[Linpha-cvs] SF.net SVN: linpha: [4487] trunk/linpha2
Status: Inactive
Brought to you by:
bzrudi
From: <fan...@us...> - 2006-04-07 21:56:35
|
Revision: 4487 Author: fangehrn Date: 2006-04-07 14:56:10 -0700 (Fri, 07 Apr 2006) ViewCVS: http://svn.sourceforge.net/linpha/?rev=4487&view=rev Log Message: ----------- * implemented admin section for user, groups and group memberships Modified Paths: -------------- trunk/linpha2/ChangeLog trunk/linpha2/admin/permissions_read.php trunk/linpha2/docs/TODO.txt trunk/linpha2/install/sql/sql.mysql.php trunk/linpha2/install/sql/sql.postgres.php trunk/linpha2/install/sql/sql.sqlite.php trunk/linpha2/lib/classes/linpha.sql.class.php Added Paths: ----------- trunk/linpha2/admin/permissions.php trunk/linpha2/admin/permissions_groups.php trunk/linpha2/admin/permissions_usergroup.php trunk/linpha2/admin/permissions_users.php Removed Paths: ------------- trunk/linpha2/admin/actions/save_permissions.php Modified: trunk/linpha2/ChangeLog =================================================================== --- trunk/linpha2/ChangeLog 2006-04-07 19:58:20 UTC (rev 4486) +++ trunk/linpha2/ChangeLog 2006-04-07 21:56:10 UTC (rev 4487) @@ -1,3 +1,6 @@ +2006-04-07 flo + * implemented admin section for user, groups and group memberships + 2006-04-06 flo * added user login system Deleted: trunk/linpha2/admin/actions/save_permissions.php =================================================================== --- trunk/linpha2/admin/actions/save_permissions.php 2006-04-07 19:58:20 UTC (rev 4486) +++ trunk/linpha2/admin/actions/save_permissions.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -1,82 +0,0 @@ -<?php -/* -* Copyright (c) 2005 Heiko Rutenbeck <bz...@tu...> -* -* This program is free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or -* (at your option) any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -if(!defined('TOP_DIR')) { define('TOP_DIR','../..'); } -//error_reporting(0); - -include_once(TOP_DIR.'/lib/classes/linpha.class.php'); - -$linpha = new linpha(); -$linpha->sql->dbConnect(); - -/** - * insert or update - */ -$query = $linpha->db->Execute("SELECT id FROM ".PREFIX."permissions WHERE photos_id = '".$linpha->sql->linAddslashes($_POST['photo_id'])."'"); -$num = $query->RecordCount(); - -/** - * if inherit is selected, delete if an entry exists - * and only if the photo_id != 0, because we can't delete - * the top permission entry!! - */ -if(isset($_POST['inherit'])) -{ - if($num != 0 && $_POST['photo_id'] != 0) - { - $linpha->db->Execute("DELETE FROM ".PREFIX."permissions WHERE photos_id = '".$linpha->sql->linAddslashes($_POST['photo_id'])."'"); - } -} -else -{ - if(isset($_POST['group'])) - { - if(in_array('public',$_POST['group'])) - { - $str_groups = 'public'; - } - else - { - $str_groups = implode(';',$_POST['group']); - } - } - else - { - /** - * no group selected - * -> only admin has permissions - */ - $str_groups = ''; - } - - if($num != 0) - { - $linpha->db->Execute("UPDATE ".PREFIX."permissions SET permission = ';".$linpha->sql->linAddslashes($str_groups).";' " . - "WHERE photos_id = '".$linpha->sql->linAddslashes($_POST['photo_id'])."'"); - } - else - { - $linpha->db->Execute("INSERT into ".PREFIX."permissions (photos_id, perm_type, permission) VALUES (" . - "'".$linpha->sql->linAddslashes($_POST['photo_id'])."', 'read'," . - "';".$linpha->sql->linAddslashes($str_groups).";' )"); - } -} - -header("Location: ".TOP_DIR."/admin/?cat=permissions&parent_id=".$_POST['parent_id']); -?> \ No newline at end of file Added: trunk/linpha2/admin/permissions.php =================================================================== --- trunk/linpha2/admin/permissions.php (rev 0) +++ trunk/linpha2/admin/permissions.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -0,0 +1,46 @@ +<?php +if(!defined('LINPHA_DIR')) { exit(1); } + +if(!isset($cat2)) +{ + $cat2 = 'users'; +} + +$array_menu = Array( + 'users' => Array('name' => 'Users', 'link' => 'permissions_users'), + 'groups' => Array('name' => 'Groups', 'link' => 'permissions_groups'), + 'usergroup' => Array('name' => 'Group Memberships', 'link' => 'permissions_usergroup'), + 'view' => Array('name' => 'View', 'link' => 'permissions_view'), + 'write' => Array('name' => 'Write', 'link' => 'permissions_write'), + 'basket' => Array('name' => 'Basket', 'link' => 'permissions_basket'), + 'metadata' => Array('name' => 'Meta Data', 'link' => 'permissions_metadata'), + 'others' => Array('name' => 'Others', 'link' => 'permissions_others'), +); + +print_admin_menu($array_menu,$cat2); + +switch($cat2) +{ +case 'users': + include_once('./permissions_users.php'); + break; +case 'groups': + include_once('./permissions_groups.php'); + break; +case 'usergroup': + include_once('./permissions_usergroup.php'); + break; +case 'view': + include_once('./permissions_read.php'); + break; +case 'write': + include_once('./permissions_write.php'); + break; +case 'basket': +case 'metadata': +case 'others': + include_once('./permissions_others.php'); + break; +} +?> + Added: trunk/linpha2/admin/permissions_groups.php =================================================================== --- trunk/linpha2/admin/permissions_groups.php (rev 0) +++ trunk/linpha2/admin/permissions_groups.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -0,0 +1,75 @@ +<?php +if(!defined('LINPHA_DIR')) { exit(1); } + +/** + * save data + */ +if(isset($_POST['cmd'])) +{ + /** + * @todo use something like htmlspecialchars() ? + */ + switch($_POST['cmd']) + { + case 'ren_group': + $GLOBALS['linpha']->db->Execute("UPDATE ".PREFIX."groups " . + "SET group_name='".LinSql::linAddslashes($_POST['group_name'])."' " . + "WHERE id='".LinSql::linAddslashes($_POST['id'])."'"); + break; + case 'del_group': + $GLOBALS['linpha']->db->Execute("DELETE FROM ".PREFIX."groups ". + "WHERE id='".LinSql::linAddslashes($_POST['id'])."'"); + break; + case 'new_group': + $GLOBALS['linpha']->db->Execute("INSERT INTO ".PREFIX."groups (group_name) ". + "VALUES ('".LinSql::linAddslashes($_POST['new_group_name'])."')"); + break; + } +} +?> +<table border="1"> + <tr> + <td><b><?php echo i18n("Group Name"); ?></b></td> + <td><b><?php echo i18n("Actions"); ?></b></td> + </tr> +<?php + $query = $GLOBALS['linpha']->db->Execute("SELECT id, group_name FROM ".PREFIX."groups ORDER BY group_name"); + while($data = $query->FetchRow()) + { +?> + <tr> + <form name="mod_group" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_groups'; ?>"> + <td> + <input style="width: 200;" type="text" name="group_name" value="<?php echo $data['group_name']; ?>" maxsize="255"> + </td> + + <td> + <input type="hidden" name="id" value="<?php echo $data['id']; ?>"> + <input type="hidden" name="cmd" value="ren_group"> + <input type="submit" value="<?php echo i18n("Rename Group"); ?>" style="float: left;"> + </form> + + <form name="del_group" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_groups'; ?>"> + <input type="submit" value="<?php echo i18n("Delete Group"); ?>" style="float: left;"> + <input type="hidden" name="cmd" value="del_group"> + <input type="hidden" name="id" value="<?php echo $data['id']; ?>"> + </form> + + <form name="edit_members" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_usergroup?groupid='.$data['id']; ?>"> + <input type="submit" value="<?php echo i18n("Edit Group Members"); ?>" style="float: left;"> + </form> + </td> + </tr> +<?php + } +?> + <tr> + <form name="new_user" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_groups'; ?>"> + <td><input style="width: 200;" type="text" name="new_group_name" maxsize="255"></td> + <td> + <input type="hidden" name="cmd" value="new_group"> + <input type="submit" value="<?php echo i18n("Create Group"); ?>"> + </td> + </form> + </tr> +</table> Modified: trunk/linpha2/admin/permissions_read.php =================================================================== --- trunk/linpha2/admin/permissions_read.php 2006-04-07 19:58:20 UTC (rev 4486) +++ trunk/linpha2/admin/permissions_read.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -1,12 +1,69 @@ <?php if(!defined('LINPHA_DIR')) { exit(1); } -//error_reporting(0); - include_once(LINPHA_DIR.'/lib/adodb/tohtml.inc.php'); /** + * save POST data + */ +if(isset($_POST['cmd']) && $_POST['cmd'] == 'save_permissions') +{ + /** + * insert or update + */ + $query = $linpha->db->Execute("SELECT id FROM ".PREFIX."permissions WHERE photos_id = '".$linpha->sql->linAddslashes($_POST['photo_id'])."'"); + $num = $query->RecordCount(); + + /** + * if inherit is selected, delete if an entry exists + * and only if the photo_id != 0, because we can't delete + * the top permission entry!! + */ + if(isset($_POST['inherit'])) + { + if($num != 0 && $_POST['photo_id'] != 0) + { + $linpha->db->Execute("DELETE FROM ".PREFIX."permissions WHERE photos_id = '".$linpha->sql->linAddslashes($_POST['photo_id'])."'"); + } + } + else + { + if(isset($_POST['group'])) + { + if(in_array('public',$_POST['group'])) + { + $str_groups = 'public'; + } + else + { + $str_groups = implode(';',$_POST['group']); + } + } + else + { + /** + * no group selected + * -> only admin has permissions + */ + $str_groups = ''; + } + + if($num != 0) + { + $linpha->db->Execute("UPDATE ".PREFIX."permissions SET permission = ';".$linpha->sql->linAddslashes($str_groups).";' " . + "WHERE photos_id = '".$linpha->sql->linAddslashes($_POST['photo_id'])."'"); + } + else + { + $linpha->db->Execute("INSERT into ".PREFIX."permissions (photos_id, perm_type, permission) VALUES (" . + "'".$linpha->sql->linAddslashes($_POST['photo_id'])."', 'read'," . + "';".$linpha->sql->linAddslashes($str_groups).";' )"); + } + } +} + +/** * set parameters */ if(isset($_GET['parent_id']) && $_GET['parent_id'] != 0) @@ -30,7 +87,7 @@ /** * get groups */ - $query = $GLOBALS['linpha']->db->Execute("SELECT id, name FROM ".PREFIX."groups"); + $query = $GLOBALS['linpha']->db->Execute("SELECT id, group_name FROM ".PREFIX."groups"); while($data = $query->FetchRow()) { $array_groups[$data[0]] = $data[1]; @@ -64,7 +121,7 @@ "WHERE id = '".linSql::linAddslashes($_GET['id'])."'"); $data = $query->FetchRow(); ?> - <form name="permission" method="POST" action="<?php echo LINPHA_DIR.'/admin/actions/save_permissions.php'; ?>"> + <form name="permission" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_view&parent_id='.$parent_id; ?>"> <h3>Change/Add permissions of folder/file "<?php echo $data[0]; ?>"</h3> <?php @@ -100,8 +157,9 @@ ?> <input type="hidden" name="photo_id" value="<?php echo $_GET['id']; ?>" /> <input type="hidden" name="parent_id" value="<?php echo $parent_id; ?