Location: PHPKode > projects > ETraxis > etraxis-2.1.1/src/accounts/modify.php
<?php

/**
 * @package eTraxis
 * @ignore
 */

//--------------------------------------------------------------------------------------------------
//
//  eTraxis - Records tracking web-based system.
//  Copyright (C) 2005-2009 by Artem Rodygin
//
//  This program is free software; you can redistribute it and/or modify
//  it under the terms of the GNU General Public License as published by
//  the Free Software Foundation; either version 2 of the License, or
//  (at your option) any later version.
//
//  This program is distributed in the hope that it will be useful,
//  but WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//  GNU General Public License for more details.
//
//  You should have received a copy of the GNU General Public License along
//  with this program; if not, write to the Free Software Foundation, Inc.,
//  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
//--------------------------------------------------------------------------------------------------
//  Author                  Date            Description of modifications
//--------------------------------------------------------------------------------------------------
//  Artem Rodygin           2005-02-13      new-001: Records tracking web-based system should be implemented.
//  Artem Rodygin           2005-08-01      new-013: UI scenarios should be changed.
//  Artem Rodygin           2005-09-01      bug-079: String database columns are not enough to store UTF-8 values.
//  Artem Rodygin           2005-10-05      new-148: Version info should be centralized.
//  Artem Rodygin           2005-10-09      new-155: Browser header should contain detailed page info.
//  Artem Rodygin           2005-11-16      new-176: Change eTraxis design.
//  Artem Rodygin           2006-07-10      bug-290: LDAP-accounts should not be editable.
//  Artem Rodygin           2006-07-14      new-206: User password should not be stored in client cookies.
//  Artem Rodygin           2006-07-27      new-261: UI design should be adopted to slow connection.
//  Artem Rodygin           2006-08-07      bug-300: Cannot login with Active Directory credentials.
//  Artem Rodygin           2006-11-20      new-392: Local users should not be extended with '@eTraxis' when LDAP is disabled.
//  Artem Rodygin           2006-12-11      bug-440: Local users should not be extended with '@eTraxis' when being modified.
//  Artem Rodygin           2008-11-09      new-749: Guest access for unauthorized users.
//  Artem Rodygin           2009-03-12      new-800: Password should expire when changed by admin.
//  Artem Rodygin           2009-06-12      new-824: PHP 4 is discontinued.
//--------------------------------------------------------------------------------------------------

/**#@+
 * Dependency.
 */
require_once('../engine/engine.php');
require_once('../dbo/accounts.php');
/**#@-*/

init_page();

if (get_user_level() != USER_LEVEL_ADMIN)
{
    debug_write_log(DEBUG_NOTICE, 'User must have admin rights to be allowed.');
    header('Location: index.php');
    exit;
}

$id      = ustr2int(try_request('id'));
$account = account_find($id);

if (!$account)
{
    debug_write_log(DEBUG_NOTICE, 'Account cannot be found.');
    header('Location: index.php');
    exit;
}

if ($account['is_ldapuser'])
{
    debug_write_log(DEBUG_NOTICE, 'Active Directory account cannot be modified.');
    header('Location: index.php');
    exit;
}

if (try_request('submitted') == 'mainform')
{
    debug_write_log(DEBUG_NOTICE, 'Data are submitted.');

    $username    = ustrcut($_REQUEST['username'],    MAX_ACCOUNT_USERNAME);
    $fullname    = ustrcut($_REQUEST['fullname'],    MAX_ACCOUNT_FULLNAME);
    $email       = ustrcut($_REQUEST['email'],       MAX_ACCOUNT_EMAIL);
    $description = ustrcut($_REQUEST['description'], MAX_ACCOUNT_DESCRIPTION);
    $passwd1     = ustrcut($_REQUEST['passwd1'],     MAX_ACCOUNT_PASSWORD);
    $passwd2     = ustrcut($_REQUEST['passwd2'],     MAX_ACCOUNT_PASSWORD);
    $is_admin    = isset($_REQUEST['is_admin']);
    $is_disabled = isset($_REQUEST['is_disabled']);
    $is_locked   = isset($_REQUEST['is_locked']);

    $error = account_validate($username,
                              $fullname,
                              $email,
                              $passwd1,
                              $passwd2);

    if ($error == NO_ERROR)
    {
        $error = account_modify($id,
                                $username,
                                $fullname,
                                $email,
                                $description,
                                $is_admin,
                                $is_disabled,
                                ($is_locked ? $account['locks_count'] : 0));

        if ($error == NO_ERROR)
        {
            if ($passwd1 != str_repeat('*', MAX_ACCOUNT_PASSWORD))
            {
                dal_query('accounts/passwd.sql', $id, md5($passwd1), 0);
            }

            header('Location: view.php?id=' . $id);
            exit;
        }
    }

    switch ($error)
    {
        case ERROR_INCOMPLETE_FORM:
            $alert = get_js_resource(RES_ALERT_REQUIRED_ARE_EMPTY_ID);
            break;
        case ERROR_INVALID_USERNAME:
            $alert = get_js_resource(RES_ALERT_INVALID_USERNAME_ID);
            break;
        case ERROR_ALREADY_EXISTS:
            $alert = get_js_resource(RES_ALERT_ACCOUNT_ALREADY_EXISTS_ID);
            break;
        case ERROR_INVALID_EMAIL:
            $alert = get_js_resource(RES_ALERT_INVALID_EMAIL_ID);
            break;
        case ERROR_PASSWORDS_DO_NOT_MATCH:
            $alert = get_js_resource(RES_ALERT_PASSWORDS_DO_NOT_MATCH_ID);
            break;
        case ERROR_PASSWORD_TOO_SHORT:
            $alert = ustrprocess(get_js_resource(RES_ALERT_PASSWORD_TOO_SHORT_ID), MIN_PASSWORD_LENGTH);
            break;
        default:
            $alert = NULL;
    }
}
else
{
    debug_write_log(DEBUG_NOTICE, 'Data are being requested.');

