1
+ − 1
<?
+ − 2
+ − 3
// +--------------------------------------------------------------------+
+ − 4
// | PowerAdmin |
+ − 5
// +--------------------------------------------------------------------+
+ − 6
// | Copyright (c) 1997-2002 The PowerAdmin Team |
+ − 7
// +--------------------------------------------------------------------+
+ − 8
// | This source file is subject to the license carried by the overal |
+ − 9
// | program PowerAdmin as found on http://poweradmin.sf.net |
+ − 10
// | The PowerAdmin program falls under the QPL License: |
+ − 11
// | http://www.trolltech.com/developer/licensing/qpl.html |
+ − 12
// +--------------------------------------------------------------------+
+ − 13
// | Authors: Roeland Nieuwenhuis <trancer <AT> trancer <DOT> nl> |
+ − 14
// | Sjeemz <sjeemz <AT> sjeemz <DOT> nl> |
+ − 15
// +--------------------------------------------------------------------+
+ − 16
+ − 17
// Filename: users.inc.php
+ − 18
// Startdate: 26-10-2002
+ − 19
// Description: all user modifications etc. are done here
+ − 20
//
+ − 21
// $Id: users.inc.php,v 1.8 2003/01/01 22:33:47 azurazu Exp $
+ − 22
//
+ − 23
4
+ − 24
// Added next line to enable i18n on following definitions. Don't know
+ − 25
// if this is the best (or at least a proper) location for this. /RZ.
+ − 26
require_once ( "inc/i18n.inc.php" );
1
+ − 27
+ − 28
/*
+ − 29
* Retrieve all users.
+ − 30
* Its to show_users therefore the odd name. Has to be changed.
+ − 31
* return values: an array with all users in it.
+ − 32
*/
+ − 33
function show_users ( $id = '' , $rowstart = 0 , $rowamount = 9999999 )
+ − 34
{
+ − 35
global $db ;
+ − 36
if ( is_numeric ( $id ))
+ − 37
{
+ − 38
//When a user id is given, it is excluded from the userlist returned.
+ − 39
$add = " WHERE users.id!= $id " ;
+ − 40
}
+ − 41
+ − 42
// Make a huge query.
+ − 43
$sqlq = "SELECT users.id AS id,
+ − 44
users.username AS username,
+ − 45
users.fullname AS fullname,
+ − 46
users.email AS email,
+ − 47
users.description AS description,
+ − 48
users.level AS level,
+ − 49
users.active AS active,
+ − 50
count(zones.owner) AS aantal FROM users
+ − 51
LEFT JOIN zones ON users.id=zones.owner $add
+ − 52
GROUP BY
+ − 53
users.id,
+ − 54
users.username,
+ − 55
users.fullname,
+ − 56
users.email,
+ − 57
users.description,
+ − 58
users.level,
+ − 59
users.active
+ − 60
ORDER BY
+ − 61
users.fullname
+ − 62
LIMIT $rowstart , $rowamount " ;
+ − 63
+ − 64
// Execute the huge query.
+ − 65
$result = $db -> query ( $sqlq );
+ − 66
$ret = array ();
+ − 67
$retcount = 0 ;
+ − 68
while ( $r = $result -> fetchRow ())
+ − 69
{
+ − 70
$ret [] = array (
+ − 71
"id" => $r [ "id" ],
+ − 72
"username" => $r [ "username" ],
+ − 73
"fullname" => $r [ "fullname" ],
+ − 74
"email" => $r [ "email" ],
+ − 75
"description" => $r [ "description" ],
+ − 76
"level" => $r [ "level" ],
+ − 77
"active" => $r [ "active" ],
+ − 78
"numdomains" => $r [ "aantal" ]
+ − 79
);
+ − 80
}
+ − 81
return $ret ;
+ − 82
}
+ − 83
+ − 84
+ − 85
/*
+ − 86
* Check if the given $userid is connected to a valid user.
+ − 87
* return values: true if user exists, false if users doesnt exist.
