permissions array includes a permission named
* "admin". If you are using the example, this will
* be the case.
*
* This script is capable of editing the user database. It requires
* an authenticated user. If the user has admin privilege, he can
* edit all users. If the user has less privilege, he can view all
* users, but not the passwords and can only change the own password.
*
* The script generates forms that submit values back to the script.
* Consequently the script below has three parts:
*
* 1. A section where utility functions are defined.
* 2. A section that is called only after the submit.
* 3. And a final section that is called when the script runs first time and
* every time after the submit.
*
* Scripts organized in this way will allow the user perpetual
* editing and they will reflect submitted changes immediately
* after a form submission.
*
* We consider this to be the standard organization of table editor
* scripts.
*
*/
## include this if you're not using the autoprepend feature
## include("prepend.php3");
$_PHPLIB["libdir"] = "../phplib/";
include($_PHPLIB["libdir"]."prepend.php3");
## straight from the examples...
page_open(array("sess" => "Pecknet_Session", "auth" => "Pecknet_Auth", "perm" => "Pecknet_Perm"));
#include "functions.inc";
include "../include/main_header.inc";
## Set this to something, just something different...
$hash_secret = "nowisthetime";
###
### Utility functions
###
## my_error($msg):
##
## Display error messages
function my_error($msg) {
?>
User Admin
User Administration
have_perm("admin")) {
my_error("You do not have permission to create users.");
break;
}
## Do we have all necessary data?
if (empty($username) || empty($password)) {
my_error("Please fill out Username and Password!");
break;
}
## Does the user already exist?
## NOTE: This should be a transaction, but it isn't...
$db->query("select * from auth_user where username='$username'");
if ($db->nf()>0) {
my_error("User $username already exists!");
break;
}
## Create a uid and insert the user...
$u_id=md5(uniqid($hash_secret));
$permlist = addslashes(implode($perms,","));
$query = "insert into auth_user values('$u_id','$username','$password','$permlist','$lfullname','$email')";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("User \"$username\" created.
");
break;
## Change user parameters
case "u_edit":
## Do we have permission to do so?
if (!$perm->have_perm("admin") && ($auth->auth["uid"] != $u_id)) {
my_error("You do not have permission to change users.");
break;
}
## Handle users changing their own password...
if (!$perm->have_perm("admin")) {
$query = "update auth_user set password='$password' where uid='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("Password of ". $auth->auth["uname"] ." changed.
");
break;
}
## Do we have all necessary data?
if (empty($username) || empty($password)) {
my_error("Please fill out Username and Password!");
break;
}
## Update user information.
$permlist = addslashes(implode($perms,","));
$query = "update auth_user set username='$username', password='$password', perms='$permlist', fullname='$lfullname', email='$email' where uid='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("User \"$username\" changed.
");
break;
## Delete the user
case "u_kill":
## Do we have permission to do so?
if (!$perm->have_perm("admin")) {
my_error("You do not have permission to delete users.");
break;
}
## Delete that user.
$query = "delete from auth_user where uid='$u_id' and username='$username'";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("User \"$username\" deleted.
");
break;
default:
break;
}
}
### Output user administration forms, including all updated
### information, if we come here after a submission...
?>
Username |
Password |
Fullname |
Email |
Level |
Action |
have_perm("admin")):
?>
query("select * from auth_user order by username");
while ($db->next_record()):
?>