• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/users.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00017 //TODO : Implement Search based on user profile fields
00018 function userManagementForm()
00019 {
00020         global $ICONS;
00021         global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder,$sourceFolder;
00022         require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
00023         $usermgmtform=<<<USERFORM
00024         <script type='text/javascript' language='javascript'>
00025         function checkAll(formobj)
00026         {
00027                 for(i=0;i<formobj.elements.length;i++)
00028                 {
00029                         
00030                         if(formobj.elements[i].type=='checkbox') formobj.elements[i].checked=true;
00031                 }
00032         }
00033         function unCheckAll(formobj)
00034         {
00035                 for(i=0;i<formobj.elements.length;i++)
00036                 {
00037                         
00038                         if(formobj.elements[i].type=='checkbox') formobj.elements[i].checked=false;
00039                 }
00040         }
00041         </script>
00042         <form name='user_mgmt_form' action='./+admin&subaction=useradmin' method='POST'>
00043         <fieldset>
00044         <legend>{$ICONS['User Management']['small']}User Management</legend>
00045         
00046         Select Fields to Display : <input type='button' onclick='return checkAll(this.form);' value='Check All' /><input type='button' onclick='return unCheckAll(this.form);' value='Uncheck All' />
00047         <table><tr><td>Field Name</td><td>Display ?</td><td>Field Name</td><td>Display ?</td><td>Field Name</td><td>Display ?</td></tr>
00048 USERFORM;
00049         
00050         $xcolumnNames=array_keys(getColumnList(0, false, false, false, false, false));
00051         $xcolumnPrettyNames=array_values(getColumnList(0, false, false, false, false, false));
00052         $usertablefields=array_merge(getTableFieldsName('users'),$xcolumnNames);
00053         $userfieldprettynames=array_merge(array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method"),array_map('ucfirst',$xcolumnPrettyNames));
00054         $cols=3;
00055         for($i=0;$i<count($usertablefields);$i=$i+$cols)
00056         {       
00057                 $usermgmtform.="<tr>";
00058                 for($j=0;$j<$cols;$j++)
00059                 {
00060                         if($i+$j<count($usertablefields))
00061                         {
00062                                 $checked="";
00063                                 if(isset($_POST['not_first_time']))
00064                                         $checked=isset($_POST[$usertablefields[$i+$j].'_sel'])?"checked":"";
00065                                 else if($usertablefields[$i+$j]=="user_fullname" || $usertablefields[$i+$j]=="user_email" || $usertablefields[$i+$j]=="user_activated")
00066                                         $checked="checked";
00067                                 
00068                                 $usermgmtform.="<td>{$userfieldprettynames[$i+$j]}</td><td><input type='checkbox' name='{$usertablefields[$i+$j]}_sel' $checked /></td>";
00069                         }
00070                 }
00071                 $usermgmtform.="</tr>";
00072         }
00073         global $ICONS_SRC;
00074         $usermgmtform.=<<<USERFORM
00075         <input type='hidden' name='not_first_time' />
00076         </table>
00077         <fieldset style="float:left;">
00078         <legend>All Registered</legend>
00079         <input type='submit' value='View' name='view_reg_users'/>
00080         <input type='submit' value='Edit' name='edit_reg_users'/>
00081         <input type='submit' value='Save as Excel' name='save_reg_users_excel'/>
00082         </fieldset>&nbsp;
00083         <fieldset style="float:left;">
00084         <legend>Activated Users</legend>
00085         <input type='submit' value='View' name='view_activated_users'/>
00086         <input type='submit' value='Edit' name='edit_activated_users'/>
00087         <input type='submit' value='Save as Excel' name='save_activated_users_excel'/>
00088         </fieldset>&nbsp;
00089         <fieldset style="float:left;">
00090         <legend>Non-Activated Users</legend>
00091         <input type='submit' value='View' name='view_nonactivated_users'/>
00092         <input type='submit' value='Edit' name='edit_nonactivated_users'/>
00093         <input type='submit' value='Save as Excel' name='save_nonactivated_users_excel'/>
00094         </fieldset>
00095         <div style="clear:both"></div>
00096         <hr/>
00097         <table class='iconspanel'>
00098         <tr>
00099         <td>
00100         <input type="image" alt="Search User" src='{$ICONS_SRC['Search']['large']}' onclick="this.form.action+='&subsubaction=search'" value="Search User" /><br/>Search User
00101         </td>
00102         <td>
00103         <input type="image" alt="New User" src='{$ICONS_SRC['New User']['large']}' onclick="this.form.action+='&subsubaction=create'" value="New User" /><br/>New User
00104         </td>
00105         <td>
00106         <input type='image' alt="Deactivate All Users" src='{$ICONS_SRC['Deactivate']['large']}' value='Deactivate All' name='deactivate_all_users'/><br/>Deactivate All Users
00107         </td>
00108         <td>
00109         <input type='image' alt="Activate All Users" src='{$ICONS_SRC['Activate']['large']}' value='Activate All' name='activate_all_users'/><br/>Activate All Users
00110         </td>
00111         </tr>
00112         </table>
00113         </fieldset>
00114         
00115         
00116         </form>
00117 USERFORM;
00118         return $usermgmtform;
00119 }
00120 function handleUserMgmt()
00121 {
00122         global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder,$sourceFolder;
00123         require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
00124         if(isset($_GET['userid']))
00125          $_GET['userid']=escape($_GET['userid']);
00126         if(isset($_POST['editusertype'])) $_POST['editusertype']=escape($_POST['editusertype']);
00127         if(isset($_POST['user_selected_activate'])) {
