hasRole("manager") ) { $q = "SELECT users.*, userinfo.*, schoolName FROM users LEFT JOIN userinfo ON users.id = userinfo.userid left join schools using(schoolID)"; } else { $scID = $user->getSchoolID(); if ( $scID != NULL) { $q = "SELECT users.*, userinfo.*, schoolName FROM users LEFT JOIN userinfo ON users.id = userinfo.userid left join schools using(schoolID)"; $q .= " WHERE schoolID=".$scID; } } if ( isset($q)) { $ret = $kdb->query($q); } $userdata = array(); if ( isset($ret)) { while ( $row = mysql_fetch_array($ret)) { $userdata []= $row; } } return $userdata; } public function getSchoolListing() { global $kdb; $q = "SELECT * FROM schools"; if ( isset($q)) { $ret = $kdb->query($q); } $sl = array(); if ( isset($ret)) { while ( $row = mysql_fetch_array($ret)) { $sl []= $row; } } return $sl; } /** * @Secured('roles' = {'schooladm', 'manager'}) * */ function actionUsersManagerHandler() { global $krihvel, $kdb; // auth[] is locked in UI so convert 1->0 && 0-> // first handle delete requests // then update info // finally, reset passwords. if ( isset($_POST['delete']) && is_array($_POST['delete']) ) { $keys = array_keys($_POST['delete']); foreach( $keys as $todel) { $q = "DELETE FROM users where id=".$todel; $kdb->query($q); } } if ( isset($_POST['email']) && is_array($_POST['email']) ) { $keys = array_keys($_POST['email']); foreach ( $keys as $uid) { $email = $_POST['email'][$uid]; if ( strlen($email) > 0) { $q = "INSERT INTO userinfo (userid, email) VALUES (".$uid.", '".$email."') ON DUPLICATE KEY UPDATE email='".$email."'"; $kdb->query($q); } } } if ( isset($_POST['school']) && is_array($_POST['school']) ) { $keys = array_keys($_POST['school']); foreach ( $keys as $uid) { $school = $_POST['school'][$uid]; if ( is_numeric($school)) { $q = "UPDATE users SET schoolID='".$school."' WHERE id=".$uid; $kdb->query($q); } } } if ( isset($_POST['uid']) && is_array($_POST['uid']) ) { $keys = array_keys($_POST['uid']); foreach ( $keys as $k ) { $roles = "000000"; $authable = "1"; if ( isset($_POST['auth'][$k])) { $authable = "0"; } $roles[0] = $authable; $roles[1] = isset($_POST['member'][$k]) ? $_POST['member'][$k] : "0"; $roles[2] = isset($_POST['manager'][$k]) ? $_POST['manager'][$k] : "0"; $roles[3] = isset($_POST['scadm'][$k]) ? $_POST['scadm'][$k] : "0"; $q = "UPDATE users SET roles='".$roles."' WHERE id=".$k; $kdb->query($q); } } // TODO: reset passwords // note: also check if we didn't delete a user before^^ if ( isset($_POST['approve']) && is_array($_POST['approve']) ) { $toappr = array_keys($_POST['approve']); $ss = implode(' OR id=', $toappr); $kdb->query("UPDATE users SET approved=True WHERE id=".$ss); } return array('pid' => 'UsersManager'); } function actionGotoAddUser() { return array('pid' => 'UsersManager', 'mode' => 'new_user_form'); } function actionGotoCSV() { return array('pid' => 'UsersManager', 'mode' => 'users_csv_upload_page'); } function new_user_formContent() { global $krihvel, $user, $kdb; $res = <<

Add new user

%s
EOD; $schoolform = ""; if ( !$user->hasRole('manager')) { $q = "SELECT * FROM schools WHERE schoolID=".$user->getSchoolID(); $ret = $kdb->query($q); $mres = mysql_fetch_array($ret); $schoolform = $mres['schoolName']; } else { $q = "SELECT * FROM schools"; $ret = $kdb->query($q); $schoolform = ""; } $krihvel->out("popup", sprintf($res, $schoolform)); } function users_csv_upload_pageContent() { global $krihvel; $krihvel->out("popup", "users_csv_upload_page"); } function actionCreateUser() { global $kdb, $user, $krihvel; $scID = $user->getSchoolID(); if ( $user->hasRole('manager')) { $scID = $_POST['schoolID']; } else { if ( $scID == NULL) { return "usersmgm"; } } $uid = $_POST['userid']; $fullname = $_POST['fullname']; $email = $_POST['email']; $genre = $_POST['genre']; $hp = $_POST['homepage']; $pwd = "abrakadabra"; $roles = "110000"; $q = "INSERT INTO users (uname, pwd, roles, schoolID) values ('%s', '%s', '%s', %s)"; $q = sprintf($q, $uid, $pwd, $roles, $scID); $kdb->query($q); $dbuid = mysql_insert_id(); $q2 = "INSERT INTO userinfo (userid, fullname, email, sex, homepage) values (%s, '%s', '%s', '%s', '%s')"; $q2 = sprintf($q2, $dbuid, $fullname, $email, $genre, $hp); $kdb->query($q2); return array('pid' => 'UsersManager'); } } ?>