225 lines
8.9 KiB
PHP
225 lines
8.9 KiB
PHP
<?php
|
|
// +-----------------------------------------------------------------------+
|
|
// | user_modify.php |
|
|
// +-----------------------------------------------------------------------+
|
|
// | application : PhpWebGallery <http://phpwebgallery.net> |
|
|
// | branch : BSF (Best So Far) |
|
|
// +-----------------------------------------------------------------------+
|
|
// | file : $RCSfile$
|
|
// | last update : $Date$
|
|
// | last modifier : $Author$
|
|
// | revision : $Revision$
|
|
// +-----------------------------------------------------------------------+
|
|
// | This program is free software; you can redistribute it and/or modify |
|
|
// | it under the terms of the GNU General Public License as published by |
|
|
// | the Free Software Foundation |
|
|
// | |
|
|
// | This program is distributed in the hope that it will be useful, but |
|
|
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|
|
// | General Public License for more details. |
|
|
// | |
|
|
// | You should have received a copy of the GNU General Public License |
|
|
// | along with this program; if not, write to the Free Software |
|
|
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
|
|
// | USA. |
|
|
// +-----------------------------------------------------------------------+
|
|
include_once( './admin/include/isadmin.inc.php' );
|
|
//----------------------------------------------------- template initialization
|
|
$sub = $vtp->Open( './template/'.$user['template'].'/admin/user_modify.vtp' );
|
|
$error = array();
|
|
$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form',
|
|
'login', 'new', 'password', 'mail_address', 'adduser_status',
|
|
'submit', 'adduser_info_password_updated','menu_groups',
|
|
'dissociate','adduser_associate' );
|
|
templatize_array( $tpl, 'lang', $sub );
|
|
//--------------------------------------------------------- form criteria check
|
|
$error = array();
|
|
$display_form = true;
|
|
|
|
// retrieving information in the database about the user identified by its
|
|
// id in $_GET['user_id']
|
|
$query = 'select';
|
|
$query.= ' username,status,mail_address';
|
|
$query.= ' from '.USERS_TABLE;
|
|
$query.= ' where id = '.$_GET['user_id'];
|
|
$query.= ';';
|
|
$row = mysql_fetch_array( mysql_query( $query ) );
|
|
$page['username'] = $row['username'];
|
|
$page['status'] = $row['status'];
|
|
if ( !isset( $row['mail_address'] ) ) $row['mail_address'] = '';
|
|
$page['mail_address'] = $row['mail_address'];
|
|
// user is not modifiable if :
|
|
// 1. the selected user is the user "guest"
|
|
// 2. the selected user is the webmaster and the user making the modification
|
|
// is not the webmaster
|
|
if ( $row['username'] == 'guest'
|
|
or ( $row['username'] == $conf['webmaster']
|
|
and $user['username'] != $conf['webmaster'] ) )
|
|
{
|
|
array_push( $error, $lang['user_err_modify'] );
|
|
$display_form = false;
|
|
}
|
|
// if the user was not found in the database, no modification possible
|
|
if ( $row['username'] == '' )
|
|
{
|
|
array_push( $error, $lang['user_err_unknown'] );
|
|
$display_form = false;
|
|
}
|
|
|
|
if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
|
|
{
|
|
// shall we use a new password and overwrite the old one ?
|
|
$use_new_password = false;
|
|
if ( isset( $_POST['use_new_pwd'] ) ) $use_new_password = true;
|
|
// if we try to update the webmaster infos, we have to set the status to
|
|
// 'admin'
|
|
if ( $row['username'] == $conf['webmaster'] )
|
|
$_POST['status'] = 'admin';
|
|
|
|
$error = array_merge( $error, update_user(
|
|
$_GET['user_id'], $_POST['mail_address'],
|
|
$_POST['status'], $use_new_password,
|
|
$_POST['password'] ) );
|
|
}
|
|
// association with groups management
|
|
if ( isset( $_POST['submit'] ) )
|
|
{
|
|
// deletion of checked groups
|
|
$query = 'SELECT id,name';
|
|
$query.= ' FROM '.PREFIX_TABLE.'groups';
|
|
$query.= ' ORDER BY id ASC';
|
|
$query.= ';';
|
|
$result = mysql_query( $query );
|
|
while ( $row = mysql_fetch_array( $result ) )
|
|
{
|
|
$dissociate = 'dissociate-'.$row['id'];
|
|
if ( isset( $_POST[$dissociate] ) )
|
|
{
|
|
$query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
|
|
$query.= ' WHERE user_id = '.$_GET['user_id'];
|
|
$query.= ' AND group_id ='.$row['id'];
|
|
$query.= ';';
|
|
mysql_query( $query );
|
|
}
|
|
}
|
|
// create a new association between the user and a group
|
|
$query = 'INSERT INTO '.PREFIX_TABLE.'user_group';
|
|
$query.= ' (user_id,group_id) VALUES';
|
|
$query.= ' ('.$_GET['user_id'].','.$_POST['associate'].')';
|
|
$query.= ';';
|
|
mysql_query( $query );
|
|
// synchronize category informations for this user
|
|
synchronize_user( $_GET['user_id'] );
|
|
}
|
|
//-------------------------------------------------------------- errors display
|
|
if ( sizeof( $error ) != 0 )
|
|
{
|
|
$vtp->addSession( $sub, 'errors' );
|
|
for ( $i = 0; $i < sizeof( $error ); $i++ )
|
|
{
|
|
$vtp->addSession( $sub, 'li' );
|
|
$vtp->setVar( $sub, 'li.li', $error[$i] );
|
|
$vtp->closeSession( $sub, 'li' );
|
|
}
|
|
$vtp->closeSession( $sub, 'errors' );
|
|
}
|
|
//---------------------------------------------------------------- confirmation
|
|
if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
|
|
{
|
|
$vtp->addSession( $sub, 'confirmation' );
|
|
$vtp->setVar( $sub, 'confirmation.username', $page['username'] );
|
|
$url = add_session_id( './admin.php?page=user_list' );
|
|
$vtp->setVar( $sub, 'confirmation.url', $url );
|
|
$vtp->closeSession( $sub, 'confirmation' );
|
|
if ( $use_new_password )
|
|
{
|
|
$vtp->addSession( $sub, 'password_updated' );
|
|
$vtp->closeSession( $sub, 'password_updated' );
|
|
}
|
|
}
|
|
//------------------------------------------------------------------------ form
|
|
if ( $display_form )
|
|
{
|
|
$vtp->addSession( $sub, 'form' );
|
|
$action = './admin.php?page=user_modify&user_id='.$_GET['user_id'];
|
|
$vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) );
|
|
$vtp->setVar( $sub, 'form.user:username', $page['username'] );
|
|
if ( isset( $_POST['mail_address'] ) )
|
|
{
|
|
$page['mail_address'] = $_POST['mail_address'];
|
|
}
|
|
$vtp->setVar( $sub, 'form.user:mail_address', $page['mail_address'] );
|
|
// change status only if the user is not the webmaster
|
|
if ( $page['username'] != $conf['webmaster'] )
|
|
{
|
|
$vtp->addSession( $sub, 'status' );
|
|
if ( isset( $_POST['status'] ) )
|
|
{
|
|
$page['status'] = $_POST['status'];
|
|
}
|
|
$option = get_enums( PREFIX_TABLE.'users', 'status' );
|
|
for ( $i = 0; $i < sizeof( $option ); $i++ )
|
|
{
|
|
$vtp->addSession( $sub, 'status_option' );
|
|
$vtp->setVar( $sub, 'status_option.value', $option[$i] );
|
|
$vtp->setVar( $sub, 'status_option.option',
|
|
$lang['adduser_status_'.$option[$i]] );
|
|
if( $option[$i] == $page['status'] )
|
|
{
|
|
$vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' );
|
|
}
|
|
$vtp->closeSession( $sub, 'status_option' );
|
|
}
|
|
$vtp->closeSession( $sub, 'status' );
|
|
}
|
|
// groups linked with this user
|
|
$query = 'SELECT id,name';
|
|
$query.= ' FROM '.PREFIX_TABLE.'user_group, '.PREFIX_TABLE.'groups';
|
|
$query.= ' WHERE group_id = id';
|
|
$query.= ' AND user_id = '.$_GET['user_id'];
|
|
$query.= ';';
|
|
$result = mysql_query( $query );
|
|
$user_groups = array();
|
|
if ( mysql_num_rows( $result ) > 0 )
|
|
{
|
|
$vtp->addSession( $sub, 'groups' );
|
|
while ( $row = mysql_fetch_array( $result ) )
|
|
{
|
|
$vtp->addSession( $sub, 'group' );
|
|
$vtp->setVar( $sub, 'group.name', $row['name'] );
|
|
$vtp->setVar( $sub, 'group.dissociate_id', $row['id'] );
|
|
$vtp->closeSession( $sub, 'group' );
|
|
array_push( $user_groups, $row['id'] );
|
|
}
|
|
$vtp->closeSession( $sub, 'groups' );
|
|
}
|
|
// empty group not to take into account
|
|
$vtp->addSession( $sub, 'associate_group' );
|
|
$vtp->setVar( $sub, 'associate_group.value', 'undef' );
|
|
$vtp->setVar( $sub, 'associate_group.option', '' );
|
|
$vtp->closeSession( $sub, 'associate_group' );
|
|
// groups not linked yet to the user
|
|
$query = 'SELECT id,name';
|
|
$query.= ' FROM '.PREFIX_TABLE.'groups';
|
|
$query.= ' ORDER BY id ASC';
|
|
$query.= ';';
|
|
$result = mysql_query( $query );
|
|
while ( $row = mysql_fetch_array( $result ) )
|
|
{
|
|
if ( !in_array( $row['id'], $user_groups ) )
|
|
{
|
|
$vtp->addSession( $sub, 'associate_group' );
|
|
$vtp->setVar( $sub, 'associate_group.value', $row['id'] );
|
|
$vtp->setVar( $sub, 'associate_group.option', $row['name'] );
|
|
$vtp->closeSession( $sub, 'associate_group' );
|
|
}
|
|
}
|
|
|
|
$url = add_session_id( './admin.php?page=user_list' );
|
|
$vtp->setVar( $sub, 'form.url_back', $url );
|
|
$vtp->closeSession( $sub, 'form' );
|
|
}
|
|
//----------------------------------------------------------- sending html code
|
|
$vtp->Parse( $handle , 'sub', $sub );
|
|
?>
|