<?php
//#################################################################################################
//	Users/Groups helper functions
//#################################################################################################
//	chillyCMS - Content Management System
//	Copyright (C) 2008
//	Stefanie Wiegand <hide@address.com> & Johannes Cox <hide@address.com>
//	
//	This program is licensed under the GPL 3.0 license. For more information see LICENSE.txt.
//#################################################################################################
//	load_users()
//	load_groups()
//	switch_status($id,$state)
//	switch_checked($id,$what,$checked)
//	delete_user($id)
//	delete_group($id)
//	update_user($id)
//#################################################################################################
defined('DOIT') or die('Restricted access');

//Get Groupdata
$page->query("select g.*,u.user from system_groups as g,system_users as u where g.moderator=u.uid order by name");
$allgroups = $page->db->getdata_array();

//Load Users///////////////////////////////////////////////////////////////////////////////////////
function load_users() {
	global $l_ugs,$l_uform,$l_gen,$mysession,$is_admin,$allgroups,$page;
	//Get Userdata
	$page->query("select * from system_users order by `uid`");
	$allusers = $page->db->getdata_array();

	$printusers = "\t<div class='users'>\n".
	"\t\t\t<h1 style='float:left'>$l_ugs[lbl_users]</h1>\n";
	if ($is_admin) {
		$printusers .= "\t\t\t<form method='post' action='userform.site.php'>\n".
		"\t\t\t\t<input type='hidden' name='action' value='new'></input>\n".
		"\t\t\t\t<input type=\"submit\" class=\"floatright button\" value=\"".$l_ugs["lbl_newuser"]."\" />\n".
		"\t\t\t</form>\n";
	}
	$printusers .= "\t\t\t<br /><br />\n".
	"\t\t<table class=\"realtable\" width='100%' cellspacing='0' class='table-autosort:0 table-stripeclass:even table-autostripe table-rowshade-even'>\n".
	"\t\t\t<thead><tr>\n".
	//"\t\t\t\t<th width='50' class='center table-sortable:numeric'>ID</th>\n".
	"\t\t\t\t<th class='left table-sortable:alphanumeric'>$l_uform[lbl_uname]</th>\n".
	"\t\t\t\t<th class='center'>$l_uform[lbl_status]</th>\n".
	"\t\t\t\t<th class='left' width='70'>$l_ugs[lbl_groups]</th>\n".
	"\t\t\t\t<th class='left table-sortable:alphanumeric'>$l_uform[lbl_name]</th>\n";
	if ($is_admin) {
		$printusers .= "\t\t\t\t<th class='left table-sortable:date' width='150'>$l_uform[lbl_lastlog]</th>\n".
		"\t\t\t\t<th class='center table-sortable:numeric' width='80'>$l_uform[lbl_logins]</th>\n";
	}
	$printusers .= "\t\t\t\t<th class='center' width='80'>$l_gen[lbl_edit]</th>\n";
	if ($is_admin) { $printusers .= "\t\t\t\t<th width='80' class='center'>$l_gen[lbl_delete]</th>\n"; }
	$printusers .= "\t\t\t</tr></thead>\n";
	$style="odd";
	foreach ($allusers as $row) {
		$row=array_map("escape_html",$row);
		$printusers .= "\t\t\t<tr class='$style'>\n".
		//UID
		//"\t\t\t\t<td>$row[uid]</td>\n".
		//Name/edit link (only admins, moderators and the user himself)
		"\t\t\t\t<td class='left'>";
		//Is the logged in user the moderator of a group, the user to edit is in?
		$is_mod=false;
		$gids=explode(",",$row["gids"]);
		foreach ($gids as $potentialgroup) {
			foreach ($allgroups as $group) {
				if ($group["moderator"]==$mysession->user->uid and $potentialgroup==$group["gid"])
					{ $is_mod=true; }
			}
		}
		if ($is_admin or $is_mod or $mysession->user->uid==$row["uid"]) {
			$printusers .= "\n\t\t\t\t\t<form method='post' action='userform.site.php'>\n".
			"\t\t\t\t\t\t<input type='submit' class='linkbutton' ".
			"value='$row[user]' title='$l_gen[lbl_edit]' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='edit' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[uid]' />\n".
			"\t\t\t\t\t</form>\n\t\t\t\t";
		} else {
			$printusers .= "\t\t\t\t\t$row[user]";
		}
		$printusers .= "</td>\n".
