yetangitu/ampache
1
0
Fork 0
mirror of https://github.com/Yetangitu/ampache synced 2025-10-03 09:49:30 +02:00
Code Issues Releases Wiki Activity

* Initial Database Changes for 3.4, many things are now broken

Browse source
This commit is contained in:
Karl 'vollmerk' Vollmer 2007-02-08 21:19:24 +00:00
parent aa0c57afc4
commit bbf79a5970
20 changed files with 658 additions and 284 deletions
Download patch file Download diff file Expand all files Collapse all files

2
admin/system.php
View file

@ -75,7 +75,7 @@ switch ($action) {
} // is array
/* Put in the current value */
elseif (isset($current[$key])) {
elseif (isset($current[$key]) AND $key != 'config_version') {
$line = $key . " = \"" . $current[$key] . "\"";
unset($current[$key]);
} // if set

125
admin/users.php
View file

@ -1,7 +1,7 @@
<?php
/*
Copyright (c) 2001 - 2006 Ampache.org
Copyright (c) 2001 - 2007 Ampache.org
All rights reserved.
This program is free software; you can redistribute it and/or
@ -28,37 +28,32 @@ if (!$GLOBALS['user']->has_access(100)) {
}
$action = scrub_in($_REQUEST['action']);
$action = scrub_in($_REQUEST['action']);
$user_id = scrub_in($_REQUEST['user_id']);
show_template('header');
$user_id = scrub_in($_REQUEST['user']);
$temp_user = new User($user_id);
// Switch on the actions
switch ($action) {
case 'edit':
if (conf('demo_mode')) { break; }
$username = $temp_user->username;
$fullname = $temp_user->fullname;
$email = $temp_user->email;
$access = $temp_user->access;
$id = $temp_user->id;
$working_user = new User($user_id);
require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
break;
case 'update_user':
if (conf('demo_mode')) { break; }
/* Clean up the variables */
$username = scrub_in($_REQUEST['new_username']);
$fullname = scrub_in($_REQUEST['new_fullname']);
$email = scrub_in($_REQUEST['new_email']);
$access = scrub_in($_REQUEST['user_access']);
$pass1 = scrub_in($_REQUEST['new_password_1']);
$pass2 = scrub_in($_REQUEST['new_password_2']);
$user_id = scrub_in($_REQUEST['user_id']);
$username = scrub_in($_REQUEST['username']);
$fullname = scrub_in($_REQUEST['fullname']);
$email = scrub_in($_REQUEST['email']);
$access = scrub_in($_REQUEST['access']);
$pass1 = scrub_in($_REQUEST['password_1']);
$pass2 = scrub_in($_REQUEST['password_2']);
/* Setup the temp user */
$thisuser = new User($username);
$working_user = new User($user_id);
/* Verify Input */
if (empty($username)) {
@ -70,40 +65,36 @@ switch ($action) {
/* If we've got an error then break! */
if ($GLOBALS['error']->error_state) {
$username = $thisuser->username;
$fullname = $thisuser->fullname;
$email = $thisuser->email;
$access = $thisuser->access;
$type = 'edit_user';
require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
break;
} // if we've had an oops!
if ($access != $thisuser->access) {
$thisuser->update_access($access);
if ($access != $working_user->access) {
$working_user->update_access($access);
}
if ($email != $thisuser->email) {
$thisuser->update_email($email);
if ($email != $working_user->email) {
$working_user->update_email($email);
}
if ($username != $thisuser->username) {
$thisuser->update_username($username);
if ($username != $working_user->username) {
$working_user->update_username($username);
}
if ($fullname != $user->fullname) {
$thisuser->update_fullname($fullname);
if ($fullname != $working_user->fullname) {
$working_user->update_fullname($fullname);
}
if ($pass1 == $pass2 && strlen($pass1)) {
$thisuser->update_password($pass1);
$working_user->update_password($pass1);
}
show_confirmation("User Updated", $thisuser->username . "'s information has been updated","admin/users.php");
show_confirmation(_('User Updated'), $working_user->fullname . "(" . $working_user->username . ")" . _('updated'),'admin/users.php');
break;
case 'add_user':
if (conf('demo_mode')) { break; }
$username = scrub_in($_REQUEST['new_username']);
$fullname = scrub_in($_REQUEST['new_fullname']);
$email = scrub_in($_REQUEST['new_email']);
$access = scrub_in($_REQUEST['user_access']);
$pass1 = scrub_in($_REQUEST['new_password_1']);
$pass2 = scrub_in($_REQUEST['new_password_2']);
$username = scrub_in($_REQUEST['username']);
$fullname = scrub_in($_REQUEST['fullname']);
$email = scrub_in($_REQUEST['email']);
$access = scrub_in($_REQUEST['access']);
$pass1 = scrub_in($_REQUEST['password_1']);
$pass2 = scrub_in($_REQUEST['password_2']);
if (($pass1 !== $pass2)) {
$GLOBALS['error']->add_error('password',_("Error Passwords don't match"));
}
@ -139,18 +130,19 @@ switch ($action) {
break;
case 'delete':
if (conf('demo_mode')) { break; }
$working_user = new User($user_id);
show_confirmation(_('Deletion Request'),
_("Are you sure you want to permanently delete") . " $temp_user->fullname ($temp_user->username) ?",
"admin/users.php?action=confirm_delete&amp;user=$temp_user->id");
_('Are you sure you want to permanently delete') . " $working_user->fullname ($working_user->username)?",
"admin/users.php?action=confirm_delete&amp;user_id=$user_id",1);
break;
case 'confirm_delete':
if (conf('demo_mode')) { break; }
if ($_REQUEST['confirm'] == _("No")) { show_manage_users(); break; }
if ($temp_user->delete()) {
show_confirmation(_("User Deleted"), "$temp_user->username has been Deleted","admin/users.php");
$working_user = new User($_REQUEST['user_id']);
if ($working_user->delete()) {
show_confirmation(_('User Deleted'), "$working_user->username has been Deleted","admin/users.php");
}
else {
show_confirmation(_("Delete Error"), _("Unable to delete last Admin User"),"admin/users.php");
show_confirmation(_('Delete Error'), _("Unable to delete last Admin User"),"admin/users.php");
}
break;
/* Show IP History for the Specified User */
@ -166,23 +158,42 @@ switch ($action) {
break;
case 'show_add_user':
if (conf('demo_mode')) { break; }
$type = 'new_user';
require_once(conf('prefix') . '/templates/show_edit_user.inc.php');
require_once(conf('prefix') . '/templates/show_add_user.inc.php');
break;
case 'update':
case 'disabled':
if (conf('demo_mode')) { break; }
$level = scrub_in($_REQUEST['level']);
$thisuser = new User($_REQUEST['user']);
if ($GLOBALS['user']->has_access(100)) {
$thisuser->update_access($level);
case 'enable':
$working_user = new User($user_id);
$working_user->enable();
show_confirmation(_('User Enabled'),'','admin/users.php');
break;
case 'disable':
$working_user = new User($user_id);
if ($working_user->disable()) {
show_confirmation(_('User Disabled'),'','admin/users.php');
}
else {
show_confirmation(_('Error'),_('Unable to Disabled last Administrator'),'admin/users.php');
}
show_manage_users();
break;
default:
show_manage_users();
// Setup the View Object
$view = new View();
$view->import_session_view();
// If we are returning
if ($_REQUEST['keep_view']) {
$view->initialize();
}
else {
$sql = "SELECT `id` FROM `user`";
$db_results = mysql_query($sql,dbh());
$total_items = mysql_num_rows($db_results);
$view = new View($sql,'admin/users.php','fullname',$total_items,$_SESSION['userdata']['offset_limit']);
}
$users = get_users($view->sql);
require_once(conf('prefix') . '/templates/show_users.inc.php');
break;
}
} // end switch on action
/* Show the footer */
show_footer();

