aboutsummaryrefslogtreecommitdiffstats
path: root/profile.php
diff options
context:
space:
mode:
Diffstat (limited to 'profile.php')
-rw-r--r--profile.php195
1 files changed, 149 insertions, 46 deletions
diff --git a/profile.php b/profile.php
index 71a964d80..c0287ac39 100644
--- a/profile.php
+++ b/profile.php
@@ -26,21 +26,29 @@
// +-----------------------------------------------------------------------+
// customize appearance of the site for a user
-//----------------------------------------------------------- include
-define('PHPWG_ROOT_PATH','./');
-include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
-//-------------------------------------------------- access authorization check
-check_login_authorization();
-if ( $user['is_the_guest'] )
+// +-----------------------------------------------------------------------+
+// | initialization |
+// +-----------------------------------------------------------------------+
+$userdata = array();
+if ( defined('IN_ADMIN') && isset( $_POST['submituser'] ) )
+{
+ $userdata = getuserdata($_POST['username']);
+}
+elseif (defined('IN_ADMIN') && isset( $_POST['submit'] ))
{
- echo '<div style="text-align:center;">'.$lang['only_members'].'<br />';
- echo '<a href="./identification.php">'.$lang['ident_title'].'</a></div>';
- exit();
+ $userdata = getuserdata(intval($_POST['userid']));
+}
+elseif (!defined('IN_ADMIN'))
+{
+ define('PHPWG_ROOT_PATH','./');
+ include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
+ check_login_authorization(false);
+ $userdata=$user;
}
//------------------------------------------------------ update & customization
$infos = array( 'nb_image_line', 'nb_line_page', 'language',
'maxwidth', 'maxheight', 'expand', 'show_nb_comments',
- 'recent_period', 'template', 'mail_address' );
+ 'recent_period', 'template', 'mail_address');
// mise à jour dans la base de données des valeurs
// des paramètres pour l'utilisateur courant
// - on teste si chacune des variables est passée en argument à la page
@@ -67,16 +75,21 @@ if ( isset( $_POST['submit'] ) )
{
array_push( $errors, $lang['periods_error'] );
}
-
- if ( $_POST['mail_address']!= $user['mail_address'])
+
+ if ( $_POST['mail_address']!= $userdata['mail_address'])
{
- if (!empty($_POST['password']))
- array_push( $errors, $lang['reg_err_pass'] );
- else
- {
- // retrieving the encrypted password of the login submitted
+ if ($user['status'] == 'admin')
+ {
+ $mail_error = validate_mail_address( $_POST['mail_address'] );
+ if ( !empty($mail_error)) array_push( $errors, $mail_error );
+ }
+ elseif (!empty($_POST['password']))
+ array_push( $errors, $lang['reg_err_pass'] );
+ else
+ {
+ // retrieving the encrypted password of the login submitted
$query = 'SELECT password FROM '.USERS_TABLE.'
- WHERE username = \''.$user['username'].'\';';
+ WHERE username = \''.$userdata['username'].'\';';
$row = mysql_fetch_array(pwg_query($query));
if ($row['password'] == md5($_POST['password']))
{
@@ -85,14 +98,37 @@ if ( isset( $_POST['submit'] ) )
}
else
array_push( $errors, $lang['reg_err_pass'] );
- }
+
+ }
}
// password must be the same as its confirmation
- if ( isset( $_POST['use_new_pwd'] )
+ if ( !empty( $_POST['use_new_pwd'] )
and $_POST['use_new_pwd'] != $_POST['passwordConf'] )
array_push( $errors, $lang['reg_err_pass'] );
-
+
+ // We check if we are in the admin level
+ if (isset ($_POST['user_delete']))
+ {
+ if ($_POST['userid'] > 2) // gallery founder + guest
+ {
+ delete_user($_POST['userid']);
+ }
+ else
+ array_push( $errors, $lang['user_err_modify'] );
+ }
+
+ // We check if we are in the admin level
+ if (isset ($_POST['status']) && $_POST['status'] <> $userdata['status'])
+ {
+ if ($_POST['userid'] > 2) // gallery founder + guest
+ {
+ array_push($infos, 'status');
+ }
+ else
+ array_push( $errors, $lang['user_err_modify'] );
+ }
+
if ( count( $errors ) == 0 )
{
$query = 'UPDATE '.USERS_TABLE;
@@ -104,42 +140,79 @@ if ( isset( $_POST['submit'] ) )
if ( $_POST[$info] == '' ) $query.= 'NULL';
else $query.= "'".$_POST[$info]."'";
}
- $query.= ' WHERE id = '.$user['id'];
+ $query.= ' WHERE id = '.$_POST['userid'];
$query.= ';';
pwg_query( $query );
- if ( isset( $_POST['use_new_pwd'] ) )
+ if ( !empty( $_POST['use_new_pwd'] ) )
{
$query = 'UPDATE '.USERS_TABLE;
$query.= " SET password = '".md5( $_POST['use_new_pwd'] )."'";
- $query.= ' WHERE id = '.$user['id'];
+ $query.= ' WHERE id = '.$_POST['userid'];
$query.= ';';
pwg_query( $query );
}
-
+
// redirection
- redirect(add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']));
+ if (!defined('IN_ADMIN'))
+ {
+ redirect(add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']));
+ }
+ else
+ {
+ redirect(add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'));
+ }
}
}
