New page with the list of users
authorJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 10 Mar 2017 14:32:13 +0000 (14:32 +0000)
committerJean-Michel Vourgère <jvourger@greenpeace.org>
Fri, 10 Mar 2017 15:24:40 +0000 (15:24 +0000)
templates/edit_user.tpl [new file with mode: 0644]
templates/udmin.tpl
webroot/css/squasher.css
webroot/img/icon_addlink.gif [new file with mode: 0644]
webroot/img/icon_changelink.gif [new file with mode: 0644]
webroot/img/icon_deletelink.gif [new file with mode: 0644]
webroot/img/inline-delete.png [new file with mode: 0644]
webroot/squasher.class.php
webroot/squasher.php

diff --git a/templates/edit_user.tpl b/templates/edit_user.tpl
new file mode 100644 (file)
index 0000000..b11f949
--- /dev/null
@@ -0,0 +1,54 @@
+{extends file='layout.tpl'}
+
+{block extra_head}
+{literal}
+<script>
+       function check_passwords_match() {
+               password1 = document.getElementById("u[user_pass]").value;
+               password2 = document.getElementById("user_pass2").value;
+               if (password1 != password2)
+                       alert("Passwords typo check failed:\r\nYou must enter the same password twice.");
+               else
+                       document.usereditform.submit();
+       }
+</script>
+{/literal}
+{/block}
+
+{block menu}
+<div class="menu">
+       <div class="menuhead">users</div>
+       {foreach item=user key=user_id from=$users}
+               <a {if $user_id eq $edited_user}class="selected"{/if} href="?tools=edituser&amp;edited_user={$user.id|escape:'url'}">{$user.name|escape}</a>
+       {/foreach}
+       <a href="?tools=edituser" class="tool add">New User</a>
+</div>
+{/block}
+
+
+{block content}
+<form method=post name=usereditform>
+<input type=hidden name="tools" value="edituser">
+<input type=hidden name="edited_user" value="{$edited_user|escape}">
+<table>
+       <tr>
+               <td><label for="u[user_name]">Login name:</label>
+               <td><input name="u[user_name]" id="u[user_name]" value="{$u.name|escape}">
+       <tr>
+               <td><label for="u[user_pass]">New password:</label>
+               <td><input type=password name="u[user_pass]" id="u[user_pass]">
+       <tr>
+               <td><label for="user_pass2">Confirm password:</label>
+               <td><input type=password name="user_pass2" id="user_pass2">
+       <tr>
+               <td><label for="u[user_level]">Profile:</label>
+               <td>{html_options name="u[user_level]" id="u[user_level]" options=$user_levels selected=$u.level}
+</table>
+</form>
+<div style='float:left;'>
+       <input type='submit' value='Save' onclick="check_passwords_match();">
+</div>
+{/block}
+
+
+{* vim: set syntax=smarty ts=4 sw=4 sts=4 sr noet: *}
index 639ecbf483079840409bd8290cb3d9473a53e1e0..32bc83e0de5b3bd6bd191589dc9917a6d78777c1 100644 (file)
@@ -2,47 +2,44 @@
 
 
 {block extra_head}
+{literal}
 <script>
-   {literal}
-   function confirm_delete(formID) {
-    if (confirm("Are you sure you want to delete this user?")) {
-     document.getElementById(formID).submit();
-    }
-   }
-   {/literal}
+       function confirm_delete(username, userid) {
+               if (confirm("Are you sure you want to delete user "+username+"?"))
+                       document.location = '?tools=deluser&edited_user='+userid;
+       }
 </script>
+{/literal}
 {/block}
 
 
-{block content}
-{foreach item=user key=user_id from=$users}
-<div class="white_border">
-       <form method='post' name='user_{$user.id|escape}' id='user_{$user.id|escape}'>
-       <input type='hidden' name='u[user_id]' id='user_id' value='{$user.id|escape}'>
-       <input type='hidden' name='type' id='type' value=''>
-       <input name='u[user_name]' id='user_name' value='{$user.name|escape}' readonly>
-        | {html_options name='u[user_level]' id='user_level' options=$user_levels selected=$user.level}
-        |
-               {if $user.enabled}
-               <a onClick="document.user_{$user.id}.type.value='disable';document.user_{$user.id}.submit();" style="cursor:pointer" >remove password</a>
-               {else}
-               <input name='u[user_pass]' id='user_pass'>
-               {/if}
-        | <a onClick="document.user_{$user.id}.type.value='delete';confirm_delete('user_{$user.id}');" style="cursor:pointer" >delete</a>
-        | <a onClick="document.user_{$user.id}.type.value='update';document.user_{$user.id}.submit();" style="cursor:pointer" >update</a>
-       </form>
-</div>
-{/foreach}
-
-<div class="white_border">
-       <form method='post' name='user_new' id='user_new'><input type='hidden' name='type' id='type' value=''>
-               <input name='u[user_name]' value=''>
-               | {html_options name='u[user_level]' options=$user_levels }
-               | <input name='u[user_pass]'>
-               | <a onClick="document.user_new.type.value='new';document.user_new.submit();" style="cursor:pointer" >add</a>
-       </form>
+{block menu}
+<div class="menu">
+       <a href="?tools=edituser" class="tool add">New User</a>
 </div>
 {/block}
 