		//Statusimage (switch status for admins only)
		"\t\t\t\t<td>";
		//--enabled
		if ($row["active"]==1) {
			if ($is_admin && $row["uid"]!=1) {
				$printusers .= "\n\t\t\t\t\t<form method='post' action='usersgroups.site.php'>\n".
				"\t\t\t\t\t\t<input type='hidden' name='action' value='switchstatusoff' />\n".
				"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[uid]' />\n".
				"\t\t\t\t\t\t<input type='submit' value=\" \" class='useractive' ".
				"title='$l_gen[tip_inact]' />\n".
				"\t\t\t\t\t</form>\n\t\t\t\t";
			} else {
				$printusers .= "<a class='useractive'>1</a>";
			}
		//--blocked
		} else {
			if ($is_admin) {
				$printusers .= "\n\t\t\t\t\t<form method='post' action='usersgroups.site.php'>\n".
				"\t\t\t\t\t\t<input type='hidden' name='action' value='switchstatuson' />\n".
				"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[uid]' />\n".
				"\t\t\t\t\t\t<input type='submit' value=\" \" class='userinactive' ".
				"title='$l_gen[tip_act]' />\n".
				"\t\t\t\t\t</form>\n\t\t\t\t";
			} else {
				$printusers .= "<a class='userinactive'>0</a>";
			}
		}
		$printusers .= "</td>\n".
		//Groups
		"\t\t\t\t<td>\n";
		$groups=explode(",",$row["gids"]);
		$specialgroups=$groups;
		//remove the "Admins"- & "Users"-group from the Tooltip
		remove_by_val($specialgroups,"1");
		remove_by_val($specialgroups,"2");
		$specialgroups2="";
		//turn gids in tooltip to groupnames
		foreach ($allgroups as $group) {
			if (in_array($group["gid"],$specialgroups)) {
				$specialgroups2.=escape_html($group["name"]).", ";
			}
		}
		//Admin icon
		$specialgroups2=substr($specialgroups2,0,-2);
		if (in_array(1,$groups)) {
			$printusers .= "\t\t\t\t\t<span class='admin floatleft' title='$l_ugs[tip_admin]'></span>\n";
		//User icon
		} else if (in_array(2,$groups)) {
			$printusers .= "\t\t\t\t\t<span class='user floatleft' title='$l_ugs[tip_user]'></span>\n";
		}
		//Special Groups icon
		if (sizeof($groups)>1) {
			$printusers .= "\t\t\t\t\t<span class='special floatleft' title='$specialgroups2'></span>\n";
		}
		$printusers .= "\t\t\t\t</td>\n".
		//Full name (edit link for admins, mods and the user himself only
		"\t\t\t\t<td class='left'>";
		if ($is_admin or $is_mod or $mysession->user->uid==$row["uid"]) {
			$printusers .= "\n\t\t\t\t\t<form method='post' action='userform.site.php'>\n".
			"\t\t\t\t\t\t<input type='submit' class='linkbutton' ".
			"value='$row[name]' title='$l_gen[lbl_edit]' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='edit' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[uid]' />\n".
			"\t\t\t\t\t</form>\n\t\t\t\t";
		} else {
			$printusers .= $row["name"];
		}
		$printusers .= "</td>\n";
		if ($is_admin) {
			//Last login & total logins
			if ($row["lastlogin"]=='0000-00-00 00:00:00') {
				$printusers .= "\t\t\t\t<td class='left'>$l_uform[lbl_never]</td>\n".
				"\t\t\t\t<td>$row[logins]</td>\n";
			} else {
				$printusers .= "\t\t\t\t<td class='left'>$row[lastlogin]</td>\n".
				"\t\t\t\t<td>$row[logins]</td>\n";
			}
		}
		//Edit link (admins,mods and the user himself only)
		if ($is_admin or $is_mod or $mysession->user->uid==$row["uid"]) {			
			$printusers .= "\t\t\t\t<td>\n".
			"\t\t\t\t\t<form method='post' action='userform.site.php'>\n".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='edit' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[uid]' />\n".
			"\t\t\t\t\t\t<input type='submit' value=\" \" class='edit' title='$l_gen[lbl_edit]' />\n".
			"\t\t\t\t\t</form>\n".
