["messages"]["miscyesno"][2]:$GLOBALS["messages"]["miscyesno"][3]);
				 ?>'
			})
			<?php 
			echo $i+1<$cnt ? ',' : '';
		}
		?>
    );

   	UserForm.addButton('<?php echo ext_Lang::msg( 'btnadd', true ) ?>', function() {
	    dialog_panel.load({url: '<?php echo basename($GLOBALS['script_name']) ?>', 
	    		params: {
		        	option: 'com_extplorer', 
	        		action: 'admin',
	        		action2: 'adduser'
		        }
	    });
   	});
   	UserForm.addButton('<?php echo ext_Lang::msg( 'btnedit', true ) ?>', function() {
   		try {
   			 theUser = UserForm.findField(0).getGroupValue();
   		} catch(e) {
   			Ext.Msg.alert( 'Error', '<?php echo ext_Lang::err('miscselitems', true ) ?>' );
   			return;
   		}
	    dialog_panel.load({url: '<?php echo basename($GLOBALS['script_name']) ?>', 
	    		params: {
		        	option: 'com_extplorer', 
	        		action: 'admin',
	        		action2: 'edituser',
	        		nuser: theUser
		        }
	    });
	});
   	
   	UserForm.addButton('<?php echo ext_Lang::msg( 'btnremove', true ) ?>', function() {
   		try {
   			 theUser = UserForm.findField(0).getGroupValue();
   		} catch(e) {
   			Ext.Msg.alert( 'Error', '<?php echo ext_Lang::err('miscselitems', true ) ?>' );
   			return;
   		}
		
		Ext.Msg.confirm( '', String.format( '<?php echo ext_Lang::err('miscdeluser', true ) ?>', theUser ), function( btn ) {
			if( btn != 'yes') return;
			statusBarMessage( 'Please wait...', true );
	    	UserForm.submit({
		        success: function(form, action) {	
		        	statusBarMessage( action.result.message, false, true );
		        },
		        failure: function(form, action) {
		        	if( !action.result ) return;
					Ext.MessageBox.alert('Error!', action.result.error);
					statusBarMessage( action.result.error, false, true );
		        },
		        scope: UserForm,
		        // add some vars to the request, similar to hidden fields
		        params: {
		        	option: 'com_extplorer', 
	        		action: 'admin',
	        		action2: 'rmuser',
	        		user: theUser
		        }
		    });
		});
   	});
	UserForm.render('userList');
	Ext.get('userList').createChild({
        tag:'center', 
        cn: {
            tag:'span',
            html: '<?php echo ext_Lang::msg('miscuseritems', true ) ?>',
            style:'margin-bottom:5px;'
        }
    });
		<?php
	}
	?>
	var tabs = new Ext.TabPanel("adminForm");
	tabs.addTab("userList", '<?php echo ext_Lang::msg('actusers', true) ?>');
	tabs.addTab("passForm", '<?php echo ext_Lang::msg('actchpwd', true) ?>');
	<?php
	if( $_SESSION['s_user'] == 'admin' && $_SESSION['s_pass'] == extEncodePassword('admin')) {
		echo 'tabs.activate("passForm");';
	} else {
		echo 'tabs.activate("userList");';
	}
	?>
		
	</script>
	<?php
}
//------------------------------------------------------------------------------
function changepwd($dir) {			// Change Password
	$pwd=extEncodePassword(stripslashes($GLOBALS['__POST']["oldpwd"]));
	if($GLOBALS['__POST']["newpwd1"]!=$GLOBALS['__POST']["newpwd2"]) {
		ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
	}
	
	$data=find_user($GLOBALS['__SESSION']["s_user"],$pwd);
	if($data==NULL) {
		ext_Result::sendResult('changepwd', false, $GLOBALS["error_msg"]["miscnouserpass"]);
	}
	