 
+{block content}
+<table class=log style='width:60%'>
+       <tr>
+               <th>Login
+               <th>Account type
+               <th>
+       {foreach item=user key=user_id from=$users}
+       <tr>
+               <td>{$user.name|escape}
+               <td>{if $user.enabled}
+                               {if $user.level>=200}SuperAdmin{elseif $user.level>=100}Admin{else}User{/if}
+                       {else}
+                       Disabled
+                       {/if}
+               <td>
+                       <a href="?tools=edituser&amp;edited_user={$user_id|escape}" class=edit></a>
+                       <a href="javascript:confirm_delete('{$user.name|escape:'javascript'|escape}', {$user_id});" class=deletenotext>delete</a>
+       {/foreach}
+</table>
+{/block}
+
+
 {* vim: set syntax=smarty ts=4 sw=4 sts=4 sr noet: *}
index bc069216a6552509bd4d27d003b7a8f64ea881a9..f3ea2717bcd2bc39c2de1fb7cebaf7f66d7084b4 100644 (file)
@@ -120,6 +120,36 @@ a:hover {
        color:#FF6600;
 }
 
+/* small links with icons */
+a.edit {
+       background: url(../img/icon_changelink.gif) 0 50% no-repeat;
+       padding-left: 14px;
+}
+a.delete {
+       background: url(../img/icon_deletelink.gif) 0 50% no-repeat;
+       padding-left: 14px;
+}
+a.add {
+       background: url(../img/icon_addlink.gif) 0 50% no-repeat !important;
+       padding-left: 14px;
+}
+a.deletenotext {
+       /*float: right;*/
+       display:inline-block;
+       text-indent: -9999px;
+       background: transparent url(../img/inline-delete.png) no-repeat;
+       width: 15px;
+       height: 15px;
+       outline: 0; /* Remove dotted border around link */
+       margin:0;
+}
+a.deletenotext:hover {
+    background-position: -15px 0;
+    cursor: pointer;
+}
+
+
+
 /* These are used by logs : */
 table.log {
        border-spacing:0;
diff --git a/webroot/img/icon_addlink.gif b/webroot/img/icon_addlink.gif
new file mode 100644 (file)
index 0000000..ee70e1a
Binary files /dev/null and b/webroot/img/icon_addlink.gif differ
diff --git a/webroot/img/icon_changelink.gif b/webroot/img/icon_changelink.gif
new file mode 100644 (file)
index 0000000..e1b9afd
Binary files /dev/null and b/webroot/img/icon_changelink.gif differ
diff --git a/webroot/img/icon_deletelink.gif b/webroot/img/icon_deletelink.gif
new file mode 100644 (file)
index 0000000..72523e3
Binary files /dev/null and b/webroot/img/icon_deletelink.gif differ
diff --git a/webroot/img/inline-delete.png b/webroot/img/inline-delete.png
new file mode 100644 (file)
index 0000000..c5fe53c
Binary files /dev/null and b/webroot/img/inline-delete.png differ
index 29e26692be37df30d4d7b50e086d65a246422edc..d97e794c57393843664850666732a0048e3b31bb 100644 (file)
@@ -200,8 +200,11 @@ function insert_users($u, $admin_level) {
        $r = mysql_query($q);
 }
 
