Web UI: Allow admins to view other user profiles

This includes entire user profile page, plus favorite locations on the map
and favorite access points in the search.

Editing profile data on behalf of the other user is not provided yet.

Author: binarymaster

3wifi.php

@@ -170,6 +170,13 @@
 		break;
 	}
 
+	$viewLevel = $UserManager->Level;
+	if (!is_null($UserManager->vuID))
+	{
+		$info = $UserManager->getUserInfo($UserManager->vuID);
+		$viewLevel = (int)$info['level'];
+	}
+
 	function HasWildcards($str, $wc)
 	{
 		return StrInStr($str, $wc[0]) || StrInStr($str, $wc[1]);
@@ -219,10 +226,12 @@ function GenerateFindQuery($cmtid, $ipaddr, $BSSID, $ESSID, $Auth, $Name, $Key,
 		if ($k >= 6)
 			$DataCount += $k;
 
-		global $UserManager;
+		global $UserManager, $viewLevel;
 		$uid = $UserManager->uID;
+		if (!is_null($UserManager->vuID))
+			$uid = $UserManager->vuID;
 
-		if ((!$UseLocation) && ($UserManager->Level < 2) && ($DataCount < 6))
+		if ((!$UseLocation) && ($viewLevel < 2) && ($DataCount < 6))
 		{
 			$isLimitedRequest = true;
 		}
@@ -419,7 +428,7 @@ function GenerateFindQuery($cmtid, $ipaddr, $BSSID, $ESSID, $Auth, $Name, $Key,
 	if (isset($_POST['bssid'])) $bssid = $_POST['bssid'];
 	if (isset($_POST['essid'])) $essid = $_POST['essid'];
 	$bssid = preg_replace('/[^0-9A-Fa-f\*]/', '', $bssid);
-	if ($UserManager->Level > 1)
+	if ($viewLevel > 1)
 	{
 		if (isset($_POST['comment'])) $comment = $_POST['comment'];
 		if (isset($_POST['ipaddr'])) $ipaddr = $_POST['ipaddr'];
@@ -512,12 +521,12 @@ function GenerateFindQuery($cmtid, $ipaddr, $BSSID, $ESSID, $Auth, $Name, $Key,
 			$LastId = (int)$row['id'];
 
 			$entry = array();
-			if ($UserManager->Level >= 1) $entry['id'] = (int)$row['id'];
+			if ($viewLevel >= 1) $entry['id'] = (int)$row['id'];
 			$entry['time'] = $row['time'];
 			$entry['comment'] = ($row['cmtid'] == null ? '' : $row['cmtval']);
 			$ip = _long2ip($row['IP']);
 			$wanip = _long2ip($row['WANIP']);
-			if ($UserManager->Level > 1)
+			if ($viewLevel > 1)
 			{
 				$entry['ipport'] = ($ip != '' ? $ip : ($wanip != '' ? $wanip : ''));
 				if (isLocalIP($entry['ipport'])

index.html

@@ -260,6 +260,35 @@
 		}
 	});
 }
+function doReturnView()
+{
+	$.get('user.php?a=token', function(json)
+	{
+		if (!json.result)
+		{
+			alert(errorStr(json.error));
+			return false;
+		} else {
+			var postdata = '';
+			postdata += 'token=' + encodeURIComponent(json.token);
+			postdata += '&uid=0';
+			postdata += '&view=0';
+			$.post('user.php?a=setuser', postdata, function(json)
+			{
+				if (!json.result)
+				{
+					alert(errorStr(json.error));
+				}
+				else
+				{
+					window.location.reload();
+				}
+				return false;
+			}).fail(onFail);
+		}
+	}).fail(onFail);
+	return false;
+}
 function loginBtn(force)
 {
 	if (ProfileInfo.isUser == 0 || force)
@@ -342,7 +371,18 @@
 	{
 		top.location.href = this.location.href;
 	}
-	if (ProfileInfo.isUser == 0) $('a[href=user]').hide();
+
+	if (ProfileInfo.isUser == 0)
+	{
+		$('a[href=user]').hide();
+	}
+	else if (ProfileInfo.viewUser != '')
+	{
+		var str = $('#returnbtn > p').html();
+		str = str.replace(/%username%/g, encodeHTML(ProfileInfo.viewUser));
+		$('#returnbtn > p').html(str);
+		$($('a[href=user]')[0]).hide().next().show();
+	}
 