    $username    = account_get_username($account['username'], FALSE);
    $fullname    = $account['fullname'];
    $email       = $account['email'];
    $description = $account['description'];
    $passwd1     = $account['passwd'];
    $passwd2     = $account['passwd'];
    $is_admin    = $account['is_admin'];
    $is_disabled = $account['is_disabled'];
    $is_locked   = is_account_locked($account['locks_count'], $account['lock_time']);
}

$xml = '<page' . gen_xml_page_header(ustrprocess(get_html_resource(RES_ACCOUNT_X_ID), ustr2html(account_get_username($account['username'], FALSE))), isset($alert) ? $alert : NULL, 'mainform.username') . '>'
     . gen_xml_menu()
     . '<path>'
     . '<pathitem url="index.php">'                 . get_html_resource(RES_ACCOUNTS_ID)                                                                             . '</pathitem>'
     . '<pathitem url="view.php?id='   . $id . '">' . ustrprocess(get_html_resource(RES_ACCOUNT_X_ID), ustr2html(account_get_username($account['username'], FALSE))) . '</pathitem>'
     . '<pathitem url="modify.php?id=' . $id . '">' . get_html_resource(RES_MODIFY_ID)                                                                               . '</pathitem>'
     . '</path>'
     . '<content>'
     . '<form name="mainform" action="modify.php?id=' . $id . '">'
     . '<group title="' . get_html_resource(RES_ACCOUNT_INFO_ID) . '">'
     . '<editbox label="' . get_html_resource(RES_USERNAME_ID)         . '" required="' . get_html_resource(RES_REQUIRED3_ID) . '" name="username" size="' . HTML_EDITBOX_SIZE_MEDIUM  . '" maxlen="' . MAX_ACCOUNT_USERNAME    . '">' . ustr2html($username)    . '</editbox>'
     . '<editbox label="' . get_html_resource(RES_FULLNAME_ID)         . '" required="' . get_html_resource(RES_REQUIRED3_ID) . '" name="fullname" size="' . HTML_EDITBOX_SIZE_MEDIUM  . '" maxlen="' . MAX_ACCOUNT_FULLNAME    . '">' . ustr2html($fullname)    . '</editbox>'
     . '<editbox label="' . get_html_resource(RES_EMAIL_ID)            . '" required="' . get_html_resource(RES_REQUIRED3_ID) . '" name="email" size="' . HTML_EDITBOX_SIZE_MEDIUM     . '" maxlen="' . MAX_ACCOUNT_EMAIL       . '">' . ustr2html($email)       . '</editbox>'
     . '<editbox label="' . get_html_resource(RES_DESCRIPTION_ID)      . '"                                                        name="description" size="' . HTML_EDITBOX_SIZE_LONG . '" maxlen="' . MAX_ACCOUNT_DESCRIPTION . '">' . ustr2html($description) . '</editbox>'
     . '<passbox label="' . get_html_resource(RES_PASSWORD_ID)         . '" required="' . get_html_resource(RES_REQUIRED3_ID) . '" name="passwd1" size="' . HTML_EDITBOX_SIZE_MEDIUM   . '" maxlen="' . MAX_ACCOUNT_PASSWORD    . '">' . str_repeat('*', MAX_ACCOUNT_PASSWORD) . '</passbox>'
     . '<passbox label="' . get_html_resource(RES_PASSWORD_CONFIRM_ID) . '" required="' . get_html_resource(RES_REQUIRED3_ID) . '" name="passwd2" size="' . HTML_EDITBOX_SIZE_MEDIUM   . '" maxlen="' . MAX_ACCOUNT_PASSWORD    . '">' . str_repeat('*', MAX_ACCOUNT_PASSWORD) . '</passbox>'
     . '<checkbox name="is_admin"'    . ($is_admin ? ' checked="true">' : '>')    . get_html_resource(RES_ADMINISTRATOR_ID) . '</checkbox>'
     . '<checkbox name="is_disabled"' . ($is_disabled ? ' checked="true">' : '>') . get_html_resource(RES_DISABLED_ID)      . '</checkbox>'
     . '<checkbox name="is_locked"'   . (is_account_locked($account['locks_count'], $account['lock_time']) ? NULL : ' disabled="true"') . ($is_locked ? ' checked="true"' : NULL) . '>' . get_html_resource(RES_LOCKED_ID) . '</checkbox>'
     . '</group>'
     . '<button default="true">'                . get_html_resource(RES_OK_ID)     . '</button>'
     . '<button url="view.php?id=' . $id . '">' . get_html_resource(RES_CANCEL_ID) . '</button>'
     . '<note>' . get_html_resource(RES_ALERT_REQUIRED_ARE_EMPTY_ID)                                   . '</note>'
     . '<note>' . ustrprocess(get_html_resource(RES_ALERT_PASSWORD_TOO_SHORT_ID), MIN_PASSWORD_LENGTH) . '</note>'
     . '</form>'
     . '</content>'
     . '</page>';

echo(xml2html($xml));

?>
Return current item: ETraxis