Project

General

Profile

1 1386 Luisehahne
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         users
6 1529 Luisehahne
 * @author          Ryan Djurovich, WebsiteBaker Project
7 1710 Luisehahne
 * @copyright       2009-2012, WebsiteBaker Org. e.V.
8 1386 Luisehahne
 * @link			http://www.websitebaker2.org/
9
 * @license         http://www.gnu.org/licenses/gpl.html
10
 * @platform        WebsiteBaker 2.8.x
11
 * @requirements    PHP 5.2.2 and higher
12
 * @version         $Id$
13
 * @filesource		$HeadURL$
14
 * @lastmodified    $Date$
15
 *
16
*/
17
18
 // Include config file and admin class file
19
require('../../config.php');
20
require_once(WB_PATH.'/framework/class.admin.php');
21
22 1475 Luisehahne
$action = 'cancel';
23
// Set parameter 'action' as alternative to javascript mechanism
24
$action = (isset($_POST['modify']) ? 'modify' : $action );
25
$action = (isset($_POST['delete']) ? 'delete' : $action );
26 1386 Luisehahne
27 1475 Luisehahne
switch ($action):
28
	case 'modify' :
29
			// Print header
30
			$admin = new admin('Access', 'users_modify');
31
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
32
			// Check if user id is a valid number and doesnt equal 1
33 1492 Luisehahne
			if($user_id == 0){
34
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
35
            }
36 1475 Luisehahne
			if( ($user_id < 2 ) )
37
			{
38
				// if($admin_header) { $admin->print_header(); }
39
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
40
			}
41
			// Get existing values
42 1492 Luisehahne
			$results = $database->query("SELECT * FROM `".TABLE_PREFIX."users` WHERE `user_id` = '".$user_id."'");
43 1475 Luisehahne
			$user = $results->fetchRow();
44 1386 Luisehahne
45 1529 Luisehahne
			// Setup template object, parse vars to it, then parse it
46
			// Create new template object
47 1710 Luisehahne
			$template = new Template(dirname($admin->correct_theme_source('users_form.htt')),'keep');
48 1529 Luisehahne
			// $template->debug = true;
49 1475 Luisehahne
			$template->set_file('page', 'users_form.htt');
50
			$template->set_block('page', 'main_block', 'main');
51 1710 Luisehahne
			$template->set_block('main_block', 'show_modify_loginname_block', 'show_modify_loginname');
52
			$template->set_block('main_block', 'show_add_loginname_block', 'show_add_loginname');
53 1475 Luisehahne
			$template->set_var(	array(
54
								'ACTION_URL' => ADMIN_URL.'/users/save.php',
55
								'SUBMIT_TITLE' => $TEXT['SAVE'],
56
								'USER_ID' => $user['user_id'],
57
								'USERNAME' => $user['username'],
58
								'DISPLAY_NAME' => $user['display_name'],
59
								'EMAIL' => $user['email'],
60
								'ADMIN_URL' => ADMIN_URL,
61
								'WB_URL' => WB_URL,
62
								'THEME_URL' => THEME_URL
63
								)
64
						);
65 1386 Luisehahne
66 1475 Luisehahne
			$template->set_var('FTAN', $admin->getFTAN());
67
			if($user['active'] == 1) {
68
				$template->set_var('ACTIVE_CHECKED', ' checked="checked"');
69 1386 Luisehahne
			} else {
70 1475 Luisehahne
				$template->set_var('DISABLED_CHECKED', ' checked="checked"');
71
			}
72
			// Add groups to list
73
			$template->set_block('main_block', 'group_list_block', 'group_list');
74
			$results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name");
75
			if($results->numRows() > 0) {
76
				$template->set_var('ID', '');
77
				$template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...');
78 1386 Luisehahne
				$template->set_var('SELECTED', '');
79 1475 Luisehahne
				$template->parse('group_list', 'group_list_block', true);
80
				while($group = $results->fetchRow()) {
81
					$template->set_var('ID', $group['group_id']);
82
					$template->set_var('NAME', $group['name']);
83
					if(in_array($group['group_id'], explode(",",$user['groups_id']))) {
84
						$template->set_var('SELECTED', ' selected="selected"');
85
					} else {
86
						$template->set_var('SELECTED', '');
87
					}
88
					$template->parse('group_list', 'group_list_block', true);
89
				}
90 1386 Luisehahne
			}
91
92 1475 Luisehahne
			// Only allow the user to add a user to the Administrators group if they belong to it
93
			if(in_array(1, $admin->get_groups_id()))
94
		    {
95
				$template->set_var('ID', '1');
96
				$users_groups = $admin->get_groups_name();
97
				$template->set_var('NAME', $users_groups[1]);
98 1386 Luisehahne
99 1475 Luisehahne
				$in_group = FALSE;
100
				foreach($admin->get_groups_id() as $cur_gid){
101
				    if (in_array($cur_gid, explode(",", $user['groups_id']))) {
102
				        $in_group = TRUE;
103
				    }
104
				}
105 1386 Luisehahne
106 1475 Luisehahne
				if($in_group) {
107
					$template->set_var('SELECTED', ' selected="selected"');
