From bd7f3b235403a066408d7a2a2ece4b6ef33f12af Mon Sep 17 00:00:00 2001
From: chriskl <chriskl>
Date: Wed, 1 May 2002 09:37:30 +0000
Subject: [PATCH] Basic user admin support.  Doesn't do password changing yet.

---
 classes/database/ADODB_base.php |  14 +-
 classes/database/Postgres71.php |  91 +++++++++++-
 lang/template.php               |  10 +-
 public_html/topbar.php          |   6 +-
 public_html/users.php           | 242 ++++++++++++++++++++++++++++++++
 5 files changed, 357 insertions(+), 6 deletions(-)
 create mode 100644 public_html/users.php

diff --git a/classes/database/ADODB_base.php b/classes/database/ADODB_base.php
index 79c4148b..9988bdd2 100644
--- a/classes/database/ADODB_base.php
+++ b/classes/database/ADODB_base.php
@@ -3,7 +3,7 @@
 /*
  * Parent class of all ADODB objects.
  *
- * $Id: ADODB_base.php,v 1.2 2002/02/18 09:46:49 chriskl Exp $
+ * $Id: ADODB_base.php,v 1.3 2002/05/01 09:37:30 chriskl Exp $
  */
 
 include_once('../libraries/adodb/adodb-errorhandler.inc.php');
@@ -33,6 +33,18 @@ class ADODB_base {
 		return $str;
 	}
 
+	/**
+	 * Cleans (escapes) an array
+	 * @param $arr The array to clean, by reference
+	 * @return The cleaned array
+	 */
+	function arrayClean(&$arr) {
+		reset($arr);
+		while(list($k, $v) = each($arr))
+			$arr[$k] = addslashes($v);
+		return $arr;
+	}
+	
 	/**
 	 * Executes a query on the underlying connection
 	 * @param $sql The SQL query to execute
diff --git a/classes/database/Postgres71.php b/classes/database/Postgres71.php
index ef0a92c1..c35fbe3c 100644
--- a/classes/database/Postgres71.php
+++ b/classes/database/Postgres71.php
@@ -4,7 +4,7 @@
  * A class that implements the DB interface for Postgres
  * Note: This class uses ADODB and returns RecordSets.
  *
- * $Id: Postgres71.php,v 1.7 2002/04/15 12:16:35 chriskl Exp $
+ * $Id: Postgres71.php,v 1.8 2002/05/01 09:37:30 chriskl Exp $
  */
 
 // @@@ THOUGHT: What about inherits? ie. use of ONLY???
@@ -16,6 +16,7 @@ class Postgres71 extends BaseDB {
 	var $dbFields = array('dbname' => 'datname', 'dbcomment' => 'description');
 	var $tbFields = array('tbname' => 'tablename', 'tbowner' => 'tableowner');
 	var $vwFields = array('vwname' => 'viewname', 'vwowner' => 'viewowner', 'vwdef' => 'definition');
+	var $uFields = array('uname' => 'usename', 'usuper' => 'usesuper', 'ucreatedb' => 'usecreatedb', 'uexpires' => 'valuntil');
 
 	// @@ Should we bother querying for this?
 	var $_lastSystemOID = 18539;
@@ -556,6 +557,94 @@ class Postgres71 extends BaseDB {
 	/**
 	 * Creates a new operator
 	 */
+
+	// User and group functions
+	
+	/**
+	 * Returns all users in the database cluster
+	 * @return All users
+	 */
+	function &getUsers() {
+		$sql = "SELECT usename, usesuper, usecreatedb, valuntil FROM pg_shadow ORDER BY usename";
+		
+		return $this->selectSet($sql);
+	}
+	
+	/**
+	 * Return information about a single user
+	 * @param $username The username of the user to retrieve
+	 * @return The user's data
+	 */
+	function &getUser($username) {
+		$this->clean($username);
+		
+		$sql = "SELECT usename, usesuper, usecreatedb, valuntil FROM pg_shadow WHERE usename='{$username}'";
+		
+		return $this->selectSet($sql);
+	}
+	
+	/**
+	 * Creates a new user
+	 * @param $username The username of the user to create
+	 * @param $password A password for the user
+	 * @param $createdb boolean Whether or not the user can create databases
+	 * @param $createuser boolean Whether or not the user can create other users
+	 * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'.  When the account expires.
+	 * @param $group (array) The groups to create the user in
+	 * @return 0 success
+	 */
+	function createUser($username, $password, $createdb, $createuser, $expiry, $groups) {
+		$this->clean($username);
+		// @@ THIS IS A PROBLEM FOR TRIMMING PASSWORD!!!
+		$this->clean($password);
+		$this->clean($expiry);
+		$this->arrayClean($groups);		
+		
+		$sql = "CREATE USER \"{$username}\"";
+		if ($password != '') $sql .= " WITH PASSWORD '{$password}'";
+		$sql .= ($createdb) ? ' CREATEDB' : ' NOCREATEDB';
+		$sql .= ($createuser) ? ' CREATEUSER' : ' NOCREATEUSER';
+		if (is_array($groups) && sizeof($groups) > 0) $sql .= " IN GROUP '" . join("', '", $groups) . "'";
+		if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'";
+		
+		return $this->execute($sql);
+	}	
+	
+	/**
+	 * Adjusts a user's info
+	 * @param $username The username of the user to modify
+	 * @param $password A new password for the user
+	 * @param $createdb boolean Whether or not the user can create databases
+	 * @param $createuser boolean Whether or not the user can create other users
+	 * @param $expiry string Format 'YYYY-MM-DD HH:MM:SS'.  When the account expires.
+	 * @return 0 success
+	 */
+	function setUser($username, $password, $createdb, $createuser, $expiry) {
+		$this->clean($username);
+		$this->clean($password);
+		$this->clean($expiry);
+		
+		$sql = "ALTER USER \"{$username}\"";
+		if ($password != '') $sql .= " WITH PASSWORD '{$password}'";
+		$sql .= ($createdb) ? ' CREATEDB' : ' NOCREATEDB';
+		$sql .= ($createuser) ? ' CREATEUSER' : ' NOCREATEUSER';
+		if ($expiry != '') $sql .= " VALID UNTIL '{$expiry}'";
+		
+		return $this->execute($sql);
+	}	
+	
+	/**
+	 * Removes a user
+	 * @param $username The username of the user to drop
+	 * @return 0 success
+	 */
+	function dropUser($username) {
+		$this->clean($username);
+		
+		$sql = "DROP USER \"{$username}\"";
+		
+		return $this->execute($sql);
+	}
 	 
 	// Capabilities
 	function hasTables() { return true; }
diff --git a/lang/template.php b/lang/template.php
index 504e593a..67107a4e 100644
--- a/lang/template.php
+++ b/lang/template.php
@@ -4,7 +4,7 @@
 	 * Language template file for WebDB.  Use this to base language
 	 * files.
 	 *
-	 * $Id: template.php,v 1.5 2002/04/15 11:57:29 chriskl Exp $
+	 * $Id: template.php,v 1.6 2002/05/01 09:37:30 chriskl Exp $
 	 */
 
 	$appLang = 'english';
@@ -29,4 +29,12 @@
 	$strTypes = 'Types';
 	$strAggregates = 'Aggregates';
 	
+	// Users
+	$strUsername = 'Username';
+	$strPassword = 'Password';
+	$strSuper = 'Superuser?';
+	$strCreateDB = 'Create DB?';
+	$strExpires = 'Expires';	
+	$strNoUsers = 'No users found.';
+	
 ?>
\ No newline at end of file
diff --git a/public_html/topbar.php b/public_html/topbar.php
index f65b80c6..5888f98b 100755
--- a/public_html/topbar.php
+++ b/public_html/topbar.php
@@ -3,7 +3,7 @@
 	/**
 	 * Top menu for WebDB
 	 *
-	 * $Id: topbar.php,v 1.3 2002/04/10 04:09:47 chriskl Exp $
+	 * $Id: topbar.php,v 1.4 2002/05/01 09:37:30 chriskl Exp $
 	 */
 
