1
|
1 |
<? |
|
2 |
|
47
|
3 |
/* PowerAdmin, a friendly web-based admin tool for PowerDNS. |
|
4 |
* See <https://rejo.zenger.nl/poweradmin> for more details. |
|
5 |
* |
|
6 |
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl> |
|
7 |
* |
|
8 |
* This program is free software: you can redistribute it and/or modify |
|
9 |
* it under the terms of the GNU General Public License as published by |
|
10 |
* the Free Software Foundation, either version 3 of the License, or |
|
11 |
* (at your option) any later version. |
|
12 |
* |
|
13 |
* This program is distributed in the hope that it will be useful, |
|
14 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
* GNU General Public License for more details. |
|
17 |
* |
|
18 |
* You should have received a copy of the GNU General Public License |
|
19 |
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
20 |
*/ |
1
|
21 |
|
4
|
22 |
// Added next line to enable i18n on following definitions. Don't know |
|
23 |
// if this is the best (or at least a proper) location for this. /RZ. |
|
24 |
require_once("inc/i18n.inc.php"); |
1
|
25 |
|
|
26 |
/* |
|
27 |
* Retrieve all users. |
|
28 |
* Its to show_users therefore the odd name. Has to be changed. |
|
29 |
* return values: an array with all users in it. |
|
30 |
*/ |
|
31 |
function show_users($id='',$rowstart=0,$rowamount=9999999) |
|
32 |
{ |
|
33 |
global $db; |
|
34 |
if(is_numeric($id)) |
|
35 |
{ |
|
36 |
//When a user id is given, it is excluded from the userlist returned. |
|
37 |
$add = " WHERE users.id!=$id"; |
|
38 |
} |
|
39 |
|
|
40 |
// Make a huge query. |
|
41 |
$sqlq = "SELECT users.id AS id, |
|
42 |
users.username AS username, |
|
43 |
users.fullname AS fullname, |
|
44 |
users.email AS email, |
|
45 |
users.description AS description, |
|
46 |
users.level AS level, |
|
47 |
users.active AS active, |
|
48 |
count(zones.owner) AS aantal FROM users |
|
49 |
LEFT JOIN zones ON users.id=zones.owner$add |
|
50 |
GROUP BY |
|
51 |
users.id, |
|
52 |
users.username, |
|
53 |
users.fullname, |
|
54 |
users.email, |
|
55 |
users.description, |
|
56 |
users.level, |
|
57 |
users.active |
|
58 |
ORDER BY |
|
59 |
users.fullname |
|
60 |
LIMIT $rowstart,$rowamount"; |
|
61 |
|
|
62 |
// Execute the huge query. |
|
63 |
$result = $db->query($sqlq); |
|
64 |
$ret = array(); |
|
65 |
$retcount = 0; |
|
66 |
while ($r = $result->fetchRow()) |
|
67 |
{ |
|
68 |
$ret[] = array( |
|
69 |
"id" => $r["id"], |
|
70 |
"username" => $r["username"], |
|
71 |
"fullname" => $r["fullname"], |
|
72 |
"email" => $r["email"], |
|
73 |
"description" => $r["description"], |
|
74 |
"level" => $r["level"], |
|
75 |
"active" => $r["active"], |
|
76 |
"numdomains" => $r["aantal"] |
|
77 |
); |
|
78 |
} |
|
79 |
return $ret; |
|
80 |
} |
|
81 |
|
|
82 |
|
|
83 |
/* |
|
84 |
* Check if the given $userid is connected to a valid user. |
|
85 |
* return values: true if user exists, false if users doesnt exist. |
|
86 |
*/ |
|
87 |
function is_valid_user($id) |
|
88 |
{ |
|
89 |
global $db; |
|
90 |
if(is_numeric($id)) |
|
91 |
{ |
|
92 |
$result = $db->query("SELECT id FROM users WHERE id=$id"); |
|
93 |
if ($result->numRows() == 1) |
|
94 |
{ |
|
95 |
return true; |
|
96 |
} |
|
97 |
else |
|
98 |
{ |
|
99 |
return false; |
|
100 |
} |
|
101 |
} |
|
102 |
} |
|
103 |
|
|
104 |
|
|
105 |
/* |
|
106 |
* Gives a textdescribed value of the given levelid |
|
107 |
* return values: the text associated with the level |
|
108 |
*/ |
|
109 |
function leveldescription($id) |
|
110 |
{ |
|
111 |
switch($id) |
|
112 |
{ |
|
113 |
case 1: |
|
114 |
global $NAME_LEVEL_1; |
|
115 |
return $NAME_LEVEL_1; |
|
116 |
break; |
|
117 |
case 5: |
|
118 |
global $NAME_LEVEL_5; |
|
119 |
return $NAME_LEVEL_5; |
|
120 |
break; |
|
121 |
case 10: |
|
122 |
global $NAME_LEVEL_10; |
|
123 |
return $NAME_LEVEL_10; |
|
124 |
break; |
|
125 |
default: |
|
126 |
return "Unknown"; |
|
127 |
break; |
|
128 |
} |
|
129 |
} |
|
130 |
|
|
131 |
|
|
132 |
/* |
|
133 |
* Checks if a given username exists in the database. |
|
134 |
* return values: true if exists, false if not. |
|
135 |
*/ |
|
136 |
function user_exists($user) |
|
137 |
{ |
|
138 |
global $db; |
|
139 |
$result = $db->query("SELECT id FROM users WHERE username='$user'"); |
|
140 |
if ($result->numRows() == 0) |
|
141 |
{ |
|
142 |
return false; |
|
143 |
} |
|
144 |
elseif($result->numRows() == 1) |
|
145 |
{ |
|
146 |
return true; |
|
147 |
} |
|
148 |
else |
|
149 |
{ |
4
|
150 |
error(ERR_UNKNOWN); |
1
|
151 |
} |
|
152 |
} |
|
153 |
|
|
154 |
|
|
155 |
/* |
|
156 |
* Get all user info for the given user in an array. |
|
157 |
* return values: the database style array with the information about the user. |
|
158 |
*/ |
|
159 |
function get_user_info($id) |
|
160 |
{ |
|
161 |
global $db; |
|
162 |
if (is_numeric($id)) |
|
163 |
{ |
|
164 |
$result = $db->query("SELECT id, username, fullname, email, description, level, active from users where id=$id"); |
|
165 |
$r = $result->fetchRow(); |
|
166 |
return $r; |
|
167 |
} |
|
168 |
else |
|
169 |
{ |
|
170 |
error(sprintf(ERR_INV_ARGC,"get_user_info", "you gave illegal arguments: $id")); |
|
171 |
} |
|
172 |
} |
|
173 |
|
|
174 |
|
|
175 |
/* |
|
176 |
* Delete a user from the system |
|
177 |
* return values: true if user doesnt exist. |
|
178 |
*/ |
|
179 |
function delete_user($id) |
|
180 |
{ |
|
181 |
global $db; |
|
182 |
if (!level(10)) |
|
183 |
{ |
|
184 |
error(ERR_LEVEL_10); |
|
185 |
} |
|
186 |
if (is_numeric($id)) |
|
187 |
{ |
|
188 |
$db->query("DELETE FROM users WHERE id=$id"); |
|
189 |
$db->query("DELETE FROM zones WHERE owner=$id"); |
|
190 |
return true; |
|
191 |
// No need to check the affected rows. If the affected rows would be 0, |
|
192 |
// the user isnt in the dbase, just as we want. |
|
193 |
} |
|
194 |
else |
|
195 |
{ |
|
196 |
error(ERR_INV_ARG); |
|
197 |
} |
|
198 |
} |
|
199 |
|
|
200 |
|
|
201 |
/* |
|
202 |
* Adds a user to the system. |
|
203 |