+
+// +-----------------------------------------------------------------------+
+// | page header and options |
+// +-----------------------------------------------------------------------+
+$url_action = PHPWG_ROOT_PATH;
+if (!defined('IN_ADMIN'))
+{
+ $title= $lang['customize_page_title'];
+ include(PHPWG_ROOT_PATH.'include/page_header.php');
+ $url_action .='profile.php';
+}
+else
+{
+ $url_action .='admin.php?page=profile';
+}
//----------------------------------------------------- template initialization
-$expand = ($user['expand']=='true')?'EXPAND_TREE_YES':'EXPAND_TREE_NO';
-$nb_comments = ($user['show_nb_comments']=='true')?'NB_COMMENTS_YES':'NB_COMMENTS_NO';
-$title = $lang['customize_page_title'];
-include(PHPWG_ROOT_PATH.'include/page_header.php');
+$template->set_filenames(array('profile_body'=>'profile.tpl'));
+if ( defined('IN_ADMIN') && empty($userdata))
+{
+ $template->assign_block_vars('select_user',array());
+ $template->assign_vars(array(
+ 'L_SELECT_USERNAME'=>$lang['Select_username'],
+ 'L_LOOKUP_USER'=>$lang['Look_up_user'],
+ 'L_FIND_USERNAME'=>$lang['Find_username'],
+ 'L_AUTH_USER'=>$lang['permuser_only_private'],
+ 'L_SUBMIT'=>$lang['submit'],
-$template->set_filenames(array('profile'=>'profile.tpl'));
+ 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=profile'),
+ 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
+ ));
+}
+else
+{
+$expand = ($userdata['expand']=='true')?'EXPAND_TREE_YES':'EXPAND_TREE_NO';
+$nb_comments = ($userdata['show_nb_comments']=='true')?'NB_COMMENTS_YES':'NB_COMMENTS_NO';
+$template->assign_block_vars('modify',array());
$template->assign_vars(array(
- 'USERNAME'=>$user['username'],
- 'EMAIL'=>$user['mail_address'],
- 'LANG_SELECT'=>language_select($user['language'], 'language'),
- 'NB_IMAGE_LINE'=>$user['nb_image_line'],
- 'NB_ROW_PAGE'=>$user['nb_line_page'],
- 'STYLE_SELECT'=>style_select($user['template'], 'template'),
- 'RECENT_PERIOD'=>$user['recent_period'],
- 'MAXWIDTH'=>$user['maxwidth'],
- 'MAXHEIGHT'=>$user['maxheight'],
+ 'USERNAME'=>$userdata['username'],
+ 'USERID'=>$userdata['id'],
+ 'EMAIL'=>$userdata['mail_address'],
+ 'LANG_SELECT'=>language_select($userdata['language'], 'language'),
+ 'NB_IMAGE_LINE'=>$userdata['nb_image_line'],
+ 'NB_ROW_PAGE'=>$userdata['nb_line_page'],
+ 'STYLE_SELECT'=>style_select($userdata['template'], 'template'),
+ 'RECENT_PERIOD'=>$userdata['recent_period'],
+ 'MAXWIDTH'=>$userdata['maxwidth'],
+ 'MAXHEIGHT'=>$userdata['maxheight'],
$expand=>'checked="checked"',
$nb_comments=>'checked="checked"',
@@ -170,7 +243,7 @@ $template->assign_vars(array(
'L_RETURN' => $lang['home'],
'L_RETURN_HINT' => $lang['home_hint'],
- 'F_ACTION'=>add_session_id(PHPWG_ROOT_PATH.'profile.php'),
+ 'F_ACTION'=>add_session_id($url_action),
'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'])
));
@@ -178,13 +251,43 @@ $template->assign_vars(array(
//-------------------------------------------------------------- errors display
if ( sizeof( $errors ) != 0 )
{
- $template->assign_block_vars('errors',array());
+ $template->assign_block_vars('modify.errors',array());
for ( $i = 0; $i < sizeof( $errors ); $i++ )
{
- $template->assign_block_vars('errors.error',array('ERROR'=>$errors[$i]));
+ $template->assign_block_vars('modify.errors.error',array('ERROR'=>$errors[$i]));
}
}
-//----------------------------------------------------------- html code display
-$template->pparse('profile');
-include(PHPWG_ROOT_PATH.'include/page_tail.php');
+//------------------------------------------------------------- user management
+if (defined('IN_ADMIN'))
+{
+ $status_select = '<select name="status">';
+ $status_select .='<option value = "guest" ';
+ if ($userdata['status'] == 'guest') $status_select .= 'selected="selected"';
+ $status_select .='>'.$lang['user_status_guest'] .'</option>';
+ $status_select .='<option value = "admin" ';
+ if ($userdata['status'] == 'admin') $status_select .= 'selected="selected"';
+ $status_select .='>'.$lang['user_status_admin'] .'</option>';
+ $status_select .='</select>';
+ $template->assign_block_vars('modify.admin',array(
+ 'L_ADMIN_USER'=>$lang['user_management'],
+ 'L_STATUS'=>$lang['user_status'],
+ 'L_DELETE'=>$lang['user_delete'],
+ 'L_DELETE_HINT'=>$lang['user_delete_hint'],
+ 'STATUS'=>$status_select
+ ));
+}
+}
+// +-----------------------------------------------------------------------+
+// | html code display |
+// +-----------------------------------------------------------------------+
+if (defined('IN_ADMIN'))
+{
+ $template->assign_var_from_handle('ADMIN_CONTENT', 'profile_body');
+}
+else
+{
+ $template->assign_block_vars('modify.profile',array());
+ $template->pparse('profile_body');
+ include(PHPWG_ROOT_PATH.'include/page_tail.php');
+}
?>