 	if (!isMobile())
 	{
@@ -408,7 +448,13 @@
 			</span>
 		</span>
 		<a href="javascript://" onclick="loginBtn(false)" style="float: right"><div class=menubtn><p>%login_str%</p></div></a>
-		<a href="user"><div class="%chk_user%" style="float: right" id=nickname><p>%nick%</p></div></a>
+		<a href="user"><div class="%chk_user%" style="float: right"><p>%nick%</p></div></a>
+		<span class=multi style="display: none; float: right">
+			<a href="user"><div class="%chk_user%"><p>%nick%</p></div></a>
+			<span class=submenu>
+				<a href="#" onclick="return doReturnView()"><div class="submbtn" id=returnbtn><p>%l10n_menu_return%</p></div></a>
+			</span>
+		</span>
 	</div>
 </div>
 

index.php

@@ -71,17 +71,45 @@ function preparePage(&$content)
 	$content = str_replace('%broadcast%', $broadcast, $content);
 
 	global $UserManager, $l10n, $profile, $lat, $lon, $rad;
+	$ViewLogin = $UserManager->Login;
+	$ViewNick = $UserManager->Nick;
+	$ViewLevel = $UserManager->Level;
+	$ViewInvites = $UserManager->invites;
+	$ViewRAPI = $UserManager->ReadApiKey;
+	$ViewWAPI = $UserManager->WriteApiKey;
+	$ViewReg = $UserManager->RegDate;
+	$ViewInviter = $UserManager->InviterNickName;
+	$ViewUser = '';
+
+	if (!is_null($UserManager->vuID))
+	{
+		$ViewUser = $ViewNick;
+		$info = $UserManager->getUserInfo($UserManager->vuID);
+		$ViewLogin = $info['login'];
+		$ViewNick = $info['nick'];
+		$ViewLevel = (int)$info['level'];
+		$ViewInvites = (int)$info['invites'];
+		$ViewRAPI = $info['rapikey'];
+		$ViewWAPI = $info['wapikey'];
+		$ViewReg = $info['regdate'];
+		$ViewInviter = $UserManager->getUserNameById($info['puid']);
+	}
+
+	if (empty($ViewRAPI)) $ViewRAPI = $l10n['no_access'];
+	if (empty($ViewWAPI)) $ViewWAPI = $l10n['no_access'];
+
 	$content = str_replace('%login_str%', ($UserManager->isLogged() ? $l10n['menu_logout'] : $l10n['menu_login']), $content);
 	$content = str_replace('%profile%', $profile, $content);
 	$content = str_replace('%isUser%', (int)$UserManager->isLogged(), $content);
-	$content = str_replace('%login%', htmlspecialchars($UserManager->Login), $content);
-	$content = str_replace('%nick%', htmlspecialchars($UserManager->Nick), $content);
-	$content = str_replace('%user_access_level%', $UserManager->Level, $content);
-	$content = str_replace('%user_invites%', $UserManager->invites, $content);
-	$content = str_replace('%rapikey%', $UserManager->ReadApiKey, $content);
-	$content = str_replace('%wapikey%', $UserManager->WriteApiKey, $content);
-	$content = str_replace('%regdate%', $UserManager->RegDate, $content);
-	$content = str_replace('%refuser%', $UserManager->InviterNickName, $content);
+	$content = str_replace('%login%', htmlspecialchars($ViewLogin), $content);
+	$content = str_replace('%nick%', htmlspecialchars($ViewNick), $content);
+	$content = str_replace('%user_access_level%', $ViewLevel, $content);
+	$content = str_replace('%user_invites%', $ViewInvites, $content);
+	$content = str_replace('%view_user%', htmlspecialchars($ViewUser), $content);
+	$content = str_replace('%rapikey%', $ViewRAPI, $content);
+	$content = str_replace('%wapikey%', $ViewWAPI, $content);
+	$content = str_replace('%regdate%', $ViewReg, $content);
+	$content = str_replace('%refuser%', $ViewInviter, $content);
 	$content = str_replace('%var_lat%', $lat, $content);
 	$content = str_replace('%var_lon%', $lon, $content);
 	$content = str_replace('%var_rad%', $rad, $content);
@@ -175,7 +203,7 @@ function setFloat($in, &$out)
 	}
 }
 
