<?php
extract($_POST);
if (isset($_COOKIE['clearsite']['user_ID'])) {
$user_ID = $_COOKIE['clearsite']['user_ID'];
$error = "";
mysql_connect("$DBhost:$DBport",$DBuser,$DBpass) or die("Unable to connect to database");
@mysql_select_db("$DBName") or die("Unable to select database $DBName");
$user_details_query = "SELECT username, domain, full_name, email_address, location_ID, added_to_DB, passwd FROM user_data WHERE user_ID = \"$user_ID\"";
$user_details_result = mysql_query($user_details_query);
$user_details_row = mysql_fetch_assoc($user_details_result);
if (!empty($act)) {
$user_update_query = "UPDATE user_data SET domain=\"$domain\", full_name=\"$full_name\", email_address=\"$email_address\", location_ID=\"$location_ID\" WHERE user_ID = \"$user_ID\"";
$user_update_result = mysql_query($user_update_query);
if ($use_ldap == "no") {
if (!empty($current_pass) and crypt($current_pass, '$1$clearsite') == $user_details_row['passwd']) {
if (!empty($newpass1) and !empty($newpass2) and $new_pass1 == $newpass2) {
if (strlen($newpass1) > 7) {
$user_update_query = "UPDATE user_data SET passwd=\"" . crypt($newpass1, '$1$clearsite') . "\"";
$user_update_result = mysql_query($user_update_query);
} else {
$error .= "The password must be at least 8 charaters long.";
};
} else {
$error .= "New and re-entered passwords must be defined and match.<br />";
};
} else {
$error .= "Password not updated because Current password provided did not match actual password.<br />";
};
};
$user_details_query = "SELECT username, domain, full_name, email_address, location_ID, added_to_DB, passwd FROM user_data WHERE user_ID = \"$user_ID\"";
$user_details_result = mysql_query($user_details_query);
$user_details_row = mysql_fetch_assoc($user_details_result);
};
print "
<fieldset class=\"site_admin\">
";
if (!empty($act)) {
print "<label>Information Updated</label><br />";
};
print "
<form action=\"$ClearsiteBaseURL/my.php\" method=\"POST\">
<input type=\"hidden\" name=\"act\" value=\"update\">
<label for=\"username\">User Name</label>$user_details_row[username]<br />
<label for=\"domain\">Domain</label><input id=\"domain\" type=\"text\" name=\"domain\" value=\"$user_details_row[domain]\" size=\"10\"><br />
<label for=\"full_name\">Full Name</label><input id=\"full_name\" type=\"text\" name=\"full_name\" value=\"$user_details_row[full_name]\" size=\"36\"><br />
<label for=\"email\">Email Address</label><input id=\"email\" type=\"text\" name=\"email_address\" value=\"$user_details_row[email_address]\" size=\"24\"><br />
<label for=\"location\">Location</label><select id=\"location\" name=\"location_ID\">
";
$location_query = "SELECT t1.location_ID, t1.city, t1.state, t2.country_full FROM location AS t1, country_codes AS t2 WHERE t1.country_code = t2.country_code ORDER BY t1.city";
$location_result = mysql_query($location_query);
while ($location_row = mysql_fetch_assoc($location_result)) {
print "
<option value=\"$location_row[location_ID]\"";
if ($user_details_row["location_ID"] == $location_row["location_ID"]) {
print " selected";
};
print ">$location_row[city], $location_row[state], $location_row[country_full]</option>";
};
print "
</select><br />
<label for=\"user_created\">Clearsite User Created</label>$user_details_row[added_to_DB]<br />
";
if ($use_ldap == "no" or $user_details_row['username'] == "csadmin") {
print "
<label for=\"current_pass\">Current Password</label><input type=\"password\" name=\"current_pass\" id=\"current_pass\" size=\"24\" /><br />
<label for=\"new_pass1\">New Password</LABEL><input type=\"password\" name=\"new_pass1\" id=\"new_pass1\" size=\"24\" /><br />
<label for=\"new_pass2\">Re-enter Password</LABEL><input type=\"password\" name=\"new_pass2\" id=\"new_pass2\" size=\"24\" /><br />
";
};
print "
<p><input type=\"image\" name=\"Update\" value=\"Update\" src=\"$ClearsiteBaseURL/images/update.png\"></p>
</form>
</fieldset>
";
mysql_close();
} else {
print "<font class=\"admin_error\">Please Log In</font><p>";
};
?>