2
albums.php
View file

@ -31,7 +31,7 @@ if(isset($_REQUEST['match'])) $match = scrub_in($_REQUEST['match']);
if(isset($_REQUEST['album'])) $album = scrub_in($_REQUEST['album']);
if(isset($_REQUEST['artist'])) $artist = scrub_in($_REQUEST['artist']);
$_REQUEST['artist_id'] = scrub_in($_REQUEST['artist_id']);
$min_album_size = conf('min_album_size');
$min_album_size = conf('min_object_count');
if ($min_album_size == '') {
$min_album_size = '0';
}

15
config/ampache.cfg.php.dist
View file

@ -7,7 +7,7 @@
# if this config file is up to date
# this is compared against a value hardcoded
# into the init script
config_version = 1
config_version = 2
####################
# Path Vars #
@ -82,6 +82,13 @@ auth_methods = "mysql"
# Program Settings #
######################
# File Pattern
# This defines which file types Ampache will attempt to catalog
# You can specify any file extension you want in here seperating them
# with a |
# DEFAULT: mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv
catalog_file_pattern = "mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv"
# Use Access List
# Toggle this on if you want ampache to pay attention to the access list
# and only allow streaming/downloading/xml-rpc from known hosts by default
@ -143,13 +150,15 @@ require_session = "true"
# ampache will default to the first tag format
# that was found.
# POSSIBLE VALUES: id3v1 id3v2 file vorbiscomment
# quicktime ape
# DEFAULT: id3v2,id3v1
# quicktime ape asf
# DEFAULT: id3v2,id3v1 vorbiscomment quicktime ape
# asf
tag_order = id3v2
tag_order = id3v1
tag_order = vorbiscomment
tag_order = quicktime
tag_order = ape
tag_order = asf
#tag_order = file
# Un comment if don't want ampache to follow symlinks

9
docs/CHANGELOG
View file

@ -2,6 +2,15 @@
--------- Ampache -- CHANGELOG ---------
--------------------------------------------------------------------------
--------------------------------------------------------------------------
v.3.4-Alpha1
- Fixed a problem where config re-gen wouldn't update the current
version
- Changed database to fix some user tracking issues
- Added date to user_vote to allow for sorting by vote date on
democratic play
- Added Label, Catalog # and Language to song extended data table
--------------------------------------------------------------------------
v.3.3.3 01/26/2007
- Updated the SQL file for stable release

BIN
images/icon_add_user.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 746 B

BIN
images/icon_delete.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 476 B

After

Width:  |  Height:  |  Size: 363 B

Before After
Before After

3
index.php
View file

@ -1,7 +1,7 @@
<?php
/*
Copyright (c) 2001 - 2006 Ampache.org
Copyright (c) 2001 - 2007 Ampache.org
All rights reserved.
This program is free software; you can redistribute it and/or
@ -24,7 +24,6 @@
@discussion Do most of the dirty work of displaying the mp3 catalog
*/
require_once('lib/init.php');
show_template('header');

4
lib/class/song.class.php
View file

@ -799,7 +799,7 @@ class Song {
function get_url($session_id='',$force_http='') {
/* Define Variables we are going to need */
$username = scrub_out($GLOBALS['user']->username);
$user_id = scrub_out($GLOBALS['user']->id);
$song_id = $this->id;
if (conf('require_session')) {
@ -837,7 +837,7 @@ class Song {
}
}
$url = $web_path . "/play/index.php?song=$song_id&uid=$username$session_string$ds_string&name=/$song_name";
$url = $web_path . "/play/index.php?song=$song_id&uid=$user_id$session_string$ds_string&name=/$song_name";
return $url;

