Location: PHPKode > projects > Pindorama > pindorama/active/components/users.php
<?php
/**
*                                                          
* @name    Pindorama Core Configuration                    
* @version 0.1
* @author  Guilherme Capilé <hide@address.com>           
*                                                          
*/
/*
    $pcom["users.pin_manage_users"]="login.dav";
    $pcom["users.pin_manage_cvs"]="login_cvs.dav";
*/

/**
*                                                          
* @name        pin_manage_users
* @deprecated  
* @version     0.11
*
* @author      Guilherme Capilé <hide@address.com>
*
* @global      $arg
* @global      $param
* @global      $c
* @global      $l
* 
* @see         pin_output_header()
* @see         pin_redirect()
* @see         pin_xsl_process()
* @see         pin_update_user()
* @see         pin_update_admin()
* @see         pin_read_permissions()
* @see         pin_logout()
*
* @return      
*/
function pin_manage_users()
{
    global $arg, $param, $c, $l;
    
    //logout
   	if (isset($_COOKIE["action"]) && $_COOKIE["action"]  == "logout") {
  		setcookie("action", "", time());
  	}
  	if($_GET["action"] == "logout" && $_COOKIE["action"] != "logout") {
		setcookie("action", "logout", time() + 600);
    		pin_logout();
    		exit();
  	} else if ($_GET["action"] == "logout") {
  	    pin_redirect($param["script-name"]);
  	}

    require($c["users"]."permissions.php");
    pin_output_header ($param["script-name"], FALSE, "php");
    pin_read_permissions ();
    if (in_array($param["auth-user"], explode(" ", $g["admin"]))) {
        pin_update_admin($param["auth-user"], $_POST["password"]);
        echo pin_xsl_process ("index:users", $c["stylesheets"]."dav/login_admin.xsl");
    } else {
        pin_update_user($param["auth-user"], $_POST["password"]);
        echo pin_xsl_process ("index:users", $c["stylesheets"]."dav/login.xsl");
    }
}

/**
*                                                          
* @name        pin_manage_cvs
* @deprecated  
* @version     0.11
*
* @author      Guilherme Capilé <hide@address.com>
*
* @global      $arg
* @global      $param
* @global      $c
* @global      $l
* 
* @see         pin_output_header()
* @see         pin_redirect()
* @see         pin_xsl_process()
* @see         pin_update_cvs()
* @see         pin_read_permission()
*
* @return      
*/
function pin_manage_cvs()
{
    global $arg, $param, $c, $l;
    
    require($c["users"]."permissions.php");
    pin_read_permissions ();
    if (in_array($param["user"], explode(" ", $g["admin"]))) {
    	if (count($_POST) > 0) {
    		pin_update_cvs($param["auth-user"], $_POST["password"]);
    	}
    	if ($_GET["download"] != "") {
		    pin_output_header ($param["script-name"], FALSE, "txt");
    	    echo pin_xsl_process ("index:users", $c["stylesheets"]."dav/login_cvs_download.xsl");
    	} else {
		    pin_output_header ($param["script-name"], FALSE, "php");
    	    echo pin_xsl_process ("index:users", $c["stylesheets"]."dav/login_cvs.xsl");
    	}
    } else {
    	pin_redirect("/start");
    }
}

/**
*                                                          
* @name        pin_update_cvs
* @deprecated  
* @version     0.11
*
* @author      Guilherme Capilé <hide@address.com>
*
* @param       $user
* @param       $pass
*
* @global      $arg
* @global      $param
* @global      $c
* @global      $l
* 
* @see         pin_xsl_process()
* @see         pin_check_user()
* @see         pin_save_file()
* @see         pin_parse_cvs()
* @see         pin_send_message()
*
* @return      
*/
function pin_update_cvs ($user, $pass)
{ // atualiza os dados dos usuários a partir de informações enviadas em arquivo anexados
    global $arg, $param, $c, $l;
    $files = $_FILES;
    if (count($_FILES) > 0) {
	    foreach ($_FILES as $k=>$v) {
	        $tmpnames = $v["tmp_name"];
	        foreach ($tmpnames as $tmpfile) {
	            if (is_uploaded_file($tmpfile)) {
	                $content = pin_parse_cvs(file_get_contents($tmpfile), array("login"=>array("/[\s\;\&\<\>\\\\\/]/", "_")));
	                pin_save_file($c["users"]."tmp.$user", $content);
	                $param["tmp-file-update"] = "tmp.$user";
	            }
	        }
	    }
    } else if ($_POST["update-file"] != "" && is_file($c["users"].$_POST["update-file"])) {
        if (pin_check_user($user, $pass)) {
            $todo = $_POST["upload-action"];
            $param["edit-action"] = $todo;
            if ($todo == "edit-user" || $todo == "delete-user") {
                $arg["update"] = file_get_contents($c["users"].$_POST["update-file"]);
                if (pin_xsl_process ($c["index"]."users.xml", $c["stylesheets"]."dav/login_update_cvs.xsl", $c["index"]."users.xml")) {
                    pin_send_message($l["msg"]["userinfo2"].$l["msg"]["success_ending2"]);
                    return true;
                } else {
                    pin_send_message($l["msg"]["userinfo"].$l["msg"]["failure_ending2"]);
                    return false;
                }
            }
        } else if (isset($_POST["password"])) {
            
