Location: PHPKode > projects > PSlash > pslash-0.70/html/admin/manageAdmin.php
<?
###############################################################################
# Copyright (C) 2000  Derek Leung
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# You may modify your copy or copies of this Program or any portion of it,
# but you must cause the modified files to carry prominent notices stating 
# that you changed the files and the date of any change.  And you are required 
# to keep a copy of this License along with this Program.
#
# You are not required to accept this License, since you have not signed it. 
# However, nothing else grants you permission to modify or distribute this 
# Program or its derivative works. These actions are prohibited by law if 
# you do not accept this License. Therefore, by modifying or distributing 
# this Program (or any work based on this Program), you indicate your 
# acceptance of this License to do so, and all its terms and conditions 
# for copying, distributing or modifying this Program or works based on it.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
# See the GNU General Public License for more details.
# http://www.opensource.org/licenses/gpl-license.html
###############################################################################

global $config;

// kick out anyone try to access this file directly
if (eregi("admin/", $PHP_SELF)) {
    die ("Access Deny!");
}

/*********************************************************/
/* admin functions	                                     */
/*********************************************************/

function displayadmins($mesg) {

// display a list of admin/moderator
	global $config;

	// check if he has right to use this function
	$rightArray = getAdminRights();
	if (!in_array("2",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}
	
	ps_header("");
	?>
	
	<h3><?PHP echo translate("Assign Admin/Moderator"); ?> 
	<?
	if ($mesg) {
		echo " <small><font color=red>(".translate("$mesg").")</font></small>";
	}
	?>
	</h3>

	<a href="admin.php?op=assignAdmin"><?=translate("Assign Admin/Moderator")?></a><br>
	<?
	echo "<h3>".translate("Edit Admin Rights")."</h3>";
	$result = mysql_query("select uid, uname, rights, topicRights, status from ps_users where status <> 'member' order by uname");
	echo "<b>".translate("Admin/Moderators:")."</b>";
	?>

	<table border=1 cellpadding=3>
		<tr>
			<td align=center><b><?php echo translate("Uid"); ?></b></td>
			<td align=center><b><?php echo translate("Username"); ?></b></td>
			<td align=center><b><?php echo translate("Status"); ?></b></td>
			<td align=center><b><?php echo translate("AdminRights"); ?></b></td>
			<td align=center><b><?php echo translate("TopicRights"); ?></b></td>
		</tr>
	<?
	
	while(list($a_uid, $a_uname, $a_rights, $topicRights,$status) = mysql_fetch_row($result)) {
		$topics = getTopicRights($a_uid);
		echo "<tr>";
		echo "<td align=center>$a_uid</td>";
		echo "<td><a href=\"admin.php?op=modifyadmin&chng_uid=$a_uid\">$a_uname</a></td>";
		echo "<td>$status&nbsp;</td><td>$a_rights&nbsp;</td>";
		echo "<td>";

		// display the topic that the user have the right, and display 5 topics per line.
		$i=1;
		if (sizeof($topics) > 0) {
			foreach ($topics as $topic) {
				if (sizeof($topics) != 1) {
					if (sizeof($topics) == $i) {
						echo "$topic";
					} else {
						echo "$topic,";
					}
					$i++;
					if ($i % 5 ==0) {
						echo "<br>";
					}
				} else {
					echo "$topic";
				}
			}
		}
		
		echo "&nbsp;</td></tr>";
	}
	?>
	</table>
	<br>
	<? // show the legend of numbering we use ?>
	<table border=1 cellpadding=3>
	<tr>
		<td>1 = <?php echo translate("Moderate News"); ?></td>
		<td>2 = <?php echo translate("Add/Edit/Delete News"); ?></td>
		<td>3 = <?php echo translate("Add/Edit/Delete Blocks"); ?></td>
		</tr>
	<tr>
		<td>4 = <?php echo translate("Add/Edit/Delete Admin"); ?></td>
		<td>5 = <?php echo translate("Add/Edit/Delete Topics"); ?></td>
		<td>6 = <?php echo translate("Add/Edit/Delete Users"); ?></td>
		</tr>
	<tr>
		<td>7 = <?php echo translate("Add/Edit/Delete Polls"); ?></td>
		<td>8 = <?php echo translate("Add/Edit/Delete Article"); ?></td>
		<td>9 = <?php echo translate("Site Configuration"); ?></td>
	</tr>
	<tr>
		<td>10 = <?= translate("Screenshots Management");?></td>
		<td>&nbsp;</td>
		<td>&nbsp;</td>

	</tr>
	</table>

<?
	ps_footer("");
	unset($mesg,$rightArray,$result,$a_uid, $a_uname, $a_rights, $topicRights,$status,$topics,$topic,$i);
}


function modifyadmin($chng_uid) {

// show the page to modify the admin priviledge
	global $config;

	// check if he has right to use this function
	$rightArray = getAdminRights();
	if (!in_array("4",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}
	ps_header("");
	
	list($chng_uname, $chng_rights, $topicRights) = mysql_fetch_row(mysql_query("select uname, rights, topicRights from ps_users where uid='$chng_uid'"));

	// get the specific user admin right and put into an array
	$rightArray = getAdminRights($chng_uid);
	if ($topicRights) {
		$topicArray = explode(",",$topicRights);
	} else {
		$topicArray = array();
	}
	
	echo "<h3>" . translate("Edit Admin Rights")." ($chng_uname)</h3>";
	?>

	<? // we now display the checkbox for changing user admin right ?>
	<form action="admin.php" method="post">
		<input type=hidden name="adminUid" value="<? echo $chng_uid; ?>">
			<table border=1 cellpadding=3>
				<tr>
					<td>
						<input type=checkbox name="admin[modQueue]" value="1" 
						<? 
						if (in_array("1",$rightArray)) {
							echo "checked";
						}
						echo ">";
						?>
						<? echo translate("Moderate News"); ?>
					</td>
		
					<td>
						<input type=checkbox name="admin[modNews]" value="2"
						<? 
						if (in_array("2",$rightArray)) {
							echo "checked";
						}
						echo ">";
						?>
						<? echo translate("Add/Edit/Delete News"); ?>
					</td>

					<td>
						<input type=checkbox name="admin[modBlocks]" value="3"
							<? 
							if (in_array("3",$rightArray)) {
								echo "checked";
							}
							echo ">";
							?>
		
							<? echo translate("Add/Edit/Delete Blocks"); ?>
					</td>
				</tr>
				<tr>
					<td>
						<input type=checkbox name="admin[modAdmins]" value="4"
						<? 
						if (in_array("4",$rightArray)) {
							echo "checked";
						}
						echo ">";
						?>
						<? echo translate("Add/Edit/Delete Admin"); ?>
					</td>

					<td>
						<input type=checkbox name="admin[modTopics]" value="5"
						<? 
						if (in_array("5",$rightArray)) {
							echo "checked";
						}
						echo ">";
						?>
						<? echo translate("Add/Edit/Delete Topics"); ?>
					</td>

					<td>
						<input type=checkbox name="admin[modUsers]" value="6"
						<? 
						if (in_array("6",$rightArray)) {
							echo "checked";
						}
						echo ">";
						?>
						<? echo translate("Add/Edit/Delete Users"); ?>
					</td>
				</tr>
				<tr>
					<td>
						<input type=checkbox name="admin[modPolls]" value="7"
						<? 
						if (in_array("7",$rightArray)) {
							echo "checked";
						}
						echo ">";
						?>
						<? echo translate("Add/Edit/Delete Polls"); ?>
					</td>

					<td>
						<input type=checkbox name="admin[modArticle]" value="8"
						<? 
						if (in_array("8",$rightArray)) {
							echo "checked";
						}
						echo ">";
						?>
						<? echo translate("Add/Edit/Delete Article"); ?>
					</td>

					<td>
						<input type=checkbox name="admin[modSite]" value="9"
						<? 
						if (in_array("9",$rightArray)) {
							echo "checked";
						}
						echo ">";
						?>
						<? echo translate("Site Configuration"); ?>
					</td>
				</tr>
				<tr>
					<td>
						<input type=checkbox name="admin[modScreen]" value="10"
						<? 
						if (in_array("10",$rightArray)) {
							echo "checked";
						}
						echo ">";
						?>
						<? echo translate("Screenshots Management"); ?>
					</td>
		
					<td>&nbsp;</td>
					<td>&nbsp;</td>
				</tr>
		</table>


		<? // we now display the checkbox for the topic right
		echo "<h3>".translate("Edit Topic Rights")."</h3>";
		echo "<table border=1>";
			$result = mysql_query("select tid,topic from ps_topics");
			$i=0;

			// show a list of checkboxs for topic rght
			while (list($tid,$topic) = mysql_fetch_row($result)) {
				echo "<tr>";
				echo "<td>$topic</td>";
				echo "<td><input type=checkbox name=\"tid[$topic]\" value=\"$tid\" ";
				if (in_array($tid,$topicArray)) {
					echo "checked>";
				} else {
					echo ">";
				}
				echo "</td></tr>";
				$i++;
			}
			?>
		</table>
		<input type="hidden" name="op" value="UpdateAdmin">
		<input type="submit" value="<?PHP echo translate("Update Admin");?>">
	</form>
	<?
	ps_footer("");
	unset($chng_uid,$rightArray,$chng_uname, $chng_rights, $topicRights,$result,$topicArray,$tid,$topic,$i);
}


function updateAdmin($adminUid,$admin,$tid) {

// update the user admin priviledge
	global $config;