251
lib/class/update.class.php
View file

@ -347,6 +347,14 @@ class Update {
$version[] = array('version' => '333004','description' => $update_string);
$update_string = '- Moved back to ID for user tracking internally.<br />' .
'- Added date to user_vote to allow sorting by vote time.<br />' .
'- Added Random Method and Object Count Preferences.<br />' .
'- Removed some unused tables/fields.<br />' .
'- Added Label, Catalog # and Language to Extended Song Data Table<br />';
$version[] = array('version' => '340001','description' => $update_string);
return $version;
} // populate_version
@ -393,6 +401,9 @@ class Update {
/* Nuke All Active session before we start the mojo */
$sql = "DELETE * FROM session";
$db_results = mysql_query($sql, dbh());
// Prevent the script from timing out, which could be bad
set_time_limit(0);
/* Verify that there are no plugins installed
//FIXME: provide a link to remove all plugins, otherwise this could turn into a catch 22
@ -1284,7 +1295,7 @@ class Update {
$user = new User(0);
while ($results = mysql_fetch_array($db_results)) {
$user->fix_preferences($results[0]);
$user->username_fix_preferences($results[0]);
}
@ -1658,7 +1669,7 @@ class Update {
$user->fix_preferences('-1');
while ($r = mysql_fetch_assoc($db_results)) {
$user->fix_preferences($r['username']);
$user->username_fix_preferences($r['username']);
} // while results
/* Last but not least revert play types to downsample or stream */
@ -1694,7 +1705,7 @@ class Update {
$user->fix_preferences('-1');
while ($r = mysql_fetch_assoc($db_results)) {
$user->fix_preferences($r['username']);
$user->username_fix_preferences($r['username']);
} // while results
$this->set_version('db_version','332011');
@ -1835,7 +1846,7 @@ class Update {
$user->fix_preferences('-1');
while ($r = mysql_fetch_assoc($db_results)) {
$user->fix_preferences($r['username']);
$user->username_fix_preferences($r['username']);
} // while results
$this->set_version('db_version','332012');
@ -1975,7 +1986,7 @@ class Update {
$user->fix_preferences('-1');
while ($r = mysql_fetch_assoc($db_results)) {
$user->fix_preferences($r['username']);
$user->username_fix_preferences($r['username']);
} // while results
/* Store all current Stats */
@ -2111,7 +2122,7 @@ class Update {
$user->fix_preferences('-1');
while ($r = mysql_fetch_assoc($db_results)) {
$user->fix_preferences($r['username']);
$user->username_fix_preferences($r['username']);
} // while results
/* Drop the unused user_catalog table */
@ -2143,7 +2154,7 @@ class Update {
$user->fix_preferences('-1');
while ($r = mysql_fetch_assoc($db_results)) {
$user->fix_preferences($r['username']);
$user->username_fix_preferences($r['username']);
} // while results
$this->set_version('db_version','333003');
@ -2174,12 +2185,236 @@ class Update {
$user->fix_preferences('-1');
while ($r = mysql_fetch_assoc($db_results)) {
$user->fix_preferences($r['username']);
$user->username_fix_preferences($r['username']);
} // while results
$this->set_version('db_version','333004');
} // update_333004
/**
* update_340001
* This update moves back to the ID for user UID and
* adds date to the user_vote so that it can be sorted
* correctly
*/
function update_340001() {
// Build the User -> ID map using the username as the key
$sql = "SELECT `id`,`username` FROM `user`";
$db_results = mysql_query($sql,dbh());
$user_array = array();
while ($r = mysql_fetch_assoc($db_results)) {
$username = $r['username'];
$user_array[$username] = sql_escape($r['id']);
} // end while
// Alter the user table so that you can't have an ID beyond the
// range of the other tables which have to allow for -1
$sql = "ALTER TABLE `user` CHANGE `id` `id` INT ( 11 ) NOT NULL AUTO_INCREMENT";
$db_results = mysql_query($sql,dbh());
// Now pull the access list users, alter table and then re-insert
$sql = "SELETE DISTINCT(`user`) FROM `access_list`";
$db_results = mysql_query($sql,dbh());
while ($r = mysql_fetch_assoc($db_results)) {
// Build the new SQL
$username = $r['user'];
$user_id = $user_array[$username];
$username = sql_escape($username);
$sql = "UPDATE `access_list` SET `user`='$user_id' WERE `user`='$username'";
$update_results = mysql_query($sql,dbh());
} // end while access_list
// Alter the table
$sql = "ALTER TABLE `access_list` CHANGE `user` `user` INT ( 11 ) NOT NULL";
$db_results = mysql_query($sql,dbh());
// Now pull flagged users, update and alter
$sql = "SELECT DISTINCT(`user`) FROM `flagged`";
$db_results = mysql_query($sql,dbh());
while ($r = mysql_fetch_assoc($db_results)) {
$username = $r['user'];
$user_id = $user_array[$username];
$username = sql_escape($username);
$sql = "UPDATE `flagged` SET `user`='$user_id' WHERE `user`='$username'";
$update_results = mysql_query($sql,dbh());
} // end while
// Alter the table
$sql = "ALTER TABLE `flagged` CHANGE `user` `user` INT ( 11 ) NOT NULL";
$db_results = mysql_query($sql,dbh());
// Now fix up the ip history
$sql = "SELECT DISTINCT(`user`) FROM `ip_history`";
$db_results = mysql_query($sql,dbh());
while ($r = mysql_fetch_assoc($db_results)) {
