Location: PHPKode > projects > Emilda > emilda-1.2.3/src/management.php
<?php

//-----------------------------------------------------------------------------
//
// Copyright (C) 2003-2005 Oy Realnode Ab
//
//-----------------------------------------------------------------------------
//
// management.php
//     Part of the Emilda Project (http://www.emilda.org/)
//
// Description
//     Users' own management page.
//
// Authors
//     Christoffer Landtman <landtman (at) realnode com>
//     Erik Berglund <berglund (at) realnode com>
//     Mattias Nordstrom <nordstrom (at) realnode com>
//
//-----------------------------------------------------------------------------
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
//
//-----------------------------------------------------------------------------
//
// $Id: management.php,v 1.57.2.1 2005/04/25 08:44:47 lanttis Exp $
//
//-----------------------------------------------------------------------------

// Id used to identify this page within functions.
$PageID = "MANAGEMENT";

require_once "common.inc";

require_once "config.inc";
require_once "constants.inc";
require_once "error.inc";
require_once "layout.inc";
require_once "language.inc";
require_once "mgmnt.inc";

if(isset($_REQUEST['user_id'])) {
	if(!my_subordinate($_REQUEST['user_id'])) {
		error("session violation");
	}
}

if(isset($_REQUEST['user_id']) && $_REQUEST['user_id'] != USER_ID)
{
	$result = sql_query("SELECT * FROM users WHERE user_id=".$_REQUEST['user_id']);
	$user_exists = mysql_num_rows($result);

	while($row = mysql_fetch_array($result))
	{
		$user_id = $row['user_id'];
		$user_given_names = $row['user_given_names'];
		$user_surname = $row['user_surname'];
		$user_card_number = $row['user_card_number'];
		$user_name = $row['user_name'];
		$user_postal_address = $row['user_postal_address'];
		$user_postal_code = $row['user_postal_code'];
		$user_town = $row['user_town'];
		$user_phone_home = $row['user_phone_home'];
		$user_phone_mobile = $row['user_phone_mobile'];
		$user_email = $row['user_email'];
		$user_password = $row['user_password'];
		$user_date_format = $row['user_date_format'];
		$user_cast = $row['user_cast'];
		$user_privileges = $row['user_privileges'];
		$user_lang = $row['user_lang'];
		$user_template = $row['user_template'];

		$user_im_email = (check_pref("IM_EMAIL", $_REQUEST["user_id"])) ? _("Yes") : _("No");
	}
}
else
{
	$user_id = USER_ID;
	$user_given_names = USER_GIVEN_NAMES;
	$user_surname = USER_SURNAME;
	$user_card_number = USER_CARD_NUMBER;
	$user_name = USER_NAME;
	$user_postal_address = USER_POSTAL_ADDRESS;
	$user_postal_code = USER_POSTAL_CODE;
	$user_town = USER_TOWN;
	$user_phone_home = USER_PHONE_HOME;
	$user_phone_mobile = USER_PHONE_MOBILE;
	$user_email = USER_EMAIL;
	$user_password = USER_PASSWORD;
	$user_date_format = USER_DATE_FORMAT;
	$user_privileges = USER_PRIVILEGES;
	$user_lang = USER_LANG;
	$user_template = USER_TEMPLATE;
	$user_exists = 1;
	
	$user_im_email = (check_pref("IM_EMAIL")) ? _("Yes") : _("No");
}

if(isset($_REQUEST['info_change']))
{
	if(isset($_REQUEST['user_card_number']) && $_REQUEST['user_card_number'] != "" && valid_card_number($_REQUEST['user_card_number'], $user_id)) {
		//print "TEST<br>";
		header("Location: management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "&user_id=".$user_id."&info_status=cnumber_exists&edit=info");
		exit;
	}
	
	if(isset($_REQUEST['user_card_number']) && is_card_number($_REQUEST['user_card_number']))
		$_REQUEST['user_card_number'] = raw_card_number($_REQUEST['user_card_number']);

    if(isset($_REQUEST['user_card_number']) && $_REQUEST['user_card_number'] != "")
		$card_number_update = "user_card_number=".$_REQUEST['user_card_number'].",";
	else
		$card_number_update = "";

	if($user_name == $user_card_number && isset($_REQUEST['user_card_number']) && $_REQUEST['user_card_number'] != "")
		$user_name_update = "user_name=".$_REQUEST['user_card_number'].",";
	else
		$user_name_update = "";
		
