Location: PHPKode > projects > Gnew > Gnew-2013.1/admin/users.php
<?php
// -----------------------------------------------------------------------------
// $Id: users.php 682 2013-03-28 14:17:41Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['ADMIN_USERS']);

// Administrator?
if ($users['user_level'] < 4)
{
    error_template($lang['ERROR_LEVEL_ACCESS']);
}
else
{
    // Edit form
    if (isset($_GET['action']) && $_GET['action'] == 'edit_user')
    {
        // Check query
        if (!empty($_GET['user_id']) && string_is_int($_GET['user_id']))
        {
            $sql->query('SELECT user_avatar, user_date_format, user_date_offset, user_day, user_email, user_ip, user_language, user_level, user_location, user_month, user_name, user_occupation, user_show_email, user_signature, user_template, user_website, user_year
                         FROM ' . TABLE_USERS . '
                         WHERE user_id = \'' . $_GET['user_id'] . '\'');
            $table_users = $sql->fetch();
            // Check user
            if (!$table_users['user_name'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                $user_avatar = utf8_chars($table_users['user_avatar']);
                if ($user_avatar != './../images/avatars/empty.png')
                {
                    $empty_avatar = ' <input type="checkbox" name="empty_avatar" value="1" /> ' . $lang['DELETE'];
                }
                else
                {
                    $empty_avatar = '';
                }

                $user_day_options = $user_month_options = $user_year_options = '';
                for ($i = 1; $i <= 31; $i++)
                {
                    if ($i != $table_users['user_day'])
                    {
                        $user_day_options .= '<option value="' . $i . '">' . $i . '</option>';
                    }
                    else
                    {
                        $user_day_options .= '<option value="' . $i . '" selected="selected">' . $i . '</option>';
                    }
                }
                for ($j = 1; $j <= 12; $j++)
                {
                    if ($j != $table_users['user_month'])
                    {
                        $user_month_options .= '<option value="' . $j . '">' . $j . '</option>';
                    }
                    else
                    {
                        $user_month_options .= '<option value="' . $j . '" selected="selected">' . $j . '</option>';
                    }
                }
                // http://en.wikipedia.org/wiki/Oldest_people#Ten_verified_oldest_people_living
                for ($k = date('Y', time()); $k >= 1897; $k--)
                {
                    if ($k != $table_users['user_year'])
                    {
                        $user_year_options .= '<option value="' . $k . '">' . $k . '</option>';
                    }
                    else
                    {
                        $user_year_options .= '<option value="' . $k . '" selected="selected">' . $k . '</option>';
                    }
                }

                $languages = get_languages_list();
                $user_language_options = '';
                if ($settings['language_unique'])
                {
                    $user_language_options = '<option value="' . $settings['language'] . '">' . $lang['' . strtoupper($settings['language']) . ''] . '</option>';
                }
                else
                {
                    $num_languages = count($languages);
                    for ($i = 0; $i < $num_languages; $i++)
                    {
                        if ($languages[$i] != $table_users['user_language'])
                        {
                            $user_language_options .= '<option value="' . $languages[$i] . '">' . $lang['' . strtoupper($languages[$i]) . ''] . '</option>';
                        }
                        else
                        {
                            $user_language_options .= '<option value="' . $languages[$i] . '" selected="selected">' . $lang['' . strtoupper($languages[$i]) . ''] . '</option>';
                        }
                    }
                }

                if ($table_users['user_level'] == 0)
                {
                    $user_level_options = '<option value="0" selected="selected">' . $lang['BANNED'] . '</option><option value="1">' . $lang['PUBLIC'] . '</option><option value="2">' . $lang['MODERATOR'] . '</option><option value="3">' . $lang['ADVANCED_MODERATOR'] . '</option><option value="4">' . $lang['ADMINISTRATOR'] . '</option>';
                }
                elseif ($table_users['user_level'] == 1)
                {
                    $user_level_options = '<option value="0">' . $lang['BANNED'] . '</option><option value="1" selected="selected">' . $lang['PUBLIC'] . '</option><option value="2">' . $lang['MODERATOR'] . '</option><option value="3">' . $lang['ADVANCED_MODERATOR'] . '</option><option value="4">' . $lang['ADMINISTRATOR'] . '</option>';
                }
                elseif ($table_users['user_level'] == 2)
                {
                    $user_level_options = '<option value="0">' . $lang['BANNED'] . '</option><option value="1">' . $lang['PUBLIC'] . '</option><option value="2" selected="selected">' . $lang['MODERATOR'] . '</option><option value="3">' . $lang['ADVANCED_MODERATOR'] . '</option><option value="4">' . $lang['ADMINISTRATOR'] . '</option>';
                }
                elseif ($table_users['user_level'] == 3)
                {
                    $user_level_options = '<option value="0">' . $lang['BANNED'] . '</option><option value="1">' . $lang['PUBLIC'] . '</option><option value="2">' . $lang['MODERATOR'] . '</option><option value="3" selected="selected">' . $lang['ADVANCED_MODERATOR'] . '</option><option value="4">' . $lang['ADMINISTRATOR'] . '</option>';
                }
                else
                {
                    $user_level_options = '<option value="0">' . $lang['BANNED'] . '</option><option value="1">' . $lang['PUBLIC'] . '</option><option value="2">' . $lang['MODERATOR'] . '</option><option value="3">' . $lang['ADVANCED_MODERATOR'] . '</option><option value="4" selected="selected">' . $lang['ADMINISTRATOR'] . '</option>';
                }

