From b7c0df8be3a5e13053ca739b7f32394f23ea66f0 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sat, 8 Oct 2005 16:05:34 +0000
Subject: [PATCH] r507: User manager in the admin CP

---
 admin/global.php |   1 +
 admin/user.php   | 257 +++++++++++++++++++++++++++++++++++++++++++++++
 docs/todo.txt    |   1 -
 3 files changed, 258 insertions(+), 1 deletion(-)
 create mode 100644 admin/user.php

diff --git a/admin/global.php b/admin/global.php
index e97aad3..687f9b8 100755
--- a/admin/global.php
+++ b/admin/global.php
@@ -40,6 +40,7 @@ $globalnav = array(
 	),
 	
 	$lang->string('User Management') => array(
+		$lang->string('Users') => 'user.php',
 		$lang->string('Usergroups') => 'usergroup.php'
 	)
 );
diff --git a/admin/user.php b/admin/user.php
new file mode 100644
index 0000000..d1f28ad
--- /dev/null
+++ b/admin/user.php
@@ -0,0 +1,257 @@
+<?php
+/*=====================================================================*\
+|| ################################################################### ||
+|| # BugStrike [#]version[#]
+|| # --------------------------------------------------------------- # ||
+|| # Copyright ©2002-[#]year[#] by Iris Studios, Inc. All Rights Reserved. # ||
+|| # This file may not be reproduced in any way without permission.  # ||
+|| # --------------------------------------------------------------- # ||
+|| # User License Agreement at http://www.iris-studios.com/license/  # ||
+|| ################################################################### ||
+\*=====================================================================*/
+
+require_once('./global.php');
+
+if (!can_perform('canadminusers'))
+{
+	admin_login();
+}
+
+// ###################################################################
+
+if (empty($_REQUEST['do']))
+{
+	$_REQUEST['do'] = 'modify';
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'kill')
+{
+	$user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid']));
+	if (!$user)
+	{
+		$admin->error($lang->getlex('error_invalid_id'));
+	}
+	
+	if ($user['userid'] == $bugsys->userinfo['userid'])
+	{
+		$admin->error($lang->string('You cannot delete your own account!'));
+	}
+	
+	if ($user['usergroupid'] == 6)
+	{
+		$count = $db->query_first("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "user WHERE usergroupid = 6 AND userid <> $user[userid]");
+		if ($count['count'] < 1)
+		{
+			$admin->error($lang->string('At least one other administrator needs to be present before you can delete this user'));
+		}
+	}
+	
+	$db->query("DELETE FROM user WHERE userid = $user[userid]");
+	$db->query("DELETE FROM favourite WHERE userid = $user[userid]");
+	$db->query("DELETE FROM useractivation WHERE userid = $user[userid]");
+	
+	$admin->redirect('user.php');
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'delete')
+{
+	$admin->page_confirm($lang->string('Are you sure you want to delete this user?'), 'user.php?do=kill&amp;userid=' . intval($bugsys->in['userid']));
+}
+
+// ###################################################################
+
+if ($_POST['do'] == 'insert')
+{
+	$salt = $funct->rand(15);
+	
+	$db->query("
+		INSERT INTO " . TABLE_PREFIX . "user
+			(email, displayname, password, salt, authkey, showemail, languageid, usergroupid, timezone)
+		VALUES
+			('" . $bugsys->in['email'] . "',
+			'" . $bugsys->in['displayname'] . "',
+			'" . md5(md5($bugsys->in['password']) . md5($salt)) . "',
+			'$salt',
+			'" . $funct->rand() . "',
+			" . intval($bugsys->in['showemail']) . ",
+			" . intval($bugsys->in['languageid']) . ",
+			" . intval($bugsys->in['usergroupid']) . ",
+			" . intval($bugsys->in['timezone']) . "
+		)"
+	);
+	
+	$admin->redirect('user.php?do=edit&userid=' . $db->insert_id());
+}
+
+// ###################################################################
+
+if ($_POST['do'] == 'update')
+{
+	$user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid']));
+	if (!$user)
+	{
+		$admin->error($lang->getlex('error_invalid_id'));
+	}
+	
+	$db->query("
+		UPDATE " . TABLE_PREFIX . "user
+		SET displayname = '" . $bugsys->in['displayname'] . "',
+			email = '" . $bugsys->in['email'] . "',
+			usergroupid = " . intval($bugsys->in['usergroupid']) . ",
+			languageid = " . intval($bugsys->in['languageid']) . ",
+			timezone = " . intval($bugsys->in['timezone']) . ($bugsys->in['password'] ? ",
+			password = '" . md5(md5($bugsys->in['password']) . md5($user['salt'])) . "'" : '') . "
+		WHERE userid = $user[userid]"
+	);
+	
+	$admin->redirect('user.php?do=edit&userid=' . $user['userid']);
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'edit' OR $_REQUEST['do'] == 'add')
+{
+	$add = ($_REQUEST['do'] == 'add');