            pin_send_message($l["msg"]["wrong_password"]);
            return false;
        }
    }
            
    return true;
} // update_cvs

/**
*                                                          
* @name        pin_parse_cvs
* @deprecated  
* @version     0.11
*
* @author      Guilherme Capilé <hide@address.com>
*
* @param       $str
* @param       $rules (Default = array)
*
* @global      $arg
* @global      $param
* @global      $c
* @global      $l
* 
* @see         pin_check_xml()
*
* @return      
*/
function pin_parse_cvs($str, $rules = array()) {
	global $arg, $c;
	$search[] = "/\t/";
	$replace[] = " ";
	$search[] = "/\r/";
	$replace[] = "";
	$search[] = "/\#.*/";
	$replace[] = "";
	$search[] = "/(\\\"|\')? *\, *(\\\"|\')?/";
	$replace[] = "\t";
	$str = preg_replace($search, $replace, $str);
	$str = preg_replace("/^(\\\"|\')/m", "", $str);
	$str = preg_replace("/(\\\"|\')$/m", "", $str);
	$arr = split("\n", $str);
	$lno = 0;
	$xmlstruct = "";
	foreach ($arr as $line) {
		if (trim($line) != "") {
			$struct[] = split("\t", $line);
			if ($lno == 0) {
				foreach ($struct[0] as $tmplabel) {
					$label[] = preg_replace("/[^a-z0-9\.\_\-]/i", "_", trim($tmplabel));
				}
			} else {
				$xmlstruct .= "<line>";
				$pos = 0;
				foreach ($struct[$lno] as $tmp) {
					if ($label[$pos] != "") {
						$el = $label[$pos];
					} else {
						$el = "undef";
					}
					if (isset($el, $rules[$el][0])) {
					    $tmp = preg_replace($rules[$el][0], $rules[$el][1], $tmp);
					} 
					$xmlstruct .= "<$el>".trim($tmp)."</$el>";
					$pos++;
				}
				$xmlstruct .= "</line>";
			}
			$lno++;
		}
	}
	$arg["cvs"] = $c["xmlpi"]."<cvs>".pin_check_xml($xmlstruct)."</cvs>";
	return $arg["cvs"];
	
} // parse_cvs


/**
*                                                          
* @name        pin_xml_crypt
* @deprecated  
* @version     0.11
*
* @author      Guilherme Capilé <hide@address.com>
*
* @param       $str
* 
* @return      
*/
function pin_xml_crypt($str)
{
    return "<crypt>".crypt($str)."</crypt>";
} 


/**
*                                                          
* @name        pin_update_user
* @deprecated  
* @version     0.11
*
* @author      Guilherme Capilé <hide@address.com>
* 
* @param       $user
* @param       $pass
* @param       $user_toupdate (Default = "")
*
* @global      $arg
* @global      $param
* @global      $c
* @global      $l
* 
* @see         pin_check_user()
* @see         pin_send_message()
* @see         pin_xsl_process()
* @see         pin_redirect()
*
* @return      
*/
function pin_update_user($user, $pass, $user_toupdate = "")
{
    global $arg, $c, $param, $l;
    if (pin_check_user($user, $pass)) {
        if ($user_toupdate != "") {
            $user = $user_toupdate;
        }
        if (isset($_POST["password-update"])){
            if ($_POST["password-update"] == $_POST["password-update-confirm"]) {
                $param["password-update"] = crypt($_POST["password-update"]);
            } else {
                pin_send_message($l["msg"]["wrong_password"]);
                return false;
            }
        }
        $arg["update"] = $c["xmlpi"]."<user><login>$user</login>".pin_xml_array($_POST["user"])."</user>";
        if (pin_xsl_process ($c["index"]."users.xml", $c["stylesheets"]."dav/login_update.xsl", $c["index"]."users.xml")) {
            pin_send_message($l["msg"]["userinfo"].$user.$l["msg"]["success_ending2"]);
            if (isset($param["password-update"]) && !isset($param["edit-action"])) {
                pin_send_message($l["msg"]["userpwd"].$user.$l["msg"]["success_ending"]);
                pin_redirect($param["script-name"]);
            }
            return true;
        } else { 
            pin_send_message($l["msg"]["userinfo"].$user.$l["msg"]["failure_ending2"]);
            return false;
        }
    } else if (isset($_POST["password"])) {
        pin_send_message($l["msg"]["wrong_password"]);
        return false;
    }
} // update_user