	// check if he has right to use this function
	$rightArray = getAdminRights();
	if (!in_array("4",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}
	
	// do the work below
	$i=0;
	if (sizeof($tid) > 0) {
		while (list($key,$val) = each ($tid)) {
			$topicRight[$i] = $val;
			$i++;
		}
		$topicStr = implode(",",$topicRight);
		mysql_query("update ps_users set topicRights='$topicStr' where uid=$adminUid");
	} else {
		mysql_query("update ps_users set topicRights='' where uid=$adminUid");
	}

	// break the array and put it into one single string
	$i=0;
	if (sizeof($admin) > 0) {
		while (list($key,$val) = each ($admin)) {
			$adminRight[$i] = $val;
			$i++;
		}
		$adminStr = implode(",",$adminRight);
		mysql_query("update ps_users set rights='$adminStr' where uid=$adminUid");
	}
	$mesg = translate("Operation+Successful!");
	unset($adminUid,$admin,$tid,$rightArray,$i,$key,$val,$topicRight,$topicStr,$adminStr,$adminRight);
	header("Location: admin.php?mesg=$mesg&op=editAdmin");

}

function assignAdmin($uid,$action="",$status="",$startNum="",$uname="",$mesg, $letter,$sortby,$orderby,$page) {

// show a list of users for assigning to be an admin/moderator
	global $config;
	
	// check if he has right to user this function
	$rightArray = getAdminRights();
	if (!in_array("4",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	switch($action) {
		case "update":
			// we now do the update
			mysql_query("update ps_users set status='$status' where uid=$uid");
			$mesg = translate("Operation+Successful!");
			header("Location: admin.php?mesg=$mesg&op=assignAdmin");
			break;
		case "edit":
			// show the radio box for assigning
			if ($uname != "") {
				list($uid) = mysql_fetch_row(mysql_query("select uid from ps_users where uname='$uname'"));
				if ($uid =="") {
					errorPage("No such User!",$config[def_theme]);
				}
			}
			$result = mysql_query("select uname,status from ps_users where uid=$uid");
			list($uname,$status) = mysql_fetch_row($result);
			ps_header("");
			echo "<h3>". sprintf(translate("Assign position for %s"),$uname) . "</h3>";
			echo "<form method=\"POST\" action=\"admin.php\">";
			echo "<table border=1>";
			echo "<tr>";
			echo "<td>".sprintf(translate("I want to assign %s as an Admin"),$uname) ."</td>"; 
			echo "<td><input type=\"radio\" value=\"Admin\" name=\"status\" " ;
			if ($status == "Admin") echo "Checked";
			echo " ></td></tr>";

			echo "<tr>";
			echo "<td>" . sprintf(translate("I want to assign %s as a moderator"),$uname) . "</td>"; 
			echo "<td><input type=\"radio\" value=\"Moderator\" name=\"status\" ";
			if ($status == "Moderator") echo "Checked";
			echo " ></td></tr>";
	
			echo "<tr>";
			echo "<td>" . sprintf(translate("I want to assign %s as a member"),$uname) . "</td>"; 
			echo "<td><input type=\"radio\" value=\"member\" name=\"status\" ";
			if ($status == "member") echo "Checked";
			echo " ></td></tr>";

			echo "<input type=hidden name=uid value=$uid>";
			echo "<input type=hidden name=action value=update>";
			echo "<input type=hidden name=op value=assignAdmin>";
			echo "</table>";
			echo "<input type=\"submit\" value=\"submit\">";
			echo "</form>";
			ps_footer("");
			unset($uid,$action,$status,$startNum,$uname,$mesg,$rightArray,$result);
			break;
		
		default:
			ps_header("");


			echo "<h3>" . translate("Choose a user to assign") ;
			if ($mesg) {
				echo " <font color=red><small>(".translate("$mesg").")</small></font>";
			}
			echo "</h3>";
			
			echo "<form method=post  action=\"admin.php\">";
			echo "<b>".translate("Handle").": </b> <input type=text name=\"uname\" size=10>\n";
			echo "<input type=hidden name=op value=\"assignAdmin\">";
			echo "<input type=hidden name=action value=\"edit\">";
			echo "<input type=\"submit\" value=\"".translate("Go!")."\"></form>";

			// initialize variable
			if ($config[root_relative_path] == "/") {
				$rootPath = "";
			} else {
				$rootPath = $config[root_relative_path];
			}
			$pagesize = 20; 
			$filepath="$rootPath/admin.php?op=assignAdmin";
			if (!isset($letter)) { $letter = "All"; }
			if (!isset($sortby)) { $sortby = "uname"; }
			if (!isset($orderby)) { $orderby = "ASC"; }
			if (!isset($page)) { $page = 1; }