-$profile = 'isUser: %isUser%, Nickname: "%nick%", Level: %user_access_level%, invites: %user_invites%';
+$profile = 'isUser: %isUser%, Nickname: "%nick%", Level: %user_access_level%, invites: %user_invites%, viewUser: "%view_user%"';
 
 $theme_base = 'themes';
 $themes = scandir("$theme_base/");

l10n/en-US.php

@@ -124,6 +124,8 @@
 'Login';
 $l10n['menu_logout'] =
 'Logout';
+$l10n['menu_return'] =
+'Return to %username%';
 
 /* 404 */
 $l10n['msg_404'] =

l10n/ru-RU.php

@@ -124,6 +124,8 @@
 'Вход';
 $l10n['menu_logout'] =
 'Выход';
+$l10n['menu_return'] =
+'Вернуться к %username%';
 
 /* 404 */
 $l10n['msg_404'] =

user.class.php

@@ -45,6 +45,7 @@ class User {
 
 	public $uID = NULL;
 	public $puID = NULL;
+	public $vuID = NULL;
 	public $InviterNickName = NULL;
 	public $Login = '';
 	public $Nick = '';
@@ -55,8 +56,8 @@ class User {
 	public $Level = self::USER_UNAUTHORIZED;
 	public $HashIP = NULL;
 	public $invites = 0;
-	public $ReadApiKey = 'N/A';
-	public $WriteApiKey = 'N/A';
+	public $ReadApiKey = '';
+	public $WriteApiKey = '';
 	public $ApiAccess = '';
 
 	public $LastUpdate = 0;
@@ -187,6 +188,8 @@ public function saveSession() {
 	 */
 		$_SESSION['uID'] 		= $this->uID;
 		$_SESSION['puID'] 		= $this->puID;
+		if (!is_null($this->vuID))
+			$_SESSION['view_uid'] 	= $this->vuID;
 		$_SESSION['InviterNickName'] = $this->InviterNickName;
 		$_SESSION['Login'] 		= $this->Login;
 		$_SESSION['Nick'] 		= $this->Nick;
@@ -238,6 +241,7 @@ public function loadSession() {
 				return false;
 			}
 			$this->puID 	  = $_SESSION['puID'];
+			$this->vuID 	  = $_SESSION['view_uid'];
 			$this->InviterNickName = $_SESSION['InviterNickName'];
 			$this->Login	  = $_SESSION['Login'];
 			$this->Nick 	  = $_SESSION['Nick'];
@@ -486,6 +490,21 @@ public function admBanReason($uid, $ban_reason)
 		return self::$mysqli->query("UPDATE users SET ban_reason=$ban_reason,lastupdate=lastupdate WHERE uid=$uid");
 	}
 
+	public function admViewUser($uid)
+	{
+		unset($_SESSION['view_uid']);
+		$this->vuID = NULL;
+		if (!is_null($uid))
+		{
+			$info = $this->getUserInfo($uid);
+			if (is_null($info['login']))
+				return false;
+			$_SESSION['view_uid'] = $uid;
+			$this->vuID = $uid;
+		}
+		return true;
+	}
+
 	public function Registration($Login, $Nick, $Password, $Invite)
 	{
 		$Salt = $this->GenerateRandomString(32);
@@ -661,7 +680,12 @@ public function listInvites($uid = null) {
 	 * @param int $uid
 	 * @return array $Invites
 	 */
-		if (is_null($uid)) $uid = $this->uID;
+		if (is_null($uid))
+		{
+			$uid = $this->uID;
+			if (!is_null($this->vuID))
+				$uid = $this->vuID;
+		}
 		if ($uid == NULL) return false;
 