	$data[1]=extEncodePassword(stripslashes($GLOBALS['__POST']["newpwd1"]));
	if(!update_user($data[0],$data)) {
		ext_Result::sendResult('changepwd', false, $data[0].": ".$GLOBALS["error_msg"]["chpass"]);
	}
	activate_user($data[0],NULL);
	
	ext_Result::sendResult('changepwd', false, ext_Lang::msg('change_password_success'));
}
//------------------------------------------------------------------------------
function adduser($dir) {			// Add User
	if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {
		$user=stripslashes($GLOBALS['__POST']["nuser"]);
		if($user=="" || $GLOBALS['__POST']["home_dir"]=="") {
			ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
		}
		if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) {
			ext_Result::sendResult('adduser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
		}
		$data=find_user($user,NULL);
		if($data!=NULL) {
			ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["miscuserexist"]);
		}
		
		$data=array($user,extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"])),
			stripslashes($GLOBALS['__POST']["home_dir"]),stripslashes($GLOBALS['__POST']["home_url"]),
			$GLOBALS['__POST']["show_hidden"],stripslashes($GLOBALS['__POST']["no_access"]),
			$GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]);
			
		if(!add_user($data)) {
			ext_Result::sendResult('adduser', false, $user.": ".$GLOBALS["error_msg"]["adduser"]);
		}
		ext_Result::sendResult('adduser', false, $user.": The user has been added");
		return;
	}
	
	// Javascript functions:
	include _EXT_PATH . "/include/js_admin2.php";
	
	show_userform();
	
}
//------------------------------------------------------------------------------
function edituser($dir) {			// Edit User
	$user=stripslashes($GLOBALS['__POST']["nuser"]);
	$data=find_user($user,NULL);
	if($data==NULL) {
		ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["miscnofinduser"]);
	}
	
	if($self=($user==$GLOBALS['__SESSION']["s_user"])) $dir="";
	
	if(isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"]=="true") {
		
		$nuser=stripslashes($GLOBALS['__POST']["nuser"]);
		if($nuser=="" || $GLOBALS['__POST']["home_dir"]=="") {
			ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
		}
		if(isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"]=="true")	{
			if($GLOBALS['__POST']["pass1"]!=$GLOBALS['__POST']["pass2"]) ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
			$pass=extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"]));
		} else {
			$pass=$data[1];
		}
		
		if($self) $GLOBALS['__POST']["active"]=1;
		
		$data=array($nuser,$pass,stripslashes($GLOBALS['__POST']["home_dir"]),
			stripslashes($GLOBALS['__POST']["home_url"]),$GLOBALS['__POST']["show_hidden"],
			stripslashes($GLOBALS['__POST']["no_access"]),$GLOBALS['__POST']["permissions"],$GLOBALS['__POST']["active"]);
			
		if(!update_user($user,$data)) {
			ext_Result::sendResult('edituser', false, $user.": ".$GLOBALS["error_msg"]["saveuser"]);
		}
		if($self) {
			activate_user($nuser,NULL);
		}
		ext_Result::sendResult('edituser', true, $user.": ".$GLOBALS["error_msg"]["saveuser"]);
	}
	
	// Javascript functions:
	include _EXT_PATH . "/include/js_admin3.php";
	show_userform( $data);
}

function show_userform( $data = null ) {
	if( $data == null ) { $data = array('', '', '', '', '', '', '' ); }
	
?>
	<div>
	    <div class="x-box-tl"><div class="x-box-tr"><div class="x-box-tc"></div></div></div>
	    <div class="x-box-ml"><div class="x-box-mr"><div class="x-box-mc">
	
	        <h3 style="margin-bottom:5px;"><?php
	        if( !empty( $data[0] )) {
	        	echo $GLOBALS["messages"]["actadmin"].": ".sprintf($GLOBALS["messages"]["miscedituser"],$data[0]);
	        	
	        } else {
	        	echo $GLOBALS["messages"]["actadmin"].": ".$GLOBALS["messages"]["miscadduser"];
	        }
	        ?></h3>
	        <div id="adminForm">
	
