diff --git a/admin/usercontrol.php b/admin/usercontrol.php
index a652a8e3f55..00b443f6bdb 100644
--- a/admin/usercontrol.php
+++ b/admin/usercontrol.php
@@ -1,94 +1,75 @@
>> PHPSurveyor #
- #############################################################
- # > Author: Jason Cleeland #
- # > E-mail: jason@cleeland.org #
- # > Mail: Box 99, Trades Hall, 54 Victoria St, #
- # > CARLTON SOUTH 3053, AUSTRALIA
- # > Date: 20 February 2003 #
- # #
- # This set of scripts allows you to develop, publish and #
- # perform data-entry on surveys. #
- #############################################################
- # #
- # Copyright (C) 2003 Jason Cleeland #
- # #
- # This program is free software; you can redistribute #
- # it and/or modify it under the terms of the GNU General #
- # Public License as published by the Free Software #
- # Foundation; either version 2 of the License, or (at your #
- # option) any later version. #
- # #
- # This program is distributed in the hope that it will be #
- # useful, but WITHOUT ANY WARRANTY; without even the #
- # implied warranty of MERCHANTABILITY or FITNESS FOR A #
- # PARTICULAR PURPOSE. See the GNU General Public License #
- # for more details. #
- # #
- # You should have received a copy of the GNU General #
- # Public License along with this program; if not, write to #
- # the Free Software Foundation, Inc., 59 Temple Place - #
- # Suite 330, Boston, MA 02111-1307, USA. #
- #############################################################
+#############################################################
+# >>> PHPSurveyor #
+#############################################################
+# > Author: Jason Cleeland #
+# > E-mail: jason@cleeland.org #
+# > Mail: Box 99, Trades Hall, 54 Victoria St, #
+# > CARLTON SOUTH 3053, AUSTRALIA
+# > Date: 20 February 2003 #
+# #
+# This set of scripts allows you to develop, publish and #
+# perform data-entry on surveys. #
+#############################################################
+# #
+# Copyright (C) 2003 Jason Cleeland #
+# #
+# This program is free software; you can redistribute #
+# it and/or modify it under the terms of the GNU General #
+# Public License as published by the Free Software #
+# Foundation; either version 2 of the License, or (at your #
+# option) any later version. #
+# #
+# This program is distributed in the hope that it will be #
+# useful, but WITHOUT ANY WARRANTY; without even the #
+# implied warranty of MERCHANTABILITY or FITNESS FOR A #
+# PARTICULAR PURPOSE. See the GNU General Public License #
+# for more details. #
+# #
+# You should have received a copy of the GNU General #
+# Public License along with this program; if not, write to #
+# the Free Software Foundation, Inc., 59 Temple Place - #
+# Suite 330, Boston, MA 02111-1307, USA. #
+#############################################################
*/
+include("classes/htaccess.class.php");
+
if (empty($homedir)) {die("Cannot run this script directly");}
if ($accesscontrol <> 1) {exit;}
-if (!file_exists("$homedir/.htaccess"))
+//REDIRECT EVERYTHING HERE IF THERE IS NO .htaccess FILE.
+if (!file_exists("$homedir/.htaccess") && $action == "setup")
+{
+
+ $addsummary = "
"._("Creating default htaccess file")."
\n";
+ $ht = new htaccess("$homedir/.htaccess","$homedir/.htpasswd");
+ $ht->setAuthType("Basic");
+ $ht->setAuthName("PHPSurveyor Admin Interface");
+
+ $addsummary .= _("Security Levels are now set up!")."
\n
\n";
+ $addsummary .= ""._("Continue")."\n";
+
+ $addsummary = "
"._("Creating default users")."
\n";
+
+ $ht->addUser($defaultuser,$defaultpass);
+
+ if (file_exists("$homedir/.htpasswd"))
{
- //REDIRECT EVERYTHING HERE IF THERE IS NO .htaccess FILE.
