diff --git a/admin/system.php b/admin/system.php index c9dad4f5..4bfdcbe5 100644 --- a/admin/system.php +++ b/admin/system.php @@ -75,7 +75,7 @@ switch ($action) { } // is array /* Put in the current value */ - elseif (isset($current[$key])) { + elseif (isset($current[$key]) AND $key != 'config_version') { $line = $key . " = \"" . $current[$key] . "\""; unset($current[$key]); } // if set diff --git a/admin/users.php b/admin/users.php index 4aa8aff8..268aa075 100644 --- a/admin/users.php +++ b/admin/users.php @@ -1,7 +1,7 @@ has_access(100)) { } -$action = scrub_in($_REQUEST['action']); - +$action = scrub_in($_REQUEST['action']); +$user_id = scrub_in($_REQUEST['user_id']); show_template('header'); -$user_id = scrub_in($_REQUEST['user']); -$temp_user = new User($user_id); - +// Switch on the actions switch ($action) { case 'edit': if (conf('demo_mode')) { break; } - $username = $temp_user->username; - $fullname = $temp_user->fullname; - $email = $temp_user->email; - $access = $temp_user->access; - $id = $temp_user->id; + $working_user = new User($user_id); require_once(conf('prefix') . '/templates/show_edit_user.inc.php'); break; case 'update_user': if (conf('demo_mode')) { break; } /* Clean up the variables */ - $username = scrub_in($_REQUEST['new_username']); - $fullname = scrub_in($_REQUEST['new_fullname']); - $email = scrub_in($_REQUEST['new_email']); - $access = scrub_in($_REQUEST['user_access']); - $pass1 = scrub_in($_REQUEST['new_password_1']); - $pass2 = scrub_in($_REQUEST['new_password_2']); + $user_id = scrub_in($_REQUEST['user_id']); + $username = scrub_in($_REQUEST['username']); + $fullname = scrub_in($_REQUEST['fullname']); + $email = scrub_in($_REQUEST['email']); + $access = scrub_in($_REQUEST['access']); + $pass1 = scrub_in($_REQUEST['password_1']); + $pass2 = scrub_in($_REQUEST['password_2']); /* Setup the temp user */ - $thisuser = new User($username); + $working_user = new User($user_id); /* Verify Input */ if (empty($username)) { @@ -70,40 +65,36 @@ switch ($action) { /* If we've got an error then break! */ if ($GLOBALS['error']->error_state) { - $username = $thisuser->username; - $fullname = $thisuser->fullname; - $email = $thisuser->email; - $access = $thisuser->access; - $type = 'edit_user'; require_once(conf('prefix') . '/templates/show_edit_user.inc.php'); break; } // if we've had an oops! - if ($access != $thisuser->access) { - $thisuser->update_access($access); + if ($access != $working_user->access) { + $working_user->update_access($access); } - if ($email != $thisuser->email) { - $thisuser->update_email($email); + if ($email != $working_user->email) { + $working_user->update_email($email); } - if ($username != $thisuser->username) { - $thisuser->update_username($username); + if ($username != $working_user->username) { + $working_user->update_username($username); } - if ($fullname != $user->fullname) { - $thisuser->update_fullname($fullname); + if ($fullname != $working_user->fullname) { + $working_user->update_fullname($fullname); } if ($pass1 == $pass2 && strlen($pass1)) { - $thisuser->update_password($pass1); + $working_user->update_password($pass1); } - show_confirmation("User Updated", $thisuser->username . "'s information has been updated","admin/users.php"); + + show_confirmation(_('User Updated'), $working_user->fullname . "(" . $working_user->username . ")" . _('updated'),'admin/users.php'); break; case 'add_user': if (conf('demo_mode')) { break; } - $username = scrub_in($_REQUEST['new_username']); - $fullname = scrub_in($_REQUEST['new_fullname']); - $email = scrub_in($_REQUEST['new_email']); - $access = scrub_in($_REQUEST['user_access']); - $pass1 = scrub_in($_REQUEST['new_password_1']); - $pass2 = scrub_in($_REQUEST['new_password_2']); + $username = scrub_in($_REQUEST['username']); + $fullname = scrub_in($_REQUEST['fullname']); + $email = scrub_in($_REQUEST['email']); + $access = scrub_in($_REQUEST['access']); + $pass1 = scrub_in($_REQUEST['password_1']); + $pass2 = scrub_in($_REQUEST['password_2']); if (($pass1 !