Commit 72065fb8 authored by Dries's avatar Dries

- Added a brand-new access.module which allows you to manage 'roles'
  (groups) and 'permissions' ... (inspired by Zope's system).

    + Once installed, click the help-link for more information.

    + See updates/2.00-to-x.xx.sql for the SQL updates.

- Modified loads of code to use our new access.module.  The system
  still has to mature though: new permissions have to be added and
  existing permissions need stream-lining.  Awaiting suggestions.

- As a direct result of the new access system, I had to rewrite the
  way the top-level links in admin.php are rendered and displayed,
  and xhtml-ified admin.php while I was at it.

TODO

- Home-brewed modules need updating, home-brewed themes not.
  (Examples: file.module, trip_link.module)

- As soon we *finished* the refactoring of the user system (KJ has
  been working on this refactoring already) we should consider to
  embed this role and permission code into account.module ...
parent 7752dc4c
......@@ -269,7 +269,7 @@ function account_create_submit($userid, $email) {
$new[passwd] = user_password();
$new[hash] = substr(md5("$new[userid]. ". time()), 0, 12);
$user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "status" => 1, "hash" => $new[hash]));
$user = user_save("", array("userid" => $new[userid], "real_email" => $new[real_email], "passwd" => $new[passwd], "role" => "authenticated user", "status" => 1, "hash" => $new[hash]));
$link = path_uri() ."account.php?op=confirm&name=$new[userid]&hash=$new[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
......
......@@ -2,9 +2,6 @@
include_once "includes/common.inc";
// validate user access:
if (!user_access($user)) exit();
function status($message) {
if ($message) return "<B>Status:</B> $message<HR>\n";
}
......@@ -14,33 +11,43 @@ function admin_page($mod) {
function module($name) {
global $menu, $user;
if (function_exists($name. "_admin") && user_access($user, $name)) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | ";
if (module_hook($name, "admin")) $output .= "<A HREF=\"admin.php?mod=$name\">$name</A> | ";
$menu .= $output;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><TITLE><?php echo variable_get(site_name, "drupal"); ?> administration</TITLE></HEAD>
<STYLE>
<html>
<head>
<title><?php echo variable_get(site_name, "drupal"); ?> administration pages</title>
</head>
<style>
body { font-family: helvetica, arial; }
h1 { font-famile: helvetica, arial; font-size: 18pt; font-weight: bold; color: #660000; }
h2 { font-family: helvetica, arial; font-size: 18pt; font-weight: bold; color: #000066; }
h3 { font-family: helvetica, arial; font-size: 14pt; font-weight: bold; color: #006600; }
th { font-family: helvetica, arial; text-align: center; vertical-align: top; background-color: #CCCCCC; color: #995555; }
td { font-family: helvetica, arial; }
</STYLE>
<BODY BGCOLOR="#FFFFFF" LINK="#005599" VLINK="#004499" ALINK="#FF0000">
<H1>Administration</H1>
<?php module_iterate("module"); ?>
<HR><?php echo $menu; ?><A HREF="index.php">home</A><HR>
<?php if (user_access($user, $mod)) module_invoke($mod, "admin"); ?>
</BODY>
</HTML>
</style>
<body bgcolor="#FFFFFF" link="#005599" vlink="#004499" alink="#FF0000">
<h1>Administration</h1>
<?php
foreach (module_list() as $name) {
if (module_hook($name, "admin")) $links[] = "<a href=\"admin.php?mod=$name\">$name</a>";
}
$links[] = "<a href=\"index.php\">home</a>";
print implode(" | ", $links) ."<hr />";
if ($mod) module_invoke($mod, "admin");
?>
</body>
</html>
<?php
}
user_rehash();
admin_page($mod);
if (user_access($user, "access administration pages")) {
user_rehash();
admin_page($mod);
}
?>
\ No newline at end of file
......@@ -50,16 +50,16 @@ function comment_settings($mode, $order, $threshold) {
function comment_form($edit) {
global $REQUEST_URI, $user;
// Name field:
// name field:
$form .= form_item(t("Your name"), format_username($user->userid));
// Subject field:
// subject field:
$form .= form_textfield(t("Subject"), "subject", check_input($edit[subject]), 50, 60);
// Comment field:
// comment field:
$form .= form_textarea(t("Comment"), "comment", check_input($edit[comment]), 50, 10, t("Allowed HTML tags") .": ". htmlspecialchars(variable_get("allowed_html", "")));
// Preview button:
// preview button:
$form .= form_hidden("pid", check_input($edit[pid]));
$form .= form_hidden("id", check_input($edit[id]));
......@@ -87,7 +87,12 @@ function comment_reply($pid, $id) {
$pid = 0;
}
$theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id)));
if (user_access($user, "post comments")) {
$theme->box(t("Reply"), comment_form(array(pid=>$pid, id=>$id)));
}
else {
$theme->box(t("Reply"), t("You are not authorized to post comments."));
}
}
function comment_preview($edit) {
......@@ -102,24 +107,26 @@ function comment_preview($edit) {
function comment_post($edit) {
global $theme, $user;
// check comment submission rate:
throttle("post comment", variable_get(max_comment_rate, 60));
if (user_access($user, "post comments")) {
// check comment submission rate:
throttle("post comment", variable_get(max_comment_rate, 60));
// check for duplicate comments:
$duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0);
// check for duplicate comments:
$duplicate = db_result(db_query("SELECT COUNT(cid) FROM comments WHERE pid = '". check_input($edit[pid]) ."' AND lid = '". check_input($edit[id]) ."' AND subject = '". check_input($edit[subject]) ."' AND comment = '". check_input($edit[comment]) ."'"), 0);
if ($duplicate != 0) {
watchdog("warning", "comment: duplicate '$subject'");
}
else {
// validate subject:
$subject = ($subject) ? $subject : substr($comment, 0, 29);
if ($duplicate != 0) {
watchdog("warning", "comment: duplicate '$subject'");
}
else {
// validate subject:
$subject = ($subject) ? $subject : substr($comment, 0, 29);
// add watchdog entry:
watchdog("special", "comment: added '$subject'");
// add watchdog entry:
watchdog("special", "comment: added '$subject'");
// add comment to database:
db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
// add comment to database:
db_query("INSERT INTO comments (lid, pid, author, subject, comment, hostname, timestamp, score) VALUES ('". check_input($edit[id]) ."', '". check_input($edit[pid]) ."', '$user->id', '". check_input($edit[subject]) ."', '". check_input($edit[comment]) ."', '". getenv("REMOTE_ADDR") ."', '". time() ."', '". ($user->userid ? 1 : 0) ."')");
}
}
}
......@@ -250,68 +257,71 @@ function comment_thread_max($cid, $mode, $threshold, $level = 0, $dummy = 0) {
}
function comment_render($lid, $cid) {
global $theme, $REQUEST_URI, $user;
global $user, $theme, $REQUEST_URI;
// Pre-process variables:
$lid = empty($lid) ? 0 : $lid;
$cid = empty($cid) ? 0 : $cid;
$mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4);
$order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1);
$threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3);
if (user_access($user, "view comments")) {
if ($user->id) {
// Comment control:
$theme->box(t("Comment control"), comment_controls($threshold, $mode, $order));
// Pre-process variables:
$lid = empty($lid) ? 0 : $lid;
$cid = empty($cid) ? 0 : $cid;
$mode = ($user->id) ? $user->mode : variable_get(default_comment_mode, 4);
$order = ($user->id) ? $user->sort : variable_get(default_comment_order, 1);
$threshold = ($user->id) ? $user->threshold : variable_get(default_comment_threshold, 3);
// Print moderation form:
print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n";
}
if ($user->id) {
// Comment control:
$theme->box(t("Comment control"), comment_controls($threshold, $mode, $order));
if ($cid > 0) {
$result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'");
if ($comment = db_fetch_object($result)) {
comment_view($comment, comment_link($comment));
// Print moderation form:
print "<FORM METHOD=\"post\" ACTION=\"$REQUEST_URI\">\n";
}
}
else {
if ($mode == 1) {
$result = comment_query($lid, $order);
print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n";
while ($comment = db_fetch_object($result)) {
if (comment_visible($comment, $threshold)) {
print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n";
}
if ($cid > 0) {
$result = db_query("SELECT c.*, u.* FROM comments c LEFT JOIN users u ON c.author = u.id WHERE cid = '$cid'");
if ($comment = db_fetch_object($result)) {
comment_view($comment, comment_link($comment));
}
print "</TABLE>\n";
}
else if ($mode == 2) {
$result = comment_query($lid, $order);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
else {
if ($mode == 1) {
$result = comment_query($lid, $order);
print "<TABLE BORDER=\"0\" CELLPADDING=\"2\" CELLSPACING=\"2\">\n";
print " <TR><TH>Subject</TH><TH>Author</TH><TH>Date</TH><TH>Score</TH></TR>\n";
while ($comment = db_fetch_object($result)) {
if (comment_visible($comment, $threshold)) {
print " <TR><TD><A HREF=\"". comment_uri("id=$comment->lid&cid=$comment->cid#$comment->cid") ."\">". check_output($comment->subject) ."</A></TD><TD>". format_username($comment->userid) ."</TD><TD>". format_date($comment->timestamp, "small") ."</TD><TD>". comment_score($comment) ."</TD></TR>\n";
}
}
print "</TABLE>\n";
}
}
else if ($mode == 3) {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment);
comment_thread_min($comment->cid, $threshold);
else if ($mode == 2) {
$result = comment_query($lid, $order);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
}
}
}
else {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
comment_thread_max($comment->cid, $mode, $threshold, $level + 1);
else if ($mode == 3) {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment);
comment_thread_min($comment->cid, $threshold);
}
}
else {
$result = comment_query($lid, $order, 0);
while ($comment = db_fetch_object($result)) {
comment_view($comment, (comment_visible($comment, $threshold) ? comment_link($comment, 0) : 0));
comment_thread_max($comment->cid, $mode, $threshold, $level + 1);
}
}
}
}
if ($user->id) {
// Print moderation form:
print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n";
print "</FORM>\n";
if ($user->id) {
// Print moderation form:
print " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$lid\">\n";
print " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Moderate comments") ."\">\n";
print "</FORM>\n";
}
}
}
......