00128                 foreach($_POST as $key => $var)
00129                         if(substr($key,0,9)=="selected_") {
00130                                 if(!mysql_query("UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=1 WHERE user_id='".substr($key,9)."'")) {
00131                                         $result = mysql_query("SELECT `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`='".substr($key,9)."'");
00132                                         if($result) {
00133                                                 $row = mysql_fetch_assoc($result);
00134                                                 displayerror("Couldn't activate user, {$row['user_fullname']}");
00135                                         }
00136                                 }
00137                         }
00138                 return registeredUsersList($_POST['editusertype'],"edit",false);
00139         }
00140         if(isset($_POST['user_selected_deactivate'])) {
00141                 foreach($_POST as $key => $var)
00142                         if(substr($key,0,9)=="selected_") {
00143                                 if((int)substr($key,9)==ADMIN_USERID) {
00144                                         displayerror("You cannot deactivate administrator!");
00145                                         continue;
00146                                 }
00147                                 if(!mysql_query("UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=0 WHERE user_id='".substr($key,9)."'")) {
00148                                         $result = mysql_query("SELECT `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`='".substr($key,9)."'");
00149                                         if($result) {
00150                                                 $row = mysql_fetch_assoc($result);
00151                                                 displayerror("Couldn't deactivate user, {$row['user_fullname']}");
00152                                         }
00153                                 }
00154                         }
00155                 return registeredUsersList($_POST['editusertype'],"edit",false);
00156         }
00157         if(isset($_POST['user_selected_delete'])) {
00158                 $done = true;
00159                 foreach($_POST as $key => $var)
00160                         if(substr($key,0,9)=="selected_") {
00161                                 if((int)substr($key,9)==ADMIN_USERID) {
00162                                         displayerror("You cannot delete administrator!");
00163                                         continue;
00164                                 }
00165                                 $query="DELETE FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id` = '".substr($key,9)."'";
00166                                 if(mysql_query($query)) {
00167                                         $query="DELETE FROM `".MYSQL_DATABASE_PREFIX."openid_users` WHERE `user_id` = '".substr($key,9)."'";
00168                                         if(!mysql_query($query))
00169                                                 $done = false;
00170                                 } else
00171                                         $done = false;
00172                         }
00173                 if(!$done)
00174                         displayerror("Some problem in deleting selected users");
00175                 return registeredUsersList($_POST['editusertype'],"edit",false);
00176         }
00177         if(isset($_POST['user_activate']))
00178         {
00179                 $query="UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=1 WHERE user_id={$_GET['userid']}";
00180                 if(mysql_query($query))
00181                         displayInfo("User Successfully Activated!");
00182                 else displayerror("User Not Activated!");
00183                 return registeredUsersList($_POST['editusertype'],"edit",false);
00184         }
00185         else if(isset($_POST['activate_all_users']))
00186         {
00187                 
00188                 $query="UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=1";
00189                 if(mysql_query($query))
00190                         displayInfo("All users activated successfully!");
00191                 else displayerror("Users Not Deactivated!");
00192                 
00193                 return;
00194         }
00195         else if(isset($_POST['user_deactivate']))
00196         {
00197                 if($_GET['userid']==ADMIN_USERID)
00198                 {
00199                         displayError("You cannot deactivate administrator!");
00200                         return registeredUsersList($_POST['editusertype'],"edit",false);
00201                 }
00202                 $query="UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=0 WHERE user_id={$_GET['userid']}";
00203                 if(mysql_query($query))
00204                         displayInfo("User Successfully Deactivated!");
00205                 else displayerror("User Not Deactivated!");
00206                 
00207                 return registeredUsersList($_POST['editusertype'],"edit",false);
00208         }
00209         else if(isset($_POST['deactivate_all_users']))
00210         {
00211                 
00212                 $query="UPDATE ".MYSQL_DATABASE_PREFIX."users SET user_activated=0 WHERE user_id != ".ADMIN_USERID;
00213                 if(mysql_query($query))
00214                         displayInfo("All users deactivated successfully except Administrator!");
00215                 else displayerror("Users Not Deactivated!");
00216                 
00217                 return;
00218         }
00219         else if(isset($_POST['user_delete']))
00220         {
00221                 $userId=$_GET['userid'];
00222                 if($userId==ADMIN_USERID)
00223                 {
00224                         displayError("You cannot delete administrator!");
00225                         return registeredUsersList($_POST['editusertype'],"edit",false);
00226                 }
00227                 $query="DELETE FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id` = $userId";
00228                 if(mysql_query($query))