== $pass2)) { $GLOBALS['error']->add_error('password',_("Error Passwords don't match")); } @@ -139,18 +130,19 @@ switch ($action) { break; case 'delete': if (conf('demo_mode')) { break; } + $working_user = new User($user_id); show_confirmation(_('Deletion Request'), - _("Are you sure you want to permanently delete") . " $temp_user->fullname ($temp_user->username) ?", - "admin/users.php?action=confirm_delete&user=$temp_user->id"); + _('Are you sure you want to permanently delete') . " $working_user->fullname ($working_user->username)?", + "admin/users.php?action=confirm_delete&user_id=$user_id",1); break; case 'confirm_delete': if (conf('demo_mode')) { break; } - if ($_REQUEST['confirm'] == _("No")) { show_manage_users(); break; } - if ($temp_user->delete()) { - show_confirmation(_("User Deleted"), "$temp_user->username has been Deleted","admin/users.php"); + $working_user = new User($_REQUEST['user_id']); + if ($working_user->delete()) { + show_confirmation(_('User Deleted'), "$working_user->username has been Deleted","admin/users.php"); } else { - show_confirmation(_("Delete Error"), _("Unable to delete last Admin User"),"admin/users.php"); + show_confirmation(_('Delete Error'), _("Unable to delete last Admin User"),"admin/users.php"); } break; /* Show IP History for the Specified User */ @@ -166,23 +158,42 @@ switch ($action) { break; case 'show_add_user': if (conf('demo_mode')) { break; } - $type = 'new_user'; - require_once(conf('prefix') . '/templates/show_edit_user.inc.php'); + require_once(conf('prefix') . '/templates/show_add_user.inc.php'); break; - case 'update': - case 'disabled': - if (conf('demo_mode')) { break; } - $level = scrub_in($_REQUEST['level']); - $thisuser = new User($_REQUEST['user']); - if ($GLOBALS['user']->has_access(100)) { - $thisuser->update_access($level); + case 'enable': + $working_user = new User($user_id); + $working_user->enable(); + show_confirmation(_('User Enabled'),'','admin/users.php'); + break; + case 'disable': + $working_user = new User($user_id); + if ($working_user->disable()) { + show_confirmation(_('User Disabled'),'','admin/users.php'); + } + else { + show_confirmation(_('Error'),_('Unable to Disabled last Administrator'),'admin/users.php'); } - show_manage_users(); break; default: - show_manage_users(); + // Setup the View Object + $view = new View(); + $view->import_session_view(); + + // If we are returning + if ($_REQUEST['keep_view']) { + $view->initialize(); + } + else { + $sql = "SELECT `id` FROM `user`"; + $db_results = mysql_query($sql,dbh()); + $total_items = mysql_num_rows($db_results); + $view = new View($sql,'admin/users.php','fullname',$total_items,$_SESSION['userdata']['offset_limit']); + } + + $users = get_users($view->sql); + require_once(conf('prefix') . '/templates/show_users.inc.php'); break; -} +} // end switch on action /* Show the footer */ show_footer(); diff --git a/albums.php b/albums.php index e9dc3714..d1ce647b 100644 --- a/albums.php +++ b/albums.php @@ -31,7 +31,7 @@ if(isset($_REQUEST['match'])) $match = scrub_in($_REQUEST['match']); if(isset($_REQUEST['album'])) $album = scrub_in($_REQUEST['album']); if(isset($_REQUEST['artist'])) $artist = scrub_in($_REQUEST['artist']); $_REQUEST['artist_id'] = scrub_in($_REQUEST['artist_id']); -$min_album_size = conf('min_album_size'); +$min_album_size = conf('min_object_count'); if ($min_album_size == '') { $min_album_size = '0'; } diff --git a/config/ampache.cfg.php.dist b/config/ampache.cfg.php.dist index 5fb88847..7d5b07a2 100644 --- a/config/ampache.cfg.php.dist +++ b/config/ampache.cfg.php.dist @@ -7,7 +7,7 @@ # if this config file is up to date # this is compared against a value hardcoded # into the init script -config_version = 1 +config_version = 2 #################### # Path Vars # @@ -82,6 +82,13 @@ auth_methods = "mysql" # Program Settings # ###################### +# File Pattern +# This defines which file types Ampache will attempt to catalog +# You can specify any file extension you want in here seperating them +# with a | +# DEFAULT: mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv +catalog_file_pattern = "mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv" + # Use Access List # Toggle this on if you want ampache to pay attention to the access list # and only allow streaming/downloading/xml-rpc from known hosts by default @@ -143,13 +150,15 @@ require_session = "true" # ampache will default to the first tag format # that was found. # POSSIBLE VALUES: id3v1 id3v2 file vorbiscomment -# quicktime ape -# DEFAULT: id3v2,id3v1 +# quicktime ape asf +# DEFAULT: id3v2,id3v1 vorbiscomment quicktime ape +# asf tag_order = id3v2 tag_order = id3v1 tag_order = vorbiscomment tag_order = quicktime tag_order = ape +tag_order = asf #tag_order = file # Un comment if don't want ampache to follow symlinks diff --git a/docs/CHANGELOG b/docs/CHANGELOG index ee313a47..c0e9e2b6 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -2,6 +2,15 @@ --------- Ampache -- CHANGELOG --------- -------------------------------------------------------------------------- +-------------------------------------------------------------------------- + v.3.4-Alpha1 + - Fixed a problem where config re-gen wouldn't update the current + version + - Changed database to fix some user tracking issues + - Added date to user_vote to allow for sorting by vote date on + democratic play + - Added Label, Catalog # and Language to song extended data table + -------------------------------------------------------------------------- v.3.3.3 01/26/2007 - Updated the SQL file for stable release diff --git a/images/icon_add_user.png b/images/icon_add_user.png new file mode 100644 index 00000000..deae99bc Binary files /dev/null and b/images/icon_add_user.png differ diff --git a/images/icon_delete.png b/images/icon_delete.png index ebad933c..afe22ba9 100644 Binary files a/images/icon_delete.png and b/images/icon_delete.png differ diff --git a/index.php b/index.php index f2b539b0..f6eef67b 100644 --- a/index.php +++ b/index.php @@ -1,7 +1,7 @@ username); + $user_id = scrub_out($GLOBALS['user']->id); $song_id = $this->id; if (conf('require_session')) { @@ -837,7 +837,7 @@ class Song { } } - $url = $web_path . "/play/index.php?song=$song_id&uid=$username$session_string$ds_string&name=/$song_name"; + $url = $web_path . "/play/index.php?song=$song_id&uid=$user_id$session_string$ds_string&name=/$song_name"; return $url; diff --git a/lib/class/update.class.php b/lib/class/update.class.php index bb357806..c2dd6c5f 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -347,6 +347,14 @@ class Update { $version[] = array('version' => '333004','description' => $update_string); + $update_string = '- Moved back to ID for user tracking internally.
' . + '- Added date to user_vote to allow sorting by vote time.
' . + '- Added Random Method and Object Count Preferences.
' . + '- Removed some unused tables/fields.
' . + '- Added Label, Catalog # and Language to Extended Song Data Table
'; + + $version[] = array('version' => '340001','description' => $update_string); + return $version; } // populate_version @@ -393,6 +401,9 @@ class Update { /* Nuke All Active session before we start the mojo */ $sql = "DELETE * FROM session"; $db_results = mysql_query($sql, dbh()); + + // Prevent the script from timing out, which could be bad + set_time_limit(0); /* Verify that there are no plugins installed //FIXME: provide a link to remove all plugins, otherwise this could turn into a catch 22 @@ -1284,7 +1295,7 @@ class Update { $user = new User(0); while ($results = mysql_fetch_array($db_results)) { - $user->fix_preferences($results[0]); + $user->username_fix_preferences($results[0]); } @@ -1658,7 +1669,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results /* Last but not least revert play types to downsample or stream */ @@ -1694,7 +1705,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results $this->set_version('db_version','332011'); @@ -1835,7 +1846,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results $this->set_version('db_version','332012'); @@ -1975,7 +1986,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results /* Store all current Stats */ @@ -2111,7 +2122,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results /* Drop the unused user_catalog table */ @@ -2143,7 +2154,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results $this->set_version('db_version','333003'); @@ -2174,12 +2185,236 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results $this->set_version('db_version','333004'); } // update_333004 + /** + * update_340001 + * This update moves back to the ID for user UID and + * adds date to the user_vote so that it can be sorted + * correctly + */ + function update_340001() { + + + // Build the User -> ID map using the username as the key + $sql = "SELECT `id`,`username` FROM `user`"; + $db_results = mysql_query($sql,dbh()); + + $user_array = array(); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['username']; + $user_array[$username] = sql_escape($r['id']); + } // end