From a03bbb923640b2f3010bde0806340c5d53a32122 Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Mon, 22 Feb 2010 11:43:29 +0100 Subject: [PATCH] Added new Flag readonly into user system, readonly user --- src/admin/users.php | 131 +++++++++++++++++++-------- src/include/db_update_v9.txt | 2 + src/lang/en/admin.php | 4 + src/templates/admin/admin_users.html | 8 +- 4 files changed, 108 insertions(+), 37 deletions(-) diff --git a/src/admin/users.php b/src/admin/users.php index ad71d9b..0ff6b36 100644 --- a/src/admin/users.php +++ b/src/admin/users.php @@ -58,46 +58,83 @@ IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' ); if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 ) DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] ); -if ( isset($_GET['miniop']) && $_GET['miniop'] == "setisadmin" ) +if ( isset($_GET['miniop']) ) { if ( isset($_GET['id']) && isset($_GET['newval']) ) { - //PreInit these values - $content['USERID'] = intval(DB_RemoveBadChars($_GET['id'])); - $iNewVal = intval(DB_RemoveBadChars($_GET['newval'])); + if ( $_GET['miniop'] == "setisadmin" ) + { + //PreInit these values + $content['USERID'] = intval(DB_RemoveBadChars($_GET['id'])); + $iNewVal = intval(DB_RemoveBadChars($_GET['newval'])); - // --- handle special case - if ( $content['USERID'] == $content['SESSION_USERID'] && (!isset($_GET['verify']) || $_GET['verify'] != "yes") && $iNewVal == 0) - { - // This will print an additional secure check which the user needs to confirm and exit the script execution. - PrintSecureUserCheck( $content['LN_USER_WARNREMOVEADMIN'], $content['LN_DELETEYES'], $content['LN_DELETENO'] ); + // --- handle special case + if ( $content['USERID'] == $content['SESSION_USERID'] && (!isset($_GET['verify']) || $_GET['verify'] != "yes") && $iNewVal == 0) + { + // This will print an additional secure check which the user needs to confirm and exit the script execution. + PrintSecureUserCheck( $content['LN_USER_WARNREMOVEADMIN'], $content['LN_DELETEYES'], $content['LN_DELETENO'] ); + } + // --- + + // Perform SQL Query! + $sqlquery = "SELECT * " . + " FROM " . DB_USERS . + " WHERE ID = " . $content['USERID']; + $result = DB_Query($sqlquery); + $myuser = DB_GetSingleRow($result, true); + if ( isset($myuser['username']) ) + { + // Update is_admin setting! + $result = DB_Query("UPDATE " . DB_USERS . " SET + is_admin = $iNewVal + WHERE ID = " . $content['USERID']); + DB_FreeQuery($result); + } + else + { + $content['ISERROR'] = true; + $content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_USER_ERROR_IDNOTFOUND'], $content['USERID'] ); + } } - // --- - - // Perform SQL Query! - $sqlquery = "SELECT * " . - " FROM " . DB_USERS . - " WHERE ID = " . $content['USERID']; - $result = DB_Query($sqlquery); - $myuser = DB_GetSingleRow($result, true); - if ( isset($myuser['username']) ) + else if ( $_GET['miniop'] == "setisreadonly" ) { - // Update is_admin setting! - $result = DB_Query("UPDATE " . DB_USERS . " SET - is_admin = $iNewVal - WHERE ID = " . $content['USERID']); - DB_FreeQuery($result); - } - else - { - $content['ISERROR'] = true; - $content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_USER_ERROR_IDNOTFOUND'], $content['USERID'] ); + //PreInit these values + $content['USERID'] = intval(DB_RemoveBadChars($_GET['id'])); + $iNewVal = intval(DB_RemoveBadChars($_GET['newval'])); + + // --- handle special case + if ( $content['USERID'] == $content['SESSION_USERID'] && (!isset($_GET['verify']) || $_GET['verify'] != "yes") && $iNewVal == 1) + { + // This will print an additional secure check which the user needs to confirm and exit the script execution. + PrintSecureUserCheck( $content['LN_USER_WARNRADYONLYADMIN'], $content['LN_DELETEYES'], $content['LN_DELETENO'] ); + } + // --- + + // Perform SQL Query! + $sqlquery = "SELECT * " . + " FROM " . DB_USERS . + " WHERE ID = " . $content['USERID']; + $result = DB_Query($sqlquery); + $myuser = DB_GetSingleRow($result, true); + if ( isset($myuser['username']) ) + { + // Update is_admin setting! + $result = DB_Query("UPDATE " . DB_USERS . " SET + is_readonly = $iNewVal + WHERE ID = " . $content['USERID']); + DB_FreeQuery($result); + } + else + { + $content['ISERROR'] = true; + $content['ERROR_MSG'] = GetAndReplaceLangStr( $content['LN_USER_ERROR_IDNOTFOUND'], $content['USERID'] ); + } } } else { $content['ISERROR'] = true; - $content['ERROR_MSG'] = "Error setting is_admin flat, invalid ID, User not found"; + $content['ERROR_MSG'] = $content['LN_USER_ERROR_SETTINGFLAG']; } } @@ -145,6 +182,11 @@ if ( isset($_GET['op']) ) else $content['CHECKED_ISADMIN'] = ""; + // Set is_readonly flag + if ( $myuser['is_readonly'] == 1 ) + $content['CHECKED_ISREADONLY'] = "checked"; + else + $content['CHECKED_ISREADONLY'] = ""; } else { @@ -228,7 +270,7 @@ if ( isset($_POST['op']) ) if ( isset ($_POST['password1']) ) { $content['PASSWORD1'] = DB_RemoveBadChars($_POST['password1']); } else {$content['PASSWORD1'] = ""; } if ( isset ($_POST['password2']) ) { $content['PASSWORD2'] = DB_RemoveBadChars($_POST['password2']); } else {$content['PASSWORD2'] = ""; } if ( isset ($_POST['isadmin']) ) { $content['ISADMIN'] = 1; } else {$content['ISADMIN'] = 0; } - + if ( isset ($_POST['isreadonly']) ) { $content['ISREADONLY'] = 1; } else {$content['ISREADONLY'] = 0; } // Check mandotary values if ( $content['USERNAME'] == "" ) @@ -265,10 +307,11 @@ if ( isset($_POST['op']) ) $content['PASSWORDHASH'] = md5( $content['PASSWORD1'] ); // Add new User now! - $result = DB_Query("INSERT INTO " . DB_USERS . " (username, password, is_admin) + $result = DB_Query("INSERT INTO " . DB_USERS . " (username, password, is_admin, is_readonly) VALUES ('" . $content['USERNAME'] . "', '" . $content['PASSWORDHASH'] . "', - " . $content['ISADMIN'] . ")"); + " . $content['ISADMIN'] . ", + " . $content['ISREADONLY'] . ")"); DB_FreeQuery($result); // Do the final redirect @@ -306,7 +349,8 @@ if ( isset($_POST['op']) ) $result = DB_Query("UPDATE " . DB_USERS . " SET username = '" . $content['USERNAME'] . "', password = '" . $content['PASSWORDHASH'] . "', - is_admin = " . $content['ISADMIN'] . " + is_admin = " . $content['ISADMIN'] . ", + is_readonly = " . $content['ISREADONLY'] . " WHERE ID = " . $content['USERID']); DB_FreeQuery($result); } @@ -316,7 +360,8 @@ if ( isset($_POST['op']) ) // Edit the User now! $result = DB_Query("UPDATE " . DB_USERS . " SET username = '" . $content['USERNAME'] . "', - is_admin = " . $content['ISADMIN'] . " + is_admin = " . $content['ISADMIN'] . ", + is_readonly = " . $content['ISREADONLY'] . " WHERE ID = " . $content['USERID']); DB_FreeQuery($result); } @@ -336,7 +381,8 @@ if ( !isset($_POST['op']) && !isset($_GET['op']) ) // Read all Serverentries $sqlquery = "SELECT ID, " . " username, " . - " is_admin " . + " is_admin, " . + " is_readonly " . " FROM " . DB_USERS . " ORDER BY ID "; $result = DB_Query($sqlquery); @@ -345,7 +391,7 @@ if ( !isset($_POST['op']) && !isset($_GET['op']) ) // --- Process Users for($i = 0; $i < count($content['USERS']); $i++) { - // --- Set Image for IsClanMember + // --- Set Image for IsAdmin if ( $content['USERS'][$i]['is_admin'] == 1 ) { $content['USERS'][$i]['is_isadmin_string'] = $content['MENU_SELECTION_ENABLED']; @@ -358,6 +404,19 @@ if ( !isset($_POST['op']) && !isset($_GET['op']) ) } // --- + // --- Set Image for IsReadonly + if ( $content['USERS'][$i]['is_readonly'] == 1 ) + { + $content['USERS'][$i]['is_readonly_string'] = $content['MENU_SELECTION_ENABLED']; + $content['USERS'][$i]['set_isreadonly'] = 0; + } + else + { + $content['USERS'][$i]['is_readonly_string'] = $content['MENU_SELECTION_DISABLED']; + $content['USERS'][$i]['set_isreadonly'] = 1; + } + // --- + // --- Set CSS Class if ( $i % 2 == 0 ) $content['USERS'][$i]['cssclass'] = "line1"; diff --git a/src/include/db_update_v9.txt b/src/include/db_update_v9.txt index c13a309..269d0f9 100644 --- a/src/include/db_update_v9.txt +++ b/src/include/db_update_v9.txt @@ -14,6 +14,8 @@ CREATE TABLE `logcon_savedreports` ( PRIMARY KEY (`ID`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT = 'Table to store saved reports' AUTO_INCREMENT=1 ; +ALTER TABLE `logcon_users` ADD `is_readonly` BOOL NOT NULL DEFAULT '0' AFTER `is_admin` ; + -- Insert data -- Updated Data diff --git a/src/lang/en/admin.php b/src/lang/en/admin.php index 21ee475..5c2f522 100644 --- a/src/lang/en/admin.php +++ b/src/lang/en/admin.php @@ -130,6 +130,10 @@ $content['LN_USER_ADDEDIT'] = "Add/Edit User"; $content['LN_USER_WARNREMOVEADMIN'] = "You are about to revoke your own administrative priviledges. Are you sure to remove your admin status?"; $content['LN_USER_WARNDELETEUSER'] = "Are you sure that you want to delete the User '%1'? All his personal settings will be deleted as well."; $content['LN_USER_ERROR_INVALIDSESSIONS'] = "Invalid User Session."; +$content['LN_USER_ERROR_SETTINGFLAG'] = "Error setting flag, invalid ID or User not found"; +$content['LN_USER_WARNRADYONLYADMIN'] = "You are about to set your account to readonly! This will prevent you from changing any settings! Are you sure that you want to proceed?"; +$content['LN_USER_ISREADONLY'] = "Readonly User?"; +$content['LN_USER_'] = ""; $content['LN_USER_'] = ""; // Group center diff --git a/src/templates/admin/admin_users.html b/src/templates/admin/admin_users.html index 4e2a3f0..387772a 100644 --- a/src/templates/admin/admin_users.html +++ b/src/templates/admin/admin_users.html @@ -27,6 +27,7 @@ {LN_USER_ID} {LN_USER_NAME} {LN_USER_ISADMIN} + {LN_USER_ISREADONLY} {LN_GEN_ACTIONS} @@ -34,6 +35,7 @@ {ID} {username} +     @@ -41,7 +43,7 @@ -  {LN_USER_ADD} +  {LN_USER_ADD} @@ -68,6 +70,10 @@ {LN_USER_ISADMIN} + + {LN_USER_ISREADONLY} + +