	// Get preferences
	if(isset($_REQUEST["IM_EMAIL"]) && $_REQUEST["IM_EMAIL"] == "on") {
		$preferences = set_pref("IM_EMAIL");
	} else {
		$preferences = 0;
	}

	$res = sql_query(	"UPDATE users
						SET
							user_given_names='".$_REQUEST['user_given_names']."',
							user_surname='".$_REQUEST['user_surname']."',
							".$card_number_update."
							".$user_name_update."
							user_postal_address='".$_REQUEST['user_postal_address']."',
							user_postal_code='".$_REQUEST['user_postal_code']."',
							user_town='".$_REQUEST['user_town']."',
							user_phone_home='".$_REQUEST['user_phone_home']."',
							user_phone_mobile='".$_REQUEST['user_phone_mobile']."',
							user_email='".$_REQUEST['user_email']."',
							user_lang='".$_REQUEST['user_lang']."',
							user_date_format='".$_REQUEST['user_date_format']."',
							user_template='".$_REQUEST['user_template']."',
							user_preferences='".$preferences."'
						WHERE user_id=".$user_id);

	if(mysql_affected_rows())
	{
		header("Location: management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "&user_id=".$user_id."&info_status=ok");
		//$updated_info = 1;
	}
	else
	{
		header("Location: management.php?id=" . $_REQUEST['id'] . "&auth=" . $_REQUEST['auth'] . "&user_id=".$user_id."&info_status=error");
	}
}

layout_header();

if (isset($_REQUEST['info_status']))
{
	if ($_REQUEST['info_status'] == 'ok') {
		layout_page_title(_("Information Updated"), 'ok');
		// Logging
		writeLog("User information for user ".$_REQUEST["user_id"]." updated");
	}
	elseif ($_REQUEST['info_status'] == 'error') {
		layout_page_title(_("Update Failure"), 'error');
	}
	elseif ($_REQUEST['info_status'] == 'cnumber_exists') {
		layout_page_title(_("Card Number Exists"), 'error');
	}
}

if(isset($_REQUEST['priv_change']))
{
    if($user_id != USER_ID)
	{
		$priv_sql = "";
		$cast_sql = "";

		$ENABLE="";
		$BORROW="";
		$BORROWED_BOOKS="";
		$ADD="";
		$DELETE="";
		$GROUP_MANAGEMENT="";
		$CAST = "NORMAL";

		if(isset($_REQUEST['ENABLE']) && $_REQUEST['ENABLE'] == "on")
			$ENABLE = "ENABLE";
		if(isset($_REQUEST['BORROW']) && $_REQUEST['BORROW'] == "on")
			$BORROW = "BORROW";
		if(isset($_REQUEST['BORROWED_BOOKS']) && $_REQUEST['BORROWED_BOOKS'] == "on")
			$BORROWED_BOOKS = "BORROWED_BOOKS";
		if(isset($_REQUEST['ADD']) && $_REQUEST['ADD'] == "on")
			$ADD = "ADD";
		if(isset($_REQUEST['DELETE']) && $_REQUEST['DELETE'] == "on")
			$DELETE = "DELETE";
		if(isset($_REQUEST['GROUP_MANAGEMENT']) && $_REQUEST['GROUP_MANAGEMENT'] == "on")
			$GROUP_MANAGEMENT = "GROUP_MANAGEMENT";
		if(isset($_REQUEST['CAST']))
			$CAST = $_REQUEST['CAST'];

		if(check_priv("ADMIN", $_REQUEST['user_id']) && $CAST != "ADMIN")
		{
			degrade_from_admin($_REQUEST['user_id']);
		}
		elseif(!check_priv("ADMIN", $_REQUEST['user_id']) && $CAST == "ADMIN")
		{
			promote_to_admin($_REQUEST['user_id']);
		}

		$priv = set_priv($ENABLE, $BORROW, $BORROWED_BOOKS, $ADD, $DELETE, $GROUP_MANAGEMENT);

