diff options
author | Jesse Morgan <jesse@jesterpm.net> | 2011-06-02 16:17:25 -0700 |
---|---|---|
committer | Jesse Morgan <jesse@jesterpm.net ; true> | 2011-06-02 16:17:25 -0700 |
commit | f08eb1640388e1f067102a22ec40c30f263d92c6 (patch) | |
tree | a73f2d21cff6427b9619e7072fc90a228bd7dc78 | |
parent | 91feef607687b1262a949835cffd850cdd819846 (diff) |
Added user management
-rw-r--r-- | design/database.sql | 1 | ||||
-rw-r--r-- | htdocs/moderate/account.php | 58 | ||||
-rw-r--r-- | htdocs/moderate/admin.css | 35 | ||||
-rw-r--r-- | htdocs/moderate/src/header.inc.php | 9 | ||||
-rw-r--r-- | htdocs/moderate/users/delete.php | 43 | ||||
-rw-r--r-- | htdocs/moderate/users/editor.php | 126 | ||||
-rw-r--r-- | htdocs/moderate/users/index.php | 47 | ||||
-rw-r--r-- | htdocs/src/Post.inc.php | 3 | ||||
-rw-r--r-- | htdocs/src/Source.inc.php | 78 | ||||
-rw-r--r-- | htdocs/src/User.inc.php | 80 | ||||
-rw-r--r-- | htdocs/src/UserIterator.inc.php | 83 |
11 files changed, 558 insertions, 5 deletions
diff --git a/design/database.sql b/design/database.sql index b79316c..412245d 100644 --- a/design/database.sql +++ b/design/database.sql @@ -73,6 +73,7 @@ CREATE TABLE user ( password VARCHAR(40) NOT NULL, source_id INTEGER NOT NULL, admin TINYINT(1) NOT NULL DEFAULT 0, + notify TINYINT(1) NOT NULL, PRIMARY KEY(id), UNIQUE KEY(email) diff --git a/htdocs/moderate/account.php b/htdocs/moderate/account.php index 5fc87db..ac28b4e 100644 --- a/htdocs/moderate/account.php +++ b/htdocs/moderate/account.php @@ -10,11 +10,69 @@ require_once('../src/base.inc.php'); +$error = ''; + +// Handle form? +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $user = $_SESSION['currentUser']; + + // Change password + if (isset($_POST['oldpassword']) and trim($_POST['oldpassword']) != "" + and isset($_POST['newpassword']) and trim($_POST['newpassword']) != "" + and isset($_POST['newpassword2']) and trim($_POST['newpassword2']) != "") { + + if ($user->authenticate($_POST['oldpassword'])) { + if ($_POST['newpassword'] == $_POST['newpassword2']) { + $user->setPassword($_POST['newpassword']); + + } else { + $error .= '<p>Passwords do not match.</p>'; + } + } else { + $error .= '<p>"Old Password" does not match your current password.</p>'; + } + } + + // Set Notify + $notify = isset($_POST['notify']) and $_POST['notify'] == '1'; + $user->setNotify($notify); + + $user->save(); +} + + require_once('src/header.inc.php'); echo "<h3>Your Account</h3>"; +if ($error != '') { + echo "<div class=\"errorbox\">$error</div>"; +} +?> + +<form action="" method="post"> +<p>To change your password, enter your old and new passwords +below.</p> +<p><label>Old Password: + <input type="password" name="oldpassword" /></label></p> +<p><label>New Password: + <input type="password" name="newpassword" /></label></p> +<p><label>Confirm Password: + <input type="password" name="newpassword2" /></label></p> + +<div style="margin-top: 2em; margin-bottom: 2em;"> +<p><label><input type="checkbox" name="notify" value=\"1\" <?php +echo $_SESSION['currentUser']->getNotify() ? 'checked="checked"' : ''; +?>/> + Notify when posts are created.</label></p> +</div> + +<p><input type="submit" value="Update Account" /></p> + +</form> + +<?php require_once('src/footer.inc.php'); diff --git a/htdocs/moderate/admin.css b/htdocs/moderate/admin.css index a1e7ed0..65a5a7f 100644 --- a/htdocs/moderate/admin.css +++ b/htdocs/moderate/admin.css @@ -18,3 +18,38 @@ h1 { display: inline-block; margin-right: 1em; } + +.userrow { + padding-left: 5px; + width: 50em; + margin-bottom: 0.25em; +} + +.header { + border-bottom: solid 2px black; + margin-bottom: 1em; +} + +.header span { + font-weight: bold; +} + +.userrow span { + display: inline-block; +} + +.userrow .name { + width: 12em; +} + +.userrow .email { + width: 20em; +} + +.userrow .admin { + width: 5em; +} + +input[type=text] { + width: 20em; +} diff --git a/htdocs/moderate/src/header.inc.php b/htdocs/moderate/src/header.inc.php index fc8a06f..30910ec 100644 --- a/htdocs/moderate/src/header.inc.php +++ b/htdocs/moderate/src/header.inc.php @@ -34,17 +34,18 @@ if (!isset($_SESSION['currentUser'])) { <div id="modnav"> <ul> - <li><a href="">Moderate Posts</a></li> + <li><a href="<?