diff options
| -rw-r--r-- | admin/system.php | 2 | ||||
| -rw-r--r-- | admin/users.php | 125 | ||||
| -rw-r--r-- | albums.php | 2 | ||||
| -rw-r--r-- | config/ampache.cfg.php.dist | 15 | ||||
| -rwxr-xr-x | docs/CHANGELOG | 9 | ||||
| -rw-r--r-- | images/icon_add_user.png | bin | 0 -> 746 bytes | |||
| -rw-r--r-- | images/icon_delete.png | bin | 476 -> 363 bytes | |||
| -rw-r--r-- | index.php | 3 | ||||
| -rw-r--r-- | lib/class/song.class.php | 4 | ||||
| -rw-r--r-- | lib/class/update.class.php | 251 | ||||
| -rw-r--r-- | lib/class/user.class.php | 211 | ||||
| -rw-r--r-- | lib/general.lib.php | 2 | ||||
| -rw-r--r-- | lib/init.php | 42 | ||||
| -rw-r--r-- | lib/ui.lib.php | 54 | ||||
| -rw-r--r-- | login.php | 6 | ||||
| -rw-r--r-- | templates/show_add_user.inc.php | 87 | ||||
| -rw-r--r-- | templates/show_confirmation.inc.php | 2 | ||||
| -rw-r--r-- | templates/show_edit_user.inc.php | 66 | ||||
| -rw-r--r-- | templates/show_users.inc.php (renamed from templates/show_users.inc) | 57 | ||||
| -rw-r--r-- | update.php | 2 |
20 files changed, 657 insertions, 283 deletions
diff --git a/admin/system.php b/admin/system.php index c9dad4f5..4bfdcbe5 100644 --- a/admin/system.php +++ b/admin/system.php @@ -75,7 +75,7 @@ switch ($action) { } // is array /* Put in the current value */ - elseif (isset($current[$key])) { + elseif (isset($current[$key]) AND $key != 'config_version') { $line = $key . " = \"" . $current[$key] . "\""; unset($current[$key]); } // if set diff --git a/admin/users.php b/admin/users.php index 4aa8aff8..268aa075 100644 --- a/admin/users.php +++ b/admin/users.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2006 Ampache.org + Copyright (c) 2001 - 2007 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -28,37 +28,32 @@ if (!$GLOBALS['user']->has_access(100)) { } -$action = scrub_in($_REQUEST['action']); - +$action = scrub_in($_REQUEST['action']); +$user_id = scrub_in($_REQUEST['user_id']); show_template('header'); -$user_id = scrub_in($_REQUEST['user']); -$temp_user = new User($user_id); - +// Switch on the actions switch ($action) { case 'edit': if (conf('demo_mode')) { break; } - $username = $temp_user->username; - $fullname = $temp_user->fullname; - $email = $temp_user->email; - $access = $temp_user->access; - $id = $temp_user->id; + $working_user = new User($user_id); require_once(conf('prefix') . '/templates/show_edit_user.inc.php'); break; case 'update_user': if (conf('demo_mode')) { break; } /* Clean up the variables */ - $username = scrub_in($_REQUEST['new_username']); - $fullname = scrub_in($_REQUEST['new_fullname']); - $email = scrub_in($_REQUEST['new_email']); - $access = scrub_in($_REQUEST['user_access']); - $pass1 = scrub_in($_REQUEST['new_password_1']); - $pass2 = scrub_in($_REQUEST['new_password_2']); + $user_id = scrub_in($_REQUEST['user_id']); + $username = scrub_in($_REQUEST['username']); + $fullname = scrub_in($_REQUEST['fullname']); + $email = scrub_in($_REQUEST['email']); + $access = scrub_in($_REQUEST['access']); + $pass1 = scrub_in($_REQUEST['password_1']); + $pass2 = scrub_in($_REQUEST['password_2']); /* Setup the temp user */ - $thisuser = new User($username); + $working_user = new User($user_id); /* Verify Input */ if (empty($username)) { @@ -70,40 +65,36 @@ switch ($action) { /* If we've got an error then break! */ if ($GLOBALS['error']->error_state) { - $username = $thisuser->username; - $fullname = $thisuser->fullname; - $email = $thisuser->email; - $access = $thisuser->access; - $type = 'edit_user'; require_once(conf('prefix') . '/templates/show_edit_user.inc.php'); break; } // if we've had an oops! - if ($access != $thisuser->access) { - $thisuser->update_access($access); + if ($access != $working_user->access) { + $working_user->update_access($access); } - if ($email != $thisuser->email) { - $thisuser->update_email($email); + if ($email != $working_user->email) { + $working_user->update_email($email); } - if ($username != $thisuser->username) { - $thisuser->update_username($username); + if ($username != $working_user->username) { + $working_user->update_username($username); } - if ($fullname != $user->fullname) { - $thisuser->update_fullname($fullname); + if ($fullname != $working_user->fullname) { + $working_user->update_fullname($fullname); } if ($pass1 == $pass2 && strlen($pass1)) { - $thisuser->update_password($pass1); + $working_user->update_password($pass1); } - show_confirmation("User Updated", $thisuser->username . "'s information has been updated","admin/users.php"); + + show_confirmation(_('User Updated'), $working_user->fullname . "(" . $working_user->username . ")" . _('updated'),'admin/users.php'); break; case 'add_user': if (conf('demo_mode')) { break; } - $username = scrub_in($_REQUEST['new_username']); - $fullname = scrub_in($_REQUEST['new_fullname']); - $email = scrub_in($_REQUEST['new_email']); - $access = scrub_in($_REQUEST['user_access']); - $pass1 = scrub_in($_REQUEST['new_password_1']); - $pass2 = scrub_in($_REQUEST['new_password_2']); + $username = scrub_in($_REQUEST['username']); + $fullname = scrub_in($_REQUEST['fullname']); + $email = scrub_in($_REQUEST['email']); + $access = scrub_in($_REQUEST['access']); + $pass1 = scrub_in($_REQUEST['password_1']); + $pass2 = scrub_in($_REQUEST['password_2']); if (($pass1 !