<?php
/*****************************
Arcanebase
http://ab.electronicembassy.com/
(C) 2003 Mike Kober
hide@address.com
released under the GNU Lesser Public License
---------------
usermod.php - Handles the Actual DB Add/Remove/Update of Users
******************************/
require ("inc/conf.inc");
require ("checklogin.php");
require ("inc/DB.php");
include ('inc/clsCheckEmail.php');
if ($_REQUEST['action'] == "add") {
if ($username) {
$newusername = $_REQUEST["username"];
}Else{
MissingField("Sorry Username Missing - No user Added.");
}
if ($first_name) {
$newfirstname = $_REQUEST["first_name"];
}Else{
MissingField("Sorry First Name is Missing - No user Added.");
}
if ($last_name) {
$newlastname = $_REQUEST["last_name"];
}Else{
MissingField("Sorry Last Name is Missing - No user Added.");
}
if ($email_address) {
$newemail = $_REQUEST["email_address"];
}Else{
MissingField("Sorry Email Address Missing - No user Added.");
}
$CheckEmail = &new CheckEmail;
$CheckEmail->email = $newemail;
$valid_email = $CheckEmail->check_email();
if (!$valid_email){
MissingField("Sorry Email Address was Invalid - No user added.");
}
if ($newpassword) {
$newpassword = md5($_REQUEST["newpassword"]);
}Else{
MissingField("Sorry Password is Missing - No user Added.");
}
if ($info) {
$newinfo = $_REQUEST["info"];
}
$newsecurity = $_POST["user_level"];
$newsignupdate = date("Y-m-d H:i:s");
$sql = "INSERT INTO ab_users VALUES
(\"\",\"$newfirstname\",\"$newlastname\",
\"$newemail\",\"$newusername\",\"$newpassword\",
\"$newinfo\",\"$newsecurity\",\"$newsignupdate\",
\"\")";
$dbh = DB::connect("$Config_DB_String");
$sql_result = $dbh->query($sql);
if (DB::isError($result)) {
die ($result->getMessage());
}
echo "<p style=\"color:red\">User Successsfully Added.</p>";
echo "<a href=javascript:history.back()>Back</a>";
}
elseif ($_REQUEST['action'] == "delete"){
$usertodelete = $_REQUEST['userid'];
if ($AB_Is_Demo == '0') {
$sql = "DELETE FROM ab_users WHERE ab_userid = $usertodelete";
$dbh = DB::connect("$Config_DB_String");
$sql_result = $dbh->query($sql);
if (DB::isError($result)) { die ($result->getMessage());
die ($result->getMessage());
}
echo "<p style=\"color:red\">User successfully deleted</p>";
echo "<a href=javascript:history.back()>Back</a>";
}else{
echo "<p style=\"color:red\">Can Not Edit or Delete Users In Demo Mode!<BR>
No Changes where Made.</p>";
echo "<a href=javascript:history.back()>Back</a>";
}
}
elseif ($_REQUEST['action'] == "edituser"){
if ($_REQUEST['username']){
if ($_REQUEST['username'] != $_REQUEST['orgusername']) {
$updatesql = $updatesql . ", ab_username = '" . $_REQUEST['username'] . "'";
echo "<p style=\"color:red\"> * Found: Username Changed</p>";
}
}else{
MissingField("Sorry Username Can Not Be Blank - User not modified.");
}
if ($_REQUEST['first_name']){
if ($_REQUEST['first_name'] != $_REQUEST['orgfirstname']) {
$updatesql = $updatesql . ", ab_firstname = '" . $_REQUEST['first_name'] . "'";
echo "<p style=\"color:red\"> * Found: First Name Changed</p>";
}
}else{
MissingField("Sorry First Name Can Not Be Blank - User not modified.");
}
if ($_REQUEST['last_name']){
if ($_REQUEST['last_name'] != $_REQUEST['orglastname']) {
$updatesql = $updatesql . ", ab_lastname = '" . $_REQUEST['last_name'] . "'";
echo "<p style=\"color:red\"> * Found: Last Name Changed</p>";
}
}else{
MissingField("Sorry Last Name Can Not Be Blank - User not modified.");
}
if ($_REQUEST['email_address']){
$CheckEmail = &new CheckEmail;
$CheckEmail->email = $_REQUEST['email_address'];
$valid_email = $CheckEmail->check_email();
if (!$valid_email){
MissingField("Sorry Email Address was Invalid - User not modified.");
}
if ($_REQUEST['email_address'] != $_REQUEST['orgemail']) {
$updatesql = $updatesql . ", ab_email = '" . $_REQUEST['email_address'] . "'";
echo "<p style=\"color:red\"> * Found: Email Address Changed</p>";
}
}else{
MissingField("Sorry Email Address Can Not Be Blank - User not modified.");
}
if ($_REQUEST['newpassword']) {
if ($_REQUEST['newpassword'] == $_REQUEST['newpasswordconfirm']) {
$newpassword = md5($_REQUEST['newpassword']);
$updatesql = $updatesql . ", ab_password = '$newpassword'";
echo "<p style=\"color:red\"> * Found: Password Changed and Confirm Matches</p>";
}else{
MissingField("Sorry Password and Confirm Password do not match. - User not modified.");
}
}
if ($_REQUEST['newuser_level'] != $_REQUEST['orgsecurity']) {
$updatesql = $updatesql . ", ab_userlevel = '" . $_REQUEST['newuser_level'] . "'";
echo "<p style=\"color:red\"> * Found: Security Level Changed</p>";
}
if ($_REQUEST['info'] != $_REQUEST['orginfo']) {
$updatesql = $updatesql . ", info = '" . $_REQUEST['info'] . "'";
echo "<p style=\"color:red\"> * Found: Info Changed</p>";
}
if ($AB_Is_Demo == '0') {
//remove the coma from in front of first update command,
$updatesql = substr($updatesql, 2, strlen($updatesql));
$updatesql = "UPDATE ab_users SET " . $updatesql . " WHERE ab_userid='$thisuserid'";
$dbh = DB::connect("$Config_DB_String");
//echo "Query SQL : $updatesql<BR>";
if ($updatesql == "UPDATE ab_users SET WHERE ab_userid='$thisuserid'") {
echo "<p style=\"color:red\"> Nothing has changed, so Nothing has been updated.</p>";
echo "<a href=javascript:history.back()>Back</a>";
}else{
$results = $dbh->query($updatesql);
if (DB::isError($results)) {
die ($results->getMessage());
}
echo "<p style=\"color:red\">User Successsfully Updated.</p>";
echo "<a href=javascript:history.back()>Back</a>";
}
}else{
echo "<p style=\"color:red\">Can Not Edit or Delete Users In Demo Mode!<BR>
No Changes where Made.</p>";
echo "<a href=javascript:history.back()>Back</a>";
}
}
function MissingField ($message) {
echo "<p style='color:red'>" .$message ."</p>";;
echo "<a href=javascript:history.back()>Back</a>";
exit;
}
?>