Update manage_user.php and get rid of security stuff currently only used in Pirates@Home.

svn path=/trunk/boinc/; revision=12286
This commit is contained in:
Rytis Slatkevičius 2007-03-29 19:17:13 +00:00
parent 72746be4fb
commit d72c002779
1 changed files with 105 additions and 58 deletions

View File

@ -3,8 +3,10 @@
* Manage user settings * Manage user settings
* *
* Displays user settings, allows one to control special user status * Displays user settings, allows one to control special user status
* and forum suspension (banishment). Put this in html/ops * and forum suspension (banishment). Put this in html/ops,
* (or could be used by moderators for bans < 24 hrs).
* *
* @(#) $Id$
\***********************************************************************/ \***********************************************************************/
require_once("../inc/util.inc"); require_once("../inc/util.inc");
@ -14,49 +16,70 @@ require_once("../inc/util_ops.inc");
require_once("../inc/profile.inc"); require_once("../inc/profile.inc");
require_once("../project/project.inc"); require_once("../project/project.inc");
// Stuff for user roles and wiki interface.
// (Should work even if you comment these out)
/**
require_once("../include/roles.php");
require_once("../include/mediawiki.php");
**/
db_init(); db_init();
$logged_in_user = get_logged_in_user(true); $is_admin = true;
$logged_in_user= getForumPreferences($logged_in_user); $Nbf = sizeof($special_user_bitfield);
if( function_exists('is_Administrator') ){ // only (now) on Pirates@Home /**
if( !is_Administrator($logged_in_user) ){ * Process user search form
error_page("You must be a project administrator to use this page."); */
$matches="";
if( isset($_POST['search_submit']) ){
$search_name = post_str('search_text');
$search_name = process_user_text(strip_tags($search_name));
if( !empty($search_name) ){
$result = mysql_query("SELECT * FROM user WHERE name='$search_name'");
if( mysql_num_rows($result)==1 ) {
$user = mysql_fetch_object($result);
mysql_free_result($result);
}
else {
$q = "SELECT * FROM user WHERE name LIKE '%".$search_name."%'";
$result = mysql_query($q);
if( mysql_num_rows($result)==1 ) {
$user = mysql_fetch_object($result);
mysql_free_result($result);
}
if( mysql_num_rows($result)>1 ) {
while( $row = mysql_fetch_object($result) ){
if( !empty($matches) ) $matches .= ", ";
$matches .= $row->name;
}
mysql_free_result($result);
} }
} }
}
}
/**
* Look up the user
*/
$id = get_int("userid", true); $id = get_int("userid", true);
if(!isset($id) ) $id = post_int("userid", true); if( empty($id) ) $id = post_int("userid", true);
if( !empty($id) ){
if( !$id || !is_numeric($id) || $id <= 0 ) {
error_page("Must specify a userid");
}
// Look up the user
$user = lookup_user_id($id); $user = lookup_user_id($id);
if( !$user ) {
error_page("Cannot find user $id");
} }
$self = $_SERVER['PHP_SELF']; // but clear if page was reset (forcing search form)
$Nbf = sizeof($special_user_bitfield);
if( isset($_POST['reset_page']) ){
unset($user);
}
/** /**
* Process special user settings * Process special user settings
*/ */
if( isset($_POST['special_user']) ){ if( isset($_POST['special_user']) && $user && $is_admin ){
$bits=""; $bits="";
for($i=0;$i<$Nbf;$i++) { for($i=0;$i<$Nbf;$i++) {
$bits .= $_POST['special_user_'.$i] ? "1" : "0" ; $bits .= $_POST['special_user_'.$i] ? "1" : "0" ;
@ -70,14 +93,16 @@ if( isset($_POST['special_user']) ){
* Process a suspension: * Process a suspension:
*/ */
if( isset($_POST['suspend_submit']) ){ if( isset($_POST['suspend_submit']) && !empty($user) && $is_admin ){
$dt = post_int('suspend_for',true); $dt = post_int('suspend_for',true);
if( user_has_permission('moderator') ){
if( $is_admin || ($is_mod && $dt < 86400) ){
$reason = $_POST['suspend_reason']; $reason = $_POST['suspend_reason'];
if( $dt > 0 && empty($reason) ) { if( $dt > 0 && empty($reason) ) {
error_page("You must supply a reason for a suspension. error_page("You must supply a reason for a suspension.
<p><a href='$self?userid=$user->id'>Try again</a>"); <p><a href='$self?userid=$user->id'>Try again</a>");
} else { }
else {
if( is_numeric($dt) ) { if( is_numeric($dt) ) {
$t = time()+$dt; $t = time()+$dt;
$q = "UPDATE forum_preferences SET banished_until=$t WHERE userid=$id"; $q = "UPDATE forum_preferences SET banished_until=$t WHERE userid=$id";
@ -117,18 +142,18 @@ have been restored by ".$logged_in_user->name."\n";
$admin->email_addr = $email; $admin->email_addr = $email;
send_email($admin, $subject, $body); send_email($admin, $subject, $body);
} }
}//numerical($dt)
}//
} }
} }
}// suspend_submit }// suspend_submit
// Now update from whatever was set // Now update from whatever might have been set above
if( !empty($user) ) {
$user=getForumPreferences($user); $user=getForumPreferences($user);
}
/******************************** /********************************
* Output: * Output:
@ -138,6 +163,8 @@ admin_page_head("User Management: $user->name");