 	// Include application functions
@@ -23,8 +23,8 @@
 	</tr>
 	<tr>
 		<td>
-			<a class=toplink href="usrlist.php">User Admin</a> | 
-			<a class=toplink href="grplist.php">Group Admin</a> | 
+			<a class=toplink href="users.php" target="detail">User Admin</a> | 
+			<a class=toplink href="groups.php" target="detail">Group Admin</a> | 
 			<a class=toplink href="login.php?mode=logout" target="_parent">Logout</a>
 		</td>
 	</tr>
diff --git a/public_html/users.php b/public_html/users.php
new file mode 100644
index 00000000..4041c3de
--- /dev/null
+++ b/public_html/users.php
@@ -0,0 +1,242 @@
+<?php
+
+	/**
+	 * Manage users in a database cluster
+	 *
+	 * $Id: users.php,v 1.1 2002/05/01 09:37:30 chriskl Exp $
+	 */
+
+	// Include application functions
+	include_once('../conf/config.inc.php');
+	
+	if (!isset($action)) $action = '';
+	if (!isset($msg)) $msg = '';
+
+	/** 
+	 * Function to save after editing a user
+	 */
+	function doSaveEdit() {
+		global $data, $username, $formCreateDB, $formSuper, $formExpires, $form;
+		
+		$status = $data->setUser($username, '', isset($formCreateDB), isset($formSuper), $formExpires);
+		if ($status == 0)
+			doProperties('User updated.');
+		else
+			doEdit('User update failed.');
+	}
+	
+	/**
+	 * Function to allow editing of a user
+	 */
+	function doEdit($msg = '') {
+		global $data, $misc, $username;
+		global $PHP_SELF, $strUsername, $strSuper, $strCreateDB, $strExpires, $strActions, $strNoUsers;
+	
+		echo "<h2>Users: ", htmlspecialchars($username), ": Edit</h2>\n";
+		$misc->printMsg($msg);
+		
+		$userdata = &$data->getUser($username);
+		
+		if ($userdata->recordCount() > 0) {
+			$userdata->f[$data->uFields['ucreatedb']] = $data->phpBool($userdata->f[$data->uFields['ucreatedb']]);
+			$userdata->f[$data->uFields['usuper']] = $data->phpBool($userdata->f[$data->uFields['usuper']]);
+			echo "<form action=\"$PHP_SELF\" method=post>\n";
+			echo "<table>\n";
+			echo "<tr><th class=data>{$strUsername}</th><th class=data>{$strSuper}</th><th class=data>{$strCreateDB}</th><th class=data>{$strExpires}</th></tr>\n";
+			echo "<tr><td class=data1>", htmlspecialchars($userdata->f[$data->uFields['uname']]), "</td>\n";
+			echo "<td class=data1><input type=checkbox name=formSuper", 
+				($userdata->f[$data->uFields['usuper']]) ? ' checked' : '', "></td>\n";
+			echo "<td class=data1><input type=checkbox name=formCreateDB", 
+				($userdata->f[$data->uFields['ucreatedb']]) ? ' checked' : '', "></td>\n";
+			echo "<td class=data1><input size=30 name=formExpires value=\"", htmlspecialchars($userdata->f[$data->uFields['uexpires']]), "\"></td></tr>\n";
+			echo "</table>\n";
+			echo "<input type=hidden name=action value=save_edit>\n";
+			echo "<input type=hidden name=username value=\"", htmlspecialchars($username), "\">\n";
+			echo "<input type=submit value=Save> <input type=reset>\n";
+			echo "</form>\n";
+		}
+		else echo "<p>No data.</p>\n";
+		
+		echo "<p><a class=navlink href=\"$PHP_SELF\">Show All Users</a> |\n";
+		echo "<a class=navlink href=\"$PHP_SELF?action=properties&username=", 
+			urlencode($username), "\">Properties</a></p>\n";
+	}
+	
+	/**
+	 * Show read only properties for a user