/**
*                                                          
* @name        pin_update_admin
* @deprecated  
* @version     0.11
*
* @author      Guilherme Capilé <hide@address.com>
*
* @param       @user
* @param       @pass
*
* @global      $arg
* @global      $param
* @global      $c
* @global      $l
* 
* @see         pin_seve_file()
* @see         pin_send_message()
* @see         pin_check_user()
* @see         pin_read_permissions()
* @see         pin_update_user()
*
* @return      
*/
function pin_update_admin($user, $pass)
{
    global $arg, $c, $param, $l;
    require($c["users"]."permissions.php");
    if (preg_match("/(new|edit|delete)\-(usergroups|group|permission)/", $_POST["edit-action"], $matches)) {
            //editando os grupos e permissões
        if (pin_check_user($user, $pass)) {
            $pcontent = file_get_contents($c["users"]."permissions.php");
            $pcontent = preg_replace("/\<\?php|\?\>/", "", $pcontent);
            $pcontent = trim($pcontent, " \t\r\n");
            $group = preg_replace("/[\s\;\&\<\>\\\\\/]/", "_", $_POST["login"]);
            $urlrule = preg_replace("/\'\;/", "", stripslashes($_POST["url"]));
            $urlrule = preg_replace("/^\//", "", $urlrule);
            $urlrule = preg_replace("/([^\\\\])\/$/", "\\1", $urlrule);
            if ($matches[1] == "new" && $matches[2] == "group" && $group != "") {
                if (!isset($g[$group])) {
                    $pcontent = "<?php\n".'$g["'.$group.'"] = "'hide@address.com(" ", $_POST["users"]).'";'."\n$pcontent\n?>";
                    pin_save_file($c["users"]."permissions.php", $pcontent);
                    pin_send_message($l["msg"]["group"].$group.$l["msg"]["success_ending_new"]);
                    pin_read_permissions ();
                    return true;
                } else {
                    pin_send_message($l["msg"]["group"].$group.$l["msg"]["failure_ending_exists"]);
                    return false;
                }
            } else if ($matches[1] == "new" && $matches[2] == "permission") {
                if ($urlrule != "") {
                    $i = count($p);
                    $pcontent = "<?php\n$pcontent\n\$p[$i][\"url\"] = '$urlrule';";
                    if (isset($_POST["users"])) {
                        $pcontent .= "\n\$p[$i][\"usr\"] = \""hide@address.com(" ", $_POST["users"])."\";";
                    }
                    if (isset($_POST["groups"])) {
                        $pcontent .= "\n\$p[$i][\"grp\"] = \""hide@address.com(" ", $_POST["groups"])."\";";
                    }
                    $pcontent .= "\n?>";
                    pin_save_file($c["users"]."permissions.php", $pcontent);
                    pin_send_message($l["msg"]["new_rule"]);
                    pin_read_permissions ();
                    return true;
                } else {
                    pin_send_message($l["msg"]["empty_rule"]);
                    return false;
                }
            } else if ($matches[1] == "edit" && $matches[2] == "group" && isset($g[$group])) {
                $search = '/\$g\[\"'.$group.'\"\][^\;]+\;\r?\n?/';
                $pcontent = preg_replace($search, "", $pcontent);
                $pcontent = "<?php\n".'$g["'.$group.'"] = "'hide@address.com(" ", $_POST["users"]).'";'."\n$pcontent\n?>";
                pin_save_file($c["users"]."permissions.php", $pcontent);
                pin_send_message($l["msg"]["groupinfo"].$group.$l["msg"]["success_ending"]);
                pin_read_permissions ();
                return true;
            } else if ($matches[1] == "edit" && $matches[2] == "usergroups") {
            	$newgroups = "";
            	$selgroups = $_POST["usergroups"];
            	foreach ($g as $k=>$v) {
            		if (in_array($k, $selgroups)) {
            			$newgroups .= "\$g['$k'] = '$group ".preg_replace("/ *$group */", " ", $v)."';\n";
            		} else {
            			$newgroups .= "\$g['$k'] = '".preg_replace("/ *$group */", " ", $v)."';\n";
            		}
            	}
            	$newgroups = str_replace(array("'", "  "), array('"', " "), $newgroups);
                $search = '/\$g\[\"[^\"]+\"\][^\;]+\;\r?\n?/';
                $pcontent = preg_replace($search, "", $pcontent);
                $pcontent = "<?php\n".$newgroups.$pcontent."\n?>";
                pin_save_file($c["users"]."permissions.php", $pcontent);
                pin_send_message($l["msg"]["userinfo"].$group.$l["msg"]["success_ending"]);
                pin_read_permissions ();
                return true;
            } else if ($matches[1] == "edit" && $matches[2] == "permission") {
                if ($urlrule != "") {
                    $i = $_POST["rule"];
                    
