1
+ − 1
<?
+ − 2
47
+ − 3
/* PowerAdmin, a friendly web-based admin tool for PowerDNS.
+ − 4
* See <https://rejo.zenger.nl/poweradmin> for more details.
+ − 5
*
+ − 6
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl>
+ − 7
*
+ − 8
* This program is free software: you can redistribute it and/or modify
+ − 9
* it under the terms of the GNU General Public License as published by
+ − 10
* the Free Software Foundation, either version 3 of the License, or
+ − 11
* (at your option) any later version.
+ − 12
*
+ − 13
* This program is distributed in the hope that it will be useful,
+ − 14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
+ − 15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ − 16
* GNU General Public License for more details.
+ − 17
*
+ − 18
* You should have received a copy of the GNU General Public License
+ − 19
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ − 20
*/
1
+ − 21
58
+ − 22
require_once ( "inc/toolkit.inc.php" );
1
+ − 23
+ − 24
/*
+ − 25
* Retrieve all users.
+ − 26
* Its to show_users therefore the odd name. Has to be changed.
+ − 27
* return values: an array with all users in it.
+ − 28
*/
+ − 29
function show_users ( $id = '' , $rowstart = 0 , $rowamount = 9999999 )
+ − 30
{
+ − 31
global $db ;
65
+ − 32
$add = '' ;
1
+ − 33
if ( is_numeric ( $id ))
+ − 34
{
+ − 35
//When a user id is given, it is excluded from the userlist returned.
65
+ − 36
$add = " WHERE users.id!=" . $db -> quote ( $id );
1
+ − 37
}
+ − 38
+ − 39
// Make a huge query.
+ − 40
$sqlq = "SELECT users.id AS id,
+ − 41
users.username AS username,
+ − 42
users.fullname AS fullname,
+ − 43
users.email AS email,
+ − 44
users.description AS description,
+ − 45
users.level AS level,
+ − 46
users.active AS active,
+ − 47
count(zones.owner) AS aantal FROM users
+ − 48
LEFT JOIN zones ON users.id=zones.owner $add
+ − 49
GROUP BY
+ − 50
users.id,
+ − 51
users.username,
+ − 52
users.fullname,
+ − 53
users.email,
+ − 54
users.description,
+ − 55
users.level,
+ − 56
users.active
+ − 57
ORDER BY
65
+ − 58
users.fullname" ;
1
+ − 59
+ − 60
// Execute the huge query.
65
+ − 61
$db -> setLimit ( $rowstart , $rowamount );
1
+ − 62
$result = $db -> query ( $sqlq );
+ − 63
$ret = array ();
+ − 64
$retcount = 0 ;
+ − 65
while ( $r = $result -> fetchRow ())
+ − 66
{
+ − 67
$ret [] = array (
+ − 68
"id" => $r [ "id" ],
+ − 69
"username" => $r [ "username" ],
+ − 70
"fullname" => $r [ "fullname" ],
+ − 71
"email" => $r [ "email" ],
+ − 72
"description" => $r [ "description" ],
+ − 73
"level" => $r [ "level" ],
+ − 74
"active" => $r [ "active" ],
+ − 75
"numdomains" => $r [ "aantal" ]
+ − 76
);
+ − 77
}
+ − 78
return $ret ;
+ − 79
}
+ − 80
+ − 81
+ − 82
/*
+ − 83
* Check if the given $userid is connected to a valid user.
+ − 84
* return values: true if user exists, false if users doesnt exist.