= buildUrl('moderate/') ?>">Moderate Posts</a></li> <?php // Admin Navigation if ($_SESSION['currentUser']->isAdmin()) { - echo "<li><a href=\"". $CONFIG['urlroot'] ."/\">Pages</a></li>"; - echo "<li><a href=\"". $CONFIG['urlroot'] ."/\">Users</a></li>"; + echo "<li><a href=\"". buildUrl('moderate/pages/') ."\">Pages</a></li>"; + echo "<li><a href=\"". buildUrl('moderate/users/') ."\">Users</a></li>"; } ?> - <li><a href="">Account Settings</a></li> + <li><a href="<?= buildUrl('moderate/account.php') ?>"> + Account Settings</a></li> <li><a href="">Logout</a></li> </ul> </div> diff --git a/htdocs/moderate/users/delete.php b/htdocs/moderate/users/delete.php new file mode 100644 index 0000000..f721f30 --- /dev/null +++ b/htdocs/moderate/users/delete.php @@ -0,0 +1,43 @@ +<?php + +/* Foursquare Community Site + * + * Copyright (C) 2011 Foursquare Church. + * + * Developers: Jesse Morgan <jmorgan@foursquarestaff.com> + * + */ + +require_once('../../src/base.inc.php'); + +$error = ''; + +$user = false; +if (isset($_GET['id']) and is_numeric($_GET['id'])) { + $user = User::getById($_GET['id']); + + if ($user !== false and isset($_GET['confirmed'])) { + $user->delete(); + + header('Location: index.php'); + } + +} + +require_once('../src/header.inc.php'); + +echo "<h3>Delete Users</h3>"; + +if ($user !== false) { + echo "<p>Are you sure you want to delete " . $user->getName() ."?</p>" + . "<p><a href=\"delete.php?id=". $user->getId() ."&confirmed\">Yes</a>" + . " <a href=\"index.php\">No</a></p>"; + +} else { + echo "<p>No user to delete.</p>"; +} + +require_once('../src/footer.inc.php'); + +?> + diff --git a/htdocs/moderate/users/editor.php b/htdocs/moderate/users/editor.php new file mode 100644 index 0000000..21be99e --- /dev/null +++ b/htdocs/moderate/users/editor.php @@ -0,0 +1,126 @@ +<?php + +/* Foursquare Community Site + * + * Copyright (C) 2011 Foursquare Church. + * + * Developers: Jesse Morgan <jmorgan@foursquarestaff.com> + * + */ + +require_once('../../src/base.inc.php'); + +$error = ''; + +// Get the current user object. +$user = new User(); +if (isset($_GET['id']) and is_numeric($_GET['id'])) { + $user = User::getById($_GET['id']); +} + +// Save changes? +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + // Name + if (isset($_POST['name']) and trim($_POST['name']) != '') { + $user->setName($_POST['name']); + + } else { + $error .= '<p>Name is a required field.</p>'; + } + + // Email + if (isset($_POST['email']) and trim($_POST['email']) != '') { + $user->setEmail($_POST['email']); + + } else { + $error .= '<p>Email is a required field.</p>'; + } + + // Source + if (isset($_POST['source']) and trim($_POST['source']) != '') { + $user->setSource($_POST['source']); + + } else { + $error .= '<p>Source is a required field.</p>'; + } + + // Set Admin + $admin = isset($_POST['admin']) and $_POST['admin'] == '1'; + $user->setAdmin($admin); + + // Set Notify + $notify = isset($_POST['notify']) and $_POST['notify'] == '1'; + $user->setNotify($notify); + + // Save the user + if ($error == '') { + if ($user->save()) { + // Return to users list + header("Location: index.php"); + + } else { + $error .= '<p>An error has occured.</p>'; + } + } +} + +require_once('../src/header.inc.php'); + +echo "<h3>Edit User</h3>"; + +if ($error != '') { + echo "<div class=\"errorbox\">$error</div>"; +} + +$url = "editor.php"; + +if (isset($_GET['id'])) { + $url .= '?id=' . $_GET['id']; +} + +echo "<form action=\"$url\" method=\"post\">"; + +?> + +<p><label>Name: <input type="text" name="name" value="<?= $user->getName() ?>" /></label></p> +<p><label>Email: <input type="text" name="email" value="<?= $user->getEmail() ?>" /></label></p> +<p><label>Source: <?php sourceDropdown('source', $user->getSource()) ?></label></p> +<p><label> +<input type="checkbox" name="admin" value="1" <?= $user->isAdmin() ? 'checked="checked"' : '' ?