00229                 {
00230                         $query="DELETE FROM `".MYSQL_DATABASE_PREFIX."openid_users` WHERE `user_id` = $userId";
00231                         if(mysql_query($query))
00232                         {
00233                                 displayinfo("User Successfully Deleted!");
00234                         }
00235                         else displayerror("User not deleted from OpenID database!");
00236                 }
00237                 else displayerror("User Not Deleted!");
00238                 
00239                 
00240                 return registeredUsersList($_POST['editusertype'],"edit",false);
00241                 
00242         }
00243         else if(isset($_POST['user_info']) || (isset($_POST['user_info_update'])))
00244         {       
00245                 if(isset($_POST['user_info_update']))
00246                 {
00247                         $updates = array();
00248                         $userId=$_GET['userid'];
00249                         $query="SELECT * FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`={$userId}";
00250                         $row=mysql_fetch_assoc(mysql_query($query));
00251                         $errors = false;
00252                         
00253                         if(isset($_POST['user_name']) && $row['user_name']!=$_POST['user_name'])
00254                         {
00255                                 $chkquery="SELECT * FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_name`='".escape($_POST['user_name'])."'";
00256                                 $result=mysql_query($chkquery) or die("failed  : $chkquery");
00257                                 if(mysql_num_rows($result)>0) 
00258                                 {
00259                                         displayerror("User Name already exists in database!");
00260                                         $errors=true;
00261                                 }
00262                                 
00263                         }
00264                         
00265                         
00266                         if (isset($_POST['user_name']) && $_POST['user_name'] != ''  && $_POST['user_name']!=$row['user_name']) {
00267                                 $updates[] = "`user_name` = '".escape($_POST['user_name'])."'";
00268                                 
00269                         }
00270                         if (isset($_POST['user_email']) && $_POST['user_email'] != ''  && $_POST['user_email']!=$row['user_email']) {
00271                                 $updates[] = "`user_email` = '".escape($_POST['user_email'])."'";
00272                                 
00273                         }
00274                         if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != ''  && $_POST['user_fullname']!=$row['user_fullname']) {
00275                                 $updates[] = "`user_fullname` = '".escape($_POST['user_fullname'])."'";
00276                                 
00277                         }
00278                         
00279                         if ($_POST['user_password'] != '') {
00280                                 
00281                                 if ($_POST['user_password'] != $_POST['user_password2']) {
00282                                         displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');                                     $errors=true;
00283                                 }
00284                                 else if(md5($_POST['user_password']) != $row['user_password']) {
00285                                         $updates[] = "`user_password` = MD5('{$_POST['user_password']}')";
00286                                         
00287                                 }
00288                         }
00289                         if (isset($_POST['user_regdate']) && $_POST['user_regdate'] != ''  && $_POST['user_regdate']!=$row['user_regdate']) {
00290                                 $updates[] = "`user_regdate` = '".escape($_POST['user_regdate'])."'";
00291                                 
00292                         }
00293                         if (isset($_POST['user_lastlogin']) && $_POST['user_lastlogin'] != ''  && $_POST['user_lastlogin']!=$row['user_lastlogin']) {
00294                                 $updates[] = "`user_lastlogin` = '".escape($_POST['user_lastlogin'])."'";
00295                                 
00296                         }
00297                         if ($_GET['userid']!=ADMIN_USERID && (isset($_POST['user_activated'])?1:0)!=$row['user_activated']) {
00298                                 $checked=isset($_POST['user_activated'])?1:0;
00299                                 $updates[] = "`user_activated` = $checked";
00300                                 
00301                         }
00302                         if (isset($_POST['user_loginmethod']) && $_POST['user_loginmethod'] != ''  && $_POST['user_loginmethod']!=$row['user_loginmethod'])     {
00303                                 $updates[] = "`user_loginmethod` = '".escape($_POST['user_loginmethod'])."'";
00304                                 if($_POST['user_loginmethod']!='db')
00305                                 displaywarning("Please make sure ".strtoupper(escape($_POST['user_loginmethod']))." is configured properly, otherwise the user will not be able to login to the website.");
00306                         }
00307 
00308                         if(!$errors) {
00309                                 if(count($updates) > 0)
00310                                 {
00311                                         $profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = {$_GET['userid']}";
00312                                         $profileResult = mysql_query($profileQuery);
00313                                         if(!$profileResult) {
00314                                         displayerror('An error was encountered while attempting to process your request.'.$profileQuery);
00315                                         $errors = true;
00316                                         }
00317                                 }
00318                                 global $sourceFolder,$moduleFolder;
00319                 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00320                 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00321                                 if(!$errors && !submitRegistrationForm(0, $userId, true, true)) {
00322                                         displayerror('An error was encountered while attempting to process your request.'.$profileQuery);
00323                                         $errors = true;
00324                                 }
00325                                 else displayinfo('All fields updated successfully!');
00326                         }
00327                         
00328                                 
00329                                 
00330                         
00331                 }
00332                 
00333                 $userid=$_GET['userid'];
00334                 $query="SELECT * FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`=$userid";
00335                 $columnList=getColumnList(0,false,false,false,false,false);
00336                 $xcolumnIds=array_keys($columnList);
00337                 $xcolumnNames=array_values($columnList);
00338                 
00339                 $row=mysql_fetch_assoc(mysql_query($query));
00340                 
00341                 
00342                 $userfieldprettynames=array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method");        
00343                 
00344                 $userinfo="<fieldset><legend>Edit User Information</legend><form name='user_info_edit' action='./+admin&subaction=useradmin&userid=$userid' method='post'>";
00345                 
00346                 
00347                 
00348                 
00349                 $usertablefields=array_merge(getTableFieldsName('users'),$xcolumnNames);
00350 
00351                 for($i=0;$i<count($usertablefields);$i++)
00352                         if(isset($_POST[$usertablefields[$i].'_sel']))
00353                                 $userinfo.="<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>";
00354                 $userinfo.="<input type='hidden' name='not_first_time' />";
00355                 
00356         
00357                 
00358                 $userinfo.=userProfileForm($userfieldprettynames,$row,false,true);
00359                 $userinfo.="<input type='submit' value='Update' name='user_info_update' />
00360                 <input type='reset' value='Reset' /></form></fieldset>";
00361                 return $userinfo;
00362         
00363         
00364         }
00365         else if(isset($_POST['view_reg_users']) || isset($_POST['save_reg_users_excel']))
00366         {
00367                 return registeredUsersList("all","view",false);
00368         }
00369         else if(isset($_POST['edit_reg_users']))
00370         {
00371                 return registeredUsersList("all","edit",false);
00372         }
00373         
00374         else if(isset($_POST['view_activated_users']) || isset($_POST['save_activated_users_excel']))
00375         {
00376                 return registeredUsersList("activated","view",false);
00377         }
00378         else if(isset($_POST['edit_activated_users']))
00379         {
00380                 return registeredUsersList("activated","edit",false);
00381         }
00382         else if(isset($_POST['view_nonactivated_users']) || isset($_POST['save_nonactivated_users_excel']))
00383         {
00384                 return registeredUsersList("nonactivated","view",false);
00385         }
00386         else if(isset($_POST['edit_nonactivated_users']))
00387         {
00388                 return registeredUsersList("nonactivated","edit",false);
00389         }
00390         else if(isset($_GET['subsubaction']) && $_GET['subsubaction']=='search')
00391         {
00392         
00393                 $results="";
00394                 
00395                 
00396                 $userfieldprettynames=array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method");        
00397                 
00398 
00399                 $usertablefields=getTableFieldsName('users');
00400                 
00401                 $first=true;
00402                 
00403                 $qstring="";
00404                 foreach ($usertablefields as $field) {
00405                         if(isset($_POST[$field]) && $_POST[$field]!='')
00406                         {
00407                                 if ($first == false)
00408                                         $qstring .= ($_POST['user_search_op']=='and')?" AND ":" OR ";
00409                                 $val=escape($_POST[$field]);
00410                                 if($field=='user_activated') ${$field.'_lastval'}=$val=isset($_POST[$field])?1:0;
00411                                 else ${$field.'_lastval'}=$val;
00412                                 $qstring .= "`$field` LIKE CONVERT( _utf8 '%$val%'USING latin1 ) ";
00413                                 $first=false;
00414                         }
00415                 }
00416                 if($qstring!="")
00417                 {
00418                         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE $qstring ";
00419                         $resultSearch = mysql_query($query);
00420                         if (mysql_num_rows($resultSearch) > 0) {
00421                                 $num = mysql_num_rows($resultSearch);
00422                                 
00423                                 $userInfo=array();
00424                                 
00425                                 
00426                                 while($row=mysql_fetch_assoc($resultSearch))
00427                                 {
00428                                         $userInfo['user_id'][]=$row['user_id'];
00429                                         $userInfo['user_name'][]=$row['user_name'];
00430                                         $userInfo['user_email'][]=$row['user_email'];
00431                                         $userInfo['user_fullname'][]=$row['user_fullname'];
00432                                         $userInfo['user_password'][]=$row['user_password'];
