Location: PHPKode > projects > JaxBlog > JaxBlog/app/admin/admin_users/admin_users.php
<?php

require_once('../../../config.php');
require_once(FOLDER_RELATIVE_COMMON . 'authorization.php');
require_once(FOLDER_RELATIVE_COMMON . 'database.php');
require_once(FOLDER_RELATIVE_COMMON . 'html.php');

$exitearly = true;
$errors = '';
$xml_delete_choice = null;
$stage = isset($_GET['stage']) ? $_GET['stage'] : '';
$request = isset($_GET['request']) ? $_GET['request'] : 'add';

if ($request == 'xml') {
	
	header('Content-Type: text/xml');
	$xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' . "\n";
	$xml .= "<root>\n";

	if ($stage == 'add') {
		$xml .= "	<controls_input>\n";
		$xml .= "		<record><key>request</key><value>add</value></record>\n";
		$xml .= "		<record><key>stage</key><value>$stage</value></record>\n";
		$xml .= "		<record><key>user_id</key><value>$user_id</value></record>\n";
		$xml .= "	</controls_input>\n";
		
	} else if ($stage == 'edit') {
		$user_id = $_SESSION['id'];
		
		// Get the user's info
		$sql = 'SELECT username, email, first_name, last_name, ' . databaseGetDate("expire_date") . ' AS expire_date FROM Users WHERE id = ?';
		$row = databaseGetRow($sql, array($user_id));
		
		$user_expire_date = isset($row['expire_date']) ? $row['expire_date'] : '';
		$user_never_expires = ($user_expire_date == '') ? 'Y' : 'N';
		
		// Compile the xml document
		$xml .= "	<controls_input>\n";
		$xml .= "		<record><key>request</key><value>edit</value></record>\n";
		$xml .= "		<record><key>stage</key><value>$stage</value></record>\n";
		$xml .= "		<record><key>user_id</key><value>$user_id</value></record>\n";
		$xml .= "		<record><key>user_name</key><value><![CDATA[" . $row['username'] . "]]></value></record>\n";
		$xml .= "		<record><key>user_email</key><value><![CDATA[" . $row['email'] . "]]></value></record>\n";
		$xml .= "		<record><key>user_first_name</key><value><![CDATA[" . $row['first_name'] . "]]></value></record>\n";
		$xml .= "		<record><key>user_last_name</key><value><![CDATA[" . $row['last_name'] . "]]></value></record>\n";
		$xml .= "		<record><key>user_expire_date</key><value><![CDATA[" . $user_expire_date . "]]></value></record>\n";
		$xml .= "		<record><key>user_never_expires</key><value><![CDATA[" . $user_never_expires . "]]></value></record>\n";
		$xml .= "	</controls_input>\n";
	}
	
	$xml .= "</root>\n";
	echo $xml;
	exit;
}

if ($request == 'add') {
	if ($stage == 'add') {
		// User just submitted.
		$user_name          = stripslashes($_POST['user_name']);
		$user_password      = md5("jaxblog" . stripslashes($_POST['user_password'])); // add a little salt to the password prior to hashing it
		$user_email         = stripslashes($_POST['user_email']);
		$user_first_name    = stripslashes($_POST['user_first_name']);
		$user_last_name     = stripslashes($_POST['user_last_name']);
		$user_never_expires = stripslashes($_POST['user_never_expires']);
		$user_expire_date   = (isset($user_never_expires) && $user_never_expires == 'on') ? 'null' : databaseSetDate($_POST['user_expire_date']);
		
		$duplicate = databaseGetValue('SELECT id FROM Users WHERE username = ? OR email = ?', array($user_name, $user_email));
		if (isset($duplicate) && $duplicate != 0) {
			$errors = 'Username or email address already exists in the system, please specify a new username or email address.';
			$exitearly = true;
			
		} else {
			$sql = "INSERT INTO Users (id, username, password, email, first_name, last_name, expire_date, modified_date) VALUES ( ?, ?, ?, ?, ?, ?, " . $user_expire_date . ", " . databaseSetDate() . " )";
			$args = array(0, $user_name, $user_password, $user_email, $user_first_name, $user_last_name);
			$user_id = databaseExecuteReturnId($sql, $args, 'users_id_seq');
		}
	} else {
		// Send user to the 'add' form.
		$_SESSION['id'] = -1;
		$stage = 'add';
		$exitearly = false;
	}
	
} else if ($request == 'edit') {
	
	if ($stage == 'edit') {
		// User just submitted.
		$user_id            = $_SESSION['id'];
		$user_name          = stripslashes($_POST['user_name']);
		$user_email         = stripslashes($_POST['user_email']);
		$user_first_name    = stripslashes($_POST['user_first_name']);
		$user_last_name     = stripslashes($_POST['user_last_name']);
		$user_never_expires = stripslashes($_POST['user_never_expires']);
		$user_expire_date   = (isset($user_never_expires) && $user_never_expires == 'on') ? 'null' : databaseSetDate($_POST['user_expire_date']);
		
		$duplicate = databaseGetValue('SELECT id FROM Users WHERE (username = ? OR email = ?) AND id <> ?', array($user_name, $user_email, $user_id));
		if (isset($duplicate) && $duplicate != 0) {
			$errors = 'Username or email address already exists in the system, please specify a new username or email address.';
			$exitearly = true;
			
		} else {
			$sql = "UPDATE Users SET username = ?, email = ?, first_name = ?, last_name = ?, expire_date = $user_expire_date, modified_date = " . databaseSetDate() . " WHERE id = ?";
			$args = array($user_name, $user_email, $user_first_name, $user_last_name, $user_id);
			databaseExecute($sql, $args);
			
			$user_password = isset($_POST['user_password']) ? stripslashes($_POST['user_password']) : '';
			if ($user_password != '') {
				$user_password = md5("jaxblog" . $user_password); // add a little salt to the password prior to hashing it
				$sql = "UPDATE Users SET password = ?, first_time = 'Y' WHERE id = ?";
				$args = array($user_password, $user_id);
				databaseExecute($sql, $args);
			}
		}
	} else {
		// Send user to the 'edit' form.
		$_SESSION['id'] = $_GET['id'];
		$stage = 'edit';
		$exitearly = false;
	}
	
} else if ($request == 'delete') {
	$sql = 'DELETE FROM Users WHERE user_id = ?';
	databaseExecute($sql, array($_GET['id']));
}

if ($exitearly) {
	// TODO: find a neat way to out the error messages to the user.
	if ($errors != '') { 
		echo $errors;
		exit;
	}
    header('location:admin_users_list.php');
	exit;
}


// Show the users form.
require_once(FOLDER_RELATIVE_COMMON . 'builder-admin.php');

$header  = '<script type="text/javascript" src="admin_users.js"></script>' . "\n";
$onload  = "initializePage('admin_users.php?request=xml&stage=$stage');";
$title   = 'Users';
$content = 'admin_users.html';
$page    = buildAdminPage($header, $onload, $title, $content);

echo $page;

?>
Return current item: JaxBlog