New file |
0,0 → 1,358 |
<?php |
/* |
usersdeleting.php |
|
Copyright 2002 Patrick PAUL |
Copyright 2003 David DELON |
* Copyright 2013 Jean-Pascal MILCENT |
This program is free software; you can redistribute it and/or modify |
it under the terms of the GNU General Public License as published by |
the Free Software Foundation; either version 2 of the License, or |
(at your option) any later version. |
|
This program is distributed in the hope that it will be useful, |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
GNU General Public License for more details. |
|
You should have received a copy of the GNU General Public License |
along with this program; if not, write to the Free Software |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
*/ |
|
// Data managment |
$origineLink = $this->Href(); |
$messages = array(); |
if ($this->UserIsAdmin() === false) { |
$msg = "Il est nécessaire d'être administrateur de ce wikini pour accéder à la gestion des utilisateurs."; |
$messages[] = array('type' => 'warning', 'txt' => $msg); |
} else { |
$msg_accueil = "Zone de sécurité renforcé : identifiez vous avec l'identifiant et le mot de passe de connexion à la base de données de ce Wikini"; |
$msg_echec = "Accès limité aux administrateurs de ce Wikini ayant accès aux paramètres d'installation (identifiant et mot de passe de la base de données).\n". |
"Votre tentative d'identification a échoué.\n". |
"Actualiser la page pour essayer à nouveau si vous avez en votre possession les paramètres nécessaires."; |
$wikiAuthHttp = new WikiAuthHttp($msg_accueil, $msg_echec, $this->config['mysql_user'], $this->config['mysql_password']); |
$wikiAuthHttp->authentifier(); |
|
$prefix = $this->config['table_prefix']; |
|
// Data update, insert or delete |
if (isset($_POST['action'])) { |
if ($_POST['action'] == 'deleteUser') { |
if (isset($_POST['users']) === false) { |
$messages[] = array('type' => 'error', 'txt' => 'Veuillez sélectionner au moins un utilisateur.'); |
} else { |
$usersDeleted = array(); |
$usersEscaped = array(); |
foreach ($_POST['users'] as $user_name) { |
$usersDeleted[] = $user_name; |
$usersEscaped[] = "'".mysql_real_escape_string($user_name)."'"; |
} |
$sqlUsersToDelete = implode(',', $usersEscaped); |
} |
$queryDeleteUser = "DELETE FROM {$prefix}users ". |
"WHERE name IN ($sqlUsersToDelete) "; |
$this->Query($queryDeleteUser); |
|
$usersDeleted = implode(', ', $usersDeleted); |
if (empty($usersDeleted) == false) { |
$msg = "Les utilisateurs suivant ont été supprimés : $usersDeleted."; |
$messages[] = array('type' => 'success', 'txt' => $msg); |
} |
} else if ($_POST['action'] == 'deletePage') { |
$deletedPages = array(); |
if (!empty($_POST['suppr'])) { |
foreach ($_POST['suppr'] as $page) { |
// Effacement de la page en utilisant la méthode DeleteOrphanedPage |
$this->DeleteOrphanedPage($page); |
$deletedPages[] = $page; |
} |
|
$deletedPages = implode(', ', $deletedPages); |
if (empty($deletedPages) == false) { |
$msg = "Les pages suivantes ont été supprimées : $deletedPages."; |
$messages[] = array('type' => 'success', 'txt' => $msg); |
} |
} |
|
$restoredPages = array(); |
if (!empty($_POST['rev'])) { |
foreach ($_POST['rev'] as $rev_id) { |
// Sélectionne la révision |
$id = "'".mysql_real_escape_string($rev_id)."'"; |
$query = 'SELECT * '. |
"FROM {$prefix}pages ". |
"WHERE id = $id ". |
'LIMIT 1'; |
$revision = $this->LoadSingle($query); |
|
// Fait de la dernière version de cette révision une version archivée |
$tag = "'".mysql_real_escape_string($revision['tag'])."'"; |
$queryUpdate = |
"UPDATE {$prefix}pages " . |
"SET latest = 'N' ". |
"WHERE latest = 'Y' " . |
"AND tag = $tag " . |
"LIMIT 1"; |
$this->Query($queryUpdate); |
$restoredPages[] = $revision['tag']; |
|
// add new revision |
$owner = "'".mysql_real_escape_string($revision['owner'] )."'"; |
$user = "'".mysql_real_escape_string('WikiAdmin')."'"; |
$body = "'".mysql_real_escape_string(chop($revision['body']))."'"; |
$queryInsert = "INSERT INTO {$prefix}pages SET ". |
"tag = $tag, ". |
"time = NOW(), ". |
"owner = $owner, ". |
"user = $user, ". |
"latest = 'Y', ". |
"body = $body"; |
$this->Query($queryInsert); |
} |
} |
|
$restoredPages = implode(', ', $restoredPages); |
