xref: /dokuwiki/lib/plugins/usermanager/admin.php (revision 64c0800bb5449e485479047c9acac8b0136dd9cf) 
1<?php
2/*
3 *  User Manager
4 *
5 *  Dokuwiki Admin Plugin
6 *
7 *  This version of the user manager has been modified to only work with
8 *  objectified version of auth system
9 *
10 *  @author  neolao <neolao@neolao.com>
11 *  @author  Chris Smith <chris@jalakai.co.uk>
12 */
13if(!defined('DOKU_INC')) define('DOKU_INC',realpath(dirname(__FILE__).'/../../../').'/');
14if(!defined('DOKU_PLUGIN')) define('DOKU_PLUGIN',DOKU_INC.'lib/plugins/');
15if(!defined('DOKU_PLUGIN_IMAGES')) define('DOKU_PLUGIN_IMAGES',DOKU_BASE.'lib/plugins/usermanager/images/');
16require_once(DOKU_PLUGIN.'admin.php');
17
18/**
19 * All DokuWiki plugins to extend the admin function
20 * need to inherit from this class
21 */
22class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
23
24    var $_auth = null;        // auth object
25    var $_user_total = 0;     // number of registered users
26    var $_filter = array();   // user selection filter(s)
27    var $_start = 0;          // index of first user to be displayed
28    var $_last = 0;           // index of the last user to be displayed
29    var $_pagesize = 20;      // number of users to list on one page
30    var $_user_edit = null;   // set to user selected for editing
31    var $_disabled = '';      // if disabled set to explanatory string
32
33    /**
34     * Constructor
35     */
36    function admin_plugin_usermanager(){
37        global $auth;
38
39        $this->setupLocale();
40
41        if (!isset($auth)) {
42          $this->disabled = $this->lang['noauth'];
43        } else if (!$auth->canDo('retrieveUsers')) {
44          $this->disabled = $this->lang['notsupported'];
45        } else {
46
47          // we're good to go
48          $this->_auth = & $auth;
49
50                }
51    }
52
53    /**
54     * return some info
55     */
56    function getInfo(){
57
58        return array(
59            'author' => 'Chris Smith',
60            'email'  => 'chris@jalakai.co.uk',
61            'date'   => '2005-11-24',
62            'name'   => 'User Manager',
63            'desc'   => 'Manage users '.$this->disabled,
64            'url'    => 'http://wiki.splitbrain.org/plugin:user_manager',
65        );
66    }
67     /**
68     * return prompt for admin menu
69     */
70    function getMenuText($language) {
71
72        if (!is_null($this->_auth))
73          return parent::getMenuText($language);
74
75        return $this->getLang["menu"].' '.$this->disabled;
76    }
77
78    /**
79     * return sort order for position in admin menu
80     */
81    function getMenuSort() {
82        return 2;
83    }
84
85    /**
86     * handle user request
87     */
88    function handle() {
89        global $ID;
90
91        if (is_null($this->_auth)) return false;
92
93        // extract the command and any specific parameters
94        // submit button name is of the form - fn[cmd][param(s)]
95        $fn   = $_REQUEST['fn'];
96
97        if (is_array($fn)) {
98            $cmd = key($fn);
99            $param = is_array($fn[$cmd]) ? key($fn[$cmd]) : null;
100        } else {
101            $cmd = $fn;
102            $param = null;
103        }
104
105        if ($cmd != "search") {
106          $this->_start = $_REQUEST['start'];
107          $this->_filter = $this->_retrieveFilter();
108        }
109
110        switch($cmd){
111          case "add"    : $this->_addUser(); break;
112          case "delete" : $this->_deleteUser(); break;
113          case "modify" : $this->_modifyUser(); break;
114          case "edit"   : $this->_edit_user = $param; break;     // no extra handling required - only html
115          case "search" : $this->_setFilter($param);
116                          $this->_start = 0;
117                          break;
118        }
119
120        $this->_user_total = $this->_auth->canDo('getUserCount') ? $this->_auth->getUserCount($this->_filter) : -1;
121
122        // page handling
123        switch($cmd){
124          case 'start' : $this->_start = 0; break;
125          case 'prev'  : $this->_start -= $this->_pagesize; break;
126          case 'next'  : $this->_start += $this->_pagesize; break;
127          case 'last'  : $this->_start = $this->_user_total; break;
128        }
129        $this->_validatePagination();
130    }
131
132    /**
133     * output appropriate html
134     */
135    function html() {
136        global $ID;
137
138        if(is_null($this->_auth)) {
139            print $this->lang['badauth'];
140            return false;
141        }
142
143        $user_list = $this->_auth->retrieveUsers($this->_start, $this->_pagesize, $this->_filter);
144        $users = array_keys($user_list);
145
146        $page_buttons = $this->_pagination();
147        $edit_disable = $this->_auth->canDo('modifyUser') ? '' : 'disabled="disabled"';
148        $delete_disable = $this->_auth->canDo('deleteUsers') ? '' : 'disabled="disabled"';
149
150        print $this->locale_xhtml('intro');
151        print $this->locale_xhtml('list');
152
153        ptln("<div class=\"level2\" style=\"margin-bottom: 2em;\">");
154
155        if ($this->_user_total) {
156          ptln("<p>".sprintf($this->lang['summary'],$this->_start+1,$this->_last,$this->_user_total,$this->_auth->getUserCount())."</p>");
157        } else {
158          ptln("<p>".sprintf($this->lang['nonefound'],$this->_auth->getUserCount())."</p>");
159        }
160        ptln("<form action=\"".wl($ID)."\" method=\"post\">");
161        ptln("  <table class=\"inline\">");
162        ptln("    <thead>");
163        ptln("      <tr>");
164        ptln("        <th colspan=\"2\">&nbsp;</th><th>".$this->lang["user_id"]."</th><th>".$this->lang["user_name"]."</th><th>".$this->lang["user_mail"]."</th><th>".$this->lang["user_groups"]."</th>");
165        ptln("      </tr>");
166
167        ptln("      <tr>");
168//        ptln("        <td colspan=\"2\"><input type=\"submit\" name=\"fn[search][new]\" value=\"".$this->lang['search']."\" /></td>");
169        ptln("        <td colspan=\"2\" style=\"vertical-align:middle; text-align:right;\"><input type=\"image\" src=\"".DOKU_PLUGIN_IMAGES."search.png\" name=\"fn[search][new]\" title=\"".$this->lang['search_prompt']."\" alt=\"".$this->lang['search']."\" /></td>");
170        ptln("        <td><input type=\"text\" name=\"userid\" value=\"".$this->_htmlFilter('user')."\" /></td>");
171        ptln("        <td><input type=\"text\" name=\"username\" value=\"".$this->_htmlFilter('name')."\" /></td>");
172        ptln("        <td><input type=\"text\" name=\"usermail\" value=\"".$this->_htmlFilter('mail')."\" /></td>");
173        ptln("        <td><input type=\"text\" name=\"usergroups\" value=\"".$this->_htmlFilter('grps')."\" /></td>");
174        ptln("      </tr>");
175        ptln("    </thead>");
176
177        if ($this->_user_total) {
178          ptln("    <tbody>");
179          foreach ($user_list as $user => $userinfo) {
180            extract($userinfo);
181            $groups = join(', ',$grps);
182            ptln("    <tr valign=\"top\" align=\"left\">");
183            ptln("      <td class=\"centeralign\"><input type=\"checkbox\" name=\"delete[".$user."]\" ".$delete_disable." /></td>");
184//            ptln("      <td class=\"centeralign\"><input type=\"submit\" name=\"fn[edit][".$user."]\" ".$edit_disable." value=\"".$this->lang['edit']."\"/></td>");
185            ptln("      <td class=\"centeralign\"><input type=\"image\" name=\"fn[edit][".$user."]\" ".$edit_disable." src=\"".DOKU_PLUGIN_IMAGES."user_edit.png\" title=\"".$this->lang['edit_prompt']."\" alt=\"".$this->lang['edit']."\"/></td>");
186            ptln("      <td>".hsc($user)."</td><td>".hsc($name)."</td><td>".hsc($mail)."</td><td>".hsc($groups)."</td>");
187            ptln("    </tr>");
188          }
189          ptln("    </tbody>");
190        }
191
192        ptln("    <tbody>");
193        ptln("      <tr><td colspan=\"6\" style=\"text-align:center\">");
194        ptln("        <span style=\"float:left\">");
195        ptln("          <input type=\"submit\" name=\"fn[delete]\" ".$delete_disable." value=\"".$this->lang['delete_selected']."\"/>");
196        ptln("        </span>");
197        ptln("        <span style=\"float:right\">");
198        ptln("          <input type=\"submit\" name=\"fn[start]\" ".$page_buttons['start']." value=\"".$this->lang['start']."\" />");
199        ptln("          <input type=\"submit\" name=\"fn[prev]\" ".$page_buttons['prev']." value=\"".$this->lang['prev']."\" />");
200        ptln("          <input type=\"submit\" name=\"fn[next]\" ".$page_buttons['next']." value=\"".$this->lang['next']."\" />");
201        ptln("          <input type=\"submit\" name=\"fn[last]\" ".$page_buttons['last']." value=\"".$this->lang['last']."\" />");
202        ptln("        </span>");
203        ptln("        <input type=\"submit\" name=\"fn[search][clear]\" value=\"".$this->lang['clear']."\" />");
204        ptln("      </td></tr>");
205        ptln("    </tbody>");
206        ptln("  </table>");
207        ptln("  <input type=\"hidden\" name=\"do\"    value=\"admin\" />");
208        ptln("  <input type=\"hidden\" name=\"page\"  value=\"usermanager\" />");
209
210        $this->_htmlFilterSettings(2);
211
212        ptln("</form>");
213        ptln("</div>");
214
215        $style = $this->_edit_user ? " style=\"width: 46%; float: left;\"" : "";
216
217        if ($this->_auth->canDo('createUser')) {
218          ptln("<div".$style.">");
219          print $this->locale_xhtml('add');
220          ptln("  <div class=\"level2\">");
221
222          $this->_htmlUserForm('add',null,4);
223
224          ptln("  </div>");
225          ptln("</div>");
226        }
227
228        if($this->_edit_user  && $this->_auth->canDo('modifyUser')){
229          ptln("<div".$style.">");
230          print $this->locale_xhtml('edit');
231          ptln("  <div class=\"level2\">");
232
233          $this->_htmlUserForm('modify',$this->_edit_user,4);
234
235          ptln("  </div>");
236          ptln("</div>");
237        }
238    }
239
240    function _htmlUserForm($cmd,$user=null,$indent=0) {
241
242        if ($user) {
243          extract($this->_auth->getUserData($user));
244          $groups = join(',',$grps);
245        } else {
246          $user = $name = $mail = $groups = '';
247        }
248
249        ptln("<form action=\"".wl($ID)."\" method=\"post\">",$indent);
250        ptln("  <table class=\"inline\">",$indent);
251        ptln("    <thead>",$indent);
252        ptln("      <tr><th>".$this->lang["field"]."</th><th>".$this->lang["value"]."</th></tr>",$indent);
253        ptln("    </thead>",$indent);
254        ptln("    <tbody>",$indent);
255        ptln("      <tr><td><label for=\"".$cmd."_userid\" >".$this->lang["user_id"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_userid\" name=\"userid\" value=\"".$user."\" /></td></tr>",$indent);
256        ptln("      <tr><td><label for=\"".$cmd."_userpass\" >".$this->lang["user_pass"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_userpass\" name=\"userpass\" value=\"\" /></td></tr>",$indent);
257        ptln("      <tr><td><label for=\"".$cmd."_username\" >".$this->lang["user_name"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_username\" name=\"username\" value=\"".$name."\" /></td></tr>",$indent);
258        ptln("      <tr><td><label for=\"".$cmd."_usermail\" >".$this->lang["user_mail"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_usermail\" name=\"usermail\" value=\"".$mail."\" /></td></tr>",$indent);
259        ptln("      <tr><td><label for=\"".$cmd."_usergroups\" >".$this->lang["user_groups"]." : </label></td><td><input type=\"text\" id=\"".$cmd."_usergroups\" name=\"usergroups\" value=\"".$groups."\" /></td></tr>",$indent);
260        ptln("    </tbody>",$indent);
261        ptln("    <tbody>",$indent);
262        ptln("      <tr>",$indent);
263        ptln("        <td colspan=\"2\">",$indent);
264        ptln("          <input type=\"hidden\" name=\"do\"    value=\"admin\" />",$indent);
265        ptln("          <input type=\"hidden\" name=\"page\"  value=\"usermanager\" />",$indent);
266
267        // save current $user, we need this to access details if the name is changed
268        if ($user)
269          ptln("          <input type=\"hidden\" name=\"userid_old\"  value=\"".$user."\" />",$indent);
270
271        $this->_htmlFilterSettings($indent+10);
272
273        ptln("          <input type=\"submit\" name=\"fn[".$cmd."]\" value=\"".$this->lang[$cmd]."\" />",$indent);
274        ptln("        </td>",$indent);
275        ptln("      </tr>",$indent);
276        ptln("    </tbody>",$indent);
277        ptln("  </table>",$indent);
278        ptln("</form>",$indent);
279    }
280
281    function _htmlFilter($key) {
282        if (empty($this->_filter)) return '';
283        return (isset($this->_filter[$key]) ? hsc($this->_filter[$key]) : '');
284    }
285
286    function _htmlFilterSettings($indent=0) {
287
288        ptln("<input type=\"hidden\" name=\"start\" value=\"".$this->_start."\" />",$indent);
289
290        foreach ($this->_filter as $key => $filter) {
291          ptln("<input type=\"hidden\" name=\"filter[".$key."]\" value=\"".hsc($filter)."\" />",$indent);
292        }
293    }
294
295    function _addUser(){
296
297        if (!$this->_auth->canDo('createUser')) return false;
298
299        list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser();
300        if (empty($user)) return false;
301
302        return $this->_auth->createUser($user,$pass,$name,$mail,$grps);
303    }
304
305    /**
306     * Delete user
307     */
308    function _deleteUser(){
309
310        if (!$this->_auth->canDo('deleteUsers')) return false;
