123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932 |
- <?php
-
- /* Poweradmin, a friendly web-based admin tool for PowerDNS.
- * See <http://www.poweradmin.org> for more details.
- *
- * Copyright 2007-2009 Rejo Zenger <rejo@zenger.nl>
- * Copyright 2010-2014 Poweradmin Development Team
- * <http://www.poweradmin.org/credits.html>
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
- /**
- * User profile functions
- *
- * @package Poweradmin
- * @copyright 2007-2010 Rejo Zenger <rejo@zenger.nl>
- * @copyright 2010-2014 Poweradmin Development Team
- * @license http://opensource.org/licenses/GPL-3.0 GPL
- */
- require_once("inc/toolkit.inc.php");
-
- /** Verify User has Permission Name
- *
- * Function to see if user has right to do something. It will check if
- * user has "ueberuser" bit set. If it isn't, it will check if the user has
- * the specific permission. It returns "false" if the user doesn't have the
- * right, and "true" if the user has.
- *
- * @param string $permission Permission name
- *
- * @return boolean true if user has permission, false otherwise
- */
- function verify_permission($permission) {
- global $db;
-
- if ((!isset($_SESSION['userid'])) || (!is_object($db))) {
- return 0;
- }
-
- // Set current user ID.
- $userid = $_SESSION['userid'];
-
- $query = 'SELECT id FROM perm_items WHERE name=' . $db->quote('user_is_ueberuser', 'text');
- $ueberUserId = $db->queryOne($query);
-
- // Find the template ID that this user has been assigned.
- $query = "SELECT perm_templ
- FROM users
- WHERE id = " . $db->quote($userid, 'integer');
- $templ_id = $db->queryOne($query);
-
- // Does this user have ueberuser rights?
- $query = "SELECT id
- FROM perm_templ_items
- WHERE templ_id = " . $db->quote($templ_id, 'integer') . "
- AND perm_id = " . $ueberUserId;
-
- if ($db->queryOne($query)) {
- return true;
- }
-
- // Find the permission ID for the requested permission.
- $query = "SELECT id
- FROM perm_items
- WHERE name = " . $db->quote($permission, 'text');
- $perm_id = $db->queryOne($query);
-
- // Check if the permission ID is assigned to the template ID.
- $query = "SELECT id
- FROM perm_templ_items
- WHERE templ_id = " . $db->quote($templ_id, 'integer') . "
- AND perm_id = " . $db->quote($perm_id, 'integer');
-
- return ($db->queryOne($query) ? true : false);
- }
-
- /** Get a list of all available permission templates
- *
- * @return mixed[] array of templates [id, name, descr]
- */
- function list_permission_templates() {
- global $db;
- $query = "SELECT * FROM perm_templ ORDER BY name";
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- $template_list = array();
- while ($template = $response->fetchRow()) {
- $template_list[] = array(
- "id" => $template['id'],
- "name" => $template['name'],
- "descr" => $template['descr']
- );
- }
- return $template_list;
- }
-
- /** Retrieve all users
- *
- * Its to show_users therefore the odd name. Has to be changed.
- *
- * @param int $id Exclude User ID
- * @param int $rowstart Startring row number
- * @param int $rowamount Number of rows to return this query
- *
- * @return mixed[] array with all users [id,username,fullname,email,description,active,numdomains]
- */
- function show_users($id = '', $rowstart = 0, $rowamount = 9999999) {
- global $db;
- $add = '';
- if (is_numeric($id)) {
- //When a user id is given, it is excluded from the userlist returned.
- $add = " WHERE users.id!=" . $db->quote($id, 'integer');
- }
-
- // Make a huge query.
- $query = "SELECT users.id AS id,
- users.username AS username,
- users.fullname AS fullname,
- users.email AS email,
- users.description AS description,
- users.active AS active,
- users.perm_templ AS perm_templ,
- count(zones.owner) AS aantal FROM users
- LEFT JOIN zones ON users.id=zones.owner$add
- GROUP BY
- users.id,
- users.username,
- users.fullname,
- users.email,
- users.description,
- users.perm_templ,
- users.active
- ORDER BY
- users.fullname";
-
- // Execute the huge query.