                    $search = '/\$p\['.$i.'\][^\;]+\;\r?\n?/';
                    $pcontent = preg_replace($search, "", $pcontent);
                    $pcontent = trim($pcontent, " \t\r\n");
                    $pcontent = "<?php\n$pcontent\n\$p[$i][\"url\"] = '$urlrule';";
                    if (isset($_POST["users"])) {
                        $pcontent .= "\n\$p[$i][\"usr\"] = \""hide@address.com(" ", $_POST["users"])."\";";
                    }
                    if (isset($_POST["groups"])) {
                        $pcontent .= "\n\$p[$i][\"grp\"] = \""hide@address.com(" ", $_POST["groups"])."\";";
                    }
                    $pcontent .= "\n?>";
                    pin_save_file($c["users"]."permissions.php", $pcontent);
                    pin_send_message($l["msg"]["success_rule"]);
                    pin_read_permissions ();
                    return true;
                } else {
                    pin_send_message($l["msg"]["empty_rule"]);
                    return false;
                }
            } else if ($matches[1] == "delete" && $matches[2] == "group" && isset($g[$group])) {
                $search = '/\$g\[\"'.$group.'\"\][^\;]+\;\r?\n?/';
                $pcontent = pin_preg_replace($search, "", $pcontent);
                $pcontent = "<?php\n$pcontent\n?>";
                pin_save_file($c["users"]."permissions.php", $pcontent);
                pin_send_message($l["msg"]["group"].$group.$l["msg"]["delete_ending"]);
                pin_read_permissions ();
                return true;
            } else if ($matches[1] == "delete" && $matches[2] == "permission") {
                if ($urlrule != "") {
                    $i = 0;
                    
                    $search = '/\$p\[[^\;]+\;\r?\n?/';
                    $pcontent = preg_replace($search, "", $pcontent);
                    $pcontent = trim($pcontent, " \t\r\n");
                    foreach ($p as $perm) {
                        if($perm["url"] != $urlrule) {
                            $pcontent .= "\n\$p[$i][\"url\"] = '".$perm["url"]."';";
                            if (isset($perm["usr"])) {
                                $pcontent .= "\n\$p[$i][\"usr\"] = \"".$perm["usr"]."\";";
                            }
                            if (isset($perm["grp"])) {
                                $pcontent .= "\n\$p[$i][\"grp\"] = \"".$perm["grp"]."\";";
                            }
                            $i++;
                        }
                    }
                    $pcontent = "<?php\n$pcontent\n?>";
                    pin_save_file($c["users"]."permissions.php", $pcontent);
                    pin_send_message($l["msg"]["success_rule"]);
                    pin_read_permissions ();
                    return true;
                } else {
                    pin_send_message($l["msg"]["empty_rule"]);
                    return false;
                }
            }
        } else if (isset($_POST["password"])) {
            pin_send_message($l["msg"]["wrong_password"]);
            return false;
        }
    } else {
        $param["edit-action"] = pin_clean_xml($_POST["edit-action"]);
        pin_update_user($param["auth-user"], $_POST["password"], preg_replace("/[\s]*/", "", $_POST["login"]));
    }
} // update_admin


/**
*                                                          
* @name        pin_read_permissions
* @deprecated  
* @version     0.11
*
* @author      Guilherme Capilé <hide@address.com>
*
* @global      $arg
* @global      $c
* 
* @see         pin_xml_array()
*
* @return      
*/
function pin_read_permissions () {
    global $arg, $c;
    
    include($c["users"]."permissions.php");
    $arg["permissions"] = $c["xmlpi"].'<xpml><resource name="groups">'.pin_xml_array($g).'</resource><resource name="permissions">';
    ksort($p);
    foreach ($p as $perm) {
        $arg["permissions"] .= "<permission>".pin_xml_array($perm)."</permission>";
    }
    $arg["permissions"] .= '</resource></xpml>';
}
?>
Return current item: Pindorama