Location: PHPKode > projects > KORA > kora-2.0.0/includes/userFunctions.php
<?php
/**
Copyright (2008) Matrix: Michigan State University

This file is part of KORA.

KORA is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

KORA is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>. */

require_once('conf.php');
require_once('utilities.php');

// Initial Version: Brian Beck, 2008

function checkUsername($uname) {
    global $db;
    if($uname == "") {
        echo " ";
    }
    else {
        $results = $db->query("SELECT username FROM user WHERE username=".escape($uname)." LIMIT 1");
        if($results) { 
            $array = $results->fetch_assoc();
            if($array) {
               echo gettext('Username already in use').'!';
            }
            else
                echo gettext('Username available');
        }
        else
          echo $db->error;
    }
}

/**
 * loadNames() is a function used with AJAX calls to populate a table
 * for the manageUsers page
 *
 */
function loadNames() {
    requireLogin();
    global $db;
    $results = $db->query("SELECT uid,username,realName,organization,confirmed,admin FROM user WHERE searchAccount=0 ORDER BY username ASC");
    echo '<table class="table"><tr><td><strong>'.gettext('Username').'</strong></td><td><strong>'.gettext('Real Name').'</strong></td><td>
    <strong>'.gettext('Organization').'</strong></td><td><strong>'.gettext('Activated').'?</strong></td><td><strong>'.gettext('Admin').'</strong></td><td><strong>'.gettext('Delete').'?</strong></td></tr>';
    if(!$results) {
        print $db->error;  
    }
    else {
        while($array = $results->fetch_assoc()) {
            echo '<tr><td>'.htmlEscape($array['username']).'</td><td>'.$array['realName'].'</td><td>'.$array['organization'].'</td>';
            echo '<td><input type="checkbox" name="activatedbox_'.$array['uid'].'" id="activatedbox_'.$array['uid'].'"';
            if($array['confirmed']){echo " checked ";}
            echo ' onclick="updateActivated('.$array['uid'].')" /></td>';
            echo '<td><input type="checkbox" name="adminbox_'.$array['uid'].'" id="adminbox_'.$array['uid'].'"';
            if($array['admin']){echo " checked ";}
            echo ' onclick="updateAdmin('.$array['uid'].')" /></td><td><a class="delete" onclick="deleteUser('.$array['uid'].')">X</a></td></tr>';
        }
    }
    echo "</table>";
?>    
<br /><br /><strong><?php echo gettext('Reset User Password');?></strong><br />
<table class="table">
    <tr>
        <td><strong><?php echo gettext('Username');?></strong></td>
        <td><select name="username" id="username">
<?php 
        $results = $db->query('SELECT uid,username FROM user WHERE searchAccount=0 ORDER BY username ASC');
        while ($user = $results->fetch_assoc())
        {
        	echo '<option value="'.$user['uid'].'">'.htmlEscape($user['username']).'</option>';
        }
?>
        </select></td>
    </tr>
    <tr>
        <td><strong><?php echo gettext('Password');?></strong></td>
        <td><input type="password" name="password1" id="password1" /></td>
    </tr>
    <tr>
        <td><strong><?php echo gettext('Confirm Password');?></strong></td>
        <td><input type="password" name="password2" id="password2" /></td>
    </tr>
    <tr>
        <td>&nbsp;</td>
        <td><input type="button" onclick="resetPassword();" value="<?php echo gettext('Reset Password');?>" /></td>
    </tr>
</table>
<?php 
}

/**
 * Function called via AJAX to update the administrator flag on a user. 
 *
 * @param int $uid
 * @param string $checked
 */
function updateAdmin($uid,$admin) {
    requireSystemAdmin();

    global $db;
    if($admin == "true") {
        $db->query("UPDATE user SET admin=1 WHERE uid=".escape($uid)." LIMIT 1");
    }
    if($admin == "false") {
        $db->query("UPDATE user SET admin=0 WHERE uid=".escape($uid)." LIMIT 1");
    }
}

/**
 * Function called via AJAX to update the activated flag on a user. 
 *
 * @param int $uid
 * @param string $checked
 */
function updateActivated($uid,$admin) {
    requireSystemAdmin();
    
    global $db;
    if($admin == "true") {
        $db->query("UPDATE user SET confirmed=1 WHERE uid=".escape($uid)." LIMIT 1");
    }
    if($admin == "false") {
        $db->query("UPDATE user SET confirmed=0 WHERE uid=".escape($uid)." LIMIT 1");
    }
}

/**
 * Function called via AJAX to delete a user from KORA
 *
 * @param int $uid
 */
function deleteUser($uid) {
    requireSystemAdmin();
    global $db;
    if($uid && $uid != 1){  //don't delete the first user - its koraadmin
        $db->query("DELETE FROM user WHERE uid=".escape($uid)." LIMIT 1");
        $db->query("DELETE FROM member WHERE uid=".escape($uid));    
    }
    loadNames();
}

/**
 * Function called via AJAX to modify permissions for a group in a project
 *
 * @param string $permission
 * @param int $checked
 * @param int $gid
 */
function updateGroupPerms($permission, $checked, $gid) {
    requireProjectAdmin();
    global $db;
    $currentPerms = $array['permissons'];
    if($permission == "adminbox")
       $perms = PROJECT_ADMIN;
    if($permission == "ingestbox")
        $perms = INGEST_RECORD;
    if($permission == "deleteobjbox")
        $perms = DELETE_RECORD;
    if($permission == "editbox")
        $perms = EDIT_LAYOUT;
    if($permission == "createbox")
        $perms = CREATE_SCHEME;
    if($permission == "deleteschemebox")
        $perms = DELETE_SCHEME;
    if($permission == "exportbox")
        $perms = EXPORT_SCHEME;
    if($checked) {
        $db->query("UPDATE permGroup SET permissions=(permissions+$perms) WHERE gid=".escape($gid)." LIMIT 1");
    }
    else {
        $db->query("UPDATE permGroup SET permissions=(permissions-$perms) WHERE gid=".escape($gid)." LIMIT 1");
    }
}

/**
 * outputs the groups for a project, used via AJAX call.  Also dissalows deletion of admin and default groups for project.
 * Also includes the form for adding a new group at the end of the display of current groups.
 */
function showGroups() {
    requireProjectAdmin();
    global $db;
    if(isset($_SESSION['currentProject']) && !empty($_SESSION['currentProject'])) {
        $results = $db->query('SELECT defaultgid,admingid FROM project WHERE pid='.escape($_SESSION['currentProject']).' LIMIT 1');
        $array = $results->fetch_assoc();
        $admingid = $array['admingid'];
        $defaultgid = $array['defaultgid'];
        $results = $db->query('SELECT * FROM permGroup WHERE pid='.escape($_SESSION['currentProject']));
        echo '<table class="table">
        	<th>'.gettext('Name').'</th>
        	<th>'.gettext('Admin').'</th>
        	<th>'.gettext('Ingest Obj').'</th>
        	<th>'.gettext('Delete Obj').'</th>
        	<th>'.gettext('Edit Layout').'</th>
        	<th>'.gettext('Create Scheme').'</th>
        	<th>'.gettext('Delete Scheme').'</th>
        	<th>'.gettext('Export Scheme').'</th>
        	<th>'.gettext('Action').'</th>';
        while($array = $results->fetch_assoc()) {
            echo '<tr><td><div style="width: 200px; overflow: hidden;">'.htmlEscape($array['name']).'</td>
            <td><input type="checkbox" name="adminbox_'.$array['gid'].'" id="adminbox_'.$array['gid'].'" onclick="modperms(this)" ';
            if($array['permissions'] & PROJECT_ADMIN )
                echo ' checked="true" ';
            if($array['gid'] == $admingid)
                echo ' disabled="true" ';
            echo ' /></td><td><input type="checkbox" name="ingestbox_'.$array['gid'].'" id="ingestbox_'.$array['gid'].'" onclick="modperms(this)" ';
            if($array['permissions'] & INGEST_RECORD )
                echo ' checked="true" ';
            if($array['gid'] == $admingid)
                echo ' disabled="true" ';
            echo ' /></td><td><input type="checkbox" name="deleteobjbox_'.$array['gid'].'" id="deleteobjbox_'.$array['gid'].'" onclick="modperms(this)" ';
            if($array['permissions'] & DELETE_RECORD )
                echo ' checked="true" ';
            if($array['gid'] == $admingid)
                echo ' disabled="true" ';
            echo ' /></td><td><input type="checkbox" name="editbox_'.$array['gid'].'" id="editbox_'.$array['gid'].'" onclick="modperms(this)" ';
            if($array['permissions'] & EDIT_LAYOUT )
                echo ' checked="true" ';
            if($array['gid'] == $admingid)
                echo ' disabled="true" ';
            echo ' /></td><td><input type="checkbox" name="createbox_'.$array['gid'].'" id="createbox_'.$array['gid'].'" onclick="modperms(this)" ';
            if($array['permissions'] & CREATE_SCHEME )
                echo ' checked="true" ';
            if($array['gid'] == $admingid)
                echo ' disabled="true" ';
            echo ' /></td><td><input type="checkbox" name="deleteschemebox_'.$array['gid'].'" id="deleteschemebox_'.$array['gid'].'" onclick="modperms(this)" ';
            if($array['permissions'] & DELETE_SCHEME )
                echo ' checked="true" ';
            if($array['gid'] == $admingid)
                echo ' disabled="true" ';
            echo ' /></td><td><input type="checkbox" name="exportbox_'.$array['gid'].'" id="exportbox_'.$array['gid'].'" onclick="modperms(this)" ';
            if($array['permissions'] & EXPORT_SCHEME )
                echo ' checked="true" ';
            if($array['gid'] == $admingid)
                echo ' disabled="true" ';
            echo ' /></td>';
            if($array['gid'] != $defaultgid && $array['gid'] != $admingid )
                echo '<td><a class="link" onclick="deleteGroup('.$array['gid'].')">X</a></td>';
            echo '</tr>';
        }
        echo '<br /><th>'.gettext('Add New Group').'</th>
        <tr><td><input type="textbox" name="groupname" id="groupname" /></td>
        <td><input type="checkbox" name="newadmin" id="newadmin" /></td>
        <td><input type="checkbox" name="newingestobj" id="newingestobj" /></td>
        <td><input type="checkbox" name="newdelobj" id="newdelobj" /></td>
        <td><input type="checkbox" name="newedit" id="newedit" /></td>
        <td><input type="checkbox" name="newcreate" id="newcreate" /></td>
        <td><input type="checkbox" name="newdelscheme" id="newdelscheme" /></td>
        <td><input type="checkbox" name="newexport" id="newexport"/></td>
        <td><a class="link" onclick="addGroup()">'.gettext('Add').'</a></tr>
        </table>';
    }
    else
       echo gettext('No project selected');
}

/**
 * Deletes a group from a project, specifed by $gid.  Sets any users that were still in that group to the defaultgid for the project. 
 *
 * @param int $gid
 */
function deleteGroup($gid){
    requireProjectAdmin();
    global $db;
    $result = $db->query("SELECT defaultgid FROM project where pid=$_SESSION[currentProject] LIMIT 1");
    $array = $result->fetch_assoc();
    $db->query("UPDATE member SET gid=$array[defaultgid] WHERE gid=$gid");
    $db->query("DELETE FROM permGroup where gid=".escape($gid)." LIMIT 1");
    showGroups();
}
 
/**
 * Takes in the name and permissions for a group, then creates a new group for the current project.
 *
 * @param string $name
 * @param string $admin
 * @param string $ingestobj
 * @param string $delobj
 * @param string $edit
 * @param string $create
 * @param string $delscheme
 * @param string $export
 */
function addGroup($name,$admin,$ingestobj,$delobj,$edit,$create,$delscheme,$export) {
    requireProjectAdmin(); 
    global $db;
    $perms = 0;
    if(!empty($name)) {
        if($admin == "true")
           $perms += PROJECT_ADMIN;
        if($ingestobj == "true")
           $perms += INGEST_RECORD;
        if($delobj == "true")
           $perms += DELETE_RECORD;
        if($edit == "true")
           $perms += EDIT_LAYOUT;
        if($create == "true")
           $perms += CREATE_SCHEME;
        if($delscheme == "true")
           $perms += DELETE_SCHEME;
        if($export == "true")
           $perms += EXPORT_SCHEME;
        $db->query("INSERT INTO permGroup (pid,name,permissions) VALUES ($_SESSION[currentProject],".escape($name).",$perms)");
    }
    showGroups();
}

/**
 * Shows Project users for a specific project, used via AJAX call.
 */
function showProjectUsers() {
    requireProjectAdmin();
    global $db;
    $result = $db->query("select member.uid,permGroup.gid, permGroup.name,user.username FROM member JOIN user ON (member.uid = user.uid)
JOIN permGroup ON (member.gid = permGroup.gid) WHERE member.gid != 0 AND user.searchAccount=0 AND member.pid = $_SESSION[currentProject]");
    if($result) {
        echo '<table class="table"><th>'.gettext('Username').'</th><th>'.gettext('Group').'</th><th>'.gettext('Action').'</th>';       
        while($array = $result->fetch_assoc()) {
                 echo '<tr><td>'.htmlEscape($array['username']).'</td><td>'.htmlEscape($array['name']).'</td><td><a class="delete" onclick="deleteProjectUser('.$array['uid'].')">X</a></td></tr>';       
        }
        $result = $db->query("SELECT user.username,user.uid FROM user 
        WHERE uid NOT IN (SELECT member.uid from member,permGroup WHERE member.pid = $_SESSION[currentProject] 
        AND member.gid != permGroup.gid) AND user.searchAccount=0 ORDER BY user.username ASC");
        echo $db->error;
        echo '<tr><td><select name="useradd" id="useradd">';
        while($array = $result->fetch_assoc()) {
            //print_r($array);
            echo '<option value="'.$array['uid'].'">'.htmlEscape($array['username']).'</option>';
        }
        echo '</select></td><td><select name="groupadd" id="groupadd">';
        $result = $db->query("SELECT name,gid FROM permGroup WHERE pid=$_SESSION[currentProject]");
        while($array = $result->fetch_assoc()) {
            echo '<option value="'.$array['gid'].'">'.htmlEscape($array['name']).'</option>';
        }
        echo '</select></td><td><a class="link" onclick="addProjectUser()">'.gettext('Add').'</a></td></tr>';
        echo '</table>';
    }
}

/**
 * Adds a user to a project, using the specified group passed in to the function.
 *
 * @param int $user
 * @param int $group
 */
function addProjectUser($user,$group) {
    requireProjectAdmin();
    global $db;
    $db->query("INSERT INTO member (uid,pid,gid) VALUES ($user,$_SESSION[currentProject],$group)");
    showProjectUsers();
}

/**
 * Deletes the user specified in $user from the project
 *
 * @param int $user
 */
function deleteProjectUser($user) {
    requireProjectAdmin();
    global $db;
    $db->query("DELETE FROM member WHERE uid=$user AND pid=$_SESSION[currentProject] LIMIT 1");
    
    showProjectUsers();
}


function resetPassword($user, $password)
{
	requireSystemAdmin();
	global $db;

	// Hash the password
    $salt = time();
    $sha256 = hash_init('sha256');
    hash_update($sha256, $password);
    hash_update($sha256, $salt);
    $pwhash = hash_final($sha256);	
	$db->query('UPDATE user SET password='.escape($pwhash).', salt='.escape($salt).' WHERE uid='.escape($user).' LIMIT 1');
	
	loadNames();
}

if(isset($_POST['action']) && isset($_POST['source']) && $_POST['source'] == 'UserFunctions')
{
    $action = $_POST['action'];
    if ($action == 'updateAdmin') {
        updateAdmin($_POST['uid'],$_POST['admin']);
        loadNames();
    }
    elseif ($action == 'updateActivated') {
    	updateActivated($_POST['uid'], $_POST['activated']);
    	loadNames();
    }
    elseif ($action == 'loadNames') {
        loadNames();
    }
    elseif ($action == 'deleteUser') {
        deleteUser($_POST['uid']);
    }
    elseif($action == 'checkUsername') {
        checkUsername($_POST['uname']);
    }
    elseif ($action == 'updateGroupPerms') {
        updateGroupPerms($_POST['permission'], $_POST['checked'], $_POST['gid']);
    }
    elseif ($action == 'showGroups') {
        showGroups();
    }
    elseif ($action == 'deleteGroup') {
        deleteGroup($_POST['gid']);
    }
    elseif ($action == 'addGroup') {
        addGroup($_POST['name'],$_POST['admin'],$_POST['ingestobj'],$_POST['delobj'],$_POST['edit'],$_POST['create'],$_POST['delscheme'],$_POST['exports']);
    }
    elseif ($action == 'showProjectUsers') {
        showProjectUsers();
    }
    elseif ($action == 'addProjectUser') {
        addProjectUser($_POST['user'],$_POST['group']);
    }
    elseif ($action == 'deleteProjectUser') {
        deleteProjectUser($_POST['user']);
    }
    elseif ($action == 'resetPassword') {
    	resetPassword($_POST['user'], $_POST['password']);
    }
}
?>
Return current item: KORA