xref: /dokuwiki/lib/plugins/usermanager/admin.php (revision 63afe2a672816009caccc863882c7215115bc306) 
1<?php
2/*
3 *  User Manager
4 *
5 *  Dokuwiki Admin Plugin
6 *
7 *  This version of the user manager has been modified to only work with
8 *  objectified version of auth system
9 *
10 *  @author  neolao <neolao@neolao.com>
11 *  @author  Chris Smith <chris@jalakai.co.uk>
12 */
13if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../../').'/');
14if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
15if(!defined('DOKU_PLUGIN_IMAGES')) define('DOKU_PLUGIN_IMAGES',DOKU_BASE.'lib/plugins/usermanager/images/');
16require_once(DOKU_PLUGIN.'admin.php');
17
18/**
19 * All DokuWiki plugins to extend the admin function
20 * need to inherit from this class
21 */
22class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
23
24    var $_auth = null;        // auth object
25    var $_user_total = 0;     // number of registered users
26    var $_filter = array();   // user selection filter(s)
27    var $_start = 0;          // index of first user to be displayed
28    var $_last = 0;           // index of the last user to be displayed
29    var $_pagesize = 20;      // number of users to list on one page
30    var $_user_edit = null;   // set to user selected for editing
31    var $_disabled = '';      // if disabled set to explanatory string
32
33    /**
34     * Constructor
35     */
36    function admin_plugin_usermanager(){
37        global $auth;
38
39        $this->setupLocale();
40
41        if (!isset($auth)) {
42          $this->disabled = $this->lang['noauth'];
43        } else if (!$auth->canDo('getUsers')) {
44          $this->disabled = $this->lang['notsupported'];
45        } else {
46
47          // we're good to go
48          $this->_auth = & $auth;
49
50                }
51    }
52
53    /**
54     * return some info
55     */
56    function getInfo(){
57
58        return array(
59            'author' => 'Chris Smith',
60            'email'  => 'chris@jalakai.co.uk',
61            'date'   => '2005-11-24',
62            'name'   => 'User Manager',
63            'desc'   => 'Manage users '.$this->disabled,
64            'url'    => 'http://wiki.splitbrain.org/plugin:user_manager',
65        );
66    }
67     /**
68     * return prompt for admin menu
69     */
70    function getMenuText($language) {
71
72        if (!is_null($this->_auth))
73          return parent::getMenuText($language);
74
75        return $this->getLang["menu"].' '.$this->disabled;
76    }
77
78    /**
79     * return sort order for position in admin menu
80     */
81    function getMenuSort() {
82        return 2;
83    }
84
85    /**
86     * handle user request
87     */
88    function handle() {
89        global $ID;
90
91        if (is_null($this->_auth)) return false;
92
93        // extract the command and any specific parameters
94        // submit button name is of the form - fn[cmd][param(s)]
95        $fn   = $_REQUEST['fn'];
96
97        if (is_array($fn)) {
98            $cmd = key($fn);
99            $param = is_array($fn[$cmd]) ? key($fn[$cmd]) : null;
100        } else {
101            $cmd = $fn;
102            $param = null;
103        }
104
105        if ($cmd != "search") {
106          if (!empty($_REQUEST['start']))
107            $this->_start = $_REQUEST['start'];
108          $this->_filter = $this->_retrieveFilter();
109        }
110
111        switch($cmd){
112          case "add"    : $this->_addUser(); break;
113          case "delete" : $this->_deleteUser(); break;
114          case "modify" : $this->_modifyUser(); break;
115          case "edit"   : $this->_edit_user = $param; break;     // no extra handling required - only html
116          case "search" : $this->_setFilter($param);
117                          $this->_start = 0;
118                          break;
119        }
120
121        $this->_user_total = $this->_auth->canDo('getUserCount') ? $this->_auth->getUserCount($this->_filter) : -1;
122
123        // page handling
124        switch($cmd){
125          case 'start' : $this->_start = 0; break;
126          case 'prev'  : $this->_start -= $this->_pagesize; break;
127          case 'next'  : $this->_start += $this->_pagesize; break;
128          case 'last'  : $this->_start = $this->_user_total; break;
129        }
130        $this->_validatePagination();
131    }
132
133    /**
134     * output appropriate html
135     */
136    function html() {
137        global $ID;
138
139        if(is_null($this->_auth)) {
140            print $this->lang['badauth'];
141            return false;
142        }
143
144        $user_list = $this->_auth->retrieveUsers($this->_start, $this->_pagesize, $this->_filter);
