<?php
/**************************************************************************
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
@Authors: Ryan Thompson(hide@address.com)
***************************************************************************/
include("./data.php");
$service['add_header'] = TRUE;
include("../config.inc.php");
include($here. "/class.admin.php");
$admin = new admin;
echo $layout->page_header;
echo $layout->service_header($text['service_name'].' - '. $lang->msgs['manage_user_account'] . ' - '. $_GET['user'], $admin->nav_buttons());
if($_POST['update_account'])
{
if(isset($_POST['drop_account']))
{
$user->drop_account($_GET['user']);
} else {
//Only way I can think to get disabled == NULL in db
if(isset($_POST['disabled']))
{
$disabled = "disabled=".time();
} else {
$disabled = "disabled=NULL";
}
$sql = "UPDATE o_user_security SET $disabled WHERE user_id='{$_GET['user']}'";
$db->query($sql);
if(isset($_POST['failed_logins']))
{
$sql = "UPDATE o_user_security SET consecutive_fails='0' WHERE user_id='{$_GET['user']}'";
$db->query($sql);
}
if($_POST['expire_type'] == 'date')
{
$password_expire = date('U', mktime(0,0,0,$_POST['expire_month'],$_POST['expire_day'],$_POST['expire_year']));
} else {
$password_expire = $_POST['expire_days'];
}
$sql = "UPDATE o_user_security SET password_expire='$password_expire', expire_type='$_POST[expire_type]' WHERE user_id='{$_GET['user']}'";
$db->query($sql);
}
}
if(isset($_POST['update_services']))
{
foreach($_POST['access_rights'] AS $key => $value)
{
$security->update_access($_GET['user'], $key, $value);
}
}
if(isset($_POST['add_groups']))
{
$i = 0;
while($i < count($_POST['available_groups']))
{
$user_id = $_GET['user'];
$group_id = $_POST['available_groups'][$i];
$time = time();
$sql = "INSERT INTO o_group_access (group_id,user_id,permission, added) VALUES ('$group_id','$user_id','1','$time')";
$db->query($sql);
;
$i++;
}
} elseif(isset($_POST['remove_groups']))
{
$i = 0;
while($i < count($_POST['current_groups']))
{
$user_id = $_GET['u'];
$group_id = $_POST['current_groups'][$i];
$sql = "DELETE FROM o_group_access WHERE user_id='$user_id' AND group_id='$group_id'";
$db->query($sql, __FILE__, __LINE__);
$i++;
}
}
$sql = "SELECT * FROM o_users, o_tracker, o_user_security
WHERE o_users.user_id=o_tracker.user_id
AND o_users.user_id=o_user_security.user_id
AND o_users.user_id='{$_GET['user']}'";
$db->query($sql, __FILE__, __LINE__);
$db->fetch_results();
$disabled_account = $db->record['disabled'];
if($error->buffer)
{
echo $error->display();
}
?>
<table cellpadding="1" cellspacing="0" border="0" align="center">
<tr>
<td width="100" class="input_header">User ID:</td>
<td width="200"><?php echo $db->record['user_id']?></td>
<td class="input_header" width="150">Tracker:</td>
<td width="150"><?php echo $O->create_link("/admin/tracker.php?user={$_GET['user']}","View User Tracking");?></td>
</tr>
<tr>
<td width="150" class="input_header">Username:</td>
<td width="200"><?php echo $db->record['username']?></td>
<td width="150" class="input_header" >Active Since:</td>
<td width="150"><?php echo date($date->short_date ." - ". $date->time, $db->record['date_created'])?></td>
</tr>
<tr>
<td width="150" class="input_header">First Name:</td>
<td width="200"><?php echo $db->record['firstname']?></td>
<td width="150" class="input_header">Last Name:</td>
<td width="150"><?php echo $db->record['lastname']?></td>
</tr>
<tr>
<td width="150" class="input_header">Country:</td>
<td width="200"><?php echo $db->record['country']?></td>
<td width="150" class="input_header">Email:</td>
<td width="150"><a href="mailto:<?php echo $db->record['email']?>"><?php echo $db->record['email']?></a></td>
</tr>
<tr>
<td width="150" class="input_header">ICQ UIN:</td>
<td width="200"><?php echo $db->record['icq']?></td>
<td width="150" class="input_header">MSN:</td>
<td width="150"><?php echo $db->record['msn']?></td>
</tr>
<tr>
<td width="150" class="input_header">Yahoo:</td>
<td width="200"><?php echo $db->record['yahoo']?></td>
<td width="150" class="input_header">AIM:</td>
<td width="150"><?php echo $db->record['aim']?></td>
</tr>
</table>
<!--END USER INFORMATION-->
<!--BEGIN ACCOUNT MANAGMENT-->
<table border="0" align="center">
<tr>
<td rowspan="2" width="25%" valign="top">
<form action="<?php echo $_SERVER['PHP_SELF']."?user={$_GET['user']}"?>" method="post">
<?php
$db->query("SELECT service, rights FROM o_user_rights WHERE user_id='". $_GET['user'] ."'");
while($db->fetch_results())
{
$rights[$db->record['service']] = $db->record['rights'];
}
$db->query("SELECT * FROM o_services");
echo "<table border=\"0\" cellspacing=\"0\">\n";
echo "<tr><td class=\"input_header\">Service</td><td class=\"input_header\">Access Rights</td>\n";
echo "</tr>\n";
while($db->fetch_results())
{
if($class == "list_light")
{
$class = "list_dark";
} else {
$class = "list_light";
}
include($O->dir ."/". $db->record['location']. "/data.php");
echo "<tr>\n";
echo "<td class=\"$class\">". $service['name'] ."</td>\n";
$rights_levels = array(0=>"None", 1=>"User", 2=>"Manager", 3=>"Administrator");
echo "<td class=\"$class\">";
echo "<select name=\"access_rights[". $service[code] ."]\">\n";
$t = 0;
while($t < count($rights_levels))
{
echo "<option value=\"$t\"";
if($rights[$service[code]] == $t)
{
echo " selected=\"selected\"";
}
echo ">$rights_levels[$t]</option>\n";
$t++;
}
echo "</select>";
echo "</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
?>
<input type="submit" name="update_services" value="Update Services" class="button1">
</td>
<td width="75%" align="right">
<table width="90%">
<tr>
<td width="50%" class="input_header" nowrap>Update Settings:</td>
</tr>
<tr>
<td class="dark_gray" width="50%" style="font-size: 10pt">
<?php echo $db->record['disabled'];?>
<input type="checkbox" name="disabled" value="1"
<?php
if($disabled_account != 0)
{
echo " checked=\"checked\"";
}
?>
> Disable <small>(You must reset the Consecutive Failed Logins counter or they'll be locked out again if enabling account)</small><br>
<?php
$sql = "SELECT * FROM o_user_security WHERE user_id='{$_GET['user']}'";
$db->query($sql);
$db->fetch_results();
?>
<input type="checkbox" name="drop_account" value="1"> Drop Account<br>
<input type="checkbox" name="failed_logins" value="1"> Reset Consecutive Failed Logins<br>
<?php
if($db->record['expire_type'] == 'date')
{
$expire_type = 'date';
$expire_day = date('j', $db->record['password_expire']);
$expire_month = date('n', $db->record['password_expire']);
$expire_year = date('Y', $db->record['password_expire']);
} else {
$expire_type = 'days';
$expire_days = $db->record['password_expire'];
}
?>
<input type="radio" name="expire_type" value="date"
<?php
if($expire_type == 'date')
{
echo " checked=\"checked\"";
}
?>
>Password Expiry (by Date):
<select name="expire_day">
<?php
if($expire_type == 'date')
{
echo "<option value=\"$expire_day\">$expire_day</option>";
}
echo "<option value=\"---\">---</option>";
$i = 1;
while($i <= 31)
{
echo "<option value=\"$i\">$i</option>";
$i++;
}
?>
</select>
<select name="expire_month">
<?php
if($expire_type == 'date')
{
echo "<option value=\"$expire_month\">$med_months[$expire_month]</option>";
}
echo "<option value=\"---\">---</option>";
$i = 1;
while($i <= count($med_months))
{
echo "<option value=\"$i\">". $med_months[$i] ."</option>";
$i++;
}
?>
</select>
<select name="expire_year">
<?php
if($expire_type == 'date')
{
echo "<option value=\"$expire_year\">$expire_year</option>";
}
echo "<option value=\"--------\">--------</option>";
$i = date('Y');
while($i <= date('Y') + 15)
{
echo "<option value=\"$i\">$i</option>";
$i++;
}
?>
</select>
<br>
<input type="radio" name="expire_type" value="days"
<?php
if($expire_type == 'days')
{
echo " checked=\"checked\"";
$expire_days = $db->record['password_expire'];
}
?>>Password Expiry (by Days):
<input type="text" name="expire_days" size="4" value="<?php echo $expire_days?>">
<p>
<input type="submit" class="button1" name="update_account" value="Update Account">
</td>
</tr>
<tr>
<td>
<table width="100%" cellpadding="1" cellspacing="0" border="0">
<tr><td colspan="3" width="50%" class="input_header" nowrap>Manage Group Access:</td>
</td>
<tr>
<td class="list_dark">Current Groups:</td>
<td class="list_dark"></td>
<td class="list_dark">Additional Groups:</td>
</tr>
<tr>
<td>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<select multiple size="6" name="current_groups[]">
<?php
$sql = "SELECT o_groups.group_name, o_group_access.group_id FROM o_group_access
LEFT JOIN o_groups ON o_group_access.group_id=o_groups.group_id
WHERE o_group_access.user_id='". $_GET['u'] ."'";
$db->query($sql, __FILE__, __LINE__);
$i = 0;
while($db->fetch_results())
{
$curr_groups[$i] = $db->record['group_id'];
echo "<option value=\"". $db->record['group_id'] ."\">". $db->record['group_name'] ."</option>";
$i++;
}
?>
</select>
</td>
<td>
<input type="submit" class="button1" name="remove_groups" value="Remove Group→">
<br>
<input type="submit" class="button1" name="add_groups" value="←Add Group">
</td>
<td>
<select multiple size="6" name="available_groups[]">
<?php
$sql = "SELECT group_name, group_id FROM o_groups";
$db->query($sql, __FILE__, __LINE__);
while($db->fetch_results())
{
$j = 0;
$flag = 0;
while($j < count($curr_groups))
{
if($curr_groups[$j] == $db->record['group_id'])
{
echo $curr_groups[$t];
$flag = 1;
break;
}
$j++;
}
if($flag == 0)
{
echo "<option value=\"". $db->record['group_id'] ."\">". $db->record['group_name'] ."</option>";
}
}
?>
</select>
</form>
</td>
</tr>
</table>
</td>
</tr>
</table>
<form action="<?php echo $_SERVER['PHP_SELF']."?user=$_GET[u]"?>" method="post">
</td></tr>
</table>
</form>
<?php echo $layout->create_footer()?>