From f08eb1640388e1f067102a22ec40c30f263d92c6 Mon Sep 17 00:00:00 2001 From: Jesse Morgan Date: Thu, 2 Jun 2011 16:17:25 -0700 Subject: Added user management --- htdocs/moderate/account.php | 58 +++++++++++++++++ htdocs/moderate/admin.css | 35 +++++++++++ htdocs/moderate/src/header.inc.php | 9 +-- htdocs/moderate/users/delete.php | 43 +++++++++++++ htdocs/moderate/users/editor.php | 126 +++++++++++++++++++++++++++++++++++++ htdocs/moderate/users/index.php | 47 ++++++++++++++ htdocs/src/Post.inc.php | 3 + htdocs/src/Source.inc.php | 78 +++++++++++++++++++++++ htdocs/src/User.inc.php | 80 ++++++++++++++++++++++- htdocs/src/UserIterator.inc.php | 83 ++++++++++++++++++++++++ 10 files changed, 557 insertions(+), 5 deletions(-) create mode 100644 htdocs/moderate/users/delete.php create mode 100644 htdocs/moderate/users/editor.php create mode 100644 htdocs/moderate/users/index.php create mode 100644 htdocs/src/Source.inc.php create mode 100644 htdocs/src/UserIterator.inc.php (limited to 'htdocs') diff --git a/htdocs/moderate/account.php b/htdocs/moderate/account.php index 5fc87db..ac28b4e 100644 --- a/htdocs/moderate/account.php +++ b/htdocs/moderate/account.php @@ -10,11 +10,69 @@ require_once('../src/base.inc.php'); +$error = ''; + +// Handle form? +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $user = $_SESSION['currentUser']; + + // Change password + if (isset($_POST['oldpassword']) and trim($_POST['oldpassword']) != "" + and isset($_POST['newpassword']) and trim($_POST['newpassword']) != "" + and isset($_POST['newpassword2']) and trim($_POST['newpassword2']) != "") { + + if ($user->authenticate($_POST['oldpassword'])) { + if ($_POST['newpassword'] == $_POST['newpassword2']) { + $user->setPassword($_POST['newpassword']); + + } else { + $error .= '

Passwords do not match.

'; + } + } else { + $error .= '

"Old Password" does not match your current password.

'; + } + } + + // Set Notify + $notify = isset($_POST['notify']) and $_POST['notify'] == '1'; + $user->setNotify($notify); + + $user->save(); +} + + require_once('src/header.inc.php'); echo "

Your Account

"; +if ($error != '') { + echo "
$error
"; +} +?> + +
+

To change your password, enter your old and new passwords +below.

+

+

+

+ +
+

+
+ +

+ +
+ + diff --git a/htdocs/moderate/users/delete.php b/htdocs/moderate/users/delete.php new file mode 100644 index 0000000..f721f30 --- /dev/null +++ b/htdocs/moderate/users/delete.php @@ -0,0 +1,43 @@ + + * + */ + +require_once('../../src/base.inc.php'); + +$error = ''; + +$user = false; +if (isset($_GET['id']) and is_numeric($_GET['id'])) { + $user = User::getById($_GET['id']); + + if ($user !== false and isset($_GET['confirmed'])) { + $user->delete(); + + header('Location: index.php'); + } + +} + +require_once('../src/header.inc.php'); + +echo "

Delete Users

"; + +if ($user !== false) { + echo "

Are you sure you want to delete " . $user->getName() ."?

" + . "

getId() ."&confirmed\">Yes" + . " No

"; + +} else { + echo "

No user to delete.

"; +} + +require_once('../src/footer.inc.php'); + +?> + diff --git a/htdocs/moderate/users/editor.php b/htdocs/moderate/users/editor.php new file mode 100644 index 0000000..21be99e --- /dev/null +++ b/htdocs/moderate/users/editor.php @@ -0,0 +1,126 @@ + + * + */ + +require_once('../../src/base.inc.php'); + +$error = ''; + +// Get the current user object. +$user = new User(); +if (isset($_GET['id']) and is_numeric($_GET['id'])) { + $user = User::getById($_GET['id']); +} + +// Save changes? +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + // Name + if (isset($_POST['name']) and trim($_POST['name']) != '') { + $user->setName($_POST['name']); + + } else { + $error .= '

Name is a required field.

