Permalink
Browse files

Big commit, adding some user management features.

* removed all instances of nickname.  Habari users now only have a 
username.  If this decision stays, we should probably rename the 
"username" column to simply "name":  $user->username is a bit redundant.

* added a Users admin menu item, and associated page.  This lists all 
the users on the system, and displays some basic info about each 
account.  Provides a link to each user's profile page.

* added a form to create new users on the /admin/users page. (ticket 
#15) Needs more error checking, probably.

* when viewing another user's profile at /admin/user/foo, there is a 
button to delete that user.  (ticket #43).  You may not currently delete 
your own user account.  Deleting a user does not modify the post table 
at all: opening a new ticket to track this defect.

We need some form of authorization, to determine which users can create 
and delete accounts, as well as who can modify which accounts.



git-svn-id: https://svn.habariproject.org/habari/trunk/htdocs/system@167 653ae4dd-d31e-0410-96ef-6bf7bf53c507
  • Loading branch information...
1 parent 43e647b commit 9137439b5f523d9796400eb0a05a701b21ae8607 Scott Merrill committed Nov 11, 2006
Showing with 251 additions and 97 deletions.
  1. +2 −1 admin/header.php
  2. +83 −9 admin/user.php
  3. +55 −0 admin/users.php
  4. +93 −11 classes/adminhandler.php
  5. +0 −1 classes/installer.php
  6. +7 −2 classes/posts.php
  7. +1 −0 classes/url.php
  8. +10 −2 classes/user.php
  9. +0 −70 classes/userhandler.php
  10. +0 −1 schema/schema.mysql.php
View
@@ -7,14 +7,15 @@
<body>
<div id="page">
<div id="header">
- <h1>Welcome back <?php echo User::identify()->nickname; ?> &raquo; <a href="<?php Options::out('base_url'); ?>" title="View <?php Options::out('title'); ?>">view site</a> + <a href="<?php echo URL::out('admin', 'page=user'); ?>" title="<?php URL::out('admin', 'page=profile'); ?>">edit your profile</a> + <a href="<?php URL::out('logout'); ?>" title="logout of Habari">logout</a></h1>
+ <h1>Welcome back <?php echo User::identify()->username; ?> &raquo; <a href="<?php Options::out('base_url'); ?>" title="View <?php Options::out('title'); ?>">view site</a> + <a href="<?php echo URL::out('admin', 'page=user'); ?>" title="<?php URL::out('admin', 'page=profile'); ?>">edit your profile</a> + <a href="<?php URL::out('logout'); ?>" title="logout of Habari">logout</a></h1>
</div>
<div id="menu">
<ul id="menu-items">
<?php $page = empty(URL::o()->settings['page']) ? 'overview' : URL::o()->settings['page']; ?>
<li <?php echo ($page == 'overview') ? 'id="current-item"' : ''; ?>><a href="<?php Options::out('base_url'); ?>admin/" title="Overview of your site">Overview</a></li>
<li <?php echo ($page == 'content') ? 'id="current-item"' : ''; ?>><a href="<?php URL::out('admin', 'page=content'); ?>" title="Edit the content of your site">Content</a></li>
<li <?php echo ($page == 'options') ? 'id="current-item"' : ''; ?>><a href="<?php URL::out('admin', 'page=options'); ?>" title="edit your site options">Options</a></li>
+ <li <?php echo ($page == 'users') ? 'id="current-item" ' : ''; ?>><a href="<?php URL::out('admin', 'page=users'); ?>" title="manage users">Users</a></li>
<li <?php echo ($page == 'themes') ? 'id="current-item"' : ''; ?>><a href="<?php URL::out('admin', 'page=themes'); ?>" title="manage your sites themes">Themes</a></li>
<li <?php echo ($page == 'plugins') ? 'id="current-item"' : ''; ?>><a href="<?php URL::out('admin', 'page=plugins'); ?>" title="edit your sites plugins">Plugins</a></li>
</ul>
View
@@ -1,25 +1,52 @@
<?php