+ − 85
*/
+ − 86
function is_valid_user ( $id )
+ − 87
{
+ − 88
global $db ;
+ − 89
if ( is_numeric ( $id ))
+ − 90
{
65
+ − 91
$result = $db -> query ( "SELECT id FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 92
if ( $result -> numRows () == 1 )
+ − 93
{
+ − 94
return true ;
+ − 95
}
+ − 96
else
+ − 97
{
+ − 98
return false ;
+ − 99
}
+ − 100
}
+ − 101
}
+ − 102
+ − 103
+ − 104
/*
+ − 105
* Gives a textdescribed value of the given levelid
+ − 106
* return values: the text associated with the level
+ − 107
*/
+ − 108
function leveldescription ( $id )
+ − 109
{
+ − 110
switch ( $id )
+ − 111
{
+ − 112
case 1 :
+ − 113
global $NAME_LEVEL_1 ;
+ − 114
return $NAME_LEVEL_1 ;
+ − 115
break ;
+ − 116
case 5 :
+ − 117
global $NAME_LEVEL_5 ;
+ − 118
return $NAME_LEVEL_5 ;
+ − 119
break ;
+ − 120
case 10 :
+ − 121
global $NAME_LEVEL_10 ;
+ − 122
return $NAME_LEVEL_10 ;
+ − 123
break ;
+ − 124
default :
+ − 125
return "Unknown" ;
+ − 126
break ;
+ − 127
}
+ − 128
}
+ − 129
+ − 130
+ − 131
/*
+ − 132
* Checks if a given username exists in the database.
+ − 133
* return values: true if exists, false if not.
+ − 134
*/
+ − 135
function user_exists ( $user )
+ − 136
{
+ − 137
global $db ;
65
+ − 138
$result = $db -> query ( "SELECT id FROM users WHERE username=" . $db -> quote ( $user ));
1
+ − 139
if ( $result -> numRows () == 0 )
+ − 140
{
+ − 141
return false ;
+ − 142
}
+ − 143
elseif ( $result -> numRows () == 1 )
+ − 144
{
+ − 145
return true ;
+ − 146
}
+ − 147
else
+ − 148
{
4
+ − 149
error ( ERR_UNKNOWN );
1
+ − 150
}
+ − 151
}
+ − 152
+ − 153
+ − 154
/*
+ − 155
* Get all user info for the given user in an array.
+ − 156
* return values: the database style array with the information about the user.
+ − 157
*/
+ − 158
function get_user_info ( $id )
+ − 159
{
+ − 160
global $db ;
+ − 161
if ( is_numeric ( $id ))
+ − 162
{
65
+ − 163
$result = $db -> query ( "SELECT id, username, fullname, email, description, level, active from users where id=" . $db -> quote ( $id ));
1
+ − 164
$r = $result -> fetchRow ();
+ − 165
return $r ;
+ − 166
}
+ − 167
else
+ − 168
{
+ − 169
error ( sprintf ( ERR_INV_ARGC , "get_user_info" , "you gave illegal arguments: $id " ));
+ − 170
}
+ − 171
}
+ − 172
+ − 173
+ − 174
/*
+ − 175
* Delete a user from the system
+ − 176
* return values: true if user doesnt exist.
+ − 177
*/
+ − 178
function delete_user ( $id )
+ − 179
{
+ − 180
global $db ;
+ − 181
if ( ! level ( 10 ))
+ − 182
{
+ − 183
error ( ERR_LEVEL_10 );
+ − 184
}
+ − 185
if ( is_numeric ( $id ))
+ − 186
{
65
+ − 187
$db -> query ( "DELETE FROM users WHERE id=" . $db -> quote ( $id ));
+ − 188
$db -> query ( "DELETE FROM zones WHERE owner=" . $db -> quote ( $id ));
1
+ − 189
return true ;
+ − 190
// No need to check the affected rows. If the affected rows would be 0,
+ − 191
// the user isnt in the dbase, just as we want.
+ − 192
}
+ − 193
else
+ − 194
{
+ − 195
error ( ERR_INV_ARG );
+ − 196
}
+ − 197
}
+ − 198
+ − 199
+ − 200
/*
+ − 201
* Adds a user to the system.
+ − 202
* return values: true if succesfully added.