		$res = sql_query(	"UPDATE users
							SET
								user_cast='".$CAST."',
								user_privileges='".$priv."'
							WHERE user_id=".$user_id);

		if(mysql_affected_rows())
		{
			// Logging
			writeLog("User privileges for user ".$user_id." updated");
			layout_page_title(_("Privileges Updated"), 'ok');
			$updated_info = 1;
		}
		else
		{
			layout_page_title(_("Privileges Not Updated"), 'error');
		}
	}
	else
		error("session management");
}

if(isset($_REQUEST['password_change']) && isset($_REQUEST['user_new_password']) && isset($_REQUEST['user_retype_password']))
{
    if($user_id != USER_ID || md5($_REQUEST['user_old_password']) == USER_PASSWORD)
	{
		if($_REQUEST['user_new_password'] == $_REQUEST['user_retype_password'] && $_REQUEST['user_new_password'] != '')
		{
        	//if(is_numeric($user_name))
			//	$password = $_REQUEST['user_new_password'];
			//else
                $password = md5($_REQUEST['user_new_password']);

			$sql = "UPDATE users SET user_password='" . $password . "' WHERE user_id=" . $user_id;
			$sqlResult = sql_query($sql);
			if(mysql_affected_rows())
			{
							writeLog("Password for user ".$user_id." modified");
							layout_page_title(_("Password Updated"), 'ok');
							$updated_info = 1;
			}
			else
			{
				layout_page_title(_("Password Not Updated"), 'error');
			}
		}
		else
		{
			layout_page_title(_("Retype Mismatch"), 'error');
			$_REQUEST['edit'] = "password";
		}
	}
	else
	{
		layout_page_title(_("Old Password Incorrect"), 'error');
		$_REQUEST['edit'] = "password";
	}
}


// Re-fetch user info if there has been anything updated.
if(isset($updated_info) && $updated_info == 1)
{
	$result = sql_query("SELECT * FROM users WHERE user_id=".$user_id);
	$user_exists = mysql_num_rows($result);

	while($row = mysql_fetch_array($result))
	{
		$user_id = $row['user_id'];
		$user_given_names = $row['user_given_names'];
		$user_surname = $row['user_surname'];
		$user_card_number = $row['user_card_number'];
		$user_name = $row['user_name'];
		$user_postal_address = $row['user_postal_address'];
		$user_postal_code = $row['user_postal_code'];
		$user_town = $row['user_town'];
		$user_phone_home = $row['user_phone_home'];
		$user_phone_mobile = $row['user_phone_mobile'];
		$user_email = $row['user_email'];
		$user_password = $row['user_password'];
		$user_date_format = $row['user_date_format'];
		$user_cast = $row['user_cast'];
		$user_privileges = $row['user_privileges'];
		$user_lang = $row['user_lang'];
		
		$user_im_email = (check_pref("IM_EMAIL", $user_id)) ? _("Yes") : _("No");
	}
}


if($user_exists)
{

    layout_page_title();

	?>

		<table border="0" cellspacing="0" cellpadding="3">

            <?php

			if(isset($_REQUEST['edit']) && $_REQUEST['edit'] == "info")
			{

			?>

			<form name='update_info' action='management.php' method='post'>

				<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
				<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
				<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>

				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Given Names") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='text' size=35 name='user_given_names' value='<?php echo $user_given_names ?>'></td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Last Name") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='text' size=35 name='user_surname' value='<?php echo $user_surname ?>'></td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Card Number") ?>:&nbsp;</b></td>

					<?php

					if($user_id == USER_ID)
						print "<td>".format_card_number($user_card_number)."</td>";
					else
						print "<td align='left' valign='bottom'><input type='text' size=25 name='user_card_number' value='".format_card_number($user_card_number)."'></td>";

					?>

				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Username") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><?php echo (is_numeric($user_name)) ? format_card_number($user_name) : $user_name ?></td>
				</tr>
				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>
				<tr>
					<td align='right' valign='top'><b><?php echo _("Postal Address") ?>:&nbsp;</b></td>
					<td align="left" valign="top"><textarea name='user_postal_address' cols=30 rows=3><?php echo $user_postal_address?></textarea></td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Postal Code") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='text' size=20 name='user_postal_code' value='<?php echo $user_postal_code ?>'></td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("City") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='text' size=20 name='user_town' value='<?php echo $user_town ?>'></td>
				</tr>
				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Home Phone") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='text' size=20 name='user_phone_home' value='<?php echo $user_phone_home ?>'></td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Mobile Phone") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='text' size=20 name='user_phone_mobile' value='<?php echo $user_phone_mobile ?>'></td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("e-mail") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='text' size=20 name='user_email' value='<?php echo $user_email ?>'></td>
				</tr>
				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Emilda messages via e-mail?") ?>&nbsp;</b></td>
					<td><input type='checkbox' name='IM_EMAIL' <?php if(check_pref("IM_EMAIL", $user_id)) print "checked";?>></td>
				</tr>
				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Template") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'>
						<select name="user_template">

							<?php

							$templates = get_templates();
							foreach ($templates as $name => $src)
							{
								$selected = ($user_template == $src) ? "selected" : "";
								print "<option value='$src' $selected>$name</option>";
							}

							?>

						</select>
					</td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Language") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'>
						<select name="user_lang">

							<?php

                                for ($i=0; $i < $lang->count; $i++)
                                {
                                        ($user_lang == $lang->id[$i]) ? $selected = " selected" : $selected = "";
                                        print "<option value='" . $lang->id[$i] . "'" . $selected . ">" . $lang->name[$i] . "</option>";
                                }

                                ?>

						</select>
					</td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Date Format") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='text' name='user_date_format' value='<?php echo $user_date_format?>'></td>
				</tr>
				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>
				<tr>
					<td align='right'><input type='reset' name='reset' value='<?php echo _("Reset") ?>' class='button'>&nbsp;</td>
					<td><input type='submit' name='info_change' value='<?php echo _("Change") ?>' class='button'></td>
				</tr>
				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>

			</form>


			<?php

			}

			else
			{

			?>

			<tr>
				<td align='right' valign='bottom'><b><?php echo _("Name") ?>:&nbsp;</b></td>
            	<td><?php echo $user_surname.", ".$user_given_names ?></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><b><?php echo _("Card Number") ?>:&nbsp;</b></td>
            	<td><?php echo format_card_number($user_card_number) ?></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><b><?php echo _("Username") ?>:&nbsp;</b></td>
				<td align='left' valign='bottom'><?php echo (is_numeric($user_name)) ? format_card_number($user_name) : $user_name ?></td>
			</tr>
			<tr>
				<td colspan=2>&nbsp;</td>
			</tr>
			<tr>
				<td align='right' valign='top'><b><?php echo _("Address") ?>:&nbsp;</b></td>
            	<td><?php echo $user_postal_address ?><br><?php echo $user_postal_code." ".$user_town?></td>
			</tr>
			<tr>
				<td colspan=2>&nbsp;</td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><b><?php echo _("Home Phone") ?>:&nbsp;</b></td>
            	<td><?php echo $user_phone_home ?></td>
			</tr>
   			<tr>
				<td align='right' valign='bottom'><b><?php echo _("Mobile Phone") ?>:&nbsp;</b></td>
            	<td><?php echo $user_phone_mobile ?></td>
			</tr>
			<tr>
    			<td align='right' valign='bottom'><b><?php echo _("e-mail") ?>:&nbsp;</b></td>
				<td><?php echo $user_email ?></td>
			</tr>
			<tr>
				<td colspan=2>&nbsp;</td>
			</tr>
			<tr>
    			<td align='right' valign='bottom'><b><?php echo _("Emilda messages via e-mail?") ?>:&nbsp;</b></td>
				<td><?php echo $user_im_email ?></td>
			</tr>
			<tr>
				<td colspan=2>&nbsp;</td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><b><?php echo _("Template") ?>:&nbsp;</b></td>
				<td align='left' valign='bottom'><?php echo get_template_name($user_template) ?></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><b><?php echo _("Language") ?>:&nbsp;</b></td>
				<td align='left' valign='bottom'><?php echo $lang->getName($user_lang)?></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><b><?php echo _("Date Format") ?>:&nbsp;</b></td>
				<td align='left' valign='bottom'><?php echo $user_date_format?></td>
			</tr>
			<tr>
				<td colspan=2>&nbsp;</td>
			</tr>

			<?php

			}

			if(isset($_REQUEST['user_id']) && $_REQUEST['user_id'] != USER_ID && (!isset($_REQUEST['edit']) || $_REQUEST['edit'] != "privs"))
			{

			?>

			<tr>
				<td colspan=2>&nbsp;</td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><?php echo (check_priv("ENABLE", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?>&nbsp;</td>
				<td><b><?php echo _("Account Enabled") ?></b></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><?php echo (check_priv("BORROW", $_REQUEST['user_id']) && check_priv("RETURN", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?>&nbsp;</td>
				<td><b><?php echo _("Handle Loans & Returns") ?></b></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><?php echo (check_priv("BORROWED_BOOKS", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?>&nbsp;</td>
				<td><b><?php echo _("View Borrowed Items") ?></b></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><?php echo (check_priv("ADD", $_REQUEST['user_id']) && check_priv("EDIT", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?>&nbsp;</td>
				<td><b><?php echo _("Add & Edit Items") ?></b></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><?php echo (check_priv("DELETE", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?>&nbsp;</td>
				<td><b><?php echo _("Delete Items") ?></b></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><?php echo (check_priv("GROUP_MANAGEMENT", $_REQUEST['user_id'])) ? _("Yes") : _("No"); ?>&nbsp;</td>
				<td><b><?php echo _("Manage Groups") ?></b></td>
			</tr>
			<tr>
				<td align='right' valign='bottom'><?php echo $user_cast ?>&nbsp;</td>
				<td><b><?php echo _("User Type") ?></b></td>
			</tr>
			<tr>
				<td colspan='2'>&nbsp;</td>
			</tr>

			<?php

			}

			elseif(isset($_REQUEST['user_id']) && $_REQUEST['user_id'] != USER_ID && (!isset($_REQUEST['edit']) || $_REQUEST['edit'] == "privs"))
			{

			?>

			<form name='priv_change' action='management.php' method='post'>

				<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
				<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
				<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>

				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><input type='checkbox' name='ENABLE' <?php if(check_priv("ENABLE", $_REQUEST['user_id'])) print "checked"; ?>></td>
					<td align='left' valign='bottom'><b><?php echo _("Account Enabled") ?></b></td>
				</tr>

				<?php

				if(check_priv("BORROW"))
				{

				?>

				<tr>
					<td align='right' valign='bottom'><input type='checkbox' name='BORROW' <?php if(check_priv("BORROW", $_REQUEST['user_id']) && check_priv("RETURN", $_REQUEST['user_id'])) print "checked";?>></td>
					<td align='left' valign='bottom'><b><?php echo _("Handle Loans & Returns") ?></b></td>
				</tr>

                <?php

				}
				if(check_priv("BORROWED_BOOKS"))
				{

				?>

				<tr>
					<td align='right' valign='bottom'><input type='checkbox' name='BORROWED_BOOKS' <?php if(check_priv("BORROWED_BOOKS", $_REQUEST['user_id'])) print "checked";?>></td>
					<td align='left' valign='bottom'><b><?php echo _("View Borrowed Items") ?></b></td>
				</tr>

				<?php

				}
				if(check_priv("ADD"))
				{

				?>

				<tr>
					<td align='right' valign='bottom'><input type='checkbox' name='ADD' <?php if(check_priv("ADD", $_REQUEST['user_id']) && check_priv("EDIT", $_REQUEST['user_id'])) print "checked";?>></td>
					<td align='left' valign='bottom'><b><?php echo _("Add & Edit Items") ?></b></td>
				</tr>

				<?php

				}
				if(check_priv("DELETE"))
				{

				?>

				<tr>
					<td align='right' valign='bottom'><input type='checkbox' name='DELETE' <?php if(check_priv("DELETE", $_REQUEST['user_id'])) print "checked";?>></td>
					<td align='left' valign='bottom'><b><?php echo _("Delete Items") ?></b></td>
				</tr>

				<?php

				}
				if(check_priv("GROUP_MANAGEMENT") && check_priv("ADMIN") && $user_name != $user_card_number)
				{

				?>

				<tr>
					<td align='right' valign='bottom'><input type='checkbox' name='GROUP_MANAGEMENT' <?php if(check_priv("GROUP_MANAGEMENT", $_REQUEST['user_id'])) print "checked";?>></td>
					<td align='left' valign='bottom'><b><?php echo _("Manage Groups") ?></b></td>
				</tr>

				<?php

				}
				if(check_priv("ADMIN") && $user_name != $user_card_number)
				{

				?>

				<tr>
					<td align='right' valign='bottom'><input type="radio" name="CAST" value="ADMIN" <?php if(check_priv("ADMIN", $_REQUEST['user_id'])) print "checked";?>></td>
					<td align='left' valign='bottom'><b><?php echo _("Administrator") ?></b></td>
				</tr>

				<?php

				}
				if(check_priv("ADMIN") && $user_name != $user_card_number)
				{

				?>

				<tr>
					<td align='right' valign='bottom'><input type="radio" name="CAST" value="POWER" <?php if(check_priv("POWER", $_REQUEST['user_id'])) print "checked";?>></td>
					<td align='left' valign='bottom'><b><?php echo _("Power User") ?></b></td>
				</tr>

				<?php

				}

				?>

				<tr>
					<td align='right' valign='bottom'><input type="radio" name="CAST" value="NORMAL" <?php if(!check_priv("ADMIN", $_REQUEST['user_id']) && !check_priv("POWER", $_REQUEST['user_id'])) print "checked";?>></td>
					<td align='left' valign='bottom'><b><?php echo _("Normal User") ?></b></td>
				</tr>
				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>
				<tr>
					<td align='right'><input type='reset' name='reset' value='<?php echo _("Reset") ?>' class='button'>&nbsp;</td>
					<td><input type='submit' name='priv_change' value='<?php echo _("Change") ?>' class='button'></td>
				</tr>
				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>

			</form>

			<?php

			}

			if(isset($_REQUEST['edit']) && $_REQUEST['edit'] == "password")
			{

			?>

			<form name='update_password' action='<?php echo getenv("REQUEST_URI")?>' method='post'>

				<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
				<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
				<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>

				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>

				<?php

                if($user_id == USER_ID)
				{

				?>

				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Current Password") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='password' size=20 name='user_old_password' value=''></td>
				</tr>

                <?php

				}

				?>

				<tr>
					<td align='right' valign='bottom'><b><?php echo _("New Password") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='password' size=20 name='user_new_password' value=''></td>
				</tr>
				<tr>
					<td align='right' valign='bottom'><b><?php echo _("Password Again") ?>:&nbsp;</b></td>
					<td align='left' valign='bottom'><input type='password' size=20 name='user_retype_password' value=''></td>
				</tr>
				<tr>
					<td>&nbsp;</td>
					<td><input type='submit' name='password_change' value='<?php echo _("Change") ?>' class='button'></td>
				</tr>
				<tr>
					<td colspan=2>&nbsp;</td>
				</tr>

			</form>

			<?php
			}

			if(!isset($_REQUEST['edit']) || $_REQUEST['edit'] != "info")
			{

            ?>

			<form name='update_info' action='management.php' method='post'>

				<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
				<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
                <input type='hidden' name='edit' value='info'>
				<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>

				<tr>
					<td>&nbsp;</td>
					<td><input type='submit' name='change' value='<?php echo _("Change User Information") ?>' class='button'></td>
				</tr>

			</form>

			<?php

			}

			if((!isset($_REQUEST['edit']) || $_REQUEST['edit'] != "privs") && $user_id != USER_ID)
			{

            ?>

			<form name='update_privs' action='management.php' method='post'>

				<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
				<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
                <input type='hidden' name='edit' value='privs'>
				<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>

				<tr>
					<td>&nbsp;</td>
					<td><input type='submit' name='change' value='<?php echo _("Change Privileges") ?>' class='button'></td>
				</tr>

			</form>

			<?php

			}


			if(!isset($_REQUEST['edit']) || $_REQUEST['edit'] != "password")
			{

			?>

			<form name='update_password' action='management.php' method='post'>

				<input type='hidden' name='id' value='<?php echo $_REQUEST['id']?>'>
				<input type='hidden' name='auth' value='<?php echo $_REQUEST['auth']?>'>
                <input type='hidden' name='edit' value='password'>
				<?php echo (isset($_REQUEST['user_id'])) ? "<input type='hidden' name='user_id' value='".$_REQUEST['user_id']."'>" : ""; ?>

				<tr>
					<td>&nbsp;</td>
					<td><input type='submit' name='change' value='<?php echo _("Change Password") ?>' class='button'></td>
				</tr>

			</form>

			<?php

			}

			?>

		</table>

	<?php

}

elseif(!$user_exists)
{
	layout_page_title(_("No Such User Exists"), 'error');
}

layout_footer();

?>
Return current item: Emilda