edit users

This commit is contained in:
Michael Save 2012-04-16 23:18:07 +10:00
parent 93553303b2
commit a340c5b6ee
5 changed files with 178 additions and 2 deletions

View File

@ -76,7 +76,7 @@ function twig_date_filter($date, $format) {
return strftime($format, $date);
}
function twig_hasPermission_filter($mod, $permission, $board = false) {
function twig_hasPermission_filter($mod, $permission, $board = null) {
return hasPermission($permission, $board, $mod);
}

View File

@ -313,6 +313,7 @@ function mod_lock($board, $unlock, $post) {
$query->bindValue(':locked', $unlock ? 0 : 1);
$query->execute() or error(db_error($query));
if($query->rowCount()) {
modLog(($unlock ? 'Unlocked' : 'Locked') . " thread #{$post}");
buildThread($post);
buildIndex();
}
@ -334,6 +335,7 @@ function mod_sticky($board, $unsticky, $post) {
$query->bindValue(':sticky', $unsticky ? 0 : 1);
$query->execute() or error(db_error($query));
if($query->rowCount()) {
modLog(($unlock ? 'Unstickied' : 'Stickied') . " thread #{$post}");
buildThread($post);
buildIndex();
}
@ -355,6 +357,7 @@ function mod_bumplock($board, $unbumplock, $post) {
$query->bindValue(':bumplock', $unbumplock ? 0 : 1);
$query->execute() or error(db_error($query));
if($query->rowCount()) {
modLog(($unlock ? 'Unbumplocked' : 'Bumplocked') . " thread #{$post}");
buildThread($post);
buildIndex();
}
@ -382,6 +385,85 @@ function mod_delete($board, $post) {
header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
}
function mod_user($uid) {
global $config, $mod;
if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id']))
error($config['error']['noaccess']);
$query = prepare('SELECT * FROM `mods` WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->execute() or error(db_error($query));
if (!$user = $query->fetch(PDO::FETCH_ASSOC))
error($config['error']['404']);
if (hasPermission($config['mod']['editusers']) && isset($_POST['username'], $_POST['password'])) {
if (isset($_POST['allboards'])) {
$boards = array('*');
} else {
$_boards = listBoards();
foreach ($_boards as &$board) {
$board = $board['uri'];
}
$boards = array();
foreach ($_POST as $name => $value) {
if (preg_match('/^board_(\w+)$/', $name, $matches) && in_array($matches[1], $_boards))
$boards[] = $matches[1];
}
}
$query = prepare('UPDATE `mods` SET `username` = :username, `boards` = :boards WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':boards', implode(',', $boards));
$query->execute() or error(db_error($query));
if ($_POST['password'] != '') {
$query = prepare('UPDATE `mods` SET `password` = SHA1(:password) WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->bindValue(':password', $_POST['password']);
$query->execute() or error(db_error($query));
if ($uid == $mod['id']) {
login($_POST['username'], $_POST['password']);
setCookies();
}
}
header('Location: ?/users', true, $config['redirect_http']);
return;
}
if (hasPermission($config['mod']['change_password']) && $uid == $mod['id'] && isset($_POST['password'])) {
if ($_POST['password'] != '') {
$query = prepare('UPDATE `mods` SET `password` = SHA1(:password) WHERE `id` = :id');
$query->bindValue(':id', $uid);
$query->bindValue(':password', $_POST['password']);
$query->execute() or error(db_error($query));
login($_POST['username'], $_POST['password']);
setCookies();
}
header('Location: ?/users', true, $config['redirect_http']);
return;
}
if (hasPermission($config['mod']['modlog'])) {
$query = prepare('SELECT * FROM `modlogs` WHERE `mod` = :id ORDER BY `time` DESC LIMIT 5');
$query->bindValue(':id', $uid);
$query->execute() or error(db_error($query));
$log = $query->fetchAll(PDO::FETCH_ASSOC);
} else {
$log = array();
}
$user['boards'] = explode(',', $user['boards']);
mod_page('Edit user', 'mod/user.html', array('user' => $user, 'logs' => $log, 'boards' => listBoards()));
}
function mod_users() {
global $config;

View File

@ -28,6 +28,7 @@ $pages = array(
'!^/log/(\d+)$!' => 'log', // modlog
'!^/users$!' => 'users', // manage users
'!^/users/(\d+)$!' => 'user', // edit user
'!^/users/(\d+)/(promote|demote)$!' => 'user_promote', // prmote/demote user
'!^/new_PM/([^/]+)$!' => 'new_pm', // create a new pm
'!^/PM/(\d+)(/reply)?$!' => 'pm', // read a pm

View File

@ -2,7 +2,7 @@
<tr>
<th>Staff</th>
<th>IP address</th>
<th>Ago</th>
<th>Time</th>
<th>Board</th>
<th>Action</th>
</tr>

93
templates/mod/user.html Normal file
View File

@ -0,0 +1,93 @@
<form action="?/users/{{ mod.id }}" method="post">
<table>
<tr>
<th>Username</th>
<td>
{% if mod|hasPermission(config.mod.editusers) %}
<input size="20" maxlength="30" type="text" name="username" value="{{ user.username|e }}" autocomplete="off">
{% else %}
{{ user.username|e }}
{% endif %}
</td>
</tr>
<tr>
<th>Password <small style="font-weight:normal">(new; optional)</small></th>
<td>
{% if mod|hasPermission(config.mod.editusers) or (mod|hasPermission(config.mod.change_password) and user.id == mod.id) %}
<input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off">
{% else %}
-
{% endif %}
</td>
</tr>
<tr>
<th>Boards</th>
<td>
<ul style="padding:0 5px;list-style:none">
<li>
<input type="checkbox" id="allboards" name="allboards"
{% if '*' in user.boards %} checked{% endif %}
{% if not mod|hasPermission(config.mod.editusers) %}
disabled
{% endif %}
>
<label for="allboards">"*" - All boards</label>
</li>
{% for board in boards %}
<li>
<input type="checkbox" id="board_{{ board.uri }}" name="board_{{ board.uri }}"
{% if board.uri in user.boards %} checked{% endif %}
{% if not mod|hasPermission(config.mod.editusers) %}
disabled
{% endif %}
>
<label for="board_{{ board.uri }}">
{{ config.board_abbreviation|sprintf(board.uri) }}
-
{{ board.title }}
</label>
</li>
{% endfor %}
</ul>
</td>
</tr>
</table>
<ul style="padding:0;text-align:center">
<li><input type="submit" value="Save changes"></li>
{% if mod|hasPermission(config.mod.deleteusers) %}
<li><input type="submit" value="Delete user"></li>
{% endif %}
</ul>
</form>
{% if logs|count > 0 %}
<table class="modlog" style="width:600px">
<tr>
<th>IP address</th>
<th>Time</th>
<th>Board</th>
<th>Action</th>
</tr>
{% for log in logs %}
<tr>
<td class="minimal">
<a href="?/IP/{{ log.ip }}">{{ log.ip }}</a>
</td>
<td class="minimal">
<span title="{{ log.time|date(config.post_date) }}">{{ log.time|ago }}</span>
</td>
<td class="minimal">
{% if log.board %}
<a href="?/{{ config.board_path|sprintf(log.board) }}{{ config.file_index }}">{{ config.board_abbreviation|sprintf(log.board) }}</a>
{% else %}
-
{% endif %}
</td>
<td>
{{ log.text }}
</td>
</tr>
{% endfor %}
</table>
{% endif %}