. */ include("./include/include.php"); admin_header(); if( !in_array($_SESSION['sess_access'], array("admin", "chair", "localorg")) ) { echoln("You are not authorized to see this page."); }else { echoln("

Administrate users

"); $Cancel_process=false; $uid=get_int('uid'); $User=stripslashes(get_var('user')); $Email=stripslashes(get_var('email')); $Access=stripslashes(get_var('access')); $Access_values = array("no", "view", "edit", "jc", "localorg", "chair", "admin"); if( $_REQUEST['cmd']=="new" ) { ########### ### New ### ########### $uid=""; $User=""; $Email=""; $Acess="no"; } if( ($_REQUEST['cmd']=="edit" OR $_REQUEST['cmd']=="delete") AND !$Cancel_process ) { ################# ### Load Data ### ################# $query="SELECT `user`, `email`, `access` FROM `users` WHERE `uid`=".addslashes($uid); if( @mysql_num_rows( $res=doquery($query) )==1 ) { // Ok, load data $row=mysql_fetch_array($res); $User=$row['user']; $Email=$row['email']; $Access=$row["access"]; }else { // Query failed echoln("

Error: unable to load the data. Please try again later."); $Cancel_process=true; } } if( $_REQUEST['cmd']=="delete" AND !$Cancel_process ) { ############## ### DELETE ### ############## if( strlen($User)>0 AND $uid!=$_SESSION['sess_uid'] AND !($Access=="admin" AND !$_SESSION['access_admin']) AND !($Access=="chair" AND !($_SESSION['access_admin'] OR $_SESSION['access_chair'])) ) { if( $_GET['confirm']=="yes" ) { // Delete this user $query="DELETE FROM `users` WHERE `uid`=".addslashes($uid); if( doquery($query) ) { // Successfull echoln("Successfully deleted '".$User."'.

"); }else { // Error echoln("Unable to delete user. Please try again.

"); } $_REQUEST['cmd']=""; }else { // Ask for confirmation echoln("Are you sure you want to delete '".$User."'?"); echoln("

Yes  "); echoln("No"); } }else { echoln("You don't have access to delete '".$User."'.

"); $_REQUEST['cmd']=""; } } if( ($_REQUEST['cmd']=="save") AND (!$Cancel_process) ) { ################### ### ERROR CHECK ### ################### echoln("

"); if( !$Error[0] ) { ################# ### SAVE DATA ### ################# if( $uid>0 ) { // Edited entry, update $query="UPDATE `users` SET `email`='".addslashes($Email)."', `Access`='".addslashes($Access)."' WHERE `uid`=".addslashes($uid); if( doquery($query) ) { // Saving succeeded echoln("User saved successfully.

"); }else { // Saving failed echoln("Saving of user failed. Please try again.

"); } }else { // New entry, insert and mail password $query="INSERT INTO `users` (`user`, `email`, `access`) VALUES ('".addslashes($User)."', '".addslashes($Email)."', '".addslashes($Access)."')"; if( doquery($query) ) { $uid = mysql_insert_id(); // Saving succeeded if( $mail = new Mail(MAILRETURNPATH, $Email) ) { $mail->setSubject("New account for Statutory Events tool"); $mail->addHeader("To", "\"".$User."\" <".$Email.">"); $mail->addHeader("From", "\"Webmaster ".$setup['SetupEventType']." Application\" <".WEBMASTEREMAIL.">"); $mail->addHeader("X-Content", "account to adminuser"); $mail->addHeader("X-ApplicationID", $uid); $mail->addHeader("X-Signature", get_signature("account to adminuser", $uid)); $message = "Hello $User,\n\n"; $message .= "A new account has been created for you in the Statutory Events system.\n"; $message .= "You can log in with your ".$ldap->getSystemName()." account.\n\n"; $message .= "You will be personally responsible for the usage of the above account data. Please make sure you don't\n"; $message .= "loose it, and neither give it to somebody else.\n\n"; $message .= "You can access the administration part at\n\n"; $message .= " https://".$FULL_URL."admin/\n\n"; $message .= "More information can be found in the help function after you log in.\n\n"; $message .= "With kind regards,\n\n"; $message .= "The webmaster"; $mail->setMessage($message); switch( $mail->send(true) ) { case Mail::MAIL_OK: echoln("
Send mail to new user."); break; case Mail::MAIL_QUEUE: echoln("
Queued mail to new user (will be sent later)."); break; default: echoln("
Failed sending mail to new user."); } } echoln("New user saved successfully.

"); }else { // Saving failed echoln("Saving of new user failed. Please try again.

"); } } }else { // Error found, reshow form if( $uid>0 ) { $_REQUEST['cmd']="edit"; // id avail, so this was an edit }else { $_REQUEST['cmd']="new"; // id unavailable, so this was a new entry } } }elseif( !$Cancel_process ) { // Not save action, so there were no errors $Error[0]=false; } if( ($_REQUEST['cmd']=="new" OR $_REQUEST['cmd']=="edit") AND (!$Cancel_process) ) { ################# ### Show form ### ################# echoln("Back

"); echoln("

"); echoln(" "); echoln(" "); echoln(" "); echoln(" "); if( $uid>0 ) echoln(" "); echoln(" "); echoln("
User:0 ) echoln(" disabled=\"disabled\"", false, true); echoln(">
E-mail:
Access:"); echoln(" "); echoln("

"); ///// Show buttons ///// if( $_REQUEST['cmd']=="new" ) { echoln("   "); echoln(" "); echoln("

Please note that an e-mail will be sent to the new user to inform him/her about the new created account."); }else { echoln("   "); echoln(" "); } echoln("

"); }elseif( $_REQUEST['cmd']!="delete" OR ( $_REQUEST['cmd']=="delete" AND $_GET['confirm']=="yes" ) ) { ################# ### Show list ### ################# echoln("Add new user"); $query="SELECT `uid`, `user`, `email`, `access` FROM `users` ORDER BY `user`"; if( @mysql_num_rows( $res=doquery($query) )>0 ) { echoln("

"); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); $i=0; while( $row=mysql_fetch_array($res) ) { $i++; if( ($i%2)==1 ) echoln(" "); else echoln(" "); echoln(" "); if( check_email($row['email']) ) echoln(" "); else echoln(" "); echoln(" "); echoln(" "); echoln(" "); } echoln("
UserE-mailAccess 
".$row['user']."".$row['email']." ".$row['access'].""); if( ($row['access']=="admin" AND !$_SESSION['access_admin']) OR ($row['access']=="chair" AND !($_SESSION['access_admin'] OR $_SESSION['access_chair'])) ) { echoln("  "); }else { echoln(" Edit  "); if( $row['uid']!=$_SESSION['sess_uid'] ) { echoln(" Delete"); } } echoln("
"); } } } admin_footer(); ?>