>" /> + <input type="hidden" name="cmd" value="save_permissions" /> <input type="submit" name="submit" value="save" /> - <a href="<?php echo LINPHA_DIR.'/admin/?cat=permissions&parent_id='.$parent_id; ?>">cancel</a> + <a href="<?php echo LINPHA_DIR.'/admin/?cat=permissions_view&parent_id='.$parent_id; ?>">cancel</a> </form> <br /><br /> <?php @@ -116,12 +174,12 @@ <?php if(isset($_GET['parent_id']) && $_GET['parent_id'] != 0) { - echo ' (<a href="'.LINPHA_DIR.'/admin/?cat=permissions&parent_id=0">Show all folders</a>)'; + echo ' (<a href="'.LINPHA_DIR.'/admin/?cat=permissions_view&parent_id=0">Show all folders</a>)'; } ?> <br /> Permission set: <b><?php echo get_readable_perms($perm); ?></b> - (<a href="<?php echo LINPHA_DIR.'/admin/?cat=permissions&parent_id='.$parent_id.'&cmd=edit&id='.$parent_id; ?>">change</a>) + (<a href="<?php echo LINPHA_DIR.'/admin/?cat=permissions_view&parent_id='.$parent_id.'&cmd=edit&id='.$parent_id; ?>">change</a>) <br /><br /> <table border='1'> <tr> @@ -157,7 +215,7 @@ echo str_repeat(' >',$stage).' '; if($data['img_type']==0) { - echo '<a href="'.LINPHA_DIR.'/admin/?cat=permissions&parent_id='.$data['id'].'">'.$data['name'].'</a>'; + echo '<a href="'.LINPHA_DIR.'/admin/?cat=permissions_view&parent_id='.$data['id'].'">'.$data['name'].'</a>'; } else { @@ -190,11 +248,11 @@ if($i != 0) { - echo '<a href="'.LINPHA_DIR.'/admin/?cat=permissions&parent_id='.$GLOBALS['parent_id'].'&cmd=edit&id='.$data['id'].'">add</a>'; + echo '<a href="'.LINPHA_DIR.'/admin/?cat=permissions_view&parent_id='.$GLOBALS['parent_id'].'&cmd=edit&id='.$data['id'].'">add</a>'; } else { - echo '<a href="'.LINPHA_DIR.'/admin/?cat=permissions&parent_id='.$GLOBALS['parent_id'].'&cmd=edit&id='.$data['id'].'">change</a>'; + echo '<a href="'.LINPHA_DIR.'/admin/?cat=permissions_view&parent_id='.$GLOBALS['parent_id'].'&cmd=edit&id='.$data['id'].'">change</a>'; } echo '</td></tr>'; Added: trunk/linpha2/admin/permissions_usergroup.php =================================================================== --- trunk/linpha2/admin/permissions_usergroup.php (rev 0) +++ trunk/linpha2/admin/permissions_usergroup.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -0,0 +1,137 @@ +<?php +if(!defined('LINPHA_DIR')) { exit(1); } + +/** + * get groups + */ +echo '<b>'.i18n("Edit Group Members").'</b><br />'; +$query = $GLOBALS['linpha']->db->Execute("SELECT id, group_name FROM ".PREFIX."groups ORDER by group_name"); +while($data = $query->FetchRow()) +{ + echo '<a href="'.LINPHA_DIR.'/admin/?cat=permissions_usergroup&edit=group&id='.$data['id'].'">'.$data['group_name'].'</a><br />'; +} + +echo '<br /><br />'; + +/** + * get users + */ +echo '<b>'.i18n("Edit User Memberships").'</b><br />'; +$query = $GLOBALS['linpha']->db->Execute("SELECT id, username FROM ".PREFIX."users ORDER by username"); +while($data = $query->FetchRow()) +{ + echo '<a href="'.LINPHA_DIR.'/admin/?cat=permissions_usergroup&edit=user&id='.$data['id'].'">'.$data['username'].'</a><br />'; +} +?> +<br /><br /> +<hr /> +<br /><br /> +<?php +/** + * edit group members + */ +if(isset($_GET['edit'])) +{ + if($_GET['edit'] == 'group') + { + $column_name = 'group_id'; + $table_name = 'groups'; + $select_name = 'group_name'; + $other_select_name = 'username'; + $other_table_name = 'users'; + } + elseif($_GET['edit'] == 'user') + { + $column_name = 'user_id'; + $table_name = 'users'; + $select_name = 'username'; + $other_select_name = 'group_name'; + $other_table_name = 'groups'; + } + else + { + die("no access"); + } + + /** + * save data + */ + if(isset($_POST['cmd']) && $_POST['cmd'] == 'edit') + { + /** + * delete all entries of current user + */ + $GLOBALS['linpha']->db->Execute("DELETE FROM ".PREFIX."user_group WHERE ".