+	$edit = (!$add);
+	
+	if ($edit)
+	{
+		$user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid']));
+		if (!$user)
+		{
+			$admin->error($lang->getlex('error_invalid_id'));
+		}
+	}
+		
+	$admin->page_start(($add ? $lang->string('Add User') : $lang->string('Edit User')));
+	
+	$admin->form_start('user.php', ($add ? 'insert' : 'update'));
+	
+	if ($edit)
+	{
+		$admin->form_hidden_field('userid', $user['userid']);
+	}
+	
+	$admin->table_start();
+	
+	$admin->table_head(($add ? $lang->string('Add User') : sprintf($lang->string('Edit User (userid: %1$s)'), $user['userid'])));
+	
+	$admin->row_input($lang->string('Display Name'), 'displayname', $user['displayname']);
+	$admin->row_input($lang->string('Email'), 'email', $user['email']);
+	$admin->row_input(($add ? $lang->string('Password') : $lang->string('Password (Leave blank for no change)')), 'password');
+	
+	foreach ($bugsys->datastore['usergroup'] AS $group)
+	{
+		$admin->list_item($group['title'], $group['usergroupid'], ($user['usergroupid'] == $group['usergroupid']));
+	}
+	$admin->row_list($lang->string('Usergroup'), 'usergroupid');
+	
+	$admin->row_yesno($lang->string('Show Email Publicly'), 'showemail', $user['showemail']);
+	
+	foreach ($bugsys->datastore['language'] AS $language)
+	{
+		$admin->list_item($language['title'], $language['languageid'], ($user['languageid'] == $language['languageid']));
+	}
+	$admin->row_list($lang->string('Language'), 'languageid');
+	
+	foreach ($datef->fetch_timezone_list() AS $value => $string)
+	{
+		$admin->list_item($string, $value, ($user['timezone'] == $value));
+	}
+	$admin->row_list($lang->string('Timezone'), 'timezone');
+	
+	$admin->row_submit(($edit ? '<a href="user.php?do=delete&amp;userid=' . $user['userid'] . '">[' . $lang->string('Delete') . ']</a>' : ''), ':save:', ':reset:', 4);
+	
+	$admin->table_end();
+	$admin->form_end();
+	
+	$admin->page_end();
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'search')
+{
+	$fail = false;
+	
+	if (is_numeric($bugsys->in['userdata']))
+	{
+		if ($db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userdata'])))
+		{
+			header('Location: user.php?do=edit&userid=' . intval($bugsys->in['userdata']));
+		}
+		else
+		{
+			$fail = true;
+		}
+	}
+	else
+	{
+		$bugsys->in['userdata'] = str_replace('%', '\%', $bugsys->in['userdata']);
+		$results = $db->query("SELECT * FROM " . TABLE_PREFIX . "user WHERE email LIKE '%" . $bugsys->in['userdata'] . "%' OR displayname LIKE '%" . $bugsys->in['userdata'] . "%'");
+		
+		if ($db->num_rows($results) < 1)
+		{
+			$fail = true;
+		}
+		else
+		{
+			$admin->page_start($lang->string('Search Results'));
+			
+			$admin->table_start();
+			$admin->table_head($lang->string('Search Results'), 4);
+			$admin->table_column_head(array($lang->string('Display Name'), $lang->string('Email'), $lang->string('User ID'), $lang->string('Actions')));
+			
+			while ($row = $db->fetch_array($results))
+			{
+				$admin->row_multi_item(array(
+					$row['displayname'] => 'l',
+					$row['email'] => 'c',
+					$row['userid'] => 'c',
+					'<a href="user.php?do=edit&amp;userid=' . $row['userid'] . '">[' . $lang->string('Edit') . ']</a>' => 'c'
+				));
+			}
+			
+			$admin->table_end();
+			
+			$admin->page_end();
+		}
+	}
+	
+	if ($fail)
+	{
+		$admin->error($lang->string('Sorry, we could not find any users that matched your criteria.'));
+	}
+}
+
+// ###################################################################
+
+if ($_REQUEST['do'] == 'modify')
+{
+	$admin->page_start($lang->string('User Search'));
+	
+	$admin->form_start('user.php', 'search');
+	$admin->table_start(true, '45%');
+	
+	$admin->table_head($lang->string('User Search'));
+	$admin->row_input($lang->string('Display Name/Email/User ID'), 'userdata');
+	
+	$admin->row_submit('', ':save:', '');
+	
+	$admin->table_end();
+	$admin->form_end();
+	
+	$admin->page_end();
+}
+
+/*=====================================================================*\
+|| ###################################################################
+|| # $HeadURL$
+|| # $Id$
+|| ###################################################################
+\*=====================================================================*/
+?>
\ No newline at end of file
diff --git a/docs/todo.txt b/docs/todo.txt
index 9311e23..e6e0b8f 100755
--- a/docs/todo.txt
+++ b/docs/todo.txt
@@ -8,7 +8,6 @@ BUGTRACK 1.0
 - Add per-product-usergroup permission settings
 - Ability to disable status colouring on listing pages
 - User options/controls page
-- User manager in Admin CP
 
 ###############################################################################
 BUGTRACK 1.1
-- 
2.22.5