2 # MantisBT - A PHP based bugtracking system
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
19 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
20 * @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net
21 * @link http://www.mantisbt.org
24 * @uses access_api.php
25 * @uses authentication_api.php
26 * @uses config_api.php
27 * @uses constant_inc.php
28 * @uses database_api.php
30 * @uses helper_api.php
35 * @uses string_api.php
36 * @uses utility_api.php
39 require_once( 'core.php' );
40 require_api( 'access_api.php' );
41 require_api( 'authentication_api.php' );
42 require_api( 'config_api.php' );
43 require_api( 'constant_inc.php' );
44 require_api( 'database_api.php' );
45 require_api( 'gpc_api.php' );
46 require_api( 'helper_api.php' );
47 require_api( 'html_api.php' );
48 require_api( 'icon_api.php' );
49 require_api( 'lang_api.php' );
50 require_api( 'print_api.php' );
51 require_api( 'string_api.php' );
52 require_api( 'utility_api.php' );
54 auth_reauthenticate();
56 access_ensure_global_level( config_get( 'manage_user_threshold' ) );
58 $f_sort = gpc_get_string( 'sort', 'username' );
59 $f_dir = gpc_get_string( 'dir', 'ASC' );
60 $f_hide = gpc_get_bool( 'hide' );
61 $f_save = gpc_get_bool( 'save' );
62 $f_filter = utf8_strtoupper( gpc_get_string( 'filter', config_get( 'default_manage_user_prefix' ) ) );
63 $f_page_number = gpc_get_int( 'page_number', 1 );
65 $t_user_table = db_get_table( 'user' );
66 $t_cookie_name = config_get( 'manage_cookie' );
67 $t_lock_image = '<img src="' . config_get( 'icon_path' ) . 'protected.gif" width="8" height="15" border="0" alt="' . lang_get( 'protected' ) . '" />';
70 # Clean up the form variables
71 if ( !db_field_exists( $f_sort, $t_user_table ) ) {
74 $c_sort = addslashes($f_sort);
77 if ($f_dir == 'ASC') {
83 if ($f_hide == 0) { # a 0 will turn it off
85 } else { # anything else (including 'on') will turn it on
88 $t_hide_filter = '&hide=' . $c_hide;
90 # set cookie values for hide, sort by, and dir
92 $t_manage_string = $c_hide.':'.$c_sort.':'.$c_dir;
93 gpc_set_cookie( $t_cookie_name, $t_manage_string, true );
94 } else if ( !is_blank( gpc_get_cookie( $t_cookie_name, '' ) ) ) {
95 $t_manage_arr = explode( ':', gpc_get_cookie( $t_cookie_name ) );
96 $f_hide = $t_manage_arr[0];
98 if ( isset( $t_manage_arr[1] ) ) {
99 $f_sort = $t_manage_arr[1];
101 $f_sort = 'username';
104 if ( isset( $t_manage_arr[2] ) ) {
105 $f_dir = $t_manage_arr[2];
111 html_page_top( lang_get( 'manage_users_link' ) );
113 print_manage_menu( 'manage_user_page.php' );
115 # New Accounts Form BEGIN
117 $days_old = 7 * SECONDS_PER_DAY
;