+ − 203
*/
+ − 204
function add_user ( $user , $password , $fullname , $email , $level , $description , $active )
+ − 205
{
+ − 206
global $db ;
+ − 207
if ( ! level ( 10 ))
+ − 208
{
+ − 209
error ( ERR_LEVEL_10 );
+ − 210
}
+ − 211
if ( ! user_exists ( $user ))
+ − 212
{
65
+ − 213
if ( ! is_valid_email ( $email ))
+ − 214
{
+ − 215
error ( ERR_INV_EMAIL );
+ − 216
}
1
+ − 217
65
+ − 218
$db -> query ( "INSERT INTO users (username, password, fullname, email, description, level, active) VALUES (" . $db -> quote ( $user ) . ", '" . md5 ( $password ) . "', " . $db -> quote ( $fullname ) . ", " . $db -> quote ( $email ) . ", " . $db -> quote ( $description ) . ", " . $db -> quote ( $level ) . ", " . $db -> quote ( $active ) . ")" );
1
+ − 219
return true ;
+ − 220
}
+ − 221
else
+ − 222
{
+ − 223
error ( ERR_USER_EXISTS );
+ − 224
}
+ − 225
}
+ − 226
+ − 227
+ − 228
/*
+ − 229
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :)
+ − 230
* return values: true if succesful
+ − 231
*/
+ − 232
function edit_user ( $id , $user , $fullname , $email , $level , $description , $active , $password )
+ − 233
{
+ − 234
global $db ;
+ − 235
if ( ! level ( 10 )) {
+ − 236
error ( ERR_LEVEL_10 );
+ − 237
}
+ − 238
65
+ − 239
if ( ! is_valid_email ( $email ))
+ − 240
{
+ − 241
error ( ERR_INV_EMAIL );
+ − 242
}
1
+ − 243
65
+ − 244
$sqlquery = "UPDATE users set username=" . $db -> quote ( $user ) . ", fullname=" . $db -> quote ( $fullname ) . ", email=" . $db -> quote ( $email ) . ", level=" . $db -> quote ( $level ) . ", description=" . $db -> quote ( $description ) . ", active=" . $db -> quote ( $active );
1
+ − 245
+ − 246
if ( $password != "" )
+ − 247
{
+ − 248
$sqlquery .= ", password= '" . md5 ( $password ) . "' " ;
+ − 249
}
+ − 250
65
+ − 251
$sqlquery .= " WHERE id=" . $db -> quote ( $id ) ;
1
+ − 252
+ − 253
// Search the username that right now goes with this ID.
65
+ − 254
$result = $db -> query ( "SELECT username from users where id=" . $db -> quote ( $id ));
1
+ − 255
$r = array ();
+ − 256
$r = $result -> fetchRow ();
+ − 257
+ − 258
// If the found username with this ID is the given username with the command.. execute.
+ − 259
+ − 260
if ( $r [ "username" ] == $user )
+ − 261
{
+ − 262
$db -> query ( $sqlquery );
+ − 263
return true ;
+ − 264
}
+ − 265
+ − 266
// Its not.. so the user wants to change.
+ − 267
// Find if there is an id that has the wished username.
65
+ − 268
$otheruser = $db -> query ( "SELECT id from users where username=" . $db -> query ( $user ));
1
+ − 269
if ( $otheruser -> numRows () > 0 )
+ − 270
{
+ − 271
error ( ERR_USER_EXIST );
+ − 272
}
+ − 273
+ − 274
// Its fine it seems.. :)
+ − 275
// Lets execute it.
+ − 276
else
+ − 277
{
+ − 278
$db -> query ( $sqlquery );
+ − 279
return true ;
+ − 280
}
+ − 281
}
+ − 282
+ − 283
/*
+ − 284
* Change the pass of the user.
+ − 285
* The user is automatically logged out after the pass change.
+ − 286
* return values: none.
