Location: PHPKode > projects > Online Fantasy Football League > offl-0.2.6/www/users.php
<?php
/**
 * User management interface
 *
 * Displays {@link OFFL_User users} and allows editing options.
 *
 * @author Stephen Rochelle <hide@address.com>
 * @version OFFL v0.2
 * @copyright Copyright (c) 2004 Stephen Rochelle.  Some rights reserved.
 * @package offl-ui
 */

$pageTitle = "User Management";
require_once("offlconfig.php");
require_once($DOC_ROOT . "/lib/header.php"); 

if (isset($_POST["action"]) && ($_POST["action"] == "save") && ($_SESSION["admin"] || ($_SESSION["user_id"] == $_POST["user_id"])))
{
	if ($_POST["mode"] == "edit")
	{	$user = new OFFL_User($_POST["user_id"]);	}
	else // add
	{	$user = new OFFL_User();	}

	$user->setFirstName($_POST["first_name"]);
	$user->setLastName($_POST["last_name"]);
	$user->setEmail($_POST["email"]);

	if (isset($_POST["admin"]) && ($_POST["admin"] == "on") && $_SESSION["admin"])
	{	$user->setAdmin(1);	}
	else
	{	$user->setAdmin(0);	}

	if ($_POST["password"] !== "")
	{
		if ($_POST["password"] === $_POST["confirm_password"])
		{	$user->setCryptPassword($_POST["password"]);	}
		else
		{
			echo "<h3 class=\"error\">Error: Passwords do not match.</h3>\n";
		}
	}
	if ($_POST["mode"] == "add")
	{
		// validate user name -- if invalid, die before save
		if ($user->validateUsername($_POST["username"]))
		{	$user->setUsername($_POST["username"]);	}
		else
		{
			// error message
			echo "<h3 class=\"error\">Error: That username is already in use.  User not added.</h3>\n";
			require($DOC_ROOT . "/lib/footer.php");
			die();
		}
	}
	elseif($_POST["username"] != $user->getUsername())
	{
		// validate user name -- if invalid, don't change
		if ($user->validateUsername($_POST["username"]))
		{	$user->setUsername($_POST["username"]);	}
		else
		{
			echo "<h3 class=\"error\">Error: That username is already in use.  Other changes saved.</h3>\n";
			// error message
		}
	}

	$user->save();
}

switch ($_GET["mode"])
{
	case "admin":
		if (!$_SESSION["admin"])
		{
			require($DOC_ROOT . "/lib/footer.php");
			die();
		}
		// list leagues for edit, allow add option
?>
<table>
	<thead>
		<tr><th colspan="2">Edit Users</th></tr>
	</thead>
	<tfoot><tr><td colspan="2"></td></tr></tfoot>
	<tbody>
<?php
		$users = $myuser->getAllUsers();
		foreach ($users as $user)
		{
			echo "		<tr><td>" . $user->getName(FALSE) . "</td><td><a href=\"" . $WEB_ROOT . "/users.php?mode=edit&amp;user_id=" . $user->getUserID() . "\">[EDIT]</a></td></tr>\n";
		}
?>
		<tr><td>Add New User</td><td><a href="<?php echo $WEB_ROOT; ?>/users.php?mode=add">[ADD]</a></td></tr>
	</tbody>
</table>
<?php
		break;
	case "edit":
		if (!$_SESSION["admin"] && isset($_GET["user_id"]))
		{
			require($DOC_ROOT . "/lib/footer.php");
			die();
		}
		if(isset($_GET["user_id"]))
		{	$user = new OFFL_User($_GET["user_id"]);	}
		else
		{	$user = new OFFL_User($_SESSION["user_id"]);	}
?>

	<script language="javascript">
		function hashPassword()
		{
			if (document.forms.userinfo.userpassword.value.length > 0)
			{
				document.forms.userinfo.password.value = hex_md5(document.forms.userinfo.userpassword.value);
				document.forms.userinfo.confirm_password.value = hex_md5(document.forms.userinfo.confirm_userpassword.value);
			}
			document.forms.userinfo.userpassword.value = ""; // oops!  Almost sent this in the clear anyway!
			document.forms.userinfo.confirm_userpassword.value = ""; // oops!  Almost sent this in the clear anyway!
			document.forms.userinfo.submit();
		}
	</script>