- if ($action == "setup")
- {
- //DON'T DO ANYTHING UNLESS IT HAS BEEN ASKED FOR
- //CREATE HTACCESS FILE
- $addsummary = "
"._("Creating default htaccess file")."
\n";
- $fname="$homedir/.htaccess";
- echo "";
- $handle=fopen($fname, 'a') or die ("\n\n\n"._("Error")."
\n"._("Couldn't create htaccess file. Check your config.php for \$homedir setting, and that you have write permission in the correct directory.")."\n"._("Main Admin Screen")." \n | \n
\n
\n");
- echo "";
- fputs($handle, $htaccess);
- fclose($handle);
- $addsummary .= _("Security Levels are now set up!")."
\n
\n";
- $addsummary .= ""._("Continue")."\n";
-
- //CREATE DEFAULT USER AND PASS
- $addsummary = "
"._("Creating default users")."
\n";
- if (isset($htpasswddir) && $htpasswddir) {$htpasswd = "\"$htpasswddir/htpasswd\"";} else {$htpasswd = "htpasswd";}
-
- # Form command line. Redirect STDERR to STDOUT using 2>&1
- $command = "$htpasswd -bc .htpasswd $defaultuser $defaultpass 2>&1";
- $addsummary .= "".htmlspecialchars($command)."
\n
\n";
-
- exec($command, $CommandResult, $CommandStatus);
- if ($CommandStatus) //0=success, for other possibilities see http://httpd.apache.org/docs/programs/htpasswd.html
- {
- $addsummary .= "";
- $addsummary .= "\$CommandStatus = $CommandStatus\n";
- $addsummary .= "\$CommandResult = \n";
- foreach ($CommandResult as $Line) {$addsummary .= "$Line\n";}
- $addsummary .= "\n";
- }
-
- if (file_exists("$homedir/.htpasswd"))
- {
- $addsummary .= _("Updating users table")."
\n";
- $uquery="INSERT INTO ".db_table_name('users')." VALUES ('$defaultuser', '$defaultpass', '5')";
- $uresult=$connect->Execute($uquery);
- }
- else
- {
- unlink($fname);
- $addsummary .= _("Error occurred creating htpasswd file")."
\n"._("If you are using a windows server it is recommended that you copy the apache htpasswd.exe file into your admin folder for this function to work properly. This file is usually found in /apache group/apache/bin/")."
\n";
- }
- $addsummary .= "
\n"._("Continue")."
\n";
- }
+ $addsummary .= _("Updating users table")."
\n";
+ $uquery="INSERT INTO ".db_table_name('users')." VALUES ('$defaultuser', '$defaultpass', '5')";
+ $uresult=$connect->Execute($uquery);
+ $ht->addLogin();
}
-
-elseif ($action == "deleteall")
+ else
{
+ $addsummary .= _("Error occurred creating htpasswd file")."
\n"._("If you are using a windows server it is recommended that you copy the apache htpasswd.exe file into your admin folder for this function to work properly. This file is usually found in /apache group/apache/bin/")."
\n";
+ }
+ $addsummary .= "
\n"._("Continue")."
\n";
+}
+elseif ($action == "deleteall")
+{
$addsummary = "
"._("Removing security settings")."..
\n";
$fname1="$homedir/.htaccess";
unlink($fname1);
@@ -98,103 +79,74 @@
$dr=$connect->Execute($dq);
$addsummary .= _("Access file, password file and user database deleted");
$addsummary .= "
"._("Main Admin Screen")."
\n";
- }
-
+}
+
elseif ($action == "adduser")
- {
+{
$addsummary = "
"._("Adding User")."