			"\t\t\t\t</td>\n";	
		} else {
			$printusers .= "\t\t\t\t<td></td>\n";
		}
		//delete link (not for admin, admins can do that only)
		if ($is_admin and $row["uid"]>1) {
			$printusers .= "\t\t\t\t<td>\n".
			"\t\t\t\t\t<form method='post' action='usersgroups.site.php'>\n".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='deleteuser' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[uid]' />\n".
			"\t\t\t\t\t\t<input type='submit' value=\" \" class='delete' ".
			js_confirm_link($row["user"].$l_gen["pop_del"]).
			"title='$l_gen[lbl_delete]' />\n".
			"\t\t\t\t\t</form>\n".
			"\t\t\t\t</td>\n";
		} else {
			$printusers .= "\t\t\t\t<td></td>\n";
		}
		$printusers .= "\t\t\t</tr>\n";
		if ($style=="odd") { $style="even"; } else { $style="odd"; }
	}
	$printusers .= "\t\t</table><br /><br />\n".
	"\t</div>\n";
	
	return $printusers;
}
//Load Groups//////////////////////////////////////////////////////////////////////////////////////
function load_groups() {
	global $l_ugs,$l_gen,$l_gform,$is_admin,$l_cont,$mysession,$allgroups;
	$printgroups = "\t<div class='groups'>\n".
	"\t\t<h1 style='float:left;'>$l_ugs[lbl_groups]</h1>\n";
	if ($is_admin) {
		$printgroups .= "\t\t<form method='post' action='groupform.site.php'>\n".
		"\t\t\t<input type='hidden' name='action' value='new'></input>\n".
		"\t\t\t<input type=\"submit\" class=\"floatright button\" value=\"".$l_ugs["lbl_newgroup"]."\" />\n".
		"\t\t</form>\n";
	}
	$printgroups .= "\t\t<br /><br />\n".
	//table heading
	"\t\t<table class=\"realtable\" width='100%' cellspacing='0'>\n".
	"\t\t\t<tr>\n".
	//"\t\t\t\t<th width='50' class='center'>ID</th>\n".
	"\t\t\t\t<th class='left'>$l_gform[lbl_name]</th>\n".
	"\t\t\t\t<th class='center' width='100'>$l_gform[lbl_be]</th>\n".
	"\t\t\t\t<th class='center' width='100'>$l_gform[lbl_write]</th>\n".
	"\t\t\t\t<th class='left'>$l_gform[lbl_moderator]</th>\n";
	if ($is_admin) { $printgroups .= "\t\t\t\t<th width='80' class='center'>$l_gen[lbl_edit]</th>\n"; }
	if ($is_admin) { $printgroups .= "\t\t\t\t<th width='80' class='center'>$l_gen[lbl_delete]</th>\n"; }
	$printgroups .= "\t\t\t</tr>\n";
	$rowstyle="odd";
	//the table itself
	foreach ($allgroups as $row) {
		$row=array_map("escape_html",$row);
		$printgroups .= "\t\t\t<tr class='$rowstyle'>\n".
		//GID/groupname (edit link for admins/mod only)
		//"\t\t\t\t<td align='center'>$row[gid]</td>\n".
		"\t\t\t\t<td class='left'>\n";
		$is_mod=false;
		if ($row["moderator"]==$mysession->user->uid) { $is_mod=true; }
		if ($row["gid"]>2 and ($is_admin or $is_mod)) {
			$printgroups .= "\t\t\t\t\t<span class='special'></span>\n".
			"\t\t\t\t\t<form method='post' action='groupform.site.php'>\n".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='edit' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[gid]' />\n".
			"\t\t\t\t\t\t<input type='submit' class='linkbutton' ".
			"value='$row[name]' title='$l_gen[lbl_edit]' />\n".
			"\t\t\t\t\t</form>\n";
		} else {
			//group symbols
			if ($row["gid"]==1) {
				$printgroups .= "\t\t\t\t\t<span class='admin floatleft'></span>\n".
				"\t\t\t\t\t<p class='standardgroupname'>$l_cont[lbl_admins]</p>\n";
			} else if ($row["gid"]==2) {
				$printgroups .= "\t\t\t\t\t<span class='user floatleft'></span>\n".
				"\t\t\t\t\t<p class='standardgroupname'>$l_cont[lbl_users]</p>\n";
			} else {
				$printgroups .= "\t\t\t\t\t<span class='special floatleft'></span>\n".