$username = $r['user'];
$user_id = $user_array[$username];
$username = sql_escape($username);
$sql = "UPDATE `ip_history` SET `user`='$user_id' WHERE `user`='$username'";
$update_results = mysql_query($sql,dbh());
} // end while
// Alter the table
$sql = "ALTER TABLE `ip_history` CHANGE `user` `user` INT ( 11 ) NOT NULL";
$db_results = mysql_query($sql,dbh());
// Now fix now playing
$sql = "SELECT DISTINCT(`user`) FROM `now_playing`";
$db_results = mysql_query($sql,dbh());
while ($r = mysql_fetch_assoc($db_results)) {
$username = $r['user'];
$user_id = $user_array[$username];
$username = sql_escape($username);
$sql = "UPDATE `now_playing` SET `user`='$user_id' WHERE `user`='$username'";
$update_results = mysql_query($sql,dbh());
} // end while
// Alter the table
$sql = "ALTER TABLE `now_playing` CHANGE `user` `user` INT ( 11 ) NOT NULL";
$db_results = mysql_query($sql,dbh());
// Now fix the playlist table
$sql = "SELECT DISTINCT(`user`) FROM `playlist`";
$db_results = mysql_query($sql,dbh());
while ($r = mysql_fetch_assoc($db_results)) {
$username = $r['user'];
$user_id = $user_array[$username];
$username = sql_escape($username);
$sql = "UPDATE `playlist` SET `user`='$user_id' WHERE `user`='$username'";
$update_results = mysql_query($sql,dbh());
} // end while
// Alter the table
$sql = "ALTER TABLE `playlist` CHANGE `user` `user` INT ( 11 ) NOT NULL";
$db_results = mysql_query($sql,dbh());
// Drop unused table
$sql = "DROP TABLE `playlist_permission`";
$db_results = mysql_query($sql,dbh());
// Now fix the ratings table
$sql = "SELECT DISTINCT(`user`) FROM `ratings`";
$db_results = mysql_query($sql,dbh());
while ($r = mysql_fetch_assoc($db_results)) {
$username = $r['user'];
$user_id = $user_array[$username];
$username = sql_escape($username);
$sql = "UPDATE `ratings` SET `user`='$user_id' WHERE `user`='$username'";
$update_results = mysql_query($sql,dbh());
} // end while
$sql = "ALTER TABLE `ratings` CHANGE `user` `user` INT ( 11 ) NOT NULL";
$db_results = mysql_query($sql,dbh());
// Now work on the tag_map
$sql = "ALTER TABLE `tag_map` CHANGE `user_id` `user` INT ( 11 ) NOT NULL";
$db_results = mysql_query($sql,dbh());
// Now fix user preferences
$sql = "SELECT DISTINCT(`user`) FROM `user_preference`";
$db_results = mysql_query($sql,dbh());
while ($r = mysql_fetch_assoc($db_results)) {
$username = $r['user'];
$user_id = $user_array[$username];
$username = sql_escape($username);
$sql = "UPDATE `user_preference` SET `user`='$user_id' WHERE `user`='$username'";
$update_results = mysql_query($sql,dbh());
} // end while
// Alter the table
$sql = "ALTER TABLE `user_preference` CHANGE `user` `user` INT ( 11 ) NOT NULL";
$db_results = mysql_query($sql,dbh());
// Add a date to the user_vote
$sql = "ALTER TABLE `user_vote` ADD `date` INT( 11 ) UNSIGNED NOT NULL";
$db_results = mysql_query($sql,dbh());
// Add the index for said field
$sql = "ALTER TABLE `user_vote` ADD INDEX(`date`)";
$db_results = mysql_query($sql,dbh());
// Add the thumb fields to album
$sql = "ALTER TABLE `album` ADD `thumb` TINYBLOB NULL ,ADD `thumb_mime` VARCHAR( 128 ) NULL";
$db_results = mysql_query($sql,dbh());
// Now add in the min_object_count preference and the random_method
$sql = "INSERT INTO `preferences` (`name`,`value`,`description`,`level`,`type`,`catagory`) " .
"VALUES('min_object_count','0','Min Element Count','5','integer','interface')";
$db_results = mysql_query($sql,dbh());
$sql = "INSERT INTO `preferences` (`name`,`value`,`description`,`level`,`type`,`catagory`) " .
"VALUES('random_method','default','Random Method','5','string','interface')";
$db_results = mysql_query($sql,dbh());
// Delete old preference
$sql = "DELETE FROM `preferences` WHERE `name`='min_album_size'";
$db_results = mysql_query($sql,dbh());
// Make Hash a non-required field and smaller
$sql = "ALTER TABLE `song` CHANGE `hash` `hash` VARCHAR ( 64 ) NULL";
$db_results = mysql_query($sql,dbh());
// Make user access an int, nothing else
$sql = "UPDATE `user` SET `access`='100' WHERE `access`='admin'";
$db_results = mysql_query($sql,dbh());
$sql = "UPDATE `user` SET `access`='25' WHERE `access`='user'";
$db_results = mysql_query($sql,dbh());
$sql = "UPDATE `user` SET `access`='5' WHERE `access`='guest'";
$db_results = mysql_query($sql,dbh());
// Alter the table
$sql = "ALTER TABLE `user` CHANGE `access` `access` TINYINT ( 4 ) UNSIGNED NOT NULL";
$db_results = mysql_query($sql,dbh());
// Add in Label and Catalog # and language
$sql = "ALTER TABLE `song_ext_data` ADD `label` VARCHAR ( 128 ) NULL, ADD `catalog_number` VARCHAR ( 128 ) NULL, ADD `language` VARCHAR ( 128 ) NULL";
$db_results = mysql_query($sql,dbh());
/* Fix every users preferences */
$sql = "SELECT `id` FROM `user`";
$db_results = mysql_query($sql,dbh());
$user = new User();
$user->fix_preferences('-1');
while ($r = mysql_fetch_assoc($db_results)) {
$user->fix_preferences($r['id']);
} // while results
$this->set_version('db_version','340001');
return true;
} //update_340001
} // end update class
?>

