/**
* admin gui for modifying user accounts.
*
* @param string id
* @param mixed data
* @param string action
* @return string page output response
*/
function ewiki_page_liveuser_admin_users($id, $data, $action)
{
global $liveuserAuthAdmin, $liveuserPermAdmin, $ewiki_plugins;
ob_start();
echo ewiki_make_title($id, $id, 2);
// handle posted deletes or updates
if (isset($_POST['submit_deleteusers']) || isset($_POST['submit_changeusers']) || isset($_POST['submit_adduserstogroup']) || isset($_POST['submit_removeusersfromgroup']) || isset($_POST['submit_changegroups'])) {
foreach ($_POST as $key => $value) {
list($prefix, $id) = explode('_', $key, 2);
//get password status of current $id
$username = $_POST['origname_' . $id];
$pwdstatus = ewiki_get_uservar("passwdstatus", NULL, $username);
// Remove a user
if ($prefix == 'chk' && is_numeric($id) && $value == 'on' && isset($_POST['submit_deleteusers'])) {
if (liveuser_removeEntity('user_id', $id)) {
echo '<p>User ' . $id . ' was successfully removed.</p>';
} else {
echo '<p>Removal of user ' . $id . ' failed.</p>';
}
}
// Add a user to a group
if ($prefix == 'chk' && is_numeric($id) && $value == 'on' && isset($_POST['submit_adduserstogroup'])) {
if (($group_id = liveuser_checkEntity('group', $_POST['grouplist'])) !== false) {
if (liveuser_checkGroupUser($group_id, $id) === false) {
if ($liveuserPermAdmin->addUserToGroup($id, $group_id)) {
echo '<p>User ' . $id . ' was successfully added to group ' . $_POST['grouplist'] . '.</p>';
} else {
echo '<p>Addition of user ' . $id . ' to group ' . $_POST['grouplist'] . ' failed.</p>';
}
} else {
echo '<p>User ' . $id . ' is already a member of group ' . $_POST['grouplist'] . '.</p>';
}
} else {
echo '<p>Group ' . $_POST['grouplist'] . ' does not exist.</p>';
}
}
// Remove a user from a group
if ($prefix == 'chk' && is_numeric($id) && $value == 'on' && isset($_POST['submit_removeusersfromgroup'])) {
if (($group_id = liveuser_checkEntity('group', $_POST['grouplist'])) !== false) {
if ($liveuserPermAdmin->removeUserFromGroup($id, liveuser_checkEntity('group', $_POST['grouplist']))) {
echo '<p>User ' . $id . ' was successfully removed from group ' . $_POST['grouplist'] . '.</p>';
} else {
echo '<p>Removal of user ' . $id . ' from group ' . $_POST['grouplist'] . ' failed.</p>';
}
} else {
echo '<p>Group ' . $_POST['grouplist'] . ' does not exist.</p>';
}
}
// Change the user name
if ($prefix == 'chname' && is_numeric($id) && !empty($value) && $_POST['origname_' . $id] != $value && isset($_POST['submit_changeusers'])) {
$event_log = '';
if (liveuser_checkEntity('user', $value) === false) {
if ($liveuserAuthAdmin->updateUser($id, $value)) {
$event_log .= '<p>User ' . $value . ' was successfully updated.</p>';
if (isset($ewiki_plugins['uservars_store'][0])) {
if ($ewiki_plugins['uservars_store'][0]($ewiki_plugins['uservars_retrieve'][0]($_POST['origname_' . $id]), $value)) {
$event_log .= '<p>User data copied to ' . $value;
if ($ewiki_plugins['uservars_store'][0](array(), $_POST['origname_' . $id])) {
$event_log .= ' and deleted from ' . $_POST['origname_' . $id];
} else {
$event_log .= ' but not deleted from ' . $_POST['origname_' . $id];
}
$event_log .= '.</p>';
} else {
$event_log .= '<p>User data copy failed.</p>';
}
}
} else {
$event_log .= '<p>Update of user ' . $value . ' failed.</p>';
}
} else {
$event_log .= '<p>Another user with the name ' . $value . ' already exists in the database. No change has been made.</p>';
}
echo $event_log;
ewiki_log("Attempted to rename " . $_POST['origname_' . $id] . " to {$value}." . $event_log, 1);
}
// Change user variable