+ − 88
*/
+ − 89
function is_valid_user ( $id )
+ − 90
{
+ − 91
global $db ;
+ − 92
if ( is_numeric ( $id ))
+ − 93
{
+ − 94
$result = $db -> query ( "SELECT id FROM users WHERE id= $id " );
+ − 95
if ( $result -> numRows () == 1 )
+ − 96
{
+ − 97
return true ;
+ − 98
}
+ − 99
else
+ − 100
{
+ − 101
return false ;
+ − 102
}
+ − 103
}
+ − 104
}
+ − 105
+ − 106
+ − 107
/*
+ − 108
* Gives a textdescribed value of the given levelid
+ − 109
* return values: the text associated with the level
+ − 110
*/
+ − 111
function leveldescription ( $id )
+ − 112
{
+ − 113
switch ( $id )
+ − 114
{
+ − 115
case 1 :
+ − 116
global $NAME_LEVEL_1 ;
+ − 117
return $NAME_LEVEL_1 ;
+ − 118
break ;
+ − 119
case 5 :
+ − 120
global $NAME_LEVEL_5 ;
+ − 121
return $NAME_LEVEL_5 ;
+ − 122
break ;
+ − 123
case 10 :
+ − 124
global $NAME_LEVEL_10 ;
+ − 125
return $NAME_LEVEL_10 ;
+ − 126
break ;
+ − 127
default :
+ − 128
return "Unknown" ;
+ − 129
break ;
+ − 130
}
+ − 131
}
+ − 132
+ − 133
+ − 134
/*
+ − 135
* Checks if a given username exists in the database.
+ − 136
* return values: true if exists, false if not.
+ − 137
*/
+ − 138
function user_exists ( $user )
+ − 139
{
+ − 140
global $db ;
+ − 141
$result = $db -> query ( "SELECT id FROM users WHERE username=' $user '" );
+ − 142
if ( $result -> numRows () == 0 )
+ − 143
{
+ − 144
return false ;
+ − 145
}
+ − 146
elseif ( $result -> numRows () == 1 )
+ − 147
{
+ − 148
return true ;
+ − 149
}
+ − 150
else
+ − 151
{
4
+ − 152
error ( ERR_UNKNOWN );
1
+ − 153
}
+ − 154
}
+ − 155
+ − 156
+ − 157
/*
+ − 158
* Get all user info for the given user in an array.
+ − 159
* return values: the database style array with the information about the user.
+ − 160
*/
+ − 161
function get_user_info ( $id )
+ − 162
{
+ − 163
global $db ;
+ − 164
if ( is_numeric ( $id ))
+ − 165
{
+ − 166
$result = $db -> query ( "SELECT id, username, fullname, email, description, level, active from users where id= $id " );
+ − 167
$r = $result -> fetchRow ();
+ − 168
return $r ;
+ − 169
}
+ − 170
else
+ − 171
{
+ − 172
error ( sprintf ( ERR_INV_ARGC , "get_user_info" , "you gave illegal arguments: $id " ));
+ − 173
}
+ − 174
}
+ − 175
+ − 176
+ − 177
/*
+ − 178
* Delete a user from the system
+ − 179
* return values: true if user doesnt exist.
+ − 180
*/
+ − 181
function delete_user ( $id )
+ − 182
{
+ − 183
global $db ;
+ − 184
if ( ! level ( 10 ))
+ − 185
{
+ − 186
error ( ERR_LEVEL_10 );
+ − 187
}
+ − 188
if ( is_numeric ( $id ))
+ − 189
{
+ − 190
$db -> query ( "DELETE FROM users WHERE id= $id " );
+ − 191
$db -> query ( "DELETE FROM zones WHERE owner= $id " );
+ − 192
return true ;
+ − 193
// No need to check the affected rows. If the affected rows would be 0,
+ − 194
// the user isnt in the dbase, just as we want.