> /> +Administrator</label></p> +<p><label> +<input type="checkbox" name="notify" value="1" <?= $user->getNotify() ? 'checked="checked"' : '' ?> /> +Notify of posts</label></p> + +<p> +<input type="submit" class="bigbutton" value="Save" /> +<a href="index.php" class="bigbutton">Cancel</a> +</p> + + +</form> + +<?php + +function sourceDropdown($name, $select) { + echo "<select name=\"$name\">"; + + foreach(Source::getSources() as $source) { + if ($source->getId() == $select) { + echo "<option value=\"". $source->getId() + ."\" selected=\"selected\">" + . $source->getName() ."</option>"; + + } else { + echo "<option value=\"". $source->getId() ."\">" + . $source->getName() ."</option>"; + } + } + + echo "</select>"; +} + +require_once('../src/footer.inc.php'); + +?> + diff --git a/htdocs/moderate/users/index.php b/htdocs/moderate/users/index.php new file mode 100644 index 0000000..cda6232 --- /dev/null +++ b/htdocs/moderate/users/index.php @@ -0,0 +1,47 @@ +<?php + +/* Foursquare Community Site + * + * Copyright (C) 2011 Foursquare Church. + * + * Developers: Jesse Morgan <jmorgan@foursquarestaff.com> + * + */ + +require_once('../../src/base.inc.php'); + +$error = ''; + +require_once('../src/header.inc.php'); + +echo "<h3>Users</h3>"; + +echo "<p><a class=\"bigbutton\" href=\"editor.php\">Create User</a></p>"; + +$ui = new UserIterator(); +$ui->query(); + +echo "<div class=\"userrow header\">" + . "<span class=\"name\">Name</span>" + . " <span class=\"email\">Email</span>" + . " <span class=\"admin\">Admin</span>" + . " <span class=\"actions\">Actions</span></div>"; + +foreach ($ui as $user) { + printf("<div class=\"userrow\">" + . "<span class=\"name\">%s</span>" + . " <span class=\"email\"><a href=\"mailto:%s\">%s</a></span>" + . " <span class=\"admin\">%s</span>" + . " <span class=\"actions\">" + . " <a class=\"smallbutton\" href=\"editor.php?id=%s\">edit</a>" + . " <a class=\"smallbutton\" href=\"delete.php?id=%s\">delete</a></span></div>", + $user->getName(), + $user->getEmail(), $user->getEmail(), + $user->isAdmin() ? 'Yes' : 'No', + $user->getId(), $user->getId() + ); +} + +require_once('../src/footer.inc.php'); + +?> diff --git a/htdocs/src/Post.inc.php b/htdocs/src/Post.inc.php index 4a109d2..c29b5a9 100644 --- a/htdocs/src/Post.inc.php +++ b/htdocs/src/Post.inc.php @@ -98,6 +98,7 @@ class Post { $this->info['id'] = $ret; $this->info['stage'] = 'verification'; $this->info['secretid'] = $info['secretid']; + $this->indatabase = true; } return true; @@ -116,6 +117,8 @@ class Post { // Delete Post $db->delete('post', 'id=' . $this->getId()); + + $this->indatabase = false; } public function getId() { diff --git a/htdocs/src/Source.inc.php b/htdocs/src/Source.inc.php new file mode 100644 index 0000000..e869d20 --- /dev/null +++ b/htdocs/src/Source.inc.php @@ -0,0 +1,78 @@ +<?php + +/* Foursquare Community Site + * + * Copyright (C) 2011 Foursquare Church. + * + * Developers: Jesse Morgan <jmorgan@foursquarestaff.com> + * + */ + +require_once "base.inc.php"; + +class Source { + private $info; + + + public function __construct($info=null) { + $this->info = $info; + } + + public static function getSources() { + $db = getDatabase(); + + $query = "SELECT * FROM source ORDER BY name"; + + $rows = $db->fetchAssocRows($query); + + $result = array(); + foreach ($rows as $row) { + $source = new Source($row); + $result[] = $source; + } + + return $result; + } + + public static function getById($id) { + $where = "id='$id'"; + + return Source::getSource($where); + } + + private static function getSource($where) { + $query = "SELECT * FROM source WHERE $where"; + + $db = getDatabase(); + + $row = $db->fetchAssocRow($query); + + if ($row) { + $source = new Source(); + $source->info = $row; + + return $source; + + } else { + return false; + } + } + + public function save() { + $db = getDatabase(); + + // TODO: Implement Save + } + + public function getId() { + return $this->info['id']; + } + + public function getName() { + return htmlspecialchars($this->info['name']); + } +} + +?