summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/controllers/Users.class.php154
-rw-r--r--src/lib/DB.class.php164
-rw-r--r--src/lib/Database.class.php2
-rw-r--r--src/lib/Form.class.php57
-rw-r--r--src/models/Auth.class.php6
-rw-r--r--src/views/Template.class.php2
-rw-r--r--src/views/pages/users/index.html.php46
-rw-r--r--src/views/pages/users/individual.html.php12
-rw-r--r--src/views/pages/users/new-locked.html.php9
9 files changed, 284 insertions, 168 deletions
diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index b8c9244..df00663 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -1,6 +1,7 @@
<?php
require_once('Login.class.php');
require_once('Auth.class.php');
+require_once('DB.class.php');
Router::register('users/new' , 'Users', 'new_user');
Router::register('users/index', 'Users', 'index_file');
@@ -22,7 +23,12 @@ class Users extends Controller {
switch ($method) {
case 'POST':
// We're POSTing a new user.
- $this->create_user();
+ if ($this->registrationOpen()) {
+ $this->create_user();
+ } else {
+ $this->showView('users/new-locked', array());
+ exit();
+ }
break;
case 'HEAD': // fall-through to GET
case 'GET':
@@ -61,6 +67,10 @@ class Users extends Controller {
$this->showView('users/new-logged-in', array());
exit();
}
+ if (!$this->registrationOpen()) {
+ $this->showView('users/new-locked', array());
+ exit();
+ }
if (!isset($vars['errors'])) $vars['errors'] = array();
global $mm; $pm = $mm->pluginManager();
$vars['antispam_html'] = $pm->callHook('antispam_html');
@@ -68,26 +78,34 @@ class Users extends Controller {
}
public function individual($routed, $remainder) {
- $username = implode('/', $remainder);
-
global $mm; // also used for pluginmanager
$db = $mm->database();
- $uid = $db->getUID($username);
- $user = Auth::getObj($uid);
-
- if ($user->isGroup()) $uid = false; // ignore groups.
-
- if ($uid===false) {
- $this->http404($routed, $remainder);
+ $pm = $mm->pluginManager();
+
+ $username = implode('/', $remainder);
+ if ($username == 'all') {
+ $uids = $db->listUsers();
} else {
+ $uids = array($db->getUID($username));
+ }
+
+ $vars = array();
+
+ if (count($uids)<2) {
+ $user = Auth::getObj($uid);
+
+ if ($user->isGroup()) $uid = false; // ignore groups.
+
+ if ($uid===false) {
+ $this->http404($routed, $remainder);
+ exit();
+ }
if (!$user->canRead()) {
$this->http401($routed, $remainder);
exit();
}
- $vars = array();
$method = $_SERVER['REQUEST_METHOD'];
-
switch ($method) {
case 'PUT': $_POST = $_PUT;
case 'POST':
@@ -97,19 +115,23 @@ class Users extends Controller {
}
break;
}
-
- $config_options = array();
- $mm->pluginManager()->callHook('userConfig', &$config_options);
-
- $vars['config_options'] = $config_options;
- $vars['user'] = $user;
- $vars['groups'] = $db->listGroupNames();
- require_once('ContactMethod.class.php');
- $this->showView('users/individual', $vars);
}
+
+ $config_options = array();
+ $pm->callHook('userConfig', &$config_options);
+
+ $vars['users'] = array();
+ foreach ($uids as $uid) {
+ $vars['users'][] = Auth::getObj($uid);
+ }
+ $vars['username'] = $username;
+ $vars['config_options'] = $config_options;
+ $vars['groups'] = $db->listGroupNames();
+ require_once('ContactMethod.class.php');
+ $this->showView('users/individual', $vars);
}
- public function http404($routed, $rnemainder) {
+ public function http404($routed, $remainder) {
$username = implode('/', $remainder);
$this->showView('users/404',
array('username'=>$username));
@@ -167,7 +189,7 @@ class Users extends Controller {
$this->showView('users/500');
} else {
Login::login($username, $password);
- $this->setConf($uid, 'email', $vars['email']);
+ DB::set('users', $uid, 'email', $vars['email']);
$this->showView('users/created',
array('username'=>$username));
}
@@ -257,11 +279,8 @@ class Users extends Controller {
if (isset($_POST[$key]) && is_array($_POST[$key])) {
$old = $_POST['_old'][$key];
foreach ($_POST[$key] as $uid => $value) {
- // FIXME
- $form->setter = create_function('$k,$v', "return Users::setConf($uid, \$k, \$v)");
- $form->getter = create_function('$k' , "return Users::getConf($uid, \$k)");
- @$value_old = $_POST[$key];
- $set = $form->updateValue($value, $value_old);
+ @$value_base = $old[$uid];
+ $set = DB::set('users', $uid, $key, $value, $value_base);
if (is_string($set)) {
echo "<pre>\n";
echo "Error: Value changed elsewhere, ".