120 WHERE ".db_helper_compare_days("" . db_now() . "","date_created","<= $days_old")."
121 ORDER BY date_created DESC";
122 $result = db_query_bound( $query );
124 $new_user_count = db_num_rows( $result);
126 # Never Logged In Form BEGIN
130 WHERE ( login_count = 0 ) AND ( date_created = last_visit )
131 ORDER BY date_created DESC";
132 $result = db_query_bound( $query );
133 $unused_user_count = db_num_rows( $result );
137 $t_prefix_array = array( 'ALL' );
139 for ( $i = 'A'; $i != 'AA'; $i++
) {
140 $t_prefix_array[] = $i;
143 for ( $i = 0; $i <= 9; $i++
) {
144 $t_prefix_array[] = "$i";
146 $t_prefix_array[] = lang_get( 'users_unused' );
147 $t_prefix_array[] = lang_get( 'users_new' );
149 echo '<br /><center><table class="width75"><tr>';
150 foreach ( $t_prefix_array as $t_prefix ) {
151 if ( $t_prefix === 'ALL' ) {
152 $t_caption = lang_get( 'show_all_users' );
154 $t_caption = $t_prefix;
158 if ( $t_prefix == $f_filter ) {
159 $c_filter = $f_filter;
160 echo "<strong>$t_caption</strong>";
162 print_link( "manage_user_page.php?sort=$c_sort&dir=$c_dir&save=1$t_hide_filter&filter=$t_prefix", $t_caption );
165 if ($t_prefix == 'UNUSED' ) {
166 echo '[' . $unused_user_count . ']' . '<br />' . lang_get( 'never_logged_in_title' ) . '<br />';
167 echo print_button( 'manage_user_prune.php', lang_get( 'prune_accounts' ) );
168 } else if ($t_prefix == 'NEW' ) {
169 echo '[' . $new_user_count . ']<br />' . '(' . lang_get( '1_week_title' ) . ')';
173 echo '</tr></table></center>';
175 $t_where_params = null;
176 if ( $f_filter === 'ALL' ) {
177 $t_where = '(1 = 1)';
178 } else if ( $f_filter === 'UNUSED' ) {
179 $t_where = '(login_count = 0) AND ( date_created = last_visit )';
180 } else if ( $f_filter === 'NEW' ) {
181 $t_where = db_helper_compare_days("" . db_now() . "","date_created","<= $days_old");
183 $c_prefix = db_prepare_string($f_filter);
184 $t_where = "(username like '$c_prefix%')";
189 $t_offset = ( ( $f_page_number - 1 ) * $p_per_page );
191 $total_user_count = 0;
193 # Get the user data in $c_sort order
195 if ( 0 == $c_hide ) {
196 $query = "SELECT count(*) as usercnt
199 $result = db_query_bound($query, $t_where_params);
200 $row = db_fetch_array( $result );
201 $total_user_count = $row['usercnt'];
203 $query = "SELECT count(*) as usercnt
205 WHERE $t_where AND " . db_helper_compare_days("" . db_now() . "","last_visit","< $days_old");
206 $result = db_query_bound($query, $t_where_params);
207 $row = db_fetch_array( $result );
208 $total_user_count = $row['usercnt'];
211 $t_page_count = ceil($total_user_count / $p_per_page);
212 if ( $t_page_count < 1 ) {
216 # Make sure $p_page_number isn't past the last page.
217 if ( $f_page_number > $t_page_count ) {
218 $f_page_number = $t_page_count;
221 # Make sure $p_page_number isn't before the first page
222 if ( $f_page_number < 1 ) {
227 if ( 0 == $c_hide ) {
231 ORDER BY $c_sort $c_dir";
232 $result = db_query_bound($query, $t_where_params, $p_per_page, $t_offset);
237 WHERE $t_where AND " . db_helper_compare_days( "" . db_now() . "", "last_visit", "< $days_old" ) . "
238 ORDER BY $c_sort $c_dir";
239 $result = db_query_bound($query, $t_where_params, $p_per_page, $t_offset );
241 $user_count = db_num_rows( $result );
244 <table
class="width100" cellspacing
="1">
246 <td
class="form-title" colspan
="5">
247 <?php
echo lang_get( 'manage_accounts_title' ) ?
> [<?php
echo $total_user_count ?
>]
248 <?php
print_button( 'manage_user_create_page.php', lang_get( 'create_new_account_link' ) ) ?
>
250 <td
class="center" colspan
="3">
251 <form method
="post" action
="manage_user_page.php">
252 <?php
# CSRF protection not required here - form does not result in modifications ?>
253 <input type
="hidden" name
="sort" value
="<?php echo $c_sort ?>" />
254 <input type
="hidden" name
="dir" value
="<?php echo $c_dir ?>" />
255 <input type
="hidden" name
="save" value
="1" />
256 <input type
="hidden" name
="filter" value
="<?php echo $c_filter ?>" />
257 <input type
="checkbox" name
="hide" value
="1" <?php
check_checked( $c_hide, 1 ); ?
> /> <?php
echo lang_get( 'hide_inactive' ) ?
