<?PHP
// Contact editor
//
// Version: $Revision: 1.1 $
// Date: $Date: 2006/08/06 19:05:50 $
//
// Copyright (c) 2006 Benjamin Oshrin
// License restrictions apply, see LICENSE for details.
// We might get called via admin/ or via reply/. In the latter, we
// have an inviteid as auth token and auth isn't required.
if(isset($_GET['inviteid']) && $_GET['inviteid'] != "")
$auth_required = 0;
else
$auth_required = 1;
include "../lib/mrsbs.inc";
$pgtitle = $tx['ct.ct.edit'];
$pgtype = "admin";
$op = "contact";
$handler = "admin-op-handler.php";
$cid = $rvar_contactid;
if($cid == "new")
{
if(!authorize("admin", "contactnew"))
mexit($tx['op.err.perm'], 1);
// If we were given seed values, use them
$ct = array("contactid" => "new",
"givenname" => hstr($rvar_givenname),
"sn" => hstr($rvar_sn),
"mail" => hstr($rvar_mail));
if($rvar_status != "" && $rvar_mtgid != "")
$op = "contactinvite"; // Add contact and invite to $mtgid
}
elseif(isset($_GET['inviteid']) && $_GET['inviteid'] != "")
{
$handler = "reply-op-handler.php";
// We use $_GET and not $rvar because we need to look before mrsbs.inc
// is called and $rvar gets set, so we're consistent here.
$inv = get_invite_info($_GET['inviteid']);
if($inv)
{
$cid = $inv['contactid'];
$ct = array("contactid" => $inv['contactid'],
"givenname" => $inv['givenname'],
"sn" => $inv['sn'],
"mail" => $inv['mail']);
}
else
mexit($tx['op.err.noinv'], 1);
}
else
{
if($cid == "self")
$cid = $_SESSION['contactid'];
if(!authorize("admin", "contact", $cid))
mexit($tx['op.err.perm'], 1);
$ct = get_contact($cid);
if(!$ct)
mexit($tx['op.err.noct'], 1);
}
if(isset($rvar_return))
$returi = $rvar_return;
else
$returi = "contacts.php";
?>
<HTML>
<HEAD>
<TITLE><?PHP print $pgtitle;?></TITLE>
</HEAD>
<BODY>
<TABLE CLASS="main">
<?PHP include "../lib/titlebar.php";?>
<TR>
<TD CLASS="main">
<TABLE CLASS="form">
<FORM NAME="ctform" ACTION="<?PHP print $handler;?>" METHOD="post">
<INPUT TYPE="hidden" NAME="op" VALUE="<?PHP print $op;?>">
<INPUT TYPE="hidden" NAME="contactid"
VALUE="<?PHP print hstr($cid);?>">
<INPUT TYPE="hidden" NAME="inviteid"
VALUE="<?PHP print hstr($rvar_inviteid);?>">
<INPUT TYPE="hidden" NAME="mtgid" VALUE="<?PHP print hstr($rvar_mtgid);?>">
<INPUT TYPE="hidden" NAME="status" VALUE="<?PHP print hstr($rvar_status);?>">
<INPUT TYPE="hidden" NAME="return" VALUE="<?PHP print hstr($returi);?>">
<TR>
<TD CLASS="formheader">
<?PHP
if($cid == "new")
print $tx['ct.ct.new'];
else
print $tx['ct.ct.edit'] . " " . hstr($cid);
?>
</TD>
</TR>
<TR>
<TD CLASS="formheader2">
<?PHP print $tx['ct.givenname'];?><BR>
</TD>
</TR>
<TR>
<TD CLASS="formfield2">
<INPUT TYPE="text" SIZE="70" MAXLENGTH="80" NAME="givenname"
VALUE="<?PHP print $ct['givenname'];?>">
</TD>
</TR>
<TR>
<TD CLASS="formheader2">
<?PHP print $tx['ct.sn'];?><BR>
</TD>
</TR>
<TR>
<TD CLASS="formfield2">
<INPUT TYPE="text" SIZE="70" MAXLENGTH="80" NAME="sn"
VALUE="<?PHP print $ct['sn'];?>">
</TD>
</TR>
<TR>
<TD CLASS="formheader2">
<?PHP print $tx['ct.mail'];?><BR>
</TD>
</TR>
<TR>
<TD CLASS="formfield2">
<INPUT TYPE="text" SIZE="70" MAXLENGTH="80" NAME="mail"
VALUE="<?PHP print $ct['mail'];?>">
</TD>
</TR>
<TR>
<TD CLASS="formfield2">
<INPUT TYPE="submit" VALUE="<?PHP print ($cid == "new" ?
$tx['op.new'] : $tx['op.update'] );?>">
</TD>
</TR>
</FORM>
<?PHP
if($cid != "new" && $cid != $_SESSION['contactid'] &&
authorize("admin", "delcontact", $cid))
{
print '
<FORM NAME="delcontact" ACTION="admin-confirm.php" METHOD="get">
<INPUT TYPE="hidden" NAME="op" VALUE="delcontact">
<INPUT TYPE="hidden" NAME="contactid" VALUE="'. hstr($cid) . '">
<INPUT TYPE="hidden" NAME="return" VALUE="' . hstr($returi) . '">
<TR>
<TD CLASS="formfield">
<INPUT TYPE="submit" VALUE="' . $tx['op.delete'] . '">
</TD>
</TR>
';
}
?>
</TABLE>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>