-function update_users($u) {
-       $user_id = (int)$u['user_id'];
+/*
+ * if user_level is 0, it means we don't really touch it, but we clear the password (can't log in anymore)
+ */
+function update_users($u, $user_id) {
+       $user_id = (int)$user_id;
        $user_name = @$u['user_name'];
        $user_pass = @$u['user_pass'];
        $user_level = (int)@$u['user_level'];
@@ -217,27 +220,14 @@ function update_users($u) {
                $q = "UPDATE users SET user_level = ".$user_level." WHERE user_id = ".$user_id;
                $r = mysql_query($q);
        }
-}
-
-function disable_users($u) {
-       $user_id = (int)$u['user_id'];
-       $user_name = @$u['user_name'];
-       $user_level = (int)@$u['user_level'];
-       if ($user_name) {
-               $q = "UPDATE users SET user_name = '".mysql_escape_string($user_name)."' WHERE user_id = ".$user_id;
-               $r = mysql_query($q);
-       }
-       $q = "UPDATE users SET user_pass = '' WHERE user_id = ".$user_id;
-       $r = mysql_query($q);
-       if ($user_level) {
-               $q = "UPDATE users SET user_level = ".$user_level." WHERE user_id = ".$user_id;
+       if ($user_level == 0) {
+               $q = "UPDATE users SET user_pass = '' WHERE user_id = ".$user_id;
                $r = mysql_query($q);
        }
-       $r = mysql_query($q);
 }
 
-function remove_users($u) {
-       $user_id = (int)$u['user_id'];
+function remove_users($user_id) {
+       $user_id = (int)$user_id;
        $q = "DELETE FROM users WHERE user_id = ".$user_id;
        $r = mysql_query($q);
 }
index 1e7cb5b285285e95f585c9cb2fd15a91086516fb..c50e72995b7ef1c08bccef25078be1a962a3555f 100644 (file)
@@ -143,30 +143,69 @@ if (@$_GET['f']) {
        $smarty->display('admin.tpl');
 
 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
+       /*
        $type = @$_POST['type'];
-       if ($type=="update")
-               $squashweb->update_users($_POST['u']);
        if ($type=="disable")
                $squashweb->disable_users($_POST['u']);
-       if ($type=="delete")
-               $squashweb->remove_users($_POST['u']);
-       if ($type=="new")
-               $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
+       */
        $smarty = get_smarty();
 
        $smarty->assign('user_level', $_SESSION['creds']['user_level']);
        $smarty->assign('user_name', $_SESSION['creds']['user_name']);
+
        $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
 
-       if ($_SESSION['creds']['user_level'] > 199) {
-               $smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
-       } else {
-               $smarty->assign('user_levels', array(55 => 'user' ) );
-       }
        $smarty->assign('debug', @$_GET['debug']);
 
        $smarty->display('udmin.tpl');
 
+} elseif (@$_REQUEST['tools']=='edituser' && $_SESSION['creds']['user_level'] > 100) {
+       
+       $edited_user = @$_REQUEST['edited_user']; // user id
+       $users = $squashweb->get_users($_SESSION['creds']['user_level']);
+       $u = @$_REQUEST['u']; // new or edited data
+       if ($u) {
+               if ($edited_user) {
+                       $squashweb->update_users($u, $edited_user);
+               } else {
+                        $squashweb->insert_users($u, $_SESSION['creds']['user_level']);
+               }
+               header('302 done');
+               header('Location: ?tools=users');
+       } else {
+               $smarty = get_smarty();
+               $smarty->assign('user_level', $_SESSION['creds']['user_level']);
+               $smarty->assign('user_name', $_SESSION['creds']['user_name']);
+
+               $smarty->assign('users', $users);
+               $smarty->assign('edited_user', $edited_user);
+
+               if (array_key_exists($edited_user, $users))
+               {
+                       $user = $users[$edited_user];
+                       if (!$user->enabled)
+                               $user-> user_level = 0;
+                       $smarty->assign('u', $user);
+               }
+
+               if ($_SESSION['creds']['user_level'] > 199) {
+                       $smarty->assign('user_levels', array(55 => 'user', 155 => 'admin', 0 => 'disabled') );
+               } else {
+                       $smarty->assign('user_levels', array(55 => 'user', 0 => 'disabled') );
+               }
+
+               $smarty->assign('debug', @$_GET['debug']);
+               $smarty->display('edit_user.tpl');
+       }
+
+} elseif (@$_REQUEST['tools']=='deluser' && $_SESSION['creds']['user_level'] > 100) {
+       $edited_user = @$_REQUEST['edited_user']; // user id
+       $users = $squashweb->get_users($_SESSION['creds']['user_level']);
+       if (array_key_exists($edited_user, $users))
+               $squashweb->remove_users($edited_user);
+       header('302 done');
+       header('Location: ?tools=users');
+       
 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
        $logtype=@$_GET['logtype'];
        if (!$logtype)