>
258 <input type
="submit" class="button" value
="<?php echo lang_get( 'filter_button' ) ?>" />
262 <tr
class="row-category">
265 print_manage_user_sort_link( 'manage_user_page.php', lang_get( 'username' ), 'username', $c_dir, $c_sort, $c_hide, $c_filter );
266 print_sort_icon( $c_dir, $c_sort, 'username' );
271 print_manage_user_sort_link( 'manage_user_page.php', lang_get( 'realname' ), 'realname', $c_dir, $c_sort, $c_hide, $c_filter );
272 print_sort_icon( $c_dir, $c_sort, 'realname' );
277 print_manage_user_sort_link( 'manage_user_page.php', lang_get( 'email' ), 'email', $c_dir, $c_sort, $c_hide, $c_filter );
278 print_sort_icon( $c_dir, $c_sort, 'email' );
283 print_manage_user_sort_link( 'manage_user_page.php', lang_get( 'access_level' ), 'access_level', $c_dir, $c_sort, $c_hide, $c_filter );
284 print_sort_icon( $c_dir, $c_sort, 'access_level' );
289 print_manage_user_sort_link( 'manage_user_page.php', lang_get( 'enabled' ), 'enabled', $c_dir, $c_sort, $c_hide, $c_filter );
290 print_sort_icon( $c_dir, $c_sort, 'enabled' );
295 print_manage_user_sort_link( 'manage_user_page.php', $t_lock_image, 'protected', $c_dir, $c_sort, $c_hide, $c_filter );
296 print_sort_icon( $c_dir, $c_sort, 'protected' );
301 print_manage_user_sort_link( 'manage_user_page.php', lang_get( 'date_created' ), 'date_created', $c_dir, $c_sort, $c_hide, $c_filter );
302 print_sort_icon( $c_dir, $c_sort, 'date_created' );
307 print_manage_user_sort_link( 'manage_user_page.php', lang_get( 'last_visit' ), 'last_visit', $c_dir, $c_sort, $c_hide, $c_filter );
308 print_sort_icon( $c_dir, $c_sort, 'last_visit' );
313 $t_date_format = config_get( 'normal_date_format' );
314 $t_access_level = Array();
315 for ($i=0;$i<$user_count;$i++
) {
316 # prefix user data with u_
317 $row = db_fetch_array($result);
318 extract( $row, EXTR_PREFIX_ALL
, 'u' );
320 $u_date_created = date( $t_date_format, $u_date_created );
321 $u_last_visit = date( $t_date_format, $u_last_visit );
323 if( !isset( $t_access_level[$u_access_level] ) ) {
324 $t_access_level[$u_access_level] = get_enum_element( 'access_levels', $u_access_level );
327 <tr
<?php
echo helper_alternate_class( $i ) ?
>>
329 <a href
="manage_user_edit_page.php?user_id=<?php echo $u_id ?>"><?php
echo string_display_line( $u_username ) ?
></a
>
331 <td
><?php
echo string_display_line( $u_realname ) ?
></td
>
332 <td
><?php
print_email_link( $u_email, $u_email ) ?
></td
>
333 <td
><?php
echo $t_access_level[$u_access_level] ?
></td
>
334 <td
><?php
echo trans_bool( $u_enabled ) ?
></td
>
337 if ( $u_protected ) {
338 echo " $t_lock_image";
344 <td
><?php
echo $u_date_created ?
></td
>
345 <td
><?php
echo $u_last_visit ?
></td
>
350 # -- Page number links --
353 <td
class="right" colspan
="8">
356 /* @todo hack - pass in the hide inactive filter via cheating the actual filter value */
357 print_page_links( 'manage_user_page.php', 1, $t_page_count, (int)$f_page_number, $c_filter . $t_hide_filter);
367 <form method
="get" action
="manage_user_edit_page.php"<?php
# CSRF protection not required here - form does not result in modifications ?>>
368 <?php
echo lang_get( 'username' ) ?
>
369 <input type
="text" name
="username" value
="" />
370 <input type
="submit" class="button" value
="<?php echo lang_get( 'manage_user' ) ?>" />