permissions array includes a permission named
* "admin". If you are using the example, this will
* be the case.
*
* This script is capable of editing the user database. It requires
* an authenticated user. If the user has admin privilege, he can
* edit all users. If the user has less privilege, he can view all
* users, but not the passwords and can only change the own password.
*
* The script generates forms that submit values back to the script.
* Consequently the script below has three parts:
*
* 1. A section where utility functions are defined.
* 2. A section that is called only after the submit.
* 3. And a final section that is called when the script runs first time and
* every time after the submit.
*
* Scripts organized in this way will allow the user perpetual
* editing and they will reflect submitted changes immediately
* after a form submission.
*
* We consider this to be the standard organization of table editor
* scripts.
*
*/
## include this if you're not using the autoprepend feature
## include("prepend.php3");
## straight from the examples...
page_open(array("sess" => "Example_Session", "auth" => "Example_Challenge_Crypt_Auth", "perm" => "Example_Perm"));
## Set this to something, just something different...
$hash_secret = "Jabberwocky...";
###
### Utility functions
###
## my_error($msg):
##
## Display error messages
function my_error($msg) {
?>
Error:
O.K.:
User Admin
User Administration
";
## Do we have permission to do so?
if (!$perm->have_perm("admin")) {
my_error("You do not have permission to create users.");
break;
}
## Do we have all necessary data?
if (empty($username) || empty($password)) {
my_error("Please fill out Username and Password!");
break;
}
## Does the user already exist?
## NOTE: This should be a transaction, but it isn't...
$db->query("select * from auth_user_md5 where username='$username'");
if ($db->nf()>0) {
my_error("User $username already exists!");
break;
}
## Create a uid and insert the user...
$u_id=md5(uniqid($hash_secret));
$query = "insert into auth_user_md5 values('$u_id','$username','$password','$perms')";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("User \"$username\" created. ");
break;
## Change user parameters
case "u_edit":
## Do we have permission to do so?
if (!$perm->have_perm("admin") && ($auth->auth["uid"] != $u_id)) {
my_error("You do not have permission to change users.");
break;
}
## Handle users changing their own password...
if (!$perm->have_perm("admin")) {
$query = "update auth_user_md5 set password='$password' where uid='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("Password of ". $auth->auth["uname"] ." changed. ");
break;
}
## Do we have all necessary data?
if (empty($username) || empty($password)) {
my_error("Please fill out Username and Password!");
break;
}
## Update user information.
$query = "update auth_user_md5 set username='$username', password='$password', perms='$perms' where uid='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("User \"$username\" changed. ");
break;
## Delete the user
case "u_kill":
## Do we have permission to do so?
if (!$perm->have_perm("admin")) {
my_error("You do not have permission to delete users.");
break;
}
## Delete that user.
$query = "delete from auth_user_md5 where uid='$u_id' and username='$username'";
$db->query($query);
if ($db->affected_rows() == 0) {
my_error("Failed: $query");
break;
}
my_msg("User \"$username\" deleted. ");
break;
default:
break;
}
}
### Output user administration forms, including all updated
### information, if we come here after a submission...
?>
Username
Password
Level
Action
have_perm("admin")):
?>
query("select * from auth_user_md5 order by username");
while ($db->next_record()):
?>