== $pass2)) { $GLOBALS['error']->add_error('password',_("Error Passwords don't match")); } @@ -139,18 +130,19 @@ switch ($action) { break; case 'delete': if (conf('demo_mode')) { break; } + $working_user = new User($user_id); show_confirmation(_('Deletion Request'), - _("Are you sure you want to permanently delete") . " $temp_user->fullname ($temp_user->username) ?", - "admin/users.php?action=confirm_delete&user=$temp_user->id"); + _('Are you sure you want to permanently delete') . " $working_user->fullname ($working_user->username)?", + "admin/users.php?action=confirm_delete&user_id=$user_id",1); break; case 'confirm_delete': if (conf('demo_mode')) { break; } - if ($_REQUEST['confirm'] == _("No")) { show_manage_users(); break; } - if ($temp_user->delete()) { - show_confirmation(_("User Deleted"), "$temp_user->username has been Deleted","admin/users.php"); + $working_user = new User($_REQUEST['user_id']); + if ($working_user->delete()) { + show_confirmation(_('User Deleted'), "$working_user->username has been Deleted","admin/users.php"); } else { - show_confirmation(_("Delete Error"), _("Unable to delete last Admin User"),"admin/users.php"); + show_confirmation(_('Delete Error'), _("Unable to delete last Admin User"),"admin/users.php"); } break; /* Show IP History for the Specified User */ @@ -166,23 +158,42 @@ switch ($action) { break; case 'show_add_user': if (conf('demo_mode')) { break; } - $type = 'new_user'; - require_once(conf('prefix') . '/templates/show_edit_user.inc.php'); + require_once(conf('prefix') . '/templates/show_add_user.inc.php'); break; - case 'update': - case 'disabled': - if (conf('demo_mode')) { break; } - $level = scrub_in($_REQUEST['level']); - $thisuser = new User($_REQUEST['user']); - if ($GLOBALS['user']->has_access(100)) { - $thisuser->update_access($level); + case 'enable': + $working_user = new User($user_id); + $working_user->enable(); + show_confirmation(_('User Enabled'),'','admin/users.php'); + break; + case 'disable': + $working_user = new User($user_id); + if ($working_user->disable()) { + show_confirmation(_('User Disabled'),'','admin/users.php'); + } + else { + show_confirmation(_('Error'),_('Unable to Disabled last Administrator'),'admin/users.php'); } - show_manage_users(); break; default: - show_manage_users(); + // Setup the View Object + $view = new View(); + $view->import_session_view(); + + // If we are returning + if ($_REQUEST['keep_view']) { + $view->initialize(); + } + else { + $sql = "SELECT `id` FROM `user`"; + $db_results = mysql_query($sql,dbh()); + $total_items = mysql_num_rows($db_results); + $view = new View($sql,'admin/users.php','fullname',$total_items,$_SESSION['userdata']['offset_limit']); + } + + $users = get_users($view->sql); + require_once(conf('prefix') . '/templates/show_users.inc.php'); break; -} +} // end switch on action /* Show the footer */ show_footer(); @@ -31,7 +31,7 @@ if(isset($_REQUEST['match'])) $match = scrub_in($_REQUEST['match']); if(isset($_REQUEST['album'])) $album = scrub_in($_REQUEST['album']); if(isset($_REQUEST['artist'])) $artist = scrub_in($_REQUEST['artist']); $_REQUEST['artist_id'] = scrub_in($_REQUEST['artist_id']); -$min_album_size = conf('min_album_size'); +$min_album_size = conf('min_object_count'); if ($min_album_size == '') { $min_album_size = '0'; } diff --git a/config/ampache.cfg.php.dist b/config/ampache.cfg.php.dist index 5fb88847..7d5b07a2 100644 --- a/config/ampache.cfg.php.dist +++ b/config/ampache.cfg.php.dist @@ -7,7 +7,7 @@ # if this config file is up to date # this is compared against a value hardcoded # into the init script -config_version = 1 +config_version = 2 #################### # Path Vars # @@ -82,6 +82,13 @@ auth_methods = "mysql" # Program Settings # ###################### +# File Pattern +# This defines which file types Ampache will attempt to catalog +# You can specify any file extension you want in here seperating them +# with a | +# DEFAULT: mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv +catalog_file_pattern = "mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv" + # Use Access List # Toggle this on if you want ampache to pay attention to the access list # and only allow streaming/downloading/xml-rpc from known hosts by default @@ -143,13 +150,15 @@ require_session = "true" # ampache will default to the first tag format # that was found. # POSSIBLE VALUES: id3v1 id3v2 file vorbiscomment -# quicktime ape -# DEFAULT: id3v2,id3v1 +# quicktime ape asf +# DEFAULT: id3v2,id3v1 vorbiscomment quicktime ape +# asf tag_order = id3v2 tag_order = id3v1 tag_order = vorbiscomment tag_order = quicktime tag_order = ape +tag_order = asf #tag_order = file # Un comment if don't want ampache to follow symlinks diff --git a/docs/CHANGELOG b/docs/CHANGELOG index ee313a47..c0e9e2b6 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -3,6 +3,15 @@ -------------------------------------------------------------------------- -------------------------------------------------------------------------- + v.3.4-Alpha1 + - Fixed a problem where config re-gen wouldn't update the current + version + - Changed database to fix some user tracking issues + - Added date to user_vote to allow for sorting by vote date on + democratic play + - Added Label, Catalog # and Language to song extended data table + +-------------------------------------------------------------------------- v.3.3.3 01/26/2007 - Updated the SQL file for stable release - Fixed an issue with having db album art method always returning diff --git a/images/icon_add_user.png b/images/icon_add_user.png Binary files differnew file mode 100644 index 00000000..deae99bc --- /dev/null +++ b/images/icon_add_user.png diff --git a/images/icon_delete.png b/images/icon_delete.png Binary files differindex ebad933c..afe22ba9 100644 --- a/images/icon_delete.png +++ b/images/icon_delete.png @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2006 Ampache.org + Copyright (c) 2001 - 2007 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -24,7 +24,6 @@ @discussion Do most of the dirty work of displaying the mp3 catalog */ - require_once('lib/init.php'); show_template('header'); diff --git a/lib/class/song.class.php b/lib/class/song.class.php index 36785a36..64c99509 100644 --- a/lib/class/song.class.php +++ b/lib/class/song.class.php @@ -799,7 +799,7 @@ class Song { function get_url($session_id='',$force_http='') { /* Define Variables we are going to need */ - $username = scrub_out($GLOBALS['user']->username); + $user_id = scrub_out($GLOBALS['user']->id); $song_id = $this->id; if (conf('require_session')) { @@ -837,7 +837,7 @@ class Song { } } - $url = $web_path . "/play/index.php?song=$song_id&uid=$username$session_string$ds_string&name=/$song_name"; + $url = $web_path . "/play/index.php?song=$song_id&uid=$user_id$session_string$ds_string&name=/$song_name"; return $url; diff --git a/lib/class/update.class.php b/lib/class/update.class.php index bb357806..c2dd6c5f 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -347,6 +347,14 @@ class Update { $version[] = array('version' => '333004','description' => $update_string); + $update_string = '- Moved back to ID for user tracking internally.