So many changes... I wanted to do this piece by piece, but once I
got started, I couldn't stop: Update Smarty Update bootstrap Switch to using cards Set up themes Improve sorting (add direction) Use modals for viewing, editing, adding items. Add Help page Add bookmarklet Add footer
This commit is contained in:
parent
a3855e078c
commit
1044fa8ccb
692 changed files with 40696 additions and 35959 deletions
136
src/users.php
136
src/users.php
|
|
@ -20,7 +20,7 @@ $opt = $smarty->opt();
|
|||
|
||||
session_start();
|
||||
if (!isset($_SESSION["userid"])) {
|
||||
header("Location: " . getFullPath("login.php"));
|
||||
header("Location: " . getFullPath("login.php") . "?from=users.php");
|
||||
exit;
|
||||
}
|
||||
else {
|
||||
|
|
@ -33,7 +33,24 @@ if ($_SESSION["admin"] != 1) {
|
|||
}
|
||||
|
||||
if (!empty($_GET["message"])) {
|
||||
$message = $_GET["message"];
|
||||
$message = filter_var(trim($_GET["message"], FILTER_SANITIZE_STRING));;
|
||||
$message = htmlspecialchars($message, ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
|
||||
if (isset($_GET["userid"])) {
|
||||
$userid = filter_var(trim($_GET["userid"]), FILTER_SANITIZE_NUMBER_INT);
|
||||
|
||||
if (filter_var($userid, FILTER_SANITIZE_NUMBER_INT) === false || $userid == "" || !is_numeric($userid) || $userid < 0) {
|
||||
die("Invalid userid ({$_GET["userid"]})");
|
||||
}
|
||||
}
|
||||
|
||||
$haserror = false;
|
||||
$error_message = "";
|
||||
|
||||
if (isset($_GET["email"])) {
|
||||
$email = filter_var(trim($_GET["email"], FILTER_SANITIZE_EMAIL));;
|
||||
$email = htmlspecialchars($email, ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
|
||||
if (isset($_GET["action"]))
|
||||
|
|
@ -43,39 +60,58 @@ else
|
|||
|
||||
if ($action == "insert" || $action == "update") {
|
||||
/* validate the data. */
|
||||
$username = trim($_GET["username"]);
|
||||
$fullname = trim($_GET["fullname"]);
|
||||
$email = trim($_GET["email"]);
|
||||
$email_msgs = (strtoupper($_GET["email_msgs"]) == "ON" ? 1 : 0);
|
||||
$approved = (strtoupper($_GET["approved"]) == "ON" ? 1 : 0);
|
||||
$userisadmin = (strtoupper($_GET["admin"]) == "ON" ? 1 : 0);
|
||||
|
||||
$haserror = false;
|
||||
$username = filter_var(trim($_GET["username"], FILTER_SANITIZE_STRING));;
|
||||
$username = htmlspecialchars($username, ENT_QUOTES, 'UTF-8');
|
||||
$fullname = filter_var(trim($_GET["fullname"], FILTER_SANITIZE_STRING));;
|
||||
$fullname = htmlspecialchars($fullname, ENT_QUOTES, 'UTF-8');
|
||||
if (isset($_GET["email_msgs"]))
|
||||
$email_msgs = (strtoupper($_GET["email_msgs"]) == "ON" ? 1 : 0);
|
||||
else
|
||||
$email_msgs = 0;
|
||||
if (isset($_GET["show_helptext"]))
|
||||
$show_helptext = (strtoupper($_GET["show_helptext"]) == "ON" ? 1 : 0);
|
||||
else
|
||||
$show_helptext = 0;
|
||||
if (isset($_GET["approved"]))
|
||||
$approved = (strtoupper($_GET["approved"]) == "ON" ? 1 : 0);
|
||||
else
|
||||
$approved = 0;
|
||||
if (isset($_GET["admin"]))
|
||||
$userisadmin = (strtoupper($_GET["admin"]) == "ON" ? 1 : 0);
|
||||
else
|
||||
$userisadmin = 0;
|
||||
|
||||
if ($username == "") {
|
||||
$haserror = true;
|
||||
$username_error = "A username is required.";
|
||||
$error_message = trim("$error_message A username is required.");
|
||||
$username_error = true;
|
||||
}
|
||||
if ($fullname == "") {
|
||||
$haserror = true;
|
||||
$fullname_error = "A full name is required.";
|
||||
$error_message = trim("$error_message A full name is required.");
|
||||
$fullname_error = true;
|
||||
}
|
||||
if ($email == "") {
|
||||
$haserror = true;
|
||||
$email_error = "An e-mail address is required.";
|
||||
$error_message = trim("$error_message An e-mail address is required.");
|
||||
$email_error = true;
|
||||
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
$haserror = true;
|
||||
$error_message = trim("$error_message Invalid e-mail address.");
|
||||
$email_error = true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if ($action == "delete") {
|
||||
// MySQL is too l4m3 to have cascade deletes, so we'll have to do the
|
||||
// work ourselves.