> + + diff --git a/htdocs/src/User.inc.php b/htdocs/src/User.inc.php index 6ad5ebb..0333520 100644 --- a/htdocs/src/User.inc.php +++ b/htdocs/src/User.inc.php @@ -12,8 +12,19 @@ require_once "base.inc.php"; class User { private $info; + private $indatabase; + public function __construct($info=null) { + $this->info = is_null($info) ? array() : $info; + if ($info !== null and isset($info['id'])) { + $this->indatabase = true; + + } else { + $this->indatabase = false; + } + } + public static function getById($id) { $where = "id='$id'"; @@ -36,6 +47,7 @@ class User { if ($row) { $user = new User(); $user->info = $row; + $user->indatabase = true; return $user; @@ -47,7 +59,45 @@ class User { public function save() { $db = getDatabase(); - // TODO: Implement save + // Cleanup Info + foreach ($this->info as $key=>$value) + $info[$key] = addslashes($value); + + // Save or create? + if ($this->indatabase) { + try { + $db->update('user', $info, "WHERE `id`='" + . $this->getId() ."'"); + return true; + + } catch (Cif_Database_Exception $e) { + return false; + } + + } else { + // Creating... set special fields. + try { + $ret = $db->insert('user', $info); + + if ($ret) { + $this->info['id'] = $ret; + $this->indatabase = true; + } + + return true; + + } catch (Cif_Database_Exception $e) { + return false; + } + } + } + + public function delete() { + $db = getDatabase(); + + $db->delete('user', 'id=' . $this->getId()); + + $this->indatabase = false; } public function getId() { @@ -58,10 +108,34 @@ class User { return $this->info['name']; } + public function setName($value) { + $this->info['name'] = $value; + } + public function getEmail() { return $this->info['email']; } + public function setEmail($value) { + $this->info['email'] = $value; + } + + public function getNotify() { + return $this->info['notify']; + } + + public function setNotify($value) { + $this->info['notify'] = $value ? 1 : 0; + } + + public function getSource() { + return $this->info['source_id']; + } + + public function setSource($value) { + $this->info['source_id'] = $value; + } + public function setPassword($password) { $this->info['password'] = sha1($password); } @@ -73,6 +147,10 @@ class User { public function isAdmin() { return $this->info['admin'] == 1; } + + public function setAdmin($value) { + $this->info['admin'] = $value ? 1 : 0; + } } ?> diff --git a/htdocs/src/UserIterator.inc.php b/htdocs/src/UserIterator.inc.php new file mode 100644 index 0000000..2f8fef2 --- /dev/null +++ b/htdocs/src/UserIterator.inc.php @@ -0,0 +1,83 @@ +<?php + +/* Foursquare Community Site + * + * Copyright (C) 2011 Foursquare Church. + * + * Developers: Jesse Morgan <jmorgan@foursquarestaff.com> + * + */ + +require_once "base.inc.php"; + +class UserIterator implements Iterator { + private $where; + private $rows; + private $position; + private $order; + private $limit; + + public function __construct() { + $this->where = array(); + $this->rows = array(); + $this->position = 0; + $this->order = "name asc"; + $this->limit = 0; + } + + public function filterNotify($notify) { + $sqlnotify = $notify ? '1' : '0'; + $this->where[] = "notify='$sqlnotify'"; + } + + public function orderBy($order) { + $this->order = $order; + } + + public function limit($limit) { + $this->limit = $limit; + } + + public function rewind() { + $this->position = 0; + } + + public function current() { + return new User($this->rows[$this->position]); + } + + public function key() { + return $this->rows[$this->position]['id']; + } + + public function next() { + ++$this->position; + } + + public function valid() { + return isset($this->rows[$this->position]); + } + + public function query() { + $query = "SELECT * FROM user"; + + if (count($this->where) > 0) { + $where = join(' AND ', $this->where); + $query .= " WHERE $where"; + } + + $query .= " ORDER BY ". $this->order; + + if ($this->limit != 0) { + $query .= " LIMIT ". $this->limit; + } + + $db = getDatabase(); + + $this->rows = $db->fetchAssocRows($query); + $this->position = 0; + } +} + +?> + |