'; + } + + // Email + if (isset($_POST['email']) and trim($_POST['email']) != '') { + $user->setEmail($_POST['email']); + + } else { + $error .= '

Email is a required field.

'; + } + + // Source + if (isset($_POST['source']) and trim($_POST['source']) != '') { + $user->setSource($_POST['source']); + + } else { + $error .= '

Source is a required field.

'; + } + + // Set Admin + $admin = isset($_POST['admin']) and $_POST['admin'] == '1'; + $user->setAdmin($admin); + + // Set Notify + $notify = isset($_POST['notify']) and $_POST['notify'] == '1'; + $user->setNotify($notify); + + // Save the user + if ($error == '') { + if ($user->save()) { + // Return to users list + header("Location: index.php"); + + } else { + $error .= '

An error has occured.

'; + } + } +} + +require_once('../src/header.inc.php'); + +echo "

Edit User

"; + +if ($error != '') { + echo "
$error
"; +} + +$url = "editor.php"; + +if (isset($_GET['id'])) { + $url .= '?id=' . $_GET['id']; +} + +echo "
"; + +?> + +

+

+

+

+

+ +

+ +Cancel +

+ + +
+ +"; + + foreach(Source::getSources() as $source) { + if ($source->getId() == $select) { + echo ""; + + } else { + echo ""; + } + } + + echo ""; +} + +require_once('../src/footer.inc.php'); + +?> + diff --git a/htdocs/moderate/users/index.php b/htdocs/moderate/users/index.php new file mode 100644 index 0000000..cda6232 --- /dev/null +++ b/htdocs/moderate/users/index.php @@ -0,0 +1,47 @@ + + * + */ + +require_once('../../src/base.inc.php'); + +$error = ''; + +require_once('../src/header.inc.php'); + +echo "

Users

"; + +echo "

