workgroup.php

一款基于PHP的网络日记程序。WikyBlog支持：多用户的 BLOG

<?php
defined('WikyBlog') or die("Not an entry point...");


/*

	IP addresses are not be allowed to get Full/Owner or Admin access 

*/

global $pageOwner,$dbObject,$jsNum,$lang,$wbConfig;
$page->displayTitle = $lang['user_permissions'];
$dbObject->links[$lang['permissions']] = '/Special/'.$pageOwner['username'].'/Permissions';
$dbObject->links[$lang['friends']] = '/Special/'.$pageOwner['username'].'/Friends';
$dbObject->links['?'] = 'User_Permissions';
$page->scripts[] = '/include/'.$jsNum.'/workgroup.js';

if( empty( $_POST['guest']) && !empty($_GET['guest']) ){
	$_POST['guest'] = $_GET['guest'];
}elseif(empty($_POST['guest']) ){
	$_POST['guest'] = '';
}

if( !isOwner(true,false) ) return false;

includeFile('search/all.php');

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//
//
//


	class workgroup extends query{
		var $group;
		
		function workGroup(){
			global $page, $pageOwner,$lang,$wbTables,$wbLinkPrefixStor;
			
			$page->css2 = true;
			$this->classes[] = 'class="tableRowOdd" ';
			$this->classes[] = 'class="tableRowEven" ';
			$this->searchUrl = $page->formAction = '/Special/'.$pageOwner['username'].'/Permissions';
			$this->overWrite['guest'] = false;
			
			if( isset($_GET['offset']) ){
				$page->formAction .= '?offset='.$_GET['offset'];
			}
			
			$this->formIdentifier = $wbLinkPrefixStor.toStorageUrl($this->searchUrl);
			
			$this->query = 'SELECT SQL_CALC_FOUND_ROWS ';
			$this->query .= 'guest, userlevel ';
			$this->query .= 'FROM '.$wbTables['workgroup'].' WHERE owner = "'.$pageOwner['username'].'" ORDER BY userlevel DESC, guest';
			browseSearch3($this,$lang['permissions']);
			
			//	tell users to finalize user permissions when a username is passed with $_GET
			if( isset($_GET['guest']) ){
				message('SET_PERMISSIONS',$_GET['guest']);
			}			
		}
		
		function mysqlFetch(&$result){
			return mysql_fetch_assoc($result);
		}
		
		function displayPre(){
			global $lang,$pageOwner;
	
			echo '<table id="update" border="0" style="margin-left:auto;margin-right:auto"><tr><td><b>';
			echo $lang['username_or_ip'];
			echo '</b>';
			echo '</th><td><b>';
			echo $lang['status'];
			echo '</b></th></tr><tr><td>';
			echo '<input type="text" name="guest" size="30" value="'. htmlspecialchars($_POST['guest']) .'" />';
			echo '</td><td>';
			echo ' <select name="level">';
			//we don't use userlevel here because we want to limit the privilege of adding admins
			if( isOwner(false,true) && strcasecmp($pageOwner['username'],$GLOBALS['wbAdminUser']) === 0 ){ 
				echo '<option value="'.$lang['admin'].'">'. $lang['admin'] .'</option>';
			}
			echo '<option value="'.$lang['workgroup']. '" selected="selected">'.$lang['workgroup'].'</option>';
			echo '<option value="'.$lang['full_owner'].'">'.$lang['full_owner'].'</option>';
			echo '<option value="'.$lang['banned'].'">'.$lang['ban'].'</option>';
			echo '</select>';
			echo ' <input type="submit" name="cmd" value="'.$lang['update_permissions'].'" />';
			echo '</td></tr><tr><td>';
			echo $lang['EX_USERNAMES'];
			echo '</td></tr></table>';
				 
			echo '<table cellspacing="0" width="100%" class="tableRows"><tr>';
			echo '<th>'.$lang['user'].'</th>';
			echo '<th>'.$lang['status'].'</th>';
			echo '<th colspan="2">'.$lang['view_users'].'</th>';
			echo '<th>'.$lang['options'].'</th>';
			echo '</tr>';
		}
		function displayEmpty(){
			global $lang;
			message('EMPTY_PERMISSIONS');
			return true;
		}
		function displayPost(&$prev,&$pages,&$next){
			echo '</table>';
			parent::displayPost($prev,$pages,$next);
		}
		
		function abbrevOutput($row,$i){
			global $lang;
			
			echo '<tr '.$this->classes[($i%2)].'>';
			echo '<td>'.toDisplay($row['guest']).'</td>';
			echo '<td>'.translateLevel($row['userlevel']).'</td>';
			
			$temp = wbStr_replace('.','',$row['guest']);
			if( !is_numeric($temp) ){
				echo '<td class="sm">'.wbLinks::local('/'.$row['guest'].'/Home',$lang['homepage']).'</td>';
				echo '<td class="sm">'.wbLinks::special('ControlPanel','control_panel','',$row['guest']).'</td>';
			}else{
				echo '<td> </td><td> </td>';
			}
			
			echo '<td class="sm">';
			echo '<a href="javascript:void(0)" onclick="changeUser(\''.$this->formIdentifier.'\',\''.$row['guest'].'\',\''.translateLevel($row['userlevel']).'\')">';
				echo '<img src="'.wbLinks::getDir('/imgs/icons/pencil.gif').'" title="'.$lang['change'].'">';
				echo '</a> ';
			
			echo '<input type="image" src="'.wbLinks::getDir('/imgs/icons/delete.gif').'" name="cmd['.$row['guest'].']" value="'.$lang['delete'].'" title="'.$lang['delete'].'"/>';
	
			echo '</td>';
			echo '</tr>';
		}
	}

//
//
//
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//
//
//

	function translateLevel($arg){
		global $page,$pageOwner,$lang;
		global $wbConfig;
	
		
		if(is_numeric($arg) ){
		
			switch((int)$arg){		
				//
				case 4:
				return $lang['admin'];
				
				case 3:
				return $lang['full_owner'];
				
				case 2:
				return $lang['workgroup'];
				
				case -1:
				return $lang['banned'];
				
				default:
					trigger_error('Unknown User Level: '.$arg);
				return $lang['undefined'];
			}
		}
		
		switch($arg){
			case $lang['admin'];
			
				if( isOwner(false,true) && strcasecmp($pageOwner['username'],$GLOBALS['wbAdminUser']) === 0 ){
					return 4;
				}else{
					return -1;
				}
				
			
			case $lang['full_owner'];
			return 3;
			
			
			case $lang['workgroup'];
			return 2;
			
			case $lang['banned'];
			default:
			return -1;
		}
		return;
	}
		
	
	//	Add User to database
	//
	//	can I do this with a single insert select?
	//
	function updatePermissions(){
		global $pageOwner,$wbTables;
	
		////////	0)	Check POST
			if( empty($_POST['guest']) ){
				message('ENTER_USERNAME');
				return;
			}
			
			$level = translateLevel($_POST['level']);
		
			
		////////	1)	IP or User
			$numDots = substr_count($_POST['guest'],'.');
			$ipTest = str_replace(array('.','%'),'',$_POST['guest']);
			if( ($numDots > 0) && is_numeric($ipTest) ){
				
				$isUsername = false;
				if( (int)$level >= 3 ){
					message('IP_WRONG_LEVEL');
					return;
				}
				$insertIParr = array();
				$pieces = explode('.',$_POST['guest']);
				//message(showArray($pieces));
				for($i = 0;$i <= 3;$i++){
					if( isset($pieces[$i]) ){
						$insertIParr[] = $pieces[$i];
					}else{
						$insertIParr[] = '%';
					}
				}
				$insertName = $messageName = implode('.',$insertIParr);
				
				//delete old
				$query = 'DELETE FROM '.$wbTables['workgroup'];
				$query .= 'WHERE `owner` = "'.wbDB::escape($pageOwner['username']).'" ';
				$query .= ' AND `guest` = "'.wbDB::escape($insertName).'" ';
				wbDB::runQuery($query);
				
				//add new
				$query = 'REPLACE INTO '.$wbTables['workgroup'].' (owner, guest, userlevel) VALUES (';
				$query .= ' "'. wbDB::escape($pageOwner['username']).'"';
				$query .= ', "'.wbDB::escape($insertName).'"';
				$query .= ', '.$level.')';
				
				
			}else{
				
				$insertName = toStorage($_POST['guest']);
				$messageName = $_POST['guest'];
				
				$isUsername = true;
				if( toStorage($insertName,true) == toStorage($pageOwner['username'],true) ){
					message('ALREADY_OWNER',$pageOwner['username']);
					return;
				}
				
				//delete old
				$query = 'DELETE FROM '.$wbTables['workgroup'];
				$query .= 'WHERE `owner` = "'.wbDB::escape($pageOwner['username']).'" ';
				$query .= ' AND `guest` = "'.wbDB::escape($insertName).'" ';
				wbDB::runQuery($query);
			
				//add new
				$query = 'REPLACE INTO '.$wbTables['workgroup'].' (owner, guest, userlevel) SELECT ';
				$query .= ' "'. wbDB::escape($pageOwner['username']).'"';
				$query .= ', username';
				$query .= ', '.$level;
				$query .= ' FROM '.$wbTables['users'];
				$query .= ' WHERE username = "'.wbDB::escape($insertName).'" ';
			}
			
			
			//message($query);
			wbDB::runQuery($query);
			$num = mysql_affected_rows();
			if( $num === 0 ){
				if($isUsername){
					message('NOT_A_USER',$messageName);
				}else{
					message('IP_NOT_ADDED',$messageName);
				}
			}elseif( $num === 2 ){
				message('UPDATED_PERMISSIONS',$messageName);
			}elseif( $num === 1){
				message('UPDATED_PERMISSIONS',$messageName);
				//message('ADDED_PERMISSIONS',$messageName);
			}else{
				trigger_error('User Permission Script did not work');
			}
			
			return;
	}
	
	
	
	function removeFromGroup(){
		global $pageOwner,$page,$wbTables;
		
		$_POST['guest'] = $page->cmdArg[0];
		
		
		$query = 'DELETE FROM '.$wbTables['workgroup'].' ';
		$query .= ' WHERE owner = "'.$pageOwner['username'].'" ';	
		$query .= ' AND guest = "'.toStorage($page->cmdArg[0]).'" ';
		$query .= ' LIMIT 1';
		wbDB::runQuery($query);
		$num = mysql_affected_rows();
		if( $num == 0 ){
			message('USER_NOT_REMOVED',$page->cmdArg[0]);
		}else{
			message('USER_REMOVED',$page->cmdArg[0]);
		}
		
	}
	
//
//
//
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//
//
//

	
	switch( $page->userCmd ){
		
		case 'delete':
		case 'removefromgroup':
		case wbStrtolower($lang['delete']);
			removeFromGroup();
		break;
		
		case wbStrtolower($lang['update_permissions']);
			updatePermissions();
		break;
		
	}
	new workgroup();