                if ($table_users['user_show_email'])
                {
                    $user_show_email_options = '<option value="0">' . $lang['NO'] . '</option><option value="1" selected="selected">' . $lang['YES'] . '</option>';
                }
                else
                {
                    $user_show_email_options = '<option value="0" selected="selected">' . $lang['NO'] . '</option><option value="1">' . $lang['YES'] . '</option>';
                }

                $templates = get_templates_list();
                $user_template_options = '';
                if ($settings['template_unique'])
                {
                    $user_template_options = '<option value="' . $settings['template'] . '">' . $settings['template'] . '</option>';
                }
                else
                {
                    $num_templates = count($templates);
                    for ($i = 0; $i < $num_templates; $i++)
                    {
                        if ($templates[$i] != $table_users['user_template'])
                        {
                            $user_template_options .= '<option value="' . $templates[$i] . '">' . $templates[$i] . '</option>';
                        }
                        else
                        {
                            $user_template_options .= '<option value="' . $templates[$i] . '" selected="selected">' . $templates[$i] . '</option>';
                        }
                    }
                }
                $template->set_file('admin', 'admin/users/edit.htpl');
                $template->set_var(array('EMPTY_AVATAR' => $empty_avatar,
                                         'USER_AVATAR' => $user_avatar,
                                         'USER_DATE_FORMAT' => $table_users['user_date_format'],
                                         'USER_DATE_OFFSET' => $table_users['user_date_offset'],
                                         'USER_DAY_OPTIONS' => $user_day_options,
                                         'USER_EMAIL' => $table_users['user_email'],
                                         'USER_ID' => $_GET['user_id'],
                                         'USER_IP' => $table_users['user_ip'],
                                         'USER_LANGUAGE_OPTIONS' => $user_language_options,
                                         'USER_LEVEL' => $table_users['user_level'],
                                         'USER_LEVEL_OPTIONS' => $user_level_options,
                                         'USER_LOCATION' => $table_users['user_location'],
                                         'USER_MONTH_OPTIONS' => $user_month_options,
                                         'USER_NAME' => $table_users['user_name'],
                                         'USER_OCCUPATION' => $table_users['user_occupation'],
                                         'USER_SHOW_EMAIL_OPTIONS' => $user_show_email_options,
                                         'USER_SIGNATURE' => $table_users['user_signature'],
                                         'USER_TEMPLATE_OPTIONS' => $user_template_options,
                                         'USER_WEBSITE' => $table_users['user_website'],
                                         'USER_YEAR_OPTIONS' => $user_year_options));
                $template->parse('admin');
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Edit?
    elseif (isset($_POST['edit_user']))
    {
        $error = '';
        if (!trim($_POST['user_date_format']))
        {
            $error .= $lang['ERROR_NO_DATE_FORMAT'];
        }
        if (!preg_match('`^-?[0-9]{1,2}$`', $_POST['user_date_offset']))
        {
            $error .= $lang['ERROR_NO_DATE_OFFSET'];
        }
        if (!trim($_POST['user_email']))
        {
            $error .= $lang['ERROR_NO_EMAIL'];
        }
        else
        {
            if (check_email($_POST['user_email']))
            {
                $user_email = $_POST['user_email'];
            }
            else
            {
                $error .= $lang['ERROR_INVALID_USER_EMAIL'];
            }
        }
        if (!trim($_POST['user_name']))
        {
            $error .= $lang['ERROR_NO_USERNAME'];
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            if (isset($_POST['empty_avatar']))
            {
                $user_avatar = './../images/avatars/empty.png';
                if ($_POST['user_avatar'] != $user_avatar)
                {
                    unlink($_POST['user_avatar']);
                }
            }
            else
            {
                $user_avatar = $_POST['user_avatar'];
            }