while + + // Alter the user table so that you can't have an ID beyond the + // range of the other tables which have to allow for -1 + $sql = "ALTER TABLE `user` CHANGE `id` `id` INT ( 11 ) NOT NULL AUTO_INCREMENT"; + $db_results = mysql_query($sql,dbh()); + + // Now pull the access list users, alter table and then re-insert + $sql = "SELETE DISTINCT(`user`) FROM `access_list`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + // Build the new SQL + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `access_list` SET `user`='$user_id' WERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while access_list + + // Alter the table + $sql = "ALTER TABLE `access_list` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now pull flagged users, update and alter + $sql = "SELECT DISTINCT(`user`) FROM `flagged`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `flagged` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `flagged` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + + // Now fix up the ip history + $sql = "SELECT DISTINCT(`user`) FROM `ip_history`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `ip_history` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `ip_history` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now fix now playing + $sql = "SELECT DISTINCT(`user`) FROM `now_playing`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `now_playing` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `now_playing` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now fix the playlist table + $sql = "SELECT DISTINCT(`user`) FROM `playlist`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `playlist` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `playlist` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Drop unused table + $sql = "DROP TABLE `playlist_permission`"; + $db_results = mysql_query($sql,dbh()); + + // Now fix the ratings table + $sql = "SELECT DISTINCT(`user`) FROM `ratings`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `ratings` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + $sql = "ALTER TABLE `ratings` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now work on the tag_map + $sql = "ALTER TABLE `tag_map` CHANGE `user_id` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now fix user preferences + $sql = "SELECT DISTINCT(`user`) FROM `user_preference`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `user_preference` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `user_preference` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Add a date to the user_vote + $sql = "ALTER TABLE `user_vote` ADD `date` INT( 11 ) UNSIGNED NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Add the index for said field + $sql = "ALTER TABLE `user_vote` ADD INDEX(`date`)"; + $db_results = mysql_query($sql,dbh()); + + // Add the thumb fields to album + $sql = "ALTER TABLE `album` ADD `thumb` TINYBLOB NULL ,ADD `thumb_mime` VARCHAR( 128 ) NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now add in the min_object_count preference and the random_method + $sql = "INSERT INTO `preferences` (`name`,`value`,`description`,`level`,`type`,`catagory`) " . + "VALUES('min_object_count','0','Min Element Count','5','integer','interface')"; + $db_results = mysql_query($sql,dbh()); + + $sql = "INSERT INTO `preferences` (`name`,`value`,`description`,`level`,`type`,`catagory`) " . + "VALUES('random_method','default','Random Method','5','string','interface')"; + $db_results = mysql_query($sql,dbh()); + + // Delete old preference + $sql = "DELETE FROM `preferences` WHERE `name`='min_album_size'"; + $db_results = mysql_query($sql,dbh()); + + // Make Hash a non-required field and smaller + $sql = "ALTER TABLE `song` CHANGE `hash` `hash` VARCHAR ( 64 ) NULL"; + $db_results = mysql_query($sql,dbh()); + + // Make user access an int, nothing else + $sql = "UPDATE `user` SET `access`='100' WHERE `access`='admin'"; + $db_results = mysql_query($sql,dbh()); + + $sql = "UPDATE `user` SET `access`='25' WHERE `access`='user'"; + $db_results = mysql_query($sql,dbh()); + + $sql = "UPDATE `user` SET `access`='5' WHERE `access`='guest'"; + $db_results = mysql_query($sql,dbh()); + + // Alter the table + $sql = "ALTER TABLE `user` CHANGE `access` `access` TINYINT ( 4 ) UNSIGNED NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Add in Label and Catalog # and language + $sql = "ALTER TABLE `song_ext_data` ADD `label` VARCHAR ( 128 ) NULL, ADD `catalog_number` VARCHAR ( 128 ) NULL, ADD `language` VARCHAR ( 128 ) NULL"; + $db_results = mysql_query($sql,dbh()); + + /* Fix every users preferences */ + $sql = "SELECT `id` FROM `user`"; + $db_results = mysql_query($sql,dbh()); + + $user = new User(); + $user->fix_preferences('-1'); + + while ($r = mysql_fetch_assoc($db_results)) { + $user->fix_preferences($r['id']); + } // while results + + $this->set_version('db_version','340001'); + + return true; + + } //update_340001 + } // end update class ?