- $user = User::identify();
- if ( ! $user )
+ $currentuser = User::identify();
+ if ( ! $currentuser )
{
die;
}
+ // are we looking at the current user's profile, or someone else's?
+ // $settings['option'] will contain the username specified on the URL
+ // http://example.com/admin/user/skippy
+ if ( isset( $settings['option'] ) && ( $settings['option'] != $currentuser->username ) )
+ {
+ $user = User::get( $settings['option'] );
+ if ( ! $user )
+ {
+ echo "No such user!";
+ die;
+ }
+ $who = $user->username;
+ $possessive = $user->username . "'s";
+ }
+ else
+ {
+ $user = $currentuser;
+ $who = "You";
+ $possessive = "Your";
+ }
+if ( isset( $settings['result']) && 'deleted' == $settings['results'] )
+{
+ echo "The user has been deleted.";
+}
+else
+{
?>
-<div id="content-area">
- <h3>Your Profile</h3>
+<div style="width: 45%; float: left; border-right: 1px solid #000; text-align: left;">
+ <h3><?php echo $possessive; ?> Profile</h3>
<?php
- if ( isset( $settings['results'] ) && 'success' == $settings['results'] )
+ if ( isset( $settings['results'] ) && 'success' == $settings['results'] )
{
- echo "<p><strong>Your profile has been updated!</strong></p>";
+ echo "<p><strong>" . $possessive . " profile has been updated!</strong></p>";
}
else
{
- echo "<p>Below are the data that Habari knows about you.</p>";
+ echo "<p>Below are the data that Habari knows about " . $who . ".</p>";
}
?>
<form name="update-profile" id="update-profile" action="<?php Options::out('base_url'); ?>admin/user" method="post">
- <p><label>Nickname:</label></p>
- <p><input type="text" name="nickname" value="<?php echo $user->nickname; ?>" /></p>
+ <input type="hidden" name="user_id" value="<?php echo $user->id; ?>" />
+ <p><label>Username:</label></p>
+ <p><input type="text" name="username" value="<?php echo $user->username; ?>" /></p>
<p><label>Email address:</label></p>
<p><input type="text" name="email" value="<?php echo $user->email; ?>"/></p>
<p><label>New Password:</label></p>
@@ -34,3 +61,50 @@
<p><input type="submit" value="Update Profile!" /></p>
</form>
</div>
+<div style="width: 45%; float: left; margin-left: 2px;">
+<?php
+if ( Posts::count_by_author( $user->id, Post::STATUS_PUBLISHED ) )
+{
+ echo $possessive ." five most recent published posts:<br />\n";
+ echo "<ul>\n";
+ foreach ($posts = Posts::get( array( 'user_id' => $user->id,
+ 'limit' => 5,
+ 'status' => Post::STATUS_PUBLISHED,
+ ) ) as $post )
+ {
+ echo '<li><a href="' . $post->permalink . '">' . $post->title ."</a></li>\n";
+ }
+ echo "</ul>\n";
+}
+else
+{
+ echo "<p>No published posts.</p>\n";
+}
+if ( $user == $currentuser )
+{
+ echo $possessive . 'five most recent draft posts:<br /><ul>';
+ foreach ($posts = Posts::get( array( 'user_id' => $user->id,
+ 'limit' => 5,
+ 'status' => Post::STATUS_DRAFT,
+ ) ) as $post )
+ {
+ echo '<li><a href="' . $post->permalink . '">' . $post->title . "</a></li>\n";
+ }
+ echo "</ul>\n";
+}
+echo "<p></p>\n";
+if ( $user != $currentuser )
+{
+ echo "<form method='post'>";
+ echo "<div style='width: 100%, background: red;'>\n";
+ echo "<input type='hidden' name='delete' value='user' />\n";
+ echo "<input type='hidden' name='user_id' value='" . $user->id . "' />\n";
+ echo "<input type='submit' value='DELETE USER' />\n";
+ echo "</form>\n";
+}
+?>
+</div>
+<div style="clear: both;"></div>
+<?php
+}
+?>
View
@@ -0,0 +1,55 @@
+<?php
+$currentuser = User::identify();
+if ( ! $currentuser )
+{
+ die;
+}
+if ( isset( $settings['message'] ) && ( '' != $settings['message'] ) )
+{
+ echo "<p><strong>" . $settings['message'] . "</strong></p>";
+}
+?>
+<div style="width: 45%; float: left; border-right: 1px solid #000; text-align: left;">
+<strong>Users</strong>
+<ul>
+<?php
+foreach ( User::get_all() as $user )
+{
+ if ( $user->username == $currentuser->username )
+ {
+ $url = Url::get('admin', 'page=user');
+ }
+ else
+ {
+ $url = Url::get('admin', 'page=user/' . $user->username);
+ }
+ echo '<li>';
+ echo '<a href="' . $url . '">' . $user->username . '</a><br />';
+ echo Posts::count_by_author( $user->id, Post::STATUS_PUBLISHED ) . ' published posts, ' . Posts::count_by_author( $user->id, Post::STATUS_DRAFT ) . ' pending drafts, and ' . Posts::count_by_author( $user->id, Post::STATUS_PRIVATE ) . ' private posts.';
+ echo '</li>';
+}
+?>
+</ul>
+</div>
+<div style="width: 45%; float: left; margin-left: 2px;">
+<?php
+if ( isset( $settings['error'] ) && ( '' != $settings['error'] ) )
+{
+ echo "<p><strong>" . $settings['error'] . "</strong></p>";
+}
+?>
+<form method="post">
+<strong>Add a new user</strong><br />
+Username:<br />
+<input type="text" size="40" name="username" value="<?php echo ( isset( $settings['username'] ) ) ? $settings['username'] : ''; ?>" /><br />
+Email:<br />
+<input type="text" size="40" name="email" value="<?php echo ( isset( $settings['email'] ) ) ? $settings['email'] : ''; ?>" /><br />
+Password (twice to confirm):<br />
+<input type="password" size="40" name="pass1" /><br />
+<input type="password" size="40" name="pass2" /><br />
+<input type="hidden" name="action" value="newuser" />
+<input type="submit" value="Add User" />
+</form>
+</div>
+<div style="clear: both;"></div>
+
@@ -161,24 +161,48 @@ function post_user ( $settings )
// keep track of whether we actually need to update any fields
$update = 0;
$results = '';
- $user = User::identify();
- foreach ( array ('nickname', 'email' ) as $field )
+ $currentuser = User::identify();
+ $user = $currentuser;
+ if ( $currentuser->id != $settings['user_id'] )
+ {
+ // user is editing someone else's profile
+ // load that user account
+ $user = User::get( $settings['user_id'] );
+ $results = '/' . $user->username;
+ }
+ // are we deleting a user?
+ if ( isset( $settings['delete'] ) && ( 'user' == $settings['delete'] ) )
{
- // for each of the other fields in the user table,
- // see if it needs to be updated
- if ( $user->$field != $settings[$field] )
+ // extra safety check here
+ if ( isset( $settings['user_id'] ) && ( $currentuser->id != $settings['user_id'] ) )
{
- $user->$field = $settings[$field];
- $update = 1;
+ $username = $user->username;
+ $user->delete();
+ $results = 'deleted';
}
}
- // see if the user is changing their password
- if ( '' != $settings['pass1'] )
+ if ( isset( $settings['username'] ) && ( $user->username != $settings['username'] ) )
{
- if ( $settings['pass1'] == $settings['pass2'])
+ $user->username = $settings['username'];
+ $update = 1;
+ $results = '/' . $settings['username'];
+ }
+ if ( isset( $settings['email'] ) && ( $user->email != $settings['email'] ) )
+ {
+ $user->email = $settings['email'];
+ $update = 1;
+ }
+ // see if a password change is being attempted
+ if ( isset( $settings['pass1'] ) && ( '' != $settings['pass1'] ) )
+ {
+ if ( isset( $settings['pass2'] ) && ( $settings['pass1'] == $settings['pass2'] ) )
{
$user->password = sha1($settings['pass1']);
- $user->remember();
+ if ( $user == $currentuser )
+ {
+ // update the cookie for the current user
+ $user->remember();
+ }
$update = 1;
}
else
@@ -194,6 +218,64 @@ function post_user ( $settings )
Utils::redirect( URL::get( 'admin', "page=user$results" ) );
}
+ /**
+ * public function post_users
+ * Handles post requests from the Users listing (ie: creating a new user)