            $user_name = utf8_entities($_POST['user_name']);
            $sql->query('UPDATE ' . TABLE_USERS . '
                         SET user_avatar = \'' . utf8_entities($user_avatar) . '\', user_date_format = \'' . utf8_entities($_POST['user_date_format']) . '\', user_date_offset = \'' . $_POST['user_date_offset'] . '\', user_day = \'' . $_POST['user_day'] . '\', user_email = \'' . $user_email . '\', user_language = \'' . $_POST['user_language'] . '\', user_level = \'' . $_POST['user_level'] . '\', user_location = \'' . utf8_entities($_POST['user_location']) . '\', user_month = \'' . $_POST['user_month'] . '\', user_name = \'' . $user_name . '\', user_occupation = \'' . utf8_entities($_POST['user_occupation']) . '\', user_show_email = \'' . $_POST['user_show_email'] . '\', user_signature = \'' . utf8_entities($_POST['user_signature']) . '\', user_template = \'' . $_POST['user_template'] . '\', user_website = \'' . utf8_entities($_POST['user_website']) . '\', user_year = \'' . $_POST['user_year'] . '\', user_edition = \'' . time() . '\', edition_id = \'' . $_SESSION['user_id'] . '\', edition_name = \'' . $users['user_name'] . '\'
                         WHERE user_id = \'' . $_POST['user_id'] . '\'');

            // Update edition_name in all the affected tables
            if ($user_name != $_POST['user_name_old'])
            {
                if ($_POST['user_level_old'] > 1)
                {
                    $sql->query('UPDATE ' . TABLE_EMOTICONS . '
                                 SET edition_name = \'' . $user_name . '\'
                                 WHERE edition_id = \'' . $_POST['user_id'] . '\'');
                    $sql->query('UPDATE ' . TABLE_NEWS . '
                                 SET edition_name = \'' . $user_name . '\'
                                 WHERE edition_id = \'' . $_POST['user_id'] . '\'');
                    $sql->query('UPDATE ' . TABLE_QUESTIONS . '
                                 SET edition_name = \'' . $user_name . '\'
                                 WHERE edition_id = \'' . $_POST['user_id'] . '\'');
                    $GLOBALS['cache']->clean(TABLE_EMOTICONS);
                    $GLOBALS['cache']->clean(TABLE_NEWS);
                    $GLOBALS['cache']->clean(TABLE_QUESTIONS);
                }
                if ($_POST['user_level_old'] > 2)
                {
                    $sql->query('UPDATE ' . TABLE_ARTICLES . '
                                 SET edition_name = \'' . $user_name . '\'
                                 WHERE edition_id = \'' . $_POST['user_id'] . '\'');
                    $sql->query('UPDATE ' . TABLE_CATEGORIES . '
                                 SET edition_name = \'' . $user_name . '\'
                                 WHERE edition_id = \'' . $_POST['user_id'] . '\'');
                    $GLOBALS['cache']->clean(TABLE_ARTICLES);
                    $GLOBALS['cache']->clean(TABLE_CATEGORIES);
                }
                if ($_POST['user_level_old'] > 3)
                {
                    $sql->query('UPDATE ' . TABLE_COMMENTS . '
                                 SET edition_name = \'' . $user_name . '\'
                                 WHERE edition_id = \'' . $_POST['user_id'] . '\'');
                    $sql->query('UPDATE ' . TABLE_POSTS . '
                                 SET edition_name = \'' . $user_name . '\'
                                 WHERE edition_id = \'' . $_POST['user_id'] . '\'');
                    $sql->query('UPDATE ' . TABLE_USERS . '
                                 SET edition_name = \'' . $user_name . '\'
                                 WHERE edition_id = \'' . $_POST['user_id'] . '\'');
                    $GLOBALS['cache']->clean(TABLE_COMMENTS);
                    $GLOBALS['cache']->clean(TABLE_POSTS);
                }
            }
            $GLOBALS['cache']->clean(TABLE_USERS);
            success_template($lang['USER_EDITED'], './../admin/users.php');
        }
    }
    // Delete?
    elseif (isset($_GET['action']) && $_GET['action'] == 'delete_user')
    {
        // Check query
        if (!empty($_GET['user_id']) && string_is_int($_GET['user_id']))
        {
            $sql->query('SELECT user_articles, user_avatar, user_comments, user_level, user_news, user_polls, user_posts
                         FROM ' . TABLE_USERS . '
                         WHERE user_id = \'' . $_GET['user_id'] . '\'');
            $table_users = $sql->fetch();
            // Check user
            if (!$table_users['user_level'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                if ($table_users['user_articles'] || $table_users['user_comments'] || $table_users['user_news'] || $table_users['user_polls'] || $table_users['user_posts'])
                {
                    error_template(sprintf($lang['ERROR_USER_DELETE'], $table_users['user_articles'], $table_users['user_comments'], $table_users['user_news'], $table_users['user_polls'], $table_users['user_posts']));
                }
                else
                {
                    $i = 0;
                    $queries[0] = $queries[1] = array();
                    // PostgreSQL - columns not used in an aggregate expression have to be in GROUP BY clause
                    $sql->query('SELECT question_id, answer_id, COUNT(*) AS votes_per_answer
                                 FROM ' . TABLE_VOTES . '
                                 WHERE user_id = \'' . $_GET['user_id'] . '\'
                                 GROUP BY answer_id, question_id
                                 ORDER BY answer_id');
                    while ($table_votes = $sql->fetch())
                    {
                        $queries[0][$i] = 'UPDATE ' . TABLE_ANSWERS . '
                                           SET answer_votes = answer_votes - ' . $table_votes['votes_per_answer'] . '
                                           WHERE answer_id = \'' . $table_votes['answer_id'] . '\'';
                        $queries[1][$i] = 'UPDATE ' . TABLE_QUESTIONS . '
                                           SET question_votes = question_votes - ' . $table_votes['votes_per_answer'] . '
                                           WHERE question_id = \'' . $table_votes['question_id'] . '\'';
                        $i++;
                    }
                    for ($j = 0; $j < $i; $j++)
                    {
                        $sql->query($queries[0][$j]);
                        $sql->query($queries[1][$j]);
                    }