+ − 287
*/
+ − 288
function change_user_pass ( $currentpass , $newpass , $newpass2 )
+ − 289
{
+ − 290
global $db ;
+ − 291
+ − 292
// Check if the passwords are equal.
+ − 293
if ( $newpass != $newpass2 )
+ − 294
{
+ − 295
error ( ERR_USER_MATCH_NEW_PASS );
+ − 296
}
+ − 297
+ − 298
// Retrieve the users password.
65
+ − 299
$result = $db -> query ( "SELECT password, id FROM users WHERE username=" . $db -> quote ( $_SESSION [ "userlogin" ]));
1
+ − 300
$rinfo = $result -> fetchRow ();
+ − 301
+ − 302
// Check the current password versus the database password and execute the update.
+ − 303
if ( md5 ( $currentpass ) == $rinfo [ "password" ])
+ − 304
{
+ − 305
$sqlquery = "update users set password='" . md5 ( $newpass ) . "' where id='" . $rinfo [ "id" ] . "'" ;
+ − 306
$db -> query ( $sqlquery );
+ − 307
+ − 308
// Logout the user.
+ − 309
logout ( "Pass changed please re-login" );
+ − 310
}
+ − 311
else
+ − 312
{
+ − 313
error ( ERR_USER_WRONG_CURRENT_PASS );
+ − 314
}
+ − 315
}
+ − 316
+ − 317
+ − 318
/*
+ − 319
* Get a fullname when you have a userid.
+ − 320
* return values: gives the fullname from a userid.
+ − 321
*/
+ − 322
function get_fullname_from_userid ( $id )
+ − 323
{
+ − 324
global $db ;
+ − 325
if ( is_numeric ( $id ))
+ − 326
{
65
+ − 327
$result = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 328
$r = $result -> fetchRow ();
+ − 329
return $r [ "fullname" ];
+ − 330
}
+ − 331
else
+ − 332
{
+ − 333
error ( ERR_INV_ARG );
+ − 334
}
+ − 335
}
+ − 336
+ − 337
+ − 338
/*
+ − 339
* Get a fullname when you have a userid.
+ − 340
* return values: gives the fullname from a userid.
+ − 341
*/
+ − 342
function get_owner_from_id ( $id )
+ − 343
{
+ − 344
global $db ;
+ − 345
if ( is_numeric ( $id ))
+ − 346
{
65
+ − 347
$result = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 348
if ( $result -> numRows () == 1 )
+ − 349
{
+ − 350
$r = $result -> fetchRow ();
+ − 351
return $r [ "fullname" ];
+ − 352
}
+ − 353
else
+ − 354
{
+ − 355
error ( ERR_USER_NOT_EXIST );
+ − 356
}
+ − 357
}
+ − 358
error ( ERR_INV_ARG );
+ − 359
}
26
+ − 360
+ − 361
/**
+ − 362
* get_owners_from_domainid
+ − 363
*
+ − 364
* @todo also fetch the subowners
+ − 365
* @param $id integer the id of the domain
+ − 366
* @return String the list of owners for this domain
+ − 367
*/
+ − 368
function get_owners_from_domainid ( $id ) {
+ − 369
+ − 370
global $db ;
+ − 371
if ( is_numeric ( $id ))
+ − 372
{
65
+ − 373
$result = $db -> query ( "SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=" . $db -> quote ( $id ) . " AND zones.owner=users.id ORDER by fullname" );
26
+ − 374
if ( $result -> numRows () == 0 )
+ − 375
{
36
+ − 376
return "" ;
+ − 377
}
+ − 378
else
+ − 379
{
26
+ − 380
$names = array ();
36
+ − 381
while ( $r = $result -> fetchRow ())
+ − 382
{
26
+ − 383
$names [] = $r [ 'fullname' ];
+ − 384
}
+ − 385
return implode ( ', ' , $names );
+ − 386
}
+ − 387
}
+ − 388
error ( ERR_INV_ARG );
+ − 389
}
+ − 390
1
+ − 391
?>