+ * @param array An associative array of content found in the url, $_POST array, and $_GET array
+ **/
+ public function post_users( $settings )
+ {
+ $user = User::identify();
+ if ( ! $user )
+ {
+ die ('Naughty naughty!');
+ }
+ $error = '';
+ if ( isset( $settings['action'] ) && ( 'newuser' == $settings['action'] ) )
+ {
+ // basic safety checks
+ if ( ! isset( $settings['username'] ) || '' == $settings['username'] )
+ {
+ $error .= 'Please supply a user name!<br />';
+ }
+ if ( ! isset( $settings['email'] ) ||
+ ( '' == $settings['username'] ) ||
+ ( ! strstr($settings['email'], '@') ) )
+ {
+ $error .= 'Please supply a valid email address!<br />';
+ }
+ if ( ( ! isset( $settings['pass1'] ) ) ||
+ ( ! isset( $settings['pass2'] ) ) ||
+ ( '' == $settings['pass1'] ) ||
+ ( '' == $settings['pass2'] ) )
+ {
+ $error .= 'Password mis-match!<br />';
+ }
+ if ( ! $error )
+ {
+ $user = new User ( array(
+ 'username' => $settings['username'],
+ 'email' => $settings['email'],
+ 'password' => sha1($settings['pass1']),
+ ) );
+ if ( $user->insert() )
+ {
+ $settings['message'] = 'User ' . $settings['username'] . ' created!<br />';
+ // clear out the other variables
+ $settings['username'] = '';
+ $settings['email'] = '';
+ $settings['pass1'] = '';
+ $settings['pass2'] = '';
+ }
+ else
+ {
+ $dberror = DB::get_last_error();
+ $error .= $dberror[2];
+ }
+ }
+ }
+ }
+
}
?>
@@ -77,7 +77,6 @@ static function installhandler()
$password = sha1($_POST['password']);
$admin = new User(array (
'username'=>$_POST['username'],
- 'nickname'=>'admin',
'email'=>$_POST['email'],
'password'=>$password
));
View
@@ -92,6 +92,11 @@ static function get( $paramarray = array() )
$where[] = "slug = ?";
$params[] = $slug;
}
+ if ( isset( $user_id ) )
+ {
+ $where[] = "user_id = ?";
+ $params[] = $user_id;
+ }
if ( isset( $tag ) ) {
$join .= ' JOIN habari__tags ON habari__posts.slug = habari__tags.slug';
// Need tag expression parser here.
@@ -144,9 +149,9 @@ static function get( $paramarray = array() )
* @param mixed a status value to filter posts by; if FALSE, then no filtering will be performed (default: Post::STATUS_PUBLISHED)
* @return int the number of posts by the specified author
**/
- public static function count_by_author( $author = '', $status = Post::STATUS_PUBLISHED )
+ public static function count_by_author( $user_id = '', $status = Post::STATUS_PUBLISHED )
{
- $params = array( 'author' => $author, 'count' => 'id');
+ $params = array( 'user_id' => $user_id, 'count' => 'id');
if ( FALSE !== $status )
{
$params['status'] = $status;
View
@@ -363,6 +363,7 @@ protected function init_rules()
**/
// admin rules
$this->rules[] = array('"admin"/page', 'AdminHandler', 'admin');
+ $this->rules[] = array('"admin"/page/option', 'AdminHandler', 'admin');
$this->rules[] = array('"admin"', 'AdminHandler', 'admin');
$this->rules[] = array('"feedback"', 'ContentHandler', 'add_comment');
$this->rules[] = array('"admin"/"ajax"/action', 'AjaxHandler', 'ajaxhandler');
View
@@ -19,7 +19,6 @@ public static function default_fields()
return array(
'id' => '',
'username' => '',
- 'nickname' => '',
'email' => '',
'password' => ''
);
@@ -91,7 +90,16 @@ public function insert()
*/
public function update()
{
- return parent::update( 'habari__users' );
+ return parent::update( 'habari__users', array( 'id' => $this->id ) );
+ }
+
+ /**
+ * function delete
+ * delete a user account
+ **/
+ public function delete()
+ {
+ return parent::delete( 'habari__users', array( 'id' => $this->id ) );
}
/**
Oops, something went wrong.

0 comments on commit 9137439

Please sign in to comment.