<?php
/**
* User management interface
*
* Displays {@link OFFL_User users} and allows editing options.
*
* @author Stephen Rochelle <hide@address.com>
* @version OFFL v0.2
* @copyright Copyright (c) 2004 Stephen Rochelle. Some rights reserved.
* @package offl-ui
*/
$pageTitle = "User Management";
require_once("offlconfig.php");
require_once($DOC_ROOT . "/lib/header.php");
if (isset($_POST["action"]) && ($_POST["action"] == "save") && ($_SESSION["admin"] || ($_SESSION["user_id"] == $_POST["user_id"])))
{
if ($_POST["mode"] == "edit")
{ $user = new OFFL_User($_POST["user_id"]); }
else // add
{ $user = new OFFL_User(); }
$user->setFirstName($_POST["first_name"]);
$user->setLastName($_POST["last_name"]);
$user->setEmail($_POST["email"]);
if (isset($_POST["admin"]) && ($_POST["admin"] == "on") && $_SESSION["admin"])
{ $user->setAdmin(1); }
else
{ $user->setAdmin(0); }
if ($_POST["password"] !== "")
{
if ($_POST["password"] === $_POST["confirm_password"])
{ $user->setCryptPassword($_POST["password"]); }
else
{
echo "<h3 class=\"error\">Error: Passwords do not match.</h3>\n";
}
}
if ($_POST["mode"] == "add")
{
// validate user name -- if invalid, die before save
if ($user->validateUsername($_POST["username"]))
{ $user->setUsername($_POST["username"]); }
else
{
// error message
echo "<h3 class=\"error\">Error: That username is already in use. User not added.</h3>\n";
require($DOC_ROOT . "/lib/footer.php");
die();
}
}
elseif($_POST["username"] != $user->getUsername())
{
// validate user name -- if invalid, don't change
if ($user->validateUsername($_POST["username"]))
{ $user->setUsername($_POST["username"]); }
else
{
echo "<h3 class=\"error\">Error: That username is already in use. Other changes saved.</h3>\n";
// error message
}
}
$user->save();
}
switch ($_GET["mode"])
{
case "admin":
if (!$_SESSION["admin"])
{
require($DOC_ROOT . "/lib/footer.php");
die();
}
// list leagues for edit, allow add option
?>
<table>
<thead>
<tr><th colspan="2">Edit Users</th></tr>
</thead>
<tfoot><tr><td colspan="2"></td></tr></tfoot>
<tbody>
<?php
$users = $myuser->getAllUsers();
foreach ($users as $user)
{
echo " <tr><td>" . $user->getName(FALSE) . "</td><td><a href=\"" . $WEB_ROOT . "/users.php?mode=edit&user_id=" . $user->getUserID() . "\">[EDIT]</a></td></tr>\n";
}
?>
<tr><td>Add New User</td><td><a href="<?php echo $WEB_ROOT; ?>/users.php?mode=add">[ADD]</a></td></tr>
</tbody>
</table>
<?php
break;
case "edit":
if (!$_SESSION["admin"] && isset($_GET["user_id"]))
{
require($DOC_ROOT . "/lib/footer.php");
die();
}
if(isset($_GET["user_id"]))
{ $user = new OFFL_User($_GET["user_id"]); }
else
{ $user = new OFFL_User($_SESSION["user_id"]); }
?>
<script language="javascript">
function hashPassword()
{
if (document.forms.userinfo.userpassword.value.length > 0)
{
document.forms.userinfo.password.value = hex_md5(document.forms.userinfo.userpassword.value);
document.forms.userinfo.confirm_password.value = hex_md5(document.forms.userinfo.confirm_userpassword.value);
}
document.forms.userinfo.userpassword.value = ""; // oops! Almost sent this in the clear anyway!
document.forms.userinfo.confirm_userpassword.value = ""; // oops! Almost sent this in the clear anyway!