311
312        $selected = $_REQUEST['delete'];
313        if (!is_array($selected) || empty($selected)) return false;
314        $selected = array_keys($selected);
315
316        $count = $this->_auth->deleteUsers($selected);
317        if ($count == count($selected)) {
318          $text = str_replace('%d', $count, $this->lang['delete_ok']);
319          msg("$text.", 1);
320        } else {
321          $part1 = str_replace('%d', $count, $this->lang['delete_ok']);
322          $part2 = str_replace('%d', (count($selected)-$count), $this->lang['delete_fail']);
323          msg("$part1, $part2",-1);
324        }
325    }
326
327    /**
328     * Modify user
329     */
330    function _modifyUser(){
331        if (!$this->_auth->canDo('modifyUser')) return false;
332
333        list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser();
334        if (empty($user)) return false;
335
336        $changes = array();
337        $user_old = cleanID(preg_replace('/.*:/','',$_REQUEST['userid_old']));
338        if ($user != $user_old) {
339          // check $user doesn't already exist
340          if ($this->_auth->getUserData($user)) {
341            msg(sprintf($this->lang['update_exists'],$user),-1);
342            $this->_edit_user = $user = $user_old;
343          } else {
344            $changes['user'] = $user;
345            $user = $user_old;
346          }
347        }
348
349        if (!empty($pass)) $changes['pass'] = $pass;
350        if (!empty($name)) $changes['name'] = $name;
351        if (!empty($mail)) $changes['mail'] = $mail;
352        if (!empty($grps)) $changes['grps'] = $grps;
353
354        if ($this->_auth->modifyUser($user, $changes)) {
355          msg($this->lang['update_ok'],1);
356        } else {
357          msg($this->lang['update_fail'],-1);
358        }
359    }
360
361    /*
362     * retrieve & clean user data from the form
363     * return an array(user, password, full name, email, array(groups))
364     */
365    function _retrieveUser($clean=true) {
366
367        $user[0] = ($clean) ? cleanID(preg_replace('/.*:/','',$_REQUEST['userid'])) : $_REQUEST['userid'];
368        $user[1] = $_REQUEST['userpass'];
369        $user[2] = $_REQUEST['username'];
370        $user[3] = $_REQUEST['usermail'];
371        $user[4] = preg_split('/\s*,\s*/',$_REQUEST['usergroups'],-1,PREG_SPLIT_NO_EMPTY);
372
373        if (is_array($user[4]) && (count($user[4]) == 1) && (trim($user[4][0]) == '')) {
374            $user[4] = null;
375        }
376
377        return $user;
378    }
379
380    function _setFilter($op) {
381
382        $this->_filter = array();
383
384        if ($op == 'new') {
385          list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser(false);
386
387          if (!empty($user)) $this->_filter['user'] = $user;
388          if (!empty($name)) $this->_filter['name'] = $name;
389          if (!empty($mail)) $this->_filter['mail'] = $mail;
390          if (!empty($grps)) $this->_filter['grps'] = join('|',$grps);
391        }
392    }
393
394    function _retrieveFilter() {
395
396        $t_filter = $_REQUEST['filter'];
397        if (!is_array($t_filter)) return array();
398
399        // messy, but this way we ensure we aren't getting any additional crap from malicious users
400        $filter = array();
401
402        if (isset($t_filter['user'])) $filter['user'] = $t_filter['user'];
403        if (isset($t_filter['name'])) $filter['name'] = $t_filter['name'];
404        if (isset($t_filter['mail'])) $filter['mail'] = $t_filter['mail'];
405        if (isset($t_filter['grps'])) $filter['grps'] = $t_filter['grps'];
406
407        return $filter;
408    }
409
410    function _validatePagination() {
411
412        if ($this->_start >= $this->_user_total) {
413          $this->_start = $this->_user_total - $this->_pagesize;
414        }
415        if ($this->_start < 0) $this->_start = 0;
416
417        $this->_last = min($this->_user_total, $this->_start + $this->_pagesize);
418    }
419
420    /*
421     *  return an array of strings to enable/disable pagination buttons
422     */
423    function _pagination() {
424
425        $disabled = 'disabled="disabled"';
426
427        $buttons['start'] = $buttons['prev'] = ($this->_start == 0) ? $disabled : '';
428
429        if ($this->_user_total == -1) {
430          $buttons['last'] = $disabled;
431          $buttons['next'] = '';
432        } else {
433          $buttons['last'] = $buttons['next'] = (($this->_start + $this->_pagesize) >= $this->_user_total) ? $disabled : '';
434        }
435
436        return $buttons;
437    }
438}
439