/** main program for site maintenance
*
* This is the main administrator program.
* First step is to deal with users logging in or out.
* If a user is not logged in, a login dialog is displayed.
* If a user is logged in but has no admin privileges, she
* is redirected to the public site (ie. index.php).
*
* Once we have established that the user is an administrator,
* we setup an output collecting object and see what the user
* wants us to do by interpreting the parameter 'job'.
* If the user has access to the specified job, the corresponding
* code is included and the main routine of that handler is called.
* It is then the responsability of that handler to further decide
* what needs to be done.
* After the handler returns, the collected output is sent to the user.
* This includes the main navigation (i.e. links to the various
* 'managers') and also the menu and the content generated by the
* handler.
*
* If the user has no privilege to access a particular manager,
* an error messate is displayed in both the message area and the content
* area. This makes it clear to the user that access is denied.
* Note that the inaccessible items are displayed in the main navigation
* via 'dimmed' (light-grey) links or black/white images.
* By showing these 'dimmed' links, the user will be aware that there
* is more that just what she is allowed to see. This is more transparent
* than suppressing items and keeping them secret.
*
* @return void generated page sent to user's browser
* @uses $CFG;
* @uses $LANGUAGE;
* @uses $USER;
* @todo should we cater for a special 'print' button +
* support for a special style sheet for media="print"?
*/
function main_admin()
{
global $CFG;
global $LANGUAGE;
global $USER;
/** initialise, setup database, read configuration, etc. */
require_once $CFG->progdir . '/init.php';
initialise();
// user must be logged in to perform any admin tasks at all
if (isset($_GET['logout'])) {
admin_logout_and_exit();
} elseif (isset($_GET['login'])) {
$user_id = admin_login(magic_unquote($_GET['login']));
} elseif (isset($_COOKIE[$CFG->session_name])) {
$user_id = admin_continue_session();
} else {
admin_show_login_and_exit();
}
/** useraccount.class.php is used to define the USER object */
require_once $CFG->progdir . '/lib/useraccount.class.php';
$USER = new Useraccount($user_id);
$USER->is_logged_in = TRUE;
$_SESSION['language_key'] = $LANGUAGE->get_current_language();
// remember language set via _GET or otherwise
// Only admins are allowed, others are redirected to index.php
if (!$USER->is_admin()) {
logger("admin.php: '{$USER->username}' ({$USER->user_id}) is no admin and was redirected to index.php or login");
session_write_close();
non_admin_redirect_and_exit();
}
// We now know that this user is an admin, but
// is she allowed to perform upgrades if any? Check it out in 2 steps
// 1--we do NOT want exit on error if the user has enough privileges
// 2--we check the version and stay here if the user has enough privileges
$exit_on_error = $USER->has_job_permissions(JOB_PERMISSION_UPDATE) ? FALSE : TRUE;
$need_to_update = was_version_check($exit_on_error) ? FALSE : TRUE;
// We are still here if versions are OK _or_ versions mismatch but user has UPDATE privilege.
// Now we know we _will_ be generating output => setup output object
// using the specified skin OR the user's prefererred skin OR the one
// stored before in $_SESSION
$_SESSION['skin'] = get_current_skin();
// echo "DDD: {$_SESSION['skin']}";
$output = new AdminOutput($_SESSION['skin'], $CFG->title);
// Display a 'welcome message' if this is the first page after logging in.
if ($_SESSION['session_counter'] == 1) {
$output->add_message(t('login_user_success', 'admin', array('{USERNAME}' => $USER->username)));
}
// Let's see what what job needs to be done
$job = $need_to_update ? JOB_UPDATE : get_parameter_string('job', JOB_STARTCENTER);
// main dispatcher
switch ($job) {
case JOB_STARTCENTER:
job_start($output);
break;
case JOB_PAGEMANAGER:
add_javascript_popup_function($output, ' ');
if ($USER->has_job_permissions(JOB_PERMISSION_PAGEMANAGER)) {
include $CFG->progdir . '/lib/pagemanager.class.php';
$manager = new PageManager($output);
} else {
$output->add_content("<h2>" . t('access_denied', 'admin') . "</h2>");
$output->add_content(t('job_access_denied', 'admin'));
$output->add_message(t('job_access_denied', 'admin'));
}
break;
case JOB_FILEMANAGER:
case JOB_FILEBROWSER:
case JOB_IMAGEBROWSER:
case JOB_FLASHBROWSER:
add_javascript_popup_function($output, ' ');
add_javascript_select_url_function($output, ' ');
if ($USER->has_job_permissions(JOB_PERMISSION_FILEMANAGER)) {
include $CFG->progdir . '/lib/filemanager.class.php';
$manager = new FileManager($output, $job);
} else {
$output->add_content("<h2>" . t('access_denied', 'admin') . "</h2>");
$output->add_content(t('job_access_denied', 'admin'));
$output->add_message(t('job_access_denied', 'admin'));
}
break;
case JOB_MODULEMANAGER:
if ($USER->has_job_permissions(JOB_PERMISSION_MODULEMANAGER)) {
include $CFG->progdir . '/lib/modulemanagerlib.php';
job_modulemanager($output);
} else {
$output->add_content("<h2>" . t('access_denied', 'admin') . "</h2>");
$output->add_content(t('job_access_denied', 'admin'));
$output->add_message(t('job_access_denied', 'admin'));
}
break;
case JOB_ACCOUNTMANAGER:
if ($USER->has_job_permissions(JOB_PERMISSION_ACCOUNTMANAGER)) {
include $CFG->progdir . '/lib/accountmanagerlib.php';
job_accountmanager($output);
} else {
$output->add_content("<h2>" . t('access_denied', 'admin') . "</h2>");
$output->add_content(t('job_access_denied', 'admin'));
$output->add_message(t('job_access_denied', 'admin'));
}
break;
case JOB_CONFIGURATIONMANAGER:
if ($USER->has_job_permissions(JOB_PERMISSION_CONFIGURATIONMANAGER)) {
include $CFG->progdir . '/lib/configurationmanagerlib.php';
job_configurationmanager($output);
} else {
$output->add_content("<h2>" . t('access_denied', 'admin') . "</h2>");
$output->add_content(t('job_access_denied', 'admin'));
$output->add_message(t('job_access_denied', 'admin'));
}
break;
case JOB_STATISTICS:
if ($USER->has_job_permissions(JOB_PERMISSION_STATISTICS)) {
include $CFG->progdir . '/lib/statisticslib.php';
job_statistics($output);
} else {
$output->add_content("<h2>" . t('access_denied', 'admin') . "</h2>");
$output->add_content(t('job_access_denied', 'admin'));
$output->add_message(t('job_access_denied', 'admin'));
}
break;
case JOB_TOOLS:
if ($USER->has_job_permissions(JOB_PERMISSION_TOOLS)) {
// user has permission to access at least one of the tools
include $CFG->progdir . '/lib/toolslib.php';
job_tools($output);
} else {
$output->add_content("<h2>" . t('access_denied', 'admin') . "</h2>");
$output->add_content(t('job_access_denied', 'admin'));
$output->add_message(t('job_access_denied', 'admin'));
}
break;
case JOB_UPDATE:
if ($USER->has_job_permissions(JOB_PERMISSION_UPDATE)) {
// user has permission to access the update routine(s)
include $CFG->progdir . '/lib/updatelib.php';
job_update($output);
} else {
$output->add_content("<h2>" . t('access_denied', 'admin') . "</h2>");
$output->add_content(t('job_access_denied', 'admin'));
$output->add_message(t('job_access_denied', 'admin'));
}
break;
default:
if (!empty($job)) {
$output->add_content("<h2>" . t('access_denied', 'admin') . "</h2>");
$output->add_content(t('unknown_job', 'admin', array('{JOB}' => htmlspecialchars($job))));
$output->add_message(t('unknown_job', 'admin', array('{JOB}' => htmlspecialchars($job))));
logger("'" . $USER->username . "': unknown job '" . htmlspecialchars($job) . "'");
} else {
job_start($output);
}
break;
}
// the various functions job_*() will have put their output in $output
// Now it is time to actually output the output to the user's browser.
$output->send_output();
// make sure that any changes in $_SESSION are properly stored
// note that we close the session only after all processing is done,
// allowing the various job_*()'s to manipulate the session variables
session_write_close();
// at this point we have sent the page to the user,
// we can now use the remaining time in this run to process
// a few alerts (if any).
cron_send_queued_alerts(25);
// if there are more than 25, do them later or let cron do it.
return;
}