00433                                         $userInfo['user_lastlogin'][]=$row['user_lastlogin'];
00434                                         $userInfo['user_regdate'][]=$row['user_regdate'];
00435                                         $userInfo['user_activated'][]=$row['user_activated'];
00436                                         $userInfo['user_loginmethod'][]=$row['user_loginmethod'];       
00437                                 }
00438                                 $results=registeredUsersList("all","edit",false,$userInfo);
00439                         } else
00440                                 displayerror("No users matched your query!");
00441                         
00442                 }
00443                 
00444                 $searchForm="<form name='user_search_form' action='./+admin&subaction=useradmin&subsubaction=search' method='POST'><h3>Search User</h3>";
00445                 $xcolumnNames=array_keys(getColumnList(0, false, false, false, false, false));
00446                 $usertablefields2=array_merge($usertablefields,$xcolumnNames);
00447                 for($i=0;$i<count($usertablefields2);$i++)
00448                         if(isset($_POST[$usertablefields2[$i].'_sel']))
00449                                 $searchForm.="<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
00450                 $searchForm.="<input type='hidden' name='not_first_time' />";
00451                 
00452                 $infoarray=array();
00453                 foreach ($usertablefields as $field)
00454                         if(isset(${$field.'_lastval'}))
00455                                 $infoarray[$field]=${$field.'_lastval'};
00456                         else $infoarray[$field]="";
00457                         
00458                 $searchForm.=userProfileForm($userfieldprettynames,$infoarray,true,false);
00459                 
00460                 $searchForm.="Operation : <input type='radio' name='user_search_op' value='and'  />AND  <input type='radio' name='user_search_op' value='or' checked='true' />OR<br/><br/><input type='submit' onclick name='user_search_submit' value='Search' /><input type='reset' value='Clear' /></form>";
00461                 return $results.$searchForm;
00462                 
00463                 
00464         }
00465         
00466         else if(isset($_GET['subsubaction']) && $_GET['subsubaction']=='create')
00467         {
00468                 
00469                 
00470                 $userfieldprettynamesarray=array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method");   
00471                 
00472                 $usertablefields=getTableFieldsName('users');
00473                 
00474                 if(isset($_POST['create_user_submit']))
00475                 {
00476                         $incomplete=false;
00477                         foreach($usertablefields as $field)
00478                         {
00479                                 if(($field != 'user_regdate') && ($field != 'user_lastlogin') && ($field != 'user_activated') && (isset($_POST[$field]) && $_POST[$field]==""))
00480                                 {
00481                                         displayerror("New user could not be created. Some fields are missing!$field");
00482                                         $incomplete=true;
00483                                         break;
00484                                 }
00485                                 ${$field}=escape($_POST[$field]);
00486                         }
00487                         if(!$incomplete)
00488                         {
00489                                 $user_id=$_GET['userid'];
00490                                 $chkquery="SELECT COUNT(user_id) FROM `".MYSQL_DATABASE_PREFIX."users` WHERE `user_id`=$user_id OR `user_name`='$user_name' OR `user_email`='$user_email'";
00491                         
00492                                 $result=mysql_query($chkquery);
00493                                 $row=mysql_fetch_row($result);
00494                         
00495                                 if($row[0]>0) displayerror("Another user with the same name or email already exists!");
00496                                 else if($user_password!=$_POST['user_password2']) displayerror("Passwords mismatch!");
00497                                 else 
00498                                 {
00499                                         if(isset($_POST['user_activated'])) $user_activated=1;
00500                                         $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` (`user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_regdate` ,`user_lastlogin` ,`user_activated`,`user_loginmethod`)VALUES ('$user_id' ,'$user_name' ,'$user_email' ,'$user_fullname' , MD5('$user_password') ,CURRENT_TIMESTAMP , '', '$user_activated','$user_loginmethod')";
00501                                         $result = mysql_query($query) or die(mysql_error());
00502                                         global $sourceFolder,$moduleFolder;
00503                 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00504                 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00505                                         if (mysql_affected_rows() && submitRegistrationForm(0, $user_id, true, true)) displayinfo("User $user_fullname Successfully Created!");
00506                                         else displayerror("Failed to create user");
00507                                 }
00508                         }
00509                 }
00510                 
00511                 $nextUserId=getNextUserId();
00512                 $userForm="<form name='user_create_form' action='./+admin&subaction=useradmin&subsubaction=create&userid=$nextUserId' method='POST'><h3>Create New User</h3>";
00513                 $xcolumnNames=array_values(getColumnList(0, false, false, false, false, false));
00514                 $usertablefields2=array_merge($usertablefields,$xcolumnNames);
00515                 $calpath = "$urlRequestRoot/$cmsFolder/$moduleFolder";
00516                 $userForm .= '<link rel="stylesheet" type="text/css" media="all" href="'.$calpath.'/form/calendar/calendar.css" title="Aqua" />' .
00517                                                  '<script type="text/javascript" src="'.$calpath.'/form/calendar/calendar.js"></script>';
00518                 for($i=0;$i<count($usertablefields2);$i++)
00519                         if(isset($_POST[$usertablefields2[$i].'_sel']))
00520                                 $userForm.="<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
00521                 $userForm.="<input type='hidden' name='not_first_time' />";
00522                 $infoarray=array();
00523                 foreach ($usertablefields as $field)
00524                         $infoarray[$field]="";
00525                 $infoarray['user_id']=$nextUserId;
00526                 
00527                 $userForm.=userProfileForm($userfieldprettynamesarray,$infoarray,false,true);
00528                 
00529                 $userForm.="<input type='submit' onclick name='create_user_submit' value='Create' /><input type='reset' value='Clear' /></form>";
00530                 return $userForm;
00531                 
00532                 
00533                 
00534                 
00535 
00536         }
00537         
00538 }
00539 function getAllUsersInfo(&$userId,&$userName,&$userEmail,&$userFullName,&$userPassword,&$userLastLogin,&$userRegDate,&$userActivated,&$userLoginMethod)
00540 {
00541         $query="SELECT * FROM `".MYSQL_DATABASE_PREFIX."users` ORDER BY `user_id` ASC";
00542         $result=mysql_query($query);
00543         $userId=array();
00544         $userEmail=array();
00545         $userName=array();
00546         $userFullName=array();
00547         $userPassword=array();
00548         $userLastLogin=array();
00549         $userRegDate=array();
00550         $userActivated=array();
00551         $userLoginMethod=array();
00552         $i=0;
00553         while($row=mysql_fetch_assoc($result))
00554         {
00555                 $userId[$i]=$row['user_id'];
00556                 $userName[$i]=$row['user_name'];
00557                 $userEmail[$i]=$row['user_email'];
00558         
00559                 $userFullName[$i]=$row['user_fullname'];
00560                 $userPassword[$i]=$row['user_password'];
00561                 $userLastLogin[$i]=$row['user_lastlogin'];
00562                 $userRegDate[$i]=$row['user_regdate'];
00563                 $userActivated[$i]=$row['user_activated'];
00564                 $userLoginMethod[$i]=$row['user_loginmethod'];
00565                 $i++;
00566         }
00567         
00568 }
00569 function registeredUsersList($type,$act,$allfields,$userInfo=NULL)
00570 {
00571         global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder,$sourceFolder;
00572         require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
00573         $extraColumns=getColumnList(0, false, false, false, false, false);
00574         $xcolumnIds=array(); $xcolumnNames=array(); $xcolumnFieldVars=array();
00575         foreach($extraColumns as $columnid=>$colname)
00576         {
00577          $xcolumnIds[]=$columnid;
00578          $xcolumnNames[]=$colname;
00579          $xcolumnFieldVars[]='user'.ucfirst($colname);
00580          ${'user'.ucfirst($colname)}=array();
00581         }
00582         
00583         if($userInfo==NULL)
00584         {
00585          getAllUsersInfo($userId,$userName,$userEmail,$userFullName,$userPassword,$userLastLogin,$userRegDate,$userActivated,$userLoginMethod); 
00586         }
00587         else 
00588         {
00589                 $userId=$userInfo['user_id'];
00590                 $userName=$userInfo['user_name'];
00591                 $userEmail=$userInfo['user_email'];
00592         
00593                 $userFullName=$userInfo['user_fullname'];
00594                 $userPassword=$userInfo['user_password'];
00595                 $userLastLogin=$userInfo['user_lastlogin'];
00596                 $userRegDate=$userInfo['user_regdate'];
00597                 $userActivated=$userInfo['user_activated'];
00598                 $userLoginMethod=$userInfo['user_loginmethod'];
00599                 
00600         }
00601          foreach($userId as $userid)
00602                  {
00603                         $xinfo=generateFormDataRow(0,$userid,$xcolumnIds);
00604                         foreach($xinfo as $j=>$info)
00605                         {
00606                                 ${$xcolumnFieldVars[$j]}[]=$info;
00607                         }
00608                 }
00609 
00610         
00611         
00612         $userfieldprettynames=array_merge( array("User ID","Username","Email","Full Name","Password","Registration","Last Login","Activated","Login Method"), array_map('ucfirst',$xcolumnNames));
00613         
00614         function replace10byYesNo(&$value,$key)
00615         { if($value=='1') $value="Yes"; else if ($value=='0') $value="No"; }
00616         array_walk($userActivated,'replace10byYesNo');
00617         
00618         
00619         $userlisttdids=array_merge(array("user_id","user_name","user_email","user_fullname","user_password","user_regdate","user_lastlogin","user_activated","user_loginmethod"), $xcolumnIds);
00620         $userfieldvars=array_merge(array("userId","userName","userEmail","userFullName","userPassword","userRegDate","userLastLogin","userActivated","userLoginMethod"), $xcolumnFieldVars);
00621         
00622         $userlist="";
00623         $columns=count($userfieldvars);
00624         if($act=="edit")
00625         {
00626                 $userlist.="<form name='user_edit_form' method='POST' action='./+admin&subaction=useradmin&userid=' >\n";
00627                 $userlist.="<input type='hidden' name='editusertype' value='$type' />";
00628                 $columns+=3;
00629         }
00630         $userlist .= smarttable::render(array('userstable'),null);
00631         global $STARTSCRIPTS;
00632         $STARTSCRIPTS.="initSmartTable();";
00633         
00634         $userlist.=<<<USERLIST
00635         
00636         <script language="javascript">
00637         function checkDelete(butt,userDel,userId)
00638         {
00639                 if(confirm('Are you sure you want to delete '+userDel+' (User ID='+userId+')?'))