$column_name." = '".LinSql::linAddslashes($_GET['id'])."'"); + + /** + * add new entries if exists + */ + if(isset($_POST['usergroup'])) + { + foreach($_POST['usergroup'] AS $value) + { + if($_GET['edit']=='group') + { + $userid = LinSql::linAddslashes($value); + $groupid = LinSql::linAddslashes($_GET['id']); + } + elseif($_GET['edit']=='user') + { + $userid = LinSql::linAddslashes($_GET['id']); + $groupid = LinSql::linAddslashes($value); + } + $GLOBALS['linpha']->db->Execute("INSERT into ".PREFIX."user_group (user_id, group_id) VALUES ('".$userid."','".$groupid."')"); + } + } + } + + /** + * get informations + */ + $data = $GLOBALS['linpha']->db->GetRow("SELECT ".$select_name." FROM ".PREFIX.$table_name." WHERE id = '".LinSql::linAddslashes($_GET['id'])."'"); + echo '<b>'.i18n("Edit").': '.$data[$select_name].'</b><br />'; + + /** + * get all groups/users + */ + ?> + <form method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_usergroup&edit=user&id='.$_GET['id']; ?>"> + <select name="usergroup[]" size="5" style="width: 200;" multiple="multiple"> + <?php + $query = $GLOBALS['linpha']->db->Execute("SELECT id, ".$other_select_name." FROM ".PREFIX.$other_table_name." ORDER by ".$other_select_name); + while($data = $query->FetchRow()) + { + /** + * check if selected + */ + if($_GET['edit']=='group') + { + $userid = $data['id']; + $groupid = LinSql::linAddslashes($_GET['id']); + } + elseif($_GET['edit']=='user') + { + $userid = LinSql::linAddslashes($_GET['id']); + $groupid = $data['id']; + } + $data2 = $GLOBALS['linpha']->db->GetRow("SELECT id FROM ".PREFIX."user_group WHERE user_id = '".$userid."' AND group_id = '".$groupid."'"); + if(isset($data2['id'])) + { + $checked = ' selected="selected"'; + } + else + { + $checked = ''; + } + + echo '<option value="'.$data['id'].'"'.$checked.'>'.$data[$other_select_name].'</option>'; + } + ?> + <input type="hidden" name="cmd" value="edit" /> + <input type="submit" name="submit" value="<?php echo i18n("Submit"); ?>" /> + </select> + </form> + <?php + +} +?> \ No newline at end of file Added: trunk/linpha2/admin/permissions_users.php =================================================================== --- trunk/linpha2/admin/permissions_users.php (rev 0) +++ trunk/linpha2/admin/permissions_users.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -0,0 +1,156 @@ +<?php +if(!defined('LINPHA_DIR')) { exit(1); } + +/** + * save data + */ +if(isset($_POST['cmd'])) +{ + /** + * @todo use something like htmlspecialchars() ? + */ + switch($_POST['cmd']) + { + case 'mod_user': + + /** + * update password + * only if it is not empty + */ + if(empty($_POST['mod_user_pass'])) + { + $new_password = ""; + } else { + $md5_pass = md5($_POST['mod_user_pass']); + $new_password = "password='".$md5_pass."', "; + } + + $GLOBALS['linpha']->db->Execute("UPDATE ".PREFIX."users SET ". + "username='".LinSql::linAddslashes($_POST['mod_user_name'])."', ". + "display_name='".LinSql::linAddslashes($_POST['mod_user_fullname'])."', ". + $new_password. + "email='".LinSql::linAddslashes($_POST['mod_user_mail'])."' ". + "WHERE id='".LinSql::linAddslashes($_POST['id'])."'"); + + /** + * if current account is changed update session variables and login cookie + */ + if($_POST['old_user_name'] == $_SESSION['user_name']) + { + $_SESSION['user_name'] = $_POST['mod_user_name']; + $_SESSION['user_displayname'] = (empty($_POST['mod_user_fullname'])) ? $_POST['mod_user_name'] : $_POST['mod_user_fullname']; //Store user fullname. If fullname is blank - store username. + + /** + * does not work, because headers are already sent + * + if(isset($_COOKIE["linpha_userid"]) && + isset($_COOKIE["linpha_password"]) && + isset($md5_pass)) + { + $GLOBALS['linpha']->sql->setLinphaCookie($_POST['id'], $md5_pass); + }*/ + } + + break; + case 'del_user': + $GLOBALS['linpha']->db->Execute("DELETE FROM ".PREFIX."users WHERE id='".LinSql::linAddslashes($_POST['id'])."'"); + break; + case 'new_user': + $GLOBALS['linpha']->db->Execute("INSERT INTO ".PREFIX."users " . + "(username, password, email, display_name) ". + "VALUES " . + "('".LinSql::linAddslashes($_POST['new_user_name'])."', '".md5($_POST['new_user_pass'])."', ". + "'".LinSql::linAddslashes($_POST['new_user_mail'])."', '".LinSql::linAddslashes($_POST['new_user_fullname'])."')"); + break; + } +} + +/** + * @todo !! + */ +function smart_htmlspecialchars($str) +{ + return $str; +} + +?> +<table border="1"> + <tr> + <td><b><?php echo i18n("Username"); ?></b></td> + <td><b><?php echo i18n("Display Name"); ?></b></td> + <td><b><?php echo i18n("Password"); ?></b></td> + <td><b><?php echo i18n("Email"); ?></b></td> + <td><b><?php echo i18n("Actions"); ?></b></td> + </tr> +<?php + /** + * show users + */ + $query = $GLOBALS['linpha']->db->Execute("SELECT id, username, display_name, email FROM ".PREFIX."users ORDER BY username"); + while($data = $query->FetchRow()) + { + ?> + <tr> + <form name="mod_user" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_users'; ?>"> + <td> + <input type="text" name="mod_user_name" size="20" maxlength="255" value="<?php echo smart_htmlspecialchars($data['username'], ENT_QUOTES); ?>"> + </td> + <td> + <input type="text" name="mod_user_fullname" size="20" maxlength="255" value="<?php echo smart_htmlspecialchars($data['display_name'], ENT_QUOTES); ?>"> + </td> + <td> + <input type="password" name="mod_user_pass" size="20" maxlength="255"> + </td> + <td> + <input type="text" name="mod_user_mail" size="20" maxlength="255" value="<?php echo $data['email']; ?>"> + </td> + <td> + <input type="hidden" name="id" value="<?php echo $data['id']; ?>"> + <input type="hidden" name="old_user_name" value="<?php echo smart_htmlspecialchars($data['username'], ENT_QUOTES); ?>"> + <input type="hidden" name="cmd" value="mod_user"> + <input type="submit" value="<?php echo i18n("Modify User"); ?>" style="float: left;"> + </form> + + <form name="edit_groups" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_usergroup&userid='.$data['id']; ?>"> + <input type="submit" name="edit_groups" value="<?php echo i18n("Edit Groups"); ?>" style="float: left;"> + </form> + + <form name="del_user" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_users'; ?>"> + <input type="hidden" name="id" value="<?php echo $data['id']; ?>"> + <input type="hidden" name="cmd" value="del_user"> + <input type="submit" value="<?php echo i18n("Delete"); ?>" style="float: left;"> + </form> + </td> + </tr> + <?php + } + + /** + * add new user + */ + ?> + <form name="new_user" method="POST" action="<?php echo LINPHA_DIR.'/admin/?cat=permissions_users'; ?>"> + <tr> + <td><input type="text" name="new_user_name" size="20" maxlength="255"></td> + <td><input type="text" name="new_user_fullname" size="20" maxlength="255"></td> + <td><input type="password" name="new_user_pass" size="20" maxlength="255"></td> + <td><input type="text" name="new_user_mail" size="20" maxlength="255"></td> + <td> + <input type="hidden" name="cmd" value="new_user"> + <input type="submit" value="<?php echo i18n("Create User"); ?