145        $users = array_keys($user_list);
146
147        $page_buttons = $this->_pagination();
148        $delete_disable = $this->_auth->canDo('delUser') ? '' : 'disabled="disabled"';
149
150        if ($this->_auth->canDo('UserMod')) {
151            $edit_disable = '';
152            $img_useredit = 'user_edit.png';
153        } else {
154            $edit_disable = 'disabled="disabled"';
155            $img_useredit = 'no_user_edit.png';
156        }
157
158        print $this->locale_xhtml('intro');
159        print $this->locale_xhtml('list');
160
161        ptln("<div class=\"level2\" style=\"margin-bottom: 2em;\">");
162
163        if ($this->_user_total > 0) {
164          ptln("<p>".sprintf($this->lang['summary'],$this->_start+1,$this->_last,$this->_user_total,$this->_auth->getUserCount())."</p>");
165        } else {
166          ptln("<p>".sprintf($this->lang['nonefound'],$this->_auth->getUserCount())."</p>");
167        }
168        ptln("<form action=\"".wl($ID)."\" method=\"post\">");
169        ptln("  <table class=\"inline\">");
170        ptln("    <thead>");
171        ptln("      <tr>");
172        ptln("        <th colspan=\"2\">&nbsp;</th><th>".$this->lang["user_id"]."</th><th>".$this->lang["user_name"]."</th><th>".$this->lang["user_mail"]."</th><th>".$this->lang["user_groups"]."</th>");
173        ptln("      </tr>");
174
175        ptln("      <tr>");
176        ptln("        <td colspan=\"2\" style=\"vertical-align:middle; text-align:right;\"><input type=\"image\" src=\"".DOKU_PLUGIN_IMAGES."search.png\" name=\"fn[search][new]\" title=\"".$this->lang['search_prompt']."\" alt=\"".$this->lang['search']."\" /></td>");
177        ptln("        <td><input type=\"text\" name=\"userid\" value=\"".$this->_htmlFilter('user')."\" /></td>");
178        ptln("        <td><input type=\"text\" name=\"username\" value=\"".$this->_htmlFilter('name')."\" /></td>");
179        ptln("        <td><input type=\"text\" name=\"usermail\" value=\"".$this->_htmlFilter('mail')."\" /></td>");
180        ptln("        <td><input type=\"text\" name=\"usergroups\" value=\"".$this->_htmlFilter('grps')."\" /></td>");
181        ptln("      </tr>");
182        ptln("    </thead>");
183
184        if ($this->_user_total) {
185          ptln("    <tbody>");
186          foreach ($user_list as $user => $userinfo) {
187            extract($userinfo);
188            $groups = join(', ',$grps);
189            ptln("    <tr valign=\"top\" align=\"left\">");
190            ptln("      <td class=\"centeralign\"><input type=\"checkbox\" name=\"delete[".$user."]\" ".$delete_disable." /></td>");
191            ptln("      <td class=\"centeralign\"><input type=\"image\" name=\"fn[edit][".$user."]\" ".$edit_disable." src=\"".DOKU_PLUGIN_IMAGES.$img_useredit."\" title=\"".$this->lang['edit_prompt']."\" alt=\"".$this->lang['edit']."\"/></td>");
192            ptln("      <td>".hsc($user)."</td><td>".hsc($name)."</td><td>".hsc($mail)."</td><td>".hsc($groups)."</td>");
193            ptln("    </tr>");
194          }
195          ptln("    </tbody>");
196        }
197
198        ptln("    <tbody>");
199        ptln("      <tr><td colspan=\"6\" style=\"text-align:center\">");
200        ptln("        <span style=\"float:left\">");
201        ptln("          <input type=\"submit\" name=\"fn[delete]\" ".$delete_disable." value=\"".$this->lang['delete_selected']."\" id=\"usrmgr__del\" />");
202        ptln("        </span>");
203        ptln("        <span style=\"float:right\">");
204        ptln("          <input type=\"submit\" name=\"fn[start]\" ".$page_buttons['start']." value=\"".$this->lang['start']."\" />");
205        ptln("          <input type=\"submit\" name=\"fn[prev]\" ".$page_buttons['prev']." value=\"".$this->lang['prev']."\" />");
206        ptln("          <input type=\"submit\" name=\"fn[next]\" ".$page_buttons['next']." value=\"".$this->lang['next']."\" />");
207        ptln("          <input type=\"submit\" name=\"fn[last]\" ".$page_buttons['last']." value=\"".$this->lang['last']."\" />");
208        ptln("        </span>");
209        ptln("        <input type=\"submit\" name=\"fn[search][clear]\" value=\"".$this->lang['clear']."\" />");
210        ptln("      </td></tr>");
211        ptln("    </tbody>");
212        ptln("  </table>");
213        ptln("  <input type=\"hidden\" name=\"do\"    value=\"admin\" />");
214        ptln("  <input type=\"hidden\" name=\"page\"  value=\"usermanager\" />");
215
216        $this->_htmlFilterSettings(2);
217
218        ptln("</form>");
219        ptln("</div>");
220
221        $style = $this->_edit_user ? " style=\"width: 46%; float: left;\"" : "";
222
223        if ($this->_auth->canDo('addUser')) {
224          ptln("<div".$style.">");
225          print $this->locale_xhtml('add');
226          ptln("  <div class=\"level2\">");
227
228          $this->_htmlUserForm('add',null,4);
229
230          ptln("  </div>");
231          ptln("</div>");
232        }
233
234        if($this->_edit_user  && $this->_auth->canDo('UserMod')){
235          ptln("<div".$style." id=\"scroll__here\">");
236          print $this->locale_xhtml('edit');
237          ptln("  <div class=\"level2\">");
238
239          $this->_htmlUserForm('modify',$this->_edit_user,4);
240
241          ptln("  </div>");
242          ptln("</div>");
243        }
244    }
245
246
247		/**
248     * @todo disable fields which the backend can't change
249     */
250    function _htmlUserForm($cmd,$user=null,$indent=0) {
251
252        if ($user) {
253          extract($this->_auth->getUserData($user));
254          $groups = join(',',$grps);
255        } else {
256          $user = $name = $mail = $groups = '';
257        }
258
259        ptln("<form action=\"".wl($ID)."\" method=\"post\">",$indent);
260        ptln("  <table class=\"inline\">",$indent);
261        ptln("    <thead>",$indent);
262        ptln("      <tr><th>".$this->lang["field"]."</th><th>".$this->lang["value"]."</th></tr>",$indent);
263        ptln("    </thead>",$indent);
264        ptln("    <tbody>",$indent);
265        ptln("      <tr><td><label for=\"".$cmd."_userid\" >".$this->lang["user_id"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_userid\" name=\"userid\" value=\"".$user."\" /></td></tr>",$indent);
266        ptln("      <tr><td><label for=\"".$cmd."_userpass\" >".$this->lang["user_pass"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_userpass\" name=\"userpass\" value=\"\" /></td></tr>",$indent);
267        ptln("      <tr><td><label for=\"".$cmd."_username\" >".$this->lang["user_name"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_username\" name=\"username\" value=\"".$name."\" /></td></tr>",$indent);
268        ptln("      <tr><td><label for=\"".$cmd."_usermail\" >".$this->lang["user_mail"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_usermail\" name=\"usermail\" value=\"".$mail."\" /></td></tr>",$indent);
269        ptln("      <tr><td><label for=\"".$cmd."_usergroups\" >".$this->lang["user_groups"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_usergroups\" name=\"usergroups\" value=\"".$groups."\" /></td></tr>",$indent);
270        ptln("    </tbody>",$indent);
271        ptln("    <tbody>",$indent);
272        ptln("      <tr>",$indent);
273        ptln("        <td colspan=\"2\">",$indent);
274        ptln("          <input type=\"hidden\" name=\"do\"    value=\"admin\" />",$indent);
275        ptln("          <input type=\"hidden\" name=\"page\"  value=\"usermanager\" />",$indent);
276
277        // save current $user, we need this to access details if the name is changed
278        if ($user)
279          ptln("          <input type=\"hidden\" name=\"userid_old\"  value=\"".$user."\" />",$indent);
280
281        $this->_htmlFilterSettings($indent+10);
282
283        ptln("          <input type=\"submit\" name=\"fn[".$cmd."]\" value=\"".$this->lang[$cmd]."\" />",$indent);
284        ptln("        </td>",$indent);
285        ptln("      </tr>",$indent);
286        ptln("    </tbody>",$indent);
287        ptln("  </table>",$indent);
288        ptln("</form>",$indent);
289    }
290
291    function _htmlFilter($key) {
292        if (empty($this->_filter)) return '';
293        return (isset($this->_filter[$key]) ? hsc($this->_filter[$key]) : '');
294    }
295
296    function _htmlFilterSettings($indent=0) {
297
298        ptln("<input type=\"hidden\" name=\"start\" value=\"".$this->_start."\" />",$indent);
299
300        foreach ($this->_filter as $key => $filter) {
301          ptln("<input type=\"hidden\" name=\"filter[".$key."]\" value=\"".hsc($filter)."\" />",$indent);
302        }
303    }
304
305    function _addUser(){
306
307        if (!$this->_auth->canDo('addUser')) return false;
308
309        list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser();
310        if (empty($user)) return false;
311
312        return $this->_auth->createUser($user,$pass,$name,$mail,$grps);
313    }
314
315    /**
316     * Delete user
317     */
318    function _deleteUser(){
319
320        if (!$this->_auth->canDo('delUser')) return false;
321
322        $selected = $_REQUEST['delete'];
323        if (!is_array($selected) || empty($selected)) return false;
324        $selected = array_keys($selected);
325
326        $count = $this->_auth->deleteUsers($selected);