Create User

"; + +$ui = new UserIterator(); +$ui->query(); + +echo "
" + . "Name" + . " Email" + . " Admin" + . " Actions
"; + +foreach ($ui as $user) { + printf("
" + . "%s" + . " %s" + . " %s" + . " " + . " edit" + . " delete
", + $user->getName(), + $user->getEmail(), $user->getEmail(), + $user->isAdmin() ? 'Yes' : 'No', + $user->getId(), $user->getId() + ); +} + +require_once('../src/footer.inc.php'); + +?> diff --git a/htdocs/src/Post.inc.php b/htdocs/src/Post.inc.php index 4a109d2..c29b5a9 100644 --- a/htdocs/src/Post.inc.php +++ b/htdocs/src/Post.inc.php @@ -98,6 +98,7 @@ class Post { $this->info['id'] = $ret; $this->info['stage'] = 'verification'; $this->info['secretid'] = $info['secretid']; + $this->indatabase = true; } return true; @@ -116,6 +117,8 @@ class Post { // Delete Post $db->delete('post', 'id=' . $this->getId()); + + $this->indatabase = false; } public function getId() { diff --git a/htdocs/src/Source.inc.php b/htdocs/src/Source.inc.php new file mode 100644 index 0000000..e869d20 --- /dev/null +++ b/htdocs/src/Source.inc.php @@ -0,0 +1,78 @@ + + * + */ + +require_once "base.inc.php"; + +class Source { + private $info; + + + public function __construct($info=null) { + $this->info = $info; + } + + public static function getSources() { + $db = getDatabase(); + + $query = "SELECT * FROM source ORDER BY name"; + + $rows = $db->fetchAssocRows($query); + + $result = array(); + foreach ($rows as $row) { + $source = new Source($row); + $result[] = $source; + } + + return $result; + } + + public static function getById($id) { + $where = "id='$id'"; + + return Source::getSource($where); + } + + private static function getSource($where) { + $query = "SELECT * FROM source WHERE $where"; + + $db = getDatabase(); + + $row = $db->fetchAssocRow($query); + + if ($row) { + $source = new Source(); + $source->info = $row; + + return $source; + + } else { + return false; + } + } + + public function save() { + $db = getDatabase(); + + // TODO: Implement Save + } + + public function getId() { + return $this->info['id']; + } + + public function getName() { + return htmlspecialchars($this->info['name']); + } +} + +?> + + diff --git a/htdocs/src/User.inc.php b/htdocs/src/User.inc.php index 6ad5ebb..0333520 100644 --- a/htdocs/src/User.inc.php +++ b/htdocs/src/User.inc.php @@ -12,8 +12,19 @@ require_once "base.inc.php"; class User { private $info; + private $indatabase; + public function __construct($info=null) { + $this->info = is_null($info) ? array() : $info; + if ($info !== null and isset($info['id'])) { + $this->indatabase = true; + + } else { + $this->indatabase = false; + } + } + public static function getById($id) { $where = "id='$id'"; @@ -36,6 +47,7 @@ class User { if ($row) { $user = new User(); $user->info = $row; + $user->indatabase = true; return $user; @@ -47,7 +59,45 @@ class User { public function save() { $db = getDatabase(); - // TODO: Implement save + // Cleanup Info + foreach ($this->info as $key=>$value) + $info[$key] = addslashes($value); + + // Save or create? + if ($this->indatabase) { + try { + $db->update('user', $info, "WHERE `id`='" + . $this->getId() ."'"); + return true; + + } catch (Cif_Database_Exception $e) { + return false; + } + + } else { + // Creating... set special fields. + try { + $ret = $db->insert('user', $info); + + if ($ret) { + $this->info['id'] = $ret; + $this->indatabase = true; + } + + return true; + + } catch (Cif_Database_Exception $e) { + return false; + } + } + } + + public function delete() { + $db = getDatabase(); + + $db->delete('user', 'id=' . $this->getId()); + + $this->indatabase = false; } public function getId() { @@ -58,10 +108,34 @@ class User { return $this->info['name']; } + public function setName($value) { + $this->info['name'] = $value; + } + public function getEmail() { return $this->info['email']; } + public function setEmail($value) { + $this->info['email'] = $value; + } + + public function getNotify() { + return $this->info['notify']; + } + + public function setNotify($value) { + $this->info['notify'] = $value ? 1 : 0; + } + + public function getSource() { + return $this->info['source_id']; + } + + public function setSource($value) { + $this->info['source_id'] = $value; + } + public function setPassword($password) { $this->info['password'] = sha1($password); } @@ -73,6 +147,10 @@ class User { public function isAdmin() { return $this->info['admin'] == 1; } + + public function setAdmin($value) { + $this->info['admin'] = $value ? 1 : 0; + } } ?> diff --git a/htdocs/src/UserIterator.inc.php b/htdocs/src/UserIterator.inc.php new file mode 100644 index 0000000..2f8fef2 --- /dev/null +++ b/htdocs/src/UserIterator.inc.php @@ -0,0 +1,83 @@ + + * + */ + +require_once "base.inc.php"; + +class UserIterator implements Iterator { + private $where; + private $rows; + private $position; + private $order; + private $limit; + + public function __construct() { + $this->where = array(); + $this->rows = array(); + $this->position = 0; + $this->order = "name asc"; + $this->limit = 0; + } + + public function filterNotify($notify) { + $sqlnotify = $notify ? '1' : '0'; + $this->where[] = "notify='$sqlnotify'"; + } + + public function orderBy($order) { + $this->order = $order; + } + + public function limit($limit) { + $this->limit = $limit; + } + + public function rewind() { + $this->position = 0; + } + + public function current() { + return new User($this->rows[$this->position]); + } + + public function key() { + return $this->rows[$this->position]['id']; + } + + public function next() { + ++$this->position; + } + + public function valid() { + return isset($this->rows[$this->position]); + } + + public function query() { + $query = "SELECT * FROM user"; + + if (count($this->where) > 0) { + $where = join(' AND ', $this->where); + $query .= " WHERE $where"; + } + + $query .= " ORDER BY ". $this->order; + + if ($this->limit != 0) { + $query .= " LIMIT ". $this->limit; + } + + $db = getDatabase(); + + $this->rows = $db->fetchAssocRows($query); + $this->position = 0; + } +} + +?> + -- cgit v1.2.3