@@ -303,79 +322,22 @@ class Users extends Controller {
$vars['users'][$uid] = array();
foreach ($vars['attribs'] as $attrib) {
$key = $attrib['key'];
- $props = $this->getConf($uid, $key);
+ $props = DB::get('users', $uid, $key);
$vars['users'][$uid][$key] = $props;
}
}
$this->showView('users/index', $vars);
}
- public static function getConf($uid, $key) {
- $user = Auth::getObj($uid);
- $logged_in_user = Auth::getObj(Login::isLoggedIn());
-
- $post_key = $key."[$uid]";
- @$value = $_POST[$post_key];
- $editable = $user->canEdit();
-
- switch ($key) {
- case 'auth_name':
- $value = $user->getName();
- break;
- case 'auth_user':
- $editable = $editable && $logged_in_user->isAdmin();
- $value = $user->isUser();
- break;
- case 'auth_admin':
- $editable = $editable && $logged_in_user->isAdmin();
- $value = $user->isAdmin();
- break;
- case 'auth_delete':
- $editable = $editable && $logged_in_user->isAdmin();
- $value = false;
- break;
- default:
- $value = $user->getConf($key);
- if ($value===false) $value='';
- break;
- }
-
- return array('value'=>$value,
- 'post_key'=>$post_key,
- 'editable'=>$editable);
- }
- public static function setConf($uid, $key, $value) {
- // So, this rocks because we don't have to check permissions,
- // the User object does that.
- $user = Auth::getObj($uid);
-
- switch ($key) {
- case 'auth_name':
- return $user->setName($value);
- break;
- case 'auth_user':
- return $user->setUser($value=='true');
- break;
- case 'auth_admin':
- return $user->setAdmin($value=='true');
- break;
- case 'auth_delete':
- if ($value=='true') return $user->delete();
- default:
- return $user->setConf($key, $value);
- break;
- }
- }
-
- function attrib($key, $name) {
- return array('key'=>$key, 'name'=>$name);
+ function attrib($key, $name, $type='string') {
+ return array('key'=>$key, 'name'=>$name, 'type'=>$type);
}
private function getIndexAttribs() {
$attribs = array();
- $attribs[] = $this->attrib('auth_user', 'Active');
+ $attribs[] = $this->attrib('auth_user', 'Active', 'bool');
if (Auth::getObj(Login::isLoggedIn())->isAdmin()) {
- $attribs[] = $this->attrib('auth_admin', 'Admin');
- $attribs[] = $this->attrib('auth_delete', 'Delete');
+ $attribs[] = $this->attrib('auth_admin', 'Admin', 'bool');
+ $attribs[] = $this->attrib('auth_delete', 'Delete', 'bool');
}
$attribs[] = $this->attrib('lastname','Last');
$attribs[] = $this->attrib('firstname','First');
@@ -385,4 +347,14 @@ class Users extends Controller {
$attribs[] = $this->attrib('auth_name', 'Username');
return $attribs;
}
+
+ private function registrationOpen() {
+ global $mm; $db = $mm->database();
+ $val = $db->getSysConf('registration_open');
+ switch ($val) {
+ case 'true': return true;
+ case 'false': return false;
+ default: return true;
+ }
+ }
}
diff --git a/src/lib/DB.class.php b/src/lib/DB.class.php
new file mode 100644
index 0000000..5954726
--- /dev/null
+++ b/src/lib/DB.class.php
@@ -0,0 +1,164 @@
+<?php
+
+require_once('Auth.class.php');
+require_once('Login.class.php');
+
+class DB {
+ public static function set($table, $unit, $key, $value, $orig_value) {
+ $value_base = $orig_value;
+
+ $doit = true;
+ $forked = false;
+ $have_old = ($value_base!==null);
+ if ($have_old) {
+ $we_changed_it = $value_base != $value;
+ if ($we_changed_it) {
+ $value_fork = $this->getConfString($key);
+ $someone_else_changed_it =
+ $value_fork != $value_base;
+ if ($someone_else_changed_it) {
+ if ($value == $value_fork) {
+ // we might as well not have
+ $we_changed_it = false;
+ } else {
+ $forked = true;
+ }
+ }
+ }
+ if (!$we_changed_it) {
+ $doit = false;// nothing to do
+ }
+ }
+ if ($doit) {
+ return $this->setConf($key, $value);
+ }
+ if ($forked) {
+ return $value_fork;
+ }
+ }
+
+ public static function get($table, $unit, $key) {
+ switch ($table) {
+ case 'conf':
+ case 'plugins':
+ return self::admin_get($unit, $key);
+ break;
+ case 'users':
+ return self::user_get($unit, $key);
+ break;
+ default:
+ return false;
+ }
+ }
+ public static function raw_set($table, $unit, $key, $value) {
+ switch ($table) {
+ case 'conf':
+ case 'plugins':
+ return self::admin_get($unit, $key, $value);
+ break;
+ case 'users':
+ return self::user_set($unit, $key, $value);
+ break;
+ default:
+ return false;
+ }
+ }
+
+ private static function user_get($uid, $key) {
+ $user = Auth::getObj($uid);
+ $logged_in_user = Auth::getObj(Login::isLoggedIn());
+
+ $post_key = $key."[$uid]";
+ @$value = $_POST[$post_key];
+ $editable = $user->canEdit();
+
+ switch ($key) {
+ case 'auth_uid':
+ $value = $user->getUID();
+ $editable = false;
+ break;
+ case 'auth_name':
+ $value = $user->getName();
+ break;
+ case 'auth_user':
+ $editable = $editable && $logged_in_user->isAdmin();
+ $value = $user->isUser()?'true':'false';
+ break;
+ case 'auth_admin':
+ $editable = $editable && $logged_in_user->isAdmin();
+ $value = $user->isAdmin()?'true':'false';
+ break;
+ case 'auth_delete':
+ $editable = $editable && $logged_in_user->isAdmin();
+ $value = 'false';
+ break;
+ default:
+ $value = $user->getConf($key);
+ if ($value===false) $value='';
+ break;
+ }
+
+ return array('value'=>$value,
+ 'post_key'=>$post_key,
+ 'editable'=>$editable);
+ }
+ private static function user_set($uid, $key, $value) {
+ $user = Auth::getObj($uid);
+
+ switch ($key) {
+ case 'auth_uid':
+ return false;
+ break;
+ case 'auth_name':
+ return $user->setName($value);
+ break;
+ case 'auth_user':
+ return $user->setUser($value=='true');
+ break;
+ case 'auth_admin':
+ return $user->setAdmin($value=='true');
+ break;
+ case 'auth_delete':
+ if ($value=='true') return $user->delete();
+ default:
+ return $user->setConf($key, $value);
+ break;
+ }
+ }
+
+ private static function admin_get($plugin, $key) {
+ global $mm; $db = $mm->database();
+ $user = Auth::getObj(Login::isLoggedIn());
+ if ($user->isAdmin()) {
+ $editable = true;
+ switch ($plugin) {
+ case 'system':
+ $value = $db->getSysConf($key);
+ break;
+ default:
+ $value = $db->getPluginConf($plugin, $key);
+ break;
+ }
+ } else {
+ $editable = false;
+ $value = false;
+ }
+
+ return array('value'=>$value,
+ 'post_key'=>'to be implemented',// FIXME
+ 'editable'=>$editable);
+ }
+ private static function admin_set($plugin, $key, $value) {
+ global $mm; $db = $mm->database();
+ $user = Auth::getObj(Login::isLoggedIn());
+ if (!$user->isAdmin()) {
+ return false;
+ }
+ switch ($plugin) {
+ case 'system':
+ return $db->setSysConf($key, $value);
+ default:
+ return $db->setPluginConf($plugin, $key, $value);
+ }
+ }
+}
diff --git a/src/lib/Database.class.php b/src/lib/Database.class.php
index ab56d09..13d9559 100644
--- a/src/lib/Database.class.php
+++ b/src/lib/Database.class.php
@@ -396,4 +396,4 @@ class Database {
return $out_list;
}
-} \ No newline at end of file
+}
diff --git a/src/lib/Form.class.php b/src/lib/Form.class.php
deleted file mode 100644
index 725bac5..0000000
--- a/src/lib/Form.class.php
+++ /dev/null
@@ -1,57 +0,0 @@
-<?php
-
-require_once('Auth.class.php');
-
-class Form {
- public $getter = null;
- public $setter = null;
- public function __constructor($get, $set) {
- $this->getter = $get;
- $this->setter = $set;
- }
- private function getConf($key) {
- call_user_func($getter, $key);
- }
- public function setConf($key, $value) {
- call_user_func($setter, $key, $value);
- }
- private function getConfString($key) {
- $raw = $this->getConf($key);
- $value = $raw['value'];
- if ($value===false) return 'false';
- if ($value===true) return 'true';
- return $value;
- }
-
- public function updateValue($value, $value_base=null) {
- $doit = true;
- $forked = false;
- $have_old = ($value_base!==null);
- if ($have_old) {
- @$value_base = $old[$uid];
- $we_changed_it = $value_base != $value;
- if ($we_changed_it) {
- $value_fork = $this->getConfString($key);
- $someone_else_changed_it =
- $value_fork != $value_base;
- if ($someone_else_changed_it) {
- if ($value == $value_fork) {
- // we might as well not have
- $we_changed_it = false;
- } else {
- $forked = true;
- }
- }
- }
- if (!$we_changed_it) {
- $doit = false;// nothing to do
- }
- }
- if ($doit) {
- return $this->setConf($key, $value);
- }
- if ($forked) {
- return $value_fork;
- }
- }
-}
diff --git a/src/models/Auth.class.php b/src/models/Auth.class.php
index 25570bf..b51aef9 100644
--- a/src/models/Auth.class.php
+++ b/src/models/Auth.class.php
@@ -26,12 +26,12 @@ class Auth {
// Current rules:
// * Not in "$illegal_names"
// * Does not contain '.'
- // * Less <256 characters
- $illegal_names = array('', 'new', 'index');
+ // * Fewer than 256 characters
+ $illegal_names = array('', 'new', 'index', 'all');
return true
&& (!in_array($name, $illegal_names))
&& (strpos($name,'.')===false)
- && (strlen($name)<=256);
+ && (strlen($name)<256);
}
protected $db = null;
diff --git a/src/views/Template.class.php b/src/views/Template.class.php
index 663ec05..bf57e93 100644
--- a/src/views/Template.class.php
+++ b/src/views/Template.class.php
@@ -138,7 +138,7 @@ class Template {
$str.= $this->tag('title', array(), htmlspecialchars($title));
$str.= $this->css('style.css', 'all');
$str.= $this->css('screen.css', 'screen');
- $str.= $this->css('logo-style.css', 'screen');
+ $str.= $this->css('print.css', 'print');
$str.= $this->closeTag('head');
$body_class = 'logged'.($logged_in?'in':'out');
diff --git a/src/views/pages/users/index.html.php b/src/views/pages/users/index.html.php
index 7f51592..daed9f7 100644
--- a/src/views/pages/users/index.html.php
+++ b/src/views/pages/users/index.html.php
@@ -13,14 +13,35 @@ $t->openTag('form', array('action'=>$t->url('users/index'),
$t->tag('input', array('type'=>'submit',
'value'=>'Save/Update'));
-$t->openTag('table');
