<?php
require_once "../config/config.php";
require_once INCLUDE_DIR."/users_class.php";
require_once INCLUDE_DIR."/roles_class.php";
require_once INCLUDE_DIR."/usersinroles_class.php";
$users = new users_class();
$userrole=new roles_class();
$userinrole=new usersinroles_class();
if($_SERVER['REQUEST_METHOD']=="GET")
$_SESSION[SESSION_PREFIX.'page_referrer']=$_SERVER['HTTP_REFERER'];
if($users->IsAdminhavePermission($_SESSION[SESSION_PREFIX.'Admin_UserID'],'Can Browse Admins')==false)
{
Redirect('admin_nopermission.php',true);
}
switch($_action)
{
case 'insert':
//Insert
$lstokenKey=createToken();
$lsValues1 = array(strtolower($_POST['username']));
// $lTypes1=array('text');
$liUseravialble=$users->IsUserAvailable("SELECT * FROM ".TABLE_PREFIX ."users where username=?",$lsValues1,null);
if($liUseravialble==false)
{
$lTypes=null;
$query="INSERT INTO ".TABLE_PREFIX ."users (username,`password`,secretsalt,firstname,lastname, Email,country,state, city, address1,address2, zipcode,phone_main,createdon, createdby,createdipaddress,isapproved,islockedout,isunsubscribedfromemails) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
$lsValues = array();
$lsValues[]=trim(strtolower(strtolower($_POST['username'])));
$lsValues[]=encrypt($_POST['password'],$lstokenKey);
$lsValues[]=$lstokenKey;
$lsValues[]=' ';
$lsValues[]=' ' ;
$lsValues[]=$_POST['email'];
$lsValues[]=' ';
$lsValues[]=' ';
$lsValues[]=' ';
$lsValues[]=' ';
$lsValues[]=' ';
$lsValues[]=' ';
$lsValues[]=' ';
$lsValues[]=mktime();
$lsValues[]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
$lsValues[]=$_SERVER['REMOTE_ADDR'];
if($_POST['isapproved']=="1")
{
$lsValues[]=$_POST['isapproved'];
}
else
{
$lsValues[]=0;
}
$lsValues[]=$_POST['islockedout'];
$lsValues[]=$_POST['isUnsubscribe']=="1"?$_POST['isUnsubscribe']:0;
$lsInsertedrows = $users->Insert($query,$lsValues,null);
if($lsInsertedrows>0)
{
$lauserinfovalue=array();
$lauserinfovalue[0] = trim(strtolower($_POST['username']));
$lauserinfo = $users->view("SELECT id FROM ".TABLE_PREFIX ."users where username=?",$lauserinfovalue,null);
$lapermission=array();
$query= "INSERT INTO ".TABLE_PREFIX."users_permissions (userid, permission, createdon, createdby, createdipaddress)VALUES(?,?,?,?,?)";
if($_POST['supuserper']!='')
{
$lapermission[0]=$lauserinfo[0]['id'];
$lapermission[1]=$_POST['supuserper'];
$lapermission[2]=mktime();
$lapermission[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
$lapermission[4]=$_SERVER['REMOTE_ADDR'];
$lsInsertedrows = $users->Insert($query,$lapermission,null);
}
else
{
foreach($_POST['adminper'] as $key=>$value)
{
$lapermission[0]=$lauserinfo[0]['id'];
$lapermission[1]= $value;
$lapermission[2]=mktime();
$lapermission[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
$lapermission[4]=$_SERVER['REMOTE_ADDR'];
$lsInsertedrows = $users->Insert($query,$lapermission,null);
}
}
$lsValuesrole=array();
$lsValuesrole[0]='admin';
$laroleid=$userrole->GetRoleID($lsValuesrole,null);
$lauserinrolevalue=array();
$lauserinrolevalue[0]=$lauserinfo[0]['id'];
$lauserinrolevalue[1]=$laroleid[0]['id'];
$lauserinrolevalue[2]=mktime();
$lauserinrolevalue[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
$lauserinrolevalue[4]=$_SERVER['REMOTE_ADDR'];
$user= $userinrole->Insert('',$lauserinrolevalue,null);
}
$smarty->assign('msg','New user added successfully.');
$message->SetMessage('Admin is successfully added.');
if(isset($_SESSION[SESSION_PREFIX.'page_referrer']))
Redirect($_SESSION[SESSION_PREFIX.'page_referrer'],true);
else
Redirect('./admin_admin_v.php');
}
else
{ $iaPostdata = array();
$i=0;
foreach($_POST as $key=>$value)
{
$iaPostdata[$key]=$value;
$i++;
}
$smarty->assign('post',$iaPostdata);
$smarty->assign('msg','Username already Exist.');
$result = $users->GetadminPermission("2");
$result1 = $users->GetadminPermission("1");
$result2 = $users->GetUserStatus();
$smarty->assign('permissionarray',$result);
$smarty->assign('supadminpermission',$result1);
$smarty->assign('status',$result2);
$laLockedout=array(0=>'No',1=>'Yes',2=>'Disable auto-lock for this user');
/* if(MEMBER_UNIQUE_EMAIL=='true')
{
require_once INCLUDE_DIR."/ctl_isemailavailable.php";
} */
// phpajax::init();
$smarty->assign('laLockedout',$laLockedout);
$smarty->display('admin_admin_m.tpl');
}
break;
case 'update':
//Update
$lsUid=$_POST['uid'];
$key=$users->getSecretsaltById($lsUid);
$lsValues = array();
if((trim($_SESSION[SESSION_PREFIX.'Admin_UserName']) =='administrator')
or (trim($_POST['username'])!= 'administrator' && trim($_SESSION[SESSION_PREFIX.'Admin_UserName'])!= 'administrator'))
{
$query="update ".TABLE_PREFIX ."users set `password`=?,Email=?,modifiedon=?,modifiedby=?,modifiedipaddress=?,isapproved=?,islockedout=?,isunsubscribedfromemails=? where id=?";
$lsValues[]=encrypt($_POST['password'],$key);
}
else
{
$query="update ".TABLE_PREFIX ."users set Email=?,modifiedon=?,modifiedby=?,modifiedipaddress=?,isapproved=?,islockedout=?,isunsubscribedfromemails=? where id=?";
}
$lsValues[]=$_POST['email'];
$lsValues[]=mktime();
$lsValues[]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
$lsValues[]=$_SERVER['REMOTE_ADDR'];
if($_POST['isapproved']=="1")
{
$lsValues[]=$_POST['isapproved'];
}
else
{
$lsValues[]=0;
}
if(trim($_POST['username'])=='administrator')
{
$lsValues[]=0;
}
else
{
$lsValues[]=$_POST['islockedout'];
}
$lsValues[]=$_POST['isUnsubscribe']=="1"?$_POST['isUnsubscribe']:0;
$lsValues[]=$_POST['uid'];
$lsUpdatedrows = $users->Update($query,$lsValues,$lTypes);
if($lsUpdatedrows>0)
{
$ladpermission[0]=$_POST['uid'];
$query="delete from ".TABLE_PREFIX."users_permissions where userid=?";
$lsdeletedrows = $users->delete($query,$ladpermission,null);
$lapermission=array();
$query= "INSERT INTO ".TABLE_PREFIX."users_permissions (userid, permission, createdon, createdby, createdipaddress)VALUES(?,?,?,?,?)";
if($_POST['supuserper']!='')
{
$lapermission[0]=$_POST['uid'];
$lapermission[1]=$_POST['supuserper'];
$lapermission[2]=mktime();
$lapermission[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
$lapermission[4]=$_SERVER['REMOTE_ADDR'];
$lsInsertedrows = $users->Insert($query,$lapermission,null);
}
else
{
foreach($_POST['adminper'] as $key=>$value)
{
$lapermission[0]=$_POST['uid'];
$lapermission[1]= $value;
$lapermission[2]=mktime();
$lapermission[3]=$_SESSION[SESSION_PREFIX.'Admin_UserID'];
$lapermission[4]=$_SERVER['REMOTE_ADDR'];
$lsInsertedrows = $users->Insert($query,$lapermission,null);
}
}
}
$message->SetMessage('Admin is Successfully updated.');
if(isset($_SESSION[SESSION_PREFIX.'page_referrer']))
Redirect($_SESSION[SESSION_PREFIX.'page_referrer'],true);
else
Redirect('./admin_admin_v.php');
break;
case 'delete':
if($users->IsAdminhavePermission($_SESSION[SESSION_PREFIX.'Admin_UserID'],'Can delete admins')==false)
{
Redirect('admin_nopermission.php',true);
}
$laduser[0]= $_GET['id'];
$laedituserinfo = $users->view("SELECT * FROM ".TABLE_PREFIX ."users where id=?",$laduser,null);
if($laedituserinfo[0]['username']!='admin')
{
$laduser[0]= $_GET['id'];
$query="delete from ".TABLE_PREFIX."users where id=?";
$lsdeletedrows = $users->delete($query, $laduser,null);
if($lsdeletedrows>0)
{
$userinrole->delete('',$laduser,null);
$query="delete from ".TABLE_PREFIX."users_permissions where userid=?";
$lsdeletedrows = $users->delete($query,$laduser,null);
}
$message->SetMessage('Admin is successfully deleted.');
$quest="&";
if(isset($_GET) && !empty($_GET))
{
foreach($_GET as $keyname => $value) {
if(strtoupper($keyname)!='ACTION')
$quest.=$keyname."=".$value."&";
}
}
}
else
{
$message->SetMessage('The inbuilt system administrator is not allowed to delete.');
}
if(isset($_SESSION[SESSION_PREFIX.'page_referrer']))
Redirect($_SESSION[SESSION_PREFIX.'page_referrer'],true);
else
Redirect("./admin_admin_v.php?$quest");
break;
case 'edit':
if($users->IsAdminhavePermission($_SESSION[SESSION_PREFIX.'Admin_UserID'],'Can edit admins')==false)
{
Redirect('admin_nopermission.php',true);
}
$lsupdateid[0]=$_GET['id'];
$key=$users->getSecretsaltById($_GET['id']);
$laedituserinfo = $users->view("SELECT * FROM ".TABLE_PREFIX ."users where id=?",$lsupdateid,null);
$laedituserinfo[0]['password'] = decrypt($laedituserinfo[0]['password'],$key);
$smarty->assign('userdata',$laedituserinfo);
$smarty->assign('IsEdit','yes');
// require_once INCLUDE_DIR."/ctl_isusernameavailable.php";
/* if(MEMBER_UNIQUE_EMAIL=='true')
{
require_once INCLUDE_DIR."/ctl_isemailavailable.php";
}
phpajax::init(); */
$laepermission=$users->view("SELECT permission FROM ".TABLE_PREFIX ."users_permissions where userid=?",$lsupdateid,null);
$litotalrecord= count($laepermission);
$smarty->assign('totrecord',$litotalrecord);
$smarty->assign('userperdata1',$laepermission);
$smarty->assign('userperdata2',$laepermission);
$result = $users->GetadminPermission("2");
$result1 = $users->GetadminPermission("1");
//$result2 = $users->GetUserStatus();
$laLockedout=array(0=>'No',1=>'Yes',2=>'Disable auto-lock for this user');
$smarty->assign('laLockedout',$laLockedout);
$smarty->assign('permissionarray',$result);
$smarty->assign('supadminpermission',$result1);
//$smarty->assign('status',$result2);
$smarty->assign('lsloggedinusername',trim($_SESSION[SESSION_PREFIX.'Admin_UserName']));
$smarty->display('admin_admin_m.tpl');
break;
default:
if($users->IsAdminhavePermission($_SESSION[SESSION_PREFIX.'Admin_UserID'],'Can add admins')==false)
{
Redirect('admin_nopermission.php',true);
}
// require_once INCLUDE_DIR."/ctl_isusernameavailable.php";
/*if(MEMBER_UNIQUE_EMAIL=='true')
{
require_once INCLUDE_DIR."/ctl_isemailavailable.php";
}
phpajax::init(); */
$result = $users->GetadminPermission("2");
$result1 = $users->GetadminPermission("1");
//$result2 = $users->GetUserStatus();
$laLockedout=array(0=>'No',1=>'Yes',2=>'Disable auto-lock for this user');
$smarty->assign('laLockedout',$laLockedout);
$smarty->assign('permissionarray',$result);
$smarty->assign('supadminpermission',$result1);
//$smarty->assign('status',$result2);
$smarty->display('admin_admin_m.tpl');
}
?>