>" onclick="return checkPassLength();"> + </td> + </tr> + </form> +</table> + +<script language="JavaScript" type="text/javascript"> +function checkPassLength() +{ + if(document.new_user.new_user_pass.value.length <3 ) + { + alert ('<?php echo i18n("Password To Short"); ?>'); + document.new_user.new_user_pass.focus(); + return false; + } +} +</script> \ No newline at end of file Modified: trunk/linpha2/docs/TODO.txt =================================================================== --- trunk/linpha2/docs/TODO.txt 2006-04-07 19:58:20 UTC (rev 4486) +++ trunk/linpha2/docs/TODO.txt 2006-04-07 21:56:10 UTC (rev 4487) @@ -8,13 +8,19 @@ Currently the no-javscript site is loaded with a javascript location.href to the javascript enabled site -> High Pageload, LinSysLog doesnt work -- define installer behaviour - - if installation is complete, the user must delete the install/ folder ? - - user have to delete var/sql/config.sql.php before another installation can continue ? +## Big Todos + +- Installer + - define final installer behaviour + - if installation is complete, the user must delete the install/ folder ? (install/ignore_delete_install_msg.txt) + - user have to delete var/sql/config.sql.php before another installation can continue ? -> otherwise it would be possible to overwrite the current installation, (and to delete cache folders) - -> should we really delete the content of the cache folders? what if the user specify wrongly the album folder as the cache folder...?? + -> should we really delete the content of the cache folders? + - what if the user specify wrongly the album folder as the cache folder...?? + - what if a hacker gets access to the install and specify '/' as cache folder...?? + -> an idea: only delete content of tmp, cache and sql folders if they are not changed + - DONT add feature to drop tables if they already exists -## Big Todos - get_image.php (Image View, Image Cache) - Search (copy from linpha1) - Basket (finish) Modified: trunk/linpha2/install/sql/sql.mysql.php =================================================================== --- trunk/linpha2/install/sql/sql.mysql.php 2006-04-07 19:58:20 UTC (rev 4486) +++ trunk/linpha2/install/sql/sql.mysql.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -32,10 +32,10 @@ ")", "CREATE TABLE ".$linpha_tables['users']." ( ". "id INT NOT NULL AUTO_INCREMENT , " . - "username VARCHAR(255) NOT NULL , " . - "password VARCHAR(32) NOT NULL , " . - "email VARCHAR(255) NOT NULL , " . - "display_name VARCHAR(255) NOT NULL , " . + "username VARCHAR(255) NOT NULL default '' , " . + "password VARCHAR(32) NOT NULL default '' , " . + "email VARCHAR(255) NOT NULL default '' , " . + "display_name VARCHAR(255) NOT NULL default '' , " . "stats_downloads INT NOT NULL , " . "stats_downloads_size INT NOT NULL, " . "PRIMARY KEY (id) " . Modified: trunk/linpha2/install/sql/sql.postgres.php =================================================================== --- trunk/linpha2/install/sql/sql.postgres.php 2006-04-07 19:58:20 UTC (rev 4486) +++ trunk/linpha2/install/sql/sql.postgres.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -23,14 +23,29 @@ $sql_tables = array( "CREATE TABLE ".$linpha_tables['config']." ( ". "id SERIAL PRIMARY KEY, " . - "option_name VARCHAR(50) NOT NULL default '', " . - "option_value VARCHAR(100) NOT NULL default '', " . - "userid INT default '0' " . + "option_name VARCHAR(255) NOT NULL default '', " . + "option_value VARCHAR(255) NOT NULL default '', " . + "userid INT default '0', " . + "override INT default '0' " . ")", + "CREATE TABLE ".$linpha_tables['users']." ( ". + "id SERIAL PRIMARY KEY, " . + "username VARCHAR(255) NOT NULL default '' , " . + "password VARCHAR(32) NOT NULL default '' , " . + "email VARCHAR(255) NOT NULL default '' , " . + "display_name VARCHAR(255) NOT NULL default '' , " . + "stats_downloads INT NOT NULL default 0 , " . + "stats_downloads_size INT NOT NULL default 0 " . + ")", "CREATE TABLE ".$linpha_tables['groups']." ( ". "id SERIAL PRIMARY KEY, " . - "name VARCHAR(100) NOT NULL default '' " . + "group_name VARCHAR(255) NOT NULL default '' " . ")", + "CREATE TABLE ".$linpha_tables['user_group']." ( ". + "id SERIAL PRIMARY KEY, " . + "group_id INT NOT NULL default 0, " . + "user_id INT NOT NULL default 0" . + ")", "CREATE TABLE ".$linpha_tables['permissions']." ( ". "id SERIAL PRIMARY KEY, " . "photos_id INT NOT NULL default '0', " . Modified: trunk/linpha2/install/sql/sql.sqlite.php =================================================================== --- trunk/linpha2/install/sql/sql.sqlite.php 2006-04-07 19:58:20 UTC (rev 4486) +++ trunk/linpha2/install/sql/sql.sqlite.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -24,14 +24,29 @@ $sql_tables = array( "CREATE TABLE ".$linpha_tables['config']." ( ". "id SMALLINT PRIMARY KEY, " . - "option_name VARCHAR(50) NOT NULL default '', " . - "option_value VARCHAR(100) NOT NULL default '', " . - "userid MEDIUMINT unsigned default '0' " . + "option_name VARCHAR(255) NOT NULL default '', " . + "option_value VARCHAR(255) NOT NULL default '', " . + "userid INT default '0', " . + "override INT default '0' " . ")", + "CREATE TABLE ".$linpha_tables['users']." ( ". + "id INTEGER PRIMARY KEY, " . + "username VARCHAR(255) NOT NULL default '' , " . + "password VARCHAR(32) NOT NULL default '' , " . + "email VARCHAR(255) NOT NULL default '' , " . + "display_name VARCHAR(255) NOT NULL default '' , " . + "stats_downloads INT NOT NULL default '0'' , " . + "stats_downloads_size INT NOT NULL default '0'' " . + ")", "CREATE TABLE ".$linpha_tables['groups']." ( ". "id INTEGER PRIMARY KEY, " . - "name VARCHAR(100) NOT NULL default '' " . + "group_name VARCHAR(255) NOT NULL default '' " . ")", + "CREATE TABLE ".$linpha_tables['user_group']." ( ". + "id INTEGER PRIMARY KEY, " . + "group_id INT NOT NULL default '0', " . + "user_id INT NOT NULL default '0'" . + ")", "CREATE TABLE ".$linpha_tables['permissions']." ( ". "id INTEGER PRIMARY KEY, " . "photos_id INTEGER NOT NULL default '0', " . Modified: trunk/linpha2/lib/classes/linpha.sql.class.php =================================================================== --- trunk/linpha2/lib/classes/linpha.sql.class.php 2006-04-07 19:58:20 UTC (rev 4486) +++ trunk/linpha2/lib/classes/linpha.sql.class.php 2006-04-07 21:56:10 UTC (rev 4487) @@ -226,7 +226,7 @@ $data = $GLOBALS['linpha']->db->GetRow("SELECT id, username, password, id, display_name FROM ".PREFIX."users ". "WHERE username='".LinSql::linAddslashes($_POST['username'])."'"); - if( $_POST['username'] == $data['username'] && md5($_POST['password']) == $data['password']) + if( isset($data['username']) && isset($data['password']) && $_POST['username'] == $data['username'] && md5($_POST['password']) == $data['password']) { /** * Log sucessfull login This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |