Blame | Last modification | View Log | RSS feed
<?php/*usersdeleting.phpCopyright 2002 Patrick PAULCopyright 2003 David DELON* Copyright 2013 Jean-Pascal MILCENTThis program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation; either version 2 of the License, or(at your option) any later version.This program is distributed in the hope that it will be useful,but WITHOUT ANY WARRANTY; without even the implied warranty ofMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See theGNU General Public License for more details.You should have received a copy of the GNU General Public Licensealong with this program; if not, write to the Free SoftwareFoundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/// Data managment$origineLink = $this->Href();$messages = array();if ($this->UserIsAdmin() === false) {$msg = "Il est nécessaire d'être administrateur de ce wikini pour accéder à la gestion des utilisateurs.";$messages[] = array('type' => 'warning', 'txt' => $msg);} else {$msg_accueil = "Zone de sécurité renforcé : identifiez vous avec l'identifiant et le mot de passe de connexion à la base de données de ce Wikini";$msg_echec = "Accès limité aux administrateurs de ce Wikini ayant accès aux paramètres d'installation (identifiant et mot de passe de la base de données).\n"."Votre tentative d'identification a échoué.\n"."Actualiser la page pour essayer à nouveau si vous avez en votre possession les paramètres nécessaires.";$wikiAuthHttp = new WikiAuthHttp($msg_accueil, $msg_echec, $this->config['mysql_user'], $this->config['mysql_password']);$wikiAuthHttp->authentifier();$prefix = $this->config['table_prefix'];// Data update, insert or deleteif (isset($_POST['action'])) {if ($_POST['action'] == 'deleteUser') {if (isset($_POST['users']) === false) {$messages[] = array('type' => 'error', 'txt' => 'Veuillez sélectionner au moins un utilisateur.');} else {$usersDeleted = array();$usersEscaped = array();foreach ($_POST['users'] as $user_name) {$usersDeleted[] = $user_name;$usersEscaped[] = "'".mysql_real_escape_string($user_name)."'";}$sqlUsersToDelete = implode(',', $usersEscaped);}$queryDeleteUser = "DELETE FROM {$prefix}users "."WHERE name IN ($sqlUsersToDelete) ";$this->Query($queryDeleteUser);$usersDeleted = implode(', ', $usersDeleted);if (empty($usersDeleted) == false) {$msg = "Les utilisateurs suivant ont été supprimés : $usersDeleted.";$messages[] = array('type' => 'success', 'txt' => $msg);}} else if ($_POST['action'] == 'deletePage') {$deletedPages = array();if (!empty($_POST['suppr'])) {foreach ($_POST['suppr'] as $page) {// Effacement de la page en utilisant la méthode DeleteOrphanedPage$this->DeleteOrphanedPage($page);$deletedPages[] = $page;}$deletedPages = implode(', ', $deletedPages);if (empty($deletedPages) == false) {$msg = "Les pages suivantes ont été supprimées : $deletedPages.";$messages[] = array('type' => 'success', 'txt' => $msg);}}$restoredPages = array();if (!empty($_POST['rev'])) {foreach ($_POST['rev'] as $rev_id) {// Sélectionne la révision$id = "'".mysql_real_escape_string($rev_id)."'";$query = 'SELECT * '."FROM {$prefix}pages "."WHERE id = $id ".'LIMIT 1';$revision = $this->LoadSingle($query);// Fait de la dernière version de cette révision une version archivée$tag = "'".mysql_real_escape_string($revision['tag'])."'";$queryUpdate ="UPDATE {$prefix}pages " ."SET latest = 'N' "."WHERE latest = 'Y' " ."AND tag = $tag " ."LIMIT 1";$this->Query($queryUpdate);$restoredPages[] = $revision['tag'];// add new revision$owner = "'".mysql_real_escape_string($revision['owner'] )."'";$user = "'".mysql_real_escape_string('WikiAdmin')."'";$body = "'".mysql_real_escape_string(chop($revision['body']))."'";$queryInsert = "INSERT INTO {$prefix}pages SET "."tag = $tag, "."time = NOW(), "."owner = $owner, "."user = $user, "."latest = 'Y', "."body = $body";$this->Query($queryInsert);}}$restoredPages = implode(', ', $restoredPages);if (empty($restoredPages) == false) {$msg = "Les pages suivantes ont été restaurées à une version antérieure: $restoredPages.";$messages[] = array('type' => 'success', 'txt' => $msg);}}}// Data loading$queryAllUsers = 'SELECT name, email, motto, revisioncount, changescount, doubleclickedit, signuptime, show_comments '."FROM {$prefix}users ".'ORDER BY signuptime DESC';$users = $this->LoadAll($queryAllUsers);$users_infos = array();foreach($users as $user) {$user_name = mysql_real_escape_string($user['name']);$result = $this->LoadSingle("SELECT COUNT(*) AS pages FROM {$prefix}pages WHERE user = '$user_name'");$user['pages_user'] = $result['pages'];$result = $this->LoadSingle("SELECT COUNT(*) AS pages FROM {$prefix}pages WHERE latest = 'Y' AND owner = '$user_name'");$user['pages_owner'] = $result['pages'];$user['has_pages'] = ($user['pages_user'] != 0 || $user['pages_owner'] != 0) ? true : false;$user['pages_link'] = $this->Href('', '', "action=seeUserPage&user={$user['name']}");$users_infos[] = $user;}if (count($users_infos) == 0) {$msg = "Ce Wikini ne possède pas d'utilisateur";$messages[] = array('type' => 'info', 'txt' => $msg);}if (isset($_GET['action'])) {if ($_GET['action'] == 'seeUserPage' && $_GET['user'] != '') {$actionLink = $this->Href('', '', "action=seeUserPage&user={$_GET['user']}");$userPages['name'] = $_GET['user'];$userName = "'".mysql_real_escape_string($_GET['user'])."'";$queryAllUserPages = "SELECT tag "."FROM {$prefix}pages "."WHERE owner = $userName OR "." user = $userName "."ORDER BY time DESC ";$pages = $this->LoadAll($queryAllUserPages);if (count($pages) == 0) {$msg = "Cet utilisateur ne possède plus aucune page.";$messages[] = array('type' => 'error', 'txt' => $msg);} else {foreach ($pages as $page) {if (! isset($userPages['pages'][$page['tag']])) {$pageTag = "'".mysql_real_escape_string($page['tag'])."'";$infos = $this->LoadSingle("SELECT * FROM {$prefix}pages WHERE tag = $pageTag AND latest = 'Y'");$infos['link'] = $this->Href('', $page['tag']);$infos['revisions'] = $this->LoadAll("SELECT * FROM {$prefix}pages WHERE tag = $pageTag ORDER BY time DESC");$userPages['pages'][$page['tag']] = $infos;}}}}}}// Template HTML$html = '';if ($_GET['action'] == 'seeUserPage') {$html .= '<ul class="breadcrumb"><li>Retour : </li><li><a href="'.$origineLink.'">Gestion des utilisateurs</a> <span class="divider">></span></li><li class="active">Pages utilisateur '.$userPages['name'].'</li></ul>';}$html .= '<h2>Gestion des utilisateurs</h2>';if (count($messages) != 0) {foreach ($messages as $msg) {$html .= '<p class="alert alert-'.$msg['type'].'">';$html .= $msg['txt'].'<br />';$html .= '</p>';}}if ($this->UserIsAdmin()) {if ($_GET['action'] == 'seeUserPage' && isset($userPages)) {if (count($userPages['pages']) > 0) {$html .= '<h3 id="user-pages-modal-label">'."Pages de l'utilisateur {$userPages['name']}".'</h3>'.'<p class="alert alert-info">Sélectionnez une ou plusieurs pages à supprimer et/ou versions à restaurer puis cliquer sur le bouton en bas de page.</p>';$html .= '<form action="'.$actionLink.'" method="post">';$html .= '<table class="table table-bordered"><thead><tr><th>[supprimer] Page</th><th>Propriétaire</th><th>[restaurer] Version du</th><th>Auteur modification</th></tr></thead>';foreach ($userPages['pages'] as $page) {$html .= '<tr class="success">'.'<td>'.'<span class="has-tooltip" title="Supprimer la page '.$page['tag'].' et toutes ses versions !">'.'<input name="suppr[]" value="'.$page['tag'].'" type="checkbox"/>'.'</span> '.'<a href="'.$page['link'].'">'.$page['tag'].'</a>'.'</td>'.'<td>'.$page['owner'].'</td>'.'<td>'.$page['time'].'</td>'.'<td>'.$page['user'].'</td>'.'</tr>';$revisionsNbre = count($page['revisions']);if ($revisionsNbre != 0) {for ($i = 1; $i < $revisionsNbre; $i++) {$revision = $page['revisions'][$i];$html .= '<tr>'.'<td> </td>'.'<td>'.$revision['owner'].'</td>'.'<td>'.'<span class="has-tooltip" title="Restaurer la version du '.$revision['time'].' de la page '.$page["tag"].'">'.'<input name="rev[]" value="'.$revision['id'].'" type="checkbox"/> '.'</span>'.$revision['time'].'</td>'.'<td>'.$revision['user'].'</td>'.'</tr>';}}}$html .= '</table><div class="form-actions"><button class="btn btn-danger has-tooltip" type="submit" name="action" value="deletePage" title="Supprime les pages sélectionnés ou restaure des anciennes versions">Supprimer des pages et/ou restaurer des versions</button></div></form>';}} else {$html .= '<form action="'.$origineLink.'" method="post">';$html .= '<p class="alert alert-info">Sélectionnez un ou plusieurs utilisateurs à supprimer puis cliquer sur le bouton supprimer en bas de page.</p><table class="table table-striped table-hover table-bordered table-condensed"><thead><tr><th> </th><th>Nom & Devise</th><th>Courriel</th><th>Inscription</th><th><span class="has-tooltip" title="Nombre de pages (hors archive) dont l\'utilisateur est le propriétaire.">Pages proprio.</span>/<span class="has-tooltip" title="Nombre de pages toutes versions confondues modifiées par l\'utilisateur.">Modif.</span></th><th><span class="has-tooltip" title="Nombre de révisions visible par l\'utilisateur">révisions</span> /<span class="has-tooltip" title="Nombre de changements visible par l\'utilisateur">changements</span> /<span class="has-tooltip" title="L\'utilisateur peut éditer les page en réalisant un double clic.">clic</span> /<span class="has-tooltip" title="L\'utilisateur veut voir les commentaires sur la page.">commentaire</span></th></tr></thead><tbody>';if (isset($users_infos)) {foreach ($users_infos as $user) {$html .= '<tr><td><input type="checkbox" name="users[]" value="'.$user['name'].'"/></td><td>'.$user['name'].(empty($user['motto']) ? '' : '<br /><em><cite>'.$user['motto'].'</cite></em>').'</td><td><a href="mailto:'.$user['email'].'">'.$user['email'].'</a></td><td>'.$user['signuptime'].'</td><td>'.($user['has_pages'] ? '<a href="'.$user['pages_link'].'">' : '').$user['pages_owner'].' / '.$user['pages_user'].($user['has_pages'] ? '</a>' : '').'</td><td>'.$user['revisioncount'].' / '.$user['changescount'].' / '.$user['doubleclickedit'].' / '.$user['show_comments'].'</td></tr>';}}$html .= '</tbody></table><div class="form-actions"><button class="btn btn-danger has-tooltip" type="submit" name="action" value="deleteUser" title="Supprime les utilisateurs sélectionnés de la base de données">Supprimer des utilisateurs</button></div></form>';}}// Sortieecho isset($this->config['encoding']) ? mb_convert_encoding($html, $this->config['encoding'], 'iso-8859-15') : $html;// Functions & classclass WikiAuthHttp {private $message_accueil;private $message_echec;private $identifiant;private $mot_de_passe;public function __construct($message_accueil, $message_echec, $identifiant, $mot_de_passe) {$this->message_accueil = $message_accueil;$this->message_echec = $message_echec;$this->identifiant = $identifiant;$this->mot_de_passe = $mot_de_passe;}public function authentifier() {$authentifie = $this->etreAutorise();if ($authentifie === false) {$this->envoyerAuth();}return $authentifie;}private function envoyerAuth() {header('HTTP/1.0 401 Unauthorized');header('WWW-Authenticate: Basic realm="'.$this->message_accueil.'"');header('Content-type: text/plain; charset=ISO-8859-15');print $this->message_echec;exit(0);}private function etreAutorise() {$identifiant = $this->getAuthIdentifiant();$mdp = $this->getAuthMotDePasse();$autorisation = ($identifiant == $this->identifiant && $mdp == $this->mot_de_passe) ? true : false;return $autorisation;}private function getAuthIdentifiant() {$id = (isset($_SERVER['PHP_AUTH_USER'])) ? $_SERVER['PHP_AUTH_USER'] : null;return $id;}private function getAuthMotDePasse() {$mdp = (isset($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW'] : null;return $mdp;}}?>