segment the admin gui

[matches/MCTX3420.git] / testing / MCTXWeb / public_html / users / admin_upload_users.php

<?php

/**
 * This file is not part of the original UserCake system, but uses it.
 */

require_once("models/config.php");
if (!securePage($_SERVER['PHP_SELF'])){die();}

$text_area="# Rows starting with '#' are ignored. Rows are of the form:\n# Username, Full Name, Email[, Title]";


$show_form = true;
if (!empty($_POST))
{

  $current_users = fetchAllUsers();

  // Check form action
  if ($_POST['action'] === "Download") // Download list of users and populate the text area
  {
  
    foreach ($current_users as $u)
    {
      if ($u['user_name'] !== "admin")
        $text_area=$text_area."\n".$u['user_name'].",".$u['display_name'].",".$u['email'];
    }
  }
  else if ($_POST['action'] === "Upload") // Upload users in the text area
  {
\r
    if ($_POST['upload_mode'] === "purge")\r
    {\r
      $to_delete = fetchAllUsersWithoutPerm("Administrator");\r
      if (count($to_delete) > 0)\r
      {\r
        if ($deletion_count = deleteUsers($to_delete)) {\r
          $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
        }\r
        else {\r
          $errors[] = lang("SQL_ERROR");\r
        }\r
      }\r
    }\r
  
    $text_area = $_POST['userUpload'];

    // Iterate through each row
    $all_rows=preg_split("/((\r?\n)|(\r\n?))/", $_POST['userUpload']);
    
    foreach ($all_rows as $row)
    {
      if (empty($row) or $row[0] === '#')
        continue;

      $fields = preg_split("/,/",  $row);\r
      if(count($fields) < 3)\r
      {\r
        $errors[] = "Warning: Ignoring row not in correct format: ".htmlspecialchars($row);\r
        continue;\r
      }\r
      
      $username = trim($fields[0]);
      $displayname = trim($fields[1]);
      $email = trim($fields[2]);\r
      $title = trim($fields[3]);\r
      \r
      if(!isValidEmail($email))\r
      {\r
        $errors[] = "Enter a valid email for row: ".htmlspecialchars($row);\r
        continue;\r
      }\r
      
      // generate the temporary password
      $password = generatePassword();

      //Construct a user object
      $user = new User($username,$displayname,$password,$email);
  
      //Checking this flag tells us whether there were any errors such as possible data duplication occured
      if(!$user->status)
      {
        if($user->username_taken) $localerrors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username));
        if($user->displayname_taken) $localerrors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));
        if($user->email_taken)    $localerrors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));            
      }
      else
      {
        //Attempt to add the user to the database, carry out finishing  tasks like emailing the user (if required)
        $user->userCakeAddUser(); //This doesn't return anything itself
        
        if($user->mail_failure) $localerrors[] = lang("MAIL_ERROR");
        if($user->sql_failure)  $localerrors[] = lang("SQL_ERROR");
        \r
        if(strlen($title) >= 50)\r
        {\r
          $localerrors[] = "Warning: User".$username." added but failed to set title: ".lang("ACCOUNT_TITLE_CHAR_LIMIT",array(1,50));\r
        }\r
        else if (count($localerrors) == 0 && strlen($title) > 0)\r
        {\r
          $user_id = fetchUserId($username); //So stupid, when you create a user, it doesn't return the user id\r
          if (!updateTitle($user_id, $title))\r
          {\r
            $localerrors[] = "Warning: User ".$username." added but failed to set title: ". lang("SQL_ERROR");\r
          }\r
        }
      }

      if(count($localerrors) == 0)
      {\r
        $users[] = [$username, $password]; //Push user onto array
                //$successes[] = ($user->success);
      }\r
      else\r
      {\r
        $errors = array_merge($errors, $localerrors);\r
      }

    }
 \r
    if(count($users) > 0)\r
    {\r
      $successes[] = (count($users)." users created.");\r
      $successes[] = ("The list of usernames and passwords follow. You must save this!");\r
      foreach($users as $user)\r
      {\r
        $successes[] = $user[0].",".$user[1];\r
      }\r
    }
  }


}\r
\r
require_once("models/header.php");\r
startPage();\r
\r
echo notificationBlock($errors,$successes);\r
\r
echo '<div class="widget"><div class="title">Upload users</div>';

if ($show_form)
{
  /* I can't get fucking file uploads to fucking work with fucking nginx
  echo "<p> Please provide a CSV file of usernames and email addresses. </p>
  <p> Click <a href=\"upload_users_example.csv\">here</a> for an example file. </p>
  <div class=\"title\">Upload</div>
  <form  action=\"".$_SERVER['PHP_SELF']."\" enctype=\"multipart/form-data\" method=\"post\">
  <input type=\"file\" name=\"userUpload\"/>
  <input type=\"submit\" value=\"Upload\"/>
  </form>";
  */
  echo "
 
  <form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">
  <p> Action to take on adding users: </p>
  <p> <input type=\"radio\" name=\"upload_mode\" value=\"keep\" checked/>Keep existing users and add these users</p>
  <p> <input type=\"radio\" name=\"upload_mode\" value=\"purge\"/>Purge existing users and add these users</p>
  <input type=\"submit\" name=\"action\" value=\"Upload\"/> 
  <input type=\"submit\" name=\"action\" value=\"Download\"/>
  <input type=\"submit\" name=\"action\" value=\"Reset\"/>
  <p> Enter or copy/paste user information below (resize the text area if necessary): </p>
  <p>
  <textarea name=\"userUpload\" rows=\"50\" cols=\"100\" style=\"width: 100%\">".$text_area."</textarea> </p>

  </form>";
}\r
\r
echo '</div>';\r
finishPage();
  
?>