\n";
$user=preg_replace("/\W/","",$user);
- $pass=preg_replace("/\W/","",$pass);
+ $pass=preg_replace("/\W/","",$pass);
if ($user && $pass)
- {
- if (isset($htpasswddir) && $htpasswddir) {$htpasswd="\"$htpasswddir/htpasswd\"";} else {$htpasswd="htpasswd";}
- $command="$htpasswd -b .htpasswd $user $pass 2>&1";
- exec($command, $CommandResult, $CommandStatus);
- if ($CommandStatus) //0=success, for other possibilities see http://httpd.apache.org/docs/programs/htpasswd.html
- {
- $addsummary .= ""
- . "\$CommandStatus = $CommandStatus\n"
- . "\$CommandResult = \n";
- foreach ($CommandResult as $Line) {$addsummary .= "$Line\n";}
- $addsummary .= "\n";
- }
+ {
+ $ht = new htaccess("$homedir/.htaccess","$homedir/.htpasswd");
+ $ht->addUser($user,$pass);
$uquery = "INSERT INTO ".db_table_name('users')." VALUES ('$user', '$pass', '{$_POST['level']}')";
$uresult = $connect->Execute($uquery);
$addsummary .= "
"._("Username").": $user
"._("Password").": $pass
";
- }
+ }
else
- {
+ {
$addsummary .= _("Could not add user. Username and/or password were not supplied")."
\n";
- }
- $addsummary .= "
"._("Continue")."
\n";
}
+ $addsummary .= "
"._("Continue")."
\n";
+}
elseif ($action == "deluser")
- {
+{
$addsummary = "
"._("Deleting User")."
\n";
if ($user)
- {
- $fname="$homedir/.htpasswd";
- $htpasswds = file($fname);
- foreach ($htpasswds as $htp)
- {
- list ($fuser, $fpass) = split(":", $htp);
- if ($fuser == $user)
- {
- //$addsummary .= "User found!
\n";
- }
- else
- {
- $newhtpasswd[]=$htp;
- }
- }
- //WRITE FILE
- $nfname="$homedir/.htpasswd";
- $fp = fopen($nfname,"w");
- foreach ($newhtpasswd as $nhtp)
- {
- fputs($fp, $nhtp);
- }
- fclose($fp);
+ {
+ $ht = new htaccess("$homedir/.htaccess","$homedir/.htpasswd");
+ $ht->delUser($user);
//DELETE USER FROM TABLE
$dquery="DELETE FROM ".db_table_name('users')." WHERE user='$user'";
$dresult=$connect->Execute($dquery);
- }
+ }
else
- {
+ {
$addsummary .= "
"._("Could not delete user. Username was not supplied.")."
\n";
- }
- $addsummary .= "
"._("Continue")."
\n";
}
+ $addsummary .= "
"._("Continue")."
\n";
+}
elseif ($action == "moduser")
- {
+{
$addsummary = "
"._("Modifying User")."
\n";
$user=preg_replace("/\W/","",$user);
- $pass=preg_replace("/\W/","",$pass);
+ $pass=preg_replace("/\W/","",$pass);
if ($user && $pass)
- {
+ {
//$addsummary .= "Modifying user $user with password $pass
\n";
if ($htpasswddir) {$htpasswd = "\"$htpasswddir/htpasswd\"";} else {$htpasswd = "htpasswd";}
$command="$htpasswd -b .htpasswd $user $pass 2>&1";
exec($command, $CommandResult, $CommandStatus);
if ($CommandStatus) //0=success, for other possibilities see http://httpd.apache.org/docs/programs/htpasswd.html
- {
+ {
$addsummary .= "";
$addsummary .= "\$CommandStatus = $CommandStatus\n";
$addsummary .= "\$CommandResult = \n";
foreach ($CommandResult as $Line) {$addsummary .= "$Line\n";}
$addsummary .= "\n";
- }
+ }
$uquery = "UPDATE ".db_table_name('users')." SET password='$pass', security='{$_POST['level']}' WHERE user='$user'";
$uresult = $connect->Execute($uquery);
-
+
$addsummary .= "
"._("Username").": $user
"._("Password").": $pass
\n";
- }
+ }
else
- {
+ {
$addsummary .= _("Could not modify user. Username and/or password were not supplied");
- }
- $addsummary .= "
"._("Continue")."
\n";
}
+ $addsummary .= "
"._("Continue")."
\n";
+}
?>