Location: PHPKode > projects > JaxBlog > JaxBlog/app/admin/admin_users/admin_users_list.php
<?php

require_once('../../../config.php');
require_once(FOLDER_RELATIVE_COMMON . 'authorization.php');
require_once(FOLDER_RELATIVE_COMMON . 'database.php');

// Check for XML request (XMLHttpRequest).
$request = isset($_GET['request']) ? $_GET['request'] : '';
if ($request == 'xml') {
	
	header('Content-Type: text/xml');
	$xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' . "\n";
	
	$sql = 'SELECT id, username, email, first_name, last_name, expire_date FROM Users ORDER BY modified_date';
	$rows = databaseGetRows($sql, array());
	
	if (count($rows) == 0) {
		echo "<root></root>\n";
		exit;
	}
	
	$xml .= "<root>\n";
	$xml .= "	<list_titles>\n";
	$xml .= "		<record>ID</record>\n";
	$xml .= "		<record>Username</record>\n";
	$xml .= "		<record>Email</record>\n";
	$xml .= "		<record>Last Name</record>\n";
	$xml .= "		<record>Expire Date</record>\n";
	$xml .= "	</list_titles>\n";
	$xml .= "	<list_data>\n";
	
	foreach ($rows as $row) {
		$user_id = $row['id'];
		$user_name = $row['username'] != '' ? $row['username'] : '< no username >';
		
		$xml .= "		<record>\n";
		$xml .= "			<a0>" . $row['id'] . "</a0>\n";
		$xml .= "			<a1><![CDATA[" . $user_name . "]]></a1>\n";
		$xml .= "			<a2><![CDATA[" . $row['email'] . "]]></a2>\n";
		$xml .= "			<a3><![CDATA[" . $row['last_name'] . "]]></a3>\n";
		$xml .= "			<a4><![CDATA[" . $row['expire_date'] . "]]></a4>\n";
		$xml .= "		</record>\n";
	}
	$xml .= "	</list_data>\n";
	$xml .= "</root>\n";
	
	echo $xml;
	exit;
}

if ($request == "csv") {
	$stage = $_GET['stage'];
	if ($stage == 'download') {
	
		header("Content-type: application/csv");
		header("Content-Disposition: attachment; filename=registration.csv");
		header("Cache-Control: maxage=100");
		header("Pragma: public");
		
		echo "username, email, first_name, last_name, expire_date\n";
		
		$rows = databaseGetRows("SELECT username, email, first_name, last_name, expire_date FROM Users", null);
		foreach ($rows as $row) {
			$csv = "";
			$csv .= '"' . $row["username"] . '",';
			$csv .= '"' . $row["email"] . '",';
			$csv .= '"' . $row["first_name"] . '",';
			$csv .= '"' . $row["last_name"] . '",';
			$csv .= '"' . $row["expire_date"] . '"';
			echo $csv . "\n";
		}
		
		exit;
		
	} else {
		$errors   = null;
		$messages = null;
		
		if (!isset($_FILES['users_file'])) {
			$errors .= "Missing file for upload.\n";
			
		} else {
			$title = $_FILES['users_file']['name'];
			$tempname = $_FILES['users_file']['tmp_name'];
			$extension = strtolower(ereg_replace('^.+\\.([^.]+)$', '\\1', $title));
			$filename = date('Y-m-d-His') . ".$extension";
			$invalid = strpos($extension, 'php');
			
			if ($invalid) {
				$errors .= "Uploading php files is prohibited.\n";
				
			} else {
				
				$path = FOLDER_RELATIVE_BASE . FOLDER_UPLOAD . "users-upload-list.csv";
				$success = move_uploaded_file($tempname, $path);
				if ($success) {
					
					$success = chmod($path, 01774);
					if (!$success) {
						$errors .= "Unable to change permissions on uploaded file.\n";
						
					} else {
						// Parse the file and insert records into the database.
						$count = 0;
						$handle = fopen($path, "r");
						while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
							$count++;
							
							$user_name        = isset($data[0]) ? $data[0] : '';
							$user_password    = isset($data[1]) ? $data[1] : '';
							$user_email       = isset($data[2]) ? $data[2] : '';
							$user_first_name  = isset($data[3]) ? $data[3] : '';
							$user_last_name   = isset($data[4]) ? $data[4] : '';
							$user_expire_date = isset($data[5]) ? $data[5] : '';
							
							// Check for missing username or email address - need a way to log in!
							if ($user_name == '' && $user_email == '') {
								$errors .= "Missing email or username, need at least one of the two on line $count: ". implode(',', $data) . "\n";
								continue;
							}
							
							// Username must be between 7 and 12 characters in length, if provided.
							if ($user_name != '' && (strlen($user_name) < 7 || strlen($user_name) > 12)) {
								$errors .= "If provided, username must be between 7 and 12 characters on line $count: ". implode(',', $data) . "\n";
								continue;
							}
							
							// Validate password.
							$score = passwordScore($user_password);
							if ($score < 2) {
								$errors .= "Password must be seven characters in length and contain letters and numbers on line $count: ". implode(',', $data) . "\n";
								continue;
							}
							
							// First row could be column headers.
							if ($count == 0 && $data[0] == 'username') continue; 
							
							// Check for existing username or email address.
							$sql = "SELECT id FROM Users WHERE (username <> '' AND username = ?) OR (email <> '' AND email = ?)";
							$duplicate = databaseGetValue($sql, array($user_name, $user_email));
							if (isset($duplicate) && $duplicate != 0) {
								$errors .= "Username or email address already exists in the system, please specify a new username or email address on line $count: ". implode(',', $data) . "\n";
								continue;
							}
							
							if ($user_expire_date == '') {
								$user_expire_date = 'null';
							} else {
								$user_expire_date = databaseSetDate($user_expire_date);
								if ($user_expire_date == 'null') {
									$errors .= "Unable to parse the expire date on line $count: ". implode(',', $data) . "\n";
									continue;
								}
							}
							
							$user_password = md5("jaxblog" . $user_password);
							$sql = "INSERT INTO Users (id, username, password, email, first_name, last_name, expire_date, modified_date) VALUES ( ?, ?, ?, ?, ?, ?, " . $user_expire_date . ", " . databaseSetDate() . " )";
							$args = array(0, $user_name, $user_password, $user_email, $user_first_name, $user_last_name);
							databaseExecuteReturnId($sql, $args, 'users_id_seq') 
								or $errors .= "Unable to insert record for user $user_name, email address $user_email on line $count: ". implode(',', $data) . "\n";
							
							$messages .= "Imported new user on line $count: ". implode(',', $data) . "\n";
						}
						fclose($handle);
						
						// Remove the file once we're done parsing.
						@unlink($path);
					}
				} else {
					$errors .= "Unable to upload file $temp_title; reason unknown.\n";
				}
			}
		}
		
		if ($errors != '') { 
			echo "<h1>Errors</h1>\n";
			echo str_replace("\n", "<br />\n", $errors);
			echo "<h1>Success</h1>\n";
			echo str_replace("\n", "<br />\n", $messages);
			exit;
		} else {
		    header('location: admin_users_list.php');
			exit;
		}
	}
}

// Show the pages list form.
require_once(FOLDER_RELATIVE_COMMON . 'builder-admin.php');

$header  = '';
$onload  = '';
$onload .= "jaxTableSetSuppressId(); ";
$onload .= "jaxTableSetLinkColumn(0, 'admin_users.php?request=edit&id='); ";
$onload .= "jaxTableSetDateColumn(4, 'table_date'); ";
//$onload .= "jaxTableSetSortColumn(''); ";
$onload .= "jaxTableRegister('admin_users_list.php?request=xml', 'userlist');";
$title   = 'Users';
$content = 'admin_users_list.html';
$page    = buildAdminPage($header, $onload, $title, $content);

echo $page;

?>
Return current item: JaxBlog