<?
###############################################################################
# Copyright (C) 2000 Derek Leung
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# You may modify your copy or copies of this Program or any portion of it,
# but you must cause the modified files to carry prominent notices stating
# that you changed the files and the date of any change. And you are required
# to keep a copy of this License along with this Program.
#
# You are not required to accept this License, since you have not signed it.
# However, nothing else grants you permission to modify or distribute this
# Program or its derivative works. These actions are prohibited by law if
# you do not accept this License. Therefore, by modifying or distributing
# this Program (or any work based on this Program), you indicate your
# acceptance of this License to do so, and all its terms and conditions
# for copying, distributing or modifying this Program or works based on it.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# See the GNU General Public License for more details.
# http://www.opensource.org/licenses/gpl-license.html
###############################################################################
global $config;
// kick out anyone try to access this file directly
if (eregi("admin/", $PHP_SELF)) {
die ("Access Deny!");
}
/*********************************************************/
/* admin functions */
/*********************************************************/
function displayadmins($mesg) {
// display a list of admin/moderator
global $config;
// check if he has right to use this function
$rightArray = getAdminRights();
if (!in_array("2",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
ps_header("");
?>
<h3><?PHP echo translate("Assign Admin/Moderator"); ?>
<?
if ($mesg) {
echo " <small><font color=red>(".translate("$mesg").")</font></small>";
}
?>
</h3>
<a href="admin.php?op=assignAdmin"><?=translate("Assign Admin/Moderator")?></a><br>
<?
echo "<h3>".translate("Edit Admin Rights")."</h3>";
$result = mysql_query("select uid, uname, rights, topicRights, status from ps_users where status <> 'member' order by uname");
echo "<b>".translate("Admin/Moderators:")."</b>";
?>
<table border=1 cellpadding=3>
<tr>
<td align=center><b><?php echo translate("Uid"); ?></b></td>
<td align=center><b><?php echo translate("Username"); ?></b></td>
<td align=center><b><?php echo translate("Status"); ?></b></td>
<td align=center><b><?php echo translate("AdminRights"); ?></b></td>
<td align=center><b><?php echo translate("TopicRights"); ?></b></td>
</tr>
<?
while(list($a_uid, $a_uname, $a_rights, $topicRights,$status) = mysql_fetch_row($result)) {
$topics = getTopicRights($a_uid);
echo "<tr>";
echo "<td align=center>$a_uid</td>";
echo "<td><a href=\"admin.php?op=modifyadmin&chng_uid=$a_uid\">$a_uname</a></td>";
echo "<td>$status </td><td>$a_rights </td>";
echo "<td>";
// display the topic that the user have the right, and display 5 topics per line.
$i=1;
if (sizeof($topics) > 0) {
foreach ($topics as $topic) {
if (sizeof($topics) != 1) {
if (sizeof($topics) == $i) {
echo "$topic";
} else {
echo "$topic,";
}
$i++;
if ($i % 5 ==0) {
echo "<br>";
}
} else {
echo "$topic";
}
}
}
echo " </td></tr>";
}
?>
</table>
<br>
<? // show the legend of numbering we use ?>
<table border=1 cellpadding=3>
<tr>
<td>1 = <?php echo translate("Moderate News"); ?></td>
<td>2 = <?php echo translate("Add/Edit/Delete News"); ?></td>
<td>3 = <?php echo translate("Add/Edit/Delete Blocks"); ?></td>
</tr>
<tr>
<td>4 = <?php echo translate("Add/Edit/Delete Admin"); ?></td>
<td>5 = <?php echo translate("Add/Edit/Delete Topics"); ?></td>
<td>6 = <?php echo translate("Add/Edit/Delete Users"); ?></td>
</tr>
<tr>
<td>7 = <?php echo translate("Add/Edit/Delete Polls"); ?></td>
<td>8 = <?php echo translate("Add/Edit/Delete Article"); ?></td>
<td>9 = <?php echo translate("Site Configuration"); ?></td>
</tr>
<tr>
<td>10 = <?= translate("Screenshots Management");?></td>
<td> </td>
<td> </td>
</tr>
</table>
<?
ps_footer("");
unset($mesg,$rightArray,$result,$a_uid, $a_uname, $a_rights, $topicRights,$status,$topics,$topic,$i);
}
function modifyadmin($chng_uid) {
// show the page to modify the admin priviledge
global $config;
// check if he has right to use this function
$rightArray = getAdminRights();
if (!in_array("4",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
ps_header("");
list($chng_uname, $chng_rights, $topicRights) = mysql_fetch_row(mysql_query("select uname, rights, topicRights from ps_users where uid='$chng_uid'"));
// get the specific user admin right and put into an array
$rightArray = getAdminRights($chng_uid);
if ($topicRights) {
$topicArray = explode(",",$topicRights);
} else {
$topicArray = array();
}
echo "<h3>" . translate("Edit Admin Rights")." ($chng_uname)</h3>";
?>
<? // we now display the checkbox for changing user admin right ?>
<form action="admin.php" method="post">
<input type=hidden name="adminUid" value="<? echo $chng_uid; ?>">
<table border=1 cellpadding=3>
<tr>
<td>
<input type=checkbox name="admin[modQueue]" value="1"
<?
if (in_array("1",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Moderate News"); ?>
</td>
<td>
<input type=checkbox name="admin[modNews]" value="2"
<?
if (in_array("2",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Add/Edit/Delete News"); ?>
</td>
<td>
<input type=checkbox name="admin[modBlocks]" value="3"
<?
if (in_array("3",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Add/Edit/Delete Blocks"); ?>
</td>
</tr>
<tr>
<td>
<input type=checkbox name="admin[modAdmins]" value="4"
<?
if (in_array("4",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Add/Edit/Delete Admin"); ?>
</td>
<td>
<input type=checkbox name="admin[modTopics]" value="5"
<?
if (in_array("5",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Add/Edit/Delete Topics"); ?>
</td>
<td>
<input type=checkbox name="admin[modUsers]" value="6"
<?
if (in_array("6",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Add/Edit/Delete Users"); ?>
</td>
</tr>
<tr>
<td>
<input type=checkbox name="admin[modPolls]" value="7"
<?
if (in_array("7",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Add/Edit/Delete Polls"); ?>
</td>
<td>
<input type=checkbox name="admin[modArticle]" value="8"
<?
if (in_array("8",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Add/Edit/Delete Article"); ?>
</td>
<td>
<input type=checkbox name="admin[modSite]" value="9"
<?
if (in_array("9",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Site Configuration"); ?>
</td>
</tr>
<tr>
<td>
<input type=checkbox name="admin[modScreen]" value="10"
<?
if (in_array("10",$rightArray)) {
echo "checked";
}
echo ">";
?>
<? echo translate("Screenshots Management"); ?>
</td>
<td> </td>
<td> </td>
</tr>
</table>
<? // we now display the checkbox for the topic right
echo "<h3>".translate("Edit Topic Rights")."</h3>";
echo "<table border=1>";
$result = mysql_query("select tid,topic from ps_topics");
$i=0;
// show a list of checkboxs for topic rght
while (list($tid,$topic) = mysql_fetch_row($result)) {
echo "<tr>";
echo "<td>$topic</td>";
echo "<td><input type=checkbox name=\"tid[$topic]\" value=\"$tid\" ";
if (in_array($tid,$topicArray)) {
echo "checked>";
} else {
echo ">";
}
echo "</td></tr>";
$i++;
}
?>
</table>
<input type="hidden" name="op" value="UpdateAdmin">
<input type="submit" value="<?PHP echo translate("Update Admin");?>">
</form>
<?
ps_footer("");
unset($chng_uid,$rightArray,$chng_uname, $chng_rights, $topicRights,$result,$topicArray,$tid,$topic,$i);
}
function updateAdmin($adminUid,$admin,$tid) {
// update the user admin priviledge
global $config;
// check if he has right to use this function
$rightArray = getAdminRights();
if (!in_array("4",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
// do the work below
$i=0;
if (sizeof($tid) > 0) {
while (list($key,$val) = each ($tid)) {
$topicRight[$i] = $val;
$i++;
}
$topicStr = implode(",",$topicRight);
mysql_query("update ps_users set topicRights='$topicStr' where uid=$adminUid");
} else {
mysql_query("update ps_users set topicRights='' where uid=$adminUid");
}
// break the array and put it into one single string
$i=0;
if (sizeof($admin) > 0) {
while (list($key,$val) = each ($admin)) {
$adminRight[$i] = $val;
$i++;
}
$adminStr = implode(",",$adminRight);
mysql_query("update ps_users set rights='$adminStr' where uid=$adminUid");
}
$mesg = translate("Operation+Successful!");
unset($adminUid,$admin,$tid,$rightArray,$i,$key,$val,$topicRight,$topicStr,$adminStr,$adminRight);
header("Location: admin.php?mesg=$mesg&op=editAdmin");
}
function assignAdmin($uid,$action="",$status="",$startNum="",$uname="",$mesg, $letter,$sortby,$orderby,$page) {
// show a list of users for assigning to be an admin/moderator
global $config;
// check if he has right to user this function
$rightArray = getAdminRights();
if (!in_array("4",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
switch($action) {
case "update":
// we now do the update
mysql_query("update ps_users set status='$status' where uid=$uid");
$mesg = translate("Operation+Successful!");
header("Location: admin.php?mesg=$mesg&op=assignAdmin");
break;
case "edit":
// show the radio box for assigning
if ($uname != "") {
list($uid) = mysql_fetch_row(mysql_query("select uid from ps_users where uname='$uname'"));
if ($uid =="") {
errorPage("No such User!",$config[def_theme]);
}
}
$result = mysql_query("select uname,status from ps_users where uid=$uid");
list($uname,$status) = mysql_fetch_row($result);
ps_header("");
echo "<h3>". sprintf(translate("Assign position for %s"),$uname) . "</h3>";
echo "<form method=\"POST\" action=\"admin.php\">";
echo "<table border=1>";
echo "<tr>";
echo "<td>".sprintf(translate("I want to assign %s as an Admin"),$uname) ."</td>";
echo "<td><input type=\"radio\" value=\"Admin\" name=\"status\" " ;
if ($status == "Admin") echo "Checked";
echo " ></td></tr>";
echo "<tr>";
echo "<td>" . sprintf(translate("I want to assign %s as a moderator"),$uname) . "</td>";
echo "<td><input type=\"radio\" value=\"Moderator\" name=\"status\" ";
if ($status == "Moderator") echo "Checked";
echo " ></td></tr>";
echo "<tr>";
echo "<td>" . sprintf(translate("I want to assign %s as a member"),$uname) . "</td>";
echo "<td><input type=\"radio\" value=\"member\" name=\"status\" ";
if ($status == "member") echo "Checked";
echo " ></td></tr>";
echo "<input type=hidden name=uid value=$uid>";
echo "<input type=hidden name=action value=update>";
echo "<input type=hidden name=op value=assignAdmin>";
echo "</table>";
echo "<input type=\"submit\" value=\"submit\">";
echo "</form>";
ps_footer("");
unset($uid,$action,$status,$startNum,$uname,$mesg,$rightArray,$result);
break;
default:
ps_header("");
echo "<h3>" . translate("Choose a user to assign") ;
if ($mesg) {
echo " <font color=red><small>(".translate("$mesg").")</small></font>";
}
echo "</h3>";
echo "<form method=post action=\"admin.php\">";
echo "<b>".translate("Handle").": </b> <input type=text name=\"uname\" size=10>\n";
echo "<input type=hidden name=op value=\"assignAdmin\">";
echo "<input type=hidden name=action value=\"edit\">";
echo "<input type=\"submit\" value=\"".translate("Go!")."\"></form>";
// initialize variable
if ($config[root_relative_path] == "/") {
$rootPath = "";
} else {
$rootPath = $config[root_relative_path];
}
$pagesize = 20;
$filepath="$rootPath/admin.php?op=assignAdmin";
if (!isset($letter)) { $letter = "All"; }
if (!isset($sortby)) { $sortby = "uname"; }
if (!isset($orderby)) { $orderby = "ASC"; }
if (!isset($page)) { $page = 1; }
// display the a list of alphabets
alpha($sortby,$filepath,"&");
// initialize variables for sortlinks
$input = array();
$element[method]="uid";
$element[name] = "UID";
$input[] = $element;
$element[method]="uname";
$element[name] = "Username";
$input[] = $element;
$element[method]="status";
$element[name] = "Status";
$input[] = $element;
$element[method]="regDate";
$element[name] = "Register Date";
$input[] = $element;
$element[method]="loginIP";
$element[name] = "Login IP";
$input[] = $element;
$element[method]="loginTime";
$element[name] = "Login Time";
$input[] = $element;
SortLinks($sortby,$filepath,$letter,"&",$input);
echo "<BR><center>";
$input=NULL;
unset($input);
// caculate minimum and maximum
$min = $pagesize * ($page - 1); // This is where we start our record set from
$max = $pagesize; // This is how many rows to select
// select the users now
$select = "select uid, uname, status, regDate, loginIP, loginTime from ps_users ";
// sort by alphabet
if ( ( $letter != "Other" ) AND ( $letter != "All" ) ) {
$where = "where uname like '".$letter."%' ";
// sort by Others..like numbers
} else if ( ( $letter == "Other" ) AND ( $letter != "All" ) ) {
$where = "where uname REGEXP \"^\[1-9]\" ";
// no where clause
} else {
$where = "";
}
// sort by base on $sortby input
$sort = "order by $sortby";
// limit the selection
$limit = " $orderby LIMIT ".$min.", ".$max;
// count how many users base on where clause
$count_result = mysql_query($select.$where);
$num_rows_per_order = mysql_num_rows($count_result);
if ($count_result) {
mysql_free_result($count_result);
}
// do the query now
$result = mysql_query($select.$where.$sort.$limit) or die(mysql_error() );
//number of users per sorted and limit query
$num_rows = mysql_num_rows($result);
echo "<table width=\"100%\" border=\"0\" cellspacing=\"2\" class=sidebox>";
echo "<tr>";
echo "<td class=sideboxtop><b>Uid</b></td>";
echo "<td class=sideboxtop><b>". translate("Username") ."</b></td>";
echo "<td class=sideboxtop><b>" . translate("Status") . "</b></td>";
echo "<td class=sideboxtop><b>" . translate("Register Date") . "</b></td>";
echo "<td class=sideboxtop><b>" . translate("Login IP") . "</b></td>";
echo "<td class=sideboxtop><b>" . translate("Login Time") . "</b></td>";
echo "<td class=sideboxtop><b>".translate("Edit") . "</b></td>";
echo "</tr>";
// for alternate color
$a = 0;
$dcolor_A = "sidebox";
$dcolor_B = "sidebox2";
while (list($uid,$uname,$status,$regDate,$loginIP,$loginTime) = mysql_fetch_row($result)) {
$dcolor = ($a == 0 ? $dcolor_A : $dcolor_B);
$regDate = formatShortTimestamp($regDate);
$loginTime = formatShortTimeStamp($loginTime);
echo"<tr>";
echo "<td class=$dcolor>$uid</td>";
echo "<td class=$dcolor>$uname</td>";
echo "<td class=$dcolor>$status</td>";
echo "<td class=$dcolor>$regDate </td>";
echo "<td class=$dcolor>$loginIP </td>";
echo "<td class=$dcolor>$loginTime </td>";
echo "<td class=$dcolor><a href=\"admin.php?op=assignAdmin&action=edit&uid=$uid\">".translate("Edit")."</a></td>";
echo "</tr>";
$a = ($dcolor == $dcolor_A ? 1 : 0);
}
echo "</table>";
// initialize the variable for numberLink call
$input[num_rows_per_order] = $num_rows_per_order;
$input[pagesize] = $pagesize;
$input[num_rows] = $num_rows;
$input[page] = $page;
$input[item] = "user(s)";
$input[letter] = $letter;
$input[sortby] = $sortby;
$input[filepath] = $filepath;
$input[orderby] = $orderby;
$input[separator] = "&";
numberLink($input);
ps_footer("");
unset($uid,$action,$status,$startNum,$uname,$mesg,$rightArray,$result,$startNum,$next,$totalrow,$count);
break;
}
}
?>