From 246ba72f1d897a8d9eeb027167ca0f3ba2020b85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diogo=20Gon=C3=A7alves?= Date: Fri, 2 Dec 2011 20:45:25 +0000 Subject: [PATCH] GCI task #7135234 by yaxar maxson git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey_yii@11567 b72ed6b6-b9f8-46b5-92b4-906544132732 --- application/controllers/AdminController.php | 4 +- application/controllers/admin/user.php | 741 ----------------- application/controllers/admin/useraction.php | 760 ++++++++++++++++++ application/models/Survey.php | 24 +- application/views/admin/user/editusers.php | 10 +- .../views/admin/user/setuserrights.php | 16 +- 6 files changed, 791 insertions(+), 764 deletions(-) delete mode 100644 application/controllers/admin/user.php create mode 100644 application/controllers/admin/useraction.php diff --git a/application/controllers/AdminController.php b/application/controllers/AdminController.php index 2647d0f5fa1..d546d96ca58 100644 --- a/application/controllers/AdminController.php +++ b/application/controllers/AdminController.php @@ -125,10 +125,12 @@ public function actions() 'question' => 'application.controllers.admin.question', 'database' => 'application.controllers.admin.database', 'statistics' => 'application.controllers.admin.statistics', + 'translate' => 'application.controllers.admin.translate', 'labels' => 'application.controllers.admin.labels', 'templates' => 'application.controllers.admin.templates', + 'user' => 'application.controllers.admin.useraction', 'participants' => 'application.controllers.admin.participantsaction', - 'translate' => 'application.controllers.admin.translate', + 'translate' => 'application.controllers.admin.translate' ); } diff --git a/application/controllers/admin/user.php b/application/controllers/admin/user.php deleted file mode 100644 index e6dcd765274..00000000000 --- a/application/controllers/admin/user.php +++ /dev/null @@ -1,741 +0,0 @@ -load->model("users_model"); - $this->load->model("surveys_model"); - - self::_js_admin_includes(base_url().'scripts/jquery/jquery.tablesorter.min.js'); - self::_js_admin_includes(base_url().'scripts/admin/users.js'); - - $userlist = getuserlist(); - $ui = count($userlist); - $usrhimself = $userlist[0]; - unset($userlist[0]); - - if($this->session->userdata('USER_RIGHT_SUPERADMIN') == 1) - { - $query=$this->surveys_model->getSomeRecords(array("count(*)"),array("owner_id"=>$usrhimself['uid'])); - $noofsurveys=$query->row_array(); - $noofsurveys=$noofsurveys["count(*)"]; - $data['noofsurveys'] = $noofsurveys; - } - - if(isset($usrhimself['parent_id']) && $usrhimself['parent_id']!=0) { - $uresult = $this->users_model->getSomeRecords(array("users_name"),array("uid"=>$usrhimself['parent_id'])); - $srow = $uresult->row_array(); - } - - $data['usrhimself']=$usrhimself; - // other users - $data['row'] = 0; - $usr_arr = $userlist; - $data['usr_arr']=$usr_arr; - $noofsurveyslist = array( ); - - //This loops through for each user and checks the amount of surveys against them. - for($i=1;$i<=count($usr_arr);$i++) - { - $query=$this->surveys_model->getSomeRecords(array("count(*)"),array("owner_id"=>$usr_arr[$i]['uid'])); - $noofsurveyslist[$i]=$query->row_array(); - $noofsurveyslist[$i]=$noofsurveyslist[$i]["count(*)"]; - } - - - $data['clang']=$this->limesurvey_lang; - $data['imageurl']=$this->config->item("imageurl"); - $data['noofsurveyslist']=$noofsurveyslist; - - $clang = $this->limesurvey_lang; - self::_getAdminHeader(); - self::_showadminmenu(); - $this->load->view("admin/user/editusers",$data); - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - - } - - function adduser() - { - $clang=$this->limesurvey_lang; - $this->load->model("users_model"); - if (!$this->session->userdata('USER_RIGHT_CREATE_USER')) { - show_error("No permissions"); - exit; - } - - $new_user = FlattenText($this->input->post('new_user'),false,true); - $new_email = FlattenText($this->input->post('new_email'),false,true); - $new_full_name = FlattenText($this->input->post('new_full_name'),false,true); - - self::_getAdminHeader(); - self::_showadminmenu(); - $valid_email = true; - if(!validate_email($new_email)) - { - $valid_email = false; - self::_showMessageBox($clang->gT("Failed to add user"),"
\n" . " " . $clang->gT("The email address is not valid.")."
\n",$class='warningheader'); - } - if(empty($new_user)) - { - self::_showMessageBox($clang->gT("Failed to add user"),"
\n" . " " . $clang->gT("A username was not supplied or the username is invalid.")."
\n",$class='warningheader'); - } - elseif($valid_email) - { - $new_pass = createPassword(); - $uresult = $this->users_model->insert($new_user, $new_pass,$new_full_name,$this->session->userdata('loginID'),$new_email); - - if($uresult) - { - $newqid = $this->db->insert_id(); - $this->load->model("template_model"); - // add default template to template rights for user - $this->template_model->insert(array('uid' => $newqid, 'folder' => 'default', 'use' => '1')); - - // add new user to userlist - $sresult = $this->users_model->getAllRecords(array('uid' => $newqid)); - $srow= $sresult->row_array(); - - $userlist = getuserlist(); - array_push($userlist, array("user"=>$srow['users_name'], "uid"=>$srow['uid'], "email"=>$srow['email'], - "password"=>$srow["password"], "parent_id"=>$srow['parent_id'], // "level"=>$level, - "create_survey"=>$srow['create_survey'],"participant_panel"=>$srow['participant_panel'], "configurator"=>$srow['configurator'], "create_user"=>$srow['create_user'], - "delete_user"=>$srow['delete_user'], "superadmin"=>$srow['superadmin'], "manage_template"=>$srow['manage_template'], - "manage_label"=>$srow['manage_label'])); - - // send Mail - $body = sprintf($clang->gT("Hello %s,"), $new_full_name)."

\n"; - $body .= sprintf($clang->gT("this is an automated email to notify that a user has been created for you on the site '%s'."), $this->config->item("sitename"))."

\n"; - $body .= $clang->gT("You can use now the following credentials to log into the site:")."
\n"; - $body .= $clang->gT("Username") . ": " . $new_user . "
\n"; - if ($this->config->item("useWebserverAuth") === false) - { // authent is not delegated to web server - // send password (if authorized by config) - if ($this->config->item("display_user_password_in_email") === true) - { - $body .= $clang->gT("Password") . ": " . $new_pass . "
\n"; - } - else - { - $body .= $clang->gT("Password") . ": " . $clang->gT("Please ask your password to your LimeSurvey administrator") . "
\n"; - } - } - - $body .= "".$clang->gT("Click here to log in.")."

\n"; - $body .= sprintf($clang->gT('If you have any questions regarding this mail please do not hesitate to contact the site administrator at %s. Thank you!'),$this->config->item("siteadminemail"))."
\n"; - - $subject = sprintf($clang->gT("User registration at '%s'","unescaped"),$this->config->item("sitename")); - $to = $new_user." <$new_email>"; - $from = $this->config->item("siteadminname")." <".$this->config->item("siteadminemail").">"; - $addsummary = ""; - if(SendEmailMessage($body, $subject, $to, $from, $this->config->item("sitename"), true, $this->config->item("siteadminbounce"))) - { - $addsummary .= "
".$clang->gT("Username").": $new_user
".$clang->gT("Email").": $new_email
"; - $addsummary .= "
".$clang->gT("An email with a generated password was sent to the user."); - } - else - { - // has to be sent again or no other way - $tmp = str_replace("{NAME}", "".$new_user."", $clang->gT("Email to {NAME} ({EMAIL}) failed.")); - $addsummary .= "
".str_replace("{EMAIL}", $new_email, $tmp) . "
"; - } - - $addsummary .= "
\t\t\t
" - ."" - ."" - ."" - ."" - ."
"; - self::_showMessageBox($clang->gT("Add user"),$addsummary); - - } - else{ - $addsummary .= "
".$clang->gT("Failed to add user")."

\n" . " " . $clang->gT("The user name already exists.")."
\n"; - } - } - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - } - - /** - * Delete user - */ - function deluser() - { - $clang=$this->limesurvey_lang; - if (!($this->session->userdata('USER_RIGHT_SUPERADMIN')==1 || $this->session->userdata('USER_RIGHT_DELETE_USER'))) { - show_error("No permissions"); - exit; - } - - self::_getAdminHeader(); - self::_showadminmenu(); - $_POST = $this->input->post(); - $action=$this->input->post("action"); - $this->load->model("users_model"); - // CAN'T DELETE ORIGINAL SUPERADMIN - // Initial SuperAdmin has parent_id == 0 - $adminresult = $this->users_model->getSomeRecords(array('uid'), array('parent_id' => 0)); - $row=$adminresult->row_array(); - - $postuserid = $this->input->post("uid"); - $postuser = $this->input->post("user"); - if($row['uid'] == $postuserid) // it's the original superadmin !!! - { - self::_showMessageBox($clang->gT("Initial Superadmin cannot be deleted!"),"","warningheader"); - } - else - { - if (isset($postuserid)) - { - $sresultcount = 0;// 1 if I am parent of $postuserid - if ($this->session->userdata('USER_RIGHT_SUPERADMIN') != 1) - { - $sresult = $this->users_model->getSomeRecords(array('uid'), array('parent_id' => $postuserid, 'parent_id' => $this->session->userdata('loginID'))); - $sresultcount = $sresult->num_rows(); - } - - if ($this->session->userdata('USER_RIGHT_SUPERADMIN') == 1 || $sresultcount > 0 || $postuserid == $this->session->userdata('loginID')) - { - $transfer_surveys_to = 0; - $result = $this->users_model->getSomeRecords(array('users_name','uid')); - - $current_user = $this->session->userdata('loginID'); - if($result->num_rows() == 2) { - - $action = "finaldeluser"; - foreach($result->row_array() as $rows){ - $intUid = $rows['uid']; - $selected = ''; - if ($intUid == $current_user) - $selected = " selected='selected'"; - - if ($postuserid != $intUid) - $transfer_surveys_to = $intUid; - } - } - - $this->load->model("surveys_model"); - $result = $this->surveys_model->getSomeRecords(array('sid'), array('owner_id' => $current_user)); - if($result->num_rows() == 0) { - $action = "finaldeluser"; - } - - if ($action=="finaldeluser") - { - if (isset($_POST['transfer_surveys_to'])) {$transfer_surveys_to=sanitize_int($_POST['transfer_surveys_to']);} - if ($transfer_surveys_to > 0){ - $result = $this->surveys_model->updateSurvey(array('owner_id'=>$postuserid), array('owner_id'=>$transfer_surveys_to)); - } - $sresult = $this->users_model->getSomeRecords(array('parent_id'), array('uid'=>$postuserid)); - $fields = $sresult->row_array(); - - if (isset($fields[0])) - { - $uresult = $this->users_model->parent_update(array('parent_id='=>$postuserid), array('parent_id='=>$fields[0])); - } - - //DELETE USER FROM TABLE - $dresult=$this->users_model->delete(array('uid'=>$postuserid)); - - // Delete user rights - $this->load->model("survey_permissions_model"); - $dresult=$this->survey_permissions_model->deleteSomeRecords(array('uid'=>$postuserid)); - - if($postuserid == $this->session->userdata('loginID')) killSession(); // user deleted himself - - $addsummary = "
".$clang->gT("Username").": {$postuser}

\n"; - $addsummary .= "
".$clang->gT("Success!")."
\n"; - if ($transfer_surveys_to>0){ - $sTransferred_to = self::_getUserNameFromUid($transfer_surveys_to); - $addsummary .= sprintf($clang->gT("All of the user's surveys were transferred to %s."),$sTransferred_to); - } - $addsummary .= "
gT("Continue")."\"/>\n"; - self::_showMessageBox("",$addsummary); - } - else - { - $current_user = $this->session->userdata('loginID'); - $addsummary = "
".$clang->gT("Transfer the user's surveys to: ")."\n"; - $addsummary .= "
"; - $addsummary .= ""; - $addsummary .= "

"; - $addsummary .= "
"; - self::_showMessageBox("",$addsummary); - } - - } - else - { - include("access_denied.php"); - } - } - else - { - $addsummary = "
".$clang->gT("Could not delete user. User was not supplied.")."
\n"; - $addsummary .= "
gT("Continue")."\"/>\n"; - self::_showMessageBox("",$addsummary); - } - } - $addsummary .= "
\n"; - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - } - - /** - * Modify User - */ - function modifyuser() - { - $this->load->model("users_model"); - - $postuserid=$this->input->post("uid"); - if (isset($postuserid) && $postuserid) - { - $sresult = $this->users_model->getSomeRecords(array('uid'),array('uid'=>$postuserid, 'parent_id'=>$this->session->userdata('loginID'))); - $sresultcount = $sresult->num_rows(); - } - else - { - // include("access_denied.php"); - // die(); - } - - // RELIABLY CHECK MY RIGHTS - if ($this->session->userdata('USER_RIGHT_SUPERADMIN') == 1 || $this->session->userdata('loginID') == $postuserid || - ( $this->session->userdata('USER_RIGHT_CREATE_USER') && - $sresultcount > 0 - ) ) - { - $sresult = $this->users_model->parentAndUser(); - $data['mur'] = $sresult; - - // $muq = "SELECT a.users_name, a.full_name, a.email, a.uid, b.users_name AS parent FROM ".$this->db->dbprefix('users')." AS a LEFT JOIN ".$this->db->dbprefix('users')." AS b ON a.parent_id = b.uid WHERE a.uid='{$postuserid}'"; // added by Dennis - // $data['mur'] = db_select_limit_assoc($muq, 1); - - $data['clang']=$this->limesurvey_lang; - self::_getAdminHeader(); - self::_showadminmenu(); - $this->load->view("admin/user/modifyuser",$data); - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - } - else - { - include("access_denied.php"); - } - } - - /** - * Modify User POST - */ - function moduser() - { - $clang=$this->limesurvey_lang; - $_POST = $this->input->post(); - $postuser = $this->input->post("user"); - $postemail = $this->input->post("email"); - $postuserid = $this->input->post("uid"); - $postfull_name = $this->input->post("full_name"); - $display_user_password_in_html=$this->config->item("display_user_password_in_html"); - $addsummary=''; - - $this->load->model("users_model"); - $sresult = $this->users_model->getSomeRecords(array('uid'),array('uid'=>$postuserid, 'parent_id'=>$this->session->userdata('loginID'))); - $sresultcount = $sresult->num_rows(); - - if(($this->session->userdata('USER_RIGHT_SUPERADMIN') == 1 || $postuserid == $this->session->userdata('loginID') || - ($sresultcount > 0 && $this->session->userdata('USER_RIGHT_CREATE_USER'))) && !($this->config->item("demoMode") == true && $postuserid == 1) - ) - { - $users_name = html_entity_decode($postuser, ENT_QUOTES, 'UTF-8'); - $email = html_entity_decode($postemail,ENT_QUOTES, 'UTF-8'); - $sPassword = html_entity_decode($_POST['pass'],ENT_QUOTES, 'UTF-8'); - if ($sPassword=='%%unchanged%%') $sPassword=''; - $full_name = html_entity_decode($postfull_name,ENT_QUOTES, 'UTF-8'); - $valid_email = true; - - if(!validate_email($email)) - { - $valid_email = false; - $failed = true; - $addsummary .= "
".$clang->gT("Could not modify user data.")."

\n" - . " ".$clang->gT("Email address is not valid.")."
\n"; - } - elseif($valid_email) - { - $failed = false; - if(empty($sPassword)) - { - $uresult = $this->users_model->update($postuserid, array('email'=>$this->db->escape($email), 'full_name'=>$this->db->escape($full_name))); - } else { - $this->load->library("admin/sha256"); - $uresult = $this->users_model->update($postuserid, array('email'=>$this->db->escape($email), 'full_name'=>$this->db->escape($full_name), 'password' => $this->sha256->hashing($sPassword))); - } - - if($uresult && empty($sPassword)) - { - $addsummary .= "
".$clang->gT("Username").": $users_name
".$clang->gT("Password").": (".$clang->gT("Unchanged").")

\n"; - $addsummary .= "
".$clang->gT("Success!")."
\n"; - } elseif($uresult && !empty($sPassword)) - { - if ($sPassword != 'password' ) $this->session->set_userdata('pw_notify',false); - if ($sPassword == 'password' ) $this->session->set_userdata('pw_notify',true); - - if ($display_user_password_in_html === true) - { - $displayedPwd = $sPassword; - } - else - { - $displayedPwd = preg_replace('/./','*',$sPassword); - } - $addsummary .= "
".$clang->gT("Username").": $users_name
".$clang->gT("Password").": {$displayedPwd}

\n"; - $addsummary .= "
".$clang->gT("Success!")."
\n"; - } - else - { - // Username and/or email adress already exists. - $addsummary .= "
".$clang->gT("Could not modify user data.")."

\n" - . " ".$clang->gT("Email address already exists.")."
\n"; - } - } - if($failed) - { - $addsummary .= "
" - ."" - ."" - ."
"; - } - else - { - $addsummary .= "
gT("Continue")."\"/>\n"; - } - } - else - { - include("access_denied.php"); - } - self::_getAdminHeader(); - self::_showadminmenu(); - self::_showMessageBox($clang->gT("Editing user"),$addsummary); - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - - } - - /** - * - */ - function setuserrights() - { - $this->load->model("users_model"); - $data['clang']=$this->limesurvey_lang; - $_POST = $this->input->post(); - self::_js_admin_includes(base_url().'scripts/admin/users.js'); - $postuser = $this->input->post("user"); - $postemail = $this->input->post("email"); - $postuserid = $_POST["uid"]; - $postfull_name = $this->input->post("full_name"); - if (isset($postuserid) && $postuserid) - { - $sresult = $this->users_model->getSomeRecords(array('uid'),array('uid'=>$postuserid, 'parent_id'=>$this->session->userdata('loginID'))); - $sresultcount = $sresult->num_rows(); - - - } - else - { - include("access_denied.php"); - die(); - } - - // RELIABLY CHECK MY RIGHTS - if ($this->session->userdata('USER_RIGHT_SUPERADMIN') == 1 || - ( $this->session->userdata('USER_RIGHT_CREATE_USER') && - $sresultcount > 0 && - $this->session->userdata("loginID") != $postuserid - ) ) - // if($_SESSION['loginID'] != $postuserid) - { - self::_getAdminHeader(); - self::_showadminmenu(); - $data['postuserid']=$postuserid; - $this->load->view("admin/user/setuserrights",$data); - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - - } // if - else - { - include("access_denied.php"); - } - } - - /** - * User Rights POST - */ - function userrights() - { - $this->load->model("users_model"); - $postuserid=$this->input->post("uid"); - $clang=$this->limesurvey_lang; - $addsummary = "
".$clang->gT("Set user permissions")."
\n"; - $addsummary .= "
\n"; - - $_POST=$this->input->post(); - - // A user can't modify his own rights ;-) - if($postuserid != $this->session->userdata('loginID')) - { - $sresult = $this->users_model->getSomeRecords(array('uid'),array('uid'=>$postuserid, 'parent_id'=>$this->session->userdata('loginID'))); - $sresultcount = $sresult->num_rows(); - - if($this->session->userdata('USER_RIGHT_SUPERADMIN') != 1 && $sresultcount > 0) - { // Not Admin, just a user with childs - $rights = array(); - - // Forbids Allowing more privileges than I have - if(isset($_POST['create_survey']) && $this->session->userdata('USER_RIGHT_CREATE_SURVEY'))$rights['create_survey']=1; else $rights['create_survey']=0; - if(isset($_POST['participant_panel']) && $this->session->userdata('USER_RIGHT_PARTICIPANT_PANEL'))$rights['participant_panel']=1; else $rights['participant_panel']=0; - if(isset($_POST['configurator']) && $this->session->userdata('USER_RIGHT_CONFIGURATOR'))$rights['configurator']=1; else $rights['configurator']=0; - if(isset($_POST['create_user']) && $this->session->userdata('USER_RIGHT_CREATE_USER'))$rights['create_user']=1; else $rights['create_user']=0; - if(isset($_POST['delete_user']) && $this->session->userdata('USER_RIGHT_DELETE_USER'))$rights['delete_user']=1; else $rights['delete_user']=0; - - $rights['superadmin']=0; // ONLY Initial Superadmin can give this right - if(isset($_POST['manage_template']) && $this->session->userdata('USER_RIGHT_MANAGE_TEMPLATE'))$rights['manage_template']=1; else $rights['manage_template']=0; - if(isset($_POST['manage_label']) && $this->session->userdata('USER_RIGHT_MANAGE_LABEL'))$rights['manage_label']=1; else $rights['manage_label']=0; - - if ($postuserid<>1) setuserrights($postuserid, $rights); - $addsummary .= "
".$clang->gT("User permissions were updated successfully.")."
\n"; - $addsummary .= "
gT("Continue")."\"/>\n"; - } - elseif ($this->session->userdata('USER_RIGHT_SUPERADMIN') == 1) - { - $rights = array(); - - // Only Initial Superadmin can give this right - if(isset($_POST['superadmin'])) - { - // Am I original Superadmin ? - // Initial SuperAdmin has parent_id == 0 - $adminresult = $this->users_model->getSomeRecords(array('uid'),array('parent_id'=>0)); - $row=$adminresult->row(); - - if($row['uid'] == $this->session->userdata('loginID')) // it's the original superadmin !!! - { - $rights['superadmin']=1; - } - else - { - $rights['superadmin']=0; - } - } - else - { - $rights['superadmin']=0; - } - - if(isset($_POST['create_survey']) || $rights['superadmin'])$rights['create_survey']=1; else $rights['create_survey']=0; - if(isset($_POST['configurator']) || $rights['superadmin'])$rights['configurator']=1; else $rights['configurator']=0; - if(isset($_POST['create_user']) || $rights['superadmin'])$rights['create_user']=1; else $rights['create_user']=0; - if(isset($_POST['participant_panel']) || $rights['superadmin'])$rights['participant_panel']=1; else $rights['participant_panel']=0; - if(isset($_POST['delete_user']) || $rights['superadmin'])$rights['delete_user']=1; else $rights['delete_user']=0; - if(isset($_POST['manage_template']) || $rights['superadmin'])$rights['manage_template']=1; else $rights['manage_template']=0; - if(isset($_POST['manage_label']) || $rights['superadmin'])$rights['manage_label']=1; else $rights['manage_label']=0; - - setuserrights($postuserid, $rights); - $addsummary .= "
".$clang->gT("User permissions were updated successfully.")."
\n"; - $addsummary .= "
gT("Continue")."\"/>\n"; - } - else - { - include("access_denied.php"); - } - } - else - { - $addsummary .= "
".$clang->gT("You are not allowed to change your own permissions!")."
\n"; - $addsummary .= "
gT("Continue")."\"/>\n"; - } - $addsummary .= "
\n"; - self::_getAdminHeader(); - self::_showadminmenu(); - self::_showMessageBox("",$addsummary); - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - - } - - function setusertemplates() - { - $data['clang']=$this->limesurvey_lang; - $_POST = $this->input->post(); - $postuser = $this->input->post("user"); - $postemail = $this->input->post("email"); - $postuserid = $_POST["uid"]; - $postfull_name = $this->input->post("full_name"); - - self::_refreshtemplates(); - $data['userlist'] = getuserlist(); - - self::_getAdminHeader(); - self::_showadminmenu(); - $data['postuserid']=$postuserid; - $this->load->view("admin/user/setusertemplates",$data); - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - - } - - function usertemplates() - { - $postuserid=$this->input->post("uid"); - $clang=$this->limesurvey_lang; - - $_POST=$this->input->post(); - $addsummary = "
".$clang->gT("Set template permissions")."
\n"; - $addsummary .= "
\n"; - - // SUPERADMINS AND MANAGE_TEMPLATE USERS CAN SET THESE RIGHTS - if( $this->session->userdata('USER_RIGHT_SUPERADMIN') == 1 || $this->session->userdata('USER_RIGHT_MANAGE_TEMPLATE') == 1) - { - $templaterights = array(); - $this->load->model("templates_model"); - $tresult = $this->templates_model->getAllRecords(); - foreach ($tresult->result_array() as $trow) { - if (isset($_POST[$trow["folder"]."_use"])) - $templaterights[$trow["folder"]] = 1; - else - $templaterights[$trow["folder"]] = 0; - } - foreach ($templaterights as $key => $value) { - $uresult = $this->template_rights_model->insert(array('uid' => $postuserid, 'folder' => $key, 'use' => $value)); - if (!$uresult) - { - $uresult = $this->template_rights_model->update(array('use' => $value), array('folder' => $key, 'uid' => $postuserid)); - } - } - if ($uresult) - { - $addsummary .= "
".$clang->gT("Template permissions were updated successfully.")."
\n"; - $addsummary .= "
gT("Continue")."\"/>\n"; - } - else - { - $addsummary .= "
".$clang->gT("Error")."
\n"; - $addsummary .= "
".$clang->gT("Error while updating usertemplates.")."
\n"; - $addsummary .= "
gT("Continue")."\"/>\n"; - } - } - else - { - include("access_denied.php"); - } - $addsummary .= "
\n"; - self::_getAdminHeader(); - self::_showadminmenu(); - self::_showMessageBox("",$addsummary); - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - } - - /** - * Manage user personal settings - */ - function personalsettings() - { - $clang = $this->limesurvey_lang; - $this->load->model("users_model"); - - if($this->input->post("action")) - { - $_POST = $this->input->post(); - $data = array( 'lang' =>$_POST['lang'], 'dateformat'=>$_POST['dateformat'], 'htmleditormode'=>$_POST['htmleditormode'], - 'questionselectormode'=> $_POST['questionselectormode'], 'templateeditormode'=> $_POST['templateeditormode']); - $uresult = $this->users_model->update($this->session->userdata("loginID"),$data); - $this->session->set_userdata('adminlang', $_POST['lang']); - $this->session->set_userdata('htmleditormode', $_POST['htmleditormode']); - $this->session->set_userdata('questionselectormode', $_POST['questionselectormode']); - $this->session->set_userdata('templateeditormode', $_POST['templateeditormode']); - $this->session->set_userdata('dateformat', $_POST['dateformat']); - $this->session->set_userdata('flashmessage', $clang->gT("Your personal settings were successfully saved.")); - } - $query = $this->users_model->getSomeRecords(array("lang"),array("uid"=>$this->session->userdata("loginID"))); - $data['sSavedLanguage']=reset($query->row_array()); - - $data['clang']=$clang; - - self::_getAdminHeader(); - self::_showadminmenu(); - $this->load->view("admin/user/personalsettings",$data); - self::_getAdminFooter("http://docs.limesurvey.org", $this->limesurvey_lang->gT("LimeSurvey online manual")); - } - - function _getUserNameFromUid($uid){ - $uid = sanitize_int($uid); - $this->load->model("users_model"); - $result = $this->users_model->getSomeRecords(array('users_name', 'uid'), array('uid' => $uid)); - - if($result->num_rows() > 0) { - foreach($result->row_array() as $rows){ - return $rows['users_name']; - } - } - } - - function _refreshtemplates() { - $template_a = gettemplatelist(); - $this->load->model("templates_model"); - foreach ($template_a as $tp=>$fullpath) { - // check for each folder if there is already an entry in the database - // if not create it with current user as creator (user with rights "create user" can assign template rights) - $result = $this->templates_model->getSomeRecords(array('folder' => $tp)); - - if ($result->num_rows() == 0) { - $this->templates_model->insertRecords(array('folder' => $tp, 'creator' => $this->session->userdata('loginID'))); - } - } - return true; - } -} diff --git a/application/controllers/admin/useraction.php b/application/controllers/admin/useraction.php new file mode 100644 index 00000000000..5b56b9e6c9f --- /dev/null +++ b/application/controllers/admin/useraction.php @@ -0,0 +1,760 @@ +loadHelper('database'); + if (isset($_GET['editusers'])) + $this->editusers(); + elseif (isset($_GET['adduser'])) + $this->adduser(); + elseif (isset($_GET['deluser'])) + $this->deluser(); + elseif (isset($_GET['modifyuser'])) + $this->modifyuser(); + elseif (isset($_GET['moduser'])) + $this->moduser(); + elseif (isset($_GET['setuserrights'])) + $this->setuserrights(); + elseif (isset($_GET['userrights'])) + $this->userrights(); + elseif (isset($_GET['setusertemplates'])) + $this->setusertemplates(); + elseif (isset($_GET['usertemplates'])) + $this->usertemplates(); + elseif (isset($_GET['personalsettings'])) + $this->personalsettings(); + else + $this->index(); + } + function index() { + echo 'sfl'; + } + /** + * Show users table + */ + function editusers() + { + $this->getController()->_js_admin_includes(Yii::app()->baseUrl.'scripts/jquery/jquery.tablesorter.min.js'); + $this->getController()->_js_admin_includes(Yii::app()->baseUrl.'scripts/admin/users.js'); + + $userlist = getuserlist(); + $ui = count($userlist); + $usrhimself = $userlist[0]; + unset($userlist[0]); + + if(Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) + { + $query=Survey::model()->getSomeRecords(array("count(*)"),array("owner_id"=>$usrhimself['uid'])); + $noofsurveys=count($query); + $noofsurveys=$noofsurveys["count(*)"]; + $data['noofsurveys'] = $noofsurveys; + } + + if(isset($usrhimself['parent_id']) && $usrhimself['parent_id']!=0) { + $uresult = User::model()->getSomeRecords(array("users_name"),array("uid"=>$usrhimself['parent_id'])); + $srow = $uresult->row_array(); + } + + $data['usrhimself']=$usrhimself; + // other users + $data['row'] = 0; + $usr_arr = $userlist; + $data['usr_arr']=$usr_arr; + $noofsurveyslist = array( ); + + //This loops through for each user and checks the amount of surveys against them. + for($i=1;$i<=count($usr_arr);$i++) + { + $query=Survey::model()->getSomeRecords(array("count(*)"),array("owner_id"=>$usr_arr[$i]['uid'])); + $noofsurveyslist[$i]=$query; + if (isset($noofsurveyslist[$i]["count(*)"])) { + $r = $noofsurveyslist[$i]["count(*)"]; + }else{ + $r = FALSE; + } + $noofsurveyslist[$i]= $r; + } + + + $data['clang']=Yii::app()->lang; + $data['imageurl']=Yii::app()->getConfig("imageurl"); + $data['noofsurveyslist']=$noofsurveyslist; + + $clang = Yii::app()->lang; + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $this->getController()->render("/admin/user/editusers",$data); + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + + } + + function adduser() + { + $clang=Yii::app()->lang; + if (!Yii::app()->session['USER_RIGHT_CREATE_USER']) { + show_error("No permissions"); + exit; + } + + $new_user = FlattenText($this->_post('new_user'),false,true); + $new_email = FlattenText($this->_post('new_email'),false,true); + $new_full_name = FlattenText($this->_post('new_full_name'),false,true); + + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $valid_email = true; + if(!validate_email($new_email)) + { + $valid_email = false; + $this->getController()->_showMessageBox($clang->gT("Failed to add user"),"
\n" . " " . $clang->gT("The email address is not valid.")."
\n",$class='warningheader'); + } + if(empty($new_user)) + { + $this->getController()->_showMessageBox($clang->gT("Failed to add user"),"
\n" . " " . $clang->gT("A username was not supplied or the username is invalid.")."
\n",$class='warningheader'); + } + elseif($valid_email) + { + $new_pass = createPassword(); + $uresult = User::model()->insert($new_user, $new_pass,$new_full_name,Yii::app()->session['loginID'],$new_email); + + if($uresult) + { + // add default template to template rights for user + $newqid = $this->db->insert_id(); + $post=new Templates; + $post->uid = $newqid; + $post->folder = 'default'; + $post->use = '1'; + $post->save(); + //$this->template_model->insert(array('uid' => $newqid, 'folder' => 'default', 'use' => '1')); + + // add new user to userlist + $sresult = User::model()->getAllRecords(array('uid' => $newqid)); + $srow= count($sresult); + + $userlist = getuserlist(); + array_push($userlist, array("user"=>$srow['users_name'], "uid"=>$srow['uid'], "email"=>$srow['email'], + "password"=>$srow["password"], "parent_id"=>$srow['parent_id'], // "level"=>$level, + "create_survey"=>$srow['create_survey'],"participant_panel"=>$srow['participant_panel'], "configurator"=>$srow['configurator'], "create_user"=>$srow['create_user'], + "delete_user"=>$srow['delete_user'], "superadmin"=>$srow['superadmin'], "manage_template"=>$srow['manage_template'], + "manage_label"=>$srow['manage_label'])); + + // send Mail + $body = sprintf($clang->gT("Hello %s,"), $new_full_name)."

\n"; + $body .= sprintf($clang->gT("this is an automated email to notify that a user has been created for you on the site '%s'."), Yii::app()->getConfig("sitename"))."

\n"; + $body .= $clang->gT("You can use now the following credentials to log into the site:")."
\n"; + $body .= $clang->gT("Username") . ": " . $new_user . "
\n"; + if (Yii::app()->getConfig("useWebserverAuth") === false) + { // authent is not delegated to web server + // send password (if authorized by config) + if (Yii::app()->getConfig("display_user_password_in_email") === true) + { + $body .= $clang->gT("Password") . ": " . $new_pass . "
\n"; + } + else + { + $body .= $clang->gT("Password") . ": " . $clang->gT("Please ask your password to your LimeSurvey administrator") . "
\n"; + } + } + + $body .= "".$clang->gT("Click here to log in.")."

\n"; + $body .= sprintf($clang->gT('If you have any questions regarding this mail please do not hesitate to contact the site administrator at %s. Thank you!'),Yii::app()->getConfig("siteadminemail"))."
\n"; + + $subject = sprintf($clang->gT("User registration at '%s'","unescaped"),Yii::app()->getConfig("sitename")); + $to = $new_user." <$new_email>"; + $from = Yii::app()->getConfig("siteadminname")." <".Yii::app()->getConfig("siteadminemail").">"; + $addsummary = ""; + if(SendEmailMessage($body, $subject, $to, $from, Yii::app()->getConfig("sitename"), true, Yii::app()->getConfig("siteadminbounce"))) + { + $addsummary .= "
".$clang->gT("Username").": $new_user
".$clang->gT("Email").": $new_email
"; + $addsummary .= "
".$clang->gT("An email with a generated password was sent to the user."); + } + else + { + // has to be sent again or no other way + $tmp = str_replace("{NAME}", "".$new_user."", $clang->gT("Email to {NAME} ({EMAIL}) failed.")); + $addsummary .= "
".str_replace("{EMAIL}", $new_email, $tmp) . "
"; + } + + $addsummary .= "
\t\t\t
" + ."" + ."" + ."" + ."" + ."
"; + $this->getController()->_showMessageBox($clang->gT("Add user"),$addsummary); + + } + else{ + $addsummary .= "
".$clang->gT("Failed to add user")."