if ($prefix == 'chuvar' && is_numeric($id) && !empty($value) && $_POST['origchuvar_' . $id] != $value && isset($_POST['submit_changeusers'])) {
if (ewiki_set_uservar($_POST['uvar_fieldname'], $value, $username)) {
echo "<p>UserVar " . $_POST['uvar_fieldname'] . " successfully updated for {$username}</p>";
} else {
echo "<p>Update of UserVar " . $_POST['uvar_fieldname'] . " for {$username} failed.</p>";
}
}
if ($prefix == "radpw" && is_numeric($id) && !empty($value) && isset($_POST['submit_changeusers'])) {
if ($value == "expire" && ($pwdstatus == 'good' || is_null($pwdstatus))) {
ewiki_set_uservar("passwdexpiredate", time(), $username);
ewiki_set_uservar("passwdstatus", 'expired', $username);
} elseif ($value == "good" && ($pwdstatus == 'expired' || is_null($pwdstatus))) {
ewiki_set_uservar("passwdexpiredate", time() + 60 * 60 * 24 * EWIKI_PASSWD_LIFETIME, $username);
ewiki_set_uservar("passwdstatus", 'good', $username);
}
}
if ($prefix == 'chkrandpw' && is_numeric($id) && !empty($value) && isset($_POST['submit_changeusers'])) {
$password = liveuser_generate_password();
if ($liveuserAuthAdmin->updateUser($id, $_POST['chname_' . $id], $password)) {
ewiki_set_uservar("passwdexpiredate", time() - 60 * 60 * 24 * EWIKI_PASSWD_LIFETIME, $username);
ewiki_set_uservar("passwdstatus", 'expired', $username);
echo '<p>Password for user ' . $_POST['chname_' . $id] . " was successfully updated to \"{$password}\" and set to expire in " . EWIKI_PASSWD_LIFETIME . "days.</p>";
} else {
echo '<p>Update of password for user ' . $_POST['chname_' . $id] . ' failed.</p>';
}
}
// Change the user's password
if ($prefix == 'chpw' && is_numeric($id) && !empty($value) && isset($_POST['submit_changeusers'])) {
// check for cracklib functions and validate against them if possible
liveuser_admin_users_cracklib_check($_POST['chname_' . $id], $value);
if ($liveuserAuthAdmin->updateUser($id, $_POST['chname_' . $id], $value)) {
ewiki_set_uservar("passwdexpiredate", time() - 60 * 60 * 24 * EWIKI_PASSWD_LIFETIME, $username);
ewiki_set_uservar("passwdstatus", 'expired', $username);
echo '<p>Password for user ' . $_POST['chname_' . $id] . ' was successfully updated and set to expire in ' . EWIKI_PASSWD_LIFETIME . 'days.</p>';
} else {
echo '<p>Update of password for user ' . $_POST['chname_' . $id] . ' failed.</p>';
}
}
// Remove a group
if ($prefix == 'chkgroup' && is_numeric($id) && $value == 'on' && isset($_POST['submit_changegroups'])) {
if (liveuser_removeEntity('group_id', $id)) {
echo '<p>Group ' . $id . ' was successfully deleted.</p>';
} else {
echo '<p>Deletion of group ' . $id . ' failed.</p>';
}
}
// Change group name
if ($prefix == 'chgroupname' && is_numeric($id) && !empty($value) && $_POST['origgroupname_' . $id] != $value && isset($_POST['submit_changegroups'])) {
if ($liveuserPermAdmin->updateGroup($id, $value)) {
echo '<p>Group ' . $value . ' was successfully updated.</p>';
} else {
echo 'Update of group ' . $value . ' failed.</p>';
}
}
}
}
// Add a user
if (!empty($_POST['username_text']) && !empty($_POST['pw_text']) && isset($_POST['submit_adduser'])) {
if (liveuser_checkEntity('user', $_POST['username_text']) === false) {
// check for cracklib functions and validate against them if possible
liveuser_admin_users_cracklib_check($_POST['chname_' . $id], $value);
if (liveuser_addEntity('user', array($_POST['username_text'], $_POST['pw_text'])) !== false) {
echo '<p>User ' . $_POST['username_text'] . ' was successfully created.</p>';
} else {
echo '<p>Creation of user ' . $_POST['username_text'] . ' failed.</p>';
}
} else {
echo '<p>User ' . $_POST['username_text'] . ' already exists.</p>';
}
}
// Add a lot of users and add them into groups
if (!empty($_POST['usernames_text']) && isset($_POST['submit_addusers'])) {
$newusers = explode("\n", $_POST['usernames_text']);
foreach ($newusers as $newuser) {
$newuser = trim($newuser);
if (($auth_id = liveuser_checkEntity('user', $newuser)) === false) {
if ($_POST["pwgen_addusers"] == "on") {
$password = liveuser_generate_password();
} else {
$password = $newuser;
}
if (($auth_id = liveuser_addEntity('user', array($newuser, $password))) !== false) {
echo "<p>User {$newuser} was successfully created with password {$password}.</p>";
} else {
echo '<p>Creation of user ' . $newuser . ' failed.</p>';
}
} else {
echo '<p>User ' . $newuser . ' already exists.</p>';
}
if ($auth_id !== false && !empty($_POST['usernames_grouplist'])) {
if (($group_id = liveuser_checkEntity('group', $_POST['usernames_grouplist'])) !== false) {
if (liveuser_checkGroupUser($group_id, $auth_id) === false) {
if ($liveuserPermAdmin->addUserToGroup($auth_id, $group_id)) {
echo '<p>User ' . $newuser . ' was successfully added to group ' . $_POST['usernames_grouplist'] . '.</p>';
} else {
echo '<p>Addition of user ' . $newuser . ' to group ' . $_POST['usernames_grouplist'] . ' failed.</p>';
}
} else {
echo '<p>User ' . $newuser . ' is already a member of group ' . $_POST['usernames_grouplist'] . '.</p>';
}
} else {
echo '<p>Group ' . $_POST['usernames_grouplist'] . ' does not exist.</p>';
}
}
}
}
// Add a group
if (!empty($_POST['groupname_text']) && isset($_POST['submit_addgroup'])) {
$group_id = liveuser_checkEntity('group', $_POST['groupname_text']);
if ($group_id === false) {
$group_const = 'LU_G_' . strtoupper($_POST['groupname_text']);
$group_id = liveuser_addEntity('group', array($group_const, $_POST['groupname_text'], null, true));
if ($group_id !== false) {
echo '<p>Group ' . $_POST['groupname_text'] . ' was successfully created.</p>';
} else {
echo '<p>Creation of group ' . $_POST['groupname_text'] . ' failed.</p>';
}
} else {
echo '<p>Group ' . $_POST['groupname_text'] . ' already exists.</p>';
}
if (isset($_POST['addright']) && $group_id !== false) {
$right_id = liveuser_checkEntity('right', $_POST['groupname_text']);
if ($right_id === false) {
$right_const = 'LU_R_' . strtoupper($_POST['groupname_text']);
$right_id = liveuser_addEntity('right', array(LU_AREA_LIVEWEB, $right_const, $_POST['groupname_text']));
if ($right_id !== false) {
echo '<p>Right ' . $_POST['groupname_text'] . ' was successfully created.</p>';
} else {
echo '<p>Creation of right ' . $_POST['groupname_text'] . ' failed.</p>';
}
} else {
echo '<p>Right ' . $_POST['groupname_text'] . ' already exists.</p>';
}
if ($right_id !== false) {
// check if group already has the right
if (liveuser_checkGroupRight($group_id, $right_id)) {
echo 'Group ' . $_POST['groupname_text'] . ' already has right ' . $_POST['groupname_text'] . '.</p>';
} else {
// attempt to assign right to group
if ($liveuserPermAdmin->grantGroupRight($group_id, $right_id, 1) === true) {
echo '<p>Right ' . $_POST['groupname_text'] . ' has been assigned to group ' . $_POST['groupname_text'] . '.</p>';
} else {
echo '<p>Assignment of right ' . $_POST['groupname_text'] . ' to group ' . $_POST['groupname_text'] . ' failed.</p>';
}
}
}
}
}
// Show current table listing of pages and permissions
$users = $liveuserAuthAdmin->getUsers();
$groups = $liveuserPermAdmin->getGroups();
//uservars based controls
if (isset($ewiki_plugins['uservars_search'][0])) {
if (isset($_REQUEST['search_fieldname'])) {
//set fieldname variable
$fieldname = $_REQUEST['search_fieldname'];
}
if (strlen($_REQUEST['search_fieldvalue'])) {
//set fieldvalue variable