> diff --git a/lib/class/user.class.php b/lib/class/user.class.php index 97ae99c9..87fa825c 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -47,18 +47,17 @@ class User { * class, it currently takes a username * //FIXME take UID */ - function User($username=0) { + function User($id=0) { - if (!$username) { + if (!$id) { return true; } - $this->username = sql_escape($username); + $this->id = $id; $info = $this->_get_info(); if (!count($info)) { return false; } - $this->id = $this->username; $this->uid = $info->id; $this->username = $info->username; $this->fullname = $info->fullname; @@ -82,13 +81,9 @@ class User { */ function _get_info() { - /* Hack during transition back to UID for user creation */ - if (is_numeric($this->username)) { - $sql = "SELECT * FROM user WHERE id='" . $this->username . "'"; - } - else { - $sql = "SELECT * FROM user WHERE username='$this->username'"; - } + $id = sql_escape($this->id); + + $sql = "SELECT * FROM `user` WHERE `id`='" . $id . "'"; $db_results = mysql_query($sql, dbh()); @@ -108,7 +103,7 @@ class User { function get_preferences($user_id=0,$type=0) { if (!$user_id) { - $user_id = $this->username; + $user_id = $this->id; } if (!conf('use_auth')) { $user_id = '-1'; } @@ -279,7 +274,7 @@ class User { */ function is_logged_in() { - $sql = "SELECT id FROM session WHERE username='$this->username'" . + $sql = "SELECT id FROM session WHERE `id`='$this->id'" . " AND expire > ". time(); $db_results = mysql_query($sql,dbh()); @@ -298,13 +293,9 @@ class User { */ function has_access($needed_level) { - if ($this->access == "admin") { $level = 100; } - elseif ($this->access == "user") { $level = 25; } - else { $level = $this->access; } - if (!conf('use_auth') || conf('demo_mode')) { return true; } - if ($level >= $needed_level) { return true; } + if ($this->access >= $needed_level) { return true; } return false; @@ -377,7 +368,7 @@ class User { function update_username($new_username) { $new_username = sql_escape($new_username); - $sql = "UPDATE user SET username='$new_username' WHERE username='$this->username'"; + $sql = "UPDATE `user` SET `username`='$new_username' WHERE `id`='$this->id'"; $this->username = $new_username; $db_results = mysql_query($sql, dbh()); @@ -392,7 +383,7 @@ class User { function update_validation($new_validation) { $new_validation = sql_escape($new_validation); - $sql = "UPDATE user SET validation='$new_validation',disabled='1' WHERE username='$this->username'"; + $sql = "UPDATE user SET validation='$new_validation',disabled='1' WHERE `id`='$this->id'"; $this->validation = $new_validation; $db_results = mysql_query($sql, dbh()); @@ -407,7 +398,7 @@ class User { function update_fullname($new_fullname) { $new_fullname = sql_escape($new_fullname); - $sql = "UPDATE user SET fullname='$new_fullname' WHERE username='$this->id'"; + $sql = "UPDATE user SET fullname='$new_fullname' WHERE `id`='$this->id'"; $db_results = mysql_query($sql, dbh()); } // update_fullname @@ -419,7 +410,7 @@ class User { function update_email($new_email) { $new_email = sql_escape($new_email); - $sql = "UPDATE user SET email='$new_email' WHERE username='$this->id'"; + $sql = "UPDATE user SET email='$new_email' WHERE `id`='$this->id'"; $db_results = mysql_query($sql, dbh()); } // update_email @@ -431,11 +422,47 @@ class User { function update_offset($new_offset) { $new_offset = sql_escape($new_offset); - $sql = "UPDATE user SET offset_limit='$new_offset' WHERE username='$this->id'"; + $sql = "UPDATE user SET offset_limit='$new_offset' WHERE `id`='$this->id'"; $db_results = mysql_query($sql, dbh()); } // update_offset + /** + * disable + * This disables the current user + */ + function disable() { + + // Make sure we aren't disabling