<br />' . + '- Added date to user_vote to allow sorting by vote time.<br />' . + '- Added Random Method and Object Count Preferences.<br />' . + '- Removed some unused tables/fields.<br />' . + '- Added Label, Catalog # and Language to Extended Song Data Table<br />'; + + $version[] = array('version' => '340001','description' => $update_string); + return $version; } // populate_version @@ -393,6 +401,9 @@ class Update { /* Nuke All Active session before we start the mojo */ $sql = "DELETE * FROM session"; $db_results = mysql_query($sql, dbh()); + + // Prevent the script from timing out, which could be bad + set_time_limit(0); /* Verify that there are no plugins installed //FIXME: provide a link to remove all plugins, otherwise this could turn into a catch 22 @@ -1284,7 +1295,7 @@ class Update { $user = new User(0); while ($results = mysql_fetch_array($db_results)) { - $user->fix_preferences($results[0]); + $user->username_fix_preferences($results[0]); } @@ -1658,7 +1669,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results /* Last but not least revert play types to downsample or stream */ @@ -1694,7 +1705,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results $this->set_version('db_version','332011'); @@ -1835,7 +1846,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results $this->set_version('db_version','332012'); @@ -1975,7 +1986,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results /* Store all current Stats */ @@ -2111,7 +2122,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results /* Drop the unused user_catalog table */ @@ -2143,7 +2154,7 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results $this->set_version('db_version','333003'); @@ -2174,12 +2185,236 @@ class Update { $user->fix_preferences('-1'); while ($r = mysql_fetch_assoc($db_results)) { - $user->fix_preferences($r['username']); + $user->username_fix_preferences($r['username']); } // while results $this->set_version('db_version','333004'); } // update_333004 + /** + * update_340001 + * This update moves back to the ID for user UID and + * adds date to the user_vote so that it can be sorted + * correctly + */ + function update_340001() { + + + // Build the User -> ID map using the username as the key + $sql = "SELECT `id`,`username` FROM `user`"; + $db_results = mysql_query($sql,dbh()); + + $user_array = array(); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['username']; + $user_array[$username] = sql_escape($r['id']); + } // end while + + // Alter the user table so that you can't have an ID beyond the + // range of the other tables which have to allow for -1 + $sql = "ALTER TABLE `user` CHANGE `id` `id` INT ( 11 ) NOT NULL AUTO_INCREMENT"; + $db_results = mysql_query($sql,dbh()); + + // Now pull the access list users, alter table and then re-insert + $sql = "SELETE DISTINCT(`user`) FROM `access_list`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + // Build the new SQL + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `access_list` SET `user`='$user_id' WERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while access_list + + // Alter the table + $sql = "ALTER TABLE `access_list` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now pull flagged users, update and alter + $sql = "SELECT DISTINCT(`user`) FROM `flagged`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `flagged` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `flagged` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + + // Now fix up the ip history + $sql = "SELECT DISTINCT(`user`) FROM `ip_history`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `ip_history` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `ip_history` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now fix now playing + $sql = "SELECT DISTINCT(`user`) FROM `now_playing`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `now_playing` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `now_playing` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now fix the playlist table + $sql = "SELECT DISTINCT(`user`) FROM `playlist`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `playlist` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `playlist` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Drop unused table + $sql = "DROP TABLE `playlist_permission`"; + $db_results = mysql_query($sql,dbh()); + + // Now fix the ratings table + $sql = "SELECT DISTINCT(`user`) FROM `ratings`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `ratings` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + $sql = "ALTER TABLE `ratings` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now work on the tag_map + $sql = "ALTER TABLE `tag_map` CHANGE `user_id` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now fix user preferences + $sql = "SELECT DISTINCT(`user`) FROM `user_preference`"; + $db_results = mysql_query($sql,dbh()); + + while ($r = mysql_fetch_assoc($db_results)) { + $username = $r['user']; + $user_id = $user_array[$username]; + $username = sql_escape($username); + + $sql = "UPDATE `user_preference` SET `user`='$user_id' WHERE `user`='$username'"; + $update_results = mysql_query($sql,dbh()); + + } // end while + + // Alter the table + $sql = "ALTER TABLE `user_preference` CHANGE `user` `user` INT ( 11 ) NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Add a date to the user_vote + $sql = "ALTER TABLE `user_vote` ADD `date` INT( 11 ) UNSIGNED NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Add the index for said field + $sql = "ALTER TABLE `user_vote` ADD INDEX(`date`)"; + $db_results = mysql_query($sql,dbh()); + + // Add the thumb fields to album + $sql = "ALTER TABLE `album` ADD `thumb` TINYBLOB NULL ,ADD `thumb_mime` VARCHAR( 128 ) NULL"; + $db_results = mysql_query($sql,dbh()); + + // Now add in the min_object_count preference and the random_method + $sql = "INSERT INTO `preferences` (`name`,`value`,`description`,`level`,`type`,`catagory`) " . + "VALUES('min_object_count','0','Min