if (empty($restoredPages) == false) { |
$msg = "Les pages suivantes ont été restaurées à une version antérieure: $restoredPages."; |
$messages[] = array('type' => 'success', 'txt' => $msg); |
} |
} |
} |
|
// Data loading |
$queryAllUsers = 'SELECT name, email, motto, revisioncount, changescount, doubleclickedit, signuptime, show_comments '. |
"FROM {$prefix}users ". |
'ORDER BY signuptime DESC'; |
$users = $this->LoadAll($queryAllUsers); |
$users_infos = array(); |
foreach($users as $user) { |
$user_name = mysql_real_escape_string($user['name']); |
$result = $this->LoadSingle("SELECT COUNT(*) AS pages FROM {$prefix}pages WHERE user = '$user_name'"); |
$user['pages_user'] = $result['pages']; |
|
$result = $this->LoadSingle("SELECT COUNT(*) AS pages FROM {$prefix}pages WHERE latest = 'Y' AND owner = '$user_name'"); |
$user['pages_owner'] = $result['pages']; |
|
$user['has_pages'] = ($user['pages_user'] != 0 || $user['pages_owner'] != 0) ? true : false; |
|
$user['pages_link'] = $this->Href('', '', "action=seeUserPage&user={$user['name']}"); |
|
$users_infos[] = $user; |
} |
if (count($users_infos) == 0) { |
$msg = "Ce Wikini ne possède pas d'utilisateur"; |
$messages[] = array('type' => 'info', 'txt' => $msg); |
} |
|
if (isset($_GET['action'])) { |
if ($_GET['action'] == 'seeUserPage' && $_GET['user'] != '') { |
$actionLink = $this->Href('', '', "action=seeUserPage&user={$_GET['user']}"); |
|
$userPages['name'] = $_GET['user']; |
$userName = "'".mysql_real_escape_string($_GET['user'])."'"; |
$queryAllUserPages = "SELECT tag ". |
"FROM {$prefix}pages ". |
"WHERE owner = $userName OR ". |
" user = $userName ". |
"ORDER BY time DESC "; |
$pages = $this->LoadAll($queryAllUserPages); |
if (count($pages) == 0) { |
$msg = "Cet utilisateur ne possède plus aucune page."; |
$messages[] = array('type' => 'error', 'txt' => $msg); |
} else { |
foreach ($pages as $page) { |
if (! isset($userPages['pages'][$page['tag']])) { |
$pageTag = "'".mysql_real_escape_string($page['tag'])."'"; |
$infos = $this->LoadSingle("SELECT * FROM {$prefix}pages WHERE tag = $pageTag AND latest = 'Y'"); |
$infos['link'] = $this->Href('', $page['tag']); |
$infos['revisions'] = $this->LoadAll("SELECT * FROM {$prefix}pages WHERE tag = $pageTag ORDER BY time DESC"); |
$userPages['pages'][$page['tag']] = $infos; |
} |
} |
} |
} |
} |
} |
|
// Template HTML |
$html = ''; |
if ($_GET['action'] == 'seeUserPage') { |
$html .= '<ul class="breadcrumb"> |
<li>Retour : </li> |
<li><a href="'.$origineLink.'">Gestion des utilisateurs</a> <span class="divider">></span></li> |
<li class="active">Pages utilisateur '.$userPages['name'].'</li> |
</ul>'; |
} |
$html .= '<h2>Gestion des utilisateurs</h2>'; |
|
if (count($messages) != 0) { |
foreach ($messages as $msg) { |
$html .= '<p class="alert alert-'.$msg['type'].'">'; |
$html .= $msg['txt'].'<br />'; |
$html .= '</p>'; |
} |
} |
if ($this->UserIsAdmin()) { |
if ($_GET['action'] == 'seeUserPage' && isset($userPages)) { |
if (count($userPages['pages']) > 0) { |
$html .= '<h3 id="user-pages-modal-label">'."Pages de l'utilisateur {$userPages['name']}".'</h3>'. |
'<p class="alert alert-info">Sélectionnez une ou plusieurs pages à supprimer et/ou versions à restaurer puis cliquer sur le bouton en bas de page.</p>'; |
|
$html .= '<form action="'.$actionLink.'" method="post">'; |
$html .= '<table class="table table-bordered"> |
<thead> |
<tr> |
<th>[supprimer] Page</th> |
<th>Propriétaire</th> |
<th>[restaurer] Version du</th> |
<th>Auteur modification</th> |
</tr> |
</thead>'; |
|
foreach ($userPages['pages'] as $page) { |
$html .= '<tr class="success">'. |
'<td>'. |
'<span class="has-tooltip" title="Supprimer la page '.$page['tag'].' et toutes ses versions !">'. |
'<input name="suppr[]" value="'.$page['tag'].'" type="checkbox"/>'. |
'</span> '. |
'<a href="'.$page['link'].'">'. |
$page['tag']. |
'</a>'. |
'</td>'. |
'<td>'.$page['owner'].'</td>'. |
'<td>'.$page['time'].'</td>'. |
'<td>'.$page['user'].'</td>'. |
'</tr>'; |
$revisionsNbre = count($page['revisions']); |
if ($revisionsNbre != 0) { |
for ($i = 1; $i < $revisionsNbre; $i++) { |
$revision = $page['revisions'][$i]; |
$html .= '<tr>'. |
'<td> </td>'. |
'<td>'.$revision['owner'].'</td>'. |
'<td>'. |