+$t->openTag('table', array('class'=>'sortable', 'id'=>'bar'));
+$t->openTag('thead');
$t->openTag('tr');
foreach ($attribs as $attrib) {
- $t->tag('th', array(), $attrib['name']);
+ switch ($attrib['type']) {
+ case 'bool': $class = 'small'; break;
+ default: $class = ''; break;
+ }
+ $t->tag('th', array('class'=>$class), $attrib['name']);
}
-$t->tag('th');
+$t->tag('th', array(), '-');
$t->closeTag('tr');
+$t->closeTag('thead');
+
+$t->openTag('tfoot');
+$t->openTag('tr');
+foreach ($attribs as $attrib) {
+ switch ($attrib['type']) {
+ case 'bool': $class = 'small'; break;
+ default: $class = ''; break;
+ }
+ $t->tag('th', array('class'=>$class), $attrib['name']);
+}
+$t->tag('th', array(), '-');
+$t->closeTag('tr');
+$t->closeTag('tfoot');
+
+$t->openTag('tbody');
foreach ($users as $user) {
$t->openTag('tr');
@@ -29,11 +50,15 @@ foreach ($users as $user) {
$t->openTag('td');
$props = $user[$attrib['key']];
-
- $value = $props['value'];
+
+ $bool = $attrib['type']=='bool';
+ if ($bool) {
+ $value = $props['value']=='true';
+ } else {
+ $value = $props['value'];
+ }
$editable = $props['editable'];
$post_key = $props['post_key'];
- $bool = is_bool($value);
$arr = array('name'=>$post_key);
if (!$editable) {
@@ -48,6 +73,7 @@ foreach ($users as $user) {
$arr['value'] = 'true';
$arr['type'] = 'checkbox';
} else {
+ $t->tag('span', array('class'=>'cell_width'), $value);
$arr['value'] = $value;
$arr['type'] = 'text';
}
@@ -66,13 +92,7 @@ foreach ($users as $user) {
$t->closeTag('tr');
}
-$t->openTag('tr');
-foreach ($attribs as $attrib) {
- $t->tag('th', array(), $attrib['name']);
-}
-$t->tag('th');
-$t->closeTag('tr');
-
+$t->closeTag('tbody');
$t->closeTag('table');
$t->tag('input', array('type'=>'submit',
diff --git a/src/views/pages/users/individual.html.php b/src/views/pages/users/individual.html.php
index 5722977..39360b7 100644
--- a/src/views/pages/users/individual.html.php
+++ b/src/views/pages/users/individual.html.php
@@ -1,6 +1,7 @@
<?php global $VARS, $CONTACT_METHODS;
$t = $VARS['template'];
-$user = $VARS['user'];
+$users = $VARS['users'];
+$username = $VARS['username'];
function inputText($user, $key, $label, $hint='') {
global $VARS; $t = $VARS['template'];
@@ -56,8 +57,14 @@ function inputField($user, $arr) {
////////////////////////////////////////////////////////////////////////////////
+if (count($users)>1) {
+ $t->header("Users: $username");
+} else {
+ $t->header("User: $username");
+}
+
+foreach($users as $user) {
$username = $user->getName();
-$t->header("Users: $username");
$t->tag('h1', array(), ($user->canEdit()?'Edit':'View')." User <q>$username</q> (UID: ".$user->getUID().")");
@@ -136,4 +143,5 @@ if ($user->canEdit()) {
$t->tag('input', array('type'=>'submit', 'value'=>'Save'));
}
$t->closeTag('form');
+}
$t->footer();
diff --git a/src/views/pages/users/new-locked.html.php b/src/views/pages/users/new-locked.html.php
new file mode 100644
index 0000000..dc7ad0d
--- /dev/null
+++ b/src/views/pages/users/new-locked.html.php
@@ -0,0 +1,9 @@
+<?php global $VARS;
+$t = $VARS['template'];
+
+$t->status('403 Forbidden');
+$t->header('Create new user');
+
+$t->paragraph("Sorry, new user registration is disabled.");
+
+$t->footer();