Element Count','5','integer','interface')"; + $db_results = mysql_query($sql,dbh()); + + $sql = "INSERT INTO `preferences` (`name`,`value`,`description`,`level`,`type`,`catagory`) " . + "VALUES('random_method','default','Random Method','5','string','interface')"; + $db_results = mysql_query($sql,dbh()); + + // Delete old preference + $sql = "DELETE FROM `preferences` WHERE `name`='min_album_size'"; + $db_results = mysql_query($sql,dbh()); + + // Make Hash a non-required field and smaller + $sql = "ALTER TABLE `song` CHANGE `hash` `hash` VARCHAR ( 64 ) NULL"; + $db_results = mysql_query($sql,dbh()); + + // Make user access an int, nothing else + $sql = "UPDATE `user` SET `access`='100' WHERE `access`='admin'"; + $db_results = mysql_query($sql,dbh()); + + $sql = "UPDATE `user` SET `access`='25' WHERE `access`='user'"; + $db_results = mysql_query($sql,dbh()); + + $sql = "UPDATE `user` SET `access`='5' WHERE `access`='guest'"; + $db_results = mysql_query($sql,dbh()); + + // Alter the table + $sql = "ALTER TABLE `user` CHANGE `access` `access` TINYINT ( 4 ) UNSIGNED NOT NULL"; + $db_results = mysql_query($sql,dbh()); + + // Add in Label and Catalog # and language + $sql = "ALTER TABLE `song_ext_data` ADD `label` VARCHAR ( 128 ) NULL, ADD `catalog_number` VARCHAR ( 128 ) NULL, ADD `language` VARCHAR ( 128 ) NULL"; + $db_results = mysql_query($sql,dbh()); + + /* Fix every users preferences */ + $sql = "SELECT `id` FROM `user`"; + $db_results = mysql_query($sql,dbh()); + + $user = new User(); + $user->fix_preferences('-1'); + + while ($r = mysql_fetch_assoc($db_results)) { + $user->fix_preferences($r['id']); + } // while results + + $this->set_version('db_version','340001'); + + return true; + + } //update_340001 + } // end update class ?> diff --git a/lib/class/user.class.php b/lib/class/user.class.php index 97ae99c9..87fa825c 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -47,18 +47,17 @@ class User { * class, it currently takes a username * //FIXME take UID */ - function User($username=0) { + function User($id=0) { - if (!$username) { + if (!$id) { return true; } - $this->username = sql_escape($username); + $this->id = $id; $info = $this->_get_info(); if (!count($info)) { return false; } - $this->id = $this->username; $this->uid = $info->id; $this->username = $info->username; $this->fullname = $info->fullname; @@ -82,13 +81,9 @@ class User { */ function _get_info() { - /* Hack during transition back to UID for user creation */ - if (is_numeric($this->username)) { - $sql = "SELECT * FROM user WHERE id='" . $this->username . "'"; - } - else { - $sql = "SELECT * FROM user WHERE username='$this->username'"; - } + $id = sql_escape($this->id); + + $sql = "SELECT * FROM `user` WHERE `id`='" . $id . "'"; $db_results = mysql_query($sql, dbh()); @@ -108,7 +103,7 @@ class User { function get_preferences($user_id=0,$type=0) { if (!$user_id) { - $user_id = $this->username; + $user_id = $this->id; } if (!conf('use_auth')) { $user_id = '-1'; } @@ -279,7 +274,7 @@ class User { */ function is_logged_in() { - $sql = "SELECT id FROM session WHERE username='$this->username'" . + $sql = "SELECT id FROM session WHERE `id`='$this->id'" . " AND expire > ". time(); $db_results = mysql_query($sql,dbh()); @@ -298,13 +293,9 @@ class User { */ function has_access($needed_level) { - if ($this->access == "admin") { $level = 100; } - elseif ($this->access == "user") { $level = 25; } - else { $level = $this->access; } - if (!conf('use_auth') || conf('demo_mode')) { return true; } - if ($level >= $needed_level) { return true; } + if ($this->access >= $needed_level) { return true; } return false; @@ -377,7 +368,7 @@ class User { function update_username($new_username) { $new_username = sql_escape($new_username); - $sql = "UPDATE user SET username='$new_username' WHERE username='$this->username'"; + $sql = "UPDATE `user` SET `username`='$new_username' WHERE `id`='$this->id'"; $this->username = $new_username; $db_results = mysql_query($sql, dbh()); @@ -392,7 +383,7 @@ class User { function update_validation($new_validation) { $new_validation = sql_escape($new_validation); - $sql = "UPDATE user SET validation='$new_validation',disabled='1' WHERE username='$this->username'"; + $sql = "UPDATE user SET validation='$new_validation',disabled='1' WHERE `id`='$this->id'"; $this->validation = $new_validation; $db_results = mysql_query($sql, dbh()); @@ -407,7 +398,7 @@ class User { function update_fullname($new_fullname) { $new_fullname = sql_escape($new_fullname); - $sql = "UPDATE user SET fullname='$new_fullname' WHERE username='$this->id'"; + $sql = "UPDATE user SET fullname='$new_fullname' WHERE `id`='$this->id'"; $db_results = mysql_query($sql, dbh()); } // update_fullname @@ -419,7 +410,7 @@ class User { function update_email($new_email) { $new_email = sql_escape($new_email); - $sql = "UPDATE user SET email='$new_email' WHERE username='$this->id'"; + $sql = "UPDATE user SET email='$new_email' WHERE `id`='$this->id'"; $db_results = mysql_query($sql, dbh()); } // update_email @@ -431,11 +422,47 @@ class User { function update_offset($new_offset) { $new_offset = sql_escape($new_offset); - $sql = "UPDATE user SET offset_limit='$new_offset' WHERE username='$this->id'"; + $sql = "UPDATE user SET offset_limit='$new_offset' WHERE `id`='$this->id'"; $db_results = mysql_query($sql, dbh()); } // update_offset + /** + * disable + * This disables the current user + */ + function disable() { + + // Make sure we aren't disabling the last admin + $sql = "SELECT `id` FROM `user` WHERE `disabled` = '0' AND `id` != '" . $this->id . "' AND `access`='100'"; + $db_results = mysql_query($sql,dbh()); + + if (!mysql_num_rows($db_results)) { return false; } + + $sql = "UPDATE `user` SET `disabled`='1' WHERE id='" . $this->id . "'"; + $db_results = mysql_query($sql,dbh()); + + // Delete any sessions they may have + $sql = "DELETE FROM `session` WHERE `username`='" . sql_escape($this->username) . "'"; + $db_results = mysql_query($sql,dbh()); + + return true; + + } // disable + + /** + * enable + * this enables the current user + */ + function enable() { + + $sql = "UPDATE `user` SET `disabled`='0' WHERE id='" . $this->id . "'"; + $db_results = mysql_query($sql,dbh()); + + return true; + + } // enable + /** * update_access * updates their access level @@ -443,37 +470,16 @@ class User { */ function update_access($new_access) { - /* Check for all disable */ - if ($new_access == 'disabled') { - $sql = "SELECT username FROM user WHERE disabled != '1' AND username != '$this->username'"; - $db_results = mysql_query($sql,dbh()); - if (!mysql_num_rows($db_results)) { return false; } - } - /* Prevent Only User accounts */ - if ($new_access == 'user') { + if ($new_access == '25') { $sql = "SELECT username FROM user WHERE (access='admin' OR access='100') AND username != '$this->username'"; $db_results = mysql_query($sql, dbh()); if (!mysql_num_rows($db_results)) { return false; } } - if ($new_access == 'enabled') { - $new_access = sql_escape($new_access); - $sql = "UPDATE user SET disabled='0' WHERE username='$this->username'"; - $db_results = mysql_query($sql, dbh()); - - } - elseif ($new_access == 'disabled') { - $sql = "UPDATE user SET disabled='1' WHERE username='$this->username'"; - $db_results = mysql_query($sql, dbh()); - $sql = "DELETE FROM session WHERE username='" . sql_escape($this->username) . "'"; - $db_results = mysql_query($sql, dbh()); - } - else { - $new_access = sql_escape($new_access); - $sql = "UPDATE user SET access='$new_access' WHERE username='$this->username'"; - $db_results = mysql_query($sql, dbh()); - } + $new_access = sql_escape($new_access); + $sql = "UPDATE `user` SET `access`='$new_access' WHERE `id`='$this->id'"; + $db_results = mysql_query($sql, dbh()); } // update_access @@ -483,7 +489,7 @@ class User { */ function update_last_seen() { - $sql = "UPDATE user SET last_seen='" . time() . "' WHERE username='$this->username'"; + $sql = "UPDATE user SET last_seen='" . time() . "' WHERE `id`='$this->id'"; $db_results = mysql_query($sql, dbh()); } // update_last_seen @@ -583,10 +589,13 @@ class User { if (!$db_results) { return false; } + // Get the insert_id + $insert_id = mysql_insert_id(dbh()); + /* Populates any missing preferences, in this case all of them */ - $this->fix_preferences($username); + $this->fix_preferences($insert_id); - return $username; + return $insert_id; } // create @@ -714,16 +723,100 @@ class User { } // format_recommendations /** - * fix_preferences - * this makes sure that the specified user - * has all the correct preferences. This function - * should be run whenever a system preference is run - * it's a cop out... FIXME! - * @todo Fix it so this isn't a hack - * @package User - * @catagory Class + * fix_preferences + * This is the new fix_preferences function, it does the following + * Remove Duplicates from user, add in missing + * If -1 is passed it also removes duplicates from the `preferences` + * table. */ function fix_preferences($user_id=0) { + + if (!$user_id) { + $user_id = $this->id; + } + + $user_id = sql_escape($user_id); + + /* Get All Preferences for the current user */ + $sql = "SELECT * FROM `user_preference` WHERE `user`='$user_id'"; + $db_results = mysql_query($sql,dbh()); + + $results = array(); + + while ($r = mysql_fetch_assoc($db_results)) { + $pref_id = $r['preference']; + /* Check for duplicates */ + if (isset($results[$pref_id])) { + $r['value'] = sql_escape($r['value']); + $sql = "DELETE FROM `user_preference` WHERE `user`='$user_id' AND `preference`='" . $r['preference'] . "' AND" . + " `value`='" . sql_escape($r['value']) . "'"; + $delete_results = mysql_query($sql,dbh()); + } // if its set + else { + $results[$pref_id] = 1; + } + } // end while + + /* If we aren't the -1 user before we continue grab the -1 users values */ + if ($user_id != '-1') { + $sql = "SELECT `user_preference.preference`,`user_preference.value` FROM `user_preference`,`preferences` " . + "WHERE `user_preference.preference` = `preferences.id` AND `user_preference.user`='-1' AND `preferences.catagory` !='system'"; + $db_results = mysql_query($sql, dbh()); + /* While through our base stuff */ + while ($r = mysql_fetch_object($db_results)) { + $zero_results[$r->preference] = $r->value; + } + } // if not user -1 + + // get me _EVERYTHING_ + $sql = "SELECT * FROM `preferences`"; + + // If not system, exclude system... *gasp* + if ($user_id != '-1') { + $sql .= " WHERE catagory !='system'"; + } + $db_results = mysql_query($sql, dbh()); + + while ($r = mysql_fetch_object($db_results)) { + + /* Check if this preference is set */ + if (!isset($results[$r->id])) { + if (isset($zero_results[$r->id])) { + $r->value = $zero_results[$r->id]; + } + $value = sql_escape($r->value); + $sql = "INSERT INTO user_preference (`user`,`preference`,`value`) VALUES ('$user_id','$r->id','$value')"; + $insert_db = mysql_query($sql, dbh()); + } + } // while preferences + + /* Let's also clean out any preferences garbage left over */ + $sql = "SELECT DISTINCT(user_preference.user) FROM user_preference " . + "LEFT JOIN user ON user_preference.user = user.id " . + "WHERE user_preference.user!='-1' AND user.id IS NULL"; + $db_results = mysql_query($sql, dbh()); + + $results = array(); + + while ($r = mysql_fetch_assoc($db_results)) { + $results[] = $r['user']; + } + + foreach ($results as $data) { + $sql = "DELETE FROM user_preference WHERE user='$data'"; + $db_results = mysql_query($sql, dbh()); + } + + + } // fix_preferences + + /** + * username_fix_preferences + * this is an old function that takes a username + * and fixes the preferences based on that it is no longer + * used by has to be maintained due to the update class + */ + function username_fix_preferences($user_id=0) { if (!$user_id) { $user_id = $this->username; diff --git a/lib/general.lib.php b/lib/general.lib.php index e55af3cb..e0070839 100644 --- a/lib/general.lib.php +++ b/lib/general.lib.php @@ -996,7 +996,7 @@ function invert_boolean($value) { */ function get_user_from_username($username) { - $sql = "SELECT id FROM user WHERE username='" . sql_escape($username) . "'"; + $sql = "SELECT `id` FROM `user` WHERE `username`='" . sql_escape($username) . "'"; $db_results = mysql_query($sql, dbh()); $results = mysql_fetch_assoc($db_results); diff --git a/lib/init.php b/lib/init.php index 49ff4a79..6d8c9158 100644 --- a/lib/init.php +++ b/lib/init.