......@@ -25,7 +25,7 @@ function watchdog($type, $message) {
function throttle($type, $rate) {
global $user;
if (!user_access($user)) {
if (!user_access($user, "access administration pages")) {
if ($throttle = db_fetch_object(db_query("SELECT * FROM watchdog WHERE type = '$type' AND hostname = '". getenv("REMOTE_ADDR") ."' AND ". time() ." - timestamp < $rate"))) {
watchdog("warning", "throttle: '". getenv("REMOTE_ADDR") ."' exceeded submission rate - $throttle->type");
die(message_throttle());
......@@ -46,8 +46,8 @@ function path_img() {
return "./images/";
}
function message_account() {
return t("This page requires a valid user account. Please <A HREF=\"account.php\">create a user account</A> and <A HREF=\"account.php\">login</A> prior to accessing it.");
function message_access() {
return t("You are not authorized to access to this page.");
}
function message_throttle() {
......@@ -136,7 +136,7 @@ function format_date($timestamp, $type = "medium", $format = "") {
function format_username($username) {
global $user;
if ($username) return (user_access($user, "account") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>");
if ($username) return (user_access($user, "add and edit user accounts") ? "<A HREF=\"admin.php?mod=account&op=view&name=". urlencode($username) ."\">$username</A>" : "<A HREF=\"account.php?op=view&name=". urlencode($username) ."\">$username</A>");
else return variable_get(anonymous, "Anonymous");
}
......
......@@ -236,7 +236,7 @@ function node_index($node) {
function node_visible($node) {
global $user, $status;
return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "node");
return ($node->status == $status[posted]) || ($node->status == $status[queued] && $user->id) || user_access($user, $node->type) || user_access($user, "add and edit nodes");
}
function node_access($account, $node) {
......
......@@ -59,9 +59,9 @@ function theme_account($theme) {
$content .= "<A HREF=\"account.php?op=edit&topic=content\">". t("edit your content") ."</A><BR>\n";
$content .= "<P>\n";
if (user_access($user)) {
if (user_access($user, "access administration pages")) {
$content .= "<A HREF=\"admin.php\">". strtr(t("administer %a"), array("%a" => variable_get("site_name", "drupal"))) ."</A><BR>\n";
$content .= "<P>\n";
$content .= "<P>\n";
}
foreach (module_list() as $name) {
......
......@@ -3,14 +3,14 @@
class User {
function User($userid, $passwd = 0) {
if ($passwd) {
$result = db_query("SELECT * FROM users WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') && STATUS = 2");
$result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE LOWER(userid) = LOWER('$userid') && passwd = PASSWORD('$passwd') AND status = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
}
}
else {
$result = db_query("SELECT * FROM users WHERE userid = '$userid' && STATUS = 2");
$result = db_query("SELECT u.*, r.perm FROM users u LEFT JOIN role r ON u.role = r.name WHERE u.userid = '$userid' AND u.status = 2");
if (db_num_rows($result) == 1) {
foreach (db_fetch_row($result) as $key=>$value) { $field = mysql_field_name($result, $key); $this->$field = stripslashes($value); $this->field[] = $field; }
db_query("UPDATE users SET last_access = '". time() ."', last_host = '$GLOBALS[REMOTE_ADDR]' WHERE id = $this->id");
......@@ -52,10 +52,16 @@ function user_save($account, $array) {
return user_load(($account->userid ? $account->userid : $array[userid]));
}
function user_access($account, $section = 0) {
global $user;
if ($section) return (field_get($account->access, $section) || $account->id == 1);
else return ($account->access || $account->id == 1);
function user_access($account, $perm) {
if ($account->id == 1) {
return 1;
}
else if ($account->perm) {
return strstr($account->perm, $perm);
}
else {
return db_fetch_object(db_query("SELECT * FROM role WHERE name = 'anonymous user' AND perm LIKE '%$perm%'"));
}
}
function user_ban($mask, $type) {
......
......@@ -4,12 +4,19 @@
page_header();
$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
$theme->header();
while ($node = db_fetch_object($result)) {
node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
if (user_access($user, "view content")) {
$result = db_query("SELECT nid, type FROM node WHERE ". ($meta ? "attributes LIKE '%". check_input($meta) ."%' AND " : "") ." promote = '1' AND status = '". node_status("posted") ."' AND timestamp <= '". ($date > 0 ? check_input($date) : time()) ."' ORDER BY timestamp DESC LIMIT ". ($user->nodes ? $user->nodes : variable_get(default_nodes_main, 10)));
while ($node = db_fetch_object($result)) {
node_view(node_get_object(array("nid" => $node->nid, "type" => $node->type)), 1);
}
}
else {
$theme->box("Access denied", message_access());
}
$theme->footer();
page_footer();
......
......@@ -32,6 +32,10 @@ function account_help() {
<?php
}
function account_perm() {
return array("add and edit user accounts");
}
function account_conf_options() {
$output .= form_select(t("Public accounts"), "account_register", variable_get("account_register", 1), array("Disabled", "Enabled"), "If enabled, everyone can create a new user account. If disabled, new user accounts can only be created by site administrators.");
return $output;
......@@ -41,7 +45,7 @@ function account_search($keys) {
global $user;
$result = db_query("SELECT * FROM users WHERE userid LIKE '%$keys%' LIMIT 20");
while ($account = db_fetch_object($result)) {
$find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "account") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid);
$find[$i++] = array("title" => $account->userid, "link" => (user_access($user, "add and edit user accounts") ? "admin.php?mod=account&op=view&name=". urlencode($account->userid) : "account.php?op=view&name=". urlencode($account->userid)), "user" => $account->userid);
}
return $find;
}
......@@ -99,15 +103,6 @@ function account_overview($query = array()) {
return $output;
}
function account_access($account) {
$data = explode(",", $account->access);
foreach ($data as $array) {
$access = explode("=", $array);
if ($access[0]) $output .= " $access[0]";
}
return $output;
}
function account_blocks($id) {
$result = db_query("SELECT * FROM layout WHERE user = '$id'");
while ($layout = db_fetch_object($result)) {
......@@ -143,24 +138,11 @@ function account_delete($name) {
}
function account_form($account = 0) {
global $access;
function access($name) {
global $access, $account;
if (module_hook($name, "admin")) $access[$name] = $name;
}
module_iterate("access");
$account->access = explode(",", $account->access);
foreach ($account->access as $key=>$value) {
$account->access[$key] = substr($value, 0, -2);
}
$form .= $account->id ? form_item("ID", $account->id) . form_hidden("id", $account->id) : "";
$form .= $account->userid ? form_item(t("Username"), check_output($account->userid)) . form_hidden("userid", $account->userid) : form_textfield(t("Username"), "userid", $account->userid, 15, 15);
$form .= form_select(t("Status"), "status", ($account->status ? $account->status : 1), array("blocked", "not confirmed", "open"));
$form .= form_select(t("Administrator access"), "access", $account->access, $access, 0, "multiple=\"true\" size=\"10\"");
// $form .= form_item(t("Administrator access"), "<SELECT NAME=\"edit[access][]\" MULTIPLE=\"true\" SIZE=\"10\">$access</SELECT>");
$form .= form_select(t("Status"), "status", $account->status, array("blocked", "not confirmed", "open"));
$form .= form_select(t("Role"), "role", $account->role, access_get_roles());
$form .= form_textfield(t("Real name"), "name", $account->name, 30, 55);
$form .= form_textfield(t("Real e-mail address"), "real_email", $account->real_email, 30, 55);
$form .= form_textfield(t("Fake e-mail address"), "fake_email", $account->fake_email, 30, 55);
......@@ -179,18 +161,8 @@ function account_save($edit) {
if ($edit[id]) {
// Updating existing account
foreach ($edit as $key=>$value) {
if ($key != "access") {
$query .= "$key = '". addslashes($value) ."', ";
}
}
if ($edit[access]) {
foreach ($edit[access] as $key=>$value) {
$access = field_set($access, $value, 1);
}
}
$query .= "access = '$access'";
db_query("UPDATE users SET $query WHERE id = $edit[id]");