+ − 195
}
+ − 196
else
+ − 197
{
+ − 198
error ( ERR_INV_ARG );
+ − 199
}
+ − 200
}
+ − 201
+ − 202
+ − 203
/*
+ − 204
* Adds a user to the system.
+ − 205
* return values: true if succesfully added.
+ − 206
*/
+ − 207
function add_user ( $user , $password , $fullname , $email , $level , $description , $active )
+ − 208
{
+ − 209
global $db ;
+ − 210
if ( ! level ( 10 ))
+ − 211
{
+ − 212
error ( ERR_LEVEL_10 );
+ − 213
}
+ − 214
if ( ! user_exists ( $user ))
+ − 215
{
+ − 216
// Might have to be changed.
+ − 217
// TODO probably.
+ − 218
$description = mysql_escape_string ( $description );
+ − 219
+ − 220
// Clean up the fullname
+ − 221
$fullname = mysql_escape_string ( $fullname );
+ − 222
is_valid_email ( $email );
+ − 223
8
+ − 224
$db -> query ( "INSERT INTO users (username, password, fullname, email, description, level, active) VALUES (' $user ', '" . md5 ( $password ) . "', ' $fullname ', ' $email ', ' $description ', ' $level ', ' $active ')" );
1
+ − 225
return true ;
+ − 226
}
+ − 227
else
+ − 228
{
+ − 229
error ( ERR_USER_EXISTS );
+ − 230
}
+ − 231
}
+ − 232
+ − 233
+ − 234
/*
+ − 235
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :)
+ − 236
* return values: true if succesful
+ − 237
*/
+ − 238
function edit_user ( $id , $user , $fullname , $email , $level , $description , $active , $password )
+ − 239
{
+ − 240
global $db ;
+ − 241
if ( ! level ( 10 )) {
+ − 242
error ( ERR_LEVEL_10 );
+ − 243
}
+ − 244
+ − 245
// Might have to be changed.
+ − 246
// TODO
+ − 247
$description = mysql_escape_string ( $description );
+ − 248
$fullname = mysql_escape_string ( $fullname );
+ − 249
is_valid_email ( $email );
+ − 250
+ − 251
$sqlquery = "UPDATE users set username=' $user ', fullname=' $fullname ', email=' $email ', level= $level , description=' $description ', active= $active " ;
+ − 252
+ − 253
if ( $password != "" )
+ − 254
{
+ − 255
$sqlquery .= ", password= '" . md5 ( $password ) . "' " ;
+ − 256
}
+ − 257
+ − 258
$sqlquery .= "where id= $id " ;
+ − 259
+ − 260
// Search the username that right now goes with this ID.
+ − 261
$result = $db -> query ( "SELECT username from users where id= $id " );
+ − 262
$r = array ();
+ − 263
$r = $result -> fetchRow ();
+ − 264
+ − 265
// If the found username with this ID is the given username with the command.. execute.
+ − 266
+ − 267
if ( $r [ "username" ] == $user )
+ − 268
{
+ − 269
$db -> query ( $sqlquery );
+ − 270
return true ;
+ − 271
}
+ − 272
+ − 273
// Its not.. so the user wants to change.
+ − 274
// Find if there is an id that has the wished username.
+ − 275
$otheruser = $db -> query ( "SELECT id from users where username=' $user '" );
+ − 276
if ( $otheruser -> numRows () > 0 )
+ − 277
{
+ − 278
error ( ERR_USER_EXIST );
+ − 279
}
+ − 280
+ − 281
// Its fine it seems.. :)
+ − 282
// Lets execute it.
+ − 283
else
+ − 284
{
+ − 285
$db -> query ( $sqlquery );
+ − 286
return true ;
+ − 287
}
+ − 288
}
+ − 289
+ − 290
/*
+ − 291
* Change the pass of the user.
+ − 292
* The user is automatically logged out after the pass change.
+ − 293
* return values: none.