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2006 Ampache.org + Copyright (c) 2001 - 2007 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -67,33 +67,19 @@ if (!$results = read_config($configfile,0)) { } /** This is the version.... fluf nothing more... **/ -$results['version'] = '3.3.3'; -$results['int_config_version'] = '1'; +$results['version'] = '3.4-Alpha1 (Build 001)'; +$results['int_config_version'] = '2'; $results['raw_web_path'] = $results['web_path']; $results['web_path'] = $http_type . $_SERVER['HTTP_HOST'] . $results['web_path']; -$results['catalog_file_pattern']= 'mp3|mpc|m4p|m4a|mp4|aac|ogg|rm|wma|asf|flac|spx|ra|ape|shn|wv'; $results['http_port'] = $_SERVER['SERVER_PORT']; -if (!$results['prefix']) { - $results['prefix'] = $prefix; -} -if (!$results['stop_auth']) { - $results['stop_auth'] = $results['prefix'] . "/modules/vauth/gone.fishing"; -} +$results['prefix'] = $prefix; +$results['stop_auth'] = $results['prefix'] . "/modules/vauth/gone.fishing"; if (!$results['http_port']) { $results['http_port'] = '80'; } if (!$results['site_charset']) { - $results['site_charset'] = "iso-8859-1"; -} -if (!$results['ellipse_threshold_album']) { - $results['ellipse_threshold_album'] = 27; -} -if (!$results['ellipse_threshold_artist']) { - $results['ellipse_threshold_artist'] = 27; -} -if (!$results['ellipse_threshold_title']) { - $results['ellipse_threshold_title'] = 27; + $results['site_charset'] = "UTF-8"; } if (!$results['raw_web_path']) { $results['raw_web_path'] = '/'; @@ -113,11 +99,6 @@ if (!$results['user_ip_cardinality']) { if (!$results['local_length']) { $results['local_length'] = '9000'; } -/* Default it for now until I can get the auto-config updater working */ -if (!$results['tag_order']) { - $results['tag_order'] = array('id3v2','id3v1','vorbiscomment','quicktime','file'); -} - /* Variables needed for vauth Module */ $results['cookie_path'] = $results['raw_web_path']; @@ -162,7 +143,7 @@ require_once(conf('prefix') . "/modules/id3/getid3/getid3.php"); require_once(conf('prefix') . '/modules/id3/vainfo.class.php'); require_once(conf('prefix') . '/modules/infotools/Snoopy.class.php'); require_once(conf('prefix') . '/modules/infotools/AmazonSearchEngine.class.php'); -require_once(conf('prefix') . '/modules/infotools/jamendoSearch.class.php'); +//require_once(conf('prefix') . '/modules/infotools/jamendoSearch.class.php'); require_once(conf('prefix') . '/lib/xmlrpc.php'); require_once(conf('prefix') . '/modules/xmlrpc/xmlrpc.inc'); @@ -257,18 +238,13 @@ if (in_array("http",$results['auth_methods'])) { } // end if http auth -if ($no_session) { - define('NO_SESSION','1'); -} - - // If we don't want a session if (NO_SESSION != '1' AND conf('use_auth')) { /* Verify Their session */ if (!vauth_check_session()) { logout(); exit; } /* Create the new user */ - $user = new User($_SESSION['userdata']['username']); + $user = get_user_from_username($_SESSION['userdata']['username']); /* If they user ID doesn't exist deny them */ if (!$user->uid AND !conf('demo_mode')) { logout(); exit; } @@ -303,7 +279,7 @@ else { session_id(scrub_in($_REQUEST['sessid'])); session_start(); } - $user = new user($sess_results['username']); + $user = get_user_from_username($sess_results['username']); init_preferences(); } diff --git a/lib/ui.lib.php b/lib/ui.lib.php index f676adc5..8a928e3b 100644 --- a/lib/ui.lib.php +++ b/lib/ui.lib.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2006 Ampache.org + Copyright (c) 2001 - 2007 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -119,38 +119,6 @@ function access_denied() { } // access_denied /** - * show_users - * shows all users (admin function) - */ -function show_users () { - - $dbh = dbh(); - - // Setup the View Ojbect - $view = new View(); - $view->import_session_view(); - - // if we are returning - if ($_REQUEST['keep_view']) { - $view->initialize(); - } - // If we aren't keeping the view then initlize it - else { - $sql = "SELECT username FROM user"; - $db_results = mysql_query($sql, $dbh); - $total_items = mysql_num_rows($db_results); - if ($match != "Show_all") { $offset_limit = $_SESSION['userdata']['offset_limit']; } - $view = new View($sql, 'admin/users.php','fullname',$total_items,$offset_limit); - } - - $db_result = mysql_query($view->sql, $dbh); - // wow this is stupid - $GLOBALS['view'] = $view; - require(conf('prefix') . "/templates/show_users.inc"); - -} // show_users() - -/** * return_referer * returns the script part of the referer address passed by the web browser * this is not %100 accurate. Also because this is not passed by us we need @@ -1421,19 +1389,21 @@ function xml_get_footer($type){ } //xml_get_footer /** - * show_manage_users - * This is the admin page for showing all of the users + * get_users + * This returns an array of user objects and takes an sql statement */ -function show_manage_users() { +function get_users($sql) { - show_box_top(_('Manage Users')); - echo "<ul>\n\t<li><a href=\"".conf('web_path') . "/admin/users.php?action=show_add_user\">" . _('Add a new user') . "</a></li>\n</ul>\n"; - show_box_bottom(); + $db_results = mysql_query($sql,dbh()); + + $results = array(); - /* Show the Users */ - show_users(); + while ($u = mysql_fetch_assoc($db_results)) { + $results[] = new User($u['id']); + } -} // show_manage_users + return $results; +} // get_users ?> @@ -26,7 +26,7 @@ */ -$no_session = true; +define('NO_SESSION','1'); require_once('lib/init.php'); /* We have to create a cookie here because IIS @@ -73,7 +73,7 @@ if ($_POST['username'] && $_POST['password']) { $username = scrub_in($_POST['username']); $password = scrub_in($_POST['password']); $auth = authenticate($username, $password); - $user = new User($username); + $user = get_user_from_username($username); if ($user->disabled == '1') { $auth['success'] = false; @@ -124,7 +124,7 @@ if ($auth['success']) { // Record the IP of this person! // if (conf('track_user_ip')) { - $user = new User($_POST['username']); + $user = get_user_from_username($username); $user->insert_ip_history(); unset($user); } diff --git a/templates/show_add_user.inc.php b/templates/show_add_user.inc.php new file mode 100644 index 00000000..4746c524 --- /dev/null +++ b/templates/show_add_user.inc.php @@ -0,0 +1,87 @@ +<?php +/* + + Copyright (c) 2001 - 2007 Ampache.org + All rights reserved. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +*/ +?> +<?php show_box_top(_('Adding a New User')); ?> +<?php $GLOBALS['error']->print_error('general'); ?> +<form name="add_user" enctype="multpart/form-data" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>"> +<table class="tabledata" cellspacing="0" cellpadding="0" border="0"> +<tr> + <td> + <?php echo _('Username'); ?>: + </td> + <td> + <input type="text" name="username" size="30" maxlength="128" value="<?php echo scrub_out($_POST['username']); ?>" /> + <?php $GLOBALS['error']->print_error('username'); ?> + </td> +</tr> +<tr> + <td><?php echo _('Full Name'); ?>:</td> + <td> + <input type="text" name="fullname" size="30" value="<?php echo scrub_out($_POST['fullname']); ?>" /> + </td> +</tr> +<tr> + <td> + <?php echo _('E-mail'); ?>: + </td> + <td> + <input type="text" name="email" size="30" value="<?php echo scrub_out($_POST['email']); ?>" /> + </td> +</tr> +<tr> + <td> + <?php echo _('Password'); ?> : + </td> + <td> + <input type="password" name="password_1" size="30" value="" /> + <?php $GLOBALS['error']->print_error('password'); ?> + </td> +</tr> +<tr> + <td> + <?php echo _('Confirm Password'); ?>: + </td> + <td> + <input type="password" name="password_2" size="30" value="" /> + </td> +</tr> +<tr> + <td> + <?php echo _('User Access Level'); ?>: + </td> + <td> + <?php $var_name = "on_" . $working_user->access; ${$var_name} = 'selected="selected"'; ?> + <select name="access"> + <option value="1" <?php echo $on_1; ?>><?php echo _('Guest'); ?></option> + <option value="25" <?php echo $on_25; ?>><?php echo _('User'); ?></option> + <option value="100" <?php echo $on_100; ?>><?php echo _('Admin'); ?></option> + </select> + </td> +</tr> + <td colspan="2"> + <input type="submit" value="<?php echo _('Add User'); ?>" /> + <input type="hidden" name="action" value="add_user" /> + </td> +</tr> +</table> +</form> +<?php show_box_bottom(); ?> diff --git a/templates/show_confirmation.inc.php b/templates/show_confirmation.inc.php index 165df5b6..e278ed7d 100644 --- a/templates/show_confirmation.inc.php +++ b/templates/show_confirmation.inc.php @@ -20,7 +20,7 @@ */ ?> <?php show_box_top(scrub_out($title)); ?> -<?php echo scrub_out($text); ?> +<?php echo $text; ?> <br /> <div class="text-action"> <a href="<?php echo $path; ?>"><?php echo _('Continue'); ?></a> diff --git a/templates/show_edit_user.inc.php b/templates/show_edit_user.inc.php index 675c6224..fc6dd546 100644 --- a/templates/show_edit_user.inc.php +++ b/templates/show_edit_user.inc.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2006 Ampache.org + Copyright (c) 2001 - 2007 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -19,60 +19,49 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -if ($type === 'new_user') { - $userfield = "<input type=\"text\" name=\"new_username\" size=\"30\" value=\"" . scrub_out($username) . "\" />"; - $title = _('Adding a New User'); -} -else { - $userfield = scrub_out($username); - $title = _('Editing existing User'); -} ?> - -<br /> -<?php show_box_top($title); ?> +<?php show_box_top(_('Editing existing User')); ?> <?php $GLOBALS['error']->print_error('general'); ?> -<form name="update_user" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>"> -<table cellspacing="0" cellpadding="0" border="0"> +<form name="update_user" enctype="multipart/form-data" method="post" action="<?php echo conf('web_path') . "/admin/users.php"; ?>"> +<table class="tabledata" cellspacing="0" cellpadding="0" border="0"> <tr> <td> - <?php echo _('Username'); ?>: + <?php echo _('Username'); ?>: </td> <td> - <?php echo $userfield; ?> + <input type="text" name="username" size="30" maxlength="128" value="<?php echo scrub_out($working_user->username); ?>" /> <?php $GLOBALS['error']->print_error('username'); ?> </td> </tr> <tr> - <td><?php echo _('Full Name'); ?>:</td> + <td><?php echo _('Full Name'); ?>:</td> <td> - <input type="text" name="new_fullname" size="30" value="<?php echo scrub_out($fullname); ?>" /> + <input type="text" name="fullname" size="30" value="<?php echo scrub_out($working_user->fullname); ?>" /> </td> </tr> <tr> <td> - <?php echo _('E-mail'); ?>: + <?php echo _('E-mail'); ?>: </td> <td> - <input type="text" name="new_email" size="30" value="<?php echo scrub_out($email); ?>" /> + <input type="text" name="email" size="30" value="<?php echo scrub_out($working_user->email); ?>" /> </td> </tr> <tr> <td> - <?php echo _('Password'); ?> : + <?php echo _('Password'); ?> : </td> <td> - <input type="password" name="new_password_1" size="30" value="" /> + <input type="password" name="password_1" size="30" value="" /> <?php $GLOBALS['error']->print_error('password'); ?> </td> </tr> <tr> <td> - <?php echo _('Confirm Password'); ?>: + <?php echo _('Confirm Password'); ?>: </td> <td> - <input type="password" name="new_password_2" size="30" value="" /> + <input type="password" name="password_2" size="30" value="" /> </td> </tr> <tr> @@ -80,24 +69,21 @@ else { <?php echo _('User Access Level'); ?>: </td> <td> - <select name="user_access"> - <option value="1" <?php if($access==='1') echo "selected=\"selected\""; ?>>Guest</option> - <option value="user" <?php if($access==='user') echo "selected=\"selected\""; ?>>User</option> - <option value="admin" <?php if($access==='admin') echo "selected=\"selected\""; ?>>Admin</option> + <?php $var_name = "on_" . $working_user->access; ${$var_name} = 'selected="selected"'; ?> + <select name="access"> + <option value="1" <?php echo $on_1; ?>><?php echo _('Guest'); ?></option> + <option value="25" <?php echo $on_25; ?>><?php echo _('User'); ?></option> + <option value="100" <?php echo $on_100; ?>><?php echo _('Admin'); ?></option> </select> </td> </tr> +<tr> + <td colspan="2"> + <input type="hidden" name="action" value="update_user" /> + <input type="submit" value="<?php echo _('Update User'); ?