/**
* Load data for all users.
* @todo also load group membership
* @param int $limit (optional) the maximum number of users to return.
* @return object $results fetch non-authorization related data for the all users
*/
function loadUsers($limit = NULL)
{
// This block automatically checks this action against the permissions database before running.
if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
return fetchAllUsers($limit);
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST)) {
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deleteUsers($deletions)) {
$successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
} else {
$errors[] = lang("NO_SELECTION_TO_DELETE_USER");
}
}
$userData = fetchAllUsers();
//Fetch information for all users
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Users</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminUsers' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<table class='admin'>\r\n<tr>\r\n<th>Delete</th><th>Username</th><th>Display Name</th><th>Title</th><th>Last Sign In</th>\r\n</tr>";
//Cycle through users
foreach ($userData as $v1) {
echo "\r\n\t<tr>\r\n\t<td><input type='checkbox' name='delete[" . $v1['id'] . "]' id='delete[" . $v1['id'] . "]' value='" . $v1['id'] . "'></td>\r\n\t<td><a href='" . str_replace('index.php/', '', site_url('admin_user')) . "?id=" . $v1['id'] . "'>" . $v1['user_name'] . "</a></td>\r\n\t<td>" . $v1['display_name'] . "</td>\r\n\t<td>" . $v1['title'] . "</td>\r\n\t<td>\r\n\t";
//Interprety last login
if ($v1['last_sign_in_stamp'] == '0') {
echo "Never";
} else {
echo date("j M, Y", $v1['last_sign_in_stamp']);
}
echo "\r\n\t</td>\r\n\t</tr>";
}
echo "\r\n</table>\r\n<input type='submit' name='Submit' value='Delete' />\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
http://usercake.com
*/
require_once __DIR__ . "/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST)) {
$deletions = $_POST['delete'];
if ($deletion_count = deleteUsers($deletions)) {
$successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
$userData = fetchAllUsers();
//Fetch information for all users
require_once __DIR__ . "/models/header.php";
echo "\n<body>\n<div id='wrapper'>\n<div id='top'><div id='logo'></div></div>\n<div id='content'>\n<h1>" . $websiteName . "</h1>\n<h2>Admin Users</h2>\n<div id='left-nav'>";
include __DIR__ . "/left-nav.php";
echo "\n</div>\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\n<form name='adminUsers' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\n<table class='admin'>\n<tr>\n<th>Delete</th><th>Username</th><th>Display Name</th><th>Title</th><th>Last Sign In</th>\n</tr>";
//Cycle through users
foreach ($userData as $v1) {
echo "\n\t<tr>\n\t<td><input type='checkbox' name='delete[" . $v1['id'] . "]' id='delete[" . $v1['id'] . "]' value='" . $v1['id'] . "'></td>\n\t<td><a href='admin_user.php?id=" . $v1['id'] . "'>" . $v1['user_name'] . "</a></td>\n\t<td>" . $v1['display_name'] . "</td>\n\t<td>" . $v1['title'] . "</td>\n\t<td>\n\t";
//Interprety last login
if ($v1['last_sign_in_stamp'] == '0') {
echo "Never";
} else {
echo date("j M, Y", $v1['last_sign_in_stamp']);
function fetchAllPermits($type)
{
try {
global $db_table_prefix;
$result = array();
// Build array of groups/users indexed by id
if ($type == "user") {
$users = fetchAllUsers();
foreach ($users as $user) {
$id = $user['user_id'];
$result[$id] = array();
$result[$id]['user_id'] = $id;
$result[$id]['user_name'] = $user['user_name'];
$result[$id]['action_permits'] = array();
}
} else {
$groups = fetchAllGroups();
foreach ($groups as $group) {
$id = $group['id'];
$result[$id]['group_id'] = $id;
$result[$id]['name'] = $group['name'];
$result[$id]['action_permits'] = array();
}
}
$db = pdoConnect();
if ($type == "user") {
$query = "SELECT {$db_table_prefix}user_action_permits.*, user_name FROM {$db_table_prefix}users, {$db_table_prefix}user_action_permits\n\t\t\tWHERE {$db_table_prefix}users.id = {$db_table_prefix}user_action_permits.user_id ORDER BY user_id, action";
} else {
if ($type == "group") {
$query = "SELECT {$db_table_prefix}group_action_permits.*, name FROM {$db_table_prefix}groups, {$db_table_prefix}group_action_permits\n\t\t\tWHERE {$db_table_prefix}groups.id = {$db_table_prefix}group_action_permits.group_id ORDER BY group_id, action";
} else {
return false;
}
}
$stmt = $db->prepare($query);
$stmt->execute();
while ($r = $stmt->fetch(PDO::FETCH_ASSOC)) {
if ($type == "user") {
$id = $r['user_id'];
} else {
$id = $r['group_id'];
}
$action_permit_id = $r['id'];
// Parse out permit string into array of permit functions and parameters
$permits_arr = explode('&', $r['permits']);
$permits_by_arg = array();
foreach ($permits_arr as $permit) {
$permit_with_params = array();
preg_match('/(.*?)\\((.*?)\\)/', $permit, $permit_param_str);
$permit_name = $permit_param_str[1];
//$permit_with_params['name'] = $permit_name;
// Extract and map parameters, if any
if ($permit_param_str[2] and $permit_params = explode(',', $permit_param_str[2])) {
$permit_with_params = array();
foreach ($permit_params as $param) {
$permit_with_params[] = $param;
}
}
$permits_by_arg[$permit_name] = $permit_with_params;
}
$actions = array('action_id' => $action_permit_id, 'action' => $r['action'], 'permits' => $permits_by_arg);
$result[$id]['action_permits'][$action_permit_id] = $actions;
}
// Convert users/groups to numerically indexed array
$result = array_values($result);
$stmt = null;
foreach ($result as $id => $owner) {
$action_names = array();
foreach ($owner['action_permits'] as $action_id => $action) {
$action_names[] = $action['action'];
}
//echo var_dump($action_names);
//echo var_dump($group['action_permits']);
array_multisort($action_names, SORT_ASC, $owner['action_permits']);
// Convert action_permits to numerically indexed array
$result[$id]['action_permits'] = array_values($result[$id]['action_permits']);
}
return $result;
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
}
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$permissionId = $_GET['id'];
//Check if selected permission level exists
if (!permissionIdExists($permissionId)) {
header("Location: " . site_url('admin_permissions'));
die;
}
$permissionDetails = fetchPermissionDetails($permissionId);
//Fetch information specific to permission level
//Forms posted
if (!empty($_POST)) {
//Delete selected permission level
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deletePermission($deletions)) {
$successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));
header("Location: " . site_url('admin_permissions'));
} else {
$errors[] = lang("SQL_ERROR");
}
} else {
//Update permission level name
if ($permissionDetails[0]['name'] != $_POST['name']) {
$permission = trim($_POST['name']);
//Validate new name
if (permissionNameExists($permission)) {
$errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission));
} elseif (minMaxRange(1, 50, $permission)) {
$errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50));
} else {
if (updatePermissionName($permissionId, $permission)) {
$successes[] = lang("PERMISSION_NAME_UPDATE", array($permission));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Remove access to pages
if (!empty($_POST['removePermission'])) {
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($permissionId, $remove)) {
$successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Add access to pages
if (!empty($_POST['addPermission'])) {
$add = $_POST['addPermission'];
if ($addition_count = addPermission($permissionId, $add)) {
$successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Remove access to pages
if (!empty($_POST['removePage'])) {
$remove = $_POST['removePage'];
if ($deletion_count = removePage($remove, $permissionId)) {
$successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Add access to pages
if (!empty($_POST['addPage'])) {
$add = $_POST['addPage'];
if ($addition_count = addPage($add, $permissionId)) {
$successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
$permissionDetails = fetchPermissionDetails($permissionId);
}
}
$pagePermissions = fetchPermissionPages($permissionId);
//Retrieve list of accessible pages
$permissionUsers = fetchPermissionUsers($permissionId);
//Retrieve list of users with membership
$userData = fetchAllUsers();
//Fetch all users
$pageData = fetchAllPages();
//Fetch all pages
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminPermission' action='" . $_SERVER['PHP_SELF'] . "?id=" . $permissionId . "' method='post'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Permission Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $permissionDetails[0]['id'] . "\r\n</p>\r\n<p>\r\n<label>Name:</label>\r\n<input type='text' name='name' value='" . $permissionDetails[0]['name'] . "' />\r\n</p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $permissionDetails[0]['id'] . "]' id='delete[" . $permissionDetails[0]['id'] . "]' value='" . $permissionDetails[0]['id'] . "'>\r\n</p>\r\n</div></td><td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>\r\nRemove Members:";
//List users with permission level
foreach ($userData as $v1) {
if (isset($permissionUsers[$v1['id']])) {
echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name'];
}
}
echo "\r\n</p><p>Add Members:";
//List users without permission level
foreach ($userData as $v1) {
if (!isset($permissionUsers[$v1['id']])) {
echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Access</h3>\r\n<div id='regbox'>\r\n<p>\r\nPublic Access:";
//List public pages
foreach ($pageData as $v1) {
if ($v1['private'] != 1) {
echo "<br>" . $v1['page'];
}
}
echo "\r\n</p>\r\n<p>\r\nRemove Access:";
//List pages accessible to permission level
foreach ($pageData as $v1) {
if (isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) {
echo "<br><input type='checkbox' name='removePage[" . $v1['id'] . "]' id='removePage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page'];
}
}
echo "\r\n</p><p>Add Access:";
//List pages inaccessible to permission level
foreach ($pageData as $v1) {
if (!isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) {
echo "<br><input type='checkbox' name='addPage[" . $v1['id'] . "]' id='addPage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