				"\t\t\t\t\t<p class='standardgroupname'>$row[name]</p>\n";
			}
		}
		$printgroups .= "\t\t\t\t</td>\n";
		//Switch Links only for Admins
		//backend?
		if ($row["backend"]==1) { $action="uncheck"; $sign="tick"; $tip=$l_gen["tip_forbid"]; }
		else			{ $action="check"; $sign="cross"; $tip=$l_gen["tip_allow"]; }
		if ($is_admin && $row["gid"]>2) {
			$printgroups .= "\t\t\t\t<td>\n".
			"\t\t\t\t\t<form method='post' action='usersgroups.site.php'>\n".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='$action' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[gid]' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='what' value='backend' />\n".
			"\t\t\t\t\t\t<input type='submit' value=\" \" class='$sign' title='$tip' />\n".
			"\t\t\t\t\t</form>\n".
			"\t\t\t\t</td>\n";
		} else {
			$printgroups .= "\t\t\t\t<td><a class='$sign'></a></td>\n";
		}
		//Write?
		if ($row["write"]==1)	{ $action="uncheck"; $sign="tick"; $tip=$l_gen["tip_forbid"]; }
		else				{ $action="check"; $sign="cross"; $tip=$l_gen["tip_allow"]; }
		if ($is_admin && $row["gid"]>2) {
			$printgroups .= "\t\t\t\t<td>\n".
			"\t\t\t\t\t<form method='post' action='usersgroups.site.php'>\n".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='$action' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[gid]' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='what' value='write' />\n".
			"\t\t\t\t\t\t<input type='submit' value=\" \" class='$sign' title='$tip' />\n".
			"\t\t\t\t\t</form>\n".
			"\t\t\t\t</td>\n";
		} else {
			$printgroups .= "\t\t\t\t<td><a class='$sign'></a></td>\n";
		}
		//Moderator
		$printgroups .= "\t\t\t\t<td class='left'>$row[user]</td>\n";
		//edit link (admins only)
		if ($row["gid"]>2 && $is_admin) {
			$printgroups .= "\t\t\t\t<td>\n".
			"\t\t\t\t\t<form method='post' action='groupform.site.php'>\n".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='edit' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[gid]' />\n".
			"\t\t\t\t\t\t<input type='submit' value=\" \" class='edit' title='$l_gen[lbl_edit]' />\n".
			"\t\t\t\t\t</form></td>\n";
		} else {
			$printgroups .= "\t\t\t\t<td>\n".
			"\t\t\t\t</td>\n";
		}
		//delete link (admins only)
		if ($row["gid"]>2 && $is_admin) {
			$printgroups .= "\t\t\t\t<td>\n".
			"\t\t\t\t\t<form method='post' action='usersgroups.site.php'>\n".
			"\t\t\t\t\t\t<input type='hidden' name='action' value='deletegroup' />\n".
			"\t\t\t\t\t\t<input type='hidden' name='id' value='$row[gid]' />\n".
			"\t\t\t\t\t\t<input type='submit' value=\" \" class='delete' ".
			js_confirm_link($row["name"].$l_gen["pop_del"]).
			"title='$l_gen[lbl_delete]' />\n".
			"\t\t\t\t\t</form></td>\n";
		} else {
			$printgroups .= "\t\t\t\t<td>\n".
			"\t\t\t\t</td>\n";
		}
		$printgroups .= "\t\t\t</tr>\n";
		if ($rowstyle=="odd") { $rowstyle="even"; } else { $rowstyle="odd"; }
	}
	$printgroups .= "\t\t</table><br />\n".