 		$sql = 'SELECT time, users.regdate, invite, nick, IF(users.level IS NULL, invites.level, users.level) AS level FROM invites LEFT JOIN users USING(`uid`) WHERE invites.puid='.$this->quote($uid).' ORDER BY time';

user.html

@@ -1057,6 +1057,9 @@
 
 function setUserAccount(e, opt)
 {
+	if ($('input[name=nick]').val() == '')
+		return false;
+
 	var btn = $(e);
 	btnShowLoad(btn, true);
 	$.get('user.php?a=token', function(json)
@@ -1070,12 +1073,16 @@
 			var postdata = '';
 			postdata += 'token=' + encodeURIComponent(json.token);
 			postdata += '&uid=' + mgmt_uid;
-			if (opt == 'a')
+			if (opt == 'level')
 			{
 				postdata += '&level=' + $('select#user_level').val();
 				if (ban_reason != '')
 					postdata += '&ban_reason=' + ban_reason;
 			}
+			else if (opt == 'view')
+			{
+				postdata += '&view=1';
+			}
 			else
 			{
 				postdata += '&invites=' + $('input[name=invites]').val();
@@ -1089,7 +1096,10 @@
 				}
 				else
 				{
-					alert("%l10n_msg_user_set_success%");
+					if (opt == 'view')
+						window.open('#inv', '_blank').focus();
+					else
+						alert("%l10n_msg_user_set_success%");
 				}
 				return false;
 			}).fail(simpleFail);
@@ -1216,15 +1226,15 @@ <h2 align=center><span class=header_cap>%l10n_msg_user% %nick%</span></h2>
 			<tr><td>%l10n_str_reg_date%</td>
 			<td><input type="text" name="reg_date" id="reg_date" readonly /></td></tr>
 			<tr><td>%l10n_str_level%</td>
-			<td><select id="user_level"></select>&nbsp;<select id="ban_reason"></select></td><td><input type="button" value="%l10n_btn_save%" onclick="return setUserAccount(this, 'a')"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
+			<td><select id="user_level"></select>&nbsp;<select id="ban_reason"></select></td><td><input type="button" value="%l10n_btn_save%" onclick="return setUserAccount(this, 'level')"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
 			<tr><td><label for="pass">%l10n_str_pass%</label></td>
 			<td><input type="text" name="pass" id="pass" readonly /></td><td><input type="submit" value="%l10n_btn_reset%"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
 			<tr><td>%l10n_str_visited%</td>
 			<td><input type="text" name="visited" id="visited" readonly /></td></tr>
 			<tr><td>%l10n_str_inv_invited_created%</td>
-			<td><a href="#" id="inv_created">0/0</a></td></tr>
+			<td><a href="#" id="inv_created" onclick="return setUserAccount(null, 'view')">0/0</a></td></tr>
 			<tr><td><label for="invites">%l10n_str_inv_left%</label></td>
-			<td colspan=2><input type="number" name="invites" id="invites" min="0" max="100" step="1"/>&nbsp;<input type="button" value="%l10n_btn_save%" onclick="return setUserAccount(this, 'b')"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
+			<td colspan=2><input type="number" name="invites" id="invites" min="0" max="100" step="1"/>&nbsp;<input type="button" value="%l10n_btn_save%" onclick="return setUserAccount(this, 'invites')"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
 			<tr><td><label for="refuser">%l10n_str_inviter%</label></td>
 			<td><input type="text" name="refuser" id="refuser" readonly /></td><td><input type="button" value="%l10n_btn_get%" onclick="return getUserParent(this)"/><img src="%theme_ajax%" style="display: none;"/></td></tr>
 			</table>