.
*/
include("./include/include.php");
admin_header();
if( !in_array("user_view", $_SESSION['sess_functions']) ) {
echoln("You are not authorized to see this page.");
}else {
echoln("Administrate users
");
$error = false;
$availableRoles = array();
$query = "SELECT `id`, `name` FROM `roles` ORDER BY `name`";
if( @mysql_num_rows( $res=doquery($query) )>0 ) {
while( $row=mysql_fetch_assoc($res) ) {
$availableRoles[ $row['id'] ] = $row['name'];
}
}
if( in_array("user_edit", $_SESSION['sess_functions']) && isset($_REQUEST['new']) ) {
###########
### New ###
###########
$data['uid'] = 0;
$data['user'] = "";
$data['email'] = "";
$data['role_id'] = 0;
}
if( in_array("user_edit", $_SESSION['sess_functions']) && (isset($_REQUEST['edit']) || isset($_REQUEST['delete'])) ) {
#################
### Load Data ###
#################
$query = "SELECT `uid`, `user`, `email`, `role_id` FROM `users` WHERE `uid`=".addslashes(get_int('uid'));
if( @mysql_num_rows( $res=doquery($query) )==1 ) {
// Ok, load data
$data = mysql_fetch_assoc($res);
}else {
// Query failed
echoln("Error: unable to load the user. Please try again later.
");
$error = true;
}
}
if( in_array("user_edit", $_SESSION['sess_functions']) && isset($_REQUEST['delete']) && !$error ) {
##############
### DELETE ###
##############
if( strlen($data['user'])>0 && $data['uid']!=$_SESSION['sess_uid'] &&
!($data['role_id']==1 && $_SESSION['sess_role_id']!=1) ) {
if( isset($_GET['confirm']) ) {
// Delete this user
$query = "DELETE FROM `users` WHERE `uid`=".addslashes($data['uid']);
if( doquery($query) ) {
// Successfull
echoln("Successfully deleted '".$data['user']."'.");
}else {
// Error
echoln("Unable to delete user. Please try again.");
}
unset($_REQUEST['delete']);
}else {
// Ask for confirmation
echoln("Are you sure you want to delete '".$data['user']."'?");
echoln("Yes ");
echoln("No
");
}
}else {
echoln("You don't have access to delete '".$data['user']."'.");
unset($_REQUEST['delete']);
}
}
if( in_array("user_edit", $_SESSION['sess_functions']) && isset($_REQUEST['save']) && !$error ) {
###################
### ERROR CHECK ###
###################
$errors = "";
$errorFields = array();
// Check for errors before saving
$data['uid'] = get_int('uid');
//User
if( $data['uid']==0 ) {
$data['user'] = $_POST['user'];
if( strlen($data['user'])<3 || strlen($data['user'])>50 ) {
$errors .= "The username should be maximum 50 characters.";
$error = true;
}else {
if( ($data['email'] = $ldap->getEmailByUsername($data['user']))==null ) {
$errors .= "The username is not a valid ".$ldap->getSystemName()." account.";
$error = true;
}
}
}else {
$data['user'] = $_POST['userold'];
//Email
$data['email'] = $_POST['email'];
if( !check_email($data['email']) || strlen($data['email'])<=3 ) {
$errors .= "The e-mail address in the ".$ldap->getSystemName()." account is invalid.";
$error = true;
}
}
//Access
$data['role_id'] = $_POST['role_id'];
if( !array_key_exists($data['role_id'], $availableRoles) ) {
$errors .= "Please select the role from the list.";
$error = true;
}
// Cannot set access higher than own access
if( ($data['role_id']==1 && $_SESSION['sess_role_id']!=1) ) {
$errors .= "You cannot set the role to administrator if you are not an administrator yourself.";
$error = true;
}
// Cannot edit entry of user with higher access
if( $data['uid']>0 ) {
$query="SELECT `role_id` FROM `users` WHERE `uid`=".addslashes($data['uid']);
if( @mysql_num_rows( $res=doquery($query) )==1 ) {
$row = mysql_fetch_array($res);
if( ($row['role_id']==1 AND $_SESSION['sess_role_id']!=1) ) {
$errors .= "You cannot edit an entry of a user with administrator access rights.";
$error = true;
}
}else {
$errors .= "Unable to load current role of user. Saving not allowed.";
$error = true;
}
}
if( $data['uid']==0 ) {
// Check for duplicate user name
$query="SELECT `uid` FROM `users` WHERE `user`='".addslashes($data['user'])."'";
if( @mysql_num_rows( doquery($query) )>0 ) {
$errors .= "There already exists a user with this name.";
$error = true;
}
}
if( $errors!="" ) {
echoln("");
}
if( !$error ) {
#################
### SAVE DATA ###
#################
if( $data['uid']>0 ) {
// Edited entry, update
$query = "UPDATE `users` SET `email`='".addslashes($data['email'])."', `role_id`='".addslashes($data['role_id'])."' ";
$query.= "WHERE `uid`=".addslashes($data['uid']);
if( doquery($query) ) {
// Saving succeeded
echoln("User saved successfully.");
}else {
// Saving failed
echoln("Saving of user failed. Please try again.");
}
}else {
// New entry, insert and mail password
$query = "INSERT INTO `users` (`user`, `email`, `role_id`) ";
$query.= "VALUES ('".addslashes($data['user'])."', '".addslashes($data['email'])."', '".addslashes($data['role_id'])."')";
if( doquery($query) ) {
$data['uid'] = mysql_insert_id();
// Saving succeeded
if( $mail = new Mail($setup['MailReturnpath'], $data['email']) ) {
$mail->setSubject("New account for ".$setup['SetupEventType']." Application");
$mail->addHeader("To", "\"".Mail::encodeHeader(utf8_decode($data['user']))."\" <".$data['email'].">");
$mail->addHeader("From", "\"Webmaster ".$setup['SetupEventType']." Application\" <".$setup['WebmasterEmail'].">");
$mail->addHeader("X-Content", "account to adminuser");
$mail->addHeader("X-ApplicationID", $data['uid']);
$mail->addHeader("X-Signature", get_signature("account to adminuser", $data['uid']));
$message = "Hello ".$data['user'].",\n\n";
$message .= "A new account has been created for you in the ".$setup['SetupEventType']." application system. ";
$message .= "You can log in with your ".$ldap->getSystemName()." account.\n\n";
$message .= "By using this account, you confirm you have read and understood the Privacy statement, as available at\n\n";
$message .= " http://".$FULL_URL."privacy.php\n\n";
$message .= "You will be personally responsible for the usage of the above account data. Please make sure you don't ";
$message .= "loose it, and neither give it to somebody else.\n\n";
$message .= "You can access the administration part at\n\n";
$message .= " https://".$FULL_URL."admin/\n\n";
$message .= "More information can be found in the help function after you log in.\n\n";
$message .= "With kind regards,\n\n";
$message .= "The webmaster";
$mail->setMessage($message);
switch( $mail->send(true) ) {
case Mail::MAIL_OK: echoln("
Send mail to new user."); break;
case Mail::MAIL_QUEUE: echoln("
Queued mail to new user (will be sent later)."); break;
default: echoln("
Failed sending mail to new user.");
}
}
echoln("New user saved successfully.");
}else {
// Saving failed
echoln("Saving of new user failed. Please try again.");
}
}
}else {
// Error found, reshow form
$error = false;
if( $data['uid']>0 ) {
$_REQUEST['edit'] = true; // id avail, so this was an edit
}else {
$_REQUEST['new'] = true; // id unavailable, so this was a new entry
}
}
}
if( in_array("user_edit", $_SESSION['sess_functions']) && (isset($_REQUEST['new']) || isset($_REQUEST['edit'])) && !$error ) {
#################
### Show form ###
#################
echoln("Back");
echoln("");
}elseif( !isset($_REQUEST['delete']) || (isset($_REQUEST['delete']) && isset($_GET['confirm'])) ) {
#################
### Show list ###
#################
if( $setup['AuthSystem']!="None" && in_array("user_edit", $_SESSION['sess_functions']) ) {
echoln("Add new user");
}
$query = "SELECT `uid`, `user`, `email`, `role_id`, `roles`.`name` AS `role`, `password` ";
$query .= "FROM `users` ";
$query .= "LEFT JOIN `roles` ON `roles`.`id`=`users`.`role_id` ";
$query .= "ORDER BY `user`";
if( @mysql_num_rows( $res=doquery($query) )>0 ) {
echoln("");
echoln(" ");
echoln(" | User | ");
echoln(" E-mail | ");
echoln(" Role | ");
echoln(" Local password | ");
echoln(" | ");
echoln("
");
$i = 0;
while( $row = mysql_fetch_assoc($res) ) {
echoln(" ");
echoln(" | ".$row['user']." | ");
if( check_email($row['email']) )
echoln(" ".$row['email']." | ");
else
echoln(" | ");
echoln(" ".$row['role']." | ");
echoln(" ".(strlen($row['password'])==32?"![\"Yes\"](\"./image/check.gif\" "\\"Yes\\"") ":"![\"No\"](\"./image/nocheck.gif\" "\\"No\\"") ")." | ");
echoln(" ");
if( !in_array("user_edit", $_SESSION['sess_functions']) || ($row['role_id']==1 AND $_SESSION['sess_role_id']!=1) ) {
echoln(" ");
}else {
echoln(" Edit ");
if( $row['uid']!=$_SESSION['sess_uid'] ) {
echoln(" Delete");
}
}
echoln(" | ");
echoln("
");
}
echoln("
");
}
}
}
admin_footer();
?>