                    // Update edition_id and edition_name in all the affected tables
                    if ($table_users['user_level'] > 1)
                    {
                        $sql->query('UPDATE ' . TABLE_EMOTICONS . '
                                     SET emoticon_edition = \'0\', edition_id = \'0\', edition_name = \'\'
                                     WHERE edition_id = \'' . $_GET['user_id'] . '\'');
                        $sql->query('UPDATE ' . TABLE_NEWS . '
                                     SET news_edition = \'0\', edition_id = \'0\', edition_name = \'\'
                                     WHERE edition_id = \'' . $_GET['user_id'] . '\'');
                        $sql->query('UPDATE ' . TABLE_QUESTIONS . '
                                     SET question_edition = \'0\', edition_id = \'0\', edition_name = \'\'
                                     WHERE edition_id = \'' . $_GET['user_id'] . '\'');
                        $GLOBALS['cache']->clean(TABLE_EMOTICONS);
                        $GLOBALS['cache']->clean(TABLE_NEWS);
                        $GLOBALS['cache']->clean(TABLE_QUESTIONS);
                    }
                    if ($table_users['user_level'] > 2)
                    {
                        $sql->query('UPDATE ' . TABLE_ARTICLES . '
                                     SET article_edition = \'0\', edition_id = \'0\', edition_name = \'\'
                                     WHERE edition_id = \'' . $_GET['user_id'] . '\'');
                        $sql->query('UPDATE ' . TABLE_CATEGORIES . '
                                     SET category_edition = \'0\', edition_id = \'0\', edition_name = \'\'
                                     WHERE edition_id = \'' . $_GET['user_id'] . '\'');
                        $GLOBALS['cache']->clean(TABLE_ARTICLES);
                        $GLOBALS['cache']->clean(TABLE_CATEGORIES);
                    }
                    if ($table_users['user_level'] > 3)
                    {
                        $sql->query('UPDATE ' . TABLE_COMMENTS . '
                                     SET comment_edition = \'0\', edition_id = \'0\', edition_name = \'\'
                                     WHERE edition_id = \'' . $_GET['user_id'] . '\'');
                        $sql->query('UPDATE ' . TABLE_POSTS . '
                                     SET post_edition = \'0\', edition_id = \'0\', edition_name = \'\'
                                     WHERE edition_id = \'' . $_GET['user_id'] . '\'');
                        $sql->query('UPDATE ' . TABLE_USERS . '
                                     SET user_edition = \'0\', edition_id = \'0\', edition_name = \'\'
                                     WHERE edition_id = \'' . $_GET['user_id'] . '\'');
                        $GLOBALS['cache']->clean(TABLE_COMMENTS);
                        $GLOBALS['cache']->clean(TABLE_POSTS);
                    }