- $db->setLimit($rowamount, $rowstart);
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
- $ret = array();
- while ($r = $response->fetchRow()) {
- $ret[] = array(
- "id" => $r["id"],
- "username" => $r["username"],
- "fullname" => $r["fullname"],
- "email" => $r["email"],
- "description" => $r["description"],
- "active" => $r["active"],
- "numdomains" => $r["aantal"]
- );
- }
- return $ret;
- }
-
- /** Check if Valid User
- *
- * Check if the given $userid is connected to a valid user.
- *
- * @param int $id User ID
- *
- * @return boolean true if user exists, false if users doesnt exist
- */
- function is_valid_user($id) {
- global $db;
- if (is_numeric($id)) {
- $response = $db->queryOne("SELECT id FROM users WHERE id=" . $db->quote($id, 'integer'));
- return ($response ? true : false);
- }
- }
-
- /** Check if Username Exists
- *
- * Checks if a given username exists in the database.
- *
- * @param string $user Username
- *
- * @return boolean true if exists, false if not
- */
- function user_exists($user) {
- global $db;
- $response = $db->queryOne("SELECT id FROM users WHERE username=" . $db->quote($user, 'text'));
- return ($response ? true : false);
- }
-
- /** Delete User ID
- *
- * Delete a user from the system. Will also delete zones owned by user or
- * re-assign those zones to a new specified owner.
- * $zones is an array of zone 'zid's to delete or re-assign depending on
- * 'target' value [delete,new_owner] and 'newowner' value
- *
- * @param int $uid User ID to delete
- * @param mixed[] $zones Array of zones
- *
- * @return boolean true on success, false otherwise
- */
- function delete_user($uid, $zones) {
- global $db;
-
- if (($uid != $_SESSION['userid'] && !verify_permission('user_edit_others')) || ($uid == $_SESSION['userid'] && !verify_permission('user_edit_own'))) {
- error(ERR_PERM_DEL_USER);
- return false;
- } else {
-
- if (is_array($zones)) {
- foreach ($zones as $zone) {
- if ($zone['target'] == "delete") {
- delete_domain($zone['zid']);
- } elseif ($zone['target'] == "new_owner") {
- add_owner_to_zone($zone['zid'], $zone['newowner']);
- }
- }
- }
-
- $query = "DELETE FROM zones WHERE owner = " . $db->quote($uid, 'integer');
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- $query = "DELETE FROM users WHERE id = " . $db->quote($uid, 'integer');
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- delete_zone_templ_userid($uid);
- }
- return true;
- }
-
- /** Delete Permission Template ID
- *
- * @param int $ptid Permission template ID
- *
- * @return boolean true on success, false otherwise
- */
- function delete_perm_templ($ptid) {
-
- global $db;
- if (!(verify_permission('user_edit_templ_perm'))) {
- error(ERR_PERM_DEL_PERM_TEMPL);
- } else {
- $query = "SELECT id FROM users WHERE perm_templ = " . $ptid;
- $response = $db->queryOne($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- if ($response) {
- error(ERR_PERM_TEMPL_ASSIGNED);
- return false;
- } else {
- $query = "DELETE FROM perm_templ_items WHERE templ_id = " . $ptid;
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- $query = "DELETE FROM perm_templ WHERE id = " . $ptid;
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- return true;
- }
- }
- }
-
- /** Modify User Details
- *
- * Edit the information of an user.. sloppy implementation with too many queries.. (2) :)
- *
- * @param int $id User ID
- * @param string $user Username
- * @param string $fullname Full Name
- * @param string $email Email address
- * @param string $perm_templ Permission Template Name
- * @param string $description Description
- * @param int $active Active User
- * @param string $password Password
- *
- * @return boolean true if succesful, false otherwise
- */
- function edit_user($id, $user, $fullname, $email, $perm_templ, $description, $active, $password) {
- global $db;
- global $password_encryption;
-
- verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0";
- verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0";
-
- if (($id == $_SESSION["userid"] && $perm_edit_own == "1") || ($id != $_SESSION["userid"] && $perm_edit_others == "1" )) {
-
- if (!is_valid_email($email)) {
- error(ERR_INV_EMAIL);
- return false;
- }
-
- if ($active != 1) {
- $active = 0;
- }
-
- // Before updating the database we need to check whether the user wants to
- // change the username. If the user wants to change the username, we need
- // to make sure it doesn't already exists.