\n" . " " . $clang->gT("The user name already exists.")."
\n"; + } + } + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + } + + /** + * Delete user + */ + function deluser() + { + $clang=Yii::app()->lang; + if (!(Yii::app()->session['USER_RIGHT_SUPERADMIN']==1 || Yii::app()->session['USER_RIGHT_DELETE_USER'])) { + show_error("No permissions"); + exit; + } + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $action=$this->_post("action"); + // CAN'T DELETE ORIGINAL SUPERADMIN + // Initial SuperAdmin has parent_id == 0 + $adminresult = User::model()->getSomeRecords(array('uid'), array('parent_id' => 0)); + $row=count($adminresult); + + $postuserid = $this->_post("uid"); + $postuser = $this->_post("user"); + if($row['uid'] == $postuserid) // it's the original superadmin !!! + { + $this->getController()->_showMessageBox($clang->gT("Initial Superadmin cannot be deleted!"),"","warningheader"); + } + else + { + if (isset($postuserid)) + { + $sresultcount = 0;// 1 if I am parent of $postuserid + if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] != 1) + { + $sresult = User::model()->getSomeRecords(array('uid'), array('parent_id' => $postuserid, 'parent_id' => Yii::app()->session['loginID'])); + $sresultcount = count($sresult); + } + + if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 || $sresultcount > 0 || $postuserid == Yii::app()->session['loginID']) + { + $transfer_surveys_to = 0; + $result = User::model()->getSomeRecords(array('users_name','uid')); + + $current_user = Yii::app()->session['loginID']; + if(count($result) == 2) { + + $action = "finaldeluser"; + foreach($result->read() as $rows){ + $intUid = $rows['uid']; + $selected = ''; + if ($intUid == $current_user) + $selected = " selected='selected'"; + + if ($postuserid != $intUid) + $transfer_surveys_to = $intUid; + } + } + + $result = Survey::model()->getSomeRecords(array('sid'), array('owner_id' => $current_user)); + if(count($result) == 0) { + $action = "finaldeluser"; + } + + if ($action=="finaldeluser") + { + if (isset($_POST['transfer_surveys_to'])) {$transfer_surveys_to=sanitize_int($_POST['transfer_surveys_to']);} + if ($transfer_surveys_to > 0){ + $model=Survey::model()->updateByPk(array('owner_id'=>$postuserid), array('owner_id'=>$transfer_surveys_to)); + $result = $model->save(); + } + $sresult = User::model()->getSomeRecords(array('parent_id'), array('uid'=>$postuserid)); + $fields = $sresult->read(); + + if (isset($fields[0])) + { + $uresult = User::model()->parent_update(array('parent_id='=>$postuserid), array('parent_id='=>$fields[0])); + } + + //DELETE USER FROM TABLE + $dresult=User::model()->delete(array('uid'=>$postuserid)); + + // Delete user rights + $dresult=Survey_permissions::model()->deleteSomeRecords(array('uid'=>$postuserid)); + + if($postuserid == Yii::app()->session['loginID']) killSession(); // user deleted himself + + $addsummary = "
".$clang->gT("Username").": {$postuser}

\n"; + $addsummary .= "
".$clang->gT("Success!")."
\n"; + if ($transfer_surveys_to>0){ + $sTransferred_to = $this->getController()->_getUserNameFromUid($transfer_surveys_to); + $addsummary .= sprintf($clang->gT("All of the user's surveys were transferred to %s."),$sTransferred_to); + } + $addsummary .= "
createUrl('admin/user/editusers')."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; + $this->getController()->_showMessageBox("",$addsummary); + } + else + { + $current_user = Yii::app()->session['loginID']; + $addsummary = "
".$clang->gT("Transfer the user's surveys to: ")."\n"; + $addsummary .= "
"; + $addsummary .= ""; + $addsummary .= "

"; + $addsummary .= "
"; + $this->getController()->_showMessageBox("",$addsummary); + } + + } + else + { + include("access_denied.php"); + } + } + else + { + $addsummary = "
".$clang->gT("Could not delete user. User was not supplied.")."
\n"; + $addsummary .= "
createUrl('admin/user/editusers')."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; + $this->getController()->_showMessageBox("",$addsummary); + } + } + $addsummary .= "
\n"; + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + } + + /** + * Modify User + */ + function modifyuser() + { + + $postuserid=$this->_post("uid"); + if (isset($postuserid) && $postuserid) + { + $sresult = User::model()->getSomeRecords(array('uid'),array('uid'=>$postuserid, 'parent_id'=>Yii::app()->session['loginID'])); + $sresultcount = $sresult->num_rows(); + } + else + { + // include("access_denied.php"); + // die(); + } + + // RELIABLY CHECK MY RIGHTS + if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 || Yii::app()->session['loginID'] == $postuserid || + ( Yii::app()->session['USER_RIGHT_CREATE_USER'] && + $sresultcount > 0 + ) ) + { + $sresult = User::model()->parentAndUser(); + $data['mur'] = $sresult; + + // $muq = "SELECT a.users_name, a.full_name, a.email, a.uid, b.users_name AS parent FROM ".$this->db->dbprefix('users')." AS a LEFT JOIN ".$this->db->dbprefix('users')." AS b ON a.parent_id = b.uid WHERE a.uid='{$postuserid}'"; // added by Dennis + // $data['mur'] = db_select_limit_assoc($muq, 1); + + $data['clang']=Yii::app()->lang; + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $this->getController->render("admin/user/modifyuser",$data); + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + } + else + { + include("access_denied.php"); + } + } + + /** + * Modify User POST + */ + function moduser() + { + $clang=Yii::app()->lang; + $_POST = $this->input->post(); + $postuser = $this->_post("user"); + $postemail = $this->_post("email"); + $postuserid = $this->_post("uid"); + $postfull_name = $this->_post("full_name"); + $display_user_password_in_html=Yii::app()->getConfig("display_user_password_in_html"); + $addsummary=''; + + $sresult = User::model()->getSomeRecords(array('uid'),array('uid'=>$postuserid, 'parent_id'=>Yii::app()->session['loginID'])); + $sresultcount = count($sresult); + + if((Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 || $postuserid == Yii::app()->session['loginID'] || + ($sresultcount > 0 && Yii::app()->session['USER_RIGHT_CREATE_USER'])) && !(Yii::app()->getConfig("demoMode") == true && $postuserid == 1) + ) + { + $users_name = html_entity_decode($postuser, ENT_QUOTES, 'UTF-8'); + $email = html_entity_decode($postemail,ENT_QUOTES, 'UTF-8'); + $sPassword = html_entity_decode($this->_post('pass'),ENT_QUOTES, 'UTF-8'); + if ($sPassword=='%%unchanged%%') $sPassword=''; + $full_name = html_entity_decode($postfull_name,ENT_QUOTES, 'UTF-8'); + $valid_email = true; + + if(!validate_email($email)) + { + $valid_email = false; + $failed = true; + $addsummary .= "
".$clang->gT("Could not modify user data.")."

\n" + . " ".$clang->gT("Email address is not valid.")."
\n"; + } + elseif($valid_email) + { + $failed = false; + if(empty($sPassword)) + { + $uresult = User::model()->update($postuserid, array('email'=>$this->db->escape($email), 'full_name'=>$this->db->escape($full_name))); + } else { + $uresult = User::model()->update($postuserid, array('email'=>$this->db->escape($email), 'full_name'=>$this->db->escape($full_name), 'password' => hash('sha256',$sPassword))); + } + + if($uresult && empty($sPassword)) + { + $addsummary .= "
".$clang->gT("Username").": $users_name
".$clang->gT("Password").": (".$clang->gT("Unchanged").")

\n"; + $addsummary .= "
".$clang->gT("Success!")."
\n"; + } elseif($uresult && !empty($sPassword)) + { + if ($sPassword != 'password' ) $this->session->set_userdata('pw_notify',false); + if ($sPassword == 'password' ) $this->session->set_userdata('pw_notify',true); + + if ($display_user_password_in_html === true) + { + $displayedPwd = $sPassword; + } + else + { + $displayedPwd = preg_replace('/./','*',$sPassword); + } + $addsummary .= "
".$clang->gT("Username").": $users_name
".$clang->gT("Password").": {$displayedPwd}

\n"; + $addsummary .= "
".$clang->gT("Success!")."
\n"; + } + else + { + // Username and/or email adress already exists. + $addsummary .= "
".$clang->gT("Could not modify user data.")."

\n" + . " ".$clang->gT("Email address already exists.")."
\n"; + } + } + if($failed) + { + $addsummary .= "
" + ."" + ."" + ."
"; + } + else + { + $addsummary .= "
createUrl('admin/user/editusers')."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; + } + } + else + { + include("access_denied.php"); + } + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $this->getController()->_showMessageBox($clang->gT("Editing user"),$addsummary); + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + + } + + /** + * + */ + function _post($d) { + if (isset($_POST[$d])) { + return $_POST[$d]; + }else{ + return FALSE; + } + } + function setuserrights() + { + //print_r(Yii::app()->tablePrefix); + + $data['clang'] = Yii::app()->lang; + $this->getController()->_js_admin_includes(Yii::app()->baseUrl.'scripts/admin/users.js'); + $postuser = $this->_post('user'); + $postemail = $this->_post('email'); + $postuserid = $this->_post('uid'); + $postfull_name = $this->_post('full_name'); + if (isset($postuserid) && $postuserid) + { + $sresult = User::model()->getSomeRecords(array('uid'),array('uid'=>$postuserid, 'parent_id'=>Yii::app()->session['loginID'])); + $sresultcount = count($sresult); + } + else + { + die('Access denied1'); + } + // RELIABLY CHECK MY RIGHTS + if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 || ( Yii::app()->session['USER_RIGHT_CREATE_USER'] && $sresultcount > 0 && Yii::app()->session['loginID'] != $postuserid ) ) + // if($_SESSION['loginID'] != $postuserid) + { + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $data['postuserid']=$postuserid; + $this->getController()->render("/admin/user/setuserrights",$data); + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + + } // if + else + { + die('Access denied2'); + } + } + /** + * User Rights POST + */ + function userrights() + { + $postuserid=$this->_post("uid"); + $clang=Yii::app()->lang; + $addsummary = "
".$clang->gT("Set user permissions")."
\n"; + $addsummary .= "
\n"; + + + + // A user can't modify his own rights ;-) + if($postuserid != Yii::app()->session['loginID']) + { + $sresult = User::model()->getSomeRecords(array('uid'),array('uid'=>$postuserid, 'parent_id'=>Yii::app()->session['loginID'])); + $sresultcount = $sresult->num_rows(); + + if(Yii::app()->session['USER_RIGHT_SUPERADMIN'] != 1 && $sresultcount > 0) + { // Not Admin, just a user with childs + $rights = array(); + + // Forbids Allowing more privileges than I have + if(isset($_POST['create_survey']) && Yii::app()->session['USER_RIGHT_CREATE_SURVEY'])$rights['create_survey']=1; else $rights['create_survey']=0; + if(isset($_POST['participant_panel']) && Yii::app()->session['USER_RIGHT_PARTICIPANT_PANEL'])$rights['participant_panel']=1; else $rights['participant_panel']=0; + if(isset($_POST['configurator']) && Yii::app()->session['USER_RIGHT_CONFIGURATOR'])$rights['configurator']=1; else $rights['configurator']=0; + if(isset($_POST['create_user']) && Yii::app()->session['USER_RIGHT_CREATE_USER'])$rights['create_user']=1; else $rights['create_user']=0; + if(isset($_POST['delete_user']) && Yii::app()->session['USER_RIGHT_DELETE_USER'])$rights['delete_user']=1; else $rights['delete_user']=0; + + $rights['superadmin']=0; // ONLY Initial Superadmin can give this right + if(isset($_POST['manage_template']) && Yii::app()->session['USER_RIGHT_MANAGE_TEMPLATE'])$rights['manage_template']=1; else $rights['manage_template']=0; + if(isset($_POST['manage_label']) && Yii::app()->session['USER_RIGHT_MANAGE_LABEL'])$rights['manage_label']=1; else $rights['manage_label']=0; + + if ($postuserid<>1) setuserrights($postuserid, $rights); + $addsummary .= "
".$clang->gT("User permissions were updated successfully.")."
\n"; + $addsummary .= "
createUrl('admin/user/editusers')."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; + } + elseif (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) + { + $rights = array(); + + // Only Initial Superadmin can give this right + if(isset($_POST['superadmin'])) + { + // Am I original Superadmin ? + // Initial SuperAdmin has parent_id == 0 + $adminresult = User::model()->getSomeRecords(array('uid'),array('parent_id'=>0)); + $row=$adminresult->row(); + + if($row['uid'] == Yii::app()->session['loginID']) // it's the original superadmin !!! + { + $rights['superadmin']=1; + } + else + { + $rights['superadmin']=0; + } + } + else + { + $rights['superadmin']=0; + } + + if(isset($_POST['create_survey']) || $rights['superadmin'])$rights['create_survey']=1; else $rights['create_survey']=0; + if(isset($_POST['configurator']) || $rights['superadmin'])$rights['configurator']=1; else $rights['configurator']=0; + if(isset($_POST['create_user']) || $rights['superadmin'])$rights['create_user']=1; else $rights['create_user']=0; + if(isset($_POST['participant_panel']) || $rights['superadmin'])$rights['participant_panel']=1; else $rights['participant_panel']=0; + if(isset($_POST['delete_user']) || $rights['superadmin'])$rights['delete_user']=1; else $rights['delete_user']=0; + if(isset($_POST['manage_template']) || $rights['superadmin'])$rights['manage_template']=1; else $rights['manage_template']=0; + if(isset($_POST['manage_label']) || $rights['superadmin'])$rights['manage_label']=1; else $rights['manage_label']=0; + + setuserrights($postuserid, $rights); + $addsummary .= "
".$clang->gT("User permissions were updated successfully.")."
\n"; + $addsummary .= "
createUrl('admin/user/editusers')."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; + } + else + { + include("access_denied.php"); + } + } + else + { + $addsummary .= "
".$clang->gT("You are not allowed to change your own permissions!")."
\n"; + $addsummary .= "
getController()->createUrl('admin/user/editusers')."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; + } + $addsummary .= "
\n"; + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $this->getController()->_showMessageBox("",$addsummary); + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + + } + + function setusertemplates() + { + $data['clang']=Yii::app()->lang; + $postuser = $this->_post("user"); + $postemail = $this->_post("email"); + $postuserid = $_POST["uid"]; + $postfull_name = $this->_post("full_name"); + $this->getController()->_refreshtemplates(); + $data['userlist'] = getuserlist(); + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $data['postuserid']=$postuserid; + $this->load->view("admin/user/setusertemplates",$data); + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + + } + + function usertemplates() + { + $postuserid=$this->_post("uid"); + $clang=Yii::app()->lang; + + + $addsummary = "
".$clang->gT("Set template permissions")."
\n"; + $addsummary .= "
\n"; + + // SUPERADMINS AND MANAGE_TEMPLATE USERS CAN SET THESE RIGHTS + if( Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 || Yii::app()->session['USER_RIGHT_MANAGE_TEMPLATE'] == 1) + { + $templaterights = array(); + $tresult = Templates::model()->getAllRecords(); + foreach ($tresult->read() as $trow) { + if (isset($_POST[$trow["folder"]."_use"])) + $templaterights[$trow["folder"]] = 1; + else + $templaterights[$trow["folder"]] = 0; + } + foreach ($templaterights as $key => $value) { + $post=new Templates_right; + $post->uid = $postuserid; + $post->folder = $key; + $post->use = $value; + $uresult = $post->save(); + if (!$uresult) + { + $model=Templates_right::model()->updateByPk(array('use'=>$value), array('folder' => $key, 'uid' => $postuserid)); + $uresult = $model->save(); + } + } + if ($uresult) + { + $addsummary .= "
".$clang->gT("Template permissions were updated successfully.")."
\n"; + $addsummary .= "
createUrl('admin/user/editusers')."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; + } + else + { + $addsummary .= "
".$clang->gT("Error")."
\n"; + $addsummary .= "
".$clang->gT("Error while updating usertemplates.")."
\n"; + $addsummary .= "
createUrl('admin/user/editusers')."', '_top')\" value=\"".$clang->gT("Continue")."\"/>\n"; + } + } + else + { + include("access_denied.php"); + } + $addsummary .= "
\n"; + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $this->getController()->_showMessageBox("",$addsummary); + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + } + + /** + * Manage user personal settings + */ + function personalsettings() + { + $clang = Yii::app()->lang; + + if($this->_post("action")) + { + $data = array( 'lang' =>$this->_post('lang'), 'dateformat'=>$this->_post('dateformat'), 'htmleditormode'=>$this->_post('htmleditormode'), + 'questionselectormode'=> $this->_post('questionselectormode'), 'templateeditormode'=> $this->_post('templateeditormode')); + $uresult = User::model()->update(Yii::app()->session['loginID'],$data); + Yii::app()->session['adminlang'] = $this->_post('lang'); + Yii::app()->session['htmleditormode'] = $this->_post('htmleditormode'); + Yii::app()->session['questionselectormode'] = $this->_post('questionselectormode'); + Yii::app()->session['templateeditormode'] = $this->_post('templateeditormode'); + Yii::app()->session['dateformat'] = $this->_post('dateformat'); + Yii::app()->session['flashmessage'] = $clang->gT("Your personal settings were successfully saved."); + } + $query = User::model()->getSomeRecords(array("lang"),array("uid"=>$this->session->userdata("loginID"))); + $data['sSavedLanguage']=reset($query->read()); + + $data['clang']=$clang; + + $this->getController()->_getAdminHeader(); + $this->getController()->_showadminmenu(); + $this->load->view("admin/user/personalsettings",$data); + $this->getController()->_getAdminFooter("http://docs.limesurvey.org", Yii::app()->lang->gT("LimeSurvey online manual")); + } + + function _getUserNameFromUid($uid){ + $uid = sanitize_int($uid); + $result = User::model()->getSomeRecords(array('users_name', 'uid'), array('uid' => $uid)); + + if(count($result) > 0) { + foreach($result->read() as $rows){ + return $rows['users_name']; + } + } + } + + function _refreshtemplates() { + $template_a = gettemplatelist(); + foreach ($template_a as $tp=>$fullpath) { + // check for each folder if there is already an entry in the database + // if not create it with current user as creator (user with rights "create user" can assign template rights) + $result = Templates::model()->getSomeRecords(array('folder' => $tp)); + + if (count($result) == 0) { + $post=new Templates; + $post->folder = $tp; + $post->creator = Yii::app()->session['loginID']; + $post->save(); + } + } + return true; + } +} diff --git a/application/models/Survey.php b/application/models/Survey.php index 1c2caa59bc7..e4ba21a5bc5 100644 --- a/application/models/Survey.php +++ b/application/models/Survey.php @@ -100,19 +100,25 @@ public function getAllRecords($condition=FALSE) return $data; } - + /** + * Returns users meeting given condition + * + * @access public + * @return string + */ public function getSomeRecords($fields,$condition=FALSE) { - foreach ($fields as $field) - { - $this->db->select($field); - } + $criteria = new CDbCriteria; + if ($condition != FALSE) - { - $this->db->where($condition); + { + foreach ($condition as $item => $value) + { + $criteria->addCondition($item.'="'.$value.'"'); + } } - - $data = $this->db->get('surveys'); + + $data = $this->findAll($criteria); return $data; } diff --git a/application/views/admin/user/editusers.php b/application/views/admin/user/editusers.php index e446e8f07b6..ee044104550 100644 --- a/application/views/admin/user/editusers.php +++ b/application/views/admin/user/editusers.php @@ -7,20 +7,20 @@ gT("Username");?> gT("Email");?> gT("Full name");?> -session->userdata('USER_RIGHT_SUPERADMIN') == 1) { ?> +session['USER_RIGHT_SUPERADMIN'] == 1) { ?> gT("No of surveys");?> gT("Created by");?> -
+ ' />
-session->userdata('USER_RIGHT_DELETE_USER') == 1 ) { ?> +session['USER_RIGHT_DELETE_USER'] == 1 ) { ?>
@@ -35,7 +35,7 @@ -session->userdata('USER_RIGHT_SUPERADMIN') == 1) { ?> +session['USER_RIGHT_SUPERADMIN'] == 1) { ?> @@ -51,7 +51,7 @@ - session->userdata('USER_RIGHT_SUPERADMIN') == 1 || $usr['uid'] == $_SESSION['loginID'] || ($this->session->userdata('USER_RIGHT_CREATE_USER') == 1 && $usr['parent_id'] == $this->session->userdata('loginID'))) { ?> + session['USER_RIGHT_SUPERADMIN'] == 1 || $usr['uid'] == $_SESSION['loginID'] || (Yii::app()->session['USER_RIGHT_CREATE_USER'] == 1 && $usr['parent_id'] == $this->session->userdata('loginID'))) { ?> diff --git a/application/views/admin/user/setuserrights.php b/application/views/admin/user/setuserrights.php index d09cdba9e6d..a7f8e141ed0 100644 --- a/application/views/admin/user/setuserrights.php +++ b/application/views/admin/user/setuserrights.php @@ -1,9 +1,9 @@ - + @@ -12,20 +12,20 @@ $userlist = getuserlist(); foreach ($userlist as $usr) { if ($usr['uid'] == $postuserid) { - $squery = "SELECT create_survey, configurator, create_user, delete_user, superadmin, participant_panel,manage_template, manage_label FROM ".$this->db->dbprefix("users")." WHERE uid=".$this->session->userdata('loginID'); // added by Dennis + $squery = "SELECT create_survey, configurator, create_user, delete_user, superadmin, participant_panel,manage_template, manage_label FROM {{users}} WHERE uid=".Yii::app()->session['loginID']; // added by Dennis $sresult = db_select_limit_assoc($squery); //Checked - $parent = $sresult->row_array(); + $parent = $sresult->read(); // Initial SuperAdmin has parent_id == 0 - $adminquery = "SELECT uid FROM ".$this->db->dbprefix("users")." WHERE parent_id=0"; + $adminquery = "SELECT uid FROM {{users}} WHERE parent_id=0"; $adminresult = db_select_limit_assoc($adminquery, 1); - $row=$adminresult->row_array(); + $row=$adminresult->read(); ?> session->userdata('loginID')) + if($row['uid'] == Yii::app()->session['loginID']) { // RENAMED AS SUPERADMIN echo "\n"; echo "\n"; @@ -55,7 +55,7 @@ session->userdata('loginID')) { + if($row['uid'] == Yii::app()->session['loginID']) { echo "
-gT("Set User Rights");?>: +gT("Set User Rights");?>:
".$clang->gT("SuperAdministrator")."".$clang->gT("Participant Panel")."