108
				} else {
109
					$template->set_var('SELECTED', '');
110
				}
111
				$template->parse('group_list', 'group_list_block', true);
112
			} else {
113
				if($results->numRows() == 0) {
114
					$template->set_var('ID', '');
115
					$template->set_var('NAME', $TEXT['NONE_FOUND']);
116
					$template->set_var('SELECTED', ' selected="selected"');
117
					$template->parse('group_list', 'group_list_block', true);
118
				}
119
			}
120 1386 Luisehahne
121 1475 Luisehahne
			// Generate username field name
122
			$username_fieldname = 'username_';
123
			$salt = "abchefghjkmnpqrstuvwxyz0123456789";
124
			srand((double)microtime()*1000000);
125
			$i = 0;
126
			while ($i <= 7) {
127
				$num = rand() % 33;
128
				$tmp = substr($salt, $num, 1);
129
				$username_fieldname = $username_fieldname . $tmp;
130
				$i++;
131
			}
132 1386 Luisehahne
133 1475 Luisehahne
			// Work-out if home folder should be shown
134
			if(!HOME_FOLDERS) {
135
				$template->set_var('DISPLAY_HOME_FOLDERS', 'display:none;');
136
			}
137
138
			// Include the WB functions file
139
			require_once(WB_PATH.'/framework/functions.php');
140
141
			// Add media folders to home folder list
142
			$template->set_block('main_block', 'folder_list_block', 'folder_list');
143
			foreach(directory_list(WB_PATH.MEDIA_DIRECTORY) AS $name)
144
		    {
145
				$template->set_var('NAME', str_replace(WB_PATH, '', $name));
146
				$template->set_var('FOLDER', str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name));
147
				if($user['home_folder'] == str_replace(WB_PATH.MEDIA_DIRECTORY, '', $name)) {
148
					$template->set_var('SELECTED', ' selected="selected"');
149
				} else {
150
					$template->set_var('SELECTED', ' ');
151
				}
152
				$template->parse('folder_list', 'folder_list_block', true);
153
			}
154
155
			// Insert language text and messages
156
			$template->set_var(array(
157
								'TEXT_RESET' => $TEXT['RESET'],
158 1492 Luisehahne
								'TEXT_CANCEL' => $TEXT['CANCEL'],
159 1475 Luisehahne
								'TEXT_ACTIVE' => $TEXT['ACTIVE'],
160
								'TEXT_DISABLED' => $TEXT['DISABLED'],
161
								'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'],
162
								'TEXT_USERNAME' => $TEXT['USERNAME'],
163
								'TEXT_PASSWORD' => $TEXT['PASSWORD'],
164
								'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'],
165
								'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'],
166
								'TEXT_EMAIL' => $TEXT['EMAIL'],
167
								'TEXT_GROUP' => $TEXT['GROUP'],
168
								'TEXT_NONE' => $TEXT['NONE'],
169
								'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'],
170
								'USERNAME_FIELDNAME' => $username_fieldname,
171 1710 Luisehahne
								'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'],
172 1475 Luisehahne
								'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER']
173
								)
174
						);
175
176
			// Parse template object
177 1710 Luisehahne
			$template->parse('show_modify_loginname', 'show_modify_loginname_block', true);
178
			$template->parse('show_add_loginname', '', true);
179 1475 Luisehahne
			$template->parse('main', 'main_block', false);
180
			$template->pparse('output', 'page');
181 1492 Luisehahne
			// Print admin footer
182
			$admin->print_footer();
183 1475 Luisehahne
			break;
184
		case 'delete' :
185
			// Print header
186
			$admin = new admin('Access', 'users_delete');
187
			$user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD']));
188
			// Check if user id is a valid number and doesnt equal 1
189 1492 Luisehahne
			if($user_id == 0){
190
			$admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS'] );
191
            }
192 1475 Luisehahne
			if( ($user_id < 2 ) )
193
			{
194
				// if($admin_header) { $admin->print_header(); }
195
				$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
196
			}
197 1492 Luisehahne
			$sql  = 'SELECT `active` FROM `'.TABLE_PREFIX.'users` ';
198
            $sql .= 'WHERE `user_id` = '.$user_id.'';
199
            if( ($iDeleteUser = $database->get_one($sql)) == 1 ) {
200
				// Delete the user
201
				$database->query("UPDATE `".TABLE_PREFIX."users` SET `active` = 0 WHERE `user_id` = '".$user_id."' ");
202
            } else {
203
				$database->query("DELETE FROM `".TABLE_PREFIX."users` WHERE `user_id` = ".$user_id);
204
            }
205
206 1475 Luisehahne
			if($database->is_error()) {
207
				$admin->print_error($database->get_error());
208
			} else {
209 1492 Luisehahne
				$admin->print_success($MESSAGE['USERS_DELETED']);
210 1475 Luisehahne
			}
211 1492 Luisehahne
			// Print admin footer
212
			$admin->print_footer();
213 1475 Luisehahne
			break;
214
	default:
215
			break;
216
endswitch;