usermanage.class.php

开源MARC数据处理

<?php

/*
apr-03-2004
	[] pythoning
	[] i'm thinking of database security, following the phpmyadmin and phppgadmin style,
	make a secure which only has a select access but not insert, commit. there will be a user.user
	account for normal browsing. always select. this is a user with browse priviledge only.
	add a username and password to a certain table which has a browse capability at the phpmylibrary
	user database. for the computer to compare the encrypted password, if compared ok, will change
	the user to a more privildge access. so that accessing the username and password,example
	the pmauser and pmapass. allowing only to select on the user table. password is not shown. the password stored on the
	file system can not be used to drop the table or database. not required to login, use it by default, unless login is selected
	trigger to scan the user table again. not workable, sorry

apr-08-2004
	[] convert the holdings, users to code/id, not numbers. so that when the collection is corrupted the
	the programmer can still locate the overdued student trough their usercode. what i mean is, i will
	be putting the usercode as the primary key. the accession number, primary key also. just want to
	reconstruct everything with the use of postgres, after that will be the room for applying all the
	enhancements.
*/

Class UserMan
	{
	function UserMan() 
		{
		// Constructor
		// Initialize attributes
		$this->pol = '';
		$this->tbl = '';
		$this->dbc = '';
		$this->pml = '';
		$this->tpl = '';
		$this->usr = '';
		$this->web = '';
		$this->cat = '';
		$this->trn = '';
		$this->hld = '';
		$this->fdt = '';
		$this->_post = array();
		$this->_get = array();
		$this->_files = array();
		}
	function SetArgvs($_post=array(), $_get=array(), $_files=array())
		{
		$this->_post = $_post;
		$this->_get = $_get;
		$this->_files = $_files;
		}
	function SetNeededClasses($pol='', $pml='', $tpl='', $usr='', $web='', $cat='', $trn='', $hld='', $fdt='')
		{
		$this->pol = $pol;
		$this->dbc = $this->pol->DBGetConn();
		$this->tbl = $this->pol->DBGetTables();
		$this->pml = $pml;
		$this->tpl = $tpl;
		$this->usr = $usr;
		$this->web = $web;
		$this->cat = $cat;
		$this->trn = $trn;
		$this->hld = $hld;
		$this->fdt = $fdt;
		}
	function SelectVarName($id="", $varname="")
		{
		$table = $this->tbl;
		$users = $table['users'];
		$users_col = $table['users_column'];
		list($dbconn) = $this->dbc;
		$c=0;
		if(is_array($varname))
			{
				while(list($key,$value)=each($varname))
				{
				$col[$c] = $users_col[$value];
				$c++;
				}
			$cols = implode($col,",");
			}
		else 
			{
			$cols = "$users_col[$varname]";
			}
		$sql="select $cols from $users where $users_col[uid]=$id";
		$recordSet = $dbconn->Execute($sql);
		return $recordSet->fields;
		}
	function Actions()
		{
		global $action,$uid,$olduid;
		if( strcmp(trim($olduid),trim($uid)) !=0 && $this->pol->SessionGetVar('uid')==$olduid) $rem = '<b>You\'ve changed your UserID.<br><a href="user.php?q=logout">You must login again!</b></a><br><br>';
		if($action=="Add") $remarks = $this->Add();
		if($action=="Update") $remarks = $rem.$this->_Update();
		return $remarks;
		}
	function Manage()
		{
		global $user_type;
		global $dept_type;
		global $user_status;
		global $select_user;
		$uid = $this->pol->SessionGetVar('uid');
		$table = $this->tbl;
		list($dbconn) = $this->dbc;
		$users = $table['users'];
		$users_col = $table['users_column'];
		$cond='';
		if($select_user) $cond = "WHERE $users_col[type]=$select_user";
		$circ_cond='';
		if($select_user && $this->pol->SelectGID()==3) $circ_cond= " AND $users_col[gid]=1 ";
		if(!$select_user && $this->pol->SelectGID()==3) $circ_cond= " WHERE $users_col[gid]=1 ";
		$sql = "SELECT ";
		$sql .= "$users_col[uid], $users_col[uname], $users_col[fname], ";
		$sql .= "$users_col[lname],$users_col[dept], $users_col[status],$users_col[type], $users_col[gid] ";
		$sql .= "from $users $cond $circ_cond";
		global $num_of_rows_per_page_in_user_listing;
		$num_of_rows_per_page = $num_of_rows_per_page_in_user_listing;
		$rs = $dbconn->Execute($sql);
		$total =  $rs->RecordCount();
		$tlpage = $total/$num_of_rows_per_page;	
		if(gettype($tlpage)=="double") { settype($tlpage,"integer"); $tlpage++; }
		$this->pol->SessionSetVar('curr_page','');
		global $HTTP_GET_VARS;
		if (isset($HTTP_GET_VARS['next_page']))	$curr_page = $HTTP_GET_VARS['next_page'];
		if (empty($curr_page)) $curr_page = 1; 
		$recordSet = $dbconn->PageExecute($sql, $num_of_rows_per_page, $curr_page);
		if (!$recordSet) die('Query Failed');
		if (!$recordSet->AtFirstPage()) $prev = '<a href="'.$this->pol->GetModuleURL().$this->pol->Med().'div=usr&acc=priv&q=man&next_page='.($recordSet->AbsolutePage() - 1).'&select_user='.$select_user.'">Previous page</a>';	else $prev = "Previous page";
		if (!$recordSet->AtLastPage()) $next =  '<a href="'.$this->pol->GetModuleURL().$this->pol->Med().'div=usr&acc=priv&q=man&next_page='.($recordSet->AbsolutePage() + 1).'&select_user='.$select_user.'">Next page</a>'; else $next = "Next page";
		if($curr_page!=1) $fpage = '<a href="'.$this->pol->GetModuleURL().$this->pol->Med().'div=usr&acc=priv&q=man&next_page=1&select_user='.$select_user.'">First page</a>';  else $fpage = "First page";
		if($curr_page!=$tlpage) $lpage = '<a href="'.$this->pol->GetModuleURL().$this->pol->Med().'div=usr&acc=priv&q=man&next_page='.$tlpage.'&select_user='.$select_user.'">Last page</a>';  else $lpage = "Last page";
		$paging = "$curr_page / $tlpage of $total ";
		$pagination = "$paging | $fpage | $prev | $next | $lpage";
		$i=0;
		while(!$recordSet->EOF)
			{
			list($id,$uname,$fname,$lname, $dept, $status, $type) = $recordSet->fields;
			$bakto = "div=usr&acc=priv&q=man&next_page=$curr_page&select_user=$select_user";
			$bakto = $this->pml->BackToEncoder($bakto);
			$sessid = $this->pol->SecGenAuthKey();
			$edit  = "<a href=\"".$this->pol->GetModuleURL().$this->pol->Med()."div=usr&acc=priv&q=view&uid=".$id."&ac=e&bakto=".$bakto."&sessid=".$sessid."\" >";
			$edit .= "Edit</a>";
			$dele  = "<a href=\"".$this->pol->GetModuleURL().$this->pol->Med()."div=usr&acc=priv&q=dele&uid=".$id."&next_page=".$curr_page."&select_user=".$select_user."&bakto=".$bakto."&sessid=".$sessid."\" onclick=\"return confirmLink(this, '".$lname.", ".$fname."','Delete this user')\">";
			$dele .= "Delete</a>";
			$viewname  = "<a href=\"".$this->pol->GetModuleURL().$this->pol->Med()."div=usr&acc=priv&q=view&uid=".$id."&ac=v&bakto=".$bakto."&sessid=".$sessid."\" >";
			$viewname .= "$lname, $fname</a>";
			global $library_user_type;
			$group = $library_user_type[$type][3];
			$result[$i] = array("$viewname", $dept_type[$dept][2],$user_status[$status],$user_type[$type][5],"$group"," $edit | $dele");
			$i++;
			$recordSet->MoveNext();
			}
		$color = $this->pol->SelectColor();
		$bgcolor1 = $color[1];
		$bgcolor2 = $color[2];
		$bgcolor3 = $color[3];
		$ca = $this->pol->GetBaseURL().'polerio/inc';
		if($this->pol->PostNuke()) $ca = $this->pol->GetBaseURL().'modules/PhpMyLibrary/polerio/inc';
		$incl = "<script src=\"$ca/functions.js\" type=\"text/javascript\" language=\"javascript\"></script>";        
		$n=$select_user;
		$select_status = '<b>Select User Type</b>&nbsp;&nbsp;<select name="select_user" onchange="this.form.submit();">';
		$select_status .='';
		$select_status .= '<option value="">All</option>'."\n";
		for($i=0;$i<count($user_type);$i++)
			{
			if(($i+1)==$n) $selected="selected"; else $selected="";
			$select_status .= '<option value="'.($i+1).'" '.$selected.' >'.$user_type[($i+1)][5].'</option>'."\n";
			}
		$select_status .='</select>&nbsp;&nbsp;';
		$addnew = '<a href="'.$this->pol->GetModuleURL().$this->pol->Med().'div=usr&acc=priv&q=view&uid=&ac=a">Add New User</a>';
		$getmoduleurl = $this->pol->GetModuleURL();
		$tabletitle = "User Administration";
		$varStatic = "table1";
		$varDynamic = "loop";
		$template = $this->tpl->LoadTemplate($this->pol->GetModuleURI().'templates/usermanage.html');
		$vars = array("pol::getmoduleurl","pol::js","pol::bgcolor1","pol::bgcolor2","pol::bgcolor3",
				"pol::tabletitle","pol::fpage","pol::prev",
				"pol::next","pol::lpage","pol::bottom",
				"pol::currentlabel","pol::brief","pol::showing",
				"pol::widthl","pol::widthr","pol::top","pol::selectstatus","pol::addnew","pol::pagination"
				);
		$vals = array("$getmoduleurl","$incl","$bgcolor1","$bgcolor2","$bgcolor3",
				"$tabletitle","$fpage","$prev",
				"$next","$lpage","$bottom",
				"$_current_label","$brief","$showing",
				"$widthl","$widthr","$top","$select_status","$addnew","$pagination"
				);
		$template = $this->tpl->ReplaceStatic($template, $vars, $vals);
		$vars = array("pol::vdborrower","pol::vaccno","pol::vborrow","pol::vreturn","pol::vgroup","pol::vaction");
		$template = $this->tpl->DynamicRows($template, $varStatic, $varDynamic, $vars, $result);
		$template = $template;
		return $template;
		}
	function Update()
		{
		$upd = $this->_post;
		$table = $this->tbl;
		list($dbconn) = $this->dbc;
		$users = $table['users'];
		$users_col = $table['users_column'];
		if(!($upd[pass]==trim("**********"))) 
			{ 
			$upd[pass] = md5($upd[pass]);
			$pass = " $users_col[pass]='$upd[pass]',";
			}
		else 
			{
			$pass='';
			}
		$sql = "UPDATE $users ";
		$sql .= " set $users_col[uid]='$upd[uid]',$users_col[gid]='$upd[gid]',";
		$sql .= " $users_col[fname]='$upd[fname]',";
		$sql .= " $users_col[lname]='$upd[lname]',";
		$sql .= " $users_col[uname]='$upd[uname]',";
		$sql .= " $users_col[barcode]='$upd[barcode]',";
		$sql .= " $pass";
		$sql .= " $users_col[type]='$upd[type]',";
		$sql .= " $users_col[status]='$upd[status]',";
		$sql .= " $users_col[dept]='$upd[dept]',";
		$sql .= " $users_col[email]='$upd[email]',";
		$sql .= " $users_col[femail]='$upd[femail]',";
		$sql .= " $users_col[url]='$upd[url]',";
		$sql .= " $users_col[telno]='$upd[telno]',";
		$sql .= " $users_col[address]='$upd[address]',";
		$sql .= " $users_col[picture]='$upd[picture]'";	
		$sql .= "  WHERE $users_col[uid]=$upd[olduid]";
		$recordSet = $dbconn->Execute($sql);
		return $recordSet;
		}
	function Insert()
		{
		$upd = $this->_post;
		$table = $this->tbl;
		list($dbconn) = $this->dbc;
		$users = $table['users'];
		$users_col = $table['users_column'];
		$upd[pass] = md5($upd[pass]);
		$sql = "INSERT INTO $users ";
		$sql .= " ($users_col[uid],$users_col[gid],$users_col[fname],$users_col[lname],";
		$sql .= " $users_col[uname],$users_col[barcode],$users_col[pass],$users_col[type],";
		$sql .= " $users_col[status],$users_col[dept],$users_col[email],$users_col[femail],$users_col[url],";
		$sql .= " $users_col[telno],$users_col[address],$users_col[picture]) ";
		$sql .= " VALUES ( ";
		$sql .= " '$upd[uid]','$upd[gid]',";
		$sql .= " '$upd[fname]',";
		$sql .= " '$upd[lname]',";
		$sql .= " '$upd[uname]',";
		$sql .= " '$upd[barcode]',";
		$sql .= " '$upd[pass]',";
		$sql .= " '$upd[type]',";
		$sql .= " '$upd[status]',";
		$sql .= " '$upd[dept]',";
		$sql .= " '$upd[email]',";
		$sql .= " '$upd[femail]',";
		$sql .= " '$upd[url]',";
		$sql .= " '$upd[telno]',";
		$sql .= " '$upd[address]',";
		$sql .= " '$upd[picture]'";
		$sql .= " ) ";
		$recordSet = $dbconn->Execute($sql);
		return $recordSet;
		}
	function Delete($uid)
		{
		global $picture_dir;
		$table = $this->tbl;
		list($dbconn) = $this->dbc;
		list($picname) = $this->SelectVarName($uid, 'picture');
		$img_name = "$picture_dir/$picname";
		$img_file = @filesize($img_name);
		if($img_file) unlink($img_name);
		$users = $table['users'];
		$users_col = $table['users_column'];
		$sql = "DELETE FROM $users ";
		$sql .= " WHERE $users_col[uid]=$uid";