<div id="edit-user">
	<form id="userinfo" method="post" action="<?php echo $WEB_ROOT; ?>/users.php">
		<input type="hidden" name="user_id" value="<?php echo $user->getUserID(); ?>" />
		<input type="hidden" name="mode" value="edit" />
		<input type="hidden" name="action" value="save" />
		<table>
			<thead><tr class="evenrow"><th colspan="2">Edit <?php echo $user->getUsername(); ?></th></tr></thead>
			<tfoot><tr><th colspan="2"></th></tr></tfoot>
			<tbody>
				<tr class="oddrow">
					<th>First Name</th>
					<td><input type="text" name="first_name" size="30" maxlength="20" value="<?php echo $user->getFirstName() ?>" /></td>
				</tr>
				<tr class="evenrow">
					<th>Last Name</th>
					<td><input type="text" name="last_name" size="30" maxlength="30" value="<?php echo $user->getLastName() ?>" /></td>
				</tr>
				<tr class="oddrow">
					<th>Email</th>
					<td><input type="text" name="email" size="30" maxlength="80" value="<?php echo $user->getEmail() ?>" /></td>
				</tr>
				<tr class="evenrow">
					<th colspan="2">Login Details</th>
				</tr>
				<tr class="evenrow">
					<td colspan="2">Set password fields only to change the password</td>
				</tr>
				<tr class="oddrow">
					<th>Username</th>
					<td><input type="text" name="username" size="30" maxlength="20" value="<?php echo $user->getUsername() ?>" /></td>
				</tr>
				<tr class="evenrow">
					<th>Password</th>
					<td>
						<input type="password" name="userpassword" size="30" maxlength="40" value="" />
						<input type="hidden" name="password" size="30" maxlength="40" value="" />
					</td>
				</tr>
				<tr class="evenrow">
					<th>Confirm Password</th>
					<td>
						<input type="password" name="confirm_userpassword" size="30" maxlength="40" value="" />
						<input type="hidden" name="confirm_password" size="30" maxlength="40" value="" />
					</td>
				</tr>
<?php	if ($_SESSION["admin"]) {	?>
	
				<tr class="oddrow">
					<th>Admin</th>
					<td><input type="checkbox" name="admin" <?php if ($user->getAdmin()) { echo "checked "; } ?>/> Allow Global administrative rights</td>
				</tr>

<?php	}	?>
			</tbody>
		</table>
		<input type="button" value="Submit" onclick="hashPassword()" />
	</form>
</div>
<?php
		break;
	case "add":
		if (!$_SESSION["admin"])
		{
			require($DOC_ROOT . "/lib/footer.php");
			die();
		}
?>

	<script language="javascript">
		function hashPassword()
		{
			if (document.forms.userinfo.userpassword.value.length > 0)
			{
				document.forms.userinfo.password.value = hex_md5(document.forms.userinfo.userpassword.value);
				document.forms.userinfo.confirm_password.value = hex_md5(document.forms.userinfo.confirm_userpassword.value);
			}
			document.forms.userinfo.userpassword.value = ""; // oops!  Almost sent this in the clear anyway!
			document.forms.userinfo.confirm_userpassword.value = ""; // oops!  Almost sent this in the clear anyway!
			document.forms.userinfo.submit();
		}
	</script>

<div id="add-user">
	<form method="post" id="userinfo" action="<?php echo $WEB_ROOT; ?>/users.php">
		<input type="hidden" name="mode" value="add" />
		<input type="hidden" name="action" value="save" />
		<table>
			<thead><tr class="evenrow"><th colspan="2">Add User</th></tr></thead>
			<tfoot><tr><th colspan="2"></th></tr></tfoot>
			<tbody>
				<tr class="oddrow">
					<th>First Name</th>
					<td><input type="text" name="first_name" size="30" maxlength="20" /></td>
				</tr>
				<tr class="evenrow">
					<th>Last Name</th>
					<td><input type="text" name="last_name" size="30" maxlength="30" /></td>
				</tr>
				<tr class="oddrow">
					<th>Email</th>
					<td><input type="text" name="email" size="30" maxlength="80" /></td>
				</tr>
				<tr class="evenrow">
					<th colspan="2">Login Details</th>
				</tr>
				<tr class="oddrow">
					<th>Username</th>
					<td><input type="text" name="username" size="30" maxlength="20" /></td>
				</tr>
				<tr class="evenrow">
					<th>Password</th>
					<td>
						<input type="password" name="userpassword" size="30" maxlength="40" value="" />
						<input type="hidden" name="password" size="30" maxlength="40" value="" />
					</td>
				</tr>
				<tr class="evenrow">
					<th>Confirm Password</th>
					<td>
						<input type="password" name="confirm_userpassword" size="30" maxlength="40" value="" />
						<input type="hidden" name="confirm_password" size="30" maxlength="40" value="" />
					</td>
				</tr>
				<tr class="oddrow">
					<th>Admin</th>
					<td><input type="checkbox" name="admin" /> Allow Global administrative rights</td>
				</tr>
			</tbody>
		</table>
		<input type="button" value="Add User" onclick="hashPassword()" />
	</form>
</div>
<?php
		break;
	default:
		if (!isset($_GET["user_id"]))
		// overview
		{
			$user = new OFFL_User();
			$users = $user->getAllUsers();
			foreach ($users as $user)
			{
				echo "<a href=\"" . $WEB_ROOT . "/users.php?user_id=" . $user->getUserID() . "\">" . $user->getName(FALSE) . "</a><br />\n";
			}
		}
		else
		{
			$user = new OFFL_User($_GET["user_id"]);
			echo "<h3>" . $user->getName() . "</h3>\n";
		}
		break;
} // end switch

require($DOC_ROOT . "/lib/footer.php"); ?>
Return current item: Online Fantasy Football League