$fieldvalue = $_REQUEST['search_fieldvalue'];
}
if (!empty($fieldname)) {
$userdata = ewiki_search_uservar($fieldname, $fieldvalue);
//get data for the given fieldname/fieldvalue combination
//Remove non-matching users
foreach ($users as $key => $user) {
if (!isset($userdata[$user['handle']])) {
unset($users[$key]);
}
}
}
//Display search form
?>
<form method="post" action="">
<table>
<tr><td>Field Name</td><td>
<input type="text" name="search_fieldname" value="<?php
echo $fieldname;
?>
">
</td></tr>
<tr><td>Value</td><td>
<input type="text" name="search_fieldvalue" value="<?php
echo $fieldvalue;
?>
">
</td></tr>
</table>
<input value="Search" type="submit" name="submit_searchaccount" />
</form>
<?php
}
if (is_array($users) && !empty($users)) {
?>
<form method="post" action="">
<h3>Edit Users</h3>
<input type="hidden" name="uvar_fieldname" value="<?php
echo $fieldname;
?>
">
<table border="1">
<tr><th>Select</th><th>User ID</th><th>User Name<br />Password [Random]</th><th>Password Status</th><th>Groups</th>
<?php
if (!empty($fieldname)) {
?>
<th><?php
echo $fieldname;
?>
<input type="hidden" name="search_fieldname" value="<?php
echo $fieldname;
?>
">
<input type="hidden" name="search_fieldvalue" value="<?php
echo $fieldvalue;
?>
">
</th>
<?php
}
echo '</tr>';
foreach ($users as $user) {
?>
<tr>
<td><input name="chk_<?php
echo $user['auth_user_id'];
?>
" type="checkbox" /></td>
<td><?php
echo $user['auth_user_id'];
?>
</td>
<td>
<input id="chname_<?php
echo $user['auth_user_id'];
?>
" name="chname_<?php
echo $user['auth_user_id'];
?>
" type="text" value="<?php
echo $user['handle'];
?>
" />
<input name="origname_<?php
echo $user['auth_user_id'];
?>
" type="hidden" value="<?php
echo $user['handle'];
?>
"><br />
<input id="chpw_<?php
echo $user['auth_user_id'];
?>
" name="chpw_<?php
echo $user['auth_user_id'];
?>
" type="text" value="" />
<input name="chkrandpw_<?php
echo $user['auth_user_id'];
?>
" type="checkbox" />
<?php
echo $liveuserAuthAdmin->encryptPW($user['handle']) == $user['passwd'] ? '<div class="warning">Password == User Name</div>' : '';
?>
</td>
<td>
<?php
$good = '<input type="radio" name="radpw_' . $user["auth_user_id"] . '" value="good" CHECKED >Good<br />' . '<input type="radio" name="radpw_' . $user["auth_user_id"] . '" value="expire">Expired<br />';
$expired = '<input type="radio" name="radpw_' . $user["auth_user_id"] . '" value="good">Good<br />' . '<input type="radio" name="radpw_' . $user["auth_user_id"] . '" value="expire" CHECKED >Expired<br />';
echo ewiki_get_uservar("passwdstatus", 'good', $user['handle']) == 'good' ? $good : $expired;
echo intval((ewiki_get_uservar("passwdexpiredate", time(), $user['handle']) - time()) / (60 * 60 * 24)) . " Days<br />";
?>
</td>
<td>
<?php
foreach ($liveuserPermAdmin->getGroups(array('where_user_id' => $user['auth_user_id'])) as $group) {
echo $group['name'] . '<br />';
}
?>
</td>
<?php
if (isset($userdata[$user['handle']])) {
echo '<input id="origchuvar_' . $user['auth_user_id'] . '" name="origchuvar_' . $user['auth_user_id'] . '" type="hidden" value="' . $userdata[$user['handle']] . '">';
echo '<td> <input id="chuvar_' . $user['auth_user_id'] . '" name="chuvar_' . $user['auth_user_id'] . '" type="text" value="' . $userdata[$user['handle']] . '" /></td>';
}
echo "</tr>";
}
?>
</table>
<input type="reset" value="Reset" />
<input type="submit" name="submit_deleteusers" value="Delete Selected" />
<input type="submit" name="submit_changeusers" value="Submit Changes" />
<?php
if (is_array($groups) && !empty($groups)) {
?>
<br /><br /><label for="grouplist">Group</label>
<select id="grouplist" name="grouplist">
<?php
foreach ($groups as $group) {
echo '<option value="' . $group['name'] . '">' . $group['name'] . '</option>';
}
?>
</select><br />
<input type="submit" name="submit_adduserstogroup" value="Add Selected" />
<input type="submit" name="submit_removeusersfromgroup" value="Remove Selected" />
<?php
}
echo '</form>';
} else {
?>
<h3>Edit Users</h3>
<p>No users were found in the database.</p>
<?php
}
// Show Add a new user section
?>
<form method="post" action="">
<h3>Add a User</h3>
<label for="username_text">User Name</label>
<input id="username_text" name="username_text" type="text" /><br />
<label for="pw_text">Password</label>
<input id="pw_text" name="pw_text" type="text" /><br />
<input type="submit" name="submit_adduser" value="Add User" />
</form>
<?php
// Show Add multiple users section
?>
<form method="post" action="">
<h3>Add Multiple Users</h3>
<p>Insert one user name per line. This input will be processed as a
batch, and each user will be created with a password identical to his
user name or a randomly generated password if the "Generate Passwords"
box is checked.</p>
<textarea id="usernames_text" name="usernames_text" rows="10" cols="25"></textarea>
<?php
if (is_array($groups) && !empty($groups)) {
?>
<label for="usernames_grouplist">Groups</label>
<select id="usernames_grouplist" name="usernames_grouplist" />
<option value=""></option>
<?php
foreach ($groups as $group) {
echo '<option value="' . $group['name'] . '">' . $group['name'] . '</option>';
}
?>
</select>
<?php
}
?>
<p><input type="checkbox" name="pwgen_addusers" checked="checked"> Generate random passwords.</p>
<input type="submit" name="submit_addusers" value="Add Users" />
</form>
<?php
// Groups Section
if (is_array($groups) && !empty($groups)) {
?>
<form method="post" action="">
<h3>Edit Groups</h3>
<table border="1">
<tr><th>Delete</th><th>Group ID</th><th>Group Name</th></tr>
<?php
foreach ($groups as $group) {
?>
<tr>
<td><input name="chkgroup_<?php
echo $group['group_id'];
?>
" type="checkbox" /></td>
<td><?php
echo $group['group_id'];
?>
</td>
<td>
<input name="chgroupname_<?php
echo $group['group_id'];
?>
" type="text" value="<?php
echo $group['name'];
?>
" />
<input name="origgroupname_<?php
echo $group['group_id'];
?>
" type="hidden" value="<?php
echo $group['name'];
?>
" />
</td>
</tr>
<?php
}
?>
</table>
<input type="reset" value="Reset" />
<input name="submit_changegroups" type="submit" value="Submit Changes">
</form>
<?php
} else {
?>
<h3>Edit Groups</h3>
<p>No groups were found in the database.</p>
<?php
}
// Show Add a new group section
?>
<form method="post" action="">
<h3>Add a Group</h3>
<p>When creating a group, you may choose to create a right with the group, which may then be applied to user accounts via the group. If the group already exists, this form will still attempt to link a right to it. If the right already exists and is not associated with the group, it will be assigned to the group.</p>
<label for="groupname_text">Group Name</label>
<input id="groupname_text" name="groupname_text" type="text"><br />
<label for="addright">Add/Link Right</label>
<input id="addright" name="addright" type="checkbox" checked="checked"><br />
<input type="submit" name="submit_addgroup" value="Add Group" />
</form>
<?php
$o = ob_get_contents();
ob_end_clean();
return $o;
}
/**
* admin gui for modifying LiveWeb rights
*
* @param string id
* @param mixed data
* @param string action
* @return string page output response
*/
function ewiki_page_liveuser_admin_rights($id, $data, $action)
{
global $liveuserPermAdmin;
ob_start();
echo ewiki_make_title($id, $id, 2);
// handle posted updates and deletes
if (isset($_POST['submit_changerights'])) {
foreach ($_POST as $key => $value) {
list($prefix, $id) = explode('_', $key, 2);
if ($prefix == 'chk' && is_numeric($id) && $value == 'on') {
if (liveuser_removeEntity('right_id', $id)) {
echo '<p>Right ' . $id . ' was successfully deleted.</p>';
} else {
echo '<p>Deletion of right ' . $id . ' failed.</p>';
}
}
}
}
// handle posted new rights
if (isset($_POST['rightname_text']) && isset($_POST['submit_addright'])) {
$right_id = liveuser_checkEntity('right', $_POST['rightname_text']);
if ($right_id === false) {
$right_const = 'LU_R_' . strtoupper($_POST['rightname_text']);
$right_id = liveuser_addEntity('right', array(LU_AREA_LIVEWEB, $right_const, $_POST['rightname_text']));
if ($right_id !== false) {
echo '<p>Right ' . $_POST['rightname_text'] . ' was successfully created.</p>';
} else {
echo '<p>Creation of right ' . $_POST['rightname_text'] . ' failed.</p>';
}
} else {
echo '<p>Right ' . $_POST['rightname_text'] . ' already exists.</p>';
}
if (isset($_POST['addgroup']) && $right_id !== false) {
$group_id = liveuser_checkEntity('group', $_POST['rightname_text']);
if ($group_id === false) {
$group_const = 'LU_G_' . strtoupper($_POST['rightname_text']);
$group_id = liveuser_addEntity('group', array($group_const, $_POST['rightname_text'], null, true));
if ($group_id !== false) {
echo '<p>Group ' . $_POST['rightname_text'] . ' was successfully created.</p>';
} else {
echo '<p>Creation of group ' . $_POST['rightname_text'] . ' failed.</p>';
}
} else {
echo '<p>Group ' . $_POST['rightname_text'] . ' already exists.</p>';
}
if ($group_id !== false) {
// check if group already has the right
if (liveuser_checkGroupRight($group_id, $right_id)) {
echo 'Group ' . $_POST['rightname_text'] . ' already has right ' . $_POST['rightname_text'] . '.</p>';
} else {
// attempt to assign right to group
if ($liveuserPermAdmin->grantGroupRight($group_id, $right_id, 1) === true) {
echo '<p>Right ' . $_POST['rightname_text'] . ' has been assigned to group ' . $_POST['rightname_text'] . '.</p>';
} else {
echo '<p>Assignment of right ' . $_POST['rightname_text'] . ' to group ' . $_POST['rightname_text'] . ' failed.</p>';
}
}
}
}
}
// Show current table listing of rights
$rights = $liveuserPermAdmin->getRights();
if (is_array($rights) && !empty($rights)) {
?>
<form method="post" action="">
<h3>Edit Rights</h3>
<table border="1">
<tr><th>Delete</th><th>Right ID</th><th>Right</th></tr>
<?php
foreach ($rights as $right) {
?>
<tr>
<td><input name="chk_<?php
echo $right['right_id'];
?>
" type="checkbox" /></td>
<td><?php
echo $right['right_id'];
?>
</td>
<td><?php
echo $right['name'];
?>
</td>
</tr>
<?php
}
?>
</table>
<input type="reset" value="Reset" />
<input name="submit_changerights" type="submit" value="Submit Changes" />
</form>
<?php
} else {
?>
<h3>Edit Rights</h3>
<p>No rights were found in the database.</p>
<?php
}
// Show Add a new right section
?>
<form method="post" action="">
<h3>Add a Right</h3>
<p>When creating a right, you may choose to create a group with the right, which may then be applied to user accounts. If the right already exists, this form will still attempt to link a group to it. If the group already exists and does not have the right, the right will be assigned.</p>
<label for="rightname_text">Right Name</label>
<input id="rightname_text" name="rightname_text" type="text" /><br />
<label for="addgroup">Add/Assign Group</label>
<input id="addgroup" name="addgroup" type="checkbox" checked="checked" /><br />
<input name="submit_addright" type="submit" value="Add Right" />
</form>
<?php
$o = ob_get_contents();
ob_end_clean();
return $o;
}