|
||||
$deluserid = (int) $_GET["userid"];
|
||||
|
||||
$deluserid = (int) $userid;
|
||||
|
||||
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}shoppers WHERE shopper = ? OR mayshopfor = ?");
|
||||
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
|
||||
$stmt->bindParam(2, $deluserid, PDO::PARAM_INT);
|
||||
$stmt->execute();
|
||||
|
||||
|
||||
// we can't leave messages with dangling senders, so delete those too.
|
||||
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}messages WHERE sender = ? OR recipient = ?");
|
||||
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
|
||||
|
|
@ -85,7 +121,7 @@ if ($action == "delete") {
|
|||
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}events WHERE userid = ?");
|
||||
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
|
||||
$stmt->execute();
|
||||
|
||||
|
||||
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}items WHERE userid = ?");
|
||||
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
|
||||
$stmt->execute();
|
||||
|
|
@ -93,19 +129,20 @@ if ($action == "delete") {
|
|||
$stmt = $smarty->dbh()->prepare("DELETE FROM {$opt["table_prefix"]}users WHERE userid = ?");
|
||||
$stmt->bindParam(1, $deluserid, PDO::PARAM_INT);
|
||||
$stmt->execute();
|
||||
|
||||
|
||||
header("Location: " . getFullPath("users.php?message=User+deleted."));
|
||||
exit;
|
||||
}
|
||||
else if ($action == "edit") {
|
||||
$stmt = $smarty->dbh()->prepare("SELECT username, fullname, email, email_msgs, approved, admin FROM {$opt["table_prefix"]}users WHERE userid = ?");
|
||||
$stmt->bindValue(1, (int) $_GET["userid"], PDO::PARAM_INT);
|
||||
$stmt = $smarty->dbh()->prepare("SELECT username, fullname, email, email_msgs, show_helptext, approved, admin FROM {$opt["table_prefix"]}users WHERE userid = ?");
|
||||
$stmt->bindValue(1, (int) $userid, PDO::PARAM_INT);
|
||||
$stmt->execute();
|
||||
if ($row = $stmt->fetch()) {
|
||||
$username = $row["username"];
|
||||
$fullname = $row["fullname"];
|
||||
$email = $row["email"];
|
||||
$email_msgs = $row["email_msgs"];
|
||||
$show_helptext = $row["show_helptext"];
|
||||
$approved = $row["approved"];
|
||||
$userisadmin = $row["admin"];
|
||||
}
|
||||
|
|
@ -115,6 +152,7 @@ else if ($action == "") {
|
|||
$fullname = "";
|
||||
$email = "";
|
||||
$email_msgs = 1;
|
||||
$show_helptext = 1;
|
||||
$approved = 1;
|
||||
$userisadmin = 0;
|
||||
}
|
||||
|
|
@ -122,25 +160,33 @@ else if ($action == "insert") {
|
|||
if (!$haserror) {
|
||||
// generate a password and insert the row.
