forked from Kitware/CDash
-
Notifications
You must be signed in to change notification settings - Fork 0
/
manageUsers.php
143 lines (127 loc) · 4.42 KB
/
manageUsers.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php
/*=========================================================================
Program: CDash - Cross-Platform Dashboard System
Module: $Id$
Language: PHP
Date: $Date$
Version: $Revision$
Copyright (c) 2002 Kitware, Inc. All rights reserved.
See Copyright.txt or http://www.cmake.org/HTML/Copyright.html for details.
This software is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the above copyright notices for more information.
=========================================================================*/
include("cdash/config.php");
require_once("cdash/pdo.php");
include('login.php');
include_once('cdash/common.php');
include('cdash/version.php');
include('models/user.php');
if ($session_OK)
{
$userid = $_SESSION['cdash']['loginid'];
// Checks
if(!isset($userid) || !is_numeric($userid))
{
echo "Not a valid usersessionid!";
return;
}
$user_array = pdo_fetch_array(pdo_query("SELECT admin FROM ".qid("user")." WHERE id='$userid'"));
if($user_array["admin"]!=1)
{
echo "You don't have the permissions to access this page!";
return;
}
$xml = begin_XML_for_XSLT();
$xml .= "<backurl>user.php</backurl>";
$xml .= "<title>CDash - Manage Users</title>";
$xml .= "<menutitle>CDash</menutitle>";
$xml .= "<menusubtitle>Manage Users</menusubtitle>";
@$postuserid = $_POST["userid"];
if ($postuserid != NULL)
{
$postuserid = pdo_real_escape_numeric($postuserid);
}
if(isset($_POST["adduser"])) // arrive from register form
{
$email = $_POST["email"];
$passwd = $_POST["passwd"];
$passwd2 = $_POST["passwd2"];
if(!($passwd == $passwd2))
{
$xml .= add_XML_value("error","Passwords do not match!");
}
else
{
$fname = $_POST["fname"];
$lname = $_POST["lname"];
$institution = $_POST["institution"];
if ($email && $passwd && $passwd2 && $fname && $lname && $institution)
{
$User = new User();
if($User->GetIdFromEmail($email))
{
$xml .= add_XML_value("error","Email already registered!");
}
else
{
$passwdencryted = md5($passwd);
$User->Email = $email;
$User->Password = $passwdencryted;
$User->FirstName = $fname;
$User->LastName = $lname;
$User->Institution = $institution;
if($User->Save())
{
$xml .= add_XML_value("warning","User ".$email." added successfully with password:".$passwd);
}
else
{
$xml .= add_XML_value("error","Cannot add user");
}
}
}
else
{
$xml .= add_XML_value("error","Please fill in all of the required fields");
}
}
}
else if(isset($_POST["makenormaluser"]))
{
if($postuserid > 1)
{
$update_array = pdo_fetch_array(pdo_query("SELECT firstname,lastname FROM ".qid("user")." WHERE id='".$postuserid."'"));
pdo_query("UPDATE ".qid("user")." SET admin=0 WHERE id='".$postuserid."'");
$xml .= "<warning>".$update_array['firstname']." ".$update_array['lastname']." is not administrator anymore.</warning>";
}
else
{
$xml .= "<error>Administrator should remain admin.</error>";
}
}
else if(isset($_POST["makeadmin"]))
{
$update_array = pdo_fetch_array(pdo_query("SELECT firstname,lastname FROM ".qid("user")." WHERE id='".$postuserid."'"));
pdo_query("UPDATE ".qid("user")." SET admin=1 WHERE id='".$postuserid."'");
$xml .= "<warning>".$update_array['firstname']." ".$update_array['lastname']." is now an administrator.</warning>";
}
else if(isset($_POST["removeuser"]))
{
$update_array = pdo_fetch_array(pdo_query("SELECT firstname,lastname FROM ".qid("user")." WHERE id='".$postuserid."'"));
pdo_query("DELETE FROM ".qid("user")." WHERE id='".$postuserid."'");
$xml .= "<warning>".$update_array['firstname']." ".$update_array['lastname']." has been removed.</warning>";
}
if(isset($_POST["search"]))
{
$xml .= "<search>".$_POST["search"]."</search>";
}
if(isset($CDASH_FULL_EMAIL_WHEN_ADDING_USER) && $CDASH_FULL_EMAIL_WHEN_ADDING_USER==1)
{
$xml .= add_XML_value("fullemail","1");
}
$xml .= "</cdash>";
// Now doing the xslt transition
generate_XSLT($xml,"manageUsers");
} // end session
?>