213
lib/class/user.class.php
View file

@ -47,18 +47,17 @@ class User {
* class, it currently takes a username
* //FIXME take UID
*/
function User($username=0) {
function User($id=0) {
if (!$username) {
if (!$id) {
return true;
}
$this->username = sql_escape($username);
$this->id = $id;
$info = $this->_get_info();
if (!count($info)) { return false; }
$this->id = $this->username;
$this->uid = $info->id;
$this->username = $info->username;
$this->fullname = $info->fullname;
@ -82,13 +81,9 @@ class User {
*/
function _get_info() {
/* Hack during transition back to UID for user creation */
if (is_numeric($this->username)) {
$sql = "SELECT * FROM user WHERE id='" . $this->username . "'";
}
else {
$sql = "SELECT * FROM user WHERE username='$this->username'";
}
$id = sql_escape($this->id);
$sql = "SELECT * FROM `user` WHERE `id`='" . $id . "'";
$db_results = mysql_query($sql, dbh());
@ -108,7 +103,7 @@ class User {
function get_preferences($user_id=0,$type=0) {
if (!$user_id) {
$user_id = $this->username;
$user_id = $this->id;
}
if (!conf('use_auth')) { $user_id = '-1'; }
@ -279,7 +274,7 @@ class User {
*/
function is_logged_in() {
$sql = "SELECT id FROM session WHERE username='$this->username'" .
$sql = "SELECT id FROM session WHERE `id`='$this->id'" .
" AND expire > ". time();
$db_results = mysql_query($sql,dbh());
@ -298,13 +293,9 @@ class User {
*/
function has_access($needed_level) {
if ($this->access == "admin") { $level = 100; }
elseif ($this->access == "user") { $level = 25; }
else { $level = $this->access; }
if (!conf('use_auth') || conf('demo_mode')) { return true; }
if ($level >= $needed_level) { return true; }
if ($this->access >= $needed_level) { return true; }
return false;
@ -377,7 +368,7 @@ class User {
function update_username($new_username) {
$new_username = sql_escape($new_username);
$sql = "UPDATE user SET username='$new_username' WHERE username='$this->username'";
$sql = "UPDATE `user` SET `username`='$new_username' WHERE `id`='$this->id'";
$this->username = $new_username;
$db_results = mysql_query($sql, dbh());
@ -392,7 +383,7 @@ class User {
function update_validation($new_validation) {
$new_validation = sql_escape($new_validation);
$sql = "UPDATE user SET validation='$new_validation',disabled='1' WHERE username='$this->username'";
$sql = "UPDATE user SET validation='$new_validation',disabled='1' WHERE `id`='$this->id'";
$this->validation = $new_validation;
$db_results = mysql_query($sql, dbh());
@ -407,7 +398,7 @@ class User {
function update_fullname($new_fullname) {
$new_fullname = sql_escape($new_fullname);
$sql = "UPDATE user SET fullname='$new_fullname' WHERE username='$this->id'";
$sql = "UPDATE user SET fullname='$new_fullname' WHERE `id`='$this->id'";
$db_results = mysql_query($sql, dbh());
} // update_fullname
@ -419,7 +410,7 @@ class User {
function update_email($new_email) {
$new_email = sql_escape($new_email);
$sql = "UPDATE user SET email='$new_email' WHERE username='$this->id'";
$sql = "UPDATE user SET email='$new_email' WHERE `id`='$this->id'";
$db_results = mysql_query($sql, dbh());
} // update_email
@ -431,11 +422,47 @@ class User {
function update_offset($new_offset) {
$new_offset = sql_escape($new_offset);
$sql = "UPDATE user SET offset_limit='$new_offset' WHERE username='$this->id'";
$sql = "UPDATE user SET offset_limit='$new_offset' WHERE `id`='$this->id'";
$db_results = mysql_query($sql, dbh());
} // update_offset
/**
* disable
* This disables the current user
*/
function disable() {
// Make sure we aren't disabling the last admin
$sql = "SELECT `id` FROM `user` WHERE `disabled` = '0' AND `id` != '" . $this->id . "' AND `access`='100'";
$db_results = mysql_query($sql,dbh());
if (!mysql_num_rows($db_results)) { return false; }
$sql = "UPDATE `user` SET `disabled`='1' WHERE id='" . $this->id . "'";
$db_results = mysql_query($sql,dbh());
// Delete any sessions they may have
$sql = "DELETE FROM `session` WHERE `username`='" . sql_escape($this->username) . "'";
$db_results = mysql_query($sql,dbh());
return true;
} // disable
/**
* enable
* this enables the current user
*/
function enable() {
$sql = "UPDATE `user` SET `disabled`='0' WHERE id='" . $this->id . "'";
$db_results = mysql_query($sql,dbh());
return true;
} // enable
/**
* update_access
* updates their access level
@ -443,37 +470,16 @@ class User {
*/
function update_access($new_access) {
/* Check for all disable */
if ($new_access == 'disabled') {
$sql = "SELECT username FROM user WHERE disabled != '1' AND username != '$this->username'";
$db_results = mysql_query($sql,dbh());
if (!mysql_num_rows($db_results)) { return false; }
}
/* Prevent Only User accounts */
if ($new_access == 'user') {
if ($new_access == '25') {
$sql = "SELECT username FROM user WHERE (access='admin' OR access='100') AND username != '$this->username'";
$db_results = mysql_query($sql, dbh());
if (!mysql_num_rows($db_results)) { return false; }
}
if ($new_access == 'enabled') {
$new_access = sql_escape($new_access);
$sql = "UPDATE user SET disabled='0' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
}
elseif ($new_access == 'disabled') {
$sql = "UPDATE user SET disabled='1' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
$sql = "DELETE FROM session WHERE username='" . sql_escape($this->username) . "'";
$db_results = mysql_query($sql, dbh());
}
else {
$new_access = sql_escape($new_access);
$sql = "UPDATE user SET access='$new_access' WHERE username='$this->username'";
$db_results = mysql_query($sql, dbh());
}
$new_access = sql_escape($new_access);
$sql = "UPDATE `user` SET `access`='$new_access' WHERE `id`='$this->id'";
$db_results = mysql_query($sql, dbh());
} // update_access
@ -483,7 +489,7 @@ class User {
*/
function update_last_seen() {
$sql = "UPDATE user SET last_seen='" . time() . "' WHERE username='$this->username'";
$sql = "UPDATE user SET last_seen='" . time() . "' WHERE `id`='$this->id'";
$db_results = mysql_query($sql, dbh());
} // update_last_seen
@ -583,10 +589,13 @@ class User {
if (!$db_results) { return false; }
/* Populates any missing preferences, in this case all of them */
$this->fix_preferences($username);
// Get the insert_id
$insert_id = mysql_insert_id(dbh());
return $username;
/* Populates any missing preferences, in this case all of them */
$this->fix_preferences($insert_id);
return $insert_id;
} // create
@ -714,16 +723,100 @@ class User {
} // format_recommendations
/**
* fix_preferences
* this makes sure that the specified user
* has all the correct preferences. This function
* should be run whenever a system preference is run
* it's a cop out... FIXME!
* @todo Fix it so this isn't a hack
* @package User
* @catagory Class
* fix_preferences
* This is the new fix_preferences function, it does the following
* Remove Duplicates from user, add in missing
* If -1 is passed it also removes duplicates from the `preferences`
* table.
*/
function fix_preferences($user_id=0) {
if (!$user_id) {
$user_id = $this->id;
}
$user_id = sql_escape($user_id);
/* Get All Preferences for the current user */
$sql = "SELECT * FROM `user_preference` WHERE `user`='$user_id'";
$db_results = mysql_query($sql,dbh());
$results = array();
while ($r = mysql_fetch_assoc($db_results)) {
$pref_id = $r['preference'];
/* Check for duplicates */
if (isset($results[$pref_id])) {
$r['value'] = sql_escape($r['value']);
$sql = "DELETE FROM `user_preference` WHERE `user`='$user_id' AND `preference`='" . $r['preference'] . "' AND" .
" `value`='" . sql_escape($r['value']) . "'";
$delete_results = mysql_query($sql,dbh());
} // if its set
else {
$results[$pref_id] = 1;
}
} // end while
/* If we aren't the -1 user before we continue grab the -1 users values */
if ($user_id != '-1') {
$sql = "SELECT `user_preference.preference`,`user_preference.value` FROM `user_preference`,`preferences` " .
"WHERE `user_preference.preference` = `preferences.id` AND `user_preference.user`='-1' AND `preferences.catagory` !='system'";
$db_results = mysql_query($sql, dbh());
/* While through our base stuff */
while ($r = mysql_fetch_object($db_results)) {
$zero_results[$r->preference] = $r->value;
}
} // if not user -1
// get me _EVERYTHING_
$sql = "SELECT * FROM `preferences`";
// If not system, exclude system... *gasp*
if ($user_id != '-1') {
$sql .= " WHERE catagory !='system'";
}
$db_results = mysql_query($sql, dbh());
while ($r = mysql_fetch_object($db_results)) {
/* Check if this preference is set */
if (!isset($results[$r->id])) {
if (isset($zero_results[$r->id])) {
$r->value = $zero_results[$r->id];
}
$value = sql_escape($r->value);
$sql = "INSERT INTO user_preference (`user`,`preference`,`value`) VALUES ('$user_id','$r->id','$value')";
$insert_db = mysql_query($sql, dbh());
}
} // while preferences
/* Let's also clean out any preferences garbage left over */
$sql = "SELECT DISTINCT(user_preference.user) FROM user_preference " .
"LEFT JOIN user ON user_preference.user = user.id " .
"WHERE user_preference.user!='-1' AND user.id IS NULL";
$db_results = mysql_query($sql, dbh());
$results = array();
while ($r = mysql_fetch_assoc($db_results)) {
$results[] = $r['user'];
}
foreach ($results as $data) {
$sql = "DELETE FROM user_preference WHERE user='$data'";
$db_results = mysql_query($sql, dbh());
}
} // fix_preferences
/**
* username_fix_preferences
* this is an old function that takes a username
* and fixes the preferences based on that it is no longer
* used by has to be maintained due to the update class
*/
function username_fix_preferences($user_id=0) {
if (!$user_id) {
$user_id = $this->username;

2
lib/general.lib.php
View file

@ -996,7 +996,7 @@ function invert_boolean($value) {
*/
function get_user_from_username($username) {
$sql = "SELECT id FROM user WHERE username='" . sql_escape($username) . "'";
$sql = "SELECT `id` FROM `user` WHERE `username`='" . sql_escape($username) . "'";
$db_results = mysql_query($sql, dbh());
$results = mysql_fetch_assoc($db_results);

42
lib/init.php
View file

@ -1,7 +1,7 @@
<?php
/*
Copyright (c) 2001 - 2006 Ampache.org
Copyright (c) 2001 - 2007 Ampache.org
All rights reserved.
This program is free software; you can redistribute it and/or
@ -67,33 +67,19 @@ if (!$results = read_config($configfile,0)) {
}
/** This is the version.... fluf nothing more... **/
$results['version'] = '3.3.3';
$results['int_config_version'] = '1';
$results['version'] = '3.4-Alpha1 (Build 001)';
$results['int_config_version'] = '2';
$results['raw_web_path'] = $results['web_path'];
$results['web_path'] = $http_type . $_SERVER['HTTP_HOST'] . $results['web_path'];
$results['catalog_file_pattern']= 'mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv';
$results['http_port'] = $_SERVER['SERVER_PORT'];
if (!$results['prefix']) {
$results['prefix'] = $prefix;
}
if (!$results['stop_auth']) {
$results['stop_auth'] = $results['prefix'] . "/modules/vauth/gone.fishing";
}
$results['prefix'] = $prefix;
$results['stop_auth'] = $results['prefix'] . "/modules/vauth/gone.fishing";
if (!$results['http_port']) {
$results['http_port'] = '80';
}
if (!$results['site_charset']) {
$results['site_charset'] = "iso-8859-1";
}
if (!$results['ellipse_threshold_album']) {
$results['ellipse_threshold_album'] = 27;
}
if (!$results['ellipse_threshold_artist']) {
$results['ellipse_threshold_artist'] = 27;
}
if (!$results['ellipse_threshold_title']) {
$results['ellipse_threshold_title'] = 27;
$results['site_charset'] = "UTF-8";
}
if (!$results['raw_web_path']) {
$results['raw_web_path'] = '/';
@ -113,11 +99,6 @@ if (!$results['user_ip_cardinality']) {
if (!$results['local_length']) {
$results['local_length'] = '9000';
}
/* Default it for now until I can get the auto-config updater working */
if (!$results['tag_order']) {
$results['tag_order'] = array('id3v2','id3v1','vorbiscomment','quicktime','file');
}
/* Variables needed for vauth Module */
$results['cookie_path'] = $results['raw_web_path'];
@ -162,7 +143,7 @@ require_once(conf('prefix') . "/modules/id3/getid3/getid3.php");
require_once(conf('prefix') . '/modules/id3/vainfo.class.php');
require_once(conf('prefix') . '/modules/infotools/Snoopy.class.php');
require_once(conf('prefix') . '/modules/infotools/AmazonSearchEngine.class.php');
require_once(conf('prefix') . '/modules/infotools/jamendoSearch.class.php');
//require_once(conf('prefix') . '/modules/infotools/jamendoSearch.class.php');
require_once(conf('prefix') . '/lib/xmlrpc.php');
require_once(conf('prefix') . '/modules/xmlrpc/xmlrpc.inc');
@ -257,18 +238,13 @@ if (in_array("http",$results['auth_methods'])) {
} // end if http auth
if ($no_session) {
define('NO_SESSION','1');
}
// If we don't want a session
if (NO_SESSION != '1' AND conf('use_auth')) {
/* Verify Their session */
if (!vauth_check_session()) { logout(); exit; }
/* Create the new user */
$user = new User($_SESSION['userdata']['username']);
$user = get_user_from_username($_SESSION['userdata']['username']);
/* If they user ID doesn't exist deny them */
if (!$user->uid AND !conf('demo_mode')) { logout(); exit; }
@ -303,7 +279,7 @@ else {
session_id(scrub_in($_REQUEST['sessid']));
session_start();
}
$user = new user($sess_results['username']);
$user = get_user_from_username($sess_results['username']);
init_preferences();
}

54
lib/ui.lib.php
View file

@ -1,7 +1,7 @@
<?php
/*
Copyright (c) 2001 - 2006 Ampache.org
Copyright (c) 2001 - 2007 Ampache.org
All rights reserved.
This program is free software; you can redistribute it and/or
@ -118,38 +118,6 @@ function access_denied() {
} // access_denied
/**
* show_users
* shows all users (admin function)
*/
function show_users () {
$dbh = dbh();
// Setup the View Ojbect
$view = new View();
$view->import_session_view();
// if we are returning
if ($_REQUEST['keep_view']) {
$view->initialize();
}
// If we aren't keeping the view then initlize it
else {
$sql = "SELECT username FROM user";
$db_results = mysql_query($sql, $dbh);
$total_items = mysql_num_rows($db_results);
if ($match != "Show_all") { $offset_limit = $_SESSION['userdata']['offset_limit']; }
$view = new View($sql, 'admin/users.php','fullname',$total_items,$offset_limit);
}
$db_result = mysql_query($view->sql, $dbh);
// wow this is stupid
$GLOBALS['view'] = $view;
require(conf('prefix') . "/templates/show_users.inc");
} // show_users()
/**
* return_referer
* returns the script part of the referer address passed by the web browser
@ -1421,19 +1389,21 @@ function xml_get_footer($type){
} //xml_get_footer
/**
* show_manage_users
* This is the admin page for showing all of the users
* get_users
* This returns an array of user objects and takes an sql statement
*/
function show_manage_users() {
function get_users($sql) {
show_box_top(_('Manage Users'));
echo "<ul>\n\t<li><a href=\"".conf('web_path') . "/admin/users.php?action=show_add_user\">" . _('Add a new user') . "</a></li>\n</ul>\n";
show_box_bottom();
$db_results = mysql_query($sql,dbh());
$results = array();
/* Show the Users */
show_users();
while ($u = mysql_fetch_assoc($db_results)) {
$results[] = new User($u['id']);
}
} // show_manage_users
return $results;
} // get_users
?>

6
login.php
View file

@ -26,7 +26,7 @@
*/
$no_session = true;
define('NO_SESSION','1');
require_once('lib/init.php');
/* We have to create a cookie here because IIS
@ -73,7 +73,7 @@ if ($_POST['username'] && $_POST['password']) {
$username = scrub_in($_POST['username']);
$password = scrub_in($_POST['password']);
$auth = authenticate($username, $password);
$user = new User($username);
$user = get_user_from_username($username);
if ($user->disabled == '1') {
$auth['success'] = false;
@ -124,7 +124,7 @@ if ($auth['success']) {
// Record the IP of this person!
//
if (conf('track_user_ip')) {
$user = new User($_POST['username']);
$user = get_user_from_username($username);
$user->insert_ip_history();
unset($user);
}