	"\t</div>\n";
	
	return $printgroups;
}
//Switch status////////////////////////////////////////////////////////////////////////////////////
function switch_status($id,$state) {
	global $l_ugs,$page;
	if ($id<2) {
		return "<p class='bad'>$l_ugs[msg_iadmin_err]</p>";
	} else {
		if ($state=="on") {
			if ($page->query("update system_users set active=1 where uid=$id")) {
				$msg = array($l_ugs["msg_act_ok"],"good");
			} else {
				$msg = array($l_ugs["msg_act_err"],"bad");
			}
		} elseif ($state=="off") {
			if ($page->query("update system_users set active=0 where uid=$id")) {
				$msg= array($l_ugs["msg_inact_ok"],"good");
			} else {
				$msg= array($l_ugs["msg_inact_err"],"bad");
			}
		}
		return $msg;
	}
}
//Switch checked state/////////////////////////////////////////////////////////////////////////////
function switch_checked($id,$what,$checked) {
	global $l_ugs,$page;
	if ($id<3) {
		return array($l_ugs["msg_editau_err"],"bad");
	}	
	if ($what=="backend" or $what=="write") {
		$sql="update system_groups set `$what`=$checked where `gid`=$id";
		if ($what=="backend") {
			$what=$l_ugs["lbl_backend"];
		} elseif ($what=="write") {
			$what=$l_ugs["lbl_wright"];
		}
		if ($page->query($sql)) {
			if ($checked) {
				$msg=$l_ugs["lbl_enabled"];
			} else {
				$msg=$l_ugs["lbl_disabled"];
			}
			return array("$what $msg","good");
		}
	}
	return array($l_ugs["msg_rights_err"],"bad");
}
//Delete user//////////////////////////////////////////////////////////////////////////////////////
function delete_user($id) {
	global $l_ugs,$page;
	if ($id<2) {
		return array($l_ugs["msg_dela_err"],"bad");
	} else {
		if ($page->query("delete from system_users where `uid`=$id")) {
			//check if the user was the moderator of any group
			$page->query("select `gid` from system_groups where `moderator`=$id");
			$groups_to_change = $page->db->getdata_array();
			if (!empty($groups_to_change)) {
				foreach ($groups_to_change as $group) {
					$page->query("update system_groups set `moderator`=1 where `gid`=$group[gid]");
				}
			}
			return array($l_ugs["msg_delu_ok"],"good");
		} else {
			return array($l_ugs["msg_delu_err"],"bad");
		}
	}
}
//Delete group/////////////////////////////////////////////////////////////////////////////////////
function delete_group($id) {
	global $l_ugs,$page;
	//Admingroup is undeletable
	if ($id<2) {
		return array($l_ugs["msg_delag_err"],"bad");
	//Usergroup is undeletable
	} elseif ($id==2) {
		return array($l_ugs["msg_delug_err"],"bad");
	} else {
		//Get Userdata
		$page->query("select * from system_users order by `uid`");
		$allusers = $page->db->getdata_array();

		//Is there a user with this gid?
		$gids=array();
		$members=array();
		foreach ($allusers as $user) {
			$gids=explode(",",$user["gids"]);
			if (in_array($id,$gids)) {
				$newgids=$gids;
				remove_by_val($newgids,$id);
				$newgids=implode(",",$newgids);
				$members[]=array("uid"=>$user["uid"],"oldgids"=>implode(",",$gids),"newgids"=>$newgids);
			}
		}
		foreach ($members as $m) {
			$sql="update system_users set `gids`='$m[newgids]' where uid=$m[uid] limit 1";
		}
		if(!empty($members)) {
			//TODO JS popup ob benutzer aus der gruppe rausgeworfen werden sollen
			//echo "<script>confirm('Benutzer rauswerfen??');</script>";
			return array($l_ugs["msg_deloccg_err"],"bad");
		}
		if ($page->query("select `name` from system_groups where `gid`=$id limit 1")) {
			$result=$page->db->getdata();
			$gname=$result["name"];
		}
		if ($page->query("delete from system_groups where `gid`=$id limit 1")) {
			//delete groupfolder if it exists
			$groupfolder=PATH."/media/$gname";
			$groupfolder = cut_doubledots($groupfolder);
			if(is_dir($groupfolder)) {
				if (!delete_recursively($groupfolder)) {
					return array($l_ugs["msg_gdeldir_ok"],"bad");
				}
			}
			//TODO: delete groupmenu/menu module if exists??
		}
		return array($l_ugs["msg_delg_ok"],"good");
	}
	return array($l_ugs["msg_delg_err"],"bad");
}
//Update user//////////////////////////////////////////////////////////////////////////////////////
function update_user($id) {
	global $l_ugs,$l_gen,$l_uform,$mailchars,$mysession,$page;

	$post=escape($_POST);
	if (!isset($post['getnewsletter'])) { $post['getnewsletter'] = 0; }
	$user		= trim($post["user"]);
	$name		= trim($post["name"]);
	$language	= trim($post["language"]);
	$active		= intval($post["active"]);
	$getnewsletter	= intval($post["getnewsletter"]);
	
	//Check username
	//--valid chars?
	if ($user=="") { return array($l_ugs["msg_unameempty_err"],"bad"); }
	
	//--name exists?
	if (intval($id)>0) { $sql= "select `uid` from system_users where `user`='$user' and not `uid`=$id limit 1"; }
	else { $sql= "select `uid` from system_users where `user`='$user' limit 1"; }
	$page->query($sql);
	if ($page->db->query_count()>0) {
		return array("$l_ugs[msg_sav_err]. $l_ugs[msg_uexist_err]","bad");
	}
	
	//Check passwords
	$pw = $pw2 = $pw3 = false;
	if (isset($_POST["pw"])) { $pw = $_POST["pw"]; }
	if (isset($_POST["pw2"])) { $pw2 = $_POST["pw2"]; }
	if (isset($_POST["pw3"])) { $pw3 = $_POST["pw3"]; }
	//--if set, encrypt passwords
	$setpw=false;
	if ($pw && $pw != "" && $pw == $pw2) {
		$pw=hash("sha512", $pw);
		$pw2=hash("sha512", $pw2);
		$pw3=hash("sha512", $pw3);
		$setpw=true;
		//--get user info from db
		$page->query("select `pw`,`gids` from system_users where `uid`=$id limit 1");
		$udb = $page->db->getdata();
		$uisadmin = in_array(1,explode(",",$udb['gids']));
		if($uisadmin) {
			//--check old password
			if ($pw3 != $udb["pw"]) { return array($l_ugs["msg_oldpw_err"],"bad"); }
		}
	}
	//--compare passwords
	if ($pw!=$pw2 && $pw2!="") { return array($l_ugs["msg_pwmatch_err"],"bad"); }
	//Check email
	//--valid chars?
	$email=email_chars($post["email"]);
	if ($email!=$_POST["email"]) {
		return array("$l_gen[msg_email_err] ".implode(" ",$mailchars),"bad");
	}
	//--email exists?
	if (intval($id)>0) { $sql= "select `uid` from system_users where `email`='$email' and not `uid`=$id"; }
	else { $sql= "select `uid` from system_users where `email`='$email'"; }
	$page->query($sql);
	if ($page->db->query_count()>0) {
		return array("$l_ugs[msg_sav_err]. $l_ugs[msg_mailexists_err]","bad");
	}
	//groups
	if (is_array($_POST["gids"])) {
		$gids=implode(",",$_POST["gids"]);
	} else {
		$gids=intval($post["gids"]);
		if ($gids==0) {
			if ($id==1) {
				$gids=1;
			} else {
				$gids=2;
			}
		}
	}
	//edit user
	if ($post["myaction"]=="edit") {
		$sql="update system_users set `user`='$user',`name`='$name',";
		if ($setpw) { $sql.="`pw`='$pw',"; }
		$sql.="`email`='$email',`gids`='$gids',`active`=$active,`language`='$language',".
		"`getnewsletter`=$getnewsletter where `uid`=$id";
		$edituser=true;
	//insert new user
	} else if ($post["myaction"]=="new"){
		$sql="insert into system_users (`user`,`name`,`pw`,`email`,`gids`,`active`,`logins`,`language`,".
		"`getnewsletter`) values ('$user','$name','$pw','$email','$gids',$active,0,'$language',$getnewsletter)";
	} else {
		$sql="";
	}
	//successful
	if ($page->query($sql)) {
		//check if the user was the moderator of any group and is not in that group anymore
		if ($edituser) {
			$page->query("select `gid` from system_groups where `moderator`=$id limit 1");
			$groups_to_change=$page->db->getdata_array();
			if (!empty($groups_to_change)) {
				$gids=explode(",",$gids);
				foreach ($groups_to_change as $group) {
					//if that is the case, make admin (id=1) moderator
					if (!in_array($group["gid"],$gids)) {
						$sql="update system_groups set `moderator`=1 where `gid`=$group[gid]";
						$page->query($sql);
					}
				}
			}
		}
		//in case username or password were changed and the user did it himself apply changes to session
		$thisuser = $mysession->user;
		if ($thisuser->uid == $id) {
			$mysession = new Session($user,$pw);
		}
		return array("$l_uform[lbl_user] \"$user\" $l_ugs[msg_sav_ok]","good");
	//error
	} else {
		return array("$l_ugs[msg_sav_err] $l_uform[lbl_user] \"$user\"","bad");
	}
}
?>