echo "\n<link rel='stylesheet' type=text/css href='". URL_BASE. "new_forum.css'>\n"; echo "\n<link rel='stylesheet' type=text/css href='". URL_BASE. "new_forum.css'>\n";
echo "\n<link rel='stylesheet' type=text/css href='" .URL_BASE. "arrgh.css'>\n"; echo "\n<link rel='stylesheet' type=text/css href='" .URL_BASE. "arrgh.css'>\n";
echo "<h2>User Managment</h2>\n";
if (!defined("POST_REPORT_EMAILS")) { if (!defined("POST_REPORT_EMAILS")) {
echo "<p><font color='RED'> echo "<p><font color='RED'>
There is no addministrative e-mail address defined for reporting problems There is no addministrative e-mail address defined for reporting problems
@ -146,16 +173,39 @@ or abuse in the forums. Please define POST_REPORT_EMAILS in project.inc
} }
echo "<form name='manage_user' action='$self' method='POST'> echo "<form name='manage_user' action='$self' method='POST'>
<input type='hidden' name='userid' value='$id'> \n"; <input type='hidden' name='userid' value='". $user->id."'> \n";
start_table(); start_table();
row1("<b>User: </b> ".$user->name
if( empty($user->id) ) {
if( !empty($search_name) ){
echo "No match found. ";
if( !empty($matches) ) {
echo " Partial matches are:
<blockquote> $matches </blockquote>\n";
}
}
echo " Enter user name:
<blockquote>
<input type='text' name='search_text' >
<input type='submit' name='search_submit' value='Search'>
</form>\n";
admin_page_tail();
exit();
}
row1("<b>User: </b> ".$user->name. "<br/>
Id# ". $user->id
. "<div align='right'> . "<div align='right'>
<input name='reset_page' type='submit' value='Reset'>
<input name='manage_user' type='submit' value='Update'></div>"); <input name='manage_user' type='submit' value='Update'></div>");
show_user_summary_public($user); show_user_summary_public($user);
show_profile_link($user); show_profile_link($user);
if( $is_admin ) {
row2("E-mail:", "$user->email_addr");
}
project_user_summary($user); project_user_summary($user);
//row2("E-mail:", $user->email_addr);
end_table(); end_table();
project_user_page_private($user); project_user_page_private($user);
@ -171,7 +221,7 @@ echo "\n\n<P>
<td width='50%' valign='TOP'> \n"; <td width='50%' valign='TOP'> \n";
echo "<form name='special_user' action='$self' method=\"POST\"> echo "<form name='special_user' action='$self' method=\"POST\">
<input type='hidden' name='userid' value='$id'> \n"; <input type='hidden' name='userid' value='".$user->id."'> \n";
start_table(); start_table();
row1("Special User Status: $user->name", $Nbf ); row1("Special User Status: $user->name", $Nbf );
@ -187,24 +237,23 @@ for($i=0;$i<$Nbf;$i++) {
} }
echo "</tr>"; echo "</tr>";
if( $is_admin ) {
echo "</tr><td colspan=$Nbf align='RIGHT'> echo "</tr><td colspan=$Nbf align='RIGHT'>
<input name='special_user' type='SUBMIT' value='Apply'> <input name='special_user' type='SUBMIT' value='Apply'>
</td></tr>\n"; </td></tr>\n";
}
end_table(); end_table();
echo "</form>\n"; echo "</form>\n";
echo "\n\n</td><td valign='TOP'>\n\n"; echo "\n\n</td><td valign='TOP'>\n\n";
/********************** /**********************
* Suspended posting privileges * Suspended posting privileges
*/ */
//function suspend_user_form($user) {
echo "<form name='banishment' action='$self' method=\"POST\"> echo "<form name='banishment' action='$self' method=\"POST\">
<input type='hidden' name='userid' value='$user->id'> \n"; <input type='hidden' name='userid' value='".$user->id."'> \n";
start_table(); start_table();
row1("Suspension: $user->name"); row1("Suspension: $user->name");
@ -225,13 +274,13 @@ Suspend user for:
<blockquote> <blockquote>
<input type='radio' name='suspend_for' value='3600'> 1 hour <br/> <input type='radio' name='suspend_for' value='3600'> 1 hour <br/>
<input type='radio' name='suspend_for' value='7200'> 2 hours <br/> <input type='radio' name='suspend_for' value='7200'> 2 hours <br/>
<input type='radio' name='suspend_for' value='18000'> 5 hours <br/> <input type='radio' name='suspend_for' value='18000'> 6 hours <br/>
<input type='radio' name='suspend_for' value='36000'> 10 hours <br/> <input type='radio' name='suspend_for' value='36000'> 12 hours <br/>
<input type='radio' name='suspend_for' value='86400'> 24 hours <br/> <input type='radio' name='suspend_for' value='86400'> 24 hours <br/>
<input type='radio' name='suspend_for' value='172800'> 48 hours <br/>"; ";
if( $is_admin ){ // in case we are only a moderator
if( is_Administrator($logged_in_user) ){ // in case we are only a moderator
echo " echo "
<input type='radio' name='suspend_for' value='172800'> 48 hours <br/>
<input type='radio' name='suspend_for' value='",86400*7,"'> 1 week <br/> <input type='radio' name='suspend_for' value='",86400*7,"'> 1 week <br/>
<input type='radio' name='suspend_for' value='",86400*14,"'> 2 weeks <br/> <input type='radio' name='suspend_for' value='",86400*14,"'> 2 weeks <br/>
"; ";
@ -267,8 +316,6 @@ if($q) {
echo "<P><font color='grey'>Query: $q </font>"; echo "<P><font color='grey'>Query: $q </font>";
} }
admin_page_tail(); admin_page_tail();
$cvs_version_tracker[]= //Generated automatically - do not edit $cvs_version_tracker[]= //Generated automatically - do not edit