<?php
require_once('../../../config.php');
require_once(FOLDER_RELATIVE_COMMON . 'authorization.php');
require_once(FOLDER_RELATIVE_COMMON . 'database.php');
require_once(FOLDER_RELATIVE_COMMON . 'html.php');
$exitearly = true;
$errors = '';
$xml_delete_choice = null;
$stage = isset($_GET['stage']) ? $_GET['stage'] : '';
$request = isset($_GET['request']) ? $_GET['request'] : 'add';
if ($request == 'xml') {
header('Content-Type: text/xml');
$xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' . "\n";
$xml .= "<root>\n";
if ($stage == 'add') {
$xml .= " <controls_input>\n";
$xml .= " <record><key>request</key><value>add</value></record>\n";
$xml .= " <record><key>stage</key><value>$stage</value></record>\n";
$xml .= " <record><key>user_id</key><value>$user_id</value></record>\n";
$xml .= " </controls_input>\n";
} else if ($stage == 'edit') {
$user_id = $_SESSION['id'];
// Get the user's info
$sql = 'SELECT username, email, first_name, last_name, ' . databaseGetDate("expire_date") . ' AS expire_date FROM Users WHERE id = ?';
$row = databaseGetRow($sql, array($user_id));
$user_expire_date = isset($row['expire_date']) ? $row['expire_date'] : '';
$user_never_expires = ($user_expire_date == '') ? 'Y' : 'N';
// Compile the xml document
$xml .= " <controls_input>\n";
$xml .= " <record><key>request</key><value>edit</value></record>\n";
$xml .= " <record><key>stage</key><value>$stage</value></record>\n";
$xml .= " <record><key>user_id</key><value>$user_id</value></record>\n";
$xml .= " <record><key>user_name</key><value><![CDATA[" . $row['username'] . "]]></value></record>\n";
$xml .= " <record><key>user_email</key><value><![CDATA[" . $row['email'] . "]]></value></record>\n";
$xml .= " <record><key>user_first_name</key><value><![CDATA[" . $row['first_name'] . "]]></value></record>\n";
$xml .= " <record><key>user_last_name</key><value><![CDATA[" . $row['last_name'] . "]]></value></record>\n";
$xml .= " <record><key>user_expire_date</key><value><![CDATA[" . $user_expire_date . "]]></value></record>\n";
$xml .= " <record><key>user_never_expires</key><value><![CDATA[" . $user_never_expires . "]]></value></record>\n";
$xml .= " </controls_input>\n";
}
$xml .= "</root>\n";
echo $xml;
exit;
}
if ($request == 'add') {
if ($stage == 'add') {
// User just submitted.
$user_name = stripslashes($_POST['user_name']);
$user_password = md5("jaxblog" . stripslashes($_POST['user_password'])); // add a little salt to the password prior to hashing it
$user_email = stripslashes($_POST['user_email']);
$user_first_name = stripslashes($_POST['user_first_name']);
$user_last_name = stripslashes($_POST['user_last_name']);
$user_never_expires = stripslashes($_POST['user_never_expires']);
$user_expire_date = (isset($user_never_expires) && $user_never_expires == 'on') ? 'null' : databaseSetDate($_POST['user_expire_date']);
$duplicate = databaseGetValue('SELECT id FROM Users WHERE username = ? OR email = ?', array($user_name, $user_email));
if (isset($duplicate) && $duplicate != 0) {
$errors = 'Username or email address already exists in the system, please specify a new username or email address.';
$exitearly = true;
} else {
$sql = "INSERT INTO Users (id, username, password, email, first_name, last_name, expire_date, modified_date) VALUES ( ?, ?, ?, ?, ?, ?, " . $user_expire_date . ", " . databaseSetDate() . " )";
$args = array(0, $user_name, $user_password, $user_email, $user_first_name, $user_last_name);
$user_id = databaseExecuteReturnId($sql, $args, 'users_id_seq');
}
} else {
// Send user to the 'add' form.
$_SESSION['id'] = -1;
$stage = 'add';
$exitearly = false;
}
} else if ($request == 'edit') {
if ($stage == 'edit') {
// User just submitted.
$user_id = $_SESSION['id'];
$user_name = stripslashes($_POST['user_name']);
$user_email = stripslashes($_POST['user_email']);
$user_first_name = stripslashes($_POST['user_first_name']);
$user_last_name = stripslashes($_POST['user_last_name']);
$user_never_expires = stripslashes($_POST['user_never_expires']);
$user_expire_date = (isset($user_never_expires) && $user_never_expires == 'on') ? 'null' : databaseSetDate($_POST['user_expire_date']);
$duplicate = databaseGetValue('SELECT id FROM Users WHERE (username = ? OR email = ?) AND id <> ?', array($user_name, $user_email, $user_id));
if (isset($duplicate) && $duplicate != 0) {
$errors = 'Username or email address already exists in the system, please specify a new username or email address.';
$exitearly = true;
} else {
$sql = "UPDATE Users SET username = ?, email = ?, first_name = ?, last_name = ?, expire_date = $user_expire_date, modified_date = " . databaseSetDate() . " WHERE id = ?";
$args = array($user_name, $user_email, $user_first_name, $user_last_name, $user_id);
databaseExecute($sql, $args);
$user_password = isset($_POST['user_password']) ? stripslashes($_POST['user_password']) : '';
if ($user_password != '') {
$user_password = md5("jaxblog" . $user_password); // add a little salt to the password prior to hashing it
$sql = "UPDATE Users SET password = ?, first_time = 'Y' WHERE id = ?";
$args = array($user_password, $user_id);
databaseExecute($sql, $args);
}
}
} else {
// Send user to the 'edit' form.
$_SESSION['id'] = $_GET['id'];
$stage = 'edit';
$exitearly = false;
}
} else if ($request == 'delete') {
$sql = 'DELETE FROM Users WHERE user_id = ?';
databaseExecute($sql, array($_GET['id']));
}
if ($exitearly) {
// TODO: find a neat way to out the error messages to the user.
if ($errors != '') {
echo $errors;
exit;
}
header('location:admin_users_list.php');
exit;
}
// Show the users form.
require_once(FOLDER_RELATIVE_COMMON . 'builder-admin.php');
$header = '<script type="text/javascript" src="admin_users.js"></script>' . "\n";
$onload = "initializePage('admin_users.php?request=xml&stage=$stage');";
$title = 'Users';
$content = 'admin_users.html';
$page = buildAdminPage($header, $onload, $title, $content);
echo $page;
?>