- //
- // First find the current username of the user ID we want to change. If the
- // current username is not the same as the username that was given by the
- // user, the username should apparantly changed. If so, check if the "new"
- // username already exists.
-
- $query = "SELECT username FROM users WHERE id = " . $db->quote($id, 'integer');
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- $usercheck = array();
- $usercheck = $response->fetchRow();
-
- if ($usercheck['username'] != $user) {
-
- // Username of user ID in the database is different from the name
- // we have been given. User wants a change of username. Now, make
- // sure it doesn't already exist.
-
- $query = "SELECT id FROM users WHERE username = " . $db->quote($user, 'text');
- $response = $db->queryOne($query);
- if ($response) {
- error(ERR_USER_EXIST);
- return false;
- }
- }
-
- // So, user doesn't want to change username or, if he wants, there is not
- // another user that goes by the wanted username. So, go ahead!
-
- $query = "UPDATE users SET
- username = " . $db->quote($user, 'text') . ",
- fullname = " . $db->quote($fullname, 'text') . ",
- email = " . $db->quote($email, 'text') . ",";
- if (verify_permission('user_edit_templ_perm')) {
- $query .= "perm_templ = " . $db->quote($perm_templ, 'integer') . ",";
- }
- $query .= "description = " . $db->quote($description, 'text') . ",
- active = " . $db->quote($active, 'integer');
-
- if ($password != "") {
- if ($password_encryption == 'md5salt') {
- $query .= ", password = " . $db->quote(gen_mix_salt($password), 'text');
- } else {
- $query .= ", password = " . $db->quote(md5($password), 'text');
- }
- }
-
- $query .= " WHERE id = " . $db->quote($id, 'integer');
-
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
- } else {
- error(ERR_PERM_EDIT_USER);
- return false;
- }
- return true;
- }
-
- /** Change User Password
- *
- * Change the pass of the user.
- * The user is automatically logged out after the pass change.
- *
- * @param mixed[] $details User Details
- *
- * @return null
- */
- function change_user_pass($details) {
- global $db;
- global $password_encryption;
-
- if ($details['newpass'] != $details['newpass2']) {
- error(ERR_USER_MATCH_NEW_PASS);
- return false;
- }
-
- $query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION["userlogin"], 'text');
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- $rinfo = $response->fetchRow();
-
- if ($password_encryption == 'md5salt') {
- $extracted_salt = extract_salt($rinfo['password']);
- $current_password = mix_salt($extracted_salt, $details['currentpass']);
- } else {
- $current_password = md5($details['currentpass']);
- }
-
- if ($current_password == $rinfo['password']) {
- if ($password_encryption == 'md5salt') {
- $query = "UPDATE users SET password = " . $db->quote(gen_mix_salt($details['newpass']), 'text') . " WHERE id = " . $db->quote($rinfo['id'], 'integer');
- } else {
- $query = "UPDATE users SET password = " . $db->quote(md5($details['newpass']), 'text') . " WHERE id = " . $db->quote($rinfo['id'], 'integer');
- }
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- logout(_('Password has been changed, please login.'), 'success');
- } else {
- error(ERR_USER_WRONG_CURRENT_PASS);
- return false;
- }
- }
-
- /** Get User FullName from User ID
- *
- * Get a fullname when you have a userid.
- * @param int $id User ID
- *
- * @return string Full Name
- */
- function get_fullname_from_userid($id) {
- global $db;
- if (is_numeric($id)) {
- $response = $db->query("SELECT fullname FROM users WHERE id=" . $db->quote($id, 'integer'));
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
- $r = $response->fetchRow();
- return $r["fullname"];
- } else {
- error(ERR_INV_ARG);
- return false;
- }
- }
-
- /** Get User FullName from User ID
- * fixme: Duplicate function
- *
- * Get a fullname when you have a userid.
- * @param int $id User ID
- *
- * @return string Full Name
- */
- function get_owner_from_id($id) {
- global $db;
- if (is_numeric($id)) {
- $response = $db->queryRow("SELECT fullname FROM users WHERE id=" . $db->quote($id, 'integer'));
-
- if ($response) {
- return $response["fullname"];
- } else {
- error(ERR_USER_NOT_EXIST);
- }
- }
- error(ERR_INV_ARG);
- }
-
- /** Get Full Names of owners for a Domain ID
- *
- * @todo also fetch the subowners
- *
- * @param int $id Domain ID
- *
- * @return string[] array of owners for domain
- */
- function get_fullnames_owners_from_domainid($id) {
-
- global $db;
- if (is_numeric($id)) {
- $response = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=" . $db->quote($id, 'integer') . " AND zones.owner=users.id ORDER by fullname");
- if ($response) {
- $names = array();
- while ($r = $response->fetchRow()) {
- $names[] = $r['fullname'];
- }
- return implode(', ', $names);
- }
- return "";
- }
- error(ERR_INV_ARG);
- }
-
- /** Verify User is Zone ID owner
- *
- * @param int $zoneid Zone ID
- *
- * @return int 1 if owner, 0 if not owner
- */
- function verify_user_is_owner_zoneid($zoneid) {
- global $db;
-
- $userid = $_SESSION["userid"];
- if (is_numeric($zoneid)) {
- $response = $db->queryOne("SELECT zones.id FROM zones
- WHERE zones.owner = " . $db->quote($userid, 'integer') . "
- AND zones.domain_id = " . $db->quote($zoneid, 'integer'));
- return ($response ? "1" : "0");
- }
- error(ERR_INV_ARG);
- }
-
- /** Get User Details
- *
- * Gets an array of all users and their details
- *
- * @param int $specific User ID (optional)
- *
- * @return mixed[] array of user details
- */
- function get_user_detail_list($specific) {
- global $db;
- global $ldap_use;
-
- $userid = $_SESSION['userid'];
-
- // fixme: does this actually verify the permission?
- if (v_num($specific)) {
- $sql_add = "AND users.id = " . $db->quote($specific, 'integer');
- } else {
- if (verify_permission('user_view_others')) {
- $sql_add = "";
- } else {
- $sql_add = "AND users.id = " . $db->quote($userid, 'integer');
- }
- }
-
- $query = "SELECT users.id AS uid,
- username,
- fullname,
- email,
- description AS descr,
- active,";
- if ($ldap_use) {
- $query .= "use_ldap,";
- }
-
- $query .= "perm_templ.id AS tpl_id,
- perm_templ.name AS tpl_name,
- perm_templ.descr AS tpl_descr
- FROM users, perm_templ
- WHERE users.perm_templ = perm_templ.id "
- . $sql_add . "
- ORDER BY username";
-
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- while ($user = $response->fetchRow()) {
- $userlist[] = array(
- "uid" => $user['uid'],
- "username" => $user['username'],
- "fullname" => $user['fullname'],
- "email" => $user['email'],
- "descr" => $user['descr'],
- "active" => $user['active'],
- "use_ldap" => $user['use_ldap'],
- "tpl_id" => $user['tpl_id'],
- "tpl_name" => $user['tpl_name'],
- "tpl_descr" => $user['tpl_descr']
- );
- }
- return $userlist;
- }
-
- /** Get List of Permissions
- *
- * Get a list of permissions that are available. If first argument is "0", it
- * should return all available permissions. If the first argument is > "0", it
- * should return the permissions assigned to that particular template only. If
- * second argument is true, only the permission names are returned.
- *
- * @param int $templ_id Template ID (optional) [default=0]
- * @param boolean $return_name_only Return name only or all details (optional) [default=false]
- *
- * @return mixed[] array of permissions [id,name,descr] or permission names [name]
- */
- function get_permissions_by_template_id($templ_id = 0, $return_name_only = false) {
- global $db;
-
- $limit = '';
- if ($templ_id > 0) {
- $limit = ", perm_templ_items
- WHERE perm_templ_items.templ_id = " . $db->quote($templ_id, 'integer') . "
- AND perm_templ_items.perm_id = perm_items.id";
- }
-
- $query = "SELECT perm_items.id AS id,
- perm_items.name AS name,
- perm_items.descr AS descr
- FROM perm_items"
- . $limit . "
- ORDER BY name";
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- $permission_list = array();
- while ($permission = $response->fetchRow()) {
- if ($return_name_only == false) {
- $permission_list[] = array(
- "id" => $permission['id'],
- "name" => $permission['name'],
- "descr" => $permission['descr']
- );
- } else {
- $permission_list[] = $permission['name'];
- }
- }
- return $permission_list;
- }
-
- /** Get name and description of template from Template ID
- *
- * @param int $templ_id Template ID
- *
- * @return mixed[] Template details
- */
- function get_permission_template_details($templ_id) {
- global $db;
-
- $query = "SELECT *
- FROM perm_templ
- WHERE perm_templ.id = " . $db->quote($templ_id, 'integer');
-
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- $details = $response->fetchRow();
- return $details;
- }
-
- /** Add a Permission Template
- *
- * @param mixed[] $details Permission template details [templ_name,templ_descr,perm_id]
- *
- * @return boolean true on success, false otherwise
- */
- function add_perm_templ($details) {
- global $db;
- global $db_layer;
- global $db_type;
-
- // Fix permission template name and description first.
-
- $query = "INSERT INTO perm_templ (name, descr)
- VALUES ("
- . $db->quote($details['templ_name'], 'text') . ", "
- . $db->quote($details['templ_descr'], 'text') . ")";
-
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- if ($db_layer == 'MDB2' && ($db_type == 'mysql' || $db_type == 'pgsql')) {
- $perm_templ_id = $db->lastInsertId('perm_templ', 'id');
- } else if ($db_layer == 'PDO' && $db_type == 'pgsql') {
- $perm_templ_id = $db->lastInsertId('perm_templ_id_seq');
- } else {
- $perm_templ_id = $db->lastInsertId();
- }
-
- if (isset($details['perm_id'])) {
- foreach ($details['perm_id'] AS $perm_id) {
- $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($perm_templ_id, 'integer') . "," . $db->quote($perm_id, 'integer') . ")";
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
- }
- }
-
- return true;
- }
-
- /** Update permission template details
- *
- * @param mixed[] $details Permission Template Details
- *
- * @return boolean true on success, false otherwise
- */
- function update_perm_templ_details($details) {
- global $db;
-
- // Fix permission template name and description first.
-
- $query = "UPDATE perm_templ
- SET name = " . $db->quote($details['templ_name'], 'text') . ",
- descr = " . $db->quote($details['templ_descr'], 'text') . "
- WHERE id = " . $db->quote($details['templ_id'], 'integer');
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- // Now, update list of permissions assigned to this template. We could do
- // this The Correct Way [tm] by comparing the list of permissions that are
- // currently assigned with a list of permissions that should be assigned and
- // apply the difference between these two lists to the database. That sounds
- // like too much work. Just delete all the permissions currently assigned to
- // the template, than assign all the permessions the template should have.
-
- $query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details['templ_id'];
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- if (isset($details['perm_id'])) {
- foreach ($details['perm_id'] AS $perm_id) {
- $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($details['templ_id'], 'integer') . "," . $db->quote($perm_id, 'integer') . ")";
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
- }
- }
-
- return true;
- }
-
- /** Update User Details
- *
- * @param mixed[] $details User details
- *
- * @return boolean true on success, false otherise
- */
- function update_user_details($details) {
-
- global $db;
- global $password_encryption;
-
- verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0";
- verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0";
- verify_permission('templ_perm_edit') ? $perm_templ_perm_edit = "1" : $perm_templ_perm_edit = "0";
- verify_permission('user_is_ueberuser') ? $perm_is_godlike = "1" : $perm_is_godlike = "0";
-
- if (($details['uid'] == $_SESSION["userid"] && $perm_edit_own == "1") ||
- ($details['uid'] != $_SESSION["userid"] && $perm_edit_others == "1" )) {
-
- if (!is_valid_email($details['email'])) {
- error(ERR_INV_EMAIL);
- return false;
- }
-
- if (!isset($details['active']) || $details['active'] != "on") {
- $active = 0;
- } else {
- $active = 1;
- }
- if (isset($details['use_ldap'])) {
- $use_ldap = 1;
- } else {
- $use_ldap = 0;
- }
-
- // Before updating the database we need to check whether the user wants to
- // change the username. If the user wants to change the username, we need
- // to make sure it doesn't already exists.
- //
- // First find the current username of the user ID we want to change. If the
- // current username is not the same as the username that was given by the
- // user, the username should apparantly changed. If so, check if the "new"
- // username already exists.
- $query = "SELECT username FROM users WHERE id = " . $db->quote($details['uid'], 'integer');
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- $usercheck = array();
- $usercheck = $response->fetchRow();
-
- if ($usercheck['username'] != $details['username']) {
- // Username of user ID in the database is different from the name
- // we have been given. User wants a change of username. Now, make
- // sure it doesn't already exist.
- $query = "SELECT id FROM users WHERE username = " . $db->quote($details['username'], 'text');
- $response = $db->queryOne($query);
- if ($response) {
- error(ERR_USER_EXIST);
- return false;
- }
- }
-
- // So, user doesn't want to change username or, if he wants, there is not
- // another user that goes by the wanted username. So, go ahead!
-
- $query = "UPDATE users SET
- username = " . $db->quote($details['username'], 'text') . ",
- fullname = " . $db->quote($details['fullname'], 'text') . ",
- email = " . $db->quote($details['email'], 'text') . ",
- description = " . $db->quote($details['descr'], 'text') . ",
- active = " . $db->quote($active, 'integer');
-
- // If the user is alllowed to change the permission template, set it.
- if ($perm_templ_perm_edit == "1") {
- $query .= ", perm_templ = " . $db->quote($details['templ_id'], 'integer');
- }
-
- // If the user is allowed to change the use_ldap flag, set it.
- if ($perm_is_godlike == "1") {
- $query .= ", use_ldap = " . $db->quote($use_ldap, 'integer');
- }
-
- if (isset($details['password']) && $details['password'] != "") {
- if ($password_encryption == 'md5salt') {
- $query .= ", password = " . $db->quote(gen_mix_salt($details['password']), 'text');
- } else {
- $query .= ", password = " . $db->quote(md5($details['password']), 'text');
- }
- }
-
- $query .= " WHERE id = " . $db->quote($details['uid'], 'integer');
-
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
- } else {
- error(ERR_PERM_EDIT_USER);
- return false;
- }
- return true;
- }
-
- /** Add a new user
- *
- * @param mixed[] $details Array of User details
- *
- * @return boolean true on success, false otherwise
- */
- function add_new_user($details) {
- global $db;
- global $password_encryption;
-
- if (!verify_permission('user_add_new')) {
- error(ERR_PERM_ADD_USER);
- return false;
- } elseif (user_exists($details['username'])) {
- error(ERR_USER_EXIST);
- return false;
- } elseif (!is_valid_email($details['email'])) {
- error(ERR_INV_EMAIL);
- return false;
- } elseif ($details['active'] == 1) {
- $active = 1;
- } else {
- $active = 0;
- }
-
- $query = "INSERT INTO users (username, password, fullname, email, description,";
- if (verify_permission('user_edit_templ_perm')) {
- $query .= ' perm_templ,';
- }
-
- if ($password_encryption == 'md5salt') {
- $password_hash = gen_mix_salt($details['password']);
- } else {
- $password_hash = md5($details['password']);
- }
-
- $query .= " active) VALUES ("
- . $db->quote($details['username'], 'text') . ", "
- . $db->quote($password_hash, 'text') . ", "
- . $db->quote($details['fullname'], 'text') . ", "
- . $db->quote($details['email'], 'text') . ", "
- . $db->quote($details['descr'], 'text') . ", ";
- if (verify_permission('user_edit_templ_perm')) {
- $query .= $db->quote($details['perm_templ'], 'integer') . ", ";
- }
- $query .= $db->quote($active, 'integer')
- . ")";
- $response = $db->query($query);
- if (PEAR::isError($response)) {
- error($response->getMessage());
- return false;
- }
-
- return true;
- }
|