Manage users/mods
This commit is contained in:
parent
ee43a11130
commit
2fa86beaf5
@ -123,6 +123,7 @@
|
||||
$config['error']['noaccess'] = 'You don\'t have permission to do that.';
|
||||
$config['error']['invalidpost'] = 'That post doesn\'t exist…';
|
||||
$config['error']['404'] = 'Page not found.';
|
||||
$config['error']['modexists'] = 'That mod <a href="?/users/%d">already exists</a>!';
|
||||
|
||||
// How many reports you can create in the same request.
|
||||
$config['report_limit'] = 2;
|
||||
@ -299,6 +300,16 @@
|
||||
$config['mod']['manageboards'] = ADMIN;
|
||||
// Delete a board
|
||||
$config['mod']['deleteboard'] = ADMIN;
|
||||
// List/manage users
|
||||
$config['mod']['manageusers'] = MOD;
|
||||
// Promote/demote users
|
||||
$config['mod']['promoteusers'] = ADMIN;
|
||||
// Edit any users' login information
|
||||
$config['mod']['editusers'] = ADMIN;
|
||||
// Delete a user
|
||||
$config['mod']['deleteusers'] = ADMIN;
|
||||
// Create a user
|
||||
$config['mod']['createusers'] = ADMIN;
|
||||
|
||||
// Mod links (full HTML)
|
||||
// Correspond to above permission directives
|
||||
|
@ -865,7 +865,7 @@
|
||||
$body = utf8tohtml($body, true);
|
||||
|
||||
if($config['wiki_markup']) {
|
||||
$body = preg_replace("/(^|\n)==(.+?)==\n?/m", "<h2>$2</h2>", $body);
|
||||
$body = preg_replace("/(^|\n)==(.+?)==\n?/m", "<span class=\"heading\">$2</span>", $body);
|
||||
$body = preg_replace("/'''(.+?)'''/m", "<strong>$1</strong>", $body);
|
||||
$body = preg_replace("/''(.+?)''/m", "<em>$1</em>", $body);
|
||||
$body = preg_replace("/\*\*(.+?)\*\*/m", "<span class=\"spoiler\">$1</span>", $body);
|
||||
|
208
mod.php
208
mod.php
@ -90,6 +90,9 @@
|
||||
if($mod['type'] >= $config['mod']['view_banlist']) {
|
||||
$fieldset['Administration'] .= '<li><a href="?/bans">Ban list</a></li>';
|
||||
}
|
||||
if($mod['type'] >= $config['mod']['manageusers']) {
|
||||
$fieldset['Administration'] .= '<li><a href="?/users">Manage users</a></li>';
|
||||
}
|
||||
if($mod['type'] >= $config['mod']['show_config']) {
|
||||
$fieldset['Administration'] .= '<li><a href="?/config">Show configuration</a></li>';
|
||||
}
|
||||
@ -109,7 +112,212 @@
|
||||
//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/users$/', $query)) {
|
||||
$body = '<form action="" method="post"><table><tr><th>ID</th><th>Username</th><th>Type</th><th>Last action</th><th>…</th></tr>';
|
||||
|
||||
$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
|
||||
while($_mod = $query->fetch()) {
|
||||
$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
|
||||
$body .= '<tr>' .
|
||||
'<td>' .
|
||||
$_mod['id'] .
|
||||
'</td>' .
|
||||
|
||||
'<td>' .
|
||||
$_mod['username'] .
|
||||
'</td>' .
|
||||
|
||||
'<td>' .
|
||||
$type .
|
||||
'</td>' .
|
||||
|
||||
'<td>' .
|
||||
($_mod['last'] ?
|
||||
'<span title="' . htmlentities($_mod['action']) . '">' . ago($_mod['last']) . '</span>'
|
||||
: '<em>never</em>') .
|
||||
'</td>' .
|
||||
|
||||
'<td style="white-space:nowrap">' .
|
||||
($mod['type'] >= $config['mod']['promoteusers'] ?
|
||||
($_mod['type'] != ADMIN ?
|
||||
'<a style="text-decoration:none" href="?/users/' . $_mod['id'] . '/promote" title="Promote">▲</a>'
|
||||
:'') .
|
||||
($_mod['type'] != JANITOR ?
|
||||
'<a style="text-decoration:none" href="?/users/' . $_mod['id'] . '/demote" title="Demote">▼</a>'
|
||||
:'')
|
||||
: ''
|
||||
) .
|
||||
($mod['type'] >= $config['mod']['editusers'] ?
|
||||
'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
|
||||
: ''
|
||||
) .
|
||||
'</td></tr>';
|
||||
}
|
||||
|
||||
$body .= '</table>';
|
||||
|
||||
if($mod['type'] >= $config['mod']['createusers']) {
|
||||
$body .= '<p style="text-align:center"><a href="?/users/new">Create new user</a></p>';
|
||||
}
|
||||
|
||||
$body .= '</form>';
|
||||
|
||||
echo Element('page.html', Array(
|
||||
'index'=>$config['root'],
|
||||
'title'=>'Manage users',
|
||||
'body'=>$body
|
||||
,'mod'=>true
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/users\/new$/', $query)) {
|
||||
if($mod['type'] < $config['mod']['createusers']) error($config['error']['noaccess']);
|
||||
|
||||
if(isset($_POST['username']) && isset($_POST['password'])) {
|
||||
if(!isset($_POST['type'])) {
|
||||
error(sprintf($config['error']['required'], 'type'));
|
||||
}
|
||||
|
||||
if($_POST['type'] != ADMIN && $_POST['type'] != MOD && $_POST['type'] != JANITOR) {
|
||||
error(sprintf($config['error']['invalidfield'], 'type'));
|
||||
}
|
||||
|
||||
// Check if already exists
|
||||
$query = prepare("SELECT `id` FROM `mods` WHERE `username` = :username");
|
||||
$query->bindValue(':username', $_POST['username']);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($_mod = $query->fetch()) {
|
||||
error(sprintf($config['error']['modexists'], $_mod['id']));
|
||||
}
|
||||
|
||||
$query = prepare("INSERT INTO `mods` VALUES (NULL, :username, :password, :type)");
|
||||
$query->bindValue(':username', $_POST['username']);
|
||||
$query->bindValue(':password', sha1($_POST['password']));
|
||||
$query->bindValue(':type', $_POST['type'], PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
}
|
||||
|
||||
$body = '<fieldset><legend>New user</legend>' .
|
||||
|
||||
// Begin form
|
||||
'<form style="text-align:center" action="" method="post">' .
|
||||
|
||||
'<table>' .
|
||||
|
||||
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="" autocomplete="off" /></td></tr>' .
|
||||
'<tr><th>Password</th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
|
||||
'<tr><th>Type</th><td>' .
|
||||
'<div><label for="janitor">Janitor</label> <input type="radio" id="janitor" name="type" value="' . JANITOR . '" /></div>' .
|
||||
'<div><label for="mod">Mod</label> <input type="radio" id="mod" name="type" value="' . MOD . '" /></div>' .
|
||||
'<div><label for="admin">Admin</label> <input type="radio" id="admin" name="type" value="' . ADMIN . '" /></div>' .
|
||||
'</td></tr>' .
|
||||
'</table>' .
|
||||
|
||||
'<input style="margin-top:10px" type="submit" value="Create user" />' .
|
||||
|
||||
// End form
|
||||
'</form></fieldset>';
|
||||
|
||||
echo Element('page.html', Array(
|
||||
'index'=>$config['root'],
|
||||
'title'=>'New user',
|
||||
'body'=>$body
|
||||
,'mod'=>true
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/users\/(\d+)(\/(promote|demote|delete))?$/', $query, $matches)) {
|
||||
$modID = $matches[1];
|
||||
|
||||
if(isset($matches[2])) {
|
||||
if($matches[3] == 'delete') {
|
||||
if($mod['type'] < $config['mod']['deleteusers']) error($config['error']['noaccess']);
|
||||
|
||||
$query = prepare("DELETE FROM `mods` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $modID, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
} else {
|
||||
// Promote/demote
|
||||
if($mod['type'] < $config['mod']['promoteusers']) error($config['error']['noaccess']);
|
||||
|
||||
if($matches[3] == 'promote') {
|
||||
$query = prepare("UPDATE `mods` SET `type` = `type` + 1 WHERE `type` != :admin AND `id` = :id");
|
||||
$query->bindValue(':admin', ADMIN, PDO::PARAM_INT);
|
||||
} else {
|
||||
$query = prepare("UPDATE `mods` SET `type` = `type` - 1 WHERE `type` != :janitor AND `id` = :id");
|
||||
$query->bindValue(':janitor', JANITOR, PDO::PARAM_INT);
|
||||
}
|
||||
|
||||
$query->bindValue(':id', $modID, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
}
|
||||
header('Location: ?/users', true, $config['redirect_http']);
|
||||
} else {
|
||||
// Edit user
|
||||
if($mod['type'] < $config['mod']['editusers']) error($config['error']['noaccess']);
|
||||
|
||||
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $modID, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if(!$_mod = $query->fetch()) {
|
||||
error($config['error']['404']);
|
||||
}
|
||||
|
||||
if(isset($_POST['username']) && isset($_POST['password'])) {
|
||||
$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
|
||||
$query->bindValue(':username', $_POST['username']);
|
||||
$query->bindValue(':id', $modID, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if(!empty($_POST['password'])) {
|
||||
$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
|
||||
$query->bindValue(':password', sha1($_POST['password']));
|
||||
$query->bindValue(':id', $modID, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
}
|
||||
|
||||
// Refresh
|
||||
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $modID, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
$_mod = $query->fetch();
|
||||
}
|
||||
|
||||
$body = '<fieldset><legend>Edit user</legend>' .
|
||||
|
||||
// Begin form
|
||||
'<form style="text-align:center" action="" method="post">' .
|
||||
|
||||
'<table>' .
|
||||
|
||||
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" /></td></tr>' .
|
||||
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
|
||||
'</table>' .
|
||||
|
||||
'<input type="submit" value="Save changes" />' .
|
||||
|
||||
// End form
|
||||
'</form> ' .
|
||||
|
||||
// Delete button
|
||||
($mod['type'] >= $config['mod']['deleteusers'] ?
|
||||
'<p style="text-align:center"><a href="?/users/' . $_mod['id'] . '/delete">Delete user</a></p>'
|
||||
:'') .
|
||||
|
||||
'</fieldset>';
|
||||
|
||||
echo Element('page.html', Array(
|
||||
'index'=>$config['root'],
|
||||
'title'=>'Edit user',
|
||||
'body'=>$body
|
||||
,'mod'=>true
|
||||
)
|
||||
);
|
||||
}
|
||||
} elseif(preg_match('/^\/reports$/', $query)) {
|
||||
if($mod['type'] < $config['mod']['reports']) error($config['error']['noaccess']);
|
||||
|
||||
$body = '';
|
||||
$reports = 0;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user