>" /> + <input type="hidden" name="user_id" value="<?php echo $working_user->id; ?>" /> + </td> +</tr> </table> -<?php -if ($type == 'new_user') { - echo "<input type=\"hidden\" name=\"action\" value=\"add_user\" />"; - echo "<input type=\"submit\" value=\"" . _('Add User') . "\" />"; -} -else { - echo "<input type=\"hidden\" name=\"action\" value=\"update_user\" />\n"; - echo "<input type=\"submit\" value=\"" . _('Update User') . "\" />\n"; - echo "<input type=\"hidden\" name=\"new_username\" value=\"$id\" />"; -} -?> </form> <?php show_box_bottom(); ?> diff --git a/templates/show_users.inc b/templates/show_users.inc.php index b92afb11..39bf90f6 100644 --- a/templates/show_users.inc +++ b/templates/show_users.inc.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2006 Ampache.org + Copyright (c) 2001 - 2007 Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -18,15 +18,16 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -/*! - @header Show Users (admin section) -*/ $web_path = conf('web_path'); $total_items = $view->total_items; $admin_menu = "admin/"; -?> +show_box_top(_('Manage Users')); + echo get_user_icon('add_user') . ' '; + echo '<a href="' . $web_path . '/admin/users.php?action=show_add_user">' . _('Add a new user') . '</a>'; +show_box_bottom(); +?> <?php show_box_top(); ?> <table class="tabledata" cellpadding="0" cellspacing="0" border="0"> <tr class="table-header" align="center"> @@ -37,10 +38,10 @@ $admin_menu = "admin/"; <tr class="table-header"> <td align="center"> <a href="<?php echo $web_path; ?>/<?php echo $_SESSION['view_script']; ?>?action=<?php echo $_REQUEST['action']; ?>&keep_view=true&sort_type=fullname&sort_order=0"> - <b><?php echo _("Fullname"); ?></b> + <b><?php echo _('Fullname'); ?></b> </a> <a href="<?php echo $web_path; ?>/<?php echo $_SESSION['view_script']; ?>?action=<?php echo $_REQUEST['action']; ?>&keep_view=true&sort_type=username&sort_order=0"> - <b>(<?php echo _("Username"); ?>)</b> + <b>(<?php echo _('Username'); ?>)</b> </a> </td> <td align="center"> @@ -67,19 +68,17 @@ $admin_menu = "admin/"; </td> </tr> <?php -while ($results = mysql_fetch_object($db_result)) { - $user = new User($results->username); - $last_seen = date("m\/d\/Y - H:i",$user->last_seen); - if (!$user->last_seen) { $last_seen = "Never"; } - $create_date = date("m\/d\/Y - H:i",$user->create_date); - $user->format_user(); - if (!$user->create_date) { $create_date = "Unknown"; } +foreach ($users as $working_user) { + $working_user->format_user(); + $last_seen = date("m\/d\/Y - H:i",$working_user->last_seen); + if (!$working_user->last_seen) { $last_seen = _('Never'); } + $create_date = date("m\/d\/Y - H:i",$working_user->create_date); + if (!$working_user->create_date) { $create_date = _('Unknown'); } ?> - <tr class="<?php echo flip_class(); ?>" align="center"> <td align="left"> - <a href="<?php echo $web_path; ?>/admin/users.php?action=edit&user=<?php echo $user->id; ?>"> - <?php echo $user->fullname; ?> (<?php echo $user->username; ?>) + <a href="<?php echo $web_path; ?>/admin/users.php?action=edit&user_id=<?php echo $working_user->id; ?>"> + <?php echo $working_user->fullname; ?> (<?php echo $working_user->username; ?>) </a> </td> <td> @@ -90,54 +89,54 @@ while ($results = mysql_fetch_object($db_result)) { </td> <td> - <?php echo $user->f_useage; ?> + <?php echo $working_user->f_useage; ?> </td> <?php if (conf('track_user_ip')) { ?> <td> - <a href="<?php echo $web_path; ?>/admin/users.php?action=show_ip_history&user_id=<?php echo $user->id; ?>"> - <?php echo $user->ip_history; ?> + <a href="<?php echo $web_path; ?>/admin/users.php?action=show_ip_history&user_id=<?php echo $working_user->id; ?>"> + <?php echo $working_user->ip_history; ?> </a> </td> <?php } ?> <td> - <a href="<?php echo $web_path; ?>/admin/users.php?action=edit&user=<?php echo $user->id; ?>"> + <a href="<?php echo $web_path; ?>/admin/users.php?action=edit&user_id=<?php echo $working_user->id; ?>"> <?php echo get_user_icon('edit'); ?> </a> </td> <td> - <a href="<?php echo $web_path; ?>/admin/preferences.php?action=user&user_id=<?php echo $user->id; ?>"> + <a href="<?php echo $web_path; ?>/admin/preferences.php?action=user&user_id=<?php echo $working_user->id; ?>"> <?php echo get_user_icon('preferences'); ?> </a> </td> <td> - <a href="<?php echo $web_path; ?>/stats.php?action=user_stats&user_id=<?php echo $user->id; ?>"> + <a href="<?php echo $web_path; ?>/stats.php?action=user_stats&user_id=<?php echo $working_user->id; ?>"> <?php echo get_user_icon('statistics'); ?> </a> </td> <?php //FIXME: Fix this for the extra permission levels if ($user->disabled == '1') { - echo "<td><a href=\"".$web_path."/admin/users.php?action=update&user=$user->username&level=enabled\">" . get_user_icon('enable') . "</a></td>"; + echo "<td><a href=\"".$web_path."/admin/users.php?action=enable&user_id=$working_user->id\">" . get_user_icon('enable') . "</a></td>"; } else { - echo "<td><a href=\"".$web_path."/admin/users.php?action=update&user=$user->username&level=disabled\">" . get_user_icon('disable') ."</a></td>"; + echo "<td><a href=\"".$web_path."/admin/users.php?action=disable&user_id=$working_user->id\">" . get_user_icon('disable') ."</a></td>"; } ?> <td> - <a href="<?php echo $web_path; ?>/admin/users.php?action=delete&user=<?php echo $user->username; ?>"> + <a href="<?php echo $web_path; ?>/admin/users.php?action=delete&user_id=<?php echo $working_user->id; ?>"> <?php echo get_user_icon('delete'); ?> </a> </td> <?php - if (($user->is_logged_in()) and ($user->is_online())) { + if (($working_user->is_logged_in()) and ($working_user->is_online())) { echo "<td class=\"user_online\"> </td>"; - } elseif ($user->disabled == 1) { + } elseif ($working_user->disabled == 1) { echo "<td class=\"user_disabled\"> </td>"; } else { echo "<td class=\"user_offline\"> </td>"; } ?> </tr> -<?php } //end while ($results = mysql_fetch_object($db_result)) ?> +<?php } //end foreach users ?> </table> <?php show_box_bottom(); ?> @@ -29,7 +29,7 @@ /* Start House Keeping */ // We need this stuff - $no_session = 1; + define('NO_SESSION','1'); require('lib/init.php'); // Make a blank update object |