the last admin + $sql = "SELECT `id` FROM `user` WHERE `disabled` = '0' AND `id` != '" . $this->id . "' AND `access`='100'"; + $db_results = mysql_query($sql,dbh()); + + if (!mysql_num_rows($db_results)) { return false; } + + $sql = "UPDATE `user` SET `disabled`='1' WHERE id='" . $this->id . "'"; + $db_results = mysql_query($sql,dbh()); + + // Delete any sessions they may have + $sql = "DELETE FROM `session` WHERE `username`='" . sql_escape($this->username) . "'"; + $db_results = mysql_query($sql,dbh()); + + return true; + + } // disable + + /** + * enable + * this enables the current user + */ + function enable() { + + $sql = "UPDATE `user` SET `disabled`='0' WHERE id='" . $this->id . "'"; + $db_results = mysql_query($sql,dbh()); + + return true; + + } // enable + /** * update_access * updates their access level @@ -443,37 +470,16 @@ class User { */ function update_access($new_access) { - /* Check for all disable */ - if ($new_access == 'disabled') { - $sql = "SELECT username FROM user WHERE disabled != '1' AND username != '$this->username'"; - $db_results = mysql_query($sql,dbh()); - if (!mysql_num_rows($db_results)) { return false; } - } - /* Prevent Only User accounts */ - if ($new_access == 'user') { + if ($new_access == '25') { $sql = "SELECT username FROM user WHERE (access='admin' OR access='100') AND username != '$this->username'"; $db_results = mysql_query($sql, dbh()); if (!mysql_num_rows($db_results)) { return false; } } - if ($new_access == 'enabled') { - $new_access = sql_escape($new_access); - $sql = "UPDATE user SET disabled='0' WHERE username='$this->username'"; - $db_results = mysql_query($sql, dbh()); - - } - elseif ($new_access == 'disabled') { - $sql = "UPDATE user SET disabled='1' WHERE username='$this->username'"; - $db_results = mysql_query($sql, dbh()); - $sql = "DELETE FROM session WHERE username='" . sql_escape($this->username) . "'"; - $db_results = mysql_query($sql, dbh()); - } - else { - $new_access = sql_escape($new_access); - $sql = "UPDATE user SET access='$new_access' WHERE username='$this->username'"; - $db_results = mysql_query($sql, dbh()); - } + $new_access = sql_escape($new_access); + $sql = "UPDATE `user` SET `access`='$new_access' WHERE `id`='$this->id'"; + $db_results = mysql_query($sql, dbh()); } // update_access @@ -483,7 +489,7 @@ class User { */ function update_last_seen() { - $sql = "UPDATE user SET last_seen='" . time() . "' WHERE username='$this->username'"; + $sql = "UPDATE user SET last_seen='" . time() . "' WHERE `id`='$this->id'"; $db_results = mysql_query($sql, dbh()); } // update_last_seen @@ -583,10 +589,13 @@ class User { if (!$db_results) { return false; } - /* Populates any missing preferences, in this case all of them */ - $this->fix_preferences($username); + // Get the insert_id + $insert_id = mysql_insert_id(dbh()); - return $username; + /* Populates any missing preferences, in this case all of them */ + $this->fix_preferences($insert_id); + + return $insert_id; } // create @@ -714,16 +723,100 @@ class User { } // format_recommendations /** - * fix_preferences - * this makes sure that the specified user - * has all the correct preferences. This function - * should be run whenever a system preference is run - * it's a cop out... FIXME! - * @todo Fix it so this isn't a hack - * @package User - * @catagory Class + * fix_preferences + * This is the new fix_preferences function, it does the following + * Remove Duplicates from user, add in missing + * If -1 is passed it also removes duplicates from the `preferences` + * table. */ function fix_preferences($user_id=0) { + + if (!$user_id) { + $user_id = $this->id; + } + + $user_id = sql_escape($user_id); + + /* Get All Preferences for the current user */ + $sql = "SELECT * FROM `user_preference` WHERE `user`='$user_id'"; + $db_results = mysql_query($sql,dbh()); + + $results = array(); + + while ($r = mysql_fetch_assoc($db_results)) { + $pref_id = $r['preference']; + /* Check for duplicates */ + if (isset($results[$pref_id])) { + $r['value'] = sql_escape($r['value']); + $sql = "DELETE FROM `user_preference` WHERE `user`='$user_id' AND `preference`='" . $r['preference'] . "' AND" . + " `value`='" . sql_escape($r['value']) . "'"; + $delete_results = mysql_query($sql,dbh()); + } // if its set + else { + $results[$pref_id] = 1; + } + } // end while + + /* If we aren't the -1 user before we continue grab the -1 users values */ + if ($user_id != '-1') { + $sql = "SELECT `user_preference.preference`,`user_preference.value` FROM `user_preference`,`preferences` " . + "WHERE `user_preference.preference` = `preferences.id` AND `user_preference.user`='-1' AND `preferences.catagory` !='system'"; + $db_results = mysql_query($sql, dbh()); + /* While through our base stuff */ + while ($r = mysql_fetch_object($db_results)) { + $zero_results[$r->preference] = $r->value; + } + } // if not user -1 + + // get me _EVERYTHING_ + $sql = "SELECT * FROM `preferences`"; + + // If not system, exclude system... *gasp* + if ($user_id != '-1') { + $sql .= " WHERE catagory !='system'"; + } + $db_results = mysql_query($sql, dbh()); + + while ($r = mysql_fetch_object($db_results)) { + + /* Check if this preference is set */ + if (!isset($results[$r->id])) { + if (isset($zero_results[$r->id])) { + $r->value = $zero_results[$r->id]; + } + $value = sql_escape($r->value); + $sql = "INSERT INTO user_preference (`user`,`preference`,`value`) VALUES ('$user_id','$r->id','$value')"; + $insert_db = mysql_query($sql, dbh()); + } + } // while preferences + + /* Let's also clean out any preferences garbage left over */ + $sql = "SELECT DISTINCT(user_preference.user) FROM user_preference " . + "LEFT JOIN user ON user_preference.user = user.id " . + "WHERE user_preference.user!='-1' AND user.id IS NULL"; + $db_results = mysql_query($sql, dbh()); + + $results = array(); + + while ($r = mysql_fetch_assoc($db_results)) { + $results[] = $r['user']; + } + + foreach ($results as $data) { + $sql = "DELETE FROM user_preference WHERE user='$data'"; + $db_results = mysql_query($sql, dbh()); + } + + + } // fix_preferences + + /** + * username_fix_preferences + * this is an old function that takes a username + * and fixes the preferences based on that it is no longer + * used by has to be maintained due to the update class + */ + function username_fix_preferences($user_id=0) { if (!$user_id) { $user_id = $this->username; diff --git a/lib/general.lib.php b/lib/general.lib.php index e55af3cb..e0070839 100644 --- a/lib/general.lib.php +++ b/lib/general.lib.php @@ -996,7 +996,7 @@ function invert_boolean($value) { */ function get_user_from_username($username) { - $sql = "SELECT id FROM user WHERE username='" . sql_escape($username) . "'"; + $sql = "SELECT `id` FROM `user` WHERE `username`='" . sql_escape($username) . "'"; $db_results = mysql_query($sql, dbh()); $results = mysql_fetch_assoc($db_results); diff --git a/lib/init.php b/lib/init.php index 49ff4a79..6d8c9158 100644 --- a/lib/init.php +++ b/lib/init.php @@ -1,7 +1,7 @@ uid AND !conf('demo_mode')) { logout(); exit; } @@ -303,7 +279,7 @@ else { session_id(scrub_in($_REQUEST['sessid'])); session_start(); } - $user = new user($sess_results['username']); + $user = get_user_from_username($sess_results['username']); init_preferences(); } diff --git a/lib/ui.lib.php b/lib/ui.lib.php index f676adc5..8a928e3b 100644 --- a/lib/ui.lib.php +++ b/lib/ui.lib.php @@ -1,7 +1,7 @@ import_session_view(); - - // if we are returning - if ($_REQUEST['keep_view']) { - $view->initialize(); - } - // If we aren't keeping the view then initlize it - else { - $sql = "SELECT username FROM user"; - $db_results = mysql_query($sql, $dbh); - $total_items = mysql_num_rows($db_results); - if ($match != "Show_all") { $offset_limit = $_SESSION['userdata']['offset_limit']; } - $view = new View($sql, 'admin/users.php','fullname',$total_items,$offset_limit); - } - - $db_result = mysql_query($view->sql, $dbh); - // wow this is stupid - $GLOBALS['view'] = $view; - require(conf('prefix') . "/templates/show_users.inc"); - -} // show_users() - /** * return_referer * returns the script part of the referer address passed by the web browser @@ -1421,19 +1389,21 @@ function xml_get_footer($type){ } //xml_get_footer /** - * show_manage_users - * This is the admin page for showing all of the users + * get_users + * This returns an array of user objects and takes an sql statement */ -function show_manage_users() { +function get_users($sql) { - show_box_top(_('Manage Users')); - echo "\n"; - show_box_bottom(); + $db_results = mysql_query($sql,dbh()); + + $results = array(); - /* Show the Users */ - show_users(); + while ($u = mysql_fetch_assoc($db_results)) { + $results[] = new User($u['id']); + } -} // show_manage_users + return $results; +} // get_users ?