Commit 55722a64 authored by Richard Mansfield's avatar Richard Mansfield
Browse files
parents 5c3027cc b66ce866
......@@ -24,13 +24,54 @@
*
*/
// NOTE: This script is VERY SIMILAR to the staffusers.php script, a bug fixed
// here might need to be fixed there too.
define('INTERNAL', 1);
define('ADMIN', 1);
define('MENUITEM', 'usermanagement');
define('SUBMENUITEM', 'adminusers');
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
require_once('form.php');
$smarty = smarty();
// Get users who are currently administrators
// @todo later, exclude the user with uid 1
$adminusers = get_column('usr', 'id', 'admin', 1);
$form = array(
'name' => 'adminusers',
'method' => 'post',
'action' => '',
'elements' => array(
'users' => array(
'type' => 'userlist',
'title' => get_string('adminusers', 'admin'),
'defaultvalue' => $adminusers,
'filter' => false
),
'submit' => array(
'type' => 'submitcancel',
'value' => array(get_string('submit'), get_string('cancel'))
)
)
);
function adminusers_submit($values) {
global $SESSION;
db_begin();
execute_sql('UPDATE usr
SET admin = 0
WHERE admin = 1');
execute_sql('UPDATE usr
SET admin = 1
WHERE id IN (' . join(',', $values['users']) . ')');
db_commit();
$SESSION->add_ok_msg(get_string('adminusersupdated', 'admin'));
redirect(get_config('wwwroot') . 'admin/usermanagement/adminusers.php');
}
$smarty->assign('adminusersform', form($form));
$smarty->display('admin/usermanagement/adminusers.tpl');
?>
......@@ -24,13 +24,53 @@
*
*/
// NOTE: This script is VERY SIMILAR to the adminusers.php script, a bug fixed
// here might need to be fixed there too.
define('INTERNAL', 1);
define('ADMIN', 1);
define('MENUITEM', 'usermanagement');
define('SUBMENUITEM', 'staffusers');
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
require_once('form.php');
$smarty = smarty();
// Get users who are currently staff
$staffusers = get_column('usr', 'id', 'staff', 1);
$form = array(
'name' => 'staffusers',
'method' => 'post',
'action' => '',
'elements' => array(
'users' => array(
'type' => 'userlist',
'title' => get_string('staffusers', 'admin'),
'defaultvalue' => $staffusers,
'filter' => false
),
'submit' => array(
'type' => 'submitcancel',
'value' => array(get_string('submit'), get_string('cancel'))
)
)
);
function staffusers_submit($values) {
global $SESSION;
db_begin();
execute_sql('UPDATE usr
SET staff = 0
WHERE staff = 1');
execute_sql('UPDATE usr
SET staff = 1
WHERE id IN (' . join(',', $values['users']) . ')');
db_commit();
$SESSION->add_ok_msg(get_string('staffusersupdated', 'admin'));
redirect(get_config('wwwroot') . 'admin/usermanagement/staffusers.php');
}
$smarty->assign('staffusersform', form($form));
$smarty->display('admin/usermanagement/staffusers.tpl');
?>
......@@ -202,6 +202,22 @@ function auth_setup () {
if ($sessionlogouttime > time()) {
// The session is still active, so continue it.
log_debug('session still active from previous time');
// Make sure that if a user's admin status has changed, they're kicked
// out of the admin section
if (defined('ADMIN')) {
$userreallyadmin = get_field('usr', 'admin', 'id', $SESSION->get('id'));
if (!$SESSION->get('admin') && $userreallyadmin) {
// The user has been made into an admin
$SESSION->set('admin', 1);
}
else if ($SESSION->get('admin') && !$userreallyadmin) {
// The user's admin rights have been taken away
$SESSION->set('admin', 0);
$SESSION->add_err_msg(get_string('accessforbiddentoadminsection'));
redirect(get_config('wwwroot'));
}
}
$USER = $SESSION->renew();
auth_check_password_change();
return $USER;
......@@ -610,6 +626,12 @@ function login_submit($values) {
$USER = get_record('usr', 'username', $username, null, null, null, null, '*, ' . db_format_tsfield('expiry'));
}
// Only admins in the admin section!
if (defined('ADMIN') && !$USER->admin) {
$SESSION->add_err_msg(get_string('accessforbiddentoadminsection'));
redirect(get_config('wwwroot'));
}
// Check if the user's account has expired
if ($USER->expiry > 0 && time() > $USER->expiry) {
log_debug('the user account has expired');
......