	        </div>
	    </div></div></div>
	    <div class="x-box-bl"><div class="x-box-br"><div class="x-box-bc"></div></div></div>
	</div>
	<script type="text/javascript">
	var yesno = new Ext.data.SimpleStore({
	    fields: ['yesno', 'Yes_No'],
	    data :  [
	        ['1', '<?php echo ext_Lang::msg( array('miscyesno' => 0), true ) ?>'],
	        ['0', '<?php echo ext_Lang::msg( array('miscyesno' => 1), true ) ?>']
	        ]
	});
	var permvalues = new Ext.data.SimpleStore({
		fields: ['value', 'text'],
		data: [
	
	<?php
		$permvalues = array(0,1,2,3,7);
		$permcount = count($GLOBALS["messages"]["miscpermnames"]);
		for($i=0;$i<$permcount;++$i) {
			if( $permvalues[$i]==7) $index = 4;
			else $index = $i;
			echo "['{$permvalues[$i]}', '".ext_lang::msg( array('miscpermnames' => $index))."' ]\n";
			if( $i+1<$permcount) echo ',';
		}
		?>
	]});
	var userform = new Ext.form.Form({
	    labelWidth: 125, // label settings here cascade unless overridden
	    url:'<?php echo basename( $GLOBALS['script_name']) ?>'
	});

	
	userform.add(
	    new Ext.form.TextField({
	        fieldLabel: '<?php echo ext_Lang::msg( 'miscusername', true ) ?>',
	        name: 'nuser',
	        value: '<?php echo @$data[0] ?>',
	        width:175,
	        allowBlank:false
	    }),
	    new Ext.form.TextField({
	        fieldLabel: '<?php echo ext_Lang::msg( 'miscconfpass', true ) ?>',
	        name: 'pass1',
	        inputType: 'password',
	        width:175
	    }),
	    new Ext.form.TextField({
	        fieldLabel: '<?php echo ext_Lang::msg( 'miscconfnewpass', true ) ?>',
	        name: 'pass2',
	        inputType: 'password',
	        width:175
	    }),
	    <?php
	    if( !empty($data[0])) { ?>
		    new Ext.form.Checkbox({
		        fieldLabel: '<?php echo ext_Lang::msg( 'miscchpass', true ) ?>',
		        name: 'chpass',
		        hiddenValue: 'true'
			}),
			<?php 
	    } ?>
	    
	    new Ext.form.TextField({
	        fieldLabel: '<?php echo ext_Lang::msg( 'mischomedir', true ) ?>',
	        name: 'home_dir',
	        value: '<?php echo !empty($data[2]) ? $data[2] : $_SERVER['DOCUMENT_ROOT'] ?>',
	        width:175,
	        allowBlank:false
	    }),	    
	    new Ext.form.TextField({
	        fieldLabel: '<?php echo ext_Lang::msg( 'mischomeurl', true ) ?>',
	        name: 'home_url',
	        value: '<?php echo !empty($data[3]) ? $data[3] : $GLOBALS["home_url"] ?>',
	        width:175,
	        allowBlank:false
	    }),		
		new Ext.form.ComboBox({
			fieldLabel: '<?php echo ext_Lang::msg( 'miscshowhidden', true ) ?>',
		    store: yesno,
		    displayField:'Yes_No',
		    valueField: 'yesno',
		    hiddenName: 'show_hidden',
		    disableKeyFilter: true,
		    value: '<?php echo ( !empty($data[4]) ? $data[4] : (int)$data[4] ) ?>',
		    editable: false,
		    triggerAction: 'all',
		    mode: 'local',
		    allowBlank: false,
		    selectOnFocus:true
		}),
	    new Ext.form.TextField({
	        fieldLabel: '<?php echo ext_Lang::msg( 'mischidepattern', true ) ?>',
	        name: 'no_access',
	        value: '<?php echo @$data[5] ?>',
	        width:175,
	        allowBlank:true
	    }),
	
		new Ext.form.ComboBox({
			fieldLabel: '<?php echo ext_Lang::msg( 'miscperms', true ) ?>',
		    store: permvalues,
		    valueField: 'value',
		    displayField:'text',
		    hiddenName: 'permissions',
		    disableKeyFilter: true,
		    value: '<?php echo (int)@$data[6] ?>',
		    editable: false,
		    triggerAction: 'all',
		    mode: 'local'
		}),
		new Ext.form.ComboBox({
			fieldLabel: '<?php echo ext_Lang::msg( 'miscactive', true ) ?>',
		    store: yesno,
		    displayField:'Yes_No',
		    valueField: 'yesno',
		    hiddenName: 'active',
		    disableKeyFilter: true,
		    value: '<?php echo ( !empty($data[7]) ? $data[7] : 0 ) ?>',
		    disabled: <?php echo !empty($self) ? 'true' : 'false' ?>,
		    editable: false,
		    triggerAction: 'all',
		    mode: 'local',
		    allowBlank: false,
		    selectOnFocus:true
		})
	);
	userform.addButton('<?php echo ext_Lang::msg( 'btnsave', true ) ?>', function() {
		if( !check_pwd()) return;
		statusBarMessage( 'Please wait...', true );
	    userform.submit({
	        success: function(form, action) {	
	        	statusBarMessage( action.result.message, false, true );
				dialog_panel.load({ url: '<?php echo make_link('admin','') ?>' });
	        },
	        failure: function(form, action) {
	        	if( !action.result ) return;
				Ext.MessageBox.alert('Error!', action.result.error);
				statusBarMessage( action.result.error, false, true );
	        },
	        scope: userform,
	        // add some vars to the request, similar to hidden fields
	        params: {option: 'com_extplorer', 
	        		user: '<?php echo @$data[0] ?>',
	        		action: 'admin', 
	        		action2: '<?php echo @$data[0] ? 'edituser' : 'adduser' ?>',
	        		confirm: 'true'
	        }
	    })
	});
	userform.addButton('<?php echo ext_Lang::msg( 'btncancel', true ) ?>', 
		function() { 
			dialog_panel.load({ url: '<?php echo make_link('admin', '') ?>' });
		} 
	);
	userform.render('adminForm');
	</script>
	<?php
}
//------------------------------------------------------------------------------
function removeuser($dir) {			// Remove User
	$user=stripslashes($GLOBALS['__POST']["user"]);
	if($user==$GLOBALS['__SESSION']["s_user"]) {
		ext_Result::sendResult('removeuser', false, $GLOBALS["error_msg"]["miscselfremove"]);
	}
	if(!remove_user($user)) {
		ext_Result::sendResult('removeuser', false, $user.": ".$GLOBALS["error_msg"]["deluser"]);
	}
	ext_Result::sendResult('removeuser', true, $user." was successfully removed." );
	
}
//------------------------------------------------------------------------------
function show_admin($dir) {			// Execute Admin Action
	$pwd=(($GLOBALS["permissions"]&2)==2);
	$admin=(($GLOBALS["permissions"]&4)==4);
	
	if(!$GLOBALS["require_login"]) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["miscnofunc"]);
	if(!$pwd && !$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
	
	if(isset($GLOBALS['__GET']["action2"])) $action2 = $GLOBALS['__GET']["action2"];
	elseif(isset($GLOBALS['__POST']["action2"])) $action2 = $GLOBALS['__POST']["action2"];
	else $action2="";
	
	switch($action2) {
	case "chpwd":
		changepwd($dir);
	break;
	case "adduser":
		if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
		adduser($dir);
	break;
	case "edituser":
		if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
		edituser($dir);
	break;
	case "rmuser":
		if(!$admin) ext_Result::sendResult('admin', false, $GLOBALS["error_msg"]["accessfunc"]);
		removeuser($dir);
	break;
	default:
		admin($admin,$dir);
	}
}
//------------------------------------------------------------------------------

?>
Return current item: eXtplorer