Alternc  latest
Alternc logiel libre pour l'hébergement
piwik_useradmin.php
Go to the documentation of this file.
1 <?php
2 /*
3  ----------------------------------------------------------------------
4  LICENSE
5 
6  This program is free software; you can redistribute it and/or
7  modify it under the terms of the GNU General Public License (GPL)
8  as published by the Free Software Foundation; either version 2
9  of the License, or (at your option) any later version.
10 
11  This program is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  GNU General Public License for more details.
15 
16  To read the license please visit http://www.gnu.org/copyleft/gpl.html
17  ----------------------------------------------------------------------
18 */
19 
20 /**
21  * Manages piwik user accounts
22  * @copyright AlternC-Team 2000-2017 https://alternc.com/
23  */
24 
25  require_once("../class/config.php");
26 include_once("head.php");
27 
28 $fields = array (
29  "user_name" => array ("post", "string", FALSE),
30  "site_id" => array ("post", "integer", -1),
31  "right" => array ("post", "string", FALSE),
32 );
33 getFields($fields);
34 
35 if ($user_name === FALSE)
36 {
37  $msg->raise("ERROR", "piwik", _('No piwik user specified'));
38 }
39 else
40 {
41  // Add a user to a piwik website
42  if ($site_id != -1 && $right !== FALSE) {
43  $db->query("SELECT COUNT(*) AS ok FROM piwik_sites WHERE uid=? AND piwik_id=?;",array($cuid,$site_id));
44  $db->next_record();
45  if ($db->f('ok')!=1)
46  {
47  $msg->raise("ERROR", "piwik", _("You don't own this piwik website"));
48  }
49  else
50  {
51  $db->query("SELECT COUNT(*) AS ok FROM piwik_users WHERE uid=? AND login=?",array($cuid,$user_name));
52  $db->next_record();
53  if ($db->f('ok')!=1)
54  {
55  $msg->raise("ERROR", "piwik", _("You don't own this piwik user"));
56  }
57  else
58  {
59  $piwik_rights = array("noaccess", "view", "admin");
60  if (in_array($right, $piwik_rights))
61  {
62  $api_data = $piwik->site_set_user_right($site_id, $user_name, $right);
63  if ($api_data === FALSE)
64  $msg->raise("ERROR", "piwik", $api_data->message);
65  $msg->raise("ERROR", "piwik", $api_data->message);
66  else
67  $msg->raise("INFO", "piwik", _('success'));
68  }
69  else
70  {
71  $msg->raise("ERROR", "piwik", _("This right does not exist"));
72  }
73  }
74  }
75  }
76 
77  $user_piwik_sites = array();
78  $db->query("SELECT piwik_id FROM piwik_sites WHERE uid=?",array($cuid));
79  while ($db->next_record())
80  array_push($user_piwik_sites, $db->f('piwik_id'));
81  // Weird behaviour of php: array_push products an array such as:
82  // array_push(array(1,2,3) , 4) produces
83  // array(0 => 1, 1 => 2, 2 => 3, 3 => 4)
84  // So for further comparison, we need to exchange keys and values
85  $user_piwik_sites = array_flip($user_piwik_sites);
86 
87  $user_piwik_users = array();
88  $db->query("SELECT login FROM piwik_users WHERE uid=?",arary($cuid));
89  while ($db->next_record())
90  array_push ($user_piwik_users, $db->f('login'));
91  // Swap keys and values, see user_piwik_sites
92  $user_piwik_users = array_flip($user_piwik_users);
93 }
94 
95 ?>
96 <h3><?php printf('%s "%s"', _("Rights for user"), $user_name); ?></h3>
97 <?php
98 echo $msg->msg_html_all();
99 
100 $raw_sites = $piwik->get_site_list();
101 $piwik_sites = array();
102 foreach ($raw_sites AS $site) {
103  $piwik_sites[ $site->idsite ] = array('name' => $site->name, 'url' => $site->main_url);
104 }
105 
106 $raw_access = $piwik->get_site_access($user_name);
107 
108 $piwik_user_sites = array_intersect_ukey($piwik_sites, $user_piwik_sites, "strcmp");
109 $available_user_sites = $piwik_user_sites;
110 
111 echo '<ul>';
112 foreach ($raw_access AS $access)
113 {
114  unset($available_user_sites[ $access->site ]);
115  printf("<li>%s -> %s</li>\n", $piwik_sites[ $access->site ]['name'], $access->access);
116 }
117 echo '</ul>';
118 if (count($available_user_sites)>0)
119 {
120 ?>
121 <h3><?php printf('%s "%s"', _("Add rights to user"), $user_name); ?></h3>
122 <ul>
123 <?php
124 foreach ($available_user_sites AS $current_id_site => $available_user_site)
125 {
126  printf('<li>%s <form method="post"><input type="hidden" name="site_id" value="%d">
127 <input type="hidden" name="csrf" value="'.csrf_get(true).'" />
128 <select name="right">
129  <option value="noaccess">%s</option>
130  <option value="view">%s</option>
131  <option value="admin">%s</option>
132 </select>
133 <input type="submit" name="add" value="ajouter" class="inb" /></form></li>', $available_user_site['name'], $current_id_site, _("noacces"), _("view"), _("admin"));
134 }
135 ?>
136 </li>
137 <?php
138 }
139 include_once("foot.php"); ?>
$db
global $db
Definition: bootstrap.php:26
$msg
$msg
Definition: bootstrap.php:75
$cuid
$cuid
Definition: bootstrap.php:43
getFields
getFields($fields, $requestOnly=false)
Get the Fields of the posted form from $_REQUEST or POST or GET and check their type.
Definition: functions.php:688
csrf_get
csrf_get($return=false)
Give a new CSRF uniq token for a form the session must be up since the CSRF is linked to the session ...
Definition: functions.php:1159
$raw_access
foreach($raw_sites AS $site) $raw_access
Definition: piwik_useradmin.php:106
$piwik_user_sites
$piwik_user_sites
Definition: piwik_useradmin.php:108
$raw_sites
$raw_sites
Definition: piwik_useradmin.php:100
$piwik_sites
$piwik_sites
Definition: piwik_useradmin.php:101
$user_piwik_users
$user_piwik_users
Definition: piwik_useradmin.php:87
$user_piwik_sites
$user_piwik_sites
Definition: piwik_useradmin.php:85
$fields
$fields
Manages piwik user accounts.
Definition: piwik_useradmin.php:28
$available_user_sites
$available_user_sites
Definition: piwik_useradmin.php:109