+	 */
+	function doProperties($msg = '') {
+		global $data, $misc, $username;
+		global $PHP_SELF, $strUsername, $strSuper, $strCreateDB, $strExpires, $strActions, $strNoUsers;
+	
+		echo "<h2>Users: ", htmlspecialchars($username), ": Properties</h2>\n";
+		$misc->printMsg($msg);
+		
+		$userdata = &$data->getUser($username);
+		
+		if ($userdata->recordCount() > 0) {
+			echo "<table>\n";
+			echo "<tr><th class=data>{$strUsername}</th><th class=data>{$strSuper}</th><th class=data>{$strCreateDB}</th><th class=data>{$strExpires}</th></tr>\n";
+			echo "<tr><td class=data1>", htmlspecialchars($userdata->f[$data->uFields['uname']]), "</td>\n";
+			echo "<td class=data1>", $userdata->f[$data->uFields['usuper']], "</td>\n";
+			echo "<td class=data1>", $userdata->f[$data->uFields['ucreatedb']], "</td>\n";
+			echo "<td class=data1>", htmlspecialchars($userdata->f[$data->uFields['uexpires']]), "</td></tr>\n";
+			echo "</table>\n";
+		}
+		else echo "<p>No data.</p>\n";
+		
+		echo "<p><a class=navlink href=\"$PHP_SELF\">Show All Users</a> |\n";
+		echo "<a class=navlink href=\"$PHP_SELF?action=edit&username=", 
+			urlencode($username), "\">Edit</a></p>\n";
+	}
+	
+	/**
+	 * Show confirmation of drop and perform actual drop
+	 */
+	function doDrop($confirm) {
+		global $data, $username;
+		global $PHP_SELF;
+
+		if ($confirm) { 
+			echo "<h2>Users: ", htmlspecialchars($username), ": Drop</h2>\n";
+			
+			echo "<p>Are you sure you want to drop the user \"", htmlspecialchars($username), "\"?</p>\n";
+			
+			echo "<form action=\"$PHP_SELF\" method=\"post\">\n";
+			echo "<input type=hidden name=action value=drop>\n";
+			echo "<input type=hidden name=username value=\"", htmlspecialchars($username), "\">\n";
+			echo "<input type=submit name=choice value=\"Yes\"> <input type=submit name=choice value=\"No\">\n";
+			echo "</form>\n";
+		}
+		else {
+			$status = $data->dropUser($username);
+			if ($status == 0)
+				doDefault('User dropped.');
+			else
+				doDefault('User drop failed.');
+		}		
+	}
+	
+	/**
+	 * Displays a screen where they can enter a new user
+	 */
+	function doCreate($msg = '') {
+		global $data, $misc, $username;
+		global $formUsername, $formPassword, $formSuper, $formCreateDB, $formExpires;
+		global $PHP_SELF, $strUsername, $strPassword, $strSuper, $strCreateDB, $strExpires, $strActions, $strNoUsers;
+		
+		if (!isset($formUsername)) $formUsername = '';
+		if (!isset($formUsername)) $formPassword = '';
+		if (!isset($formExpires)) $formExpires = '';
+		
+		echo "<h2>Users: Create User</h2>\n";
+		$misc->printMsg($msg);
+
+		echo "<form action=\"$PHP_SELF\" method=post>\n";
+		echo "<table>\n";
+		echo "<tr><th class=data>{$strUsername}</th><th class=data>{$strPassword}</th><th class=data>{$strSuper}</th><th class=data>{$strCreateDB}</th><th class=data>{$strExpires}</th></tr>\n";
+		echo "<tr><td class=data1><input size=15 name=formUsername value=\"", htmlspecialchars($formUsername), "\"></td>\n";
+		echo "<td class=data1><input size=15 name=formPassword value=\"", htmlspecialchars($formPassword), "\"></td>\n";
+		echo "<td class=data1><input type=checkbox name=formSuper", 
+			(isset($formSuper)) ? ' checked' : '', "></td>\n";