......@@ -59,4 +59,6 @@ $string['uploadcsverrorinvalidpassword'] = 'Error on line %s of your file: The p
$string['uploadcsverrorinvalidusername'] = 'Error on line %s of your file: The username for this user is not in correct form';
$string['uploadcsverrorincorrectfieldcount'] = 'Line %s of the file does not have the correct number of fields';
$string['uploadcsvfile'] = 'Upload CSV File';
$string['uploadcsvfiledescription'] = 'You may use this facility to upload new users via a <acronym title="Comma Separated Values">CSV</acronym> file. Each record in the file must have a username, e-mail address and password.';
?>
......@@ -36,10 +36,13 @@ $string['prevpage'] = 'Previous page';
// auth
$string['accountexpired'] = 'Sorry, your account has expired';
$string['accountsuspended'] = 'Your account has been suspeneded as of %s. The reason for your suspension is:<blockquote>%s</blockquote>';
$string['changepassword'] = 'Change Password';
$string['changepasswordinfo'] = 'You are required to change your password before you can proceed.';
$string['confirmpassword'] = 'Confirm password';
$string['loggedoutok'] = 'You have been logged out successfully';
$string['login'] = 'Log In';
$string['loginfailed'] = 'You have not provided the correct credentials to log in. Please check your username and password are correct.';
$string['newpassword'] = 'New Password';
$string['password'] = 'Password';
$string['passworddesc'] = 'Your password';
$string['passwordnotchanged'] = 'You did not change your password, please choose a new password';
......@@ -49,6 +52,8 @@ $string['passwordtooeasy'] = 'Your password is too easy! Please choose a harder
$string['username'] = 'Username';
$string['usernamedesc'] = 'Your username';
$string['usernamehelp'] = 'The username you have been given to access this system.';
$string['yournewpassword'] = 'Your new password';
$string['yournewpasswordagain'] = 'Your new password again';
// Registration
$string['registeredemailsubject'] = 'You have registered at Mahara';
......
......@@ -613,7 +613,7 @@ function get_records_sql_menu($sql,$values=null) {
* Get a single value from a table row where all the given fields match the given values.
*
* @param string $table the table to query.
* @param string $return the field to return the value of.
* @param string $field the field to return the value of.
* @param string $field1 the first field to check (optional).
* @param string $value1 the value field1 must have (requred if field1 is given, else optional).
* @param string $field2 the second field to check (optional).
......@@ -630,11 +630,27 @@ function get_field($table, $field, $field1, $value1, $field2=null, $value2=null,
return get_field_sql('SELECT ' . $field . ' FROM ' . get_config('dbprefix') . $table . ' ' . $select, $values);
}
/**
* Get a single value from a table.
*
* @param string $sql an SQL statement expected to return a single value.
* @return mixed the specified value.
* @throws SQLException
*/
function get_field_sql($sql, $values=null) {
$rs = get_recordset_sql($sql, $values);
if ($rs && $rs->RecordCount() == 1) {
return reset($rs->fields);
} else {
return false;
}
}
/**
* Get a single column from a table where all the given fields match the given values.
*
* @param string $table the table to query.
* @param string $return the field to return the value of.
* @param string $field the field to return the value of.
* @param string $field1 the first field to check (optional).
* @param string $value1 the value field1 must have (requred if field1 is given, else optional).
* @param string $field2 the second field to check (optional).
......@@ -664,22 +680,6 @@ function get_column_sql($sql, $values=null) {
return $db->GetCol($sql, $values);
}
/**
* Get a single value from a table.
*
* @param string $sql an SQL statement expected to return a single value.
* @return mixed the specified value.
* @throws SQLException
*/
function get_field_sql($sql, $values=null) {
$rs = get_recordset_sql($sql, $values);
if ($rs && $rs->RecordCount() == 1) {
return reset($rs->fields);
} else {
return false;
}
}
/**
* Set a single field in every table row where all the given fields match the given values.
*
......
......@@ -58,6 +58,9 @@ function form_render_userlist($element, Form $form) {
}
$smarty->assign('name', $element['name']);
if (!empty($element['filter'])) {
$smarty->assign('filter', true);
}
return $smarty->fetch('form/userlist.tpl');
}
......@@ -92,4 +95,12 @@ function form_is_empty_userlist($value, $element) {
return true;
}
function form_render_userlist_set_attributes($element) {
// By default, use the filter select box
if (!isset($element['filter'])) {
$element['filter'] = true;
}
return $element;
}
?>
......@@ -2,4 +2,6 @@
<h2>AdminUsers</h2>
{$adminusersform}
{include file="footer.tpl"}
......@@ -2,4 +2,6 @@
<h2>StaffUsers</h2>
{$staffusersform}
{include file="footer.tpl"}
{include file="header.tpl"}
<h2>UploadCSV</h2>
<h2>{str tag="uploadcsvfile" section="admin"}</h2>
<p>{str tag="uploadcsvfiledescription" section="admin"}</p>
{$uploadcsvform}
......
{include file="header.tpl"}
<h2>ChangePass</h2>
<h2>{str tag="changepassword"}</h2>
<p>[two messages here:]</p>
<ol>
<li>your password has expired, please change it</li>
<li>you have chosen to change your password, here is the form to change it</li>
</ol>
<p>{str tag="changepasswordinfo"}</p>
{$change_password_form}
......
......@@ -82,6 +82,7 @@
</script>
<table>
<tr>
{{if $filter}}
<td colspan="3">
<select id="{{$name}}_groups">
<option value="all">All Users</option>
......@@ -89,6 +90,7 @@
<option value="all">My Group</option>
</select>
</td>
{{/if}}
</tr>
<tr>
<td colspan="3" id="{{$name}}_messages">
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment