<?php
//-----------------------------------------------------------------------------
//
// Copyright (C) 2003-2005 Oy Realnode Ab
//
//-----------------------------------------------------------------------------
//
// management.php
// Part of the Emilda Project (http://www.emilda.org/)
//
// Description
// Users' own management page.
//
// Authors
// Christoffer Landtman <landtman (at) realnode com>
// Erik Berglund <berglund (at) realnode com>
// Mattias Nordstrom <nordstrom (at) realnode com>
//
//-----------------------------------------------------------------------------
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
//
//-----------------------------------------------------------------------------
//
// $Id: management.php,v 1.57.2.1 2005/04/25 08:44:47 lanttis Exp $
//
//-----------------------------------------------------------------------------
// Id used to identify this page within functions.
$PageID = "MANAGEMENT";
require_once "common.inc";
require_once "config.inc";
require_once "constants.inc";
require_once "error.inc";
require_once "layout.inc";
require_once "language.inc";
require_once "mgmnt.inc";
if(isset($_REQUEST['user_id'])) {
if(!my_subordinate($_REQUEST['user_id'])) {
error("session violation");
}
}
if(isset($_REQUEST['user_id']) && $_REQUEST['user_id'] != USER_ID)
{
$result = sql_query("SELECT * FROM users WHERE user_id=".$_REQUEST['user_id']);
$user_exists = mysql_num_rows($result);
while($row = mysql_fetch_array($result))
{
$user_id = $row['user_id'];
$user_given_names = $row['user_given_names'];
$user_surname = $row['user_surname'];
$user_card_number = $row['user_card_number'];
$user_name = $row['user_name'];
$user_postal_address = $row['user_postal_address'];
$user_postal_code = $row['user_postal_code'];
$user_town = $row['user_town'];
$user_phone_home = $row['user_phone_home'];
$user_phone_mobile = $row['user_phone_mobile'];
$user_email = $row['user_email'];
$user_password = $row['user_password'];
$user_date_format = $row['user_date_format'];
$user_cast = $row['user_cast'];
$user_privileges = $row['user_privileges'];
$user_lang = $row['user_lang'];
$user_template = $row['user_template'];
$user_im_email = (check_pref("IM_EMAIL", $_REQUEST["user_id"])) ? _("Yes") : _("No");
}
}
else
{
$user_id = USER_ID;
$user_given_names = USER_GIVEN_NAMES;
$user_surname = USER_SURNAME;
$user_card_number = USER_CARD_NUMBER;
$user_name = USER_NAME;
$user_postal_address = USER_POSTAL_ADDRESS;
$user_postal_code = USER_POSTAL_CODE;
$user_town = USER_TOWN;
$user_phone_home = USER_PHONE_HOME;
$user_phone_mobile = USER_PHONE_MOBILE;
$user_email = USER_EMAIL;
$user_password = USER_PASSWORD;
$user_date_format = USER_DATE_FORMAT;
$user_privileges = USER_PRIVILEGES;
$user_lang = USER_LANG;
$user_template = USER_TEMPLATE;
$user_exists = 1;
$user_im_email = (check_pref("IM_EMAIL")) ? _("Yes") : _("No");
}
if(isset($_REQUEST['info_change']))
{
if(isset($_REQUEST['user_card_number']) && $_REQUEST['user_card_number'] != "" && valid_card_number($_REQUEST['user_card_number'], $user_id)) {
//print "TEST<br>";
header("Location: management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "&user_id=".$user_id."&info_status=cnumber_exists&edit=info");
exit;
}
if(isset($_REQUEST['user_card_number']) && is_card_number($_REQUEST['user_card_number']))
$_REQUEST['user_card_number'] = raw_card_number($_REQUEST['user_card_number']);
if(isset($_REQUEST['user_card_number']) && $_REQUEST['user_card_number'] != "")
$card_number_update = "user_card_number=".$_REQUEST['user_card_number'].",";
else
$card_number_update = "";
if($user_name == $user_card_number && isset($_REQUEST['user_card_number']) && $_REQUEST['user_card_number'] != "")
$user_name_update = "user_name=".$_REQUEST['user_card_number'].",";
else
$user_name_update = "";
// Get preferences
if(isset($_REQUEST["IM_EMAIL"]) && $_REQUEST["IM_EMAIL"] == "on") {
$preferences = set_pref("IM_EMAIL");
} else {
$preferences = 0;
}
$res = sql_query( "UPDATE users
SET
user_given_names='".$_REQUEST['user_given_names']."',
user_surname='".$_REQUEST['user_surname']."',
".$card_number_update."
".$user_name_update."
user_postal_address='".$_REQUEST['user_postal_address']."',
user_postal_code='".$_REQUEST['user_postal_code']."',
user_town='".$_REQUEST['user_town']."',
user_phone_home='".$_REQUEST['user_phone_home']."',
user_phone_mobile='".$_REQUEST['user_phone_mobile']."',
user_email='".$_REQUEST['user_email']."',
user_lang='".$_REQUEST['user_lang']."',
user_date_format='".$_REQUEST['user_date_format']."',
user_template='".$_REQUEST['user_template']."',
user_preferences='".$preferences."'
WHERE user_id=".$user_id);
if(mysql_affected_rows())
{
header("Location: management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "&user_id=".$user_id."&info_status=ok");
//$updated_info = 1;
}
else
{
header("Location: management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "&user_id=".$user_id."&info_status=error");
}
}
layout_header();
if (isset($_REQUEST['info_status']))
{
if ($_REQUEST['info_status'] == 'ok') {
layout_page_title(_("Information Updated"), 'ok');
// Logging
writeLog("User information for user ".$_REQUEST["user_id"]." updated");
}
elseif ($_REQUEST['info_status'] == 'error') {
layout_page_title(_("Update Failure"), 'error');
}
elseif ($_REQUEST['info_status'] == 'cnumber_exists') {
layout_page_title(_("Card Number Exists"), 'error');
}
}
if(isset($_REQUEST['priv_change']))
{
if($user_id != USER_ID)
{
$priv_sql = "";
$cast_sql = "";
$ENABLE="";
$BORROW="";
$BORROWED_BOOKS="";
$ADD="";
$DELETE="";
$GROUP_MANAGEMENT="";
$CAST = "NORMAL";
if(isset($_REQUEST['ENABLE']) && $_REQUEST['ENABLE'] == "on")
$ENABLE = "ENABLE";
if(isset($_REQUEST['BORROW']) && $_REQUEST['BORROW'] == "on")
$BORROW = "BORROW";
if(isset($_REQUEST['BORROWED_BOOKS']) && $_REQUEST['BORROWED_BOOKS'] == "on")
$BORROWED_BOOKS = "BORROWED_BOOKS";
if(isset($_REQUEST['ADD']) && $_REQUEST['ADD'] == "on")
$ADD = "ADD";
if(isset($_REQUEST['DELETE']) && $_REQUEST['DELETE'] == "on")
$DELETE = "DELETE";
if(isset($_REQUEST['GROUP_MANAGEMENT']) && $_REQUEST['GROUP_MANAGEMENT'] == "on")
$GROUP_MANAGEMENT = "GROUP_MANAGEMENT";
if(isset($_REQUEST['CAST']))
$CAST = $_REQUEST['CAST'];
if(check_priv("ADMIN", $_REQUEST['user_id']) && $CAST != "ADMIN")
{
degrade_from_admin($_REQUEST['user_id']);
}
elseif(!check_priv("ADMIN", $_REQUEST['user_id']) && $CAST == "ADMIN")
{
promote_to_admin($_REQUEST['user_id']);
}
$priv = set_priv($ENABLE, $BORROW, $BORROWED_BOOKS, $ADD, $DELETE, $GROUP_MANAGEMENT);
$res = sql_query( "UPDATE users
SET
user_cast='".$CAST."',
user_privileges='".$priv."'
WHERE user_id=".$user_id);
if(mysql_affected_rows())
{
// Logging
writeLog("User privileges for user ".$user_id." updated");
layout_page_title(_("Privileges Updated"), 'ok');
$updated_info = 1;
}
else
{
layout_page_title(_("Privileges Not Updated"), 'error');
}
}
else
error("session management");
}
if(isset($_REQUEST['password_change']) && isset($_REQUEST['user_new_password']) && isset($_REQUEST['user_retype_password']))
{
if($user_id != USER_ID || md5($_REQUEST['user_old_password']) == USER_PASSWORD)
{
if($_REQUEST['user_new_password'] == $_REQUEST['user_retype_password'] && $_REQUEST['user_new_password'] != '')
{
//if(is_numeric($user_name))
// $password = $_REQUEST['user_new_password'];
//else
$password = md5($_REQUEST['user_new_password']);
$sql = "UPDATE users SET user_password='" . $password . "' WHERE user_id=" . $user_id;
$sqlResult = sql_query($sql);
if(mysql_affected_rows())
{
writeLog("Password for user ".$user_id." modified");
layout_page_title(_("Password Updated"), 'ok');
$updated_info = 1;
}
else
{
layout_page_title(_("Password Not Updated"), 'error');
}
}
else
{
layout_page_title(_("Retype Mismatch"), 'error');
$_REQUEST['edit'] = "password";
}
}
else
{
layout_page_title(_("Old Password Incorrect"), 'error');
$_REQUEST['edit'] = "password";
}
}
// Re-fetch user info if there has been anything updated.
if(isset($updated_info) && $updated_info == 1)
{
$result = sql_query("SELECT * FROM users WHERE user_id=".$user_id);
$user_exists = mysql_num_rows($result);
while($row = mysql_fetch_array($result))
{
$user_id = $row['user_id'];
$user_given_names = $row['user_given_names'];
$user_surname = $row['user_surname'];
$user_card_number = $row['user_card_number'];
$user_name = $row['user_name'];
$user_postal_address = $row['user_postal_address'];
$user_postal_code = $row['user_postal_code'];
$user_town = $row['user_town'];
$user_phone_home = $row['user_phone_home'];
$user_phone_mobile = $row['user_phone_mobile'];
$user_email = $row['user_email'];
$user_password = $row['user_password'];
$user_date_format = $row['user_date_format'];
$user_cast = $row['user_cast'];
$user_privileges = $row['user_privileges'];
$user_lang = $row['user_lang'];
$user_im_email = (check_pref("IM_EMAIL", $user_id)) ? _("Yes") : _("No");
}
}
if($user_exists)
{
layout_page_title();
?>
<table border="0" cellspacing="0" cellpadding="3">
<?php
if(isset($_REQUEST['edit']) && $_REQUEST['edit'] == "info")
{
?>
<form name='update_info' action='management.php' method='post'>
<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Given Names") ?>: </b></td>
<td align='left' valign='bottom'><input type='text' size=35 name='user_given_names' value='<?php echo $user_given_names ?>'></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Last Name") ?>: </b></td>
<td align='left' valign='bottom'><input type='text' size=35 name='user_surname' value='<?php echo $user_surname ?>'></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Card Number") ?>: </b></td>
<?php
if($user_id == USER_ID)
print "<td>".format_card_number($user_card_number)."</td>";
else
print "<td align='left' valign='bottom'><input type='text' size=25 name='user_card_number' value='".format_card_number($user_card_number)."'></td>";
?>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Username") ?>: </b></td>
<td align='left' valign='bottom'><?php echo (is_numeric($user_name)) ? format_card_number($user_name) : $user_name ?></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='top'><b><?php echo _("Postal Address") ?>: </b></td>
<td align="left" valign="top"><textarea name='user_postal_address' cols=30 rows=3><?php echo $user_postal_address?></textarea></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Postal Code") ?>: </b></td>
<td align='left' valign='bottom'><input type='text' size=20 name='user_postal_code' value='<?php echo $user_postal_code ?>'></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("City") ?>: </b></td>
<td align='left' valign='bottom'><input type='text' size=20 name='user_town' value='<?php echo $user_town ?>'></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Home Phone") ?>: </b></td>
<td align='left' valign='bottom'><input type='text' size=20 name='user_phone_home' value='<?php echo $user_phone_home ?>'></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Mobile Phone") ?>: </b></td>
<td align='left' valign='bottom'><input type='text' size=20 name='user_phone_mobile' value='<?php echo $user_phone_mobile ?>'></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("e-mail") ?>: </b></td>
<td align='left' valign='bottom'><input type='text' size=20 name='user_email' value='<?php echo $user_email ?>'></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Emilda messages via e-mail?") ?> </b></td>
<td><input type='checkbox' name='IM_EMAIL' <?php if(check_pref("IM_EMAIL", $user_id)) print "checked";?>></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Template") ?>: </b></td>
<td align='left' valign='bottom'>
<select name="user_template">
<?php
$templates = get_templates();
foreach ($templates as $name => $src)
{
$selected = ($user_template == $src) ? "selected" : "";
print "<option value='$src' $selected>$name</option>";
}
?>
</select>
</td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Language") ?>: </b></td>
<td align='left' valign='bottom'>
<select name="user_lang">
<?php
for ($i=0; $i < $lang->count; $i++)
{
($user_lang == $lang->id[$i]) ? $selected = " selected" : $selected = "";
print "<option value='" . $lang->id[$i] . "'" . $selected . ">" . $lang->name[$i] . "</option>";
}
?>
</select>
</td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Date Format") ?>: </b></td>
<td align='left' valign='bottom'><input type='text' name='user_date_format' value='<?php echo $user_date_format?>'></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right'><input type='reset' name='reset' value='<?php echo _("Reset") ?>' class='button'> </td>
<td><input type='submit' name='info_change' value='<?php echo _("Change") ?>' class='button'></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
</form>
<?php
}
else
{
?>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Name") ?>: </b></td>
<td><?php echo $user_surname.", ".$user_given_names ?></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Card Number") ?>: </b></td>
<td><?php echo format_card_number($user_card_number) ?></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Username") ?>: </b></td>
<td align='left' valign='bottom'><?php echo (is_numeric($user_name)) ? format_card_number($user_name) : $user_name ?></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='top'><b><?php echo _("Address") ?>: </b></td>
<td><?php echo $user_postal_address ?><br><?php echo $user_postal_code." ".$user_town?></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Home Phone") ?>: </b></td>
<td><?php echo $user_phone_home ?></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Mobile Phone") ?>: </b></td>
<td><?php echo $user_phone_mobile ?></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("e-mail") ?>: </b></td>
<td><?php echo $user_email ?></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Emilda messages via e-mail?") ?>: </b></td>
<td><?php echo $user_im_email ?></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Template") ?>: </b></td>
<td align='left' valign='bottom'><?php echo get_template_name($user_template) ?></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Language") ?>: </b></td>
<td align='left' valign='bottom'><?php echo $lang->getName($user_lang)?></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Date Format") ?>: </b></td>
<td align='left' valign='bottom'><?php echo $user_date_format?></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<?php
}
if(isset($_REQUEST['user_id']) && $_REQUEST['user_id'] != USER_ID && (!isset($_REQUEST['edit']) || $_REQUEST['edit'] != "privs"))
{
?>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='bottom'><?php echo (check_priv("ENABLE", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?> </td>
<td><b><?php echo _("Account Enabled") ?></b></td>
</tr>
<tr>
<td align='right' valign='bottom'><?php echo (check_priv("BORROW", $_REQUEST['user_id']) && check_priv("RETURN", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?> </td>
<td><b><?php echo _("Handle Loans & Returns") ?></b></td>
</tr>
<tr>
<td align='right' valign='bottom'><?php echo (check_priv("BORROWED_BOOKS", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?> </td>
<td><b><?php echo _("View Borrowed Items") ?></b></td>
</tr>
<tr>
<td align='right' valign='bottom'><?php echo (check_priv("ADD", $_REQUEST['user_id']) && check_priv("EDIT", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?> </td>
<td><b><?php echo _("Add & Edit Items") ?></b></td>
</tr>
<tr>
<td align='right' valign='bottom'><?php echo (check_priv("DELETE", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?> </td>
<td><b><?php echo _("Delete Items") ?></b></td>
</tr>
<tr>
<td align='right' valign='bottom'><?php echo (check_priv("GROUP_MANAGEMENT", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?> </td>
<td><b><?php echo _("Manage Groups") ?></b></td>
</tr>
<tr>
<td align='right' valign='bottom'><?php echo $user_cast ?> </td>
<td><b><?php echo _("User Type") ?></b></td>
</tr>
<tr>
<td colspan='2'> </td>
</tr>
<?php
}
elseif(isset($_REQUEST['user_id']) && $_REQUEST['user_id'] != USER_ID && (!isset($_REQUEST['edit']) || $_REQUEST['edit'] == "privs"))
{
?>
<form name='priv_change' action='management.php' method='post'>
<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right' valign='bottom'><input type='checkbox' name='ENABLE' <?php if(check_priv("ENABLE", $_REQUEST['user_id'])) print "checked"; ?>></td>
<td align='left' valign='bottom'><b><?php echo _("Account Enabled") ?></b></td>
</tr>
<?php
if(check_priv("BORROW"))
{
?>
<tr>
<td align='right' valign='bottom'><input type='checkbox' name='BORROW' <?php if(check_priv("BORROW", $_REQUEST['user_id']) && check_priv("RETURN", $_REQUEST['user_id'])) print "checked";?>></td>
<td align='left' valign='bottom'><b><?php echo _("Handle Loans & Returns") ?></b></td>
</tr>
<?php
}
if(check_priv("BORROWED_BOOKS"))
{
?>
<tr>
<td align='right' valign='bottom'><input type='checkbox' name='BORROWED_BOOKS' <?php if(check_priv("BORROWED_BOOKS", $_REQUEST['user_id'])) print "checked";?>></td>
<td align='left' valign='bottom'><b><?php echo _("View Borrowed Items") ?></b></td>
</tr>
<?php
}
if(check_priv("ADD"))
{
?>
<tr>
<td align='right' valign='bottom'><input type='checkbox' name='ADD' <?php if(check_priv("ADD", $_REQUEST['user_id']) && check_priv("EDIT", $_REQUEST['user_id'])) print "checked";?>></td>
<td align='left' valign='bottom'><b><?php echo _("Add & Edit Items") ?></b></td>
</tr>
<?php
}
if(check_priv("DELETE"))
{
?>
<tr>
<td align='right' valign='bottom'><input type='checkbox' name='DELETE' <?php if(check_priv("DELETE", $_REQUEST['user_id'])) print "checked";?>></td>
<td align='left' valign='bottom'><b><?php echo _("Delete Items") ?></b></td>
</tr>
<?php
}
if(check_priv("GROUP_MANAGEMENT") && check_priv("ADMIN") && $user_name != $user_card_number)
{
?>
<tr>
<td align='right' valign='bottom'><input type='checkbox' name='GROUP_MANAGEMENT' <?php if(check_priv("GROUP_MANAGEMENT", $_REQUEST['user_id'])) print "checked";?>></td>
<td align='left' valign='bottom'><b><?php echo _("Manage Groups") ?></b></td>
