Manage users/mods

This commit is contained in:
Savetheinternet 2011-03-02 17:15:37 +11:00
parent ee43a11130
commit 2fa86beaf5
4 changed files with 226 additions and 1 deletions

View File

@ -123,6 +123,7 @@
$config['error']['noaccess'] = 'You don\'t have permission to do that.';
$config['error']['invalidpost'] = 'That post doesn\'t exist…';
$config['error']['404'] = 'Page not found.';
$config['error']['modexists'] = 'That mod <a href="?/users/%d">already exists</a>!';
// How many reports you can create in the same request.
$config['report_limit'] = 2;
@ -299,6 +300,16 @@
$config['mod']['manageboards'] = ADMIN;
// Delete a board
$config['mod']['deleteboard'] = ADMIN;
// List/manage users
$config['mod']['manageusers'] = MOD;
// Promote/demote users
$config['mod']['promoteusers'] = ADMIN;
// Edit any users' login information
$config['mod']['editusers'] = ADMIN;
// Delete a user
$config['mod']['deleteusers'] = ADMIN;
// Create a user
$config['mod']['createusers'] = ADMIN;
// Mod links (full HTML)
// Correspond to above permission directives

View File

@ -865,7 +865,7 @@
$body = utf8tohtml($body, true);
if($config['wiki_markup']) {
$body = preg_replace("/(^|\n)==(.+?)==\n?/m", "<h2>$2</h2>", $body);
$body = preg_replace("/(^|\n)==(.+?)==\n?/m", "<span class=\"heading\">$2</span>", $body);
$body = preg_replace("/'''(.+?)'''/m", "<strong>$1</strong>", $body);
$body = preg_replace("/''(.+?)''/m", "<em>$1</em>", $body);
$body = preg_replace("/\*\*(.+?)\*\*/m", "<span class=\"spoiler\">$1</span>", $body);

208
mod.php
View File

@ -90,6 +90,9 @@
if($mod['type'] >= $config['mod']['view_banlist']) {
$fieldset['Administration'] .= '<li><a href="?/bans">Ban list</a></li>';
}
if($mod['type'] >= $config['mod']['manageusers']) {
$fieldset['Administration'] .= '<li><a href="?/users">Manage users</a></li>';
}
if($mod['type'] >= $config['mod']['show_config']) {
$fieldset['Administration'] .= '<li><a href="?/config">Show configuration</a></li>';
}
@ -109,7 +112,212 @@
//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */
)
);
} elseif(preg_match('/^\/users$/', $query)) {
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Last action</th><th>…</th></tr>';
$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
while($_mod = $query->fetch()) {
$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
$body .= '<tr>' .
'<td>' .
$_mod['id'] .
'</td>' .
'<td>' .
$_mod['username'] .
'</td>' .
'<td>' .
$type .
'</td>' .
'<td>' .
($_mod['last'] ?
'<span title="' . htmlentities($_mod['action']) . '">' . ago($_mod['last']) . '</span>'
: '<em>never</em>') .
'</td>' .
'<td style="white-space:nowrap">' .
($mod['type'] >= $config['mod']['promoteusers'] ?
($_mod['type'] != ADMIN ?
'<a style="text-decoration:none" href="?/users/' . $_mod['id'] . '/promote" title="Promote">▲</a>'
:'') .
($_mod['type'] != JANITOR ?
'<a style="text-decoration:none" href="?/users/' . $_mod['id'] . '/demote" title="Demote">▼</a>'
:'')
: ''
) .
($mod['type'] >= $config['mod']['editusers'] ?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
: ''
) .
'</td></tr>';
}
$body .= '</table>';
if($mod['type'] >= $config['mod']['createusers']) {
$body .= '<p style="text-align:center"><a href="?/users/new">Create new user</a></p>';
}
$body .= '</form>';
echo Element('page.html', Array(
'index'=>$config['root'],
'title'=>'Manage users',
'body'=>$body
,'mod'=>true
)
);
} elseif(preg_match('/^\/users\/new$/', $query)) {
if($mod['type'] < $config['mod']['createusers']) error($config['error']['noaccess']);
if(isset($_POST['username']) && isset($_POST['password'])) {
if(!isset($_POST['type'])) {
error(sprintf($config['error']['required'], 'type'));
}
if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) {
error(sprintf($config['error']['invalidfield'], 'type'));
}
// Check if already exists
$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
$query->bindValue(':username', $_POST['username']);
$query->execute() or error(db_error($query));
if($_mod = $query->fetch()) {
error(sprintf($config['error']['modexists'], $_mod['id']));
}
$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type)");
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':password', sha1($_POST['password']));
$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
$body = '<fieldset><legend>New user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'<tr><th>Type</th><td>' .
'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
'</td></tr>' .
'</table>' .
'<input style="margin-top:10px" type="submit" value="Create user" />' .
// End form
'</form></fieldset>';
echo Element('page.html', Array(
'index'=>$config['root'],
'title'=>'New user',
'body'=>$body
,'mod'=>true
)
);
} elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) {
$modID = $matches[1];
if(isset($matches[2])) {
if($matches[3] == 'delete') {
if($mod['type'] < $config['mod']['deleteusers']) error($config['error']['noaccess']);
$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
} else {
// Promote/demote
if($mod['type'] < $config['mod']['promoteusers']) error($config['error']['noaccess']);
if($matches[3] == 'promote') {
$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
$query->bindValue(':admin', ADMIN, PDO::PARAM_INT);
} else {
$query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id");
$query->bindValue(':janitor', JANITOR, PDO::PARAM_INT);
}
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
header('Location: ?/users', true, $config['redirect_http']);
} else {
// Edit user
if($mod['type'] < $config['mod']['editusers']) error($config['error']['noaccess']);
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$_mod = $query->fetch()) {
error($config['error']['404']);
}
if(isset($_POST['username']) && isset($_POST['password'])) {
$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!empty($_POST['password'])) {
$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
$query->bindValue(':password', sha1($_POST['password']));
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
// Refresh
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
$_mod = $query->fetch();
}
$body = '<fieldset><legend>Edit user</legend>' .
// Begin form
'<form style="text-align:center" action="" method="post">' .
'<table>' .
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" /></td></tr>' .
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'</table>' .
'<input type="submit" value="Save changes" />' .
// End form
'</form> ' .
// Delete button
($mod['type'] >= $config['mod']['deleteusers'] ?
'<p style="text-align:center"><a href="?/users/' . $_mod['id'] . '/delete">Delete user</a></p>'
:'') .
'</fieldset>';
echo Element('page.html', Array(
'index'=>$config['root'],
'title'=>'Edit user',
'body'=>$body
,'mod'=>true
)
);
}
} elseif(preg_match('/^\/reports$/', $query)) {
if($mod['type'] < $config['mod']['reports']) error($config['error']['noaccess']);
$body = '';
$reports = 0;

View File

@ -251,6 +251,12 @@ div.ban p {
div.ban p.reason {
font-weight: bold;
}
span.heading {
color: #AF0A0F;
font-size: 11pt;
font-weight: bold;
display: block;
}
span.spoiler {
background: black;
color: black;