                    // Avatar image
                    $user_avatar = utf8_chars($table_users['user_avatar']);
                    if ($user_avatar != './../images/avatars/empty.png')
                    {
                        unlink($user_avatar);
                    }

                    $sql->query('DELETE FROM ' . TABLE_USERS . '
                                 WHERE user_id = \'' . $_GET['user_id'] . '\'');
                    $sql->query('DELETE FROM ' . TABLE_VOTES . '
                                 WHERE user_id = \'' . $_GET['user_id'] . '\'');
                    $GLOBALS['cache']->clean(TABLE_USERS);
                    $GLOBALS['cache']->clean(TABLE_VOTES);
                    success_template($lang['USER_DELETED'], './../admin/users.php');
                }
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Purge?
    elseif (isset($_GET['action']) && $_GET['action'] == 'purge_users')
    {
        $accounts_expiry = time() - ($settings['accounts_expiry'] * 24 * 3600);
        $sql->query('DELETE FROM ' . TABLE_USERS . '
                     WHERE user_creation < \'' . $accounts_expiry . '\'
                     AND user_level = \'0\'
                     AND user_key <> \'0\'');
        // For the time being invalid accounts are not displayed
        // $GLOBALS['cache']->clean(TABLE_USERS);
        success_template($lang['USERS_PURGED'], './../admin/advanced.php');
    }
    // Users list
    else
    {
        // Query string - ?sort=&order=&page=&list=
        if (!empty($_GET['sort']) && preg_match('`^(user_id|user_name|user_level)$`', $_GET['sort']))
        {
            $query = 'sort=' . $_GET['sort'];
        }
        if (!empty($_GET['order']) && preg_match('`^(ASC|DESC)$`', $_GET['order']))
        {
            if (!empty($_GET['sort']) && preg_match('`^(user_id|user_name|user_level)$`', $_GET['sort']))
            {
                $query .= '&amp;order=' . $_GET['order'];
            }
        }
        if ((empty($_GET['sort']) || !preg_match('`^(user_id|user_name|user_level)$`', $_GET['sort'])) || (empty($_GET['order']) || !preg_match('`^(ASC|DESC)$`', $_GET['order'])))
        {
            $clause = '';
            $query = '';
        }
        else
        {
            $clause = 'ORDER BY ' . $_GET['sort'] . ' ' . $_GET['order'];
            $query .= '&amp;';
        }

        // Create pages list
        if (empty($_GET['page']) || !string_is_int($_GET['page']))
        {
            $_GET['page'] = 1;
        }
        $users_offset = ($_GET['page'] - 1) * $settings['users_per_page'];
        $sql->query('SELECT user_id
                     FROM ' . TABLE_USERS);
        $num_users = $sql->num_rows();
        $num_pages = ceil($num_users / $settings['users_per_page']);
        $pages_list = get_pages_list('./../admin/users.php?' . $query, $num_pages);

        $template->set_file('admin', 'admin/users/view.htpl');
        $template->set_block('admin', 'USERS_BLOCK', 'users');
        $sql->query('SELECT user_id, user_level, user_name
                     FROM ' . TABLE_USERS . '
                     ' . $clause . '
                     LIMIT ' . $settings['users_per_page'] . ' OFFSET ' . $users_offset);
        while ($table_users = $sql->fetch())
        {
            if ($table_users['user_level'] == 0)
            {
                $user_level = $lang['BANNED'];
            }
            elseif ($table_users['user_level'] == 1)
            {
                $user_level = $lang['PUBLIC'];
            }
            elseif ($table_users['user_level'] == 2)
            {
                $user_level = $lang['MODERATOR'];
            }
            elseif ($table_users['user_level'] == 3)
            {
                $user_level = $lang['ADVANCED_MODERATOR'];
            }
            else
            {
                $user_level = $lang['ADMINISTRATOR'];
            }
            $template->set_var(array('USER_ID' => $table_users['user_id'],
                                     'USER_LEVEL' => $user_level,
                                     'USER_NAME' => $table_users['user_name']));
            $template->parse('USERS_BLOCK', 'users', true);
        }
        $template->set_var('PAGES', sprintf($lang['PAGES'], $pages_list));
        $template->parse('admin');
    }
}

page_footer();

?>
Return current item: Gnew