+		echo "<td class=data1><input type=checkbox name=formCreateDB", 
+			(isset($formCreateDB)) ? ' checked' : '', "></td>\n";
+		echo "<td class=data1><input size=30 name=formExpires value=\"", htmlspecialchars($formExpires), "\"></td></tr>\n";
+		echo "</table>\n";
+		echo "<input type=hidden name=action value=save_create>\n";
+		echo "<input type=submit value=Save> <input type=reset>\n";
+		echo "</form>\n";
+		
+		echo "<p><a class=navlink href=\"$PHP_SELF\">Show All Users</a></p>\n";
+	}
+	
+	/**
+	 * Actually creates the new view in the database
+	 */
+	function doSaveCreate() {
+		global $data, $formUsername, $formPassword, $formSuper, $formCreateDB, $formExpires;
+		
+		// @@ NOTE: No groups handled yet
+		$status = $data->createUser($formUsername, $formPassword, isset($formSuper), isset($formCreateDB), $formExpires, array());
+		if ($status == 0)
+			doDefault('User created.');
+		else
+			doCreate('User creation failed.');
+	}	
+
+	/**
+	 * Show default list of users in the database
+	 */
+	function doDefault($msg = '') {
+		global $data, $misc;
+		global $PHP_SELF, $strUsername, $strSuper, $strCreateDB, $strExpires, $strActions, $strNoUsers;
+		
+		echo "<h2>Users</h2>\n";
+		$misc->printMsg($msg);
+		
+		$users = &$data->getUsers();
+		
+		if ($users->recordCount() > 0) {
+			echo "<table>\n";
+			echo "<tr><th class=data>{$strUsername}</th><th class=data>{$strSuper}</th>";
+			echo "<th class=data>{$strCreateDB}</th><th class=data>{$strExpires}</th><th colspan=2 class=data>{$strActions}</th>\n";
+			$i = 0;
+			while (!$users->EOF) {
+				$id = (($i % 2) == 0 ? '1' : '2');
+				echo "<tr><td class=data{$id}>", htmlspecialchars($users->f[$data->uFields['uname']]), "</td>\n";
+				echo "<td class=data{$id}>", htmlspecialchars($users->f[$data->uFields['usuper']]), "</td>\n";
+				echo "<td class=data{$id}>", htmlspecialchars($users->f[$data->uFields['ucreatedb']]), "</td>\n";
+				echo "<td class=data{$id}>", htmlspecialchars($users->f[$data->uFields['uexpires']]), "</td>\n";
+				echo "<td class=opbutton{$id}><a href=\"$PHP_SELF?action=properties&username=", 
+					urlencode($users->f[$data->uFields['uname']]), "\">Properties</a></td>\n";
+				echo "<td class=opbutton{$id}><a href=\"$PHP_SELF?action=confirm_drop&username=", 
+					urlencode($users->f[$data->uFields['uname']]), "\">Drop</a></td>\n";
+				echo "</tr>\n";
+				$users->moveNext();
+				$i++;
+			}
+			echo "</table>\n";
+		}
+		else {
+			echo "<p>{$strNoUsers}</p>\n";
+		}
+		
+		echo "<p><a class=navlink href=\"$PHP_SELF?action=create\">Create User</a></p>\n";
+
+	}
+
+	echo "<html>\n";
+	echo "<body>\n";
+	
+	switch ($action) {
+		case 'save_create':
+			doSaveCreate();
+			break;
+		case 'create':
+			doCreate();
+			break;
+		case 'drop':
+			if ($choice == 'Yes') doDrop(false);
+			else doDefault();
+			break;
+		case 'confirm_drop':
+			doDrop(true);
+			break;			
+		case 'save_edit':
+			doSaveEdit();
+			break;
+		case 'edit':
+			doEdit();
+			break;
+		case 'properties':
+			doProperties();
+			break;
+		default:
+			doDefault();
+			break;
+	}	
+
+	echo "</body>\n";
+	echo "</html>\n";
+	
+?>
\ No newline at end of file
-- 
2.39.5