> diff --git a/login.php b/login.php index 6949127f..0c037fc1 100644 --- a/login.php +++ b/login.php @@ -26,7 +26,7 @@ */ -$no_session = true; +define('NO_SESSION','1'); require_once('lib/init.php'); /* We have to create a cookie here because IIS @@ -73,7 +73,7 @@ if ($_POST['username'] && $_POST['password']) { $username = scrub_in($_POST['username']); $password = scrub_in($_POST['password']); $auth = authenticate($username, $password); - $user = new User($username); + $user = get_user_from_username($username); if ($user->disabled == '1') { $auth['success'] = false; @@ -124,7 +124,7 @@ if ($auth['success']) { // Record the IP of this person! // if (conf('track_user_ip')) { - $user = new User($_POST['username']); + $user = get_user_from_username($username); $user->insert_ip_history(); unset($user); } diff --git a/templates/show_add_user.inc.php b/templates/show_add_user.inc.php new file mode 100644 index 00000000..4746c524 --- /dev/null +++ b/templates/show_add_user.inc.php @@ -0,0 +1,87 @@ + + +print_error('general'); ?> +
"> + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ : + + + print_error('username'); ?> +
: + +
+ : + + +
+ : + + + print_error('password'); ?> +
+ : + + +
+ : + + access; ${$var_name} = 'selected="selected"'; ?> + +
+ + +
+
+ diff --git a/templates/show_confirmation.inc.php b/templates/show_confirmation.inc.php index 165df5b6..e278ed7d 100644 --- a/templates/show_confirmation.inc.php +++ b/templates/show_confirmation.inc.php @@ -20,7 +20,7 @@ */ ?> - +
diff --git a/templates/show_edit_user.inc.php b/templates/show_edit_user.inc.php index 675c6224..fc6dd546 100644 --- a/templates/show_edit_user.inc.php +++ b/templates/show_edit_user.inc.php @@ -1,7 +1,7 @@ "; - $title = _('Adding a New User'); -} -else { - $userfield = scrub_out($username); - $title = _('Editing existing User'); -} ?> - -
- + print_error('general'); ?> -
"> - +"> +
- + @@ -80,24 +69,21 @@ else { : + + +
- : + : - + print_error('username'); ?>
:: - +
- : + : - +
- : + : - + print_error('password'); ?>
- : + : - +
- + + +
+ + + +
-"; - echo ""; -} -else { - echo "\n"; - echo "\n"; - echo ""; -} -?>
diff --git a/templates/show_users.inc b/templates/show_users.inc.php similarity index 69% rename from templates/show_users.inc rename to templates/show_users.inc.php index b92afb11..39bf90f6 100644 --- a/templates/show_users.inc +++ b/templates/show_users.inc.php @@ -1,7 +1,7 @@ total_items; $admin_menu = "admin/"; -?> +show_box_top(_('Manage Users')); + echo get_user_icon('add_user') . ' '; + echo '' . _('Add a new user') . ''; +show_box_bottom(); +?> @@ -37,10 +38,10 @@ $admin_menu = "admin/"; username); - $last_seen = date("m\/d\/Y - H:i",$user->last_seen); - if (!$user->last_seen) { $last_seen = "Never"; } - $create_date = date("m\/d\/Y - H:i",$user->create_date); - $user->format_user(); - if (!$user->create_date) { $create_date = "Unknown"; } +foreach ($users as $working_user) { + $working_user->format_user(); + $last_seen = date("m\/d\/Y - H:i",$working_user->last_seen); + if (!$working_user->last_seen) { $last_seen = _('Never'); } + $create_date = date("m\/d\/Y - H:i",$working_user->create_date); + if (!$working_user->create_date) { $create_date = _('Unknown'); } ?> - disabled == '1') { - echo ""; + echo ""; } else { - echo ""; + echo ""; } ?> is_logged_in()) and ($user->is_online())) { + if (($working_user->is_logged_in()) and ($working_user->is_online())) { echo ""; - } elseif ($user->disabled == 1) { + } elseif ($working_user->disabled == 1) { echo ""; } else { echo ""; } ?> - +
- + - () + () @@ -67,19 +68,17 @@ $admin_menu = "admin/";
- - fullname; ?> (username; ?>) + + fullname; ?> (username; ?>) @@ -90,54 +89,54 @@ while ($results = mysql_fetch_object($db_result)) { - f_useage; ?> + f_useage; ?> - - ip_history; ?> + + ip_history; ?> - + - + - + username&level=enabled\">" . get_user_icon('enable') . "id\">" . get_user_icon('enable') . "username&level=disabled\">" . get_user_icon('disable') ."id\">" . get_user_icon('disable') ." - +      
diff --git a/update.php b/update.php index 9b670e5e..2a7472f6 100644 --- a/update.php +++ b/update.php @@ -29,7 +29,7 @@ /* Start House Keeping */ // We need this stuff - $no_session = 1; + define('NO_SESSION','1'); require('lib/init.php'); // Make a blank update object