'<span class="has-tooltip" title="Restaurer la version du '.$revision['time'].' de la page '.$page["tag"].'">'. |
'<input name="rev[]" value="'.$revision['id'].'" type="checkbox"/> '. |
'</span>'. |
$revision['time']. |
'</td>'. |
'<td>'.$revision['user'].'</td>'. |
'</tr>'; |
} |
} |
} |
$html .= '</table> |
<div class="form-actions"> |
<button class="btn btn-danger has-tooltip" type="submit" name="action" value="deletePage" title="Supprime les pages sélectionnés ou restaure des anciennes versions"> |
Supprimer des pages et/ou restaurer des versions |
</button> |
</div> |
</form>'; |
} |
} else { |
$html .= '<form action="'.$origineLink.'" method="post">'; |
|
$html .= '<p class="alert alert-info">Sélectionnez un ou plusieurs utilisateurs à supprimer puis cliquer sur le bouton supprimer en bas de page.</p> |
<table class="table table-striped table-hover table-bordered table-condensed"> |
<thead> |
<tr> |
<th> </th> |
<th>Nom & Devise</th> |
<th>Courriel</th> |
<th>Inscription</th> |
<th> |
<span class="has-tooltip" title="Nombre de pages (hors archive) dont l\'utilisateur est le propriétaire.">Pages proprio.</span> |
/ |
<span class="has-tooltip" title="Nombre de pages toutes versions confondues modifiées par l\'utilisateur.">Modif.</span> |
</th> |
<th> |
<span class="has-tooltip" title="Nombre de révisions visible par l\'utilisateur">révisions</span> / |
<span class="has-tooltip" title="Nombre de changements visible par l\'utilisateur">changements</span> / |
<span class="has-tooltip" title="L\'utilisateur peut éditer les page en réalisant un double clic.">clic</span> / |
<span class="has-tooltip" title="L\'utilisateur veut voir les commentaires sur la page.">commentaire</span> |
</th> |
</tr> |
</thead> |
<tbody>'; |
if (isset($users_infos)) { |
foreach ($users_infos as $user) { |
$html .= '<tr> |
<td><input type="checkbox" name="users[]" value="'.$user['name'].'"/></td> |
<td>'. |
$user['name']. |
(empty($user['motto']) ? '' : '<br /><em><cite>'.$user['motto'].'</cite></em>'). |
'</td> |
<td><a href="mailto:'.$user['email'].'">'.$user['email'].'</a></td> |
<td>'.$user['signuptime'].'</td> |
<td>'. |
($user['has_pages'] ? '<a href="'.$user['pages_link'].'">' : ''). |
$user['pages_owner'].' / '.$user['pages_user']. |
($user['has_pages'] ? '</a>' : ''). |
'</td> |
<td>'.$user['revisioncount'].' / '.$user['changescount'].' / '.$user['doubleclickedit'].' / '.$user['show_comments'].'</td> |
</tr>'; |
} |
} |
$html .= '</tbody> |
</table> |
<div class="form-actions"> |
<button class="btn btn-danger has-tooltip" type="submit" name="action" value="deleteUser" title="Supprime les utilisateurs sélectionnés de la base de données"> |
Supprimer des utilisateurs |
</button> |
</div> |
</form>'; |
} |
} |
|
// Sortie |
echo isset($this->config['encoding']) ? mb_convert_encoding($html, $this->config['encoding'], 'iso-8859-15') : $html; |
|
// Functions & class |
class WikiAuthHttp { |
private $message_accueil; |
private $message_echec; |
private $identifiant; |
private $mot_de_passe; |
|
public function __construct($message_accueil, $message_echec, $identifiant, $mot_de_passe) { |
$this->message_accueil = $message_accueil; |
$this->message_echec = $message_echec; |
$this->identifiant = $identifiant; |
$this->mot_de_passe = $mot_de_passe; |
} |
|
public function authentifier() { |
$authentifie = $this->etreAutorise(); |
if ($authentifie === false) { |
$this->envoyerAuth(); |
} |
return $authentifie; |
} |
|
private function envoyerAuth() { |
header('HTTP/1.0 401 Unauthorized'); |
header('WWW-Authenticate: Basic realm="'.$this->message_accueil.'"'); |
header('Content-type: text/plain; charset=ISO-8859-15'); |
print $this->message_echec; |
exit(0); |
} |
|
private function etreAutorise() { |
$identifiant = $this->getAuthIdentifiant(); |
$mdp = $this->getAuthMotDePasse(); |
$autorisation = ($identifiant == $this->identifiant && $mdp == $this->mot_de_passe) ? true : false; |
return $autorisation; |
} |
|
private function getAuthIdentifiant() { |
$id = (isset($_SERVER['PHP_AUTH_USER'])) ? $_SERVER['PHP_AUTH_USER'] : null; |
return $id; |
} |
|
private function getAuthMotDePasse() { |
$mdp = (isset($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW'] : null; |
return $mdp; |
} |
} |
?> |