|
||||
$pwd = generatePassword($opt);
|
||||
$stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}users(username,password,fullname,email,email_msgs,approved,admin) VALUES(?, {$opt["password_hasher"]}(?), ?, ?, ?, ?, ?)");
|
||||
$stmt = $smarty->dbh()->prepare("INSERT INTO {$opt["table_prefix"]}users(username,password,fullname,email,email_msgs,show_helptext,approved,admin) VALUES(?, {$opt["password_hasher"]}(?), ?, ?, ?, ?, ?)");
|
||||
$stmt->bindParam(1, $username, PDO::PARAM_STR);
|
||||
$stmt->bindParam(2, $pwd, PDO::PARAM_STR);
|
||||
$stmt->bindParam(3, $fullname, PDO::PARAM_STR);
|
||||
$stmt->bindParam(4, $email, PDO::PARAM_STR);
|
||||
$stmt->bindParam(5, $email_msgs, PDO::PARAM_BOOL);
|
||||
$stmt->bindParam(6, $approved, PDO::PARAM_BOOL);
|
||||
$stmt->bindParam(7, $userisadmin, PDO::PARAM_BOOL);
|
||||
$stmt->bindParam(6, $show_helptext, PDO::PARAM_BOOL);
|
||||
$stmt->bindParam(7, $approved, PDO::PARAM_BOOL);
|
||||
$stmt->bindParam(8, $userisadmin, PDO::PARAM_BOOL);
|
||||
$stmt->execute();
|
||||
|
||||
mail(
|
||||
$email,
|
||||
"Gift Registry account created",
|
||||
"Your Gift Registry account was created.\r\n" .
|
||||
"Your Gift Registry account was created.\r\n" .
|
||||
"Your username is $username and your password is '$pwd'.\r\n" .
|
||||
"Log in to https://wishlist.erdelynet.com/ and change your password under\r\n" .
|
||||
"Update Profile as soon as possible.",
|
||||
"Log in to {$_SERVER['REQUEST_SCHEME']}://{$_SERVER['HTTP_HOST']}/ and change your password under\r\n" .
|
||||
"Update Profile (menu at the top/right of the page) as soon as possible.\r\n" .
|
||||
"\r\n" .
|
||||
"There is a browser bookmarklet at {$_SERVER['REQUEST_SCHEME']}://{$_SERVER['HTTP_HOST']}/help.php\r\n" .
|
||||
"\r\n" .
|
||||
"Once you've logged in, you can see the people you can shop for under 'Available People To Shopping For'. " .
|
||||
"Click on the icon next to each person you want to shop for to see their lists.\r\n" .
|
||||
"\r\n" .
|
||||
"If you have any questions or problems, email {$opt['email_from']}.\r\n",
|
||||
"From: {$opt["email_from"]}\r\nReply-To: {$opt["email_reply_to"]}\r\nX-Mailer: {$opt["email_xmailer"]}\r\n"
|
||||
) or die("Mail not accepted for $email");
|
||||
) or die("Mail not accepted for $email");
|
||||
header("Location: " . getFullPath("users.php?message=User+added+and+e-mail+sent."));
|
||||
exit;
|
||||
}
|
||||
|
|
@ -152,25 +198,27 @@ else if ($action == "update") {
|
|||
"fullname = ?, " .
|
||||
"email = ?, " .
|
||||
"email_msgs = ?, " .
|
||||
"approved = ?, " .
|
||||
"admin = ? " .
|
||||
"show_helptext = ?, " .
|
||||
"approved = ?, " .
|
||||
"admin = ? " .
|
||||
"WHERE userid = ?");
|
||||
$stmt->bindParam(1, $username, PDO::PARAM_STR);
|
||||
$stmt->bindParam(2, $fullname, PDO::PARAM_STR);
|
||||
$stmt->bindParam(3, $email, PDO::PARAM_STR);
|
||||
$stmt->bindParam(4, $email_msgs, PDO::PARAM_BOOL);
|
||||
$stmt->bindParam(5, $approved, PDO::PARAM_BOOL);
|
||||
$stmt->bindParam(6, $userisadmin, PDO::PARAM_BOOL);
|
||||
$stmt->bindValue(7, (int) $_GET["userid"], PDO::PARAM_INT);
|
||||
$stmt->bindParam(5, $show_helptext, PDO::PARAM_BOOL);
|
||||
$stmt->bindParam(6, $approved, PDO::PARAM_BOOL);
|
||||
$stmt->bindParam(7, $userisadmin, PDO::PARAM_BOOL);
|
||||
$stmt->bindValue(8, (int) $userid, PDO::PARAM_INT);
|
||||
$stmt->execute();
|
||||
header("Location: " . getFullPath("users.php?message=User+updated."));
|
||||
exit;
|
||||
exit;
|
||||
}
|
||||
}
|
||||
else if ($action == "reset") {
|
||||
$resetuserid = $_GET["userid"];
|
||||
$resetemail = $_GET["email"];
|
||||
|
||||
$resetuserid = (int) $userid;
|
||||
$resetemail = $email;
|
||||
|
||||
// generate a password and insert the row.
|
||||
$pwd = generatePassword($opt);
|
||||
$stmt = $smarty->dbh()->prepare("UPDATE {$opt["table_prefix"]}users SET password = {$opt["password_hasher"]}(?) WHERE userid = ?");
|
||||
|
|
@ -181,8 +229,8 @@ else if ($action == "reset") {
|
|||
$resetemail,
|
||||
"Gift Registry password reset",
|
||||
"Your Gift Registry password was reset to '$pwd'.\r\n" .
|
||||
"Log in to https://wishlist.erdelynet.com/ and change your password under\r\n" .
|
||||
"Update Profile as soon as possible.",
|
||||
"Log in to {$_SERVER['REQUEST_SCHEME']}://{$_SERVER['HTTP_HOST']}/ and change your password under\r\n" .
|
||||
"Update Profile (menu at the top/right of the page) as soon as possible.",
|
||||
"From: {$opt["email_from"]}\r\nReply-To: {$opt["email_reply_to"]}\r\nX-Mailer: {$opt["email_xmailer"]}\r\n"
|
||||
) or die("Mail not accepted for $email");
|
||||
header("Location: " . getFullPath("users.php?message=Password+reset."));
|
||||
|
|
@ -193,7 +241,7 @@ else {
|
|||
exit;
|
||||
}
|
||||
|
||||
$stmt = $smarty->dbh()->prepare("SELECT userid, username, fullname, email, email_msgs, approved, admin FROM {$opt["table_prefix"]}users ORDER BY username");
|
||||
$stmt = $smarty->dbh()->prepare("SELECT userid, username, fullname, email, email_msgs, show_helptext, approved, admin FROM {$opt["table_prefix"]}users ORDER BY username");
|
||||
$stmt->execute();
|
||||
$users = array();
|
||||
while ($row = $stmt->fetch()) {
|
||||
|
|
@ -201,7 +249,7 @@ while ($row = $stmt->fetch()) {
|
|||
}
|
||||
|
||||
$smarty->assign('action', $action);
|
||||
$smarty->assign('edituserid', isset($_GET["userid"]) ? (int) $_GET["userid"] : -1);
|
||||
$smarty->assign('edituserid', isset($userid) ? (int) $userid : -1);
|
||||
$smarty->assign('username', $username);
|
||||
if (isset($username_error)) {
|
||||
$smarty->assign('username_error', $username_error);
|
||||
|
|
@ -215,11 +263,15 @@ if (isset($email_error)) {
|
|||
$smarty->assign('email_error', $email_error);
|
||||
}
|
||||
$smarty->assign('email_msgs', $email_msgs);
|
||||
$smarty->assign('show_helptext', $show_helptext);
|
||||
$smarty->assign('approved', $approved);
|
||||
$smarty->assign('userisadmin', $userisadmin);
|
||||
if (isset($haserror)) {
|
||||
if ($haserror) {
|
||||
$smarty->assign('haserror', $haserror);
|
||||
}
|
||||
if ($error_message != "") {
|
||||
$smarty->assign('error_message', $error_message);
|
||||
}
|
||||
$smarty->assign('users', $users);
|
||||
if (isset($message)) {
|
||||
$smarty->assign('message', $message);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue