permissions array includes a permission named * "admin". If you are using the example, this will * be the case. * * This script is capable of editing the user database. It requires * an authenticated user. If the user has admin privilege, he can * edit all users. If the user has less privilege, he can view all * users, but not the passwords and can only change the own password. * * The script generates forms that submit values back to the script. * Consequently the script below has three parts: * * 1. A section where utility functions are defined. * 2. A section that is called only after the submit. * 3. And a final section that is called when the script runs first time and * every time after the submit. * * Scripts organized in this way will allow the user perpetual * editing and they will reflect submitted changes immediately * after a form submission. * * We consider this to be the standard organization of table editor * scripts. * */ // include this if you're not using the autoprepend feature ## include("prepend.php3"); ## straight from the examples... # page_open(array("sess" => "Example_Session", "auth" => "Example_Auth", "perm" => "Example_Perm")); page_open(array("sess" => "Listings_Session", "auth" => "Listings_Auth", "perm" => "Listings_Perm")); ## Set this to something, just something different... $hash_secret = "Jabberwocky..."; ### ### Utility functions ### ## my_error($msg): ## ## Display error messages function my_error($msg) { ?>

Error:

O.K.:

User Admin

Listings User Administration

"); } switch ($key) { case "create": // Create a new user if (!$perm->have_perm("admin")) { // Do we have permission to do so? my_error("You do not have permission to create users."); break; } if (empty($username) || empty($password)) { // Do we have all necessary data? my_error("Please fill out Username and Password!"); break; } /* Does the user already exist? NOTE: This should be a transaction, but it isn't... */ $db->query("select * from auth_user where username='$username'"); if ($db->nf()>0) { my_error("User $username already exists!"); break; } // Create a uid and insert the user... $u_id=md5(uniqid($hash_secret)); $permlist = addslashes(implode($perms,",")); $query = "insert into auth_user values('$u_id','$username','$password','$permlist')"; $db->query($query); if ($db->affected_rows() == 0) { my_error("Failed: $query"); break; } my_msg("User \"$username\" created.
"); break; case "u_edit": // Change user parameters if($debug == 1) printf("u_edit, u_id +%s+
", $u_id); if (!$perm->have_perm("admin")) { // user is not admin if($auth->auth["uid"] == $u_id) { // user changes his own account $query = "update auth_user set password='$password' where user_id='$u_id'"; $db->query($query); if ($db->affected_rows() == 0) { my_error("Failed: $query"); break; } my_msg("Password of ". $auth->auth["uname"] ." changed.
"); } else { my_error("You do not have permission to change users."); } } else { // user is admin if (empty($username) || empty($password)) { // Do we have all necessary data? my_error("Please fill out Username and Password!"); break; } // Update user information. $permlist = addslashes(implode($perms,",")); $query = "update auth_user set username='$username', password='$password', perms='$permlist' where user_id='$u_id'"; $db->query($query); if ($db->affected_rows() == 0) { my_error("Failed: $query"); break; } my_msg("User \"$username\" changed.
"); } break; case "u_kill": // Do we have permission to do so? if (!$perm->have_perm("admin")) { my_error("You do not have permission to delete users."); break; } // Delete that user. $query = "delete from auth_user where user_id='$u_id' and username='$username'"; $db->query($query); if ($db->affected_rows() == 0) { my_error("Failed: $query"); break; } my_msg("User \"$username\" deleted.
"); break; default: if(debug == 1) printf("default switch: u_id: .$u_id.
"); break; } } /* Output user administration forms, including all updated information, if we come here after a submission... */ ?> have_perm("admin")): ?> query("select * from auth_user order by username"); while ($db->next_record()): ?> have_perm("admin")): ?> auth["uname"] == $db->f("username")): ?>

Username	Password	Level	Action
		perm_sel("perms","user");?>
">	">	perm_sel("perms", $db->f("perms")) ?>	">	p("username") ?>	">	p("perms") ?>	">	p("username") ?>	**********	p("perms") ?>