<?
//$Id: index.php,v 1.2 2002/10/07 06:06:10 rampart Exp $
/**
*
* Uma Example Page
*
* Copyright (C) 2002 Vance Consulting LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* is library is distributed in the hope that it will be useful,
* t WITHOUT ANY WARRANTY; without even the implied warranty of
* RCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* http://www.vanceconsulting.net/
* hide@address.com
*
* Uma SourceForge Site: http://rampart.sourceforge.net/
*
* Description:
* Example page protected by Uma.
* The important things to note:
* - You have to be able include Uma.inc.php, DataObject,class.php,
* config.php and authenticator.php must be in your include_path.
* How you accomplish that is up to you. Make note that config.php
* is going to contain your db password, so you might want to put
* that outside of the web server's document directory structure.
*
* TODO
* Better handling of passwords when the come from a form and we have to
* check whether a password matches a confirmation password and how to handle
* when user data is submitted and not updated the password to being blank.
* I poor example of how to do such things is displayed below. It's very ugly
* and needs to more elegantly designed.
*
*/
ini_set('include_path', @current(file('mepath.php'))); // you don't have to set your include_path like this, I do it because I thought it was idea at one time. Now I am not so sure.
require("Uma.inc.php");
require("Utils.class.php");
require("authenticator.php");
session_start();
define('GUEST_ID', 1);
$operation = $_POST['op'];
if (!$operation) $operation = $_GET['op'];
if (!$operation) $operation = 'addservice';
$gotSelected = FALSE;
$u = $_SESSION['rampartUser'];
$content = "welcome";
$title = "Uma - PHP User Management System";
switch ($operation) {
case "deleteuser":
if ($_GET['id']) {
$du = new User($_GET['id']);
$du->clearPermissions();
$du->delete();
}
header("location:index.php");
exit;
break;
case "addservice":
$service = new Service();
$services = $service->getAll();
$content = 'addservice';
break;
case "editservice":
$service = new Service($_GET['id']);
$content = 'editservice';
break;
case "commitservice":
if ($_POST['id']) {
$newservice = new Service($_POST['id']);
} else {
$newservice = new Service();
}
$newservice->set('name', $_POST['sname']);
$newservice->set('description', $_POST['sdesc']);
$newservice->save();
header("location:index.php?op=addservice");
exit;
break;
case "deleteservice":
if ($_GET['id']) {
$su = new Service($_GET['id']);
$su->delete(TRUE);
}
header("location:index.php");
exit;
break;
case "adduser":
$s = new Service();
$services = $s->getAll();
$p = new Passphrase();
$passphrases = $p->getAll();
$su = new User();
$title = "Add User";
$msg = "You have to enter at least the username and password. Everything else is optional.";
$content = "adduser";
break;
case "edituser":
$p = new Passphrase();
$passphrases = $p->getAll();
$service = new Service();
$services = $service->getAll();
$title = "Update User";
$content = "adduser";
$msg = '<font color="#000000"><b>If the password is left blank, the user\'s password is left unchanged.</b></font>';
if ($_GET['msg']) $msg = $_GET['msg']."<br><br>$msg";
$su = new User($_GET['id']);
$userServiceIDS = @array_keys($su->getServices()); // we use this in the form so we can check the services the user already is associated.
if ($_GET['id'] && $su->get('id') == $_GET['id']) {
$title = "Update User";
} else {
$content = "welcome";
$title = "Uma - PHP User Management System";
}
$content = 'adduser';
break;
case "commituser":
$p = new Passphrase();
$passphrases = $p->getAll();
if ($_POST['formData']['id']) {
$su = new User($_POST['formData']['id']);
if ($_POST['form_password'] && ($_POST['form_password'] == $_POST['form_password_conf'])) {
$_POST['formData']['password'] = $_POST['form_password'];
} else {
$_POST['password'] = $su->get('password');
if ($_POST['form_password'] != $_POST['form_password_conf']) {
$msg = "<br><br>- Password NOT saved because the confirmation password did not match the password. If you still feel that changing this password is a good idea, try again.";
}
}
$su->setAll($_POST['formData']);
} else {
$su = new User($_POST['formData']);
if ($_POST['form_password'] != $_POST['form_password_conf']) {
$msg = "<br><br>- Password NOT change because the confirmation password did not match the password. If you still feel that changing this password is a good idea, try again.";
} else {
$su->set('password', $_POST['form_password']);
}
}
$su->clearPermissions();
if (is_array($_POST['uservice'])) {
foreach ($_POST['uservice'] as $id=>$value) {
if ($value == $id) {
$su->addService($id, $_POST['userviceperm'][$id]);
}
}
}
$su->save();
header("location:index.php");
exit;
break;
}
$users = $u->getAll(BY_USERNAME);
require('index.html.php');
?>