Location: PHPKode > projects > Insecticida > insecticida_wiki/admin/useradmin.php
<?
###################################################
#Copyright (C) 2001 Stuart Wigley (hide@address.com) 
#
#useradmin.php 29/07/2001   
#
#This file is part of workbench.
#
#workbench is free software; you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation; either version 2 of the License, or
#(at your option) any later version.
#
#workbench is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with workbench; if not, write to the Free Software
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#####################################################
session_start();
require_once("../config.php");
#if user has logged in get $login from session
if (($HTTP_SESSION_VARS["group"] == "1") && session_is_registered("login"))
{
	$login = $HTTP_SESSION_VARS["login"];
	require_once("$path/connect.php");
	require_once("$path/general.php"); 
	if ($HTTP_POST_VARS["userID"] && $HTTP_POST_VARS["isHidden"] && $HTTP_POST_VARS["grpID"])
	{
		while (list($key, $value) = each($HTTP_POST_VARS))
		{
			if (($key != "grpID") && ($key != "isHidden"))
			{
				if ($key == "userID")
				{
					$query = mysql_query("update users set isHidden='".$HTTP_POST_VARS["isHidden"]."', grpID='".$HTTP_POST_VARS["grpID"]."' where userID='".$HTTP_POST_VARS["userID"]."'");
				}
				else {
					$query2 = mysql_query("delete from projectAccess where userID='".$HTTP_POST_VARS["userID"]."'") or die(mysql_error());
					$z=0;
					for ($i=0;$i<sizeof($value);$i++)
					{
						$query3 = mysql_query("insert into projectAccess values('','".$HTTP_POST_VARS["userID"]."','$value[$i]')") or die(mysql_error());
						$z++;
					}
				}
				if ($z==0)
				{
					$query4 = mysql_query("delete from projectAccess where userID='".$HTTP_POST_VARS["userID"]."'") or die(mysql_error());
				}
			}
		}
		header("Location: $url/admin/useradmin.php?userID=".$HTTP_POST_VARS["userID"]."");
		exit;
	}
	elseif ($HTTP_POST_VARS["loginName"]) 
	{
		$loginName = strtolower($HTTP_POST_VARS["loginName"]);
    		$md5password = md5($HTTP_POST_VARS["password"]);
		$query = mysql_query("select * from users where login='$loginName'") or die (mysql_error());
		if (!mysql_num_rows($query))
		{
			mysql_query("INSERT INTO users VALUES ('', '$loginName', '".$HTTP_POST_VARS["fName"]."', '".$HTTP_POST_VARS["sName"]."', '".$HTTP_POST_VARS["email"]."', '$md5password', '".$HTTP_POST_VARS["grpID"]."', 'Never', 'N')") or die (mysql_error());
			$query9 = mysql_query("select * from users where login='$loginName'") or die(mysql_error());
			$result9 = mysql_fetch_array($query9);
			mysql_query("INSERT INTO settings VALUES ('', '$result9[userID]', '', '', '', 'bugID', 'ASC', '0','html','2')") or die (mysql_error());
			$query2 = mysql_query("select userID from users where login='$loginName'") or die (mysql_error());
			$result2 = mysql_fetch_array($query2);
			mysql_query("INSERT INTO projectAccess VALUES ('', '$result2[userID]', '1')") or die (mysql_error());
			header("Location: $url/admin/useradmin.php?userID=$result2[userID]");
			exit;
		}
		else {
			header("Location: $relative/admin/useradmin.php?new=1&theError=1");
			exit;
		}
	}
	include("$path/header.php");
?>
    <table cellspacing="0" class="table3">
	 <tr class="rowtitle">
	  <td colspan="2"><h5>Manage Users</h5></td>
	 </tr>
	 <tr>
	  <td colspan="2"><p>This Administration Tool allows you to create new users and configure a number of User Settings. 
	  Either choose an existing user from the list or click the New User button.</p></td>
	 </tr>
	 <tr>
	  <td colspan="2"><hr></td>
	 </tr>
	 <tr>
	  <td colspan="2">
	  <form method="get" action="useradmin.php" name="useradmin">
		  <select name="userID" onchange="this.form.submit()">
		   <option value="">Choose</option>
		   <?
		   $query = mysql_query("select * from users,groups where users.grpID=groups.grpID and users.userID!='1' order by users.sName") or die(mysql_error());
			while ($result = mysql_fetch_array($query))
			{
				if ($result[userID] == $HTTP_GET_VARS["userID"])
				{
					echo("<option value=\"$result[userID]\" selected>$result[sName], $result[fName]</option>");
				}
				else {
					echo("<option value=\"$result[userID]\">$result[sName], $result[fName]</option>");
				}
			} 
			?>
		   </select> or <input type="button" value="New User" onclick="javascript:window.location='useradmin.php?new=1'">
	   </form>
	  </td>
	  </tr>
	  <tr>
	   <td colspan="2"><hr></td>
	  </tr><form name="useradmin2" method="post" action="useradmin.php" onSubmit="return validateForm('useradmin2');">
<?
if ($HTTP_GET_VARS["userID"])
{
	$query = mysql_query("select * from users where users.userID = '".$HTTP_GET_VARS["userID"]."'") or die(mysql_error());
 	$query2 = mysql_query("select * from groups") or die(mysql_error());
	echo("<tr class=\"rowtitle\"><td colspan=\"2\"><h5>Account Status</h5></td></tr>");
	echo("<tr><td>");
	echo("Is this users account disabled?</td><td><select name=\"isHidden\">");
	$result = mysql_fetch_array($query);
	if ($result[isHidden] == "Y")
	{
		echo("<option value=\"Y\" selected>Yes</option><option value=\"N\">No</option>");
	}
	else {
		echo("<option value=\"Y\">Yes</option><option value=\"N\" selected>No</option>");
	}
	echo("</select></td></tr>");
	echo("<tr class=\"rowtitle\"><td colspan=\"2\"><h5>Group Access</h5></td></tr>");
	while ($result2 = mysql_fetch_array($query2))
	{
		if ($result2[isHidden] != "Y")
		{
	 		echo("<tr><td>$result2[grpName]</td>");	 
			if ($result[grpID] == $result2[grpID])
			{
				echo("<td><input type=\"radio\" name=\"grpID\" value=\"$result2[grpID]\" checked></td>\n");
			}
			else {
				echo("<td><input type=\"radio\" name=\"grpID\" value=\"$result2[grpID]\"></td>\n");
			}
		}
 	}
	echo("</td></tr>");
	#display the users project access options
	echo("<tr class=\"rowtitle\"><td colspan=\"2\"><h5>Project Access</h5></td></tr>");
	$query3 = mysql_query("select * from apps where isHidden!='Y'") or die(mysql_error());
	while ($result3 = mysql_fetch_array($query3))
	{
		$query4 = mysql_query("select * from projectAccess where projectAccess.appID='$result3[appID]' and projectAccess.userID='".$HTTP_GET_VARS["userID"]."'") or die(mysql_error());
		$result4 = mysql_fetch_array($query4);
		echo("<tr><td>$result3[appName]</td>");
		if ($result4[appID] == $result3[appID])
		{
			echo("<td><input type=\"checkbox\" name=\"appID[]\" value=\"$result3[appID]\" checked></td>");
		}
		else {
			echo("<td><input type=\"checkbox\" name=\"appID[]\" value=\"$result3[appID]\"></td>");
		}
	}	 
	echo("<tr>");
	echo("<tr><td colspan=\"2\" align=\"center\"><input type=\"Submit\" value=\"Submit\"></td></tr>");
	echo("<input type=\"hidden\" name=\"userID\" value=\"".$HTTP_GET_VARS["userID"]."\">");
}
elseif ($HTTP_GET_VARS["new"] == "1")
{
	if ($HTTP_GET_VARS["theError"] == 1)
	{
		echo("<tr><td colspan=\"2\"><strong>That user already exists. Please choose a different login.</strong></td></tr>");
	}
	echo("<tr><td>Login</td><td><input type=\"text\" name=\"loginName\" size=\"20\" maxlength=\"20\"></td></tr>");
	echo("<tr><td>Password</td><td><input type=\"password\" name=\"password\" size=\"20\" maxlength=\"50\"></td></tr>");
	echo("<tr><td>First Name</td><td><input type=\"text\" name=\"fName\" size=\"20\" maxlength=\"50\"></td></tr>");
	echo("<tr><td>Surname</td><td><input type=\"text\" name=\"sName\" size=\"20\" maxlength=\"50\"></td></tr>");
	echo("<tr><td>Email</td><td><input type=\"text\" name=\"email\" size=\"20\" maxlength=\"50\"></td></tr>");
	echo("<tr><td>Group</td><td><select name=\"grpID\"><option value=\"\">Choose a Group</option>");
	$query5 = mysql_query("select * from groups order by grpID") or die(mysql_error());
	while ($result5 = mysql_fetch_array($query5))
	{
		echo("<option value=\"$result5[grpID]\">$result5[grpName]</option>");
	}
	echo("</select></td></tr>");
	echo("<tr><td>&nbsp;</td><td><input type=\"Submit\" value=\"Submit\"></td></tr>");
}
?>	  </form>
	 </table>
 
<?include("$path/footer.php");
}
else {
	include("$path/login.php");
}
?>
Return current item: Insecticida