327        if ($count == count($selected)) {
328          $text = str_replace('%d', $count, $this->lang['delete_ok']);
329          msg("$text.", 1);
330        } else {
331          $part1 = str_replace('%d', $count, $this->lang['delete_ok']);
332          $part2 = str_replace('%d', (count($selected)-$count), $this->lang['delete_fail']);
333          msg("$part1, $part2",-1);
334        }
335    }
336
337    /**
338     * Modify user
339     */
340    function _modifyUser(){
341        if (!$this->_auth->canDo('UserMod')) return false;
342
343		/* get currently valid  user data */
344        $olduser = cleanID(preg_replace('/.*:/','',$_REQUEST['userid_old']));
345        $oldinfo = $this->_auth->getUserData($olduser);
346
347		/* get new user data subject to change */
348        list($newuser,$newpass,$newname,$newmail,$newgrps) = $this->_retrieveUser();
349        if (empty($newuser)) return false;
350
351        $changes = array();
352        if ($newuser != $olduser) {
353          /* check if $newuser already exist */
354          if ($this->_auth->getUserData($newuser)) {
355            msg(sprintf($this->lang['update_exists'],$newuser),-1);
356            $this->_edit_user = $olduser;
357          } else {
358            $changes['user'] = $newuser;
359          }
360        }
361
362        if (!empty($newpass))
363		  $changes['pass'] = $newpass;
364        if (!empty($newname) && $newname != $oldinfo['name'])
365		  $changes['name'] = $newname;
366        if (!empty($newmail) && $newmail != $oldinfo['mail'])
367		  $changes['mail'] = $newmail;
368        if (!empty($newgrps) && $newgrps != $oldinfo['grps'])
369		  $changes['grps'] = $newgrps;
370
371		if ($this->_auth->modifyUser($olduser, $changes)) {
372          msg($this->lang['update_ok'],1);
373        } else {
374          msg($this->lang['update_fail'],-1);
375        }
376    }
377
378    /*
379     * retrieve & clean user data from the form
380     * return an array(user, password, full name, email, array(groups))
381     */
382    function _retrieveUser($clean=true) {
383
384        $user[0] = ($clean) ? cleanID(preg_replace('/.*:/','',$_REQUEST['userid'])) : $_REQUEST['userid'];
385        $user[1] = $_REQUEST['userpass'];
386        $user[2] = $_REQUEST['username'];
387        $user[3] = $_REQUEST['usermail'];
388        $user[4] = preg_split('/\s*,\s*/',$_REQUEST['usergroups'],-1,PREG_SPLIT_NO_EMPTY);
389
390        if (is_array($user[4]) && (count($user[4]) == 1) && (trim($user[4][0]) == '')) {
391            $user[4] = null;
392        }
393
394        return $user;
395    }
396
397    function _setFilter($op) {
398
399        $this->_filter = array();
400
401        if ($op == 'new') {
402          list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser(false);
403
404          if (!empty($user)) $this->_filter['user'] = $user;
405          if (!empty($name)) $this->_filter['name'] = $name;
406          if (!empty($mail)) $this->_filter['mail'] = $mail;
407          if (!empty($grps)) $this->_filter['grps'] = join('|',$grps);
408        }
409    }
410
411    function _retrieveFilter() {
412
413        $t_filter = $_REQUEST['filter'];
414        if (!is_array($t_filter)) return array();
415
416        // messy, but this way we ensure we aren't getting any additional crap from malicious users
417        $filter = array();
418
419        if (isset($t_filter['user'])) $filter['user'] = $t_filter['user'];
420        if (isset($t_filter['name'])) $filter['name'] = $t_filter['name'];
421        if (isset($t_filter['mail'])) $filter['mail'] = $t_filter['mail'];
422        if (isset($t_filter['grps'])) $filter['grps'] = $t_filter['grps'];
423
424        return $filter;
425    }
426
427    function _validatePagination() {
428
429        if ($this->_start >= $this->_user_total) {
430          $this->_start = $this->_user_total - $this->_pagesize;
431        }
432        if ($this->_start < 0) $this->_start = 0;
433
434        $this->_last = min($this->_user_total, $this->_start + $this->_pagesize);
435    }
436
437    /*
438     *  return an array of strings to enable/disable pagination buttons
439     */
440    function _pagination() {
441
442        $disabled = 'disabled="disabled"';
443
444        $buttons['start'] = $buttons['prev'] = ($this->_start == 0) ? $disabled : '';
445
446        if ($this->_user_total == -1) {
447          $buttons['last'] = $disabled;
448          $buttons['next'] = '';
449        } else {
450          $buttons['last'] = $buttons['next'] = (($this->_start + $this->_pagesize) >= $this->_user_total) ? $disabled : '';
451        }
452
453        return $buttons;
454    }
455}
456