document.forms.userinfo.submit();
}
</script>
<div id="edit-user">
<form id="userinfo" method="post" action="<?php echo $WEB_ROOT; ?>/users.php">
<input type="hidden" name="user_id" value="<?php echo $user->getUserID(); ?>" />
<input type="hidden" name="mode" value="edit" />
<input type="hidden" name="action" value="save" />
<table>
<thead><tr class="evenrow"><th colspan="2">Edit <?php echo $user->getUsername(); ?></th></tr></thead>
<tfoot><tr><th colspan="2"></th></tr></tfoot>
<tbody>
<tr class="oddrow">
<th>First Name</th>
<td><input type="text" name="first_name" size="30" maxlength="20" value="<?php echo $user->getFirstName() ?>" /></td>
</tr>
<tr class="evenrow">
<th>Last Name</th>
<td><input type="text" name="last_name" size="30" maxlength="30" value="<?php echo $user->getLastName() ?>" /></td>
</tr>
<tr class="oddrow">
<th>Email</th>
<td><input type="text" name="email" size="30" maxlength="80" value="<?php echo $user->getEmail() ?>" /></td>
</tr>
<tr class="evenrow">
<th colspan="2">Login Details</th>
</tr>
<tr class="evenrow">
<td colspan="2">Set password fields only to change the password</td>
</tr>
<tr class="oddrow">
<th>Username</th>
<td><input type="text" name="username" size="30" maxlength="20" value="<?php echo $user->getUsername() ?>" /></td>
</tr>
<tr class="evenrow">
<th>Password</th>
<td>
<input type="password" name="userpassword" size="30" maxlength="40" value="" />
<input type="hidden" name="password" size="30" maxlength="40" value="" />
</td>
</tr>
<tr class="evenrow">
<th>Confirm Password</th>
<td>
<input type="password" name="confirm_userpassword" size="30" maxlength="40" value="" />
<input type="hidden" name="confirm_password" size="30" maxlength="40" value="" />
</td>
</tr>
<?php if ($_SESSION["admin"]) { ?>
<tr class="oddrow">
<th>Admin</th>
<td><input type="checkbox" name="admin" <?php if ($user->getAdmin()) { echo "checked "; } ?>/> Allow Global administrative rights</td>
</tr>
<?php } ?>
</tbody>
</table>
<input type="button" value="Submit" onclick="hashPassword()" />
</form>
</div>
<?php
break;
case "add":
if (!$_SESSION["admin"])
{
require($DOC_ROOT . "/lib/footer.php");
die();
}
?>
<script language="javascript">
function hashPassword()
{
if (document.forms.userinfo.userpassword.value.length > 0)
{
document.forms.userinfo.password.value = hex_md5(document.forms.userinfo.userpassword.value);
document.forms.userinfo.confirm_password.value = hex_md5(document.forms.userinfo.confirm_userpassword.value);
}
document.forms.userinfo.userpassword.value = ""; // oops! Almost sent this in the clear anyway!
document.forms.userinfo.confirm_userpassword.value = ""; // oops! Almost sent this in the clear anyway!
document.forms.userinfo.submit();
}
</script>
<div id="add-user">
<form method="post" id="userinfo" action="<?php echo $WEB_ROOT; ?>/users.php">
<input type="hidden" name="mode" value="add" />
<input type="hidden" name="action" value="save" />
<table>
<thead><tr class="evenrow"><th colspan="2">Add User</th></tr></thead>
<tfoot><tr><th colspan="2"></th></tr></tfoot>
<tbody>
<tr class="oddrow">
<th>First Name</th>
<td><input type="text" name="first_name" size="30" maxlength="20" /></td>
</tr>
<tr class="evenrow">
<th>Last Name</th>
<td><input type="text" name="last_name" size="30" maxlength="30" /></td>
</tr>
<tr class="oddrow">
<th>Email</th>
<td><input type="text" name="email" size="30" maxlength="80" /></td>
</tr>
<tr class="evenrow">
<th colspan="2">Login Details</th>
</tr>
<tr class="oddrow">
<th>Username</th>
<td><input type="text" name="username" size="30" maxlength="20" /></td>
</tr>
<tr class="evenrow">
<th>Password</th>
<td>
<input type="password" name="userpassword" size="30" maxlength="40" value="" />
<input type="hidden" name="password" size="30" maxlength="40" value="" />
</td>
</tr>
<tr class="evenrow">
<th>Confirm Password</th>
<td>
<input type="password" name="confirm_userpassword" size="30" maxlength="40" value="" />
<input type="hidden" name="confirm_password" size="30" maxlength="40" value="" />
</td>
</tr>
<tr class="oddrow">
<th>Admin</th>
<td><input type="checkbox" name="admin" /> Allow Global administrative rights</td>
</tr>
</tbody>
</table>
<input type="button" value="Add User" onclick="hashPassword()" />
</form>
</div>
<?php
break;
default:
if (!isset($_GET["user_id"]))
// overview
{
$user = new OFFL_User();
$users = $user->getAllUsers();
foreach ($users as $user)
{
echo "<a href=\"" . $WEB_ROOT . "/users.php?user_id=" . $user->getUserID() . "\">" . $user->getName(FALSE) . "</a><br />\n";
}
}
else
{
$user = new OFFL_User($_GET["user_id"]);
echo "<h3>" . $user->getName() . "</h3>\n";
}
break;
} // end switch
require($DOC_ROOT . "/lib/footer.php"); ?>