00640                 {
00641                         butt.form.action+=userId;
00642                 }
00643                 else return false;
00644         }
00645         function checkDeleteAll(butt) {
00646                 if(!confirm('Are you sure you want to delete all selected users?')) {
00647                         return false;
00648                 }
00649                 butt.form.action+='-1';
00650                 return true;
00651         }
00652         </script>
00653         <a name='userlist'></a>
00654 USERLIST;
00655         global $ICONS_SRC;
00656         $userlisttable = "";
00657         if($act=="edit")
00658                 $userlisttable =<<<TABLE
00659         <input title='Activate Selected Users' type='image' src='{$ICONS_SRC['Activate']['small']}' onclick=\"this.form.action+='-1'\" name='user_selected_activate' value='Activate'>\n
00660         <input  title='Deactivate Selected Users' type='image' src='{$ICONS_SRC['Deactivate']['small']}' onclick=\"this.form.action+='-1'\" name='user_selected_deactivate' value='Deactivate'>\n
00661         <input  title='Delete Selected Users' type='image' src='{$ICONS_SRC['Delete']['small']}' onclick=\"return checkDeleteAll(this)\" name='user_selected_delete' value='Delete'>\n
00662 TABLE;
00663         $userlisttable.=<<<TABLE
00664         <table class="userlisttable display" border="1" id='userstable'>
00665         <thead>
00666         <tr><th colspan="$columns">Users Registered on the Website</th></tr>
00667         <tr>
00668 TABLE;
00669 
00670                 
00671         
00672         $defCols=getTableFieldsName('users');
00673         $usertablefields=array_merge($defCols,$xcolumnIds);
00674         $displayfieldsindex=array();
00675         $c=0;
00676         for($i=0;$i<count($usertablefields);$i++)
00677         {
00678                 if(isset($_POST[$usertablefields[$i].'_sel']) || $allfields)
00679                 {
00680                         $userlisttable.="<th>".$userfieldprettynames[$i];
00681                         if($act=="edit") $userlist.="<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>";
00682                         $userlisttable.="</th>";
00683                         $displayfieldsindex[$c++]=$i;
00684                 }
00685         }
00686         
00687         
00688         $userlist.="<input type='hidden' name='not_first_time' />";
00689                 
00690         
00691         if($act=="edit")
00692         {
00693                 $userlisttable.="<th>Actions</th>";
00694         }
00695         $userlisttable.="</tr></thead><tbody>";
00696         $rowclass="oddrow";
00697         $flag=false;
00698         $usercount=0;
00699         for($i=0; $i<count($userId); $i++)
00700         {
00701                 if($type=="activated" && $userActivated[$i]=="No")
00702                         continue;
00703                 if($type=="nonactivated" && $userActivated[$i]=="Yes")
00704                         continue;
00705                 $flag=true;
00706                 $userlisttable.="<tr class='$rowclass'>";
00707                 
00708                 for($j=0; $j<count($displayfieldsindex); $j++)
00709                 {
00710                         $userlisttable.="<td class='{$userlisttdids[$j]}'>".${$userfieldvars[$displayfieldsindex[$j]]}[$i]."</td>";     
00711                 }
00712                 
00713                 
00714                 if($act=="edit")
00715                 {
00716                         $userlisttable.="<td id='user_editactions'>";
00717                         $userlisttable.="<input type='checkbox' name='selected_{$userId[$i]}' />";
00718                         if($userActivated[$i]=="No")
00719                                 $userlisttable.="<input title='Activate User' type='image' src='{$ICONS_SRC['Activate']['small']}' onclick=\"this.form.action+='{$userId[$i]}'\" name='user_activate' value='Activate'>\n";
00720                         else $userlisttable.="<input  title='Deactivate User' type='image' src='{$ICONS_SRC['Deactivate']['small']}' onclick=\"this.form.action+='{$userId[$i]}'\" name='user_deactivate' value='Deactivate'>\n";
00721                         $userlisttable.="<input  title='Edit User' type='image' src='{$ICONS_SRC['Edit']['small']}' onclick=\"this.form.action+='{$userId[$i]}'\" name='user_info' value='Edit'>\n";
00722                         $userlisttable.="<input  title='Delete User' type='image' src='{$ICONS_SRC['Delete']['small']}' onclick=\"return checkDelete(this,'".$userName[$i]."','".$userId[$i]."')\" name='user_delete' value='Delete'>\n";