+ − 294
*/
+ − 295
function change_user_pass ( $currentpass , $newpass , $newpass2 )
+ − 296
{
+ − 297
global $db ;
+ − 298
+ − 299
// Check if the passwords are equal.
+ − 300
if ( $newpass != $newpass2 )
+ − 301
{
+ − 302
error ( ERR_USER_MATCH_NEW_PASS );
+ − 303
}
+ − 304
+ − 305
// Retrieve the users password.
+ − 306
$result = $db -> query ( "SELECT password, id FROM users WHERE username='" . $_SESSION [ "userlogin" ] . "'" );
+ − 307
$rinfo = $result -> fetchRow ();
+ − 308
+ − 309
// Check the current password versus the database password and execute the update.
+ − 310
if ( md5 ( $currentpass ) == $rinfo [ "password" ])
+ − 311
{
+ − 312
$sqlquery = "update users set password='" . md5 ( $newpass ) . "' where id='" . $rinfo [ "id" ] . "'" ;
+ − 313
$db -> query ( $sqlquery );
+ − 314
+ − 315
// Logout the user.
+ − 316
logout ( "Pass changed please re-login" );
+ − 317
}
+ − 318
else
+ − 319
{
+ − 320
error ( ERR_USER_WRONG_CURRENT_PASS );
+ − 321
}
+ − 322
}
+ − 323
+ − 324
+ − 325
/*
+ − 326
* Get a fullname when you have a userid.
+ − 327
* return values: gives the fullname from a userid.
+ − 328
*/
+ − 329
function get_fullname_from_userid ( $id )
+ − 330
{
+ − 331
global $db ;
+ − 332
if ( is_numeric ( $id ))
+ − 333
{
+ − 334
$result = $db -> query ( "SELECT fullname FROM users WHERE id= $id " );
+ − 335
$r = $result -> fetchRow ();
+ − 336
return $r [ "fullname" ];
+ − 337
}
+ − 338
else
+ − 339
{
+ − 340
error ( ERR_INV_ARG );
+ − 341
}
+ − 342
}
+ − 343
+ − 344
+ − 345
/*
+ − 346
* Get a fullname when you have a userid.
+ − 347
* return values: gives the fullname from a userid.
+ − 348
*/
+ − 349
function get_owner_from_id ( $id )
+ − 350
{
+ − 351
global $db ;
+ − 352
if ( is_numeric ( $id ))
+ − 353
{
+ − 354
$result = $db -> query ( "SELECT fullname FROM users WHERE id= $id " );
+ − 355
if ( $result -> numRows () == 1 )
+ − 356
{
+ − 357
$r = $result -> fetchRow ();
+ − 358
return $r [ "fullname" ];
+ − 359
}
+ − 360
else
+ − 361
{
+ − 362
error ( ERR_USER_NOT_EXIST );
+ − 363
}
+ − 364
}
+ − 365
error ( ERR_INV_ARG );
+ − 366
}
26
+ − 367
+ − 368
/**
+ − 369
* get_owners_from_domainid
+ − 370
*
+ − 371
* @todo also fetch the subowners
+ − 372
* @param $id integer the id of the domain
+ − 373
* @return String the list of owners for this domain
+ − 374
*/
+ − 375
function get_owners_from_domainid ( $id ) {
+ − 376
+ − 377
global $db ;
+ − 378
if ( is_numeric ( $id ))
+ − 379
{
+ − 380
$result = $db -> query ( "SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id= $id AND zones.owner=users.id ORDER by fullname" );
+ − 381
if ( $result -> numRows () == 0 )
+ − 382
{
+ − 383
error ( ERR_USER_NOT_EXIST );
+ − 384
} else {
+ − 385
$names = array ();
+ − 386
while ( $r = $result -> fetchRow ()) {
+ − 387
$names [] = $r [ 'fullname' ];
+ − 388
}
+ − 389
return implode ( ', ' , $names );
+ − 390
}
+ − 391
}
+ − 392
error ( ERR_INV_ARG );
+ − 393
}
+ − 394
1
+ − 395
?>