			// display the a list of alphabets 
			alpha($sortby,$filepath,"&");

			// initialize variables for sortlinks
			$input = array();
			$element[method]="uid";
			$element[name] = "UID";
			$input[] = $element;
			$element[method]="uname";
			$element[name] = "Username";
			$input[] = $element;
			$element[method]="status";
			$element[name] = "Status";
			$input[] = $element;
			$element[method]="regDate";
			$element[name] = "Register Date";
			$input[] = $element;
			$element[method]="loginIP";
			$element[name] = "Login IP";
			$input[] = $element;
			$element[method]="loginTime";
			$element[name] = "Login Time";
			$input[] = $element;
			

			SortLinks($sortby,$filepath,$letter,"&",$input);
			echo "<BR><center>";
			$input=NULL;
			unset($input);

			// caculate minimum and maximum
			$min = $pagesize * ($page - 1); // This is where we start our record set from
			$max = $pagesize; // This is how many rows to select


			// select the users now
			$select = "select uid, uname, status, regDate, loginIP, loginTime from ps_users "; 

			// sort by alphabet
			if ( ( $letter != "Other" ) AND ( $letter != "All" ) ) {  
				$where = "where uname like '".$letter."%' "; 
				
			// sort by Others..like numbers
			} else if ( ( $letter == "Other" ) AND ( $letter != "All" ) ) { 
					$where = "where uname REGEXP \"^\[1-9]\" "; 
					
			// no where clause
			} else { 
					$where = ""; 		
			}

			// sort by base on $sortby input
			$sort = "order by $sortby"; 

			// limit the selection
			$limit = " $orderby LIMIT ".$min.", ".$max; 
				

			// count how many users base on where clause
			$count_result = mysql_query($select.$where);
			$num_rows_per_order = mysql_num_rows($count_result);
			if ($count_result) {
				mysql_free_result($count_result);
			}
				
			// do the query now
			$result = mysql_query($select.$where.$sort.$limit) or die(mysql_error() );

			//number of users per sorted and limit query
			$num_rows = mysql_num_rows($result); 



			echo "<table width=\"100%\" border=\"0\" cellspacing=\"2\" class=sidebox>";
			echo "<tr>";
			echo "<td class=sideboxtop><b>Uid</b></td>";
			echo "<td class=sideboxtop><b>". translate("Username") ."</b></td>";
			echo "<td class=sideboxtop><b>" . translate("Status") . "</b></td>";
			echo "<td class=sideboxtop><b>" . translate("Register Date") . "</b></td>";
			echo "<td class=sideboxtop><b>" . translate("Login IP") . "</b></td>";
			echo "<td class=sideboxtop><b>" . translate("Login Time") . "</b></td>";
			echo "<td class=sideboxtop><b>".translate("Edit") . "</b></td>";
			echo "</tr>";

			// for alternate color
			$a = 0;
			$dcolor_A = "sidebox";
			$dcolor_B = "sidebox2";

			
			while (list($uid,$uname,$status,$regDate,$loginIP,$loginTime) = mysql_fetch_row($result)) {
				$dcolor = ($a == 0 ? $dcolor_A : $dcolor_B);
				$regDate = formatShortTimestamp($regDate);
				$loginTime = formatShortTimeStamp($loginTime);
				echo"<tr>";
				echo "<td class=$dcolor>$uid</td>";
				echo "<td class=$dcolor>$uname</td>";
				echo "<td class=$dcolor>$status</td>";
				echo "<td class=$dcolor>$regDate&nbsp;</td>";
				echo "<td class=$dcolor>$loginIP&nbsp;</td>";
				echo "<td class=$dcolor>$loginTime&nbsp;</td>";
				echo "<td class=$dcolor><a href=\"admin.php?op=assignAdmin&action=edit&uid=$uid\">".translate("Edit")."</a></td>";
				echo "</tr>";
				$a = ($dcolor == $dcolor_A ? 1 : 0);
			}
			echo "</table>";
				
			// initialize the variable for numberLink call
			$input[num_rows_per_order] = $num_rows_per_order;
			$input[pagesize] = $pagesize;
			$input[num_rows] = $num_rows;
			$input[page] = $page;
			$input[item] = "user(s)";
			$input[letter] = $letter;
			$input[sortby] = $sortby;
			$input[filepath] = $filepath;
			$input[orderby]	= $orderby;
			$input[separator] = "&";

			numberLink($input);
			
			ps_footer("");
			unset($uid,$action,$status,$startNum,$uname,$mesg,$rightArray,$result,$startNum,$next,$totalrow,$count);
			break;
	}

}


?>
Return current item: PSlash