</tr>
<?php
}
if(check_priv("ADMIN") && $user_name != $user_card_number)
{
?>
<tr>
<td align='right' valign='bottom'><input type="radio" name="CAST" value="ADMIN" <?php if(check_priv("ADMIN", $_REQUEST['user_id'])) print "checked";?>></td>
<td align='left' valign='bottom'><b><?php echo _("Administrator") ?></b></td>
</tr>
<?php
}
if(check_priv("ADMIN") && $user_name != $user_card_number)
{
?>
<tr>
<td align='right' valign='bottom'><input type="radio" name="CAST" value="POWER" <?php if(check_priv("POWER", $_REQUEST['user_id'])) print "checked";?>></td>
<td align='left' valign='bottom'><b><?php echo _("Power User") ?></b></td>
</tr>
<?php
}
?>
<tr>
<td align='right' valign='bottom'><input type="radio" name="CAST" value="NORMAL" <?php if(!check_priv("ADMIN", $_REQUEST['user_id']) && !check_priv("POWER", $_REQUEST['user_id'])) print "checked";?>></td>
<td align='left' valign='bottom'><b><?php echo _("Normal User") ?></b></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
<tr>
<td align='right'><input type='reset' name='reset' value='<?php echo _("Reset") ?>' class='button'> </td>
<td><input type='submit' name='priv_change' value='<?php echo _("Change") ?>' class='button'></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
</form>
<?php
}
if(isset($_REQUEST['edit']) && $_REQUEST['edit'] == "password")
{
?>
<form name='update_password' action='<?php echo getenv("REQUEST_URI")?>' method='post'>
<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>
<tr>
<td colspan=2> </td>
</tr>
<?php
if($user_id == USER_ID)
{
?>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Current Password") ?>: </b></td>
<td align='left' valign='bottom'><input type='password' size=20 name='user_old_password' value=''></td>
</tr>
<?php
}
?>
<tr>
<td align='right' valign='bottom'><b><?php echo _("New Password") ?>: </b></td>
<td align='left' valign='bottom'><input type='password' size=20 name='user_new_password' value=''></td>
</tr>
<tr>
<td align='right' valign='bottom'><b><?php echo _("Password Again") ?>: </b></td>
<td align='left' valign='bottom'><input type='password' size=20 name='user_retype_password' value=''></td>
</tr>
<tr>
<td> </td>
<td><input type='submit' name='password_change' value='<?php echo _("Change") ?>' class='button'></td>
</tr>
<tr>
<td colspan=2> </td>
</tr>
</form>
<?php
}
if(!isset($_REQUEST['edit']) || $_REQUEST['edit'] != "info")
{
?>
<form name='update_info' action='management.php' method='post'>
<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
<input type='hidden' name='edit' value='info'>
<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>
<tr>
<td> </td>
<td><input type='submit' name='change' value='<?php echo _("Change User Information") ?>' class='button'></td>
</tr>
</form>
<?php
}
if((!isset($_REQUEST['edit']) || $_REQUEST['edit'] != "privs") && $user_id != USER_ID)
{
?>
<form name='update_privs' action='management.php' method='post'>
<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
<input type='hidden' name='edit' value='privs'>
<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>
<tr>
<td> </td>
<td><input type='submit' name='change' value='<?php echo _("Change Privileges") ?>' class='button'></td>
</tr>
</form>
<?php
}
if(!isset($_REQUEST['edit']) || $_REQUEST['edit'] != "password")
{
?>
<form name='update_password' action='management.php' method='post'>
<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
<input type='hidden' name='edit' value='password'>
<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>
<tr>
<td> </td>
<td><input type='submit' name='change' value='<?php echo _("Change Password") ?>' class='button'></td>
</tr>
</form>
<?php
}
?>
</table>
<?php
}
elseif(!$user_exists)
{
layout_page_title(_("No Such User Exists"), 'error');
}
layout_footer();
?>