00723                         $userlisttable.="</td>";
00724                         
00725                 }
00726                 $userlisttable.="</tr>";
00727                 $rowclass=$rowclass=="evenrow"?"oddrow":"evenrow";
00728                 $usercount++;
00729         }
00730         $userlisttable.="</tbody></table>";
00731         
00733         if(isset($_POST['save_reg_users_excel'])|| isset($_POST['save_activated_users_excel']) || isset($_POST['save_nonactivated_users_excel']))
00734         {
00735                 header("Pragma: public");
00736                 header("Expires: 0");
00737                 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
00738                 header("Cache-Control: private",false); 
00739                 header("Content-Type: application/vnd.ms-excel");
00740                 header("Content-Disposition: attachment; filename=\"users.xls\";" );
00741                 header("Content-Transfer-Encoding: binary");
00742                 echo $userlisttable;
00743                 exit(1);
00744         }
00745         
00746         if($act=="edit") $userlist.=$userlisttable."</form>";
00747         else $userlist.=$userlisttable;
00748         
00749         
00750         
00751         return ($flag)?$userlist:"No Users Found!";
00752 }
00753 function userProfileForm($userfieldprettynames,$profileInfoRows,$editID=false,$showProfileInfo=true)
00754 {
00755         $i=0;
00756         $userinfo="<table>";
00757         foreach ($profileInfoRows as $field => $value)
00758         {
00759                 if($field=='user_password')
00760                 {
00761                         $userinfo.="<tr><td>{$userfieldprettynames[$i]}</td><td><input type='password' name='$field'/></td></tr>";
00762                         $field.='2';
00763                         $userinfo.="<tr><td>{$userfieldprettynames[$i++]} (Verify)</td><td><input type='password' name='$field'/></td></tr>";
00764                 }
00765                 else if($field=='user_activated')
00766                 {
00767                         $value=($value==1)?"checked":"";
00768                         $userinfo.="<tr><td>{$userfieldprettynames[$i++]}</td><td><input type='checkbox' name='$field' $value /></td></tr>";
00769                 }
00770                 else if($field=='user_loginmethod')
00771                 {
00772                         $ldapsel=$imapsel=$adssel=$dbsel="";
00773                         ${$profileInfoRows[$field].'sel'}=" selected = 'selected' ";
00774                         $userinfo.="<tr><td>{$userfieldprettynames[$i++]}</td><td><select id='$field' name='$field'>
00775                         <option></option>
00776                         <option $ldapsel>ldap</option>
00777                         <option $imapsel>imap</option>
00778                         <option $adssel>ads</option>
00779                         <option $dbsel>db</option>
00780                         </select>
00781                         </td></tr>";
00782                 }
00783                 else if((!$editID && $field=='user_id') || (!$editID && $field=='user_regdate'))
00784                         $userinfo.="<tr><td>{$userfieldprettynames[$i++]}</td><td>$value</td></tr>";
00785                 
00786                 else $userinfo.="<tr><td>{$userfieldprettynames[$i++]}</td><td><input type='text' name='$field' value='$value'/></td></tr>";
00787                 
00788         }
00789         
00790         if($showProfileInfo)
00791         {
00792                 global $sourceFolder,$moduleFolder;
00793                 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00794                 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00795                 $containsFileUploadFields = false;
00796                 $userId=$profileInfoRows['user_id'];
00797                 $dynamicFields = getFormElementsHtmlAsArray(0, $userId, $jsValidationFunctions, $containsFileUploadFields);
00798                 $dynamicFields = join($dynamicFields, "</tr>\n<tr>");
00799                 if($dynamicFields != '') {
00800                         $dynamicFields = "<tr>$dynamicFields</tr>";
00801                 }
00802                 $userinfo.=$dynamicFields;
00803         }
00804         
00805         return $userinfo."</table>";
00806 }
00807 ?>

Generated on Mon Mar 14 2011 05:35:30 for Pragyan CMS by  doxygen 1.7.1