* return values: true if succesfully added. |
|
204 |
*/ |
|
205 |
function add_user($user, $password, $fullname, $email, $level, $description, $active) |
|
206 |
{ |
|
207 |
global $db; |
|
208 |
if (!level(10)) |
|
209 |
{ |
|
210 |
error(ERR_LEVEL_10); |
|
211 |
} |
|
212 |
if (!user_exists($user)) |
|
213 |
{ |
|
214 |
// Might have to be changed. |
|
215 |
// TODO probably. |
|
216 |
$description = mysql_escape_string($description); |
|
217 |
|
|
218 |
// Clean up the fullname |
|
219 |
$fullname = mysql_escape_string($fullname); |
|
220 |
is_valid_email($email); |
|
221 |
|
8
|
222 |
$db->query("INSERT INTO users (username, password, fullname, email, description, level, active) VALUES ('$user', '" . md5($password) . "', '$fullname', '$email', '$description', '$level', '$active')"); |
1
|
223 |
return true; |
|
224 |
} |
|
225 |
else |
|
226 |
{ |
|
227 |
error(ERR_USER_EXISTS); |
|
228 |
} |
|
229 |
} |
|
230 |
|
|
231 |
|
|
232 |
/* |
|
233 |
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :) |
|
234 |
* return values: true if succesful |
|
235 |
*/ |
|
236 |
function edit_user($id, $user, $fullname, $email, $level, $description, $active, $password) |
|
237 |
{ |
|
238 |
global $db; |
|
239 |
if(!level(10)) { |
|
240 |
error(ERR_LEVEL_10); |
|
241 |
} |
|
242 |
|
|
243 |
// Might have to be changed. |
|
244 |
// TODO |
|
245 |
$description = mysql_escape_string($description); |
|
246 |
$fullname = mysql_escape_string($fullname); |
|
247 |
is_valid_email($email); |
|
248 |
|
|
249 |
$sqlquery = "UPDATE users set username='$user', fullname='$fullname', email='$email', level=$level, description='$description', active=$active "; |
|
250 |
|
|
251 |
if($password != "") |
|
252 |
{ |
|
253 |
$sqlquery .= ", password= '" . md5($password) . "' "; |
|
254 |
} |
|
255 |
|
|
256 |
$sqlquery .= "where id=$id" ; |
|
257 |
|
|
258 |
// Search the username that right now goes with this ID. |
|
259 |
$result = $db->query("SELECT username from users where id=$id"); |
|
260 |
$r = array(); |
|
261 |
$r = $result->fetchRow(); |
|
262 |
|
|
263 |
// If the found username with this ID is the given username with the command.. execute. |
|
264 |
|
|
265 |
if($r["username"] == $user) |
|
266 |
{ |
|
267 |
$db->query($sqlquery); |
|
268 |
return true; |
|
269 |
} |
|
270 |
|
|
271 |
// Its not.. so the user wants to change. |
|
272 |
// Find if there is an id that has the wished username. |
|
273 |
$otheruser = $db->query("SELECT id from users where username='$user'"); |
|
274 |
if($otheruser->numRows() > 0) |
|
275 |
{ |
|
276 |
error(ERR_USER_EXIST); |
|
277 |
} |
|
278 |
|
|
279 |
// Its fine it seems.. :) |
|
280 |
// Lets execute it. |
|
281 |
else |
|
282 |
{ |
|
283 |
$db->query($sqlquery); |
|
284 |
return true; |
|
285 |
} |
|
286 |
} |
|
287 |
|
|
288 |
/* |
|
289 |
* Change the pass of the user. |
|
290 |
* The user is automatically logged out after the pass change. |
|
291 |
* return values: none. |
|
292 |
*/ |
|
293 |
function change_user_pass($currentpass, $newpass, $newpass2) |
|
294 |
{ |
|
295 |
global $db; |
|
296 |
|
|
297 |
// Check if the passwords are equal. |
|
298 |
if($newpass != $newpass2) |
|
299 |
{ |
|
300 |
error(ERR_USER_MATCH_NEW_PASS); |
|
301 |
} |
|
302 |
|
|
303 |
// Retrieve the users password. |
|
304 |
$result = $db->query("SELECT password, id FROM users WHERE username='". $_SESSION["userlogin"] ."'"); |
|
305 |
$rinfo = $result->fetchRow(); |
|
306 |
|
|
307 |
// Check the current password versus the database password and execute the update. |
|
308 |
if(md5($currentpass) == $rinfo["password"]) |
|
309 |
{ |
|
310 |
$sqlquery = "update users set password='" . md5($newpass) . "' where id='" . $rinfo["id"] . "'"; |
|
311 |
$db->query($sqlquery); |
|
312 |
|
|
313 |
// Logout the user. |
|
314 |
logout("Pass changed please re-login"); |
|
315 |
} |
|
316 |
else |
|
317 |
{ |
|
318 |
error(ERR_USER_WRONG_CURRENT_PASS); |
|
319 |
} |
|
320 |
} |
|
321 |
|
|
322 |
|
|
323 |
/* |
|
324 |
* Get a fullname when you have a userid. |
|
325 |
* return values: gives the fullname from a userid. |
|
326 |
*/ |
|
327 |
function get_fullname_from_userid($id) |
|
328 |
{ |
|
329 |
global $db; |
|
330 |
if (is_numeric($id)) |
|
331 |
{ |
|
332 |
$result = $db->query("SELECT fullname FROM users WHERE id=$id"); |
|
333 |
$r = $result->fetchRow(); |
|
334 |
return $r["fullname"]; |
|
335 |
} |
|
336 |
else |
|
337 |
{ |
|
338 |
error(ERR_INV_ARG); |
|
339 |
} |
|
340 |
} |
|
341 |
|
|
342 |
|
|
343 |
/* |
|
344 |
* Get a fullname when you have a userid. |
|
345 |
* return values: gives the fullname from a userid. |
|
346 |
*/ |
|
347 |
function get_owner_from_id($id) |
|
348 |
{ |
|
349 |
global $db; |
|
350 |
if (is_numeric($id)) |
|
351 |
{ |
|
352 |
$result = $db->query("SELECT fullname FROM users WHERE id=$id"); |
|
353 |
if ($result->numRows() == 1) |
|
354 |
{ |
|
355 |
$r = $result->fetchRow(); |
|
356 |
return $r["fullname"]; |
|
357 |
} |
|
358 |
else |
|
359 |
{ |
|
360 |
error(ERR_USER_NOT_EXIST); |
|
361 |
} |
|
362 |
} |
|
363 |
error(ERR_INV_ARG); |
|
364 |
} |
26
|
365 |
|
|
366 |
/** |
|
367 |
* get_owners_from_domainid |
|
368 |
* |
|
369 |
* @todo also fetch the subowners |
|
370 |
* @param $id integer the id of the domain |
|
371 |
* @return String the list of owners for this domain |
|
372 |
*/ |
|
373 |
function get_owners_from_domainid($id) { |
|
374 |
|
|
375 |
global $db; |
|
376 |
if (is_numeric($id)) |
|
377 |
{ |
|
378 |
$result = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=$id AND zones.owner=users.id ORDER by fullname"); |
|
379 |
if ($result->numRows() == 0) |
|
380 |
{ |
36
|
381 |
return ""; |
|
382 |
} |
|
383 |
else |
|
384 |
{ |
26
|
385 |
$names = array(); |
36
|
386 |
while ($r = $result->fetchRow()) |
|
387 |
{ |
26
|
388 |
$names[] = $r['fullname']; |
|
389 |
} |
|
390 |
return implode(', ', $names); |
|
391 |
} |
|
392 |
} |
|
393 |
error(ERR_INV_ARG); |
|
394 |
} |
|
395 |
|
1
|
396 |
?> |