87
templates/show_add_user.inc.php Normal file
View file

@ -0,0 +1,87 @@
<?php
/*
Copyright (c) 2001 - 2007 Ampache.org
All rights reserved.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
?>
<?php show_box_top(_('Adding a New User')); ?>
<?php $GLOBALS['error']->print_error('general'); ?>
<form name="add_user" enctype="multpart/form-data" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>">
<table class="tabledata" cellspacing="0" cellpadding="0" border="0">
<tr>
<td>
<?php echo _('Username'); ?>:
</td>
<td>
<input type="text" name="username" size="30" maxlength="128" value="<?php echo scrub_out($_POST['username']); ?>" />
<?php $GLOBALS['error']->print_error('username'); ?>
</td>
</tr>
<tr>
<td><?php echo _('Full Name'); ?>:</td>
<td>
<input type="text" name="fullname" size="30" value="<?php echo scrub_out($_POST['fullname']); ?>" />
</td>
</tr>
<tr>
<td>
<?php echo _('E-mail'); ?>:
</td>
<td>
<input type="text" name="email" size="30" value="<?php echo scrub_out($_POST['email']); ?>" />
</td>
</tr>
<tr>
<td>
<?php echo _('Password'); ?> :
</td>
<td>
<input type="password" name="password_1" size="30" value="" />
<?php $GLOBALS['error']->print_error('password'); ?>
</td>
</tr>
<tr>
<td>
<?php echo _('Confirm Password'); ?>:
</td>
<td>
<input type="password" name="password_2" size="30" value="" />
</td>
</tr>
<tr>
<td>
<?php echo _('User Access Level'); ?>:
</td>
<td>
<?php $var_name = "on_" . $working_user->access; ${$var_name} = 'selected="selected"'; ?>
<select name="access">
<option value="1" <?php echo $on_1; ?>><?php echo _('Guest'); ?></option>
<option value="25" <?php echo $on_25; ?>><?php echo _('User'); ?></option>
<option value="100" <?php echo $on_100; ?>><?php echo _('Admin'); ?></option>
</select>
</td>
</tr>
<td colspan="2">
<input type="submit" value="<?php echo _('Add User'); ?>" />
<input type="hidden" name="action" value="add_user" />
</td>
</tr>
</table>
</form>
<?php show_box_bottom(); ?>

2
templates/show_confirmation.inc.php
View file

@ -20,7 +20,7 @@
*/
?>
<?php show_box_top(scrub_out($title)); ?>
<?php echo scrub_out($text); ?>
<?php echo $text; ?>
<br />
<div class="text-action">
<a href="<?php echo $path; ?>"><?php echo _('Continue'); ?></a>

66
templates/show_edit_user.inc.php
View file

@ -1,7 +1,7 @@
<?php
/*
Copyright (c) 2001 - 2006 Ampache.org
Copyright (c) 2001 - 2007 Ampache.org
All rights reserved.
This program is free software; you can redistribute it and/or
@ -19,60 +19,49 @@
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
if ($type === 'new_user') {
$userfield = "<input type=\"text\" name=\"new_username\" size=\"30\" value=\"" . scrub_out($username) . "\" />";
$title = _('Adding a New User');
}
else {
$userfield = scrub_out($username);
$title = _('Editing existing User');
}
?>
<br />
<?php show_box_top($title); ?>
<?php show_box_top(_('Editing existing User')); ?>
<?php $GLOBALS['error']->print_error('general'); ?>
<form name="update_user" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>">
<table cellspacing="0" cellpadding="0" border="0">
<form name="update_user" enctype="multipart/form-data" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>">
<table class="tabledata" cellspacing="0" cellpadding="0" border="0">
<tr>
<td>
<?php echo _('Username'); ?>:
<?php echo _('Username'); ?>:
</td>
<td>
<?php echo $userfield; ?>
<input type="text" name="username" size="30" maxlength="128" value="<?php echo scrub_out($working_user->username); ?>" />
<?php $GLOBALS['error']->print_error('username'); ?>
</td>
</tr>
<tr>
<td><?php echo _('Full Name'); ?>:</td>
<td><?php echo _('Full Name'); ?>:</td>
<td>
<input type="text" name="new_fullname" size="30" value="<?php echo scrub_out($fullname); ?>" />
<input type="text" name="fullname" size="30" value="<?php echo scrub_out($working_user->fullname); ?>" />
</td>
</tr>
<tr>
<td>
<?php echo _('E-mail'); ?>:
<?php echo _('E-mail'); ?>:
</td>
<td>
<input type="text" name="new_email" size="30" value="<?php echo scrub_out($email); ?>" />
<input type="text" name="email" size="30" value="<?php echo scrub_out($working_user->email); ?>" />
</td>
</tr>
<tr>
<td>
<?php echo _('Password'); ?> :
<?php echo _('Password'); ?> :
</td>
<td>
<input type="password" name="new_password_1" size="30" value="" />
<input type="password" name="password_1" size="30" value="" />
<?php $GLOBALS['error']->print_error('password'); ?>
</td>
</tr>
<tr>
<td>
<?php echo _('Confirm Password'); ?>:
<?php echo _('Confirm Password'); ?>:
</td>
<td>
<input type="password" name="new_password_2" size="30" value="" />
<input type="password" name="password_2" size="30" value="" />
</td>
</tr>
<tr>
@ -80,24 +69,21 @@ else {
<?php echo _('User Access Level'); ?>:
</td>
<td>
<select name="user_access">
<option value="1" <?php if($access==='1') echo "selected=\"selected\""; ?>>Guest</option>
<option value="user" <?php if($access==='user') echo "selected=\"selected\""; ?>>User</option>
<option value="admin" <?php if($access==='admin') echo "selected=\"selected\""; ?>>Admin</option>
<?php $var_name = "on_" . $working_user->access; ${$var_name} = 'selected="selected"'; ?>
<select name="access">
<option value="1" <?php echo $on_1; ?>><?php echo _('Guest'); ?></option>
<option value="25" <?php echo $on_25; ?>><?php echo _('User'); ?></option>
<option value="100" <?php echo $on_100; ?>><?php echo _('Admin'); ?></option>
</select>
</td>
</tr>
<tr>
<td colspan="2">
<input type="hidden" name="action" value="update_user" />
<input type="submit" value="<?php echo _('Update User'); ?>" />
<input type="hidden" name="user_id" value="<?php echo $working_user->id; ?>" />
</td>
</tr>
</table>
<?php
if ($type == 'new_user') {
echo "<input type=\"hidden\" name=\"action\" value=\"add_user\" />";
echo "<input type=\"submit\" value=\"" . _('Add User') . "\" />";
}
else {
echo "<input type=\"hidden\" name=\"action\" value=\"update_user\" />\n";
echo "<input type=\"submit\" value=\"" . _('Update User') . "\" />\n";
echo "<input type=\"hidden\" name=\"new_username\" value=\"$id\" />";
}
?>
</form>
<?php show_box_bottom(); ?>

57
templates/show_users.inc → templates/show_users.inc.php
View file

@ -1,7 +1,7 @@
<?php
/*
Copyright (c) 2001 - 2006 Ampache.org
Copyright (c) 2001 - 2007 Ampache.org
All rights reserved.
This program is free software; you can redistribute it and/or
@ -18,15 +18,16 @@
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*!
@header Show Users (admin section)
*/
$web_path = conf('web_path');
$total_items = $view->total_items;
$admin_menu = "admin/";
?>
show_box_top(_('Manage Users'));
echo get_user_icon('add_user') . '&nbsp;';
echo '<a href="' . $web_path . '/admin/users.php?action=show_add_user">' . _('Add a new user') . '</a>';
show_box_bottom();
?>
<?php show_box_top(); ?>
<table class="tabledata" cellpadding="0" cellspacing="0" border="0">
<tr class="table-header" align="center">
@ -37,10 +38,10 @@ $admin_menu = "admin/";
<tr class="table-header">
<td align="center">
<a href="<?php echo $web_path; ?>/<?php echo $_SESSION['view_script']; ?>?action=<?php echo $_REQUEST['action']; ?>&amp;keep_view=true&amp;sort_type=fullname&amp;sort_order=0">
<b><?php echo _("Fullname"); ?></b>
<b><?php echo _('Fullname'); ?></b>
</a>
<a href="<?php echo $web_path; ?>/<?php echo $_SESSION['view_script']; ?>?action=<?php echo $_REQUEST['action']; ?>&amp;keep_view=true&amp;sort_type=username&amp;sort_order=0">
<b>(<?php echo _("Username"); ?>)</b>
<b>(<?php echo _('Username'); ?>)</b>
</a>
</td>
<td align="center">
@ -67,19 +68,17 @@ $admin_menu = "admin/";
</td>
</tr>
<?php
while ($results = mysql_fetch_object($db_result)) {
$user = new User($results->username);
$last_seen = date("m\/d\/Y - H:i",$user->last_seen);
if (!$user->last_seen) { $last_seen = "Never"; }
$create_date = date("m\/d\/Y - H:i",$user->create_date);
$user->format_user();
if (!$user->create_date) { $create_date = "Unknown"; }
foreach ($users as $working_user) {
$working_user->format_user();
$last_seen = date("m\/d\/Y - H:i",$working_user->last_seen);
if (!$working_user->last_seen) { $last_seen = _('Never'); }
$create_date = date("m\/d\/Y - H:i",$working_user->create_date);
if (!$working_user->create_date) { $create_date = _('Unknown'); }
?>
<tr class="<?php echo flip_class(); ?>" align="center">
<td align="left">
<a href="<?php echo $web_path; ?>/admin/users.php?action=edit&amp;user=<?php echo $user->id; ?>">
<?php echo $user->fullname; ?> (<?php echo $user->username; ?>)
<a href="<?php echo $web_path; ?>/admin/users.php?action=edit&amp;user_id=<?php echo $working_user->id; ?>">
<?php echo $working_user->fullname; ?> (<?php echo $working_user->username; ?>)
</a>
</td>
<td>
@ -90,54 +89,54 @@ while ($results = mysql_fetch_object($db_result)) {
</td>
<td>
<?php echo $user->f_useage; ?>
<?php echo $working_user->f_useage; ?>
</td>
<?php if (conf('track_user_ip')) { ?>
<td>
<a href="<?php echo $web_path; ?>/admin/users.php?action=show_ip_history&amp;user_id=<?php echo $user->id; ?>">
<?php echo $user->ip_history; ?>
<a href="<?php echo $web_path; ?>/admin/users.php?action=show_ip_history&amp;user_id=<?php echo $working_user->id; ?>">
<?php echo $working_user->ip_history; ?>
</a>
</td>
<?php } ?>
<td>
<a href="<?php echo $web_path; ?>/admin/users.php?action=edit&amp;user=<?php echo $user->id; ?>">
<a href="<?php echo $web_path; ?>/admin/users.php?action=edit&amp;user_id=<?php echo $working_user->id; ?>">
<?php echo get_user_icon('edit'); ?>
</a>
</td>
<td>
<a href="<?php echo $web_path; ?>/admin/preferences.php?action=user&amp;user_id=<?php echo $user->id; ?>">
<a href="<?php echo $web_path; ?>/admin/preferences.php?action=user&amp;user_id=<?php echo $working_user->id; ?>">
<?php echo get_user_icon('preferences'); ?>
</a>
</td>
<td>
<a href="<?php echo $web_path; ?>/stats.php?action=user_stats&amp;user_id=<?php echo $user->id; ?>">
<a href="<?php echo $web_path; ?>/stats.php?action=user_stats&amp;user_id=<?php echo $working_user->id; ?>">
<?php echo get_user_icon('statistics'); ?>
</a>
</td>
<?php
//FIXME: Fix this for the extra permission levels
if ($user->disabled == '1') {
echo "<td><a href=\"".$web_path."/admin/users.php?action=update&amp;user=$user->username&amp;level=enabled\">" . get_user_icon('enable') . "</a></td>";
echo "<td><a href=\"".$web_path."/admin/users.php?action=enable&amp;user_id=$working_user->id\">" . get_user_icon('enable') . "</a></td>";
}
else {
echo "<td><a href=\"".$web_path."/admin/users.php?action=update&amp;user=$user->username&amp;level=disabled\">" . get_user_icon('disable') ."</a></td>";
echo "<td><a href=\"".$web_path."/admin/users.php?action=disable&amp;user_id=$working_user->id\">" . get_user_icon('disable') ."</a></td>";
}
?>
<td>
<a href="<?php echo $web_path; ?>/admin/users.php?action=delete&amp;user=<?php echo $user->username; ?>">
<a href="<?php echo $web_path; ?>/admin/users.php?action=delete&amp;user_id=<?php echo $working_user->id; ?>">
<?php echo get_user_icon('delete'); ?>
</a>
</td>
<?php
if (($user->is_logged_in()) and ($user->is_online())) {
if (($working_user->is_logged_in()) and ($working_user->is_online())) {
echo "<td class=\"user_online\"> &nbsp; </td>";
} elseif ($user->disabled == 1) {
} elseif ($working_user->disabled == 1) {
echo "<td class=\"user_disabled\"> &nbsp; </td>";
} else {
echo "<td class=\"user_offline\"> &nbsp; </td>";
}
?>
</tr>
<?php } //end while ($results = mysql_fetch_object($db_result)) ?>
<?php } //end foreach users ?>
</table>
<?php show_box_bottom(); ?>

2
update.php
View file

@ -29,7 +29,7 @@
/* Start House Keeping */
// We need this stuff
$no_session = 1;
define('NO_SESSION','1');
require('lib/init.php');
// Make a blank update object