watchdog("account", "account: modified user '$edit[userid]'");
return $edit[userid];
......@@ -208,14 +180,7 @@ function account_save($edit) {
$edit[passwd] = user_password();
$edit[hash] = substr(md5("$edit[userid]. ". time()), 0, 12);
if ($edit[access]) {
foreach ($edit[access] as $key=>$value) {
$access = field_set($access, $value, 1);
}
$edit[access] = $access;
}
$user = user_save("", array("userid" => $edit[userid], "access" => $edit[access], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash]));
$user = user_save("", array("userid" => $edit[userid], "role" => $edit[role], "real_email" => $edit[real_email], "passwd" => $edit[passwd], "status" => $edit[status], "hash" => $edit[hash]));
$link = path_uri() ."account.php?op=confirm&name=". urlencode($edit[userid]) ."&hash=$edit[hash]";
$subject = strtr(t("Account details for %a"), array("%a" => variable_get(site_name, "drupal")));
......@@ -231,8 +196,6 @@ function account_save($edit) {
}
function account_edit($name) {
$status = array("blocked", "not confirmed", "open");
$result = db_query("SELECT * FROM users WHERE userid = '$name'");
if ($account = db_fetch_object($result)) {
......@@ -258,7 +221,7 @@ function account_view($name) {
$output .= " <TR><TH>ID:</TH><TD>$account->id</TD></TR>\n";
$output .= " <TR><TH>Username:</TH><TD>$account->userid</TD></TR>\n";
$output .= " <TR><TH>Status:</TH><TD>". $status[$account->status] ."</TD></TR>\n";
$output .= " <TR><TH>Access:</TH><TD>". check_output(account_access($account)) ."</TD></TR>\n";
$output .= " <TR><TH>Role:</TH><TD>". check_output($account->role) ."</TD></TR>\n";
$output .= " <TR><TH>Real name:</TH><TD>". check_output($account->name) ."</TD></TR>\n";
$output .= " <TR><TH>Real e-mail address:</TH><TD>". format_email($account->real_email) ."</TD></TR>\n";
$output .= " <TR><TH>Fake e-mail address:</TH><TD>". check_output($account->fake_email) ."</TD></TR>\n";
......@@ -280,72 +243,77 @@ function account_view($name) {
}
function account_query($type = "") {
$queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with access rights", "WHERE access != '' ORDER BY last_access DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC"));
$queries = array(array("users recently visiting", "ORDER BY last_access DESC"), array("users recently joining", "ORDER BY id DESC"), array("users with pending accounts", "WHERE status = 1 ORDER BY last_access DESC"), array("users with blocked accounts", "WHERE status = 0 ORDER BY last_access DESC"));
return ($queries[$type] ? $queries[$type] : $queries);
}
function account_admin() {
global $op, $edit, $id, $mod, $keys, $order, $name, $query;
print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>";
$query = $query ? $query : 0;
$name = $name ? $name : $edit[name];
switch ($op) {
case "access":
print account_ac();
break;
case "Add rule":
print status(account_ac_add($edit));
print account_ac();
break;
case "Check":
print status(account_ac_check($edit));
print account_ac();
break;
case "delete":
print status(account_ac_del($id));
print account_ac();
break;
case "Delete account":
print status(account_delete($name));
print account_overview(account_query($query));
break;
case "add":
print account_add();
break;
case "Edit account":
case "edit":
print account_edit($name);
break;
case "help":
print account_help();
break;
case "listing":
print node_listing(account_query());
break;
case "search":
print search_form($keys);
print search_data($keys, $mod);
break;
case "Save account":
$name = account_save($edit);
if ($name)
print account_view($name);
else {
foreach ($edit as $key=>$value) {
$account->$key = $value;
global $user, $op, $edit, $id, $mod, $keys, $order, $name, $query;
if (user_access($user, "add and edit user accounts")) {
print "<SMALL><A HREF=\"admin.php?mod=account&op=access\">access control</A> | <A HREF=\"admin.php?mod=account&op=add\">add new account</A> | <A HREF=\"admin.php?mod=account&op=listing\">account listings</A> | <A HREF=\"admin.php?mod=account&op=search\">search account</A> | <A HREF=\"admin.php?mod=account\">overview</A> | <A HREF=\"admin.php?mod=account&op=help\">help</A></SMALL><HR>";
$query = $query ? $query : 0;
$name = $name ? $name : $edit[name];
switch ($op) {
case "access":
print account_ac();
break;
case "Add rule":